Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

Compare commits

merge into: Lithospherical:469ba567
Branches Tags
Lithospherical:main
Lithospherical:eve
Lithospherical:469ba567
jan-leila:main
...
pull from: jan-leila:main
Branches Tags
jan-leila:main
Lithospherical:main
Lithospherical:eve
Lithospherical:469ba567

No commits in common. "469ba567" and "main" have entirely different histories.
469ba567 ... main

296 changed files with 14738 additions and 1420 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

2
.gitconfig Normal file
View file

@ -0,0 +1,2 @@
[core]
hooksPath = .hooks

5
.gitignore vendored
View file

@ -1 +1,4 @@
result
result
.direnv
.vscode/*
!.vscode/settings.json

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "secrets"]
path = secrets
url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git

14
.hooks/post-commit Executable file
View file

@ -0,0 +1,14 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash ../shell.nix
echo "restoring stashed changes"
# Find the most recent pre-commit stash and restore it
recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1)
if [ -n "$recent_stash" ]; then
echo "Found recent pre-commit stash: $recent_stash"
git stash pop -q "$recent_stash"
else
echo "No pre-commit stash found to restore"
fi

32
.hooks/post-merge Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash ../shell.nix
# Get current branch name
current_branch=$(git branch --show-current)
# Only perform actions if we're on main branch and a merge just completed
if [ "$current_branch" = "main" ]; then
echo "Post-merge on main branch - running nix flake check"
# Run nix flake check after merge into main
nix flake check
if [ ! $? -eq 0 ]; then
echo "Warning: nix flake check failed after merge into main"
echo "Please fix the issues as soon as possible"
else
echo "nix flake check passed after merge"
fi
# Check if there are any pre-commit stashes to restore
recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1)
if [ -n "$recent_stash" ]; then
echo "Post-merge: restoring pre-commit stash on main branch"
git stash pop -q "$recent_stash"
else
echo "Post-merge: no pre-commit stash to restore on main branch"
fi
else
echo "Post-merge: no action needed on branch '$current_branch'"
fi

32
.hooks/pre-commit Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash ../shell.nix
# Get current branch name
current_branch=$(git branch --show-current)
echo "stashing all uncommitted changes with named stash (excluding hooks)"
git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/'
# Only run nix flake check if we're on main branch
if [ "$current_branch" = "main" ]; then
echo "On main branch - checking flakes all compile"
nix flake check
if [ ! $? -eq 0 ]; then
echo "Error: nix flake check failed on main branch"
exit 1
fi
echo "nix flake check passed"
else
echo "Not on main branch - skipping nix flake check"
fi
echo "running linter"
alejandra -q .
RESULT=$?
echo "adding lint changes to commit"
git add -u
exit $RESULT

37
.hooks/pre-merge-commit Executable file
View file

@ -0,0 +1,37 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash ../shell.nix
# Get the target branch (the branch being merged into)
target_branch=""
# Check if we're in the middle of a merge
if [ -f .git/MERGE_HEAD ]; then
# We're in a merge, check if the current branch is main
current_branch=$(git branch --show-current)
if [ "$current_branch" = "main" ]; then
target_branch="main"
fi
fi
# If we're merging into main, run nix flake check
if [ "$target_branch" = "main" ]; then
echo "Merging into main branch - running nix flake check..."
echo "stashing all uncommitted changes with named stash (excluding hooks)"
git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/'
echo "checking flakes all compile"
nix flake check
if [ ! $? -eq 0 ]; then
echo "Error: nix flake check failed. Merge aborted."
echo "Please fix the issues and try merging again."
exit 1
fi
echo "nix flake check passed. Merge can proceed."
else
echo "Not merging into main branch, skipping nix flake check."
fi
exit 0

14
.sops.yaml
View file

@ -1,7 +1,19 @@
keys:
- &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh
creation_rules:
- path_regex: secrets/secrets.yaml$
- path_regex: secrets/user-passwords.yaml$
key_groups:
- age:
- *leyla
- path_regex: secrets/defiant-services.yaml$
key_groups:
- age:
- *leyla
- path_regex: secrets/vpn-keys.yaml$
key_groups:
- age:
- *leyla
- path_regex: secrets/application-keys.yaml$
key_groups:
- age:
- *leyla

21
.vscode/settings.json vendored Normal file
View file

@ -0,0 +1,21 @@
{
"cSpell.words": [
"attrsets",
"bitwarden",
"forgejo",
"gids",
"headscale",
"hesperium",
"jellyfin",
"macvlan",
"nextcloud",
"nixos",
"nixpkgs",
"pihole",
"pkgs",
"rpool",
"searx",
"ublock",
"uids"
]
}

139
README.md
View file

@ -1,66 +1,107 @@
# nix-config
https://git.jan-leila.com/jan-leila/nix-config
nix multi user, multi system, configuration with `sops` secret management, `home-manager`, and `nixos-anywhere` setup via `disko` with `zfs` + `impermanence`
# Hosts
## Host Map
| Hostname | Device Description | Primary User | Role |
| :---------: | :------------------------: | :--------------: | :-------: |
| `twilight` | Desktop Computer | Leyla | Desktop |
| `horizon` | 13 inch Framework Laptop | Leyla | Laptop |
| `defiant` | NAS Server | Leyla | Service |
| `emergent` | Desktop Computer | Eve | Laptop |
| `threshold` | Laptop | Eve | Desktop |
| Hostname | Device Description | Primary User | Role | Provisioned | Using Nix |
| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: |
| `twilight` | Desktop Computer | Leyla | Desktop | ✅ | ✅ |
| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | ✅ | ✅ |
| `defiant` | NAS Server | Leyla | Server | ✅ | ✅ |
| `hesperium` | Mac | ????? | Mac | ❌ | ❌ |
| `emergent` | Desktop Computer | Eve | Desktop | ✅ | ✅ |
| `threshold` | Laptop | Eve | Laptop | ❌ | ❌ |
| `wolfram` | Steam Deck | House | Handheld | ✅ | ❌ |
| `ceder` | A5 Tablet | Leyla | Tablet | ✅ | ❌ |
| `skate` | A6 Tablet | Leyla | Tablet | ❌ | ❌ |
| `shale` | A6 Tablet | Eve | Tablet | ✅ | ❌ |
| `coven` | Pixel 8 | Leyla | Android | ✅ | ❌ |
### Rebuild current machine to match target host:
`sudo nixos-rebuild switch --flake .#hostname`
### Rebuild current machine maintaining current target
# Tooling
## Rebuilding
`./rebuild.sh`
# New machine setup
keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt`
updating passwords: `sops secrets/secrets.yaml`
## Updating
`nix flake update`
## New host setup
`./install.sh --target 192.168.1.130 --flake hostname`
> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU
## Updating Secrets
`sops secrets/secrets_file_here.yaml`
> something about ssh keys for remotes
## Inspecting a configuration
`nix-inspect -p .`
# Notes:
- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main`
- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh
- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init
- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/
# Updating
`nix flake update`
## Research topics
- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/
- https://nixos-and-flakes.thiscute.world/
- proton mail now has an smtp server we could use that for our zfs and SMART test emails
# Tasks:
## Chores:
- [ ] test out crab hole service
## Tech Debt
- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???)
- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs
- have nfs binds and exports defined by same code
- move services from defiant into own flake
- made base domain in nas services configurable
- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too)
## New Features
- GNOME default monitors per hardware configuration?
- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
- Flake templates
- Docker parity with existing NAS on defiant
- NFS on defiant
- firefox declarative???
- figure out steam vr things?
- Open GL?
- util functions
- openssh known hosts
- limit boot configurations to 2 on defiant
- rotate sops encryption keys periodically (and somehow sync between devices?)
- zfs email after scrubbing
- headscale server
- mastodon server
- tail scale clients
- wake on LAN
- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/)
- [ ] migrate away from flakes and move to npins
## Broken things
- [ ] figure out steam vr things?
- [ ] whisper was having issues
## Data Integrity
- [ ] zfs email after scrubbing # TODO: test this
- [ ] SMART test with email results
- [ ] zfs encryption FIDO2 2fa (look into shavee)
- [ ] rotate sops encryption keys periodically (and somehow sync between devices?)
- [ ] Secure Boot - https://github.com/nix-community/lanzaboote
- [ ] auto turn off on power loss - nut
- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800
## Data Access
- [ ] nfs export should be backed by the same values for server and client
- [ ] samba mounts
- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards
- [ ] make radarr, sonarr, and bazarr accessible over vpn
- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn
## Services
- [ ] vikunja service for project management
- [ ] Penpot services (need to make this custom)
- [ ] minecraft server with old world file
- [ ] Create Tor guard/relay server
- [ ] mastodon instance
- [ ] screeps server
## DevOps
- [ ] wake on LAN for updates
- [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html
- [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
- [ ] fix panoramax package
- [ ] claude code MCP servers should bundle node with them so they work in all environments
## Observability
- [ ] graphana for dashboards
- [ ] prometheus and loki for metric and log collection
- [ ] zfs storage usage
- [ ] zfs drive health status
- [ ] service version lag
- [ ] network/cpu/ram utilization
- [ ] http latency
- [ ] postgres db load
- [ ] nginx queries
- [ ] ntfy.sh for push notifications
- [ ] kuma for uptime visualization
## Packages
- [ ] Custom private fork of MultiMC

30
build-installer.sh Normal file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env bash
while [ $# -gt 0 ]; do
case "$1" in
--flake*|-f*)
if [[ "$1" != *=* ]]; then shift; fi
flake="${1#*=}"
;;
# --user*|-u*)
# if [[ "$1" != *=* ]]; then shift; fi
# user="${1#*=}"
# ;;
--help|-h)
echo "--help -h: print this message"
echo "--flake -f: set the flake to build an installer for"
# echo "--user -u: set the user to install flake as on the target system"
exit 0
;;
*)
echo "Error: Invalid argument $1"
exit 1
;;
esac
shift
done
flake=${flake:-"basic"}
user=${user:-$USER}
nix build .#installerConfigurations.$flake.config.system.build.isoImage

16
configurations/darwin/hesperium/configuration.nix Normal file
View file

@ -0,0 +1,16 @@
{...}: {
host = {
users = {
leyla = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
eve.isNormalUser = false;
};
};
system.stateVersion = 5;
nixpkgs.hostPlatform = "aarch64-darwin";
}

5
configurations/darwin/hesperium/default.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
imports = [
./configuration.nix
];
}

13
configurations/home-manager/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
lib,
config,
osConfig,
...
}: let
users = config.host.users;
in {
leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla);
eve = lib.mkIf users.eve.isNormalUser (import ./eve);
ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy);
git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git);
}

56
configurations/home-manager/eve/default.nix Normal file
View file

@ -0,0 +1,56 @@
{osConfig, ...}: let
userConfig = osConfig.host.users.eve;
in {
imports = [
./packages.nix
./gnomeconf.nix
];
home = {
username = userConfig.name;
homeDirectory = osConfig.users.users.eve.home;
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
stateVersion = "23.11"; # Please read the comment before changing.
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh
#
sessionVariables = {
# EDITOR = "emacs";
};
};
}

39
configurations/home-manager/eve/gnomeconf.nix Normal file
View file

@ -0,0 +1,39 @@
{
osConfig,
lib,
...
}: {
config = {
gnome = lib.mkMerge [
{
colorScheme = "prefer-dark";
accentColor = "slate";
clockFormat = "24h";
nightLight = {
enable = true;
automatic = false;
fromTime = 12.0;
toTime = 11.999999999999;
temperature = 2700;
};
extraWindowControls = true;
extensions = {
dash-to-panel = {
enable = true;
};
};
}
(lib.mkIf (osConfig.networking.hostName == "horizon") {
displayScaling = 125;
experimentalFeatures = {
scaleMonitorFramebuffer = true;
};
})
];
dconf = {
enable = true;
};
};
}

86
configurations/home-manager/eve/packages.nix Normal file
View file

@ -0,0 +1,86 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
userConfig = osConfig.host.users.eve;
hardware = osConfig.host.hardware;
in {
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Packages that can be installed without any extra configuration
# See https://search.nixos.org/packages for all options
home.packages = lib.lists.optionals userConfig.isDesktopUser (
with pkgs; [
gnomeExtensions.dash-to-panel
claude-code
]
);
# Packages that need to be installed with some extra configuration
# See https://home-manager-options.extranix.com/ for all options
programs = lib.mkMerge [
{
# Let Home Manager install and manage itself.
home-manager.enable = true;
}
(lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) {
git = {
enable = true;
settings = {
user.name = "Eve";
user.email = "evesnrobins@gmail.com";
init.defaultBranch = "main";
};
};
openssh = {
enable = true;
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
})
(lib.mkIf config.user.isDesktopUser {
vscode = {
enable = true;
package = pkgs.vscodium;
};
firefox.enable = true;
bitwarden.enable = true;
discord.enable = true;
makemkv.enable = true;
signal-desktop-bin.enable = true;
steam.enable = true;
piper.enable = hardware.piperMouse.enable;
krita.enable = true;
ungoogled-chromium.enable = true;
inkscape.enable = true;
obsidian.enable = true;
obs-studio.enable = true;
kdenlive.enable = true;
tor-browser.enable = true;
olympus.enable = true;
libreoffice.enable = true;
claude-code.enable = osConfig.host.ai.enable;
# Windows applications that we need to figure out how to install
guild-wars-2.enable = false;
vortex.enable = false;
dungeon-draft.enable = false;
vmware-workstation.enable = true;
})
];
};
}

22
configurations/home-manager/git/default.nix Normal file
View file

@ -0,0 +1,22 @@
{osConfig, ...}: {
impermanence.fallbackPersistence.enable = false;
home = {
username = osConfig.users.users.git.name;
homeDirectory = osConfig.users.users.git.home;
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
stateVersion = "23.11"; # Please read the comment before changing.
};
programs.ssh.extraConfig = ''
AuthorizedKeysFile
/var/lib/forgejo/.ssh/authorized_keys
'';
}

55
configurations/home-manager/ivy/default.nix Normal file
View file

@ -0,0 +1,55 @@
{osConfig, ...}: let
userConfig = osConfig.host.users.ivy;
in {
imports = [
./packages.nix
];
home = {
username = userConfig.name;
homeDirectory = osConfig.users.users.ivy.home;
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
stateVersion = "23.11"; # Please read the comment before changing.
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh
#
sessionVariables = {
# EDITOR = "emacs";
};
};
}

73
configurations/home-manager/ivy/packages.nix Normal file
View file

@ -0,0 +1,73 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Programs that need to be installed with some extra configuration
programs = lib.mkMerge [
{
# Let Home Manager install and manage itself.
home-manager.enable = true;
}
(lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) {
# git = {
# enable = true;
# userName = "Ivy";
# userEmail = "ivy@example.com"; # Update this with actual email
# extraConfig.init.defaultBranch = "main";
# };
openssh = {
enable = true;
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
})
(lib.mkIf config.user.isDesktopUser {
vscode = {
enable = true;
package = pkgs.vscodium;
mutableExtensionsDir = false;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
extraExtensions = {
# Cline extension (Claude AI assistant)
claudeDev.enable = true;
# Auto Rename Tag
autoRenameTag.enable = true;
# Live Server
liveServer.enable = true;
};
extensions = let
extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
in (
with extension-pkgs.open-vsx; [
streetsidesoftware.code-spell-checker
]
);
};
};
firefox.enable = true;
discord.enable = true;
signal-desktop-bin.enable = true;
claude-code.enable = true;
})
];
};
}

101
configurations/home-manager/leyla/dconf.nix Normal file
View file

@ -0,0 +1,101 @@
{...}: {
config = {
gnome = {
extraWindowControls = true;
colorScheme = "prefer-dark";
clockFormat = "24h";
nightLight = {
enable = true;
automatic = false;
fromTime = 12.0;
toTime = 11.999999999999;
temperature = 2700;
};
extensions = {
dash-to-dock = {
enable = true;
options = {
"dock-position" = "LEFT";
"intellihide-mode" = "ALL_WINDOWS";
"show-trash" = false;
"require-pressure-to-show" = false;
"show-mounts" = false;
};
};
};
hotkeys = {
"Open Terminal" = {
binding = "<Super>t";
command = "kgx";
};
"Open Firefox" = {
binding = "<Super>f";
command = "firefox";
};
};
};
dconf = {
enable = true;
settings = {
"org/gnome/shell" = {
favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"];
# app-picker-layout =
# builtins.map (
# applications:
# lib.hm.gvariant (builtins.listToAttrs (lib.lists.imap0 (i: v: lib.attrsets.nameValuePair v (lib.hm.gvariant.mkVariant "{'position': <${i}>}")) applications))
# ) [
# [
# "org.gnome.Nautilus.desktop"
# "bitwarden.desktop"
# "firefox.desktop"
# "torbrowser.desktop"
# "chromium-browser.desktop"
# "codium.desktop"
# "idea-community.desktop"
# "org.gnome.TextEditor.desktop"
# "dbeaver.desktop"
# "bruno.desktop"
# "anki.desktop"
# "obsidian.desktop"
# "signal-desktop.desktop"
# "discord.desktop"
# "gimp.desktop"
# "org.inkscape.Inkscape.desktop"
# "org.kde.krita.desktop"
# "davinci-resolve.desktop"
# "com.obsproject.Studio.desktop"
# "org.freecad.FreeCAD.desktop"
# "makemkv.desktop"
# "easytag.desktop"
# "transmission-gtk.desktop"
# ]
# [
# "SteamVR.desktop"
# "Beat Saber.desktop"
# "Noun Town.desktop"
# "WEBFISHING.desktop"
# "Factorio.desktop"
# ]
# [
# "org.gnome.Settings.desktop"
# "org.gnome.SystemMonitor.desktop"
# "org.gnome.Snapshot.desktop"
# "org.gnome.Usage.desktop"
# "org.gnome.DiskUtility.desktop"
# "org.gnome.Evince.desktop"
# "org.gnome.fonts.desktop"
# "noisetorch.desktop"
# "nvidia-settings.desktop"
# "OpnRGB.desktop"
# "org.freedesktop.Piper.desktop"
# "via-nativia.desktop"
# "protonvpn-app.desktop"
# "simple-scan.desktop"
# ]
# ];
};
};
};
};
}

95
configurations/home-manager/leyla/default.nix Normal file
View file

@ -0,0 +1,95 @@
{
pkgs,
config,
osConfig,
...
}: {
imports = [
./packages
./i18n.nix
./impermanence.nix
./dconf.nix
];
config = {
impermanence.enable = osConfig.host.impermanence.enable;
# Home Manager needs a bit of information about you and the paths it should
# manage.
home = {
username = osConfig.host.users.leyla.name;
homeDirectory = osConfig.users.users.leyla.home;
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
stateVersion = "23.11"; # Please read the comment before changing.
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
"${config.xdg.configHome}/user-dirs.dirs" = {
force = true;
text = ''
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run.
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
#
XDG_DESKTOP_DIR="$HOME/desktop"
XDG_DOWNLOAD_DIR="$HOME/downloads"
XDG_DOCUMENTS_DIR="$HOME/documents"
XDG_TEMPLATES_DIR="$HOME/documents/templates"
XDG_MUSIC_DIR="$HOME/documents/music"
XDG_PICTURES_DIR="$HOME/documents/photos"
XDG_VIDEOS_DIR="$HOME/documents/videos"
XDG_PUBLICSHARE_DIR="$HOME/documents/public"
'';
};
};
keyboard.layout = "us,it,de";
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh
#
sessionVariables = {
# EDITOR = "emacs";
};
};
# TODO: move this into a fonts module
home.packages = with pkgs; [
aileron
];
fonts.fontconfig.enable = true;
};
}

12
configurations/home-manager/leyla/i18n.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
i18n = {
defaultLocale = "en_IE.UTF-8";
extraLocaleSettings = {
# LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now
# LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now
LC_MONETARY = "en_US.UTF-8"; # to be changed once I move
LC_PAPER = "en_US.UTF-8"; # convenient for american printers until I move
};
};
}

20
configurations/home-manager/leyla/impermanence.nix Normal file
View file

@ -0,0 +1,20 @@
{
lib,
config,
...
}: {
config = lib.mkIf (config.impermanence.enable) {
home.persistence."/persist/home/leyla" = {
directories = [
"desktop"
"downloads"
"documents"
];
files = [
".bash_history" # keep shell history around
"${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files
];
allowOther = true;
};
};
}

93
configurations/home-manager/leyla/packages/default.nix Normal file
View file

@ -0,0 +1,93 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
hardware = osConfig.host.hardware;
in {
imports = [
./vscode
./firefox
./direnv.nix
./openssh.nix
./git.nix
./makemkv.nix
];
config = lib.mkMerge [
{
programs = lib.mkMerge [
{
# Let Home Manager install and manage itself.
home-manager.enable = true;
}
(lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) {
bash.enable = true;
git.enable = true;
openssh.enable = true;
})
(lib.mkIf config.user.isDesktopUser {
bitwarden.enable = true;
obs-studio.enable = hardware.graphicsAcceleration.enable;
qbittorrent.enable = true;
prostudiomasters.enable = true;
protonvpn-gui.enable = true;
dbeaver-bin.enable = true;
bruno.enable = true;
piper.enable = hardware.piperMouse.enable;
proxmark3.enable = true;
openrgb.enable = hardware.openRGB.enable;
via.enable = hardware.viaKeyboard.enable;
claude-code.enable = osConfig.host.ai.enable;
davinci-resolve.enable = hardware.graphicsAcceleration.enable;
mfoc.enable = true;
})
(lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) {
anki.enable = true;
makemkv.enable = true;
discord.enable = true;
signal-desktop-bin.enable = true;
calibre.enable = true;
obsidian.enable = true;
jetbrains.idea-community.enable = true;
vscode.enable = true;
firefox.enable = true;
steam.enable = true;
krita.enable = true;
ungoogled-chromium.enable = true;
libreoffice.enable = true;
mapillary-uploader.enable = true;
inkscape.enable = true;
gimp.enable = true;
freecad.enable = true;
onionshare.enable = true;
pdfarranger.enable = true;
picard.enable = true;
qflipper.enable = true;
openvpn.enable = true;
noisetorch.enable = true;
tor-browser.enable = true;
gdx-liftoff.enable = true;
# polycule package is now working with Flutter 3.29
polycule.enable = true;
})
];
}
(lib.mkIf config.user.isTerminalUser {
home.packages = with pkgs; [
# command line tools
sox
yt-dlp
ffmpeg
imagemagick
];
})
(lib.mkIf config.user.isDesktopUser {
nixpkgs.config = {
allowUnfree = true;
};
})
];
}

22
configurations/home-manager/leyla/packages/direnv.nix Normal file
View file

@ -0,0 +1,22 @@
{
lib,
config,
osConfig,
...
}: let
userConfig = osConfig.host.users.leyla;
in {
config = lib.mkIf userConfig.isDesktopUser {
programs = {
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
config = {
global.hide_env_diff = true;
whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"];
};
};
};
};
}

149
configurations/home-manager/leyla/packages/firefox/bookmarks.nix Normal file
View file

@ -0,0 +1,149 @@
{...}: {
programs.firefox = {
profiles.leyla = {
bookmarks = {
force = true;
settings = [
# Personal Services
{
name = "Media";
url = "https://media.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Photos";
url = "https://photos.jan-leila.com";
keyword = "";
tags = [""];
}
{
name = "Git";
url = "https://git.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Home Automation";
url = "https://home.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Search";
url = "https://search.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Budget";
url = "https://budget.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Documents";
url = "https://documents.jan-leila.com/";
keyword = "";
tags = [""];
}
# Defiant Server Services
{
name = "QBittorrent";
url = "http://defiant:8084";
keyword = "";
tags = ["defiant"];
}
{
name = "Sonarr";
url = "http://defiant:8989";
keyword = "";
tags = ["defiant"];
}
{
name = "Radarr";
url = "http://defiant:7878";
keyword = "";
tags = ["defiant"];
}
{
name = "Bazarr";
url = "http://defiant:6767";
keyword = "";
tags = ["defiant"];
}
{
name = "Lidarr";
url = "http://defiant:8686";
keyword = "";
tags = ["defiant"];
}
{
name = "Jackett";
url = "http://defiant:9117";
keyword = "";
tags = ["defiant"];
}
{
name = "Crab-hole DNS";
url = "http://defiant:8085";
keyword = "";
tags = ["defiant"];
}
# External Services
{
name = "Mail";
url = "https://mail.protonmail.com";
keyword = "";
tags = [""];
}
{
name = "Open Street Map";
url = "https://www.openstreetmap.org/";
keyword = "";
tags = [""];
}
{
name = "Password Manager";
url = "https://vault.bitwarden.com/";
keyword = "";
tags = [""];
}
{
name = "Mastodon";
url = "https://mspsocial.net";
keyword = "";
tags = [""];
}
{
name = "Linked In";
url = "https://www.linkedin.com/";
keyword = "";
tags = [""];
}
{
name = "Job Search";
url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1";
keyword = "";
tags = [""];
}
{
name = "React Docs";
url = "https://react.dev/";
keyword = "";
tags = [""];
}
# Template
# {
# name = "";
# url = "";
# keyword = "";
# tags = [""];
# }
];
};
};
};
}

18
configurations/home-manager/leyla/packages/firefox/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
lib,
pkgs,
inputs,
...
}: {
imports = [
./firefox.nix
./bookmarks.nix
./harden.nix
];
config = {
programs.firefox = {
enable = true;
};
};
}

221
configurations/home-manager/leyla/packages/firefox/firefox.nix Normal file
View file

@ -0,0 +1,221 @@
{
lib,
pkgs,
inputs,
...
}: {
programs.firefox = {
profiles.leyla = {
settings = {
"browser.search.defaultenginename" = "Searx";
"browser.search.order.1" = "Searx";
};
search = {
force = true;
default = "Searx";
engines = {
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"];
};
"NixOS Wiki" = {
urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}];
icon = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@nw"];
};
"Searx" = {
urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}];
icon = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@searx"];
};
};
};
extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [
bitwarden
terms-of-service-didnt-read
multi-account-containers
shinigami-eyes
ublock-origin
sponsorblock
dearrow
df-youtube
return-youtube-dislikes
privacy-badger
decentraleyes
clearurls
localcdn
snowflake
deutsch-de-language-pack
dictionary-german
tab-session-manager
# (\
# buildFirefoxXpiAddon rec {\
# pname = "italiano-it-language-pack";\
# version = "132.0.20241110.231641";\
# addonId = "langpack-it@firefox.mozilla.org";\
# url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";\
# sha256 = "";\
# meta = with lib;\
# {\
# description = "Firefox Language Pack for Italiano (it) Italian";\
# license = licenses.mpl20;\
# mozPermissions = [];\
# platforms = platforms.all;\
# };\
# }\
# )\
# (\
# buildFirefoxXpiAddon rec {\
# pname = "dizionario-italiano";\
# version = "5.1";\
# addonId = "it-IT@dictionaries.addons.mozilla.org";\
# url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";\
# sha256 = "";\
# meta = with lib;\
# {\
# description = "Add support for Italian to spellchecking";\
# license = licenses.gpl3;\
# mozPermissions = [];\
# platforms = platforms.all;\
# };\
# }\
# )\
];
settings = {
# Disable irritating first-run stuff
"browser.disableResetPrompt" = true;
"browser.download.panel.shown" = true;
"browser.feeds.showFirstRunUI" = false;
"browser.messaging-system.whatsNewPanel.enabled" = false;
"browser.rights.3.shown" = true;
"browser.shell.checkDefaultBrowser" = false;
"browser.shell.defaultBrowserCheckCount" = 1;
"browser.startup.homepage_override.mstone" = "ignore";
"browser.uitour.enabled" = false;
"startup.homepage_override_url" = "";
"trailhead.firstrun.didSeeAboutWelcome" = true;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.bookmarks.addedImportButton" = true;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
# Usage Experience
"browser.startup.homepage" = "about:home";
"browser.download.useDownloadDir" = false;
"browser.uiCustomization.state" = builtins.toJSON {
"currentVersion" = 20;
"newElementCount" = 6;
"dirtyAreaCache" = [
"nav-bar"
"PersonalToolbar"
"toolbar-menubar"
"TabsToolbar"
"unified-extensions-area"
"vertical-tabs"
];
"placements" = {
"widget-overflow-fixed-list" = [];
"unified-extensions-area" = [
# bitwarden
"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action"
"ublock0_raymondhill_net-browser-action"
"sponsorblocker_ajay_app-browser-action"
"dearrow_ajay_app-browser-action"
"jid1-mnnxcxisbpnsxq_jetpack-browser-action"
"_testpilot-containers-browser-action"
"addon_simplelogin-browser-action"
"_74145f27-f039-47ce-a470-a662b129930a_-browser-action"
"jid1-bofifl9vbdl2zq_jetpack-browser-action"
"dfyoutube_example_com-browser-action"
"_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action"
"_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action"
"_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action"
"jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action"
];
"nav-bar" = [
"back-button"
"forward-button"
"stop-reload-button"
"urlbar-container"
"downloads-button"
"unified-extensions-button"
"reset-pbm-toolbar-button"
];
"toolbar-menubar" = [
"menubar-items"
];
"TabsToolbar" = [
"firefox-view-button"
"tabbrowser-tabs"
"new-tab-button"
"alltabs-button"
];
"vertical-tabs" = [];
"PersonalToolbar" = [
"import-button"
"personal-bookmarks"
];
};
"seen" = [
"save-to-pocket-button"
"developer-button"
"privacy_privacy_com-browser-action"
"sponsorblocker_ajay_app-browser-action"
"ublock0_raymondhill_net-browser-action"
"addon_simplelogin-browser-action"
"dearrow_ajay_app-browser-action"
"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action"
"_74145f27-f039-47ce-a470-a662b129930a_-browser-action"
"jid1-bofifl9vbdl2zq_jetpack-browser-action"
"dfyoutube_example_com-browser-action"
"_testpilot-containers-browser-action"
"_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action"
"jid1-mnnxcxisbpnsxq_jetpack-browser-action"
"_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action"
"_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action"
"jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action"
];
};
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false;
"browser.newtabpage.blocked" = lib.genAttrs [
# Facebook
"4gPpjkxgZzXPVtuEoAL9Ig=="
# Reddit
"gLv0ja2RYVgxKdp0I5qwvA=="
# Amazon
"K00ILysCaEq8+bEqV/3nuw=="
# Twitter
"T9nJot5PurhJSy8n038xGA=="
] (_: 1);
"identity.fxaccounts.enabled" = false;
};
};
};
}

50
configurations/home-manager/leyla/packages/firefox/harden.nix Normal file
View file

@ -0,0 +1,50 @@
{...}: {
programs.firefox = {
profiles.leyla = {
settings = {
# Security
"privacy.trackingprotection.enabled" = true;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_pbm" = true;
"dom.security.https_only_mode_error_page_user_suggestions" = true;
# Privacy & Data Protection
"extensions.formautofill.addresses.enabled" = false;
"extensions.formautofill.creditCards.enabled" = false;
"signon.rememberSignons" = false;
"privacy.sanitize.sanitizeOnShutdown" = true;
"privacy.clearOnShutdown_v2.cache" = true;
"privacy.clearOnShutdown_v2.cookiesAndStorage" = true;
"privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true;
"urlclassifier.trackingSkipURLs" = "";
"urlclassifier.features.socialtracking.skipURLs" = "";
# Disable telemetry and data collection
"app.shield.optoutstudies.enabled" = false;
"browser.discovery.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.ping-centre.telemetry" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.sessions.current.clean" = true;
"devtools.onboarding.telemetry.logged" = false;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.prompted" = 2;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
"toolkit.telemetry.server" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.unifiedIsOptIn" = false;
"toolkit.telemetry.updatePing.enabled" = false;
};
};
};
}

13
configurations/home-manager/leyla/packages/git.nix Normal file
View file

@ -0,0 +1,13 @@
{...}: {
config = {
programs = {
git = {
settings = {
user.name = "Leyla Becker";
user.email = "git@jan-leila.com";
init.defaultBranch = "main";
};
};
};
};
}

17
configurations/home-manager/leyla/packages/makemkv.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
inputs,
...
}: {
config = {
sops.secrets = {
"application-keys/makemkv" = {
sopsFile = "${inputs.secrets}/application-keys.yaml";
};
};
programs.makemkv = {
appKeyFile = config.sops.placeholder."application-keys/makemkv";
destinationDir = "/home/leyla/downloads/makemkv";
};
};
}

23
configurations/home-manager/leyla/packages/openssh.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
osConfig,
...
}: {
config = {
programs = {
openssh = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
];
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
};
};
}

136
configurations/home-manager/leyla/packages/vscode/default.nix Normal file
View file

@ -0,0 +1,136 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
nix-development-enabled = osConfig.host.nix-development.enable;
ai-tooling-enabled = osConfig.host.ai.enable;
in {
imports = [
./user-words.nix
];
config = lib.mkIf config.user.isDesktopUser {
programs = {
bash.shellAliases = {
code = "codium";
};
vscode = {
package = pkgs.vscodium;
mutableExtensionsDir = false;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
userSettings = lib.mkMerge [
{
"javascript.updateImportsOnFileMove.enabled" = "always";
"editor.tabSize" = 2;
"editor.insertSpaces" = false;
# "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace";
}
];
extraExtensions = {
# vs code feel
oneDark.enable = true;
atomKeybindings.enable = true;
openRemoteSsh.enable = true;
# openDyslexicFont.enable = false;
# html development
autoRenameTag.enable = true;
liveServer.enable = true;
# js development
es7ReactJsSnippets.enable = true;
tauriVscode.enable = true;
vscodeEslint.enable = true;
vscodeJest.enable = true;
vitest.enable = true;
vscodeStandard.enable = true;
vscodeStylelint.enable = true;
nearley.enable = true;
# astro development
vscodeMdx.enable = true;
astroVscode.enable = true;
# nix development
alejandra.enable = nix-development-enabled;
nixIde.enable = nix-development-enabled;
# go development
go.enable = true;
# rust development
rustAnalyzer.enable = true;
# claude development
claudeDev = lib.mkIf ai-tooling-enabled {
enable = true;
mcp = {
nixos = {
enable = true;
autoApprove = {
nixos_search = true;
nixos_info = true;
home_manager_search = true;
home_manager_info = true;
darwin_search = true;
darwin_info = true;
nixos_flakes_search = true;
};
};
eslint = {
enable = true;
autoApprove = {
lint-files = true;
};
};
vitest = {
enable = true;
autoApprove = {
list_tests = true;
run_tests = true;
analyze_coverage = true;
set_project_root = true;
};
};
sleep = {
enable = true;
timeout = 18000; # 5 hours to match claude codes timeout
autoApprove = {
sleep = true;
};
};
};
};
# misc extensions
evenBetterToml.enable = true;
direnv.enable = config.programs.direnv.enable;
conventionalCommits.enable = true;
};
extensions = let
extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
in (
with extension-pkgs.open-vsx; [
# vs code feel extensions
streetsidesoftware.code-spell-checker
streetsidesoftware.code-spell-checker-german
streetsidesoftware.code-spell-checker-italian
]
);
};
};
};
};
}

126
configurations/home-manager/leyla/packages/vscode/user-words.nix Normal file
View file

@ -0,0 +1,126 @@
{
pkgs,
lib,
...
}: {
config.programs.vscode.profiles.default.userSettings = {
"cSpell.userWords" = [
"leyla"
];
"cSpell.languageSettings" = [
{
"languageId" = "nix";
"locale" = "*";
"dictionaries" = [
"applications"
"ai-words"
"nix-words"
# We need to include all other dictionaries in the nix language settings because they exist in this file
# TODO: see if there is a way to make this only apply for this file
"js-words"
];
}
{
"languageId" = "javascript,typescript,js,ts";
"locale" = "*";
"dictionaries" = [
"js-words"
];
}
];
"cSpell.customDictionaries" = {
applications = {
name = "applications";
description = "application names";
path = pkgs.writeText "applications.txt" (lib.strings.concatLines [
"ollama"
"syncthing"
"immich"
"sonos"
"makemkv"
"hass"
"qbittorent"
"prostudiomasters"
"protonmail"
"pulseaudio"
]);
};
ai-words = {
name = "ai-words";
description = "common words used for ai development";
path = pkgs.writeText "ai-words.txt" (lib.strings.concatLines [
"ollama"
"deepseek"
"qwen"
]);
};
nix-words = {
name = "nix-words";
description = "words used in nix configurations";
path = pkgs.writeText "nix-words.txt" (lib.strings.concatLines [
"pname"
"direnv"
"tmpfiles"
"Networkd"
"networkmanager"
"dialout"
"adbusers"
"authkey"
"netdevs"
"atomix"
"geary"
"gedit"
"hitori"
"iagno"
"alsa"
"timezoned"
"pipewire"
"rtkit"
"disko"
"ashift"
"autotrim"
"canmount"
"mountpoint"
"xattr"
"acltype"
"relatime"
"keyformat"
"keylocation"
"vdevs"
# codium extensions
"akamud"
"onedark"
"jeanp"
"dsznajder"
"dbaeumer"
"orta"
"tauri"
"unifiedjs"
"tamasfe"
"pinage"
"jnoortheen"
"kamadorueda"
"karyfoundation"
"nearley"
# nix.optimise is spelled wrong
"optimise"
]);
};
js-words = {
name = "js-words";
description = "words used in js development";
path = pkgs.writeText "js-words.txt" (lib.strings.concatLines [
"webdav"
]);
};
};
};
}

19
configurations/installer/basic/configuration.nix Normal file
View file

@ -0,0 +1,19 @@
{
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")];
systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host"
];
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
networking.hostName = "installer";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

5
configurations/installer/basic/default.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
imports = [
./configuration.nix
];
}

413
configurations/nixos/defiant/configuration.nix Normal file
View file

@ -0,0 +1,413 @@
# server nas
{
inputs,
config,
...
}: {
sops.secrets = {
"vpn-keys/tailscale-authkey/defiant" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
};
"vpn-keys/proton-wireguard/defiant-p2p" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
mode = "0640";
owner = "root";
group = "systemd-network";
};
"services/zfs_smtp_token" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
};
"services/paperless_password" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
mode = "0700";
owner = "paperless";
group = "paperless";
};
};
host = {
users = {
leyla = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
};
impermanence.enable = true;
storage = {
enable = true;
encryption = true;
notifications = {
enable = true;
host = "smtp.protonmail.ch";
port = 587;
to = "leyla@jan-leila.com";
user = "noreply@jan-leila.com";
tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
};
pool = {
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"];
vdevs = [
[
"ata-ST18000NE000-3G6101_ZVTCXVEB"
"ata-ST18000NE000-3G6101_ZVTCXWSC"
"ata-ST18000NE000-3G6101_ZVTD10EH"
"ata-ST18000NT001-3NF101_ZVTE0S3Q"
"ata-ST18000NT001-3NF101_ZVTEF27J"
"ata-ST18000NE000-3G6101_ZVTJ7359"
]
[
"ata-ST4000NE001-2MA101_WS2275P3"
"ata-ST4000NE001-2MA101_WS227B9F"
"ata-ST4000NE001-2MA101_WS227CEW"
"ata-ST4000NE001-2MA101_WS227CYN"
"ata-ST4000NE001-2MA101_WS23TBWV"
"ata-ST4000NE001-2MA101_WS23TC5F"
]
];
cache = [
"nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"
];
};
};
network_storage = {
enable = true;
directories = [
{
folder = "leyla_documents";
user = "leyla";
group = "leyla";
bind = "/home/leyla/documents";
}
{
folder = "eve_documents";
user = "eve";
group = "eve";
}
{
folder = "users_documents";
user = "root";
group = "users";
}
{
folder = "media";
user = "jellyfin";
group = "jellyfin_media";
bind = config.services.jellyfin.media_directory;
}
];
nfs = {
enable = true;
directories = ["leyla_documents" "eve_documents" "users_documents" "media"];
};
};
};
systemd.network = {
enable = true;
netdevs = {
"10-bond0" = {
netdevConfig = {
Kind = "bond";
Name = "bond0";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer3+4";
};
};
"20-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
ListenPort = 51820;
};
wireguardPeers = [
{
PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
Endpoint = "185.230.126.146:51820";
# Allow all traffic but use policy routing to prevent system-wide VPN
AllowedIPs = ["0.0.0.0/0"];
}
];
};
};
networks = {
"40-bond0" = {
matchConfig.Name = "bond0";
linkConfig = {
RequiredForOnline = "degraded-carrier";
RequiredFamilyForOnline = "any";
};
networkConfig.DHCP = "yes";
address = [
"192.168.1.10/32"
];
# Set lower priority for default gateway to allow WireGuard interface binding
routes = [
{
Destination = "0.0.0.0/0";
Gateway = "192.168.1.1";
Metric = 100;
}
];
dns = ["192.168.1.1"];
};
"50-wg0" = {
matchConfig.Name = "wg0";
networkConfig = {
DHCP = "no";
};
address = [
"10.2.0.2/32"
];
# Configure routing for application binding
routingPolicyRules = [
{
# Route traffic from VPN interface through VPN table
From = "10.2.0.2/32";
Table = 200;
Priority = 100;
}
];
routes = [
{
# Direct route to VPN gateway
Destination = "10.2.0.1/32";
Scope = "link";
}
{
# Route VPN subnet through VPN gateway in custom table
Destination = "10.2.0.0/16";
Gateway = "10.2.0.1";
Table = 200;
}
{
# Route all traffic through VPN gateway in custom table
Destination = "0.0.0.0/0";
Gateway = "10.2.0.1";
Table = 200;
}
];
};
};
};
# limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory
boot.kernelParams = ["zfs.zfs_arc_max=53687091200"];
# Enable policy routing and source routing for application-specific VPN binding
boot.kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
"net.ipv4.conf.wg0.rp_filter" = 2;
};
services = {
# PostgreSQL database server
postgresql = {
enable = true;
adminUsers = ["leyla"];
};
# temp enable desktop environment for setup
# Enable the X11 windowing system.
xserver.enable = true;
# Enable the GNOME Desktop Environment.
displayManager = {
gdm.enable = true;
};
desktopManager = {
gnome.enable = true;
};
# Enable new reverse proxy system
reverseProxy = {
enable = true;
openFirewall = true;
acme = {
enable = true;
email = "jan-leila@protonmail.com";
};
};
ollama = {
enable = true;
exposePort = true;
acceleration = false;
environmentVariables = {
OLLAMA_KEEP_ALIVE = "24h";
};
loadModels = [
# conversation models
"llama3.1:8b"
"deepseek-r1:8b"
"deepseek-r1:32b"
"deepseek-r1:70b"
# auto complete models
"qwen2.5-coder:1.5b-base"
"qwen2.5-coder:7b"
"deepseek-coder:6.7b"
"deepseek-coder:33b"
# agent models
"qwen3:8b"
"qwen3:32b"
"qwen3:235b-a22b"
"qwen3-coder:30b"
"qwen3-coder:30b-a3b-fp16"
# embedding models
"nomic-embed-text:latest"
];
};
tailscale = {
enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path;
useRoutingFeatures = "server";
extraUpFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
"--accept-dns=false"
];
extraSetFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
"--accept-dns=false"
];
};
syncthing.enable = true;
fail2ban.enable = true;
jellyfin = {
enable = true;
domain = "media.jan-leila.com";
extraDomains = ["jellyfin.jan-leila.com"];
};
immich = {
enable = true;
domain = "photos.jan-leila.com";
};
forgejo = {
enable = true;
reverseProxy.domain = "git.jan-leila.com";
};
searx = {
enable = true;
domain = "search.jan-leila.com";
};
actual = {
enable = true;
domain = "budget.jan-leila.com";
};
home-assistant = {
enable = true;
domain = "home.jan-leila.com";
openFirewall = true;
postgres.enable = true;
extensions = {
sonos.enable = true;
jellyfin.enable = true;
wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper
};
};
paperless = {
enable = true;
domain = "documents.jan-leila.com";
passwordFile = config.sops.secrets."services/paperless_password".path;
};
panoramax = {
enable = false;
openFirewall = true;
};
crab-hole = {
enable = true;
port = 8085;
openFirewall = true;
show_doc = true;
downstreams = {
host = {
enable = true;
openFirewall = true;
};
};
upstreams.cloudFlare.enable = true;
blocklists.ad_malware.enable = true;
};
qbittorrent = {
enable = true;
mediaDir = "/srv/qbittorent";
openFirewall = true;
webuiPort = 8084;
};
sonarr = {
enable = true;
openFirewall = true;
};
radarr = {
enable = true;
openFirewall = true;
};
bazarr = {
enable = true;
openFirewall = true;
};
lidarr = {
enable = true;
openFirewall = true;
};
jackett = {
enable = true;
openFirewall = true;
};
flaresolverr = {
enable = true;
openFirewall = true;
};
};
# disable computer sleeping
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
services.displayManager.gdm.autoSuspend = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

8
configurations/nixos/defiant/default.nix Normal file
View file

@ -0,0 +1,8 @@
# server nas
{...}: {
imports = [
./hardware-configuration.nix
./configuration.nix
./packages.nix
];
}

63
configurations/nixos/defiant/hardware-configuration.nix Normal file
View file

@ -0,0 +1,63 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
supportedFilesystems = ["zfs"];
zfs.extraPools = ["rpool"];
};
networking = {
hostName = "defiant"; # Define your hostname.
hostId = "c51763d6";
useNetworkd = true;
};
systemd.network = {
enable = true;
networks = {
"30-eno1" = {
matchConfig.Name = "eno1";
networkConfig.Bond = "bond0";
};
"30-eno2" = {
matchConfig.Name = "eno2";
networkConfig.Bond = "bond0";
};
};
};
networking.networkmanager.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
# TODO: hardware graphics
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

9
configurations/nixos/defiant/packages.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
ffsubsync
sox
yt-dlp
ffmpeg
imagemagick
];
}

167
configurations/nixos/emergent/configuration.nix Normal file
View file

@ -0,0 +1,167 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
pkgs,
...
}: {
imports = [
./nvidia-drivers.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable wacom touchscreen device
services.xserver.wacom.enable = true;
# installed opentabletdriver
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
# Enable the GNOME Desktop Environment.
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
host = {
ai.enable = true;
users = {
eve = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
};
hardware = {
piperMouse.enable = true;
};
storage = {
enable = true;
pool = {
mode = "";
drives = ["wwn-0x5000039fd0cf05eb"];
};
};
};
services.tailscale.enable = true;
# We were having weird build errors so this is disabled right now
# error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option
services.syncthing.enable = false;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# tree
# ];
# };
# programs.firefox.enable = true;
nixpkgs.config.allowUnfree = true;
# Packages that can be installed without any extra configuration
# See https://search.nixos.org/packages for all options
environment.systemPackages = with pkgs; [
wget
];
# Packages that need to be installed with some extra configuration
# See https://search.nixos.org/options for all options
programs = {};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
hostId = "7e35eb97"; # arbitrary id number generated via this command: `head -c4 /dev/urandom | od -A none -t x4`
hostName = "emergent"; # Define your hostname.
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}

7
configurations/nixos/emergent/default.nix Normal file
View file

@ -0,0 +1,7 @@
# evs desktop
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
];
}

32
configurations/nixos/emergent/hardware-configuration.nix Normal file
View file

@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

51
configurations/nixos/emergent/nvidia-drivers.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}: {
# Enable OpenGL
hardware.graphics = {
enable = true;
};
# Load nvidia driver for Xorg and Wayland
services = {
xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
};
# Use X instead of wayland
displayManager.gdm.wayland = false;
};
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

158
configurations/nixos/horizon/configuration.nix Normal file
View file

@ -0,0 +1,158 @@
{
lib,
pkgs,
config,
inputs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.framework-11th-gen-intel
];
nixpkgs.config.allowUnfree = true;
boot = {
initrd = {
availableKernelModules = ["usb_storage" "sd_mod"];
};
kernelModules = ["sg"];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
host = {
users = {
leyla = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
eve.isDesktopUser = true;
ivy.isDesktopUser = true;
};
hardware = {
directAccess.enable = true;
};
ai = {
enable = true;
models = {
"Llama 3.1 8B" = {
model = "llama3.1:8b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek Coder:6.7B" = {
model = "deepseek-coder:6.7b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek Coder:33B" = {
model = "deepseek-coder:33b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek r1:8B" = {
model = "deepseek-r1:8b";
roles = ["chat"];
apiBase = "http://defiant:11434";
};
"Deepseek r1:32B" = {
model = "deepseek-r1:32b";
roles = ["chat"];
apiBase = "http://defiant:11434";
};
"qwen2.5-coder:1.5b-base" = {
model = "qwen2.5-coder:1.5b-base";
roles = ["autocomplete"];
apiBase = "http://defiant:11434";
};
"nomic-embed-text:latest" = {
model = "nomic-embed-text:latest";
roles = ["embed"];
apiBase = "http://defiant:11434";
};
};
};
};
environment.systemPackages = with pkgs; [
cachefilesd
webtoon-dl
];
services.cachefilesd.enable = true;
programs = {
adb.enable = true;
};
networking = {
networkmanager.enable = true;
hostName = "horizon"; # Define your hostname.
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {
graphics.enable = true;
};
sops.secrets = {
"vpn-keys/tailscale-authkey/horizon" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
};
};
services = {
# sudo fprintd-enroll
fprintd = {
enable = true;
};
# firmware update tool
fwupd = {
enable = true;
};
tailscale = {
enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path;
useRoutingFeatures = "client";
};
syncthing.enable = true;
ollama = {
enable = true;
loadModels = [
"llama3.1:8b"
];
};
};
# Enable network-online.target for better network dependency handling
systemd.services.NetworkManager-wait-online.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

8
configurations/nixos/horizon/default.nix Normal file
View file

@ -0,0 +1,8 @@
# leyla laptop
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
# ./network-mount.nix
];
}

45
configurations/nixos/horizon/hardware-configuration.nix Normal file
View file

@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/E138-65B5";
fsType = "vfat";
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

76
configurations/nixos/horizon/network-mount.nix Normal file
View file

@ -0,0 +1,76 @@
{...}: {
boot.supportedFilesystems = ["nfs"];
fileSystems = {
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr" # Allow interruption of NFS calls
"timeo=30" # 3 second timeout (30 deciseconds)
"retrans=2" # Only 2 retries before giving up
"x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile
"x-systemd.device-timeout=15" # 15 second device timeout
"bg" # Background mount - don't block boot
"fsc" # Enable caching
"_netdev" # Network device - wait for network
"x-systemd.requires=network-online.target" # Require network to be online
"x-systemd.after=network-online.target" # Start after network is online
"x-systemd.mount-timeout=30" # 30 second mount timeout
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"nofail"
"soft"
"intr"
"timeo=30"
"retrans=2"
"x-systemd.idle-timeout=300"
"x-systemd.device-timeout=15"
"bg"
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
"x-systemd.mount-timeout=30"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr"
"timeo=30"
"retrans=2"
"x-systemd.idle-timeout=300"
"x-systemd.device-timeout=15"
"bg"
# Mobile-optimized read settings
"rsize=8192" # Smaller read size for mobile
"wsize=8192" # Smaller write size for mobile
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
"x-systemd.mount-timeout=30"
];
};
};
}

160
configurations/nixos/twilight/configuration.nix Normal file
View file

@ -0,0 +1,160 @@
{
inputs,
config,
pkgs,
...
}: {
imports = [
./monitors.nix
];
nixpkgs.config.allowUnfree = true;
boot.initrd.availableKernelModules = ["usb_storage"];
boot.kernelModules = ["sg"];
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
sops.secrets = {
"vpn-keys/tailscale-authkey/twilight" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
};
};
host = {
users = {
leyla = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
eve.isDesktopUser = true;
};
hardware = {
piperMouse.enable = true;
viaKeyboard.enable = true;
openRGB.enable = true;
graphicsAcceleration.enable = true;
directAccess.enable = true;
};
ai = {
enable = true;
# TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant
models = {
# conversation models
"Llama 3.1 8B" = {
model = "lamma3.1:8b";
roles = ["chat" "edit" "apply"];
};
"deepseek-r1:8b" = {
model = "deepseek-r1:8b";
roles = ["chat" "edit" "apply"];
};
"deepseek-r1:32b" = {
model = "deepseek-r1:32b";
roles = ["chat" "edit" "apply"];
};
# auto complete models
"qwen2.5-coder:1.5b-base" = {
model = "qwen2.5-coder:1.5b-base";
roles = ["autocomplete"];
};
"qwen2.5-coder:7b" = {
model = "qwen2.5-coder:7b";
roles = ["autocomplete"];
};
"deepseek-coder:6.7b" = {
model = "deepseek-coder:6.7b";
roles = ["autocomplete"];
};
"deepseek-coder:33b" = {
model = "deepseek-coder:33b";
roles = ["autocomplete"];
};
# agent models
"qwen3:32b" = {
model = "qwen3:32b";
roles = ["chat" "edit" "apply"];
};
# embedding models
"nomic-embed-text:latest" = {
model = "nomic-embed-text:latest";
roles = ["embed"];
};
};
};
};
services = {
ollama = {
enable = true;
exposePort = true;
loadModels = [
# conversation models
"llama3.1:8b"
"deepseek-r1:8b"
"deepseek-r1:32b"
# auto complete models
"qwen2.5-coder:1.5b-base"
"qwen2.5-coder:7b"
"deepseek-coder:6.7b"
"deepseek-coder:33b"
# agent models
"qwen3:32b"
# embedding models
"nomic-embed-text:latest"
];
};
tailscale = {
enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/twilight".path;
useRoutingFeatures = "both";
extraUpFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
];
extraSetFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
];
};
syncthing.enable = true;
};
# Enable network-online.target for better network dependency handling
systemd.services.NetworkManager-wait-online.enable = true;
environment.systemPackages = with pkgs; [
cachefilesd
];
hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index
networking = {
networkmanager.enable = true;
hostName = "twilight"; # Define your hostname.
};
# enabled virtualisation for docker
# virtualisation.docker.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

9
configurations/nixos/twilight/default.nix Normal file
View file

@ -0,0 +1,9 @@
# leyla desktop
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
./nvidia-drivers.nix
# ./network-mount.nix
];
}

42
configurations/nixos/twilight/hardware-configuration.nix Normal file
View file

@ -0,0 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/3006-3867";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

199
configurations/nixos/twilight/monitors.nix Normal file
View file

@ -0,0 +1,199 @@
{pkgs, ...}: {
systemd.tmpfiles.rules = [
"L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" ''
<monitors version="2">
<configuration>
<logicalmonitor>
<x>0</x>
<y>156</y>
<scale>1</scale>
<monitor>
<monitorspec>
<connector>DP-4</connector>
<vendor>DEL</vendor>
<product>DELL U2719D</product>
<serial>8RGXNS2</serial>
</monitorspec>
<mode>
<width>2560</width>
<height>1440</height>
<rate>59.951</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>2560</x>
<y>324</y>
<scale>1</scale>
<primary>yes</primary>
<monitor>
<monitorspec>
<connector>DP-2</connector>
<vendor>GSM</vendor>
<product>LG ULTRAGEAR</product>
<serial>0x00068c96</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1080</height>
<rate>240.001</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>4480</x>
<y>0</y>
<scale>1</scale>
<transform>
<rotation>left</rotation>
<flipped>no</flipped>
</transform>
<monitor>
<monitorspec>
<connector>HDMI-0</connector>
<vendor>HWP</vendor>
<product>HP w2207</product>
<serial>CND7332S88</serial>
</monitorspec>
<mode>
<width>1600</width>
<height>1000</height>
<rate>59.999</rate>
</mode>
</monitor>
</logicalmonitor>
</configuration>
<configuration>
<logicalmonitor>
<x>0</x>
<y>0</y>
<scale>1</scale>
<primary>yes</primary>
<monitor>
<monitorspec>
<connector>DP-1</connector>
<vendor>DEL</vendor>
<product>DELL U2719D</product>
<serial>8RGXNS2</serial>
</monitorspec>
<mode>
<width>2560</width>
<height>1440</height>
<rate>59.951</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>4480</x>
<y>226</y>
<scale>1</scale>
<transform>
<rotation>left</rotation>
<flipped>no</flipped>
</transform>
<monitor>
<monitorspec>
<connector>HDMI-1</connector>
<vendor>HWP</vendor>
<product>HP w2207</product>
<serial>CND7332S88</serial>
</monitorspec>
<mode>
<width>1680</width>
<height>1050</height>
<rate>59.954</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>2560</x>
<y>226</y>
<scale>1</scale>
<monitor>
<monitorspec>
<connector>DP-2</connector>
<vendor>GSM</vendor>
<product>LG ULTRAGEAR</product>
<serial>0x00068c96</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1080</height>
<rate>240.001</rate>
</mode>
</monitor>
</logicalmonitor>
</configuration>
<configuration>
<logicalmonitor>
<x>2560</x>
<y>228</y>
<scale>1</scale>
<primary>yes</primary>
<monitor>
<monitorspec>
<connector>DP-2</connector>
<vendor>GSM</vendor>
<product>LG ULTRAGEAR</product>
<serial>0x00068c96</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1080</height>
<rate>240.001</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>4480</x>
<y>69</y>
<scale>1</scale>
<transform>
<rotation>left</rotation>
<flipped>no</flipped>
</transform>
<monitor>
<monitorspec>
<connector>HDMI-1</connector>
<vendor>HWP</vendor>
<product>HP w2207</product>
<serial>CND7332S88</serial>
</monitorspec>
<mode>
<width>1680</width>
<height>1050</height>
<rate>59.954</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>0</x>
<y>0</y>
<scale>1</scale>
<monitor>
<monitorspec>
<connector>DP-3</connector>
<vendor>DEL</vendor>
<product>DELL U2719D</product>
<serial>8RGXNS2</serial>
</monitorspec>
<mode>
<width>2560</width>
<height>1440</height>
<rate>59.951</rate>
</mode>
</monitor>
</logicalmonitor>
<disabled>
<monitorspec>
<connector>None-1</connector>
<vendor>unknown</vendor>
<product>unknown</product>
<serial>unknown</serial>
</monitorspec>
</disabled>
</configuration>
</monitors>
''}"
];
}

72
configurations/nixos/twilight/network-mount.nix Normal file
View file

@ -0,0 +1,72 @@
{...}: {
boot.supportedFilesystems = ["nfs"];
fileSystems = {
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr" # Allow interruption of NFS calls
"timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile
"retrans=3" # 3 retries for desktop
"x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop
"x-systemd.device-timeout=30" # 30 second device timeout
"bg" # Background mount - don't block boot
"fsc" # Enable caching
"_netdev" # Network device - wait for network
"x-systemd.requires=network-online.target" # Require network to be online
"x-systemd.after=network-online.target" # Start after network is online
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"nofail"
"soft"
"intr"
"timeo=50"
"retrans=3"
"x-systemd.idle-timeout=600"
"bg"
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr"
"timeo=50"
"retrans=3"
"x-systemd.idle-timeout=600"
"x-systemd.device-timeout=30"
"bg"
# Desktop-optimized read settings
"rsize=32768" # Larger read size for desktop
"wsize=32768" # Larger write size for desktop
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
];
};
};
}

47
configurations/nixos/twilight/nvidia-drivers.nix Normal file
View file

@ -0,0 +1,47 @@
{config, ...}: {
services = {
xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
};
# Use X instead of wayland for gaming reasons
displayManager.gdm.wayland = false;
};
hardware = {
# Enable OpenGL
graphics.enable = true;
# install graphics drivers
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
};
};
}

119
configurations/syncthing/default.nix Normal file
View file

@ -0,0 +1,119 @@
{config, ...}: {
folders = {
leyla_documents = {
id = "hvrj0-9bm1p";
};
leyla_calendar = {
id = "8oatl-1rv6w";
};
leyla_supernote_notes = {
id = "dwbuv-zffnf";
};
eve_records = {
id = "by6at-d4h9n";
};
share = {
id = "73ot0-cxmkx";
};
};
devices = {
defiant = {
id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR";
folders = {
leyla_documents = {
folder = config.folders.leyla_documents;
path = "/mnt/sync/leyla/documents";
};
leyla_calendar = {
folder = config.folders.leyla_calendar;
path = "/mnt/sync/leyla/calendar";
};
leyla_supernote_notes = {
folder = config.folders.leyla_supernote_notes;
path = "/mnt/sync/leyla/notes";
};
eve_records = {
folder = config.folders.eve_records;
path = "/mnt/sync/eve/records";
};
share = {
folder = config.folders.share;
path = "/mnt/sync/default/share";
};
};
};
twilight = {
id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN";
folders = {
leyla_documents = {
folder = config.folders.leyla_documents;
path = "/mnt/sync/leyla/documents";
};
share = {
folder = config.folders.share;
path = "/mnt/sync/default/share";
};
};
};
horizon = {
id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS";
folders = {
leyla_documents = {
folder = config.folders.leyla_documents;
path = "/mnt/sync/leyla/documents";
};
share = {
folder = config.folders.share;
path = "/mnt/sync/default/share";
};
};
};
coven = {
id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5";
folders = {
leyla_documents = {
folder = config.folders.leyla_documents;
};
share = {
folder = config.folders.share;
};
};
};
ceder = {
id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA";
folders = {
share = {
folder = config.folders.share;
};
leyla_documents = {
folder = config.folders.leyla_documents;
};
leyla_calendar = {
folder = config.folders.leyla_calendar;
};
leyla_notes = {
folder = config.folders.leyla_supernote_notes;
};
};
};
emergent = {
id = "6MIDMKJ-7IFHXVX-FIR3YTB-KVE75LN-PA6IOTN-I257LWR-MMC4K6C-5H4SHQN";
folders = {
eve_records = {
folder = config.folders.eve_records;
};
share = {
folder = config.folders.share;
};
};
};
shale = {
id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM";
folders = {
share = {
folder = config.folders.share;
};
};
};
};
}

1
const/sops_age_key_directory.nix Normal file
View file

@ -0,0 +1 @@
"/var/lib/sops-nix"

60
enviroments/client/default.nix
View file

@ -1,60 +0,0 @@
{ pkgs, ... }:
{
imports = [
../common
];
services = {
# Enable CUPS to print documents.
printing.enable = true;
xserver = {
# Enable the X11 windowing system.
enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager = {
gnome.enable = true;
xterm.enable = false;
};
# Get rid of xTerm
excludePackages = [ pkgs.xterm ];
# Configure keymap in X11
xkb = {
layout = "us,it,de";
variant = "";
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
};
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
environment.systemPackages = with pkgs; [
# helvetica font
aileron
cachefilesd
gnomeExtensions.dash-to-dock
];
}

71
enviroments/common/default.nix
View file

@ -1,71 +0,0 @@
{ pkgs, ... }:
{
imports = [
../../users
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = [ "leyla" ];
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
users.groups.users = {};
services = {
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
};
};
};
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
gnupg.sshKeyPaths = [];
age ={
keyFile = "/var/lib/sops-nix/key.txt";
sshKeyPaths = [];
# generateKey = true;
};
};
environment.sessionVariables = {
AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/";
};
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
wget
# version control
git
# system debuging tools
iputils
dnsutils
];
}

63
enviroments/server/default.nix
View file

@ -1,63 +0,0 @@
{ config, ... }:
{
imports = [
../common
];
services = let
headscaleDomain = "headscale.jan-leila.com";
in {
nfs.server = {
enable = true;
exports = ''
/home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
'';
};
headscale = {
enable = true;
address = "0.0.0.0";
port = 8080;
settings = {
server_url = "https://${headscaleDomain}";
dns_config.base_domain = "jan-leila.com";
logtail.enabled = false;
};
};
nginx = {
enable = false; # TODO: enable this when you want to test all the configs
virtualHosts = {
${headscaleDomain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass =
"http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "jan-leila@protonmail.com";
};
# disable computer sleeping
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
networking.firewall.allowedTCPPorts = [ 2049 ];
environment.systemPackages = [ config.services.headscale.package ];
}

335
flake.lock generated
View file

@ -1,5 +1,23 @@
{
"nodes": {
"devshell": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -7,11 +25,11 @@
]
},
"locked": {
"lastModified": 1725377834,
"narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=",
"lastModified": 1760701190,
"narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
"owner": "nix-community",
"repo": "disko",
"rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
"rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
"type": "github"
},
"original": {
@ -20,14 +38,35 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"firefox-addons": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"dir": "pkgs/firefox-addons",
"lastModified": 1761797037,
"narHash": "sha256-OqwAGit+3cdsG02K6+8WJniA2q0rqUVc6zbT5N9C1us=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "3d9f4de0988bcfa57e45e16e1ef9326c56bdf891",
"type": "gitlab"
},
"original": {
"dir": "pkgs/firefox-addons",
"owner": "rycee",
"repo": "nur-expressions",
"type": "gitlab"
}
},
"flake-compat": {
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
@ -41,11 +80,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -54,6 +93,39 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -61,11 +133,11 @@
]
},
"locked": {
"lastModified": 1725948275,
"narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=",
"lastModified": 1761845621,
"narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe",
"rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d",
"type": "github"
},
"original": {
@ -74,20 +146,133 @@
"type": "github"
}
},
"nix-vscode-extensions": {
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1755787066,
"narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=",
"rev": "ac9721a92e8138d29707824dbedb484c76948493",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1726623336,
"narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=",
"lastModified": 1759851320,
"narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=",
"ref": "refs/heads/main",
"rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4",
"revCount": 163,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
}
},
"mcp-nixos": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1760821194,
"narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=",
"owner": "utensils",
"repo": "mcp-nixos",
"rev": "0ae453f38d0f088c31d4678da3a12b183165986f",
"type": "github"
},
"original": {
"owner": "utensils",
"repo": "mcp-nixos",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761339987,
"narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-syncthing": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741849924,
"narHash": "sha256-5vyb1H6HtW24QVqfI56P4QVQP6vHh1jS9ULwnunCO94=",
"ref": "main",
"rev": "86bcb200c83b6a5d13b3583126b9d8dc6770613a",
"revCount": 6,
"type": "git",
"url": "https://git.jan-leila.com/jan-leila/nix-syncthing"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.jan-leila.com/jan-leila/nix-syncthing"
}
},
"nix-vscode-extensions": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761789484,
"narHash": "sha256-17gDUWloFXQlavqHRey/urQe6sQ3yP5hsQyYmcNOZyU=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff",
"rev": "c47e683d236fa6e4c27dbda2af3468cb9aceb813",
"type": "github"
},
"original": {
@ -98,11 +283,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1725885300,
"narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
"lastModified": 1761827175,
"narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
"rev": "43ffe9ac82567512abb83187cb673de1091bdfa8",
"type": "github"
},
"original": {
@ -114,43 +299,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1725634671,
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"lastModified": 1722073938,
"narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1725534445,
"narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39",
"rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae",
"type": "github"
},
"original": {
@ -160,27 +313,68 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1761672384,
"narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"firefox-addons": "firefox-addons",
"flake-compat": "flake-compat",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lix-module": "lix-module",
"mcp-nixos": "mcp-nixos",
"nix-darwin": "nix-darwin",
"nix-syncthing": "nix-syncthing",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"secrets": "secrets",
"sops-nix": "sops-nix"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1759945215,
"narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=",
"ref": "refs/heads/main",
"rev": "444229a105445339fb028d15a8d866063c5f8141",
"revCount": 21,
"type": "git",
"url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
},
"original": {
"type": "git",
"url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1725922448,
"narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
"lastModified": 1760998189,
"narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "cede1a08039178ac12957733e97ab1006c6b6892",
"rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github"
},
"original": {
@ -203,6 +397,21 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

202
flake.nix
View file

@ -5,71 +5,179 @@
# base packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# encrypt files that contain secreats that I would like to not encrypt
sops-nix.url = "github:Mic92/sops-nix";
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module.git";
inputs.nixpkgs.follows = "nixpkgs";
};
# declairtive disk configuration
# secret encryption
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities
secrets = {
url = "git+ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git";
flake = false;
};
# common config for syncthing
nix-syncthing = {
url = "git+https://git.jan-leila.com/jan-leila/nix-syncthing?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
};
# disk configurations
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
# managment per user
# delete your darlings
impermanence = {
url = "github:nix-community/impermanence";
};
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
# users home directories
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# repo of hardware configs for prebuilt systems
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
# firefox extensions
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
# vscode extensions
# vscode extensions
nix-vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs";
};
# pregenerated hardware configurations
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
};
# this is just here so that we have a lock on it for our dev shells
flake-compat = {
url = "github:edolstra/flake-compat";
};
# MCP NixOS server for Claude Dev
mcp-nixos = {
url = "github:utensils/mcp-nixos";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs:
let
forEachSystem = nixpkgs.lib.genAttrs [
"aarch64-darwin"
"aarch64-linux"
"x86_64-darwin"
"x86_64-linux"
];
forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system});
in
{
packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; });
outputs = {
self,
nixpkgs,
sops-nix,
nix-syncthing,
home-manager,
impermanence,
...
} @ inputs: let
util = import ./util {inherit inputs;};
forEachPkgs = util.forEachPkgs;
nixosConfigurations = {
# Leyla Laptop
horizon = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
./hosts/horizon/configuration.nix
inputs.home-manager.nixosModules.default
nixos-hardware.nixosModules.framework-11th-gen-intel
];
};
# Leyla Desktop
twilight = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
./hosts/twilight/configuration.nix
inputs.home-manager.nixosModules.default
];
};
# NAS Service
defiant = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
disko.nixosModules.disko
./hosts/defiant/disko-config.nix
./hosts/defiant/configuration.nix
];
};
};
mkNixosInstaller = util.mkNixosInstaller;
mkNixosSystem = util.mkNixosSystem;
mkDarwinSystem = util.mkDarwinSystem;
mkHome = util.mkHome;
syncthingConfiguration = util.syncthingConfiguration;
installerSystems = {
basic = mkNixosInstaller "basic" [];
};
nixosSystems = {
horizon = mkNixosSystem "horizon";
twilight = mkNixosSystem "twilight";
defiant = mkNixosSystem "defiant";
emergent = mkNixosSystem "emergent";
};
darwinSystems = {
hesperium = mkDarwinSystem "hesperium";
};
homeSystems = {
# stand alone home manager configurations here:
# name = mkHome "name"
};
systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList (
nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: (
nixpkgs.lib.attrsets.mapAttrs' (user: _: {
name = "${user}@${hostname}";
value = mkHome {
user = user;
host = hostname;
system = system.pkgs.hostPlatform.system;
osConfig = system.config;
};
})
system.config.home-manager.users
))
(nixosSystems // darwinSystems)
);
homeConfigurations =
systemsHomes
// homeSystems;
in {
formatter = forEachPkgs (system: pkgs: pkgs.alejandra);
# templates = import ./templates;
devShells = forEachPkgs (system: pkgs: {
default = pkgs.mkShell {
packages = with pkgs; [
# for version controlling this repo
git
# for formatting code in this repo
alejandra
# for editing secrets in the secrets repo
sops
# for viewing configuration options defined in this repo
nix-inspect
# for installing flakes from this repo onto other systems
nixos-anywhere
# for updating disko configurations
disko
# for viewing dconf entries
dconf-editor
# for MCP NixOS server support in development
inputs.mcp-nixos.packages.${system}.default
];
SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix;
shellHook = ''
git config core.hooksPath .hooks
'';
};
});
installerConfigurations = installerSystems;
nixosConfigurations = nixosSystems;
darwinConfigurations = darwinSystems;
homeConfigurations = homeConfigurations;
syncthingConfiguration = syncthingConfiguration;
};
}

57
hosts/defiant/configuration.nix
View file

@ -1,57 +0,0 @@
# server nas
{ config, pkgs, inputs, ... }:
{
imports =
[
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../enviroments/server
];
users.leyla.isThinUser = true;
boot.loader.grub = {
enable = true;
zfsSupport = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
nixpkgs.config.allowUnfree = true;
services = {
zfs = {
autoScrub.enable = true;
autoSnapshot.enable = true;
};
# temp enable desktop enviroment for setup
# Enable the X11 windowing system.
xserver = {
enable = true;
# Enable the GNOME Desktop Environment.
displayManager = {
gdm.enable = true;
};
desktopManager = {
gnome.enable = true;
xterm.enable = false;
};
# Get rid of xTerm
excludePackages = [ pkgs.xterm ];
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

136
hosts/defiant/disko-config.nix
View file

@ -1,136 +0,0 @@
{ lib, ... }:
let
bootDisk = devicePath: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
};
};
};
zfsDisk = devicePath: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
cacheDisk = devicePath: swapSize: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
encryptedSwap = {
size = swapSize;
content = {
type = "swap";
randomEncryption = true;
discardPolicy = "both";
resumeDevice = true;
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
in {
disko.devices = {
disk = {
boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0";
hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB";
hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC";
hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH";
# ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX";
};
zpool = {
zroot = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
# should this only mirror for this inital config with 3 drives we will used raidz2 for future configs???
mode = "mirror";
members = [
"hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c"
];
}
];
cache = [ ];
# cache = [ "ssd_2_tb_a" ];
};
};
options = {
ashift = "12";
};
rootFsOptions = {
encryption = "on";
keyformat = "hex";
keylocation = "prompt";
compression = "lz4";
xattr = "sa";
acltype = "posixacl";
"com.sun:auto-snapshot" = "false";
};
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
datasets = {
"nix" = {
type = "zfs_fs";
mountpoint = "/nix";
};
"home" = {
type = "zfs_fs";
mountpoint = "/mnt/home";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"var" = {
type = "zfs_fs";
mountpoint = "/var";
};
};
};
};
};
}

45
hosts/defiant/hardware-configuration.nix
View file

@ -1,45 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "zroot" ];
};
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca";
# fsType = "ext4";
# };
swapDevices = [ ];
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
hostId = "c51763d6";
hostName = "defiant"; # Define your hostname.
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

49
hosts/horizon/configuration.nix
View file

@ -1,49 +0,0 @@
# leyla laptop
{ config, pkgs, inputs, ... }:
{
imports =
[
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../enviroments/client
];
users = {
leyla.isFullUser = true;
ester.isFullUser = true;
eve.isFullUser = true;
};
# enabled virtualisation for docker
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
users.extraGroups.docker.members = [ "leyla" ];
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

104
hosts/horizon/hardware-configuration.nix
View file

@ -1,104 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" "sg" ];
extraModulePackages = [ ];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
hardware.graphics.enable = true;
fileSystems = {
"/" =
{ device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337";
fsType = "ext4";
};
"/boot" =
{ device = "/dev/disk/by-uuid/E138-65B5";
fsType = "vfat";
};
"/mnt/leyla_home" =
{
device = "defiant:/home/leyla";
fsType = "nfs";
options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
};
"/mnt/eve_home" =
{
device = "defiant:/home/eve";
fsType = "nfs";
options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
};
"/mnt/ester_home" =
{
device = "defiant:/home/ester";
fsType = "nfs";
options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
};
"/mnt/users_home" =
{
device = "defiant:/home/users";
fsType = "nfs";
options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
};
# "/mnt/legacy_leyla_home" =
# {
# device = "server.arpa:/home/leyla";
# fsType = "nfs";
# options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
# };
# "/mnt/legacy_share_home" =
# {
# device = "server.arpa:/home/share";
# fsType = "nfs";
# options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
# };
# "/mnt/legacy_docker_home" =
# {
# device = "server.arpa:/home/docker";
# fsType = "nfs";
# options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
# };
};
services.cachefilesd.enable = true;
swapDevices =
[ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; }
];
networking = {
useDHCP = lib.mkDefault true;
hostName = "horizon"; # Define your hostname.
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

42
hosts/twilight/configuration.nix
View file

@ -1,42 +0,0 @@
# leyla laptop
{ config, pkgs, inputs, ... }:
{
imports =
[
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../enviroments/client
];
users = {
leyla = {
isFullUser = true;
hasPiperMouse = true;
hasOpenRGBHardware = true;
hasViaKeyboard = true;
hasGPU = true;
};
ester.isFullUser = true;
eve.isFullUser = true;
};
# enabled virtualisation for docker
# virtualisation.docker.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

119
hosts/twilight/hardware-configuration.nix
View file

@ -1,119 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-amd" "sg" ];
extraModulePackages = [ ];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
services.xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
# Use X instead of wayland for gaming reasons
displayManager.gdm.wayland = false;
};
hardware = {
# Enable OpenGL
graphics.enable = true;
# install graphics drivers
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
};
};
fileSystems = {
"/" =
{ device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb";
fsType = "ext4";
};
"/boot" =
{ device = "/dev/disk/by-uuid/3006-3867";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
"/mnt/leyla_home" =
{
device = "server.arpa:/home/leyla";
fsType = "nfs";
options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
};
"/mnt/share_home" =
{
device = "server.arpa:/home/share";
fsType = "nfs";
options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ];
};
"/mnt/docker_home" =
{
device = "server.arpa:/home/docker";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
};
swapDevices = [ ];
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
hostName = "twilight"; # Define your hostname.
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

7
install.sh
View file

@ -39,6 +39,7 @@ if [ -z ${flake} ]; then
exit 1;
fi
# TODO: we might not need to copy the key over here anymore?
temp=$(mktemp -d)
# Function to cleanup temporary directory on exit
cleanup() {
@ -47,8 +48,8 @@ cleanup() {
trap cleanup EXIT
# copy key file to temp folder to copy over to target
mkdir -p $temp$AGE_KEY_FILE_LOCATION
cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION
mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY
cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY
# commit number in this is because the main branch of nixos-anywhere is broken right now
nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target
nixos-anywhere --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target

7
modules/common-modules/default.nix Normal file
View file

@ -0,0 +1,7 @@
# this folder is for modules that are common between nixos, home-manager, and darwin
{...}: {
imports = [
./overlays
./pkgs
];
}

6
modules/common-modules/overlays/default.nix Normal file
View file

@ -0,0 +1,6 @@
# this folder is for derivation overlays
{inputs, ...}: {
nixpkgs.overlays = [
inputs.nix-vscode-extensions.overlays.default
];
}

42
modules/common-modules/pkgs/codium-extensions/ai-code.nix Normal file
View file

@ -0,0 +1,42 @@
{
buildNpmPackage,
vscode-utils,
pkgs,
...
}: let
version = "0.0.1";
pname = "ai-code";
publisher = "jan-leila";
vsix = buildNpmPackage {
inherit version pname;
src = builtins.fetchGit {
url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git";
rev = "d48e01713021dbb30de0ebbee2cfaf99e4e9b5a6";
};
npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY=";
nativeBuildInputs = with pkgs; [
vsce
];
buildPhase = ''
${pkgs.vsce}/bin/vsce package -o ${pname}.zip
'';
installPhase = ''
mkdir -p $out
mv ${pname}.zip $out/${pname}.zip
'';
};
in
vscode-utils.buildVscodeExtension {
inherit pname version;
src = "${vsix}/${pname}.zip";
vscodeExtUniqueId = "${publisher}.${pname}";
vscodeExtPublisher = publisher;
vscodeExtName = pname;
}

3
modules/common-modules/pkgs/codium-extensions/default.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
ai-code = pkgs.callPackage ./ai-code.nix {};
}

45
modules/common-modules/pkgs/default.nix Normal file
View file

@ -0,0 +1,45 @@
{pkgs, ...}: {
imports = [
./python
];
nixpkgs.overlays = [
(final: prev: {
webtoon-dl =
pkgs.callPackage
./webtoon-dl.nix
{};
})
(final: prev: {
prostudiomasters =
pkgs.callPackage
./prostudiomasters.nix
{};
})
(final: prev: {
noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {};
})
(final: prev: {
gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {};
})
(final: prev: {
codium-extensions = pkgs.callPackage ./codium-extensions {};
})
(final: prev: {
mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {};
})
(final: prev: {
panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {};
})
(final: prev: {
sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {};
})
(final: prev: {
# Override h3 C library to version 4.3.0
h3 = pkgs.callPackage ./h3-c-lib.nix {};
})
(final: prev: {
polycule = pkgs.callPackage ./polycule {};
})
];
}

44
modules/common-modules/pkgs/gdx-liftoff.nix Normal file
View file

@ -0,0 +1,44 @@
{
stdenv,
fetchurl,
makeWrapper,
jdk,
lib,
xorg,
libGL,
...
}:
stdenv.mkDerivation rec {
pname = "gdx-liftoff";
version = "1.13.5.1";
src = fetchurl {
url = "https://github.com/libgdx/gdx-liftoff/releases/download/v${version}/gdx-liftoff-${version}.jar";
hash = "sha256-9vCXGNGwI/P4VmcdIzTv2GPAX8bZb7nkfopaRAf6yMA=";
};
dontUnpack = true;
nativeBuildInputs = [makeWrapper];
runtimeDependencies = lib.makeLibraryPath [
# glfw
libGL
xorg.libX11
xorg.libXcursor
xorg.libXext
xorg.libXrandr
xorg.libXxf86vm
];
installPhase = ''
runHook preInstall
install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar
makeWrapper ${lib.getExe jdk} $out/bin/gdx-liftoff-${version} \
--append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\
${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"}
runHook postInstall
'';
}

36
modules/common-modules/pkgs/h3-c-lib.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
stdenv,
fetchFromGitHub,
cmake,
doxygen,
}:
stdenv.mkDerivation rec {
pname = "h3";
version = "4.3.0";
src = fetchFromGitHub {
owner = "uber";
repo = "h3";
rev = "v${version}";
hash = "sha256-DUILKZ1QvML6qg+WdOxir6zRsgTvk+En6yjeFf6MQBg=";
};
nativeBuildInputs = [
cmake
doxygen
];
cmakeFlags = [
"-DBUILD_SHARED_LIBS=ON"
"-DBUILD_TESTING=OFF"
];
meta = with lib; {
homepage = "https://github.com/uber/h3";
description = "Hexagonal hierarchical geospatial indexing system";
license = licenses.asl20;
maintainers = [];
platforms = platforms.all;
};
}

39
modules/common-modules/pkgs/mapillary-uploader.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
fetchurl,
appimageTools,
}: let
pname = "mapillary-uploader";
version = "4.7.2";
src = fetchurl {
url = "http://tools.mapillary.com/uploader/download/linux/${version}";
name = "mapillary-uploader.AppImage";
sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI=";
};
appimageContents = appimageTools.extractType2 {
inherit pname version src;
};
in
appimageTools.wrapType2 {
inherit pname version src;
extraInstallCommands = ''
# Install desktop file
install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop
# Fix desktop file paths
substituteInPlace $out/share/applications/mapillary-uploader.desktop \
--replace 'Exec=AppRun' 'Exec=${pname}'
'';
meta = with lib; {
description = "Mapillary Desktop Uploader - Upload street-level imagery to Mapillary";
homepage = "https://www.mapillary.com/";
license = licenses.unfree; # Mapillary's license terms
maintainers = [];
platforms = ["x86_64-linux"];
sourceProvenance = with sourceTypes; [binaryNativeCode];
};
}

46
modules/common-modules/pkgs/noita-entangled-worlds.nix Normal file
View file

@ -0,0 +1,46 @@
# not working yet
{
pkgs,
rustPlatform,
fetchFromGitHub,
...
}: let
version = "1.5.3";
repo = fetchFromGitHub {
owner = "IntQuant";
repo = "noita_entangled_worlds";
rev = "v${version}";
hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk=";
};
in
rustPlatform.buildRustPackage {
name = "noita-proxy-${version}";
src = repo + "/noita-proxy";
prePatch = ''
substituteInPlace Cargo.toml \
--replace "path = \"../shared\"" "path = \"${repo + "/shared"}\""
'';
nativeBuildInputs = with pkgs; [
pkg-config
python3
cmake
];
buildInputs = with pkgs; [
openssl
openssl.dev
libpulseaudio
libjack2
alsa-lib
xorg.libxcb
xorg.libxcb.dev
libopus
];
propagatedBuildInputs = with pkgs; [
steamworks-sdk-redist
];
runtimeDependencies = with pkgs; [
steamworks-sdk-redist
];
doCheck = false;
cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4=";
}

105
modules/common-modules/pkgs/panoramax.nix Normal file
View file

@ -0,0 +1,105 @@
{
lib,
fetchFromGitLab,
buildPythonPackage,
flit-core,
flask,
pillow,
requests,
python-dotenv,
authlib,
sentry-sdk,
python-dateutil,
dateparser,
croniter,
pydantic,
flask-cors,
flask-compress,
flask-babel,
flasgger,
yoyo-migrations,
psycopg,
psycopg-pool,
tzdata,
email-validator,
pydantic-extra-types,
python-multipart,
fs,
fs-s3fs,
geopic-tag-reader,
pygeofilter,
pygeoif,
rfeed,
geojson-pydantic,
...
}: let
pname = "geovisio";
version = "2.10.0";
repo = fetchFromGitLab {
owner = "panoramax";
repo = "server/api";
rev = version;
hash = "sha256-kCLcrOe7jJdIfmWWOmxQ5dOj8ZG2B7s0qFpHXs02B/E=";
};
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = repo;
build-system = [
flit-core
];
dependencies = [
flask
pillow
requests
python-dotenv
authlib
sentry-sdk
python-dateutil
dateparser
croniter
pydantic
flask-cors
flask-compress
flask-babel
flasgger
yoyo-migrations
psycopg
psycopg-pool
tzdata
email-validator
pydantic-extra-types
python-multipart
fs
fs-s3fs
geopic-tag-reader
pygeofilter
pygeoif
rfeed
geojson-pydantic
# Missing from nixpkgs - may need custom packages:
# flask-executor
];
# Skip tests as they may require network access or specific setup
doCheck = false;
# Disable runtime dependencies check as many dependencies are not available in nixpkgs
dontCheckRuntimeDeps = true;
# Disable imports check as many dependencies are not available in nixpkgs
pythonImportsCheck = [];
meta = with lib; {
description = "Panoramax API client and tools for street-level imagery platform";
homepage = "https://gitlab.com/panoramax/server/api";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

149
modules/common-modules/pkgs/polycule/default.nix Normal file
View file

@ -0,0 +1,149 @@
{
lib,
flutter332,
fetchFromGitLab,
pkg-config,
wrapGAppsHook3,
gtk3,
glib,
glib-networking,
webkitgtk_4_1,
libsecret,
libnotify,
dbus,
sqlcipher,
openssl,
mpv,
alsa-lib,
libass,
ffmpeg-full,
libplacebo,
libunwind,
shaderc,
vulkan-headers,
vulkan-loader,
lcms2,
libdovi,
libdvdnav,
libdvdread,
mujs,
libbluray,
lua,
rubberband,
libuchardet,
zimg,
openal,
pipewire,
libpulseaudio,
libcaca,
libdrm,
libdisplay-info,
libgbm,
xorg,
nv-codec-headers-11,
libva,
libvdpau,
}:
flutter332.buildFlutterApplication rec {
pname = "polycule";
version = "0.3.4";
src = fetchFromGitLab {
owner = "polycule_client";
repo = "polycule";
rev = "v${version}";
hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc=";
};
pubspecLock = lib.importJSON ./polycule-pubspec.lock.json;
gitHashes = {
matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8=";
media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg=";
media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg=";
};
nativeBuildInputs = [
pkg-config
wrapGAppsHook3
];
buildInputs = [
gtk3
glib
glib-networking
webkitgtk_4_1
libsecret
libnotify
dbus
sqlcipher
openssl
mpv
alsa-lib
libass
ffmpeg-full
libplacebo
libunwind
shaderc
vulkan-headers
vulkan-loader
lcms2
libdovi
libdvdnav
libdvdread
mujs
libbluray
lua
rubberband
libuchardet
zimg
openal
pipewire
libpulseaudio
libcaca
libdrm
libdisplay-info
libgbm
xorg.libXScrnSaver
xorg.libXpresent
nv-codec-headers-11
libva
libvdpau
];
flutterBuildFlags = [
"--release"
"--target"
"lib/main.dart"
"--dart-define=POLYCULE_VERSION=v${version}"
"--dart-define=POLYCULE_IS_STABLE=true"
"--no-tree-shake-icons"
];
postInstall = ''
# Install desktop files and icons from the source
install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop
install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png
# Update desktop file to use correct executable name
substituteInPlace $out/share/applications/polycule.desktop \
--replace 'Exec=business.braid.polycule' 'Exec=polycule'
# Create a symlink with the expected name
ln -sf $out/bin/polycule $out/bin/business.braid.polycule
'';
meta = with lib; {
description = "A geeky and efficient [matrix] client for power users";
longDescription = ''
Polycule is a modern Matrix client built with Flutter, designed for power users
who want a fast, efficient, and feature-rich Matrix experience.
'';
homepage = "https://polycule.im/";
license = licenses.eupl12;
maintainers = [];
platforms = ["x86_64-linux" "aarch64-linux"];
sourceProvenance = with sourceTypes; [fromSource];
mainProgram = "polycule";
};
}

2459
modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json Normal file
View file

File diff suppressed because it is too large Load diff

33
modules/common-modules/pkgs/prostudiomasters.nix Normal file
View file

@ -0,0 +1,33 @@
{
fetchurl,
appimageTools,
writeShellScript,
}: let
pname = "prostudiomasters";
version = "2.5.6";
src = fetchurl {
url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage";
hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs=";
};
# Create the base AppImage wrapper
baseApp = appimageTools.wrapType2 {
inherit pname version src;
};
# Create a wrapper script that automatically adds the --in-process-gpu flag
wrapper = writeShellScript "prostudiomasters-wrapper" ''
exec ${baseApp}/bin/prostudiomasters --in-process-gpu "$@"
'';
in
# Override the base app to use our wrapper script
baseApp.overrideAttrs (oldAttrs: {
buildCommand =
oldAttrs.buildCommand
+ ''
# Replace the original binary with our wrapper
rm $out/bin/prostudiomasters
cp ${wrapper} $out/bin/prostudiomasters
chmod +x $out/bin/prostudiomasters
'';
})

18
modules/common-modules/pkgs/python/default.nix Normal file
View file

@ -0,0 +1,18 @@
{...}: {
nixpkgs.overlays = [
(final: prev: {
python3 = prev.python3.override {
packageOverrides = pythonPrev: pythonFinal: {
h3 = pythonPrev.callPackage ./h3.nix {h3 = final.h3;};
pygeofilter = pythonPrev.callPackage ./pygeofilter.nix {};
pygeoif = pythonPrev.callPackage ./pygeoif.nix {};
rfeed = pythonPrev.callPackage ./rfeed.nix {};
pyexiv2 = pythonPrev.callPackage ./pyexiv2.nix {};
geojson-pydantic = pythonPrev.callPackage ./geojson-pydantic.nix {};
geopic-tag-reader = pythonPrev.callPackage ./geopic-tag-reader.nix {};
};
};
python3Packages = final.python3.pkgs;
})
];
}

48
modules/common-modules/pkgs/python/geojson-pydantic.nix Normal file
View file

@ -0,0 +1,48 @@
{
lib,
fetchPypi,
buildPythonPackage,
flit-core,
pydantic,
geojson,
...
}: let
pname = "geojson_pydantic";
version = "2.0.0";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-ti6LRFAt0a1Ri19zkDWoGSSnb5gMvbOk6JFu+RO+JC4=";
};
build-system = [
flit-core
];
dependencies = [
pydantic
geojson
];
# Skip tests as they may require specific setup
doCheck = false;
# Disable runtime dependencies check
dontCheckRuntimeDeps = true;
# Basic imports check
pythonImportsCheck = ["geojson_pydantic"];
meta = with lib; {
description = "Pydantic models for GeoJSON objects";
homepage = "https://github.com/developmentseed/geojson-pydantic";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

70
modules/common-modules/pkgs/python/geopic-tag-reader.nix Normal file
View file

@ -0,0 +1,70 @@
{
lib,
fetchFromGitLab,
buildPythonPackage,
flit-core,
typer,
xmltodict,
timezonefinder,
pytz,
types-pytz,
types-python-dateutil,
rtree,
python-dateutil,
pyexiv2,
...
}: let
pname = "geopic-tag-reader";
version = "1.8.0";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchFromGitLab {
owner = "panoramax";
repo = "server/geo-picture-tag-reader";
rev = version;
sha256 = "0lzf5xxxcdqmq28bpvgpkxf5jxmh2nawwa4rl4yg04bdsi16rf1j";
};
build-system = [
flit-core
];
dependencies = [
typer
xmltodict
pyexiv2
timezonefinder
pytz
types-pytz
types-python-dateutil
rtree
];
optional-dependencies = {
write-exif = [
python-dateutil
types-python-dateutil
];
};
# Skip tests as they may require network access or specific setup
doCheck = false;
# Disable runtime dependencies check as some dependencies might have issues
dontCheckRuntimeDeps = true;
# Disable imports check initially to avoid dependency issues
pythonImportsCheck = [];
meta = with lib; {
description = "GeoPic Tag Reader - Python library to read and write standardized metadata from geolocated pictures EXIF metadata";
homepage = "https://gitlab.com/panoramax/server/geo-picture-tag-reader";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

81
modules/common-modules/pkgs/python/h3.nix Normal file
View file

@ -0,0 +1,81 @@
{
autoPatchelfHook,
buildPythonPackage,
cmake,
cython,
fetchFromGitHub,
h3,
lib,
ninja,
numpy,
pytestCheckHook,
pytest-cov-stub,
scikit-build-core,
stdenv,
}:
buildPythonPackage rec {
pname = "h3";
version = "4.3.1";
pyproject = true;
# pypi version does not include tests
src = fetchFromGitHub {
owner = "uber";
repo = "h3-py";
tag = "v${version}";
hash = "sha256-zt7zbBgSp2P9q7mObZeQZpW9Szip62dAYdPZ2cGTmi4=";
};
dontConfigure = true;
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
];
build-system =
[
scikit-build-core
cmake
cython
ninja
]
++ lib.optionals stdenv.hostPlatform.isLinux [
# On Linux the .so files ends up referring to libh3.so instead of the full
# Nix store path. I'm not sure why this is happening! On Darwin it works
# fine.
autoPatchelfHook
];
# This is not needed per-se, it's only added for autoPatchelfHook to work
# correctly. See the note above ^^
buildInputs = lib.optionals stdenv.hostPlatform.isLinux [h3];
dependencies = [numpy];
# The following prePatch replaces the h3lib compilation with using the h3 packaged in nixpkgs.
#
# - Remove the h3lib submodule.
# - Patch CMakeLists to avoid building h3lib, and use h3 instead.
prePatch = let
cmakeCommands = ''
include_directories(${lib.getDev h3}/include/h3)
link_directories(${h3}/lib)
'';
in ''
rm -r src/h3lib
substituteInPlace CMakeLists.txt \
--replace-fail "add_subdirectory(src/h3lib)" "${cmakeCommands}" \
--replace-fail "\''${CMAKE_CURRENT_BINARY_DIR}/src/h3lib/src/h3lib/include/h3api.h" "${lib.getDev h3}/include/h3/h3api.h"
'';
# Extra check to make sure we can import it from Python
pythonImportsCheck = ["h3"];
meta = {
homepage = "https://github.com/uber/h3-py";
description = "Hierarchical hexagonal geospatial indexing system";
license = lib.licenses.asl20;
maintainers = [lib.maintainers.kalbasit];
};
}

49
modules/common-modules/pkgs/python/pyexiv2.nix Normal file
View file

@ -0,0 +1,49 @@
{
lib,
fetchFromGitHub,
buildPythonPackage,
exiv2,
boost,
pybind11,
setuptools,
...
}: let
pname = "pyexiv2";
version = "2.15.3";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
build-system = [setuptools];
src = fetchFromGitHub {
owner = "LeoHsiao1";
repo = "pyexiv2";
rev = "v${version}";
sha256 = "sha256-83bFMaoXncvhRJNcCgkkC7B29wR5pjuLO/EdkQdqxxo=";
};
buildInputs = [
exiv2
boost
];
nativeBuildInputs = [
pybind11
];
# Skip tests as they may require specific test images
doCheck = false;
# Disable runtime dependencies check initially
dontCheckRuntimeDeps = true;
meta = with lib; {
description = "Python binding to the library exiv2";
homepage = "https://github.com/LeoHsiao1/pyexiv2";
license = licenses.gpl3Plus;
maintainers = [];
platforms = platforms.linux;
};
}

52
modules/common-modules/pkgs/python/pygeofilter.nix Normal file
View file

@ -0,0 +1,52 @@
{
lib,
fetchPypi,
buildPythonPackage,
setuptools,
wheel,
lark,
python-dateutil,
shapely,
...
}: let
pname = "pygeofilter";
version = "0.3.1";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-+SvAYiCZ+H/os23nq92GBZ1hWontYIInNwgiI6V44VA=";
};
build-system = [
setuptools
wheel
];
dependencies = [
lark
python-dateutil
shapely
];
# Skip tests as they may require specific setup
doCheck = false;
# Disable runtime dependencies check
dontCheckRuntimeDeps = true;
# Basic imports check
pythonImportsCheck = ["pygeofilter"];
meta = with lib; {
description = "A pure Python parser implementation of OGC filtering standards";
homepage = "https://github.com/geopython/pygeofilter";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

48
modules/common-modules/pkgs/python/pygeoif.nix Normal file
View file

@ -0,0 +1,48 @@
{
lib,
fetchPypi,
buildPythonPackage,
setuptools,
wheel,
typing-extensions,
...
}: let
pname = "pygeoif";
version = "1.5.1";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-8nprah7Lh66swrUbzFnKeb5w7RKgEE3oYBR4shPdXYE=";
};
build-system = [
setuptools
wheel
];
dependencies = [
typing-extensions
];
# Skip tests as they may require specific setup
doCheck = false;
# Disable runtime dependencies check
dontCheckRuntimeDeps = true;
# Basic imports check
pythonImportsCheck = ["pygeoif"];
meta = with lib; {
description = "A basic implementation of the __geo_interface__";
homepage = "https://github.com/cleder/pygeoif";
license = licenses.lgpl21Plus;
maintainers = [];
platforms = platforms.all;
};
}

40
modules/common-modules/pkgs/python/rfeed.nix Normal file
View file

@ -0,0 +1,40 @@
{
lib,
fetchPypi,
buildPythonPackage,
setuptools,
python-dateutil,
}:
buildPythonPackage rec {
pname = "rfeed";
version = "1.1.1";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-qpUG8oZrdPWjItOUoUpjwZpoJcLZR1X/GdRt0eJDSBk=";
};
build-system = [
setuptools
];
dependencies = [
python-dateutil
];
# No tests available in the package
doCheck = false;
pythonImportsCheck = [
"rfeed"
];
meta = with lib; {
description = "RSS feed generation library for Python";
homepage = "https://pypi.org/project/rfeed/";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

65
modules/common-modules/pkgs/sgblur.nix Normal file
View file

@ -0,0 +1,65 @@
{
lib,
python3Packages,
fetchFromGitHub,
pkg-config,
libjpeg_turbo,
exiftran ? libjpeg_turbo,
}:
python3Packages.buildPythonPackage {
pname = "sgblur";
version = "1.0.0";
pyproject = true;
src = fetchFromGitHub {
owner = "cquest";
repo = "sgblur";
rev = "master";
hash = "sha256-17wpif2sa021kaa1pbkry4l1967la1qd7knhngvxblrvd7jqqz4y=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libjpeg_turbo
exiftran
];
build-system = with python3Packages; [
setuptools
wheel
];
dependencies = with python3Packages; [
# Core dependencies from pyproject.toml
ultralytics
# pyturbojpeg # May need special handling
pillow
# uuid # Built into Python
# exifread
python-multipart
fastapi
uvicorn
requests
# piexif
pydantic-settings
pydantic
];
# Skip tests as they may require GPU or specific setup
doCheck = false;
# The package may have import issues due to system dependencies
pythonImportsCheck = [];
meta = with lib; {
description = "Panoramax Speedy Gonzales Blurring Algorithm - AI-powered face and license plate blurring API";
homepage = "https://github.com/cquest/sgblur";
license = licenses.mit;
maintainers = [];
platforms = platforms.unix;
};
}

18
modules/common-modules/pkgs/webtoon-dl.nix Normal file
View file

@ -0,0 +1,18 @@
{
buildGoModule,
fetchFromGitHub,
...
}:
buildGoModule rec {
pname = "webtoon-dl";
version = "0.0.10";
src = fetchFromGitHub {
owner = "robinovitch61";
repo = "webtoon-dl";
rev = "v${version}";
hash = "sha256-geVb3LFPZxPQYARZnaqOr5sgaN6mqkEX5ZiLvg8mF5k=";
};
vendorHash = "sha256-NTqUygJ6b6kTnLUnJqxCo/URzaRouPLACEPi2Ob1s9w=";
}

8
modules/darwin-modules/default.nix Normal file
View file

@ -0,0 +1,8 @@
# this folder container modules that are for darwin only
{...}: {
imports = [
./home-manager
./users.nix
./system.nix
];
}

2
modules/darwin-modules/home-manager/default.nix Normal file
View file

@ -0,0 +1,2 @@
# modules in this folder are to adapt home-manager modules configs to darwin-module configs
{...}: {}

27
modules/darwin-modules/system.nix Normal file
View file

@ -0,0 +1,27 @@
{self, ...}: {
system.configurationRevision = self.rev or self.dirtyRev or null;
nix = {
gc = {
automatic = true;
interval = [
{
Hour = 4;
Minute = 15;
Weekday = 7;
}
];
options = "--delete-older-than 7d";
};
optimise = {
automatic = true;
interval = [
{
Hour = 4;
Minute = 15;
Weekday = 7;
}
];
};
};
}

16
modules/darwin-modules/users.nix Normal file
View file

@ -0,0 +1,16 @@
{
lib,
config,
...
}: let
host = config.host;
in {
users = {
users = {
leyla = {
name = lib.mkForce host.users.leyla.name;
home = lib.mkForce "/home/${host.users.leyla.name}";
};
};
};
}

13
modules/home-manager-modules/default.nix Normal file
View file

@ -0,0 +1,13 @@
# this folder container modules that are for home manager only
{...}: {
imports = [
./sops.nix
./user.nix
./flipperzero.nix
./i18n.nix
./impermanence.nix
./openssh.nix
./gnome.nix
./programs
];
}

3
modules/home-manager-modules/flipperzero.nix Normal file
View file

@ -0,0 +1,3 @@
{lib, ...}: {
options.hardware.flipperzero.enable = lib.mkEnableOption "enable flipperzero hardware";
}

Some files were not shown because too many files have changed in this diff Show more