noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 21:20:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:a15c05491ea0b1eea57d8a7a18a195679b1eea3f
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:keyd-2.4.3
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

2 Commits
a15c05491e ... keyd-2.4.3

Author SHA1 Message Date
Noah Masur
1c9bd21ced set keyd overload tap timeout 
helps prevent escape key from being sent if not tapped
 2023-10-07 08:58:34 -04:00
Noah Masur
14d2cbfdfb attempt to upgrade to keyd 2.4.3 pr 2023-10-07 07:52:47 -04:00
154 changed files with 1158 additions and 2498 deletions
Expand all files Collapse all files

134
.github/workflows/arrow.yml vendored
View File

@ -1,134 +0,0 @@
name: Arrow
env:
TERRAFORM_DIRECTORY: hosts/arrow
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
AWS_DEFAULT_REGION: auto
AWS_ENDPOINT_URL_S3: "https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v17
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#image.arrow
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/iso/nixos.iso \
s3://noahmasur-arrow-images/arrow.iso \
--endpoint-url "https://${{ env.CLOUDFLARE_R2_ENDPOINT }}"
# # Copy the image to S3
# - name: Upload Image to Cache
# env:
# NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
# run: |
# echo "$NIX_CACHE_PRIVATE_KEY" > cache.key
# nix store sign --key-file cache.key $(readlink result)
# nix copy --to s3://t2-aws-nixos-test $(readlink result)
# rm cache.key
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform init
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519

17
.github/workflows/update.yml vendored
View File

@ -8,7 +8,6 @@ on:
permissions: permissions:
contents: write contents: write
pull-requests: write pull-requests: write
checks: write
jobs: jobs:
lockfile: lockfile:
@ -31,24 +30,8 @@ jobs:
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
pr-body: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
- name: Check the Flake - name: Check the Flake
id: check
run: nix flake check run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge - name: Enable Pull Request Automerge
if: success() if: success()
run: | run: |

1
.gitignore vendored
View File

@ -1,7 +1,6 @@
.DS_Store .DS_Store
*.bak *.bak
*.db *.db
*.qcow2
**/.direnv/** **/.direnv/**
result result
private/** private/**

26
README.md
View File

@ -25,7 +25,7 @@ configuration may be difficult to translate to a non-Nix system.
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) | | Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) |
| Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) | | Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) | | Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starship.nix) | | Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starhip.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) | | Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) | | Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) | | Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) |
@ -41,30 +41,6 @@ configuration may be difficult to translate to a non-Nix system.
| --- | --- | --- | | --- | --- | --- |
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) | | Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
# Diagram
![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/ed3e7202-09c4-4a9c-9b14-0272c01647f6)
- [flake.nix](./flake.nix)
- [hosts](./hosts/)
- [modules](./modules/)
---
# Unique Configurations
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
--- ---
# Installation # Installation

1
apps/loadkey.nix
View File

@ -5,7 +5,6 @@
program = builtins.toString (pkgs.writeShellScript "loadkey" '' program = builtins.toString (pkgs.writeShellScript "loadkey" ''
printf "\nEnter the seed phrase for your SSH key...\n" printf "\nEnter the seed phrase for your SSH key...\n"
printf "\nThen press ^D when complete.\n\n" printf "\nThen press ^D when complete.\n\n"
mkdir -p ~/.ssh/
${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519 ${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
printf "\n\nContinuing activation.\n\n" printf "\n\nContinuing activation.\n\n"
''); '');

36
disks/root.nix
View File

@ -4,34 +4,38 @@
type = "disk"; type = "disk";
device = disk; device = disk;
content = { content = {
type = "gpt"; type = "table";
partitions = { format = "gpt";
partitions = [
# Boot partition # Boot partition
ESP = rec { {
size = "512MiB"; name = "ESP";
type = "EF00"; start = "0";
label = "boot"; end = "512MiB";
device = "/dev/disk/by-label/${label}"; fs-type = "fat32";
bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
extraArgs = [ "-n ${label}" ]; extraArgs = [ "-n boot" ];
}; };
}; }
# Root partition ext4 # Root partition ext4
root = rec { {
size = "100%"; name = "root";
label = "nixos"; start = "512MiB";
device = "/dev/disk/by-label/${label}"; end = "100%";
part-type = "primary";
bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/"; mountpoint = "/";
extraArgs = [ "-L ${label}" ]; extraArgs = [ "-L nixos" ];
}; };
}; }
}; ];
}; };
}; };
}; };

17
docs/installation.md
View File

@ -49,24 +49,19 @@ move the `windows/alacritty.yml` file to
To get started on a bare macOS installation, first install Nix: To get started on a bare macOS installation, first install Nix:
```bash ```bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install sh -c "$(curl -L https://nixos.org/nix/install)"
``` ```
Launch a new shell. Then use Nix to switch to the macOS configuration: Then use Nix to build nix-darwin:
```bash ```bash
sudo rm /etc/bashrc nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
sudo rm /etc/nix/nix.conf ./result/bin/darwin-installer
nix \
--extra-experimental-features flakes \
--extra-experimental-features nix-command \
run nix-darwin -- switch \
--flake github:nmasur/dotfiles#lookingglass
``` ```
Once installed, you can continue to update the macOS configuration: Then switch to the macOS configuration:
```bash ```bash
darwin-rebuild switch --flake ~/dev/personal/dotfiles darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
``` ```

17
docs/repair-nextcloud.md
View File

@ -63,20 +63,3 @@ Use this mysqldump command:
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
``` ```
## Converting to Postgres
Same as MySQL, but run this command instead:
```
sudo -u nextcloud nextcloud-occ db:convert-type pgsql nextcloud /run/postgresql/ nextcloud
```
Then set the `dbtype` to `pgsql`.
## Backing Up Postgres Database
Use this pg_dump command:
```
sudo -u nextcloud pg_dump nextcloud > backup.sql
```

594
flake.lock generated
View File

@ -1,87 +1,6 @@
{ {
"nodes": { "nodes": {
"baleia-nvim-src": { "Comment-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1704551058,
"narHash": "sha256-0NmiGzMFvL1awYOVtiaSd+O4sAR524x68xwWLgArlqs=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "6d9cbdaca3a428bc7296f838fdfce3ad01ee7495",
"type": "github"
},
"original": {
"owner": "m00qek",
"repo": "baleia.nvim",
"type": "github"
}
},
"base16-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1708139024,
"narHash": "sha256-l0BO2boIy6mwK8ISWS3D68f8egqHYwsGSAnzjbB5aOE=",
"owner": "RRethy",
"repo": "base16-nvim",
"rev": "b3e9ec6a82c05b562cd71f40fe8964438a9ba64a",
"type": "github"
},
"original": {
"owner": "RRethy",
"repo": "base16-nvim",
"type": "github"
}
},
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1706180994,
"narHash": "sha256-/iGzUDJaodkUyWpwim8UtwaRuarfu/Nk6wxVApk+QxY=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "d6cb9b7cac52887bcac65f8698e67479553c0748",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.5.0",
"repo": "bufferline.nvim",
"type": "github"
}
},
"bypass-paywalls-clean": {
"flake": false,
"locked": {
"lastModified": 1709556839,
"narHash": "sha256-LbsaYISpsjCI8DXPu2toBI3uMK+Xau1sWuzA2xsQ6Pg=",
"owner": "magnolia1234",
"repo": "bpc-uploads",
"rev": "0ca7c6a857e4e6c3e508228168e8de70e21cee3a",
"type": "gitlab"
},
"original": {
"owner": "magnolia1234",
"repo": "bpc-uploads",
"type": "gitlab"
}
},
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1702205473,
"narHash": "sha256-/0sh9vJBD9pUuD7q3tNSQ1YLvxFMNykdg5eG+LjZAA8=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "5af77f54de1b16c34b23cba810150689a3a90312",
"type": "github"
},
"original": {
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"type": "github"
}
},
"comment-nvim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1681214440, "lastModified": 1681214440,
@ -98,6 +17,72 @@
"type": "github" "type": "github"
} }
}, },
"age": {
"flake": false,
"locked": {
"lastModified": 1672087018,
"narHash": "sha256-LRxxJQLQkzoCNYGS/XBixVmYXoZ1mPHKvFicPGXYLcw=",
"owner": "FiloSottile",
"repo": "age",
"rev": "c6dcfa1efcaa27879762a934d5bea0d1b83a894c",
"type": "github"
},
"original": {
"owner": "FiloSottile",
"ref": "v1.1.1",
"repo": "age",
"type": "github"
}
},
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1681806450,
"narHash": "sha256-jxRlIzWbnSj89032msc5w+2TVt7zVyzlxdXxiH1dQqY=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "00bb4af31c8c3865b735d40ebefa6c3f07b2dd16",
"type": "github"
},
"original": {
"owner": "m00qek",
"repo": "baleia.nvim",
"type": "github"
}
},
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1687763763,
"narHash": "sha256-wbOeylzjjScQXkrDbBU2HtrOZrp2YUK+wQ2aOkgxmRQ=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "bf2f6b7edd0abf6b0732f5e5c0a8f30e51611c75",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.2.0",
"repo": "bufferline.nvim",
"type": "github"
}
},
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1687494203,
"narHash": "sha256-mU0soCz79erJXMMqD/FyrJZ0mu2n6fE0deymPzQlxts=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "44b16d11215dce86f253ce0c30949813c0a90765",
"type": "github"
},
"original": {
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -105,11 +90,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709771483, "lastModified": 1696043447,
"narHash": "sha256-Hjzu9nCknHLQvhdaRFfCEprH0o15KcaNu1QDr3J88DI=", "narHash": "sha256-VbJ1dY5pVH2fX1bS+cT2+4+BYEk4lMHRP0+udu9G6tk=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "550340062c16d7ef8c2cc20a3d2b97bcd3c6b6f6", "rev": "792c2e01347cb1b2e7ec84a1ef73453ca86537d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -126,11 +111,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709967935, "lastModified": 1695864092,
"narHash": "sha256-ZLLdGWs9njivxZsfSzfQN05g6WIyIe24bPb61y7FVqo=", "narHash": "sha256-Hu1SkFPqO7ND95AOzBkZE2jGXSYhfZ965C03O72Kbu8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "72818e54ec29427f8d9f9cfa6fc859d01ca6dc66", "rev": "19b62324663b6b9859caf7f335d232cf4f1f6a32",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -139,23 +124,6 @@
"type": "github" "type": "github"
} }
}, },
"fidget-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1704696337,
"narHash": "sha256-uAX/RGfOmsUIUaDepNwUpK8MBaTMBJ4rLZ69y0MwpNE=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "3a93300c076109d86c7ce35ec67a8034ae6ba9db",
"type": "github"
},
"original": {
"owner": "j-hui",
"ref": "v1.2.0",
"repo": "fidget.nvim",
"type": "github"
}
},
"firefox-darwin": { "firefox-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -163,11 +131,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1710031437, "lastModified": 1696034364,
"narHash": "sha256-XauWQSnMUwJOHgW/ByZP1kOrJyNSJxV4aNoBlo8lnoc=", "narHash": "sha256-7giewUYqKhhfhKRxe2EPHCpSM0oMLuByW4RTRZl6Jfc=",
"owner": "bandithedoge", "owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin", "repo": "nixpkgs-firefox-darwin",
"rev": "e9883b75736b2d33787c9326d27d719a644b1c35", "rev": "b1e4d451a15c34d45bfefb05137a20469399a2df",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -179,11 +147,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1673956053,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -197,11 +165,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1687709756,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -215,11 +183,29 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1685518550,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,11 +217,11 @@
"hmts-nvim-src": { "hmts-nvim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1706900289, "lastModified": 1693226725,
"narHash": "sha256-kw3YJ21nhs/x9Jp7kvnL+9FuiSgLB1hO/ON3QeeZx9g=", "narHash": "sha256-jUuztOqNBltC3axa7s3CPJz9Cmukfwkf846+Z/gAxCU=",
"owner": "calops", "owner": "calops",
"repo": "hmts.nvim", "repo": "hmts.nvim",
"rev": "ba1239972a1f56b94252d4f85a43e777ac419662", "rev": "14fd941d7ec2bb98314a1aacaa2573d97f1629ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -251,11 +237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709988192, "lastModified": 1696063111,
"narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", "narHash": "sha256-F2IJEbyH3xG0eqyAYn9JoV+niqNz+xb4HICYNkkviNI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", "rev": "ae896c810f501bf0c3a2fd7fc2de094dd0addf01",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -265,87 +251,78 @@
"type": "github" "type": "github"
} }
}, },
"kitty-scrollback-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1710038457,
"narHash": "sha256-/6uDN3wE6uO4yxj7tNtLXjaMse2DCQsehpTnoEyBA/U=",
"owner": "mikesmithgh",
"repo": "kitty-scrollback.nvim",
"rev": "c3014974e4cd498a534ff814761ef794ebb85d01",
"type": "github"
},
"original": {
"owner": "mikesmithgh",
"repo": "kitty-scrollback.nvim",
"type": "github"
}
},
"nextcloud-cookbook": { "nextcloud-cookbook": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1702545935, "narHash": "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=",
"narHash": "sha256-19LN1nYJJ0RMWj6DrYPvHzocTyhMfYdpdhBFch3fpHE=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz" "url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz" "url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
} }
}, },
"nextcloud-external": { "nextcloud-external": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1699624334, "narHash": "sha256-X7eC8T8wSZGVwCQp6U/WxjMC7aIj39osgHotaUoRNSQ=",
"narHash": "sha256-RCL2RP5twRDLxI/KfAX6QLYQOzqZmSWsfrC5ZQIwTD4=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz" "url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz" "url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz"
} }
}, },
"nextcloud-news": { "nextcloud-news": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1703426420, "narHash": "sha256-cfJkKRNSz15L4E3w1tnEb+t4MrVwVzb8lb6vCOA4cK4=",
"narHash": "sha256-AENBJH/bEob5JQvw4WEi864mdLYJ5Mqe78HJH6ceCpI=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz" "url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz" "url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
} }
}, },
"nextcloud-snappymail": { "nil": {
"flake": false, "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": { "locked": {
"lastModified": 1710042081, "lastModified": 1691372739,
"narHash": "sha256-UeZXoZFEPJj7zEVNTXJ3IYNt/wI7VFq3Pjh1ubMHCBo=", "narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=",
"type": "tarball", "owner": "oxalica",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz" "repo": "nil",
"rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b",
"type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "oxalica",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz" "ref": "2023-08-09",
"repo": "nil",
"type": "github"
} }
}, },
"nix2vim": { "nix2vim": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1707832982, "lastModified": 1685980282,
"narHash": "sha256-Jsrj8HJyo+PmjrHIDhq4gjZCE0eYCVmmTrx24cG8eOQ=", "narHash": "sha256-uQyVaoqkiocA8bXKMfrgizuKmz0hUzHye5owFoUd2AQ=",
"owner": "gytis-ivaskevicius", "owner": "gytis-ivaskevicius",
"repo": "nix2vim", "repo": "nix2vim",
"rev": "2fb1328cf058fc967b02f9a5330a99253b4c247e", "rev": "3836a348503ae27340c7f83f0bc7bcb907f3781d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,11 +333,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1709426687, "lastModified": 1693701915,
"narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=", "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c", "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -377,11 +354,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709887845, "lastModified": 1696058303,
"narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=", "narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "bef32a05496d9480b02be586fa7827748b9e597b", "rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -392,11 +369,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1709703039, "lastModified": 1695830400,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "narHash": "sha256-gToZXQVr0G/1WriO83olnqrLSHF2Jb8BPcmCt497ro0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "rev": "8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -406,50 +383,82 @@
"type": "github" "type": "github"
} }
}, },
"nur": { "nixpkgs-keyd": {
"locked": { "locked": {
"lastModified": 1710037658, "lastModified": 1690363189,
"narHash": "sha256-6i7th4IX+2E1KX7FEJ4XgYtvQAooLa6YRsUIVRDu0PU=", "narHash": "sha256-Zs0VkngOtQz7nIEO7Wi8AwGB4TBSex2KZAw784aOm2M=",
"owner": "nix-community", "owner": "JohnAZoidberg",
"repo": "nur", "repo": "nixpkgs",
"rev": "ff870a7e359c3f34fc1144c6c35f76003d6c17e7", "rev": "6591d332f93422e388ef6337f6b362b4ff8d0724",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "JohnAZoidberg",
"repo": "nur", "ref": "keyd-2.4.3",
"repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nvim-lint-src": { "nixpkgs_2": {
"flake": false,
"locked": { "locked": {
"lastModified": 1709238483, "lastModified": 1695825837,
"narHash": "sha256-fYaiUFNaaSPejKBecKB7ifp/soREWYIh3avemU5qJJE=", "narHash": "sha256-4Ne11kNRnQsmSJCRSSNkFRSnHC4Y5gPDBIQGjjPfJiU=",
"owner": "mfussenegger", "owner": "NixOS",
"repo": "nvim-lint", "repo": "nixpkgs",
"rev": "e824adb9bc01647f71e55457353a68f0f37f9931", "rev": "5cfafa12d57374f48bcc36fda3274ada276cf69e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "mfussenegger", "owner": "NixOS",
"repo": "nvim-lint", "ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"null-ls-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1691810493,
"narHash": "sha256-cWA0rzkOp/ekVKaFee7iea1lhnqKtWUIU+fW5M950wI=",
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"rev": "0010ea927ab7c09ef0ce9bf28c2b573fc302f5a7",
"type": "github"
},
"original": {
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1696080597,
"narHash": "sha256-fhf7+NT/xMwPZ/sRT30lnI04AHgf7tLPU4ClMux1nWA=",
"owner": "nix-community",
"repo": "nur",
"rev": "8783c360abc69f58d46a2929534ddd91eb41f3c6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nur",
"type": "github" "type": "github"
} }
}, },
"nvim-lspconfig-src": { "nvim-lspconfig-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1701687137, "lastModified": 1675639052,
"narHash": "sha256-qFjFofA2LoD4yRfx4KGfSCpR3mDkpFaagcm+TVNPqco=", "narHash": "sha256-B8IgpypxzCACZ5VcqM6KiWyClaN+KrmemtkwMznmj5Y=",
"owner": "neovim", "owner": "neovim",
"repo": "nvim-lspconfig", "repo": "nvim-lspconfig",
"rev": "cf3dd4a290084a868fac0e2e876039321d57111c", "rev": "255e07ce2a05627d482d2de77308bba51b90470c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "neovim", "owner": "neovim",
"ref": "v0.1.7", "ref": "v0.1.6",
"repo": "nvim-lspconfig", "repo": "nvim-lspconfig",
"type": "github" "type": "github"
} }
@ -457,11 +466,11 @@
"nvim-tree-lua-src": { "nvim-tree-lua-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1709951243, "lastModified": 1695716495,
"narHash": "sha256-1lWdTSZt/J4geoQKLkZLQ5Yh992XpZ4cFHw4AGEJFPY=", "narHash": "sha256-Fkchn7UuIHPmVFFrx1kzsE2lviJrAFAe9tHu73HnS/w=",
"owner": "kyazdani42", "owner": "kyazdani42",
"repo": "nvim-tree.lua", "repo": "nvim-tree.lua",
"rev": "041dbd18f440207ad161503a384e7c82d575db66", "rev": "934469b9b6df369e198fb3016969e56393b0dc07",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -473,11 +482,11 @@
"nvim-treesitter-src": { "nvim-treesitter-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1709968077, "lastModified": 1696061053,
"narHash": "sha256-5cHJMqbiBAbkis9exMAH5Y2ALynaSVmQT8NQTR4VztM=", "narHash": "sha256-KR+VMYTVM2qsLPx412gySAKiGObhs+awbDJhWX72/wY=",
"owner": "nvim-treesitter", "owner": "nvim-treesitter",
"repo": "nvim-treesitter", "repo": "nvim-treesitter",
"rev": "7ff51f53b0efb6228df2e8539b51bb2e737b77f3", "rev": "dd4e2dbc002dfce109d621e8bdcd9d89438b0a32",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -490,78 +499,41 @@
"proton-ge": { "proton-ge": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1710987994, "narHash": "sha256-75A0VCVdYkiMQ1duE9r2+DLBJzV02vUozoVLeo/TIWQ=",
"narHash": "sha256-NqBzKonCYH+hNpVZzDhrVf+r2i6EwLG/IFBXjE2mC7s=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-2/GE-Proton9-2.tar.gz" "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-2/GE-Proton9-2.tar.gz" "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"
}
},
"ren": {
"flake": false,
"locked": {
"lastModified": 1704996573,
"narHash": "sha256-zVIt6Xp+Mvym6gySvHIZJt1QgzKVP/wbTGTubWk6kzI=",
"owner": "robenkleene",
"repo": "ren-find",
"rev": "50c40172e354caffee48932266edd7c7a76a20fd",
"type": "github"
},
"original": {
"owner": "robenkleene",
"repo": "ren-find",
"type": "github"
}
},
"rep": {
"flake": false,
"locked": {
"lastModified": 1707216692,
"narHash": "sha256-/dH+mNtNHaYFndVhoqmz4Sc3HeemoQt1HGD98mb9Qhw=",
"owner": "robenkleene",
"repo": "rep-grep",
"rev": "10510d47e392cb9d30a861c69f702fd194b3fa88",
"type": "github"
},
"original": {
"owner": "robenkleene",
"repo": "rep-grep",
"type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"Comment-nvim-src": "Comment-nvim-src",
"age": "age",
"baleia-nvim-src": "baleia-nvim-src", "baleia-nvim-src": "baleia-nvim-src",
"base16-nvim-src": "base16-nvim-src",
"bufferline-nvim-src": "bufferline-nvim-src", "bufferline-nvim-src": "bufferline-nvim-src",
"bypass-paywalls-clean": "bypass-paywalls-clean",
"cmp-nvim-lsp-src": "cmp-nvim-lsp-src", "cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"comment-nvim-src": "comment-nvim-src",
"darwin": "darwin", "darwin": "darwin",
"disko": "disko", "disko": "disko",
"fidget-nvim-src": "fidget-nvim-src",
"firefox-darwin": "firefox-darwin", "firefox-darwin": "firefox-darwin",
"hmts-nvim-src": "hmts-nvim-src", "hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager", "home-manager": "home-manager",
"kitty-scrollback-nvim-src": "kitty-scrollback-nvim-src",
"nextcloud-cookbook": "nextcloud-cookbook", "nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external", "nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news", "nextcloud-news": "nextcloud-news",
"nextcloud-snappymail": "nextcloud-snappymail", "nil": "nil",
"nix2vim": "nix2vim", "nix2vim": "nix2vim",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-keyd": "nixpkgs-keyd",
"null-ls-nvim-src": "null-ls-nvim-src",
"nur": "nur", "nur": "nur",
"nvim-lint-src": "nvim-lint-src",
"nvim-lspconfig-src": "nvim-lspconfig-src", "nvim-lspconfig-src": "nvim-lspconfig-src",
"nvim-tree-lua-src": "nvim-tree-lua-src", "nvim-tree-lua-src": "nvim-tree-lua-src",
"nvim-treesitter-src": "nvim-treesitter-src", "nvim-treesitter-src": "nvim-treesitter-src",
"proton-ge": "proton-ge", "proton-ge": "proton-ge",
"ren": "ren",
"rep": "rep",
"telescope-nvim-src": "telescope-nvim-src", "telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src", "telescope-project-nvim-src": "telescope-project-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src", "toggleterm-nvim-src": "toggleterm-nvim-src",
@ -571,12 +543,37 @@
"tree-sitter-puppet": "tree-sitter-puppet", "tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python", "tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi", "tree-sitter-rasi": "tree-sitter-rasi",
"tree-sitter-vimdoc": "tree-sitter-vimdoc", "vscode-terraform-snippets": "vscode-terraform-snippets",
"wallpapers": "wallpapers", "wallpapers": "wallpapers",
"wsl": "wsl", "wsl": "wsl",
"zenyd-mpv-scripts": "zenyd-mpv-scripts" "zenyd-mpv-scripts": "zenyd-mpv-scripts"
} }
}, },
"rust-overlay": {
"inputs": {
"flake-utils": [
"nil",
"flake-utils"
],
"nixpkgs": [
"nil",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688783586,
"narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7a29283cc242c2486fc67f60b431ef708046d176",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -607,19 +604,34 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telescope-nvim-src": { "telescope-nvim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1701167040, "lastModified": 1686302912,
"narHash": "sha256-H5RpyWMluE+Yxg7xFX43AZTVW+Yg70DF3FmEGXBUSNg=", "narHash": "sha256-fV3LLRwAPykVGc4ImOnUSP+WTrPp9Ad9OTfBJ6wqTMk=",
"owner": "nvim-telescope", "owner": "nvim-telescope",
"repo": "telescope.nvim", "repo": "telescope.nvim",
"rev": "d90956833d7c27e73c621a61f20b29fdb7122709", "rev": "776b509f80dd49d8205b9b0d94485568236d1192",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nvim-telescope", "owner": "nvim-telescope",
"ref": "0.1.5", "ref": "0.1.2",
"repo": "telescope.nvim", "repo": "telescope.nvim",
"type": "github" "type": "github"
} }
@ -627,11 +639,11 @@
"telescope-project-nvim-src": { "telescope-project-nvim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1701464478, "lastModified": 1682606566,
"narHash": "sha256-touMCltcnqkrQYV1NtNeWLQeFVGt+WM3aIWIdKilA7w=", "narHash": "sha256-H6lrPjpOUVleKHB0ziI+6dthg9ymitHhEWtcgYJTrKo=",
"owner": "nvim-telescope", "owner": "nvim-telescope",
"repo": "telescope-project.nvim", "repo": "telescope-project.nvim",
"rev": "1aaf16580a614601a7f7077d9639aeb457dc5559", "rev": "7c64b181dd4e72deddcf6f319e3bf1e95b2a2f30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -643,16 +655,16 @@
"toggleterm-nvim-src": { "toggleterm-nvim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1701858874, "lastModified": 1685434104,
"narHash": "sha256-vJApw7XY2wOX9InfWcah+hkNxBfS1+kQUWr4ITxRmgA=", "narHash": "sha256-oiCnBrvft6XxiQtQH8E4F842xhh348SaTpHzaeb+iDY=",
"owner": "akinsho", "owner": "akinsho",
"repo": "toggleterm.nvim", "repo": "toggleterm.nvim",
"rev": "cbd041d91b90cd3c02df03fe6133208888f8e008", "rev": "95204ece0f2a54c89c4395295432f9aeedca7b5f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "akinsho", "owner": "akinsho",
"ref": "v2.9.0", "ref": "v2.7.0",
"repo": "toggleterm.nvim", "repo": "toggleterm.nvim",
"type": "github" "type": "github"
} }
@ -660,11 +672,11 @@
"tree-sitter-bash": { "tree-sitter-bash": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1707951703, "lastModified": 1695263734,
"narHash": "sha256-SU5wBy81aANd7oUZvYR14Vd53Ml/cBSwDtO6uG34CaE=", "narHash": "sha256-dJUJGrpBWBLjcqiqxCnJ/MENwa2+uxAmQD71aYloxsw=",
"owner": "tree-sitter", "owner": "tree-sitter",
"repo": "tree-sitter-bash", "repo": "tree-sitter-bash",
"rev": "975bc70ad95dbbf2733872bc2e0a059c055db983", "rev": "fd4e40dab883d6456da4d847de8321aee9c80805",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -677,11 +689,11 @@
"tree-sitter-ini": { "tree-sitter-ini": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1699877527, "lastModified": 1690815608,
"narHash": "sha256-dYPeVTNWO4apY5dsjsKViavU7YtLeGTp6BzEemXhsEU=", "narHash": "sha256-IIpKzpA4q1jpYVZ75VZaxWHaqNt8TA427eMOui2s71M=",
"owner": "justinmk", "owner": "justinmk",
"repo": "tree-sitter-ini", "repo": "tree-sitter-ini",
"rev": "bcb84a2d4bcd6f55b911c42deade75c8f90cb0c5", "rev": "7f11a02fb8891482068e0fe419965d7bade81a68",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -693,11 +705,11 @@
"tree-sitter-lua": { "tree-sitter-lua": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1708499929, "lastModified": 1694072484,
"narHash": "sha256-kzyn6XF4/PN8civ/0UV+ancCMkh7DF2B7WUYxix6aaM=", "narHash": "sha256-5t5w8KqbefInNbA12/jpNzmky/uOUhsLjKdEqpl1GEc=",
"owner": "MunifTanjim", "owner": "MunifTanjim",
"repo": "tree-sitter-lua", "repo": "tree-sitter-lua",
"rev": "04c9579dcb917255b2e5f8199df4ae7f587d472f", "rev": "9668709211b2e683f27f414454a8b51bf0a6bda1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -710,11 +722,11 @@
"tree-sitter-puppet": { "tree-sitter-puppet": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1709480423, "lastModified": 1690231696,
"narHash": "sha256-Lwfiby7amjTIOz8QRoC4RdZyFPfFikmQ2sqta4akyH8=", "narHash": "sha256-YEjjy9WLwITERYqoeSVrRYnwVBIAwdc4o0lvAK9wizw=",
"owner": "amaanq", "owner": "amaanq",
"repo": "tree-sitter-puppet", "repo": "tree-sitter-puppet",
"rev": "5849f9694197a6e822872945b415429c285fdd54", "rev": "9ce9a5f7d64528572aaa8d59459ba869e634086b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -726,11 +738,11 @@
"tree-sitter-python": { "tree-sitter-python": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1709753184, "lastModified": 1695282953,
"narHash": "sha256-SqPd9O1OqBEOA+WPLfP3J2vuHWt53G5gI/9FWKQx2/Y=", "narHash": "sha256-gRhD3M1DkmwYQDDnyRq6QMTWUJUY0vbetGnN+pBTd84=",
"owner": "tree-sitter", "owner": "tree-sitter",
"repo": "tree-sitter-python", "repo": "tree-sitter-python",
"rev": "03e88c170cb23142559a406b6e7621c4af3128f5", "rev": "a901729099257aac932d79c60adb5e8a53fa7e6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -743,11 +755,11 @@
"tree-sitter-rasi": { "tree-sitter-rasi": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1707776004, "lastModified": 1678701563,
"narHash": "sha256-7zhQ5wGm0FFyuTiBVN2KgvUTw8G6fwUGR8HKJ69kR+c=", "narHash": "sha256-2nYZoLcrxxxiOJEySwHUm93lzMg8mU+V7LIP63ntFdA=",
"owner": "Fymyte", "owner": "Fymyte",
"repo": "tree-sitter-rasi", "repo": "tree-sitter-rasi",
"rev": "43196d934a9a6ab3c7093a8683efd0111bb03db1", "rev": "371dac6bcce0df5566c1cfebde69d90ecbeefd2d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -756,19 +768,19 @@
"type": "github" "type": "github"
} }
}, },
"tree-sitter-vimdoc": { "vscode-terraform-snippets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1709370081, "lastModified": 1614849738,
"narHash": "sha256-v+hSI/6ocC2KxH8ogCexNcxxhcZsl7OvV9197zBCKr4=", "narHash": "sha256-v392tyzXV+zyBNt5OCB2NBCK7JcByrTa5Ne/nFtSCJI=",
"owner": "neovim", "owner": "run-at-scale",
"repo": "tree-sitter-vimdoc", "repo": "vscode-terraform-doc-snippets",
"rev": "016ad75faa854e4e13bc40c517015183b795eed9", "rev": "6ab3e44b566e660f38922cf908e6e547eaa5d4b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "neovim", "owner": "run-at-scale",
"repo": "tree-sitter-vimdoc", "repo": "vscode-terraform-doc-snippets",
"type": "github" "type": "github"
} }
}, },
@ -791,17 +803,15 @@
"wsl": { "wsl": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": "nixpkgs_2"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1709980437, "lastModified": 1696053802,
"narHash": "sha256-rp1MwfRaZl7TPM4E5i1HxQGJCCfMcIa7dOzTX3SW7ro=", "narHash": "sha256-8TTbJbtGDz1MstExrVQe56eXZpovvZv6G6L6q/4NOKg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "e0b9e6c8ff35c7a28cb6baa02d85a9737a2ee4e9", "rev": "cadde47d123d1a534c272b04a7582f1d11474c48",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -813,11 +823,11 @@
"zenyd-mpv-scripts": { "zenyd-mpv-scripts": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1707704915, "lastModified": 1650625438,
"narHash": "sha256-9P/8q/OZXfaJMS08acQP4h3/zUA5mKRQee0JmkXcz1w=", "narHash": "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=",
"owner": "zenyd", "owner": "zenyd",
"repo": "mpv-scripts", "repo": "mpv-scripts",
"rev": "9bdce0050144cb24f92475f7bdd77180e0e4c26b", "rev": "19ea069abcb794d1bf8fac2f59b50d71ab992130",
"type": "github" "type": "github"
}, },
"original": { "original": {

120
flake.nix
View File

@ -7,17 +7,18 @@
# Used for system packages # Used for system packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Update to keyd 2.4.3 not yet in nixpkgs-unstable
# https://github.com/NixOS/nixpkgs/pull/245327
nixpkgs-keyd.url = "github:JohnAZoidberg/nixpkgs/keyd-2.4.3";
# Used for MacOS system config # Used for MacOS system config
darwin = { darwin = {
url = "github:lnl7/nix-darwin/master"; url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Used for Windows Subsystem for Linux compatibility # Used for Windows Subsystem for Linux compatibility
wsl = { wsl.url = "github:nix-community/NixOS-WSL";
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
# Used for user packages and dotfiles # Used for user packages and dotfiles
home-manager = { home-manager = {
@ -59,27 +60,31 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Neovim plugins # Nix language server
base16-nvim-src = { nil = {
url = "github:RRethy/base16-nvim"; url = "github:oxalica/nil/2023-08-09";
flake = false; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Neovim plugins
nvim-lspconfig-src = { nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags # https://github.com/neovim/nvim-lspconfig/tags
url = "github:neovim/nvim-lspconfig/v0.1.7"; url = "github:neovim/nvim-lspconfig/v0.1.6";
flake = false; flake = false;
}; };
cmp-nvim-lsp-src = { cmp-nvim-lsp-src = {
url = "github:hrsh7th/cmp-nvim-lsp"; url = "github:hrsh7th/cmp-nvim-lsp";
flake = false; flake = false;
}; };
null-ls-nvim-src = {
url = "github:jose-elias-alvarez/null-ls.nvim";
flake = false;
};
baleia-nvim-src = { baleia-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags
url = "github:m00qek/baleia.nvim"; url = "github:m00qek/baleia.nvim";
flake = false; flake = false;
}; };
comment-nvim-src = { Comment-nvim-src = {
# https://github.com/numToStr/Comment.nvim/releases
url = "github:numToStr/Comment.nvim/v0.8.0"; url = "github:numToStr/Comment.nvim/v0.8.0";
flake = false; flake = false;
}; };
@ -89,8 +94,7 @@
flake = false; flake = false;
}; };
telescope-nvim-src = { telescope-nvim-src = {
# https://github.com/nvim-telescope/telescope.nvim/releases url = "github:nvim-telescope/telescope.nvim/0.1.2";
url = "github:nvim-telescope/telescope.nvim/0.1.5";
flake = false; flake = false;
}; };
telescope-project-nvim-src = { telescope-project-nvim-src = {
@ -98,36 +102,25 @@
flake = false; flake = false;
}; };
toggleterm-nvim-src = { toggleterm-nvim-src = {
# https://github.com/akinsho/toggleterm.nvim/tags url = "github:akinsho/toggleterm.nvim/v2.7.0";
url = "github:akinsho/toggleterm.nvim/v2.9.0";
flake = false; flake = false;
}; };
bufferline-nvim-src = { bufferline-nvim-src = {
# https://github.com/akinsho/bufferline.nvim/releases url = "github:akinsho/bufferline.nvim/v4.2.0";
url = "github:akinsho/bufferline.nvim/v4.5.0";
flake = false; flake = false;
}; };
nvim-tree-lua-src = { nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua"; url = "github:kyazdani42/nvim-tree.lua";
flake = false; flake = false;
}; };
vscode-terraform-snippets = {
url = "github:run-at-scale/vscode-terraform-doc-snippets";
flake = false;
};
hmts-nvim-src = { hmts-nvim-src = {
url = "github:calops/hmts.nvim"; url = "github:calops/hmts.nvim";
flake = false; flake = false;
}; };
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.2.0";
flake = false;
};
kitty-scrollback-nvim-src = {
url = "github:mikesmithgh/kitty-scrollback.nvim";
flake = false;
};
nvim-lint-src = {
url = "github:mfussenegger/nvim-lint";
flake = false;
};
# Tree-Sitter Grammars # Tree-Sitter Grammars
tree-sitter-bash = { tree-sitter-bash = {
@ -154,10 +147,6 @@
url = "github:Fymyte/tree-sitter-rasi"; url = "github:Fymyte/tree-sitter-rasi";
flake = false; flake = false;
}; };
tree-sitter-vimdoc = {
url = "github:neovim/tree-sitter-vimdoc";
flake = false;
};
# MPV Scripts # MPV Scripts
zenyd-mpv-scripts = { zenyd-mpv-scripts = {
@ -165,13 +154,9 @@
flake = false; flake = false;
}; };
# Ren and rep - CLI find and replace # Age encryption (pin because of failed builds)
rep = { age = {
url = "github:robenkleene/rep-grep"; url = "github:FiloSottile/age/v1.1.1";
flake = false;
};
ren = {
url = "github:robenkleene/ren-find";
flake = false; flake = false;
}; };
@ -180,14 +165,7 @@
proton-ge = { proton-ge = {
# https://github.com/GloriousEggroll/proton-ge-custom/releases # https://github.com/GloriousEggroll/proton-ge-custom/releases
url = url =
"https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-2/GE-Proton9-2.tar.gz"; "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz";
flake = false;
};
# Firefox addon from outside the extension store
bypass-paywalls-clean = {
# https://gitlab.com/magnolia1234/bpc-uploads/-/commits/master/?ref_type=HEADS
url = "gitlab:magnolia1234/bpc-uploads";
flake = false; flake = false;
}; };
@ -195,25 +173,19 @@
nextcloud-news = { nextcloud-news = {
# https://github.com/nextcloud/news/releases # https://github.com/nextcloud/news/releases
url = url =
"https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"; "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz";
flake = false; flake = false;
}; };
nextcloud-external = { nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases # https://github.com/nextcloud-releases/external/releases
url = url =
"https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"; "https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz";
flake = false; flake = false;
}; };
nextcloud-cookbook = { nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/ # https://github.com/nextcloud/cookbook/releases
url = url =
"https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"; "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
url =
"https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz";
flake = false; flake = false;
}; };
@ -236,17 +208,13 @@
dotfilesRepo = "https://github.com/nmasur/dotfiles"; dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = { hostnames = {
git = "git.${baseName}"; git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
metrics = "metrics.${baseName}"; metrics = "metrics.${baseName}";
prometheus = "prom.${baseName}"; prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}"; secrets = "vault.${baseName}";
stream = "stream.${baseName}"; stream = "stream.${baseName}";
content = "cloud.${baseName}"; content = "cloud.${baseName}";
books = "books.${baseName}"; books = "books.${baseName}";
download = "download.${baseName}"; download = "download.${baseName}";
transmission = "transmission.${baseName}";
}; };
}; };
@ -262,10 +230,9 @@
(import ./overlays/mpv-scripts.nix inputs) (import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs) (import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix) (import ./overlays/betterlockscreen.nix)
(import ./overlays/age.nix inputs)
(import ./overlays/proton-ge.nix inputs) (import ./overlays/proton-ge.nix inputs)
(import ./overlays/gh-collaborators.nix) (import ./overlays/keyd.nix inputs)
(import ./overlays/bypass-paywalls-clean.nix inputs)
(import ./overlays/ren-rep.nix inputs)
]; ];
# System types to support. # System types to support.
@ -280,7 +247,6 @@
# Contains my full system builds, including home-manager # Contains my full system builds, including home-manager
# nixos-rebuild switch --flake .#tempest # nixos-rebuild switch --flake .#tempest
nixosConfigurations = { nixosConfigurations = {
arrow = import ./hosts/arrow { inherit inputs globals overlays; };
tempest = import ./hosts/tempest { inherit inputs globals overlays; }; tempest = import ./hosts/tempest { inherit inputs globals overlays; };
hydra = import ./hosts/hydra { inherit inputs globals overlays; }; hydra = import ./hosts/hydra { inherit inputs globals overlays; };
flame = import ./hosts/flame { inherit inputs globals overlays; }; flame = import ./hosts/flame { inherit inputs globals overlays; };
@ -307,8 +273,6 @@
diskoConfigurations = { root = import ./disks/root.nix; }; diskoConfigurations = { root = import ./disks/root.nix; };
packages = let packages = let
arrow = system:
import ./hosts/arrow { inherit inputs globals overlays system; };
aws = system: aws = system:
import ./hosts/aws { inherit inputs globals overlays system; }; import ./hosts/aws { inherit inputs globals overlays system; };
staff = system: staff = system:
@ -320,18 +284,8 @@
colors = (import ./colorscheme/gruvbox-dark).dark; colors = (import ./colorscheme/gruvbox-dark).dark;
}; };
in { in {
x86_64-linux.arrow = arrow "x86_64-linux";
x86_64-linux.aws = aws "x86_64-linux"; x86_64-linux.aws = aws "x86_64-linux";
x86_64-linux.staff = staff "x86_64-linux"; x86_64-linux.staff = staff "x86_64-linux";
x86_64-linux.image = {
arrow = inputs.nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "iso";
modules = import ./hosts/arrow/modules.nix {
inherit inputs globals overlays;
};
};
};
# Package Neovim config into standalone package # Package Neovim config into standalone package
x86_64-linux.neovim = neovim "x86_64-linux"; x86_64-linux.neovim = neovim "x86_64-linux";
@ -394,10 +348,6 @@
path = ./templates/haskell; path = ./templates/haskell;
description = "Haskell template"; description = "Haskell template";
}; };
rust = {
path = ./templates/rust;
description = "Rust template";
};
}; };
}; };

12
hosts/README.md
View File

@ -12,15 +12,3 @@ These are the individual machines managed by this flake.
| [swan](./swan/default.nix) | Home server | | [swan](./swan/default.nix) | Home server |
| [tempest](./tempest/default.nix) | Linux desktop | | [tempest](./tempest/default.nix) | Linux desktop |
## NixOS Workflow
Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
function in that hosts file will be called by the NixOS module system during a
nixos-rebuild.
Each module in the each host's `modules` list is either a function or an
attrset. The attrsets will simply apply values to options that have been
declared in the config by other modules. Meanwhile, the functions will be
passed various arguments, several of which you will see listed at the top of
each of their files.

8
hosts/arrow/default.nix
View File

@ -1,8 +0,0 @@
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = import ./modules.nix { inherit inputs globals overlays; };
}

92
hosts/arrow/main.tf
View File

@ -1,92 +0,0 @@
terraform {
backend "s3" {
bucket = "noahmasur-terraform"
key = "arrow.tfstate"
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
use_path_style = true
/*
ENVIRONMENT VARIABLES
---------------------
AWS_ACCESS_KEY_ID - R2 token
AWS_SECRET_ACCESS_KEY - R2 secret
AWS_ENDPOINT_URL_S3 - R2 location: https://ACCOUNT_ID.r2.cloudflarestorage.com
*/
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
vultr = {
source = "vultr/vultr"
version = "2.19.0"
}
}
}
# locals {
# image_file = one(fileset(path.root, "result/iso/nixos.iso"))
# }
# variable "cloudflare_r2_endpoint" {
# type = string
# description = "Domain for the Cloudflare R2 endpoint"
# }
variable "vultr_api_key" {
type = string
description = "API key for Vultr management"
sensitive = true
}
provider "aws" {
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
}
provider "vultr" {
api_key = var.vultr_api_key
}
# data "aws_s3_bucket" "images" {
# bucket = "noahmasur-arrow-images"
# }
#
# resource "aws_s3_object" "image" {
# bucket = data.aws_s3_bucket.images.id
# key = "arrow.iso"
# source = local.image_file
# etag = filemd5(local.image_file)
# acl = "public-read"
# }
resource "vultr_iso_private" "image" {
# url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}"
url = "https://arrow.images.masu.rs/arrow.iso"
}
resource "vultr_instance" "arrow" {
plan = "vc2-1c-2gb"
region = "ewr"
iso_id = vultr_iso_private.image.id
label = "arrow"
tags = ["arrow"]
enable_ipv6 = false
disable_public_ipv4 = false
backups = "disabled"
ddos_protection = false
activation_email = false
}
output "host_ip" {
value = vultr_instance.arrow.main_ip
}

38
hosts/arrow/modules.nix
View File

@ -1,38 +0,0 @@
{ inputs, globals, overlays }:
[
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "arrow";
physical = false;
server = true;
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
];
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
cloudflare.enable = true;
services.openssh.enable = true;
services.caddy.enable = true;
services.transmission.enable = true;
# nix-index seems to each up too much memory for Vultr
home-manager.users.${globals.user}.programs.nix-index.enable =
inputs.nixpkgs.lib.mkForce false;
virtualisation.vmVariant = {
virtualisation.forwardPorts = [{
from = "host";
host.port = 2222;
guest.port = 22;
}];
};
}
../../modules/common
../../modules/nixos
]

5
hosts/aws/default.nix
View File

@ -12,9 +12,8 @@ inputs.nixos-generators.nixosGenerate {
gui.enable = false; gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark; theme.colors = (import ../../colorscheme/gruvbox).dark;
passwordHash = null; passwordHash = null;
publicKeys = [ publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
];
# AWS settings require this # AWS settings require this
permitRootLogin = "prohibit-password"; permitRootLogin = "prohibit-password";
} }

2
hosts/aws/main.tf
View File

@ -26,7 +26,7 @@ data "aws_iam_policy_document" "vmimport" {
actions = [ actions = [
"s3:GetBucketLocation", "s3:GetBucketLocation",
"s3:GetObject", "s3:GetObject",
"s3:ListBucket", "s3:ListBucket",
] ]
resources = [ resources = [
"arn:aws:s3:::${aws_s3_object.image.bucket}", "arn:aws:s3:::${aws_s3_object.image.bucket}",

10
hosts/flame/default.nix
View File

@ -1,8 +1,6 @@
# The Flame # The Flame
# System configuration for an Oracle free server # System configuration for an Oracle free server
# See [readme](../README.md) to explain how this file works.
# How to install: # How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead. # These days, probably use nixos-anywhere instead.
@ -52,17 +50,14 @@ inputs.nixpkgs.lib.nixosSystem {
theme = { colors = (import ../../colorscheme/gruvbox).dark; }; theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services # Programs and services
atuin.enable = true;
cloudflare.enable = true; # Proxy traffic with Cloudflare cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles dotfiles.enable = true; # Clone dotfiles
neovim.enable = true; neovim.enable = true;
giteaRunner.enable = true; giteaRunner.enable = true;
services.caddy.enable = true; services.caddy.enable = true;
services.grafana.enable = true; services.grafana.enable = true;
services.thelounge.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
services.victoriametrics.enable = true; services.victoriametrics.enable = true;
services.influxdb2.enable = true;
services.gitea.enable = true; services.gitea.enable = true;
services.vaultwarden.enable = true; services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server services.minecraft-server.enable = true; # Setup Minecraft server
@ -84,9 +79,8 @@ inputs.nixpkgs.lib.nixosSystem {
}; };
# Disable passwords, only use SSH key # Disable passwords, only use SSH key
publicKeys = [ publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
];
# # Wireguard config for Transmission # # Wireguard config for Transmission
# wireguard.enable = true; # wireguard.enable = true;

2
hosts/hydra/default.nix
View File

@ -1,8 +1,6 @@
# The Hydra # The Hydra
# System configuration for WSL # System configuration for WSL
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }: { inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {

5
hosts/lookingglass/default.nix
View File

@ -4,7 +4,7 @@
{ inputs, globals, overlays, ... }: { inputs, globals, overlays, ... }:
inputs.darwin.lib.darwinSystem { inputs.darwin.lib.darwinSystem {
system = "aarch64-darwin"; system = "x86_64-darwin";
specialArgs = { }; specialArgs = { };
modules = [ modules = [
../../modules/common ../../modules/common
@ -25,7 +25,6 @@ inputs.darwin.lib.darwinSystem {
dark = true; dark = true;
}; };
mail.user = globals.user; mail.user = globals.user;
atuin.enable = true;
charm.enable = true; charm.enable = true;
neovim.enable = true; neovim.enable = true;
mail.enable = true; mail.enable = true;
@ -38,9 +37,7 @@ inputs.darwin.lib.darwinSystem {
nixlang.enable = true; nixlang.enable = true;
terraform.enable = true; terraform.enable = true;
python.enable = true; python.enable = true;
rust.enable = true;
lua.enable = true; lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true; kubernetes.enable = true;
_1password.enable = true; _1password.enable = true;
slack.enable = true; slack.enable = true;

21
hosts/swan/default.nix
View File

@ -1,8 +1,6 @@
# The Swan # The Swan
# System configuration for my home NAS server # System configuration for my home NAS server
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }: { inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
@ -56,15 +54,8 @@ inputs.nixpkgs.lib.nixosSystem {
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; }); devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
}; };
boot.zfs = { # Automatically load the ZFS pool on boot
# Automatically load the ZFS pool on boot boot.zfs.extraPools = [ "tank" ];
extraPools = [ "tank" ];
# Only try to decrypt datasets with keyfiles
requestEncryptionCredentials =
[ "tank/archive" "tank/generic" "tank/nextcloud" ];
# If password is requested and fails, continue to boot eventually
passwordTimeout = 300;
};
# Theming # Theming
@ -75,7 +66,6 @@ inputs.nixpkgs.lib.nixosSystem {
theme = { colors = (import ../../colorscheme/gruvbox).dark; }; theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services # Programs and services
atuin.enable = true;
neovim.enable = true; neovim.enable = true;
cloudflare.enable = true; cloudflare.enable = true;
dotfiles.enable = true; dotfiles.enable = true;
@ -89,8 +79,6 @@ inputs.nixpkgs.lib.nixosSystem {
services.prometheus.enable = false; services.prometheus.enable = false;
services.vmagent.enable = true; services.vmagent.enable = true;
services.samba.enable = true; services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
# Allows private remote access over the internet # Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {
@ -109,9 +97,8 @@ inputs.nixpkgs.lib.nixosSystem {
}; };
# Disable passwords, only use SSH key # Disable passwords, only use SSH key
publicKeys = [ publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
];
} }
]; ];
} }

5
hosts/tempest/default.nix
View File

@ -1,8 +1,6 @@
# The Tempest # The Tempest
# System configuration for my desktop # System configuration for my desktop
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }: { inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
@ -85,7 +83,6 @@ inputs.nixpkgs.lib.nixosSystem {
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark"; gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services # Programs and services
atuin.enable = true;
charm.enable = true; charm.enable = true;
neovim.enable = true; neovim.enable = true;
media.enable = true; media.enable = true;
@ -102,8 +99,6 @@ inputs.nixpkgs.lib.nixosSystem {
keybase.enable = true; keybase.enable = true;
mullvad.enable = false; mullvad.enable = false;
nixlang.enable = true; nixlang.enable = true;
rust.enable = true;
terraform.enable = true;
yt-dlp.enable = true; yt-dlp.enable = true;
gaming = { gaming = {
dwarf-fortress.enable = true; dwarf-fortress.enable = true;

1
misc/public-keys
View File

@ -4,4 +4,3 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmGHIWBZzRx35/yFgnPJSHN2+35WJ30G9c5tDhPsCrl arrow

22
modules/common/applications/1password.nix
View File

@ -9,22 +9,12 @@
}; };
}; };
config = lib.mkIf (config.gui.enable && config._1password.enable) { config = lib.mkIf
unfreePackages = [ "1password" "_1password-gui" "1password-cli" ]; (config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
home-manager.users.${config.user} = { unfreePackages = [ "1password" "_1password-gui" ];
home.packages = with pkgs; [ _1password-gui _1password ]; home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
};
}; };
# https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
# On Mac, does not apply: https://1password.community/discussion/142794/app-and-browser-integration
# However, the button doesn't work either:
# https://1password.community/discussion/140735/extending-support-for-trusted-web-browsers
environment.etc."1password/custom_allowed_browsers".text = ''
${
config.home-manager.users.${config.user}.programs.firefox.package
}/Applications/Firefox.app/Contents/MacOS/firefox
firefox
'';
};
} }

2
modules/common/applications/discord.nix
View File

@ -11,8 +11,8 @@
config = lib.mkIf (config.gui.enable && config.discord.enable) { config = lib.mkIf (config.gui.enable && config.discord.enable) {
unfreePackages = [ "discord" ]; unfreePackages = [ "discord" ];
environment.systemPackages = [ pkgs.discord ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];
xdg.configFile."discord/settings.json".text = '' xdg.configFile."discord/settings.json".text = ''
{ {
"BACKGROUND_COLOR": "#202225", "BACKGROUND_COLOR": "#202225",

32
modules/common/applications/firefox.nix
View File

@ -16,6 +16,7 @@
unfreePackages = [ unfreePackages = [
(lib.mkIf config._1password.enable "onepassword-password-manager") (lib.mkIf config._1password.enable "onepassword-password-manager")
"okta-browser-plugin" "okta-browser-plugin"
"wappalyzer"
]; ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
@ -28,22 +29,22 @@
id = 0; id = 0;
name = "default"; name = "default";
isDefault = true; isDefault = true;
# https://nur.nix-community.org/repos/rycee/
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable onepassword-password-manager) ublock-origin
pkgs.bypass-paywalls-clean vimium
darkreader
don-t-fuck-with-paste
facebook-container
markdownload
multi-account-containers multi-account-containers
facebook-container
(lib.mkIf config._1password.enable onepassword-password-manager)
okta-browser-plugin okta-browser-plugin
sponsorblock
reddit-enhancement-suite reddit-enhancement-suite
return-youtube-dislikes return-youtube-dislikes
sponsorblock markdownload
ublock-origin darkreader
ublacklist snowflake
vimium don-t-fuck-with-paste
i-dont-care-about-cookies
wappalyzer
]; ];
settings = { settings = {
"app.update.auto" = false; "app.update.auto" = false;
@ -73,8 +74,6 @@
"media.ffmpeg.vaapi.enabled" = "media.ffmpeg.vaapi.enabled" =
true; # Enable hardware video acceleration true; # Enable hardware video acceleration
"cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups "cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
"devtools.command-button-screenshot.enabled" =
true; # Scrolling screenshot of entire page
"svg.context-properties.content.enabled" = true; # Sidebery styling "svg.context-properties.content.enabled" = true; # Sidebery styling
}; };
userChrome = '' userChrome = ''
@ -116,7 +115,7 @@
background-color: ${config.theme.colors.base00}; background-color: ${config.theme.colors.base00};
color: ${config.theme.colors.base06} !important; color: ${config.theme.colors.base06} !important;
} }
.tab-content[selected] { .tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent); border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.theme.colors.base01} !important; background-color: ${config.theme.colors.base01} !important;
color: ${config.theme.colors.base07} !important; color: ${config.theme.colors.base07} !important;
@ -163,11 +162,6 @@
}; };
xdg.mimeApps = {
associations.added = { "text.html" = [ "firefox.desktop" ]; };
defaultApplications = { "text.html" = [ "firefox.desktop" ]; };
};
xsession.windowManager.i3.config.keybindings = xsession.windowManager.i3.config.keybindings =
lib.mkIf pkgs.stdenv.isLinux { lib.mkIf pkgs.stdenv.isLinux {
"${ "${

15
modules/common/applications/kitty.nix
View File

@ -45,20 +45,9 @@
# Easy fullscreen toggle (for macOS) # Easy fullscreen toggle (for macOS)
"super+f" = "toggle_fullscreen"; "super+f" = "toggle_fullscreen";
# Kitty scrollback nvim
"kitty_mod+h" = "kitty_scrollback_nvim";
"kitty_mod+g" =
"kitty_scrollback_nvim --config ksb_builtin_last_cmd_output";
}; };
settings = { settings = {
# Required for kitty-scrollback.nvim
allow_remote_control = "socket-only";
listen_on = "unix:/tmp/kitty";
action_alias =
"kitty_scrollback_nvim kitten ${pkgs.vimPlugins.kitty-scrollback-nvim}/python/kitty_scrollback_nvim.py";
# Colors (adapted from: https://github.com/kdrag0n/base16-kitty/blob/master/templates/default-256.mustache) # Colors (adapted from: https://github.com/kdrag0n/base16-kitty/blob/master/templates/default-256.mustache)
background = config.theme.colors.base00; background = config.theme.colors.base00;
foreground = config.theme.colors.base05; foreground = config.theme.colors.base05;
@ -103,8 +92,8 @@
color21 = config.theme.colors.base06; color21 = config.theme.colors.base06;
# Scrollback # Scrollback
scrollback_lines = 10000; scrolling_lines = 10000;
scrollback_pager_history_size = 300; # MB scrollback_pager_history_size = 10; # MB
# Window # Window
window_padding_width = 6; window_padding_width = 6;

2
modules/common/applications/media.nix
View File

@ -40,7 +40,6 @@
associations.added = { associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ]; "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ]; "image/jpeg" = [ "nsxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ]; "image/*" = [ "nsxiv.desktop" ];
}; };
associations.removed = { associations.removed = {
@ -49,7 +48,6 @@
defaultApplications = { defaultApplications = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ]; "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ]; "image/jpeg" = [ "nsxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ]; "image/*" = [ "nsxiv.desktop" ];
}; };
}; };

5
modules/common/applications/obsidian.nix
View File

@ -15,9 +15,8 @@
home.packages = with pkgs; [ obsidian ]; home.packages = with pkgs; [ obsidian ];
}; };
# Broken on 2023-12-11 # Broken on 2023-04-16
# https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8 nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.0" ];
nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
}; };

48
modules/common/default.nix
View File

@ -75,18 +75,10 @@
type = lib.types.str; type = lib.types.str;
description = "Hostname for metrics server."; description = "Hostname for metrics server.";
}; };
paperless = lib.mkOption {
type = lib.types.str;
description = "Hostname for document server (paperless-ngx).";
};
prometheus = lib.mkOption { prometheus = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Hostname for Prometheus server."; description = "Hostname for Prometheus server.";
}; };
influxdb = lib.mkOption {
type = lib.types.str;
description = "Hostname for InfluxDB2 server.";
};
secrets = lib.mkOption { secrets = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden)."; description = "Hostname for passwords and secrets (Vaultwarden).";
@ -107,20 +99,44 @@
type = lib.types.str; type = lib.types.str;
description = "Hostname for download services."; description = "Hostname for download services.";
}; };
irc = lib.mkOption {
type = lib.types.str;
description = "Hostname for IRC services.";
};
transmission = lib.mkOption {
type = lib.types.str;
description = "Hostname for peer2peer downloads (Transmission).";
};
}; };
}; };
config = let stateVersion = "23.05"; config = let stateVersion = "23.05";
in { in {
nix = {
# Enable features in Nix commands
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
settings = {
# Add community Cachix to binary cache
# Don't use with macOS because blocked by corporate firewall
builders-use-substitutes = true;
substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
[ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
# Not working with macOS: https://github.com/NixOS/nix/issues/7273
auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
};
};
# Basic common system packages for all devices # Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ]; environment.systemPackages = with pkgs; [ git vim wget curl ];

2
modules/common/mail/aerc.nix
View File

@ -68,7 +68,7 @@
"!" = ":term<space>"; "!" = ":term<space>";
"|" = ":pipe<space>"; "|" = ":pipe<space>";
"/" = ":search<space>-a<space>"; "/" = ":search<space>";
"\\" = ":filter <space>"; "\\" = ":filter <space>";
n = ":next-result<Enter>"; n = ":next-result<Enter>";
N = ":prev-result<Enter>"; N = ":prev-result<Enter>";

2
modules/common/mail/himalaya.nix
View File

@ -9,6 +9,8 @@
programs.himalaya = { enable = true; }; programs.himalaya = { enable = true; };
accounts.email.accounts.home.himalaya = { accounts.email.accounts.home.himalaya = {
enable = true; enable = true;
backend = "imap";
sender = "smtp";
settings = { settings = {
downloads-dir = config.userDirs.download; downloads-dir = config.userDirs.download;
smtp-insecure = true; smtp-insecure = true;

2
modules/common/neovim/config/colors.nix
View File

@ -8,7 +8,7 @@
}; };
config = { config = {
plugins = [ pkgs.vimPlugins.base16-nvim ]; plugins = [ pkgs.vimPlugins.nvim-base16 ];
setup.base16-colorscheme = config.colors; setup.base16-colorscheme = config.colors;
# Telescope isn't working, shut off for now # Telescope isn't working, shut off for now

17
modules/common/neovim/config/completion.nix
View File

@ -9,6 +9,7 @@
pkgs.vimPlugins.luasnip pkgs.vimPlugins.luasnip
pkgs.vimPlugins.cmp_luasnip pkgs.vimPlugins.cmp_luasnip
pkgs.vimPlugins.cmp-rg pkgs.vimPlugins.cmp-rg
pkgs.vimPlugins.friendly-snippets
]; ];
use.cmp.setup = dsl.callWith { use.cmp.setup = dsl.callWith {
@ -23,6 +24,13 @@
end end
''; '';
# Enable Luasnip snippet completion
snippet.expand = dsl.rawLua ''
function(args)
require("luasnip").lsp_expand(args.body)
end
'';
# Basic completion keybinds # Basic completion keybinds
mapping = { mapping = {
"['<C-n>']" = dsl.rawLua "['<C-n>']" = dsl.rawLua
@ -62,6 +70,7 @@
sources = [ sources = [
{ name = "nvim_lua"; } # Fills in common Neovim lua functions { name = "nvim_lua"; } # Fills in common Neovim lua functions
{ name = "nvim_lsp"; } # LSP results { name = "nvim_lsp"; } # LSP results
{ name = "luasnip"; } # Snippets
{ name = "path"; } # Shell completion from current PATH { name = "path"; } # Shell completion from current PATH
{ {
name = "buffer"; # Grep for text from the current text buffer name = "buffer"; # Grep for text from the current text buffer
@ -110,6 +119,7 @@
} }
vim_item.kind = string.format("%s", kind_icons[vim_item.kind]) vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
vim_item.menu = ({ vim_item.menu = ({
luasnip = "[Snippet]",
buffer = "[Buffer]", buffer = "[Buffer]",
path = "[Path]", path = "[Path]",
rg = "[Grep]", rg = "[Grep]",
@ -129,6 +139,13 @@
}; };
lua = '' lua = ''
-- Load snippets
-- Check status: :lua require("luasnip").log.open()
require("luasnip.loaders.from_vscode").lazy_load()
require("luasnip.loaders.from_vscode").lazy_load({ paths = { "${
builtins.toString pkgs.vscode-terraform-snippets
}" } })
-- Use buffer source for `/` -- Use buffer source for `/`
require('cmp').setup.cmdline("/", { require('cmp').setup.cmdline("/", {
sources = { sources = {

14
modules/common/neovim/config/github.lua
View File

@ -1,14 +0,0 @@
-- Keymap to open file in GitHub web
vim.keymap.set("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
-- Pop a terminal to watch the current run
local gitwatch =
require("toggleterm.terminal").Terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
-- Set a toggle for this terminal
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
-- Keymap to toggle the run
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)

6
modules/common/neovim/config/kubernetes.lua
View File

@ -1,6 +0,0 @@
local k9s = require("toggleterm.terminal").Terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

178
modules/common/neovim/config/lsp.nix
View File

@ -1,112 +1,76 @@
{ pkgs, lib, config, dsl, ... }: { { pkgs, dsl, ... }: {
# Terraform optional because non-free plugins = [
options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP"; pkgs.vimPlugins.nvim-lspconfig
options.github = lib.mkEnableOption "Whether to enable GitHub features"; pkgs.vimPlugins.lsp-colors-nvim
options.kubernetes = pkgs.vimPlugins.null-ls-nvim
lib.mkEnableOption "Whether to enable Kubernetes features"; ];
config = {
plugins = [
pkgs.vimPlugins.nvim-lspconfig
pkgs.vimPlugins.conform-nvim
pkgs.vimPlugins.fidget-nvim
pkgs.vimPlugins.nvim-lint
];
setup.fidget = { };
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
};
use.lspconfig.nil_ls.setup = dsl.callWith {
cmd = [ "${pkgs.nil}/bin/nil" ];
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
};
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
};
use.lspconfig.terraformls.setup = dsl.callWith {
cmd = if config.terraform then [
"${pkgs.terraform-ls}/bin/terraform-ls"
"serve"
] else
[ "echo" ];
};
use.lspconfig.rust_analyzer.setup = dsl.callWith {
cmd = [ "${pkgs.rust-analyzer}/bin/rust-analyzer" ];
settings = {
"['rust-analyzer']" = {
check = { command = "clippy"; };
files = { excludeDirs = [ ".direnv" ]; };
};
};
};
setup.conform = {
format_on_save = {
# These options will be passed to conform.format()
timeout_ms = 1500;
lsp_fallback = true;
};
formatters_by_ft = {
lua = [ "stylua" ];
python = [ "black" ];
fish = [ "fish_indent" ];
nix = [ "nixfmt" ];
rust = [ "rustfmt" ];
sh = [ "shfmt" ];
terraform = if config.terraform then [ "terraform_fmt" ] else [ ];
hcl = if config.terraform then [ "terraform_fmt" ] else [ ];
};
formatters = {
lua.command = "${pkgs.stylua}/bin/stylua";
black.command = "${pkgs.black}/bin/black";
fish_indent.command = "${pkgs.fish}/bin/fish_indent";
nixfmt.command = "${pkgs.nixfmt}/bin/nixfmt";
rustfmt = {
command = "${pkgs.rustfmt}/bin/rustfmt";
prepend_args = [ "--edition" "2021" ];
};
shfmt = {
command = "${pkgs.shfmt}/bin/shfmt";
prepend_args = [ "-i" "4" "-ci" ];
};
terraform_fmt.command =
if config.terraform then "${pkgs.terraform}/bin/terraform" else "";
};
};
use.lint = {
linters_by_ft = dsl.toTable {
python = [ "ruff" ];
sh = [ "shellcheck" ];
};
};
vim.api.nvim_create_autocmd = dsl.callWith [
(dsl.toTable [ "BufEnter" "BufWritePost" ])
(dsl.rawLua "{ callback = function() require('lint').try_lint() end }")
];
lua = ''
${builtins.readFile ./lsp.lua}
local ruff = require('lint').linters.ruff; ruff.cmd = "${pkgs.ruff}/bin/ruff"
local shellcheck = require('lint').linters.shellcheck; shellcheck.cmd = "${pkgs.shellcheck}/bin/shellcheck"
-- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off")
'';
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
}; };
use.lspconfig.nil_ls.setup = dsl.callWith {
cmd = [ "${pkgs.nil}/bin/nil" ];
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
};
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
};
use.lspconfig.terraformls.setup =
dsl.callWith { cmd = [ "${pkgs.terraform-ls}/bin/terraform-ls" "serve" ]; };
vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
lua = ''
${builtins.readFile ./lsp.lua}
-- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off")
require("null-ls").setup({
sources = {
require("null-ls").builtins.formatting.stylua.with({ command = "${pkgs.stylua}/bin/stylua" }),
require("null-ls").builtins.formatting.black.with({ command = "${pkgs.black}/bin/black" }),
require("null-ls").builtins.diagnostics.ruff.with({ command = "${pkgs.ruff}/bin/ruff" }),
require("null-ls").builtins.formatting.fish_indent.with({ command = "${pkgs.fish}/bin/fish_indent" }),
require("null-ls").builtins.formatting.nixfmt.with({ command = "${pkgs.nixfmt}/bin/nixfmt" }),
require("null-ls").builtins.formatting.rustfmt.with({ command = "${pkgs.rustfmt}/bin/rustfmt" }),
require("null-ls").builtins.diagnostics.shellcheck.with({ command = "${pkgs.shellcheck}/bin/shellcheck" }),
require("null-ls").builtins.formatting.shfmt.with({
command = "${pkgs.shfmt}/bin/shfmt",
extra_args = { "-i", "4", "-ci" },
}),
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
},
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
-- Auto-format on save
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ bufnr = bufnr })
end,
})
-- Use internal formatting for bindings like gq.
vim.api.nvim_create_autocmd("LspAttach", {
callback = function(args)
vim.bo[args.buf].formatexpr = nil
end,
})
end
end,
})
'';
} }

8
modules/common/neovim/config/misc.nix
View File

@ -8,15 +8,13 @@
pkgs.vimPlugins.glow-nvim # Markdown preview popup pkgs.vimPlugins.glow-nvim # Markdown preview popup
pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews
pkgs.vimPlugins.which-key-nvim # Keybind helper pkgs.vimPlugins.which-key-nvim # Keybind helper
pkgs.vimPlugins.kitty-scrollback-nvim # Scrollback pager for kitty
]; ];
# Initialize some plugins # Initialize some plugins
setup.Comment = { }; setup.Comment = { };
setup.colorizer = { user_default_options = { names = false; }; }; setup.colorizer = { };
setup.glow = { }; setup.glow = { };
setup.which-key = { }; setup.which-key = { };
setup.kitty-scrollback = { };
vim.o = { vim.o = {
termguicolors = true; # Set to truecolor termguicolors = true; # Set to truecolor
@ -71,6 +69,10 @@
" Remember last position when reopening file " Remember last position when reopening file
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
" LaTeX options
au FileType tex inoremap ;bf \textbf{}<Esc>i
au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
" Flash highlight when yanking " Flash highlight when yanking
au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 } au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
''; '';

8
modules/common/neovim/config/syntax.nix
View File

@ -4,7 +4,6 @@
(pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins: (pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins:
with pkgs.tree-sitter-grammars; [ with pkgs.tree-sitter-grammars; [
tree-sitter-bash tree-sitter-bash
tree-sitter-c
tree-sitter-fish tree-sitter-fish
tree-sitter-hcl tree-sitter-hcl
tree-sitter-ini tree-sitter-ini
@ -17,16 +16,15 @@
tree-sitter-python tree-sitter-python
tree-sitter-rasi tree-sitter-rasi
tree-sitter-toml tree-sitter-toml
tree-sitter-vimdoc
tree-sitter-yaml tree-sitter-yaml
])) ]))
pkgs.vimPlugins.vim-matchup # Better % jumping in languages pkgs.vimPlugins.vim-matchup # Better % jumping in languages
pkgs.vimPlugins.playground # Tree-sitter experimenting pkgs.vimPlugins.playground # Tree-sitter experimenting
pkgs.vimPlugins.nginx-vim pkgs.vimPlugins.nginx-vim
pkgs.vimPlugins.vim-helm pkgs.vimPlugins.vim-helm
pkgs.vimPlugins.baleia-nvim # Clean ANSI from kitty scrollback pkgs.baleia-nvim # Clean ANSI from kitty scrollback
# pkgs.vimPlugins.hmts-nvim # Tree-sitter injections for home-manager # pkgs.hmts-nvim # Tree-sitter injections for home-manager
(pkgs.vimUtils.buildVimPlugin { (pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nmasur"; pname = "nmasur";
version = "0.1"; version = "0.1";
src = ../plugin; src = ../plugin;

12
modules/common/neovim/config/toggleterm.lua
View File

@ -26,5 +26,17 @@ function NIXPKGS_TOGGLE()
nixpkgs:toggle() nixpkgs:toggle()
end end
local gitwatch = terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
local k9s = terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>t", TERM_TOGGLE) vim.keymap.set("n", "<Leader>t", TERM_TOGGLE)
vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE) vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE)
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

8
modules/common/neovim/config/toggleterm.nix
View File

@ -1,4 +1,4 @@
{ pkgs, dsl, config, ... }: { { pkgs, dsl, ... }: {
# Toggleterm provides a floating terminal inside the editor for quick access # Toggleterm provides a floating terminal inside the editor for quick access
@ -10,10 +10,6 @@
direction = "float"; direction = "float";
}; };
lua = '' lua = builtins.readFile ./toggleterm.lua;
${builtins.readFile ./toggleterm.lua}
${if config.github then (builtins.readFile ./github.lua) else ""}
${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
'';
} }

1
modules/common/neovim/config/tree.nix
View File

@ -63,6 +63,7 @@
''; '';
view = { # Set look and feel view = { # Set look and feel
width = 30; width = 30;
hide_root_folder = false;
side = "left"; side = "left";
number = false; number = false;
relativenumber = false; relativenumber = false;

7
modules/common/neovim/default.nix
View File

@ -5,9 +5,6 @@ let
neovim = import ./package { neovim = import ./package {
inherit pkgs; inherit pkgs;
colors = config.theme.colors; colors = config.theme.colors;
terraform = config.terraform.enable;
github = true;
kubernetes = config.kubernetes.enable;
}; };
in { in {
@ -45,8 +42,8 @@ in {
# Requires removing some of the ANSI escape codes that are sent to the # Requires removing some of the ANSI escape codes that are sent to the
# scrollback using sed and baleia, as well as removing several # scrollback using sed and baleia, as well as removing several
# unnecessary features. # unnecessary features.
programs.kitty.settings.scrollback_pager = programs.kitty.settings.scrollback_pager = ''
"${neovim}/bin/nvim --headless +'KittyScrollbackGenerateKittens' +'set nonumber' +'set norelativenumber' +'%print' +'quit!' 2>&1"; $SHELL -c 'sed -r "s/[[:cntrl:]]\]133;[AC]..//g" | ${neovim}/bin/nvim -c "setlocal nonumber norelativenumber nolist laststatus=0" -c "lua baleia = require(\"baleia\").setup({}); baleia.once(0)" -c "map <silent> q :qa!<CR>" -c "autocmd VimEnter * normal G"' '';
# Create a desktop option for launching Neovim from a file manager # Create a desktop option for launching Neovim from a file manager
# (Requires launching the terminal and then executing Neovim) # (Requires launching the terminal and then executing Neovim)

1
modules/common/neovim/lua/keybinds.lua
View File

@ -39,6 +39,7 @@ key("n", "<Leader>fs", ":write<CR>")
key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true }) key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true })
key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true }) key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true })
key("n", "<Leader><Tab>", ":b#<CR>", { silent = true }) key("n", "<Leader><Tab>", ":b#<CR>", { silent = true })
key("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]]) key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]])
key("n", "<Leader>jj", ":!journal<CR>:e<CR>") key("n", "<Leader>jj", ":!journal<CR>:e<CR>")

4
modules/common/neovim/package/default.nix
View File

@ -26,13 +26,13 @@
# ] ++ extraConfig; # ] ++ extraConfig;
# } # }
{ pkgs, colors, terraform ? false, github ? false, kubernetes ? false, ... }: { pkgs, colors, ... }:
# Comes from nix2vim overlay: # Comes from nix2vim overlay:
# https://github.com/gytis-ivaskevicius/nix2vim/blob/master/lib/neovim-builder.nix # https://github.com/gytis-ivaskevicius/nix2vim/blob/master/lib/neovim-builder.nix
pkgs.neovimBuilder { pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped; package = pkgs.neovim-unwrapped;
inherit colors terraform github kubernetes; inherit colors;
imports = [ imports = [
../config/align.nix ../config/align.nix
../config/bufferline.nix ../config/bufferline.nix

1
modules/common/programming/default.nix
View File

@ -6,7 +6,6 @@
./lua.nix ./lua.nix
./nix.nix ./nix.nix
./python.nix ./python.nix
./rust.nix
./terraform.nix ./terraform.nix
]; ];

198
modules/common/programming/kubernetes.nix
View File

@ -24,125 +24,113 @@
# Terminal Kubernetes UI # Terminal Kubernetes UI
programs.k9s = { programs.k9s = {
enable = true; enable = true;
settings = { # settings = { k9s = { headless = true; }; };
skin = {
k9s = { k9s = {
ui = { body = {
enableMouse = true; fgColor = config.theme.colors.base06;
headless = true; bgColor = config.theme.colors.base00;
logoless = true; logoColor = config.theme.colors.base02; # *blue ?
crumbsless = false;
skin = "main";
}; };
}; # Search bar
}; prompt = {
skins = { fgColor = config.theme.colors.base06;
main = { bgColor = config.theme.colors.base00;
k9s = { suggestColor = config.theme.colors.base03;
body = { };
# Header left side
info = {
fgColor = config.theme.colors.base04;
sectionColor = config.theme.colors.base05;
};
dialog = {
fgColor = config.theme.colors.base06;
bgColor = config.theme.colors.base00;
buttonFgColor = config.theme.colors.base06;
buttonBgColor = config.theme.colors.base0E;
buttonFocusFgColor = config.theme.colors.base07;
buttonFocusBgColor = config.theme.colors.base02; # *cyan
labelFgColor = config.theme.colors.base09;
fieldFgColor = config.theme.colors.base06;
};
frame = {
border = {
fgColor = config.theme.colors.base01;
focusColor = config.theme.colors.base06;
};
menu = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; keyColor = config.theme.colors.base0E; # *magenta
logoColor = config.theme.colors.base02; # *blue ? numKeyColor = config.theme.colors.base0E; # *magenta
}; };
# Search bar crumbs = {
prompt = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base01;
suggestColor = config.theme.colors.base03; activeColor = config.theme.colors.base03;
}; };
# Header left side status = {
info = { newColor = config.theme.colors.base04; # *cyan
fgColor = config.theme.colors.base04; modifyColor = config.theme.colors.base0D; # *blue
sectionColor = config.theme.colors.base05; addColor = config.theme.colors.base0B; # *green
errorColor = config.theme.colors.base08; # *red
highlightColor = config.theme.colors.base09; # *orange
killColor = config.theme.colors.base03; # *comment
completedColor = config.theme.colors.base03; # *comment
}; };
dialog = { title = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
buttonFgColor = config.theme.colors.base06; highlightColor = config.theme.colors.base09; # *orange
buttonBgColor = config.theme.colors.base0E; counterColor = config.theme.colors.base0D; # *blue
buttonFocusFgColor = config.theme.colors.base07; filterColor = config.theme.colors.base0E; # *magenta
buttonFocusBgColor = config.theme.colors.base02; # *cyan
labelFgColor = config.theme.colors.base09;
fieldFgColor = config.theme.colors.base06;
}; };
frame = { };
border = { views = {
fgColor = config.theme.colors.base01; charts = {
focusColor = config.theme.colors.base06; bgColor = config.theme.colors.base00;
}; defaultDialColors =
menu = { [ config.theme.colors.base0D config.theme.colors.base08 ];
fgColor = config.theme.colors.base06; # - *blue
keyColor = config.theme.colors.base0E; # *magenta # - *red
numKeyColor = config.theme.colors.base0E; # *magenta defaultChartColors =
}; [ config.theme.colors.base0D config.theme.colors.base08 ];
crumbs = { # - *blue
fgColor = config.theme.colors.base06; # - *red
bgColor = config.theme.colors.base01;
activeColor = config.theme.colors.base03;
};
status = {
newColor = config.theme.colors.base04; # *cyan
modifyColor = config.theme.colors.base0D; # *blue
addColor = config.theme.colors.base0B; # *green
errorColor = config.theme.colors.base08; # *red
highlightColor = config.theme.colors.base09; # *orange
killColor = config.theme.colors.base03; # *comment
completedColor = config.theme.colors.base03; # *comment
};
title = {
fgColor = config.theme.colors.base06;
bgColor = "default";
highlightColor = config.theme.colors.base09; # *orange
counterColor = config.theme.colors.base0D; # *blue
filterColor = config.theme.colors.base0E; # *magenta
};
}; };
views = { table = {
charts = { # List of resources
bgColor = "default"; fgColor = config.theme.colors.base06;
defaultDialColors = bgColor = config.theme.colors.base00;
[ config.theme.colors.base0D config.theme.colors.base08 ];
# - *blue
# - *red
defaultChartColors =
[ config.theme.colors.base0D config.theme.colors.base08 ];
# - *blue
# - *red
};
table = {
# List of resources
fgColor = config.theme.colors.base06;
bgColor = "default";
# Row selection # Row selection
cursorFgColor = config.theme.colors.base07; cursorFgColor = config.theme.colors.base07;
cursorBgColor = config.theme.colors.base01; cursorBgColor = config.theme.colors.base01;
# Header row # Header row
header = { header = {
fgColor = config.theme.colors.base0D; fgColor = config.theme.colors.base0D;
bgColor = "default"; bgColor = config.theme.colors.base00;
sorterColor = config.theme.colors.base0A; # *selection sorterColor = config.theme.colors.base0A; # *selection
};
}; };
xray = { };
xray = {
fgColor = config.theme.colors.base06;
bgColor = config.theme.colors.base00;
cursorColor = config.theme.colors.base06;
graphicColor = config.theme.colors.base0D;
showIcons = false;
};
yaml = {
keyColor = config.theme.colors.base0D;
colonColor = config.theme.colors.base04;
fgColor = config.theme.colors.base03;
};
logs = {
fgColor = config.theme.colors.base06;
bgColor = config.theme.colors.base00;
indicator = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
cursorColor = config.theme.colors.base06;
graphicColor = config.theme.colors.base0D;
showIcons = false;
};
yaml = {
keyColor = config.theme.colors.base0D;
colonColor = config.theme.colors.base04;
fgColor = config.theme.colors.base03;
};
logs = {
fgColor = config.theme.colors.base06;
bgColor = "default";
indicator = {
fgColor = config.theme.colors.base06;
bgColor = "default";
};
}; };
}; };
}; };

17
modules/common/programming/rust.nix
View File

@ -1,17 +0,0 @@
{ config, pkgs, lib, ... }: {
options.rust.enable = lib.mkEnableOption "Rust programming language.";
config = lib.mkIf config.rust.enable {
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = { ca = "cargo"; };
home.packages = with pkgs; [ cargo rustc clippy gcc ];
};
};
}

1
modules/common/programming/terraform.nix
View File

@ -3,7 +3,6 @@
options.terraform.enable = lib.mkEnableOption "Terraform tools."; options.terraform.enable = lib.mkEnableOption "Terraform tools.";
config = lib.mkIf config.terraform.enable { config = lib.mkIf config.terraform.enable {
unfreePackages = [ "terraform" ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.fish.shellAbbrs = { programs.fish.shellAbbrs = {

39
modules/common/shell/atuin.nix
View File

@ -1,39 +0,0 @@
{ config, lib, ... }: {
# Shell history sync
options.atuin.enable = lib.mkEnableOption "Atuin";
config = {
home-manager.users.${config.user} = lib.mkIf config.atuin.enable {
programs.atuin = {
enable = true;
flags = [ "--disable-up-arrow" "--disable-ctrl-r" ];
settings = {
auto_sync = true;
update_check = false;
sync_address = "https://api.atuin.sh";
search_mode = "fuzzy";
filter_mode = "host"; # global, host, session, directory
search_mode_shell_up_key_binding = "fuzzy";
filter_mode_shell_up_key_binding = "session";
style = "compact"; # or auto,full
show_help = true;
history_filter = [ ];
secrets_filter = true;
enter_accept = false;
keymap_mode = "vim-normal";
};
};
};
# Give root user the same setup
home-manager.users.root.programs.atuin =
config.home-manager.users.${config.user}.programs.atuin;
};
}

4
modules/common/shell/bash/scripts/ocr.sh
View File

@ -31,10 +31,6 @@ STATUS=$?
# because tesseract adds .txt to the given file path anyways. So if we were to # because tesseract adds .txt to the given file path anyways. So if we were to
# specify /tmp/ocr.txt as the file path, tesseract would out the text to # specify /tmp/ocr.txt as the file path, tesseract would out the text to
# /tmp/ocr.txt.txt # /tmp/ocr.txt.txt
cd /tmp || {
echo "Failed to jump to directory."
exit 1
}
tesseract "$IMAGE_FILE" "${TEXT_FILE//\.txt/}" tesseract "$IMAGE_FILE" "${TEXT_FILE//\.txt/}"
# Check if the text was detected by checking number # Check if the text was detected by checking number

2
modules/common/shell/default.nix
View File

@ -1,6 +1,5 @@
{ ... }: { { ... }: {
imports = [ imports = [
./atuin.nix
./bash ./bash
./charm.nix ./charm.nix
./direnv.nix ./direnv.nix
@ -12,6 +11,5 @@
./nixpkgs.nix ./nixpkgs.nix
./starship.nix ./starship.nix
./utilities.nix ./utilities.nix
./work.nix
]; ];
} }

16
modules/common/shell/direnv.nix
View File

@ -7,22 +7,6 @@
config = { whitelist = { prefix = [ config.dotfilesPath ]; }; }; config = { whitelist = { prefix = [ config.dotfilesPath ]; }; };
}; };
# programs.direnv.direnvrcExtra = ''
# layout_postgres() {
# export PGDATA="$(direnv_layout_dir)/postgres"
# export PGHOST="$PGDATA"
#
# if [[ ! -d "PGDATA" ]]; then
# initdb
# cat >> "$PGDATA/postgres.conf" <<- EOF
# listen_addresses = '''
# unix_socket_directories = '$PGHOST'
# EOF
# echo "CREATE DATABASE $USER;" | postgres --single -E postgres
# fi
# }
# '';
# Prevent garbage collection # Prevent garbage collection
nix.extraOptions = '' nix.extraOptions = ''
keep-outputs = true keep-outputs = true

3
modules/common/shell/fish/default.nix
View File

@ -123,6 +123,9 @@
dr = "docker run --rm -it"; dr = "docker run --rm -it";
db = "docker build . -t"; db = "docker build . -t";
# Rust
ca = "cargo";
}; };
shellInit = ""; shellInit = "";
}; };

2
modules/common/shell/fish/functions/fish_user_key_bindings.fish
View File

@ -18,5 +18,3 @@ bind -M insert \cn 'commandline -r "nix shell nixpkgs#"'
bind -M default \cn 'commandline -r "nix shell nixpkgs#"' bind -M default \cn 'commandline -r "nix shell nixpkgs#"'
bind -M insert \x11F nix-fzf bind -M insert \x11F nix-fzf
bind -M default \x11F nix-fzf bind -M default \x11F nix-fzf
bind -M insert \ch '_atuin_search --filter-mode global'
bind -M default \ch '_atuin_search --filter-mode global'

7
modules/common/shell/fzf.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { { config, ... }: {
# FZF is a fuzzy-finder for the terminal # FZF is a fuzzy-finder for the terminal
@ -16,9 +16,10 @@
--search-path $HOME/dev \ --search-path $HOME/dev \
--type directory \ --type directory \
--exact-depth 2 \ --exact-depth 2 \
| ${pkgs.proximity-sort}/bin/proximity-sort $PWD \
| sed 's/\\/$//' \ | sed 's/\\/$//' \
| fzf --tiebreak=index \ | fzf \
--delimiter '/' \
--with-nth 6.. \
) )
and cd $projdir and cd $projdir
and commandline -f execute and commandline -f execute

29
modules/common/shell/git.nix
View File

@ -28,43 +28,15 @@ in {
userName = config.gitName; userName = config.gitName;
userEmail = config.gitEmail; userEmail = config.gitEmail;
extraConfig = { extraConfig = {
core.pager =
"${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight | less -F";
interactive.difffilter =
"${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight";
pager = { branch = "false"; }; pager = { branch = "false"; };
safe = { directory = config.dotfilesPath; }; safe = { directory = config.dotfilesPath; };
pull = { ff = "only"; }; pull = { ff = "only"; };
push = { autoSetupRemote = "true"; }; push = { autoSetupRemote = "true"; };
init = { defaultBranch = "master"; }; init = { defaultBranch = "master"; };
rebase = { autosquash = "true"; };
gpg = {
format = "ssh";
ssh.allowedSignersFile = "~/.config/git/allowed-signers";
};
commit.gpgsign = true;
tag.gpgsign = true;
}; };
ignores = [ ".direnv/**" "result" ]; ignores = [ ".direnv/**" "result" ];
includes = [{
path = "~/.config/git/personal";
condition = "gitdir:~/dev/personal/";
}];
}; };
# Personal git config
# TODO: fix with variables
xdg.configFile."git/personal".text = ''
[user]
name = "${config.fullName}"
email = "7386960+nmasur@users.noreply.github.com"
signingkey = ~/.ssh/id_ed25519
'';
xdg.configFile."git/allowed-signers".text = ''
7386960+nmasur@users.noreply.github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s
'';
programs.fish.shellAbbrs = { programs.fish.shellAbbrs = {
g = "git"; g = "git";
gs = "git status"; gs = "git status";
@ -86,7 +58,6 @@ in {
git switch (git symbolic-ref refs/remotes/origin/HEAD | cut -d"/" -f4)''; git switch (git symbolic-ref refs/remotes/origin/HEAD | cut -d"/" -f4)'';
gcob = "git switch -c"; gcob = "git switch -c";
gb = "git branch"; gb = "git branch";
gpd = "git push origin -d";
gbd = "git branch -d"; gbd = "git branch -d";
gbD = "git branch -D"; gbD = "git branch -D";
gr = "git reset"; gr = "git reset";

6
modules/common/shell/github.nix
View File

@ -7,7 +7,6 @@
enable = true; enable = true;
gitCredentialHelper.enable = true; gitCredentialHelper.enable = true;
settings.git_protocol = "https"; settings.git_protocol = "https";
extensions = [ pkgs.gh-collaborators ];
}; };
programs.fish = programs.fish =
@ -15,7 +14,7 @@
shellAbbrs = { shellAbbrs = {
ghr = "gh repo view -w"; ghr = "gh repo view -w";
gha = gha =
"gh run list | head -1 | awk '{ print \\$\\(NF-2\\) }' | xargs gh run view"; "gh run list | head -1 | awk '{ print $(NF-2) }' | xargs gh run view";
grw = "gh run watch"; grw = "gh run watch";
grf = "gh run view --log-failed"; grf = "gh run view --log-failed";
grl = "gh run view --log"; grl = "gh run view --log";
@ -48,7 +47,7 @@
esac esac
selected=$(gh repo list "$organization" \ selected=$(gh repo list "$organization" \
--limit 100 \ --limit 50 \
--no-archived \ --no-archived \
--json=name,description,isPrivate,updatedAt,primaryLanguage \ --json=name,description,isPrivate,updatedAt,primaryLanguage \
| jq -r '.[] | .name + "," + if .description == "" then "-" else .description |= gsub(","; " ") | .description end + "," + .updatedAt + "," + .primaryLanguage.name' \ | jq -r '.[] | .name + "," + if .description == "" then "-" else .description |= gsub(","; " ") | .description end + "," + .updatedAt + "," + .primaryLanguage.name' \
@ -57,7 +56,6 @@
| fzf \ | fzf \
--header-lines=1 \ --header-lines=1 \
--layout=reverse \ --layout=reverse \
--height=100% \
--bind "ctrl-o:execute:gh repo view -w ''${organization}/{1}" \ --bind "ctrl-o:execute:gh repo view -w ''${organization}/{1}" \
--bind "shift-up:preview-half-page-up" \ --bind "shift-up:preview-half-page-up" \
--bind "shift-down:preview-half-page-down" \ --bind "shift-down:preview-half-page-down" \

1
modules/common/shell/jujutsu.nix
View File

@ -4,6 +4,7 @@
home-manager.users.${config.user}.programs.jujutsu = { home-manager.users.${config.user}.programs.jujutsu = {
enable = true; enable = true;
enableFishIntegration = true;
# https://github.com/martinvonz/jj/blob/main/docs/config.md # https://github.com/martinvonz/jj/blob/main/docs/config.md
settings = { settings = {

48
modules/common/shell/nixpkgs.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { { config, pkgs, ... }: {
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.fish = { programs.fish = {
@ -60,24 +60,6 @@
enableFishIntegration = true; enableFishIntegration = true;
}; };
# Create nix-index if doesn't exist
home.activation.createNixIndex =
let cacheDir = "${config.homePath}/.cache/nix-index";
in lib.mkIf
config.home-manager.users.${config.user}.programs.nix-index.enable
(config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] ''
if [ ! -d ${cacheDir} ]; then
$DRY_RUN_CMD ${pkgs.nix-index}/bin/nix-index -f ${pkgs.path}
fi
'');
# Set automatic generation cleanup for home-manager
nix.gc = {
automatic = config.nix.gc.automatic;
options = config.nix.gc.options;
};
}; };
nix = { nix = {
@ -94,34 +76,6 @@
# For security, only allow specific users # For security, only allow specific users
settings.allowed-users = [ "@wheel" config.user ]; settings.allowed-users = [ "@wheel" config.user ];
# Enable features in Nix commands
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
gc = {
automatic = true;
options = "--delete-older-than 10d";
};
settings = {
# Add community Cachix to binary cache
# Don't use with macOS because blocked by corporate firewall
builders-use-substitutes = true;
substituters =
lib.mkIf (!pkgs.stdenv.isDarwin) [ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
# Not working with macOS: https://github.com/NixOS/nix/issues/7273
auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
};
}; };
} }

9
modules/common/shell/utilities.nix
View File

@ -20,21 +20,15 @@ in {
home.packages = with pkgs; [ home.packages = with pkgs; [
age # Encryption age # Encryption
bc # Calculator bc # Calculator
delta # Fancy diffs
difftastic # Other fancy diffs
dig # DNS lookup dig # DNS lookup
fd # find fd # find
htop # Show system processes htop # Show system processes
killall # Force quit killall # Force quit
inetutils # Includes telnet, whois inetutils # Includes telnet, whois
jless # JSON viewer
jo # JSON output
jq # JSON manipulation jq # JSON manipulation
lf # File viewer lf # File viewer
qrencode # Generate qr codes qrencode # Generate qr codes
rsync # Copy folders rsync # Copy folders
ren # Rename files
# rep # Replace text in files
ripgrep # grep ripgrep # grep
sd # sed sd # sed
tealdeer # Cheatsheets tealdeer # Cheatsheets
@ -50,11 +44,10 @@ in {
home.file = { home.file = {
".rgignore".text = ignorePatterns; ".rgignore".text = ignorePatterns;
".fdignore".text = ignorePatterns;
".digrc".text = "+noall +answer"; # Cleaner dig commands ".digrc".text = "+noall +answer"; # Cleaner dig commands
}; };
xdg.configFile."fd/ignore".text = ignorePatterns;
programs.bat = { programs.bat = {
enable = true; # cat replacement enable = true; # cat replacement
config = { config = {

46
modules/common/shell/work.nix
View File

@ -1,46 +0,0 @@
{ config, pkgs, lib, ... }:
{
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
home.packages = let
ldap_scheme = "ldaps";
magic_number = "2";
magic_end_seq = "corp";
magic_prefix = "take";
ldap_host =
"${magic_prefix}${magic_number}.t${magic_number}.${magic_end_seq}";
ldap_port = 636;
ldap_dc_1 = "${magic_prefix}${magic_number}";
ldap_dc_2 = "t${magic_number}";
ldap_dc_3 = magic_end_seq;
ldap_script = pkgs.writeShellScriptBin "ldap" ''
# if ! [ "$LDAP_HOST" ]; then
# echo "No LDAP_HOST specified!"
# exit 1
# fi
SEARCH_FILTER="$@"
ldapsearch -LLL \
-B -o ldif-wrap=no \
-H "${ldap_scheme}://${ldap_host}:${builtins.toString ldap_port}" \
-D "${pkgs.lib.toUpper magic_prefix}${magic_number}\\${
pkgs.lib.toLower config.user
}" \
-w "$(${pkgs._1password}/bin/op item get T${magic_number} --fields label=password)" \
-b "DC=${ldap_dc_1},DC=${ldap_dc_2},DC=${ldap_dc_3}" \
-s "sub" -x "(cn=$SEARCH_FILTER)" \
| jq --slurp \
--raw-input 'split("\n\n")|map(split("\n")|map(select(.[0:1]!="#" and length>0)) |select(length > 0)|map(capture("^(?<key>[^:]*:?): *(?<value>.*)") |if .key[-1:.key|length] == ":" then .key=.key[0:-1]|.value=(.value|@base64d) else . end)| group_by(.key) | map({key:.[0].key,value:(if .|length > 1 then [.[].value] else .[].value end)}) | from_entries)' | jq -r 'del(.[].thumbnailPhoto)'
'';
ldapm_script = pkgs.writeShellScriptBin "ldapm" ''
${ldap_script}/bin/ldap "$@" | jq '[ .[].memberOf] | add'
'';
ldapg_script = pkgs.writeShellScriptBin "ldapg" ''
${ldap_script}/bin/ldap "$@" | jq '[ .[].member] | add'
'';
in [ ldap_script ldapm_script ldapg_script ];
};
}

5
modules/darwin/hammerspoon.nix
View File

@ -16,7 +16,6 @@
firefox = "${pkgs.firefox-bin}/Applications/Firefox.app"; firefox = "${pkgs.firefox-bin}/Applications/Firefox.app";
discord = "${pkgs.discord}/Applications/Discord.app"; discord = "${pkgs.discord}/Applications/Discord.app";
kitty = "${pkgs.kitty}/Applications/kitty.app"; kitty = "${pkgs.kitty}/Applications/kitty.app";
obsidian = "${pkgs.obsidian}/Applications/Obsidian.app";
slack = "${pkgs.slack}/Applications/Slack.app"; slack = "${pkgs.slack}/Applications/Slack.app";
}; };
xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source = xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source =
@ -25,9 +24,9 @@
home.activation.reloadHammerspoon = home.activation.reloadHammerspoon =
config.home-manager.users.${config.user}.lib.dag.entryAfter config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] '' [ "writeBoundary" ] ''
$DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()" $DRY_RUN_CMD /usr/local/bin/hs -c "hs.reload()"
$DRY_RUN_CMD sleep 1 $DRY_RUN_CMD sleep 1
$DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()" $DRY_RUN_CMD /usr/local/bin/hs -c "hs.console.clearConsole()"
''; '';
}; };

53
modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
View File

@ -8,8 +8,24 @@ obj.name = "Launcher"
obj.version = "0.1" obj.version = "0.1"
obj.license = "MIT - https://opensource.org/licenses/MIT" obj.license = "MIT - https://opensource.org/licenses/MIT"
local screen = hs.screen.primaryScreen() local width = hs.screen.mainScreen():fullFrame().w
local switcherWidth = 500 local switcherWidth = 500
obj.canvas = hs.canvas.new({
x = width / 2 - switcherWidth / 2,
y = 1,
h = 3,
w = switcherWidth,
})
-- Draw switcher
obj.canvas[#obj.canvas + 1] = {
action = "build",
type = "rectangle",
}
obj.canvas[#obj.canvas + 1] = {
type = "rectangle",
fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
action = "fill",
}
function obj:init() function obj:init()
-- Begin launcher mode -- Begin launcher mode
@ -23,29 +39,13 @@ function obj:init()
-- Behaviors on enter -- Behaviors on enter
function self.launcher:entered() function self.launcher:entered()
-- hs.alert("Entered mode") -- hs.alert("Entered mode")
obj.canvas = hs.canvas.new({
x = (screen:fullFrame().x + screen:fullFrame().w) / 2 - switcherWidth / 2,
y = 1,
h = 3,
w = switcherWidth,
})
-- Draw switcher
obj.canvas[#obj.canvas + 1] = {
action = "build",
type = "rectangle",
}
obj.canvas[#obj.canvas + 1] = {
type = "rectangle",
fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
action = "fill",
}
obj.canvas:show() obj.canvas:show()
end end
-- Behaviors on exit -- Behaviors on exit
function self.launcher:exited() function self.launcher:exited()
-- hs.alert("Exited mode") -- hs.alert("Exited mode")
obj.canvas:delete(0.2) obj.canvas:hide()
end end
-- Use escape to exit launcher mode -- Use escape to exit launcher mode
@ -54,19 +54,14 @@ function obj:init()
end) end)
-- Launcher shortcuts -- Launcher shortcuts
self.launcher:bind("ctrl", "space", function() end) self.launcher:bind("ctrl", "space", function()
end)
self.launcher:bind("", "return", function() self.launcher:bind("", "return", function()
self:switch("@kitty@") self:switch("@kitty@")
end) end)
self.launcher:bind("", "C", function() self.launcher:bind("", "C", function()
self:switch("Calendar.app") self:switch("Calendar.app")
end) end)
self.launcher:bind("shift", "D", function()
hs.execute("launchctl remove com.paloaltonetworks.gp.pangps")
hs.execute("launchctl remove com.paloaltonetworks.gp.pangpa")
hs.alert.show("Disconnected from GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "E", function() self.launcher:bind("", "E", function()
self:switch("Mail.app") self:switch("Mail.app")
end) end)
@ -80,17 +75,11 @@ function obj:init()
self:switch("Messages.app") self:switch("Messages.app")
end) end)
self.launcher:bind("", "O", function() self.launcher:bind("", "O", function()
self:switch("@obsidian@") self:switch("Obsidian.app")
end) end)
self.launcher:bind("", "P", function() self.launcher:bind("", "P", function()
self:switch("System Preferences.app") self:switch("System Preferences.app")
end) end)
self.launcher:bind("shift", "P", function()
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist")
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist")
hs.alert.show("Reconnecting to GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "R", function() self.launcher:bind("", "R", function()
hs.console.clearConsole() hs.console.clearConsole()
hs.reload() hs.reload()

4
modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/init.lua
View File

@ -9,7 +9,7 @@ obj.version = "0.1"
obj.license = "MIT - https://opensource.org/licenses/MIT" obj.license = "MIT - https://opensource.org/licenses/MIT"
function obj:init() function obj:init()
hs.window.animationDuration = 0.1 hs.window.animationDuration = 0
dofile(hs.spoons.resourcePath("worklayout.lua"))() dofile(hs.spoons.resourcePath("worklayout.lua"))()
-- bind hotkey -- bind hotkey
hs.hotkey.bind({ "alt", "ctrl", "cmd" }, "n", function() hs.hotkey.bind({ "alt", "ctrl", "cmd" }, "n", function()
@ -56,7 +56,7 @@ function obj:init()
local frame = win:frame() local frame = win:frame()
-- maximize if possible -- maximize if possible
local max = win:screen():fullFrame() local max = win:screen():fullFrame()
frame.x = (max.x * 2 + max.w) / 2 frame.x = max.w / 2
frame.y = max.y frame.y = max.y
frame.w = max.w / 2 frame.w = max.w / 2
frame.h = max.h frame.h = max.h

1
modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
View File

@ -51,7 +51,6 @@ local function worklayout()
local laptop = { local laptop = {
{ "Firefox", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true }, { "Firefox", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
{ "Obsidian", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true }, { "Obsidian", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
{ "Calendar", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
} }
local layout = concat(left, right, laptop) local layout = concat(left, right, laptop)
hs.layout.apply(layout) hs.layout.apply(layout)

2
modules/darwin/hammerspoon/init.lua
View File

@ -1,5 +1,5 @@
hs.ipc.cliInstall() -- Install Hammerspoon CLI program
hs.loadSpoon("ControlEscape"):start() -- Load Hammerspoon bits from https://github.com/jasonrudolph/ControlEscape.spoon hs.loadSpoon("ControlEscape"):start() -- Load Hammerspoon bits from https://github.com/jasonrudolph/ControlEscape.spoon
hs.loadSpoon("Launcher"):init() hs.loadSpoon("Launcher"):init()
hs.loadSpoon("DismissAlerts"):init() hs.loadSpoon("DismissAlerts"):init()
hs.loadSpoon("MoveWindow"):init() hs.loadSpoon("MoveWindow"):init()
hs.ipc.cliInstall() -- Install Hammerspoon CLI program

24
modules/darwin/homebrew.nix
View File

@ -8,15 +8,11 @@
if ! xcode-select --version 2>/dev/null; then if ! xcode-select --version 2>/dev/null; then
$DRY_RUN_CMD xcode-select --install $DRY_RUN_CMD xcode-select --install
fi fi
if ! /opt/homebrew/bin/brew --version 2>/dev/null; then if ! /usr/local/bin/brew --version 2>/dev/null; then
$DRY_RUN_CMD /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" $DRY_RUN_CMD /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
fi fi
''; '';
# Add homebrew paths to CLI path
home-manager.users.${config.user}.home.sessionPath =
[ "/opt/homebrew/bin/" ];
homebrew = { homebrew = {
enable = true; enable = true;
onActivation = { onActivation = {
@ -28,19 +24,25 @@
brewfile = true; # Run brew bundle from anywhere brewfile = true; # Run brew bundle from anywhere
lockfiles = false; # Don't save lockfile (since running from anywhere) lockfiles = false; # Don't save lockfile (since running from anywhere)
}; };
taps = [
"homebrew/cask" # Required for casks
"homebrew/cask-drivers" # Used for Logitech G-Hub
];
brews = [ brews = [
"trash" # Delete files and folders to trash instead of rm "trash" # Delete files and folders to trash instead of rm
"openjdk" # Required by Apache Directory Studio
]; ];
casks = [ casks = [
"1password" # 1Password will not launch from Nix on macOS "1password" # 1Password packaging on Nix is broken for macOS
# "gitify" # Git notifications in menu bar (downgrade manually from 4.6.1) "apache-directory-studio" # Packaging on Nix is not available for macOS
"gitify" # Git notifications in menu bar
"keybase" # GUI on Nix not available for macOS "keybase" # GUI on Nix not available for macOS
# "logitech-g-hub" # Mouse and keyboard management "logitech-g-hub" # Mouse and keyboard management
"logitune" # Logitech webcam firmware
"meetingbar" # Show meetings in menu bar "meetingbar" # Show meetings in menu bar
"obsidian" # Obsidian packaging on Nix is not available for macOS
"scroll-reverser" # Different scroll style for mouse vs. trackpad "scroll-reverser" # Different scroll style for mouse vs. trackpad
# "steam" # Not packaged for Nix "steam" # Not packaged for Nix
# "epic-games" # Not packaged for Nix "epic-games" # Not packaged for Nix
]; ];
}; };

1
modules/darwin/kitty.nix
View File

@ -3,6 +3,7 @@
# MacOS-specific settings for Kitty # MacOS-specific settings for Kitty
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin { home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
programs.kitty = { programs.kitty = {
darwinLaunchOptions = [ "--start-as=fullscreen" ];
font.size = lib.mkForce 20; font.size = lib.mkForce 20;
settings = { settings = {
shell = "/run/current-system/sw/bin/fish"; shell = "/run/current-system/sw/bin/fish";

2
modules/darwin/networking.nix
View File

@ -2,7 +2,7 @@
config = lib.mkIf pkgs.stdenv.isDarwin { config = lib.mkIf pkgs.stdenv.isDarwin {
networking = { networking = {
computerName = config.networking.hostName; computerName = "${config.fullName}'\\''s Mac";
# Adjust if necessary # Adjust if necessary
# hostName = ""; # hostName = "";
}; };

125
modules/darwin/system.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { { pkgs, lib, ... }: {
config = lib.mkIf pkgs.stdenv.isDarwin { config = lib.mkIf pkgs.stdenv.isDarwin {
@ -34,8 +34,8 @@
# Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs) # Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)
AppleKeyboardUIMode = 3; AppleKeyboardUIMode = 3;
# Only hide menu bar in fullscreen # Automatically show and hide the menu bar
_HIHideMenuBar = false; _HIHideMenuBar = true;
# Expand save panel by default # Expand save panel by default
NSNavPanelExpandedStateForSaveMode = true; NSNavPanelExpandedStateForSaveMode = true;
@ -88,21 +88,6 @@
orientation = "bottom"; orientation = "bottom";
show-recents = false; show-recents = false;
tilesize = 44; tilesize = 44;
persistent-apps = [
"/Applications/1Password.app"
"${pkgs.slack}/Applications/Slack.app"
"/System/Applications/Calendar.app"
"${pkgs.firefox-bin}/Applications/Firefox.app"
"/System/Applications/Messages.app"
"/System/Applications/Mail.app"
"/Applications/zoom.us.app"
"${pkgs.discord}/Applications/Discord.app"
"${pkgs.obsidian}/Applications/Obsidian.app"
"${pkgs.kitty}/Applications/kitty.app"
"/System/Applications/System Settings.app"
];
}; };
finder = { finder = {
@ -127,67 +112,41 @@
# Disable trackpad tap to click # Disable trackpad tap to click
trackpad.Clicking = false; trackpad.Clicking = false;
# universalaccess = {
# # Zoom in with Control + Scroll Wheel
# closeViewScrollWheelToggle = true;
# closeViewZoomFollowsFocus = true;
# };
# Where to save screenshots # Where to save screenshots
screencapture.location = "~/Downloads"; screencapture.location = "~/Downloads";
CustomUserPreferences = {
# Disable disk image verification
"com.apple.frameworks.diskimages" = {
skip-verify = true;
skip-verify-locked = true;
skip-verify-remote = true;
};
# Avoid creating .DS_Store files on network or USB volumes
"com.apple.desktopservices" = {
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.dock" = {
magnification = true;
largesize = 48;
};
# Require password immediately after screen saver begins
"com.apple.screensaver" = {
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.finder" = {
# Disable the warning before emptying the Trash
WarnOnEmptyTrash = false;
# Finder search in current folder by default
FXDefaultSearchScope = "SCcf";
# Default Finder window set to column view
FXPreferredViewStyle = "clmv";
};
"leits.MeetingBar" = {
eventTimeFormat = ''"show"'';
eventTitleFormat = ''"none"'';
eventTitleIconFormat = ''"iconCalendar"'';
slackBrowser =
''{"deletable":true,"arguments":"","name":"Slack","path":""}'';
zoomBrowser =
''{"deletable":true,"arguments":"","name":"Zoom","path":""}'';
KeyboardShortcuts_joinEventShortcut =
''{"carbonModifiers":6400,"carbonKeyCode":38}'';
timeFormat = ''"12-hour"'';
};
};
CustomSystemPreferences = {
};
}; };
# Settings that don't have an option in nix-darwin # Settings that don't have an option in nix-darwin
activationScripts.postActivation.text = '' activationScripts.postActivation.text = ''
echo "Disable disk image verification"
defaults write com.apple.frameworks.diskimages skip-verify -bool true
defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true
defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true
echo "Avoid creating .DS_Store files on network volumes"
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
echo "Disable the warning before emptying the Trash"
defaults write com.apple.finder WarnOnEmptyTrash -bool false
echo "Require password immediately after sleep or screen saver begins"
defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0
echo "Allow apps from anywhere" echo "Allow apps from anywhere"
SPCTL=$(spctl --status) SPCTL=$(spctl --status)
if ! [ "$SPCTL" = "assessments disabled" ]; then if ! [ "$SPCTL" = "assessments disabled" ]; then
sudo spctl --master-disable sudo spctl --master-disable
fi fi
''; '';
# User-level settings # User-level settings
@ -195,9 +154,35 @@
echo "Show the ~/Library folder" echo "Show the ~/Library folder"
chflags nohidden ~/Library chflags nohidden ~/Library
echo "Reduce Menu Bar padding" echo "Enable dock magnification"
defaults write -globalDomain NSStatusItemSelectionPadding -int 6 defaults write com.apple.dock magnification -bool true
defaults write -globalDomain NSStatusItemSpacing -int 6
echo "Set dock magnification size"
defaults write com.apple.dock largesize -int 48
echo "Define dock icon function"
__dock_item() {
printf "%s%s%s%s%s" \
"<dict><key>tile-data</key><dict><key>file-data</key><dict>" \
"<key>_CFURLString</key><string>" \
"$1" \
"</string><key>_CFURLStringType</key><integer>0</integer>" \
"</dict></dict></dict>"
}
echo "Choose and order dock icons"
defaults write com.apple.dock persistent-apps -array \
"$(__dock_item /Applications/1Password.app)" \
"$(__dock_item ${pkgs.slack}/Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
"$(__dock_item ${pkgs.firefox-bin}/Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
"$(__dock_item ${pkgs.discord}/Applications/Discord.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
"$(__dock_item ${pkgs.kitty}/Applications/kitty.app)" \
"$(__dock_item /System/Applications/System\ Settings.app)"
''; '';
}; };

14
modules/darwin/user.nix
View File

@ -9,19 +9,13 @@
}; };
# Used for aerc
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.sessionVariables = {
# Default shell setting doesn't work XDG_CONFIG_HOME = "${config.homePath}/.config";
home.sessionVariables = { SHELL = "${pkgs.fish}/bin/fish"; }; };
# Used for aerc
xdg.enable = true;
}; };
# Fix for: 'Error: HOME is set to "/var/root" but we expect "/var/empty"'
home-manager.users.root.home.homeDirectory = lib.mkForce "/var/root";
}; };
} }

10
modules/darwin/utilities.nix
View File

@ -2,24 +2,20 @@
{ {
unfreePackages = [ "consul" "vault-bin" ];
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin { home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
home.packages = with pkgs; [ home.packages = with pkgs; [
visidata # CSV inspector # visidata # CSV inspector
dos2unix # Convert Windows text files dos2unix # Convert Windows text files
inetutils # Includes telnet inetutils # Includes telnet
youtube-dl # Convert web videos youtube-dl # Convert web videos
pandoc # Convert text documents pandoc # Convert text documents
mpd # TUI slideshows mpd # TUI slideshows
mpv # Video player
gnupg # Encryption
awscli2 awscli2
ssm-session-manager-plugin
awslogs awslogs
google-cloud-sdk google-cloud-sdk
vault-bin ansible
vault
consul consul
noti # Create notifications programmatically noti # Create notifications programmatically
ipcalc # Make IP network calculations ipcalc # Make IP network calculations

11
modules/nixos/applications/nautilus.nix
View File

@ -36,12 +36,23 @@
# Set Nautilus as default for opening directories # Set Nautilus as default for opening directories
xdg.mimeApps = { xdg.mimeApps = {
associations.added."inode/directory" = [ "org.gnome.Nautilus.desktop" ]; associations.added."inode/directory" = [ "org.gnome.Nautilus.desktop" ];
# associations.removed = {
# "inode/directory" = [ "kitty-open.desktop" ];
# };
defaultApplications."inode/directory" = defaultApplications."inode/directory" =
lib.mkBefore [ "org.gnome.Nautilus.desktop" ]; lib.mkBefore [ "org.gnome.Nautilus.desktop" ];
}; };
}; };
# # Set default for opening directories
# xdg.mime = {
# addedAssociations."inode/directory" = [ "org.gnome.Nautilus.desktop" ];
# removedAssociations = { "inode/directory" = [ "kitty-open.desktop" ]; };
# defaultApplications."inode/directory" =
# lib.mkForce [ "org.gnome.Nautilus.desktop" ];
# };
# Delete Trash files older than 1 week # Delete Trash files older than 1 week
systemd.user.services.empty-trash = { systemd.user.services.empty-trash = {
description = "Empty Trash on a regular basis"; description = "Empty Trash on a regular basis";

13
modules/nixos/gaming/steam.nix
View File

@ -9,14 +9,6 @@
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
package = pkgs.steam.override {
# Adapted in part from: https://github.com/Shawn8901/nix-configuration/blob/1c48be94238a9f463cf0bbd1e1842a4454286514/modules/nixos/steam-compat-tools/default.nix
# Based on: https://github.com/NixOS/nixpkgs/issues/73323
extraEnv = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS =
lib.makeBinPath [ pkgs.proton-ge-custom ];
};
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -30,6 +22,11 @@
]; ];
# Adapted in part from: https://github.com/Shawn8901/nix-configuration/blob/1c48be94238a9f463cf0bbd1e1842a4454286514/modules/nixos/steam-compat-tools/default.nix
# Based on: https://github.com/NixOS/nixpkgs/issues/73323
environment.sessionVariables.STEAM_EXTRA_COMPAT_TOOLS_PATHS =
lib.makeBinPath [ pkgs.proton-ge-custom ];
# Seems like NetworkManager can help speed up Steam launch # Seems like NetworkManager can help speed up Steam launch
# https://www.reddit.com/r/archlinux/comments/qguhco/steam_startup_time_arch_1451_seconds_fedora_34/hi8opet/ # https://www.reddit.com/r/archlinux/comments/qguhco/steam_startup_time_arch_1451_seconds_fedora_34/hi8opet/
networking.networkmanager.enable = true; networking.networkmanager.enable = true;

10
modules/nixos/graphical/i3.nix
View File

@ -95,15 +95,13 @@ in {
# Adjust screen brightness # Adjust screen brightness
"Shift+F12" = "Shift+F12" =
# Disable dynamic sleep "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
# https://github.com/rockowitz/ddcutil/issues/323
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30";
"Shift+F11" = "Shift+F11" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30"; "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
"XF86MonBrightnessUp" = "XF86MonBrightnessUp" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30"; "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
"XF86MonBrightnessDown" = "XF86MonBrightnessDown" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30"; "exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
# Media player controls # Media player controls
"XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";

13
modules/nixos/graphical/polybar.nix
View File

@ -36,7 +36,7 @@
module-margin = 1; module-margin = 1;
modules-left = "i3"; modules-left = "i3";
modules-center = "xwindow"; modules-center = "xwindow";
modules-right = "mailcount network pulseaudio date keyboard power"; modules-right = "mailcount network pulseaudio date power";
cursor-click = "pointer"; cursor-click = "pointer";
cursor-scroll = "ns-resize"; cursor-scroll = "ns-resize";
enable-ipc = true; enable-ipc = true;
@ -141,7 +141,7 @@
format-volume = "<ramp-volume> <label-volume>"; format-volume = "<ramp-volume> <label-volume>";
# format-volume-background = colors.background; # format-volume-background = colors.background;
# label-volume-background = colors.background; # label-volume-background = colors.background;
format-volume-foreground = config.theme.colors.base04; format-volume-foreground = config.theme.colors.base0B;
label-volume = "%percentage%%"; label-volume = "%percentage%%";
label-muted = "󰝟 ---"; label-muted = "󰝟 ---";
label-muted-foreground = config.theme.colors.base03; label-muted-foreground = config.theme.colors.base03;
@ -197,20 +197,13 @@
date = "%d %b %l:%M %p"; date = "%d %b %l:%M %p";
date-alt = "%Y-%m-%d %H:%M:%S"; date-alt = "%Y-%m-%d %H:%M:%S";
label = "%date%"; label = "%date%";
label-foreground = config.theme.colors.base06; label-foreground = config.theme.colors.base0A;
# format-background = colors.background; # format-background = colors.background;
}; };
"module/keyboard" = {
type = "custom/text";
content = "󰌌";
click-left = "doas systemctl restart keyd";
content-foreground = config.theme.colors.base04;
};
"module/power" = { "module/power" = {
type = "custom/text"; type = "custom/text";
content = " "; content = " ";
click-left = config.powerCommand; click-left = config.powerCommand;
click-right = "polybar-msg cmd restart";
content-foreground = config.theme.colors.base04; content-foreground = config.theme.colors.base04;
}; };
"settings" = { "settings" = {

7
modules/nixos/graphical/rofi/brightness.nix
View File

@ -28,18 +28,17 @@ in {
-sep ';' \ -sep ';' \
-selected-row 1) -selected-row 1)
case "$chosen" in case "$chosen" in
"$dimmer") "$dimmer")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 25 ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 25
;; ;;
"$medium") "$medium")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 75 ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 75
;; ;;
"$brighter") "$brighter")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 100 ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 100
;; ;;
*) exit 1 ;; *) exit 1 ;;

12
modules/nixos/graphical/rofi/power.nix
View File

@ -31,17 +31,15 @@ in {
-sep ';' \ -sep ';' \
-selected-row 2) -selected-row 2)
confirm () {
${builtins.readFile ./rofi-prompt.sh}
}
case "$chosen" in case "$chosen" in
"$power_off") "$power_off")
confirm 'Shutdown?' && doas shutdown now ${
builtins.toString ./rofi-prompt.sh
} 'Shutdown?' && doas shutdown now
;; ;;
"$reboot") "$reboot")
confirm 'Reboot?' && doas reboot ${builtins.toString ./rofi-prompt.sh} 'Reboot?' && doas reboot
;; ;;
"$lock") "$lock")
@ -53,7 +51,7 @@ in {
;; ;;
"$log_out") "$log_out")
confirm 'Logout?' && i3-msg exit ${builtins.toString ./rofi-prompt.sh} 'Logout?' && i3-msg exit
;; ;;
*) exit 1 ;; *) exit 1 ;;

4
modules/nixos/graphical/rofi/rofi-prompt.sh
View File

@ -42,6 +42,6 @@ chosen=$(printf '%s;%s\n' "$yes" "$no" |
-selected-row 1) -selected-row 1)
case "$chosen" in case "$chosen" in
"$yes") return 0 ;; "$yes") exit 0 ;;
*) return 1 ;; *) exit 1 ;;
esac esac

2
modules/nixos/hardware/boot.nix
View File

@ -27,7 +27,7 @@
if keystatus --shift ; then if keystatus --shift ; then
set timeout=-1 set timeout=-1
else else
set timeout=3 set timeout=0
fi fi
''; '';
}; };

19
modules/nixos/hardware/iso.nix
View File

@ -1,19 +0,0 @@
{ config, lib, modulesPath, ... }:
{
# options.iso.enable = lib.mkEnableOption "Enable creating as an ISO.";
#
# imports = [ "${toString modulesPath}/installer/cd-dvd/iso-image.nix" ];
# config = lib.mkIf config.iso.enable {
#
# # EFI booting
# isoImage.makeEfiBootable = true;
#
# # USB booting
# isoImage.makeUsbBootable = true;
#
# };
}

15
modules/nixos/hardware/keyboard.nix
View File

@ -1,10 +1,10 @@
{ config, pkgs, lib, ... }: { { config, pkgs, ... }: {
config = lib.mkIf config.physical { config = {
services.xserver = { services.xserver = {
xkb.layout = "us"; layout = "us";
# Keyboard responsiveness # Keyboard responsiveness
autoRepeatDelay = 250; autoRepeatDelay = 250;
@ -18,7 +18,14 @@
keyboards = { keyboards = {
default = { default = {
ids = [ "*" ]; ids = [ "*" ];
settings = { main = { capslock = "overload(control, esc)"; }; }; settings = {
main = { capslock = "overload(control, esc)"; };
# Fix: ctrl-click sends escape afterwards
# Suppresses escape if held for more than 500ms
# https://github.com/rvaiya/keyd/issues/424
global = { overload_tap_timeout = 500; };
};
}; };
}; };
}; };

2
modules/nixos/hardware/networking.nix
View File

@ -12,7 +12,7 @@
domainName = "local"; domainName = "local";
ipv6 = false; # Should work either way ipv6 = false; # Should work either way
# Resolve local hostnames using Avahi DNS # Resolve local hostnames using Avahi DNS
nssmdns4 = true; nssmdns = true;
publish = { publish = {
enable = true; enable = true;
addresses = true; addresses = true;

19
modules/nixos/services/arr.nix
View File

@ -2,7 +2,6 @@
let let
# This config specifies ports for Prometheus to scrape information
arrConfig = { arrConfig = {
radarr = { radarr = {
exportarrPort = "9707"; exportarrPort = "9707";
@ -42,8 +41,6 @@ in {
sabnzbd = { sabnzbd = {
enable = true; enable = true;
group = "media"; group = "media";
# The config file must be editable within the application
# It contains server configs and credentials
configFile = "/data/downloads/sabnzbd/sabnzbd.ini"; configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
}; };
sonarr = { sonarr = {
@ -56,23 +53,16 @@ in {
}; };
}; };
# Create a media group to be shared between services
users.groups.media = { }; users.groups.media = { };
# Give the human user access to the media group
users.users.${config.user}.extraGroups = [ "media" ]; users.users.${config.user}.extraGroups = [ "media" ];
# Allows media group to read/write the sabnzbd directory
users.users.sabnzbd.homeMode = "0770"; users.users.sabnzbd.homeMode = "0770";
unfreePackages = [ "unrar" ]; # Required as a dependency for sabnzbd unfreePackages = [ "unrar" ]; # Required for sabnzbd
# Requires updating the base_url config value in each service # Requires updating the base_url config value in each service
# If you try to rewrite the URL, the service won't redirect properly # If you try to rewrite the URL, the service won't redirect properly
caddy.routes = [ caddy.routes = [
{ {
# Group means that routes with the same name are mutually exclusive,
# so they are split between the appropriate services.
group = "download"; group = "download";
match = [{ match = [{
host = [ config.hostnames.download ]; host = [ config.hostnames.download ];
@ -80,7 +70,6 @@ in {
}]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
# We're able to reference the url and port of the service dynamically
upstreams = [{ dial = arrConfig.sonarr.url; }]; upstreams = [{ dial = arrConfig.sonarr.url; }];
}]; }];
} }
@ -103,7 +92,6 @@ in {
}]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
# Prowlarr doesn't offer a dynamic config, so we have to hardcode it
upstreams = [{ dial = "localhost:9696"; }]; upstreams = [{ dial = "localhost:9696"; }];
}]; }];
} }
@ -116,7 +104,6 @@ in {
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ upstreams = [{
# Bazarr only dynamically sets the port, not the host
dial = "localhost:${ dial = "localhost:${
builtins.toString config.services.bazarr.listenPort builtins.toString config.services.bazarr.listenPort
}"; }";
@ -158,12 +145,10 @@ in {
Type = "simple"; Type = "simple";
DynamicUser = true; DynamicUser = true;
ExecStart = let ExecStart = let
# Sabnzbd doesn't accept the URI path, unlike the others
url = if name != "sabnzbd" then url = if name != "sabnzbd" then
"http://${attrs.url}/${name}" "http://${attrs.url}/${name}"
else else
"http://${attrs.url}"; "http://${attrs.url}";
# Exportarr is trained to pull from the arr services
in '' in ''
${pkgs.exportarr}/bin/exportarr ${name} \ ${pkgs.exportarr}/bin/exportarr ${name} \
--url ${url} \ --url ${url} \
@ -212,7 +197,7 @@ in {
prefix = "API_KEY="; prefix = "API_KEY=";
}; };
# Prometheus scrape targets (expose Exportarr to Prometheus) # Prometheus scrape targets
prometheus.scrapeTargets = map (key: prometheus.scrapeTargets = map (key:
"127.0.0.1:${ "127.0.0.1:${
lib.attrsets.getAttrFromPath [ key "exportarrPort" ] arrConfig lib.attrsets.getAttrFromPath [ key "exportarrPort" ] arrConfig

3
modules/nixos/services/backups.nix
View File

@ -1,6 +1,3 @@
# This is my setup for backing up SQlite databases and other systems to S3 or
# S3-equivalent services (like Backblaze B2).
{ config, lib, ... }: { { config, lib, ... }: {
options = { options = {

16
modules/nixos/services/bind.nix
View File

@ -1,10 +1,3 @@
# Bind is a DNS service. This allows me to resolve public domains locally so
# when I'm at home, I don't have to travel over the Internet to reach my
# server.
# To set this on all home machines, I point my router's DNS resolver to the
# local IP address of the machine running this service (swan).
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
@ -23,19 +16,11 @@ in {
config = lib.mkIf config.services.bind.enable { config = lib.mkIf config.services.bind.enable {
# Normally I block all requests not coming from Cloudflare, so I have to also
# allow my local network.
caddy.cidrAllowlist = [ "192.168.0.0/16" ]; caddy.cidrAllowlist = [ "192.168.0.0/16" ];
services.bind = { services.bind = {
# Allow requests coming from these IPs. This way I don't somehow get
# spammed with DNS requests coming from the Internet.
cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ]; cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];
# When making normal DNS requests, forward them to Cloudflare to resolve.
forwarders = [ "1.1.1.1" "1.0.0.1" ]; forwarders = [ "1.1.1.1" "1.0.0.1" ];
ipv4Only = true; ipv4Only = true;
# Use rpz zone as an override # Use rpz zone as an override
@ -62,7 +47,6 @@ in {
}; };
# We must allow DNS traffic to hit our machine as well
networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ];

28
modules/nixos/services/caddy.nix
View File

@ -1,14 +1,3 @@
# Caddy is a reverse proxy, like Nginx or Traefik. This creates an ingress
# point from my local network or the public (via Cloudflare). Instead of a
# Caddyfile, I'm using the more expressive JSON config file format. This means
# I can source routes from other areas in my config and build the JSON file
# using the result of the expression.
# Caddy helpfully provides automatic ACME cert generation and management, but
# it requires a form of validation. We are using a custom build of Caddy
# (compiled with an overlay) to insert a plugin for managing DNS validation
# with Cloudflare's DNS API.
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options = { options = {
@ -53,17 +42,12 @@
configFile = pkgs.writeText "Caddyfile" (builtins.toJSON { configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
apps.http.servers.main = { apps.http.servers.main = {
listen = [ ":443" ]; listen = [ ":443" ];
# These routes are pulled from the rest of this repo
routes = config.caddy.routes; routes = config.caddy.routes;
errors.routes = config.caddy.blocks; errors.routes = config.caddy.blocks;
logs = { }; # Uncomment to collect access logs
logs = { }; # Uncommenting collects access logs
}; };
apps.http.servers.metrics = { }; # Enables Prometheus metrics apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies; apps.tls.automation.policies = config.caddy.tlsPolicies;
# Setup logging to file
logging.logs.main = { logging.logs.main = {
encoder = { format = "console"; }; encoder = { format = "console"; };
writer = { writer = {
@ -74,23 +58,13 @@
}; };
level = "INFO"; level = "INFO";
}; };
}); });
}; };
# Allows Caddy to serve lower ports (443, 80)
systemd.services.caddy.serviceConfig.AmbientCapabilities =
"CAP_NET_BIND_SERVICE";
# Required for web traffic to reach this machine
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
# HTTP/3 QUIC uses UDP (not sure if being used)
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
# Caddy exposes Prometheus metrics with the admin API
# https://caddyserver.com/docs/api
prometheus.scrapeTargets = [ "127.0.0.1:2019" ]; prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
}; };

9
modules/nixos/services/calibre.nix
View File

@ -1,9 +1,3 @@
# Calibre-web is an E-Book library and management tool.
# - Exposed to the public via Caddy.
# - Hostname defined with config.hostnames.books
# - File directory backed up to S3 on a cron schedule.
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
@ -32,7 +26,6 @@ in {
}; };
}; };
# Allow web traffic to Caddy
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.hostnames.books ]; }]; match = [{ host = [ config.hostnames.books ]; }];
handle = [{ handle = [{
@ -42,8 +35,6 @@ in {
builtins.toString config.services.calibre-web.listen.port builtins.toString config.services.calibre-web.listen.port
}"; }";
}]; }];
# This is required when calibre-web is behind a reverse proxy
# https://github.com/janeczku/calibre-web/issues/19
headers.request.add."X-Script-Name" = [ "/calibre-web" ]; headers.request.add."X-Script-Name" = [ "/calibre-web" ];
}]; }];
}]; }];

16
modules/nixos/services/cloudflare-tunnel.nix
View File

@ -1,12 +1,3 @@
# Cloudflare Tunnel is a service for accessing the network even behind a
# firewall, through outbound-only requests. It works by installing an agent on
# our machines that exposes services through Cloudflare Access (Zero Trust),
# similar to something like Tailscale.
# In this case, we're using Cloudflare Tunnel to enable SSH access over a web
# browser even when outside of my network. This is probably not the safest
# choice but I feel comfortable enough with it anyway.
{ config, lib, ... }: { config, lib, ... }:
# First time setup: # First time setup:
@ -49,28 +40,23 @@
tunnels = { tunnels = {
"${config.cloudflareTunnel.id}" = { "${config.cloudflareTunnel.id}" = {
credentialsFile = config.secrets.cloudflared.dest; credentialsFile = config.secrets.cloudflared.dest;
# Catch-all if no match (should never happen anyway)
default = "http_status:404"; default = "http_status:404";
# Match from ingress of any valid server name to SSH access
ingress = { "*.masu.rs" = "ssh://localhost:22"; }; ingress = { "*.masu.rs" = "ssh://localhost:22"; };
}; };
}; };
}; };
# Grant Cloudflare access to SSH into this server
environment.etc = { environment.etc = {
"ssh/ca.pub".text = '' "ssh/ca.pub".text = ''
${config.cloudflareTunnel.ca} ${config.cloudflareTunnel.ca}
''; '';
# Must match the username portion of the email address in Cloudflare # Must match the username of the email address in Cloudflare Access
# Access
"ssh/authorized_principals".text = '' "ssh/authorized_principals".text = ''
${config.user} ${config.user}
''; '';
}; };
# Adjust SSH config to allow access from Cloudflare's certificate
services.openssh.extraConfig = '' services.openssh.extraConfig = ''
PubkeyAuthentication yes PubkeyAuthentication yes
TrustedUserCAKeys /etc/ssh/ca.pub TrustedUserCAKeys /etc/ssh/ca.pub

45
modules/nixos/services/cloudflare.nix
View File

@ -1,13 +1,5 @@
# This module is necessary for hosts that are serving through Cloudflare. # This module is necessary for hosts that are serving through Cloudflare.
# Cloudflare is a CDN service that is used to serve the domain names and
# caching for my websites and services. Since Cloudflare acts as our proxy, we
# must allow access over the Internet from Cloudflare's IP ranges.
# We also want to validate our HTTPS certificates from Caddy. We'll use Caddy's
# DNS validation plugin to connect to Cloudflare and automatically create
# validation DNS records for our generated certificates.
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
@ -60,53 +52,28 @@ in {
dns = { dns = {
provider = { provider = {
name = "cloudflare"; name = "cloudflare";
api_token = "{env.CLOUDFLARE_API_TOKEN}"; api_token = "{env.CF_API_TOKEN}";
}; };
resolvers = [ "1.1.1.1" ]; resolvers = [ "1.1.1.1" ];
}; };
}; };
}]; }];
}]; }];
# Allow Caddy to read Cloudflare API key for DNS validation
systemd.services.caddy.serviceConfig.EnvironmentFile = systemd.services.caddy.serviceConfig.EnvironmentFile =
config.secrets.cloudflare-api.dest; config.secrets.cloudflareApi.dest;
systemd.services.caddy.serviceConfig.AmbientCapabilities =
"CAP_NET_BIND_SERVICE";
# API key must have access to modify Cloudflare DNS records # API key must have access to modify Cloudflare DNS records
secrets.cloudflare-api = { secrets.cloudflareApi = {
source = ../../../private/cloudflare-api.age; source = ../../../private/cloudflare-api.age;
dest = "${config.secretsDirectory}/cloudflare-api"; dest = "${config.secretsDirectory}/cloudflare-api";
owner = "caddy"; owner = "caddy";
group = "caddy"; group = "caddy";
}; };
systemd.services.cloudflare-api-secret.postStop = ''
/run/current-system/sw/bin/systemctl restart caddy.service
/run/current-system/sw/bin/systemctl restart cloudflare-dyndns.service
'';
# Wait for secret to exist
systemd.services.caddy = {
after = [ "cloudflare-api-secret.service" ];
requires = [ "cloudflare-api-secret.service" ];
};
# Allows Nextcloud to trust Cloudflare IPs # Allows Nextcloud to trust Cloudflare IPs
services.nextcloud.settings.trusted_proxies = cloudflareIpRanges; services.nextcloud.config.trustedProxies = cloudflareIpRanges;
# Allows Transmission to trust Cloudflare IPs
services.transmission.settings.rpc-whitelist =
builtins.concatStringsSep "," ([ "127.0.0.1" ] ++ cloudflareIpRanges);
services.cloudflare-dyndns = {
enable = true;
proxied = true;
apiTokenFile = config.secrets.cloudflare-api.dest;
};
# Wait for secret to exist
systemd.services.cloudflare-dyndns = {
after = [ "cloudflare-api-secret.service" ];
requires = [ "cloudflare-api-secret.service" ];
};
}; };
} }

8
modules/nixos/services/default.nix
View File

@ -1,6 +1,3 @@
# This file imports all the other files in this directory for use as modules in
# my config.
{ ... }: { { ... }: {
imports = [ imports = [
@ -11,22 +8,17 @@
./calibre.nix ./calibre.nix
./cloudflare-tunnel.nix ./cloudflare-tunnel.nix
./cloudflare.nix ./cloudflare.nix
./identity.nix
./irc.nix
./gitea-runner.nix ./gitea-runner.nix
./gitea.nix ./gitea.nix
./gnupg.nix ./gnupg.nix
./grafana.nix ./grafana.nix
./honeypot.nix ./honeypot.nix
./influxdb2.nix
./jellyfin.nix ./jellyfin.nix
./keybase.nix ./keybase.nix
./mullvad.nix ./mullvad.nix
./n8n.nix ./n8n.nix
./netdata.nix ./netdata.nix
./nextcloud.nix ./nextcloud.nix
./paperless.nix
./postgresql.nix
./prometheus.nix ./prometheus.nix
./samba.nix ./samba.nix
./secrets.nix ./secrets.nix

6
modules/nixos/services/gitea-runner.nix
View File

@ -1,9 +1,3 @@
# Gitea Actions is a CI/CD service for the Gitea source code server, meaning it
# allows us to run code operations (such as testing or deploys) when our git
# repositories are updated. Any machine can act as a Gitea Action Runner, so
# the Runners don't necessarily need to be running Gitea. All we need is an API
# key for Gitea to connect to it and register ourselves as a Runner.
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {

21
modules/nixos/services/gitea.nix
View File

@ -11,21 +11,11 @@ in {
actions.ENABLED = true; actions.ENABLED = true;
metrics.ENABLED = true; metrics.ENABLED = true;
repository = { repository = {
# Pushing to a repo that doesn't exist automatically creates one as
# private.
DEFAULT_PUSH_CREATE_PRIVATE = true; DEFAULT_PUSH_CREATE_PRIVATE = true;
# Allow git over HTTP.
DISABLE_HTTP_GIT = false; DISABLE_HTTP_GIT = false;
# Allow requests hitting the specified hostname.
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git; ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
# Automatically create viable users/orgs on push.
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true; ENABLE_PUSH_CREATE_ORG = true;
# Default when creating new repos.
DEFAULT_BRANCH = "main"; DEFAULT_BRANCH = "main";
}; };
server = { server = {
@ -35,15 +25,11 @@ in {
SSH_PORT = 22; SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false; DISABLE_SSH = false;
# SSH_LISTEN_HOST = "0.0.0.0";
# SSH_LISTEN_PORT = 122;
}; };
# Don't allow public users to register accounts.
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
# Force using HTTPS for all session access.
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
# Hide users' emails.
ui.SHOW_USER_EMAIL = false; ui.SHOW_USER_EMAIL = false;
}; };
extraConfig = null; extraConfig = null;
@ -53,7 +39,6 @@ in {
users.users.${config.user}.extraGroups = [ "gitea" ]; users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [ caddy.routes = [
# Prevent public access to Prometheus metrics.
{ {
match = [{ match = [{
host = [ config.hostnames.git ]; host = [ config.hostnames.git ];
@ -64,7 +49,6 @@ in {
status_code = "403"; status_code = "403";
}]; }];
} }
# Allow access to primary server.
{ {
match = [{ host = [ config.hostnames.git ]; }]; match = [{ host = [ config.hostnames.git ]; }];
handle = [{ handle = [{
@ -79,7 +63,6 @@ in {
} }
]; ];
# Scrape the metrics endpoint for Prometheus.
prometheus.scrapeTargets = [ prometheus.scrapeTargets = [
"127.0.0.1:${ "127.0.0.1:${
builtins.toString config.services.gitea.settings.server.HTTP_PORT builtins.toString config.services.gitea.settings.server.HTTP_PORT

2
modules/nixos/services/gnupg.nix
View File

@ -1,5 +1,3 @@
# GPG is an encryption tool. This isn't really in use for me at the moment.
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options.gpg.enable = lib.mkEnableOption "GnuPG encryption."; options.gpg.enable = lib.mkEnableOption "GnuPG encryption.";

2
modules/nixos/services/grafana.nix
View File

@ -7,7 +7,6 @@ in {
config = lib.mkIf config.services.grafana.enable { config = lib.mkIf config.services.grafana.enable {
# Allow Grafana to connect to email service
secrets.mailpass-grafana = { secrets.mailpass-grafana = {
source = ../../../private/mailpass-grafana.age; source = ../../../private/mailpass-grafana.age;
dest = "${config.secretsDirectory}/mailpass-grafana"; dest = "${config.secretsDirectory}/mailpass-grafana";
@ -50,7 +49,6 @@ in {
dashboards.settings.providers = [{ dashboards.settings.providers = [{
name = "test"; name = "test";
type = "file"; type = "file";
allowUiUpdates = true;
options.path = "${ options.path = "${
(pkgs.writeTextDir "dashboards/dashboard.json" (builtins.toJSON { (pkgs.writeTextDir "dashboards/dashboard.json" (builtins.toJSON {
annotations = { annotations = {

5
modules/nixos/services/honeypot.nix
View File

@ -1,10 +1,7 @@
# This is a tool for blocking IPs of anyone who attempts to scan all of my { config, lib, pkgs, ... }:
# ports.
# Currently has some issues that don't make this viable. # Currently has some issues that don't make this viable.
{ config, lib, pkgs, ... }:
# Taken from: # Taken from:
# https://dataswamp.org/~solene/2022-09-29-iblock-implemented-in-nixos.html # https://dataswamp.org/~solene/2022-09-29-iblock-implemented-in-nixos.html

19
modules/nixos/services/identity.nix
View File

@ -1,19 +0,0 @@
{ config, ... }: {
# Wait for secret to be placed on the machine
systemd.services.wait-for-identity = {
description = "Wait until identity file exists on the machine";
wantedBy = [ "multi-user.target" ];
serviceConfig = { Type = "oneshot"; };
script = ''
for i in $(seq 1 10); do
if [ -f ${config.identityFile} ]; then
echo "Identity file found."
exit 0
fi
sleep 6
done
'';
};
}

61
modules/nixos/services/influxdb2.nix
View File

@ -1,61 +0,0 @@
# InfluxDB is a timeseries database similar to Prometheus. While
# VictoriaMetrics can also act as an InfluxDB, this version of it allows for
# infinite retention separate from our other metrics, which can be nice for
# recording health information, for example.
{ config, lib, ... }: {
config = {
services.influxdb2 = {
provision = {
enable = true;
initialSetup = {
bucket = "default";
organization = "main";
passwordFile = config.secrets.influxdb2Password.dest;
retention = 0; # Keep data forever
tokenFile = config.secrets.influxdb2Token.dest;
username = "admin";
};
};
settings = { };
};
# Create credentials file for InfluxDB admin
secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable {
source = ../../../private/influxdb2-password.age;
dest = "${config.secretsDirectory}/influxdb2-password";
owner = "influxdb2";
group = "influxdb2";
permissions = "0440";
};
systemd.services.influxdb2Password-secret =
lib.mkIf config.services.influxdb2.enable {
requiredBy = [ "influxdb2.service" ];
before = [ "influxdb2.service" ];
};
secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable {
source = ../../../private/influxdb2-token.age;
dest = "${config.secretsDirectory}/influxdb2-token";
owner = "influxdb2";
group = "influxdb2";
permissions = "0440";
};
systemd.services.influxdb2Token-secret =
lib.mkIf config.services.influxdb2.enable {
requiredBy = [ "influxdb2.service" ];
before = [ "influxdb2.service" ];
};
caddy.routes = lib.mkIf config.services.influxdb2.enable [{
match = [{ host = [ config.hostnames.influxdb ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8086"; }];
}];
}];
};
}

32
modules/nixos/services/irc.nix
View File

@ -1,32 +0,0 @@
{ config, ... }: {
config = {
services.thelounge = {
public = false;
port = 9000;
extraConfig = {
reverseProxy = true;
maxHistory = 10000;
};
};
# Adding new users:
# nix shell nixpkgs#thelounge
# sudo su - thelounge -s /bin/sh -c "thelounge add myuser"
# Allow web traffic to Caddy
caddy.routes = [{
match = [{ host = [ config.hostnames.irc ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial =
"localhost:${builtins.toString config.services.thelounge.port}";
}];
}];
}];
};
}

8
modules/nixos/services/jellyfin.nix
View File

@ -1,6 +1,3 @@
# Jellyfin is a self-hosted video streaming service. This means I can play my
# server's videos from a webpage, mobile app, or TV client.
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
config = lib.mkIf config.services.jellyfin.enable { config = lib.mkIf config.services.jellyfin.enable {
@ -9,7 +6,6 @@
users.users.jellyfin = { isSystemUser = true; }; users.users.jellyfin = { isSystemUser = true; };
caddy.routes = [ caddy.routes = [
# Prevent public access to Prometheus metrics.
{ {
match = [{ match = [{
host = [ config.hostnames.stream ]; host = [ config.hostnames.stream ];
@ -20,7 +16,6 @@
status_code = "403"; status_code = "403";
}]; }];
} }
# Allow access to normal route.
{ {
match = [{ host = [ config.hostnames.stream ]; }]; match = [{ host = [ config.hostnames.stream ]; }];
handle = [{ handle = [{
@ -52,9 +47,6 @@
users.users.jellyfin.extraGroups = users.users.jellyfin.extraGroups =
[ "render" "video" ]; # Access to /dev/dri [ "render" "video" ]; # Access to /dev/dri
# Fix issue where Jellyfin-created directories don't allow access for media group
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml # Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
prometheus.scrapeTargets = [ "127.0.0.1:8096" ]; prometheus.scrapeTargets = [ "127.0.0.1:8096" ];

Some files were not shown because too many files have changed in this diff Show More