kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Formatting + update

Browse source
This commit is contained in:
Aleksandr Lebedev 2025-07-25 22:56:40 +02:00
parent 93de64c64e
commit 9c895e9cc0
61 changed files with 2350 additions and 2100 deletions
Download patch file Download diff file Expand all files Collapse all files

25
disko/ext4-swap.nix
View file

@ -1,5 +1,7 @@
{ device, swapSize ? "16G" }:
{
device,
swapSize ? "16G",
}: {
disko.devices = {
disk.${device} = {
type = "disk";
@ -7,7 +9,8 @@
content = {
type = "gpt"; # Initialize the disk with a GPT partition table
partitions = {
ESP = { # Setup the EFI System Partition
ESP = {
# Setup the EFI System Partition
type = "EF00"; # Set the partition type
size = "1000M"; # Make the partition a gig
content = {
@ -16,7 +19,8 @@
mountpoint = "/boot"; # Mount it to /boot
};
};
primary = { # Setup the LVM partition
primary = {
# Setup the LVM partition
size = "100%"; # Fill up the rest of the drive with it
content = {
type = "lvm_pv"; # pvcreate
@ -26,17 +30,22 @@
};
};
};
lvm_vg = { # vgcreate
vg1 = { # /dev/vg1
lvm_vg = {
# vgcreate
vg1 = {
# /dev/vg1
type = "lvm_vg";
lvs = { # lvcreate
swap = { # Logical Volume = "swap", /dev/vg1/swap
lvs = {
# lvcreate
swap = {
# Logical Volume = "swap", /dev/vg1/swap
size = swapSize;
content = {
type = "swap";
};
};
root = { # Logical Volume = "root", /dev/vg1/root
root = {
# Logical Volume = "root", /dev/vg1/root
size = "100%FREE"; # Use the remaining space in the Volume Group
content = {
type = "filesystem";

4
disko/ext4.nix
View file

@ -1,5 +1,7 @@
{ device, mountpoint ? "/run/extraDrive" }:
{
device,
mountpoint ? "/run/extraDrive",
}: {
disko.devices = {
disk = {
"${device}" = {

5
disko/impermanence-btrfs.nix
View file

@ -1,7 +1,4 @@
{
device ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
{device ? throw "Set this to your disk device, e.g. /dev/sda", ...}: {
disko.devices = {
disk.main = {
inherit device;

26
disko/impermanence-tmpfs-luks.nix
View file

@ -1,8 +1,4 @@
{
device ? throw "Set this to your disk device, e.g. /dev/sda",
...
}:
{
{device ? throw "Set this to your disk device, e.g. /dev/sda", ...}: {
disko.devices = {
disk = {
main = {
@ -52,31 +48,33 @@
nodev = {
"/" = {
fsType = "tmpfs";
mountOptions = [ "defaults" "size=8G" "mode=755" ];
mountOptions = ["defaults" "size=8G" "mode=755"];
};
};
};
fileSystems."/persist" = {
depends = [ "/" ];
depends = ["/"];
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/persist/nix";
options = [ "bind" ];
depends = [ "/persist" ];
options = ["bind"];
depends = ["/persist"];
neededForBoot = true;
};
fileSystems."/tmp" = {
device = "/persist/tmp";
options = [ "bind" ];
depends = [ "/persist" ];
options = ["bind"];
depends = ["/persist"];
neededForBoot = true;
};
swapDevices = [{
swapDevices = [
{
device = "/persist/swapfile";
size = 64*1024; # 64 GB
}];
size = 64 * 1024; # 64 GB
}
];
boot.resumeDevice = "/persist/swapfile";
}

5
disko/impermanence-tmpfs.nix
View file

@ -1,7 +1,4 @@
{
device ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
{device ? throw "Set this to your disk device, e.g. /dev/sda", ...}: {
disko.devices = {
disk.main = {
inherit device;

18
flake.lock generated
View file

@ -333,11 +333,11 @@
]
},
"locked": {
"lastModified": 1753393138,
"narHash": "sha256-mJp8QEFiVQNc3fZLf5zeKGIHeigMj33LYQ0EogcHz5g=",
"lastModified": 1753476892,
"narHash": "sha256-VZg9Oq9apTi2JEnlOSiCGl6iglwqNFr6A2u3CTWqGpQ=",
"owner": "kylekrein",
"repo": "emacs-config",
"rev": "f3880c6f9f32661dfae8d10f2fd522561dc73f25",
"rev": "1b0367dca5e6b37e2ca9c53f41f2316a5bf335eb",
"type": "github"
},
"original": {
@ -358,11 +358,11 @@
]
},
"locked": {
"lastModified": 1753376867,
"narHash": "sha256-FAPCW/szK3qvCUD+ThOX4sFyqz/MSadJ4SltA8lNamc=",
"lastModified": 1753460825,
"narHash": "sha256-MNu9l5nukxFpT5LzsT7Q83BqmO36EByn6/o/xA7hu7I=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "b8df6094952273f3b7e5e7c99b96ed1bf9830034",
"rev": "07c08ea0037b2fd7e0b5416361586d4552ac8255",
"type": "github"
},
"original": {
@ -1233,11 +1233,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1753468267,
"narHash": "sha256-KnwZCY92VjKvGyjnsnNHOvG9mllpFbKyeUkDpD//nvs=",
"lastModified": 1753473560,
"narHash": "sha256-bT4abIU3eGDraRATwkdeJAeIvxt9e23dhpjjp2dsRqg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dd386adc75a0061fbb9b1b62595dbc8c52330648",
"rev": "a6b41ef5e0c274f96b1f1b52b3d382302763f62a",
"type": "github"
},
"original": {

62
flake.nix
View file

@ -78,17 +78,18 @@
nixpkgs-unstable,
...
} @ inputs: let
#systems = ["aarch64-linux" "x86_64-linux" ];
#forAllSystems = nixpkgs.lib.genAttrs systems;
#pkgs = import nixpkgs {
# inherit system;
# config = {
# allowUnfree = true;
# };
#};
systems = ["aarch64-linux" "x86_64-linux"];
eachSystem = nixpkgs.lib.genAttrs systems;
pkgsFor = eachSystem (system:
import nixpkgs {
localSystem = system;
overlays = [
];
});
arm = "aarch64-linux";
x86 = "x86_64-linux";
ladybirdMaster = self: super: { ladybird = super.ladybird.overrideAttrs(old: {
ladybirdMaster = self: super: {
ladybird = super.ladybird.overrideAttrs (old: {
src = super.fetchFromGitHub {
owner = "LadybirdWebBrowser";
repo = "ladybird";
@ -96,16 +97,22 @@
hash = "sha256-hJkK7nag3Z9E8etPFCo0atUEJJnPjjkl7sle/UwkzbE=";
};
version = "0-unstable-2025-05-22";
});};
});
};
nativePackagesOverlay = self: super: {
stdenv = super.impureUseNativeOptimizations super.stdenv;
};
kylekrein-homepc-pkgs = nixpkgs: import nixpkgs {
kylekrein-homepc-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
inputs.beeengine.overlays.${x86}
(final: prev: { #https://github.com/NixOS/nixpkgs/issues/388681
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [(
(final: prev: {
#https://github.com/NixOS/nixpkgs/issues/388681
pythonPackagesExtensions =
prev.pythonPackagesExtensions
++ [
(
python-final: python-prev: {
onnxruntime = python-prev.onnxruntime.overridePythonAttrs (
oldAttrs: {
@ -113,7 +120,8 @@
}
);
}
)];
)
];
})
#nativePackagesOverlay
#ladybirdMaster
@ -124,7 +132,8 @@
cudaSupport = true;
};
};
kylekrein-server-pkgs = nixpkgs: import nixpkgs {
kylekrein-server-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
(self: super: {
@ -138,7 +147,8 @@
allowUnfree = true;
};
};
kylekrein-framework12-pkgs = nixpkgs: import nixpkgs {
kylekrein-framework12-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
inputs.beeengine.overlays.${x86}
@ -148,7 +158,8 @@
allowUnfree = true;
};
};
kylekrein-mac-pkgs = nixpkgs: import nixpkgs {
kylekrein-mac-pkgs = nixpkgs:
import nixpkgs {
system = arm;
overlays = [
inputs.beeengine.overlays.${arm}
@ -162,7 +173,8 @@
allowUnsupportedSystem = true;
};
};
kylekrein-wsl-pkgs = nixpkgs: import nixpkgs {
kylekrein-wsl-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
#nativePackagesOverlay
@ -171,7 +183,8 @@
allowUnfree = true;
};
};
andrej-pc-pkgs = nixpkgs: import nixpkgs {
andrej-pc-pkgs = nixpkgs:
import nixpkgs {
system = x86;
overlays = [
inputs.beeengine.overlays.${x86}
@ -186,6 +199,12 @@
first-nixos-install = "1729112485"; #stat -c %W /
in {
formatter = eachSystem (
system: let
pkgs = pkgsFor.${system};
in
pkgs.alejandra
);
nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs {
system = "aarch64-linux";
@ -329,7 +348,10 @@
system = x86;
pkgs = andrej-pc-pkgs nixpkgs;
modules = [
(import ./disko/ext4-swap.nix {device = "/dev/sda"; swapSize = "16G";})
(import ./disko/ext4-swap.nix {
device = "/dev/sda";
swapSize = "16G";
})
(import ./disko/ext4.nix {device = "/dev/sdb";})
./nixos/hosts/andrej-pc/configuration.nix
];

24
nixos/configuration.nix
View file

@ -10,11 +10,10 @@
inputs,
unstable-pkgs,
...
}:
let
in
{
imports = [
}: let
in {
imports =
[
inputs.sops-nix.nixosModules.sops
inputs.nixos-facter-modules.nixosModules.facter
inputs.home-manager.nixosModules.default
@ -32,11 +31,12 @@ in
./modules/gnupg
./modules/direnv
./hosts/${hwconfig.hostname}
] ++ lib.optional (hwconfig.useImpermanence) ./modules/impermanence;
]
++ lib.optional (hwconfig.useImpermanence) ./modules/impermanence;
facter.reportPath = ./hosts/${hwconfig.hostname}/facter.json;
kylekrein.services.autoUpgrade = {
enable = true;
pushUpdates = false;#if hwconfig.hostname == "kylekrein-homepc" then true else false;
pushUpdates = false; #if hwconfig.hostname == "kylekrein-homepc" then true else false;
configDir = "/etc/nixos-config";
user = "root";
};
@ -45,7 +45,10 @@ in
kernelPackages = lib.mkDefault pkgs.linuxPackages_6_14;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = if hwconfig.hostname != "kylekrein-mac" then true else false;
efi.canTouchEfiVariables =
if hwconfig.hostname != "kylekrein-mac"
then true
else false;
};
# Hide the OS choice for bootloaders.
# It's still possible to open the bootloader list by pressing any key
@ -63,7 +66,6 @@ in
#flatpak
#kk.services.flatpak.enable = hwconfig.system != "aarch64-linux";
services.flatpak.packages = [
];
# Enable networking
@ -289,8 +291,8 @@ in
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 53317 ];
networking.firewall.allowedUDPPorts = [ 22 53317 ];
networking.firewall.allowedTCPPorts = [22 53317];
networking.firewall.allowedUDPPorts = [22 53317];
# Or disable the firewall altogether.
#networking.firewall.enable = false;

16
nixos/hardware/apple-silicon-linux/default.nix
View file

@ -4,12 +4,12 @@
inputs,
...
}: let
pkgs-master = import inputs.nixpkgs-master {
pkgs-master = import inputs.nixpkgs-master {
inherit (pkgs) system;
config.allowUnfree = true;
};
};
in {
nixpkgs = {
nixpkgs = {
overlays = [
(self: super: {
widevine-cdm = pkgs-master.widevine-cdm;
@ -23,17 +23,17 @@ nixpkgs = {
imports = [
#./apple-silicon-support
];
programs.firefox.policies.Preferences = {
programs.firefox.policies.Preferences = {
"media.gmp-widevinecdm.version" = "system-installed";
"media.gmp-widevinecdm.visible" = true;
"media.gmp-widevinecdm.enabled" = true;
"media.gmp-widevinecdm.autoupdate" = false;
"media.eme.enabled" = true;
"media.eme.encrypted-media-encryption-scheme.enabled" = true;
};
programs.firefox.autoConfig = ''
// Zhu
lockPref("general.useragent.override","Mozilla/5.0 (X11; CrOS aarch64 15236.80.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.125 Safari/537.36");''; #doesn't work. You need to manually add this to about:config
};
programs.firefox.autoConfig = ''
// Zhu
lockPref("general.useragent.override","Mozilla/5.0 (X11; CrOS aarch64 15236.80.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.125 Safari/537.36");''; #doesn't work. You need to manually add this to about:config
hardware.asahi = {
peripheralFirmwareDirectory = ./firmware;
useExperimentalGPUDriver = true; #deprecated

6
nixos/hardware/apple-silicon-linux/homemac.nix
View file

@ -1,5 +1,4 @@
{pkgs, ...}:
{
{pkgs, ...}: {
programs.firefox.profiles.default.settings = {
"media.gmp-widevinecdm.version" = pkgs.widevinecdm-aarch64.version;
"media.gmp-widevinecdm.visible" = true;
@ -12,7 +11,7 @@
home.file."firefox-widevinecdm" = {
enable = true;
target = ".mozilla/firefox/default/gmp-widevinecdm";
source = pkgs.runCommandLocal "firefox-widevinecdm" { } ''
source = pkgs.runCommandLocal "firefox-widevinecdm" {} ''
out=$out/${pkgs.widevinecdm-aarch64.version}
mkdir -p $out
ln -s ${pkgs.widevinecdm-aarch64}/manifest.json $out/manifest.json
@ -20,5 +19,4 @@
'';
recursive = true;
};
}

3
nixos/hardware/apple-silicon-linux/widevine-overlay.nix
View file

@ -1,5 +1,4 @@
prev: final:
{
prev: final: {
widevinecdm-aarch64 = import ./widevine.nix {
inherit (final) stdenvNoCC fetchFromGitHub fetchurl python3 squashfsTools nspr;
};

28
nixos/hardware/apple-silicon-linux/widevine.nix
View file

@ -1,11 +1,11 @@
{ stdenvNoCC
, fetchFromGitHub
, fetchurl
, python3
, squashfsTools
, nspr
}:
let
{
stdenvNoCC,
fetchFromGitHub,
fetchurl,
python3,
squashfsTools,
nspr,
}: let
widevine-installer = fetchFromGitHub {
owner = "AsahiLinux";
repo = "widevine-installer";
@ -13,24 +13,22 @@ let
sha256 = "sha256-XI1y4pVNpXS+jqFs0KyVMrxcULOJ5rADsgvwfLF6e0Y=";
};
lacros-image = fetchurl {
url =
let
url = let
distfiles_base = "https://commondatastorage.googleapis.com/chromeos-localmirror/distfiles";
lacros_name = "chromeos-lacros-arm64-squash-zstd";
lacrosVersion = "120.0.6098.0";
in
"${distfiles_base}/${lacros_name}-${lacrosVersion}";
in "${distfiles_base}/${lacros_name}-${lacrosVersion}";
hash = "sha256-OKV8w5da9oZ1oSGbADVPCIkP9Y0MVLaQ3PXS3ZBLFXY=";
};
in
stdenvNoCC.mkDerivation {
stdenvNoCC.mkDerivation {
name = "widevine";
version = "4.10.2662.3";
dontUnpack = true;
dontBuild = true;
buildInputs = [ python3 squashfsTools ];
buildInputs = [python3 squashfsTools];
installPhase = ''
mkdir $out
@ -40,4 +38,4 @@ stdenvNoCC.mkDerivation {
mv squashfs-root/WidevineCdm/LICENSE $out/
patchelf --add-rpath ${nspr}/lib $out/libwidevinecdm.so
'';
}
}

11
nixos/hardware/nvidia/default.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
hardware = {
graphics = {
enable = true;
@ -16,7 +20,7 @@
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;#false;
powerManagement.enable = true; #false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
@ -41,7 +45,7 @@
logitech.wireless.enable = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.videoDrivers = ["nvidia"];
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.mkDriver { #fixes https://github.com/NixOS/nixpkgs/issues/375730 temporary
# version = "570.133.07"; # use new 570 drivers
# sha256_64bit = "sha256-LUPmTFgb5e9VTemIixqpADfvbUX1QoTT2dztwI3E3CY=";
@ -49,5 +53,4 @@
# settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8=";
# usePersistenced = false;
#};
}

17
nixos/home.nix
View file

@ -7,16 +7,14 @@
username,
inputs,
...
}:
let
in
{
}: let
in {
imports =
[
#./modules/fastfetch
#./modules/tmux/home.nix
]
++ lib.optional (lib.strings.hasInfix "kylekrein" hwconfig.hostname) ./modules/fastfetch
++ lib.optional (lib.strings.hasInfix "kylekrein" hwconfig.hostname) ./modules/fastfetch
++ lib.optional (hwconfig.useImpermanence) (
import ./modules/impermanence/home.nix {
inherit username;
@ -33,7 +31,14 @@ in
# }
#)
++ lib.optional (builtins.pathExists ./homes/${username}) (
import ./homes/${username} { inherit username; inherit config; inherit pkgs; inherit lib; inherit inputs; inherit hwconfig; }
import ./homes/${username} {
inherit username;
inherit config;
inherit pkgs;
inherit lib;
inherit inputs;
inherit hwconfig;
}
);
# Home Manager needs a bit of information about you and the paths it should
# manage.

40
nixos/homes/kylekrein/battery-status.nix
View file

@ -1,6 +1,13 @@
{pkgs, hwconfig, ...}:
let
battery-path = "/sys/class/power_supply/${if hwconfig.hostname == "kylekrein-mac" then "macsmc-battery" else "BAT0"}";
{
pkgs,
hwconfig,
...
}: let
battery-path = "/sys/class/power_supply/${
if hwconfig.hostname == "kylekrein-mac"
then "macsmc-battery"
else "BAT0"
}";
get-battery-level = "${pkgs.writeShellScriptBin "get-battery-level" ''
cat ${battery-path}/capacity 2>/dev/null || echo "N/A"
''}/bin/get-battery-level";
@ -8,11 +15,11 @@ let
cat ${battery-path}/status 2>/dev/null || echo "Unknown"
''}/bin/get-status";
get-icon = "${pkgs.writeShellScriptBin "get-icon" ''
BATTERY_LEVEL=$(${get-battery-level})
STATUS=$(${get-status})
if [[ "$BATTERY_LEVEL" == "N/A" ]]; then
BATTERY_LEVEL=$(${get-battery-level})
STATUS=$(${get-status})
if [[ "$BATTERY_LEVEL" == "N/A" ]]; then
ICON="󰂑 "
elif [[ "$STATUS" == "Charging" ]]; then
elif [[ "$STATUS" == "Charging" ]]; then
if [[ $BATTERY_LEVEL -ge 90 ]]; then
ICON="󰂋 "
elif [[ $BATTERY_LEVEL -ge 80 ]]; then
@ -34,7 +41,7 @@ elif [[ "$STATUS" == "Charging" ]]; then
else
ICON="󰢜 "
fi
else
else
if [[ $BATTERY_LEVEL -ge 90 ]]; then
ICON="󰂂 "
elif [[ $BATTERY_LEVEL -ge 70 ]]; then
@ -48,23 +55,22 @@ else
else
ICON="󰁺 "
fi
fi
fi
echo "$ICON"
echo "$ICON"
''}/bin/get-icon";
get-remaining-time = "${pkgs.writeShellScriptBin "get-remaining-time" ''
REMAINING_ENERGY=$(cat ${battery-path}/energy_now)
POWER_USAGE=$(cat ${battery-path}/power_now)
if [[ -n "$REMAINING_ENERGY" && -n "$POWER_USAGE" && "$POWER_USAGE" -ne 0 ]]; then
REMAINING_ENERGY=$(cat ${battery-path}/energy_now)
POWER_USAGE=$(cat ${battery-path}/power_now)
if [[ -n "$REMAINING_ENERGY" && -n "$POWER_USAGE" && "$POWER_USAGE" -ne 0 ]]; then
TIME_LEFT=$((0 - (REMAINING_ENERGY / POWER_USAGE)))
MINUTES_LEFT=$(((0 - ( (REMAINING_ENERGY * 60) / POWER_USAGE )) - (TIME_LEFT * 60)))
echo "$TIME_LEFT h $MINUTES_LEFT min"
else
else
echo ""
fi
fi
''}/bin/get-remaining-time";
in
{
in {
available = hwconfig.isLaptop;
icon = get-icon;
status = get-status;

16
nixos/homes/kylekrein/default.nix
View file

@ -1,7 +1,17 @@
{config, username, pkgs, lib, inputs, hwconfig, ...}: {
imports = [
{
config,
username,
pkgs,
lib,
inputs,
hwconfig,
...
}: {
imports =
[
./git.nix
] ++ lib.optional (lib.strings.hasInfix "kylekrein" hwconfig.hostname) (
]
++ lib.optional (lib.strings.hasInfix "kylekrein" hwconfig.hostname) (
import ./niri.nix {
inherit pkgs;
inherit config;

27
nixos/homes/kylekrein/hyprlock.nix
View file

@ -1,9 +1,16 @@
{ pkgs, lib, hwconfig, ... }:
let
profile-image = ./nixos-warbler.png;
battery-level = (import ./battery-status.nix {inherit pkgs; inherit hwconfig;}).labelPercent;
in
{
pkgs,
lib,
hwconfig,
...
}: let
profile-image = ./nixos-warbler.png;
battery-level =
(import ./battery-status.nix {
inherit pkgs;
inherit hwconfig;
}).labelPercent;
in {
programs.hyprlock = {
enable = true;
settings = {
@ -52,7 +59,8 @@ in
halign = "center";
valign = "center";
};
label = [
label =
[
{
text = "$USER";
font_family = "Fira Code";
@ -77,16 +85,15 @@ in
halign = "right";
valign = "bottom";
}
] ++ lib.optional (hwconfig.isLaptop) (
{
]
++ lib.optional (hwconfig.isLaptop) {
text = ''cmd[update:10000] ${battery-level}'';
font_family = "JetBrains Mono";
font_size = 28;
position = "20, 20";
halign = "left";
valign = "bottom";
});
};
};
};
}

4
nixos/homes/kylekrein/lisgd.nix
View file

@ -1,2 +1,2 @@
{ pkgs }:
pkgs.lisgd.override { conf = ./lisgd-config.h; }
{pkgs}:
pkgs.lisgd.override {conf = ./lisgd-config.h;}

59
nixos/homes/kylekrein/niri.nix
View file

@ -1,8 +1,15 @@
#https://github.com/sodiboo/niri-flake/blob/main/default-config.kdl.nix
#https://github.com/sodiboo/niri-flake/blob/main/docs.md
#https://github.com/sodiboo/system/blob/main/niri.mod.nix
{config, pkgs, lib, inputs, hwconfig, username, ...}:
{
config,
pkgs,
lib,
inputs,
hwconfig,
username,
...
}: {
programs.fuzzel = {
enable = true;
settings.main.terminal = "kitty";
@ -14,7 +21,8 @@
./waybar
./hyprlock.nix
];
home.packages = with pkgs;[
home.packages = with pkgs;
[
nwg-drawer
wlogout
brightnessctl
@ -24,7 +32,8 @@
libnotify
hyprlock
networkmanagerapplet
] ++ lib.optionals (hwconfig.hasTouchscreen) (with pkgs;[
]
++ lib.optionals (hwconfig.hasTouchscreen) (with pkgs; [
wvkbd # https://github.com/jjsullivan5196/wvkbd
]);
programs.niri = {
@ -51,7 +60,7 @@
};
touchscreen-gestures = lib.mkIf (hwconfig.hasTouchscreen) {
command = [
"${lib.getExe (import ./lisgd.nix { inherit pkgs; })}" #https://git.sr.ht/~mil/lisgd
"${lib.getExe (import ./lisgd.nix {inherit pkgs;})}" #https://git.sr.ht/~mil/lisgd
];
};
in [
@ -106,8 +115,7 @@
];
default-column-width = {proportion = 1.0 / 2.0;};
};
binds = with config.lib.niri.actions;
let
binds = with config.lib.niri.actions; let
sh = spawn "sh" "-c";
emacs = action: sh "emacsclient -c --eval \"${action}\"";
homedir = "/home/${username}/";
@ -159,7 +167,6 @@
"Mod+Shift+Ctrl+Left".action = move-column-to-monitor-left;
"Mod+Shift+Ctrl+Right".action = move-column-to-monitor-right;
"XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+";
"XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-";
"XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
@ -177,7 +184,13 @@
warp-mouse-to-focus.enable = true;
keyboard = {
xkb.layout = "us, ru, de";
xkb.options = "grp:lctrl_toggle, ctrl:nocaps" + (if hwconfig.hostname == "kylekrein-mac" then ", altwin:swap_alt_win" else "");
xkb.options =
"grp:lctrl_toggle, ctrl:nocaps"
+ (
if hwconfig.hostname == "kylekrein-mac"
then ", altwin:swap_alt_win"
else ""
);
track-layout = "window";
numlock = true;
};
@ -199,7 +212,8 @@
DISPLAY = ":0";
};
window-rules = [
{ #active
{
#active
matches = [
{
is-active = true;
@ -207,7 +221,8 @@
];
opacity = 1.0;
}
{ #inactive
{
#inactive
matches = [
{
is-active = false;
@ -215,7 +230,8 @@
];
opacity = 1.0;
}
{ #opaque
{
#opaque
matches = [
{
app-id = "emacs";
@ -226,7 +242,8 @@
];
opacity = 1.0;
}
{ #app-launcher
{
#app-launcher
matches = [
{
title = "emacs-run-launcher";
@ -235,7 +252,8 @@
open-floating = true;
open-focused = true;
}
{ #PiP
{
#PiP
matches = [
{
title = "Picture-in-Picture";
@ -244,7 +262,11 @@
open-floating = true;
open-focused = false;
opacity = 1.0;
default-floating-position = { x = 0; y = 0; relative-to = "top-right"; };
default-floating-position = {
x = 0;
y = 0;
relative-to = "top-right";
};
}
];
debug = lib.mkIf (hwconfig.hostname == "kylekrein-mac") {
@ -265,7 +287,8 @@
systemctl = "${pkgs.systemd}/bin/systemctl";
#locking-script = "${pkgs.swaylock}/bin/swaylock --daemonize";
#unlocking-script = "pkill -SIGUSR1 swaylock";
suspendScript = cmd: pkgs.writeShellScript "suspend-script" ''
suspendScript = cmd:
pkgs.writeShellScript "suspend-script" ''
# check if any player has status "Playing"
${lib.getExe pkgs.playerctl} -a status | ${lib.getExe pkgs.ripgrep} Playing -q
# only suspend if nothing is playing
@ -273,7 +296,7 @@
${cmd}
fi
'';
in{
in {
enable = true;
settings.general = {
before_sleep_cmd = "${pidof} hyprlock || ${loginctl} lock-session;#${niri} msg action power-off-monitors";
@ -282,7 +305,8 @@ in{
};
settings.listener = let
secondary = "${systemctl} suspend";
in lib.mkIf (hwconfig.isLaptop) [
in
lib.mkIf (hwconfig.isLaptop) [
#{
# timeout = 30;
# command = "pidof hyprlock && ${secondary}";
@ -301,7 +325,6 @@ in{
mako = {
enable = false;
settings = {
};
};
};

40
nixos/homes/kylekrein/waybar/default.nix
View file

@ -1,8 +1,14 @@
{ pkgs, lib, hwconfig, ... }:
let
battery = (import ../battery-status.nix {inherit pkgs; inherit hwconfig;});
in
{
pkgs,
lib,
hwconfig,
...
}: let
battery = import ../battery-status.nix {
inherit pkgs;
inherit hwconfig;
};
in {
programs.waybar = {
enable = true;
systemd.enable = true;
@ -13,12 +19,13 @@ in
#}
#${builtins.readFile "${pkgs.waybar}/etc/xdg/waybar/style.css"}
style = ''
${builtins.readFile ./waybarstyle.css}'';
settings = [{
${builtins.readFile ./waybarstyle.css}'';
settings = [
{
height = 36;
layer = "top";
position = "top";
tray = { spacing = 3; };
tray = {spacing = 3;};
modules-center = [
#"hyprland/window"
"clock"
@ -29,7 +36,8 @@ ${builtins.readFile ./waybarstyle.css}'';
"niri/workspaces"
"niri/window"
];
modules-right = lib.optional hwconfig.isLaptop "backlight"
modules-right =
lib.optional hwconfig.isLaptop "backlight"
++ [
"pulseaudio"
#"network"
@ -37,7 +45,8 @@ ${builtins.readFile ./waybarstyle.css}'';
"memory"
#"temperature"
"niri/language"
] ++ lib.optional battery.available "custom/battery"
]
++ lib.optional battery.available "custom/battery"
++ [
"tray"
"custom/notification"
@ -48,7 +57,7 @@ ${builtins.readFile ./waybarstyle.css}'';
format = " {time} {icon} ";
format-alt = " {capacity}% {icon} ";
format-charging = " {capacity}% ";
format-icons = [ "" "" "" "" "" ];
format-icons = ["" "" "" "" ""];
format-plugged = " {capacity}% ";
states = {
critical = 10;
@ -61,7 +70,7 @@ ${builtins.readFile ./waybarstyle.css}'';
on-scroll-down = "${pkgs.brightnessctl}/bin/brightnessctl s 5%-";
};
"custom/battery" = {
exec ="${pkgs.writeShellScriptBin "battery-widget" ''
exec = "${pkgs.writeShellScriptBin "battery-widget" ''
${battery.labelAdaptive}
${battery.labelPercent}
''}/bin/battery-widget";
@ -117,7 +126,7 @@ ${builtins.readFile ./waybarstyle.css}'';
format-bluetooth-muted = " {format_source}";
format-icons = {
car = "";
default = [ " " " " " " ];
default = [" " " " " "];
handsfree = "";
headphones = "";
headset = "";
@ -129,11 +138,11 @@ ${builtins.readFile ./waybarstyle.css}'';
format-source-muted = " ";
on-click = "${pkgs.pwvucontrol}/bin/pwvucontrol";
};
"hyprland/submap" = { format = ''<span style="italic">{}</span>''; };
"hyprland/submap" = {format = ''<span style="italic">{}</span>'';};
temperature = {
critical-threshold = 80;
format = "{temperatureC}°C {icon}";
format-icons = [ "" "" "" ];
format-icons = ["" "" ""];
};
"hyprland/workspaces" = {
@ -191,6 +200,7 @@ ${builtins.readFile ./waybarstyle.css}'';
fi
'';
};
}];
}
];
};
}

22
nixos/hosts/andrej-pc/configuration.nix
View file

@ -10,11 +10,11 @@
inputs,
unstable-pkgs,
...
}:
{
}: {
programs.firefox.policies.Preferences."browser.startup.page" = lib.mkForce 1;
imports = [
imports =
[
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.nixos-facter-modules.nixosModules.facter
@ -30,7 +30,8 @@
../../modules/sops
#../../modules/emacs
./default.nix
] ++ lib.optional (hwconfig.useImpermanence) ./modules/impermanence;
]
++ lib.optional (hwconfig.useImpermanence) ./modules/impermanence;
facter.reportPath = ./facter.json;
kylekrein.services.autoUpgrade = {
enable = true;
@ -39,7 +40,6 @@
user = "root";
};
boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_6_14;
loader = {
@ -62,11 +62,10 @@
#flatpak
kk.services.flatpak.enable = true;
services.flatpak.packages = [
];
services.pipewire = {
extraLv2Packages = [ pkgs.rnnoise-plugin ];
extraLv2Packages = [pkgs.rnnoise-plugin];
configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/20-rnnoise.conf" ''
context.modules = [
@ -190,7 +189,8 @@
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/etc/nixos-config";
};
fonts.packages = with unstable-pkgs; [ #TODO change to pkgs when 25.05 comes out
fonts.packages = with unstable-pkgs; [
#TODO change to pkgs when 25.05 comes out
nerd-fonts.jetbrains-mono
font-awesome
nerd-fonts.symbols-only
@ -240,7 +240,7 @@
image = "${../../modules/hyprland/wallpaper.jpg}";
autoEnable = true;
opacity = {
desktop = 0.0;#0.5;
desktop = 0.0; #0.5;
};
targets = {
gtk.enable = true;
@ -296,8 +296,8 @@
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 25565 ];
networking.firewall.allowedUDPPorts = [ 22 25565 ];
networking.firewall.allowedTCPPorts = [22 25565];
networking.firewall.allowedUDPPorts = [22 25565];
# Or disable the firewall altogether.
#networking.firewall.enable = false;

3
nixos/hosts/android/default.nix
View file

@ -5,8 +5,7 @@
}: {
imports = [
];
environment.packages = with pkgs;
[
environment.packages = with pkgs; [
neovim
git
fastfetch

11
nixos/hosts/android/home.nix
View file

@ -1,14 +1,19 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}: {
imports = [
#../../modules/nixvim
#../../modules/nixvim
../../homes/kylekrein/git.nix
];
home.activation = {
copyFont = let
font_src = "${pkgs.nerd-fonts.fira-code}/share/fonts/truetype/NerdFonts/FiraCode/FiraCodeNerdFont-Regular.ttf";
font_dst = "${config.home.homeDirectory}/.termux/font.ttf";
in lib.hm.dag.entryAfter ["writeBoundary"] ''
in
lib.hm.dag.entryAfter ["writeBoundary"] ''
( test ! -e "${font_dst}" || test $(sha1sum "${font_src}"|cut -d' ' -f1 ) != $(sha1sum "${font_dst}" |cut -d' ' -f1)) && $DRY_RUN_CMD install $VERBOSE_ARG -D "${font_src}" "${font_dst}"
'';
};

14
nixos/hosts/kylekrein-framework12/default.nix
View file

@ -28,8 +28,8 @@
(self: super: {
prismlauncher = pkgs.symlinkJoin {
name = "prismlauncher";
paths = [ super.prismlauncher];
buildInputs = [ pkgs.makeWrapper ];
paths = [super.prismlauncher];
buildInputs = [pkgs.makeWrapper];
postBuild = ''
wrapProgram $out/bin/prismlauncher --set HOME /persist/home/kylekrein
'';
@ -38,8 +38,8 @@
(self: super: {
bottles = pkgs.symlinkJoin {
name = "bottles";
paths = [ super.bottles];
buildInputs = [ pkgs.makeWrapper ];
paths = [super.bottles];
buildInputs = [pkgs.makeWrapper];
postBuild = ''
wrapProgram $out/bin/bottles --set HOME /persist/home/kylekrein
'';
@ -68,14 +68,14 @@
#LLMs
services.ollama = {
enable = true;
loadModels = [ "qwq" "llama3.1" "qwen2.5-coder:7b" ];
loadModels = ["qwq" "llama3.1" "qwen2.5-coder:7b"];
acceleration = "cuda";
home = "/persist/ollama";
user = "ollama";
group = "ollama";
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
services.open-webui.enable = true;
#services.open-webui.package = unstable-pkgs.open-webui;
@ -87,7 +87,7 @@
systemd.services.open-webui.serviceConfig.DynamicUser = lib.mkForce false;
#Chat host
networking.firewall.allowedTCPPorts = [ 80 443 22 8448 9993 8081] ++ [ config.services.zerotierone.port ];
networking.firewall.allowedTCPPorts = [80 443 22 8448 9993 8081] ++ [config.services.zerotierone.port];
networking.firewall.allowedUDPPorts = [config.services.zerotierone.port];
systemd.network.wait-online.enable = lib.mkForce false;

25
nixos/hosts/kylekrein-homepc/default.nix
View file

@ -26,8 +26,8 @@
(self: super: {
prismlauncher = pkgs.symlinkJoin {
name = "prismlauncher";
paths = [ super.prismlauncher];
buildInputs = [ pkgs.makeWrapper ];
paths = [super.prismlauncher];
buildInputs = [pkgs.makeWrapper];
postBuild = ''
wrapProgram $out/bin/prismlauncher --set HOME /persist/home/kylekrein
'';
@ -36,8 +36,8 @@
(self: super: {
bottles = pkgs.symlinkJoin {
name = "bottles";
paths = [ super.bottles];
buildInputs = [ pkgs.makeWrapper ];
paths = [super.bottles];
buildInputs = [pkgs.makeWrapper];
postBuild = ''
wrapProgram $out/bin/bottles --set HOME /persist/home/kylekrein
'';
@ -66,14 +66,14 @@
#LLMs
services.ollama = {
enable = true;
loadModels = [ "qwq" "llama3.1" "qwen2.5-coder:7b" ];
loadModels = ["qwq" "llama3.1" "qwen2.5-coder:7b"];
acceleration = "cuda";
home = "/persist/ollama";
user = "ollama";
group = "ollama";
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
services.open-webui.enable = true;
#services.open-webui.package = unstable-pkgs.open-webui;
@ -85,9 +85,9 @@
systemd.services.open-webui.serviceConfig.DynamicUser = lib.mkForce false;
#Chat host
networking.firewall.allowedTCPPorts = [ 80 443 22 8448 9993 8081] ++ [ config.services.zerotierone.port ];
networking.firewall.allowedTCPPorts = [80 443 22 8448 9993 8081] ++ [config.services.zerotierone.port];
networking.firewall.allowedUDPPorts = [config.services.zerotierone.port];
# users.users.nginx.extraGroups = [ "acme" ];
# users.users.nginx.extraGroups = [ "acme" ];
services.hypridle.enable = lib.mkForce false;
programs.hyprlock.enable = lib.mkForce false;
@ -106,13 +106,16 @@
#forceSSL = true;
#useACMEHost = "kylekrein.com";
#acmeRoot = "/var/lib/acme/challenges-kylekrein";
}; in {
"chat.kylekrein.com" = (SSL // {
};
in {
"chat.kylekrein.com" =
SSL
// {
locations."/" = {
proxyPass = "http://localhost:8080/";
proxyWebsockets = true;
};
});
};
};
systemd.network.wait-online.enable = lib.mkForce false;

20
nixos/hosts/kylekrein-homepc/homepc-hardware-conf.nix
View file

@ -1,17 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

6
nixos/hosts/kylekrein-mac/default.nix
View file

@ -18,19 +18,19 @@
];
sops.secrets."ssh_keys/${hwconfig.hostname}" = {};
facter.reportPath = lib.mkForce null; #fails to generate
boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
boot.binfmt.emulatedSystems = ["x86_64-linux"];
nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
services.displayManager.sddm = {
wayland.enable = lib.mkForce false; # black screen
};
environment.systemPackages = with pkgs;[
environment.systemPackages = with pkgs; [
prismlauncher
unstable-pkgs.mcpelauncher-ui-qt
];
services.ollama = {
enable = true;
loadModels = [ "llama3.1" "qwen2.5-coder:7b" ];
loadModels = ["llama3.1" "qwen2.5-coder:7b"];
home = "/persist/ollama";
user = "ollama";
group = "ollama";

42
nixos/hosts/kylekrein-mac/mac-hardware-conf.nix
View file

@ -1,41 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["usb_storage"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "defaults" "size=8G" "mode=755" ];
options = ["defaults" "size=8G" "mode=755"];
};
fileSystems."/persist" =
{ device = "/dev/disk/by-label/nixos";
fileSystems."/persist" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
depends = [ "/" ];
depends = ["/"];
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/persist/nix";
options = [ "bind" ];
depends = [ "/persist" ];
options = ["bind"];
depends = ["/persist"];
};
fileSystems."/tmp" = {
device = "/persist/tmp";
options = [ "bind" ];
depends = [ "/persist" ];
options = ["bind"];
depends = ["/persist"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/EFI\\x20-\\x20NIXOS";
fileSystems."/boot" = {
device = "/dev/disk/by-label/EFI\\x20-\\x20NIXOS";
fsType = "vfat";
#options = [ "fmask=0022" "dmask=0022" ];
};
@ -43,7 +47,7 @@
swapDevices = [
{
device = "/persist/swapfile";
size = 16*1024;
size = 16 * 1024;
}
];

36
nixos/hosts/kylekrein-server/conduwuit.nix
View file

@ -3,17 +3,15 @@
lib,
pkgs,
...
}:
let
}: let
cfg = config.kk.services.conduwuit;
defaultUser = "conduwuit";
defaultGroup = "conduwuit";
format = pkgs.formats.toml { };
format = pkgs.formats.toml {};
configFile = format.generate "conduwuit.toml" cfg.settings;
in
{
meta.maintainers = with lib.maintainers; [ niklaskorz ];
in {
meta.maintainers = with lib.maintainers; [niklaskorz];
options.kk.services.conduwuit = {
enable = lib.mkEnableOption "conduwuit";
@ -36,13 +34,13 @@ in
extraEnvironment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Extra Environment variables to pass to the conduwuit server.";
default = { };
default = {};
example = {
RUST_BACKTRACE = "yes";
};
};
package = lib.mkPackageOption pkgs "conduwuit" { };
package = lib.mkPackageOption pkgs "conduwuit" {};
settings = lib.mkOption {
type = lib.types.submodule {
@ -68,7 +66,7 @@ in
};
global.port = lib.mkOption {
type = lib.types.listOf lib.types.port;
default = [ 6167 ];
default = [6167];
description = ''
The port(s) conduwuit will be running on.
You need to set up a reverse proxy in your web server (e.g. apache or nginx),
@ -127,7 +125,7 @@ in
};
global.trusted_servers = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr;
default = [ "matrix.org" ];
default = ["matrix.org"];
description = ''
Servers listed here will be used to gather public keys of other servers
(notary trusted key servers).
@ -274,7 +272,7 @@ in
};
};
};
default = { };
default = {};
# TOML does not allow null values, so we use null to omit those fields
apply = lib.filterAttrsRecursive (_: v: v != null);
description = ''
@ -314,19 +312,19 @@ in
};
users.groups = lib.mkIf (cfg.group == defaultGroup) {
${defaultGroup} = { };
${defaultGroup} = {};
};
systemd.services.conduwuit = {
description = "Conduwuit Matrix Server";
documentation = [ "https://conduwuit.puppyirl.gay/" ];
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
environment = lib.mkMerge ([
{ CONDUWUIT_CONFIG = configFile; }
documentation = ["https://conduwuit.puppyirl.gay/"];
wantedBy = ["multi-user.target"];
wants = ["network-online.target"];
after = ["network-online.target"];
environment = lib.mkMerge [
{CONDUWUIT_CONFIG = configFile;}
cfg.extraEnvironment
]);
];
startLimitBurst = 5;
startLimitIntervalSec = 60;
serviceConfig = {

51
nixos/hosts/kylekrein-server/default.nix
View file

@ -21,8 +21,8 @@
./hardware.nix
./networking.nix
];
#options.services.conduwuit.settings.global.database_path = lib.mkOption { apply = old: "/persist/conduwuit/";};
config = {
#options.services.conduwuit.settings.global.database_path = lib.mkOption { apply = old: "/persist/conduwuit/";};
config = {
home-manager.users = lib.mkForce {};
stylix.image = ../../modules/hyprland/wallpaper.jpg;
#sops.secrets."ssh_keys/${hwconfig.hostname}" = {};
@ -30,7 +30,7 @@ config = {
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostName = hwconfig.hostname;
users = {
users = {
mutableUsers = false;
users = {
root = {
@ -63,20 +63,19 @@ users = {
enable = true; # Hopefully? helps with freezing when using swap
};
#Chat host
networking.firewall.allowedTCPPorts = [ 80 443 22 8448 ];
networking.firewall.allowedUDPPorts = [ 3478 5349 ];
networking.firewall.allowedTCPPorts = [80 443 22 8448];
networking.firewall.allowedUDPPorts = [3478 5349];
#sops.secrets."services/conduwuit" = {mode = "0755";};
sops.secrets."services/gitlab/dbPassword" = { owner = "gitlab"; };
sops.secrets."services/gitlab/rootPassword" = { owner = "gitlab"; };
sops.secrets."services/gitlab/secret" = { owner = "gitlab"; };
sops.secrets."services/gitlab/otpsecret" = { owner = "gitlab"; };
sops.secrets."services/gitlab/dbsecret" = { owner = "gitlab"; };
sops.secrets."services/gitlab/oidcKeyBase" = { owner = "gitlab"; };
sops.secrets."services/gitlab/activeRecordSalt" = { owner = "gitlab"; };
sops.secrets."services/gitlab/activeRecordPrimaryKey" = { owner = "gitlab"; };
sops.secrets."services/gitlab/activeRecordDeterministicKey" = { owner = "gitlab"; };
sops.secrets."services/gitlab/dbPassword" = {owner = "gitlab";};
sops.secrets."services/gitlab/rootPassword" = {owner = "gitlab";};
sops.secrets."services/gitlab/secret" = {owner = "gitlab";};
sops.secrets."services/gitlab/otpsecret" = {owner = "gitlab";};
sops.secrets."services/gitlab/dbsecret" = {owner = "gitlab";};
sops.secrets."services/gitlab/oidcKeyBase" = {owner = "gitlab";};
sops.secrets."services/gitlab/activeRecordSalt" = {owner = "gitlab";};
sops.secrets."services/gitlab/activeRecordPrimaryKey" = {owner = "gitlab";};
sops.secrets."services/gitlab/activeRecordDeterministicKey" = {owner = "gitlab";};
services.gitlab = {
enable = true;
host = "gitlab.kylekrein.com";
@ -89,7 +88,7 @@ users = {
secretFile = config.sops.secrets."services/gitlab/secret".path;
otpFile = config.sops.secrets."services/gitlab/otpsecret".path;
dbFile = config.sops.secrets."services/gitlab/dbsecret".path;
jwsFile = config.sops.secrets."services/gitlab/oidcKeyBase".path;#pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
jwsFile = config.sops.secrets."services/gitlab/oidcKeyBase".path; #pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
activeRecordSaltFile = config.sops.secrets."services/gitlab/activeRecordSalt".path;
activeRecordPrimaryKeyFile = config.sops.secrets."services/gitlab/activeRecordPrimaryKey".path;
activeRecordDeterministicKeyFile = config.sops.secrets."services/gitlab/activeRecordDeterministicKey".path;
@ -108,8 +107,8 @@ users = {
server = "matrix.kylekrein.com:443";
client = "https://matrix.kylekrein.com";
};
port = [ 6167 ];
trusted_servers = [ "matrix.org" ];
port = [6167];
trusted_servers = ["matrix.org"];
allow_registration = false;
registration_token = ""; #nix shell nixpkgs#openssl -c openssl rand -base64 48 | tr -d '/+' | cut -c1-64
allow_federation = true;
@ -128,7 +127,7 @@ users = {
# reverse_proxy http://localhost:6167
#'';
virtualHosts."kylekrein.com".extraConfig = ''
handle_path /.well-known/matrix/* {
handle_path /.well-known/matrix/* {
header Access-Control-Allow-Origin *
@ -143,14 +142,14 @@ handle_path /.well-known/matrix/* {
## return http/404 if nothing matches
respond 404
}
respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}`
}
respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}`
reverse_proxy * http://localhost:6167
'';
# reverse_proxy /.well-known/* http://localhost:6167
#'';
virtualHosts."matrix.kylekrein.com".extraConfig = ''
handle_path /.well-known/matrix/* {
handle_path /.well-known/matrix/* {
header Access-Control-Allow-Origin *
@ -165,14 +164,14 @@ handle_path /.well-known/matrix/* {
## return http/404 if nothing matches
respond 404
}
respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}`
}
respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}`
reverse_proxy * http://localhost:6167
'';
virtualHosts."gitlab.kylekrein.com".extraConfig = ''
reverse_proxy * unix//run/gitlab/gitlab-workhorse.socket
'';
};
};
system.stateVersion = "24.11";
nix = {
settings = {
@ -193,5 +192,5 @@ respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.e
];
};
};
};
};
}

26
nixos/hosts/kylekrein-server/hardware.nix
View file

@ -1,21 +1,25 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4f7e141c-0fc7-415a-815d-944b36f93806";
fileSystems."/" = {
device = "/dev/disk/by-uuid/4f7e141c-0fc7-415a-815d-944b36f93806";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

30
nixos/hosts/kylekrein-server/networking.nix
View file

@ -1,8 +1,9 @@
{ lib, ... }: {
{lib, ...}: {
# This file was populated at runtime with the networking
# details gathered from the active system.
networking = {
nameservers = [ "8.8.8.8"
nameservers = [
"8.8.8.8"
];
defaultGateway = "172.31.1.1";
defaultGateway6 = {
@ -14,15 +15,30 @@
interfaces = {
eth0 = {
ipv4.addresses = [
{ address="91.99.0.169"; prefixLength=32; }
{
address = "91.99.0.169";
prefixLength = 32;
}
];
ipv6.addresses = [
{ address="fe80::9400:4ff:fe30:830e"; prefixLength=64; }
{
address = "fe80::9400:4ff:fe30:830e";
prefixLength = 64;
}
];
ipv4.routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
ipv6.routes = [
{
address = "";
prefixLength = 128;
}
];
ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
ipv6.routes = [ { address = ""; prefixLength = 128; } ];
};
};
};
services.udev.extraRules = ''

5
nixos/modules/cosmic/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
services.desktopManager.cosmic.enable = true;
services.displayManager.cosmic-greeter.enable = true;
services.displayManager.cosmic-greeter.enable = true;
}

3
nixos/modules/direnv/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ...}:
{
{pkgs, ...}: {
programs.direnv = {
enable = true;
nix-direnv.enable = true;

7
nixos/modules/dolphin/default.nix
View file

@ -1,5 +1,10 @@
{ pkgs, inputs, hwconfig, unstable-pkgs, ... }:
{
pkgs,
inputs,
hwconfig,
unstable-pkgs,
...
}: {
environment.systemPackages = with pkgs; [
kdePackages.qtwayland
kdePackages.qtsvg

3
nixos/modules/emacs/packages.nix
View file

@ -1,8 +1,7 @@
{
pkgs,
emacs,
}:
{
}: {
packages = with pkgs; [
git
gzip

14
nixos/modules/fastfetch/default.nix
View file

@ -1,5 +1,8 @@
{ hwconfig, first-nixos-install, ... }:
{
hwconfig,
first-nixos-install,
...
}: {
programs.fastfetch = {
enable = true;
@ -90,9 +93,14 @@
{
type = "command";
key = " ";
text = #bash
text =
#bash
''
birth_install=${if hwconfig.useImpermanence then "${first-nixos-install}" else "$(stat -c %W /)"}
birth_install=${
if hwconfig.useImpermanence
then "${first-nixos-install}"
else "$(stat -c %W /)"
}
current=$(date +%s)
delta=$((current - birth_install))
delta_days=$((delta / 86400))

6
nixos/modules/firefox/aarch64-linux.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
nixpkgs = {
overlays = [
(final: prev: {
@ -25,6 +24,7 @@
--set MOZ_GMP_PATH "$out/gmp-widevinecdm/system-installed"
'';
});
})];
})
];
};
}

37
nixos/modules/firefox/default.nix
View file

@ -1,6 +1,10 @@
{ lib, config, pkgs, hwconfig, ... }:
let
{
lib,
config,
pkgs,
hwconfig,
...
}: let
lock-false = {
Value = false;
Status = "locked";
@ -9,22 +13,23 @@
Value = true;
Status = "locked";
};
in
{
in {
imports = [] ++ lib.optional (hwconfig.system == "aarch64-linux") ./aarch64-linux.nix;
programs = {
firefox = {
package = pkgs.librewolf;
enable = true;
languagePacks = [ "de" "en-US" "ru"];
languagePacks = ["de" "en-US" "ru"];
/* ---- POLICIES ---- */
/*
---- POLICIES ----
*/
# Check about:policies#documentation for options.
policies = {
DisableTelemetry = true;
DisableFirefoxStudies = true;
EnableTrackingProtection = {
Value= true;
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
@ -44,14 +49,16 @@
PasswordManagerEnabled = false;
NoDefaultBookmarks = true;
/* ---- EXTENSIONS ---- */
/*
---- EXTENSIONS ----
*/
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
#https://mozilla.github.io/policy-templates/#extensionsettings
ExtensionSettings = {
"*".installation_mode = "allowed"; # blocks all addons except the ones specified below
# uBlock Origin
# uBlock Origin
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
@ -88,12 +95,16 @@
install_url = "https://addons.mozilla.org/firefox/downloads/latest/adguard-adblocker/latest.xpi";
installation_mode = "force_installed";
};
};
/* ---- PREFERENCES ---- */
/*
---- PREFERENCES ----
*/
# Check about:config for options.
Preferences = {
"browser.contentblocking.category" = { Value = "strict"; Status = "locked"; };
"browser.contentblocking.category" = {
Value = "strict";
Status = "locked";
};
"extensions.pocket.enabled" = lock-false;
"extensions.screenshots.disabled" = lock-true;
"browser.startup.page" = 3; # restore session on startup

3
nixos/modules/gnome/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
services.xserver = {
enable = true;
displayManager.gdm.enable = true;

10
nixos/modules/gnupg/default.nix
View file

@ -1,13 +1,17 @@
{ pkgs, lib,... }:
{
pkgs,
lib,
...
}: {
programs.gnupg.agent = {
enable = true;
settings = {
pinentry-program = lib.mkForce "${pkgs.pinentry-curses}/bin/pinentry-curses";
};
};
environment.systemPackages = with pkgs;[
(pass.withExtensions (exts: with exts;[
environment.systemPackages = with pkgs; [
(pass.withExtensions (exts:
with exts; [
pass-otp
pass-import
]))

40
nixos/modules/hyprland/battery-status.nix
View file

@ -1,6 +1,13 @@
{pkgs, hwconfig, ...}:
let
battery-path = "/sys/class/power_supply/${if hwconfig.hostname == "kylekrein-mac" then "macsmc-battery" else "BAT0"}";
{
pkgs,
hwconfig,
...
}: let
battery-path = "/sys/class/power_supply/${
if hwconfig.hostname == "kylekrein-mac"
then "macsmc-battery"
else "BAT0"
}";
get-battery-level = "${pkgs.writeShellScriptBin "get-battery-level" ''
cat ${battery-path}/capacity 2>/dev/null || echo "N/A"
''}/bin/get-battery-level";
@ -8,11 +15,11 @@ let
cat ${battery-path}/status 2>/dev/null || echo "Unknown"
''}/bin/get-status";
get-icon = "${pkgs.writeShellScriptBin "get-icon" ''
BATTERY_LEVEL=$(${get-battery-level})
STATUS=$(${get-status})
if [[ "$BATTERY_LEVEL" == "N/A" ]]; then
BATTERY_LEVEL=$(${get-battery-level})
STATUS=$(${get-status})
if [[ "$BATTERY_LEVEL" == "N/A" ]]; then
ICON="󰂑 "
elif [[ "$STATUS" == "Charging" ]]; then
elif [[ "$STATUS" == "Charging" ]]; then
if [[ $BATTERY_LEVEL -ge 90 ]]; then
ICON="󰂋 "
elif [[ $BATTERY_LEVEL -ge 80 ]]; then
@ -34,7 +41,7 @@ elif [[ "$STATUS" == "Charging" ]]; then
else
ICON="󰢜 "
fi
else
else
if [[ $BATTERY_LEVEL -ge 90 ]]; then
ICON="󰂂 "
elif [[ $BATTERY_LEVEL -ge 70 ]]; then
@ -48,23 +55,22 @@ else
else
ICON="󰁺 "
fi
fi
fi
echo "$ICON"
echo "$ICON"
''}/bin/get-icon";
get-remaining-time = "${pkgs.writeShellScriptBin "get-remaining-time" ''
REMAINING_ENERGY=$(cat ${battery-path}/energy_now)
POWER_USAGE=$(cat ${battery-path}/power_now)
if [[ -n "$REMAINING_ENERGY" && -n "$POWER_USAGE" && "$POWER_USAGE" -ne 0 ]]; then
REMAINING_ENERGY=$(cat ${battery-path}/energy_now)
POWER_USAGE=$(cat ${battery-path}/power_now)
if [[ -n "$REMAINING_ENERGY" && -n "$POWER_USAGE" && "$POWER_USAGE" -ne 0 ]]; then
TIME_LEFT=$((0 - (REMAINING_ENERGY / POWER_USAGE)))
MINUTES_LEFT=$(((0 - ( (REMAINING_ENERGY * 60) / POWER_USAGE )) - (TIME_LEFT * 60)))
echo "$TIME_LEFT h $MINUTES_LEFT min"
else
else
echo ""
fi
fi
''}/bin/get-remaining-time";
in
{
in {
available = hwconfig.isLaptop;
icon = get-icon;
status = get-status;

11
nixos/modules/hyprland/default.nix
View file

@ -1,11 +1,16 @@
{ pkgs, inputs, hwconfig, unstable-pkgs, ... }:
{
pkgs,
inputs,
hwconfig,
unstable-pkgs,
...
}: {
stylix = {
enable = true;
image = "${./wallpaper.jpg}";
autoEnable = true;
opacity = {
desktop = 0.0;#0.5;
desktop = 0.0; #0.5;
};
targets = {
gtk.enable = true;
@ -129,6 +134,4 @@
#platformTheme = "qt5ct";
#style = "kvantum";
# };
}

3
nixos/modules/hyprland/home.nix
View file

@ -4,8 +4,7 @@
lib,
hwconfig,
...
}:
{
}: {
imports = [
(import ./hyprland.nix {
inherit pkgs;

93
nixos/modules/hyprland/hypridle.nix
View file

@ -1,65 +1,66 @@
{ pkgs, lib, hwconfig, ... }:
let
suspendScript = pkgs.writeShellScript "suspend-script" ''
{
pkgs,
lib,
hwconfig,
...
}: let
suspendScript = pkgs.writeShellScript "suspend-script" ''
# check if any player has status "Playing"
${lib.getExe pkgs.playerctl} -a status | ${lib.getExe pkgs.ripgrep} Playing -q
# only suspend if nothing is playing
if [ $? == 1 ]; then
${if hwconfig.isLaptop then "${pkgs.systemd}/bin/systemctl suspend" else "loginctl lock-session"}
${
if hwconfig.isLaptop
then "${pkgs.systemd}/bin/systemctl suspend"
else "loginctl lock-session"
}
fi
'';
in
{
services.hypridle = {
in {
services.hypridle = {
enable = true;
settings = {
general = {
lock_cmd="pidof hyprlock || hyprlock";
general = {
lock_cmd = "pidof hyprlock || hyprlock";
before_sleep_cmd = "pidof hyprlock || loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl dispatch dpms on"; # to avoid having to press a key twice to turn on the display.
ignore_dbus_inhibit = false;
};
};
listener = [
#{
# on-resume="brightnessctl -r"; # monitor backlight restore.
# on-timeout="brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
# timeout=240;
#}
#{
# on-resume="brightnessctl -rd rgb:kbd_backlight";
# on-timeout="brightnessctl -sd rgb:kbd_backlight set 0";
# timeout=300;
#}
{
on-timeout="notify-send \"You're idle. Locking in 30 seconds.\"";
timeout=830;
}
{
listener = [
#{
# on-resume="brightnessctl -r"; # monitor backlight restore.
# on-timeout="brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
# timeout=240;
#}
#{
# on-resume="brightnessctl -rd rgb:kbd_backlight";
# on-timeout="brightnessctl -sd rgb:kbd_backlight set 0";
# timeout=300;
#}
{
on-timeout = "notify-send \"You're idle. Locking in 30 seconds.\"";
timeout = 830;
}
{
on-timeout = "pidof hyprlock && systemctl suspend";
timeout = 120;
}
#{
# on-timeout="loginctl lock-session";
# timeout=360;
#}
{
}
#{
# on-timeout="loginctl lock-session";
# timeout=360;
#}
{
on-resume = "hyprctl dispatch dpms on";
on-timeout = suspendScript.outPath;
timeout = 900;
}
#{
# on-resume="hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
# on-timeout="hyprctl dispatch dpms off"; # screen off when timeout has passed
# timeout=420;
#}
];
}
#{
# on-resume="hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
# on-timeout="hyprctl dispatch dpms off"; # screen off when timeout has passed
# timeout=420;
#}
];
};
};
};
}

13
nixos/modules/hyprland/hyprland.nix
View file

@ -128,11 +128,17 @@ in {
misc = {
vfr = true; #lowers the amount of frames when nothing happens
allow_session_lock_restore = true; # hope that it fixes the crash of hyprlock
disable_hyprland_logo = true;# disables the random Hyprland logo / anime girl background. :(
disable_hyprland_logo = true; # disables the random Hyprland logo / anime girl background. :(
};
input = {
kb_layout = "us, ru";
kb_options = "grp:lctrl_toggle, ctrl:nocaps" + (if hwconfig.hostname == "kylekrein-mac" then ", altwin:swap_alt_win" else ""); # "ctrl:nocaps, grp:toggle"
kb_options =
"grp:lctrl_toggle, ctrl:nocaps"
+ (
if hwconfig.hostname == "kylekrein-mac"
then ", altwin:swap_alt_win"
else ""
); # "ctrl:nocaps, grp:toggle"
touchpad = {
natural_scroll = true;
@ -173,7 +179,8 @@ in {
allow_tearing = false;
layout = "dwindle";
};
render = lib.mkIf (hwconfig.system == "aarch64-linux") { # Explicit sync breaks asahi driver https://github.com/hyprwm/Hyprland/issues/8158
render = lib.mkIf (hwconfig.system == "aarch64-linux") {
# Explicit sync breaks asahi driver https://github.com/hyprwm/Hyprland/issues/8158
explicit_sync = 0;
};

27
nixos/modules/hyprland/hyprlock.nix
View file

@ -1,9 +1,16 @@
{ pkgs, lib, hwconfig, ... }:
let
profile-image = ./profile-image.png;
battery-level = (import ./battery-status.nix {inherit pkgs; inherit hwconfig;}).labelPercent;
in
{
pkgs,
lib,
hwconfig,
...
}: let
profile-image = ./profile-image.png;
battery-level =
(import ./battery-status.nix {
inherit pkgs;
inherit hwconfig;
}).labelPercent;
in {
programs.hyprlock = {
enable = true;
settings = {
@ -51,7 +58,8 @@ in
halign = "center";
valign = "center";
};
label = [
label =
[
{
text = "$USER";
font_family = "Fira Code";
@ -76,16 +84,15 @@ in
halign = "right";
valign = "bottom";
}
] ++ lib.optional (hwconfig.isLaptop) (
{
]
++ lib.optional (hwconfig.isLaptop) {
text = ''cmd[update:10000] ${battery-level}'';
font_family = "JetBrains Mono";
font_size = 28;
position = "20, 20";
halign = "left";
valign = "bottom";
});
};
};
};
}

38
nixos/modules/hyprland/waybar.nix
View file

@ -1,8 +1,14 @@
{ pkgs, lib, hwconfig, ... }:
let
battery = (import ./battery-status.nix {inherit pkgs; inherit hwconfig;});
in
{
pkgs,
lib,
hwconfig,
...
}: let
battery = import ./battery-status.nix {
inherit pkgs;
inherit hwconfig;
};
in {
programs.waybar = {
enable = true;
#systemd.enable = true;
@ -19,11 +25,12 @@ in
font-size: 15px;
}
'';
settings = [{
settings = [
{
height = 36;
layer = "top";
position = "top";
tray = { spacing = 3; };
tray = {spacing = 3;};
modules-center = [
#"hyprland/window"
"clock"
@ -32,7 +39,8 @@ in
"hyprland/workspaces"
# "hyprland/window"
];
modules-right = lib.optional hwconfig.isLaptop "backlight"
modules-right =
lib.optional hwconfig.isLaptop "backlight"
++ [
"pulseaudio"
#"network"
@ -40,7 +48,8 @@ in
"memory"
#"temperature"
"hyprland/language"
] ++ lib.optional battery.available "custom/battery"
]
++ lib.optional battery.available "custom/battery"
++ [
"tray"
"custom/notification"
@ -51,7 +60,7 @@ in
format = " {time} {icon} ";
format-alt = " {capacity}% {icon} ";
format-charging = " {capacity}% ";
format-icons = [ "" "" "" "" "" ];
format-icons = ["" "" "" "" ""];
format-plugged = " {capacity}% ";
states = {
critical = 10;
@ -64,7 +73,7 @@ in
on-scroll-down = "${pkgs.brightnessctl}/bin/brightnessctl s 5%-";
};
"custom/battery" = {
exec ="${pkgs.writeShellScriptBin "battery-widget" ''
exec = "${pkgs.writeShellScriptBin "battery-widget" ''
${battery.labelAdaptive}
${battery.labelPercent}
''}/bin/battery-widget";
@ -102,7 +111,7 @@ in
format-bluetooth-muted = " {icon} {format_source}";
format-icons = {
car = "";
default = [ "" "" "" ];
default = ["" "" ""];
handsfree = "";
headphones = "";
headset = "";
@ -114,11 +123,11 @@ in
format-source-muted = "";
on-click = "${pkgs.pwvucontrol}/bin/pwvucontrol";
};
"hyprland/submap" = { format = ''<span style="italic">{}</span>''; };
"hyprland/submap" = {format = ''<span style="italic">{}</span>'';};
temperature = {
critical-threshold = 80;
format = "{temperatureC}°C {icon}";
format-icons = [ "" "" "" ];
format-icons = ["" "" ""];
};
"hyprland/workspaces" = {
@ -184,6 +193,7 @@ in
fi
'';
};
}];
}
];
};
}

7
nixos/modules/kando/default.nix
View file

@ -1,7 +1,6 @@
{ ... }:
let folder = ".config/kando";
in
{
{...}: let
folder = ".config/kando";
in {
home.file = {
#"${folder}/config.json".source = ./config.json;
"${folder}/menus.json".source = ./menus.json;

3
nixos/modules/kde-plasma/default.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
services.xserver.enable = true;
services.desktopManager.plasma6.enable = true;

5
nixos/modules/libvirt/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
virtualisation = {
libvirtd = {
enable = true;
@ -7,7 +6,7 @@
package = pkgs.qemu_kvm;
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
spiceUSBRedirection.enable = true;

9
nixos/modules/libvirt/user.nix
View file

@ -1,11 +1,10 @@
{ username, ... }:
{
users.users.${username}.extraGroups = [ "libvirtd" ];
{username, ...}: {
users.users.${username}.extraGroups = ["libvirtd"];
home-manager.users.${username} = {
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = [ "qemu:///system" ];
uris = [ "qemu:///system" ];
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
};

7
nixos/modules/niri/default.nix
View file

@ -1,5 +1,8 @@
{ pkgs, inputs, ...}:
{
pkgs,
inputs,
...
}: {
nixpkgs.overlays = [
inputs.niri-flake.overlays.niri
];
@ -12,7 +15,7 @@
package = pkgs.niri-unstable;
};
niri-flake.cache.enable = true;
environment.systemPackages = with pkgs;[
environment.systemPackages = with pkgs; [
wl-clipboard
wayland-utils
libsecret

37
nixos/modules/services/autoupgrade/default.nix
View file

@ -3,13 +3,10 @@
config,
lib,
...
}:
let
}: let
cfg = config.kylekrein.services.autoUpgrade;
script = ./nixos-upgrade-script.sh;
in
{
in {
options = {
kylekrein.services.autoUpgrade = {
enable = lib.mkEnableOption "Enables automatic system updates.";
@ -69,15 +66,31 @@ in
unitConfig.RequiresMountsFor = cfg.configDir;
script =
"${script} --operation ${cfg.operation} "
+ (if (cfg.configDir != "") then "--flake ${cfg.configDir} " else "")
+ (if (cfg.user != "") then "--user ${cfg.user} " else "")
+ (if (cfg.pushUpdates) then "--update " else "")
+ (if (cfg.extraFlags != "") then cfg.extraFlags else "");
+ (
if (cfg.configDir != "")
then "--flake ${cfg.configDir} "
else ""
)
+ (
if (cfg.user != "")
then "--user ${cfg.user} "
else ""
)
+ (
if (cfg.pushUpdates)
then "--update "
else ""
)
+ (
if (cfg.extraFlags != "")
then cfg.extraFlags
else ""
);
};
timers."nixos-upgrade" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "timers.target" ];
wants = ["network-online.target"];
after = ["network-online.target"];
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = cfg.onCalendar;
Persistent = cfg.persistent;

16
nixos/modules/sops/default.nix
View file

@ -1,8 +1,16 @@
{ config, pkgs, inputs, lib, hwconfig, ... }:
let
keyPath = (if hwconfig.useImpermanence then "/persist/sops/age/keys.txt" else "/var/lib/sops/age/keys.txt");
in
{
config,
pkgs,
inputs,
lib,
hwconfig,
...
}: let
keyPath =
if hwconfig.useImpermanence
then "/persist/sops/age/keys.txt"
else "/var/lib/sops/age/keys.txt";
in {
environment.systemPackages = with pkgs; [sops];
sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";

24
nixos/modules/steam/default.nix
View file

@ -7,7 +7,10 @@
...
}: let
cfg = config.kk.steam;
containerPath = if hwconfig.useImpermanence then "/persist/home/containers/steam" else "/var/containers/steam";
containerPath =
if hwconfig.useImpermanence
then "/persist/home/containers/steam"
else "/var/containers/steam";
containerName = "fedora-steam";
in {
options.kk.steam = {
@ -21,7 +24,7 @@ in {
enable = true;
dockerCompat = true;
};
environment.systemPackages = with pkgs;[
environment.systemPackages = with pkgs; [
distrobox
(pkgs.writeShellScriptBin "steam-install" ''
set -e
@ -50,22 +53,20 @@ in {
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/mesa
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf copr enable -y @asahi/mesa
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf upgrade --refresh -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf upgrade --refresh -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf install --best --setopt=allow_vendor_change=true asahi-repos -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf install --best --setopt=allow_vendor_change=true asahi-repos -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf install --best --setopt=allow_vendor_change=true steam -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf remove dhcpcd -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf install --best --setopt=allow_vendor_change=true steam -y
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sudo dnf remove dhcpcd -y
fi
echo "Экспортируем Steam..."
env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox enter "${containerName}" -- distrobox-export --app steam
'')
];
}
else
{
else {
environment.systemPackages = with pkgs; [
unzip
wget
@ -80,12 +81,13 @@ env -u SUDO_USER ${pkgs.distrobox}/bin/distrobox-enter "${containerName}" -- sud
bottles
];
programs.steam = {
enable = true;#!hwconfig.useImpermanence;
enable = true; #!hwconfig.useImpermanence;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
package = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
extraPkgs = pkgs:
with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama

30
nixos/users/andrej/default.nix
View file

@ -1,13 +1,20 @@
{ pkgs, config, lib, hwconfig, inputs, first-nixos-install, ... }:
let username = "andrej";
in
{
pkgs,
config,
lib,
hwconfig,
inputs,
first-nixos-install,
...
}: let
username = "andrej";
in {
imports = [
];
users.users.${username} = {
isNormalUser = true;
description = "Andrej Lebedev";
extraGroups = [ "networkmanager" ];
extraGroups = ["networkmanager"];
#initialPassword = "1234";
hashedPasswordFile = config.sops.secrets."users/${username}".path;
packages = with pkgs; [
@ -20,6 +27,17 @@ in
};
};
home-manager.users."${username}" = import ../../home.nix { inherit lib; inherit username; inherit inputs; inherit first-nixos-install; inherit hwconfig; inherit config; inherit pkgs; };
systemd.tmpfiles.rules = (if hwconfig.useImpermanence then ["d /persist/home/${username} 0700 ${username} users -"] else []); # /persist/home/<user> created, owned by that user
home-manager.users."${username}" = import ../../home.nix {
inherit lib;
inherit username;
inherit inputs;
inherit first-nixos-install;
inherit hwconfig;
inherit config;
inherit pkgs;
};
systemd.tmpfiles.rules =
if hwconfig.useImpermanence
then ["d /persist/home/${username} 0700 ${username} users -"]
else []; # /persist/home/<user> created, owned by that user
}

31
nixos/users/dima/default.nix
View file

@ -1,13 +1,20 @@
{ pkgs, config, lib, hwconfig, inputs, first-nixos-install, ... }:
let username = "dima";
in
{
pkgs,
config,
lib,
hwconfig,
inputs,
first-nixos-install,
...
}: let
username = "dima";
in {
imports = [
];
users.users.${username} = {
isNormalUser = true;
description = "Dima";
extraGroups = [ "networkmanager" ];
extraGroups = ["networkmanager"];
initialPassword = "1234";
#hashedPasswordFile = config.sops.secrets."users/${username}".path;
packages = with pkgs; [
@ -15,10 +22,20 @@ in
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIc/J6YxwWKajJ923/PZ2fcgLgWZdVMcZQ4oZZ+2hwn dima@dragonarch"
];
};
programs.ssh.forwardX11 = true;
home-manager.users."${username}" = import ../../home.nix { inherit lib; inherit username; inherit inputs; inherit first-nixos-install; inherit hwconfig; inherit config; inherit pkgs; };
systemd.tmpfiles.rules = (if hwconfig.useImpermanence then ["d /persist/home/${username} 0700 ${username} users -"] else []); # /persist/home/<user> created, owned by that user
home-manager.users."${username}" = import ../../home.nix {
inherit lib;
inherit username;
inherit inputs;
inherit first-nixos-install;
inherit hwconfig;
inherit config;
inherit pkgs;
};
systemd.tmpfiles.rules =
if hwconfig.useImpermanence
then ["d /persist/home/${username} 0700 ${username} users -"]
else []; # /persist/home/<user> created, owned by that user
}

30
nixos/users/tania/default.nix
View file

@ -1,13 +1,20 @@
{ pkgs, config, lib, hwconfig, inputs, first-nixos-install, ... }:
let username = "tania";
in
{
pkgs,
config,
lib,
hwconfig,
inputs,
first-nixos-install,
...
}: let
username = "tania";
in {
imports = [
];
users.users.${username} = {
isNormalUser = true;
description = "Tetiana";
extraGroups = [ "networkmanager" ];
extraGroups = ["networkmanager"];
#initialPassword = "1234";
hashedPasswordFile = config.sops.secrets."users/${username}".path;
packages = with pkgs; [
@ -19,6 +26,17 @@ in
};
};
home-manager.users."${username}" = import ../../home.nix { inherit lib; inherit username; inherit inputs; inherit first-nixos-install; inherit hwconfig; inherit config; inherit pkgs; };
systemd.tmpfiles.rules = (if hwconfig.useImpermanence then ["d /persist/home/${username} 0700 ${username} users -"] else []); # /persist/home/<user> created, owned by that user
home-manager.users."${username}" = import ../../home.nix {
inherit lib;
inherit username;
inherit inputs;
inherit first-nixos-install;
inherit hwconfig;
inherit config;
inherit pkgs;
};
systemd.tmpfiles.rules =
if hwconfig.useImpermanence
then ["d /persist/home/${username} 0700 ${username} users -"]
else []; # /persist/home/<user> created, owned by that user
}

16
nixos/wsl.nix
View file

@ -7,16 +7,17 @@
inputs,
unstable-pkgs,
...
}:
{
imports = [
}: {
imports =
[
./modules/firefox
./modules/flatpak
./modules/emacs
./modules/gnupg
./modules/direnv
./hosts/${hwconfig.hostname}
] ++ lib.optional (hwconfig.useImpermanence) ./modules/impermanence;
]
++ lib.optional (hwconfig.useImpermanence) ./modules/impermanence;
networking.hostName = hwconfig.hostname;
time.timeZone = "Europe/Berlin";
@ -29,7 +30,6 @@
#flatpak
#kk.services.flatpak.enable = hwconfig.system != "aarch64-linux";
services.flatpak.packages = [
];
# Enable common container config files in /etc/containers
@ -74,7 +74,7 @@
};
services.ollama = {
enable = true;
loadModels = [ "llama3.1" "qwen2.5-coder:7b" ];
loadModels = ["llama3.1" "qwen2.5-coder:7b"];
acceleration = "cuda";
user = "ollama";
group = "ollama";
@ -122,8 +122,8 @@
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ 22 ];
networking.firewall.allowedTCPPorts = [22];
networking.firewall.allowedUDPPorts = [22];
# Or disable the firewall altogether.
#networking.firewall.enable = false;