jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jan-leila:main
Branches Tags
jan-leila:main
jan-leila:storage-refactor
Lithospherical:main
Lithospherical:eve
Lithospherical:469ba567
..
compare: Lithospherical:eve
Branches Tags
Lithospherical:main
Lithospherical:eve
Lithospherical:469ba567
jan-leila:main
jan-leila:storage-refactor

No commits in common. "main" and "eve" have entirely different histories.
main ... eve

286 changed files with 3485 additions and 14522 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -2,4 +2,3 @@ result
.direnv .direnv
.vscode/* .vscode/*
!.vscode/settings.json !.vscode/settings.json
nixos.qcow2

10
.hooks/post-commit
View file

@ -3,12 +3,4 @@
echo "restoring stashed changes" echo "restoring stashed changes"
# Find the most recent pre-commit stash and restore it git stash pop -q
recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1)
if [ -n "$recent_stash" ]; then
echo "Found recent pre-commit stash: $recent_stash"
git stash pop -q "$recent_stash"
else
echo "No pre-commit stash found to restore"
fi

32
.hooks/post-merge
View file

@ -1,32 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash ../shell.nix
# Get current branch name
current_branch=$(git branch --show-current)
# Only perform actions if we're on main branch and a merge just completed
if [ "$current_branch" = "main" ]; then
echo "Post-merge on main branch - running nix flake check"
# Run nix flake check after merge into main
nix flake check
if [ ! $? -eq 0 ]; then
echo "Warning: nix flake check failed after merge into main"
echo "Please fix the issues as soon as possible"
else
echo "nix flake check passed after merge"
fi
# Check if there are any pre-commit stashes to restore
recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1)
if [ -n "$recent_stash" ]; then
echo "Post-merge: restoring pre-commit stash on main branch"
git stash pop -q "$recent_stash"
else
echo "Post-merge: no pre-commit stash to restore on main branch"
fi
else
echo "Post-merge: no action needed on branch '$current_branch'"
fi

22
.hooks/pre-commit
View file

@ -1,24 +1,14 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#! nix-shell -i bash ../shell.nix #! nix-shell -i bash ../shell.nix
# Get current branch name echo "stashing all uncommitted changes"
current_branch=$(git branch --show-current) git stash -q --keep-index
echo "stashing all uncommitted changes with named stash (excluding hooks)" echo "checking flakes all compile"
git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/' nix flake check
# Only run nix flake check if we're on main branch if [ ! $? -eq 0 ]; then
if [ "$current_branch" = "main" ]; then exit 1
echo "On main branch - checking flakes all compile"
nix flake check
if [ ! $? -eq 0 ]; then
echo "Error: nix flake check failed on main branch"
exit 1
fi
echo "nix flake check passed"
else
echo "Not on main branch - skipping nix flake check"
fi fi
echo "running linter" echo "running linter"

37
.hooks/pre-merge-commit
View file

@ -1,37 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash ../shell.nix
# Get the target branch (the branch being merged into)
target_branch=""
# Check if we're in the middle of a merge
if [ -f .git/MERGE_HEAD ]; then
# We're in a merge, check if the current branch is main
current_branch=$(git branch --show-current)
if [ "$current_branch" = "main" ]; then
target_branch="main"
fi
fi
# If we're merging into main, run nix flake check
if [ "$target_branch" = "main" ]; then
echo "Merging into main branch - running nix flake check..."
echo "stashing all uncommitted changes with named stash (excluding hooks)"
git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/'
echo "checking flakes all compile"
nix flake check
if [ ! $? -eq 0 ]; then
echo "Error: nix flake check failed. Merge aborted."
echo "Please fix the issues and try merging again."
exit 1
fi
echo "nix flake check passed. Merge can proceed."
else
echo "Not merging into main branch, skipping nix flake check."
fi
exit 0

4
.sops.yaml
View file

@ -13,7 +13,3 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *leyla - *leyla
- path_regex: secrets/application-keys.yaml$
key_groups:
- age:
- *leyla

134
README.md
View file

@ -7,19 +7,19 @@ nix multi user, multi system, configuration with `sops` secret management, `home
# Hosts # Hosts
## Host Map ## Host Map
| Hostname | Device Description | Primary User | Role | Provisioned | Using Nix | | Hostname | Device Description | Primary User | Role |
| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: | | :---------: | :------------------------: | :--------------: | :-------: |
| `twilight` | Desktop Computer | Leyla | Desktop | ✅ | ✅ | | `twilight` | Desktop Computer | Leyla | Desktop |
| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | ✅ | ✅ | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop |
| `defiant` | NAS Server | Leyla | Server | ✅ | ✅ | | `defiant` | NAS Server | Leyla | Server |
| `hesperium` | Mac | ????? | Mac | ❌ | ❌ | | `hesperium` | Mac | ????? | ??? |
| `emergent` | Desktop Computer | Eve | Desktop | ✅ | ✅ | | `emergent` | Desktop Computer | Eve | Desktop |
| `threshold` | Laptop | Eve | Laptop | ❌ | ❌ | | `threshold` | Laptop | Eve | Laptop |
| `wolfram` | Steam Deck | House | Handheld | ✅ | ❌ | | `wolfram` | Steam Deck | House | Handheld |
| `ceder` | A5 Tablet | Leyla | Tablet | ✅ | ❌ | | `ceder` | A5 Tablet (not using nix) | Leyla | Tablet |
| `skate` | A6 Tablet | Leyla | Tablet | ❌ | ❌ | | `skate` | A6 Tablet (not using nix) | Leyla | Tablet |
| `shale` | A6 Tablet | Eve | Tablet | ✅ | ❌ | | `shale` | A6 Tablet (not using nix) | Eve | Tablet |
| `coven` | Pixel 8 | Leyla | Android | ✅ | ❌ | | `coven` | Pixel 8 (not using nix) | Leyla | Android |
# Tooling # Tooling
## Rebuilding ## Rebuilding
@ -41,94 +41,30 @@ nix multi user, multi system, configuration with `sops` secret management, `home
## Research topics ## Research topics
- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init
- https://nixos-and-flakes.thiscute.world/ - https://nixos-and-flakes.thiscute.world/
- proton mail now has an smtp server we could use that for our zfs and SMART test emails
- VR https://lvra.gitlab.io/docs/distros/nixos/
# Tasks: # Tasks:
## Documentation
- [ ] project layout
- [ ] users file structure
- [ ] reverse proxy design
- public service compatibility
- vpn based services compatibility
- [ ] the choice of impermanence
- [ ] storage module design
- base impermanence compatibility and structure reason
- what does local vs persist mean in pool names (do we need a second layer? ephemeral, local, and persist? local exist only on this machine and is not backed up, persist is backed up to other machines (I think we need to redo the sops and torrent/media folders?))
- plans to possibly support btrfs in the future
- plans for home manager datasets
- plans for auto systemd service datasets
- [ ] plans to migrate to some kind of acl structure for user management
- [ ] plans to migrate from flakes to npins
## Chores:
- [ ] test out crab hole service
## Tech Debt ## Tech Debt
- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/)
- [ ] migrate away from flakes and move to npins - syncthing folder passwords
- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices - nfs export should be backed by the same values for server and client
- [ ] Home manager impermanence is preventing updates to the latest version of the module ## New Features
- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
## Broken things - samba mounts
- [ ] figure out steam vr things? - figure out steam vr things?
- [ ] whisper was having issues - Open GL?
- [ ] auto loading of ssh agent keys that we auto generate per system - rotate sops encryption keys periodically (and somehow sync between devices?)
- zfs email after scrubbing # TODO: test this
## Data Integrity - wake on LAN for updates
- [ ] zfs email after scrubbing # TODO: test this - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
- [ ] SMART test with email results - zfs encryption FIDO2 2fa (look into shavee)
- [ ] zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote
- [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - SMART test with email results
- [ ] Secure Boot - https://github.com/nix-community/lanzaboote - Create Tor guard/relay server
- [ ] auto turn off on power loss - nut - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html
- [ ] every service needs to have its own data pool - migrate away from flakes and move to npins
- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 - fix nfs
- fix home assistant
## Data Access - create adguard server
- [ ] nfs export should be backed by the same values for server and client
- [ ] samba mounts
- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards
- [ ] make radarr, sonarr, and bazarr accessible over vpn with fully qualified names via reverse proxy
- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn
- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's
## Services
- [ ] ntfy service for unified push
- [ ] signal socket server
- [ ] vikunja service for project management
- [ ] Penpot services (need to make this custom)
- [ ] minecraft server with old world file
- [ ] storj server
- [ ] XMR miner used to heat home based on smart thermostat
- [ ] Create Tor guard/relay server
- [ ] Create i2P node
- [ ] screeps server
- [ ] mastodon instance
## DevOps
- [ ] wake on LAN for updates
- [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html
- [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
- [ ] fix panoramax package
- [ ] claude code MCP servers should bundle node with them so they work in all environments
## Observability
- [ ] graphana for dashboards
- [ ] prometheus and loki for metric and log collection
- [ ] zfs storage usage
- [ ] zfs drive health status
- [ ] service version lag
- [ ] network/cpu/ram utilization
- [ ] http latency
- [ ] postgres db load
- [ ] nginx queries
- [ ] ntfy.sh for push notifications
- [ ] kuma for uptime visualization
## Packages
- [ ] Custom private fork of MultiMC

47
configurations/home-manager/eve/default.nix
View file

@ -1,10 +1,15 @@
{osConfig, ...}: let {
pkgs,
lib,
config,
osConfig,
...
}: let
userConfig = osConfig.host.users.eve; userConfig = osConfig.host.users.eve;
in { in {
imports = [ nixpkgs.config = {
./packages.nix allowUnfree = true;
./gnomeconf.nix };
];
home = { home = {
username = userConfig.name; username = userConfig.name;
@ -52,5 +57,37 @@ in {
sessionVariables = { sessionVariables = {
# EDITOR = "emacs"; # EDITOR = "emacs";
}; };
packages = lib.lists.optionals userConfig.isDesktopUser (
with pkgs; [
firefox
bitwarden
discord
makemkv
signal-desktop-bin
ungoogled-chromium
]
);
};
programs = {
# Let Home Manager install and manage itself.
home-manager.enable = true;
git = {
enable = true;
userName = "Eve Halfmann";
userEmail = "evesnrobins@gmail.com";
extraConfig.init.defaultBranch = "main";
};
openssh = {
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
}; };
} }

39
configurations/home-manager/eve/gnomeconf.nix
View file

@ -1,39 +0,0 @@
{
osConfig,
lib,
...
}: {
config = {
gnome = lib.mkMerge [
{
colorScheme = "prefer-dark";
accentColor = "slate";
clockFormat = "24h";
nightLight = {
enable = true;
automatic = false;
fromTime = 12.0;
toTime = 11.999999999999;
temperature = 2700;
};
extraWindowControls = true;
extensions = {
dash-to-panel = {
enable = true;
};
};
}
(lib.mkIf (osConfig.networking.hostName == "horizon") {
displayScaling = 125;
experimentalFeatures = {
scaleMonitorFramebuffer = true;
};
})
];
dconf = {
enable = true;
};
};
}

90
configurations/home-manager/eve/packages.nix
View file

@ -1,90 +0,0 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
userConfig = osConfig.host.users.eve;
hardware = osConfig.host.hardware;
in {
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Packages that can be installed without any extra configuration
# See https://search.nixos.org/packages for all options
home.packages = lib.lists.optionals userConfig.isDesktopUser (
with pkgs; [
gnomeExtensions.dash-to-panel
claude-code
friture
]
);
# Packages that need to be installed with some extra configuration
# See https://home-manager-options.extranix.com/ for all options
programs = lib.mkMerge [
{
# Let Home Manager install and manage itself.
home-manager.enable = true;
}
(lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) {
git = {
enable = true;
settings = {
user.name = "Eve";
user.email = "evesnrobins@gmail.com";
init.defaultBranch = "main";
};
};
openssh = {
enable = true;
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
})
(lib.mkIf config.user.isDesktopUser {
vscode = {
enable = true;
package = pkgs.vscodium;
};
firefox.enable = true;
bitwarden.enable = true;
discord.enable = true;
makemkv.enable = true;
signal-desktop.enable = true;
steam.enable = true;
piper.enable = hardware.piperMouse.enable;
krita.enable = true;
ungoogled-chromium.enable = true;
inkscape.enable = true;
obsidian.enable = true;
obs-studio.enable = true;
kdenlive.enable = true;
tor-browser.enable = true;
olympus.enable = true;
libreoffice.enable = true;
noita-entangled-worlds.enable = true;
opencode.enable = osConfig.host.ai.enable;
e621-downloader.enable = true;
# Windows applications that we need to figure out how to install
guild-wars-2.enable = false;
vortex.enable = false;
dungeon-draft.enable = false;
vmware-workstation.enable = true;
})
];
};
}

2
configurations/home-manager/git/default.nix
View file

@ -1,6 +1,4 @@
{osConfig, ...}: { {osConfig, ...}: {
impermanence.fallbackPersistence.enable = false;
home = { home = {
username = osConfig.users.users.git.name; username = osConfig.users.users.git.name;
homeDirectory = osConfig.users.users.git.home; homeDirectory = osConfig.users.users.git.home;

75
configurations/home-manager/leyla/dconf.nix
View file

@ -1,43 +1,46 @@
{...}: { {pkgs, ...}: {
config = { config = {
gnome = {
extraWindowControls = true;
colorScheme = "prefer-dark";
clockFormat = "24h";
nightLight = {
enable = true;
automatic = false;
fromTime = 12.0;
toTime = 11.999999999999;
temperature = 2700;
};
extensions = {
dash-to-dock = {
enable = true;
options = {
"dock-position" = "LEFT";
"intellihide-mode" = "ALL_WINDOWS";
"show-trash" = false;
"require-pressure-to-show" = false;
"show-mounts" = false;
};
};
};
hotkeys = {
"Open Terminal" = {
binding = "<Super>t";
command = "kgx";
};
"Open Firefox" = {
binding = "<Super>f";
command = "firefox";
};
};
};
dconf = { dconf = {
enable = true; enable = true;
settings = { settings = {
"org/gnome/desktop/interface".color-scheme = "prefer-dark";
"org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close";
"org/gnome/shell" = {
disable-user-extensions = false; # enables user extensions
enabled-extensions = [
# Put UUIDs of extensions that you want to enable here.
# If the extension you want to enable is packaged in nixpkgs,
# you can easily get its UUID by accessing its extensionUuid
# field (look at the following example).
pkgs.gnomeExtensions.dash-to-dock.extensionUuid
# Alternatively, you can manually pass UUID as a string.
# "dash-to-dock@micxgx.gmail.com"
];
};
"org/gnome/shell/extensions/dash-to-dock" = {
"dock-position" = "LEFT";
"intellihide-mode" = "ALL_WINDOWS";
"show-trash" = false;
"require-pressure-to-show" = false;
"show-mounts" = false;
};
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>t";
command = "kgx";
name = "Open Terminal";
};
"org/gnome/shell" = { "org/gnome/shell" = {
favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"];
# app-picker-layout = # app-picker-layout =

78
configurations/home-manager/leyla/default.nix
View file

@ -1,19 +1,16 @@
{ {
pkgs,
config,
osConfig, osConfig,
config,
... ...
}: { }: {
imports = [ imports = [
./packages
./i18n.nix ./i18n.nix
./packages.nix
./impermanence.nix ./impermanence.nix
./dconf.nix ./dconf.nix
]; ];
config = { config = {
impermanence.enable = osConfig.storage.impermanence.enable;
# Home Manager needs a bit of information about you and the paths it should # Home Manager needs a bit of information about you and the paths it should
# manage. # manage.
home = { home = {
@ -42,7 +39,7 @@
# org.gradle.console=verbose # org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000 # org.gradle.daemon.idletimeout=3600000
# ''; # '';
"${config.xdg.configHome}/user-dirs.dirs" = { ".config/user-dirs.dirs" = {
force = true; force = true;
text = '' text = ''
# This file is written by xdg-user-dirs-update # This file is written by xdg-user-dirs-update
@ -86,10 +83,69 @@
}; };
}; };
# TODO: move this into a fonts module user = {
home.packages = with pkgs; [ continue = {
aileron enable = true;
]; docs = {
fonts.fontconfig.enable = true; "Continue Docs" = {
startUrl = "https://docs.continue.dev";
};
"Nixpkgs" = {
startUrl = "https://ryantm.github.io/nixpkgs/#preface";
};
"Nix Manual" = {
startUrl = "https://nixos.org/manual/nixos/stable/";
};
"Home manager Manual" = {
startUrl = "https://nix-community.github.io/home-manager/";
};
"Nix Docs" = {
startUrl = "https://nix.dev/index.html";
};
"Linux Man Page" = {
startUrl = "https://linux.die.net/man/";
};
};
};
};
programs = {
# Let Home Manager install and manage itself.
home-manager.enable = true;
# set up git defaults
git = {
enable = true;
userName = "Leyla Becker";
userEmail = "git@jan-leila.com";
extraConfig.init.defaultBranch = "main";
};
# add direnv to auto load flakes for development
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
config = {
global.hide_env_diff = true;
whitelist.exact = ["/home/leyla/documents/code/nix-config"];
};
};
bash.enable = true;
openssh = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
];
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
};
}; };
} }

165
configurations/home-manager/leyla/packages/firefox/firefox.nix → configurations/home-manager/leyla/firefox.nix
View file

@ -5,6 +5,7 @@
... ...
}: { }: {
programs.firefox = { programs.firefox = {
enable = true;
profiles.leyla = { profiles.leyla = {
settings = { settings = {
"browser.search.defaultenginename" = "Searx"; "browser.search.defaultenginename" = "Searx";
@ -31,7 +32,7 @@
]; ];
} }
]; ];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"]; definedAliases = ["@np"];
}; };
"NixOS Wiki" = { "NixOS Wiki" = {
@ -49,7 +50,7 @@
}; };
}; };
extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [
bitwarden bitwarden
terms-of-service-didnt-read terms-of-service-didnt-read
multi-account-containers multi-account-containers
@ -68,13 +69,41 @@
snowflake snowflake
pkgs.firefox-extensions.deutsch-de-language-pack deutsch-de-language-pack
dictionary-german dictionary-german
tab-session-manager # (
# buildFirefoxXpiAddon rec {
pkgs.firefox-extensions.italiano-it-language-pack # pname = "italiano-it-language-pack";
pkgs.firefox-extensions.dizionario-italiano # version = "132.0.20241110.231641";
# addonId = "langpack-it@firefox.mozilla.org";
# url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";
# sha256 = "";
# meta = with lib;
# {
# description = "Firefox Language Pack for Italiano (it) Italian";
# license = licenses.mpl20;
# mozPermissions = [];
# platforms = platforms.all;
# };
# }
# )
# (
# buildFirefoxXpiAddon rec {
# pname = "dizionario-italiano";
# version = "5.1";
# addonId = "it-IT@dictionaries.addons.mozilla.org";
# url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";
# sha256 = "";
# meta = with lib;
# {
# description = "Add support for Italian to spellchecking";
# license = licenses.gpl3;
# mozPermissions = [];
# platforms = platforms.all;
# };
# }
# )
]; ];
settings = { settings = {
@ -111,6 +140,7 @@
"placements" = { "placements" = {
"widget-overflow-fixed-list" = []; "widget-overflow-fixed-list" = [];
"unified-extensions-area" = [ "unified-extensions-area" = [
"privacy_privacy_com-browser-action"
# bitwarden # bitwarden
"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action"
"ublock0_raymondhill_net-browser-action" "ublock0_raymondhill_net-browser-action"
@ -185,6 +215,127 @@
"T9nJot5PurhJSy8n038xGA==" "T9nJot5PurhJSy8n038xGA=="
] (_: 1); ] (_: 1);
"identity.fxaccounts.enabled" = false; "identity.fxaccounts.enabled" = false;
# Security
"privacy.trackingprotection.enabled" = true;
"dom.security.https_only_mode" = true;
"extensions.formautofill.addresses.enabled" = false;
"extensions.formautofill.creditCards.enabled" = false;
"signon.rememberSignons" = false;
"privacy.sanitize.sanitizeOnShutdown" = true;
"privacy.clearOnShutdown_v2.cache" = true;
"privacy.clearOnShutdown_v2.cookiesAndStorage" = true;
"privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true;
"urlclassifier.trackingSkipURLs" = "";
"urlclassifier.features.socialtracking.skipURLs" = "";
"dom.security.https_only_mode_pbm" = true;
"dom.security.https_only_mode_error_page_user_suggestions" = true;
# Disable telemetry
"app.shield.optoutstudies.enabled" = false;
"browser.discovery.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.ping-centre.telemetry" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.sessions.current.clean" = true;
"devtools.onboarding.telemetry.logged" = false;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.prompted" = 2;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
"toolkit.telemetry.server" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.unifiedIsOptIn" = false;
"toolkit.telemetry.updatePing.enabled" = false;
};
bookmarks = {
force = true;
settings = [
{
name = "Media";
url = "https://media.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Photos";
url = "https://photos.jan-leila.com";
keyword = "";
tags = [""];
}
{
name = "Git";
url = "https://git.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Home Automation";
url = "https://home.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Mail";
url = "https://mail.protonmail.com";
keyword = "";
tags = [""];
}
{
name = "Open Street Map";
url = "https://www.openstreetmap.org/";
keyword = "";
tags = [""];
}
{
name = "Password Manager";
url = "https://vault.bitwarden.com/";
keyword = "";
tags = [""];
}
{
name = "Mastodon";
url = "https://mspsocial.net";
keyword = "";
tags = [""];
}
{
name = "Linked In";
url = "https://www.linkedin.com/";
keyword = "";
tags = [""];
}
{
name = "Job Search";
url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1";
keyword = "";
tags = [""];
}
{
name = "React Docs";
url = "https://react.dev/";
keyword = "";
tags = [""];
}
# Template
# {
# name = "";
# url = "";
# keyword = "";
# tags = [""];
# }
];
}; };
}; };
}; };

13
configurations/home-manager/leyla/impermanence.nix
View file

@ -1,19 +1,24 @@
{ {
lib, lib,
config, osConfig,
... ...
}: { }: {
config = lib.mkIf (config.impermanence.enable) { config = lib.mkIf osConfig.host.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = { home.persistence."/persist/home/leyla" = {
directories = [ directories = [
"desktop" "desktop"
"downloads" "downloads"
"documents" "documents"
{
directory = ".local/share/Steam";
method = "symlink";
}
]; ];
files = [ files = [
".bash_history" # keep shell history around ".bash_history" # keep shell history around
"${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files ".local/share/recently-used.xbel" # gnome recently viewed files
]; ];
allowOther = true;
}; };
}; };
} }

95
configurations/home-manager/leyla/packages.nix Normal file
View file

@ -0,0 +1,95 @@
{
lib,
osConfig,
pkgs,
...
}: let
userConfig = osConfig.host.users.leyla;
hardware = osConfig.host.hardware;
in {
imports = [
./vscode/default.nix
./firefox.nix
];
nixpkgs.config = {
allowUnfree = true;
};
home = {
packages =
lib.lists.optionals userConfig.isTerminalUser (
with pkgs; [
# command line tools
sox
yt-dlp
ffmpeg
imagemagick
]
)
++ (
lib.lists.optionals userConfig.isDesktopUser (
(with pkgs; [
# helvetica font
aileron
gnomeExtensions.dash-to-dock
# development tools
dbeaver-bin
bruno
proxmark3
])
++ (
lib.lists.optionals hardware.directAccess.enable (with pkgs; [
#foss platforms
signal-desktop-bin
bitwarden
ungoogled-chromium
libreoffice
inkscape
gimp
krita
freecad
# cura
# kicad-small
makemkv
onionshare
# rhythmbox
(lib.mkIf hardware.graphicsAcceleration.enable obs-studio)
# wireshark
# rpi-imager
# fritzing
mfoc
tor-browser
anki
pdfarranger
calibre
qbittorrent
picard
# proprietary platforms
discord
obsidian
(lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve)
# development tools
# androidStudioPackages.canary
jetbrains.idea-community
qFlipper
# system tools
protonvpn-gui
openvpn
noisetorch
# hardware management tools
(lib.mkIf hardware.piperMouse.enable piper)
(lib.mkIf hardware.openRGB.enable openrgb)
(lib.mkIf hardware.viaKeyboard.enable via)
])
)
)
);
};
}

98
configurations/home-manager/leyla/packages/default.nix
View file

@ -1,98 +0,0 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
hardware = osConfig.host.hardware;
in {
imports = [
./vscode
./firefox
./direnv.nix
./openssh.nix
./git.nix
./makemkv.nix
];
config = lib.mkMerge [
{
programs = lib.mkMerge [
{
# Let Home Manager install and manage itself.
home-manager.enable = true;
}
(lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) {
bash.enable = true;
git.enable = true;
openssh.enable = true;
})
(lib.mkIf config.user.isDesktopUser {
bitwarden.enable = true;
obs-studio.enable = hardware.graphicsAcceleration.enable;
qbittorrent.enable = true;
prostudiomasters.enable = true;
protonvpn-gui.enable = true;
dbeaver-bin.enable = true;
bruno.enable = true;
piper.enable = hardware.piperMouse.enable;
proxmark3.enable = true;
openrgb.enable = hardware.openRGB.enable;
via.enable = hardware.viaKeyboard.enable;
claude-code.enable = osConfig.host.ai.enable;
opencode.enable = osConfig.host.ai.enable;
davinci-resolve.enable = hardware.graphicsAcceleration.enable;
mfoc.enable = true;
})
(lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) {
anki.enable = true;
android-studio.enable = true;
makemkv.enable = true;
discord.enable = true;
signal-desktop.enable = true;
calibre.enable = true;
obsidian.enable = true;
jetbrains.idea-oss.enable = true;
vscode.enable = true;
firefox.enable = true;
steam.enable = true;
krita.enable = true;
ungoogled-chromium.enable = true;
libreoffice.enable = true;
mapillary-uploader.enable = true;
inkscape.enable = true;
gimp.enable = true;
freecad.enable = true;
onionshare.enable = true;
pdfarranger.enable = true;
picard.enable = true;
qflipper.enable = true;
openvpn.enable = true;
noisetorch.enable = true;
noita-entangled-worlds.enable = true;
tor-browser.enable = true;
gdx-liftoff.enable = true;
proton-mail-pwa.enable = true;
proton-calendar-pwa.enable = true;
matrix-cyberia-pwa.enable = true;
kicad.enable = true;
})
];
}
(lib.mkIf config.user.isTerminalUser {
home.packages = with pkgs; [
# command line tools
sox
yt-dlp
ffmpeg
imagemagick
];
})
(lib.mkIf config.user.isDesktopUser {
nixpkgs.config = {
allowUnfree = true;
};
})
];
}

22
configurations/home-manager/leyla/packages/direnv.nix
View file

@ -1,22 +0,0 @@
{
lib,
config,
osConfig,
...
}: let
userConfig = osConfig.host.users.leyla;
in {
config = lib.mkIf userConfig.isDesktopUser {
programs = {
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
config = {
global.hide_env_diff = true;
whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"];
};
};
};
};
}

161
configurations/home-manager/leyla/packages/firefox/bookmarks.nix
View file

@ -1,161 +0,0 @@
{...}: {
programs.firefox = {
profiles.leyla = {
bookmarks = {
force = true;
settings = [
# Personal Services
{
name = "Media";
url = "https://media.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Photos";
url = "https://photos.jan-leila.com";
keyword = "";
tags = [""];
}
{
name = "Git";
url = "https://git.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Home Automation";
url = "https://home.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Search";
url = "https://search.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Budget";
url = "https://budget.jan-leila.com/";
keyword = "";
tags = [""];
}
{
name = "Documents";
url = "https://documents.jan-leila.com/";
keyword = "";
tags = [""];
}
# Defiant Server Services
{
name = "QBittorrent";
url = "http://defiant:8084";
keyword = "";
tags = ["defiant"];
}
{
name = "Sonarr";
url = "http://defiant:8989";
keyword = "";
tags = ["defiant"];
}
{
name = "Radarr";
url = "http://defiant:7878";
keyword = "";
tags = ["defiant"];
}
{
name = "Bazarr";
url = "http://defiant:6767";
keyword = "";
tags = ["defiant"];
}
{
name = "Lidarr";
url = "http://defiant:8686";
keyword = "";
tags = ["defiant"];
}
{
name = "Jackett";
url = "http://defiant:9117";
keyword = "";
tags = ["defiant"];
}
{
name = "Crab-hole DNS";
url = "http://defiant:8085";
keyword = "";
tags = ["defiant"];
}
# External Services
{
name = "Mail";
url = "https://mail.protonmail.com";
keyword = "";
tags = [""];
}
{
name = "Open Street Map";
url = "https://www.openstreetmap.org/";
keyword = "";
tags = [""];
}
{
name = "Password Manager";
url = "https://vault.bitwarden.com/";
keyword = "";
tags = [""];
}
{
name = "Mastodon";
url = "https://mspsocial.net";
keyword = "";
tags = [""];
}
{
name = "Linked In";
url = "https://www.linkedin.com/";
keyword = "";
tags = [""];
}
{
name = "Job Search";
url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1";
keyword = "";
tags = [""];
}
{
name = "React Docs";
url = "https://react.dev/";
keyword = "";
tags = [""];
}
{
name = "Cyberia Matrix";
url = "https://chat.cyberia.club";
keyword = "";
tags = [""];
}
{
name = "Cyberia Git";
url = "https://git.cyberia.club";
keyword = "";
tags = [""];
}
# Template
# {
# name = "";
# url = "";
# keyword = "";
# tags = [""];
# }
];
};
};
};
}

18
configurations/home-manager/leyla/packages/firefox/default.nix
View file

@ -1,18 +0,0 @@
{
lib,
pkgs,
inputs,
...
}: {
imports = [
./firefox.nix
./bookmarks.nix
./harden.nix
];
config = {
programs.firefox = {
enable = true;
};
};
}

50
configurations/home-manager/leyla/packages/firefox/harden.nix
View file

@ -1,50 +0,0 @@
{...}: {
programs.firefox = {
profiles.leyla = {
settings = {
# Security
"privacy.trackingprotection.enabled" = true;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_pbm" = true;
"dom.security.https_only_mode_error_page_user_suggestions" = true;
# Privacy & Data Protection
"extensions.formautofill.addresses.enabled" = false;
"extensions.formautofill.creditCards.enabled" = false;
"signon.rememberSignons" = false;
"privacy.sanitize.sanitizeOnShutdown" = true;
"privacy.clearOnShutdown_v2.cache" = true;
"privacy.clearOnShutdown_v2.cookiesAndStorage" = true;
"privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true;
"urlclassifier.trackingSkipURLs" = "";
"urlclassifier.features.socialtracking.skipURLs" = "";
# Disable telemetry and data collection
"app.shield.optoutstudies.enabled" = false;
"browser.discovery.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.ping-centre.telemetry" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.sessions.current.clean" = true;
"devtools.onboarding.telemetry.logged" = false;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.prompted" = 2;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
"toolkit.telemetry.server" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.unifiedIsOptIn" = false;
"toolkit.telemetry.updatePing.enabled" = false;
};
};
};
}

13
configurations/home-manager/leyla/packages/git.nix
View file

@ -1,13 +0,0 @@
{...}: {
config = {
programs = {
git = {
settings = {
user.name = "Leyla Becker";
user.email = "git@jan-leila.com";
init.defaultBranch = "main";
};
};
};
};
}

17
configurations/home-manager/leyla/packages/makemkv.nix
View file

@ -1,17 +0,0 @@
{
config,
inputs,
...
}: {
config = {
sops.secrets = {
"application-keys/makemkv" = {
sopsFile = "${inputs.secrets}/application-keys.yaml";
};
};
programs.makemkv = {
appKeyFile = config.sops.placeholder."application-keys/makemkv";
destinationDir = "/home/leyla/downloads/makemkv";
};
};
}

23
configurations/home-manager/leyla/packages/openssh.nix
View file

@ -1,23 +0,0 @@
{
config,
osConfig,
...
}: {
config = {
programs = {
openssh = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
];
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
};
};
}

142
configurations/home-manager/leyla/packages/vscode/default.nix
View file

@ -1,142 +0,0 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
nix-development-enabled = osConfig.host.nix-development.enable;
ai-tooling-enabled = osConfig.host.ai.enable;
in {
imports = [
./user-words.nix
];
config = lib.mkIf config.user.isDesktopUser {
programs = {
bash.shellAliases = {
code = "codium";
};
vscode = {
package = pkgs.vscodium;
mutableExtensionsDir = false;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
userSettings = lib.mkMerge [
{
"javascript.updateImportsOnFileMove.enabled" = "always";
"editor.tabSize" = 2;
"editor.insertSpaces" = false;
# "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace";
}
];
extraExtensions = {
# vs code feel
oneDark.enable = true;
atomKeybindings.enable = true;
openRemoteSsh.enable = true;
# openDyslexicFont.enable = false;
# html development
autoRenameTag.enable = true;
liveServer.enable = true;
# js development
es7ReactJsSnippets.enable = true;
tauriVscode.enable = true;
vscodeEslint.enable = true;
vscodeJest.enable = true;
vitest.enable = true;
vscodeStandard.enable = true;
vscodeStylelint.enable = true;
nearley.enable = true;
# graphql
graphql.enable = true;
# astro development
vscodeMdx.enable = true;
astroVscode.enable = true;
# nix development
alejandra.enable = nix-development-enabled;
nixIde.enable = nix-development-enabled;
# go development
go.enable = true;
# rust development
rustAnalyzer.enable = true;
# arduino development
platformIO.enable = false;
# claude development
claudeDev = lib.mkIf ai-tooling-enabled {
enable = false;
mcp = {
nixos = {
enable = true;
autoApprove = {
nixos_search = true;
nixos_info = true;
home_manager_search = true;
home_manager_info = true;
darwin_search = true;
darwin_info = true;
nixos_flakes_search = true;
};
};
eslint = {
enable = true;
autoApprove = {
lint-files = true;
};
};
vitest = {
enable = true;
autoApprove = {
list_tests = true;
run_tests = true;
analyze_coverage = true;
set_project_root = true;
};
};
sleep = {
enable = true;
timeout = 18000; # 5 hours to match claude codes timeout
autoApprove = {
sleep = true;
};
};
};
};
# misc extensions
evenBetterToml.enable = true;
direnv.enable = config.programs.direnv.enable;
conventionalCommits.enable = true;
};
extensions = let
extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
in (
with extension-pkgs.open-vsx; [
# vs code feel extensions
streetsidesoftware.code-spell-checker
streetsidesoftware.code-spell-checker-german
streetsidesoftware.code-spell-checker-italian
]
);
};
};
};
};
}

127
configurations/home-manager/leyla/packages/vscode/user-words.nix
View file

@ -1,127 +0,0 @@
{
pkgs,
lib,
...
}: {
config.programs.vscode.profiles.default.userSettings = {
"cSpell.userWords" = [
"leyla"
"Cyberia"
];
"cSpell.languageSettings" = [
{
"languageId" = "nix";
"locale" = "*";
"dictionaries" = [
"applications"
"ai-words"
"nix-words"
# We need to include all other dictionaries in the nix language settings because they exist in this file
# TODO: see if there is a way to make this only apply for this file
"js-words"
];
}
{
"languageId" = "javascript,typescript,js,ts";
"locale" = "*";
"dictionaries" = [
"js-words"
];
}
];
"cSpell.customDictionaries" = {
applications = {
name = "applications";
description = "application names";
path = pkgs.writeText "applications.txt" (lib.strings.concatLines [
"ollama"
"syncthing"
"immich"
"sonos"
"makemkv"
"hass"
"qbittorent"
"prostudiomasters"
"protonmail"
"pulseaudio"
]);
};
ai-words = {
name = "ai-words";
description = "common words used for ai development";
path = pkgs.writeText "ai-words.txt" (lib.strings.concatLines [
"ollama"
"deepseek"
"qwen"
]);
};
nix-words = {
name = "nix-words";
description = "words used in nix configurations";
path = pkgs.writeText "nix-words.txt" (lib.strings.concatLines [
"pname"
"direnv"
"tmpfiles"
"Networkd"
"networkmanager"
"dialout"
"adbusers"
"authkey"
"netdevs"
"atomix"
"geary"
"gedit"
"hitori"
"iagno"
"alsa"
"timezoned"
"pipewire"
"rtkit"
"disko"
"ashift"
"autotrim"
"canmount"
"mountpoint"
"xattr"
"acltype"
"relatime"
"keyformat"
"keylocation"
"vdevs"
# codium extensions
"akamud"
"onedark"
"jeanp"
"dsznajder"
"dbaeumer"
"orta"
"tauri"
"unifiedjs"
"tamasfe"
"pinage"
"jnoortheen"
"kamadorueda"
"karyfoundation"
"nearley"
# nix.optimise is spelled wrong
"optimise"
]);
};
js-words = {
name = "js-words";
description = "words used in js development";
path = pkgs.writeText "js-words.txt" (lib.strings.concatLines [
"webdav"
]);
};
};
};
}

118
configurations/home-manager/leyla/vscode/default.nix Normal file
View file

@ -0,0 +1,118 @@
{
lib,
pkgs,
inputs,
config,
osConfig,
...
}: let
nix-development-enabled = osConfig.host.nix-development.enable;
ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable;
in {
nixpkgs = {
overlays = [
inputs.nix-vscode-extensions.overlays.default
];
};
programs = {
bash.shellAliases = {
code = "codium";
};
vscode = let
extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system};
open-vsx = extensions.open-vsx;
vscode-marketplace = extensions.vscode-marketplace;
in {
enable = true;
package = pkgs.vscodium;
mutableExtensionsDir = false;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
userSettings = lib.mkMerge [
{
"workbench.colorTheme" = "Atom One Dark";
"cSpell.userWords" = import ./user-words.nix;
"javascript.updateImportsOnFileMove.enabled" = "always";
"editor.tabSize" = 2;
"editor.insertSpaces" = false;
}
(lib.mkIf nix-development-enabled {
"nix.enableLanguageServer" = true;
"nix.serverPath" = "nil";
"[nix]" = {
"editor.defaultFormatter" = "kamadorueda.alejandra";
"editor.formatOnPaste" = true;
"editor.formatOnSave" = true;
"editor.formatOnType" = true;
};
"alejandra.program" = "alejandra";
"nixpkgs" = {
"expr" = "import <nixpkgs> {}";
};
})
(lib.mkIf ai-tooling-enabled {
"continue.telemetryEnabled" = false;
})
];
extensions = (
with open-vsx;
[
# vs code feel extensions
ms-vscode.atom-keybindings
akamud.vscode-theme-onedark
streetsidesoftware.code-spell-checker
streetsidesoftware.code-spell-checker-german
streetsidesoftware.code-spell-checker-italian
jeanp413.open-remote-ssh
# html extensions
formulahendry.auto-rename-tag
ms-vscode.live-server
# js extensions
dsznajder.es7-react-js-snippets
dbaeumer.vscode-eslint
standard.vscode-standard
firsttris.vscode-jest-runner
stylelint.vscode-stylelint
tauri-apps.tauri-vscode
# go extensions
golang.go
# astro blog extensions
astro-build.astro-vscode
unifiedjs.vscode-mdx
# misc extensions
tamasfe.even-better-toml
]
++ (lib.lists.optionals nix-development-enabled [
# nix extensions
pinage404.nix-extension-pack
jnoortheen.nix-ide
kamadorueda.alejandra
])
++ (
with vscode-marketplace;
[
# js extensions
karyfoundation.nearley
]
++ (lib.lists.optionals ai-tooling-enabled [
continue.continue
])
)
);
};
};
};
}

6
configurations/home-manager/leyla/vscode/user-words.nix Normal file
View file

@ -0,0 +1,6 @@
[
"leyla"
"webdav"
"ollama"
"optimise"
]

366
configurations/nixos/defiant/configuration.nix
View file

@ -17,12 +17,6 @@
"services/zfs_smtp_token" = { "services/zfs_smtp_token" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml"; sopsFile = "${inputs.secrets}/defiant-services.yaml";
}; };
"services/paperless_password" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
mode = "0700";
owner = "paperless";
group = "paperless";
};
}; };
host = { host = {
@ -33,6 +27,43 @@
isPrincipleUser = true; isPrincipleUser = true;
}; };
}; };
impermanence.enable = true;
storage = {
enable = true;
encryption = true;
notifications = {
enable = true;
host = "smtp.protonmail.ch";
port = 587;
to = "leyla@jan-leila.com";
user = "leyla@jan-leila.com";
tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
};
pool = {
vdevs = [
[
"ata-ST18000NE000-3G6101_ZVTCXVEB"
"ata-ST18000NE000-3G6101_ZVTCXWSC"
"ata-ST18000NE000-3G6101_ZVTD10EH"
"ata-ST18000NT001-3NF101_ZVTE0S3Q"
"ata-ST18000NT001-3NF101_ZVTEF27J"
"ata-ST18000NE000-3G6101_ZVTJ7359"
]
# TODO: this needs to be configured manually
[
"ata-ST4000NE001-2MA101_WS2275P3"
"ata-ST4000NE001-2MA101_WS227B9F"
"ata-ST4000NE001-2MA101_WS227CEW"
"ata-ST4000NE001-2MA101_WS227CYN"
"ata-ST4000NE001-2MA101_WS23TBWV"
"ata-ST4000NE001-2MA101_WS23TC5F"
]
];
cache = [
"nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"
];
};
};
network_storage = { network_storage = {
enable = true; enable = true;
directories = [ directories = [
@ -64,58 +95,36 @@
directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; directories = ["leyla_documents" "eve_documents" "users_documents" "media"];
}; };
}; };
}; reverse_proxy = {
storage = {
zfs = {
enable = true; enable = true;
notifications = { enableACME = true;
enable = true; hostname = "jan-leila.com";
host = "smtp.protonmail.ch"; };
port = 587; postgres = {
to = "leyla@jan-leila.com"; extraUsers = {
user = "noreply@jan-leila.com"; leyla = {
tokenFile = config.sops.secrets."services/zfs_smtp_token".path; isAdmin = true;
};
pool = {
encryption = {
enable = true;
}; };
vdevs = [
[
"ata-ST18000NE000-3G6101_ZVTCXVEB"
"ata-ST18000NE000-3G6101_ZVTCXWSC"
"ata-ST18000NE000-3G6101_ZVTD10EH"
"ata-ST18000NT001-3NF101_ZVTE0S3Q"
"ata-ST18000NT001-3NF101_ZVTEF27J"
"ata-ST18000NE000-3G6101_ZVTJ7359"
]
[
"ata-ST4000NE001-2MA101_WS2275P3"
"ata-ST4000NE001-2MA101_WS227B9F"
"ata-ST4000NE001-2MA101_WS227CEW"
"ata-ST4000NE001-2MA101_WS227CYN"
"ata-ST4000NE001-2MA101_WS23TBWV"
"ata-ST4000NE001-2MA101_WS23TC5F"
]
];
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
cache = [
{
device = "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F";
boot = true;
}
];
}; };
}; };
impermanence = { # home-assistant = {
enable = true; # enable = false;
# subdomain = "home";
# };
adguardhome = {
enable = false;
}; };
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
# config = {
# routeTables = {
# p2p = 1;
# };
# };
netdevs = { netdevs = {
"10-bond0" = { "10-bond0" = {
netdevConfig = { netdevConfig = {
@ -128,25 +137,26 @@
}; };
}; };
"20-wg0" = { # "15-p2p0" = {
netdevConfig = { # netdevConfig = {
Kind = "wireguard"; # Kind = "wireguard";
Name = "wg0"; # Name = "p2p0";
}; # MTUBytes = "1280";
wireguardConfig = { # };
PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; # wireguardConfig = {
ListenPort = 51820; # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
}; # ListenPort = 51820;
wireguardPeers = [ # # RouteTable = "p2p";
{ # };
PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; # wireguardPeers = [
Endpoint = "185.230.126.146:51820"; # {
# Allow all traffic but use policy routing to prevent system-wide VPN # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
AllowedIPs = ["0.0.0.0/0"]; # Endpoint = "185.230.126.146:51820";
PersistentKeepalive = 25; # AllowedIPs = ["0.0.0.0/0"];
} # RouteTable = "off";
]; # }
}; # ];
# };
}; };
networks = { networks = {
"40-bond0" = { "40-bond0" = {
@ -161,106 +171,49 @@
"192.168.1.10/32" "192.168.1.10/32"
]; ];
# Set lower priority for default gateway to allow WireGuard interface binding gateway = ["192.168.1.1"];
routes = [
{
Destination = "0.0.0.0/0";
Gateway = "192.168.1.1";
Metric = 100;
}
];
dns = ["192.168.1.1"]; dns = ["192.168.1.1"];
}; };
"50-wg0" = { # "45-p2p0" = {
matchConfig.Name = "wg0"; # matchConfig.Name = "p2p0";
networkConfig = { # address = [
DHCP = "no"; # "10.2.0.2/32"
}; # ];
address = [ # routes = [
"10.2.0.2/32" # {
]; # Destination = "0.0.0.0/0";
# Configure routing for application binding # }
routingPolicyRules = [ # ];
{ # linkConfig.RequiredForOnline = false;
# Route traffic from VPN interface through VPN table # };
From = "10.2.0.2/32";
Table = 200;
Priority = 100;
}
];
routes = [
{
# Direct route to VPN gateway
Destination = "10.2.0.1/32";
Scope = "link";
}
{
# Route VPN subnet through VPN gateway in custom table
Destination = "10.2.0.0/16";
Gateway = "10.2.0.1";
Table = 200;
}
{
# Route all traffic through VPN gateway in custom table
Destination = "0.0.0.0/0";
Gateway = "10.2.0.1";
Table = 200;
}
];
};
}; };
}; };
# limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory
boot.kernelParams = ["zfs.zfs_arc_max=53687091200"];
# Enable policy routing and source routing for application-specific VPN binding
boot.kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
"net.ipv4.conf.wg0.rp_filter" = 2;
};
services = { services = {
# PostgreSQL database server # TODO: move zfs scrubbing into module
postgresql = { zfs = {
enable = true; autoScrub.enable = true;
adminUsers = ["leyla"]; autoSnapshot.enable = true;
impermanence.enable = false;
}; };
# temp enable desktop environment for setup # temp enable desktop enviroment for setup
# Enable the X11 windowing system. # Enable the X11 windowing system.
xserver.enable = true; xserver = {
# Enable the GNOME Desktop Environment.
displayManager = {
gdm.enable = true;
};
desktopManager = {
gnome.enable = true;
};
# Enable new reverse proxy system
reverseProxy = {
enable = true; enable = true;
openFirewall = true;
impermanence.enable = false; # Enable the GNOME Desktop Environment.
acme = { displayManager = {
enable = true; gdm.enable = true;
email = "jan-leila@protonmail.com"; };
desktopManager = {
gnome.enable = true;
}; };
}; };
ollama = { ollama = {
enable = true; enable = true;
exposePort = true; exposePort = true;
impermanence.enable = false;
environmentVariables = {
OLLAMA_KEEP_ALIVE = "24h";
};
loadModels = [ loadModels = [
# conversation models # conversation models
@ -278,10 +231,6 @@
# agent models # agent models
"qwen3:8b" "qwen3:8b"
"qwen3:32b" "qwen3:32b"
"qwen3:235b-a22b"
"qwen3-coder:30b"
"qwen3-coder:30b-a3b-fp16"
# embedding models # embedding models
"nomic-embed-text:latest" "nomic-embed-text:latest"
@ -291,7 +240,6 @@
enable = true; enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path;
useRoutingFeatures = "server"; useRoutingFeatures = "server";
impermanence.enable = false;
extraUpFlags = [ extraUpFlags = [
"--advertise-exit-node" "--advertise-exit-node"
"--advertise-routes=192.168.0.0/24" "--advertise-routes=192.168.0.0/24"
@ -304,126 +252,42 @@
]; ];
}; };
syncthing = { syncthing.enable = true;
enable = true;
impermanence.enable = false;
};
fail2ban = { fail2ban.enable = true;
enable = true;
impermanence.enable = false;
};
jellyfin = { jellyfin = {
enable = true; enable = true;
domain = "media.jan-leila.com"; subdomain = "media";
extraDomains = ["jellyfin.jan-leila.com"]; extraSubdomains = ["jellyfin"];
impermanence.enable = false;
}; };
immich = { immich = {
enable = true; enable = true;
domain = "photos.jan-leila.com"; subdomain = "photos";
impermanence.enable = false;
}; };
forgejo = { forgejo = {
enable = true; enable = true;
reverseProxy.domain = "git.jan-leila.com"; subdomain = "git";
impermanence.enable = false;
}; };
searx = { searx = {
enable = true; enable = true;
domain = "search.jan-leila.com"; subdomain = "search";
}; };
actual = { virt-home-assistant = {
enable = false; enable = false;
domain = "budget.jan-leila.com"; networkBridge = "bond0";
impermanence.enable = false; hostDevice = "0x10c4:0xea60";
};
home-assistant = {
enable = true;
domain = "home.jan-leila.com";
openFirewall = true;
postgres.enable = true;
impermanence.enable = false;
extensions = {
sonos.enable = true;
jellyfin.enable = true;
wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper
};
};
paperless = {
enable = true;
domain = "documents.jan-leila.com";
passwordFile = config.sops.secrets."services/paperless_password".path;
impermanence.enable = false;
};
panoramax = {
enable = false;
openFirewall = true;
impermanence.enable = false;
};
crab-hole = {
enable = true;
port = 8085;
openFirewall = true;
show_doc = true;
impermanence.enable = false;
downstreams = {
host = {
enable = true;
openFirewall = true;
};
};
upstreams.cloudFlare.enable = true;
blocklists.ad_malware.enable = true;
}; };
qbittorrent = { qbittorrent = {
enable = true; enable = true;
mediaDir = "/srv/qbittorent"; mediaDir = "/srv/qbittorent";
openFirewall = true; openFirewall = true;
webuiPort = 8084; webPort = 8084;
impermanence.enable = false;
};
sonarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
radarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
bazarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
lidarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
jackett = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
flaresolverr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
}; };
}; };
@ -434,7 +298,7 @@
hibernate.enable = false; hibernate.enable = false;
hybrid-sleep.enable = false; hybrid-sleep.enable = false;
}; };
services.displayManager.gdm.autoSuspend = false; services.xserver.displayManager.gdm.autoSuspend = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

3
configurations/nixos/defiant/default.nix
View file

@ -3,8 +3,5 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./configuration.nix ./configuration.nix
./packages.nix
./legacy-storage.nix
./legacy-impermanence.nix
]; ];
} }

296
configurations/nixos/defiant/legacy-impermanence.nix
View file

@ -1,296 +0,0 @@
# Legacy impermanence module for defiant
# See legacy-storage.nix for the full incremental migration plan.
#
# This file is consumed in two phases:
#
# Phase 3 (after generateBase is enabled):
# Remove the SYSTEM-LEVEL entries marked [PHASE 3] below. These will be
# handled automatically by storage.nix, ssh.nix, and the impermanence module:
# - var-lib-private-permissions activation script
# - /etc/machine-id
# - SSH host keys
# - /var/lib/nixos
# - /var/lib/systemd/coredump
# - /persist/system/var/log persistence block
#
# Phase 4 (migrate services one at a time, any order):
# For each service:
# 1. Remove the service's section marked [PHASE 4] from this file
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# For jellyfin/qbittorrent, also remove the separate media persistence blocks.
#
# Phase 5: Delete this file once empty.
{
config,
lib,
...
}: {
config = lib.mkIf config.storage.impermanence.enable {
# [PHASE 3] Remove this activation script after enabling generateBase
system.activationScripts = {
"var-lib-private-permissions" = {
deps = ["specialfs"];
text = ''
mkdir -p /persist/system/root/var/lib/private
chmod 0700 /persist/system/root/var/lib/private
'';
};
};
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
# [PHASE 3] Remove this files block after enabling generateBase
files = lib.mkMerge [
["/etc/machine-id"]
# SSH host keys
(lib.mkIf config.services.openssh.enable (
lib.lists.flatten (
builtins.map (hostKey: [
hostKey.path
"${hostKey.path}.pub"
])
config.services.openssh.hostKeys
)
))
];
directories = lib.mkMerge [
# [PHASE 3] Remove these system directories after enabling generateBase
[
"/var/lib/nixos"
"/var/lib/systemd/coredump"
]
# [PHASE 4] PostgreSQL
(lib.mkIf config.services.postgresql.enable [
{
directory = "/var/lib/postgresql/16";
user = "postgres";
group = "postgres";
}
])
# [PHASE 4] Reverse Proxy (ACME)
(lib.mkIf config.services.reverseProxy.enable [
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
}
])
# [PHASE 4] Ollama
(lib.mkIf config.services.ollama.enable [
{
directory = "/var/lib/private/ollama";
user = config.services.ollama.user;
group = config.services.ollama.group;
mode = "0700";
}
])
# [PHASE 4] Tailscale
(lib.mkIf config.services.tailscale.enable [
{
directory = "/var/lib/tailscale";
user = "root";
group = "root";
}
])
# [PHASE 4] Syncthing
(lib.mkIf config.services.syncthing.enable [
{
directory = "/mnt/sync";
user = "syncthing";
group = "syncthing";
}
{
directory = "/etc/syncthing";
user = "syncthing";
group = "syncthing";
}
])
# [PHASE 4] Fail2ban
(lib.mkIf config.services.fail2ban.enable [
{
directory = "/var/lib/fail2ban";
user = "fail2ban";
group = "fail2ban";
}
])
# [PHASE 4] Jellyfin (data/cache only - media is on separate dataset)
(lib.mkIf config.services.jellyfin.enable [
{
directory = "/var/lib/jellyfin";
user = "jellyfin";
group = "jellyfin";
}
{
directory = "/var/cache/jellyfin";
user = "jellyfin";
group = "jellyfin";
}
])
# [PHASE 4] Immich
(lib.mkIf config.services.immich.enable [
{
directory = "/var/lib/immich";
user = "immich";
group = "immich";
}
])
# [PHASE 4] Forgejo
(lib.mkIf config.services.forgejo.enable [
{
directory = "/var/lib/forgejo";
user = "forgejo";
group = "forgejo";
}
])
# [PHASE 4] Actual
(lib.mkIf config.services.actual.enable [
{
directory = "/var/lib/private/actual";
user = "actual";
group = "actual";
}
])
# [PHASE 4] Home Assistant
(lib.mkIf config.services.home-assistant.enable [
{
directory = "/var/lib/hass";
user = "hass";
group = "hass";
}
])
# [PHASE 4] Paperless
(lib.mkIf config.services.paperless.enable [
{
directory = "/var/lib/paperless";
user = "paperless";
group = "paperless";
}
])
# [PHASE 4] Crab-hole
(lib.mkIf config.services.crab-hole.enable [
{
directory = "/var/lib/private/crab-hole";
user = "crab-hole";
group = "crab-hole";
}
])
# [PHASE 4] qBittorrent (config only - media is on separate dataset)
(lib.mkIf config.services.qbittorrent.enable [
{
directory = "/var/lib/qBittorrent/";
user = "qbittorrent";
group = "qbittorrent";
}
])
# [PHASE 4] Sonarr
(lib.mkIf config.services.sonarr.enable [
{
directory = "/var/lib/sonarr/.config/NzbDrone";
user = "sonarr";
group = "sonarr";
}
])
# [PHASE 4] Radarr
(lib.mkIf config.services.radarr.enable [
{
directory = "/var/lib/radarr/.config/Radarr";
user = "radarr";
group = "radarr";
}
])
# [PHASE 4] Bazarr
(lib.mkIf config.services.bazarr.enable [
{
directory = "/var/lib/bazarr";
user = "bazarr";
group = "bazarr";
}
])
# [PHASE 4] Lidarr
(lib.mkIf config.services.lidarr.enable [
{
directory = "/var/lib/lidarr/.config/Lidarr";
user = "lidarr";
group = "lidarr";
}
])
# [PHASE 4] Jackett
(lib.mkIf config.services.jackett.enable [
{
directory = "/var/lib/jackett/.config/Jackett";
user = "jackett";
group = "jackett";
}
])
# [PHASE 4] FlareSolverr
(lib.mkIf config.services.flaresolverr.enable [
{
directory = "/var/lib/flaresolverr";
user = "flaresolverr";
group = "flaresolverr";
}
])
];
};
# [PHASE 4 - LAST] Jellyfin media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.jellyfin.media_directory;
user = "jellyfin";
group = "jellyfin_media";
mode = "1770";
}
];
};
# [PHASE 4 - LAST] qBittorrent media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.qbittorrent.mediaDir;
user = "qbittorrent";
group = "qbittorrent";
mode = "1775";
}
];
};
# [PHASE 3] /var/log persistence - handled by storage.nix after generateBase
environment.persistence."/persist/system/var/log" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
];
};
};
}

218
configurations/nixos/defiant/legacy-storage.nix
View file

@ -1,218 +0,0 @@
# Legacy storage configuration for defiant
# This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module (generateBase = true).
#
# ============================================================================
# INCREMENTAL MIGRATION PLAN
# ============================================================================
#
# Current disk usage (for reference):
# rpool/local/system/nix ~26G (renamed in place, no copy)
# rpool/local/system/sops ~328K (renamed in place, no copy)
# rpool/persist/system/jellyfin ~32T (renamed in place, no copy)
# rpool/persist/system/qbittorrent ~6.5T (copied into media dataset, ~6.5T temp)
# rpool free space ~30T
#
# Phase 1: Migrate base datasets on disk (boot from live USB or rescue)
# All operations in this phase are instant renames -- no data is copied.
#
# Unlock the pool:
# zfs load-key -a
#
# Step 1a: Move nix and sops out of local/ (they go to persist/local/)
# The -p flag auto-creates the parent datasets.
#
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename -p rpool/local/system/sops rpool/persist/local/system/sops
#
# Step 1b: Rename local/ -> ephemeral/ (takes remaining children with it)
# zfs rename rpool/local rpool/ephemeral
# # This moves: local/system/root -> ephemeral/system/root
# # local/home/leyla -> ephemeral/home/leyla
#
# Step 1c: Recreate blank snapshots on ephemeral datasets
# zfs destroy rpool/ephemeral/system/root@blank
# zfs snapshot rpool/ephemeral/system/root@blank
# zfs destroy rpool/ephemeral/home/leyla@blank
# zfs snapshot rpool/ephemeral/home/leyla@blank
#
# Step 1d: Move persist/ children under persist/replicate/
# zfs create -o canmount=off rpool/persist/replicate
# zfs create -o canmount=off rpool/persist/replicate/system
# zfs rename rpool/persist/system/root rpool/persist/replicate/system/root
# zfs rename rpool/persist/system/var rpool/persist/replicate/system/var
# zfs rename rpool/persist/home/leyla rpool/persist/replicate/home
# # Clean up the now-empty home parent
# zfs destroy rpool/persist/home
# # NOTE: Do NOT destroy rpool/persist/system -- it still contains
# # persist/system/jellyfin and persist/system/qbittorrent which are
# # migrated in Phase 2.
#
# Verify the new layout:
# zfs list -r rpool -o name,used,mountpoint
#
# Phase 2: Merge media into a single dataset (do this last)
# Strategy: Rename the jellyfin dataset to become the shared media dataset
# (zero copy, instant), then copy qbittorrent data into it (~6.5T copy).
# This avoids duplicating the 32T jellyfin dataset.
#
# Step 2a: Rename jellyfin dataset to the shared media name
# zfs rename rpool/persist/system/jellyfin rpool/persist/replicate/system/media
#
# Step 2b: Copy qbittorrent data into the media dataset
# This copies ~6.5T and may take several hours/days depending on disk speed.
# The qbittorrent data is not critical to back up so no snapshot needed.
#
# systemctl stop qbittorrent
# rsync -avPHAX /persist/system/qbittorrent/ /persist/replicate/system/media/
#
# Step 2c: Verify the data and clean up
# ls -la /persist/replicate/system/media/
# zfs destroy rpool/persist/system/qbittorrent
# # persist/system should now be empty, clean it up:
# zfs destroy rpool/persist/system
#
# Phase 3: Enable generateBase
# In the nix config:
# - Delete this file (legacy-storage.nix) and remove its import from default.nix
# - Remove [PHASE 3] entries from legacy-impermanence.nix:
# - var-lib-private-permissions activation script
# - /etc/machine-id, SSH host keys (files block)
# - /var/lib/nixos, /var/lib/systemd/coredump (directories)
# - /persist/system/var/log persistence block
# These are now handled automatically by storage.nix and ssh.nix.
# Rebuild and verify:
# sudo nixos-rebuild switch --flake .#defiant
# # Verify mounts: findmnt -t fuse.bindfs,fuse
# # Verify persist: ls /persist/replicate/system/root/var/lib/nixos
# # Verify boot: reboot and confirm system comes up cleanly
#
# Phase 4: Migrate services (one at a time, any order)
# For each service (except jellyfin/qbittorrent):
# 1. Remove the service's [PHASE 4] section from legacy-impermanence.nix
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# 3. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 4. Verify: systemctl status <service>, check the service's data is intact
# No data migration is needed -- the data already lives on the renamed
# dataset at the new path.
#
# Migrate jellyfin and qbittorrent LAST (after Phase 2 media merge):
# 1. Remove [PHASE 4 - LAST] jellyfin entries from legacy-impermanence.nix
# 2. Remove [PHASE 4 - LAST] qbittorrent entries from legacy-impermanence.nix
# 3. Remove `impermanence.enable = false` for both in configuration.nix
# 4. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 5. Verify: systemctl status jellyfin qbittorrent
#
# Phase 5: Cleanup
# Once all services are migrated and legacy-impermanence.nix is empty:
# - Delete legacy-impermanence.nix and remove its import from default.nix
# - Rebuild: sudo nixos-rebuild switch --flake .#defiant
#
# ============================================================================
#
# Current on-disk dataset layout:
# rpool/local/ - ephemeral parent
# rpool/local/home/leyla - ephemeral user home (rolled back on boot)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem (rolled back on boot)
# rpool/local/system/sops - sops age key
# rpool/persist/ - persistent parent
# rpool/persist/home/leyla - persistent user home
# rpool/persist/system/jellyfin - jellyfin media
# rpool/persist/system/qbittorrent - qbittorrent media
# rpool/persist/system/root - persistent root data
# rpool/persist/system/var/log - log persistence
{lib, ...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching main's structure
storage.zfs.datasets = {
# Ephemeral datasets (local/)
"local" = {
type = "zfs_fs";
mount = null;
};
"local/home/leyla" = {
type = "zfs_fs";
mount = "/home/leyla";
snapshot = {
blankSnapshot = true;
};
};
"local/system/nix" = {
type = "zfs_fs";
mount = "/nix";
atime = "off";
relatime = "off";
snapshot = {
autoSnapshot = false;
};
};
"local/system/root" = {
type = "zfs_fs";
mount = "/";
snapshot = {
blankSnapshot = true;
};
};
"local/system/sops" = {
type = "zfs_fs";
mount = "/var/lib/sops-nix";
};
# Persistent datasets (persist/)
"persist" = {
type = "zfs_fs";
mount = null;
};
"persist/home/leyla" = {
type = "zfs_fs";
mount = "/persist/home/leyla";
snapshot = {
autoSnapshot = true;
};
};
"persist/system/jellyfin" = {
type = "zfs_fs";
mount = "/persist/system/jellyfin";
atime = "off";
relatime = "off";
};
"persist/system/qbittorrent" = {
type = "zfs_fs";
mount = "/persist/system/qbittorrent";
atime = "off";
relatime = "off";
};
"persist/system/root" = {
type = "zfs_fs";
mount = "/persist/system/root";
snapshot = {
autoSnapshot = true;
};
};
"persist/system/var/log" = {
type = "zfs_fs";
mount = "/persist/system/var/log";
};
};
# Boot commands to rollback ephemeral root and user homes on boot
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank
zfs rollback -r rpool/local/home/leyla@blank
'';
# FileSystems needed for boot
fileSystems = {
"/".neededForBoot = true;
"/persist/system/root".neededForBoot = true;
"/persist/system/var/log".neededForBoot = true;
"/persist/system/jellyfin".neededForBoot = true;
"/persist/system/qbittorrent".neededForBoot = true;
"/var/lib/sops-nix".neededForBoot = true;
"/persist/home/leyla".neededForBoot = true;
"/home/leyla".neededForBoot = true;
};
}

9
configurations/nixos/defiant/packages.nix
View file

@ -1,9 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
ffsubsync
sox
yt-dlp
ffmpeg
imagemagick
];
}

64
configurations/nixos/emergent/configuration.nix
View file

@ -2,12 +2,12 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ {
config,
lib, lib,
pkgs, pkgs,
... ...
}: { }: {
imports = [ imports = [
./nvidia-drivers.nix
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -36,19 +36,12 @@
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; services.xserver.enable = true;
# Enable wacom touchscreen device
services.xserver.wacom.enable = true;
# installed opentabletdriver
# hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.
services.displayManager.gdm.enable = true; services.xserver.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true; services.xserver.desktopManager.gnome.enable = true;
host = { host = {
ai.enable = true;
users = { users = {
eve = { eve = {
isDesktopUser = true; isDesktopUser = true;
@ -56,40 +49,8 @@
isPrincipleUser = true; isPrincipleUser = true;
}; };
}; };
hardware = {
piperMouse.enable = true;
};
}; };
storage = {
zfs = {
enable = true;
pool = {
mode = "stripe";
vdevs = [
[
{
device = "wwn-0x5000039fd0cf05eb";
boot = true;
}
]
];
cache = [];
};
};
};
virtualisation.libvirtd.enable = true;
users.users.eve = {
extraGroups = ["libvirtd"];
};
services.tailscale.enable = true;
# We were having weird build errors so this is disabled right now
# error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option
services.syncthing.enable = false;
# Configure keymap in X11 # Configure keymap in X11
# services.xserver.xkb.layout = "us"; # services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape"; # services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -119,19 +80,12 @@
# programs.firefox.enable = true; # programs.firefox.enable = true;
nixpkgs.config.allowUnfree = true; # List packages installed in system profile.
# You can use https://search.nixos.org/ to find more packages (and options).
# Packages that can be installed without any extra configuration # environment.systemPackages = with pkgs; [
# See https://search.nixos.org/packages for all options # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
environment.systemPackages = with pkgs; [ # wget
wget # ];
gnome-boxes
libvirt
];
# Packages that need to be installed with some extra configuration
# See https://search.nixos.org/options for all options
programs = {};
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.

2
configurations/nixos/emergent/default.nix
View file

@ -3,6 +3,6 @@
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./legacy-storage.nix ./disco-configuration.nix
]; ];
} }

57
configurations/nixos/emergent/disco-configuration.nix Normal file
View file

@ -0,0 +1,57 @@
{...}: {
disko.devices = {
disk = {
disk1 = {
type = "disk";
device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb";
content = {
type = "gpt";
partitions = {
ESP = {
size = "64M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = "";
options.cachefile = "none";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "true";
};
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
datasets = {
"system/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
};
};
};
};
}

2
configurations/nixos/emergent/hardware-configuration.nix
View file

@ -12,7 +12,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom" "kvm" "kvm_amd"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];

51
configurations/nixos/emergent/legacy-storage.nix
View file

@ -1,51 +0,0 @@
# Legacy storage configuration for emergent
# This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module (generateBase = true).
#
# Current on-disk dataset layout:
# rpool/local/ - parent (canmount=off)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem
#
# Migration plan:
# Phase 1: Rename datasets on disk (boot from live USB)
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename rpool/local rpool/persist/local
# # This moves: local/system/root -> persist/local/root (need to rename after)
# # Actually, since local/system/root needs to become persist/local/root:
# zfs rename rpool/persist/local/system/root rpool/persist/local/root
# zfs destroy rpool/persist/local/system # now empty
# # Recreate blank snapshot:
# zfs destroy rpool/persist/local/root@blank
# zfs snapshot rpool/persist/local/root@blank
#
# Phase 2: Delete this file, remove its import from default.nix, rebuild.
{...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching the existing on-disk layout
storage.zfs.datasets = {
"local" = {
type = "zfs_fs";
mount = null;
};
"local/system/nix" = {
type = "zfs_fs";
mount = "/nix";
atime = "off";
relatime = "off";
snapshot = {
autoSnapshot = false;
};
};
"local/system/root" = {
type = "zfs_fs";
mount = "/";
snapshot = {
blankSnapshot = true;
autoSnapshot = true;
};
};
};
}

46
configurations/nixos/emergent/nvidia-drivers.nix
View file

@ -1,46 +0,0 @@
{config, ...}: {
# Enable OpenGL
hardware.graphics = {
enable = true;
};
# Load nvidia driver for Xorg and Wayland
services = {
xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
};
# Use X instead of wayland
displayManager.gdm.wayland = true;
};
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

81
configurations/nixos/horizon/configuration.nix
View file

@ -1,8 +1,7 @@
{ {
lib,
pkgs,
config, config,
inputs, inputs,
pkgs,
... ...
}: { }: {
imports = [ imports = [
@ -11,19 +10,6 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
boot = {
initrd = {
availableKernelModules = ["usb_storage" "sd_mod"];
};
kernelModules = ["sg"];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
host = { host = {
users = { users = {
leyla = { leyla = {
@ -42,65 +28,38 @@
enable = true; enable = true;
models = { models = {
"Llama 3.1 8B" = { "Llama 3.1 8B" = {
model = "llama3.1:8b"; model = "lamma3.1:8b";
roles = ["chat" "edit" "apply"]; roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434"; apiBase = "http://twilight:11434";
};
"Deepseek Coder:6.7B" = {
model = "deepseek-coder:6.7b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek Coder:33B" = {
model = "deepseek-coder:33b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek r1:8B" = {
model = "deepseek-r1:8b";
roles = ["chat"];
apiBase = "http://defiant:11434";
};
"Deepseek r1:32B" = {
model = "deepseek-r1:32b";
roles = ["chat"];
apiBase = "http://defiant:11434";
}; };
"qwen2.5-coder:1.5b-base" = { "qwen2.5-coder:1.5b-base" = {
model = "qwen2.5-coder:1.5b-base"; model = "qwen2.5-coder:1.5b-base";
roles = ["autocomplete"]; roles = ["autocomplete"];
apiBase = "http://defiant:11434"; apiBase = "http://twilight:11434";
}; };
"nomic-embed-text:latest" = { "nomic-embed-text:latest" = {
model = "nomic-embed-text:latest"; model = "nomic-embed-text:latest";
roles = ["embed"]; roles = ["embed"];
apiBase = "http://defiant:11434"; apiBase = "http://twilight:11434";
}; };
}; };
}; };
}; };
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cachefilesd
webtoon-dl webtoon-dl
android-tools prostudiomasters
]; ];
services.cachefilesd.enable = true;
networking = { programs = {
networkmanager.enable = true; adb.enable = true;
hostName = "horizon"; # Define your hostname. steam = {
}; enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
hardware = { };
graphics.enable = true;
}; };
sops.secrets = { sops.secrets = {
@ -114,10 +73,6 @@
fprintd = { fprintd = {
enable = true; enable = true;
}; };
# firmware update tool
fwupd = {
enable = true;
};
tailscale = { tailscale = {
enable = true; enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path;
@ -125,18 +80,8 @@
}; };
syncthing.enable = true; syncthing.enable = true;
ollama = {
enable = true;
loadModels = [
"llama3.1:8b"
];
};
}; };
# Enable network-online.target for better network dependency handling
systemd.services.NetworkManager-wait-online.enable = true;
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; # services.xserver.libinput.enable = true;

1
configurations/nixos/horizon/default.nix
View file

@ -3,6 +3,5 @@
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
# ./network-mount.nix
]; ];
} }

115
configurations/nixos/horizon/hardware-configuration.nix
View file

@ -4,6 +4,7 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {
@ -11,10 +12,22 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; boot = {
boot.initrd.kernelModules = []; initrd = {
boot.kernelModules = ["kvm-intel"]; availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
boot.extraModulePackages = []; kernelModules = [];
};
kernelModules = ["kvm-intel" "sg"];
extraModulePackages = [];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = ["nfs"];
};
fileSystems = { fileSystems = {
"/" = { "/" = {
@ -26,20 +39,98 @@
device = "/dev/disk/by-uuid/E138-65B5"; device = "/dev/disk/by-uuid/E138-65B5";
fsType = "vfat"; fsType = "vfat";
}; };
"/mnt/leyla_documents" = {
device = "defiant:/export/leyla_documents";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"x-systemd.idle-timeout=600"
"fsc"
"timeo=600"
"retrans=2"
];
};
"/mnt/eve_documents" = {
device = "defiant:/export/eve_documents";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"nofail"
"x-systemd.idle-timeout=600"
"fsc"
"timeo=600"
"retrans=2"
];
};
"/mnt/users_documents" = {
device = "defiant:/export/users_documents";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"nofail"
"x-systemd.idle-timeout=600"
"fsc"
"timeo=600"
"retrans=2"
];
};
"/mnt/media" = {
device = "defiant:/export/media";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"x-systemd.idle-timeout=600"
"noatime"
"nodiratime"
"relatime"
"fsc"
"timeo=600"
"retrans=2"
];
};
}; };
environment.systemPackages = with pkgs; [
cachefilesd
];
services.cachefilesd.enable = true;
swapDevices = [ swapDevices = [
{device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking networking = {
# (the default) this is the recommended approach. When using systemd-networkd it's networkmanager.enable = true;
# still possible to use this option, but it's recommended to use it in conjunction useDHCP = lib.mkDefault true;
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. hostName = "horizon"; # Define your hostname.
networking.useDHCP = lib.mkDefault true; };
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {
graphics.enable = true;
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

76
configurations/nixos/horizon/network-mount.nix
View file

@ -1,76 +0,0 @@
{...}: {
boot.supportedFilesystems = ["nfs"];
fileSystems = {
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr" # Allow interruption of NFS calls
"timeo=30" # 3 second timeout (30 deciseconds)
"retrans=2" # Only 2 retries before giving up
"x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile
"x-systemd.device-timeout=15" # 15 second device timeout
"bg" # Background mount - don't block boot
"fsc" # Enable caching
"_netdev" # Network device - wait for network
"x-systemd.requires=network-online.target" # Require network to be online
"x-systemd.after=network-online.target" # Start after network is online
"x-systemd.mount-timeout=30" # 30 second mount timeout
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"nofail"
"soft"
"intr"
"timeo=30"
"retrans=2"
"x-systemd.idle-timeout=300"
"x-systemd.device-timeout=15"
"bg"
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
"x-systemd.mount-timeout=30"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr"
"timeo=30"
"retrans=2"
"x-systemd.idle-timeout=300"
"x-systemd.device-timeout=15"
"bg"
# Mobile-optimized read settings
"rsize=8192" # Smaller read size for mobile
"wsize=8192" # Smaller write size for mobile
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
"x-systemd.mount-timeout=30"
];
};
};
}

30
configurations/nixos/twilight/configuration.nix
View file

@ -1,19 +1,14 @@
{ {
inputs, inputs,
config, config,
pkgs,
... ...
}: { }: {
imports = [
./monitors.nix
];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
boot.initrd.availableKernelModules = ["usb_storage"];
boot.kernelModules = ["sg"];
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
sops.secrets = { sops.secrets = {
"vpn-keys/tailscale-authkey/twilight" = { "vpn-keys/tailscale-authkey/twilight" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml"; sopsFile = "${inputs.secrets}/vpn-keys.yaml";
@ -126,19 +121,12 @@
syncthing.enable = true; syncthing.enable = true;
}; };
programs.steam = {
# Enable network-online.target for better network dependency handling enable = true;
systemd.services.NetworkManager-wait-online.enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
environment.systemPackages = with pkgs; [
cachefilesd
];
hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index
networking = {
networkmanager.enable = true;
hostName = "twilight"; # Define your hostname.
}; };
hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index
# enabled virtualisation for docker # enabled virtualisation for docker
# virtualisation.docker.enable = true; # virtualisation.docker.enable = true;

2
configurations/nixos/twilight/default.nix
View file

@ -3,7 +3,5 @@
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./nvidia-drivers.nix
# ./network-mount.nix
]; ];
} }

140
configurations/nixos/twilight/hardware-configuration.nix
View file

@ -4,6 +4,7 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {
@ -11,32 +12,147 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; boot = {
boot.initrd.kernelModules = []; initrd = {
boot.kernelModules = ["kvm-amd"]; availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.extraModulePackages = []; kernelModules = [];
};
kernelModules = ["kvm-amd" "sg"];
extraModulePackages = [];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = ["nfs"];
};
services.xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
# Use X instead of wayland for gaming reasons
displayManager.gdm.wayland = false;
};
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part2"; device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part1"; device = "/dev/disk/by-uuid/3006-3867";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"]; options = ["fmask=0022" "dmask=0022"];
}; };
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"fsc"
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"fsc"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"noatime"
"nodiratime"
"relatime"
"rsize=32768"
"wsize=32768"
"fsc"
];
};
}; };
environment.systemPackages = with pkgs; [
cachefilesd
];
swapDevices = []; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking networking = {
# (the default) this is the recommended approach. When using systemd-networkd it's networkmanager.enable = true;
# still possible to use this option, but it's recommended to use it in conjunction # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # (the default) this is the recommended approach. When using systemd-networkd it's
networking.useDHCP = lib.mkDefault true; # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
hostName = "twilight"; # Define your hostname.
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware = {
# Enable OpenGL
graphics.enable = true;
# install graphics drivers
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
};
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

199
configurations/nixos/twilight/monitors.nix Normal file
View file

@ -0,0 +1,199 @@
{pkgs, ...}: {
systemd.tmpfiles.rules = [
"L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" ''
<monitors version="2">
<configuration>
<logicalmonitor>
<x>0</x>
<y>156</y>
<scale>1</scale>
<monitor>
<monitorspec>
<connector>DP-4</connector>
<vendor>DEL</vendor>
<product>DELL U2719D</product>
<serial>8RGXNS2</serial>
</monitorspec>
<mode>
<width>2560</width>
<height>1440</height>
<rate>59.951</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>2560</x>
<y>324</y>
<scale>1</scale>
<primary>yes</primary>
<monitor>
<monitorspec>
<connector>DP-2</connector>
<vendor>GSM</vendor>
<product>LG ULTRAGEAR</product>
<serial>0x00068c96</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1080</height>
<rate>240.001</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>4480</x>
<y>0</y>
<scale>1</scale>
<transform>
<rotation>left</rotation>
<flipped>no</flipped>
</transform>
<monitor>
<monitorspec>
<connector>HDMI-0</connector>
<vendor>HWP</vendor>
<product>HP w2207</product>
<serial>CND7332S88</serial>
</monitorspec>
<mode>
<width>1600</width>
<height>1000</height>
<rate>59.999</rate>
</mode>
</monitor>
</logicalmonitor>
</configuration>
<configuration>
<logicalmonitor>
<x>0</x>
<y>0</y>
<scale>1</scale>
<primary>yes</primary>
<monitor>
<monitorspec>
<connector>DP-1</connector>
<vendor>DEL</vendor>
<product>DELL U2719D</product>
<serial>8RGXNS2</serial>
</monitorspec>
<mode>
<width>2560</width>
<height>1440</height>
<rate>59.951</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>4480</x>
<y>226</y>
<scale>1</scale>
<transform>
<rotation>left</rotation>
<flipped>no</flipped>
</transform>
<monitor>
<monitorspec>
<connector>HDMI-1</connector>
<vendor>HWP</vendor>
<product>HP w2207</product>
<serial>CND7332S88</serial>
</monitorspec>
<mode>
<width>1680</width>
<height>1050</height>
<rate>59.954</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>2560</x>
<y>226</y>
<scale>1</scale>
<monitor>
<monitorspec>
<connector>DP-2</connector>
<vendor>GSM</vendor>
<product>LG ULTRAGEAR</product>
<serial>0x00068c96</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1080</height>
<rate>240.001</rate>
</mode>
</monitor>
</logicalmonitor>
</configuration>
<configuration>
<logicalmonitor>
<x>2560</x>
<y>228</y>
<scale>1</scale>
<primary>yes</primary>
<monitor>
<monitorspec>
<connector>DP-2</connector>
<vendor>GSM</vendor>
<product>LG ULTRAGEAR</product>
<serial>0x00068c96</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1080</height>
<rate>240.001</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>4480</x>
<y>69</y>
<scale>1</scale>
<transform>
<rotation>left</rotation>
<flipped>no</flipped>
</transform>
<monitor>
<monitorspec>
<connector>HDMI-1</connector>
<vendor>HWP</vendor>
<product>HP w2207</product>
<serial>CND7332S88</serial>
</monitorspec>
<mode>
<width>1680</width>
<height>1050</height>
<rate>59.954</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>0</x>
<y>0</y>
<scale>1</scale>
<monitor>
<monitorspec>
<connector>DP-3</connector>
<vendor>DEL</vendor>
<product>DELL U2719D</product>
<serial>8RGXNS2</serial>
</monitorspec>
<mode>
<width>2560</width>
<height>1440</height>
<rate>59.951</rate>
</mode>
</monitor>
</logicalmonitor>
<disabled>
<monitorspec>
<connector>None-1</connector>
<vendor>unknown</vendor>
<product>unknown</product>
<serial>unknown</serial>
</monitorspec>
</disabled>
</configuration>
</monitors>
''}"
];
}

72
configurations/nixos/twilight/network-mount.nix
View file

@ -1,72 +0,0 @@
{...}: {
boot.supportedFilesystems = ["nfs"];
fileSystems = {
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr" # Allow interruption of NFS calls
"timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile
"retrans=3" # 3 retries for desktop
"x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop
"x-systemd.device-timeout=30" # 30 second device timeout
"bg" # Background mount - don't block boot
"fsc" # Enable caching
"_netdev" # Network device - wait for network
"x-systemd.requires=network-online.target" # Require network to be online
"x-systemd.after=network-online.target" # Start after network is online
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"nofail"
"soft"
"intr"
"timeo=50"
"retrans=3"
"x-systemd.idle-timeout=600"
"bg"
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr"
"timeo=50"
"retrans=3"
"x-systemd.idle-timeout=600"
"x-systemd.device-timeout=30"
"bg"
# Desktop-optimized read settings
"rsize=32768" # Larger read size for desktop
"wsize=32768" # Larger write size for desktop
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
];
};
};
}

48
configurations/nixos/twilight/nvidia-drivers.nix
View file

@ -1,48 +0,0 @@
{config, ...}: {
services = {
xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
};
# Temporarily enable wayland to fix boot issue
# TODO: Investigate proper X11 session generation for gaming
displayManager.gdm.wayland = true;
};
hardware = {
# Enable OpenGL
graphics.enable = true;
# install graphics drivers
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
};
};
}

276
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772867152, "lastModified": 1748225455,
"narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=", "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "eaafb89b56e948661d618eefd4757d9ea8d77514", "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -28,11 +28,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1772856163, "lastModified": 1748405006,
"narHash": "sha256-xD+d1+FVhKJ+oFYMTWOdVSBoXS4yeMyVZyDjMXqWEJE=", "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "d358a550c7beac5f04fbc5a786e14af079606689", "rev": "f9801a86d6603260940890c36650275090d1dceb",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -44,11 +44,11 @@
}, },
"flake-compat": { "flake-compat": {
"locked": { "locked": {
"lastModified": 1767039857, "lastModified": 1747046372,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -57,24 +57,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -93,21 +75,6 @@
"type": "github" "type": "github"
} }
}, },
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -115,11 +82,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772845525, "lastModified": 1748455938,
"narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=", "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0", "rev": "02077149e2921014511dac2729ae6dadb4ec50e2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -129,20 +96,12 @@
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1769548169, "lastModified": 1737831083,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -151,62 +110,6 @@
"type": "github" "type": "github"
} }
}, },
"lix": {
"flake": false,
"locked": {
"lastModified": 1761937274,
"narHash": "sha256-KlELhsSq3XbemrGyQhmGurFu7m8wOEBw+8M04L7hn7A=",
"rev": "91867941fa73afea7869b7c71ede82e5ef8927da",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/91867941fa73afea7869b7c71ede82e5ef8927da.tar.gz?rev=91867941fa73afea7869b7c71ede82e5ef8927da"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1767364176,
"narHash": "sha256-l6YdEBYQxXjD8ujqvc0tKdwWc3K8UQOi+E4Y3DKQ318=",
"ref": "refs/heads/main",
"rev": "1688100bba140492658d597f6b307c327f35c780",
"revCount": 179,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
}
},
"mcp-nixos": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1772769318,
"narHash": "sha256-RAyOW5JMXRhiREqxFPOzw80fVsYVBnOPFgBSjnJ6gbY=",
"owner": "utensils",
"repo": "mcp-nixos",
"rev": "60c1efbba0de1268b42f1144c904e6c8a9627dde",
"type": "github"
},
"original": {
"owner": "utensils",
"repo": "mcp-nixos",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -214,11 +117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772379624, "lastModified": 1748352827,
"narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=", "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "52d061516108769656a8bd9c6e811c677ec5b462", "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -250,16 +153,17 @@
}, },
"nix-vscode-extensions": { "nix-vscode-extensions": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1772850876, "lastModified": 1748397853,
"narHash": "sha256-Ga19zlfMpakCY4GMwBSOljNLOF0nEYrYBXv0hP/d4rw=", "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "22f084d4c280dfc8a9d764f7b85af38e5d69c3dc", "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -270,11 +174,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1771969195, "lastModified": 1747900541,
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -286,42 +190,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1767640445, "lastModified": 1748370509,
"narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -331,43 +204,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": {
"locked": {
"lastModified": 1759070547,
"narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "647e5c14cbd5067f44ac86b74f014962df460840",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"noita-entangled-worlds": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay",
"systems": "systems_2"
},
"locked": {
"lastModified": 1771445312,
"narHash": "sha256-8uOcu+ZurGx0LmGFCf87Zbj4ikhVPQtP+PuBscEBCv0=",
"owner": "IntQuant",
"repo": "noita_entangled_worlds",
"rev": "4a842f29d0e5fb8dc6df73d87f7bb8d2a16f0fc8",
"type": "github"
},
"original": {
"owner": "IntQuant",
"ref": "master",
"repo": "noita_entangled_worlds",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
@ -375,47 +211,23 @@
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lix-module": "lix-module",
"mcp-nixos": "mcp-nixos",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-syncthing": "nix-syncthing", "nix-syncthing": "nix-syncthing",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"noita-entangled-worlds": "noita-entangled-worlds",
"secrets": "secrets", "secrets": "secrets",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"rust-overlay": {
"inputs": {
"nixpkgs": [
"noita-entangled-worlds",
"nixpkgs"
]
},
"locked": {
"lastModified": 1759199574,
"narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "381776b12d0d125edd7c1930c2041a1471e586c0",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1768867162, "lastModified": 1743538790,
"narHash": "sha256-NiW2gUcdhnUbYQw476HzgBz+uVjyLnz151hzCQbWBX8=", "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "22be81505a49cd205e9b5c91f51af69c0b885ed3", "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34",
"revCount": 23, "revCount": 17,
"type": "git", "type": "git",
"url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
}, },
@ -431,11 +243,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772495394, "lastModified": 1747603214,
"narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=", "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff", "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -458,22 +270,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"flake": false,
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

40
flake.nix
View file

@ -5,10 +5,10 @@
# base packages # base packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
lix-module = { # lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module.git"; # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
}; # };
# secret encryption # secret encryption
sops-nix = { sops-nix = {
@ -37,8 +37,6 @@
# delete your darlings # delete your darlings
impermanence = { impermanence = {
url = "github:nix-community/impermanence"; url = "github:nix-community/impermanence";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
}; };
nix-darwin = { nix-darwin = {
@ -73,18 +71,6 @@
flake-compat = { flake-compat = {
url = "github:edolstra/flake-compat"; url = "github:edolstra/flake-compat";
}; };
# MCP NixOS server for Claude Dev
mcp-nixos = {
url = "github:utensils/mcp-nixos";
# Not following nixpkgs because aws-sam-translator doesn't support Python 3.14 yet
};
# Noita Entangled Worlds package
# Not following our nixpkgs so it can use its own rust-overlay configuration
noita-entangled-worlds = {
url = "github:IntQuant/noita_entangled_worlds/master";
};
}; };
outputs = { outputs = {
@ -99,9 +85,15 @@
util = import ./util {inherit inputs;}; util = import ./util {inherit inputs;};
forEachPkgs = util.forEachPkgs; forEachPkgs = util.forEachPkgs;
mkNixosInstaller = util.mkNixosInstaller;
mkNixosSystem = util.mkNixosSystem; mkNixosSystem = util.mkNixosSystem;
mkDarwinSystem = util.mkDarwinSystem; mkDarwinSystem = util.mkDarwinSystem;
mkHome = util.mkHome; mkHome = util.mkHome;
syncthingConfiguration = util.syncthingConfiguration;
installerSystems = {
basic = mkNixosInstaller "basic" [];
};
nixosSystems = { nixosSystems = {
horizon = mkNixosSystem "horizon"; horizon = mkNixosSystem "horizon";
@ -139,11 +131,11 @@
systemsHomes systemsHomes
// homeSystems; // homeSystems;
in { in {
formatter = forEachPkgs (system: pkgs: pkgs.alejandra); formatter = forEachPkgs (pkgs: pkgs.alejandra);
# templates = import ./templates; # templates = import ./templates;
devShells = forEachPkgs (system: pkgs: { devShells = forEachPkgs (pkgs: {
default = pkgs.mkShell { default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
# for version controlling this repo # for version controlling this repo
@ -158,10 +150,6 @@
nixos-anywhere nixos-anywhere
# for updating disko configurations # for updating disko configurations
disko disko
# for viewing dconf entries
dconf-editor
# for MCP NixOS server support in development
inputs.mcp-nixos.packages.${system}.default
]; ];
SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix;
@ -172,10 +160,14 @@
}; };
}); });
installerConfigurations = installerSystems;
nixosConfigurations = nixosSystems; nixosConfigurations = nixosSystems;
darwinConfigurations = darwinSystems; darwinConfigurations = darwinSystems;
homeConfigurations = homeConfigurations; homeConfigurations = homeConfigurations;
syncthingConfiguration = syncthingConfiguration;
}; };
} }

9
modules/common-modules/overlays/default.nix
View file

@ -1,10 +1,3 @@
# this folder is for derivation overlays # this folder is for derivation overlays
{inputs, ...}: { {...}: {
nixpkgs.overlays = [
inputs.nix-vscode-extensions.overlays.default
# Add noita_entangled_worlds from upstream flake to pkgs
(final: prev: {
noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.stdenv.hostPlatform.system}.noita-proxy;
})
];
} }

4102
modules/common-modules/pkgs/cline/cline-package-lock.json generated
View file

File diff suppressed because it is too large Load diff

53
modules/common-modules/pkgs/cline/default.nix
View file

@ -1,53 +0,0 @@
{
lib,
buildNpmPackage,
fetchurl,
ripgrep,
makeWrapper,
jq,
...
}:
buildNpmPackage rec {
pname = "cline";
version = "2.4.2";
src = fetchurl {
url = "https://registry.npmjs.org/cline/-/cline-${version}.tgz";
hash = "sha256-2utOBC0vhoj5fR+cG+Vdo3N6+i/pNW1E4mESF/dZS/c=";
};
sourceRoot = "package";
postPatch = ''
cp ${./cline-package-lock.json} package-lock.json
# Remove @vscode/ripgrep from package.json since it tries to download
# a binary from GitHub during install, which fails in the nix sandbox.
# We provide ripgrep from nixpkgs instead via PATH wrapping.
# Also remove the man field since the man page is not included in the npm tarball.
${jq}/bin/jq 'del(.dependencies["@vscode/ripgrep"]) | del(.man)' package.json > package.json.tmp
mv package.json.tmp package.json
'';
npmDepsHash = "sha256-oHo60ghR7A4SUT0cLmIe7glPDYBK3twJ0F71RKVrxQc=";
dontNpmBuild = true;
# Skip post-install scripts to be safe
npmFlags = ["--ignore-scripts"];
nativeBuildInputs = [makeWrapper jq];
# Provide ripgrep from nixpkgs since @vscode/ripgrep was removed
postInstall = ''
wrapProgram $out/bin/cline \
--prefix PATH : ${lib.makeBinPath [ripgrep]}
'';
meta = with lib; {
description = "Autonomous coding agent CLI - capable of creating/editing files, running commands, using the browser, and more";
homepage = "https://cline.bot";
license = licenses.asl20;
mainProgram = "cline";
};
}

42
modules/common-modules/pkgs/codium-extensions/ai-code.nix
View file

@ -1,42 +0,0 @@
{
buildNpmPackage,
vscode-utils,
pkgs,
...
}: let
version = "0.0.1";
pname = "ai-code";
publisher = "jan-leila";
vsix = buildNpmPackage {
inherit version pname;
src = builtins.fetchGit {
url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git";
rev = "d48e01713021dbb30de0ebbee2cfaf99e4e9b5a6";
};
npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY=";
nativeBuildInputs = with pkgs; [
vsce
];
buildPhase = ''
${pkgs.vsce}/bin/vsce package -o ${pname}.zip
'';
installPhase = ''
mkdir -p $out
mv ${pname}.zip $out/${pname}.zip
'';
};
in
vscode-utils.buildVscodeExtension {
inherit pname version;
src = "${vsix}/${pname}.zip";
vscodeExtUniqueId = "${publisher}.${pname}";
vscodeExtPublisher = publisher;
vscodeExtName = pname;
}

3
modules/common-modules/pkgs/codium-extensions/default.nix
View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
ai-code = pkgs.callPackage ./ai-code.nix {};
}

56
modules/common-modules/pkgs/default.nix
View file

@ -1,54 +1,4 @@
{ # this folder is for custom derivations
pkgs, {...}: {
inputs, # package = pkgs.callPackage ./package.nix {};
...
}: {
imports = [
./python
];
nixpkgs.overlays = [
(final: prev: {
webtoon-dl =
pkgs.callPackage
./webtoon-dl.nix
{};
})
(final: prev: {
prostudiomasters =
pkgs.callPackage
./prostudiomasters.nix
{};
})
(final: prev: {
gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {};
})
(final: prev: {
codium-extensions = pkgs.callPackage ./codium-extensions {};
})
(final: prev: {
firefox-extensions = pkgs.callPackage ./firefox-extensions {
inherit inputs;
};
})
(final: prev: {
mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {};
})
(final: prev: {
panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {};
})
(final: prev: {
sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {};
})
(final: prev: {
# Override h3 C library to version 4.3.0
h3 = pkgs.callPackage ./h3-c-lib.nix {};
})
(final: prev: {
cline = pkgs.callPackage ./cline/default.nix {};
})
(final: prev: {
e621-downloader = pkgs.callPackage ./e621-downloader.nix {};
})
];
} }

36
modules/common-modules/pkgs/e621-downloader.nix
View file

@ -1,36 +0,0 @@
{
lib,
rustPlatform,
fetchFromGitHub,
pkg-config,
openssl,
...
}:
rustPlatform.buildRustPackage rec {
pname = "e621-downloader";
version = "1.7.2";
src = fetchFromGitHub {
owner = "McSib";
repo = "e621_downloader";
rev = version;
hash = "sha256-4z+PrCv8Mlp0VOJ5Akv1TXrJir1Ws/+45a6VCZGuCtk=";
};
cargoHash = "sha256-/yqNYjP7BuFQWilL2Ty+E5rd8qXj30twteptHx7cLRo=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
];
meta = with lib; {
description = "E621 and E926 downloader made in Rust";
homepage = "https://github.com/McSib/e621_downloader";
license = licenses.asl20;
mainProgram = "e621_downloader";
};
}

17
modules/common-modules/pkgs/firefox-extensions/default.nix
View file

@ -1,17 +0,0 @@
{
pkgs,
inputs,
...
}: let
inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon;
in {
italiano-it-language-pack = pkgs.callPackage ./italiano-it-language-pack.nix {
inherit buildFirefoxXpiAddon;
};
dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix {
inherit buildFirefoxXpiAddon;
};
deutsch-de-language-pack = pkgs.callPackage ./deutsch-de-language-pack.nix {
inherit buildFirefoxXpiAddon;
};
}

18
modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix
View file

@ -1,18 +0,0 @@
{
lib,
buildFirefoxXpiAddon,
...
}:
buildFirefoxXpiAddon rec {
pname = "deutsch-de-language-pack";
version = "145.0.20251106.194447";
addonId = "langpack-de@firefox.mozilla.org";
url = "https://addons.mozilla.org/firefox/downloads/file/4614311/deutsch_de_language_pack-${version}.xpi";
sha256 = "aaaa95c29984fb3802a5e7edb6b7e5020c391d81f389b8a8133c163959ea4299";
meta = with lib; {
description = "Firefox Language Pack for Deutsch (de) German";
license = licenses.mpl20;
mozPermissions = [];
platforms = platforms.all;
};
}

18
modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix
View file

@ -1,18 +0,0 @@
{
lib,
buildFirefoxXpiAddon,
...
}:
buildFirefoxXpiAddon rec {
pname = "dizionario-italiano";
version = "5.1";
addonId = "it-IT@dictionaries.addons.mozilla.org";
url = "https://addons.mozilla.org/firefox/downloads/file/3693497/dizionario_italiano-${version}.xpi";
sha256 = "90b173ffdde34a77108152a5ff51879767b1dd84e0aa0dfb7b2bab94cd2e7f53";
meta = with lib; {
description = "Add support for Italian to spellchecking";
license = licenses.gpl3;
mozPermissions = [];
platforms = platforms.all;
};
}

18
modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix
View file

@ -1,18 +0,0 @@
{
lib,
buildFirefoxXpiAddon,
...
}:
buildFirefoxXpiAddon rec {
pname = "italiano-it-language-pack";
version = "145.0.20251106.194447";
addonId = "langpack-it@firefox.mozilla.org";
url = "https://addons.mozilla.org/firefox/downloads/file/4614309/italiano_it_language_pack-${version}.xpi";
sha256 = "1eb271cedbf326543e222ba1b9a1da62fceef9d3c523ac02a098df296f155038";
meta = with lib; {
description = "Firefox Language Pack for Italiano (it) Italian";
license = licenses.mpl20;
mozPermissions = [];
platforms = platforms.all;
};
}

48
modules/common-modules/pkgs/gdx-liftoff.nix
View file

@ -1,48 +0,0 @@
{
stdenv,
fetchurl,
makeWrapper,
jdk,
lib,
libGL,
libx11,
libxcursor,
libxext,
libxrandr,
libxxf86vm,
...
}:
stdenv.mkDerivation rec {
pname = "gdx-liftoff";
version = "1.13.5.1";
src = fetchurl {
url = "https://github.com/libgdx/gdx-liftoff/releases/download/v${version}/gdx-liftoff-${version}.jar";
hash = "sha256-9vCXGNGwI/P4VmcdIzTv2GPAX8bZb7nkfopaRAf6yMA=";
};
dontUnpack = true;
nativeBuildInputs = [makeWrapper];
runtimeDependencies = lib.makeLibraryPath [
# glfw
libGL
libx11
libxcursor
libxext
libxrandr
libxxf86vm
];
installPhase = ''
runHook preInstall
install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar
makeWrapper ${lib.getExe jdk} $out/bin/gdx-liftoff-${version} \
--append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\
${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"}
runHook postInstall
'';
}

36
modules/common-modules/pkgs/h3-c-lib.nix
View file

@ -1,36 +0,0 @@
{
lib,
stdenv,
fetchFromGitHub,
cmake,
doxygen,
}:
stdenv.mkDerivation rec {
pname = "h3";
version = "4.3.0";
src = fetchFromGitHub {
owner = "uber";
repo = "h3";
rev = "v${version}";
hash = "sha256-DUILKZ1QvML6qg+WdOxir6zRsgTvk+En6yjeFf6MQBg=";
};
nativeBuildInputs = [
cmake
doxygen
];
cmakeFlags = [
"-DBUILD_SHARED_LIBS=ON"
"-DBUILD_TESTING=OFF"
];
meta = with lib; {
homepage = "https://github.com/uber/h3";
description = "Hexagonal hierarchical geospatial indexing system";
license = licenses.asl20;
maintainers = [];
platforms = platforms.all;
};
}

39
modules/common-modules/pkgs/mapillary-uploader.nix
View file

@ -1,39 +0,0 @@
{
lib,
fetchurl,
appimageTools,
}: let
pname = "mapillary-uploader";
version = "4.7.2";
src = fetchurl {
url = "http://tools.mapillary.com/uploader/download/linux/${version}";
name = "mapillary-uploader.AppImage";
sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI=";
};
appimageContents = appimageTools.extractType2 {
inherit pname version src;
};
in
appimageTools.wrapType2 {
inherit pname version src;
extraInstallCommands = ''
# Install desktop file
install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop
# Fix desktop file paths
substituteInPlace $out/share/applications/mapillary-uploader.desktop \
--replace 'Exec=AppRun' 'Exec=${pname}'
'';
meta = with lib; {
description = "Mapillary Desktop Uploader - Upload street-level imagery to Mapillary";
homepage = "https://www.mapillary.com/";
license = licenses.unfree; # Mapillary's license terms
maintainers = [];
platforms = ["x86_64-linux"];
sourceProvenance = with sourceTypes; [binaryNativeCode];
};
}

105
modules/common-modules/pkgs/panoramax.nix
View file

@ -1,105 +0,0 @@
{
lib,
fetchFromGitLab,
buildPythonPackage,
flit-core,
flask,
pillow,
requests,
python-dotenv,
authlib,
sentry-sdk,
python-dateutil,
dateparser,
croniter,
pydantic,
flask-cors,
flask-compress,
flask-babel,
flasgger,
yoyo-migrations,
psycopg,
psycopg-pool,
tzdata,
email-validator,
pydantic-extra-types,
python-multipart,
fs,
fs-s3fs,
geopic-tag-reader,
pygeofilter,
pygeoif,
rfeed,
geojson-pydantic,
...
}: let
pname = "geovisio";
version = "2.10.0";
repo = fetchFromGitLab {
owner = "panoramax";
repo = "server/api";
rev = version;
hash = "sha256-kCLcrOe7jJdIfmWWOmxQ5dOj8ZG2B7s0qFpHXs02B/E=";
};
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = repo;
build-system = [
flit-core
];
dependencies = [
flask
pillow
requests
python-dotenv
authlib
sentry-sdk
python-dateutil
dateparser
croniter
pydantic
flask-cors
flask-compress
flask-babel
flasgger
yoyo-migrations
psycopg
psycopg-pool
tzdata
email-validator
pydantic-extra-types
python-multipart
fs
fs-s3fs
geopic-tag-reader
pygeofilter
pygeoif
rfeed
geojson-pydantic
# Missing from nixpkgs - may need custom packages:
# flask-executor
];
# Skip tests as they may require network access or specific setup
doCheck = false;
# Disable runtime dependencies check as many dependencies are not available in nixpkgs
dontCheckRuntimeDeps = true;
# Disable imports check as many dependencies are not available in nixpkgs
pythonImportsCheck = [];
meta = with lib; {
description = "Panoramax API client and tools for street-level imagery platform";
homepage = "https://gitlab.com/panoramax/server/api";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

33
modules/common-modules/pkgs/prostudiomasters.nix
View file

@ -1,33 +0,0 @@
{
fetchurl,
appimageTools,
writeShellScript,
}: let
pname = "prostudiomasters";
version = "2.5.6";
src = fetchurl {
url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage";
hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs=";
};
# Create the base AppImage wrapper
baseApp = appimageTools.wrapType2 {
inherit pname version src;
};
# Create a wrapper script that automatically adds the --in-process-gpu flag
wrapper = writeShellScript "prostudiomasters-wrapper" ''
exec ${baseApp}/bin/prostudiomasters --in-process-gpu "$@"
'';
in
# Override the base app to use our wrapper script
baseApp.overrideAttrs (oldAttrs: {
buildCommand =
oldAttrs.buildCommand
+ ''
# Replace the original binary with our wrapper
rm $out/bin/prostudiomasters
cp ${wrapper} $out/bin/prostudiomasters
chmod +x $out/bin/prostudiomasters
'';
})

18
modules/common-modules/pkgs/python/default.nix
View file

@ -1,18 +0,0 @@
{...}: {
nixpkgs.overlays = [
(final: prev: {
python3 = prev.python3.override {
packageOverrides = pythonPrev: pythonFinal: {
h3 = pythonPrev.callPackage ./h3.nix {h3 = final.h3;};
pygeofilter = pythonPrev.callPackage ./pygeofilter.nix {};
pygeoif = pythonPrev.callPackage ./pygeoif.nix {};
rfeed = pythonPrev.callPackage ./rfeed.nix {};
pyexiv2 = pythonPrev.callPackage ./pyexiv2.nix {};
geojson-pydantic = pythonPrev.callPackage ./geojson-pydantic.nix {};
geopic-tag-reader = pythonPrev.callPackage ./geopic-tag-reader.nix {};
};
};
python3Packages = final.python3.pkgs;
})
];
}

48
modules/common-modules/pkgs/python/geojson-pydantic.nix
View file

@ -1,48 +0,0 @@
{
lib,
fetchPypi,
buildPythonPackage,
flit-core,
pydantic,
geojson,
...
}: let
pname = "geojson_pydantic";
version = "2.0.0";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-ti6LRFAt0a1Ri19zkDWoGSSnb5gMvbOk6JFu+RO+JC4=";
};
build-system = [
flit-core
];
dependencies = [
pydantic
geojson
];
# Skip tests as they may require specific setup
doCheck = false;
# Disable runtime dependencies check
dontCheckRuntimeDeps = true;
# Basic imports check
pythonImportsCheck = ["geojson_pydantic"];
meta = with lib; {
description = "Pydantic models for GeoJSON objects";
homepage = "https://github.com/developmentseed/geojson-pydantic";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

70
modules/common-modules/pkgs/python/geopic-tag-reader.nix
View file

@ -1,70 +0,0 @@
{
lib,
fetchFromGitLab,
buildPythonPackage,
flit-core,
typer,
xmltodict,
timezonefinder,
pytz,
types-pytz,
types-python-dateutil,
rtree,
python-dateutil,
pyexiv2,
...
}: let
pname = "geopic-tag-reader";
version = "1.8.0";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchFromGitLab {
owner = "panoramax";
repo = "server/geo-picture-tag-reader";
rev = version;
sha256 = "0lzf5xxxcdqmq28bpvgpkxf5jxmh2nawwa4rl4yg04bdsi16rf1j";
};
build-system = [
flit-core
];
dependencies = [
typer
xmltodict
pyexiv2
timezonefinder
pytz
types-pytz
types-python-dateutil
rtree
];
optional-dependencies = {
write-exif = [
python-dateutil
types-python-dateutil
];
};
# Skip tests as they may require network access or specific setup
doCheck = false;
# Disable runtime dependencies check as some dependencies might have issues
dontCheckRuntimeDeps = true;
# Disable imports check initially to avoid dependency issues
pythonImportsCheck = [];
meta = with lib; {
description = "GeoPic Tag Reader - Python library to read and write standardized metadata from geolocated pictures EXIF metadata";
homepage = "https://gitlab.com/panoramax/server/geo-picture-tag-reader";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

81
modules/common-modules/pkgs/python/h3.nix
View file

@ -1,81 +0,0 @@
{
autoPatchelfHook,
buildPythonPackage,
cmake,
cython,
fetchFromGitHub,
h3,
lib,
ninja,
numpy,
pytestCheckHook,
pytest-cov-stub,
scikit-build-core,
stdenv,
}:
buildPythonPackage rec {
pname = "h3";
version = "4.3.1";
pyproject = true;
# pypi version does not include tests
src = fetchFromGitHub {
owner = "uber";
repo = "h3-py";
tag = "v${version}";
hash = "sha256-zt7zbBgSp2P9q7mObZeQZpW9Szip62dAYdPZ2cGTmi4=";
};
dontConfigure = true;
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
];
build-system =
[
scikit-build-core
cmake
cython
ninja
]
++ lib.optionals stdenv.hostPlatform.isLinux [
# On Linux the .so files ends up referring to libh3.so instead of the full
# Nix store path. I'm not sure why this is happening! On Darwin it works
# fine.
autoPatchelfHook
];
# This is not needed per-se, it's only added for autoPatchelfHook to work
# correctly. See the note above ^^
buildInputs = lib.optionals stdenv.hostPlatform.isLinux [h3];
dependencies = [numpy];
# The following prePatch replaces the h3lib compilation with using the h3 packaged in nixpkgs.
#
# - Remove the h3lib submodule.
# - Patch CMakeLists to avoid building h3lib, and use h3 instead.
prePatch = let
cmakeCommands = ''
include_directories(${lib.getDev h3}/include/h3)
link_directories(${h3}/lib)
'';
in ''
rm -r src/h3lib
substituteInPlace CMakeLists.txt \
--replace-fail "add_subdirectory(src/h3lib)" "${cmakeCommands}" \
--replace-fail "\''${CMAKE_CURRENT_BINARY_DIR}/src/h3lib/src/h3lib/include/h3api.h" "${lib.getDev h3}/include/h3/h3api.h"
'';
# Extra check to make sure we can import it from Python
pythonImportsCheck = ["h3"];
meta = {
homepage = "https://github.com/uber/h3-py";
description = "Hierarchical hexagonal geospatial indexing system";
license = lib.licenses.asl20;
maintainers = [lib.maintainers.kalbasit];
};
}

49
modules/common-modules/pkgs/python/pyexiv2.nix
View file

@ -1,49 +0,0 @@
{
lib,
fetchFromGitHub,
buildPythonPackage,
exiv2,
boost,
pybind11,
setuptools,
...
}: let
pname = "pyexiv2";
version = "2.15.3";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
build-system = [setuptools];
src = fetchFromGitHub {
owner = "LeoHsiao1";
repo = "pyexiv2";
rev = "v${version}";
sha256 = "sha256-83bFMaoXncvhRJNcCgkkC7B29wR5pjuLO/EdkQdqxxo=";
};
buildInputs = [
exiv2
boost
];
nativeBuildInputs = [
pybind11
];
# Skip tests as they may require specific test images
doCheck = false;
# Disable runtime dependencies check initially
dontCheckRuntimeDeps = true;
meta = with lib; {
description = "Python binding to the library exiv2";
homepage = "https://github.com/LeoHsiao1/pyexiv2";
license = licenses.gpl3Plus;
maintainers = [];
platforms = platforms.linux;
};
}

52
modules/common-modules/pkgs/python/pygeofilter.nix
View file

@ -1,52 +0,0 @@
{
lib,
fetchPypi,
buildPythonPackage,
setuptools,
wheel,
lark,
python-dateutil,
shapely,
...
}: let
pname = "pygeofilter";
version = "0.3.1";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-+SvAYiCZ+H/os23nq92GBZ1hWontYIInNwgiI6V44VA=";
};
build-system = [
setuptools
wheel
];
dependencies = [
lark
python-dateutil
shapely
];
# Skip tests as they may require specific setup
doCheck = false;
# Disable runtime dependencies check
dontCheckRuntimeDeps = true;
# Basic imports check
pythonImportsCheck = ["pygeofilter"];
meta = with lib; {
description = "A pure Python parser implementation of OGC filtering standards";
homepage = "https://github.com/geopython/pygeofilter";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

48
modules/common-modules/pkgs/python/pygeoif.nix
View file

@ -1,48 +0,0 @@
{
lib,
fetchPypi,
buildPythonPackage,
setuptools,
wheel,
typing-extensions,
...
}: let
pname = "pygeoif";
version = "1.5.1";
in
buildPythonPackage {
inherit pname version;
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-8nprah7Lh66swrUbzFnKeb5w7RKgEE3oYBR4shPdXYE=";
};
build-system = [
setuptools
wheel
];
dependencies = [
typing-extensions
];
# Skip tests as they may require specific setup
doCheck = false;
# Disable runtime dependencies check
dontCheckRuntimeDeps = true;
# Basic imports check
pythonImportsCheck = ["pygeoif"];
meta = with lib; {
description = "A basic implementation of the __geo_interface__";
homepage = "https://github.com/cleder/pygeoif";
license = licenses.lgpl21Plus;
maintainers = [];
platforms = platforms.all;
};
}

40
modules/common-modules/pkgs/python/rfeed.nix
View file

@ -1,40 +0,0 @@
{
lib,
fetchPypi,
buildPythonPackage,
setuptools,
python-dateutil,
}:
buildPythonPackage rec {
pname = "rfeed";
version = "1.1.1";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-qpUG8oZrdPWjItOUoUpjwZpoJcLZR1X/GdRt0eJDSBk=";
};
build-system = [
setuptools
];
dependencies = [
python-dateutil
];
# No tests available in the package
doCheck = false;
pythonImportsCheck = [
"rfeed"
];
meta = with lib; {
description = "RSS feed generation library for Python";
homepage = "https://pypi.org/project/rfeed/";
license = licenses.mit;
maintainers = [];
platforms = platforms.all;
};
}

65
modules/common-modules/pkgs/sgblur.nix
View file

@ -1,65 +0,0 @@
{
lib,
python3Packages,
fetchFromGitHub,
pkg-config,
libjpeg_turbo,
exiftran ? libjpeg_turbo,
}:
python3Packages.buildPythonPackage {
pname = "sgblur";
version = "1.0.0";
pyproject = true;
src = fetchFromGitHub {
owner = "cquest";
repo = "sgblur";
rev = "master";
hash = "sha256-17wpif2sa021kaa1pbkry4l1967la1qd7knhngvxblrvd7jqqz4y=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libjpeg_turbo
exiftran
];
build-system = with python3Packages; [
setuptools
wheel
];
dependencies = with python3Packages; [
# Core dependencies from pyproject.toml
ultralytics
# pyturbojpeg # May need special handling
pillow
# uuid # Built into Python
# exifread
python-multipart
fastapi
uvicorn
requests
# piexif
pydantic-settings
pydantic
];
# Skip tests as they may require GPU or specific setup
doCheck = false;
# The package may have import issues due to system dependencies
pythonImportsCheck = [];
meta = with lib; {
description = "Panoramax Speedy Gonzales Blurring Algorithm - AI-powered face and license plate blurring API";
homepage = "https://github.com/cquest/sgblur";
license = licenses.mit;
maintainers = [];
platforms = platforms.unix;
};
}

75
modules/home-manager-modules/continue.nix Normal file
View file

@ -0,0 +1,75 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable;
in {
options = {
user.continue = {
enable = lib.mkEnableOption "should continue be enabled on this machine";
docs = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
name = lib.mkOption {
type = lib.types.str;
default = name;
};
startUrl = lib.mkOption {
type = lib.types.str;
};
};
}));
};
context = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
provider = lib.mkOption {
type = lib.types.str;
default = name;
};
};
}));
default = {
"code" = {};
"docs" = {};
"diff" = {};
"terminal" = {};
"problems" = {};
"folder" = {};
"codebase" = {};
};
};
};
};
config =
lib.mkIf ai-tooling-enabled
(lib.mkMerge [
{
home = {
file = {
".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" {
name = "Assistant";
version = "1.0.0";
schema = "v1";
models = lib.attrsets.attrValues osConfig.host.ai.models;
context = lib.attrsets.attrValues config.user.continue.context;
docs = lib.attrsets.attrValues config.user.continue.docs;
};
};
};
}
(lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
".continue/index"
".continue/sessions"
];
allowOther = true;
};
})
]);
}

6
modules/home-manager-modules/default.nix
View file

@ -1,13 +1,9 @@
# this folder container modules that are for home manager only # this folder container modules that are for home manager only
{...}: { {...}: {
imports = [ imports = [
./sops.nix
./user.nix
./flipperzero.nix ./flipperzero.nix
./i18n.nix ./i18n.nix
./impermanence.nix
./openssh.nix ./openssh.nix
./gnome.nix ./continue.nix
./programs
]; ];
} }

203
modules/home-manager-modules/gnome.nix
View file

@ -1,203 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
enabledExtensions =
[]
++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock
++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel;
extensions = config.gnome.extraExtensions ++ enabledExtensions;
in {
options.gnome = {
extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?";
clockFormat = lib.mkOption {
type = lib.types.enum [
"12h"
"24h"
];
default = "24h";
};
colorScheme = lib.mkOption {
type = lib.types.enum [
"default"
"prefer-dark"
"prefer-light"
];
default = "default";
};
accentColor = lib.mkOption {
type = lib.types.enum [
"blue"
"teal"
"green"
"yellow"
"orange"
"red"
"pink"
"purple"
"slate"
];
default = "blue";
};
extraExtensions = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [];
description = "The set of extensions to install and enable in the user environment.";
};
hotkeys = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
key = lib.mkOption {
type = lib.types.strMatching "[a-zA-Z0-9-]+";
default = builtins.replaceStrings [" " "/" "_"] ["-" "-" "-"] name;
};
name = lib.mkOption {
type = lib.types.str;
default = name;
};
binding = lib.mkOption {
type = lib.types.str;
};
command = lib.mkOption {
type = lib.types.str;
};
};
}));
default = {};
};
displayScaling = lib.mkOption {
type = lib.types.nullOr (lib.types.enum [100 125 150 175 200]);
default = null;
description = "Display scaling percentage for GNOME";
};
experimentalFeatures = lib.mkOption {
type = lib.types.submodule {
options = {
scaleMonitorFramebuffer = lib.mkEnableOption "scale-monitor-framebuffer experimental feature";
};
};
default = {};
description = "GNOME experimental features to enable";
};
nightLight = lib.mkOption {
type = lib.types.submodule {
options = {
enable = lib.mkEnableOption "night light (blue light filter)";
automatic = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to automatically schedule night light based on sunset/sunrise";
};
fromTime = lib.mkOption {
type = lib.types.float;
default = 20.0;
description = "Start time for night light in 24-hour format (e.g., 20.0 for 8:00 PM)";
};
toTime = lib.mkOption {
type = lib.types.float;
default = 6.0;
description = "End time for night light in 24-hour format (e.g., 6.0 for 6:00 AM)";
};
temperature = lib.mkOption {
type = lib.types.int;
default = 4000;
description = "Color temperature for night light (1000-10000K, lower is warmer)";
};
};
};
default = {};
description = "Night light configuration";
};
extensions = {
dash-to-dock = {
enable = lib.mkEnableOption "Dash to Dock extension";
options = lib.mkOption {
type = lib.types.nullOr lib.types.attrs;
default = null;
description = "Dash to Dock configuration options. If null, no custom configuration will be applied.";
};
};
dash-to-panel = {
enable = lib.mkEnableOption "Dash to Panel extension";
options = lib.mkOption {
type = lib.types.nullOr lib.types.attrs;
default = null;
description = "Dash to Panel configuration options. If null, no custom configuration will be applied.";
};
};
};
};
config = {
home.packages = extensions;
dconf = {
settings = lib.mkMerge [
{
"org/gnome/shell" = {
disable-user-extensions = false; # enables user extensions
enabled-extensions = builtins.map (extension: extension.extensionUuid) extensions;
};
"org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close";
"org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme;
"org/gnome/desktop/interface".accent-color = config.gnome.accentColor;
"org/gnome/desktop/interface".clock-format = config.gnome.clockFormat;
"org/gnome/desktop/interface".text-scaling-factor = lib.mkIf (config.gnome.displayScaling != null) (config.gnome.displayScaling / 100.0);
"org/gnome/mutter".experimental-features = lib.mkIf (builtins.any (x: x) (builtins.attrValues config.gnome.experimentalFeatures)) (
lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer"
);
}
# Night light configuration
(lib.mkIf config.gnome.nightLight.enable {
"org/gnome/settings-daemon/plugins/color" = {
night-light-enabled = true;
night-light-schedule-automatic = config.gnome.nightLight.automatic;
night-light-schedule-from = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.fromTime;
night-light-schedule-to = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.toTime;
night-light-temperature = config.gnome.nightLight.temperature;
};
})
(
lib.mkMerge (
builtins.map (value: let
entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.key}";
in {
${entry} = {
binding = value.binding;
command = value.command;
name = value.name;
};
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/${entry}/"
];
};
})
(
lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys
)
)
)
# Extension configurations
(lib.mkIf (config.gnome.extensions.dash-to-dock.enable && config.gnome.extensions.dash-to-dock.options != null) {
"org/gnome/shell/extensions/dash-to-dock" = config.gnome.extensions.dash-to-dock.options;
})
(lib.mkIf (config.gnome.extensions.dash-to-panel.enable && config.gnome.extensions.dash-to-panel.options != null) {
"org/gnome/shell/extensions/dash-to-panel" = config.gnome.extensions.dash-to-panel.options;
})
];
};
};
}

43
modules/home-manager-modules/impermanence.nix
View file

@ -1,43 +0,0 @@
{
config,
lib,
osConfig,
...
}: let
cfg = config.impermanence;
in {
options.impermanence = {
enable = lib.mkEnableOption "impermanence for home directory";
fallbackPersistence.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
persistencePath = lib.mkOption {
type = lib.types.str;
default =
if osConfig.storage.generateBase
then "/persist/replicate/home"
else "/persist";
description = "The base path for user home persistence. The impermanence module will automatically append the user's home directory path. Automatically adapts based on whether the system uses the new dataset layout or the legacy one.";
};
};
config = lib.mkMerge [
(lib.mkIf config.impermanence.enable {
assertions = [
{
assertion = osConfig.storage.impermanence.enable;
message = "impermanence can not be enabled for a user when it is not enabled for the system";
}
];
})
# If impermanence is not enabled for this user but system impermanence is enabled,
# persist the entire home directory as fallback
(lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) {
home.persistence."${cfg.persistencePath}" = {
directories = ["."];
allowOther = true;
};
})
];
}

122
modules/home-manager-modules/openssh.nix
View file

@ -6,7 +6,6 @@
... ...
}: { }: {
options.programs.openssh = { options.programs.openssh = {
enable = lib.mkEnableOption "should we enable openssh";
authorizedKeys = lib.mkOption { authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = []; default = [];
@ -38,70 +37,63 @@
}; };
}; };
config = lib.mkIf config.programs.openssh.enable ( config = lib.mkMerge [
lib.mkMerge [ (
( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) {
lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true;
services.ssh-agent.enable = true; programs.ssh = {
programs.ssh = { enable = true;
enable = true; compression = true;
enableDefaultConfig = false; addKeysToAgent = "confirm";
matchBlocks = { extraConfig = lib.strings.concatLines (
"*" = { builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys
compression = true;
addKeysToAgent = "confirm";
};
};
# extraConfig = lib.strings.concatLines (
# builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys
# );
};
systemd.user.services = builtins.listToAttrs (
builtins.map (hostKey:
lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" {
Install = {
WantedBy = ["default.target"];
};
Service = let
path = "${config.home.homeDirectory}/.ssh/${hostKey.path}";
in {
Restart = "always";
Type = "simple";
ExecStart = "${
pkgs.writeShellScript "ssh-gen-keys" ''
if ! [ -s "${path}" ]; then
if ! [ -h "${path}" ]; then
rm -f "${path}"
fi
mkdir -p "$(dirname '${path}')"
chmod 0755 "$(dirname '${path}')"
${pkgs.openssh}/bin/ssh-keygen \
-t "${hostKey.type}" \
${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \
${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \
${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \
${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \
-f "${path}" \
-N ""
chown ${config.home.username} ${path}*
chgrp ${config.home.username} ${path}*
fi
''
}";
};
})
config.programs.openssh.hostKeys
);
}
)
(lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
files = lib.lists.flatten (
builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys
); );
}; };
})
] systemd.user.services = builtins.listToAttrs (
); builtins.map (hostKey:
lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" {
Install = {
WantedBy = ["default.target"];
};
Service = let
path = "${config.home.homeDirectory}/.ssh/${hostKey.path}";
in {
Restart = "always";
Type = "simple";
ExecStart = "${
pkgs.writeShellScript "ssh-gen-keys" ''
if ! [ -s "${path}" ]; then
if ! [ -h "${path}" ]; then
rm -f "${path}"
fi
mkdir -p "$(dirname '${path}')"
chmod 0755 "$(dirname '${path}')"
${pkgs.openssh}/bin/ssh-keygen \
-t "${hostKey.type}" \
${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \
${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \
${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \
${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \
-f "${path}" \
-N ""
chown ${config.home.username} ${path}*
chgrp ${config.home.username} ${path}*
fi
''
}";
};
})
config.programs.openssh.hostKeys
);
}
)
(lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
files = lib.lists.flatten (
builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys
);
};
})
];
} }

30
modules/home-manager-modules/programs/android-studio.nix
View file

@ -1,30 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.android-studio = {
enable = lib.mkEnableOption "enable android-studio";
};
config = lib.mkIf config.programs.android-studio.enable (lib.mkMerge [
{
home.packages = with pkgs; [
android-studio
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/Google/AndroidStudio"
".android"
".gradle"
"${config.xdg.cacheHome}/Google/AndroidStudio"
];
};
}
)
]);
}

13
modules/home-manager-modules/programs/anki.nix
View file

@ -1,13 +0,0 @@
{
lib,
config,
...
}: {
config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
".local/share/Anki2"
];
};
};
}

27
modules/home-manager-modules/programs/bitwarden.nix
View file

@ -1,27 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.bitwarden = {
enable = lib.mkEnableOption "enable bitwarden";
};
config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [
{
home.packages = with pkgs; [
bitwarden-desktop
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/Bitwarden"
];
};
}
)
]);
}

27
modules/home-manager-modules/programs/bruno.nix
View file

@ -1,27 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.bruno = {
enable = lib.mkEnableOption "enable bruno";
};
config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [
{
home.packages = with pkgs; [
bruno
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/bruno/"
];
};
}
)
]);
}

23
modules/home-manager-modules/programs/calibre.nix
View file

@ -1,23 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [
{
home.packages = with pkgs; [
calibre
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/calibre"
];
};
}
)
]);
}

28
modules/home-manager-modules/programs/davinci-resolve.nix
View file

@ -1,28 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.davinci-resolve = {
enable = lib.mkEnableOption "enable davinci-resolve";
};
config = lib.mkIf config.programs.davinci-resolve.enable (lib.mkMerge [
{
home.packages = with pkgs; [
davinci-resolve
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.dataHome}/DaVinciResolve"
"${config.xdg.configHome}/blackmagic"
];
};
}
)
]);
}

27
modules/home-manager-modules/programs/dbeaver.nix
View file

@ -1,27 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.dbeaver-bin = {
enable = lib.mkEnableOption "enable dbeaver";
};
config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [
{
home.packages = with pkgs; [
dbeaver-bin
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.dataHome}/DBeaverData/"
];
};
}
)
]);
}

55
modules/home-manager-modules/programs/default.nix
View file

@ -1,55 +0,0 @@
{...}: {
imports = [
./android-studio.nix
./firefox.nix
./signal.nix
./bitwarden.nix
./makemkv.nix
./obs.nix
./anki.nix
./piper.nix
./qbittorrent.nix
./discord.nix
./obsidian.nix
./prostudiomasters.nix
./idea.nix
./kdenlive.nix
./kicad.nix
./krita.nix
./protonvpn.nix
./calibre.nix
./bruno.nix
./dbeaver.nix
./dungeon-draft.nix
./steam.nix
./vscode
./ungoogled-chromium.nix
./libreoffice.nix
./mapillary-uploader.nix
./inkscape.nix
./gimp.nix
./guild-wars-2.nix
./proxmark3.nix
./freecad.nix
./onionshare.nix
./mfoc.nix
./noita-entangled-worlds.nix
./pdfarranger.nix
./picard.nix
./qflipper.nix
./openvpn.nix
./noisetorch.nix
./olympus.nix
./openrgb.nix
./via.nix
./vortex.nix
./davinci-resolve.nix
./gdx-liftoff.nix
./tor-browser.nix
./vmware-workstation.nix
./proton-mail-pwa.nix
./proton-calendar-pwa.nix
./matrix-cyberia-pwa.nix
./e621-downloader.nix
];
}

17
modules/home-manager-modules/programs/discord.nix
View file

@ -1,17 +0,0 @@
{
lib,
config,
...
}: {
config = lib.mkIf config.programs.discord.enable (lib.mkMerge [
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/discord/"
];
};
}
)
]);
}

24
modules/home-manager-modules/programs/dungeon-draft.nix
View file

@ -1,24 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.programs.dungeon-draft;
in {
options.programs.dungeon-draft = {
enable = lib.mkEnableOption "Dungeon Draft";
};
config = {
assertions = [
{
assertion = !cfg.enable;
message = ''
Dungeon Draft module is not yet fully configured.
Please download the Dungeon Draft executable (.exe) from the official website,
then configure the Wine environment and executable path as needed.
'';
}
];
};
}

16
modules/home-manager-modules/programs/e621-downloader.nix
View file

@ -1,16 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.e621-downloader = {
enable = lib.mkEnableOption "enable e621-downloader";
};
config = lib.mkIf config.programs.e621-downloader.enable {
home.packages = with pkgs; [
e621-downloader
];
};
}

41
modules/home-manager-modules/programs/firefox.nix
View file

@ -1,41 +0,0 @@
{
lib,
config,
...
}: let
buildProfilePersistence = profile: {
directories = [
".mozilla/firefox/${profile}/extensions"
];
files = [
".mozilla/firefox/${profile}/cookies.sqlite"
".mozilla/firefox/${profile}/favicons.sqlite"
# Permissions and ${profileName} levels for each site
".mozilla/firefox/${profile}/permissions.sqlite"
".mozilla/firefox/${profile}/content-prefs.sqlite"
# Browser history and bookmarks
".mozilla/firefox/${profile}/places.sqlite"
# I guess this is useful?
# https://bugzilla.mozilla.org/show_bug.cgi?id=1511384
# https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria
".mozilla/firefox/${profile}/storage.sqlite"
# Extension configuration
".mozilla/firefox/${profile}/extension-settings.json"
];
};
in {
config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) {
home.persistence."${config.impermanence.persistencePath}" = lib.mkMerge (
(
lib.attrsets.mapAttrsToList
(profile: _: buildProfilePersistence profile)
config.programs.firefox.profiles
)
++ (
lib.lists.optional
((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0)
(buildProfilePersistence "default")
)
);
};
}

27
modules/home-manager-modules/programs/freecad.nix
View file

@ -1,27 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.freecad = {
enable = lib.mkEnableOption "enable freecad";
};
config = lib.mkIf config.programs.freecad.enable (lib.mkMerge [
{
home.packages = with pkgs; [
freecad
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/FreeCAD"
];
};
}
)
]);
}

16
modules/home-manager-modules/programs/gdx-liftoff.nix
View file

@ -1,16 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.gdx-liftoff = {
enable = lib.mkEnableOption "enable gdx-liftoff";
};
config = lib.mkIf config.programs.gdx-liftoff.enable {
home.packages = with pkgs; [
gdx-liftoff
];
};
}

27
modules/home-manager-modules/programs/gimp.nix
View file

@ -1,27 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.gimp = {
enable = lib.mkEnableOption "enable gimp";
};
config = lib.mkIf config.programs.gimp.enable (lib.mkMerge [
{
home.packages = with pkgs; [
gimp
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/GIMP"
];
};
}
)
]);
}

24
modules/home-manager-modules/programs/guild-wars-2.nix
View file

@ -1,24 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.programs.guild-wars-2;
in {
options.programs.guild-wars-2 = {
enable = lib.mkEnableOption "Guild Wars 2";
};
config = {
assertions = [
{
assertion = !cfg.enable;
message = ''
Guild Wars 2 module is not yet fully configured.
Please install Guild Wars 2 manually via Steam or the official client,
then configure the Wine environment as needed.
'';
}
];
};
}

32
modules/home-manager-modules/programs/idea.nix
View file

@ -1,32 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.jetbrains.idea-oss = {
enable = lib.mkEnableOption "enable idea-oss";
};
config = lib.mkIf config.programs.jetbrains.idea-oss.enable (lib.mkMerge [
{
home.packages = with pkgs; [
jetbrains.idea-oss
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
# configuration
"${config.xdg.configHome}/JetBrains/"
# plugins
"${config.xdg.dataHome}/JetBrains/"
# System and Logs
"${config.xdg.cacheHome}/JetBrains/"
];
};
}
)
]);
}

27
modules/home-manager-modules/programs/inkscape.nix
View file

@ -1,27 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
options.programs.inkscape = {
enable = lib.mkEnableOption "enable inkscape";
};
config = lib.mkIf config.programs.inkscape.enable (lib.mkMerge [
{
home.packages = with pkgs; [
inkscape
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/inkscape"
];
};
}
)
]);
}

35
modules/home-manager-modules/programs/kdenlive.nix
View file

@ -1,35 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.programs.kdenlive;
in {
options.programs.kdenlive = {
enable = lib.mkEnableOption "kdenlive";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.kdePackages.kdenlive;
description = "The kdenlive package to install.";
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
home.packages = [
cfg.package
];
}
(
lib.mkIf config.impermanence.enable {
home.persistence."${config.impermanence.persistencePath}" = {
directories = [
"${config.xdg.configHome}/kdenliverc"
"${config.xdg.dataHome}/kdenlive"
];
};
}
)
]);
}

Some files were not shown because too many files have changed in this diff Show more