AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AtaraxiaDev:f7f371f1060aacf4fe27db031bb249398c185a52
Branches Tags
AtaraxiaDev:master
AtaraxiaDev:dev-v2
...
compare: AtaraxiaDev:4fc7d2bc8a269e40f76b87c43f4c4c7b228fdb73
Branches Tags
AtaraxiaDev:master
AtaraxiaDev:dev-v2

3 Commits
f7f371f106 ... 4fc7d2bc8a

Author SHA1 Message Date
Dmitriy Kholkin
4fc7d2bc8a
fix screen-ocr 2024-02-08 23:35:35 +03:00
Dmitriy Kholkin
ffd0f858b9
reorganize some profiles 2024-02-08 23:33:54 +03:00
Dmitriy Kholkin
9034ae5060
deadnix, cleanup 2024-02-08 23:30:40 +03:00
107 changed files with 701 additions and 1327 deletions
Show Stats Expand all files Collapse all files

3
flake.nix
View File

@ -118,7 +118,6 @@
"rustic-rs-0.7.0.patch"
"vaultwarden.patch"
"vscode-1.86.0.patch"
"webhooks.patch"
];
sharedOverlays = [ flake-utils-plus.overlay inputs.sops-nix.overlays.default ];
channelsConfig = {
@ -141,7 +140,6 @@
modules = __attrValues self.customModules ++ [
(import (./machines + "/${name}"))
{ device = name; mainuser = "ataraxia"; }
inputs.vscode-server.nixosModule
inputs.sops-nix.nixosModules.sops
];
specialArgs = { inherit inputs; };
@ -152,7 +150,6 @@
modules = __attrValues self.customModules ++ [
(import (./machines/Home-Hypervisor))
{ device = "Home-Hypervisor"; mainuser = "ataraxia"; }
inputs.vscode-server.nixosModule
inputs.sops-nix.nixosModules.sops
];
specialArgs = { inherit inputs; };

2
machines/AMD-Workstation/boot.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ pkgs, lib, ... }:
let
zfs_arc_max = toString (6 * 1024 * 1024 * 1024);
in {

2
machines/AMD-Workstation/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports =

2
machines/Dell-Laptop/boot.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ pkgs, lib, ... }:
let
zfs_arc_max = toString (2 * 1024 * 1024 * 1024);
in {

2
machines/Dell-Laptop/default.nix
View File

@ -1,4 +1,4 @@
{ inputs, config, lib, pkgs, ... }: {
{ inputs, config, pkgs, ... }: {
imports = with inputs.self; [
./boot.nix
./hardware-configuration.nix

2
machines/Dell-Laptop/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports =

2
machines/Home-Hypervisor/autoinstall.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }: {
{ ... }: {
autoinstall."Home-Hypervisor" = {
debug = false;
mainuser = "ataraxia";

5
machines/Home-Hypervisor/default.nix
View File

@ -1,4 +1,4 @@
{ modulesPath, inputs, lib, pkgs, config, options, ... }:
{ inputs, lib, pkgs, config, ... }:
let persistRoot = config.autoinstall.persist.persistRoot or "/persist";
in {
imports = with inputs.self; [
@ -40,12 +40,11 @@ in {
customProfiles.yandex-db
(import customProfiles.blocky {
inherit config pkgs;
inherit (import ./dns-mapping.nix) dnsmasq-list;
})
(import customProfiles.headscale {
inherit config pkgs lib inputs;
inherit config lib inputs;
inherit (import ./dns-mapping.nix) headscale-list;
})
];

2
machines/Home-Hypervisor/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports =

2
machines/Home-Hypervisor/usb-hdd.nix
View File

@ -1,4 +1,4 @@
{ config, lib, ... }: {
{ ... }: {
boot.initrd = rec {
luks.devices = {
"crypt-nas" = {

2
machines/NixOS-VPS/services/synapse.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }:
{ config, lib, inputs, ... }:
let
bridge = (import ../hardware/networks.nix).interfaces.main';
external-ip = "83.138.55.118";

2
machines/NixOS-VPS/services/tailscale.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, ... }:
let
bridgeName = (import ../hardware/networks.nix).interfaces.main'.bridgeName;
tailscalePort = config.services.tailscale.port;

2
machines/NixOS-VPS/services/tor-bridge.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ pkgs, ... }:
let
inherit (import ../hardware/networks.nix) interfaces;
bridgeName = interfaces.main'.bridgeName;

2
machines/NixOS-VPS/services/wireguard.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ lib, pkgs, ... }:
let
inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers;
wireguardIFName = interfaces.wireguard0.ifname;

4
modules/applications.nix
View File

@ -1,10 +1,10 @@
{ pkgs, config, lib, ... }:
{ config, lib, ... }:
with config.deviceSpecific;
{
options = with lib;
with types; {
defaultApplications = mkOption {
type = attrsOf (submodule ({ name, ... }: {
type = attrsOf (submodule ({ ... }: {
options = {
cmd = mkOption { type = path; };
desktop = mkOption { type = str; };

2
modules/devices.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ lib, config, ... }:
with lib;
with types; {
options = {

2
modules/headscale-auth.nix
View File

@ -5,7 +5,7 @@ with lib;
description = mdDoc ''
Request headscale auth key.
'';
type = types.attrsOf (types.submodule ({ cfg, name, ... }: {
type = types.attrsOf (types.submodule ({ ... }: {
options = {
autoStart = mkOption {
type = types.bool;

2
modules/libvirt-guests.nix
View File

@ -44,7 +44,7 @@ let
default = "virtiofs";
};
};
guestsOptions = { name, ... }: {
guestsOptions = { ... }: {
options = rec {
xmlFile = mkOption {
type = with types; nullOr path;

109
modules/persist.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, inputs, ... }:
{ config, lib, inputs, ... }:
let
cfg = config.persist;
@ -23,110 +23,22 @@ let
in {
options = let
inherit (lib) mkOption mkEnableOption;
inherit (lib.types) listOf path str either submodule enum;
# defaultPerms = {
# mode = "0755";
# user = "root";
# group = "root";
# };
# dirPermsOpts = { user, group, mode }: {
# user = mkOption {
# type = str;
# default = user;
# };
# group = mkOption {
# type = str;
# default = group;
# };
# mode = mkOption {
# type = str;
# default = mode;
# };
# };
# fileOpts = perms: {
# options = {
# file = mkOption {
# type = str;
# };
# parentDirectory = dirPermsOpts perms;
# };
# };
# dirOpts = perms: {
# options = {
# directory = mkOption {
# type = str;
# };
# } // (dirPermsOpts perms);
# };
# userDefaultPerms = {
# inherit (defaultPerms) mode;
# user = config.mainuser;
# group = config.users.${userDefaultPerms.user}.group;
# };
# rootFile = submodule [
# (fileOpts defaultPerms)
# ];
# rootDir = submodule [
# (dirOpts defaultPerms)
# ];
# userFile = submodule [
# (fileOpts userDefaultPerms)
# ];
# userDir = submodule [
# (dirOpts userDefaultPerms)
# ];
inherit (lib.types) listOf path str;
common = {
directories = mkOption {
# type = listOf (either str (submodule {
# options = {
# directory = mkOption {
# type = str;
# default = null;
# };
# user = mkOption {
# type = str;
# default = "root";
# };
# group = mkOption {
# type = str;
# default = "root";
# };
# mode = mkOption {
# type = str;
# default = "0755";
# };
# };
# }));
# type = listOf (either str rootDir);
type = listOf str;
default = [ ];
};
files = mkOption {
# type = listOf (either str rootFile);
type = listOf str;
default = [ ];
};
homeFiles = mkOption {
# type = listOf (either str userFile);
type = listOf str;
default = [ ];
};
homeDirectories = mkOption {
# type = listOf (either str (submodule {
# options = {
# directory = mkOption {
# type = str;
# default = null;
# };
# method = mkOption {
# type = enum [ "bindfs" "symlink" ];
# default = "bindfs";
# };
# };
# }));
# type = listOf (either str userDir);
type = listOf str;
default = [ ];
};
@ -186,23 +98,6 @@ in {
};
};
# fileSystems."/" = lib.mkIf (config.deviceSpecific.devInfo.fileSystem != "zfs") {
# device = "none";
# options = [ "defaults" "size=2G" "mode=755" ];
# fsType = "tmpfs";
# };
# boot.initrd = lib.mkIf (config.deviceSpecific.devInfo.fileSystem != "zfs") {
# postMountCommands =
# assert config.fileSystems
# ? ${cfg.persistRoot}
# && config.fileSystems.${cfg.persistRoot}.neededForBoot; ''
# mkdir -p /mnt-root/nix
# mount --bind /mnt-root${cfg.persistRoot}/nix /mnt-root/nix
# chmod 755 /mnt-root
# '';
# };
systemd.services.persist-cache-cleanup = lib.mkIf cfg.cache.clean.enable {
description = "Cleaning up cache files and directories";
script = ''

2
modules/rustic-postgresql.nix
View File

@ -5,7 +5,7 @@ with lib;
description = mdDoc ''
Periodic backups of postgresql database to create with Rustic.
'';
type = types.attrsOf (types.submodule ({ config, name, ... }: {
type = types.attrsOf (types.submodule ({ name, ... }: {
options = {
dbName = mkOption {
type = types.str;

2
modules/s3-sync.nix
View File

@ -7,7 +7,7 @@ in {
description = mdDoc ''
Sync buckets beetween two storages.
'';
type = types.attrsOf (types.submodule ({ config, name, ... }: {
type = types.attrsOf (types.submodule ({ ... }: {
options = {
rcloneConfigFile = mkOption {
type = with types; nullOr path;

2
modules/steam-compat-tools.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
with lib;
let cfg = config.programs.steam;
in {

6
modules/users.nix
View File

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }:
with lib;
with types; {
{ lib, ... }: {
options = {
mainuser = mkOption { type = str; };
mainuser = lib.mkOption { type = lib.types.str; };
};
}

314
patches/authentik-271885.patch
View File

@ -1,314 +0,0 @@
diff --git a/pkgs/by-name/au/authentik/ldap.nix b/pkgs/by-name/au/authentik/ldap.nix
new file mode 100644
index 000000000000..7945c3021dfd
--- /dev/null
+++ b/pkgs/by-name/au/authentik/ldap.nix
@@ -0,0 +1,18 @@
+{ lib, buildGoModule, authentik }:
+
+buildGoModule {
+ pname = "authentik-ldap-outpost";
+ inherit (authentik) version src;
+
+ vendorHash = "sha256-8F9emmQmbe7R+xtGrjV5ht0adGasU6WAvLa8Wxr+j8M=";
+
+ CGO_ENABLED = 0;
+
+ subPackages = [ "cmd/ldap" ];
+
+ meta = authentik.meta // {
+ description = "The authentik ldap outpost. Needed for the extendal ldap API.";
+ homepage = "https://goauthentik.io/docs/providers/ldap/";
+ mainProgram = "ldap";
+ };
+}
diff --git a/pkgs/by-name/au/authentik/outposts.nix b/pkgs/by-name/au/authentik/outposts.nix
new file mode 100644
index 000000000000..05649628b3e8
--- /dev/null
+++ b/pkgs/by-name/au/authentik/outposts.nix
@@ -0,0 +1,5 @@
+{ callPackage }:
+
+{
+ ldap = callPackage ./ldap.nix { };
+}
diff --git a/pkgs/by-name/au/authentik/package.nix b/pkgs/by-name/au/authentik/package.nix
new file mode 100644
index 000000000000..8fca47e7ec28
--- /dev/null
+++ b/pkgs/by-name/au/authentik/package.nix
@@ -0,0 +1,248 @@
+{ lib
+, stdenvNoCC
+, fetchFromGitHub
+, buildNpmPackage
+, buildGoModule
+, runCommand
+, openapi-generator-cli
+, nodejs
+, python3
+, codespell
+, makeWrapper }:
+
+let
+ version = "2023.10.6";
+
+ src = fetchFromGitHub {
+ owner = "goauthentik";
+ repo = "authentik";
+ rev = "version/${version}";
+ hash = "sha256-N6FeNUlenbBQPAAUSqC+2GWFfte3G+Zfu5KGVJOqNZQ=";
+ };
+
+ website = buildNpmPackage {
+ pname = "authentik-website";
+ inherit version src;
+ npmDepsHash = "sha256-4dgFxEvMnp+35nSQNsEchtN1qoS5X2KzEbLPvMnyR+k=";
+
+ NODE_ENV = "production";
+ NODE_OPTIONS = "--openssl-legacy-provider";
+
+ postPatch = ''
+ cd website
+ '';
+
+ installPhase = ''
+ cp -r help $out
+ '';
+
+ npmInstallFlags = [ "--include=dev" ];
+ npmBuildScript = "build-docs-only";
+ };
+
+ clientapi = stdenvNoCC.mkDerivation {
+ pname = "authentik-client-api";
+ inherit version src;
+
+ postPatch = ''
+ rm Makefile
+
+ substituteInPlace ./scripts/api-ts-config.yaml \
+ --replace '/local' "$(pwd)/"
+ '';
+
+ nativeBuildInputs = [ openapi-generator-cli ];
+ buildPhase = ''
+ runHook preBuild
+ openapi-generator-cli generate -i ./schema.yml \
+ -g typescript-fetch -o $out \
+ -c ./scripts/api-ts-config.yaml \
+ --additional-properties=npmVersion=${nodejs.pkgs.npm.version} \
+ --git-repo-id authentik --git-user-id goauthentik
+ runHook postBuild
+ '';
+ };
+
+ webui = buildNpmPackage {
+ pname = "authentik-webui";
+ inherit version;
+
+ src = runCommand "authentik-webui-source" {} ''
+ mkdir -p $out/web/node_modules/@goauthentik/
+ cp -r ${src}/web $out/
+ ln -s ${src}/website $out/
+ ln -s ${clientapi} $out/web/node_modules/@goauthentik/api
+ '';
+ npmDepsHash = "sha256-5aCKlArtoEijGqeYiY3zoV0Qo7/Xt5hSXbmy2uYZpok=";
+
+ postPatch = ''
+ cd web
+ '';
+
+ installPhase = ''
+ runHook preInstall
+ mkdir $out
+ cp -r dist $out/dist
+ cp -r authentik $out/authentik
+ runHook postInstall
+ '';
+
+ NODE_ENV = "production";
+ NODE_OPTIONS = "--openssl-legacy-provider";
+
+ npmInstallFlags = [ "--include=dev" ];
+ };
+
+ python = python3.override {
+ self = python;
+ packageOverrides = final: prev: {
+ authentik-django = prev.buildPythonPackage {
+ pname = "authentik-django";
+ inherit version src;
+ pyproject = true;
+
+ postPatch = ''
+ substituteInPlace authentik/root/settings.py \
+ --replace 'Path(__file__).absolute().parent.parent.parent' "\"$out\""
+ substituteInPlace authentik/lib/default.yml \
+ --replace '/blueprints' "$out/blueprints"
+ sed -i '/dumb-init/d' pyproject.toml
+ sed -i '/djangorestframework-guardian/d' pyproject.toml
+ '';
+
+ nativeBuildInputs = [ prev.poetry-core ];
+ propagatedBuildInputs = with prev; [
+ argon2-cffi
+ celery
+ channels
+ channels-redis
+ colorama
+ dacite
+ daphne
+ deepmerge
+ defusedxml
+ django
+ django-filter
+ django-guardian
+ django-model-utils
+ django-prometheus
+ django-redis
+ djangorestframework
+ djangorestframework-guardian2
+ docker
+ drf-spectacular
+ duo-client
+ facebook-sdk
+ flower
+ geoip2
+ gunicorn
+ httptools
+ kubernetes
+ ldap3
+ lxml
+ opencontainers
+ packaging
+ paramiko
+ psycopg
+ pycryptodome
+ pydantic
+ pydantic-scim
+ pyjwt
+ pyyaml
+ requests-oauthlib
+ sentry-sdk
+ structlog
+ swagger-spec-validator
+ twilio
+ twisted
+ ua-parser
+ urllib3
+ uvicorn
+ uvloop
+ watchdog
+ webauthn
+ websockets
+ wsproto
+ xmlsec
+ zxcvbn
+ jsonpatch
+ ] ++ [
+ codespell
+ ];
+
+ postInstall = ''
+ mkdir -p $out/web $out/website
+ cp -r lifecycle manage.py $out/${prev.python.sitePackages}/
+ cp -r blueprints $out/
+ cp -r ${webui}/dist ${webui}/authentik $out/web/
+ cp -r ${website} $out/website/help
+ ln -s $out/${prev.python.sitePackages}/lifecycle $out/lifecycle
+ '';
+ };
+ };
+ };
+
+ inherit (python.pkgs) authentik-django;
+
+ proxy = buildGoModule {
+ pname = "authentik-proxy";
+ inherit version src;
+
+ postPatch = ''
+ substituteInPlace internal/gounicorn/gounicorn.go \
+ --replace './lifecycle' "${authentik-django}/lifecycle"
+ substituteInPlace web/static.go \
+ --replace './web' "${authentik-django}/web"
+ substituteInPlace internal/web/static.go \
+ --replace './web' "${authentik-django}/web"
+ '';
+
+ CGO_ENABLED = 0;
+
+ vendorHash = "sha256-8F9emmQmbe7R+xtGrjV5ht0adGasU6WAvLa8Wxr+j8M=";
+
+ postInstall = ''
+ mv $out/bin/server $out/bin/authentik
+ '';
+
+ subPackages = [ "cmd/server" ];
+ };
+
+in stdenvNoCC.mkDerivation {
+ pname = "authentik";
+ inherit src version;
+
+ postPatch = ''
+ rm Makefile
+ patchShebangs lifecycle/ak
+
+ # This causes issues in systemd services
+ substituteInPlace lifecycle/ak \
+ --replace 'printf' '>&2 printf' \
+ --replace '> /dev/stderr' ""
+ '';
+
+ installPhase = ''
+ runHook preInstall
+ mkdir -p $out/bin
+ cp -r lifecycle/ak $out/bin/
+
+ wrapProgram $out/bin/ak \
+ --prefix PATH : ${lib.makeBinPath [ (python.withPackages (ps: [ps.authentik-django])) proxy ]} \
+ --set TMPDIR /dev/shm \
+ --set PYTHONDONTWRITEBYTECODE 1 \
+ --set PYTHONUNBUFFERED 1
+ runHook postInstall
+ '';
+
+ nativeBuildInputs = [ makeWrapper ];
+
+ meta = with lib; {
+ description = "The authentication glue you need";
+ changelog = "https://github.com/goauthentik/authentik/releases/tag/version%2F${version}";
+ homepage = "https://goauthentik.io/";
+ license = licenses.mit;
+ maintainers = with maintainers; [ jvanbruegge ];
+ mainProgram = "ak";
+ };
+}
diff --git a/pkgs/tools/networking/openapi-generator-cli/default.nix b/pkgs/tools/networking/openapi-generator-cli/default.nix
index 2edba9a26eb6..fed141f9c1e1 100644
--- a/pkgs/tools/networking/openapi-generator-cli/default.nix
+++ b/pkgs/tools/networking/openapi-generator-cli/default.nix
@@ -33,6 +33,7 @@ let this = stdenv.mkDerivation rec {
homepage = "https://github.com/OpenAPITools/openapi-generator";
changelog = "https://github.com/OpenAPITools/openapi-generator/releases/tag/v${version}";
sourceProvenance = with sourceTypes; [ binaryBytecode ];
+ mainProgram = "openapi-generator-cli";
license = licenses.asl20;
maintainers = with maintainers; [ shou ];
};
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e0ca2d741d53..20687cbb509a 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3374,6 +3374,8 @@ with pkgs;
authelia = callPackage ../servers/authelia { };
+ authentik-outposts = recurseIntoAttrs (callPackages ../by-name/au/authentik/outposts.nix { });
+
autoflake = with python3.pkgs; toPythonApplication autoflake;
autospotting = callPackage ../applications/misc/autospotting { };

13
patches/tor-bridge.patch
View File

@ -1,13 +0,0 @@
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 4ff941251c99..32c9d8ae046c 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -854,7 +854,7 @@ in
BridgeRelay = true;
ExtORPort.port = mkDefault "auto";
ServerTransportPlugin.transports = mkDefault ["obfs4"];
- ServerTransportPlugin.exec = mkDefault "${pkgs.obfs4}/bin/obfs4proxy managed";
+ ServerTransportPlugin.exec = mkDefault "${lib.getExe pkgs.obfs4} managed";
} // optionalAttrs (cfg.relay.role == "private-bridge") {
ExtraInfoStatistics = false;
PublishServerDescriptor = false;

28
patches/webhooks.patch
View File

@ -1,28 +0,0 @@
diff --git a/nixos/modules/services/networking/webhook.nix b/nixos/modules/services/networking/webhook.nix
index 2a78491941c..9e3c816021f 100644
--- a/nixos/modules/services/networking/webhook.nix
+++ b/nixos/modules/services/networking/webhook.nix
@@ -158,6 +158,11 @@ in {
default = {};
description = mdDoc "Extra environment variables passed to webhook.";
};
+ environmentFiles = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = mdDoc "Extra environment variables from files passed to webhook.";
+ };
};
};
@@ -201,7 +206,11 @@ in {
++ optional cfg.enableTemplates "-template"
++ optional cfg.verbose "-verbose"
++ cfg.extraArgs;
+ envFiles = concatMapStringsSep "\n" (envFile: "source " + envFile) cfg.environmentFiles;
in ''
+ set -a
+ ${envFiles}
+ set +a
${cfg.package}/bin/webhook ${escapeShellArgs args}
'';
serviceConfig = {

4
profiles/applications-setup.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
defaultApplications = {
fm = {
cmd = "${pkgs.pcmanfm}/bin/pcmanfm";
@ -50,7 +50,7 @@
enable = true;
defaultApplications =
with config.defaultApplications;
builtins.mapAttrs (name: value:
builtins.mapAttrs (_name: value:
if value ? desktop then [ "${value.desktop}.desktop" ] else value) {
"text/html" = browser;
"inode/directory" = fm;

83
profiles/applications/alacritty.nix
View File

@ -1,83 +0,0 @@
{ pkgs, lib, config, ... }:
let
thm = config.lib.base16.theme;
in
with config.deviceSpecific;
{
# defaultApplications.term = lib.mkIf (isDesktop) {
# cmd = "${pkgs.alacritty}/bin/alacritty";
# desktop = "alacritty";
# };
home-manager.users.${config.mainuser} = {
programs.alacritty = {
# enable = isDesktop;
enable = false;
settings = {
font = {
normal = {
family = "${thm.fonts.mono.family}";
style = "Regular";
};
bold = {
family = "${thm.fonts.mono.family}";
style = "Bold";
};
italic = {
family = "${thm.fonts.mono.family}";
style = "Italic";
};
bold_italic = {
family = "${thm.fonts.mono.family}";
style = "Bold Italic";
};
size = thm.fontSizes.small.int;
};
window.padding = {
x = 2;
y = 2;
};
shell.program = "${pkgs.zsh}/bin/zsh";
cursor.style = "Beam";
colors = {
primary = {
background = "#${thm.base00-hex}";
foreground = "#${thm.base05-hex}";
};
cursor = {
text = "#${thm.base02-hex}";
cursor = "#${thm.base00-hex}";
};
normal = {
black = "#${thm.base00-hex}";
red = "#${thm.base08-hex}";
green = "#${thm.base0B-hex}";
yellow = "#${thm.base0A-hex}";
blue = "#${thm.base0D-hex}";
magenta = "#${thm.base0E-hex}";
cyan = "#${thm.base0C-hex}";
white = "#${thm.base05-hex}";
};
bright = {
black = "#${thm.base03-hex}";
red = "#${thm.base09-hex}";
green = "#${thm.base01-hex}";
yellow = "#${thm.base02-hex}";
blue = "#${thm.base04-hex}";
magenta = "#${thm.base06-hex}";
cyan = "#${thm.base0F-hex}";
white = "#${thm.base07-hex}";
};
draw_bold_text_with_bright_colors = "false";
};
env = {
WINIT_X11_SCALE_FACTOR = "1.0";
};
};
};
};
}

11
profiles/applications/cassowary.nix
View File

@ -1,14 +1,7 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
home.packages = [
pkgs.cassowary-py
];
# xdg.configFile."casualrdh/config.json".text = toJson ''
# '';
# xdg.desktopEntries
home.packages = [ pkgs.cassowary-py ];
};
persist.state.homeDirectories = [
".config/casualrdh"
];

2
profiles/applications/element.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.mainuser}.home.packages = [
pkgs.element-desktop
];

64
profiles/applications/email.nix
View File

@ -1,67 +1,8 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
home.packages = [
# pkgs.himalaya
pkgs.gnome.geary
];
# xdg.configFile."himalaya/config.toml".text = ''
# downloads-dir = "/home/${config.mainuser}/Downloads/mail"
# name = "Dmitriy Kholkin"
# signature = "Regards,"
# # email-reading-verify-cmd
# # email-reading-decrypt-cmd
# # email-writing-sign-cmd
# # email-writing-encrypt-cmd
# # notify-cmd
# # notify-query
# # sync
# [ataraxiadev]
# default = true
# email = "ataraxiadev@ataraxiadev.com"
# backend = "imap"
# imap-host = "mail.ataraxiadev.com"
# imap-port = 993
# imap-login = "ataraxiadev@ataraxiadev.com"
# imap-passwd-cmd = "${pkgs.pass}/bin/pass show email/ataraxiadev@ataraxiadev.com"
# imap-ssl = true
# imap-starttls = false
# imap-insecure = false
# sender = "smtp"
# smtp-host = "mail.ataraxiadev.com"
# smtp-port = 465
# smtp-login = "ataraxiadev@ataraxiadev.com"
# smtp-passwd-cmd = "${pkgs.pass}/bin/pass show email/ataraxiadev@ataraxiadev.com"
# smtp-ssl = true
# smtp-starttls = false
# smtp-insecure = false
# '';
home.packages = [ pkgs.gnome.geary ];
};
# systemd.user.services.himalaya-notify = {
# description = "Himalaya new messages notifier";
# after = [ "network.target" ];
# wantedBy = [ "default.target" ];
# script = "himalaya notify";
# environment = {
# PASSWORD_STORE_DIR = config.secretsConfig.password-store;
# GNUPGHOME = config.secretsConfig.gnupgHome;
# };
# # script = "echo $(pass show email/ataraxiadev@ataraxiadev.com) || echo lol";
# path = with pkgs; [ himalaya libnotify pass gnupg ];
# serviceConfig = {
# Restart = lib.mkForce "no";
# # Restart = "always";
# RestartSec = 10;
# # Type = "oneshot";
# };
# };
defaultApplications.mail = {
cmd = "${pkgs.gnome.geary}/bin/geary";
desktop = "geary";
@ -72,7 +13,6 @@
];
persist.state.homeDirectories = [
".config/himalaya"
".config/geary"
".local/share/geary"
];

7
profiles/applications/firefox.nix
View File

@ -3,8 +3,7 @@ with lib;
let
thm = config.lib.base16.theme;
fonts = config.lib.base16.theme.fonts;
profileName = config.mainuser;
homeDir = config.home-manager.users.${profileName}.home.homeDirectory;
homeDir = config.home-manager.users.${config.mainuser}.home.homeDirectory;
mkUserJs = { prefs ? {}, extraPrefs ? "" }: ''
${extraPrefs}
@ -12,10 +11,8 @@ let
user_pref("${name}", ${builtins.toJSON value});
'') prefs)}
'';
in {
services.dbus.packages = [ pkgs.firefox-wayland ];
services.dbus.packages = [ pkgs.firefox ];
environment.sessionVariables = {
MOZ_USE_XINPUT2 = "1";

2
profiles/applications/emulators.nix → profiles/applications/games/emulators.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
home.packages = with pkgs; [
(retroarch.override { cores = with libretro; [ genesis-plus-gx dosbox ]; })

0
profiles/applications/gamemode.nix → profiles/applications/games/gamemode.nix
View File

2
profiles/applications/games/hoyo.nix
View File

@ -1,4 +1,4 @@
{ inputs, config, lib, pkgs, ... }: {
{ inputs, lib, ... }: {
imports = [ inputs.aagl.nixosModules.default ];
nix.settings = inputs.aagl.nixConfig;

22
profiles/applications/games/steam.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }: {
{ pkgs, ... }: {
programs.steam.enable = true;
programs.steam.extraCompatPackages = [
pkgs.proton-ge
@ -6,29 +6,13 @@
programs.gamescope.enable = true;
programs.gamescope.capSysNice = false;
# startupApplications = [ "steam" ];
startupApplications = let
gs = pkgs.writeShellScriptBin "gamescope-steam" ''
gamescope --steam --borderless -- steam
'';
in [
# "${gs}/bin/gamescope-steam"
"${pkgs.steam}/bin/steam"
];
systemd.user.services.x11-ownership = {
script = ''
doas chown ${config.mainuser} /tmp/.X11-unix
'';
after = [ "hyprland-session.target" ];
wantedBy = [ "hyprland-session.target" ];
};
startupApplications = [ "${pkgs.steam}/bin/steam" ];
persist.state.homeDirectories = [
".local/share/Steam"
".steam"
] ++ [
# Games configs
# Native games config
".config/WarThunder"
".local/share/BeamNG.drive"
];

5
profiles/applications/games/wine-games.nix
View File

@ -1,13 +1,10 @@
{ pkgs, lib, config, ... }: {
{ pkgs, config, ... }: {
home-manager.users.${config.mainuser}.home.packages = [
# pkgs.lutris
pkgs.bottles
pkgs.osu-lazer-bin
pkgs.realrtcw
];
persist.state.homeDirectories = [
# ".config/lutris"
# ".local/share/lutris"
".local/share/bottles"
".local/share/osu"
];

6
profiles/applications/kitty.nix
View File

@ -1,7 +1,7 @@
{ pkgs, lib, config, ... }:
{ pkgs, config, ... }:
let
thm = config.lib.base16.theme;
in with config.deviceSpecific;
in
{
defaultApplications.term = {
cmd = "${pkgs.kitty}/bin/kitty";
@ -11,8 +11,6 @@ in with config.deviceSpecific;
programs.kitty = {
enable = true;
font.name = "${thm.fonts.mono.family} ${thm.fontSizes.small.str}";
# keybindings = ''
# '';
settings = {
foreground = "#${thm.base05-hex}";
background = "#${thm.base00-hex}";

2
profiles/applications/mpv.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, ... }:
{
home-manager.users.${config.mainuser} = {
programs.mpv = {

2
profiles/applications/nicotine.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
home.packages = [ pkgs.nicotine-plus ];
};

2
profiles/applications/nnn.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
programs.nnn = {
enable = true;

37
profiles/applications/packages.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, lib, inputs, ... }:
{ pkgs, config, lib, ... }:
with config.deviceSpecific; {
programs.adb.enable = true;
@ -8,6 +8,8 @@ with config.deviceSpecific; {
bat
comma
curl
curlie
duf
eza
fd
glib.out
@ -16,8 +18,10 @@ with config.deviceSpecific; {
lm_sensors
lnav
nix-prefetch-git
nix-prefetch-github
p7zip
pciutils
rclone
ripgrep
ripgrep-all
sd
@ -26,7 +30,6 @@ with config.deviceSpecific; {
unrar
unzip
usbutils
wget
zip
# --- tui ---
bottom
@ -34,47 +37,37 @@ with config.deviceSpecific; {
ncdu
procs
# --- gui ---
deadbeef
feh
qimgv
xarchiver
zathura
xdg-utils
# --- awesome-shell ---
# curlie
# duf
# zsh-z
] ++ lib.optionals (!(isVM || isISO)) [
a2ln
# audacity
cachix
ffmpeg.bin
monero-gui
nodePackages.peerflix
nix-tree
yt-dlp
# ---- gui ----
bitwarden
# foliate
jellyfin-media-player
jellyfin-mpv-shim
joplin-desktop
# libreoffice
obs-studio
obs-studio-plugins.obs-vkcapture
obsidian
onlyoffice-bin_7_5
pinta
qbittorrent
sonixd
tdesktop
tidal-dl
tor-browser-bundle-bin
ungoogled-chromium
webcord-vencord
youtube-to-mpv
] ++ lib.optionals isGaming [
ceserver
gamescope
moonlight-qt
protonhax
protontricks
vkBasalt
@ -86,24 +79,24 @@ with config.deviceSpecific; {
persist.state.homeDirectories = [
".config/Bitwarden"
".config/chromium"
".config/deadbeef"
".config/jellyfin-mpv-shim"
".config/jellyfin.org"
".config/joplin-desktop"
".config/kdeconnect"
".config/libreoffice"
".config/monero-project"
".config/obs-studio"
".config/obsidian"
".config/pcmanfm"
# ".config/Pinta"
".config/Pinta"
".config/qBittorrent"
# ".config/qimgv"
".config/qimgv"
".config/rclone"
".config/Sonixd"
# ".config/xarchiver"
".local/share/jellyfinmediaplayer"
".config/WebCord"
".config/xarchiver"
".local/share/TelegramDesktop"
".local/share/tor-browser"
".android"
".anydesk"
".bitmonero"
".monero"
];

9
profiles/applications/rclone.nix
View File

@ -1,9 +0,0 @@
{ config, pkgs, lib, ... }: {
home-manager.users.${config.mainuser}.home.packages = [
pkgs.rclone
];
persist.state.homeDirectories = [
".config/rclone"
];
}

2
profiles/applications/rofi.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, lib, ... }:
{ pkgs, config, ... }:
let
thm = config.lib.base16.theme;
themeFile = config.lib.base16.templateFile { name = "rofi"; };

6
profiles/applications/spotify.nix
View File

@ -1,12 +1,12 @@
{ config, lib, pkgs, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.mainuser}.home.packages = with pkgs; [
spotifywm
];
startupApplications = [
"${pkgs.spotifywm}/bin/spotify"
];
persist.state.homeDirectories = [
".config/spotify"
];

10
profiles/applications/sunshine.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: {
{ config, pkgs, ... }: {
boot.kernelModules = [ "uinput" ];
services.udev.extraRules = ''
@ -23,12 +23,8 @@
};
networking.firewall = {
allowedTCPPorts = [
47984 47989 47990 48010
];
allowedUDPPorts = [
47998 47999 48000 48002 48010
];
allowedTCPPorts = [ 47984 47989 47990 48010 ];
allowedUDPPorts = [ 47998 47999 48000 48002 48010 ];
};
persist.state.homeDirectories = [ ".config/sunshine" ];

14
profiles/applications/tor-browser.nix
View File

@ -1,14 +0,0 @@
{ config, pkgs, lib, ... }:
let
tor-browser = pkgs.writeShellScriptBin "tor-browser" ''
mullvad-exclude ${pkgs.tor-browser-bundle-bin}/bin/tor-browser
'';
in {
home-manager.users.${config.mainuser}.home.packages = if config.deviceSpecific.vpn.mullvad.enable then [
tor-browser
] else [
pkgs.tor-browser-bundle-bin
];
persist.state.homeDirectories = [ ".local/share/tor-browser" ];
}

117
profiles/applications/vscode/default.nix
View File

@ -1,7 +1,5 @@
{ pkgs, lib, config, inputs, ... }:
let
thmFile = config.lib.base16.templateFile;
thm = config.lib.base16.theme;
EDITOR = pkgs.writeShellScript "code-editor" ''
source "/etc/profiles/per-user/${config.mainuser}/etc/profile.d/hm-session-vars.sh"
NIXOS_OZONE_WL=1 \
@ -12,8 +10,10 @@ let
"$@"
'';
continue-ver = lib.getVersion
inputs.nix-vscode-marketplace.extensions.${pkgs.system}.vscode-marketplace.continue.continue;
ext-vscode = inputs.nix-vscode-marketplace.extensions.${pkgs.system}.vscode-marketplace;
ext-nixpkgs = pkgs.vscode-extensions;
continue-ver = lib.getVersion ext-vscode.continue.continue;
in
{
defaultApplications.editor = {
@ -31,56 +31,50 @@ in
package = pkgs.vscode;
enableExtensionUpdateCheck = false;
enableUpdateCheck = false;
extensions = let
vscode = inputs.nix-vscode-marketplace.extensions.${pkgs.system}.vscode-marketplace;
open-vsx = inputs.nix-vscode-marketplace.extensions.${pkgs.system}.open-vsx;
nixpkgs = pkgs.vscode-extensions;
in [
extensions = [
# (pkgs.callPackage ./theme.nix { mainuser = config.mainuser; } config.lib.base16.theme)
vscode.aaron-bond.better-comments
vscode.alefragnani.bookmarks
vscode.alefragnani.project-manager
vscode.alexisvt.flutter-snippets
vscode.christian-kohler.path-intellisense
vscode.codezombiech.gitignore
vscode.continue.continue
vscode.dart-code.dart-code
vscode.dart-code.flutter
# vscode.dlasagno.wal-theme
vscode.eamodio.gitlens
vscode.enkia.tokyo-night
vscode.felixangelov.bloc
vscode.github.vscode-github-actions
vscode.github.vscode-pull-request-github
vscode.irongeek.vscode-env
vscode.jebbs.plantuml
vscode.jnoortheen.nix-ide
vscode.lucax88x.codeacejumper
vscode.marcelovelasquez.flutter-tree
vscode.mhutchie.git-graph
vscode.mkhl.direnv
vscode.ms-azuretools.vscode-docker
vscode.ms-vscode.hexeditor
nixpkgs.ms-vscode-remote.remote-ssh #FIX later
vscode.pkief.material-icon-theme
vscode.streetsidesoftware.code-spell-checker
vscode.streetsidesoftware.code-spell-checker-russian
vscode.ultram4rine.vscode-choosealicense
vscode.yzhang.markdown-all-in-one
# Django
nixpkgs.ms-python.python
vscode.monosans.djlint
vscode.ms-python.isort
vscode.ms-python.vscode-pylance
ext-vscode.aaron-bond.better-comments
ext-vscode.alefragnani.bookmarks
ext-vscode.alefragnani.project-manager
ext-vscode.alexisvt.flutter-snippets
ext-vscode.christian-kohler.path-intellisense
ext-vscode.codezombiech.gitignore
ext-vscode.continue.continue
ext-vscode.dart-code.dart-code
ext-vscode.dart-code.flutter
# ext-vscode.dlasagno.wal-theme
ext-vscode.eamodio.gitlens
ext-vscode.enkia.tokyo-night
ext-vscode.felixangelov.bloc
ext-vscode.github.vscode-github-actions
ext-vscode.github.vscode-pull-request-github
ext-vscode.irongeek.vscode-env
ext-vscode.jebbs.plantuml
ext-vscode.jnoortheen.nix-ide
ext-vscode.lucax88x.codeacejumper
ext-vscode.marcelovelasquez.flutter-tree
ext-vscode.mhutchie.git-graph
ext-vscode.mkhl.direnv
ext-vscode.ms-azuretools.vscode-docker
ext-nixpkgs.ms-python.python
ext-vscode.ms-python.isort
ext-vscode.ms-python.vscode-pylance
ext-vscode.ms-vscode.hexeditor
ext-nixpkgs.ms-vscode-remote.remote-ssh #FIX later
ext-vscode.pkief.material-icon-theme
ext-vscode.streetsidesoftware.code-spell-checker
ext-vscode.streetsidesoftware.code-spell-checker-russian
ext-vscode.ultram4rine.vscode-choosealicense
ext-vscode.yzhang.markdown-all-in-one
# Rust
vscode.gruntfuggly.todo-tree
vscode.jscearcy.rust-doc-viewer
vscode.polypus74.trusty-rusty-snippets
nixpkgs.rust-lang.rust-analyzer
vscode.serayuzgur.crates
vscode.tamasfe.even-better-toml
vscode.usernamehw.errorlens
vscode.vadimcn.vscode-lldb
ext-vscode.gruntfuggly.todo-tree
ext-vscode.jscearcy.rust-doc-viewer
ext-vscode.polypus74.trusty-rusty-snippets
ext-nixpkgs.rust-lang.rust-analyzer
ext-vscode.serayuzgur.crates
ext-vscode.tamasfe.even-better-toml
ext-vscode.usernamehw.errorlens
ext-vscode.vadimcn.vscode-lldb
];
# mutableExtensionsDir = false;
userSettings = {
@ -177,24 +171,5 @@ in
];
};
};
home.file.".cache/wal/colors".text = ''
#${thm.base00-hex}
#${thm.base08-hex}
#${thm.base0B-hex}
#${thm.base0A-hex}
#${thm.base0D-hex}
#${thm.base0E-hex}
#${thm.base0C-hex}
#${thm.base05-hex}
#${thm.base03-hex}
#${thm.base08-hex}
#${thm.base0B-hex}
#${thm.base0A-hex}
#${thm.base0D-hex}
#${thm.base0E-hex}
#${thm.base0C-hex}
#${thm.base07-hex}
'';
};
}

2
profiles/applications/zathura.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, lib, ... }:
let
home = config.home-manager.users.${config.mainuser};
zathura-pkg = home.programs.zathura.package;

2
profiles/bluetooth.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, lib, ... }: {
config = lib.mkIf (!config.deviceSpecific.isServer) {
services.blueman.enable = true;
hardware.bluetooth = {

4
profiles/hardened.nix
View File

@ -1,4 +1,4 @@
{ modulesPath, config, pkgs, lib, ... }: {
{ modulesPath, config, lib, ... }: {
imports = [
(modulesPath + "/profiles/hardened.nix")
];
@ -91,7 +91,7 @@
# dhcpcd broken with scudo or graphene malloc
nixpkgs.overlays = lib.optionals (config.environment.memoryAllocator.provider != "libc") [
(final: prev: {
(_final: prev: {
dhcpcd = prev.dhcpcd.override { enablePrivSep = false; };
})
];

2
profiles/hardware.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, lib, ... }:
{ pkgs, config, ... }:
with config.deviceSpecific; {
hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true;

2
profiles/network.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ lib, config, ... }:
{
networking = {
networkmanager.enable = true;

2
profiles/nix/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: {
{ config, lib, inputs, ... }: {
nix = {
nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];

23
profiles/nix/doas.patch
View File

@ -1,23 +0,0 @@
From 012a913fbc861029a0f4b100cfd57d3b505a455f Mon Sep 17 00:00:00 2001
From: ForeverNooob <106961997+ForeverNooob@users.noreply.github.com>
Date: Sun, 30 Oct 2022 08:13:19 +0000
Subject: [PATCH] Add doas support to the installation script.
Previously the install errored out and told you to manually add `/nix/` and set the perms if you had `doas` installed instead of `sudo`. Well, not any more!
---
scripts/install-nix-from-closure.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh
index d4eed2efe80..d8931e97015 100644
--- a/scripts/install-nix-from-closure.sh
+++ b/scripts/install-nix-from-closure.sh
@@ -137,7 +137,7 @@ echo "performing a single-user installation of Nix..." >&2
if ! [ -e "$dest" ]; then
cmd="mkdir -m 0755 $dest && chown $USER $dest"
echo "directory $dest does not exist; creating it by running '$cmd' using sudo" >&2
- if ! sudo sh -c "$cmd"; then
+ if ! (sudo sh -c "$cmd" || doas sh -c "$cmd") ; then
echo "$0: please manually run '$cmd' as root to create $dest" >&2
exit 1
fi

2
profiles/security/pass-secret-service.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.pass-secret-service ];
services.dbus.packages = [ pkgs.pass-secret-service ];
xdg.portal.extraPortals = [ pkgs.pass-secret-service ];

2
profiles/security/user.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
security.apparmor.enable = true;
programs.firejail.enable = true;

2
profiles/security/vlock.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, lib, ... }: {
# FIXME: completely remove sudo
security.sudo = {
enable = true;

2
profiles/servers/acme.nix
View File

@ -1,4 +1,4 @@
{ config, ... }: {
{ ... }: {
security.acme = {
acceptTerms = true;
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging

2
profiles/servers/atticd.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: {
{ config, lib, inputs, ... }: {
imports = [ inputs.attic.nixosModules.atticd ];
sops.secrets.atticd.sopsFile = inputs.self.secretsDir + /home-hypervisor/atticd.yaml;
sops.secrets.atticd.restartUnits = [ "atticd.service" ];

2
profiles/servers/battery-historian.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
virtualisation.oci-containers.containers.battery-historian = {
autoStart = true;
ports = [ "0.0.0.0:9999:9999" ];

4
profiles/servers/blocky.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, dnsmasq-list ? [], ... }:
{ dnsmasq-list ? [], ... }:
let
nodeAddress = "192.168.0.5";
upstream-dns = "100.64.0.1";
@ -17,7 +17,7 @@ in {
localAddress = "${nodeAddress}/24";
tmpfs = [ "/" ];
bindMounts."/tmp/blocky-authkey".hostPath = "/tmp/blocky-authkey";
config = { config, pkgs, lib, ... }:
config = { config, lib, ... }:
let
grafanaPort = config.services.grafana.settings.server.http_port;
blockyPort = config.services.blocky.settings.ports.dns;

2
profiles/servers/fail2ban.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, ... }: {
services.openssh.settings.LogLevel = "VERBOSE";
services.fail2ban = {

2
profiles/servers/gitea.nix
View File

@ -17,8 +17,6 @@ let
in {
sops.secrets.gitea = gitea-secret;
sops.secrets.gitea-mailer = gitea-secret;
# sops.secrets.gitea-secretkey = gitea-secret;
# sops.secrets.gitea-internaltoken = gitea-secret;
sops.secrets.gitea-runner-hypervisor = runner-secret [ "gitea-runner-hypervisor.service" ];
persist.state.directories = [

2
profiles/servers/headscale.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, headscale-list ? {}, ... }:
{ config, lib, inputs, headscale-list ? {}, ... }:
let
domain = "wg.ataraxiadev.com";
in {

2
profiles/servers/inpx-web.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: let
{ ... }: let
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.inpx-web = {

2
profiles/servers/it-tools.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
virtualisation.oci-containers.containers.it-tools = {
autoStart = true;
image = "docker.io/corentinth/it-tools:latest";

60
profiles/servers/joplin-server.nix
View File

@ -1,60 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
let
joplin-data = "/srv/joplin/data";
joplin-db-data = "/srv/joplin/postgres";
joplin-uid = "1001";
backend = config.virtualisation.oci-containers.backend;
pod-name = "joplin-pod";
open-ports = [ "127.0.0.1:22300:22300/tcp" ];
in {
sops.secrets.joplin-env.sopsFile = inputs.self.secretsDir + /home-hypervisor/joplin.yaml;
sops.secrets.joplin-db-env.sopsFile = inputs.self.secretsDir + /home-hypervisor/joplin.yaml;
sops.secrets.joplin-env.restartUnits = [ "${backend}-joplin.service" ];
sops.secrets.joplin-db-env.restartUnits = [ "${backend}-joplin-db.service" ];
# FIXMEL mailer
virtualisation.oci-containers.containers = {
joplin = {
autoStart = true;
dependsOn = [ "joplin-db" ];
environment = { MAX_TIME_DRIFT = "0"; };
environmentFiles = [ config.sops.secrets.joplin-env.path ];
extraOptions = [ "--pod=${pod-name}" ];
image = "docker.io/ataraxiadev/joplin-server:2.9.17";
volumes = [
"${joplin-data}:/home/joplin/data"
"/etc/localtime:/etc/localtime:ro"
];
};
joplin-db = {
autoStart = true;
environmentFiles = [ config.sops.secrets.joplin-db-env.path ];
extraOptions = [ "--pod=${pod-name}" ];
image = "docker.io/postgres:13";
volumes = [ "${joplin-db-data}:/var/lib/postgresql/data" ];
};
};
systemd.tmpfiles.rules = [
"d ${joplin-data} 0755 ${joplin-uid} ${joplin-uid} -"
"d ${joplin-db-data} 0700 dhcpcd dhcpcd -"
];
systemd.services."podman-create-${pod-name}" = let
portsMapping = lib.concatMapStrings (port: " -p " + port) open-ports;
start = pkgs.writeShellScript "create-pod-${pod-name}" ''
podman pod exists ${pod-name} || podman pod create -n ${pod-name} ${portsMapping}
'';
stop = "podman pod rm -i -f ${pod-name}";
in rec {
path = [ pkgs.coreutils config.virtualisation.podman.package ];
before = [ "${backend}-joplin.service" "${backend}-joplin-db.service" ];
requiredBy = before;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
ExecStart = start;
ExecStop = stop;
};
};
}

3
profiles/servers/media-stack/caddy.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ pkgs, ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
caddyconf = pkgs.writeText "Caddyfile" ''
{

3
profiles/servers/media-stack/jackett.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.jackett = {

3
profiles/servers/media-stack/jellyfin.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ config, ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
renderGid = toString config.users.groups.render.gid;
videoGid = toString config.users.groups.video.gid;

3
profiles/servers/media-stack/lidarr.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.lidarr = {

3
profiles/servers/media-stack/medusa.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.medusa = {

3
profiles/servers/media-stack/qbittorrent.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.qbittorrent = {

3
profiles/servers/media-stack/radarr.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.radarr = {

3
profiles/servers/media-stack/recyclarr.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.recyclarr = {

3
profiles/servers/media-stack/sonarr.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.sonarr = {

2
profiles/servers/nginx.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }:
{ config, pkgs, inputs, ... }:
let
authentik = { proxyPass ? null, proxyWebsockets ? false, root ? {}, rootExtraConfig ? "", locations ? {}, extraConfig ? "", ... }: {
extraConfig = ''

2
profiles/servers/openbooks.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
nas-path = "/media/nas/media-stack";
in {

2
profiles/servers/spdf.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: let
{ ... }: let
nas-path = "/media/nas/media-stack";
in {
virtualisation.oci-containers.containers.spdf = {

6
profiles/servers/tinyproxy.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ ... }: {
containers.tinyproxy = {
extraFlags = [ "-U" ];
autoStart = true;
@ -6,8 +6,7 @@
privateNetwork = true;
hostBridge = "br0";
localAddress = "192.168.0.6/24";
# tmpfs = [ "/" ]; # not working with unprivilliged container
config = { config, pkgs, ... }: {
config = { ... }: {
services.privoxy = {
enable = true;
settings = {
@ -22,7 +21,6 @@
defaultGateway = "192.168.0.1";
hostName = "tinyproxy-node";
nameservers = [ "192.168.0.1" ];
# enableIPv6 = false;
useHostResolvConf = false;
firewall = {
enable = true;

2
profiles/servers/vaultwarden.nix
View File

@ -11,7 +11,6 @@
extendedLogging = true;
invitationsAllowed = false;
useSyslog = true;
# logFile = "/var/log/vaultwarden.log";
logLevel = "warn";
rocketAddress = "127.0.0.1";
rocketPort = 8812;
@ -29,7 +28,6 @@
websocketEnabled = true;
websocketPort = 3012;
webVaultEnabled = true;
# rocketWorkers = 10;
dataDir = "/var/lib/bitwarden_rs";
};
environmentFile = config.sops.secrets.vaultwarden.path;

3
profiles/servers/vscode-server.nix
View File

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, inputs, ... }: {
imports = [ inputs.vscode-server.nixosModule ];
services.vscode-server = {
enable = true;
nodejsPackage = pkgs.nodejs_18;

4
profiles/servers/webhooks.nix
View File

@ -23,14 +23,12 @@ in {
home = "/var/lib/webhook";
};
systemd.services.webhook.serviceConfig.EnvironmentFile = config.sops.secrets.webhook-blog.path;
services.webhook = {
enable = true;
port = 9510;
group = "webhook";
user = "webhook";
environmentFiles = [
config.sops.secrets.webhook-blog.path
];
hooksTemplated = {
publish-ataraxiadev-blog = ''
{

2
profiles/servers/wiki.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ ... }: {
services.kiwix-serve = {
enable = true;
port = 8190;

41
profiles/sound/default.nix
View File

@ -1,6 +1,37 @@
{ config, lib, pkgs, ... }: {
imports = [
./pipewire.nix
./easyeffects
];
{ config, pkgs, lib, ... }: {
sound.enable = false;
security.rtkit.enable = true;
hardware.pulseaudio.enable = lib.mkForce false;
services.jack.jackd.enable = lib.mkForce false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
environment.etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.hw-volume"] = "[ hfp_ag hsp_ag a2dp_source a2dp_sink ]",
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag a2dp_sink ]",
["bluez5.reconnect-profiles"] = "[ hsp_hs hfp_hf a2dp_sink ]",
}
'';
};
home-manager.users.${config.mainuser} = {
home.packages = [ pkgs.pavucontrol pkgs.pulseaudio ];
services.easyeffects.enable = true;
xdg.configFile = {
"easyeffects/output/HE4XX.json".text =
builtins.readFile ./easyeffects/HE4XX.json;
"easyeffects/output/Bluetooth.json".text =
builtins.readFile ./easyeffects/Bluetooth.json;
"easyeffects/input/noise_redaction.json".text =
builtins.readFile ./easyeffects/noise_reduction.json;
};
};
}

11
profiles/sound/easyeffects/default.nix
View File

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
xdg.configFile = {
"easyeffects/output/HE4XX.json".text =
builtins.readFile ./HE4XX.json;
"easyeffects/output/Bluetooth.json".text =
builtins.readFile ./Bluetooth.json;
};
services.easyeffects.enable = true;
};
}

261
profiles/sound/easyeffects/noise_reduction.json Normal file
View File

@ -0,0 +1,261 @@
{
"input": {
"blocklist": [],
"compressor#0": {
"attack": 5.0,
"boost-amount": 6.0,
"boost-threshold": -72.0,
"bypass": false,
"dry": -100.0,
"hpf-frequency": 10.0,
"hpf-mode": "off",
"input-gain": 0.0,
"knee": -6.0,
"lpf-frequency": 20000.0,
"lpf-mode": "off",
"makeup": 0.0,
"mode": "Downward",
"output-gain": 0.0,
"ratio": 4.0,
"release": 75.0,
"release-threshold": -40.0,
"sidechain": {
"lookahead": 0.0,
"mode": "RMS",
"preamp": 0.0,
"reactivity": 10.0,
"source": "Middle",
"stereo-split-source": "Left/Right",
"type": "Feed-forward"
},
"stereo-split": false,
"threshold": -20.0,
"wet": 0.0
},
"deesser#0": {
"bypass": false,
"detection": "RMS",
"f1-freq": 3000.0,
"f1-level": -6.0,
"f2-freq": 5000.0,
"f2-level": -6.0,
"f2-q": 1.5000000000000004,
"input-gain": 0.0,
"laxity": 15,
"makeup": 0.0,
"mode": "Wide",
"output-gain": 0.0,
"ratio": 5.0,
"sc-listen": false,
"threshold": -20.0
},
"equalizer#0": {
"balance": 0.0,
"bypass": false,
"input-gain": 0.0,
"left": {
"band0": {
"frequency": 50.0,
"gain": 3.0,
"mode": "RLC (BT)",
"mute": false,
"q": 0.7,
"slope": "x1",
"solo": false,
"type": "Hi-pass",
"width": 4.0
},
"band1": {
"frequency": 90.0,
"gain": 3.0,
"mode": "RLC (MT)",
"mute": false,
"q": 0.7,
"slope": "x1",
"solo": false,
"type": "Lo-shelf",
"width": 4.0
},
"band2": {
"frequency": 425.0,
"gain": -2.0,
"mode": "BWC (MT)",
"mute": false,
"q": 0.9999999999999998,
"slope": "x2",
"solo": false,
"type": "Bell",
"width": 4.0
},
"band3": {
"frequency": 3500.0,
"gain": 3.0,
"mode": "BWC (BT)",
"mute": false,
"q": 0.7,
"slope": "x2",
"solo": false,
"type": "Bell",
"width": 4.0
},
"band4": {
"frequency": 9000.0,
"gain": 2.0,
"mode": "LRX (MT)",
"mute": false,
"q": 0.7,
"slope": "x1",
"solo": false,
"type": "Hi-shelf",
"width": 4.0
}
},
"mode": "IIR",
"num-bands": 5,
"output-gain": 0.0,
"pitch-left": 0.0,
"pitch-right": 0.0,
"right": {
"band0": {
"frequency": 50.0,
"gain": 3.0,
"mode": "RLC (BT)",
"mute": false,
"q": 0.7,
"slope": "x1",
"solo": false,
"type": "Hi-pass",
"width": 4.0
},
"band1": {
"frequency": 90.0,
"gain": 3.0,
"mode": "RLC (MT)",
"mute": false,
"q": 0.7,
"slope": "x1",
"solo": false,
"type": "Lo-shelf",
"width": 4.0
},
"band2": {
"frequency": 425.0,
"gain": -2.0,
"mode": "BWC (MT)",
"mute": false,
"q": 0.9999999999999998,
"slope": "x2",
"solo": false,
"type": "Bell",
"width": 4.0
},
"band3": {
"frequency": 3500.0,
"gain": 3.0,
"mode": "BWC (BT)",
"mute": false,
"q": 0.7,
"slope": "x2",
"solo": false,
"type": "Bell",
"width": 4.0
},
"band4": {
"frequency": 9000.0,
"gain": 2.0,
"mode": "LRX (MT)",
"mute": false,
"q": 0.7,
"slope": "x1",
"solo": false,
"type": "Hi-shelf",
"width": 4.0
}
},
"split-channels": false
},
"gate#0": {
"attack": 1.0,
"bypass": false,
"curve-threshold": -50.0,
"curve-zone": -2.0,
"dry": -100.0,
"hpf-frequency": 10.0,
"hpf-mode": "off",
"hysteresis": true,
"hysteresis-threshold": -3.0,
"hysteresis-zone": -1.0,
"input-gain": 0.0,
"lpf-frequency": 20000.0,
"lpf-mode": "off",
"makeup": 1.0,
"output-gain": 0.0,
"reduction": -15.0,
"release": 200.0,
"sidechain": {
"input": "Internal",
"lookahead": 0.0,
"mode": "RMS",
"preamp": 0.0,
"reactivity": 10.0,
"source": "Middle",
"stereo-split-source": "Left/Right"
},
"stereo-split": false,
"wet": -1.0
},
"limiter#0": {
"alr": false,
"alr-attack": 5.0,
"alr-knee": 0.0,
"alr-release": 50.0,
"attack": 1.0,
"bypass": false,
"dithering": "16bit",
"external-sidechain": false,
"gain-boost": true,
"input-gain": 0.0,
"lookahead": 5.0,
"mode": "Herm Wide",
"output-gain": 0.0,
"oversampling": "Half x2(2L)",
"release": 5.0,
"sidechain-preamp": 0.0,
"stereo-link": 100.0,
"threshold": -1.0
},
"plugins_order": [
"rnnoise#0",
"gate#0",
"deesser#0",
"compressor#0",
"equalizer#0",
"speex#0",
"limiter#0"
],
"rnnoise#0": {
"bypass": false,
"enable-vad": false,
"input-gain": 0.0,
"model-path": "",
"output-gain": 0.0,
"release": 20.0,
"vad-thres": 50.0,
"wet": 0.0
},
"speex#0": {
"bypass": false,
"enable-agc": false,
"enable-denoise": false,
"enable-dereverb": false,
"input-gain": 0.0,
"noise-suppression": -70,
"output-gain": 0.0,
"vad": {
"enable": true,
"probability-continue": 90,
"probability-start": 95
}
}
}
}

31
profiles/sound/pipewire.nix
View File

@ -1,31 +0,0 @@
{ config, pkgs, lib, ... }: {
sound.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
environment.etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.hw-volume"] = "[ hfp_ag hsp_ag a2dp_source a2dp_sink ]",
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag a2dp_sink ]",
["bluez5.reconnect-profiles"] = "[ hsp_hs hfp_hf a2dp_sink ]",
}
'';
};
home-manager.users.${config.mainuser} = {
home.packages = [ pkgs.pavucontrol pkgs.pulseaudio ];
};
security.rtkit.enable = true;
hardware.pulseaudio.enable = lib.mkForce false;
services.jack.jackd.enable = lib.mkForce false;
}

4
profiles/themes.nix
View File

@ -1,6 +1,6 @@
{ config, lib, pkgs, inputs, ... }: {
{ pkgs, ... }: {
config.themes.base16 = with config.deviceSpecific.devInfo; {
config.themes.base16 = {
enable = true;
# customScheme = {
# enable = true;

2
profiles/vpn.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ lib, config, ... }:
let
isTailscale = config.deviceSpecific.vpn.tailscale.enable;
wg = config.deviceSpecific.vpn.wireguard;

23
profiles/workspace/aria2.nix
View File

@ -1,18 +1,17 @@
{ config, lib, pkgs, ... }:
{ config, ... }:
let
homeDir = config.home-manager.users.${config.mainuser}.home.homeDirectory;
in {
# TODO: enable websocket (--rpc-certificate)
services.aria2 = {
enable = true;
downloadDir = "/media/aria2";
rpcListenPort = 6800;
# FIXME: I can expose this, since i listen rpc only on localhost
# but in future it's better to implement read key from secrets before start daemon
rpcSecret = "secret";
# listenPortRange = {};
openPorts = false;
home-manager.users.${config.mainuser} = {
programs.aria2 = {
enable = true;
settings = {
dir = "${homeDir}/Downloads/aria2";
listen-port = "6881-6999";
rpc-listen-port = 6800;
};
};
};
# networking.firewall.allowedTCPPorts = [ config.services.aria2.rpcListenPort ];
persist.state.directories = [ "/media/aria2" ];
}

2
profiles/workspace/cursor.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ lib, config, ... }:
let
thm = config.lib.base16.theme;
in {

2
profiles/workspace/gtk.nix
View File

@ -3,7 +3,7 @@ let
thm = config.lib.base16.theme;
in {
nixpkgs.overlays = [
(self: super: {
(_self: _super: {
generated-gtk-theme =
pkgs.callPackage "${inputs.rycee}/pkgs/materia-theme" {
configBase16 = {

20
profiles/workspace/hyprland/default.nix
View File

@ -17,8 +17,8 @@ let
${gsettings} set ${gnomeSchema} font-name "$font_name"
'';
screen-ocr = pkgs.writeShellScriptBin "screen-ocr" ''
${pkgs.grim}/bin/grim -g "$(${pkgs.slurp}/bin/slurp) - | ${pkgs.tesseract5}/bin/tesseract -l eng - - | ${pkgs.wl-clipboard}/bin/wl-copy"
screen-ocr = pkgs.writeShellScript "screen-ocr" ''
${pkgs.grim}/bin/grim -g "$(${pkgs.slurp}/bin/slurp)" - | ${pkgs.tesseract}/bin/tesseract -l eng - - | ${pkgs.wl-clipboard}/bin/wl-copy
'';
hyprpaper-pkg = inputs.hyprpaper.packages.${pkgs.hostPlatform.system}.hyprpaper;
@ -28,9 +28,7 @@ in with config.deviceSpecific; with lib; {
programs.ydotool.enable = true;
programs.hyprland.enable = true;
home-manager.users.${config.mainuser} = {
imports = [
inputs.hyprland.homeManagerModules.default
];
imports = [ inputs.hyprland.homeManagerModules.default ];
services.udiskie.enable = !isServer;
services.gammastep = {
enable = !isServer;
@ -62,7 +60,6 @@ in with config.deviceSpecific; with lib; {
xwayland.enable = true;
extraConfig = let
modifier = "SUPER";
script = name: content: "${pkgs.writeScript name content}";
in concatStrings [
''
${if config.device == "AMD-Workstation" then ''
@ -79,7 +76,6 @@ in with config.deviceSpecific; with lib; {
gaps_out=16
col.active_border=0xAA${thm.base08-hex}
col.inactive_border=0xAA${thm.base0A-hex}
# layout=dwindle # Available: dwindle, master, default is dwindle
sensitivity=1
col.nogroup_border=0xCC${thm.base0A-hex}
col.nogroup_border_active=0xAA${thm.base08-hex}
@ -113,7 +109,7 @@ in with config.deviceSpecific; with lib; {
numlock_by_default=true
force_no_accel=true
${if config.device == "AMD-Workstation" then ''
sensitivity=0.35
sensitivity=0.3
'' else ''
sensitivity=1.3
''}
@ -157,7 +153,6 @@ in with config.deviceSpecific; with lib; {
bind=${modifier},f11,exec,sleep 1 && hyprctl dispatch dpms off
bind=${modifier},f12,exec,sleep 1 && hyprctl dispatch dpms on
bind=${modifier},escape,exec,${apps.monitor.cmd}
bind=${modifier},w,exec,${apps.dmenu.desktop} -show run
bind=${modifier}CTRL,w,exec,${apps.dmenu.desktop} -show drun -modi drun -show-icons
@ -196,7 +191,7 @@ in with config.deviceSpecific; with lib; {
bind=${modifier},c,changegroupactive,b
bind=${modifier},v,changegroupactive,f
bind=${modifier},V,exec,${pkgs.cliphist}/bin/cliphist list | ${apps.dmenu.desktop} -dmenu | ${pkgs.cliphist}/bin/cliphist decode | ${pkgs.wl-clipboard}/bin/wl-copy
bindr=${modifier},insert,exec,${screen-ocr}/bin/screen-ocr
bindr=${modifier},insert,exec,${screen-ocr}
bind=${modifier},1,workspace,1
bind=${modifier},2,workspace,2
@ -290,9 +285,7 @@ in with config.deviceSpecific; with lib; {
env=QT_AUTO_SCREEN_SCALE_FACTOR=1
env=QT_WAYLAND_DISABLE_WINDOWDECORATION=1
env=QT_QPA_PLATFORMTHEME=qt5ct
''
###
''
'' ''
exec=${importGsettings}
exec-once=${hyprpaper-pkg}/bin/hyprpaper
exec-once=hyprctl setcursor ${config.lib.base16.theme.cursorTheme} ${toString config.lib.base16.theme.cursorSize}
@ -301,7 +294,6 @@ in with config.deviceSpecific; with lib; {
exec-once=${pkgs.wl-clipboard}/bin/wl-paste --type image --watch ${pkgs.cliphist}/bin/cliphist store
''
(concatMapStrings (c: "exec-once=" + c + "\n") config.startupApplications)
];
};
};

2
profiles/workspace/light.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
programs.light.enable = config.deviceSpecific.isLaptop;
services.actkbd = {
enable = config.deviceSpecific.isLaptop;

2
profiles/workspace/locale.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, lib, ... }:
{ config, ... }:
let
en = "en_US.UTF-8";
ru = "ru_RU.UTF-8";

4
profiles/workspace/misc.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ lib, config, ... }:
with config.deviceSpecific; {
environment.sessionVariables =
@ -16,7 +16,7 @@ with config.deviceSpecific; {
services.upower.enable = isLaptop;
xdg.portal.enable = true;
xdg.portal.config.common.default = "*";
xdg.portal.xdgOpenUsePortal = true;
# xdg.portal.xdgOpenUsePortal = true;
home-manager.users.${config.mainuser} = {
news.display = "silent";

2
profiles/workspace/ssh.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ config, ... }:
with config.deviceSpecific; {
services.openssh = {
enable = true;

228
profiles/workspace/waybar/default.nix
View File

@ -1,7 +1,10 @@
{ config, lib, pkgs, inputs, ... }:
{ config, pkgs, ... }:
with config.deviceSpecific; {
home-manager.users.${config.mainuser}.programs.waybar = {
enable = true;
style = builtins.readFile ./style.css;
systemd.enable = true;
systemd.target = "hyprland-session.target";
settings = {
mainBar = {
layer = "top";
@ -90,228 +93,5 @@ with config.deviceSpecific; {
};
};
};
style = ''
* {
border: none;
border-radius: 0;
/* `otf-font-awesome` is required to be installed for icons */
font-family: IBM Plex Mono;
font-size: 14px;
min-height: 14px;
}
window#waybar {
background: transparent;
}
window#waybar.hidden {
opacity: 0.2;
}
#workspaces {
margin-right: 8px;
border-radius: 10px;
transition: none;
background: #383c4a;
}
#workspaces button {
transition: none;
color: #7c818c;
background: transparent;
padding: 5px;
font-size: 12px;
}
#workspaces button.persistent {
color: #7c818c;
font-size: 12px;
}
#workspaces button:hover {
transition: none;
box-shadow: inherit;
text-shadow: inherit;
border-radius: inherit;
color: #383c4a;
background: #7c818c;
}
#workspaces button.focused {
color: white;
}
#language {
padding-left: 16px;
padding-right: 8px;
border-radius: 10px 0px 0px 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#keyboard-state {
margin-right: 8px;
padding-right: 16px;
border-radius: 0px 10px 10px 0px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#custom-mail { /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
margin-right: 8px;
padding-right: 16px;
border-radius: 0px 10px 10px 0px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#mode {
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#clock {
padding-left: 16px;
padding-right: 16px;
border-radius: 10px 0px 0px 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#custom-weather {
padding-right: 16px;
border-radius: 0px 10px 10px 0px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#pulseaudio {
margin-right: 8px;
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none; /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
color: #ffffff;
background: #383c4a;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#custom-mem {
margin-right: 8px;
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#temperature {
margin-right: 8px;
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#temperature.critical {
background-color: #eb4d4b;
}
#backlight {
margin-right: 8px;
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#disk {
margin-right: 8px;
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#battery {
margin-right: 8px;
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#battery.charging {
color: #ffffff;
background-color: #26A65B;
}
#battery.warning:not(.charging) {
background-color: #ffbe61;
color: black;
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#tray {
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
#cpu {
margin-right: 8px;
padding-left: 16px;
padding-right: 16px;
border-radius: 10px;
transition: none;
color: #ffffff;
background: #383c4a;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
'';
systemd.enable = true;
systemd.target = "hyprland-session.target";
};
}

Some files were not shown because too many files have changed in this diff Show More