torjus/nixos
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

Compare commits

base: torjus:b4de2c54ba618d2a8db7b66cc3007938382e2ee9
Branches Tags
torjus:master torjus:temp-small
..
compare: torjus:temp-small
Branches Tags
torjus:master torjus:temp-small

1 Commits
b4de2c54ba ... temp-small

Author SHA1 Message Date
Torjus Håkestad
aad01c1271 Add nixos-unstable-small to temporarily override pyside6
All checks were successful
Run nix flake check / flake-check (push) Successful in 4m42s
Details
2024-11-20 15:36:48 +01:00
102 changed files with 2228 additions and 2600 deletions
Expand all files Collapse all files

33
.mcp.json
View File

@@ -1,33 +0,0 @@
{
"mcpServers": {
"nixpkgs-options": {
"command": "nix",
"args": ["run", "git+https://git.t-juice.club/torjus/labmcp#nixpkgs-search", "--", "options", "serve"],
"env": {
"NIXPKGS_SEARCH_DATABASE": "sqlite:///run/user/1000/labmcp/nixpkgs-search.db"
}
},
"nixpkgs-packages": {
"command": "nix",
"args": ["run", "git+https://git.t-juice.club/torjus/labmcp#nixpkgs-search", "--", "packages", "serve"],
"env": {
"NIXPKGS_SEARCH_DATABASE": "sqlite:///run/user/1000/labmcp/nixpkgs-search.db"
}
},
"hm-options": {
"command": "nix",
"args": ["run", "git+https://git.t-juice.club/torjus/labmcp#hm-options", "--", "serve"],
"env": {
"HM_OPTIONS_DATABASE": "sqlite:///run/user/1000/labmcp/hm-options.db"
}
},
"git-explorer": {
"command": "nix",
"args": ["run", "git+https://git.t-juice.club/torjus/labmcp#git-explorer", "--", "serve"],
"env": {
"GIT_REPO_PATH": "/home/torjus/git/nixos-servers"
}
}
}
}

8
.sops.yaml
View File

@@ -2,12 +2,12 @@ keys:
- &admin_torjus age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
- &server_gunter age1whxf34vjdndqzwgm7yyaexdm46gdnv9sf3nal7qqyjr0nyhhndlsrmc0g3
- &server_magicman age1stlqqspmt5fepyz35udrwr5avf9zuju79f787p26pu2d2j08yqps2q2t2c
- &server_prismo age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini|toml)
key_groups:
- age:
- *admin_torjus
- *server_magicman
- path_regex: secrets/gunter/[^/]+\.(yaml|json|env|ini|toml)
key_groups:
- age:
@@ -18,8 +18,12 @@ creation_rules:
- age:
- *admin_torjus
- *server_magicman
- path_regex: secrets/prismo/[^/]+\.(yaml|json|env|ini|toml)
key_groups:
- age:
- *admin_torjus
- *server_prismo
- path_regex: secrets/torjus/[^/]+\.(yaml|json|env|ini|toml)
key_groups:
- age:
- *admin_torjus
- *server_magicman

147
CLAUDE.md
View File

@@ -1,147 +0,0 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Repository Overview
This is a NixOS configuration repository using flakes for managing multiple machines (gunter, magicman). It uses home-manager for user configurations and sops-nix for secrets management. Custom packages from private git repositories are integrated via flake inputs and overlays.
## Essential Commands
### Formatting
```bash
nix fmt # Format all Nix files (uses nixfmt-tree)
nix fmt . # Same as above
```
### Building & Testing
```bash
# Test build a specific host configuration
nix build .#nixosConfigurations.gunter.config.system.build.toplevel
nix build .#nixosConfigurations.magicman.config.system.build.toplevel
# Enter development shell (includes act, actionlint, yamllint)
nix develop
```
If config clearly only affects one host, building for just the relevant host is enough.
Otherwise, build both. **Always ask before building gunter** — it takes a long time.
If moving things around, you can use `nix eval` before and after changes to check that things remain the same.
```
nix eval .#nixosConfigurations.magicman.config.nix.settings.substituters --json | jq
```
### Comparing with Running System
```bash
# Build and compare against currently running system
nixos-rebuild build --flake . && nvd diff /run/current-system result
```
This shows package version changes, added/removed packages, and closure size differences between what's currently running and the repo configuration.
### Common Operations
```bash
# Check flake without building
nix flake check
# Show flake outputs
nix flake show
```
## Architecture
### Flake Structure
- **Inputs**: Uses both stable (nixos-25.05) and unstable nixpkgs channels
- **Overlays**: `overlay-stable` provides `pkgs.stable` for stable packages; custom overlays integrate private packages (ghettoptt, huecli, nixprstatus, natstonotify, nix-packages)
- **System**: x86_64-linux primary, with multi-platform devShell support
### Directory Organization
```
├── flake.nix # Main entrypoint with overlays and host definitions
├── hosts/ # Per-host system configurations
│ ├── gunter/ # Desktop with multi-monitor, nvidia, steam
│ └── magicman/ # Laptop configuration
├── home/ # Home-manager user configurations
│ ├── hosts/ # Per-host user settings (imports packages + programs)
│ ├── editor/ # Neovim configuration
│ ├── hyprland/ # Wayland compositor with custom options
│ ├── packages/ # Simple packages (no options)
│ ├── programs/ # Programs with home-manager options (dunst, git, firefox, etc.)
│ ├── services/ # User services (backup, ghettoptt, natstonotify)
│ ├── scripts/ # User scripts
│ ├── sops/ # User secrets configuration
│ ├── ssh/ # SSH configuration
│ └── zsh/ # Shell configuration
├── system/ # Shared system-level modules
│ ├── monitoring/ # logs.nix, metrics.nix
│ ├── fonts.nix # Font configuration
│ ├── locale.nix # Localization settings
│ ├── users.nix # User account definitions
│ └── ... # Other system modules
└── secrets/ # SOPS-encrypted secrets (don't modify)
```
### Configuration Pattern
- Each host's `default.nix` imports: `configuration.nix`, `hardware-configuration.nix`, host-specific modules, `../../system`, and `../../home/hosts/<hostname>`
- Home-manager imports are in `home/hosts/<hostname>/default.nix` which imports editor, hyprland, packages, programs, services, etc.
- Shared system config goes in `system/`, host-specific overrides in `hosts/<hostname>/`
### Hyprland Custom Options
The hyprland module in `home/hyprland/default.nix` provides custom options:
- `hyprland.monitors`: List of monitor configurations
- `hyprland.extraEnv`: Environment variables
- `hyprland.extraKeybinds`: Additional keybindings
- `hyprland.extraWorkspaces`: Named workspace definitions
- `hyprland.monitorVariables`: Monitor name variables (e.g., `$mon_left`)
- `hyprland.enableGrimblast`, `hyprland.enableWacom`, `hyprland.cursorNoHardware`: Feature flags
## Critical Workflow Rules
### Git Tracking for New Files
**CRITICAL**: Nix flakes ignore untracked files. When adding new files, run `git add <newfile>` BEFORE attempting to build. Builds will fail with "file not found" errors until files are git-tracked.
### Branching
Always create a new branch for changes. Never work directly on master branch.
### Formatting
Always run `nix fmt` before committing. Formatted Nix code is required.
### Commit Messages
Format: `topic: description`
Examples:
- `hyprland: convert deprecated windowrules`
- `packages: nixfmt-rfc-style renamed`
- `gunter: use beta nvidia driver`
Keep summaries concise. Only add commit body if needed for context.
### Forbidden Operations
- Don't run `nix flake update` (user manages input updates)
- Don't edit files in `secrets/` directory
- Don't modify `.sops.yaml`
- Don't use `nix-shell` (use `nix develop` instead)
- Don't mix stable/unstable packages arbitrarily
- Don't skip builds after configuration changes
### Adding Programs
- If no NixOS/home-manager options needed: add to `home/packages`
- If using options: create subdirectory in `home/programs/`
- Remember to `git add` new files before building
## Package Management
### Using Stable Packages
The `overlay-stable` provides access to stable nixpkgs via `pkgs.stable`:
```nix
environment.systemPackages = [ pkgs.stable.somePackage ];
```
Do not use packages from stable unless explicitly requested.
### Custom Packages
Custom packages from private repos are available via overlays:
- `pkgs.ghettoptt`
- `pkgs.huecli`
- `pkgs.nixprstatus`
- `pkgs.natstonotify`
- Plus packages from `nix-packages` overlay

1
README.md
View File

@@ -4,4 +4,5 @@ Configurations for:
* gunter
* magicman
* prismo

121
docs/gunter-monitor-issues.md
View File

@@ -1,121 +0,0 @@
# Gunter Monitor Boot Issues
## Problem Description
Two of the four monitors on gunter (desktop) intermittently fail to work on startup. The affected monitors are always the two Samsung LS27A600U displays, which are connected via DisplayPort daisy-chaining (MST - Multi-Stream Transport). Power cycling the monitors typically resolves the issue until the next reboot.
## System Configuration
- **GPU**: NVIDIA GeForce RTX 3080 Ti
- **Driver**: NVIDIA proprietary driver 590.48.01 (beta)
- **Kernel**: 6.18.12
- **Compositor**: Hyprland
- **Open driver**: `false` (switched from open to proprietary 2026-02-21)
- **Initrd nvidia modules**: None (removed 2026-03-03, was bloating initrd to 191MB)
### Monitor Setup
| Port | Monitor | Resolution | Connection |
|-------|--------------------------|----------------|---------------|
| DP-1 | Acer XB271HU (center) | 2560x1440@120Hz | Direct |
| DP-3 | BenQ G2420HDBL (top) | 1920x1080@60Hz | Direct |
| DP-4 | Samsung LS27A600U (right)| 2560x1440@75Hz | Daisy-chained |
| DP-5 | Samsung LS27A600U (left) | 2560x1440@75Hz | Daisy-chained |
The GPU only has 3 DisplayPort outputs, so one Samsung monitor is connected to the other via DP daisy-chaining (MST).
## Diagnostic Findings
### Kernel Errors
The following errors appear in the kernel log during boot:
```
[drm:nv_drm_dev_load [nvidia_drm]] *ERROR* [nvidia-drm] [GPU ID 0x00000100] Failed to add connector for NvKmsKapiDisplay 0x00000800
[drm:nv_drm_dev_load [nvidia_drm]] *ERROR* [nvidia-drm] [GPU ID 0x00000100] Failed to get dynamic displays
```
"Dynamic displays" in NVIDIA terminology refers to MST-connected monitors. These errors indicate the driver is failing to enumerate the daisy-chained displays during initialization.
### Root Cause Analysis
1. **MST timing issues** - The downstream Samsung monitor isn't ready when the driver tries to enumerate the daisy chain during boot. The MST topology hasn't been negotiated yet when the driver first probes, regardless of how early or late it loads.
2. **Power sequencing** - The monitors may need more time to negotiate the MST link during cold boot
## Changes Made
### 2026-02-21: Switch to proprietary driver + initrd loading
**Change 1: `hardware.nvidia.open = false`** (previously `true`)
With the open driver, boot produced 7 errors including flip event timeouts and kernel WARNING stack traces:
```
Failed to add connector for NvKmsKapiDisplay 0x00000800
Failed to get dynamic displays
Flip event timeout on head 0
Flip event timeout on head 1
Failed to add encoder for NvKmsKapiDisplay 0x00000001
WARNING: CPU: 5 PID: 1169 at nvidia-drm/nvidia-drm-crtc.h:328 __nv_drm_handle_flip_event (x2)
```
With the proprietary driver, only the 2 MST enumeration errors remain. The flip timeouts and kernel warnings are gone. The driver handles the MST failure much more gracefully.
**Change 2: Load nvidia modules in initrd** (`boot.initrd.kernelModules`)
Without initrd loading, the nvidia driver took ~22 seconds to initialize (11s to first error, 10 more to give up on dynamic displays). During this time monitors lost signal and went to sleep.
With initrd loading, the driver loads and initializes in under 1 second. However, the same two MST errors still occur - the MST topology simply isn't ready yet regardless of timing.
**Result**: Subjectively improved - monitors now typically recover after a single power cycle instead of requiring multiple attempts. The boot process is also faster with no 20+ second black screen hang.
## Remaining Solutions to Try
1. **Display rescan service** - Create a systemd service that triggers the nvidia driver to re-enumerate displays a few seconds after boot. This could auto-detect MST monitors without manual power cycling.
2. **Remove `quiet splash`** from kernel params - Keeps console output active during boot, which maintains an active DP signal through the UEFI-to-kernel transition and may help keep the MST link alive.
3. **Check monitor firmware** - Samsung LS27A600U monitors have had MST firmware updates. Updating could improve MST link negotiation reliability.
4. **Reduce initial link rate** - Lower refresh rate to 60Hz initially to reduce DP bandwidth requirements during MST negotiation, potentially making link training more reliable.
## Useful Diagnostic Commands
### Kernel logs for display/nvidia issues
```bash
journalctl -k --no-pager | grep -iE '(nvidia|drm|display|edid|dp|hdmi|monitor)'
```
### Kernel errors and warnings
```bash
journalctl -k --no-pager | grep -iE '(error|fail|warn)'
```
### Current monitor state (Hyprland)
```bash
hyprctl monitors all
```
### DRM connector status
```bash
cat /sys/class/drm/*/status
ls -la /sys/class/drm/
```
### GPU and driver info
```bash
nvidia-smi --query-gpu=name,driver_version --format=csv,noheader
```
### Check EDID data for each connector
```bash
for f in /sys/class/drm/card1-DP-*/; do
echo "=== $(basename $f) ===";
cat "$f/enabled" 2>/dev/null;
cat "$f/edid" 2>/dev/null | xxd | head -5;
done
```
## Related Configuration Files
- `hosts/gunter/configuration.nix` - NVIDIA driver settings
- `home/hosts/gunter/default.nix` - Hyprland monitor configuration

156
docs/magicman-keyboard-luks.md
View File

@@ -1,156 +0,0 @@
# Magicman: PS/2 Keyboard Broken at LUKS Prompt After BIOS Update
## Issue
After updating the ThinkPad L14 Gen 4 (21H2S3US00) BIOS to version R24ET51W (1.34)
via `fwupdmgr`, the built-in laptop keyboard no longer works during the LUKS disk
encryption password prompt. An external USB keyboard must be used to unlock the disk.
The laptop keyboard works normally after boot.
## Machine Details
- **Model**: Lenovo ThinkPad L14 Gen 4 (21H2S3US00)
- **BIOS**: R24ET51W (1.34), dated 2025-10-31
- **EC**: R24HT33W
- **Date**: 2026-03-06
### What fwupdmgr Installed
- System Firmware: 0.1.12 → 0.1.34
- UEFI dbx: 20230301 → 20250902
- KEK CA: 2011 → 2023
## Symptoms
- Laptop keyboard does not respond at the LUKS password prompt (neither systemd nor scripted initrd)
- USB keyboard works fine at the LUKS prompt
- Laptop keyboard works immediately after boot (at greetd login)
- Text typed on the laptop keyboard during LUKS prompt sometimes partially appears
at the greetd username field after boot, indicating the keyboard hardware IS generating
scancodes that get buffered and flushed later
## Kernel Errors
Every boot shows these errors from the atkbd driver:
```
atkbd serio0: Failed to deactivate keyboard on isa0060/serio0
atkbd serio0: Failed to enable keyboard on isa0060/serio0
input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
atkbd serio0: Spurious ACK on isa0060/serio0. Some program might be trying to access hardware directly.
```
The keyboard device IS registered despite the errors, and the `kbd` input handler
binds to it (`Handlers=sysrq kbd leds event6`).
## Root Cause Analysis
The BIOS update changed the PS/2 controller (i8042) initialization behavior. The atkbd
driver sends a deactivate command (0xF5) during init, which likely succeeds at disabling
the keyboard even though the ACK times out. The subsequent enable command (0xF4) also
times out without re-enabling it. The keyboard stays disabled at the hardware level —
it queues keypresses in its small internal buffer (~16 keys) but doesn't send scancodes
to the host until something re-enables it during full boot. This is NOT a timing issue —
leaving the system at the LUKS prompt for several minutes does not fix the keyboard.
Something specific that happens later in the boot process (likely during switch-root
when udev re-processes devices) re-enables the keyboard.
## What Was Tried
### Kernel Parameters (none helped)
- `i8042.dumbkbd` — skip keyboard reset during i8042 probe
- `i8042.nopnp` — don't use PNP to discover controllers
- `i8042.reset` — force i8042 controller reset
- `i8042.nomux` — don't probe for MUX
- `atkbd.reset` — reset keyboard during atkbd init
- `console=tty1` — explicitly route console I/O to tty1
- Various combinations of the above
### Initrd Module Loading
- Added `i8042`, `atkbd`, `thinkpad_acpi` to `boot.initrd.kernelModules`
- `thinkpad_acpi` loads the EC driver early, but didn't help
### Initrd Services
- Created `keyboard-reconnect` systemd service that runs before `systemd-cryptsetup@root.service`
- Tried `echo reconnect > /sys/bus/serio/devices/serio0/drvctl` — reconnect also fails
- Tried full module reload: `rmmod atkbd; rmmod i8042; sleep N; modprobe i8042; modprobe atkbd`
- Tested with sleep 2 and sleep 8
- The reload creates a new serio device (serio2) but initialization fails identically
### Plymouth
- Disabled Plymouth (`boot.plymouth.enable = false`) — no effect
- Tested `plymouth.enable=0` on kernel command line — no effect
- Confirmed password agent falls back to `systemd-tty-ask-password-agent` on `/dev/tty1`
### Scripted Initrd
- Switched from systemd initrd to scripted initrd (`boot.initrd.systemd.enable = false`)
- Uses a completely different password prompt mechanism (shell `read`)
- Same result — keyboard still doesn't work
### BIOS
- Checked BIOS settings — no relevant keyboard/PS/2 options available
- `fwupdmgr get-updates` shows no newer BIOS version available
## Planned Fix: TPM + Secure Boot Auto-Unlock
### Approach
Use TPM2-based LUKS unlock with Secure Boot to bypass the keyboard requirement entirely.
- **lanzaboote** — replaces systemd-boot, produces signed Unified Kernel Images (UKIs)
that bundle kernel + initrd + cmdline into a single signed EFI binary
- **Secure Boot** — ensures only signed code can boot, prevents tampering with boot chain
- **TPM2 unlock** — `systemd-cryptenroll` binds LUKS key to TPM PCR 7 (Secure Boot policy)
- **Passphrase kept as fallback** — if TPM/Secure Boot state changes, unlock with USB keyboard + password
### Why PCR 7 Only
Binding to PCR 7 alone means kernel/initrd updates (frequent on nixos-unstable) do NOT
require re-enrollment. PCR 7 only changes when Secure Boot keys or policy change.
Cmdline tampering is prevented by lanzaboote's UKI approach — the cmdline is embedded in
the signed binary and cannot be edited at the bootloader.
### Setup Steps
1. Install `sbctl` and create Secure Boot signing keys
2. Put BIOS into Secure Boot "Setup Mode" and enroll custom keys (include Microsoft keys for fwupd)
3. Enable lanzaboote in NixOS config (replaces systemd-boot)
4. Rebuild, verify Secure Boot works
5. Enroll TPM with `systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7`
After setup, `nixos-rebuild switch/boot` works as usual — lanzaboote automatically signs
each new generation.
### Security Considerations
**Protected against:**
- Offline disk read (pull SSD, boot USB)
- Boot chain tampering (unsigned code won't boot)
- Cmdline editing (locked into signed UKI)
**Remaining attack surface:**
- Stolen while suspended — disk is decrypted in RAM, only screen lock protects.
Consider hibernate instead of suspend (hibernate locks LUKS since RAM is powered off).
- Network services — system is fully running after boot, exposed services are reachable
- DMA attacks via Thunderbolt/PCIe — mitigated by IOMMU (should be on by default)
- Cold boot attacks — exotic, requires freezing RAM
For a stolen-laptop scenario this is solid. The biggest practical risk is theft while
the laptop is suspended.
### Other Considered Alternatives
- **BIOS update from Lenovo** fixing the PS/2 controller init sequence
- **Kernel patch** to handle the failed enable more gracefully
- **TPM + PIN** — not viable due to the same PS/2 keyboard issue at the PIN prompt
## Current Workaround
Use an external USB keyboard to enter the LUKS password at boot.

470
flake.lock generated
View File

@@ -1,20 +1,74 @@
{
"nodes": {
"catppuccin": {
"flake-utils": {
"inputs": {
"nixpkgs": "nixpkgs"
"systems": "systems"
},
"locked": {
"lastModified": 1772983749,
"narHash": "sha256-IRC/YpTVMDr/lMmWMEc+JU4d+L9z3v38jZuj0jSLaW0=",
"owner": "catppuccin",
"repo": "nix",
"rev": "3594e4c94994515e0e32884dad20ca70ae88fc49",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
@@ -46,11 +100,11 @@
]
},
"locked": {
"lastModified": 1772985285,
"narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=",
"lastModified": 1732025103,
"narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85",
"rev": "a46e702093a5c46e192243edbd977d5749e7f294",
"type": "github"
},
"original": {
@@ -61,19 +115,18 @@
},
"huecli": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"uv2nix": "uv2nix"
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1757974387,
"narHash": "sha256-vVFZTB3NxJCH91aaAtop3MEZcilPQ273epV1gcnQE4s=",
"lastModified": 1728336978,
"narHash": "sha256-7FX4K8QBH/9jiYyCMs2JyCTzlx1/D5Cw6upaFThSVg4=",
"ref": "master",
"rev": "b341e613337b87cef7a0f4ea05d677288cafa3fb",
"revCount": 33,
"rev": "700ece0bada9833fcfd3b6ce698cd74bc00e4493",
"revCount": 22,
"type": "git",
"url": "https://git.t-juice.club/torjus/huecli"
},
@@ -83,25 +136,48 @@
"url": "https://git.t-juice.club/torjus/huecli"
}
},
"natstonotify": {
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"huecli",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1739302828,
"narHash": "sha256-D6l5tAh1FDpdz9/tQC7kYhFPQzqI1HICwNh7fRejfrw=",
"ref": "master",
"rev": "bfcf518fe0b2fe19075667f7b22227376d102509",
"revCount": 7,
"type": "git",
"url": "https://git.t-juice.club/torjus/natstonotify"
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
"ref": "master",
"type": "git",
"url": "https://git.t-juice.club/torjus/natstonotify"
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-github-actions_2": {
"inputs": {
"nixpkgs": [
"nixprstatus",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1720066371,
"narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "622f829f5fe69310a866c8a6cd07e747c44ef820",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-packages": {
@@ -111,11 +187,11 @@
]
},
"locked": {
"lastModified": 1757017925,
"narHash": "sha256-QC1SkvyU5nQ32lju2GYK9ozuh/JYWXfWK/T7OC6dVls=",
"lastModified": 1728153756,
"narHash": "sha256-kNpO8yC2MioSRc2SNxNM5egVvFjA2Ox0b4SAs6GnM8w=",
"ref": "master",
"rev": "7723cb45020e1f561f527779540faa5901d34e4d",
"revCount": 31,
"rev": "2fc840c15280d2dd3da1aba7272243b4aa11e611",
"revCount": 21,
"type": "git",
"url": "https://git.t-juice.club/torjus/nix-packages"
},
@@ -127,67 +203,66 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "NixOS",
"lastModified": 1731676054,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github"
},
"original": {
"owner": "NixOS",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-small": {
"locked": {
"lastModified": 1732007104,
"narHash": "sha256-qaWPxgLAvtIHTDcm0qJuc+WNYjcy4ZKigOyn2ag4ihM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0705964c881cea8896474610188905ba41b59b08",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"lastModified": 1731755305,
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixprstatus": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
],
"pyproject-build-systems": "pyproject-build-systems_2",
"pyproject-nix": "pyproject-nix_2",
"uv2nix": "uv2nix_2"
"poetry2nix": "poetry2nix_2"
},
"locked": {
"lastModified": 1767871861,
"narHash": "sha256-Oh0Y9bTvvMm3JQH/C/8XLCeemgvMDbIgFh1NSYFyINY=",
"lastModified": 1729118937,
"narHash": "sha256-7xYCJXTh92OpKwfshYYnxrWmfNjqaH9SzQ0stuBARVM=",
"ref": "master",
"rev": "b4e3e6de659bf8c96b84dd47249c71b357dd50c2",
"revCount": 62,
"rev": "58b113d934f5d62f27dc50439b89fece4eb621f5",
"revCount": 37,
"type": "git",
"url": "https://git.t-juice.club/torjus/nixprstatus"
},
@@ -197,115 +272,64 @@
"url": "https://git.t-juice.club/torjus/nixprstatus"
}
},
"pyproject-build-systems": {
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"huecli",
"nixpkgs"
],
"pyproject-nix": [
"huecli",
"pyproject-nix"
],
"uv2nix": [
"huecli",
"uv2nix"
]
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1757296493,
"narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38",
"lastModified": 1724208502,
"narHash": "sha256-TCRcEPSfgAw/t7kClmlr23s591N06mQCrhzlAO7cyFw=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "884b66152b0c625b8220b570a31dc7acc36749a3",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pyproject-build-systems_2": {
"poetry2nix_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nix-github-actions": "nix-github-actions_2",
"nixpkgs": [
"nixprstatus",
"nixpkgs"
],
"pyproject-nix": [
"nixprstatus",
"pyproject-nix"
],
"uv2nix": [
"nixprstatus",
"uv2nix"
]
"systems": "systems_6",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1763662255,
"narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "042904167604c681a090c07eb6967b4dd4dae88c",
"lastModified": 1729073785,
"narHash": "sha256-KaDC7emuamQblDdka+gkBUUdEjQf3YGYozMb+zomgSM=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "795fddefc9f910671c1cf0752c29802ce27322d6",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"huecli",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757246327,
"narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"pyproject-nix_2": {
"inputs": {
"nixpkgs": [
"nixprstatus",
"nixpkgs"
]
},
"locked": {
"lastModified": 1764134915,
"narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "2c8df1383b32e5443c921f61224b198a2282a657",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"catppuccin": "catppuccin",
"ghettoptt": "ghettoptt",
"home-manager": "home-manager",
"huecli": "huecli",
"natstonotify": "natstonotify",
"nix-packages": "nix-packages",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-small": "nixpkgs-small",
"nixpkgs-stable": "nixpkgs-stable",
"nixprstatus": "nixprstatus",
"sops-nix": "sops-nix"
@@ -318,11 +342,11 @@
]
},
"locked": {
"lastModified": 1772944399,
"narHash": "sha256-xTzsSd3r5HBeufSZ3fszAn0ldfKctvsYG7tT2YJg5gY=",
"lastModified": 1731954233,
"narHash": "sha256-vvXx1m2Rsw7MkbKJdpcICzz4YPgZPApGKQGhNZfkhOI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c8e69670b316d6788e435a3aa0bda74eb1b82cc0",
"rev": "e39947d0ee8e341fa7108bd02a33cdfa24a1360e",
"type": "github"
},
"original": {
@@ -331,53 +355,135 @@
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"huecli",
"nixpkgs"
],
"pyproject-nix": [
"huecli",
"pyproject-nix"
]
},
"systems": {
"locked": {
"lastModified": 1757925761,
"narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "780494c40895bb7419a73d942bee326291e80b3b",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"uv2nix_2": {
"inputs": {
"nixpkgs": [
"nixprstatus",
"nixpkgs"
],
"pyproject-nix": [
"nixprstatus",
"pyproject-nix"
]
},
"systems_2": {
"locked": {
"lastModified": 1767701098,
"narHash": "sha256-CJhKZnWb3gumR9oTRjFvCg/6lYTGbZRU7xtvcyWIRwU=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "9d357f0d2ce6f5f35ec7959d7e704452352eb4da",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"huecli",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719749022,
"narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixprstatus",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1727984844,
"narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}

52
flake.nix
View File

@@ -2,8 +2,10 @@
description = "Torjus nixos config flake";
inputs = {
nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-25.05";
nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-24.11";
#nixpkgs-master.url = "github:nixos/nixpkgs?ref=master";
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-unstable-small";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@@ -11,6 +13,7 @@
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
#inputs.nixpkgs-stable.follows = "nixpkgs-stable";
};
ghettoptt = {
url = "git+https://git.t-juice.club/torjus/ghettoptt?ref=master";
@@ -28,27 +31,20 @@
url = "git+https://git.t-juice.club/torjus/nixprstatus?ref=master";
inputs.nixpkgs.follows = "nixpkgs";
};
natstonotify = {
url = "git+https://git.t-juice.club/torjus/natstonotify?ref=master";
inputs.nixpkgs.follows = "nixpkgs";
};
catppuccin = {
url = "github:catppuccin/nix";
};
};
outputs =
{
self,
nixpkgs,
# nixpkgs-master,
nixpkgs-stable,
nixpkgs-small,
nixprstatus,
sops-nix,
ghettoptt,
huecli,
natstonotify,
nix-packages,
catppuccin,
...
}@inputs:
let
@@ -60,6 +56,23 @@
config.allowUnfree = true;
};
};
overlay-pyside6 =
final: prev:
let
small = import nixpkgs-small {
inherit system;
config.allowUnfree = true;
};
in
{
python312Packages = small.lib.warn "Using python312Packages from nixos-unstable-small #" small.python312Packages;
};
# overlay-master = final: prev: {
# master = import nixpkgs-master {
# inherit system;
# config.allowUnfree = true;
# };
# };
allSystems = [
"x86_64-linux"
"aarch64-linux"
@@ -71,16 +84,31 @@
commonOverlays = [
overlay-stable
# overlay-master
overlay-pyside6
ghettoptt.overlays.default
huecli.overlays.default
nix-packages.overlays.default
nixprstatus.overlays.default
natstonotify.overlays.default
];
in
{
formatter.${system} = nixpkgs.legacyPackages.${system}.nixfmt-tree;
nixosConfigurations = {
prismo = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs self user;
};
modules = [
(
{ config, pkgs, ... }:
{
nixpkgs.overlays = commonOverlays;
}
)
./hosts/prismo
sops-nix.nixosModules.sops
];
};
magicman = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {

45
home/editor/neovim/default.nix
View File

@@ -5,32 +5,24 @@
enable = true;
defaultEditor = true;
vimAlias = true;
extraPackages = with pkgs; [
nodePackages_latest.nodejs
];
plugins = with pkgs.vimPlugins; [
catppuccin-nvim
cmp-buffer
cmp-cmdline
cmp-nvim-lsp
cmp_luasnip
copilot-cmp
copilot-lua
gitsigns-nvim
indent-blankline-nvim
lualine-nvim
luasnip
nvim-cmp
nvim-lspconfig
plenary-nvim
telescope-nvim
telescope-fzf-native-nvim
todo-comments-nvim
trouble-nvim
vim-fugitive
undotree
telescope-nvim
nvim-cmp
cmp-nvim-lsp
nvim-lspconfig
lsp-zero-nvim
vim-floaterm
luasnip
cmp_luasnip
lualine-nvim
vim-sleuth
which-key-nvim
copilot-lua
copilot-cmp
cmp-cmdline
cmp-buffer
catppuccin-nvim
(nvim-treesitter.withPlugins (p: [
p.tree-sitter-yaml
p.tree-sitter-nix
@@ -47,27 +39,28 @@
p.tree-sitter-markdown-inline
]))
];
initLua = ''
${builtins.readFile ./plugins.lua}
extraLuaConfig = ''
${builtins.readFile ./options.lua}
${builtins.readFile ./plugins.lua}
${builtins.readFile ./keybinds.lua}
'';
};
};
home.packages = with pkgs; [
# nix stuff
nixfmt
nixfmt-rfc-style
statix
# LSPs
gopls
basedpyright
pyright
nodePackages.typescript-language-server
nodePackages.typescript
nil
yaml-language-server
lua-language-server
clang-tools
zls
ruff
];
home.sessionVariables.EDITOR = "nvim";

62
home/editor/neovim/keybinds.lua
View File

@@ -1,57 +1,31 @@
-- Keybinds
-- Diagnostics
vim.keymap.set("n", "<leader>ds", vim.diagnostic.open_float, { desc = "Show diagnostic" })
vim.keymap.set("n", "<leader>dd", '<cmd>Trouble diagnostics toggle<CR>', { desc = "Diagnostics list" })
vim.keymap.set("n", "<leader>db", '<cmd>Trouble diagnostics toggle filter.buf=0<CR>', { desc = "Buffer diagnostics" })
-- Term
vim.g.floaterm_keymap_toggle = '<leader>T'
vim.g.floaterm_keymap_toggle = '<leader>ft'
-- Tabs
vim.keymap.set('n', '<leader>tn', ':tabnew<CR>',
{ silent = true, desc = 'New tab' })
vim.keymap.set('n', '<leader>tp', ':tabnext<CR>',
{ silent = true, desc = 'Next tab' })
vim.keymap.set('n', '<leader>tP', ':tabprev<CR>',
{ silent = true, desc = 'Previous tab' })
vim.keymap.set('n', '<leader>n', ':tabnew<CR>',
{ silent = true, desc = '[N]ew tab' })
vim.keymap.set('n', '<leader>p', ':tabnext<CR>',
{ silent = true, desc = '[p]Next tab' })
vim.keymap.set('n', '<leader>P', ':tabprev<CR>',
{ silent = true, desc = '[P]Previous tab' })
-- Telescope
vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles,
{ desc = 'Find recently opened files' })
{ desc = '[?] FInd recently opened files' })
vim.keymap.set('n', '<leader>ff', require('telescope.builtin').find_files,
{ desc = 'Find files' })
{ desc = '[F]ind [F]iles' })
vim.keymap.set('n', '<leader>ff', require('telescope.builtin').find_files,
{ desc = '[F]ind [F]iles' })
vim.keymap.set('n', '<leader>fg', require('telescope.builtin').live_grep,
{ desc = 'Find by grep' })
vim.keymap.set('n', '<leader>fb', require('telescope.builtin').buffers,
{ desc = 'Find buffers' })
vim.keymap.set('n', '<leader>fd', require('telescope.builtin').diagnostics,
{ desc = 'Find diagnostics' })
vim.keymap.set('n', '<leader>fw', require('telescope.builtin').grep_string,
{ desc = 'Find word under cursor' })
{ desc = '[F]ind by [G]rep' })
-- Undotree
vim.keymap.set('n', '<leader>u', vim.cmd.UndotreeToggle,
{ desc = 'Toggle undotree' })
-- Gitsigns
local gs = require('gitsigns')
vim.keymap.set('n', ']h', gs.next_hunk, { desc = 'Next git hunk' })
vim.keymap.set('n', '[h', gs.prev_hunk, { desc = 'Previous git hunk' })
vim.keymap.set('n', '<leader>gs', gs.stage_hunk, { desc = 'Stage hunk' })
vim.keymap.set('n', '<leader>gr', gs.reset_hunk, { desc = 'Reset hunk' })
vim.keymap.set('n', '<leader>gS', gs.stage_buffer, { desc = 'Stage buffer' })
vim.keymap.set('n', '<leader>gR', gs.reset_buffer, { desc = 'Reset buffer' })
vim.keymap.set('n', '<leader>gp', gs.preview_hunk, { desc = 'Preview hunk' })
vim.keymap.set('n', '<leader>gb', gs.blame_line, { desc = 'Blame line' })
-- Todo comments
vim.keymap.set('n', ']t', function() require('todo-comments').jump_next() end, { desc = 'Next todo comment' })
vim.keymap.set('n', '[t', function() require('todo-comments').jump_prev() end, { desc = 'Previous todo comment' })
vim.keymap.set('n', '<leader>ft', '<cmd>TodoTelescope<CR>', { desc = 'Find TODOs' })
-- Tabs
vim.keymap.set('n', '<leader>tt', ':tabnew<cr>')
vim.keymap.set('n', '<leader>tn', ':tabnext<cr>')
vim.keymap.set('n', '<leader>tp', ':tabprevious<cr>')
-- LSP
vim.keymap.set('n', '<leader>lr', vim.lsp.buf.rename, { desc = 'Rename' })
vim.keymap.set('n', '<leader>la', vim.lsp.buf.code_action, { desc = 'Code action' })
vim.keymap.set('n', '<leader>lf', function() vim.lsp.buf.format({ async = false }) end,
{ desc = 'Format' })
vim.keymap.set('n', 'gD', vim.lsp.buf.declaration)
vim.keymap.set('n', 'gd', vim.lsp.buf.definition)

5
home/editor/neovim/options.lua
View File

@@ -11,8 +11,3 @@ vim.o.relativenumber = true
vim.o.tabstop = 4
vim.o.shiftwidth = 4
vim.o.expandtab = true
vim.o.termguicolors = true
vim.o.list = true
vim.o.listchars = 'tab:» ,trail:·,extends:»,precedes:«,nbsp:␣'

125
home/editor/neovim/plugins.lua
View File

@@ -1,15 +1,28 @@
-- Plugins
-- Format on save for nix, lua, ts/js
vim.api.nvim_create_autocmd("BufWritePre", {
pattern = { "*.nix", "*.lua", "*.ts", "*.tsx", "*.js" },
callback = function()
vim.lsp.buf.format({ async = false, timeout_ms = 10000 })
end,
})
-- LSP stuff
local lsp_zero = require('lsp-zero')
lsp_zero.on_attach(function(_, bufnr)
lsp_zero.default_keymaps({ buffer = bufnr })
end)
lsp_zero.format_on_save({
format_opts = {
async = false,
timeout_ms = 10000,
},
servers = {
['gopls'] = { 'go' },
['nil_ls'] = { 'nix' },
['lua_ls'] = { 'lua' },
['ts_ls'] = { 'typescript', 'javascript' },
},
})
-- LSP: go
vim.lsp.config("gopls", {
local lspconfig = require('lspconfig')
lspconfig.gopls.setup({
settings = {
gopls = {
analyses = {
@@ -20,7 +33,6 @@ vim.lsp.config("gopls", {
}
}
})
vim.lsp.enable({ "gopls" })
-- GO: Automatically organize imports on save
vim.api.nvim_create_autocmd("BufWritePre", {
@@ -47,7 +59,7 @@ vim.api.nvim_create_autocmd("BufWritePre", {
})
-- LSP: nix
vim.lsp.config("nil_ls", {
lspconfig.nil_ls.setup({
autostart = true,
settings = {
['nil'] = {
@@ -57,10 +69,9 @@ vim.lsp.config("nil_ls", {
},
},
})
vim.lsp.enable({ "nil_ls" })
-- LSP: lua
vim.lsp.config("lua_ls", {
lspconfig.lua_ls.setup({
on_init = function(client)
local path = client.workspace_folders[1].name
if vim.loop.fs_stat(path .. '/.luarc.json') or vim.loop.fs_stat(path .. '/.luarc.jsonc') then
@@ -99,11 +110,9 @@ vim.lsp.config("lua_ls", {
}
}
})
vim.lsp.enable({ "lua_ls" })
-- LSP: ts/js
vim.lsp.config("ts_ls", {
lspconfig.ts_ls.setup({
init_options = {
plugins = {
},
@@ -111,16 +120,18 @@ vim.lsp.config("ts_ls", {
filetypes = {
"typescript",
"javascript",
"typescriptreact",
},
})
vim.lsp.enable({ "ts_ls" })
-- LSP: rust
lspconfig.rust_analyzer.setup {
}
-- LSP: python
-- Ruff server
vim.lsp.config("ruff", {
lspconfig.ruff.setup({
})
vim.lsp.enable({ "ruff" })
-- Ruff: automatically format on save
vim.api.nvim_create_autocmd("BufWritePre", {
@@ -146,23 +157,27 @@ vim.api.nvim_create_autocmd("LspAttach", {
desc = 'LSP: Disable hover capability from Ruff',
})
-- Basedpyright
vim.lsp.config("basedpyright", {
-- Pyright
lspconfig.pyright.setup {
settings = {
basedpyright = {
pyright = {
-- Using Ruff's import organizer
disableOrganizeImports = true,
},
python = {
analysis = {
-- Ignore all files for analysis to exclusively use Ruff for linting
ignore = { '*' },
},
},
},
})
vim.lsp.enable({ "basedpyright" })
}
-- Gitsigns
require('gitsigns').setup()
-- LSP: C/C++
lspconfig.clangd.setup({})
-- LSP: zig
lspconfig.zls.setup({})
-- Telescope
require('telescope').setup({
@@ -175,10 +190,9 @@ require('telescope').setup({
}
},
})
require('telescope').load_extension('fzf')
-- Treesitter
require('nvim-treesitter').setup {
-- Tresitter stuff
require('nvim-treesitter.configs').setup {
ensure_installed = {},
auto_install = false,
highlight = { enable = true },
@@ -252,12 +266,12 @@ require('copilot_cmp').setup()
-- Cmp
local cmp = require('cmp')
local luasnip = require('luasnip')
local cmp_action = lsp_zero.cmp_action()
cmp.setup({
snippet = {
expand = function(args)
luasnip.lsp_expand(args.body)
require('luasnip').lsp_expand(args.body)
end,
},
mapping = cmp.mapping.preset.insert({
@@ -265,25 +279,9 @@ cmp.setup({
['<CR>'] = cmp.mapping.confirm({ select = false }),
-- Ctrl+Space to open completion menu
['<C-Space>'] = cmp.mapping.complete(),
-- Tab to select next item or jump in snippet
['<Tab>'] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end, { 'i', 's' }),
['<S-Tab>'] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end, { 'i', 's' }),
-- Move between snippet placeholders
['<C-f>'] = cmp_action.luasnip_jump_forward(),
['<C-b>'] = cmp_action.luasnip_jump_backward(),
-- Scroll in completion docs
['<C-k>'] = cmp.mapping.scroll_docs(-4),
['<C-j>'] = cmp.mapping.scroll_docs(4),
@@ -298,30 +296,7 @@ cmp.setup({
})
-- Indent blankline
require('ibl').setup()
-- Trouble
require('trouble').setup({
icons = false,
})
-- Todo comments
require('todo-comments').setup({
signs = false,
})
-- Which-key
require('which-key').setup()
require('which-key').add({
{ "<leader>d", group = "Diagnostics" },
{ "<leader>f", group = "Find" },
{ "<leader>g", group = "Git" },
{ "<leader>l", group = "LSP" },
{ "<leader>t", group = "Tabs" },
})
-- Colorscheme
require('catppuccin').setup {
}
require('catppuccin').setup({
})
vim.cmd.colorscheme "catppuccin"

49
home/gunter.nix Normal file
View File

@@ -0,0 +1,49 @@
{
pkgs,
inputs,
user,
...
}:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inherit pkgs inputs user;
};
users.${user} =
{ pkgs, ... }:
{
imports = [
inputs.sops-nix.homeManagerModules.sops
./editor/neovim
./hyprland/gunter.nix
./packages
./programs/dunst
./programs/git
./programs/firefox
./programs/kitty
./programs/obs-studio
./programs/rofi
./programs/tmux
./programs/vscode
./scripts
./services/backup-home.nix
./services/ghettoptt.nix
./sops
./ssh
./zsh
];
firefox.enable = true;
tmux.enable = true;
hyprland.enable = true;
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "23.11";
};
programs.home-manager.enable = true;
};
};
}

122
home/hosts/gunter/default.nix
View File

@@ -1,122 +0,0 @@
{
pkgs,
inputs,
user,
...
}:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inherit pkgs inputs user;
};
users.${user} =
{ pkgs, ... }:
{
imports = [
inputs.sops-nix.homeManagerModules.sops
inputs.catppuccin.homeModules.catppuccin
../../editor/neovim
../../hyprland
../../packages
../../programs/dunst
../../programs/git
../../programs/gtk
../../programs/firefox
../../programs/kitty
../../programs/obs-studio
../../programs/rofi
../../programs/streamcontroller
../../programs/tmux
../../programs/claude-code
../../programs/vscode
../../scripts
../../services/backup-home.nix
../../services/ghettoptt.nix
../../services/natstonotify.nix
../../services/labmcp.nix
../../sops
../../ssh
../../zsh
];
firefox.enable = true;
tmux.enable = true;
hyprland.enable = true;
hyprland.monitors = [
"$mon_top,1920x1080@60,2560x0,1"
"$mon_left,2560x1440@75,0x1080,1"
"$mon_center,2560x1440@120,2560x1080,1"
"$mon_right,2560x1440@75,5120x1080,1"
];
hyprland.extraEnv = [
"LIBVA_DRIVER_NAME,nvidia"
"GBM_BACKEND,nvidia-drm"
"WLR_NO_HARDWARE_CURSORS,1"
];
hyprland.enableGrimblast = true;
streamcontroller.enable = true;
hyprland.enableWacom = true;
hyprland.cursorNoHardware = true;
hyprland.extraWorkspaces = [
"name:T1, monitor:$mon_top, persistent:true, default:true"
"name:T2, monitor:$mon_top, persistent:true, default:false"
"name:L1, monitor:$mon_left, persistent:true, default:true"
"name:L2, monitor:$mon_left, persistent:true, default:false"
"name:R1, monitor:$mon_right, persistent:true, default:true"
"name:R2, monitor:$mon_right, persistent:true, default:false"
"name:c1, monitor:$mon_center, persistent:true, default:true"
"name:c2, monitor:$mon_center, persistent:true, default:false"
"name:c3, monitor:$mon_center, persistent:true, default:false"
"name:c4, monitor:$mon_center, persistent:true, default:false"
];
hyprland.monitorVariables = {
"$mon_top" = "desc:BNQ G2420HDBL T2B04424SL000";
"$mon_left" = "desc:Samsung Electric Company LS27A600U HNMT502389";
"$mon_center" = "desc:Acer Technologies XB271HU #ASPVEKfgZ8Dd";
"$mon_right" = "desc:Samsung Electric Company LS27A600U HNMT502390";
};
hyprland.extraKeybinds = [
"$mainMod,Print,exec,grimblast save active ~/tmp/$(date -Iseconds).png"
"$shiftMainMod,Print,exec,grimblast copy area"
",Print,exec,grimblast copy active"
"$mainMod,v,exec,sleep 0.5s && wl-paste | wtype -"
# Workspace keybinds
"$mainMod,1,workspace,name:c1"
"$mainMod,2,workspace,name:c2"
"$mainMod,3,workspace,name:c3"
"$mainMod,4,workspace,name:c4"
"$mainMod,5,workspace,5"
"$mainMod,6,workspace,6"
"$shiftMainMod,1,movetoworkspace,name:c1"
"$shiftMainMod,2,movetoworkspace,name:c2"
"$shiftMainMod,3,movetoworkspace,name:c3"
"$shiftMainMod,4,movetoworkspace,name:c4"
"$shiftMainMod,5,movetoworkspace,5"
"$shiftMainMod,6,movetoworkspace,6"
];
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "23.11";
};
programs.home-manager.enable = true;
services.dunst.settings.global.monitor = "DP-1";
# Custom options
torjus.home.obs = {
enable = true;
withCuda = true;
};
};
};
}

74
home/hosts/magicman/default.nix
View File

@@ -1,74 +0,0 @@
{
pkgs,
inputs,
user,
...
}:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inherit pkgs inputs user;
};
users.${user} =
{ pkgs, ... }:
{
imports = [
inputs.sops-nix.homeManagerModules.sops
inputs.catppuccin.homeModules.catppuccin
../../sops
../../services/labmcp.nix
../../editor/neovim
../../programs/claude-code
../../programs/firefox
../../programs/tmux
../../programs/dunst
../../programs/kitty
../../programs/gtk
../../programs/rofi
../../programs/obs-studio
../../programs/vscode
../../scripts
../../scripts/batlvl.nix
../../zsh
../../packages
../../hyprland
../../ssh
];
firefox.enable = true;
tmux.enable = true;
hyprland.enable = true;
hyprland.monitors = [ "eDP-1,1920x1080@60,0x0,1" ];
wayland.windowManager.hyprland.settings = {
input.touchpad = {
natural_scroll = false;
};
};
hyprland.extraKeybinds = [
# Workspace keybinds
"$mainMod,1,workspace,1"
"$mainMod,2,workspace,2"
"$mainMod,3,workspace,3"
"$mainMod,4,workspace,4"
"$mainMod,5,workspace,5"
"$mainMod,6,workspace,6"
"$shiftMainMod,1,movetoworkspace,1"
"$shiftMainMod,2,movetoworkspace,2"
"$shiftMainMod,3,movetoworkspace,3"
"$shiftMainMod,4,movetoworkspace,4"
"$shiftMainMod,5,movetoworkspace,5"
"$shiftMainMod,6,movetoworkspace,6"
];
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "23.11";
};
services.dunst.settings.global.monitor = "eDP-1";
torjus.home.obs.enable = true;
programs.home-manager.enable = true;
};
};
}

1
home/hyprland/cursor.nix
View File

@@ -9,4 +9,5 @@
size = 32;
};
gtk.enable = true;
}

305
home/hyprland/default.nix
View File

@@ -1,305 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.hyprland;
in
{
imports = [ ./waybar ];
options.hyprland = {
enable = mkEnableOption "Hyprland";
monitors = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "eDP-1,1920x1080@60,0x0,1" ];
description = "Hyprland monitor configuration";
};
extraEnv = mkOption {
type = types.listOf types.str;
default = [ ];
example = [
"LIBVA_DRIVER_NAME,nvidia"
"GBM_BACKEND,nvidia-drm"
];
description = "Extra environment variables for Hyprland";
};
enableGrimblast = mkEnableOption "grimblast screenshot keybinds";
enableWacom = mkEnableOption "Wacom tablet device configuration";
extraKeybinds = mkOption {
type = types.listOf types.str;
default = [ ];
example = [
"$mainMod,Print,exec,grimblast save active ~/tmp/screenshot.png"
];
description = "Extra keybinds for Hyprland";
};
extraWorkspaces = mkOption {
type = types.listOf types.str;
default = [ ];
example = [
"1, monitor:eDP-1, persistent:true, default:true"
"2, monitor:eDP-1, persistent:true"
];
description = "Extra workspace definitions for Hyprland";
};
monitorVariables = mkOption {
type = types.attrsOf types.str;
default = { };
example = {
"$mon_top" = "desc:BNQ G2420HDBL T2B04424SL000";
"$mon_left" = "desc:Samsung Electric Company LS27A600U HNMT502389";
};
description = "Monitor name variables for workspace configuration";
};
cursorNoHardware = mkEnableOption "disable hardware cursors";
};
config = mkIf cfg.enable {
home.packages =
with pkgs;
[
dunst
hyprpaper
slurp
swww
waybar
wl-clipboard
catppuccin-cursors.macchiatoLavender
bibata-cursors
libsForQt5.qt5.qtwayland
libsForQt5.qt5ct
]
++ optional cfg.enableGrimblast grimblast;
services.hyprpaper = {
enable = true;
settings = {
splash = false;
};
};
services.hypridle = {
enable = true;
settings = {
general = {
lock_cmd = "${pkgs.hyprlock}/bin/hyprlock";
ignore_dbus_inhibit = false;
};
listener = {
timeout = 240;
on-timeout = config.services.hypridle.settings.general.lock_cmd;
before_sleep_cmd = config.services.hypridle.settings.general.lock_cmd;
};
};
};
programs.hyprlock = {
enable = true;
settings = {
background = [
{
monitor = "";
path = "screenshot";
color = "rgba(17, 17, 17, 1.0)";
blur_passes = 3;
contrast = 0.8916;
brightness = 0.8172;
vibrancy = 0.1696;
vibrancy_darkness = 0.0;
}
];
general = {
grace = 0;
};
input-field = [
{
size = "250, 60";
outline_thickness = 2;
dots_size = 0.2;
dots_spacing = 0.2;
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.5)";
font_color = "rgb(200, 200, 200)";
fade_on_empty = false;
font_family = "JetBrains Mono Nerd Font Mono";
placeholder_text = "<i><span foreground=\"##cdd6f4\">Input Password...</span></i>";
hide_input = false;
position = "0, -120";
halign = "center";
valign = "center";
}
];
label = [
{
text = "cmd[update:2000] echo \"$(date +\"%b %d %H:%M\")\"";
color = "rgba(255, 255, 255, 0.6)";
font_size = 120;
font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
position = "0, -300";
halign = "center";
valign = "top";
}
];
};
};
wayland.windowManager.hyprland = {
enable = true;
package = pkgs.hyprland;
systemd.enable = false;
settings = {
"$mainMod" = "SUPER";
"$shiftMainMod" = "SUPER_SHIFT";
"$term" = "kitty";
}
// cfg.monitorVariables
// {
monitor = cfg.monitors;
input = {
kb_layout = "no";
follow_mouse = 1;
};
device = optional cfg.enableWacom {
name = "wacom-one-by-wacom-m-pen";
};
cursor = {
hide_on_key_press = true;
}
// optionalAttrs cfg.cursorNoHardware {
no_hardware_cursors = true;
};
env = [ "XDG_SESSION_TYPE,wayland" ] ++ cfg.extraEnv;
decoration = {
rounding = 10;
blur = {
enabled = true;
size = 3;
passes = 1;
xray = true;
};
};
general = {
gaps_in = 4;
gaps_out = 10;
border_size = 2;
layout = "dwindle";
resize_on_border = true;
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
"specialWorkspace, 1, 4, default, fade"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
special_scale_factor = 0.85;
};
master = {
new_status = "master";
};
misc = {
force_default_wallpaper = 0;
disable_hyprland_logo = true;
disable_splash_rendering = true;
key_press_enables_dpms = true;
mouse_move_enables_dpms = true;
};
ecosystem = {
no_update_news = true;
no_donation_nag = true;
};
windowrule = [
{
name = "terminal_opacity";
"match:class" = "kitty";
opacity = 0.9;
}
];
workspace = [
"special:special, on-created-empty:kitty, rounding:true, decorate:false, border:false"
]
++ cfg.extraWorkspaces;
bindm = [
"$mainMod,mouse:272,movewindow"
"$shiftMainMod,mouse:272,resizewindow"
];
bind = [
# term
"$mainMod,Return,exec,$term"
# rofi
"$mainMod,D,exec,rofi -show drun"
"$mainMod,P,exec,rofi-rbw"
"$mainMod,E,exec,rofi -show emoji"
# hyprlock
"$shiftMainMod,l,exec,${pkgs.hyprlock}/bin/hyprlock"
# hyprland
"$mainMod,Q,killactive,"
"CTRLALT,Delete,exit,"
"$mainMod,Space,togglefloating,"
"$mainMod,F,fullscreen,"
# focus
"$mainMod,l,movefocus,l"
"$mainMod,h,movefocus,r"
"$mainMod,k,movefocus,u"
"$mainMod,j,movefocus,d"
# move
"$mainMod,h,movewindow,l"
"$mainMod,l,movewindow,r"
"$mainMod,k,movewindow,u"
"$mainMod,j,movewindow,d"
# Force opacity
"$shiftMainMod,o,exec, hl-no-opacity"
]
++ cfg.extraKeybinds
++ [
# Special workspace
"$mainMod,c,togglespecialworkspace"
"$shiftMainMod,c,movetoworkspace, special"
];
exec-once = [ ];
};
};
};
}

8
home/hyprland/gunter.nix Normal file
View File

@@ -0,0 +1,8 @@
{
imports = [
./hyprland_gunter.nix
./waybar
./xdg.nix
./cursor.nix
];
}

16
home/hyprland/hypridle.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
osConfig,
pkgs,
...
}:
{
home.packages = with pkgs; [ hypridle ];
xdg.configFile = {
"hypr/hypridle.conf" = {
source = config.lib.file.mkOutOfStoreSymlink ./. + "/hypridle_${osConfig.system.name}.conf";
target = "hypr/hypridle.conf";
};
};
}

12
home/hyprland/hypridle_gunter.conf Normal file
View File

@@ -0,0 +1,12 @@
general {
lock_cmd = hyprlock # dbus/sysd lock command (loginctl lock-session)
# unlock_cmd = notify-send "unlock!" # same as above, but unlock
before_sleep_cmd = lockhelper # command ran before sleep
# after_sleep_cmd = # command ran after sleep
ignore_dbus_inhibit = false # whether to ignore dbus-sent idle-inhibit requests (used by e.g. firefox or steam)
}
listener {
timeout = 240 # in seconds
on-timeout = lockhelper # command to run when timeout has passed
}

19
home/hyprland/hypridle_magicman.conf Normal file
View File

@@ -0,0 +1,19 @@
general {
lock_cmd = lockhelper # dbus/sysd lock command (loginctl lock-session)
# unlock_cmd = notify-send "unlock!" # same as above, but unlock
before_sleep_cmd = lockhelper # command ran before sleep
# after_sleep_cmd = lockhelper # command ran after sleep
ignore_dbus_inhibit = false # whether to ignore dbus-sent idle-inhibit requests (used by e.g. firefox or steam)
}
listener {
timeout = 240 # in seconds
on-timeout = lockhelper # command to run when timeout has passed
# on-resume = notify-send "Welcome back!" # command to run when activity is detected after timeout has fired.
}
listener {
timeout = 900
on-timeout = systemctl suspend # command to run when timeout has passed
# on-resume = notify-send "Welcome back!" # command to run when activity is detected after timeout has fired.
}

230
home/hyprland/hyprland_gunter.nix Normal file
View File

@@ -0,0 +1,230 @@
{
inputs,
pkgs,
lib,
config,
...
}:
{
imports = [
./hyprlock.nix
./hypridle.nix
];
options.hyprland.enable = lib.mkEnableOption "Hyprland";
config = {
home.packages = with pkgs; [
dunst
# hyprlock
hyprpaper
rofi-wayland
slurp
swww
waybar
wl-clipboard
catppuccin-cursors.macchiatoLavender
bibata-cursors
# For potentially fixing some issues
libsForQt5.qt5.qtwayland
libsForQt5.qt5ct
];
wayland.windowManager.hyprland = {
enable = true;
package = pkgs.hyprland;
settings = {
"$mainMod" = "SUPER";
"$shiftMainMod" = "SUPER_SHIFT";
"$term" = "kitty";
# monitors
"$mon_top" = "desc:BNQ G2420HDBL T2B04424SL000";
"$mon_left" = "desc:Samsung Electric Company LS27A600U HNMT502389";
"$mon_center" = "desc:Acer Technologies XB271HU #ASPVEKfgZ8Dd";
"$mon_right" = "desc:Samsung Electric Company LS27A600U HNMT502390";
monitor = [
# "$mon_top,1920x1080@60,2560x0,1" # top T2B04424SL000
"DP-6,1920x1080@60,2560x0,1" # top T2B04424SL000 60
# "$mon_left,2560x1440@75,0x1080,1" # left
"DP-8,2560x1440@75,0x1080,1" # left 75hz
# "$mon_center,2560x1440@120,2560x1080,1" # main #ASPVEKfgZ8Dd
"DP-5,2560x1440@144,2560x1080,1" # main #ASPVEKfgZ8Dd 120hz
# "$mon_right,2560x1440@75,5120x1080,1" # right
"DP-7,2560x1440@75,5120x1080,1" # right 75hz
];
input = {
kb_layout = "no";
follow_mouse = 1;
};
cursor = {
no_hardware_cursors = true;
};
env = [
"LIBVA_DRIVER_NAME,nvidia"
"XDG_SESSION_TYPE,wayland"
"GBM_BACKEND,nvidia-drm"
# "__GLX_VENDOR_LIBRARY_NAME,nvidia"
"WLR_NO_HARDWARE_CURSORS,1"
];
decoration = {
rounding = 10;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
blur = {
enabled = true;
size = 3;
passes = 1;
xray = true;
};
};
general = {
gaps_in = 4;
gaps_out = 10;
border_size = 2;
layout = "dwindle";
};
animations = {
enabled = true;
bezier = [
"myBezier, 0.05, 0.9, 0.1, 1.05"
"easeInB, 0.6, -0.28, 0.735, 0.045"
];
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, easeInB, slidefadevert"
"specialWorkspace, 1, 4, default, fade"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
special_scale_factor = 0.85;
};
master = {
new_status = "master";
};
misc = {
force_default_wallpaper = 0;
disable_hyprland_logo = true;
};
windowrulev2 = [
"opacity 0.95 override 0.7 override,class:^(Alacritty)$"
"opacity 0.95 override 0.7 override,class:^(kitty)$"
];
workspace = [
"name:T1, monitor:$mon_top, persistent:true, default:true"
"name:T2, monitor:$mon_top, persistent:true, default:false"
"name:L1, monitor:$mon_left, persistent:true, default:true"
"name:L2, monitor:$mon_left, persistent:true, default:false"
"name:R1, monitor:$mon_right, persistent:true, default:true"
"name:R2, monitor:$mon_right, persistent:true, default:false"
"name:c1, monitor:$mon_center, persistent:true, default:true"
"name:c2, monitor:$mon_center, persistent:true, default:false"
"name:c3, monitor:$mon_center, persistent:true, default:false"
"name:c4, monitor:$mon_center, persistent:true, default:false"
"special:special, on-created-empty:kitty, rounding:true, decorate:false, border:false"
];
bindm = [
"$mainMod,mouse:272,movewindow"
"$shiftMainMod,mouse:272,resizewindow"
];
bindr = [
# mumble ptt release
# ",code:202,exec,mumble rpc stoptalking"
# ",code:202,exec,pamixer --source 63 -m"
# ",code:202,exec,sleep 0.5 && pamixer --default-source -m"
];
bind = [
# term
"$mainMod,Return,exec,$term"
# hyprlock
"$shiftMainMod,l,exec,lockhelper"
# rofi
"$mainMod,D,exec,rofi-launcher"
"$mainMod,P,exec,rofi-rbw"
# hyprland
"$mainMod,Q,killactive,"
"CTRLALT,Delete,exit,"
"$mainMod,Space,togglefloating,"
"$mainMod,F,fullscreen,"
# focus
"$mainMod,l,movefocus,l"
"$mainMod,h,movefocus,r"
"$mainMod,k,movefocus,u"
"$mainMod,j,movefocus,d"
# move
"$mainMod,h,movewindow,l"
"$mainMod,l,movewindow,r"
"$mainMod,k,movewindow,u"
"$mainMod,j,movewindow,d"
# Force opacity
"$shiftMainMod,o,exec, hl-no-opacity"
# grimblast
"$mainMod,Print,exec,grimblast save active ~/tmp/$(date -Iseconds).png"
"$shiftMainMod,Print,exec,grimblast copy area"
",Print,exec,grimblast copy active"
# mumble ptt click
# ",code:202,exec,mumble rpc starttalking"
#",code:202,pass,^(info\.mumble\.Mumble)$"
# ",code:202,exec,pamixer --default-source -u"
",code:202,pass,^discord$"
# Paste to wtype
"$mainMod,v,exec,sleep 0.5s && wl-paste | wtype -"
# worspace switching
"$mainMod,1,workspace,name:c1"
"$mainMod,2,workspace,name:c2"
"$mainMod,3,workspace,name:c3"
"$mainMod,4,workspace,name:c4"
"$mainMod,5,workspace,5"
"$mainMod,6,workspace,6"
# Move window to workspace
"$shiftMainMod,1,movetoworkspace,name:c1"
"$shiftMainMod,2,movetoworkspace,name:c2"
"$shiftMainMod,3,movetoworkspace,name:c3"
"$shiftMainMod,4,movetoworkspace,name:c4"
"$shiftMainMod,5,movetoworkspace,5"
"$shiftMainMod,6,movetoworkspace,6"
# Special workspace
"$mainMod,c,togglespecialworkspace"
"$shiftMainMod,c,movetoworkspace, special"
];
exec-once = [
"waybar"
"hyprpaper & sleep 10 && randomwp"
"easyeffects --gapplication-service"
"hypridle"
"streamcontroller -b"
# "dunst"
];
};
};
};
}

171
home/hyprland/hyprland_magicman.nix Normal file
View File

@@ -0,0 +1,171 @@
{
inputs,
pkgs,
lib,
config,
...
}:
{
imports = [
./hyprlock.nix
./hypridle.nix
];
options.hyprland.enable = lib.mkEnableOption "Hyprland";
config = {
home.packages = with pkgs; [
dunst
# hyprlock
hyprpaper
rofi-wayland
slurp
swww
waybar
wl-clipboard
catppuccin-cursors.macchiatoLavender
bibata-cursors
# For potentially fixing some issues
libsForQt5.qt5.qtwayland
libsForQt5.qt5ct
];
wayland.windowManager.hyprland = {
enable = true;
package = pkgs.hyprland;
settings = {
"$mainMod" = "SUPER";
"$shiftMainMod" = "SUPER_SHIFT";
"$term" = "kitty";
monitor = [ "eDP-1,1920x1080@60,0x0,1" ];
input = {
kb_layout = "no";
follow_mouse = 1;
};
env = [ "XDG_SESSION_TYPE,wayland" ];
decoration = {
rounding = 10;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
blur = {
enabled = true;
size = 3;
passes = 1;
xray = true;
};
};
general = {
gaps_in = 4;
gaps_out = 10;
border_size = 2;
layout = "dwindle";
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
"specialWorkspace, 1, 4, default, fade"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
special_scale_factor = 0.85;
};
master = {
new_status = "master";
};
misc = {
force_default_wallpaper = 0;
disable_hyprland_logo = true;
};
windowrulev2 = [
"opacity 0.95 override 0.7 override,class:^(Alacritty)$"
"opacity 0.95 override 0.7 override,class:^(kitty)$"
];
workspace = [
"special:special, on-created-empty:kitty, rounding:true, decorate:false, border:false"
];
bindm = [ "ALT,mouse:272,movewindow" ];
bindr = [
# mumble ptt release
# ",code:202,exec,mumble rpc stoptalking"
# ",code:202,exec,pamixer --source 63 -m"
# ",code:202,exec,sleep 0.5 && pamixer --default-source -m"
];
bind = [
# term
"$mainMod,Return,exec,$term"
# rofi
"$mainMod,D,exec,rofi-launcher"
"$mainMod,P,exec,rofi-rbw"
# hyprlock
"$shiftMainMod,l,exec,lockhelper"
# hyprland
"$mainMod,Q,killactive,"
"CTRLALT,Delete,exit,"
"$mainMod,Space,togglefloating,"
"$mainMod,F,fullscreen,"
# focus
"$mainMod,l,movefocus,l"
"$mainMod,h,movefocus,r"
"$mainMod,k,movefocus,u"
"$mainMod,j,movefocus,d"
# move
"$mainMod,h,movewindow,l"
"$mainMod,l,movewindow,r"
"$mainMod,k,movewindow,u"
"$mainMod,j,movewindow,d"
# Force opacity
"$shiftMainMod,o,exec, hl-no-opacity"
# mumble ptt click
# ",code:202,exec,mumble rpc starttalking"
#",code:202,pass,^(info\.mumble\.Mumble)$"
# ",code:202,exec,pamixer --default-source -u"
# ",code:202,pass,^discord$"
# worspace switching
"$mainMod,1,workspace,1"
"$mainMod,2,workspace,2"
"$mainMod,3,workspace,3"
"$mainMod,4,workspace,4"
"$mainMod,5,workspace,5"
"$mainMod,6,workspace,6"
# Special workspace
"$mainMod,c,togglespecialworkspace"
"$shiftMainMod,c,movetoworkspace, special"
];
exec-once = [
"waybar"
"hyprpaper & sleep 2 && randomwp"
"hypridle"
# "dunst"
];
};
};
};
}

159
home/hyprland/hyprland_prismo.nix Normal file
View File

@@ -0,0 +1,159 @@
{
inputs,
pkgs,
lib,
config,
...
}:
{
options.hyprland.enable = lib.mkEnableOption "Hyprland";
config = {
home.packages = with pkgs; [
dunst
# hyprlock
hyprpaper
rofi-wayland
slurp
swww
waybar
wl-clipboard
catppuccin-cursors.macchiatoLavender
bibata-cursors
# For potentially fixing some issues
libsForQt5.qt5.qtwayland
libsForQt5.qt5ct
];
wayland.windowManager.hyprland = {
enable = true;
package = pkgs.hyprland;
settings = {
"$mainMod" = "SUPER";
"$shiftMainMod" = "SUPER_SHIFT";
"$term" = "kitty";
monitor = [ ];
input = {
kb_layout = "no";
follow_mouse = 1;
};
env = [ "XDG_SESSION_TYPE,wayland" ];
decoration = {
rounding = 0;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
blur = {
enabled = true;
size = 3;
passes = 1;
xray = true;
};
};
general = {
gaps_in = 4;
gaps_out = 10;
border_size = 2;
layout = "dwindle";
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master = {
new_status = "master";
};
misc.force_default_wallpaper = -1;
windowrulev2 = [
"opacity 0.95 override 0.7 override,class:^(Alacritty)$"
"opacity 0.95 override 0.7 override,class:^(kitty)$"
];
workspace = [
"name:mumble, monitor:$mon_top, persistent:true, default:true"
"name:left, monitor:$mon_left, persistent:true, default:true"
"name:right, monitor:$mon_right, persistent:true, default:true"
"name:main 1, monitor:$mon_center, persistent:true, default:true"
"name:main 2, monitor:$mon_center, persistent:true, default:true"
];
bindm = [ "ALT,mouse:272,movewindow" ];
bindr = [
# mumble ptt release
# ",code:202,exec,mumble rpc stoptalking"
# ",code:202,exec,pamixer --source 63 -m"
# ",code:202,exec,sleep 0.5 && pamixer --default-source -m"
];
bind = [
# term
"$mainMod,Return,exec,$term"
# rofi
"$mainMod,D,exec,rofi-launcher"
"$mainMod,P,exec,rofi-rbw"
# hyprland
"$mainMod,Q,killactive,"
"CTRLALT,Delete,exit,"
"$mainMod,Space,togglefloating,"
"$mainMod,F,fullscreen,"
# focus
"$mainMod,l,movefocus,l"
"$mainMod,h,movefocus,r"
"$mainMod,k,movefocus,u"
"$mainMod,j,movefocus,d"
# move
"$mainMod,h,movewindow,l"
"$mainMod,l,movewindow,r"
"$mainMod,k,movewindow,u"
"$mainMod,j,movewindow,d"
# Force opacity
"$shiftMainMod,o,exec, hl-no-opacity"
# mumble ptt click
# ",code:202,exec,mumble rpc starttalking"
#",code:202,pass,^(info\.mumble\.Mumble)$"
# ",code:202,exec,pamixer --default-source -u"
",code:202,pass,^discord$"
# worspace switching
"$mainMod,1,workspace,name:main 1"
"$mainMod,2,workspace,name:main 2"
"$mainMod,3,workspace,3"
"$mainMod,4,workspace,4"
"$mainMod,5,workspace,5"
"$mainMod,6,workspace,6"
];
exec-once = [
"waybar"
"hyprpaper & sleep 2 && randomwp"
"easyeffects --gapplication-service"
# "dunst"
];
};
};
};
}

91
home/hyprland/hyprlock_gunter.conf Normal file
View File

@@ -0,0 +1,91 @@
# BACKGROUND
background {
monitor = DP-5
path = /tmp/lockscreen/DP-5.png
blur_passes = 3
contrast = 0.8916
brightness = 0.8172
vibrancy = 0.1696
vibrancy_darkness = 0.0
}
background {
monitor = DP-6
path = /tmp/lockscreen/DP-6.png
blur_passes = 3
contrast = 0.8916
brightness = 0.8172
vibrancy = 0.1696
vibrancy_darkness = 0.0
}
background {
monitor = DP-7
path = /tmp/lockscreen/DP-7.png
blur_passes = 3
contrast = 0.8916
brightness = 0.8172
vibrancy = 0.1696
vibrancy_darkness = 0.0
}
background {
monitor = DP-8
path = /tmp/lockscreen/DP-8.png
blur_passes = 3
contrast = 0.8916
brightness = 0.8172
vibrancy = 0.1696
vibrancy_darkness = 0.0
}
# GENERAL
general {
no_fade_in = false
grace = 0
disable_loading_bar = true
}
# INPUT FIELD
input-field {
monitor =
size = 250, 60
outline_thickness = 2
dots_size = 0.2 # Scale of input-field height, 0.2 - 0.8
dots_spacing = 0.2 # Scale of dots' absolute size, 0.0 - 1.0
dots_center = true
outer_color = rgba(0, 0, 0, 0)
inner_color = rgba(0, 0, 0, 0.5)
font_color = rgb(200, 200, 200)
fade_on_empty = false
font_family = JetBrains Mono Nerd Font Mono
placeholder_text = <i><span foreground="##cdd6f4">Input Password...</span></i>
hide_input = false
position = 0, -120
halign = center
valign = center
}
# TIME
label {
monitor =
text = cmd[update:2000] echo "$(date +"%b %d %H:%M")"
#color = $foreground
color = rgba(255, 255, 255, 0.6)
font_size = 120
font_family = JetBrains Mono Nerd Font Mono ExtraBold
position = 0, -300
halign = center
valign = top
}
## USER
#label {
# monitor =
# text = Hi there, $USER
# color = $foreground
# #color = rgba(255, 255, 255, 0.6)
# font_size = 25
# font_family = JetBrains Mono Nerd Font Mono
# position = 0, -40
# halign = center
# valign = center
#}

78
home/hyprland/hyprlock_magicman.conf Normal file
View File

@@ -0,0 +1,78 @@
source = ~/.cache/wal/colors-hyprland.conf
# BACKGROUND
background {
monitor =
path = /tmp/lockscreen/eDP-1.png
blur_passes = 3
contrast = 0.8916
brightness = 0.8172
vibrancy = 0.1696
vibrancy_darkness = 0.0
}
# GENERAL
general {
no_fade_in = false
grace = 0
disable_loading_bar = true
}
# INPUT FIELD
input-field {
monitor =
size = 250, 60
outline_thickness = 2
dots_size = 0.2 # Scale of input-field height, 0.2 - 0.8
dots_spacing = 0.2 # Scale of dots' absolute size, 0.0 - 1.0
dots_center = true
outer_color = rgba(0, 0, 0, 0)
inner_color = rgba(0, 0, 0, 0.5)
font_color = rgb(200, 200, 200)
fade_on_empty = false
font_family = JetBrains Mono Nerd Font Mono
placeholder_text = <i><span foreground="##cdd6f4">Input Password...</span></i>
hide_input = false
position = 0, -120
halign = center
valign = center
}
# TIME
label {
monitor =
text = cmd[update:1000] echo "$(date +"%b %d %H:%M")"
color = $foreground
#color = rgba(255, 255, 255, 0.6)
font_size = 120
font_family = JetBrains Mono Nerd Font Mono ExtraBold
position = 0, -300
halign = center
valign = top
}
## USER
#label {
# monitor =
# text = Hi there, $USER
# color = $foreground
# #color = rgba(255, 255, 255, 0.6)
# font_size = 25
# font_family = JetBrains Mono Nerd Font Mono
# position = 0, -40
# halign = center
# valign = center
#}
# Battery level
label {
monitor =
text = cmd[update:1000] echo "$(batlvl)"
color = $foreground
#color = rgba(255, 255, 255, 0.6)
font_size = 18
# font_family = JetBrainsMono, Font Awesome 6 Free Solid
font_family = JetBrains Mono Nerd Font Mono
position = 0, -20
halign = center
valign = bottom
}

1
home/hyprland/hyprpaper.conf Normal file
View File

@@ -0,0 +1 @@
splash = false

8
home/hyprland/magicman.nix Normal file
View File

@@ -0,0 +1,8 @@
{
imports = [
./hyprland_magicman.nix
./waybar
./xdg.nix
./cursor.nix
];
}

8
home/hyprland/prismo.nix Normal file
View File

@@ -0,0 +1,8 @@
{
imports = [
./hyprland_prismo.nix
./waybar
./xdg.nix
./cursor.nix
];
}

24
home/hyprland/waybar/arrhist.py
View File

@@ -6,7 +6,6 @@ from datetime import datetime, date, timedelta
SECRET_DIR = "/home/torjus/.config/sops-nix/secrets"
def sonarr_url():
xdg_dir = os.environ["XDG_RUNTIME_DIR"]
if not xdg_dir:
@@ -14,31 +13,26 @@ def sonarr_url():
with open(f"{SECRET_DIR}/sonarr_base_url") as f:
return f.read().strip()
def radarr_url():
with open(f"{SECRET_DIR}/radarr_base_url") as f:
return f.read().strip()
def make_header(api_key: str):
return {"X-Api-Key": api_key, "Accept": "application/json"}
def get_sonarr_key():
with open(f"{SECRET_DIR}/sonarr_api_key") as f:
return f.read().strip()
def get_radarr_key():
with open(f"{SECRET_DIR}/radarr_api_key") as f:
return f.read().strip()
def get_sonarr_history(since: datetime | None = None):
def get_sonarr_history(since: datetime|None=None):
api_key = get_sonarr_key()
if not since:
since = datetime.combine(date.today() - timedelta(days=1), datetime.min.time())
url = f"{sonarr_url()}/api/v3/history/since"
since = datetime.combine(date.today()-timedelta(days=1),datetime.min.time())
url = f"{sonarr_url()}/api/history/since"
url += f"?date={since.isoformat()}"
response = requests.get(url, headers=make_header(api_key))
response.raise_for_status()
@@ -50,11 +44,10 @@ def get_sonarr_history(since: datetime | None = None):
items.append(item["sourceTitle"])
return items
def get_radarr_history(since: datetime | None = None):
def get_radarr_history(since: datetime|None=None):
api_key = get_radarr_key()
if not since:
since = datetime.combine(date.today() - timedelta(days=7), datetime.min.time())
since = datetime.combine(date.today()-timedelta(days=7),datetime.min.time())
url = f"{radarr_url()}/api/v3/history/since"
url += f"?date={since.isoformat()}"
response = requests.get(url, headers=make_header(api_key))
@@ -67,17 +60,12 @@ def get_radarr_history(since: datetime | None = None):
items.append(item["sourceTitle"])
return items
if __name__ == "__main__":
sonarr_items = get_sonarr_history()
radarr_items = get_radarr_history()
output = {
"text": f"Son: {len(sonarr_items)}|Rad: {len(radarr_items)}",
"tooltip": "Radarr: \n"
+ "\n".join(radarr_items)
+ "\n"
+ "Sonarr: \n"
+ "\n".join(sonarr_items),
"tooltip": "Radarr: \n" + "\n".join(radarr_items) + "\n" + "Sonarr: \n" + "\n".join(sonarr_items)
}
print(json.dumps(output))

49
home/hyprland/waybar/default.nix
View File

@@ -5,6 +5,14 @@
...
}:
let
flakestat = pkgs.writeShellApplication {
name = "flakestat";
runtimeInputs = with pkgs; [
git
jq
];
text = builtins.readFile ./flakestat.sh;
};
arrhist = pkgs.stdenv.mkDerivation {
name = "arrhist";
propagatedBuildInputs = [
@@ -14,9 +22,8 @@ let
dontUnpack = true;
installPhase = "install -Dm755 ${./arrhist.py} $out/bin/arrhist";
};
cfg = osConfig.host.capabilities;
withArrhist = cfg.enableArrhist;
withBattery = cfg.hasBattery;
withArrhist = if (osConfig.system.name == "gunter") then true else false;
withBattery = if (osConfig.system.name == "magicman") then true else false;
in
{
sops.secrets."sonarr_base_url" = { };
@@ -24,18 +31,25 @@ in
sops.secrets."radarr_base_url" = { };
sops.secrets."radarr_api_key" = { };
catppuccin.waybar = {
enable = true;
flavor = "macchiato";
xdg.configFile."waybar/macchiato.css" = {
source =
pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "waybar";
rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff";
sha256 = "WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8=";
}
+ "/themes/macchiato.css";
};
programs.waybar = {
enable = true;
systemd = {
enable = true; # disable it,autostart it in hyprland conf
enable = false; # disable it,autostart it in hyprland conf
target = "graphical-session.target";
};
style = ''
@import "macchiato.css";
* {
border: none;
font-family: "JetbrainsMono Nerd Font";
@@ -130,8 +144,8 @@ in
#pulseaudio,
#network,
#battery,
#disk,
#custom-powermenu,
#custom-flakestat,
#custom-arrhist {
padding-left: 12px;
padding-right: 12px;
@@ -148,17 +162,17 @@ in
settings = [
(
let
volInterval = toString cfg.volumeScrollStep;
volInterval = if (osConfig.system.name == "gunter") then "5" else "1";
in
{
"layer" = "top";
"position" = "top";
modules-left = [ "custom/flakestat" ];
modules-center = [ "hyprland/workspaces" ];
modules-right = [
(lib.mkIf (withArrhist) "custom/arrhist")
"pulseaudio"
"pulseaudio#microphone"
"disk"
"memory"
"cpu"
(lib.mkIf (withBattery) "battery")
@@ -212,15 +226,6 @@ in
"interval" = 3;
"format" = " {usage}%";
};
"disk" = {
"interval" = 30;
"format" = "󰋊 {percentage_used}%";
"path" = "/";
"tooltip-format" = "{used} / {total}";
"states" = {
"warning" = 85;
};
};
"tray" = {
"icon-size" = 15;
"spacing" = 6;
@@ -240,6 +245,12 @@ in
""
];
};
"custom/flakestat" = {
"exec" = "${flakestat}/bin/flakestat";
"format" = " {}";
"return-type" = "json";
"interval" = 600;
};
}
// lib.optionalAttrs (withArrhist) {
"custom/arrhist" = {

55
home/hyprland/waybar/flakestat.sh Normal file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
set -eo pipefail
# Args:
# $1 text
# $2 tooltip
# $3 error-code
print_output() {
local text="$1"
local tooltip="$2"
local error_code="$3"
if [ -z "$error_code" ]; then
output=$(jq -n \
--arg text "$text" \
--arg tooltip "$tooltip" \
--unbuffered \
--compact-output \
'{text: $text, tooltip: $tooltip}')
else
output=$(jq -n \
--arg text "$text" \
--arg tooltip "$tooltip" \
--unbuffered \
--compact-output \
'{text: $text, tooltip: $tooltip}')
fi
echo "$output"
}
FLAKE_DIR="/home/torjus/nixos"
NIXPKGS_DIR="/home/torjus/git/nixpkgs"
flake_metadata=$(nix flake metadata --json "$FLAKE_DIR" 2>/dev/null)
unstable_input=$(echo "$flake_metadata" | jq '.locks.nodes.root.inputs.nixpkgs')
unstable_rev=$(echo "$flake_metadata" | jq -r ".locks.nodes.$unstable_input.locked.rev")
unstable_branch=$(echo "$flake_metadata" | jq -r ".locks.nodes.$unstable_input.original.ref")
cd "$NIXPKGS_DIR" || print_output "?" "Could not find git repo dir" 1
if ! git fetch -q --all; then
print_output "?" "Unable to fetch commits" 1
exit 1
fi
if ! unstable_commit_count=$(git rev-list --count "$unstable_rev..origin/$unstable_branch"); then
print_output "?" "Unable to list commits" 1
exit 1
fi
text="$unstable_commit_count"
tooltip="${unstable_branch}: ${unstable_commit_count}"
print_output "$text" "$tooltip" 0

9
home/hyprland/xdg.nix Normal file
View File

@@ -0,0 +1,9 @@
{ config, ... }:
{
xdg.configFile = {
"hypr/hyprpaper.conf" = {
source = config.lib.file.mkOutOfStoreSymlink ./. + "/hyprpaper.conf";
target = "hypr/hyprpaper.conf";
};
};
}

37
home/i3/default.nix Normal file
View File

@@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
mod = "Mod4";
in
{
xsession.windowManager.i3 = {
enable = true;
config = {
modifier = mod;
keybindings = lib.mkOptionDefault {
"${mod}+Enter" = "exec kitty";
# Focus
"${mod}+j" = "focus left";
"${mod}+k" = "focus down";
"${mod}+l" = "focus up";
"${mod}+semicolon" = "focus right";
# Move
"${mod}+Shift+j" = "move left";
"${mod}+Shift+k" = "move down";
"${mod}+Shift+l" = "move up";
"${mod}+Shift+semicolon" = "move right";
# My multi monitor setup
"${mod}+m" = "move workspace to output DP-2";
"${mod}+Shift+m" = "move workspace to output DP-5";
};
};
};
}

49
home/magicman.nix Normal file
View File

@@ -0,0 +1,49 @@
{
pkgs,
inputs,
user,
...
}:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inherit pkgs inputs user;
};
users.${user} =
{ pkgs, ... }:
{
imports = [
inputs.sops-nix.homeManagerModules.sops
./sops
./editor/neovim
./programs/firefox
./programs/tmux
./programs/dunst
./programs/kitty
./programs/rofi
./programs/obs-studio
./programs/vscode
./programs/pywal
./programs/zellij
./scripts
./scripts/batlvl.nix
./zsh
./packages
./hyprland/magicman.nix
./ssh
];
firefox.enable = true;
tmux.enable = true;
hyprland.enable = true;
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "23.11";
};
programs.home-manager.enable = true;
};
};
}

66
home/packages/default.nix
View File

@@ -1,18 +1,17 @@
{ pkgs, osConfig, ... }:
let
withCuda = osConfig.host.capabilities.hasCuda;
withCuda = if (osConfig.system.name == "gunter") then true else false;
in
{
imports = [
./zoom.nix
./tacl.nix
];
home.packages = with pkgs; [
# CLI utils
act
age
bat
bzip2
chromium
croc
devenv
distrobox
@@ -23,64 +22,68 @@ in
ffmpeg
file
fzf
glib
grimblast
ijq
incus
jq
kitty
kubectl
lazygit
lf
mdcat
ncdu
nvd
nurl
nwg-look
mosh
most
pinentry-gtk2
pinentry
pre-commit
pulseaudio
pulsemixer
rbw
restic
ripgrep
sidequest
sops
sshfs
step-cli
tea
tldr
tokei
unzip
ventoy
wtype
# Non-CLI stuff
alacritty
discord
feh
krita
mpv
mumble
pamixer
pwvucontrol
(prismlauncher.override {
jdks = [
jdk21
jdk17
jdk8
temurin-jre-bin-25
temurin-jre-bin-17
];
})
rofi-rbw-wayland
spicetify-cli
spotify
tcpdump
virt-manager
# omnissa-horizon-client
vmware-horizon-client
yt-dlp
# k8s tools
cilium-cli
cmctl
k9s
krew
kubernetes-helm
talosctl
# Go stuff
go
gopls
delve
gopls
# js/ts
nodejs
nodePackages.pnpm
typescript
# Py stuff
(python312.withPackages (
@@ -89,7 +92,7 @@ in
ipython
]
))
uv
poetry
ruff
# rust stuff
@@ -103,20 +106,13 @@ in
nixprstatus
# Stuff with overrides
# Btop
(btop.override { cudaSupport = withCuda; })
# PrismLauncher
prismlauncher
# Extract logcli from grafana-loki
(pkgs.linkFarm "logcli" [
{
name = "bin/logcli";
path = "${pkgs.grafana-loki}/bin/logcli";
}
])
(lutris.override {
extraLibraries = pkgs: [
nspr
libxdamage
];
})
# From nix-packages flake
path-of-building-beta
awakened-poe-trade
];
}

30
home/packages/tacl.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.python3Packages.buildPythonApplication rec {
pname = "tacl";
version = "3.9.0";
pyproject = true;
src = pkgs.fetchFromGitHub {
owner = "unioslo";
repo = "tsd-api-client";
rev = "v${version}";
sha256 = "sha256-R8fSAhpdjspIoLy3m6NnHZBCBTSLQGWOqAiDkBZlWOc=";
};
build-system = with pkgs.python3Packages; [
poetry-core
poetry-dynamic-versioning
];
dependencies = with pkgs.python3Packages; [
pyyaml
click
humanfriendly
libnacl
requests
rich
];
})
];
}

107
home/packages/vintagestory.nix
View File

@@ -1,107 +0,0 @@
{
lib,
stdenv,
fetchurl,
makeWrapper,
makeDesktopItem,
copyDesktopItems,
xorg,
gtk2,
sqlite,
openal,
cairo,
libGLU,
SDL2,
freealut,
libglvnd,
pipewire,
libpulseaudio,
dotnet-runtime_8,
}:
stdenv.mkDerivation rec {
pname = "vintagestory";
version = "1.20.0-rc.8";
src = fetchurl {
url = "https://cdn.vintagestory.at/gamefiles/unstable/vs_client_linux-x64_${version}.tar.gz";
hash = "sha256-/MPR6PAkZv93zT6YbJatg67aRYfzp9vFRY82gtVksAs=";
};
nativeBuildInputs = [
makeWrapper
copyDesktopItems
];
buildInputs = [ dotnet-runtime_8 ];
runtimeLibs = lib.makeLibraryPath (
[
gtk2
sqlite
openal
cairo
libGLU
SDL2
freealut
libglvnd
pipewire
libpulseaudio
]
++ (with xorg; [
libX11
libXi
libXcursor
])
);
desktopItems = [
(makeDesktopItem {
name = "vintagestory";
desktopName = "Vintage Story";
exec = "vintagestory";
icon = "vintagestory";
comment = "Innovate and explore in a sandbox world";
categories = [ "Game" ];
})
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/vintagestory $out/bin $out/share/pixmaps $out/share/fonts/truetype
cp -r * $out/share/vintagestory
cp $out/share/vintagestory/assets/gameicon.xpm $out/share/pixmaps/vintagestory.xpm
cp $out/share/vintagestory/assets/game/fonts/*.ttf $out/share/fonts/truetype
runHook postInstall
'';
preFixup = ''
sed -i 's/net7.0/net8.0/' $out/share/vintagestory/Vintagestory.runtimeconfig.json
sed -i 's/7.0.0/8.0.11/' $out/share/vintagestory/Vintagestory.runtimeconfig.json
makeWrapper ${dotnet-runtime_8}/bin/dotnet $out/bin/vintagestory \
--prefix LD_LIBRARY_PATH : "${runtimeLibs}" \
--add-flags $out/share/vintagestory/Vintagestory.dll
makeWrapper ${dotnet-runtime_8}/bin/dotnet $out/bin/vintagestory-server \
--prefix LD_LIBRARY_PATH : "${runtimeLibs}" \
--add-flags $out/share/vintagestory/VintagestoryServer.dll
''
+ ''
find "$out/share/vintagestory/assets/" -not -path "*/fonts/*" -regex ".*/.*[A-Z].*" | while read -r file; do
local filename="$(basename -- "$file")"
ln -sf "$filename" "''${file%/*}"/"''${filename,,}"
done
'';
meta = with lib; {
description = "In-development indie sandbox game about innovation and exploration";
homepage = "https://www.vintagestory.at/";
license = licenses.unfree;
maintainers = with maintainers; [
artturin
gigglesquid
];
};
}

23
home/packages/zoom.nix
View File

@@ -1,17 +1,16 @@
{ pkgs, lib, ... }:
# let
# version = "6.2.6.2503";
# zoom-override = pkgs.zoom-us.overrideAttrs (old: {
# inherit version;
# src = pkgs.fetchurl {
# url = "https://zoom.us/client/${version}/zoom_x86_64.pkg.tar.xz";
# hash = "sha256-qhymegXkXSl9fK/5klSi5uRPwFVN88QH/5EVGaBUbfc=";
# };
# });
# in
let
version = "6.2.6.2503";
zoom-override = pkgs.zoom-us.overrideAttrs (old: {
inherit version;
src = pkgs.fetchurl {
url = "https://zoom.us/client/${version}/zoom_x86_64.pkg.tar.xz";
hash = "sha256-qhymegXkXSl9fK/5klSi5uRPwFVN88QH/5EVGaBUbfc=";
};
});
in
{
home.packages = [
pkgs.zoom-us
#(lib.warn "Using overridden zoom version" zoom-override)
(lib.warn "Using overridden zoom version" zoom-override)
];
}

48
home/prismo.nix Normal file
View File

@@ -0,0 +1,48 @@
{
pkgs,
inputs,
user,
...
}:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inherit pkgs inputs user;
};
users.${user} =
{ pkgs, ... }:
{
imports = [
inputs.sops-nix.homeManagerModules.sops
./sops
./editor/neovim
./programs/firefox
./programs/tmux
./programs/dunst
./programs/kitty
./programs/rofi
./programs/obs-studio
./programs/vscode
./scripts
./zsh
./packages
./hyprland/hyprland_prismo.nix
./ssh
./services/backup-home.nix
./services/ghettoptt.nix
];
firefox.enable = true;
tmux.enable = true;
hyprland.enable = true;
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "23.11";
};
programs.home-manager.enable = true;
};
};
}

72
home/programs/claude-code/agents/docs-verifier.md
View File

@@ -1,72 +0,0 @@
---
name: docs-verifier
description: Verifies documentation accuracy against current codebase state. Use when you need to check if documentation is still correct and get recommendations for updates.
tools: Read, Grep, Glob
---
You are a documentation verification agent. Your task is to verify that documentation accurately reflects the current state of the codebase.
## Input
You will receive a path to a documentation file. Your job is to:
1. **Read and understand the documentation** - Parse the document to understand what it claims about the codebase (commands, file paths, configurations, architecture, etc.)
2. **Verify each claim** - For each verifiable claim in the documentation:
- Find the relevant source files, configurations, or scripts
- Check if the documented behavior/structure still matches reality
- Note any discrepancies
3. **Analyze discrepancies** - For each discrepancy found, determine the likely cause:
- Code changed and docs weren't updated
- Documentation was aspirational/planned but not implemented
- The documented feature was removed or deprecated
- The documented item is dynamic/frequently changing
## Output
Provide a structured report with the following sections:
### Summary
One paragraph overview of the documentation's accuracy status.
### Verified Claims
List claims that were verified as correct (brief, can be grouped).
### Discrepancies Found
For each discrepancy:
- **Location**: Where in the documentation
- **Claim**: What the documentation says
- **Reality**: What the current state actually is
- **Evidence**: File paths and relevant snippets showing the discrepancy
### Recommendations
For each discrepancy, recommend ONE of:
1. **Update documentation** - When the code change is intentional and the docs are simply stale
- Provide the specific changes needed
2. **Update code** - When the documentation describes the correct/intended behavior and the code has regressed or drifted
- Explain what code changes would be needed
3. **Add volatility notice** - When the documented item is inherently dynamic (version numbers, generated values, frequently changing configs)
- Suggest wording like "This value may change" or recommend removing the specific value
4. **Remove documentation** - When the documented feature no longer exists and shouldn't be restored
- Explain why removal is appropriate
### Priority
Rate the overall urgency: **Critical** / **High** / **Medium** / **Low** / **None**
- Critical: Documentation actively misleads users into breaking things
- High: Major features are incorrectly documented
- Medium: Minor inaccuracies that could cause confusion
- Low: Cosmetic issues or very minor discrepancies
- None: Documentation is accurate
## Guidelines
- Be thorough but efficient - verify claims that matter, don't get stuck on trivialities
- When searching for related files, use glob patterns and grep effectively
- Quote specific file paths and line numbers as evidence
- Keep the report concise and actionable
- Focus on factual accuracy, not style or formatting suggestions

52
home/programs/claude-code/agents/security-reviewer.md
View File

@@ -1,52 +0,0 @@
---
name: security-reviewer
description: Security expert that reviews code for vulnerabilities, API key exposure, and security best practices. Use proactively after code changes to identify security issues.
tools: Read, Grep, Glob, Bash
---
You are a security-focused code reviewer specializing in vulnerability detection.
When reviewing code, if you are analyzing the master branch. You should review all code.
If working on a feature branch, only review the changes in that branch. Keep responses short and to the point.
When reviewing code, analyze for:
## Common Vulnerabilities
- Injection attacks (SQL, command, XPath, LDAP)
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Insecure deserialization
- Broken authentication/authorization
## Secrets and Credentials
- Hardcoded API keys, tokens, or passwords
- Credentials in configuration files
- Secrets committed to version control
- Insecure credential storage
## Input Handling
- Missing input validation
- Insufficient sanitization
- Buffer overflows
- Path traversal vulnerabilities
## Cryptography
- Weak hashing algorithms (MD5, SHA1 for security purposes)
- Insecure random number generation
- Improper key management
- Missing encryption for sensitive data
## Other Concerns
- Overly permissive file/directory permissions
- Privilege escalation risks
- Insecure dependencies
- Information disclosure in error messages
- Race conditions
For each issue found, provide:
- **Severity**: Critical / High / Medium / Low
- **Location**: File and line number
- **Issue**: Clear explanation of the vulnerability
- **Impact**: What an attacker could achieve
- **Fix**: Recommended remediation with code example if applicable

68
home/programs/claude-code/default.nix
View File

@@ -1,68 +0,0 @@
{ pkgs, ... }:
{
programs.claude-code = {
enable = true;
package = pkgs.claude-code-bin;
agents = {
docs-verifier = ./agents/docs-verifier.md;
security-reviewer = ./agents/security-reviewer.md;
};
skills = {
pr = ./skills/pr;
};
settings = {
model = "opus";
enabledPlugins = {
"gopls-lsp@claude-plugins-official" = true;
};
env = {
DISABLE_AUTOUPDATER = "1";
};
permissions = {
allow = [
"Bash(git diff:*)"
"Bash(git log:*)"
"Bash(git branch:*)"
"Bash(git commit:*)"
"Bash(git status:*)"
"Bash(git add:*)"
"Bash(nix build:*)"
"Bash(nix fmt:*)"
"Bash(nix flake check:*)"
"Bash(nix flake show:*)"
"Bash(nix eval:*)"
"Bash(nvd diff:*)"
];
deny = [
"Read(*.tfvars)"
"Read(**/*.tfvars)"
"Read(.env)"
"Read(**/.env)"
"Read(./secrets/**)"
"Read(.sops.yaml)"
"Read(~/.ssh/*)"
];
};
hooks = {
PostToolUse = [
{
matcher = "EnterPlanMode";
hooks = [
{
type = "command";
command = "echo 'A plan is being created. If this session has not been renamed yet, suggest a concise, descriptive session name based on the conversation so far and ask the user to run /rename <suggested-name>.'";
}
];
}
];
};
statusLine = {
type = "command";
command = ''input=$(cat); echo "$(basename "$(echo "$input" | jq -r '.workspace.current_dir')") | $(echo "$input" | jq -r '.model.display_name')"'';
};
};
};
}

119
home/programs/claude-code/skills/pr/SKILL.md
View File

@@ -1,119 +0,0 @@
---
name: pr
description: Generate a PR summary from the current feature branch and copy it to the clipboard.
argument-hint: [optional: additional context or focus areas]
user-invocable-only: true
---
# PR Summary Generator
Generate a concise PR summary comparing the current branch to the main branch (master), and copy it to the clipboard.
## Input
Optional user context: $ARGUMENTS
## Process
1. **Get branch info**: Use git to determine:
- Current branch name
- Main branch (master)
- Verify we're not on master (warn if we are)
2. **Gather commit information**: Use the git-explorer MCP tools:
- `commits_between` to get all commits from master to HEAD
- `get_commit_info` for each commit to see the full message and changes
3. **Evaluate commit hygiene** (CRITICAL - do this before generating summary):
Review all commits and check for issues that suggest squashing:
- **Fixup commits**: Messages like "fix", "fixup", "oops", "typo", "forgot", "WIP"
- **Iterative fixes**: Multiple commits touching the same file for the same logical change
- **Broken intermediate states**: Commits that introduce then immediately fix issues
- **Noise commits**: Very small changes that don't warrant their own commit
- **Related changes split unnecessarily**: Commits that logically belong together
**If squashing is recommended**: STOP here. Do NOT generate PR summary or copy to clipboard.
Instead, respond with a short report:
- List which commits should be squashed together
- Explain briefly why (e.g., "fixup commit", "same logical change", "WIP")
- Suggest the resulting commit message(s)
**If commits look clean**: Continue to step 4.
4. **Analyze the changes**:
- Group commits by topic/area if there are multiple
- Note the key files changed
- Understand the overall purpose of the branch
5. **Generate the summary**: Create a markdown summary with:
- A "Summary" section with 2-4 bullet points describing what changed and why
- A "Changes" section listing key files/areas modified
6. **Copy to clipboard**: Pipe the summary to `wl-copy`
## Squash Recommendation Format
When recommending squashing, respond like this:
```
Before creating a PR, I recommend squashing some commits:
**Squash together:**
- `abc123` "Add new feature"
- `def456` "Fix typo in new feature"
- `ghi789` "Forgot to add import"
→ Suggested message: "Add new feature for X"
**Reason:** These are iterative fixes to the same change.
Run `git rebase -i master` to clean up, then invoke `/pr` again.
```
## Output Format
```markdown
## Summary
- First key change or feature
- Second key change
- Additional context if needed
## Changes
- `path/to/file.nix` - Brief description of change
- `path/to/other.nix` - Brief description
```
## Style Guidelines
- **Concise**: Each bullet point should be one sentence
- **Focus on "why"**: Explain the purpose, not just what files changed
- **Group related changes**: Don't list every commit, summarize by area
- **Technical accuracy**: Use correct terminology for the codebase
- **No fluff**: Skip obvious statements like "this PR adds..."
## Example
For a branch with commits adding a new monitoring exporter:
```markdown
## Summary
- Add systemd-exporter to all hosts for tracking service health metrics
- Configure Prometheus scrape targets for the new exporter
- Add Grafana dashboard for visualizing systemd unit status
## Changes
- `system/systemd-exporter.nix` - New module enabling systemd-exporter on all hosts
- `services/monitoring/prometheus.nix` - Add scrape config for systemd-exporter job
- `services/monitoring/grafana/dashboards/` - New systemd dashboard
```
## After Generating
1. Confirm the summary was copied to clipboard
2. Display the summary to the user so they can review it
3. Mention they can paste it directly into a PR description

36
home/programs/dunst/default.nix
View File

@@ -1,14 +1,11 @@
{
config,
lib,
pkgs,
...
}:
{
catppuccin.dunst = {
enable = true;
flavor = "macchiato";
};
services.dunst = {
enable = true;
iconTheme = {
@@ -17,12 +14,13 @@
};
settings = {
global = {
rounded = "yes";
origin = "top-right";
follow = "none";
monitor = "4";
alignment = "left";
vertical_alignment = "center";
width = "(0, 400)";
height = "(0, 400)";
width = "400";
height = "400";
scale = 0;
gap_size = 0;
progress_bar = true;
@@ -41,10 +39,12 @@
history_length = 20;
always_run_script = true;
corner_radius = 10;
font = "JetBrainsMono Nerd Font 10";
format = "<b>%s</b>\\n%b";
# follow = "mouse";
font = "Source Sans Pro 10";
format = "<b>%s</b>\\n%b"; # format = "<span foreground='#f3f4f5'><b>%s %p</b></span>\n%b"
frame_color = "#232323";
frame_width = 1;
offset = "(15, 15)";
offset = "15x15";
horizontal_padding = 10;
icon_position = "left";
indicate_hidden = "yes";
@@ -54,6 +54,7 @@
mouse_middle_click = "close_current";
mouse_right_click = "close_all";
padding = 10;
plain_text = "no";
separator_height = 2;
show_indicators = "yes";
shrink = "no";
@@ -64,6 +65,19 @@
fullscreen_delay_everything = {
fullscreen = "delay";
};
urgency_critical = {
background = "#d64e4e";
foreground = "#f0e0e0";
};
urgency_low = {
background = "#232323";
foreground = "#2596be";
};
urgency_normal = {
background = "#1e1e2a";
foreground = "#2596be";
};
};
};
}

9
home/programs/git/default.nix
View File

@@ -2,13 +2,8 @@
{
programs.git = {
enable = true;
settings = {
user = {
email = "torjus@usit.uio.no";
name = "Torjus Håkestad";
};
};
userName = "Torjus Håkestad";
userEmail = "torjus@usit.uio.no";
lfs.enable = true;

13
home/programs/gtk/default.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, ... }:
{
gtk = {
enable = true;
theme = {
name = "catppuccin-macchiato-blue-standard";
package = pkgs.catppuccin-gtk.override {
variant = "macchiato";
accents = [ "blue" ];
};
};
};
}

74
home/programs/obs-studio/default.nix
View File

@@ -1,64 +1,46 @@
{
pkgs,
lib,
config,
osConfig,
...
}:
{
options.torjus.home = {
obs = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable obs.";
};
withCuda = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable cuda for obs-related packages.";
};
};
};
let
withCuda = osConfig.system.name == "gunter";
config = lib.mkIf config.torjus.home.obs.enable {
programs.obs-studio =
let
withCuda = config.torjus.home.obs.withCuda;
onnxruntime-gpu = (pkgs.onnxruntime.override { cudaSupport = withCuda; });
obs-backgroundremoval-gpu = (
onnxruntime-gpu = (pkgs.onnxruntime.override { cudaSupport = withCuda; }).overrideAttrs (old: {
# TODO: Remove when fixed in nixpkgs
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/libraries/onnxruntime/default.nix#L154
buildInputs = old.buildInputs ++ [ pkgs.cudaPackages.nccl ];
});
obs-backgrounremoval-gpu = (
(pkgs.obs-studio-plugins.obs-backgroundremoval.override { onnxruntime = onnxruntime-gpu; })
.overrideAttrs
(
final: prev: {
version = "1.3.6";
(old: {
version = "1.1.14-beta";
src = pkgs.fetchFromGitHub {
owner = "occ-ai";
repo = "obs-backgroundremoval";
rev = final.version;
hash = "sha256-2BVcOH7wh1ibHZmaTMmRph/jYchHcCbq8mn9wo4LQOU=";
rev = "012a7f45fe4cb5363abee654d05c5cba4235feb5";
hash = "sha256-ud9RfnbMXfOaIhkUYG7zyR4SxZhj3rZd9b4+8P4jBYs=";
};
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkgs.pkg-config ];
cmakeFlags = [
"--preset ubuntu-x86_64"
"-DCMAKE_MODULE_PATH:PATH=${final.src}/cmake"
"-DUSE_SYSTEM_ONNXRUNTIME=ON"
"-DVCPKG_TARGET_TRIPLET="
"-DUSE_PKGCONFIG=ON"
];
}
)
cmakeFlags =
if withCuda then
(lib.lists.remove "-DDISABLE_ONNXRUNTIME_GPU=ON" old.cmakeFlags)
else
old.cmakeFlags;
})
);
in
{
in
{
programs.obs-studio = {
enable = true;
package = pkgs.obs-studio.override {
cudaSupport = withCuda;
};
plugins = with pkgs.obs-studio-plugins; [
plugins =
with pkgs.obs-studio-plugins;
[
obs-pipewire-audio-capture
obs-shaderfilter
obs-backgroundremoval-gpu
];
};
]
++ lib.optionals withCuda [ obs-backgrounremoval-gpu ];
};
}

17
home/programs/rofi/config.rasi Normal file
View File

@@ -0,0 +1,17 @@
configuration{
modi: "run,drun,window";
icon-theme: "Oranchelo";
show-icons: true;
terminal: "alacritty";
drun-display-format: "{icon} {name}";
location: 0;
disable-history: false;
hide-scrollbar: true;
display-drun: "  Apps ";
display-run: "  Run ";
display-window: " 﩯 Window";
display-Network: " 󰤨 Network";
sidebar-mode: true;
}
@theme "latte"

48
home/programs/rofi/default.nix
View File

@@ -1,33 +1,27 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
{
catppuccin.rofi = {
enable = true;
flavor = "macchiato";
xdg.configFile."rofi/config.rasi" = {
source = ./config.rasi;
};
programs.rofi = {
enable = true;
terminal = "kitty";
location = "center";
font = "JetBrains Mono Nerd Font 12";
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
];
extraConfig = {
modi = "drun,ssh,window,calc,emoji";
matching = "fuzzy";
show-icons = true;
icon-theme = "Oranchelo";
drun-display-format = "{icon} {name}";
hide-scrollbar = true;
disable-history = false;
display-drun = "Apps";
display-ssh = "SSH";
display-window = "Window";
display-calc = "Calc";
display-emoji = "Emoji";
sidebar-mode = true;
xdg.configFile."rofi/macchiato.rasi" = {
source =
pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "rofi";
rev = "5350da41a11814f950c3354f090b90d4674a95ce";
sha256 = "DNorfyl3C4RBclF2KDgwvQQwixpTwSRu7fIvihPN8JY=";
}
+ "/basic/.local/share/rofi/themes/catppuccin-macchiato.rasi";
};
xdg.configFile."rofi/latte.rasi" = {
source =
pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "rofi";
rev = "5350da41a11814f950c3354f090b90d4674a95ce";
sha256 = "DNorfyl3C4RBclF2KDgwvQQwixpTwSRu7fIvihPN8JY=";
}
+ "/basic/.local/share/rofi/themes/catppuccin-latte.rasi";
};
}

35
home/programs/streamcontroller/default.nix
View File

@@ -1,35 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.streamcontroller;
in
{
options.streamcontroller = {
enable = mkEnableOption "streamcontroller service";
};
config = mkIf cfg.enable {
systemd.user.services.streamcontroller = {
Unit = {
Description = "Streamcontroller service";
PartOf = [ "graphical-session.target" ];
After = [ "graphical-session.target" ];
Requisite = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${pkgs.streamcontroller}/bin/streamcontroller -b";
Restart = "on-failure";
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
};
}

18
home/programs/vscode/default.nix
View File

@@ -2,29 +2,19 @@
{
programs.vscode = {
enable = true;
profiles.default = {
enableUpdateCheck = true;
enableExtensionUpdateCheck = true;
userSettings = {
"window.titleBarStyle" = "custom";
"rust-analyzer.testExplorer" = true;
"rust-analyzer.restartServerOnConfigChange" = true;
"direnv.restart.automatic" = true;
};
extensions = with pkgs.vscode-extensions; [
bbenoist.nix
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
github.copilot
github.copilot-chat
golang.go
mkhl.direnv
vscodevim.vim
ms-python.python
ms-vscode-remote.remote-ssh
rooveterinaryinc.roo-cline
rust-lang.rust-analyzer
vscodevim.vim
bbenoist.nix
];
userSettings = {
"window.titleBarStyle" = "custom";
};
};
}

8
home/scripts/default.nix
View File

@@ -1,12 +1,14 @@
{ pkgs, config, ... }:
{
imports = [
./noita-helper.nix
];
imports = [ ./lockhelper.nix ];
home.file.".local/bin/hl-no-opacity" = {
source = ./hl-no-opacity.sh;
executable = true;
};
home.file.".local/bin/rofi-launcher" = {
source = ./rofi-launcher.sh;
executable = true;
};
home.file.".local/bin/randomwp" = {
source = ./randomwp.sh;
executable = true;

14
home/scripts/lockhelper.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
let
lockhelper = pkgs.writeShellApplication {
name = "lockhelper";
runtimeInputs = with pkgs; [
grim
jq
];
text = (builtins.readFile ./lockhelper.sh);
};
in
{
home.packages = [ lockhelper ];
}

18
home/scripts/lockhelper.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/env bash
set -eo pipefail
mkdir -p /tmp/lockscreen || true
monitors=$(hyprctl monitors -j | jq -r '.[] | select( .name | contains ("DP")) | .name')
while IFS= read -r m; do
grim -o "$m" "/tmp/lockscreen/$m.png" || true
done <<< "$monitors"
# Only lock if not already running
if [ -z "$(pgrep hyprlock)" ]
then
exec hyprlock
else
echo "Already locked"
fi

14
home/scripts/noita-helper.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, ... }:
let
noita-helper = pkgs.writeShellApplication {
name = "noita-helper";
runtimeInputs = with pkgs; [
grim
jq
];
text = (builtins.readFile ./noita-helper.sh);
};
in
{
home.packages = [ noita-helper ];
}

50
home/scripts/noita-helper.sh
View File

@@ -1,50 +0,0 @@
#!/usr/bin/env bash
SAVE_DIR="/home/torjus/.local/share/Steam/steamapps/compatdata/881100/pfx/drive_c/users/steamuser/AppData/LocalLow/Nolla_Games_Noita"
RESTIC_REPOSITORY="/home/$(whoami)/tmp/noita-backup"
export RESTIC_REPOSITORY
export RESTIC_PASSWORD="noita"
function start {
echo "Doing initial backup"
restic backup -q "$SAVE_DIR"
echo "Backup done"
echo "Mounting tmpfs for save folder..."
sudo mount -o size=2G,noswap -t tmpfs none "$SAVE_DIR"
echo "Restoring initial backup..."
restic restore "latest:$SAVE_DIR" --target "$SAVE_DIR"
echo "Ready to play Noita!"
echo "Remember to run $0 stop when done."
while true
do
restic backup -q "$SAVE_DIR"
echo "Periodic backup done..."
sleep 10m
done
}
function stop {
restic backup -q $SAVE_DIR
sudo umount $SAVE_DIR
restic restore latest:$SAVE_DIR --target $SAVE_DIR
echo "Backup and unmount done..."
}
if [ "$#" -ne 1 ]; then
echo "Usage: $0 {start|stop}"
exit 1
fi
if [ "$1" == "start" ]; then
start
elif [ "$1" == "stop" ]; then
stop
else
echo "Usage: $0 {start|stop}"
exit 1
fi

5
home/scripts/randomwp.sh
View File

@@ -26,6 +26,11 @@ if [ -z "$wallpaper_path" ]; then
exit 1
fi
if ! command -v hyprpaper &> /dev/null; then
echo "Could not find hyprpaper command"
exit 1
fi
echo "setting $wallpaper_path as wallpaper"
hyprctl hyprpaper unload all
hyprctl hyprpaper preload "$wallpaper_path"

8
home/scripts/rofi-launcher.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
rofi \
-show drun \
-modi run,drun,ssh \
-scroll-method 0 \
-drun-match-fields all \
-drun-display-format "{name}" \
-terminal kitty

25
home/services/backup-home.nix
View File

@@ -1,14 +1,5 @@
{
pkgs,
config,
lib,
osConfig,
...
}:
{ pkgs, config, ... }:
let
cfg = osConfig.host.capabilities;
backupEnabled = cfg.backupRepository != null && cfg.backupPassword != null;
# Backup home script
backup-home = pkgs.writeShellApplication {
name = "backup-home";
@@ -21,8 +12,8 @@ let
];
text = ''
echo "========== BACKUP HOME STARTING =========="
export RESTIC_PASSWORD="${cfg.backupPassword}"
export RESTIC_REPOSITORY="${cfg.backupRepository}"
export RESTIC_PASSWORD="gunter.home.2rjus.net"
export RESTIC_REPOSITORY="rest:http://10.69.12.52:8000/gunter.home.2rjus.net"
SECRET_PATH="$XDG_CONFIG_HOME/sops-nix/secrets/gotify_backup_home"
if ! [ -f "$SECRET_PATH" ]; then
@@ -53,8 +44,6 @@ let
--exclude '/home/torjus/.npm' \
--exclude '/home/torjus/.factorio/mods' \
--exclude '/home/torjus/.zoom' \
--exclude '/home/torjus/Games' \
--exclude '/home/torjus/nobackup' \
--exclude '/home/torjus/git/nixpkgs'
retval=$?
if [ $retval -ne 0 ]; then
@@ -62,7 +51,7 @@ let
retval=$?
if [ $retval -ne 0 ]; then
curl "https://gotify.t-juice.club/message?token=$GOTIFY_TOKEN" \
-F "title=Backup of home@${osConfig.networking.hostName} failed!" \
-F "title=Backup of home@gunter failed!" \
-F "message=Please check status of backup-home service"
fi
fi
@@ -101,9 +90,9 @@ let
};
in
{
sops.secrets."gotify_backup_home" = lib.mkIf backupEnabled { };
sops.secrets."gotify_backup_home" = { };
systemd.user.services.backup-home = lib.mkIf backupEnabled {
systemd.user.services.backup-home = {
Unit = {
Description = "Backup home directory";
After = [
@@ -116,7 +105,7 @@ in
ExecStart = "${backup-home}/bin/backup-home";
};
};
systemd.user.timers.backup-home = lib.mkIf backupEnabled {
systemd.user.timers.backup-home = {
Unit = {
Description = "Backup home directory";
After = [ "network.target" ];

6
home/services/labmcp.nix
View File

@@ -1,6 +0,0 @@
{
# Ensure runtime directory exists for labmcp MCP servers
systemd.user.tmpfiles.rules = [
"d %t/labmcp 0755 - - -"
];
}

21
home/services/natstonotify.nix
View File

@@ -1,21 +0,0 @@
{ pkgs, config, ... }:
{
sops.secrets."nats_nkey" = { };
systemd.user.services.natstonotify = {
Unit = {
Description = "Run natstonotify";
After = [ "sops-nix.service" ];
};
Service = {
Environment = [
"NATS_URL=nats://nats1.home.2rjus.net:4222"
"NATS_NKEY_FILE=${config.sops.secrets.nats_nkey.path}"
];
Type = "simple";
ExecStart = "${pkgs.natstonotify}/bin/natstonotify server";
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
}

24
home/ssh/config.nix
View File

@@ -18,37 +18,27 @@ in
{
programs.ssh = {
enable = true;
enableDefaultConfig = false;
controlMaster = "auto";
matchBlocks = {
"bmo.uio.no-on-eduroam" = (
lib.mkIf (osConfig.host.capabilities.hasEduroamAccess) (
lib.hm.dag.entryBefore [ "bmo.uio.no" "*" ] {
lib.mkIf (osConfig.system.name == "magicman") (
lib.hm.dag.entryBefore [ "bmo.uio.no" ] {
match = "host bmo.uio.no exec \"nmcli -g GENERAL.STATE c s eduroam|grep -q -E '\\bactiv'\"";
hostname = "bmo.uio.no";
forwardAgent = false;
serverAliveInterval = 30;
controlMaster = "auto";
controlPath = "/run/user/%i/ssh-cm-%C";
}
)
);
"bmo.uio.no" = lib.hm.dag.entryBefore [ "*" ] {
"bmo.uio.no" = {
setEnv = {
# TERM = "xterm-256color";
};
hostname = "bmo.uio.no";
forwardAgent = false;
proxyJump = "torjus@rlogin.uio.no";
serverAliveInterval = 30;
controlMaster = "auto";
controlPath = "/run/user/%i/ssh-cm-%C";
};
"*" = {
serverAliveInterval = 30;
controlMaster = "auto";
};
};
};
services.ssh-agent.enable = true;
}

5
home/zsh/default.nix
View File

@@ -24,7 +24,7 @@
nrebuild = "sudo nixos-rebuild switch --flake /home/${user}/nixos";
ndiffbuild = "sudo nixos-rebuild build --flake /home/${user}/nixos && nvd diff /run/current-system /home/${user}/nixos/result";
};
initContent = ''
initExtra = ''
bindkey -v
bindkey '^R' history-incremental-search-backward
@@ -32,8 +32,7 @@
autoload -Uz promptinit
promptinit
prompt pure
export MANPAGER="nvim +Man!"
export LOKI_ADDR="http://monitoring01:3100"
export PATH="''${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
# Aliases
alias ls=eza

134
hosts/gunter/configuration.nix
View File

@@ -9,7 +9,7 @@
{
imports = [
./hardware-configuration.nix
../../system/monitoring
../../system/monitoring.nix
];
# Sops stuff
@@ -23,20 +23,15 @@
# Bootloader stuff
boot = {
blacklistedKernelModules = [
"mt7921e"
"mt7921_common"
"mt792x_lib"
"mt76_connac_lib"
"mt76"
];
# Kernel stuff
kernelPackages = lib.warn "Kernel pinned to 6.18 due to nvidia driver incompatibility with 6.19" pkgs.linuxPackages_6_18;
kernelParams = [ "module_blacklist=amdgpu" ];
kernel.sysctl = {
"vm.max_map_count" = 262144;
};
# kernelPackages = pkgs.linuxPackages_xanmod_latest;
kernelPackages = pkgs.linuxPackages_latest;
# kernelPackages = lib.warn "Pinned to kernel 6.10 due to nvidia fbdev trouble!" pkgs.linuxPackages_6_10;
kernelParams = [
"quiet"
"splash"
"rd.systemd.show_status=false"
];
extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
@@ -44,39 +39,31 @@
# Bootloader stuff
loader.systemd-boot = {
enable = true;
configurationLimit = 10;
memtest86.enable = true;
};
loader.efi = {
canTouchEfiVariables = true;
};
supportedFilesystems = [ "nfs" ];
};
# Networking stuff
networking.hostName = "gunter"; # Define your hostname.
networking.firewall.allowedTCPPorts = [ 8989 ];
# Additional nix caches for homelab and CUDA
nix.settings = {
substituters = [
"https://nix-cache.home.2rjus.net"
"https://cuda-maintainers.cachix.org"
];
trusted-substituters = [
"https://nix-cache.home.2rjus.net"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-cache02.home.2rjus.net-1:QyT5FAvJtV+EPQrgQQ6iV9JMg1kRiWuIAJftM35QMls="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
networking.networkmanager.enable = true;
networking.nftables.enable = true;
networking.firewall = {
enable = true;
};
# Set time stuff
time.timeZone = "Europe/Oslo";
# Enable graphics
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
libva-vdpau-driver
vaapiVdpau
nvidia-vaapi-driver
];
};
@@ -86,24 +73,21 @@
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = false;
open = true;
nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.beta;
# package =
# lib.warn "nvidia driver override to use 580.82.07"
# config.boot.kernelPackages.nvidiaPackages.mkDriver
# {
# version = "580.82.07";
# sha256_64bit = "sha256-Bh5I4R/lUiMglYEdCxzqm3GLolQNYFB0/yJ/zgYoeYw=";
package = config.boot.kernelPackages.nvidiaPackages.latest;
# package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
# version = "560.28.03";
# sha256_64bit = "sha256-martv18vngYBJw1IFUCAaYr+uc65KtlHAMdLMdtQJ+Y=";
# sha256_aarch64 = lib.fakeHash;
# openSha256 = "sha256-8/7ZrcwBMgrBtxebYtCcH5A51u3lAxXTCY00LElZz08=";
# openSha256 = "sha256-asGpqOpU0tIO9QqceA8XRn5L27OiBFuI9RZ1NjSVwaM=";
# settingsSha256 = lib.fakeHash;
# persistencedSha256 = lib.fakeSha256;
# };
};
# Setup nvidia video drivers
# Setup hyprland
# nixpkgs.overlays = [
# (self: super: {
# hyprland = super.hyprland.override {
@@ -111,20 +95,58 @@
# };
# })
# ];
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
# Host capabilities
host.capabilities = {
hasCuda = true;
hasBattery = false;
formFactor = "desktop";
volumeScrollStep = 5;
enableArrhist = true;
hasEduroamAccess = false;
backupRepository = "rest:http://10.69.12.52:8000/gunter.home.2rjus.net";
backupPassword = "gunter.home.2rjus.net";
services.xserver.displayManager.gdm.wayland = true;
services.xserver.displayManager.lightdm.enable = false;
services.xserver.displayManager.startx.enable = true;
services.xserver.windowManager.i3.enable = true;
programs.hyprland = {
enable = true;
xwayland.enable = true;
portalPackage = pkgs.xdg-desktop-portal-hyprland;
};
# Setup common XDG env vars
environment.sessionVariables = rec {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
XDG_BIN_HOME = "$HOME/.local/bin";
PATH = [ "${XDG_BIN_HOME}" ];
};
# Setup xdg portal
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = (
with pkgs;
[
# unstable.xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
]
);
};
# Enable flakes
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"torjus"
];
substituters = [ "https://cuda-maintainers.cachix.org" ];
trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
nixpkgs.config.allowUnfree = true;
# Install system-wide packages
environment.systemPackages = with pkgs; [
curl
@@ -135,7 +157,7 @@
wget
v4l-utils
nmap
pciutils
(lib.mkIf (config.system.name == "gunter") pciutils)
# X shit
# xorg.xorgserver

6
hosts/gunter/container.nix
View File

@@ -1,6 +0,0 @@
{ pkgs, lib, ... }:
{
hardware.nvidia-container-toolkit = {
enable = true;
};
}

9
hosts/gunter/default.nix
View File

@@ -1,17 +1,18 @@
{
inputs,
self,
pks,
...
}:
{
imports = [
./configuration.nix
./hardware-configuration.nix
./steamuser.nix
./nfs.nix
./ollama.nix
./streamdeck.nix
./ratbagd.nix
./container.nix
../../system
../../home/hosts/gunter
./steam.nix
../../home/gunter.nix
];
}

4
hosts/gunter/hardware-configuration.nix
View File

@@ -25,9 +25,7 @@
"kvm-amd"
"v4l2loopback"
];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/a7d4b697-fffa-4bcb-9dd7-cbbd6121a50c";

20
hosts/gunter/hostapd.nix
View File

@@ -1,20 +0,0 @@
{ ... }:
{
services.hostapd = {
enable = true;
radios = {
wlp13s0 = {
countryCode = "NO";
wifi6.enable = true;
networks.wlp13s0 = {
ssid = "TESTLOL";
band = "5g";
authentication = {
wpaPassword = "lol passord";
mode = "wpa2-sha256";
};
};
};
};
};
}

14
hosts/gunter/ollama.nix
View File

@@ -1,16 +1,12 @@
{ pkgs, lib, ... }:
{
services.ollama = {
enable = false;
package = pkgs.ollama-cuda;
enable = true;
acceleration = "cuda";
};
services.open-webui = {
enable = false;
package = pkgs.stable.open-webui;
# enable = lib.warn "Open WebUI is disabled" false;
enable = true;
environment = {
VECTOR_DB = "pgvector";
PGVECTOR_DB_URL = "postgresql://openwebui:openwebui@pgdb1.home.2rjus.net:5432/openwebui";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
@@ -18,8 +14,4 @@
};
port = 11444;
};
# Ensure networking is ok before starting
systemd.services.open-webui.after = [ "network-online.target" ];
systemd.services.open-webui.wants = [ "network-online.target" ];
}

5
hosts/gunter/ratbagd.nix
View File

@@ -1,5 +0,0 @@
{ pkgs, ... }:
{
services.ratbagd.enable = true;
environment.systemPackages = with pkgs; [ piper ];
}

5
hosts/gunter/steam.nix
View File

@@ -1,5 +0,0 @@
{ ... }:
{
programs.steam.enable = true;
programs.gamemode.enable = true;
}

23
hosts/gunter/steamuser.nix Normal file
View File

@@ -0,0 +1,23 @@
{ pkgs, ... }:
{
environment.shells = with pkgs; [ zsh ];
services.xserver.desktopManager.xfce.enable = true;
programs.steam.enable = true;
programs.gamemode.enable = true;
services.flatpak.enable = true;
users.users.steam = {
isNormalUser = true;
initialPassword = "steam";
home = "/home/steam";
description = "Steam user";
shell = pkgs.zsh;
# Install some user packages
packages = with pkgs; [
firefox
mumble
easyeffects
];
};
}

99
hosts/magicman/configuration.nix
View File

@@ -1,4 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -8,17 +10,23 @@
# Bootloader stuff
boot.kernelParams = [
"quiet"
"splash"
"rd.systemd.show_status=false"
"acpi_backlight=native"
"video=efifb:nobgrt"
"loglevel=3"
"rd.udev.log_level=3"
];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 3;
};
boot.loader.efi = {
canTouchEfiVariables = true;
};
boot.initrd.systemd.enable = true;
boot.plymouth = {
@@ -32,34 +40,24 @@
# Networking stuff
networking.hostName = "magicman"; # Define your hostname.
networking.networkmanager.wifi.backend = "iwd";
networking.networkmanager.enable = true;
networking.nftables.enable = true;
networking.firewall = {
enable = true;
};
hardware = {
enableRedistributableFirmware = true;
enableAllFirmware = true;
# Set time stuff
time.timeZone = "Europe/Oslo";
# Enable opengl
graphics = {
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
libva-vdpau-driver
vaapiVdpau
libvdpau-va-gl
];
};
};
# Host capabilities
host.capabilities = {
hasCuda = false;
hasBattery = true;
formFactor = "laptop";
volumeScrollStep = 1;
enableArrhist = false;
hasEduroamAccess = true;
backupRepository = null;
backupPassword = null;
};
# Bluetooth stuff
services.blueman.enable = true;
@@ -78,18 +76,69 @@
};
};
# Setup hyprland
services.xserver.enable = true;
services.xserver.displayManager = {
gdm.wayland = true;
lightdm.enable = false;
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
portalPackage = pkgs.xdg-desktop-portal-hyprland;
};
# TRIM
services.fstrim.enable = true;
# TLP
services.tlp.enable = true;
# Brillo
hardware.brillo.enable = true;
# Setup common XDG env vars
environment.sessionVariables = rec {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
XDG_BIN_HOME = "$HOME/.local/bin";
PATH = [ "${XDG_BIN_HOME}" ];
};
# Setup xdg portal
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = (
with pkgs;
[
# xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
]
);
};
programs.steam.enable = true;
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [
"root"
"torjus"
];
nixpkgs.config.allowUnfree = true;
# Install system-wide packages
environment.systemPackages = with pkgs; [
vim
wget
curl
git
v4l-utils
];
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,

3
hosts/magicman/default.nix
View File

@@ -8,8 +8,7 @@
imports = [
./configuration.nix
./hardware-configuration.nix
./laptop.nix
../../system
../../home/hosts/magicman
../../home/magicman.nix
];
}

7
hosts/magicman/hardware-configuration.nix
View File

@@ -21,11 +21,8 @@
"sdhci_pci"
];
boot.initrd.kernelModules = [ "i915" ];
boot.kernelModules = [
"kvm-intel"
"v4l2loopback"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/31b20f4c-24bb-4fd1-9a3e-8ccc19fe3d64";

19
hosts/magicman/laptop.nix
View File

@@ -1,19 +0,0 @@
{ ... }:
{
hardware.brillo.enable = true;
powerManagement.enable = true;
services.auto-cpufreq = {
enable = true;
settings = {
battery = {
governor = "powersave";
turbo = "never";
};
charger = {
governor = "performance";
turbo = "auto";
};
};
};
}

103
hosts/prismo/configuration.nix Normal file
View File

@@ -0,0 +1,103 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ./hardware-configuration.nix ];
# Sops stuff
sops.defaultSopsFile = ../../secrets/prismo/secrets.yaml;
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
sops.secrets."gotify_tokens/backup-home" = { };
# Bootloader stuff
boot.kernelParams = [
"quiet"
"splash"
"rd.systemd.show_status=false"
];
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 10;
};
boot.loader.efi = {
canTouchEfiVariables = true;
};
# Networking stuff
networking.hostName = "prismo"; # Define your hostname.
networking.networkmanager.enable = true;
networking.nftables.enable = true;
networking.firewall = {
enable = true;
};
# Set time stuff
time.timeZone = "Europe/Oslo";
# Enable opengl
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiVdpau
libvdpau-va-gl
];
};
# Setup hyprland
services.xserver.enable = true;
programs.hyprland = {
enable = true;
xwayland.enable = true;
portalPackage = pkgs.xdg-desktop-portal-hyprland;
};
# Setup common XDG env vars
environment.sessionVariables = rec {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
XDG_BIN_HOME = "$HOME/.local/bin";
PATH = [ "${XDG_BIN_HOME}" ];
};
# Setup xdg portal
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = (
with pkgs;
[
xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
]
);
};
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
# Install system-wide packages
environment.systemPackages = with pkgs; [
vim
wget
curl
git
];
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

14
hosts/prismo/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{
inputs,
self,
pks,
...
}:
{
imports = [
./configuration.nix
./hardware-configuration.nix
../../system
../../home/prismo.nix
];
}

54
hosts/prismo/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,54 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [ ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/f71b0ace-f38f-435f-a07a-007f9cfe4919";
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/91a0dbc4-426f-4b7b-a49e-063d1d0e59fb";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/AF2D-FAD0";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/67da36a8-69df-4541-88cd-cba7cbc40b4c"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
packages/open-pomodoro.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
buildGoModule,
fetchFromGitHub,
installShellFiles,
}:
buildGoModule rec {
pname = "openpomodoro-cli";
version = "0.3.0";
src = fetchFromGitHub {
owner = "open-pomodoro";
repo = "openpomodoro-cli";
rev = "v${version}";
hash = "sha256-h/o4yxrZ8ViHhN2JS0ZJMfvcJBPCsyZ9ZQw9OmKnOfY=";
};
vendorHash = "sha256-BR9d/PMQ1ZUYWSDO5ID2bkTN+A+VbaLTlz5t0vbkO60=";
ldflags = [
"-s"
"-w"
];
GOWORK = "off";
subPackages = [ "cmd/pomodoro" ];
nativeBuildInputs = [ installShellFiles ];
# postInstall = ''
# installShellCompletion --cmd talosctl \
# --bash <($out/bin/talosctl completion bash) \
# --fish <($out/bin/talosctl completion fish) \
# --zsh <($out/bin/talosctl completion zsh)
# '';
doCheck = false; # no tests
meta = with lib; {
description = "A command-line Pomodoro tracker which uses the Open Pomodoro Format";
mainProgram = "pomodoro";
homepage = "https://github.com/open-pomodoro/openpomodoro-cli";
license = licenses.mit;
# maintainers = with maintainers; [ flokli ];
};
}

21
secrets/prismo/secrets.yaml Normal file
View File

@@ -0,0 +1,21 @@
test: ENC[AES256_GCM,data:MtSN,iv:ag/LDkk0DgE6QPjB/08RhEw3LzQHDOkRH0/4OBn8KUU=,tag:FeiJfjtbd4MCwNmCezH44A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaGtaL0tkVFFuTk9ka0Rz
bHRpN0UyZFQxTG1ZSTRxSmI4eHJhbVM1ZWs0Cmx5UkdrSFNsRGU1eWRyU0hEcElH
WWJLWHdNTVR4RVpGYlcwMlJ4b2J5eHcKLS0tIGkrTWpNdVdERHpvaHZRdGxHN1Mr
WDJGWFA1M2kxQ1hHKzRwRTY4WUZwN2MKQIT//FEdXYWfEkI1knDD3uN+KMaIDtmR
H64031YMvAh67fVGekRv72S5DWzrft/Zr2libKpsN7T4G9fxGihhEw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-02T20:56:45Z"
mac: ENC[AES256_GCM,data:WQKHFMPmEvDTHS4eYYVcpsX7j8Xef9SV0VKNAbQh0hnZPMJEll4jtzR8sub2tUEt9/I1PvngXMWz6pPmINwOKRI+L3+gTSdg9QgPiikjE6wDA2qbpv9pd14uH22ABmCjkTeEZ9R+b9KbBl0GtMQof1sdTL9nUDrr9Fyfrr/UXs4=,iv:4DgDhwb2ksh2THtR/H5PiO57vF4yKSZ6FyCjWBqCQQI=,tag:dczk4ZAI8k6dareobGmt/w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

26
secrets/torjus/secret.yaml
View File

@@ -3,7 +3,6 @@ sonarr_api_key: ENC[AES256_GCM,data:mg19hxs+DY6wsLjt4FupjavwmnmMJAP2Us5i1Rt/yyk=
sonarr_base_url: ENC[AES256_GCM,data:0HiHIX4KcPEE62Ti1fLH230rC1A7xYg=,iv:mkAnl6t2H5xP9RPjTsbSZkfbrgli/7XKnPE5aGuZpTo=,tag:P2osFM60Jk8qkXJgLaGpjg==,type:str]
radarr_api_key: ENC[AES256_GCM,data:Db1ISKTF+m2H1on55/4vdGticfqBdxfIzKHBxC9LAx4=,iv:NhiG4SmsRYIunW1ljFbxeHvRoi9fOVE+9DJn6kmZ6oI=,tag:DoJzo56CW3kJlySYmB8NYQ==,type:str]
radarr_base_url: ENC[AES256_GCM,data:3UgOPQMblYhm0ysRB6VVosvZToIM5IA=,iv:o/s0bVBrjrma2Df2LlCCFL5Ks80063/4mABc6vzDrYg=,tag:eHKntLPM9yRRkMfIWSpIdg==,type:str]
nats_nkey: ENC[AES256_GCM,data:TcIDFkFXB1+qfTqLylDI46w4/+Cy9XdXyXS26qCbwDaDoQNaRUsC6dw94mbT37352IWOCypTY0hweA==,iv:DC5GQyIXbNSx/mOLAOWTf5AyeFeViLxbKTMgZEfTEXE=,tag:krxk/dnZ58a8dcuWb7zhnA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -13,23 +12,14 @@ sops:
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaUlVOWtoRTFvMHljV0Fu
TFp2Ym1jcThqbWRjUjdNSnhxRUsrOWl6S3dBCmh0L0YzaXNlRTFHMXFHTGc1T3I2
WE03WjJCSlJSV2lmSExTWDBQRnlOcDAKLS0tIFJoeEM5b0IrdWxTRWhvNnd0c3NG
dENGdjJteFFaQTNFaDgvSGV2UEtyT0EKbdg4atS91rB99l7zKKkfPzKk4T5Mq2x5
bX825DPrxauAhvrT7ca/A2OwA4kaFuxPrQGd3VOPAXTVhlbcFgIAdw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdDRDc0UvaWY4U0loZzQ0
bDZCMitGbGVYaGJyUXNrZGpnZHJlWHRkK3drCnJ2TlovSUI0OEVrV2FBbVdlSm1z
OE9lYXNMSXpCS0NMSkZDcjhtWENOUTAKLS0tIEZFMnVqcktwWkR5VHBGQXdobXlp
Q3gxalhGVjNlS3B3YlFsK0VQMUFITEUKE87+RpOG6ucXHHQ0DMQ9F3yo0n1aXbv7
OX5ibHU7RroUQwFmDj87u59VUTvpWRQjsBW4c4WrZRk9KcjwinZZZQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1stlqqspmt5fepyz35udrwr5avf9zuju79f787p26pu2d2j08yqps2q2t2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSEZJWldRcmJ3c1BjbUpT
bmZXSmlHU0hVRTV3SG91bXpiTXhZd1RkY0Y4ClBxc0RabWJmMi8reHZYWnlmK3pC
bUw5V2FEV0pZdkZEMTJ5ZDZXWDM2NjgKLS0tIGZ6dEZ4dERYQXFRQTVkRHhycndz
dkgwQlRrdEp6b2FIVnowaDlUMEZpeHcK2icvVv+UpbcdVErRjjQhlQb6PuluC/K7
Vy8Rh7dTn++bSEdGidDNGYeUQBrVy2qooq04lQqbeOOrdmXVhTamdA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-11T19:22:47Z"
mac: ENC[AES256_GCM,data:vd8O5y1GNDTDrlundbNZcGRAQzKLDly4qyxTqRO2JrnDYOqD/vQ8TqRQYiUgGY+5AcgjoLMER8keE8OUmcngN16cbGx1zKTpdqyHb7B2KR7ZfWOjW5kTk5KWM1gLDA4hA2GBEjHFBPGKdcrjURek9MrT+iM+qArbizSjWlKuehc=,iv:cicEnvWynZizJqrUzPIzbJWl6O8uL65Vs7fAYsuqSNA=,tag:l5jBXQfFedVE/VccZh+1qQ==,type:str]
lastmodified: "2024-04-25T19:19:54Z"
mac: ENC[AES256_GCM,data:VGBiDi71DHAXLhi7XC0XSTqnSwcJXv1Lj53qriFER7BXXZNPUdbeknlYR+KMdL3hgKGiK+ElWK5foDAy6jpl1H3U7Y9B4d40pVZSzEoN+fCwUgfP+yym1HwKZZoJok2ksXZIL4MZyZSNS+ONjDeFEcyHobIx8pRThxic3CcvptI=,iv:QwnFcYeIWibx5q8C/ur1eE8F9vbyGHg5raInDHBoyVs=,tag:JJWEYAyVhfny4hWrKBAKig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4
version: 3.8.1

13
system/boot.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, lib, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
boot.kernelParams = lib.mkBefore [
"quiet"
"splash"
"rd.systemd.show_status=false"
];
}

10
system/default.nix
View File

@@ -1,22 +1,14 @@
{
imports = [
./boot.nix
./fonts.nix
./fwupd.nix
./git.nix
./greetd.nix
./host-capabilities.nix
./hyprland.nix
./label.nix
./libvirt.nix
./locale.nix
./networking.nix
./nix-config.nix
./podman.nix
./root-ca.nix
./security.nix
./services.nix
./users.nix
./xdg.nix
./label.nix
];
}

14
system/fonts.nix
View File

@@ -5,13 +5,17 @@
fira-code
fira-code-symbols
font-awesome
nerd-fonts.jetbrains-mono
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
nerd-fonts.dejavu-sans-mono
(nerdfonts.override {
fonts = [
"JetBrainsMono"
"FiraCode"
"DroidSansMono"
"DejaVuSansMono"
];
})
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts-emoji
noto-fonts-monochrome-emoji
source-sans-pro
twemoji-color-font

2
system/greetd.nix
View File

@@ -4,7 +4,7 @@
enable = true;
settings = {
default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd \"uwsm start default\"";
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd \"dbus-run-session Hyprland\"";
user = "greeter";
};
};

64
system/host-capabilities.nix
View File

@@ -1,64 +0,0 @@
{ lib, ... }:
with lib;
{
options.host.capabilities = {
# Hardware capabilities
hasCuda = mkOption {
type = types.bool;
default = false;
description = "Whether the host has CUDA-capable GPU (for btop, OBS, etc.)";
};
hasBattery = mkOption {
type = types.bool;
default = false;
description = "Whether the host has a battery (laptop)";
};
# Form factor
formFactor = mkOption {
type = types.enum [
"desktop"
"laptop"
];
default = "desktop";
description = "Physical form factor of the host";
};
# UI behavior customizations
volumeScrollStep = mkOption {
type = types.int;
default = 5;
description = "Volume adjustment step percentage for scroll wheel";
};
# Service-specific features
enableArrhist = mkOption {
type = types.bool;
default = false;
description = "Enable Sonarr/Radarr monitoring widget (arrhist)";
};
# Network environment features
hasEduroamAccess = mkOption {
type = types.bool;
default = false;
description = "Whether this host can connect to eduroam (for SSH config)";
};
# Backup configuration
backupRepository = mkOption {
type = types.nullOr types.str;
default = null;
description = "Restic backup repository URL for this host";
example = "rest:http://10.69.12.52:8000/gunter.home.2rjus.net";
};
backupPassword = mkOption {
type = types.nullOr types.str;
default = null;
description = "Restic backup password identifier for this host";
example = "gunter.home.2rjus.net";
};
};
}

12
system/hyprland.nix
View File

@@ -1,12 +0,0 @@
{ pkgs, ... }:
{
services.xserver.enable = true;
services.displayManager.gdm.wayland = true;
programs.hyprland = {
enable = true;
withUWSM = true;
xwayland.enable = true;
portalPackage = pkgs.xdg-desktop-portal-hyprland;
};
}

3
system/libvirt.nix
View File

@@ -6,6 +6,9 @@
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
ovmf = {
enable = true;
};
};
};
}

14
system/locale.nix
View File

@@ -1,14 +0,0 @@
{ ... }:
{
time.timeZone = "Europe/Oslo";
i18n = {
supportedLocales = [
"en_US.UTF-8/UTF-8"
"nb_NO.UTF-8/UTF-8"
];
extraLocaleSettings = {
LC_TIME = "nb_NO.UTF-8";
};
};
}

37
system/monitoring.nix Normal file
View File

@@ -0,0 +1,37 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
prometheus-node-exporter
prometheus-systemd-exporter
];
systemd.services."node-exporter" = {
enable = true;
unitConfig = {
Description = "Prometheus Node Exporter";
After = [ "network.target" ];
};
serviceConfig = {
ExecStart = "${pkgs.prometheus-node-exporter}/bin/node_exporter";
};
wantedBy = [ "multi-user.target" ];
};
systemd.services."systemd-exporter" = {
enable = true;
unitConfig = {
Description = "Prometheus Systemd Exporter";
After = [ "network.target" ];
};
serviceConfig = {
ExecStart = "${pkgs.prometheus-systemd-exporter}/bin/systemd_exporter";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [
9100
9558
8989
];
}

7
system/monitoring/default.nix
View File

@@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./metrics.nix
./logs.nix
];
}

39
system/monitoring/logs.nix
View File

@@ -1,39 +0,0 @@
{ ... }:
{
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_address = "0.0.0.0";
http_listen_port = 9099;
grpc_listen_address = "0.0.0.0";
grpc_listen_port = 9098;
};
clients = [
{
url = "http://monitoring01.home.2rjus.net:3100/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
json = true;
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "systemd_unit";
}
{
source_labels = [ "__journal__hostname" ];
target_label = "host";
}
];
}
];
};
};
}

22
system/monitoring/metrics.nix
View File

@@ -1,22 +0,0 @@
{ ... }:
{
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
enabledCollectors = [
"systemd"
"logind"
];
};
smartctl = {
enable = true;
openFirewall = true;
devices = [ "/dev/nvme0n1" ];
};
systemd = {
enable = true;
openFirewall = true;
};
};
}

8
system/networking.nix
View File

@@ -1,8 +0,0 @@
{ lib, ... }:
{
networking.networkmanager.enable = true;
networking.nftables.enable = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = lib.mkDefault [ ];
networking.firewall.allowedUDPPorts = lib.mkDefault [ ];
}

24
system/nix-config.nix
View File

@@ -1,24 +0,0 @@
{ ... }:
{
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"torjus"
];
substituters = [ "https://cache.nixos.org" ];
trusted-substituters = [ "https://cache.nixos.org" ];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
};
}

12
system/root-ca-old.crt
View File

@@ -1,12 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBxDCCAWmgAwIBAgIQQCSzuOLIKLj1dGbC+NFttjAKBggqhkjOPQQDAjBAMRow
GAYDVQQKExFob21lLjJyanVzLm5ldCBDQTEiMCAGA1UEAxMZaG9tZS4ycmp1cy5u
ZXQgQ0EgUm9vdCBDQTAeFw0yNDEwMjEwOTEyNDRaFw0zNDEwMTkwOTEyNDRaMEAx
GjAYBgNVBAoTEWhvbWUuMnJqdXMubmV0IENBMSIwIAYDVQQDExlob21lLjJyanVz
Lm5ldCBDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGDE4ss9y
9msphQ/Sa/tAoEaGoDHQcg5oRcxWL5SZYjUPNl+zbRZzqkvCz2S1XrHJPiPWbyJX
cZAlPxbwZrWDyKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQEwHQYDVR0OBBYEFPZx6AahX5diBMChZbv5N4dh+vCTMAoGCCqGSM49BAMCA0kA
MEYCIQC6yqMM9/s1Dct5jlq0NAGsDA68hVTDcO3RP61lxQlfBwIhAL1jlmIwaSJc
TjdIMjPQ3ombBRqDJBDvDr8o6oOUjret
-----END CERTIFICATE-----

14
system/root-ca.crt
View File

@@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICIjCCAaigAwIBAgIUQ/Bd/4kNvkPjQjgGLUMynIVzGeAwCgYIKoZIzj0EAwMw
QDELMAkGA1UEBhMCTk8xEDAOBgNVBAoTB0hvbWVsYWIxHzAdBgNVBAMTFmhvbWUu
MnJqdXMubmV0IFJvb3QgQ0EwHhcNMjYwMjAxMjIxODA5WhcNMzYwMTMwMjIxODM5
WjBAMQswCQYDVQQGEwJOTzEQMA4GA1UEChMHSG9tZWxhYjEfMB0GA1UEAxMWaG9t
ZS4ycmp1cy5uZXQgUm9vdCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABH8xhIOl
Nd1Yb1OFhgIJQZM+OkwoFenOQiKfuQ4oPMxaF+fnXdKc77qPDVRjeDy61oGS38X3
CjPOZAzS9kjo7FmVbzdqlYK7ut/OylF+8MJkCT8mFO1xvuzIXhufnyAD4aNjMGEw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEimBeAg
3JVeF4BqdC9hMZ8MYKw2MB8GA1UdIwQYMBaAFEimBeAg3JVeF4BqdC9hMZ8MYKw2
MAoGCCqGSM49BAMDA2gAMGUCMQCvhRElHBra/XyT93SKcG6ZzIG+K+DH3J5jm6Xr
zaGj2VtdhBRVmEKaUcjU7htgSxcCMA9qHKYFcUH72W7By763M6sy8OOiGQNDSERY
VgnNv9rLCvCef1C8G2bYh/sKGZTPGQ==
-----END CERTIFICATE-----

10
system/root-ca.nix
View File

@@ -1,10 +0,0 @@
{ pkgs, ... }:
{
security.pki = {
certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
./root-ca.crt
./root-ca-old.crt
];
};
}

Some files were not shown because too many files have changed in this diff Show More