koishi/nixos
1
0
Fork 0
Code Issues Pull requests Projects Activity

chore: nix fmt

Browse source
This commit is contained in:
514fpv 2025-01-13 11:52:09 +08:00
parent a80bd4ed3b
commit 7266fff06e
Signed by: koishi
SSH key fingerprint: SHA256:axz0uIzzY+5W19i7QOUuiw5LSqhKfCBKPf3L4xFRxLw
128 changed files with 3402 additions and 2013 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
flake.nix
View file

@ -22,19 +22,24 @@
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
};
outputs = inputs@{self, flake-parts, treefmt-nix,...}:
flake-parts.lib.mkFlake
{ inherit inputs; } {
systems = [
"x86_64-linux"
];
outputs =
inputs@{
self,
flake-parts,
treefmt-nix,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
];
perSystem.treefmt = {
programs.nixfmt.enable = true;
perSystem.treefmt = {
programs.nixfmt.enable = true;
};
imports = [
./spec
treefmt-nix.flakeModule
];
};
imports = [
./spec
treefmt-nix.flakeModule
];
};
}

15
global/acme/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.acme;
in {
in
{
options.global.acme = {
enable = mkEnableOption "ACME SSL certificates";
};

15
global/android/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.android;
in {
in
{
options.global.android = {
enable = mkEnableOption "android tools";
};

15
global/asusd/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.asusd;
in {
in
{
options.global.asusd = {
enable = mkEnableOption "ASUS laptop userland support daemon";
};

30
global/auth/default.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.auth;
pub = lib.pipe ./pub [
builtins.readDir
@ -10,9 +14,12 @@
(foldr (payload: keys: (splitString "\n" payload) ++ keys) [ ])
(foldr (candidate: keys: keys ++ (if candidate == "" then [ ] else [ candidate ])) [ ])
];
in {
in
{
options.global.auth = {
enable = mkEnableOption "identity authentication in various software" // { default = true; };
enable = mkEnableOption "identity authentication in various software" // {
default = true;
};
openssh = {
enable = mkEnableOption "openssh server";
password = mkEnableOption "password authentication";
@ -42,10 +49,13 @@ in {
settings.PasswordAuthentication = cfg.openssh.password;
};
networking.firewall.allowedTCPPorts = [ 1300 ] ++ # utility port
optional (cfg.openssh.enable && (cfg.openssh.port != null)) cfg.openssh.port;
networking.firewall.allowedTCPPorts =
[ 1300 ]
# utility port
++ optional (cfg.openssh.enable && (cfg.openssh.port != null)) cfg.openssh.port;
environment.persistence."/nix/persist/fhs".directories = [ ] ++
optional cfg.openssh.enable "/etc/ssh";
environment.persistence."/nix/persist/fhs".directories =
[ ]
++ optional cfg.openssh.enable "/etc/ssh";
};
}

57
global/boot/default.nix
View file

@ -1,12 +1,21 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.boot;
in {
in
{
options.global.boot = {
enable = mkEnableOption "bootloader installation and maintenance" // { default = true; };
systemd-boot = mkEnableOption "generation selection via systemd-boot" // { default = !cfg.lanzaboote; };
enable = mkEnableOption "bootloader installation and maintenance" // {
default = true;
};
systemd-boot = mkEnableOption "generation selection via systemd-boot" // {
default = !cfg.lanzaboote;
};
lanzaboote = mkEnableOption "secure boot maintenance via lanzaboote";
memtest = mkOption {
type = with types; nullOr int;
@ -15,21 +24,23 @@ in {
};
};
config = let
sbPath = "/nix/persist/lanzaboote";
in mkIf cfg.enable {
boot = {
initrd.systemd.enable = true;
lanzaboote.enable = cfg.lanzaboote;
lanzaboote.pkiBundle = sbPath;
loader.systemd-boot.enable = cfg.systemd-boot;
loader.efi.canTouchEfiVariables = true;
tmp.cleanOnBoot = true;
kernelParams = optional (cfg.memtest != null) "memtest=${toString cfg.memtest}";
};
config =
let
sbPath = "/nix/persist/lanzaboote";
in
mkIf cfg.enable {
boot = {
initrd.systemd.enable = true;
lanzaboote.enable = cfg.lanzaboote;
lanzaboote.pkiBundle = sbPath;
loader.systemd-boot.enable = cfg.systemd-boot;
loader.efi.canTouchEfiVariables = true;
tmp.cleanOnBoot = true;
kernelParams = optional (cfg.memtest != null) "memtest=${toString cfg.memtest}";
};
# symlink for sbctl
environment.etc.secureboot.source = sbPath;
environment.systemPackages = [ pkgs.sbctl ];
};
# symlink for sbctl
environment.etc.secureboot.source = sbPath;
environment.systemPackages = [ pkgs.sbctl ];
};
}

3
global/default.nix
View file

@ -1,4 +1,5 @@
{ lib, ... }: {
{ lib, ... }:
{
imports = lib.pipe ./. [
builtins.readDir
(lib.filterAttrs (n: ty: ty == "directory" && builtins.pathExists ./${n}/default.nix))

20
global/flatpak/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.flatpak;
in {
in
{
options.global.flatpak = {
enable = mkEnableOption "flatpak sandbox";
};
@ -11,7 +16,10 @@ in {
config = mkIf cfg.enable {
services.flatpak.enable = true;
xdg.portal.enable = true;
users.home.persist.directories = [ ".local/share/flatpak" ".var" ];
users.home.persist.directories = [
".local/share/flatpak"
".var"
];
environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/flatpak" ];
};
}

24
global/fs/bcachefs.nix
View file

@ -1,20 +1,28 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs;
in {
in
{
options.global.fs.bcachefs = {
options = mkOption {
type = with types; listOf str;
default = [ "noatime" "compression=zstd" ];
default = [
"noatime"
"compression=zstd"
];
description = "bcachefs mount options";
};
};
config = mkIf (cfg.type == "bcachefs") {
fileSystems."/nix" =
{ inherit (cfg.bcachefs) options;
fileSystems."/nix" = {
inherit (cfg.bcachefs) options;
device = "/dev/disk/by-uuid/${cfg.store}";
fsType = "bcachefs";
};

80
global/fs/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs;
in {
in
{
imports = [
./ext4.nix
./f2fs.nix
@ -14,7 +19,15 @@ in {
options.global.fs = {
type = mkOption {
type = with types; enum [ "ext4" "f2fs" "xfs" "zfs" "bcachefs" ];
type =
with types;
enum [
"ext4"
"f2fs"
"xfs"
"zfs"
"bcachefs"
];
default = "bcachefs";
description = "filesystem type to use for persistent state storage";
};
@ -24,7 +37,9 @@ in {
description = "UUID/dataset of nix store backing device";
};
esp = {
enable = mkEnableOption "EFI system partition" // { default = true; };
enable = mkEnableOption "EFI system partition" // {
default = true;
};
uuid = mkOption {
type = with types; str;
default = "CAFE-BABE";
@ -53,8 +68,12 @@ in {
};
cryptsetup = {
enable = mkEnableOption "full disk encryption device early setup";
allowDiscards = mkEnableOption "allow discards via device-mapper" // { default = true; };
bypassWorkqueues = mkEnableOption "bypass dm-crypt's internal workqueues" // { default = true; };
allowDiscards = mkEnableOption "allow discards via device-mapper" // {
default = true;
};
bypassWorkqueues = mkEnableOption "bypass dm-crypt's internal workqueues" // {
default = true;
};
uuids = mkOption {
type = with types; attrsOf str;
description = "device-mapper name to encrypted block device UUID mapping";
@ -63,22 +82,25 @@ in {
};
config = {
fileSystems."/" =
{ device = "rootfs";
fileSystems."/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "size=2G" "mode=755" ];
options = [
"size=2G"
"mode=755"
];
};
fileSystems."/boot" = mkIf cfg.esp.enable
{ device = "/dev/disk/by-uuid/${cfg.esp.uuid}";
fileSystems."/boot" = mkIf cfg.esp.enable {
device = "/dev/disk/by-uuid/${cfg.esp.uuid}";
fsType = "vfat";
};
fileSystems."/nix/persist" = mkIf cfg.external.enable
{ inherit (cfg.external) device fsType options;
fileSystems."/nix/persist" = mkIf cfg.external.enable {
inherit (cfg.external) device fsType options;
neededForBoot = true;
depends = [ "/nix" ];
};
fileSystems."/tmp" =
{ device = "/nix/tmp";
fileSystems."/tmp" = {
device = "/nix/tmp";
options = [ "bind" ];
depends = [ "/nix/tmp" ];
};
@ -86,14 +108,20 @@ in {
services.fstrim.enable = mkIf ((cfg.type == "ext4") || (cfg.type == "xfs")) true;
boot.initrd.luks.devices = mkIf cfg.cryptsetup.enable (
mapAttrs' (name: uuid: nameValuePair "luks-${name}" {
inherit (cfg.cryptsetup) allowDiscards bypassWorkqueues;
device = "/dev/disk/by-uuid/${uuid}";
}) cfg.cryptsetup.uuids);
mapAttrs' (
name: uuid:
nameValuePair "luks-${name}" {
inherit (cfg.cryptsetup) allowDiscards bypassWorkqueues;
device = "/dev/disk/by-uuid/${uuid}";
}
) cfg.cryptsetup.uuids
);
environment.persistence."/nix/persist/fhs".files = [ {
file = "/var/lib/private/mode";
parentDirectory.mode = "0700";
} ];
environment.persistence."/nix/persist/fhs".files = [
{
file = "/var/lib/private/mode";
parentDirectory.mode = "0700";
}
];
};
}

17
global/fs/ext4.nix
View file

@ -1,10 +1,15 @@
{ lib
, config
, ... }: with lib; let
{
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs;
in mkIf (cfg.type == "ext4") {
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/${cfg.store}";
in
mkIf (cfg.type == "ext4") {
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cfg.store}";
fsType = "ext4";
options = [ "noatime" ];
};

17
global/fs/f2fs.nix
View file

@ -1,10 +1,15 @@
{ lib
, config
, ... }: with lib; let
{
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs;
in mkIf (cfg.type == "f2fs") {
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/${cfg.store}";
in
mkIf (cfg.type == "f2fs") {
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cfg.store}";
fsType = "f2fs";
};
}

17
global/fs/xfs.nix
View file

@ -1,11 +1,16 @@
{ lib
, config
, ... }: with lib; let
{
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs;
in mkIf (cfg.type == "xfs") {
in
mkIf (cfg.type == "xfs") {
# NOTE: -m reflink=1
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/${cfg.store}";
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/${cfg.store}";
fsType = "xfs";
options = [ "noatime" ];
};

15
global/fs/zfs/alert.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs.zfs.alert;
backend = {
@ -103,7 +107,8 @@
export ALERT
exec ${backend.text}
'';
in mkIf (cfg.secret != null) {
in
mkIf (cfg.secret != null) {
services.zfs.zed = mkIf cfg.zed {
settings = {
ZED_EMAIL_ADDR = [ "root" ];

61
global/fs/zfs/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs;
in {
in
{
imports = [
./alert.nix
./split.nix
@ -15,8 +20,12 @@ in {
# -O compression=on -O mountpoint=none -O xattr=sa -O acltype=posixacl
options.global.fs.zfs = {
alert = {
zed = mkEnableOption "zfs event alerts" // { default = true; };
swraid = mkEnableOption "software raid alerts" // { default = true; };
zed = mkEnableOption "zfs event alerts" // {
default = true;
};
swraid = mkEnableOption "software raid alerts" // {
default = true;
};
secret = mkOption {
type = with types; nullOr str;
default = null;
@ -68,7 +77,11 @@ in {
};
datasets = mkOption {
type = with types; listOf str;
default = [ "persist" "service" "storage" ];
default = [
"persist"
"service"
"storage"
];
description = "list of filesystems to perform replication for";
};
sendOptions = mkOption {
@ -80,19 +93,25 @@ in {
};
config = mkIf (cfg.type == "zfs") {
fileSystems = (mapAttrs (path: dataset: {
device = "${cfg.zfs.persist}/${dataset}";
fsType = "zfs";
options = [ "zfsutil" ];
# required by impermanence
neededForBoot = true;
}) cfg.zfs.mountpoints) // {
"/nix" = (if !cfg.zfs.externalStore then
{ device = "${cfg.store}/nix";
fsType = "zfs";
} else
{ inherit (cfg.external) device fsType options; });
};
fileSystems =
(mapAttrs (path: dataset: {
device = "${cfg.zfs.persist}/${dataset}";
fsType = "zfs";
options = [ "zfsutil" ];
# required by impermanence
neededForBoot = true;
}) cfg.zfs.mountpoints)
// {
"/nix" = (
if !cfg.zfs.externalStore then
{
device = "${cfg.store}/nix";
fsType = "zfs";
}
else
{ inherit (cfg.external) device fsType options; }
);
};
global.fs.zfs.mountpoints."/nix/persist" = "persist";
services.zfs.trim.enable = true;

33
global/fs/zfs/replication.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs.zfs.replication;
in mkIf cfg.enable {
in
mkIf cfg.enable {
services.syncoid = {
enable = mkDefault true;
interval = mkDefault "daily";
@ -16,12 +21,18 @@ in mkIf cfg.enable {
];
localSourceAllow = mkOptionDefault [ "mount" ];
commands = (lists.foldr (name: commands: commands // {
"${config.global.fs.store}/${name}" = {
inherit (cfg) sendOptions;
target = "${cfg.remote}/${name}";
};
}) { }) cfg.datasets;
commands =
(lists.foldr (
name: commands:
commands
// {
"${config.global.fs.store}/${name}" = {
inherit (cfg) sendOptions;
target = "${cfg.remote}/${name}";
};
}
) { })
cfg.datasets;
};
users.users.syncoid.uid = 82;

24
global/fs/zfs/split.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.fs.zfs.split;
in mkIf cfg.enable {
in
mkIf cfg.enable {
# unconditionally enable fstrim for xfs and ext4
services.fstrim.enable = mkDefault true;
@ -14,8 +19,8 @@ in mkIf cfg.enable {
'';
# secret filesystem backed by swraid
fileSystems."/nix/var/secret" =
{ device = "/dev/disk/by-uuid/${cfg.secret}";
fileSystems."/nix/var/secret" = {
device = "/dev/disk/by-uuid/${cfg.secret}";
fsType = "ext4";
options = [ "noatime" ];
neededForBoot = true;
@ -31,5 +36,8 @@ in mkIf cfg.enable {
};
# import system state pool after encrypted filesystems become available for key loading
boot.initrd.systemd.services."zfs-import-${config.global.fs.store}".after = [ "sysroot-nix-var-secret.mount" "cryptsetup.target" ];
boot.initrd.systemd.services."zfs-import-${config.global.fs.store}".after = [
"sysroot-nix-var-secret.mount"
"cryptsetup.target"
];
}

87
global/gpu/default.nix
View file

@ -1,13 +1,20 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.gpu;
intel = cfg.type == "intel" || (cfg.type == "prime" && config.hardware.nvidia.prime.intelBusId != "");
amdgpu = cfg.type == "amdgpu" || (cfg.type == "prime" && config.hardware.nvidia.prime.amdgpuBusId != "");
intel =
cfg.type == "intel" || (cfg.type == "prime" && config.hardware.nvidia.prime.intelBusId != "");
amdgpu =
cfg.type == "amdgpu" || (cfg.type == "prime" && config.hardware.nvidia.prime.amdgpuBusId != "");
nvidia = cfg.type == "nvidia" || cfg.type == "prime";
in {
in
{
imports = [
./plymouth.nix
./greetd.nix
@ -15,9 +22,18 @@ in {
options.global.gpu = {
enable = mkEnableOption "various setup required for GUI and support software";
session = mkEnableOption "software required for a graphical session" // { default = true; };
session = mkEnableOption "software required for a graphical session" // {
default = true;
};
type = mkOption {
type = with types; nullOr (enum [ "intel" "amdgpu" "nvidia" "prime" ]);
type =
with types;
nullOr (enum [
"intel"
"amdgpu"
"nvidia"
"prime"
]);
default = null;
description = "type of graphics acceleration used";
};
@ -34,21 +50,21 @@ in {
enable32Bit = true;
# https://nixos.wiki/wiki/Accelerated_Video_Playback
extraPackages = with pkgs; optionals intel [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime
] ++
optional nvidia nvidia-vaapi-driver ++
optional (cfg.type == "nvidia") vulkan-validation-layers;
extraPackages =
with pkgs;
optionals intel [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime
]
++ optional nvidia nvidia-vaapi-driver
++ optional (cfg.type == "nvidia") vulkan-validation-layers;
};
services.xserver = mkIf cfg.session {
videoDrivers =
optional nvidia "nvidia" ++
optional (cfg.type == "amdgpu") "amdgpu";
videoDrivers = optional nvidia "nvidia" ++ optional (cfg.type == "amdgpu") "amdgpu";
# inhibits default display manager
displayManager.startx.enable = mkDefault true;
@ -79,7 +95,14 @@ in {
specialisation.integratedGraphics = mkIf (cfg.type == "prime") {
configuration = {
global.gpu.type = mkForce (if intel then "intel" else if amdgpu then "amdgpu" else "prime");
global.gpu.type = mkForce (
if intel then
"intel"
else if amdgpu then
"amdgpu"
else
"prime"
);
boot.blacklistedKernelModules = [ "nouveau" ];
};
};
@ -92,10 +115,15 @@ in {
};
boot.initrd.kernelModules =
optional amdgpu "amdgpu" ++
optional (intel && cfg.arc == null) "i915" ++
optionals nvidia [ "nvidia" "nvidia_drm" "nvidia_modeset" "nvidia_uvm" ] ++
optional (cfg.arc != null) "vfio-pci";
optional amdgpu "amdgpu"
++ optional (intel && cfg.arc == null) "i915"
++ optionals nvidia [
"nvidia"
"nvidia_drm"
"nvidia_modeset"
"nvidia_uvm"
]
++ optional (cfg.arc != null) "vfio-pci";
boot.extraModulePackages = optional nvidia config.boot.kernelPackages.nvidia_x11;
@ -105,7 +133,10 @@ in {
'';
boot.kernelParams =
optional intel "i915.fastboot=1" ++
optionals nvidia [ "nvidia_drm.modeset=1" "nvidia_drm.fbdev=1" ];
optional intel "i915.fastboot=1"
++ optionals nvidia [
"nvidia_drm.modeset=1"
"nvidia_drm.fbdev=1"
];
};
}

22
global/gpu/greetd.nix
View file

@ -1,13 +1,23 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.gpu;
gui = with cfg; enable && session;
in mkIf gui {
in
mkIf gui {
programs.regreet = {
enable = mkDefault true;
cageArgs = [ "-s" "-d" "-m" "last" ];
cageArgs = [
"-s"
"-d"
"-m"
"last"
];
settings = {
background.path = mkDefault ../../share/54345906_p0.jpg;
background.fit = "Fill";

15
global/gpu/plymouth.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.gpu;
gui = with cfg; enable && session;
in mkIf gui {
in
mkIf gui {
boot = {
loader.timeout = mkDefault 0;
consoleLogLevel = 0;

15
global/id/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.id;
in {
in
{
options.global.id = mkOption {
type = with types; str;
description = "systemd machine id";

77
global/io/default.nix
View file

@ -1,26 +1,44 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.io;
gui = with config.global.gpu; enable && session;
in {
in
{
options.global.io = {
betaflight = mkEnableOption "betaflight udev rules" // { default = gui; };
bluetooth = mkEnableOption "bluetooth daemons and state persistence" // { default = gui; };
audio = mkEnableOption "pulseaudio server configuration" // { default = gui; };
betaflight = mkEnableOption "betaflight udev rules" // {
default = gui;
};
bluetooth = mkEnableOption "bluetooth daemons and state persistence" // {
default = gui;
};
audio = mkEnableOption "pulseaudio server configuration" // {
default = gui;
};
coredump = mkEnableOption "save coredumps handled by systemd";
};
config = {
services.udev.extraRules = ''
# ignore zvols
KERNEL=="zd*", ENV{UDISKS_IGNORE}="1"
'' + (if cfg.betaflight then ''
# DFU (Internal bootloader for STM32 and AT32 MCUs)
SUBSYSTEM=="usb", ATTRS{idVendor}=="2e3c", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
'' else "");
services.udev.extraRules =
''
# ignore zvols
KERNEL=="zd*", ENV{UDISKS_IGNORE}="1"
''
+ (
if cfg.betaflight then
''
# DFU (Internal bootloader for STM32 and AT32 MCUs)
SUBSYSTEM=="usb", ATTRS{idVendor}=="2e3c", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
''
else
""
);
networking.networkmanager.enable = mkDefault true;
networking.hosts = {
@ -43,20 +61,25 @@ in {
jack.enable = true;
};
security.pam.loginLimits = mkIf (!cfg.coredump) (singleton { domain = "*"; item = "core"; type = "hard"; value = "0"; });
security.pam.loginLimits = mkIf (!cfg.coredump) (singleton {
domain = "*";
item = "core";
type = "hard";
value = "0";
});
systemd.coredump.extraConfig = mkIf (!cfg.coredump) "Storage=none";
environment.persistence."/nix/persist/fhs".directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/backlight"
] ++
optional config.networking.networkmanager.enable "/etc/NetworkManager/system-connections" ++
optional cfg.bluetooth "/var/lib/bluetooth" ++
optional cfg.coredump "/var/lib/systemd/coredump";
environment.persistence."/nix/persist/fhs".directories =
[
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/backlight"
]
++ optional config.networking.networkmanager.enable "/etc/NetworkManager/system-connections"
++ optional cfg.bluetooth "/var/lib/bluetooth"
++ optional cfg.coredump "/var/lib/systemd/coredump";
environment.persistence."/nix/persist/fhs".hideMounts = true;
users.home.persist.directories = [ ] ++
optional cfg.audio ".local/state/wireplumber";
users.home.persist.directories = [ ] ++ optional cfg.audio ".local/state/wireplumber";
};
}

31
global/kernel/default.nix
View file

@ -1,15 +1,26 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.kernel;
in {
in
{
options.global.kernel = {
enable = mkEnableOption "kernel version and configuration" // { default = true; };
enable = mkEnableOption "kernel version and configuration" // {
default = true;
};
lts = mkEnableOption "longterm kernel releases";
sysctl = {
enable = mkEnableOption "sysctl presets" // { default = true; };
harden = mkEnableOption "hardening sysctls" // { default = true; };
enable = mkEnableOption "sysctl presets" // {
default = true;
};
harden = mkEnableOption "hardening sysctls" // {
default = true;
};
swappiness = mkOption {
type = with types; int;
default = 0;
@ -23,6 +34,8 @@ in {
"kernel.dmesg_restrict" = mkIf cfg.sysctl.harden 1;
"vm.swappiness" = cfg.sysctl.swappiness;
};
boot.kernelPackages = with pkgs; mkOverride 1001 (if cfg.lts then linuxPackages else linuxPackages_latest);
boot.kernelPackages =
with pkgs;
mkOverride 1001 (if cfg.lts then linuxPackages else linuxPackages_latest);
};
}

19
global/libvirt/default.nix
View file

@ -1,11 +1,18 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.libvirt;
in {
in
{
options.global.libvirt = {
enable = mkEnableOption "libvirt virtualisation daemon" // { default = true; };
enable = mkEnableOption "libvirt virtualisation daemon" // {
default = true;
};
};
config = mkIf cfg.enable {

25
global/lowmem/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.lowmem;
in {
in
{
options.global.lowmem = {
enable = mkEnableOption "low memory optimisations";
swapsize = mkOption {
@ -17,9 +22,11 @@ in {
# enables remote nixos-rebuild
nix.settings.trusted-users = [ "koishi" ];
swapDevices = [ {
device = "/nix/persist/secret/swap";
size = cfg.swapsize;
} ];
swapDevices = [
{
device = "/nix/persist/secret/swap";
size = cfg.swapsize;
}
];
};
}

15
global/netdata/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.netdata;
in {
in
{
options.global.netdata = {
enable = mkEnableOption "netdata";
host = mkOption {

15
global/oci/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.oci;
in {
in
{
options.global.oci = {
enable = mkEnableOption "oci container runtime";
};

30
global/virtualbox/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.global.virtualbox;
in {
in
{
options.global.virtualbox = {
enable = mkEnableOption "virtualbox host (kvm)";
};
@ -25,10 +30,15 @@ in {
".config/VirtualBox"
];
users.homeModules = [ {
wayland.windowManager.sway.config.window.commands = [
{ criteria.class = "VirtualBox Manager"; command = "floating enable"; }
];
} ];
users.homeModules = [
{
wayland.windowManager.sway.config.window.commands = [
{
criteria.class = "VirtualBox Manager";
command = "floating enable";
}
];
}
];
};
}

29
home/app/nixos.nix
View file

@ -1,16 +1,31 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.users;
in {
in
{
options.users.home.persistApp = {
files = mkOption {
type = with types; listOf (oneOf [ str (attrsOf str) ]);
type =
with types;
listOf (oneOf [
str
(attrsOf str)
]);
default = [ ];
};
directories = mkOption {
type = with types; listOf (oneOf [ str (attrsOf str) ]);
type =
with types;
listOf (oneOf [
str
(attrsOf str)
]);
default = [ ];
};
};

26
home/auth/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ...}: with lib; {
{
pkgs,
lib,
config,
...
}:
with lib;
{
# git signing configuration
programs.git = {
signing = {
@ -15,10 +19,11 @@
gpg = {
format = "ssh";
# compiled from trusted keys in auth module
ssh.allowedSignersFile = toString (pkgs.writeText
"allowed_signers" (foldr (key: folded:
folded + "koishi@514fpv.one ${key}\n") ""
config.passthrough.publicKeys));
ssh.allowedSignersFile = toString (
pkgs.writeText "allowed_signers" (
foldr (key: folded: folded + "koishi@514fpv.one ${key}\n") "" config.passthrough.publicKeys
)
);
};
};
};
@ -32,6 +37,9 @@
};
wayland.windowManager.sway.config.window.commands = mkIf config.passthrough.gui [
{ criteria.title = "Bitwarden"; command = "floating enable"; }
{
criteria.title = "Bitwarden";
command = "floating enable";
}
];
}

15
home/auth/nixos.nix
View file

@ -1,7 +1,12 @@
{ config
, ... }: {
{
config,
...
}:
{
# this module passes openssh public keys to home-manager
users.homeModules = [ {
passthrough.publicKeys = config.global.auth.openssh.publicKeys;
} ];
users.homeModules = [
{
passthrough.publicKeys = config.global.auth.openssh.publicKeys;
}
];
}

15
home/btop/home.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.btop;
in mkIf cfg.enable {
in
mkIf cfg.enable {
programs.btop = {
enable = true;
settings = {

19
home/btop/nixos.nix
View file

@ -1,11 +1,18 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.btop;
in {
in
{
options.home.btop = {
enable = mkEnableOption "btop" // { default = !config.home.util.minimal; };
enable = mkEnableOption "btop" // {
default = !config.home.util.minimal;
};
};
config = {

129
home/catppuccin/gui.nix
View file

@ -1,10 +1,17 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.catppuccin;
palette = (lib.importJSON "${config.catppuccin.sources.palette}/palette.json").${config.catppuccin.flavor}.colors;
in mkIf cfg.enable {
palette =
(lib.importJSON "${config.catppuccin.sources.palette}/palette.json")
.${config.catppuccin.flavor}.colors;
in
mkIf cfg.enable {
gtk.theme = { inherit (cfg.gtk) package name; };
qt.style.name = "kvantum";
qt.platformTheme.name = "kvantum";
@ -13,38 +20,90 @@ in mkIf cfg.enable {
# sway colour palette override
wayland.windowManager.sway.config = {
colors = {
focused = { border = "$lavender"; background = "$base"; text = "$text"; indicator = "$rosewater"; childBorder = "$lavender"; };
focusedInactive = { border = "$overlay0"; background = "$base"; text = "$text"; indicator = "$rosewater"; childBorder = "$overlay0"; };
unfocused = { border = "$overlay0"; background = "$base"; text = "$text"; indicator = "$rosewater"; childBorder = "$overlay0"; };
urgent = { border = "$peach"; background = "$base"; text = "$peach"; indicator = "$overlay0"; childBorder = "$peach"; };
placeholder = { border = "$overlay0"; background = "$base"; text = "$text"; indicator = "$overlay0"; childBorder = "$overlay0"; };
background = "$base";
focused = {
border = "$lavender";
background = "$base";
text = "$text";
indicator = "$rosewater";
childBorder = "$lavender";
};
focusedInactive = {
border = "$overlay0";
background = "$base";
text = "$text";
indicator = "$rosewater";
childBorder = "$overlay0";
};
unfocused = {
border = "$overlay0";
background = "$base";
text = "$text";
indicator = "$rosewater";
childBorder = "$overlay0";
};
urgent = {
border = "$peach";
background = "$base";
text = "$peach";
indicator = "$overlay0";
childBorder = "$peach";
};
placeholder = {
border = "$overlay0";
background = "$base";
text = "$text";
indicator = "$overlay0";
childBorder = "$overlay0";
};
background = "$base";
};
bars = mkForce [ {
colors = {
background = "$base";
statusline = "$text";
focusedStatusline = "$text";
focusedSeparator = "$base";
focusedWorkspace = { border = "$base"; background = "$base"; text = "$green"; };
activeWorkspace = { border = "$base"; background = "$base"; text = "$blue"; };
inactiveWorkspace = { border = "$base"; background = "$base"; text = "$surface1"; };
urgentWorkspace = { border = "$base"; background = "$base"; text = "$surface1"; };
bindingMode = { border = "$base"; background = "$base"; text = "$surface1"; };
};
bars = mkForce [
{
colors = {
background = "$base";
statusline = "$text";
focusedStatusline = "$text";
focusedSeparator = "$base";
focusedWorkspace = {
border = "$base";
background = "$base";
text = "$green";
};
activeWorkspace = {
border = "$base";
background = "$base";
text = "$blue";
};
inactiveWorkspace = {
border = "$base";
background = "$base";
text = "$surface1";
};
urgentWorkspace = {
border = "$base";
background = "$base";
text = "$surface1";
};
bindingMode = {
border = "$base";
background = "$base";
text = "$surface1";
};
};
mode = "dock";
position = "bottom";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
names = [ "monospace" ];
size = 8.0;
};
trayOutput = "primary";
} ];
mode = "dock";
position = "bottom";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
names = [ "monospace" ];
size = 8.0;
};
trayOutput = "primary";
}
];
output."*".bg = mkForce "${./flake.png} fill";
gaps.inner = 12;

60
home/catppuccin/nixos.nix
View file

@ -1,32 +1,41 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
gui = with config.global.gpu; enable && session;
cfg = config.home.catppuccin;
in {
in
{
options.home.catppuccin = {
enable = mkEnableOption "catppuccin colour scheme" // { default = gui; };
enable = mkEnableOption "catppuccin colour scheme" // {
default = gui;
};
gtk = {
package = mkOption {
type = with types; package;
default = (pkgs.catppuccin-gtk.overrideAttrs {
src = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "gtk";
rev = "v1.0.3";
fetchSubmodules = true;
hash = "sha256-q5/VcFsm3vNEw55zq/vcM11eo456SYE5TQA3g2VQjGc=";
};
default =
(pkgs.catppuccin-gtk.overrideAttrs {
src = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "gtk";
rev = "v1.0.3";
fetchSubmodules = true;
hash = "sha256-q5/VcFsm3vNEw55zq/vcM11eo456SYE5TQA3g2VQjGc=";
};
postUnpack = "";
}).override {
accents = [ "pink" ];
size = "compact";
#tweaks = [ "rimless" "black" ];
variant = "mocha";
};
postUnpack = "";
}).override
{
accents = [ "pink" ];
size = "compact";
#tweaks = [ "rimless" "black" ];
variant = "mocha";
};
description = "catppuccin gtk theme package";
};
name = mkOption {
@ -59,9 +68,12 @@ in {
catppuccin.enable = cfg.enable;
# gtk and cursor themes
environment.systemPackages = with cfg; mkIf enable [
gtk.package cursor.package
];
environment.systemPackages =
with cfg;
mkIf enable [
gtk.package
cursor.package
];
# override greetd theme
programs.regreet = mkIf cfg.enable {

11
home/chrome/home.nix
View file

@ -1,7 +1,10 @@
{ pkgs
, lib
, config
, ...}: lib.mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
lib.mkIf config.passthrough.gui {
programs.chromium = {
enable = true;
package = pkgs.google-chrome;

15
home/chrome/nixos.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
gui = with config.global.gpu; enable && session;
in {
in
{
users.home.persist.directories = mkIf gui [ ".config/google-chrome" ];
security.chromiumSuidSandbox.enable = mkIf gui true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";

12
home/foot/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
programs.foot = {
enable = true;
settings.main.term = "xterm-256color";

15
home/gnome/home.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.gnome;
in {
in
{
imports = [
./impl/home.nix
./impl/dconf.nix

617
home/gnome/impl/dconf.nix
View file

@ -1,286 +1,341 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.gnome;
bg = ../../../share/54345906_p0.jpg;
in mkIf cfg.enable {
dconf.settings = let
p = "org/gnome";
pd = "${p}/desktop";
ps = "${p}/shell";
pse = "${ps}/extensions";
ptl = "${p}/terminal/legacy";
ptlp = "${ptl}/profiles:";
in {
"${pd}/peripherals/mouse".natural-scroll = true;
"${pd}/peripherals/touchpad".tap-to-click = true;
"${p}/epiphany".ask-for-default = false;
"${p}/evolution-data-server".migrated = true;
in
mkIf cfg.enable {
dconf.settings =
let
p = "org/gnome";
pd = "${p}/desktop";
ps = "${p}/shell";
pse = "${ps}/extensions";
ptl = "${p}/terminal/legacy";
ptlp = "${ptl}/profiles:";
in
{
"${pd}/peripherals/mouse".natural-scroll = true;
"${pd}/peripherals/touchpad".tap-to-click = true;
"${p}/epiphany".ask-for-default = false;
"${p}/evolution-data-server".migrated = true;
"${p}/nautilus/preferences" = {
default-folder-viewer = "icon-view";
migrated-gtk-settings = true;
search-filter-time-type = "last_modified";
"${p}/nautilus/preferences" = {
default-folder-viewer = "icon-view";
migrated-gtk-settings = true;
search-filter-time-type = "last_modified";
};
"${pd}/background" = {
color-shading-type = "solid";
picture-options = "zoom";
picture-uri = "file://${bg}";
picture-uri-dark = "file://${bg}";
primary-color = "#000000000000";
secondary-color = "#000000000000";
};
"${pd}/interface" = {
color-scheme = "prefer-dark";
cursor-theme = "Bibata-Modern-Classic";
font-antialiasing = "grayscale";
font-hinting = "slight";
gtk-theme = "adw-gtk3-dark";
icon-theme = "Papirus-Dark";
};
"${pd}/screensaver" = {
color-shading-type = "solid";
lock-enabled = false;
picture-options = "zoom";
picture-uri = "file://${bg}";
primary-color = "#000000000000";
secondary-color = "#000000000000";
};
"${pd}/wm/preferences" = {
action-double-click-titlebar = "toggle-maximize";
action-middle-click-titlebar = "minimize";
button-layout = "close:appmenu";
resize-with-right-button = true;
};
"${pd}/wm/keybindings" = {
panel-run-dialog = [ ];
begin-resize = [ "<Super>r" ];
close = [ "<Shift><Super>q" ];
minimize = [ "<Super>BackSpace" ];
move-to-workspace-1 = [ "<Shift><Super>1" ];
move-to-workspace-2 = [ "<Shift><Super>2" ];
move-to-workspace-3 = [ "<Shift><Super>3" ];
move-to-workspace-4 = [ "<Shift><Super>4" ];
move-to-workspace-left = [ "<Shift><Super>h" ];
move-to-workspace-right = [ "<Shift><Super>l" ];
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
toggle-maximized = [ "<Super>f" ];
};
"${ps}/keybindings" = {
switch-to-application-1 = [ ];
switch-to-application-2 = [ ];
switch-to-application-3 = [ ];
switch-to-application-4 = [ ];
switch-to-application-5 = [ ];
switch-to-application-6 = [ ];
switch-to-application-7 = [ ];
switch-to-application-8 = [ ];
switch-to-application-9 = [ ];
toggle-application-view = [ "<Super>d" ];
};
"${p}/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
];
logout = [ ];
screensaver = [ "<Control><Alt>l" ];
};
"${p}/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>Return";
command = "kgx";
name = "Launch console";
};
"${p}/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>q";
command = "google-chrome-stable";
name = "Launch Google Chrome";
};
"${ptlp}" = {
#default = "95894cfd-82f7-430d-af6e-84d168bc34f5";
list = [
"de8a9081-8352-4ce4-9519-5de655ad9361"
"71a9971e-e829-43a9-9b2f-4565c855d664"
"5083e06b-024e-46be-9cd2-892b814f1fc8"
"95894cfd-82f7-430d-af6e-84d168bc34f5"
];
};
"${ptlp}/:5083e06b-024e-46be-9cd2-892b814f1fc8" = {
background-color = "#24273a";
cursor-background-color = "#f4dbd6";
cursor-colors-set = true;
cursor-foreground-color = "#24273a";
foreground-color = "#cad3f5";
highlight-background-color = "#24273a";
highlight-colors-set = true;
highlight-foreground-color = "#5b6078";
palette = [
"#494d64"
"#ed8796"
"#a6da95"
"#eed49f"
"#8aadf4"
"#f5bde6"
"#8bd5ca"
"#b8c0e0"
"#5b6078"
"#ed8796"
"#a6da95"
"#eed49f"
"#8aadf4"
"#f5bde6"
"#8bd5ca"
"#a5adcb"
];
use-theme-colors = false;
visible-name = "Catppuccin Macchiato";
};
"${ptlp}/:71a9971e-e829-43a9-9b2f-4565c855d664" = {
background-color = "#303446";
cursor-background-color = "#f2d5cf";
cursor-colors-set = true;
cursor-foreground-color = "#303446";
default-size-columns = 150;
default-size-rows = 35;
foreground-color = "#c6d0f5";
highlight-background-color = "#303446";
highlight-colors-set = true;
highlight-foreground-color = "#626880";
palette = [
"#51576d"
"#e78284"
"#a6d189"
"#e5c890"
"#8caaee"
"#f4b8e4"
"#81c8be"
"#b5bfe2"
"#626880"
"#e78284"
"#a6d189"
"#e5c890"
"#8caaee"
"#f4b8e4"
"#81c8be"
"#a5adce"
];
use-theme-colors = false;
visible-name = "Catppuccin Frappe";
};
"${ptlp}/:95894cfd-82f7-430d-af6e-84d168bc34f5" = {
background-color = "#1e1e2e";
cursor-background-color = "#f5e0dc";
cursor-colors-set = true;
cursor-foreground-color = "#1e1e2e";
foreground-color = "#cdd6f4";
highlight-background-color = "#1e1e2e";
highlight-colors-set = true;
highlight-foreground-color = "#585b70";
palette = [
"#45475a"
"#f38ba8"
"#a6e3a1"
"#f9e2af"
"#89b4fa"
"#f5c2e7"
"#94e2d5"
"#bac2de"
"#585b70"
"#f38ba8"
"#a6e3a1"
"#f9e2af"
"#89b4fa"
"#f5c2e7"
"#94e2d5"
"#a6adc8"
];
use-theme-colors = false;
visible-name = "Catppuccin Mocha";
};
"${ptlp}/:de8a9081-8352-4ce4-9519-5de655ad9361" = {
background-color = "#eff1f5";
cursor-background-color = "#dc8a78";
cursor-colors-set = true;
cursor-foreground-color = "#eff1f5";
foreground-color = "#4c4f69";
highlight-background-color = "#eff1f5";
highlight-colors-set = true;
highlight-foreground-color = "#acb0be";
palette = [
"#5c5f77"
"#d20f39"
"#40a02b"
"#df8e1d"
"#1e66f5"
"#ea76cb"
"#179299"
"#acb0be"
"#6c6f85"
"#d20f39"
"#40a02b"
"#df8e1d"
"#1e66f5"
"#ea76cb"
"#179299"
"#bcc0cc"
];
use-theme-colors = false;
visible-name = "Catppuccin Latte";
};
"${ps}" = {
disabled-extensions = [
"light-style@gnome-shell-extensions.gcampax.github.com"
"places-menu@gnome-shell-extensions.gcampax.github.com"
"windowsNavigator@gnome-shell-extensions.gcampax.github.com"
"window-list@gnome-shell-extensions.gcampax.github.com"
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
"dash-to-dock@micxgx.gmail.com"
];
enabled-extensions = [
"user-theme@gnome-shell-extensions.gcampax.github.com"
"apps-menu@gnome-shell-extensions.gcampax.github.com"
"drive-menu@gnome-shell-extensions.gcampax.github.com"
"appindicatorsupport@rgcjonas.gmail.com"
"dash-to-panel@jderose9.github.com"
"caffeine@patapon.info"
"PrivacyMenu@stuarthayhurst"
];
last-selected-power-profile = "performance";
welcome-dialog-last-shown-version = "45.3";
};
#"${pse}/user-theme".name = "catppuccin-mocha-pink-compact";
"${pse}/caffeine" = {
screen-blank = "never";
};
"${pse}/dash-to-dock" = {
background-opacity = 0.80000000000000004;
dash-max-icon-size = 48;
dock-position = "BOTTOM";
height-fraction = 0.90000000000000002;
multi-monitor = false;
running-indicator-style = "DOTS";
custom-theme-shrink = true;
};
"${pse}/dash-to-panel" = {
animate-appicon-hover = false;
animate-appicon-hover-animation-type = "SIMPLE";
appicon-margin = 0;
appicon-padding = 4;
appicon-style = "NORMAL";
available-monitors = [ 0 ];
dot-position = "BOTTOM";
dot-style-focused = "METRO";
dot-style-unfocused = "DOTS";
group-apps = true;
hide-overview-on-startup = true;
hotkeys-overlay-combo = "TEMPORARILY";
intellihide = true;
intellihide-behaviour = "FOCUSED_WINDOWS";
intellihide-hide-from-windows = true;
isolate-workspaces = false;
leftbox-padding = -1;
overview-click-to-exit = true;
panel-anchors = ''{"0":"MIDDLE"}'';
panel-element-positions = ''{"0":[{"element":"showAppsButton","visible":true,"position":"stackedTL"},{"element":"activitiesButton","visible":true,"position":"stackedTL"},{"element":"leftBox","visible":false,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"centerMonitor"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":false,"position":"stackedBR"}]}'';
panel-lengths = ''{"0":100}'';
panel-positions = ''{"0":"BOTTOM"}'';
panel-sizes = ''{"0":42}'';
primary-monitor = 0;
secondarymenu-contains-showdetails = true;
show-showdesktop-hover = true;
status-icon-padding = -1;
stockgs-force-hotcorner = false;
stockgs-keep-dash = false;
stockgs-keep-top-panel = false;
stockgs-panelbtn-click-only = false;
trans-bg-color = "#2a2a2a";
trans-dynamic-anim-target = 1.0;
trans-dynamic-behavior = "MAXIMIZED_WINDOWS";
trans-gradient-bottom-color = "#000000";
trans-gradient-bottom-opacity = 0.5;
trans-gradient-top-opacity = 0.0;
trans-panel-opacity = 0.0;
trans-use-custom-bg = true;
trans-use-custom-gradient = true;
trans-use-custom-opacity = true;
trans-use-dynamic-opacity = true;
tray-padding = -1;
window-preview-title-position = "TOP";
};
};
"${pd}/background" = {
color-shading-type = "solid";
picture-options = "zoom";
picture-uri = "file://${bg}";
picture-uri-dark = "file://${bg}";
primary-color = "#000000000000";
secondary-color = "#000000000000";
};
"${pd}/interface" = {
color-scheme = "prefer-dark";
cursor-theme = "Bibata-Modern-Classic";
font-antialiasing = "grayscale";
font-hinting = "slight";
gtk-theme = "adw-gtk3-dark";
icon-theme = "Papirus-Dark";
};
"${pd}/screensaver" = {
color-shading-type = "solid";
lock-enabled = false;
picture-options = "zoom";
picture-uri = "file://${bg}";
primary-color = "#000000000000";
secondary-color = "#000000000000";
};
"${pd}/wm/preferences" = {
action-double-click-titlebar = "toggle-maximize";
action-middle-click-titlebar = "minimize";
button-layout = "close:appmenu";
resize-with-right-button = true;
};
"${pd}/wm/keybindings" = {
panel-run-dialog = [ ];
begin-resize = [ "<Super>r" ];
close = [ "<Shift><Super>q" ];
minimize = [ "<Super>BackSpace" ];
move-to-workspace-1 = [ "<Shift><Super>1" ];
move-to-workspace-2 = [ "<Shift><Super>2" ];
move-to-workspace-3 = [ "<Shift><Super>3" ];
move-to-workspace-4 = [ "<Shift><Super>4" ];
move-to-workspace-left = [ "<Shift><Super>h" ];
move-to-workspace-right = [ "<Shift><Super>l" ];
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
toggle-maximized = [ "<Super>f" ];
};
"${ps}/keybindings" = {
switch-to-application-1 = [ ];
switch-to-application-2 = [ ];
switch-to-application-3 = [ ];
switch-to-application-4 = [ ];
switch-to-application-5 = [ ];
switch-to-application-6 = [ ];
switch-to-application-7 = [ ];
switch-to-application-8 = [ ];
switch-to-application-9 = [ ];
toggle-application-view = [ "<Super>d" ];
};
"${p}/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
];
logout = [ ];
screensaver = [ "<Control><Alt>l" ];
};
"${p}/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>Return";
command = "kgx";
name = "Launch console";
};
"${p}/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>q";
command = "google-chrome-stable";
name = "Launch Google Chrome";
};
"${ptlp}" = {
#default = "95894cfd-82f7-430d-af6e-84d168bc34f5";
list = [
"de8a9081-8352-4ce4-9519-5de655ad9361"
"71a9971e-e829-43a9-9b2f-4565c855d664"
"5083e06b-024e-46be-9cd2-892b814f1fc8"
"95894cfd-82f7-430d-af6e-84d168bc34f5"
];
};
"${ptlp}/:5083e06b-024e-46be-9cd2-892b814f1fc8" = {
background-color = "#24273a";
cursor-background-color = "#f4dbd6";
cursor-colors-set = true;
cursor-foreground-color = "#24273a";
foreground-color = "#cad3f5";
highlight-background-color = "#24273a";
highlight-colors-set = true;
highlight-foreground-color = "#5b6078";
palette = [
"#494d64" "#ed8796" "#a6da95" "#eed49f"
"#8aadf4" "#f5bde6" "#8bd5ca" "#b8c0e0"
"#5b6078" "#ed8796" "#a6da95" "#eed49f"
"#8aadf4" "#f5bde6" "#8bd5ca" "#a5adcb"
];
use-theme-colors = false;
visible-name = "Catppuccin Macchiato";
};
"${ptlp}/:71a9971e-e829-43a9-9b2f-4565c855d664" = {
background-color = "#303446";
cursor-background-color = "#f2d5cf";
cursor-colors-set = true;
cursor-foreground-color = "#303446";
default-size-columns = 150;
default-size-rows = 35;
foreground-color = "#c6d0f5";
highlight-background-color = "#303446";
highlight-colors-set = true;
highlight-foreground-color = "#626880";
palette = [
"#51576d" "#e78284" "#a6d189" "#e5c890"
"#8caaee" "#f4b8e4" "#81c8be" "#b5bfe2"
"#626880" "#e78284" "#a6d189" "#e5c890"
"#8caaee" "#f4b8e4" "#81c8be" "#a5adce"
];
use-theme-colors = false;
visible-name = "Catppuccin Frappe";
};
"${ptlp}/:95894cfd-82f7-430d-af6e-84d168bc34f5" = {
background-color = "#1e1e2e";
cursor-background-color = "#f5e0dc";
cursor-colors-set = true;
cursor-foreground-color = "#1e1e2e";
foreground-color = "#cdd6f4";
highlight-background-color = "#1e1e2e";
highlight-colors-set = true;
highlight-foreground-color = "#585b70";
palette = [
"#45475a" "#f38ba8" "#a6e3a1" "#f9e2af"
"#89b4fa" "#f5c2e7" "#94e2d5" "#bac2de"
"#585b70" "#f38ba8" "#a6e3a1" "#f9e2af"
"#89b4fa" "#f5c2e7" "#94e2d5" "#a6adc8"
];
use-theme-colors = false;
visible-name = "Catppuccin Mocha";
};
"${ptlp}/:de8a9081-8352-4ce4-9519-5de655ad9361" = {
background-color = "#eff1f5";
cursor-background-color = "#dc8a78";
cursor-colors-set = true;
cursor-foreground-color = "#eff1f5";
foreground-color = "#4c4f69";
highlight-background-color = "#eff1f5";
highlight-colors-set = true;
highlight-foreground-color = "#acb0be";
palette = [
"#5c5f77" "#d20f39" "#40a02b" "#df8e1d"
"#1e66f5" "#ea76cb" "#179299" "#acb0be"
"#6c6f85" "#d20f39" "#40a02b" "#df8e1d"
"#1e66f5" "#ea76cb" "#179299" "#bcc0cc"
];
use-theme-colors = false;
visible-name = "Catppuccin Latte";
};
"${ps}" = {
disabled-extensions = [
"light-style@gnome-shell-extensions.gcampax.github.com"
"places-menu@gnome-shell-extensions.gcampax.github.com"
"windowsNavigator@gnome-shell-extensions.gcampax.github.com"
"window-list@gnome-shell-extensions.gcampax.github.com"
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
"dash-to-dock@micxgx.gmail.com"
];
enabled-extensions = [
"user-theme@gnome-shell-extensions.gcampax.github.com"
"apps-menu@gnome-shell-extensions.gcampax.github.com"
"drive-menu@gnome-shell-extensions.gcampax.github.com"
"appindicatorsupport@rgcjonas.gmail.com"
"dash-to-panel@jderose9.github.com"
"caffeine@patapon.info"
"PrivacyMenu@stuarthayhurst"
];
last-selected-power-profile = "performance";
welcome-dialog-last-shown-version = "45.3";
};
#"${pse}/user-theme".name = "catppuccin-mocha-pink-compact";
"${pse}/caffeine" = {
screen-blank = "never";
};
"${pse}/dash-to-dock" = {
background-opacity = 0.80000000000000004;
dash-max-icon-size = 48;
dock-position = "BOTTOM";
height-fraction = 0.90000000000000002;
multi-monitor = false;
running-indicator-style = "DOTS";
custom-theme-shrink = true;
};
"${pse}/dash-to-panel" = {
animate-appicon-hover = false;
animate-appicon-hover-animation-type = "SIMPLE";
appicon-margin = 0;
appicon-padding = 4;
appicon-style= "NORMAL";
available-monitors = [ 0 ];
dot-position = "BOTTOM";
dot-style-focused = "METRO";
dot-style-unfocused = "DOTS";
group-apps = true;
hide-overview-on-startup = true;
hotkeys-overlay-combo = "TEMPORARILY";
intellihide = true;
intellihide-behaviour = "FOCUSED_WINDOWS";
intellihide-hide-from-windows = true;
isolate-workspaces = false;
leftbox-padding = -1;
overview-click-to-exit = true;
panel-anchors = ''{"0":"MIDDLE"}'';
panel-element-positions = ''{"0":[{"element":"showAppsButton","visible":true,"position":"stackedTL"},{"element":"activitiesButton","visible":true,"position":"stackedTL"},{"element":"leftBox","visible":false,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"centerMonitor"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":false,"position":"stackedBR"}]}'';
panel-lengths = ''{"0":100}'';
panel-positions = ''{"0":"BOTTOM"}'';
panel-sizes = ''{"0":42}'';
primary-monitor = 0;
secondarymenu-contains-showdetails = true;
show-showdesktop-hover = true;
status-icon-padding = -1;
stockgs-force-hotcorner = false;
stockgs-keep-dash = false;
stockgs-keep-top-panel = false;
stockgs-panelbtn-click-only = false;
trans-bg-color = "#2a2a2a";
trans-dynamic-anim-target = 1.0;
trans-dynamic-behavior = "MAXIMIZED_WINDOWS";
trans-gradient-bottom-color = "#000000";
trans-gradient-bottom-opacity = 0.5;
trans-gradient-top-opacity = 0.0;
trans-panel-opacity = 0.0;
trans-use-custom-bg = true;
trans-use-custom-gradient = true;
trans-use-custom-opacity = true;
trans-use-dynamic-opacity = true;
tray-padding = -1;
window-preview-title-position = "TOP";
};
};
}

44
home/gnome/impl/home.nix
View file

@ -1,23 +1,29 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.gnome;
in mkIf cfg.enable {
in
mkIf cfg.enable {
home.packages =
with pkgs;
with gnome;
with gnomeExtensions; [
# gtk3 theme
adw-gtk3
with pkgs;
with gnome;
with gnomeExtensions;
[
# gtk3 theme
adw-gtk3
# gnomeExtensions
caffeine
dash-to-panel
dash-to-dock
appindicator
privacy-settings-menu
];
# gnomeExtensions
caffeine
dash-to-panel
dash-to-dock
appindicator
privacy-settings-menu
];
catppuccin.enable = mkForce false;
home.pointerCursor = mkForce null;
@ -26,7 +32,9 @@ in mkIf cfg.enable {
home.persistence."/nix/persist/home/${config.home.username}" = {
removePrefixDirectory = true;
files = [
(if config.specialisation != {} then "gnome/.config/monitors.xml" else "extern/.config/monitors.xml")
(
if config.specialisation != { } then "gnome/.config/monitors.xml" else "extern/.config/monitors.xml"
)
];
};
}

79
home/gnome/impl/nixos.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.gnome;
in mkIf cfg.enable {
in
mkIf cfg.enable {
global.flatpak.enable = mkDefault true;
home.catppuccin.enable = mkDefault false;
catppuccin.enable = false;
@ -17,33 +22,43 @@ in mkIf cfg.enable {
xdg.portal.configPackages = with pkgs; [ gnome-session ];
services.pulseaudio.enable = false;
environment.gnome.excludePackages = (with pkgs; [
snapshot
gnome-tour
] ++ optionals config.global.flatpak.enable [
baobab
simple-scan
evince
file-roller
geary
loupe
seahorse
totem
epiphany
gnome-calculator
gnome-calendar
gnome-connections
gnome-font-viewer
gnome-text-editor
gnome-characters
gnome-clocks
gnome-contacts
gnome-logs
gnome-maps
gnome-music
gnome-weather
]) ++ (with pkgs.gnome; [ ] ++ optionals config.global.flatpak.enable [
]);
environment.gnome.excludePackages =
(
with pkgs;
[
snapshot
gnome-tour
]
++ optionals config.global.flatpak.enable [
baobab
simple-scan
evince
file-roller
geary
loupe
seahorse
totem
epiphany
gnome-calculator
gnome-calendar
gnome-connections
gnome-font-viewer
gnome-text-editor
gnome-characters
gnome-clocks
gnome-contacts
gnome-logs
gnome-maps
gnome-music
gnome-weather
]
)
++ (
with pkgs.gnome;
[ ]
++ optionals config.global.flatpak.enable [
]
);
users.home.persist.directories = [ ".config/dconf" ];
}

25
home/gnome/nixos.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.gnome;
in {
in
{
imports = [ ./impl/nixos.nix ];
options.home.gnome = {
@ -16,10 +21,12 @@ in {
{ passthrough.gnome = cfg; }
];
specialisation.nognome = with cfg; mkIf enable {
configuration = {
home.gnome.enable = mkForce false;
specialisation.nognome =
with cfg;
mkIf enable {
configuration = {
home.gnome.enable = mkForce false;
};
};
};
};
}

15
home/gui/home.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
catppuccin = config.passthrough.catppuccin.enable;
in {
in
{
config = mkIf config.passthrough.gui {
# cursor theme
home.pointerCursor = {

34
home/gui/nixos.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
gui = with config.global.gpu; enable && session;
catppuccin = config.home.catppuccin;
in {
in
{
config = {
users.homeModules = [
# this module passes gui configuration to home-manager
@ -13,13 +18,18 @@ in {
users.adminGroups = mkIf gui [ "video" ];
# themes and icons
environment.systemPackages = with pkgs; mkIf gui ([
papirus-icon-theme
] ++ optionals (!catppuccin.enable) [
whitesur-gtk-theme
whitesur-icon-theme
bibata-cursors
]);
environment.systemPackages =
with pkgs;
mkIf gui (
[
papirus-icon-theme
]
++ optionals (!catppuccin.enable) [
whitesur-gtk-theme
whitesur-icon-theme
bibata-cursors
]
);
fonts.enableDefaultPackages = mkIf gui true;

20
home/gyroflow/home.nix
View file

@ -1,13 +1,21 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.gyroflow;
in mkIf cfg.enable {
in
mkIf cfg.enable {
# temporarily gone until regression is fixed
#home.packages = [ cfg.package ];
wayland.windowManager.sway.config.window.commands = [
{ criteria.app_id = "xyz.gyroflow.gyroflow"; command = "floating enable"; }
{
criteria.app_id = "xyz.gyroflow.gyroflow";
command = "floating enable";
}
];
}

23
home/gyroflow/nixos.nix
View file

@ -1,16 +1,23 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.gyroflow;
in {
in
{
options.home.gyroflow = {
enable = mkEnableOption "gyroflow stabilisation software";
package = mkOption {
type = with types; package;
default = pkgs.gyroflow.overrideAttrs (finalAttrs: previousAttrs: {
buildInputs = previousAttrs.buildInputs ++ [ pkgs.qt6Packages.qtwayland ];
});
default = pkgs.gyroflow.overrideAttrs (
finalAttrs: previousAttrs: {
buildInputs = previousAttrs.buildInputs ++ [ pkgs.qt6Packages.qtwayland ];
}
);
description = "gyroflow package";
};
};

33
home/headless/home.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.headless;
in mkIf (cfg.enable != null) {
in
mkIf (cfg.enable != null) {
wayland.windowManager.sway.config = {
output = {
${cfg.enable}.pos = "0 0";
@ -13,12 +18,14 @@ in mkIf (cfg.enable != null) {
startup = [ { command = "swaymsg create_output && swaymsg output HEADLESS-1 disable"; } ];
};
home.packages = [ (pkgs.writeShellScriptBin "headless" ''
swaymsg output HEADLESS-1 enable
${pkgs.wayvnc}/bin/wayvnc \
--output=HEADLESS-1 \
${cfg.extraArgs} \
${cfg.host} ${toString cfg.port}
swaymsg output HEADLESS-1 disable
'') ];
home.packages = [
(pkgs.writeShellScriptBin "headless" ''
swaymsg output HEADLESS-1 enable
${pkgs.wayvnc}/bin/wayvnc \
--output=HEADLESS-1 \
${cfg.extraArgs} \
${cfg.host} ${toString cfg.port}
swaymsg output HEADLESS-1 disable
'')
];
}

15
home/headless/nixos.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.headless;
in {
in
{
options.home.headless = {
enable = mkOption {
type = with types; nullOr str;

21
home/i3status/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
programs.i3status = {
enable = true;
enableDefault = false;
@ -48,8 +52,9 @@
position = 5;
settings = {
format = "%1min %5min %15min";
max_threshold =
removeSuffix "\n" (builtins.readFile (pkgs.runCommandLocal "nproc" { } "nproc > $out"));
max_threshold = removeSuffix "\n" (
builtins.readFile (pkgs.runCommandLocal "nproc" { } "nproc > $out")
);
};
};
@ -70,7 +75,9 @@
"tztime local" = {
position = 127;
settings = { format = "%Y-%m-%d %H:%M:%S"; };
settings = {
format = "%Y-%m-%d %H:%M:%S";
};
};
};
};

12
home/imv/home.nix
View file

@ -1,6 +1,10 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
programs.imv.enable = true;
}

25
home/jetbrains/home.nix
View file

@ -1,11 +1,18 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.jetbrains;
in mkIf cfg.enable {
home.packages = with pkgs.jetbrains; [ pkgs.go ] ++
optional cfg.idea idea-community ++
optional cfg.clion clion ++
optional cfg.goland goland;
in
mkIf cfg.enable {
home.packages =
with pkgs.jetbrains;
[ pkgs.go ]
++ optional cfg.idea idea-community
++ optional cfg.clion clion
++ optional cfg.goland goland;
}

19
home/jetbrains/nixos.nix
View file

@ -1,14 +1,21 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.jetbrains;
in {
in
{
options.home.jetbrains = {
enable = mkEnableOption "jetbrains text editor";
idea = mkEnableOption "intellij idea";
clion = mkEnableOption "clion ide";
goland = mkEnableOption "goland ide" // { default = true; };
goland = mkEnableOption "goland ide" // {
default = true;
};
};
config = {

15
home/libreoffice/home.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.libreoffice;
enable = cfg.enable && (cfg.allUsers || (config.home.username == "app"));
in mkIf enable {
in
mkIf enable {
home.packages = with pkgs; [ libreoffice ];
}

15
home/libreoffice/nixos.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.libreoffice;
persist = [ ".config/libreoffice" ];
in {
in
{
options.home.libreoffice = {
enable = mkEnableOption "open source office suite";
allUsers = mkEnableOption "set up for all users";

12
home/mako/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
services.mako = {
enable = true;
defaultTimeout = 5000;

29
home/minecraft/home.nix
View file

@ -1,16 +1,27 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
inherit (config.passthrough) gui;
cfg = config.passthrough.minecraft;
enable = cfg.enable && config.home.username == cfg.user;
in mkIf enable {
home.packages = with pkgs; [
jdk8
] ++ optional gui prismlauncher;
in
mkIf enable {
home.packages =
with pkgs;
[
jdk8
]
++ optional gui prismlauncher;
wayland.windowManager.sway.config.window.commands = mkIf gui [
{ criteria.app_id = "org.prismlauncher.PrismLauncher"; command = "floating enable"; }
{
criteria.app_id = "org.prismlauncher.PrismLauncher";
command = "floating enable";
}
];
}

15
home/minecraft/nixos.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.minecraft;
gui = with config.global.gpu; enable && session;
in {
in
{
options.home.minecraft = {
enable = mkEnableOption "minecraft game launcher and jvm";
user = mkOption {

12
home/mpv/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
programs.mpv = {
enable = true;
config = {

7
home/neovim/home.nix
View file

@ -1,5 +1,8 @@
{ pkgs
, ... }: {
{
pkgs,
...
}:
{
programs.neovim = {
enable = true;
defaultEditor = true;

15
home/plasma/home.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.plasma;
image = ../../share/54345906_p0.jpg;
in mkIf cfg.enable {
in
mkIf cfg.enable {
programs.plasma = {
# https://github.com/pjones/plasma-manager
enable = true;

17
home/plasma/nixos.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, plasma-manager
, ... }: with lib; let
{
pkgs,
lib,
config,
plasma-manager,
...
}:
with lib;
let
cfg = config.home.plasma;
in {
in
{
options.home.plasma = {
enable = mkEnableOption "plasma desktop and configuration";
specialise = mkEnableOption "enable plasma in a specialisation";

247
home/profile.nix
View file

@ -1,41 +1,48 @@
{ pkgs
, lib
, config
, inputs
, ... }: with lib; let
{
pkgs,
lib,
config,
inputs,
...
}:
with lib;
let
cfg = config.users;
in {
in
{
options.users = {
profiles = mkOption {
type = with types; attrsOf (submodule {
options = {
uid = mkOption {
type = with types; nullOr int;
default = null;
description = "uid passthrough to base user configuration";
type =
with types;
attrsOf (submodule {
options = {
uid = mkOption {
type = with types; nullOr int;
default = null;
description = "uid passthrough to base user configuration";
};
description = mkOption {
type = with types; nullOr str;
default = null;
description = "description passthrough to base user configuration";
};
admin = mkOption {
type = with types; bool;
default = false;
description = "add user to privileged groups";
};
sshLogin = mkOption {
type = with types; bool;
default = false;
description = "enable ssh authorized keys for user";
};
picture = mkOption {
type = with types; nullOr path;
default = null;
description = "path to user profile picture";
};
};
description = mkOption {
type = with types; nullOr str;
default = null;
description = "description passthrough to base user configuration";
};
admin = mkOption {
type = with types; bool;
default = false;
description = "add user to privileged groups";
};
sshLogin = mkOption {
type = with types; bool;
default = false;
description = "enable ssh authorized keys for user";
};
picture = mkOption {
type = with types; nullOr path;
default = null;
description = "path to user profile picture";
};
};
});
});
description = "preconfigured users with profile options";
};
@ -57,11 +64,21 @@ in {
};
persist = {
files = mkOption {
type = with types; listOf (oneOf [ str (attrsOf str) ]);
type =
with types;
listOf (oneOf [
str
(attrsOf str)
]);
default = [ ];
};
directories = mkOption {
type = with types; listOf (oneOf [ str (attrsOf str) ]);
type =
with types;
listOf (oneOf [
str
(attrsOf str)
]);
default = [ ];
};
};
@ -74,8 +91,9 @@ in {
inherit (opts) uid;
description = with opts; mkIf (description != null) description;
extraGroups = [ "dialout" ] ++ optionals opts.admin cfg.adminGroups;
openssh.authorizedKeys.keys = mkIf (opts.sshLogin && config.services.openssh.enable)
config.global.auth.openssh.publicKeys;
openssh.authorizedKeys.keys = mkIf (
opts.sshLogin && config.services.openssh.enable
) config.global.auth.openssh.publicKeys;
hashedPasswordFile = "/nix/persist/shadow/${name}";
shell = pkgs.zsh;
isNormalUser = mkIf (name != "root") true;
@ -85,98 +103,125 @@ in {
# base groups
adminGroups = [
"wheel" "kvm"
"wheel"
"kvm"
"systemd-journal"
"networkmanager"
];
# base home modules in current directory
homeModules = pipe ./. [
builtins.readDir
(filterAttrs (n: ty: ty == "directory" && builtins.pathExists ./${n}/home.nix))
(mapAttrsToList (n: _: ./${n}/home.nix))
] ++ [ {
options.passthrough = mkOption {
type = with types; attrsOf anything;
description = "passthrough values from nixos configuration";
};
} ];
homeModules =
pipe ./. [
builtins.readDir
(filterAttrs (n: ty: ty == "directory" && builtins.pathExists ./${n}/home.nix))
(mapAttrsToList (n: _: ./${n}/home.nix))
]
++ [
{
options.passthrough = mkOption {
type = with types; attrsOf anything;
description = "passthrough values from nixos configuration";
};
}
];
# basic persistence
home.persist = {
directories = [
"src"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
{ directory = ".local/share/keyrings"; mode = "0700"; }
{
directory = ".gnupg";
mode = "0700";
}
{
directory = ".ssh";
mode = "0700";
}
{
directory = ".local/share/keyrings";
mode = "0700";
}
];
};
};
# mount tmpfs on each user's home directory with appropriate ownership
fileSystems = mapAttrs'
(name: opts: nameValuePair
# nixpkgs quirk: accessing user configuration here causes infinite recursion
# this workaround ensures proper home directory path unless overridden elsewhere
(if name != "root" then "/home/${name}" else "/root") {
device = "homefs";
fsType = "tmpfs";
options = [ "size=${cfg.home.size}"
"uid=${builtins.toString opts.uid}"
"gid=${builtins.toString cfg.groups.${cfg.users.${name}.group}.gid}"
"mode=700" ];
fileSystems = mapAttrs' (
name: opts:
nameValuePair
# nixpkgs quirk: accessing user configuration here causes infinite recursion
# this workaround ensures proper home directory path unless overridden elsewhere
(if name != "root" then "/home/${name}" else "/root")
{
device = "homefs";
fsType = "tmpfs";
options = [
"size=${cfg.home.size}"
"uid=${builtins.toString opts.uid}"
"gid=${builtins.toString cfg.groups.${cfg.users.${name}.group}.gid}"
"mode=700"
];
# impermanence sets permissions before filesystems are mounted
# this mounts filesystem in initrd therefore working around that bug
neededForBoot = true;
}) cfg.profiles;
# impermanence sets permissions before filesystems are mounted
# this mounts filesystem in initrd therefore working around that bug
neededForBoot = true;
}
) cfg.profiles;
global.fs.zfs.mountpoints = mapAttrs'
(name: opts: nameValuePair
"/nix/persist/home/${name}"
"home/${name}")
(filterAttrs (n: _: n != "root") config.users.profiles);
global.fs.zfs.mountpoints = mapAttrs' (
name: opts: nameValuePair "/nix/persist/home/${name}" "home/${name}"
) (filterAttrs (n: _: n != "root") config.users.profiles);
home-manager.users = mapAttrs (name: opts: {
imports = with inputs; cfg.homeModules ++ [
impermanence.homeManagerModules.impermanence
catppuccin.homeManagerModules.catppuccin
];
imports =
with inputs;
cfg.homeModules
++ [
impermanence.homeManagerModules.impermanence
catppuccin.homeManagerModules.catppuccin
];
home.file.".face" = mkIf (opts.picture != null) {
source = opts.picture;
};
home.stateVersion = "23.11";
}) cfg.profiles;
system.activationScripts = mapAttrs'
(name: opts: nameValuePair
"${name}-profile-icon"
{
deps = [ "users" ];
text = let
iconDest = "/var/lib/AccountsService/icons/${name}";
userConf = pkgs.writeText "${name}-config" ''
[User]
Session=
Icon=${iconDest}
SystemAccount=false
'';
in ''
install -Dm 0444 ${opts.picture} ${iconDest}
install -Dm 0400 ${userConf} /var/lib/AccountsService/users/${name}
'';
})
(filterAttrs (n: _: n != "root") config.users.profiles);
system.activationScripts = mapAttrs' (
name: opts:
nameValuePair "${name}-profile-icon" {
deps = [ "users" ];
text =
let
iconDest = "/var/lib/AccountsService/icons/${name}";
userConf = pkgs.writeText "${name}-config" ''
[User]
Session=
Icon=${iconDest}
SystemAccount=false
'';
in
''
install -Dm 0444 ${opts.picture} ${iconDest}
install -Dm 0400 ${userConf} /var/lib/AccountsService/users/${name}
'';
}
) (filterAttrs (n: _: n != "root") config.users.profiles);
# set up standard persistence for users
# this is registered internally for each software's configuration
environment.persistence."/nix/persist" = {
users = (mapAttrs (name: _: cfg.home.persist // {
# root workaround, ugly but necessary
# cannot get it properly for the same reason
# mentioned above in fileSystems
home = mkIf (name == "root") "/root";
}) cfg.profiles);
users = (
mapAttrs (
name: _:
cfg.home.persist
// {
# root workaround, ugly but necessary
# cannot get it properly for the same reason
# mentioned above in fileSystems
home = mkIf (name == "root") "/root";
}
) cfg.profiles
);
hideMounts = true;
};

27
home/steam/config.nix
View file

@ -1,14 +1,27 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.steam;
in mkIf cfg.enable {
in
mkIf cfg.enable {
hardware.steam-hardware.enable = true;
networking.firewall = {
allowedTCPPorts = [ 27015 27036 ];
allowedTCPPorts = [
27015
27036
];
allowedUDPPorts = [ 27015 ];
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedUDPPortRanges = [
{
from = 27031;
to = 27036;
}
];
};
}

20
home/steam/home.nix
View file

@ -1,17 +1,25 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.steam;
enable = cfg.enable && (cfg.allUsers || (config.home.username == "app"));
package = config.programs.steam.package;
in mkIf enable {
in
mkIf enable {
home.packages = with pkgs; [
cfg.package
cfg.package.run
];
wayland.windowManager.sway.config.window.commands = [
{ criteria.class = "steam"; command = "floating enable"; }
{
criteria.class = "steam";
command = "floating enable";
}
];
}

20
home/steam/nixos.nix
View file

@ -1,10 +1,18 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.steam;
persist = [ ".steam" ".local/share/Steam" ];
in {
persist = [
".steam"
".local/share/Steam"
];
in
{
imports = [ ./config.nix ];
options.home.steam = {

67
home/sway/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
wayland.windowManager.sway = {
enable = true;
@ -12,33 +16,38 @@
config = {
defaultWorkspace = "workspace number 1";
modifier = "Mod4";
keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier;
in mkOptionDefault {
XF86MonBrightnessUp = "light -A 5";
XF86MonBrightnessDown = "light -U 5";
keybindings =
let
modifier = config.wayland.windowManager.sway.config.modifier;
in
mkOptionDefault {
XF86MonBrightnessUp = "light -A 5";
XF86MonBrightnessDown = "light -U 5";
"Control+Alt+l" = "exec swaylock -f --grace 0";
"Print" = "exec ${pkgs.grim}/bin/grim - | ${pkgs.wl-clipboard}/bin/wl-copy";
"${modifier}+Print" = "exec ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy";
"${modifier}+q" = "exec google-chrome-stable";
"${modifier}+Home" = "exec ${pkgs.pavucontrol}/bin/pavucontrol";
};
bars = [ {
mode = "dock";
position = "bottom";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
names = [ "monospace" ];
size = 8.0;
"Control+Alt+l" = "exec swaylock -f --grace 0";
"Print" = "exec ${pkgs.grim}/bin/grim - | ${pkgs.wl-clipboard}/bin/wl-copy";
"${modifier}+Print" =
"exec ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy";
"${modifier}+q" = "exec google-chrome-stable";
"${modifier}+Home" = "exec ${pkgs.pavucontrol}/bin/pavucontrol";
};
trayOutput = "primary";
# sets transparency
colors.background = "00000000";
} ];
bars = [
{
mode = "dock";
position = "bottom";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
names = [ "monospace" ];
size = 8.0;
};
trayOutput = "primary";
# sets transparency
colors.background = "00000000";
}
];
input."*".natural_scroll = "enabled";
input."type:touchpad".tap = "enabled";

72
home/sway/nixos.nix
View file

@ -1,36 +1,48 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
gui = with config.global.gpu; enable && session;
nvidia = with config.global.gpu; type == "nvidia" || type == "prime";
in mkIf gui {
in
mkIf gui {
services.displayManager.sessionPackages = [
(pkgs.writeTextFile {
name = "sway-session";
destination = "/share/wayland-sessions/sway.desktop";
text = ''
[Desktop Entry]
Name=Sway
Comment=An i3-compatible Wayland compositor
Exec=${pkgs.writeTextFile {
name = "sway-wrapper";
executable = true;
text = ''
#!${pkgs.zsh}/bin/zsh
SHLVL=0
for profile in ''${(z)NIX_PROFILES}; do
fpath+=($profile/share/zsh/site-functions $profile/share/zsh/$ZSH_VERSION/functions $profile/share/zsh/vendor-completions)
done
exec sway${if nvidia then " --unsupported-gpu" else ""} 2>&1 >> $XDG_CACHE_HOME/sway
'';
checkPhase = ''
${pkgs.stdenv.shellDryRun} "$target"
'';
}}
Type=Application
'';
} // { providedSessions = [ pkgs.sway.meta.mainProgram ]; })
(
pkgs.writeTextFile {
name = "sway-session";
destination = "/share/wayland-sessions/sway.desktop";
text = ''
[Desktop Entry]
Name=Sway
Comment=An i3-compatible Wayland compositor
Exec=${
pkgs.writeTextFile {
name = "sway-wrapper";
executable = true;
text = ''
#!${pkgs.zsh}/bin/zsh
SHLVL=0
for profile in ''${(z)NIX_PROFILES}; do
fpath+=($profile/share/zsh/site-functions $profile/share/zsh/$ZSH_VERSION/functions $profile/share/zsh/vendor-completions)
done
exec sway${if nvidia then " --unsupported-gpu" else ""} 2>&1 >> $XDG_CACHE_HOME/sway
'';
checkPhase = ''
${pkgs.stdenv.shellDryRun} "$target"
'';
}
}
Type=Application
'';
}
// {
providedSessions = [ pkgs.sway.meta.mainProgram ];
}
)
];
programs.light.enable = true;

54
home/swayidle/home.nix
View file

@ -1,24 +1,40 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
services.swayidle = let
sway = config.wayland.windowManager.sway.package;
swaymsg = "${sway}/bin/swaymsg";
swaylock = "${config.programs.swaylock.package}/bin/swaylock";
in {
enable = true;
systemdTarget = "sway-session.target";
timeouts = [
{ timeout = 600; command = "${swaymsg} 'output * dpms off'"; resumeCommand = "${swaymsg} 'output * dpms on'"; }
];
events = [
{ event = "before-sleep"; command = "${swaylock} -f --grace 0"; }
];
};
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
services.swayidle =
let
sway = config.wayland.windowManager.sway.package;
swaymsg = "${sway}/bin/swaymsg";
swaylock = "${config.programs.swaylock.package}/bin/swaylock";
in
{
enable = true;
systemdTarget = "sway-session.target";
timeouts = [
{
timeout = 600;
command = "${swaymsg} 'output * dpms off'";
resumeCommand = "${swaymsg} 'output * dpms on'";
}
];
events = [
{
event = "before-sleep";
command = "${swaylock} -f --grace 0";
}
];
};
# fullscreen as simple idle inhibitor shortcut
wayland.windowManager.sway.config.window.commands = [
{ criteria.shell = ".*"; command = "inhibit_idle fullscreen"; }
{
criteria.shell = ".*";
command = "inhibit_idle fullscreen";
}
];
}

12
home/swaylock/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
programs.swaylock = {
enable = true;
package = pkgs.swaylock-effects;

15
home/swaylock/nixos.nix
View file

@ -1,8 +1,13 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
gui = with config.global.gpu; enable && session;
in mkIf gui {
in
mkIf gui {
security.pam.services.swaylock = { };
}

82
home/util/home.nix
View file

@ -1,33 +1,61 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.util;
in {
home.packages = with pkgs; [
pv file wget e2fsprogs
] ++ optionals (!cfg.minimal) [
tio mbuffer sedutil
lsscsi zip unzip
nix-index dnsutils whois
pciutils usbutils nvme-cli
] ++ optionals config.passthrough.gui [
gtk-engine-murrine
gnome-themes-extra
in
{
home.packages =
with pkgs;
[
pv
file
wget
e2fsprogs
]
++ optionals (!cfg.minimal) [
tio
mbuffer
sedutil
lsscsi
zip
unzip
nix-index
dnsutils
whois
pciutils
usbutils
nvme-cli
]
++ optionals config.passthrough.gui [
gtk-engine-murrine
gnome-themes-extra
mission-planner
inav-configurator
inav-blackbox-tools
(blhelisuite32.override { workdir = "${config.home.homeDirectory}/.blhelisuite32"; })
] ++ optionals (config.passthrough.gui && !config.passthrough.flatpak.enable) [
xfce.thunar gimp
jellyfin-media-player
betaflight-configurator
expresslrs-configurator
];
mission-planner
inav-configurator
inav-blackbox-tools
(blhelisuite32.override { workdir = "${config.home.homeDirectory}/.blhelisuite32"; })
]
++ optionals (config.passthrough.gui && !config.passthrough.flatpak.enable) [
xfce.thunar
gimp
jellyfin-media-player
betaflight-configurator
expresslrs-configurator
];
wayland.windowManager.sway.config.window.commands = mkIf config.passthrough.gui [
{ criteria.class = "BLHeliSuite32xl"; command = "floating enable"; }
{ criteria.app_id = "thunar"; command = "floating enable"; }
{
criteria.class = "BLHeliSuite32xl";
command = "floating enable";
}
{
criteria.app_id = "thunar";
command = "floating enable";
}
];
}

56
home/util/nixos.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.util;
gui = with config.global.gpu; enable && session;
in {
in
{
options.home.util = {
minimal = mkEnableOption "minimal system environment with less packages";
};
@ -20,25 +25,26 @@ in {
programs.zsh.enable = true;
environment.shells = singleton pkgs.zsh;
users.home.persist.directories = [ ] ++
optionals (!cfg.minimal) [
".cache/nix-index"
] ++
optionals gui [
# mission-planner
".local/share/Mission Planner"
# inav-configurator
".config/inav-configurator"
] ++
optionals (gui && !config.global.flatpak.enable) [
# jellyfin-media-player
".config/jellyfin.org"
".local/share/jellyfinmediaplayer"
".local/share/Jellyfin Media Player"
# expresslrs-configurator
".config/ExpressLRS Configurator"
# betaflight-configurator
".config/betaflight-configurator"
];
users.home.persist.directories =
[ ]
++ optionals (!cfg.minimal) [
".cache/nix-index"
]
++ optionals gui [
# mission-planner
".local/share/Mission Planner"
# inav-configurator
".config/inav-configurator"
]
++ optionals (gui && !config.global.flatpak.enable) [
# jellyfin-media-player
".config/jellyfin.org"
".local/share/jellyfinmediaplayer"
".local/share/Jellyfin Media Player"
# expresslrs-configurator
".config/ExpressLRS Configurator"
# betaflight-configurator
".config/betaflight-configurator"
];
};
}

111
home/virt-manager/home.nix
View file

@ -1,58 +1,73 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
dconf.settings = let
p = "org/virt-manager/virt-manager";
in {
${p} = {
xmleditor-enabled = true;
# swaybar tray doesn't really work
system-tray = false;
};
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
dconf.settings =
let
p = "org/virt-manager/virt-manager";
in
{
${p} = {
xmleditor-enabled = true;
# swaybar tray doesn't really work
system-tray = false;
};
"${p}/details".show-toolbar = true;
"${p}/console" = {
scaling = 0;
auto-redirect = false;
resize-guest = 1;
};
"${p}/stats" = {
enable-memory-poll = true;
enable-disk-poll = true;
enable-net-poll = true;
};
"${p}/vmlist-fields" = {
host-cpu-usage = true;
memory-usage = true;
disk-usage = true;
network-traffic = true;
};
"${p}/details".show-toolbar = true;
"${p}/console" = {
scaling = 0;
auto-redirect = false;
resize-guest = 1;
};
"${p}/stats" = {
enable-memory-poll = true;
enable-disk-poll = true;
enable-net-poll = true;
};
"${p}/vmlist-fields" = {
host-cpu-usage = true;
memory-usage = true;
disk-usage = true;
network-traffic = true;
};
"${p}/new-vm" = {
firmware = "uefi";
graphics-type = "system";
};
"${p}/new-vm" = {
firmware = "uefi";
graphics-type = "system";
};
"${p}/confirm" = {
unapplied-dev = true;
removedev = true;
delete-storage = true;
forcepoweroff = false;
};
"${p}/confirm" = {
unapplied-dev = true;
removedev = true;
delete-storage = true;
forcepoweroff = false;
};
"${p}/connections" = let
uri = "qemu:///system";
in {
uris = [ uri ];
autoconnect = [ uri ];
"${p}/connections" =
let
uri = "qemu:///system";
in
{
uris = [ uri ];
autoconnect = [ uri ];
};
"${p}/conns/qemu:system".pretty-name = "KVM";
};
"${p}/conns/qemu:system".pretty-name = "KVM";
};
# floating other than main window
wayland.windowManager.sway.config.window.commands = [
{ criteria.app_id = "virt-manager"; command = "floating enable"; }
{ criteria.app_id = "virt-manager"; criteria.title = "Virtual Machine Manager"; command = "floating disable"; }
{
criteria.app_id = "virt-manager";
command = "floating enable";
}
{
criteria.app_id = "virt-manager";
criteria.title = "Virtual Machine Manager";
command = "floating disable";
}
];
}

15
home/virt-manager/nixos.nix
View file

@ -1,8 +1,13 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
gui = with config.global.gpu; enable && session;
in mkIf gui {
in
mkIf gui {
programs.virt-manager.enable = true;
}

22
home/vscode/home.nix
View file

@ -1,10 +1,15 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.passthrough.vscode;
theme = config.passthrough.catppuccin.enable;
in mkIf cfg.enable {
in
mkIf cfg.enable {
programs.vscode = {
enable = true;
mutableExtensionsDir = false;
@ -12,8 +17,11 @@ in mkIf cfg.enable {
enableExtensionUpdateCheck = false;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
catppuccin.catppuccin-vsc catppuccin.catppuccin-vsc-icons
bbenoist.nix golang.go rust-lang.rust-analyzer
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
bbenoist.nix
golang.go
rust-lang.rust-analyzer
];
userSettings = {
"workbench.colorTheme" = mkIf theme "Catppuccin Mocha";

15
home/vscode/nixos.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.home.vscode;
in {
in
{
options.home.vscode = {
enable = mkEnableOption "vscode text editor";
};

12
home/wofi/home.nix
View file

@ -1,7 +1,11 @@
{ pkgs
, lib
, config
, ... }: with lib; mkIf config.passthrough.gui {
{
pkgs,
lib,
config,
...
}:
with lib;
mkIf config.passthrough.gui {
programs.wofi = {
enable = true;
settings.mode = "drun";

39
home/xdg/home.nix
View file

@ -1,21 +1,26 @@
{ config
, ... }: {
{
config,
...
}:
{
xdg = {
enable = true;
userDirs = let
home = config.home.homeDirectory;
local = "${home}/local";
in {
enable = true;
createDirectories = true;
download = "${home}/dl";
desktop = "${local}/desktop";
documents = "${local}/documents";
music = "${local}/music";
pictures = "${local}/pictures";
publicShare = "${local}/public";
templates = "${local}/templates";
videos = "${local}/videos";
};
userDirs =
let
home = config.home.homeDirectory;
local = "${home}/local";
in
{
enable = true;
createDirectories = true;
download = "${home}/dl";
desktop = "${local}/desktop";
documents = "${local}/documents";
music = "${local}/music";
pictures = "${local}/pictures";
publicShare = "${local}/public";
templates = "${local}/templates";
videos = "${local}/videos";
};
};
}

5
home/xdg/nixos.nix
View file

@ -1,3 +1,6 @@
{
users.home.persist.directories = [ "local" "dl" ];
users.home.persist.directories = [
"local"
"dl"
];
}

30
home/zsh/home.nix
View file

@ -1,24 +1,32 @@
{ config
, ... }: {
{
config,
...
}:
{
programs.zsh = {
enable = true;
autocd = false;
defaultKeymap = "emacs";
localVariables.PROMPT = let
op = {
res = "%{$reset_color%}";
col = color: "%{$fg[${color}]%}";
};
c = color: text: "${op.col color}${text}${op.res}";
in "${c "green" "%n"}${c "cyan" "@"}${c "yellow" "%m"} ${c "magenta" "<3"} %~ ${c "blue" "$PARTICLE"}${c "red" "%#"} ";
localVariables.PROMPT =
let
op = {
res = "%{$reset_color%}";
col = color: "%{$fg[${color}]%}";
};
c = color: text: "${op.col color}${text}${op.res}";
in
"${c "green" "%n"}${c "cyan" "@"}${c "yellow" "%m"} ${c "magenta" "<3"} %~ ${c "blue" "$PARTICLE"}${c "red" "%#"} ";
sessionVariables.LIBVIRT_DEFAULT_URI = "qemu:///system";
history = {
extended = true;
path = "${config.home.homeDirectory}/.local/state/zsh/history";
ignorePatterns = [
"rm *" "reboot"
"kill *" "killall *" "pkill *"
"rm *"
"reboot"
"kill *"
"killall *"
"pkill *"
];
};

7
home/zsh/nixos.nix
View file

@ -1,3 +1,8 @@
{
users.home.persist.directories = [ { directory = ".local/state/zsh"; mode = "0700"; } ];
users.home.persist.directories = [
{
directory = ".local/state/zsh";
mode = "0700";
}
];
}

87
package/blhelisuite32/default.nix
View file

@ -1,11 +1,14 @@
{ lib
, libicns
, p7zip
, fetchzip
, stdenvNoCC
, makeDesktopItem
, buildFHSEnv
, workdir ? "/tmp/blhelisuite32" }: let
{
lib,
libicns,
p7zip,
fetchzip,
stdenvNoCC,
makeDesktopItem,
buildFHSEnv,
workdir ? "/tmp/blhelisuite32",
}:
let
name = "BLHeliSuite32";
pname = "blhelisuite32";
version = "32.10";
@ -35,7 +38,10 @@
hash = "sha256-StRnrVI8p51vNsTMO1LtaZvENbG7XZ1V/mKHe4pO7kU=";
};
nativeBuildInputs = [ libicns p7zip ];
nativeBuildInputs = [
libicns
p7zip
];
configurePhase = ''
7z x *.dmg
@ -53,7 +59,11 @@
linked = stdenvNoCC.mkDerivation {
inherit pname version;
phases = [ "unpackPhase" "patchPhase" "installPhase" ];
phases = [
"unpackPhase"
"patchPhase"
"installPhase"
];
src = dist;
installPhase = ''
@ -64,29 +74,40 @@
ln -s ${workdir}/music $out/Music
'';
};
in buildFHSEnv {
in
buildFHSEnv {
inherit pname version;
targetPkgs = pkgs: (with pkgs; [
glib libGL curl
libgcc gtk3
zlib systemdLibs
]);
extraInstallCommands = let
mkIconScale = scale:
"install -m 444 -D ${icons}/${name}xm_${scale}x${scale}x32.png $out/share/icons/hicolor/${scale}x${scale}/apps/${pname}.png";
in ''
${mkIconScale "16"}
${mkIconScale "32"}
${mkIconScale "64"}
${mkIconScale "128"}
${mkIconScale "256"}
${mkIconScale "512"}
${mkIconScale "1024"}
cp -r ${desktopItem}/share/applications $out/share/
'';
targetPkgs =
pkgs:
(with pkgs; [
glib
libGL
curl
libgcc
gtk3
zlib
systemdLibs
]);
extraInstallCommands =
let
mkIconScale =
scale:
"install -m 444 -D ${icons}/${name}xm_${scale}x${scale}x32.png $out/share/icons/hicolor/${scale}x${scale}/apps/${pname}.png";
in
''
${mkIconScale "16"}
${mkIconScale "32"}
${mkIconScale "64"}
${mkIconScale "128"}
${mkIconScale "256"}
${mkIconScale "512"}
${mkIconScale "1024"}
cp -r ${desktopItem}/share/applications $out/share/
'';
runScript = "sh -c '" +
"mkdir -p ${workdir}/settings && " +
"mkdir -p ${workdir}/music && " +
"exec ${linked}/${name}xl'";
runScript =
"sh -c '"
+ "mkdir -p ${workdir}/settings && "
+ "mkdir -p ${workdir}/music && "
+ "exec ${linked}/${name}xl'";
}

31
package/default.nix
View file

@ -1,15 +1,22 @@
{ lib, ... }: {
nixpkgs.overlays = [ (final: prev:
builtins.listToAttrs (map (pkg: {
name = pkg;
value = let
argsPath = ./${pkg}/args.nix;
in final.callPackage ./${pkg}
(if (builtins.pathExists argsPath) then
(import argsPath final)
else { });
}) (builtins.attrNames (builtins.readDir ./.)))
) ];
{ lib, ... }:
{
nixpkgs.overlays = [
(
final: prev:
builtins.listToAttrs (
map (pkg: {
name = pkg;
value =
let
argsPath = ./${pkg}/args.nix;
in
final.callPackage ./${pkg} (
if (builtins.pathExists argsPath) then (import argsPath final) else { }
);
}) (builtins.attrNames (builtins.readDir ./.))
)
)
];
imports = lib.pipe ./. [
builtins.readDir

91
package/expresslrs-configurator/default.nix
View file

@ -1,8 +1,11 @@
{ lib
, fetchzip
, makeDesktopItem
, imagemagick
, buildFHSEnv }: let
{
lib,
fetchzip,
makeDesktopItem,
imagemagick,
buildFHSEnv,
}:
let
name = "ExpressLRS-Configurator";
pname = "expresslrs-configurator";
version = "1.7.2";
@ -22,24 +25,70 @@
desktopName = "ExpressLRS Configurator";
genericName = "radio link configuration & build tool";
};
in buildFHSEnv {
in
buildFHSEnv {
inherit pname version;
# copied from chromium deps
targetPkgs = pkgs: (with pkgs; [
glib fontconfig freetype pango cairo xorg.libX11 xorg.libXi atk nss nspr
xorg.libXcursor xorg.libXext xorg.libXfixes xorg.libXrender
xorg.libXScrnSaver xorg.libXcomposite xorg.libxcb
alsa-lib xorg.libXdamage xorg.libXtst xorg.libXrandr xorg.libxshmfence expat cups
dbus gdk-pixbuf gcc-unwrapped.lib
systemd
libexif pciutils
liberation_ttf curl util-linux wget
flac harfbuzz icu libpng libopus snappy speechd
bzip2 libcap at-spi2-atk at-spi2-core
libkrb5 libdrm libglvnd mesa coreutils
libxkbcommon pipewire wayland
libva gtk3 gtk4
]);
targetPkgs =
pkgs:
(with pkgs; [
glib
fontconfig
freetype
pango
cairo
xorg.libX11
xorg.libXi
atk
nss
nspr
xorg.libXcursor
xorg.libXext
xorg.libXfixes
xorg.libXrender
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libxcb
alsa-lib
xorg.libXdamage
xorg.libXtst
xorg.libXrandr
xorg.libxshmfence
expat
cups
dbus
gdk-pixbuf
gcc-unwrapped.lib
systemd
libexif
pciutils
liberation_ttf
curl
util-linux
wget
flac
harfbuzz
icu
libpng
libopus
snappy
speechd
bzip2
libcap
at-spi2-atk
at-spi2-core
libkrb5
libdrm
libglvnd
mesa
coreutils
libxkbcommon
pipewire
wayland
libva
gtk3
gtk4
]);
extraInstallCommands = ''
mkdir -p $out/share
${imagemagick}/bin/convert ${dist}/resources/assets/icon.png -resize 128x128 icon-128.png

47
package/photoview/default.nix
View file

@ -1,18 +1,21 @@
{ lib
, pkg-config
, libjpeg_turbo
, libheif
, lapack
, dlib
, blas
, ffmpeg
, exiftool
, darktable
, fetchFromGitHub
, buildGoModule
, buildNpmPackage
, runCommandLocal
, makeWrapper }: buildGoModule rec {
{
lib,
pkg-config,
libjpeg_turbo,
libheif,
lapack,
dlib,
blas,
ffmpeg,
exiftool,
darktable,
fetchFromGitHub,
buildGoModule,
buildNpmPackage,
runCommandLocal,
makeWrapper,
}:
buildGoModule rec {
pname = "photoview";
version = "2.4.0";
@ -45,7 +48,7 @@
#REACT_APP_API_ENDPOINT = "";
REACT_APP_BUILD_VERSION = version;
REACT_APP_BUILD_DATE = builtins.readFile (runCommandLocal "date" { } "date -uI > $out" );
REACT_APP_BUILD_DATE = builtins.readFile (runCommandLocal "date" { } "date -uI > $out");
REACT_APP_BUILD_COMMIT_SHA = "nix";
npmDepsHash = "sha256-wUbfq+7SuJUBxfy9TxHVda8A0g4mmYCbzJT64XBN2mI=";
@ -56,11 +59,13 @@
mv "$out/bin/api" "$out/bin/${pname}"
wrapProgram $out/bin/${pname} \
--prefix PATH ":" "${lib.makeBinPath [
ffmpeg
exiftool
darktable
]}" \
--prefix PATH ":" "${
lib.makeBinPath [
ffmpeg
exiftool
darktable
]
}" \
--set PHOTOVIEW_SERVE_UI 1 \
--set PHOTOVIEW_UI_PATH "$out/lib/${pname}/ui"
cp -r \

23
package/photoview/nixos.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.services.photoview;
in {
in
{
options.services.photoview = {
enable = mkEnableOption "photoview server";
@ -39,7 +44,13 @@ in {
database = {
driver = mkOption {
type = with types; enum [ "sqlite" "mysql" "postgres" ];
type =
with types;
enum [
"sqlite"
"mysql"
"postgres"
];
default = "sqlite";
description = "database driver";
};

200
package/tubesync/default.nix
View file

@ -1,43 +1,68 @@
{ lib
, stdenvNoCC
, ffmpeg
, rtmpdump
, atomicparsley
, callPackage
, fetchFromGitHub
, fetchPypi
, fetchpatch
, makeWrapper
, python3Packages }: with python3Packages; let
mkPypi = pname: version: src: format: buildPythonPackage {
inherit pname version src format;
doCheck = false;
nativeBuildInputs = [ setuptools ];
};
{
lib,
stdenvNoCC,
ffmpeg,
rtmpdump,
atomicparsley,
callPackage,
fetchFromGitHub,
fetchPypi,
fetchpatch,
makeWrapper,
python3Packages,
}:
with python3Packages;
let
mkPypi =
pname: version: src: format:
buildPythonPackage {
inherit
pname
version
src
format
;
doCheck = false;
nativeBuildInputs = [ setuptools ];
};
mkPypi' = pname: version: hash: format: mkPypi pname version
(fetchPypi {
inherit pname version hash;
}) format;
mkPypi' =
pname: version: hash: format:
mkPypi pname version (fetchPypi {
inherit pname version hash;
}) format;
mkPypi'' = pname: version: hash: mkPypi' pname version hash
"setuptools";
mkPypi'' =
pname: version: hash:
mkPypi' pname version hash "setuptools";
django-compat = mkPypi'' "django-compat" "1.0.15" "sha256-OsmjvtxWuTZdnrJBvFFX0MGTdpv5lfmnjcG8JOfCMxs=";
django-appconf = mkPypi'' "django-appconf" "1.0.6" "sha256-z+h+qCfE7gS5pw+rkLhtcEywLymB+J2oQjyw+r+I778=";
django-basicauth = mkPypi'' "django-basicauth" "0.5.3" "sha256-FenjZvaY9TxxseeU2v6gYPmQoqxVa65rczDdJTJKCRw=";
django-sass-processor = mkPypi'' "django-sass-processor" "1.4" "sha256-sX850H06dRCuxCXBkZN+IwUC3ut8pr9pUKGt+LS3wcM=";
django-background-tasks = mkPypi'' "django-background-tasks" "1.2.5" "sha256-4bGejUlaJ2ydZMWh/4tBEy910vWORb5xt4ZQ2tWa+d4=";
django-compat =
mkPypi'' "django-compat" "1.0.15"
"sha256-OsmjvtxWuTZdnrJBvFFX0MGTdpv5lfmnjcG8JOfCMxs=";
django-appconf =
mkPypi'' "django-appconf" "1.0.6"
"sha256-z+h+qCfE7gS5pw+rkLhtcEywLymB+J2oQjyw+r+I778=";
django-basicauth =
mkPypi'' "django-basicauth" "0.5.3"
"sha256-FenjZvaY9TxxseeU2v6gYPmQoqxVa65rczDdJTJKCRw=";
django-sass-processor =
mkPypi'' "django-sass-processor" "1.4"
"sha256-sX850H06dRCuxCXBkZN+IwUC3ut8pr9pUKGt+LS3wcM=";
django-background-tasks =
mkPypi'' "django-background-tasks" "1.2.5"
"sha256-4bGejUlaJ2ydZMWh/4tBEy910vWORb5xt4ZQ2tWa+d4=";
django-compressor = let
pname = "django-compressor";
version = "4.4";
in mkPypi pname version (fetchFromGitHub {
owner = pname;
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-c9uS5Z077b23Aj8jV30XNsshbEfrLRX3ozXasitQ6UQ=";
}) "setuptools";
django-compressor =
let
pname = "django-compressor";
version = "4.4";
in
mkPypi pname version (fetchFromGitHub {
owner = pname;
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-c9uS5Z077b23Aj8jV30XNsshbEfrLRX3ozXasitQ6UQ=";
}) "setuptools";
app = buildPythonApplication rec {
pname = "tubesync";
@ -59,22 +84,30 @@
./ensure-fragments.patch
];
propagatedBuildInputs = [
yt-dlp requests
httptools pillow
gunicorn whitenoise
psycopg2 mysqlclient
redis hiredis
libsass six
] ++ [
django_3
django-compat
django-appconf
django-compressor
django-basicauth
django-sass-processor
django-background-tasks
];
propagatedBuildInputs =
[
yt-dlp
requests
httptools
pillow
gunicorn
whitenoise
psycopg2
mysqlclient
redis
hiredis
libsass
six
]
++ [
django_3
django-compat
django-appconf
django-compressor
django-basicauth
django-sass-processor
django-background-tasks
];
buildPhase = ''
mv "tubesync/tubesync/local_settings.py.container" "tubesync/tubesync/local_settings.py"
@ -97,40 +130,51 @@
'';
};
ffmpegFix = ffmpeg.overrideAttrs (finalAttrs: previousAttrs: {
patches = previousAttrs.patches ++ [ (fetchpatch {
name = "avformat-webvttdec-skip-style-region.patch";
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/51d303e20cbb0874172f50b5172c515a973587d4";
hash = "sha256-dxCjKZUz2H2QyktsprkzyfNp5aDG6X8deF4ZGdvhvfk=";
}) ];
});
in stdenvNoCC.mkDerivation {
ffmpegFix = ffmpeg.overrideAttrs (
finalAttrs: previousAttrs: {
patches = previousAttrs.patches ++ [
(fetchpatch {
name = "avformat-webvttdec-skip-style-region.patch";
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/51d303e20cbb0874172f50b5172c515a973587d4";
hash = "sha256-dxCjKZUz2H2QyktsprkzyfNp5aDG6X8deF4ZGdvhvfk=";
})
];
}
);
in
stdenvNoCC.mkDerivation {
pname = "${app.pname}-wrapped";
inherit (app) version;
nativeBuildInputs = [ makeWrapper ];
unpackPhase = "true";
installPhase = let
prefix = ''--prefix PATH : "${lib.makeBinPath [
ffmpegFix rtmpdump atomicparsley
]}"'';
in ''
mkdir -p "$out/bin"
installPhase =
let
prefix = ''--prefix PATH : "${
lib.makeBinPath [
ffmpegFix
rtmpdump
atomicparsley
]
}"'';
in
''
mkdir -p "$out/bin"
makeWrapper "${python}/bin/python3" "$out/bin/tubesync-worker" \
--chdir ${app}/app --add-flags \
"${app}/app/manage.py process_tasks" \
${prefix}
makeWrapper "${python}/bin/python3" "$out/bin/tubesync-worker" \
--chdir ${app}/app --add-flags \
"${app}/app/manage.py process_tasks" \
${prefix}
makeWrapper "${gunicorn}/bin/gunicorn" "$out/bin/tubesync-gunicorn" \
--chdir ${app}/app --add-flags \
"-c ${app}/app/tubesync/gunicorn.py --capture-output tubesync.wsgi:application" \
${prefix}
makeWrapper "${gunicorn}/bin/gunicorn" "$out/bin/tubesync-gunicorn" \
--chdir ${app}/app --add-flags \
"-c ${app}/app/tubesync/gunicorn.py --capture-output tubesync.wsgi:application" \
${prefix}
makeWrapper "${python}/bin/python3" "$out/bin/tubesync-migrate" \
--chdir "${app}/app" --add-flags \
"${app}/app/manage.py migrate"
'';
makeWrapper "${python}/bin/python3" "$out/bin/tubesync-migrate" \
--chdir "${app}/app" --add-flags \
"${app}/app/manage.py migrate"
'';
passthru = {
inherit app;

198
package/tubesync/nixos.nix
View file

@ -1,9 +1,14 @@
{ pkgs
, lib
, config
, ... }: with lib; let
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.services.tubesync;
in {
in
{
options.services.tubesync = {
enable = mkEnableOption "tubesync stack";
debug = mkEnableOption "debug logging";
@ -63,100 +68,107 @@ in {
};
config = mkIf cfg.enable {
systemd.services = let
env = {
GUNICORN_PID_FILE = "${cfg.stateDir}/run/gunicorn.pid";
GUNICORN_USER = cfg.user;
GUNICORN_GROUP = cfg.group;
DATABASE_CONNECTION = cfg.database;
CONFIG_BASE_DIR = cfg.stateDir;
DOWNLOADS_BASE_DIR = cfg.dataDir;
TUBESYNC_DEBUG = mkIf cfg.debug "True";
TUBESYNC_WORKERS = toString cfg.workers;
systemd.services =
let
env = {
GUNICORN_PID_FILE = "${cfg.stateDir}/run/gunicorn.pid";
GUNICORN_USER = cfg.user;
GUNICORN_GROUP = cfg.group;
DATABASE_CONNECTION = cfg.database;
CONFIG_BASE_DIR = cfg.stateDir;
DOWNLOADS_BASE_DIR = cfg.dataDir;
TUBESYNC_DEBUG = mkIf cfg.debug "True";
TUBESYNC_WORKERS = toString cfg.workers;
PYTHONPATH = cfg.package.pythonPath;
REDIS_CONNECTION = "redis+socket://"
+ "${cfg.stateDir}/run/redis.sock";
};
base = description: {
description = "tubesync: ${description}";
wantedBy = [ "multi-user.target" ];
environment = env;
path = [ cfg.package ];
serviceConfig = {
WorkingDirectory = cfg.stateDir;
User = cfg.user;
Group = cfg.group;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "all";
ProtectSystem = "strict";
RemoveIPC = true;
ReadWritePaths = with cfg; [ stateDir dataDir ];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
"AF_UNIX"
];
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
"@chown"
];
#UMask = "0077";
PYTHONPATH = cfg.package.pythonPath;
REDIS_CONNECTION = "redis+socket://" + "${cfg.stateDir}/run/redis.sock";
};
};
base' = description: (base description) // {
after = [ "tubesync.service" ];
partOf = [ "tubesync.service" ];
};
in {
tubesync = recursiveUpdate (base "gunicorn") ({
after = [ "network.target" ];
serviceConfig = {
PIDFile = env.GUNICORN_PID_FILE;
ExecStartPre = pkgs.writeShellScript "tubesync-setup" ''
set -xe
tubesync-migrate
mkdir -p "${cfg.stateDir}/run"
mkdir -p "/tmp/tubesync"
cp -r "${cfg.package.app}/static/." "/tmp/tubesync/static"
chmod +w -R "/tmp/tubesync/static"
'';
ExecStart = "${cfg.package}/bin/tubesync-gunicorn";
ExecReload = "/usr/bin/env kill -s HUP $MAINPID";
ExecStop = "/usr/bin/env kill -s TERM $MAINPID";
ExecStopPost = pkgs.writeShellScript "tubesync-cleanup" ''
rm -f "$GUNICORN_PID_FILE"
rm -rf "/tmp/tubesync"
'';
base = description: {
description = "tubesync: ${description}";
wantedBy = [ "multi-user.target" ];
environment = env;
path = [ cfg.package ];
serviceConfig = {
WorkingDirectory = cfg.stateDir;
User = cfg.user;
Group = cfg.group;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "all";
ProtectSystem = "strict";
RemoveIPC = true;
ReadWritePaths = with cfg; [
stateDir
dataDir
];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
"AF_UNIX"
];
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
"@chown"
];
#UMask = "0077";
};
};
});
tubesync-worker = recursiveUpdate (base' "worker") ({
serviceConfig.ExecStart = "${cfg.package}/bin/tubesync-worker";
});
base' =
description:
(base description)
// {
after = [ "tubesync.service" ];
partOf = [ "tubesync.service" ];
};
in
{
tubesync = recursiveUpdate (base "gunicorn") ({
after = [ "network.target" ];
serviceConfig = {
PIDFile = env.GUNICORN_PID_FILE;
ExecStartPre = pkgs.writeShellScript "tubesync-setup" ''
set -xe
tubesync-migrate
mkdir -p "${cfg.stateDir}/run"
# allow binding to unix socket
redis-tubesync-celery.serviceConfig.ReadWritePaths = [ "${cfg.stateDir}/run" ];
};
mkdir -p "/tmp/tubesync"
cp -r "${cfg.package.app}/static/." "/tmp/tubesync/static"
chmod +w -R "/tmp/tubesync/static"
'';
ExecStart = "${cfg.package}/bin/tubesync-gunicorn";
ExecReload = "/usr/bin/env kill -s HUP $MAINPID";
ExecStop = "/usr/bin/env kill -s TERM $MAINPID";
ExecStopPost = pkgs.writeShellScript "tubesync-cleanup" ''
rm -f "$GUNICORN_PID_FILE"
rm -rf "/tmp/tubesync"
'';
};
});
tubesync-worker = recursiveUpdate (base' "worker") ({
serviceConfig.ExecStart = "${cfg.package}/bin/tubesync-worker";
});
# allow binding to unix socket
redis-tubesync-celery.serviceConfig.ReadWritePaths = [ "${cfg.stateDir}/run" ];
};
services.redis.servers.tubesync-celery = {
enable = true;

19
spec/channel.nix
View file

@ -1,14 +1,21 @@
{ inputs, ... }: with inputs; with nixpkgs.lib; let
{ inputs, ... }:
with inputs;
with nixpkgs.lib;
let
mapInputs = fn: map fn (lists.remove "self" (attrNames inputs));
channelPath = "/etc/nix/channels";
in {
in
{
nix = {
nixPath = mapInputs (i: "${i}=${channelPath}/${i}");
registry = listToAttrs
(mapInputs (name: {
registry = listToAttrs (
mapInputs (name: {
inherit name;
value = {flake = inputs.${name};};
}));
value = {
flake = inputs.${name};
};
})
);
};
systemd.tmpfiles.rules = mapInputs (i: "L+ ${channelPath}/${i} - - - - ${inputs.${i}.outPath}");

18
spec/chireiden/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
global = {
id = "5d3c16fe58444e12ad621600039f10af";
fs.esp.uuid = "32A5-6257";
@ -7,7 +8,10 @@
fs.external.enable = true;
fs.external.device = "/dev/disk/by-uuid/af2b8ec5-62d8-4b14-8ba8-083cc4fb33f4";
fs.external.fsType = "btrfs";
fs.external.options = [ "noatime" "compress=zstd" ];
fs.external.options = [
"noatime"
"compress=zstd"
];
fs.cryptsetup.enable = true;
fs.cryptsetup.uuids.nix = "3905f87f-7b11-49ef-8ddf-f4202c555ffd";
fs.cryptsetup.uuids.persist = "b2322f01-1c44-433f-a995-4ddce5845cf9";
@ -38,9 +42,15 @@
nvidiaBusId = "PCI:5:0:0";
};
boot.plymouth.catppuccin.enable = false;
catppuccin.plymouth.enable = false;
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

5
spec/constant.nix
View file

@ -2,7 +2,10 @@
i18n.defaultLocale = "en_GB.UTF-8";
time.timeZone = "Asia/Hong_Kong";
environment.etc.nixos.source = "/nix/persist/config";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
system.stateVersion = "23.11";
}

71
spec/default.nix
View file

@ -1,31 +1,44 @@
{ inputs, ... }: with inputs; with nixpkgs.lib; {
flake.nixosConfigurations = (lists.foldr (name: spec: spec // {
${name} = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs // { inherit inputs; };
modules = [
../global
../home/profile.nix
../home/user.nix
../package
./constant.nix
./channel.nix
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
lanzaboote.nixosModules.lanzaboote
{ inputs, ... }:
with inputs;
with nixpkgs.lib;
{
flake.nixosConfigurations =
(lists.foldr (
name: spec:
spec
// {
${name} = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs // {
inherit inputs;
};
modules = [
../global
../home/profile.nix
../home/user.nix
../package
./constant.nix
./channel.nix
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
lanzaboote.nixosModules.lanzaboote
./${name}
{ networking.hostName = name; }
];
};
}) { }) (pipe ./. [
builtins.readDir
(filterAttrs (n: ty: ty == "directory" && builtins.pathExists ./${n}/default.nix))
(mapAttrsToList (n: _: n))
]);
./${name}
{ networking.hostName = name; }
];
};
}
) { })
(
pipe ./. [
builtins.readDir
(filterAttrs (n: ty: ty == "directory" && builtins.pathExists ./${n}/default.nix))
(mapAttrsToList (n: _: n))
]
);
}

20
spec/eientei/acme.nix
View file

@ -1,11 +1,15 @@
{
security.acme.certs = let
cloudflare = {
dnsProvider = "cloudflare";
credentialsFile = "/nix/persist/secret/cloudflare";
security.acme.certs =
let
cloudflare = {
dnsProvider = "cloudflare";
credentialsFile = "/nix/persist/secret/cloudflare";
};
in
{
"514fpv.io" = cloudflare;
".514fpv.io" = cloudflare // {
domain = "*.514fpv.io";
};
};
in {
"514fpv.io" = cloudflare;
".514fpv.io" = cloudflare // { domain = "*.514fpv.io"; };
};
}

38
spec/eientei/coturn.nix
View file

@ -1,7 +1,11 @@
{ config
, ... }: let
{
config,
...
}:
let
host = "514fpv.io";
in {
in
{
services.coturn = rec {
enable = true;
no-cli = true;
@ -43,17 +47,27 @@ in {
'';
};
networking.firewall = let
range = with config.services.coturn; [ {
from = min-port;
to = max-port;
} ];
in {
networking.firewall =
let
range = with config.services.coturn; [
{
from = min-port;
to = max-port;
}
];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ 3478 5349 ];
allowedUDPPorts = [
3478
5349
];
allowedTCPPortRanges = range;
allowedTCPPorts = [ 3478 5349 ];
};
allowedTCPPorts = [
3478
5349
];
};
global.fs.zfs.mountpoints."/nix/persist/service/coturn" = "service/coturn";
}

19
spec/eientei/default.nix
View file

@ -1,6 +1,9 @@
{ lib
, pkgs
, ... }: {
{
lib,
pkgs,
...
}:
{
global = {
id = "ff96c05be13e44f681292205370eed1a";
auth.openssh.enable = true;
@ -37,7 +40,15 @@
];
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "mpt3sas" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"mpt3sas"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ "i915" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

12
spec/eientei/forgejo.nix
View file

@ -1,8 +1,12 @@
{ pkgs
, config
, ...}: let
{
pkgs,
config,
...
}:
let
host = "src.514fpv.io";
in {
in
{
services.forgejo = {
enable = true;
lfs.enable = true;

15
spec/eientei/frigate.nix
View file

@ -1,6 +1,9 @@
{ pkgs
, config
, ...}: {
{
pkgs,
config,
...
}:
{
# container image used for edgetpu support
virtualisation.oci-containers.containers.frigate = {
extraOptions = [
@ -23,7 +26,11 @@
];
};
networking.firewall.interfaces.ss0.allowedTCPPorts = [ 5000 8554 8555 ];
networking.firewall.interfaces.ss0.allowedTCPPorts = [
5000
8554
8555
];
networking.firewall.interfaces.ss0.allowedUDPPorts = [ 8555 ];
global.fs.zfs.mountpoints."/nix/persist/service/frigate" = "service/frigate";

18
spec/eientei/hass.nix
View file

@ -1,6 +1,9 @@
{ pkgs
, config
, ...}: {
{
pkgs,
config,
...
}:
{
services.home-assistant = {
enable = true;
config = null;
@ -14,9 +17,12 @@
"synology_dsm"
];
extraPackages = python3Packages: with python3Packages; [
aiogithubapi gtts radios
];
extraPackages =
python3Packages: with python3Packages; [
aiogithubapi
gtts
radios
];
};
services.nginx.virtualHosts."home.514fpv.io" = {

15
spec/eientei/jellyfin.nix
View file

@ -1,13 +1,20 @@
{ pkgs
, config
, ...}: {
{
pkgs,
config,
...
}:
{
services.jellyfin = {
enable = true;
openFirewall = true;
dataDir = "/nix/persist/service/jellyfin";
};
environment.systemPackages = with pkgs; [ jellyfin jellyfin-web jellyfin-ffmpeg ];
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
users.users.jellyfin.uid = 282;
users.groups.jellyfin.gid = 282;

Some files were not shown because too many files have changed in this diff Show more