jeirmeister/nixos-config-master
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: jeirmeister:main
Branches Tags
jeirmeister:main
jeirmeister:flake-transition
jeirmeister:nova-incorporate
...
pull from: jeirmeister:nova-incorporate
Branches Tags
jeirmeister:main
jeirmeister:flake-transition
jeirmeister:nova-incorporate

6 Commits
main ... nova-incor

Author SHA1 Message Date
jeirmeister
8452ef7ea6
incorporated elements from novas config and switched to flake -- WARNING, not tested or built yet 2024-11-02 02:41:32 -07:00
jeirmeister
2769723008
real checkpoint, forgot to add 2024-11-02 00:21:53 -07:00
jeirmeister
8bf68245b1
checkpoint before converting to more modular flake.nix setup 2024-11-02 00:21:28 -07:00
jeirmeister
4f46e48abc
Making additional structural changes, adding in advanced tmux configuration 2024-11-01 23:40:23 -07:00
jeirmeister
711c6eef87
Add 1 git-crypt collaborator 
New collaborators:

	2D35C4A7 jeirmeister (GPG Key for multi-use) <jeir@jeirslab.xyz>
 2024-11-01 19:19:17 -07:00
jeirmeister
9a4eea5444
(refactor) simplified structure even more, added sops and git-crypt secrets management 2024-11-01 19:13:44 -07:00
211 changed files with 13963 additions and 1295 deletions
Show Stats Expand all files Collapse all files

4
.git-crypt/.gitattributes vendored Normal file
View File

@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

BIN
.git-crypt/keys/default/0/6F72D301AAB6150E22F3C74633A40DF62D35C4A7.gpg Normal file
View File

Binary file not shown.

12
.gitattributes vendored Normal file
View File

@ -0,0 +1,12 @@
# Encrypt sensitive keys
secrets/keys/gpg/private.key filter=git-crypt diff=git-crypt
secrets/keys/ssh/id_ed25519 filter=git-crypt diff=git-crypt
secrets/keys/ssh/*_rsa filter=git-crypt diff=git-crypt
# Don't encrypt public keys
secrets/keys/gpg/public.key !filter !diff
secrets/keys/ssh/*.pub !filter !diff
# Don't encrypt configuration files
*.nix !filter !diff
.gitattributes !filter !diff

2
.repo-to-text-settings.yaml
View File

@ -14,5 +14,3 @@ ignore-tree-and-content:
ignore-content:
- "README.md"
- "LICENSE"
- "documentation"

159
README.md Normal file
View File

@ -0,0 +1,159 @@
# NixOS Configuration Structure
This repository contains a NixOS configuration managed through a flake-driven approach. Each directory serves a specific purpose in the overall configuration structure.
## Directory Structure Overview
### `flake.nix`
The entry point and source of truth for the entire configuration. This file:
- Defines system configurations
- Sets up home-manager configurations
- Enables profiles
- Manages input sources
- Configures the Nix environment
### `lib/`
Library functions and utilities that power the configuration system.
- `conds.nix`: Condition checking helpers for configuration logic
- `default.nix`: Main library entry point that re-exports all functions
- `mkHome.nix`: Home-manager configuration builder
- `mkHost.nix`: NixOS host configuration builder
- `secrets.nix`: Secret management helper functions
- `utils.nix`: General utility functions used throughout the configuration
### `profiles/`
Profile definitions that enable specific sets of modules and configurations.
- `core/`: System-level profiles
- `minimal.nix`: Basic system setup
- `workstation.nix`: Desktop/laptop configuration
- `server.nix`: Server-specific setup
- `home/`: Home-manager profiles
- `desktop.nix`: Desktop environment configuration
- `development.nix`: Development tools and settings
- `gaming.nix`: Gaming-related configuration
Profiles are enabled through the flake.nix and determine which modules are activated.
### `modules/`
Module definitions that implement actual functionality. Modules are enabled by profiles.
- `core/`: System-level modules
- `age.nix`: Age encryption setup
- `desktop.nix`: Desktop environment fundamentals
- `filesystem.nix`: Filesystem configurations
- `home-manager.nix`: Home-manager integration
- `networking.nix`: Network configuration
- `nix.nix`: Nix package manager settings
- `security/`: Security-related modules
- `user.nix`: User management
- `xdg.nix`: XDG base directory support
- `home/`: Home-manager modules
- `comms/`: Communication tools
- `development/`: Development environments
- `firefox/`: Browser configuration
- `media/`: Media applications
- `terminal/`: Terminal emulators
- `theme/`: Theming configuration
- `virtualization/`: Virtualization tools
### `system/`
System-level configurations that are used by modules.
- `boot/`: Boot-related configurations
- `quietboot.nix`: Silent boot configuration
- `systemd-boot.nix`: Systemd-boot setup
- `desktop/`: Desktop environment configurations
- `appimage.nix`: AppImage support
- `plasma6.nix`: KDE Plasma 6 configuration
- `hardware/`: Hardware-specific settings
- `bluetooth.nix`: Bluetooth configuration
- `hardware-acceleration.nix`: GPU acceleration
- `qmk.nix`: QMK keyboard firmware
- `rgb.nix`: RGB lighting control
- `locales/`: Language and locale settings
- `us-english.nix`: US English locale configuration
- `services/`: System services
- `flatpak.nix`: Flatpak support
- `printing.nix`: Printer configuration
- `sunshine.nix`: Sunshine streaming
- `syncthing.nix`: Syncthing file sync
- `tailscale.nix`: Tailscale VPN
- `shell/`: Shell configurations
- `aliases.nix`: Shell aliases
- `atuin.nix`: Shell history database
- `zsh.nix`: Zsh configuration
- `tmux.nix`: Tmux terminal multiplexer
### `secrets/`
Secret management using age encryption.
- `encrypted/`: Encrypted secret files
- `identities/`: Age identities for decryption
- `users/`: User-specific secret configurations
- `${username}/`: Per-user secret definitions
### `hosts/`
Host-specific configurations created via mkHost.
- `${hostname}/`
- `hardware-configuration.nix`: Hardware-specific settings
- `default.nix`: Host-specific overrides
### `users/`
User-specific configurations created via mkHome.
- `${username}/`
- `config/`: User-specific configurations
- `dotfiles/`: User dotfiles
- `${hostname}.nix`: Host-specific user settings
### `pkgs/`
Custom package definitions and overlays.
- `default.nix`: Entry point for custom packages
- `overlays/`: Nixpkgs overlays
- `default.nix`: Main overlay entry point
- `modifications/`: Modified existing packages
- `custom/`: Custom package definitions
- `patches/`: Package patches for existing packages
The pkgs directory serves several purposes:
- Define custom packages not available in nixpkgs
- Modify existing packages from nixpkgs
- Create overlays for system-wide package modifications
- Store patches for package modifications
Package definitions here can be used throughout the configuration by:
1. Being imported through overlays in flake.nix
2. Direct reference in module configurations
3. Usage in home-manager configurations
4. Integration with development environments
## Configuration Flow
1. `flake.nix` initiates configuration
2. `lib` functions build configurations
3. Profiles enable appropriate modules
4. Modules implement functionality using system configurations
5. Secrets are applied where needed
6. Host-specific configurations override as needed
7. User configurations are applied through home-manager
## Important Notes
- Configurations should flow from the flake.nix
- Profiles should enable modules, not implement functionality
- Modules should be composable and configurable
- System configurations should be reusable
- Secrets should be managed through age/agenix
- Host configurations should only contain necessary overrides
- User configurations should be host-aware

3
config.json
View File

@ -1,3 +0,0 @@
{
"users/jeirmeister/programs/shell/terminals/kitty.nix": "{ config, pkgs, ... }:\n\n{\n programs.kitty = {\n enable = true;\n settings = {\n font_family = \"JetBrains Mono\";\n font_size = 12;\n window_padding_width = 4;\n background_opacity = \"0.95\";\n hide_window_decorations = \"yes\";\n tab_bar_style = \"powerline\";\n \n # Dracula theme colors\n foreground = \"#F8F8F2\";\n background = \"#282A36\";\n selection_foreground = \"#ffffff\";\n selection_background = \"#44475a\";\n url_color = \"#8be9fd\";\n cursor = \"#f8f8f2\";\n\n # black\n color0 = \"#21222c\";\n color8 = \"#6272a4\";\n\n # red\n color1 = \"#ff5555\";\n color9 = \"#ff6e6e\";\n\n # green\n color2 = \"#50fa7b\";\n color10 = \"#69ff94\";\n\n # yellow\n color3 = \"#f1fa8c\";\n color11 = \"#ffffa5\";\n\n # blue\n color4 = \"#bd93f9\";\n color12 = \"#d6acff\";\n\n # magenta\n color5 = \"#ff79c6\";\n color13 = \"#ff92df\";\n\n # cyan\n color6 = \"#8be9fd\";\n color14 = \"#a4ffff\";\n\n # white\n color7 = \"#f8f8f2\";\n color15 = \"#ffffff\";\n\n # tab bar\n active_tab_foreground = \"#282a36\";\n active_tab_background = \"#f8f8f2\";\n inactive_tab_foreground = \"#282a36\";\n inactive_tab_background = \"#6272a4\";\n };\n };\n}"
}

32
config.sh
View File

@ -1,32 +0,0 @@
#!/usr/bin/env bash
# README # ------
# Configure the config.json file in this same directory for an AI chatbot to
# Assist in making direct changes to files.
set -euo pipefail
# Make sure jq is available
if ! command -v jq &> /dev/null; then
echo "Error: jq is required but not installed"
exit 1
fi
# Make sure config.json exists
if [ ! -f "config.json" ]; then
echo "Error: config.json not found in current directory"
exit 1
fi
echo "Creating directories and files..."
# Process each key in the JSON configuration
for file in $(jq -r 'keys[]' config.json); do
# Create directory if it doesn't exist
dir=$(dirname "$file")
mkdir -p "$dir"
# Write content to file
jq -r --arg file "$file" '.[$file]' config.json > "$file"
echo "Created: $file"
done
echo "Configuration files have been created successfully!"

38
documentation/recovery/README.md
View File

@ -1,38 +0,0 @@
# NixOS Steam Deck Recovery Procedures
This documentation covers recovery procedures for NixOS on Steam Deck. It was created based on real recovery scenarios and provides practical solutions for common issues.
## Quick Reference
1. Boot Issues
- [Boot Recovery Guide](./boot-recovery.md)
- Common root causes: filesystem mounts, hardware configuration
2. Network Issues
- [Network Recovery Guide](./network-recovery.md)
- Essential for rebuilding with Jovian packages
3. Filesystem Issues
- [Filesystem Troubleshooting](./filesystem-issues.md)
- Handling mount points and permissions
## Emergency Recovery Steps
1. Boot into emergency mode
2. Establish network connectivity
3. Fix configuration issues
4. Rebuild system
5. Verify and reboot
## Prevention Strategies
1. Maintain separate configurations:
- Main configuration
- Minimal fallback configuration
- Hardware-specific configuration
2. Regular backups of working configurations
3. Testing changes in VM before applying
4. Maintaining recovery tools and scripts

19
documentation/support/scripts/README.md
View File

@ -1,19 +0,0 @@
# Recovery Scripts
This directory contains scripts for automating common recovery tasks.
## Available Scripts
1. `network-recovery.sh`
- Automates network setup in emergency environment
- Handles both ethernet and wifi configurations
- Usage: `sudo ./network-recovery.sh`
## Script Development Guidelines
1. All scripts should:
- Include clear documentation
- Handle errors gracefully
- Provide status feedback
- Support both automatic and interactive modes
- Create backups before making changes

146
documentation/support/scripts/network-recovery.sh
View File

@ -1,146 +0,0 @@
#!/usr/bin/env bash
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to print status messages
print_status() {
echo -e "${GREEN}[*]${NC} $1"
}
print_error() {
echo -e "${RED}[!]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[!]${NC} $1"
}
# Find ethernet interface
find_interface() {
local interface=$(ip link show | grep enp | cut -d: -f2 | tr -d ' ' | head -n1)
if [ -z "$interface" ]; then
print_error "No ethernet interface found"
exit 1
}
echo "$interface"
}
# Prompt for network configuration
get_network_config() {
local default_interface=$(find_interface)
echo "Current network interfaces:"
ip link show
read -p "Enter interface name [$default_interface]: " interface
interface=${interface:-$default_interface}
read -p "Enter static IP address (e.g., 10.0.0.68): " static_ip
read -p "Enter gateway IP address (e.g., 10.0.0.1): " gateway_ip
# Validate IP addresses
if [[ ! $static_ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
print_error "Invalid static IP format"
exit 1
}
if [[ ! $gateway_ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
print_error "Invalid gateway IP format"
exit 1
}
}
# Configure network
setup_network() {
print_status "Setting up network interface $interface..."
# Clear any existing IP addresses
ip addr flush dev $interface
# Bring up interface
ip link set $interface up
if [ $? -ne 0 ]; then
print_error "Failed to bring up interface"
exit 1
}
# Add IP address
ip addr add $static_ip/24 dev $interface
if [ $? -ne 0 ]; then
print_error "Failed to set IP address"
exit 1
}
# Remove any existing default routes
ip route del default 2>/dev/null
# Add default route
ip route add default via $gateway_ip dev $interface
if [ $? -ne 0 ]; then
print_error "Failed to add default route"
exit 1
}
# Configure DNS
print_status "Configuring DNS..."
echo "nameserver $gateway_ip" > /etc/resolv.conf
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
# Disable IPv6
print_status "Disabling IPv6..."
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.lo.disable_ipv6=1
}
# Test connectivity
test_connectivity() {
print_status "Testing connectivity..."
# Test local network
print_status "Pinging gateway..."
if ! ping -c 1 $gateway_ip >/dev/null 2>&1; then
print_error "Cannot ping gateway"
return 1
}
# Test DNS resolution
print_status "Testing DNS resolution..."
if ! ping -c 1 github.com >/dev/null 2>&1; then
print_warning "DNS resolution failed"
return 1
}
print_status "Network setup complete and functional!"
return 0
}
# Main execution
main() {
if [[ $EUID -ne 0 ]]; then
print_error "This script must be run as root"
exit 1
}
print_status "NixOS Network Recovery Script"
print_status "==============================="
get_network_config
setup_network
test_connectivity
if [ $? -eq 0 ]; then
print_status "You should now be able to run nixos-rebuild"
else
print_error "Network setup completed but connectivity test failed"
print_warning "Check your network settings and try again"
fi
}
# Run main function
main "$@"

51
documentation/support/troubleshooting/common-issues.md
View File

@ -1,51 +0,0 @@
# Common Issues and Solutions
## Network Configuration Issues
### Symptoms
- Unable to fetch packages
- No internet connectivity in emergency mode
### Solution
1. Use network-recovery.sh script
2. Manual network configuration:
```bash
ip link set INTERFACE up
ip addr add IP_ADDRESS/24 dev INTERFACE
ip route add default via GATEWAY
echo "nameserver 8.8.8.8" > /etc/resolv.conf
```
## Filesystem Mount Issues
### Symptoms
- Read-only filesystem errors
- Unable to modify configuration
- Failed mounts during boot
### Solution
1. Identify problematic mounts:
```bash
mount | grep ro
lsblk -f
```
2. Remount filesystems:
```bash
mount -o remount,rw /
mount -o remount,rw /nix/store
```
3. Check/modify hardware-configuration.nix
## DBus Issues
### Symptoms
- Failed to connect to bus
- Service startup failures
### Solution
1. Setup minimal DBus environment:
```bash
mkdir -p /run/dbus
mount -t tmpfs tmpfs /run
dbus-daemon --system --fork
```

29
documentation/support/troubleshooting/jovian-nixos.md
View File

@ -1,29 +0,0 @@
# Jovian NixOS Specific Issues
## Package Fetching Issues
### Symptoms
- Unable to fetch Jovian packages
- Build failures related to Jovian components
### Solution
1. Ensure network connectivity
2. Verify Jovian configuration:
```nix
jovian = {
hardware.has.amd.gpu = true;
devices.steamdeck.enable = true;
};
```
3. Check Jovian cache availability
## Hardware Detection Issues
### Symptoms
- Missing Steam Deck specific features
- Hardware not properly recognized
### Solution
1. Verify hardware configuration
2. Check kernel modules
3. Review Jovian hardware settings

76
flake.nix Normal file
View File

@ -0,0 +1,76 @@
{
description = "Jeirmeister's NixOS Configuration";
nixConfig = {
extra-substituters = [
"https://nix-gaming.cachix.org"
"https://nix-community.cachix.org"
];
extra-trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
inputs = {
# Core dependencies
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# System dependencies
systems.url = "github:nix-systems/default";
# Additional tools
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
# Gaming-specific inputs
nix-gaming = {
url = "github:fufexan/nix-gaming";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, home-manager, ... } @ inputs:
let
lib = nixpkgs.lib.extend
(final: prev: import ./lib { inherit inputs self; lib = final; });
# Helper function to create specialized system configs
mkSystem = hostName: system: username:
lib.mkHost {
inherit system username hostName;
extraModules = [
# Add your host-specific modules here
];
};
# Helper function to create home-manager configs
mkHome = username: hostName:
lib.mkHome {
inherit username hostName;
profiles = [ "desktop" "development" "gaming" ];
};
in
{
# NixOS configurations
nixosConfigurations = {
steamnix = mkSystem "steamnix" "x86_64-linux" "jeirmeister";
};
# Home-manager configurations
homeConfigurations = {
"jeirmeister@steamnix" = mkHome "jeirmeister" "steamnix";
};
# Formatter configuration
formatter = lib.forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt);
};
}

31
home.nix
View File

@ -1,31 +0,0 @@
{ config, pkgs, ... }:
let
customPackages = import ./users/jeirmeister/packages { inherit pkgs; };
in
{
imports = [
./users/jeirmeister/programs
];
home = {
username = "jeirmeister";
homeDirectory = "/home/jeirmeister";
stateVersion = "24.05";
packages = with pkgs; [
fortune
];
};
programs.home-manager.enable = true;
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssl-1.1.1w"
];
};
};
}

0
hosts/common/default.nix Normal file
View File

0
hosts/default.nix Normal file
View File

15
hosts/steamdeck/configuration.nix → hosts/steamnix/configuration.nix
View File

@ -52,9 +52,15 @@ in
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = [
"nix-command"
"flakes"
];
substituters = [ "cache.nixos.org" ];
allowed-users = [ "@wheel" "jeirmeister" ];
allowed-users = [
"@wheel"
"jeirmeister"
];
auto-optimise-store = true;
};
@ -86,7 +92,10 @@ in
services.xserver = {
enable = true;
xkb.layout = "us";
videoDrivers = [ "displaylink" "modesetting" ];
videoDrivers = [
"displaylink"
"modesetting"
];
desktopManager.plasma6 = {
enable = true;
extraSessionCommands = ''

77
hosts/steamnix/default.nix Normal file
View File

@ -0,0 +1,77 @@
{ config, lib, pkgs, ... }:
let
jovianNixosRev = "f6423d86bec22c25a576b23262495c5536b0d069";
jovianNixos = builtins.fetchTarball {
url = "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/${jovianNixosRev}.tar.gz";
sha256 = "sha256:1frd1dfqd97idwf1rj29ab0wvyfa2nx2h3bp9hkbmfa1m802avmb";
};
in
{
imports = [
../common
./hardware-configuration.nix
(jovianNixos + "/modules")
];
# Configure host type
hostConfigs = {
hostType = "steamdeck";
hasGaming = true;
hasVR = true;
};
# Steam Deck Specific Configuration
jovian = {
hardware.has.amd.gpu = true;
devices.steamdeck = {
enable = true;
enableControllerUdevRules = true;
enableDefaultStage1Modules = true;
enablePerfControlUdevRules = true;
enableOsFanControl = true;
enableSoundSupport = true;
enableXorgRotation = true;
enableKernelPatches = true;
enableFwupdBiosUpdates = false;
autoUpdate = false;
};
steam.enable = false;
workarounds.ignoreMissingKernelModules = true;
};
# Hardware and Display Configuration
hardware.video = {
displaylink.enable = true;
};
services = {
xserver = {
enable = true;
xkb.layout = "us";
videoDrivers = [ "displaylink" "modesetting" ];
desktopManager.plasma6 = {
enable = true;
extraSessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource 2 0;
'';
};
displayManager = {
sddm = {
enable = true;
wayland = true;
};
sessionCommands = ''
${lib.getBin pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource 2 0
'';
};
};
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
};

33
hosts/steamdeck/hardware-configuration.nix → hosts/steamnix/hardware-configuration.nix
View File

@ -1,27 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f3cc4aae-428e-435d-b9f7-333f7dad06b2";
fileSystems."/" = {
device = "/dev/disk/by-uuid/f3cc4aae-428e-435d-b9f7-333f7dad06b2";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/580E-5E90";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/580E-5E90";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ ];

7
lib/conds.nix Normal file
View File

@ -0,0 +1,7 @@
{ lib }:
{
defaultStateVersion = "24.05";
runsDesktop = config: config.modules.desktop.enable;
isWayland = config: config.modules.desktop.wayland.enable;
isX11 = config: config.modules.desktop.x11.enable;
}

51
lib/default.nix Normal file
View File

@ -0,0 +1,51 @@
{ self, inputs, lib }:
let
# Helper functions for internal use
internals = {
sys = import inputs.systems;
# Add standard lib function sets
inherit (lib) types mkOption;
};
# Define pkgsFor before using it
pkgsFor = lib.genAttrs internals.sys (system: import inputs.nixpkgs {
inherit system;
overlays = builtins.attrValues self.overlays;
config.allowUnfree = true;
});
in
{
# Re-export all our functions
inherit (import ./mkHost.nix { inherit self inputs lib; }) mkHost;
inherit (import ./mkHome.nix { inherit self inputs lib; }) mkHome;
inherit (import ./utils.nix { inherit lib; })
mkOpt
mkBoolOpt
enable
disable
enableIf
mkModule;
inherit (import ./conds.nix { inherit lib; })
defaultStateVersion
runsDesktop
isWayland
isX11;
inherit (import ./secrets.nix { inherit lib; })
mkSecretFile
mkSecretIdentities;
# System-wide utilities
inherit pkgsFor;
forEachSystem = fn: lib.genAttrs internals.sys (system: fn pkgsFor.${system});
# Add mkModule helper function
utilMods = {
mkModule = config: name: module:
lib.mkIf config.modules.${name}.enable module;
mkEnabledModule = config: name: module: {
options.modules.${name}.enable = lib.mkEnableOption "Enable ${name} configurations";
config = lib.mkIf config.modules.${name}.enable module;
};
};
}

34
lib/mkHome.nix Normal file
View File

@ -0,0 +1,34 @@
{ self, inputs, lib }:
let
inherit (lib) mkOption types;
in {
mkHome = { username, hostname, profiles ? [] }:
let
system = "x86_64-linux"; # You can make this configurable if needed
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit username hostname;
};
modules = [
# Base home-manager configuration
../users/${username}/home.nix
# Basic home configuration
{
home = {
inherit username;
homeDirectory = "/home/${username}";
stateVersion = "24.05";
};
}
] ++ (map (profile: ../profiles/${profile}) profiles);
};
}

50
lib/mkHost.nix Normal file
View File

@ -0,0 +1,50 @@
{ self, inputs, lib }:
let
inherit (lib) mkOption types;
in {
mkHost = { hostname, username, system ? "x86_64-linux", profiles ? [] }:
let
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs self hostname username;
};
modules = [
# Include host-specific configuration
../hosts/${hostname}/configuration.nix
# Include home-manager as a module
inputs.home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit username hostname;
};
users.${username} = {
imports = [
../users/${username}/home.nix
] ++ (map (profile: ../profiles/${profile}) profiles);
};
};
}
# Basic system configuration
{
networking.hostName = hostname;
system.stateVersion = "24.05";
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
}
];
};
}

15
lib/secrets.nix Normal file
View File

@ -0,0 +1,15 @@
{ lib }:
let
internals.agePath = ../secrets;
in {
mkSecretFile = { user, source, destination ? null, owner ? null, group ? null }:
lib.filterAttrs (n: v: v != null) {
file = lib.path.append (internals.agePath + "/${user}") source;
path = destination;
inherit owner group;
};
mkSecretIdentities = identity:
lib.lists.forEach identity (x:
lib.path.append (internals.agePath + "/identities") x);
}

37
lib/utils.nix Normal file
View File

@ -0,0 +1,37 @@
{ lib }:
let
# Helper functions
mkEnableAttrs = value: elems: builtins.listToAttrs (map
(name: {
inherit name;
value.enable = value;
})
elems);
in
{
# Option helpers
mkOpt = type: default: lib.mkOption { inherit type default; };
mkBoolOpt = default: lib.mkOption { type = lib.types.bool; inherit default; };
# Module management
mkModule = config: name: module:
lib.mkIf config.modules.${name}.enable module;
enable = elems: mkEnableAttrs true elems;
disable = elems: mkEnableAttrs false elems;
enableIf = cond: elems: if cond then (mkEnableAttrs true elems) else (mkEnableAttrs false elems);
# Import helpers
concatImports = { paths ? [ ], include ? [ ], exclude ? [ ] }:
let
isExcluded = path: builtins.elem path exclude;
validPath = path: lib.pathExists path && !isExcluded path;
in
lib.flatten (map
(path:
if validPath path
then path
else [ ]
)
(paths ++ include));
}

9
modules/core/_security/default.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }:
{
imports = [
./gpg.nix
./ssh.nix
./hardening.nix
];
}

45
modules/core/_security/gpg.nix Normal file
View File

@ -0,0 +1,45 @@
{ config, lib, pkgs, ... }:
lib.utilMods.mkModule config "security.gpg" {
programs.gpg = {
enable = true;
settings = {
# Modern cipher preferences
personal-cipher-preferences = "AES256 AES192 AES";
personal-digest-preferences = "SHA512 SHA384 SHA256";
personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
# Security settings
require-cross-certification = true;
no-emit-version = true;
no-comments = true;
keyid-format = "0xlong";
with-fingerprint = true;
list-options = "show-uid-validity";
verify-options = "show-uid-validity";
};
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
defaultCacheTtl = 1800;
maxCacheTtl = 7200;
extraConfig = ''
allow-preset-passphrase
allow-loopback-pinentry
enable-ssh-support
write-env-file
'';
};
# Ensure proper GPG directory permissions on activation
home.activation.fixGpgPerms = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
if [ -d "$HOME/.gnupg" ]; then
chmod 700 "$HOME/.gnupg"
find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
fi
'';
}

53
modules/core/_security/hardening.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, ... }:
lib.utilMods.mkModule config "security.hardening" {
# TCP hardening from your original config
boot.kernelModules = [ "tcp_bbr" ];
boot.kernel.sysctl = {
# Prevent bogus ICMP errors from filling up logs
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering for IP spoofing mitigation
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Disable IP source routing (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Disable ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# MITM mitigations
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# SYN flood protection
"net.ipv4.tcp_syncookies" = 1;
# TIME-WAIT assassination protection
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# Enable TCP Fast Open
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
# Make /tmp volatile
boot.tmp.cleanOnBoot = true;
# Basic security settings
security = {
# Prevent replacing the running kernel image
protectKernelImage = true;
# Allow terminal users to execute programs
pam.loginLimits = [{
domain = "@users";
item = "nofile";
type = "soft";
value = 4096;
}];
};
}

38
modules/core/_security/ssh.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
lib.utilMods.mkModule config "security.ssh" {
services.openssh = {
enable = true;
settings = {
# Security hardening
PasswordAuthentication = false;
PermitRootLogin = "no";
# Automatically remove stale sockets
StreamLocalBindUnlink = "yes";
};
};
programs.ssh = {
startAgent = true;
extraConfig = ''
AddKeysToAgent yes
UseKeychain yes
IdentitiesOnly yes
HashKnownHosts yes
'';
# For better security
serverAliveInterval = 60;
serverAliveCountMax = 2;
};
# Ensure SSH directory exists with correct permissions
home.file.".ssh/.keep".text = "";
home.activation.sshPermissions = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
chmod 700 ~/.ssh
if [ -f ~/.ssh/id_ed25519 ]; then
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
fi
'';
}

66
modules/core/age.nix Normal file
View File

@ -0,0 +1,66 @@
{
config,
lib,
pkgs,
inputs,
...
}: let
cfg = config.variables;
pcscdCfg = pkgs.writeText "reader.conf" "";
pcscdPkg = pkgs.pcsclite;
pcscdPluginEnv = pkgs.buildEnv {
name = "pcscd-plugins";
paths = map (p: "${p}/pcsc/drivers") [pkgs.ccid];
};
in
{imports = with inputs; [agenix.nixosModules.default];}
// {
options.variables.userIdentityPaths = lib.mkOption {
default = [];
type = lib.types.listOf lib.types.path;
description = "List of secret identity paths for the user";
};
config = lib.mkMerge [
(lib.mkIf (cfg.userIdentityPaths != []) {
age.identityPaths = lib.mkOptionDefault cfg.userIdentityPaths;
hm.age.identityPaths = lib.mkOptionDefault cfg.userIdentityPaths;
})
{
home-manager.sharedModules = with inputs; [
agenix.homeManagerModules.default
];
environment.systemPackages = with pkgs; [agenix age age-plugin-yubikey];
age.ageBin = "PATH=$PATH:${lib.makeBinPath [pkgs.age-plugin-yubikey]} ${pkgs.age}/bin/age";
services.pcscd.enable = lib.mkForce true;
# TODO: Figure out why this is broken
#systemd.services.pcscd.serviceConfig.ExecStart = mkForce [
# "${pcscdPkg}/bin/pcscd -f -c ${pcscdCfg}"
#];
# HACK: Start pcscd before decrypting secrets
boot.initrd.systemd = {
enable = lib.mkDefault true;
packages = [(lib.getBin pcscdPkg)];
storePaths = [
"${pcscdPkg}/bin/pcscd"
"${pcscdCfg}"
"${pcscdPluginEnv}"
];
sockets.pcscd.wantedBy = ["sockets.target"];
services.pcscd = {
environment.PCSCLITE_HP_DROPDIR = pcscdPluginEnv;
after = ["rollback.service"];
serviceConfig.ExecStart = [
""
"${pcscdPkg}/bin/pcscd -f -c ${pcscdCfg}"
];
};
};
}
];
}

26
modules/core/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
{
options.modules = {
core = lib.mkOption {
type = lib.types.submodule {
options = {
profile = lib.mkOption {
type = lib.types.enum [ "minimal" "workstation" "server" ];
default = "minimal";
description = "The core profile to use for this system";
};
};
};
};
};
config = {
# Import the selected profile
imports = [ ../profiles/core/${config.modules.core.profile}.nix ];
# Common core settings that apply to all profiles
nix.settings.auto-optimise-store = true;
boot.tmp.cleanOnBoot = true;
};
}

144
modules/core/desktop.nix Normal file
View File

@ -0,0 +1,144 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.modules.desktop;
waylandEnv = {
NIXOS_OZONE_WL = "1";
MOZ_ENABLE_WAYLAND = "1";
GDK_BACKEND = "wayland,x11";
SDL_VIDEODRIVER = "x11";
CLUTTER_BACKEND = "wayland";
# QT_QPA_PLATFORM = "wayland";
# LIBSEAT_BACKEND = "logind";
XDG_SESSION_TYPE = "wayland";
#WLR_NO_HARDWARE_CURSORS = "1";
# _JAVA_AWT_WM_NONREPARENTING = "1";
# GDK_SCALE = "2";
# ELECTRON_OZONE_PLATFORM_HINT = "wayland";
};
in {
options.modules.desktop = {
enable = lib.mkEnableOption "Enable desktop configurations";
x11.enable = lib.mkEnableOption "Enable X11 integration" // {default = true;};
wayland.enable = lib.mkEnableOption "Enable wayland integration";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
# X11 Configs
(lib.mkIf cfg.x11.enable {
# Enable the X11 windowing system.
services.xserver = {
enable = true;
# Configure keymap in X11
xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,caps:ctrl_modifier";
};
# Remove xterm terminal
excludePackages = with pkgs; [xterm];
};
# Install installation
environment.systemPackages = with pkgs; [
# X11
xorg.xkbutils
xorg.xkill
xorg.libxcb
];
})
# Wayland Configs
(lib.mkIf cfg.wayland.enable {
environment = {
# NOTE This will break stuff if there is a non-wayland user on the same machine,
# but application launchers need this.
sessionVariables = waylandEnv;
# Install necessary wayland protocol packages
systemPackages = with pkgs; [
#xorg.xeyes
kdePackages.xwaylandvideobridge
libsForQt5.qt5.qtwayland
qt6.qtwayland
];
};
hm.home.sessionVariables = waylandEnv;
})
# Common
{
modules.fonts.enable = true;
services = {
# Enable touchpad support
libinput.enable = true;
# Enable color management service
colord.enable = true;
# Enable pipewire
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
};
environment.systemPackages = with pkgs; [
#Notifications
libnotify
#PDF
poppler
# Enable guestures for touchpad
libinput-gestures
# Install audio configuration tools (Especially important for VR)
pavucontrol
pulseaudio
];
# Enable the RealtimeKit system service
security.rtkit.enable = true;
# Disable PulseAudio
hardware.pulseaudio.enable = lib.mkForce false;
# Enable networking
networking.networkmanager.enable = true;
# Enable for GTK
programs.dconf.enable = true;
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
wlr.enable = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
hm.xdg = {
/*
portal = {
enable = true;
xdgOpenUsePortal = true;
};
*/
# Don't generate config at the usual place.
# Allow desktop applications to write their file association
# preferences to this file.
configFile."mimeapps.list".enable = false;
# Home-manager also writes xdg-mime-apps configuration to the
# "deprecated" location. Desktop applications will look in this
# list for associations, if no association was found in the
# previous config file.
dataFile."applications/mimeapps.list".force = true;
mimeApps.enable = true;
};
}
]);
}

24
modules/core/filesystem.nix Executable file
View File

@ -0,0 +1,24 @@
{pkgs, ...}: {
services.usbmuxd.enable = true;
environment.systemPackages = with pkgs; [
libimobiledevice
ifuse # optional, to mount using 'ifuse'
gvfs
usbmuxd
];
boot.supportedFilesystems = [
"btrfs"
"ext2"
"ext3"
"ext4"
"exfat"
"f2fs"
"fat8"
"fat16"
"fat32"
"ntfs"
"xfs"
];
}

108
modules/core/home-manager.nix Normal file
View File

@ -0,0 +1,108 @@
{
config,
lib,
self,
inputs,
stateVersion,
hostname,
username,
...
}: let
hm-config = config.hm;
activationScript = let
commands = builtins.concatStringsSep "\n" (
map (file: ''rm -fv "${file}" && echo Deleted "${file}"'') hm-config.nukeFiles
);
in ''
#!/run/current-system/sw/bin/bash
set -o errexit
set -o nounset
echo "[home-nuker] Nuking files so Home Manager can get its will"
${commands}
'';
in
{
imports = with inputs; [
home-manager.nixosModules.home-manager
# Let us use hm as shorthand for home-manager config
(lib.mkAliasOptionModule ["hm"] ["home-manager" "users" username])
];
}
// lib.utilMods.mkEnabledModule config "core.homeManager" {
# Home file nuking script that deletes stuff just before we run home-manager's activation scripts
system.userActivationScripts.home-conflict-file-nuker = lib.mkIf (hm-config.nukeFiles != []) activationScript;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit self inputs stateVersion hostname username;};
backupFileExtension = ".bak";
sharedModules = with inputs;
[
#agenix.homeManagerModules.default
nix-index-database.hmModules.nix-index
plasma-manager.homeManagerModules.plasma-manager
#stylix.homeManagerModules.stylix
]
# Import modules specific and user configs for home-manager
# TODO: Maybe make ./config in users be available to NixOS too and just pass any Home-Manager configs via hm?
++ lib.utils.concatImports {
paths = [
../home
../../users/${username}/config
];
};
# Import specific stuff for the user
users.${username} = import ../../users/${username}/${config.networking.hostName}.nix;
};
hm = {
nix.settings = config.nix.settings;
programs = {
home-manager.enable = true;
emacs.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
ssh.enable = lib.mkDefault true;
gpg.enable = lib.mkDefault true;
};
home = {
inherit username stateVersion;
inherit (config.variables.user) homeDirectory;
preferXdgDirectories = true;
sessionVariables = {
FLAKE = "${hm-config.home.homeDirectory}/Documents/NixConfig";
XDG_BIN_HOME = "${hm-config.home.homeDirectory}/.local/bin";
ANDROID_USER_HOME = "${hm-config.xdg.dataHome}/android";
CUDA_CACHE_PATH = "${hm-config.xdg.cacheHome}/nv";
TLDR_CACHE_DIR = "${hm-config.xdg.cacheHome}/tldr";
};
sessionPath = ["${hm-config.home.sessionVariables.XDG_BIN_HOME}"];
shellAliases.wget = ''wget --hsts-file="${hm-config.xdg.dataHome}/wget-hsts"'';
};
# (De)activate wanted systemd units when changing configs
systemd.user.startServices = "sd-switch";
# Enable HTML help page
manual.html.enable = true;
news.display = "silent";
# Make sure XDG is enabled
xdg.enable = true;
xresources.path = lib.mkForce "${hm-config.xdg.configHome}/.Xresources";
gtk = {
enable = true;
gtk2.configLocation = lib.mkForce "${hm-config.xdg.configHome}/gtk-2.0/gtkrc";
};
};
}

194
modules/core/ld.nix Normal file
View File

@ -0,0 +1,194 @@
# Taken from https://github.com/ywmaa/dotfiles/blob/main/nix-config/dynamic_binaries_support.nix
{pkgs, ...}: {
# allow running binaries
services.envfs.enable = true;
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Needed for operating system detection until
# https://github.com/ValveSoftware/steam-for-linux/issues/5909 is resolved
lsb-release
# Errors in output without those
pciutils
# Games' dependencies
xorg.xrandr
which
# Needed by gdialog, including in the steam-runtime
perl
# Open URLs
xdg-utils
iana-etc
# Steam Play / Proton
python3
# It tries to execute xdg-user-dir and spams the log with command not founds
xdg-user-dirs
# electron based launchers need newer versions of these libraries than what runtime provides
sqlite
# Godot + Blender
stdenv.cc.cc
# Blender
libdecor
# Godot Engine
libunwind
# Others
xorg.libXcomposite
xorg.libXtst
xorg.libXrandr
xorg.libXext
xorg.libX11
xorg.libXfixes
xorg.libxkbfile
libGL
libva
libva-utils
#pipewire.lib
ocamlPackages.alsa
alsa-lib
libpulseaudio
# steamwebhelper
harfbuzz
libthai
pango
brotli
fuse3
icu
libglvnd
libnotify
libxml2
openssl
pipewire
pulseaudio
systemd
x264
libplist
lsof # friends options won't display "Launch Game" without it
file # called by steam's setup.sh
# dependencies for mesa drivers, needed inside pressure-vessel
mesa
mesa.llvmPackages.llvm.lib
vulkan-loader
expat
wayland
xorg.libxcb
xorg.libXdamage
xorg.libxshmfence
xorg.libXxf86vm
libelf
(lib.getLib elfutils)
# Without these it silently fails
xorg.libXinerama
xorg.libXcursor
xorg.libXrender
xorg.libXScrnSaver
xorg.libXi
xorg.libSM
xorg.libICE
gnome2.GConf
curlWithGnuTls
nspr
nss
cups
libcap
SDL2
libusb1
dbus
dbus-glib
gsettings-desktop-schemas
ffmpeg
libudev0-shim
# Verified games requirements
fontconfig
freetype
xorg.libXt
xorg.libXmu
libogg
libvorbis
SDL
SDL2_image
glew110
libidn
tbb
zlib
# SteamVR
procps
usbutils
udev
# Other things from runtime
glib
gtk2
gtk3
bzip2
flac
freeglut
libjpeg
libpng
libpng12
libsamplerate
libmikmod
libtheora
libtiff
pixman
speex
SDL_image
SDL_ttf
SDL_mixer
SDL2_ttf
SDL2_mixer
libappindicator-gtk2
libappindicator-gtk3
libdbusmenu-gtk2
libindicator-gtk2
libcaca
libcanberra
libgcrypt
libvpx
librsvg
xorg.libXft
libvdpau
# required by coreutils stuff to run correctly
# Steam ends up with LD_LIBRARY_PATH=<bunch of runtime stuff>:/usr/lib:<etc>
# which overrides DT_RUNPATH in our binaries, so it tries to dynload the
# very old versions of stuff from the runtime.
# FIXME: how do we even fix this correctly
attr
# Not formally in runtime but needed by some games
at-spi2-atk
at-spi2-core # CrossCode
gst_all_1.gstreamer
gst_all_1.gst-plugins-ugly
gst_all_1.gst-plugins-base
json-glib # paradox launcher (Stellaris)
libdrm
libxkbcommon # paradox launcher
libxcrypt # Alien Isolation, XCOM 2, Company of Heroes 2
mono
xorg.xkeyboardconfig
xorg.libpciaccess
icu # dotnet runtime, e.g. Stardew Valley
# screeps dependencies
atk
cairo
gdk-pixbuf
# Prison Architect
libGLU
libuuid
libbsd
# Loop Hero
libidn2
libpsl
nghttp2.lib
rtmpdump
];
}

18
modules/core/networking.nix Normal file
View File

@ -0,0 +1,18 @@
_: {
networking.firewall.enable = true;
systemd.network.wait-online.enable = false;
systemd.services.NetworkManager-wait-online.enable = false;
# Enable mDNS
services.avahi = {
enable = true;
nssmdns4 = true;
# for a WiFi printer
openFirewall = true;
# Make user systemd service work with avahi
publish = {
enable = true;
userServices = true;
};
};
}

83
modules/core/nix.nix Normal file
View File

@ -0,0 +1,83 @@
{
config,
pkgs,
self,
lib,
inputs,
...
}: {
# Config Nixpkgs
nixpkgs = {
overlays = builtins.attrValues self.overlays;
config = {
allowUnfree = true;
joypixels.acceptLicense = true;
};
};
nix = {
# Makes `nix run` commands use unfree
registry = lib.mkForce {
nixpkgs.flake = inputs.nixpkgs;
nixpkgs-stable.flake = inputs.nixpkgs-stable;
# Allow running unfree packages with nix3 commands via `nix run unfree#steam`
unfree.flake = pkgs.callPackage lib.mkUnfreeNixpkgs {path = inputs.nixpkgs;};
unfree-stable.flake = pkgs.callPackage lib.mkUnfreeNixpkgs {path = inputs.nixpkgs-stable;};
};
# Disable channels
channel.enable = false;
# Force latest nix version
package = pkgs.nixVersions.nix_2_23;
# Perform nix store optimisation weekly to maintain low disk usage
optimise = {
automatic = true;
dates = ["weekly"]; # Optional; allows customizing optimisation schedule
};
# Perform garbage collection weekly to maintain low disk usage
gc = {
automatic = true;
dates = "weekly";
# Delete generations that are more than 14 days old
options = "--delete-older-than 14d";
};
settings = {
# Make sure flakes is enabled
experimental-features = ["nix-command" "flakes"];
# No warnings if git isn't pushed
warn-dirty = false;
# Force XDG Base Directory paths
use-xdg-base-directories = true;
# for Nix path
nix-path = ["nixpkgs=${pkgs.path}"];
# Make root and any user in the wheel group trusted
trusted-users = ["root" "@wheel"];
substituters = [
"https://nix-community.cachix.org"
"https://nix-gaming.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
];
# Reasonable defaults, see https://jackson.dev/post/nix-reasonable-defaults/
connect-timeout = 5;
log-lines = 25;
min-free = 128000000; # 128MB
max-free = 1000000000; # 1GB
fallback = true; # If binary cache fails, it's okay
};
};
documentation.nixos.enable = false; # Apparently speeds up rebuild time
}

42
modules/core/security.nix Executable file
View File

@ -0,0 +1,42 @@
_: {
# Make /tmp clean itself on remote. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = true;
boot.kernelModules = ["tcp_bbr"];
## TCP hardening
boot.kernel.sysctl = {
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're on a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
}

59
modules/core/user.nix Normal file
View File

@ -0,0 +1,59 @@
{
config,
lib,
options,
username,
...
}: let
internals = {
cfg = config.variables.user;
hostname = config.networking.hostName;
};
in {
options.variables.user = {
fullName = lib.mkOption {
type = lib.types.str;
default = "";
example = "John Doe";
description = ''
Your first and last name.
'';
};
emailAddress = lib.mkOption {
type = lib.types.str;
default = "";
example = "johndoe@example.com";
description = ''
Your email address.
'';
};
homeDirectory = lib.mkOption {
type = lib.types.str;
description = ''
The directory for the user's folders. This should only be set if it's in a non-default location.
'';
default = "/home/${username}";
};
};
config = {
#users.mutableUsers = false; # Makes it so we can only do password stuff via nixos, safer for not bricking system
users.users.${username} = {
isNormalUser = true;
description = internals.cfg.fullName;
};
time = {
hardwareClockInLocalTime = lib.mkDefault true;
# Set UTC as default timezone, users can override if they want to
timeZone = lib.mkDefault "UTC";
};
assertions = [
#{assertion = options.variables.user.fullName.isDefined;}
#{assertion = options.variables.user.emailaddress.isDefined;}
{assertion = options.variables.user.homeDirectory.isDefined;}
];
};
}

16
modules/core/xdg.nix Normal file
View File

@ -0,0 +1,16 @@
{
config,
lib,
...
}: {
environment.sessionVariables = {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
ANDROID_USER_HOME = "$XDG_DATA_HOME/android";
CUDA_CACHE_PATH = "$XDG_CACHE_HOME/nv";
TLDR_CACHE_DIR = "$XDG_CACHE_HOME/tldr";
};
}

4
users/jeirmeister/programs/shell/shells/default.nix → modules/home/_editors/_default.nix
View File

@ -2,7 +2,7 @@
{
imports = [
./aliases
./zsh.nix
./sublime.nix
./vscode
];
}

47
modules/home/_editors/_sublime.nix Normal file
View File

@ -0,0 +1,47 @@
{ config, pkgs, ... }:
{
# Install Sublime Text through home.packages
home.packages = with pkgs; [
sublime4 # Or sublime3 if you prefer
];
# Sublime settings live in a specific directory
home.file = {
".config/sublime-text/Packages/User/Preferences.sublime-settings".text = builtins.toJSON {
# Your sublime settings here
font_size = 12;
font_face = "FiraCode Nerd Font";
theme = "Adaptive.sublime-theme";
color_scheme = "Packages/Color Scheme - Default/Monokai.sublime-color-scheme";
ignored_packages = [ "Vintage" ];
rulers = [
80
120
];
tab_size = 2;
translate_tabs_to_spaces = true;
ensure_newline_at_eof_on_save = true;
trim_trailing_white_space_on_save = true;
};
# Key bindings
".config/sublime-text/Packages/User/Default (Linux).sublime-keymap".text = builtins.toJSON [
{
keys = [ "ctrl+shift+f" ];
command = "reindent";
}
];
# Package Control settings
".config/sublime-text/Packages/User/Package Control.sublime-settings".text = builtins.toJSON {
installed_packages = [
"Package Control"
"SideBarEnhancements"
"A File Icon"
"Dracula Color Scheme"
"GitGutter"
"MarkdownEditing"
];
};
};
}

19
modules/home/_editors/_vscode/_default.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
let
userSettings = import ./settings.nix { inherit pkgs; };
extensions = import ./extensions.nix { inherit pkgs; };
in
{
programs.vscode = {
enable = true;
extensions = extensions;
userSettings = userSettings;
};
# Your other configurations like home.packages etc.
home.packages = with pkgs; [
nixpkgs-fmt
nil
];
}

11
modules/home/_editors/_vscode/_extensions.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
with pkgs.vscode-extensions;
[
ms-vsliveshare.vsliveshare
ms-python.python
rust-lang.rust-analyzer
ms-azuretools.vscode-docker
pkief.material-icon-theme
dracula-theme.theme-dracula
jnoortheen.nix-ide
]

54
modules/home/_editors/_vscode/_settings.nix Normal file
View File

@ -0,0 +1,54 @@
{ pkgs, ... }:
{
# Set the default integrated terminal to zsh
"terminal.integrated.shell.linux" = "${pkgs.zsh}/bin/zsh";
"terminal.integrated.defaultProfile.linux" = "zsh";
# Existing settings
"editor.fontSize" = 14;
"editor.fontFamily" = "FiraCode Nerd Font";
"editor.formatOnSave" = true;
"files.autoSave" = "onWindowChange";
"workbench.colorTheme" = "Dracula";
"editor.minimap.enabled" = false;
"editor.rulers" = [
80
120
];
"files.trimTrailingWhitespace" = true;
"editor.bracketPairColorization.enabled" = true;
# Git settings (unchanged)
"git.enabled" = true;
"git.autofetch" = true;
"git.confirmSync" = false;
"git.enableSmartCommit" = true;
"git.path" = "${pkgs.git}/bin/git";
"git.openRepositoryInParentFolders" = "never";
# GitLens settings (unchanged)
"gitlens.hovers.currentLine.over" = "line";
"gitlens.currentLine.enabled" = true;
"gitlens.hovers.enabled" = true;
"gitlens.mode.active" = "zen";
# Credential manager integration (unchanged)
"git.terminalAuthentication" = true;
"git.credential.helper" = "${pkgs.git-credential-manager}/bin/git-credential-manager";
# Nix configuration
"nix.enableLanguageServer" = true;
"nix.serverPath" = "nil";
"nix.serverSettings" = {
"nil" = {
"formatting" = {
"command" = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ];
};
};
};
"[nix]" = {
"editor.defaultFormatter" = "jnoortheen.nix-ide";
"editor.formatOnSave" = true;
};
}

25
modules/home/comms/discord.nix Normal file
View File

@ -0,0 +1,25 @@
{
config,
osConfig,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "discord" {
home.packages = with pkgs;
if (lib.conds.isWayland osConfig)
then [discord-wayland vesktop]
else [discord];
# make vesktop autostart properly
xdg.configFile."autostart/vesktop.desktop".text = ''
[Desktop Entry]
Type=Application
Version=1.0
Name=Vencord
Comment=Vencord autostart script
Exec=sh -c "${pkgs.vesktop}/bin/vesktop --start-minimized"
Terminal=false
StartupNotify=false
'';
}

18
modules/home/comms/messengers.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
# Communication
signal-desktop
telegram-desktop
whatsapp-for-linux
# Productivity
zoom-us
obsidian
bitwarden-desktop
todoist-electron
obs-studio
];
}

47
modules/home/defaults.nix Normal file
View File

@ -0,0 +1,47 @@
{
config,
osConfig,
lib,
...
}: let
cfg = config.variables;
in {
options.variables = {
defaultTerminal = lib.mkOption {
default =
if osConfig.modules.desktop.enable
then (throw "defaultTerminal not set")
else null;
type = lib.types.str;
};
defaultBrowser = lib.mkOption {
default =
if osConfig.modules.desktop.enable
then (throw "defaultBrowser not set")
else null;
type = lib.types.str;
};
defaultTextEditor = lib.mkOption {
default = "";
type = lib.types.str;
};
};
config = lib.mkMerge [
(lib.mkIf ((lib.conds.runsDesktop osConfig) && cfg.defaultTerminal != null) {
home.sessionVariables.TERMINAL = cfg.defaultTerminal;
modules.${cfg.defaultTerminal}.enable = true;
})
(lib.mkIf ((lib.conds.runsDesktop osConfig) && cfg.defaultBrowser != null) {
modules.${cfg.defaultBrowser}.enable = true;
})
(lib.mkIf (cfg.defaultTextEditor != null) {
modules.${cfg.defaultTextEditor}.enable = true;
})
];
}

5
users/jeirmeister/programs/development/env/default.nix → modules/home/development/_default.nix
View File

@ -2,9 +2,8 @@
{
imports = [
./direnv.nix
./common
./env
./languages
./tools
];
}

3
users/jeirmeister/programs/gaming/default.nix → modules/home/development/_env/_default.nix
View File

@ -2,6 +2,7 @@
{
imports = [
./vr
./paths.nix
./versions.nix
];
}

0
users/jeirmeister/programs/development/env/common/paths.nix → modules/home/development/_env/_paths.nix
View File

0
users/jeirmeister/programs/development/env/common/versions.nix → modules/home/development/_env/_versions.nix
View File

0
modules/home/development/_languages/_default.nix Normal file
View File

0
users/jeirmeister/programs/development/env/languages/go/tools.nix → modules/home/development/_languages/_go.nix
View File

26
modules/home/development/_languages/_javascript.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
nodePackages.npm
nodePackages.node-gyp
nodePackages.node-pre-gyp
nodePackages.pnpm
yarn
];
home.file.".npmrc".text = ''
prefix=${config.home.sessionVariables.NODE_PACKAGES_DIR}
'';
home.file.".pnpmrc".text = ''
pnpm-version=8.9.0
store-dir=${config.home.sessionVariables.XDG_DATA_HOME}/pnpm
'';
home.file.".yarnrc".text = ''
cache-folder "${config.home.sessionVariables.XDG_CACHE_HOME}/yarn"
'';
}

39
modules/home/development/_languages/_python/_default.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, pkgs, ... }:
let
pythonVersion = builtins.replaceStrings [ "." ] [ "" ] config.home.sessionVariables.PYTHON_VERSION;
pythonPackages = pkgs."python${pythonVersion}Packages";
# import custom packages
repo-to-text = pkgs.callPackage ./repo-to-text.nix { };
in
{
home.sessionVariables = {
PYTHONDONTWRITEBYTECODE = 1;
PYTHONIOENCODING = "UTF-8";
VIRTUAL_ENV_DISABLE_PROMPT = 1;
};
home.packages = with pythonPackages; [
pip
setuptools
wheel
black
pylint
mypy
pytest
pytest-cov
# Time tracking
toggl-cli
# Add other Python CLI tools
httpie # HTTP client
youtube-dl # Video downloader
# Custom CLI tools
repo-to-text
];
}

9
users/jeirmeister/programs/development/env/languages/python/package-managers/poetry/packages/repo-to-text.nix → modules/home/development/_languages/_python/_packages/_repo-to-text.nix
View File

@ -1,7 +1,8 @@
{ lib
, python311Packages
, fetchPypi
, tree
{
lib,
python311Packages,
fetchPypi,
tree,
}:
python311Packages.buildPythonPackage rec {

20
users/jeirmeister/programs/development/env/languages/rust/toolchain.nix → modules/home/development/_languages/_rust.nix
View File

@ -1,14 +1,28 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
rustup
];
home.sessionVariables = {
RUSTUP_HOME = "${config.home.sessionVariables.XDG_DATA_HOME}/rustup";
};
home.packages = with pkgs; [
cargo-edit
cargo-watch
cargo-audit
cargo-tarpaulin
rustup
];
home.file.".cargo/config.toml".text = ''
[build]
target-dir = "target"
[cargo-new]
vcs = "git"
'';
home.file.".rustup/settings.toml".text = ''
default_toolchain = "${config.home.sessionVariables.RUST_VERSION}"
profile = "default"

17
modules/home/development/_tools/_default.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
imports = [
./git.nix
./direnv.nix
];
home.packages = with pkgs; [
git
git-credential-manager
gh
gotty
git-crypt
sops
];
}

0
users/jeirmeister/programs/development/env/direnv.nix → modules/home/development/_tools/_direnv.nix
View File

48
modules/home/development/_tools/_git.nix Normal file
View File

@ -0,0 +1,48 @@
{
config,
pkgs,
lib,
...
}:
{
programs.git = {
enable = true;
package = pkgs.git;
lfs.enable = true;
userName = "jeirmeister";
userEmail = "jeir@jeirslab.xyz";
# Enable commit and tag signing with specific GPG key
signing = {
key = "0x33A40DF62D35C4A7"; # Your specific key ID
signByDefault = true;
};
extraConfig = {
init.defaultBranch = "main";
pull.rebase = false;
# GPG program configuration
gpg = {
program = "${pkgs.gnupg}/bin/gpg2";
format = "openpgp";
};
# Credential configuration
credential = {
helper = lib.mkForce "${pkgs.git-credential-manager}/bin/git-credential-manager";
credentialStore = "plaintext";
interactive = false;
};
# Enable GPG signing for commits and tags
commit.gpgSign = true;
tag.gpgSign = true;
safe.directory = "*";
};
};
xdg.enable = true;
}

15
modules/home/development/c.nix Normal file
View File

@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "c" {
home.packages = with pkgs; [
# :editor format
clang-tools
# :tools lsp
omnisharp-roslyn
gcc
];
}

19
modules/home/development/java.nix Normal file
View File

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "java" {
programs.java.enable = true;
home.sessionVariables.JDTLS_PATH = "${pkgs.jdt-language-server}/share/java";
home.packages = with pkgs; [
# :tools lsp
java-language-server
# :lang java
jdt-language-server
];
}

12
modules/home/development/latex.nix Normal file
View File

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "latex" {
home.packages = with pkgs; [
# :editor format
texlive.combined.scheme-medium #LaTex
];
}

14
modules/home/development/lua.nix Normal file
View File

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "lua" {
home.packages = with pkgs; [
# :editor format
nodePackages.lua-fmt
# :tools lsp :lang lua
lua-language-server
];
}

14
modules/home/development/markdown.nix Normal file
View File

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "markdown" {
home.packages = with pkgs; [
# :lang markdown
proselint
pandoc
grip
];
}

27
modules/home/development/nix.nix Normal file
View File

@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}: let
alejandra-quiet = pkgs.writeShellScriptBin "alejandra-quiet" ''alejandra --quiet "$@"'';
in
lib.utilMods.mkModule config "nix" {
programs.nix-index-database.comma.enable = true;
home.packages = with pkgs; [
nh # Nice wrapper for NixOS and HM
alejandra # Nix formatter
nix-output-monitor # Monitor Nix compilation
nvd # Nix/NixOS package version diff tool
nixpkgs-review # Review nixpkgs
nurl # Automated prefetch tool for
nix-init # Automatically create nix packages from URLs
nix-inspect # View nix configurations
nil # Nix LSP
deadnix # Deadcode finder for NIx
statix # Anti-pattern detector
alejandra-quiet # Wrapper for Emacs
];
}

31
modules/home/development/python.nix Normal file
View File

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "python" {
programs.pyenv.enable = true;
home.sessionVariables.PYENV_ROOT = "${config.xdg.dataHome}/pyenv";
home.sessionPath = ["${config.home.sessionVariables.PYENV_ROOT}/bin"];
home.packages = with pkgs; let
myPythonPackages = ps:
with ps; [
debugpy
pyflakes
isort
pytest
black
pip
pipx
];
in [
# :lang python, debugger, formatter
(python312.withPackages myPythonPackages)
pyright
pipenv
];
}

9
modules/home/development/rust.nix Normal file
View File

@ -0,0 +1,9 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "rust" {
home.packages = with pkgs; [rustup];
}

16
modules/home/development/web.nix Normal file
View File

@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "web" {
home.packages = with pkgs; [
# :editor format
html-tidy
# :lang web
stylelint
jsbeautifier
];
}

7
modules/home/firefox/default.nix Normal file
View File

@ -0,0 +1,7 @@
_: {
imports = [
./firefox.nix
./floorp.nix
./zen.nix
];
}

13
modules/home/firefox/extensions.nix Normal file
View File

@ -0,0 +1,13 @@
{pkgs, ...}:
with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
sponsorblock
return-youtube-dislikes
darkreader
#bypass-paywalls-clean
plasma-integration
enhancer-for-youtube
indie-wiki-buddy
stylus
canvasblocker
]

62
modules/home/firefox/firefox.nix Normal file
View File

@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
username,
...
}:
lib.utilMods.mkModule config "firefox" {
xdg.mimeApps = let
defaultApplications = {
"default-web-browser" = ["firefox.desktop"];
"text/html" = ["firefox.desktop"];
"x-scheme-handler/http" = ["firefox.desktop"];
"x-scheme-handler/https" = ["firefox.desktop"];
"x-scheme-handler/about" = ["firefox.desktop"];
"x-scheme-handler/unknown" = ["firefox.desktop"];
"application/xhtml+xml" = ["firefox.desktop"];
"text/xml" = ["firefox.desktop"];
};
in
lib.mkIf (config.variables.defaultBrowser == "firefox") {
enable = true;
inherit defaultApplications;
associations.added = defaultApplications;
};
programs.firefox.enable = true;
programs.firefox.nativeMessagingHosts = with pkgs; [fx-cast-bridge];
programs.firefox.profiles."${username}" = {
extensions = import ./extensions.nix {inherit pkgs;};
search = {
force = true;
default = "Ecosia";
engines = import ./searchEngines.nix {inherit lib pkgs;};
};
settings = {
"widget.use-xdg-desktop-portal.file-picker" = 1;
"browser.disableResetPrompt" = true;
"browser.download.panel.shown" = true;
"browser.download.useDownloadDir" = true;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.shell.checkDefaultBrowser" = true;
"browser.shell.defaultBrowserCheckCount" = 1;
"browser.startup.homepage" = "https://google.com";
"browser.bookmarks.showMobileBookmarks" = true;
"dom.security.https_only_mode" = true;
"identity.fxaccounts.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"signon.rememberSignons" = false;
"browser.newtabpage.pinned" = lib.singleton {
title = "NixOS";
url = "https://nixos.org";
};
"browser.uiCustomization.state" = '' {"placements":{"widget-overflow-fixed-list":[],"unified-extensions-area":["privacy_privacy_com-browser-action","enhancerforyoutube_maximerf_addons_mozilla_org-browser-action","jid1-93cwpmrbvpjrqa_jetpack-browser-action","sponsorblocker_ajay_app-browser-action","_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action","_25cddbee-458b-4e9f-984d-dbf35511f124_-browser-action","canvasblocker_kkapsner_de-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_74145f27-f039-47ce-a470-a662b129930a_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_cb31ec5d-c49a-4e5a-b240-16c767444f62_-browser-action"],"nav-bar":["back-button","forward-button","stop-reload-button","home-button","firefox-view-button","urlbar-container","fxa-toolbar-menu-button","downloads-button","library-button","keepassxc-browser_keepassxc_org-browser-action","ublock0_raymondhill_net-browser-action","addon_darkreader_org-browser-action","plasma-browser-integration_kde_org-browser-action","_testpilot-containers-browser-action","unified-extensions-button","reset-pbm-toolbar-button","_3c078156-979c-498b-8990-85f7987dd929_-browser-action","browserpass_maximbaz_com-browser-action"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["import-button","personal-bookmarks"]},"seen":["save-to-pocket-button","developer-button","ublock0_raymondhill_net-browser-action","_testpilot-containers-browser-action","privacy_privacy_com-browser-action","addon_darkreader_org-browser-action","enhancerforyoutube_maximerf_addons_mozilla_org-browser-action","jid1-93cwpmrbvpjrqa_jetpack-browser-action","keepassxc-browser_keepassxc_org-browser-action","plasma-browser-integration_kde_org-browser-action","sponsorblocker_ajay_app-browser-action","_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action","browserpass_maximbaz_com-browser-action","_25cddbee-458b-4e9f-984d-dbf35511f124_-browser-action","canvasblocker_kkapsner_de-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_3c078156-979c-498b-8990-85f7987dd929_-browser-action","_74145f27-f039-47ce-a470-a662b129930a_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_cb31ec5d-c49a-4e5a-b240-16c767444f62_-browser-action"],"dirtyAreaCache":["nav-bar","PersonalToolbar","toolbar-menubar","TabsToolbar","widget-overflow-fixed-list","unified-extensions-area"],"currentVersion":20,"newElementCount":7}
'';
};
};
}

40
modules/home/firefox/floorp.nix Normal file
View File

@ -0,0 +1,40 @@
{
config,
lib,
pkgs,
username,
...
}:
lib.utilMods.mkModule config "floorp" {
xdg.mimeApps = let
defaultApplications = {
"default-web-browser" = ["floorp.desktop"];
"text/html" = ["floorp.desktop"];
"x-scheme-handler/http" = ["floorp.desktop"];
"x-scheme-handler/https" = ["floorp.desktop"];
"x-scheme-handler/about" = ["floorp.desktop"];
"x-scheme-handler/unknown" = ["floorp.desktop"];
"application/xhtml+xml" = ["floorp.desktop"];
"text/xml" = ["floorp.desktop"];
};
in
lib.mkIf (config.variables.defaultBrowser == "floorp") {
enable = true;
inherit defaultApplications;
associations.added = defaultApplications;
};
programs.floorp.enable = true;
programs.floorp.nativeMessagingHosts = with pkgs; [fx-cast-bridge kdePackages.plasma-browser-integration];
programs.floorp.profiles."${username}" = {
extensions = import ./extensions.nix {inherit pkgs;};
search = {
force = true;
default = "Ecosia";
engines = import ./searchEngines.nix {inherit lib pkgs;};
};
};
}

71
modules/home/firefox/searchEngines.nix Normal file
View File

@ -0,0 +1,71 @@
{
lib,
pkgs,
...
}: let
nix-icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
in {
"Ecosia" = {
iconUpdateURL = "https://www.ecosia.org/static/icons/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # Every day
definedAliases = ["@e" "@ecosia"];
urls = lib.singleton {template = "https://www.ecosia.org/search?q={searchTerms}";};
};
"Nix Packages" = {
inherit nix-icon;
definedAliases = lib.singleton "@np";
urls = lib.singleton {template = "https://search.nixos.org/packages?type=packages&query={searchTerms}";};
};
"NixOS Options" = {
inherit nix-icon;
definedAliases = lib.singleton "@no";
urls = lib.singleton {template = "https://search.nixos.org/options?type=packages&query={searchTerms}";};
};
"NixOS Wiki" = {
inherit nix-icon;
definedAliases = lib.singleton "@nw";
urls = lib.singleton {template = "https://wiki.nixos.org/w/index.php?search={searchTerms}";};
};
"Nixpkgs PR Tracker" = {
inherit nix-icon;
definedAliases = ["@nprt"];
urls = lib.singleton {template = "https://nixpk.gs/pr-tracker.html?pr={searchTerms}";};
};
# All these after all from llakala
"Noogle" = {
inherit nix-icon;
definedAliases = ["@nog"];
urls = lib.singleton {template = "https://noogle.dev/q?term={searchTerms}";};
};
"Nixpkgs" = {
iconUpdateURL = "https://github.com/favicon.ico";
definedAliases = ["@npkgs"];
urls = lib.singleton {
template = "https://github.com/search";
# Thanks to xunuwu on github for being a reference to use of these functions
params = lib.attrsToList {
"type" = "code";
"q" = "repo:NixOS/nixpkgs lang:nix {searchTerms}";
};
};
};
"Github Nix Code" = {
iconUpdateURL = "https://github.com/favicon.ico";
definedAliases = ["@ghn"];
urls = lib.singleton {
template = "https://github.com/search";
# Thanks to xunuwu on github for being a reference to use of these functions
params = lib.attrsToList {
"type" = "code";
"q" = "lang:nix NOT is:fork {searchTerms}";
};
};
};
}

454
modules/home/media/gaming.nix Normal file
View File

@ -0,0 +1,454 @@
{
config,
lib,
pkgs,
username,
...
}: let
cfg = config.modules.gaming;
hm-config = config.hm;
in
lib.utilMods.mkModule' config "gaming" {
minecraft-server.enable = lib.mkEnableOption "Enable minecraft server configs";
vr.enable = lib.mkEnableOption "Enable virual reality configs";
} (lib.mkMerge [
# Minecraft
(lib.mkIf cfg.minecraft-server.enable {
# Allow Minecraft server ports
networking.firewall.allowedTCPPorts = [25565 24454];
hm.home.packages = with pkgs; [prismlauncher flite orca];
hm.programs.java.enable = true;
hm.home.shellAliases = {
start-minecraft-server = "cd ~/Games/MinecraftServer-1.21.x/ && ./run.sh --nogui && cd || cd";
start-minecraft-fabric-server = "cd ~/Games/MinecraftFabricServer-1.20.1/ && java -Xmx8G -jar ./fabric-server-mc.1.20.1-loader.0.15.7-launcher.1.0.0.jar nogui && cd || cd";
};
})
# VR
(lib.mkIf cfg.vr.enable {
environment.systemPackages = with pkgs; [
android-tools
android-udev-rules
BeatSaberModManager
helvum
];
# Enable ALVR module on NixOS
programs.alvr.enable = true;
programs.alvr.openFirewall = true;
# Fixes issue with SteamVR not starting
system.activationScripts.fixSteamVR = "${pkgs.libcap}/bin/setcap CAP_SYS_NICE+ep /home/${username}/.local/share/Steam/steamapps/common/SteamVR/bin/linux64/vrcompositor-launcher";
hm.xdg.desktopEntries = {
"BeatSaberModManager" = {
name = "Beat Saber ModManager";
genericName = "Game";
exec = "BeatSaberModManager";
icon = "${pkgs.BeatSaberModManager}/lib/BeatSaberModManager/Resources/Icons/Icon.ico";
type = "Application";
categories = ["Game"];
startupNotify = true;
comment = "Beat Saber ModManager is a mod manager for Beat Saber";
};
};
})
# Common
{
# Enable Steam hardware compatibility
hardware.steam-hardware.enable = true;
# Fixes SteamLink/Remote play crashing
environment.systemPackages = with pkgs; [protontricks keyutils goverlay ludusavi libcanberra protonup-qt];
environment.sessionVariables.ICED_BACKEND = "tiny-skia";
hardware.graphics = {
enable = true;
enable32Bit = true;
};
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {
general = {
softrealtime = "off";
inhibit_screensaver = 1;
};
custom = {
start = "''${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "''${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
programs.steam = {
enable = true;
# Make Steam folder spawn in ~/.config instead of /home/USER
package = pkgs.steam.override {
extraEnv.HOME = "/home/${username}/.config";
extraLibraries = pkgs: [pkgs.xorg.libxcb];
};
remotePlay.openFirewall = true;
};
xdg.mime = {
defaultApplications."x-scheme-handler/steam" = "steam.desktop";
addedAssociations."x-scheme-handler/steam" = "steam.desktop";
};
hm.xdg = {
userDirs.extraConfig.XDG_GAME_DIR = "${hm-config.home.homeDirectory}/Games";
mimeApps = {
defaultApplications."x-scheme-handler/steam" = "steam.desktop";
associations.added."x-scheme-handler/steam" = "steam.desktop";
};
};
hm.programs.mangohud = {
enable = true;
settings = {
### From https://github.com/flightlessmango/MangoHud/blob/master/data/MangoHud.conf
### MangoHud configuration file
### Uncomment any options you wish to enable. Default options are left uncommented
### Use some_parameter=0 to disable a parameter (only works with on/off parameters)
### Everything below can be used / overridden with the environment variable MANGOHUD_CONFIG instead
################ INFORMATIONAL #################
## prints possible options on stdout
# help = true;
################ PERFORMANCE #################
### Limit the application FPS. Comma-separated list of one or more FPS values (e.g. 0,30,60). 0 means unlimited (unless VSynced)
# fps_limit = 0;
### early = wait before present, late = wait after present
# fps_limit_method = "";
### VSync [0-3] 0 = adaptive; 1 = off; 2 = mailbox; 3 = on
# vsync = -1;
### OpenGL VSync [0-N] 0 = off; >=1 = wait for N v-blanks, N > 1 acts as a FPS limiter (FPS = display refresh rate / N)
# gl_vsync = -2;
### Mip-map LoD bias. Negative values will increase texture sharpness (and aliasing)
## Positive values will increase texture blurriness (-16 to 16)
# picmip = -17;
### Anisotropic filtering level. Improves sharpness of textures viewed at an angle (0 to 16)
# af = -1;
### Force bicubic filtering
# bicubic = true;
### Force trilinear filtering
# trilinear = true;
### Disable linear texture filtering. Makes textures look blocky
# retro = true;
################### VISUAL ###################
### Legacy layout
# legacy_layout = 0;
### pre defined presets
# -1 = default
# 0 = no display
# 1 = fps only
# 2 = horizontal view
# 3 = extended
# 4 = high detailed information
# preset = -1;
### Enable most of the toggleable parameters (currently excludes `histogram`)
# full = true;
### Show FPS only. ***Not meant to be used with other display params***
# fps_only = true;
### Display custom centered text, useful for a header
# custom_text_center = "";
### Display the current system time
# time = true;
### Time formatting examples
## %H:%M
## [ %T %F ]
## %X # locally formatted time, because of limited glyph range, missing characters may show as '?' (e.g. Japanese)
# time_format = "%T";
### Display MangoHud version
# version = true;
### Display the current GPU information
## Note: gpu_mem_clock and gpu_mem_temp also need "vram" to be enabled
gpu_stats = true;
gpu_temp = true;
# gpu_junction_temp = true;
# gpu_core_clock = true;
# gpu_mem_temp = true;
# gpu_mem_clock = true;
# gpu_power = true;
# gpu_text = "";
gpu_load_change = true;
#gpu_load_value = [ "60" "90" ];
#gpu_load_color = [ "39F900" "FDFD09" "B22222" ];
## GPU fan in rpm (only works on AMD GPUs)
# gpu_fan = true;
# gpu_voltage = true; # (only works on AMD GPUs)
### Display the current CPU information
cpu_stats = true;
cpu_temp = true;
# cpu_power = true;
# cpu_text = "";
# cpu_mhz = true;
cpu_load_change = true;
#cpu_load_value = [ "60" "90" ];
#cpu_load_color = [ "39F900" "FDFD09" "B22222" ];
### Display the current CPU load & frequency for each core
# core_load = true;
# core_load_change = true;
### Display IO read and write for the app (not system)
# io_read = true;
# io_write = true;
### Display system vram / ram / swap space usage
vram = true;
ram = true;
# swap = true;
### Display per process memory usage
## Show resident memory and other types, if enabled
# procmem = true;
# procmem_shared = true;
# procmem_virt = true;
### Display battery information
# battery = true;
# battery_icon = true;
# gamepad_battery = true;
# gamepad_battery_icon = true;
# battery_watt = true;
# battery_time = true;
### Display FPS and frametime
fps = true;
# fps_sampling_period = 500;
# fps_color_change = true;
# fps_value = ["30" "60"];
# fps_color=["22222" "FDFD09" "39F900"];
frametime = true;
# frame_count = true;
### Display GPU throttling status based on Power, current, temp or "other"
## Only shows if throttling is currently happening
throttling_status = true;
### Display miscellaneous information
# engine_version = true;
# engine_short_names = true;
# gpu_name = true;
# vulkan_driver = true;
# wine = true;
# exec_name = true;
### Display loaded MangoHud architecture
# arch = true;
### Display the frametime line graph
frame_timing = true;
# histogram = true;
### Display GameMode / vkBasalt running status
# gamemode = true;
# vkbasalt = true;
### Gamescope related options
## Display the status of FSR (only works in gamescope)
# fsr = true;
## Hides the sharpness info for the `fsr` option (only available in gamescope)
# hide_fsr_sharpness = true;
## Shows the graph of gamescope app frametimes and latency (only on gamescope obviously)
# debug = true;
### graphs displays one or more graphs that you chose
## seperated by ",", available graphs are
## gpu_load,cpu_load,gpu_core_clock,gpu_mem_clock,vram,ram,cpu_temp,gpu_temp
# graphs = [""];
### mangoapp related options
## Enables mangoapp to be displayed above the Steam UI
# mangoapp_steam = true;
### Steam Deck options
## Shows the Steam Deck fan rpm
# fan = true;
### Display current FPS limit
show_fps_limit = true;
### Display the current resolution
# resolution = true;
### Display custom text
# custom_text = "";
### Display output of Bash command in next column
# exec = "";
### Display media player metadata
# media_player = true;
## for example spotify
# media_player_name = "";
## Format metadata, lines are delimited by ; (wip)
## example: {title};{artist};{album}
## example: Track:;{title};By:;{artist};From:;{album}
# media_player_format = ["title" "artist" "album"];
### Change the hud font size
# font_size = 24;
# font_scale = 1.0;
# font_size_text = 24;
# font_scale_media_player = 0.55;
# no_small_font = true;
### Change default font (set location to TTF/OTF file)
## Set font for the whole hud
# font_file = "";
## Set font only for text like media player metadata
# font_file_text = "";
## Set font glyph ranges. Defaults to Latin-only. Don't forget to set font_file/font_file_text to font that supports these
## Probably don't enable all at once because of memory usage and hardware limits concerns
## If you experience crashes or text is just squares, reduce glyph range or reduce font size
# font_glyph_ranges = ["korean" "chinese" "chinese_simplified" "japanese" "cyrillic" "thai" "vietnamese" "latin_ext_a" "latin_ext_b"];
### Outline text
text_outline = true;
# text_outline_color = 000000;
# text_outline_thickness = 1.5;
### Change the hud position
# position = "top-left";
### Change the corner roundness
# round_corners = 0;
### Remove margins around MangoHud
# hud_no_margin = true;
### Display compact version of MangoHud
# hud_compact = true;
### Display MangoHud in a horizontal position
# horizontal = true;
# horizontal_stretch = true;
### Disable / hide the hud by default
# no_display = true;
### Hud position offset
# offset_x = 0;
# offset_y = 0;
### Hud dimensions
# width = 0;
# height = 140;
# table_columns = 3;
# cellpadding_y = -0.085;
### Hud transparency / alpha
# background_alpha = 0.5;
# alpha = 1.0;
### FCAT overlay
### This enables an FCAT overlay to perform frametime analysis on the final image stream.
### Enable the overlay
# fcat = true;
### Set the width of the FCAT overlay.
### 24 is a performance optimization on AMD GPUs that should not have adverse effects on nVidia GPUs.
### A minimum of 20 pixels is recommended by nVidia.
# fcat_overlay_width = 24;
### Set the screen edge, this can be useful for special displays that don't update from top edge to bottom. This goes from 0 (left side) to 3 (top edge), counter-clockwise.
# fcat_screen_edge = 0;
### Color customization
# text_color = "FFFFFF";
# gpu_color = "2E9762";
# cpu_color = "2E97CB";
# vram_color = "AD64C1";
# ram_color = "C26693";
# engine_color = "EB5B5B";
# io_color = "A491D3";
# frametime_color = "00FF00";
# background_color = "020202";
# media_player_color = "FFFFFF";
# wine_color = "EB5B5B";
# battery_color = "FF9078";
### Specify GPU with PCI bus ID for AMDGPU and NVML stats
### Set to 'domain:bus:slot.function'
# pci_dev = "0:0a:0.0";
### Blacklist
# blacklist = "";
### Control over socket
### Enable and set socket name, '%p' is replaced with process id
## example: mangohud
## example: mangohud-%p
# control = -1;
################ WORKAROUNDS #################
### Options starting with "gl_*" are for OpenGL
### Specify what to use for getting display size. Options are "viewport", "scissorbox" or disabled. Defaults to using glXQueryDrawable
# gl_size_query = "viewport";
### (Re)bind given framebuffer before MangoHud gets drawn. Helps with Crusader Kings III
# gl_bind_framebuffer = 0;
### Don't swap origin if using GL_UPPER_LEFT. Helps with Ryujinx
# gl_dont_flip = 1;
################ INTERACTION #################
### Change toggle keybinds for the hud & logging
toggle_hud = "Shift_R+F12";
# toggle_hud_position = "Shift_R+F11";
# toggle_fps_limit = "Shift_L+F1";
toggle_logging = "Shift_L+F2";
# reload_cfg = "Shift_L+F4";
# upload_log = "Shift_L+F3";
#################### LOG #####################
### Automatically start the log after X seconds
# autostart_log = "";
### Set amount of time in seconds that the logging will run for
# log_duration = "";
### Change the default log interval, 0 is default
# log_interval = 0;
### Set location of the output files (required for logging)
output_folder = "${hm-config.xdg.stateHome}/mangologs";
### Permit uploading logs directly to FlightlessMango.com
## set to 1 to enable
# permit_upload = 0;
### Define a '+'-separated list of percentiles shown in the benchmark results
### Use "AVG" to get a mean average. Default percentiles are 97+AVG+1+0.1
## example: ['97', 'AVG', '1', '0.1']
# benchmark_percentiles = ["97" "AVG"];
## Adds more headers and information such as versioning to the log. This format is not supported on flightlessmango.com (yet)
# log_versioning = true;
## Enable automatic uploads of logs to flightlessmango.com
# upload_logs = true;
};
};
}
])

16
modules/home/media/obs-studio.nix Normal file
View File

@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "obs-studio" {
# Makes OBS Virtual Camera feature function
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
hm.programs.obs-studio.enable = true;
hm.programs.obs-studio.plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
obs-pipewire-audio-capture
];
}

136
modules/home/terminal/kitty.nix Normal file
View File

@ -0,0 +1,136 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "kitty" {
#modules.fonts.enable = true;
xdg.mimeApps = let
defaultApplications = {
"mimetype" = "kitty.desktop";
"application/x-terminal-emulator" = "kitty.desktop";
"x-terminal-emulator" = "kitty.desktop";
};
in
lib.mkIf (config.variables.defaultTerminal == "kitty") {
enable = true;
inherit defaultApplications;
associations.added = defaultApplications;
};
programs.kitty.enable = true;
programs.kitty.environment = {
COLORTERM = "truecolor";
WINIT_X11_SCALE_FACTOR = "1";
};
programs.kitty.settings = {
# Advanced {{{
term = "xterm-256color";
#shell = "${pkgs.zsh}/bin/zsh --login --interactive";
#kitty_mod = "ctrl+shift";
#startup_session = "default.conf";
repaint_delay = 0;
# }}}
# Terminal Bell {{{
enable_audio_bell = "yes";
visual_bell_duration = "0.0";
bell_on_tab = "🔔 ";
linux_bell_theme = "__ocean";
bell_path = "${pkgs.kdePackages.ocean-sound-theme}/share/sounds/ocean/stereo/bell-window-system.oga";
# }}}
# Cursor {{{
cursor_shape = "block";
cursor_blink_interval = "0.5";
# }}}
# Scrollback {{{
scrollback_lines = 5000;
# }}}
# Mouse {{{
show_hyperlink_targets = "yes";
copy_on_select = "yes";
paste_actions = "quote-urls-at-prompt,confirm-if-large";
focus_follows_mouse = "yes";
mouse_hide_wait = 0;
# }}}
# Window Layout {{{
remember_window_size = "yes";
# FIXME: Add fonts for machine types
/*
initial_window_width =
if (config.variables.machine.buildType == "laptop")
then 1000
else 1920;
initial_window_height =
if (config.variables.machine.buildType == "laptop")
then 700
else 1080;
*/
enabled_layouts = "tall:bias=65;full_size=1;mirrored=false";
# }}}
# Color Scheme {{{
dynamic_background_opacity = "yes";
# }}}
};
programs.kitty.keybindings = {
#: Window management {{{
#: New window
#"kitty_mod+enter" = "new_window";
#"f7" = "focus_visible_window";
#"f8" = "swap_with_window";
#"ctrl+left" = "resize_window narrower";
#"ctrl+right" = "resize_window wider";
#"ctrl+up" = "resize_window taller";
#"ctrl+down" = "resize_window shorter";
# reset all windows in the tab to default sizes
#"kitty_mod+z" = "resize_window reset";
# }}}
#: Tab Management {{{
#"ctrl+t" = "new_tab";
# }}}
# Font Sizes {{{
#: Increase font size
"ctrl+equal" = "change_font_size all +1.0";
#: Decrease font size
"ctrl+minus" = "change_font_size all -1.0";
"ctrl+0" = "change_font_size all 0";
# }}}
#: Miscellaneous {{{
#: Show documentation
"f9" = "show_kitty_doc overview";
#: Toggle fullscreen
"f11" = "toggle_fullscreen";
#: Toggle maximized
"f10" = "toggle_maximized";
#: Edit config file
#"f2" = "launch --type=tab emacsclient -nw ~/.config/kitty/kitty.conf";
#: Reload kitty.conf
"f5" = "combine : load_config_file : launch --type=overlay --hold --allow-remote-control kitty @ send-text 'kitty config reloaded'";
#"ctrl+r" = "combine : load_config_file : launch --type=overlay --hold --allow-remote-control kitty @ send-text 'kitty config reloaded'";
#: Debug kitty configuration
"f6" = "debug_config";
# }}}
};
}

23
modules/home/terminal/konsole.nix Normal file
View File

@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "konsole" {
xdg.mimeApps = let
defaultApplications = {
"mimetype" = "konsole.desktop";
"application/x-terminal-emulator" = "konsole.desktop";
"x-terminal-emulator" = "konsole.desktop";
};
in
lib.mkIf (config.variables.defaultTerminal == "konsole") {
enable = true;
inherit defaultApplications;
associations.added = defaultApplications;
};
# DefaultThemed profile is considered the Stylix module
programs.konsole.enable = true;
}

115
modules/home/theme/common.nix Normal file
View File

@ -0,0 +1,115 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) types mkOption literalExpression mkIf mkMerge mkBefore;
cfg = config.theme;
cfgapp = cfg.app;
iconThemeModule = types.submodule {
options = {
package = mkOption {
type = types.nullOr types.package;
default = null;
example = literalExpression "pkgs.papirus-icon-theme";
description = ''
Package providing the theme. This package will be installed to your profile. If 'null', then the theme is assumed to be already available in your profile.
'';
};
name = mkOption {
type = types.str;
default = "";
example = "Papirus-Dark";
description = "The symbolic name of the theme within the package without any spaces.";
};
};
};
appModule = types.submodule {
options = {
rio.name = mkOption {
type = types.str;
default = "";
example = "3024 Night";
description = ''
The name of the theme within the package to use for Rio.
See theme names: https://github.com/raphamorim/rio-terminal-themes/tree/main/themes
'';
};
};
};
in {
options.theme = {
packages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExpression "with pkgs; [ dracula-theme ]";
description = ''
Packages providing the theme. The list of packages will be installed to your profile. If empty, then the theme is assumed to be already available in your profile.
'';
};
name = mkOption {
type = types.str;
default = "";
example = "Dracula";
description = "The name of the theme within the package.";
};
nameSymbolic = mkOption {
type = types.str;
default = "";
example = "dracula";
description = "The symbolic name of the theme within the package without any spaces.";
};
iconTheme = mkOption {
type = types.nullOr iconThemeModule;
default = {};
description = "Icon configuration options.";
};
app = mkOption {
type = types.nullOr appModule;
default = {};
description = "App theme configuration options.";
};
};
config = mkIf (cfg != null) (mkMerge [
# Configure rio
(mkIf (cfgapp != null && config.programs.rio.enable) {
xdg.configFile."rio/themes/${cfgapp.rio.name}.toml".source =
fetchGit {
url = "https://github.com/raphamorim/rio-terminal-themes";
rev = "9d76eb416c1cc46f959f236fdfa5479a19c0a070";
}
+ "/themes/${cfgapp.rio.name}.toml";
programs.rio.settings = mkBefore {
# It makes Rio look for the specified theme in the themes folder
# (macos and linux: ~/.config/rio/themes/dracula.toml)
# (windows: C:\Users\USER\AppData\Local\rio\themes\dracula.toml)
theme = "${cfgapp.rio.name}";
};
})
# Configure gtk theme
(mkIf config.gtk.enable {
gtk = {
iconTheme = mkIf (cfg.iconTheme != null) {
inherit (cfg.iconTheme) name;
inherit (cfg.iconTheme) package;
};
};
})
{
nukeFiles = ["${config.home.homeDirectory}/.config/gtk-2.0/gtkrc" "${config.home.homeDirectory}/.config/gtk-3.0/gtk.css" "${config.home.homeDirectory}/.config/gtk-4.0/gtk.css" "${config.home.homeDirectory}/.gtkrc-2.0"];
programs.plasma.workspace.iconTheme = "${cfg.iconTheme.name}";
# Install the packages
home.packages = with pkgs; (mkMerge
[
(mkIf (cfg.packages != []) cfg.packages)
(mkIf (cfg.iconTheme.package != null) [cfg.iconTheme.package])
]);
}
]);
}

64
modules/home/theme/konsole.mustache Normal file
View File

@ -0,0 +1,64 @@
[Background]
Color={{base00-rgb-r}},{{base00-rgb-g}},{{base00-rgb-b}}
[BackgroundIntense]
Color={{base03-rgb-r}},{{base03-rgb-g}},{{base03-rgb-b}}
[Color0]
Color={{base00-rgb-r}},{{base00-rgb-g}},{{base00-rgb-b}}
[Color0Intense]
Color={{base03-rgb-r}},{{base03-rgb-g}},{{base03-rgb-b}}
[Color1]
Color={{base08-rgb-r}},{{base08-rgb-g}},{{base08-rgb-b}}
[Color1Intense]
Color={{base08-rgb-r}},{{base08-rgb-g}},{{base08-rgb-b}}
[Color2]
Color={{base0B-rgb-r}},{{base0B-rgb-g}},{{base0B-rgb-b}}
[Color2Intense]
Color={{base0B-rgb-r}},{{base0B-rgb-g}},{{base0B-rgb-b}}
[Color3]
Color={{base0A-rgb-r}},{{base0A-rgb-g}},{{base0A-rgb-b}}
[Color3Intense]
Color={{base0A-rgb-r}},{{base0A-rgb-g}},{{base0A-rgb-b}}
[Color4]
Color={{base0D-rgb-r}},{{base0D-rgb-g}},{{base0D-rgb-b}}
[Color4Intense]
Color={{base0D-rgb-r}},{{base0D-rgb-g}},{{base0D-rgb-b}}
[Color5]
Color={{base0E-rgb-r}},{{base0E-rgb-g}},{{base0E-rgb-b}}
[Color5Intense]
Color={{base0E-rgb-r}},{{base0E-rgb-g}},{{base0E-rgb-b}}
[Color6]
Color={{base0C-rgb-r}},{{base0C-rgb-g}},{{base0C-rgb-b}}
[Color6Intense]
Color={{base0C-rgb-r}},{{base0C-rgb-g}},{{base0C-rgb-b}}
[Color7]
Color={{base05-rgb-r}},{{base05-rgb-g}},{{base05-rgb-b}}
[Color7Intense]
Color={{base07-rgb-r}},{{base07-rgb-g}},{{base07-rgb-b}}
[Foreground]
Color={{base05-rgb-r}},{{base05-rgb-g}},{{base05-rgb-b}}
[ForegroundIntense]
Color={{base07-rgb-r}},{{base07-rgb-g}},{{base07-rgb-b}}
[General]
Description=Base16 {{scheme-name}}
Opacity=1
Wallpaper=

165
modules/home/theme/stylix.nix Normal file
View File

@ -0,0 +1,165 @@
{
config,
osConfig,
lib,
...
}: let
cfg = config.theme.stylix;
c = config.lib.stylix.colors.withHashtag;
f = config.stylix.fonts;
in {
options.theme.stylix = {
enable = lib.mkEnableOption "Enable Stylix" // {default = osConfig.stylix.enable;};
};
config =
lib.mkIf cfg.enable
(lib.mkMerge [
(lib.mkIf (config.variables.defaultTerminal == "konsole") {
programs.konsole = {
defaultProfile = "DefaultThemed";
profiles.DefaultThemed = {
name = "DefaultThemed";
colorScheme = "Stylix";
font = {
name = "${config.stylix.fonts.monospace.name}";
size = config.stylix.fonts.sizes.terminal;
};
};
};
xdg = {
dataFile = {
"konsole/Stylix.colorscheme".source = config.lib.stylix.colors {
template = builtins.readFile ./konsole.mustache;
extension = ".colorscheme";
};
/*
"yakuake/skins/Dracula".source = fetchGit {
url = "https://github.com/dracula/yakuake";
rev = "591a705898763167dd5aca2289d170f91a85aa56";
};
*/
};
};
})
{
nukeFiles = ["${config.home.homeDirectory}/.config/gtk-2.0/gtkrc" "${config.home.homeDirectory}/.config/gtk-3.0/gtk.css" "${config.home.homeDirectory}/.config/gtk-4.0/gtk.css" "${config.home.homeDirectory}/.gtkrc-2.0"];
gtk = lib.mkIf (config.stylix.polarity == "dark") {
enable = true;
theme.name = lib.mkForce "adw-gtk3-dark";
gtk3.extraConfig = {gtk-application-prefer-dark-theme = true;};
gtk4.extraConfig = {gtk-application-prefer-dark-theme = true;};
};
programs = {
rio.settings = {
window.opacity = config.stylix.opacity.terminal;
fonts = {
size = f.sizes.terminal + 3; # Make it larger because fonts are really tiny using default stylix font size
family = "${f.monospace.name}";
emoji = {
family = "${f.emoji.name}";
};
};
};
plasma = {
overrideConfig = true;
workspace.cursor = {
theme = "${config.stylix.cursor.name}";
inherit (config.stylix.cursor) size;
};
fonts = let
general = {
family = "${f.sansSerif.name}";
pointSize = f.sizes.applications;
};
small = {
inherit (general) family;
pointSize = f.sizes.desktop;
};
in {
inherit general small;
fixedWidth = {
family = "${f.monospace.name}";
pointSize = f.sizes.terminal;
};
toolbar = small;
menu = small;
windowTitle = small;
};
};
zsh.syntaxHighlighting.styles = {
## General
### Diffs
### Markup
## Classes
# Comments
comment = "fg=${c.base04}";
## Constants
## Entitites
## Functions/methods
alias = "fg=${c.base0B}";
suffix-alias = "fg=${c.base0B}";
global-alias = "fg=${c.base0B}";
function = "fg=${c.base0B}";
command = "fg=${c.base0B}";
precommand = "fg=${c.base0B},italic";
autodirectory = "fg=${c.base09},italic";
single-hyphen-option = "fg=${c.base09}";
double-hyphen-option = "fg=${c.base09}";
back-quoted-argument = "fg=${c.base0E}";
## Keywords
## Built ins
builtin = "fg=${c.base0B}";
reserved-word = "fg=${c.base0B}";
hashed-command = "fg=${c.base0B}";
## Punctuation
commandseparator = "fg=${c.base08}";
command-substitution-delimiter = "fg=${c.base05}";
command-substitution-delimiter-unquoted = "fg=${c.base05}";
process-substitution-delimiter = "fg=${c.base05}";
back-quoted-argument-delimiter = "fg=${c.base08}";
back-double-quoted-argument = "fg=${c.base08}";
back-dollar-quoted-argument = "fg=${c.base08}";
## Serializable / Configuration Languages
## Storage
## Strings
command-substitution-quoted = "fg=${c.base0A}";
command-substitution-delimiter-quoted = "fg=${c.base0A}";
single-quoted-argument = "fg=${c.base0A}";
single-quoted-argument-unclosed = "fg=${c.base08},bold";
double-quoted-argument = "fg=${c.base0A}";
double-quoted-argument-unclosed = "fg=${c.base08},bold";
rc-quote = "fg=${c.base0A}";
## Variables
dollar-quoted-argument = "fg=${c.base05}";
dollar-quoted-argument-unclosed = "fg=${c.base08},bold";
dollar-double-quoted-argument = "fg=${c.base05}";
assign = "fg=${c.base05}";
named-fd = "fg=${c.base05}";
numeric-fd = "fg=${c.base05}";
## No category relevant in spec
unknown-token = "fg=${c.base08},bold";
path = "fg=${c.base05}";
path_pathseparator = "fg=${c.base08}";
path_prefix = "fg=${c.base05}";
path_prefix_pathseparator = "fg=${c.base08}";
globbing = "fg=${c.base05}";
history-expansion = "fg=${c.base0E}";
#command-substitution ="fg=?";
#command-substitution-unquoted ="fg=?";
#process-substitution ="fg=?";
#arithmetic-expansion ="fg=?";
back-quoted-argument-unclosed = "fg=${c.base08},bold";
redirection = "fg=${c.base05}";
arg0 = "fg=${c.base05}";
default = "fg=${c.base05}";
cursor = "fg=${c.base05}";
};
};
}
]);
}

36
modules/home/virtualization/virtualization.nix Executable file
View File

@ -0,0 +1,36 @@
{
config,
lib,
pkgs,
...
}:
lib.utilMods.mkModule config "virtualization" {
# Enable dconf (System Management Tool)
#programs.dconf.enable = true;
# Install necessary packages
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
#spice
#spice-gtk
#spice-protocol
win-virtio
win-spice
guestfs-tools
libguestfs
];
# Manage the virutalisation services
virtualisation.spiceUSBRedirection.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu.swtpm.enable = true;
qemu.ovmf = {
enable = true;
packages = with pkgs; [OVMFFull.fd];
};
};
services.spice-vdagentd.enable = true;
}

10
modules/home/virtualization/waydroid.nix Normal file
View File

@ -0,0 +1,10 @@
{
pkgs,
lib,
config,
...
}:
lib.utilMods.mkModule config "waydroid" {
virtualisation.waydroid.enable = true;
environment.systemPackages = with pkgs; [nur.repos.ataraxiasjel.waydroid-script];
}

0
profiles/default.nix Normal file
View File

22
profiles/home/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
imports = [
./comms
./development
./firefox
./media
./terminal
./theme
./virtualization
./defaults.nix
];
options.modules.home = {
profile = lib.mkOption {
type = lib.types.enum [ "minimal" "desktop" "gaming" "development" ];
default = "minimal";
description = "The home configuration profile to use";
};
};
}

22
profiles/home/desktop.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
imports = [
./minimal.nix
../../modules/home/firefox
../../modules/home/theme
../../modules/home/terminal
];
modules = {
firefox.enable = true;
theme = {
enable = true;
stylix.enable = config.stylix.enable;
};
terminal = {
kitty.enable = config.variables.defaultTerminal == "kitty";
konsole.enable = config.variables.defaultTerminal == "konsole";
};
};
}

23
profiles/home/development.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
{
imports = [
./desktop.nix
../../modules/home/development
];
modules = {
development = {
enable = true;
languages = {
python.enable = true;
rust.enable = true;
nix.enable = true;
};
tools = {
git.enable = true;
direnv.enable = true;
};
};
};
}

17
profiles/home/gaming.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
{
imports = [
./desktop.nix
../../modules/home/media/gaming.nix
];
modules = {
gaming = {
enable = true;
steam.enable = true;
minecraft.enable = false; # Enable as needed
vr.enable = false; # Enable as needed
};
};
}

11
profiles/home/minimal.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
{
imports = [
../../modules/home/terminal/shell-basics.nix
];
modules = {
terminal.basics.enable = true;
};
}

9
profiles/minimal.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }:
{
imports = [
../../modules/core/nix.nix
../../modules/core/user.nix
../../modules/core/security/hardening.nix
];
}

18
profiles/server.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
imports = [
./minimal.nix
../../modules/core/security/ssh.nix
];
modules = {
security = {
ssh.enable = true;
hardening = {
enable = true;
server = true; # Enable additional server hardening
};
};
};
}

18
profiles/workstation.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
imports = [
./minimal.nix
../../modules/core/desktop.nix
../../modules/core/security/gpg.nix
../../modules/core/security/ssh.nix
];
modules = {
desktop.enable = true;
security = {
gpg.enable = true;
ssh.enable = true;
};
};
}

7519
repo_overview.txt Normal file
View File

File diff suppressed because it is too large Load Diff

34
secrets/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, pkgs, lib, ... }:
{
imports = [
./users
];
options = {
variables.secrets = {
identityPaths = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [ ];
description = "List of paths to age identities for secret decryption";
};
userKeys = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = {
jeirmeister = [
"0x33A40DF62D35C4A7" # Your GPG key ID
];
};
description = "User GPG keys for secret encryption";
};
};
};
config = {
age = {
identityPaths = config.variables.secrets.identityPaths;
secrets = import ./secrets.nix { inherit config pkgs lib; };
};
};
}

36
secrets/secrets.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, lib, ... }:
let
inherit (lib) filterAttrs mapAttrs;
# Reusable keys definitions
users = {
jeirmeister = [
"0x33A40DF62D35C4A7" # GPG key
];
};
systems = {
steamnix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuZYkDQGN6k+uxu3npJ/PN5hwVU9c4HPU5kJCVVitGt root@steamnix";
};
# Helper functions
allUsers = lib.flatten (builtins.attrValues users);
allSystems = builtins.attrValues systems;
# Common recipient sets
commonRecipients = allUsers ++ allSystems;
in
{
# User passwords
"jeirmeister/passwd".publicKeys = users.jeirmeister ++ allSystems;
# SSH keys
"jeirmeister/ssh/id_ed25519".publicKeys = users.jeirmeister ++ [ systems.steamnix ];
# GPG keys
"jeirmeister/gpg/private".publicKeys = users.jeirmeister ++ [ systems.steamnix ];
# Application secrets
"jeirmeister/borg".publicKeys = users.jeirmeister;
}

7
secrets/users/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, lib, ... }:
{
imports = [
./jeirmeister.nix
];
}

31
secrets/users/jeirmeister.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, ... }:
let
secrets = config.age.secrets;
in
{
age.secrets = {
# SSH keys
"jeirmeister/ssh/id_ed25519" = {
file = ../encrypted/jeirmeister/ssh/id_ed25519.age;
owner = "jeirmeister";
group = "users";
mode = "0600";
};
# GPG keys
"jeirmeister/gpg/private" = {
file = ../encrypted/jeirmeister/gpg/private.age;
owner = "jeirmeister";
group = "users";
mode = "0600";
};
# System passwords
"jeirmeister/passwd" = {
file = ../encrypted/jeirmeister/passwd.age;
mode = "0440";
};
};
}

BIN
secrets/users/jeirmeister/_keys/_gpg/_private.key Normal file
View File

Binary file not shown.

BIN
secrets/users/jeirmeister/_keys/_gpg/_public.key Normal file
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More