alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: alarsyo:main
Branches Tags
alarsyo:main
alarsyo:beta-25.11
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs
..
compare: alarsyo:matrix-synapse-auto-compress
Branches Tags
alarsyo:main
alarsyo:beta-25.11
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs

1 commit
main ... matrix-syn

Author SHA1 Message Date
Antoine Martin
471ad21c78 services: matrix: automatic room compress service 2021-06-17 11:27:10 +02:00
180 changed files with 15515 additions and 5800 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.git-crypt/.gitattributes vendored Normal file
View file

@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

BIN
.git-crypt/keys/default/0/91FF02AD4EEBB9C7E08FF04D6BD29B53D3847632.gpg Normal file
View file

Binary file not shown.

4
.gitattributes vendored Normal file
View file

@ -0,0 +1,4 @@
secrets/**/*.secret filter=git-crypt diff=git-crypt
secrets/matrix-email-config.nix filter=git-crypt diff=git-crypt
secrets/wireguard.nix filter=git-crypt diff=git-crypt
home/secrets/*.secret filter=git-crypt diff=git-crypt

98
.github/workflows/cachix.yaml vendored
View file

@ -1,98 +0,0 @@
name: "Cachix"
on:
push:
paths:
- '**.nix'
- '**.age'
- 'pkgs/**'
- 'flake.nix'
- 'flake.lock'
- '.github/workflows/cachix.yaml'
jobs:
format-check:
name: Format check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31
- name: Run alejandra
run: nix develop --command alejandra --check .
flake-check:
name: Flake check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31
- uses: cachix/cachix-action@v16
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix flake check
build-pkgs:
name: Nix packages
runs-on: ubuntu-latest
needs: [ flake-check, format-check ]
strategy:
fail-fast: false
matrix:
name:
- grafanaDashboards/nginx
- grafanaDashboards/node-exporter
- kaleidoscope-udev-rules
- sddm-sugar-candy
- spot
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31
- uses: cachix/cachix-action@v16
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#"${{ matrix.name }}"
build-configs:
name: NixOS configs
runs-on: ubuntu-latest
needs: [ build-pkgs ]
strategy:
fail-fast: false
matrix:
name:
- boreal
- hades
- talos
- thanatos
steps:
- name: Delete huge unnecessary tools folder
run: rm -rf /opt/hostedtoolcache
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31
- uses: cachix/cachix-action@v16
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#nixosConfigurations."${{ matrix.name }}".config.system.build.toplevel

17
.github/workflows/nur-update.yaml vendored
View file

@ -1,17 +0,0 @@
name: "NUR"
on:
push:
branches:
- 'main'
paths:
- 'pkgs/**'
- '.github/workflows/nur-update.yaml'
jobs:
update-nur:
name: "Ping NUR repo hook"
runs-on: ubuntu-latest
steps:
- name: curl nur endpoint
run: |
curl -XPOST https://nur-update.nix-community.org/update?repo=alarsyo

1
.gitignore vendored
View file

@ -1 +0,0 @@
/result

1
.lohr
View file

@ -1,4 +1,3 @@
git@github.com:alarsyo/nixos-config
git@gitlab.com:alarsyo/nixos-config
git@git.sr.ht:~alarsyo/nixos-config
git@codeberg.org:alarsyo/nixos-config

53
README.org
View file

@ -1,25 +1,46 @@
#+title: NixOS configurations
#+title: NixOS deployment configuration
Configuration for my computers! You may find here system configurations for
various services I host, as well as my dotfiles for daily programs.
* Services
** Packages
** Bitwarden
Various packages of mine can be found in this repo. You can easily use these
packages from Nix by [[https://github.com/nix-community/NUR][setting up the Nix User Repository]].
Password manager, Rust lightweight version.
*** Flake
** Borg backup
If you prefer, theses packages are also exposed as a *flake* in this repo:
Creating daily backups to borgbase
- To list packages:
** fail2ban
#+begin_src sh
nix flake show
#+end_src
Keeping the bad guys away
- To install one of them:
** Gitea
#+begin_src sh
nix build github:alarsyo/nixos-config#$PACKAGE
#+end_src
Hosting for all my personal projects
** Jellyfin
Netflix but just for me
** Lohr
*** Setup
Needs manual SSH key and known hosts setup.
** Matrix
My Matrix homeserver at =alarsyo.net=. Also hosting an Element web client at
[[https://chat.alarsyo.net][chat.alarsyo.net]].
** Miniflux
RSS reader
** Monitoring
Grafana and Prometheus are currently used as a glorified =htop=.
** Nextcloud
** Wireguard VPN

4
base/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
{ ... }:
{
imports = [
./gui-programs.nix
./networking.nix
./nix.nix
./programs.nix

111
base/gui-programs.nix
View file

@ -1,94 +1,27 @@
{ pkgs, ... }:
{
pkgs,
lib,
config,
options,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
optional
;
in {
options.my.gui = {
enable = mkEnableOption "System has some kind of screen attached";
isNvidia = mkEnableOption "System a NVIDIA GPU";
};
environment.systemPackages = with pkgs; [
alacritty
feh
gnome.nautilus
mpv
pavucontrol
thunderbird
zathura
config = mkIf config.my.gui.enable {
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
};
unstable.discord
unstable.firefox
unstable.element-desktop
unstable.slack
unstable.spotify
unstable.tdesktop
unstable.teams
];
services = {
xserver = {
enable = true;
# NOTE: could use `mkOptionDefault` but this feels more explicit
videoDrivers =
if config.my.gui.isNvidia
then ["nvidia"]
else options.services.xserver.videoDrivers.default;
xkb = {
layout = "fr";
variant = "us";
};
};
networking.networkmanager.enable = true;
programs.nm-applet.enable = true;
programs.steam.enable = true;
libinput = {
enable = true;
touchpad = {
naturalScrolling = true;
};
};
logind.settings.Login.HandleLidSwitch = "suspend";
printing = {
enable = true;
cups-pdf.enable = true;
};
udev.packages = [pkgs.chrysalis];
};
environment.systemPackages = builtins.attrValues {
inherit
(pkgs)
arandr
chrysalis
discord
feh
ffmpeg
firefox
gimp-with-plugins
imagemagick
mpv
obs-studio
pavucontrol
spotify
telegram-desktop
thunderbird
virt-manager
xcolor
zathura
;
inherit (pkgs.kdePackages) okular;
};
networking.networkmanager.enable = true;
programs.nm-applet.enable = true;
programs.steam.enable = true;
# this is necessary to set GTK stuff in home manager
# FIXME: better interdependency between this and the home part
programs.dconf.enable = true;
# NOTE: needed for home emacs configuration
nixpkgs.config.input-fonts.acceptLicense = true;
};
# NOTE: needed for home emacs configuration
nixpkgs.config.input-fonts.acceptLicense = true;
}

11
base/networking.nix
View file

@ -1,11 +1,6 @@
{lib, ...}: let
inherit
(lib)
mkOption
types
;
in {
options.my.networking.externalInterface = mkOption {
{ lib, ... }:
{
options.my.networking.externalInterface = with lib; mkOption {
type = types.nullOr types.str;
default = null;
example = "eth0";

37
base/nix.nix
View file

@ -1,27 +1,28 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
nix = {
package = pkgs.lixPackageSets.latest.lix;
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
trustedUsers = [ "@wheel" ];
binaryCaches = [
"https://alarsyo.cachix.org"
"https://nix-community.cachix.org"
];
binaryCachePublicKeys = [
"alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 60d";
persistent = true;
};
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["@wheel"];
substituters = [
"https://alarsyo.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
dates = "03:15";
options = "--delete-older-than 30d";
};
};
}

82
base/programs.nix
View file

@ -1,48 +1,56 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs = {
fish.enable = true;
gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
};
less.enable = true;
mosh.enable = true;
tmux.enable = true;
ssh = {
startAgent = true;
extraConfig = ''
AddKeysToAgent yes
'';
};
# setcap wrapper for network permissions
bandwhich.enable = true;
};
services.openssh = {
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = true;
};
};
environment.systemPackages = with pkgs; [
# shell usage
bat
fd
ripgrep
sd
tmux
tokei
tree
wget
environment.systemPackages = builtins.attrValues {
inherit
(pkgs)
# shell usage
bat
fd
file
ripgrep
tree
wget
pciutils
usbutils
# development
git
git-crypt
git-lfs
gnumake
gnupg
python3
shellcheck
vim
# terminal utilities
htop
jq
unzip
zip
;
};
# development
git
git-crypt
git-lfs
gnumake
gnupg
pinentry-curses
python3
vim
clang_11
llvmPackages_11.bintools
# terminal utilities
bottom
dogdns
du-dust
htop
stow
tealdeer
# nix pkgs lookup
nix-index
];
}

19
base/users.nix
View file

@ -1,29 +1,22 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in {
in
{
users.mutableUsers = false;
users.users.root = {
hashedPasswordFile = config.age.secrets."users/root-hashed-password".path;
hashedPassword = secrets.shadow-hashed-password-root;
};
users.users.alarsyo = {
hashedPasswordFile = config.age.secrets."users/alarsyo-hashed-password".path;
hashedPassword = secrets.shadow-hashed-password-alarsyo;
isNormalUser = true;
extraGroups = [
"media"
"networkmanager"
"video" # for `light` permissions
"docker"
"wheel" # Enable sudo for the user.
"libvirtd"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMbf1C55Hgprm4Y7iNHae2UhZbLa6SNeurDTOyq2tr1G alarsyo@yubikey"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"
];
};

7
boreal.nix
View file

@ -1,7 +1,9 @@
{...}: {
{ ... }:
{
imports = [
# Default configuration
./base
./base/gui-programs.nix
# Module definitions
./modules
@ -9,6 +11,9 @@
# Service definitions
./services
# Configuration secrets
./secrets
# Host-specific config
./hosts/boreal
];

209
flake.lock generated
View file

@ -1,248 +1,81 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"emacs-overlay": {
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1743598667,
"narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",
"lastModified": 1623609074,
"narHash": "sha256-5r7rpljW3Ck/8I6UFt1QlPUiB7Fa8E2KtRW9u83YC4Y=",
"owner": "nix-community",
"repo": "disko",
"rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",
"repo": "emacs-overlay",
"rev": "d9baacb691afe81a61b5b9f5fd42473710c59581",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"repo": "emacs-overlay",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"lastModified": 1622917919,
"narHash": "sha256-9gAIwbQyLhK78bEV648k4tfLK6JkYiPk9QdTECpLuOE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"rev": "148d85ee8303444fb0116943787aa0b1b25f94df",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-21.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1767910483,
"narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1768397375,
"narHash": "sha256-7QqbFi3ERvKjEdAzEYPv7iSGwpUKSrQW5wPLMFq45AQ=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "efe2094529d69a3f54892771b6be8ee4a0ebef0f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1623576761,
"narHash": "sha256-krXZQ0lObduC95f40K3JwIT//VIBpXBwVNclqh5njtE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "1f91fd1040667e9265a760b0347f8bc416249da7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-21.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
"lastModified": 1623589201,
"narHash": "sha256-f29Rp2XFmfjtwldUyRvMz0X93/Nf6J8i4WBvVVKqCHs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
"rev": "6aa2bb6a818d12d4cf296f736263011611cf2610",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743259260,
"narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1768323494,
"narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"flake-utils": "flake-utils",
"home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

195
flake.nix
View file

@ -5,169 +5,100 @@
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-25.11";
ref = "nixos-21.05";
};
nixpkgs-unstable = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
ref = "nixos-unstable-small";
};
agenix = {
emacs-overlay = {
type = "github";
owner = "ryantm";
repo = "agenix";
owner = "nix-community";
repo = "emacs-overlay";
ref = "master";
};
home-manager = {
type = "github";
owner = "nix-community";
repo = "home-manager";
ref = "release-25.11";
ref = "release-21.05";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
nixos-hardware = {
type = "github";
owner = "NixOS";
repo = "nixos-hardware";
ref = "master";
};
disko = {
type = "github";
owner = "nix-community";
repo = "disko";
ref = "master";
};
};
outputs = {
self,
nixpkgs,
home-manager,
agenix,
disko,
...
} @ inputs:
{
nixosModules = {
home = {
home-manager.backupFileExtension = "hm-backup";
outputs = { self,
nixpkgs,
nixpkgs-unstable,
emacs-overlay,
home-manager }: {
nixosConfigurations.poseidon = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
./poseidon.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
};
nix-registry = {
nix.registry.nixpkgs.flake = nixpkgs;
nix.registry.unstable.flake = inputs.nixpkgs-unstable;
};
};
overlays = import ./overlays;
nixosConfigurations = let
system = "x86_64-linux";
shared_overlays =
[
(self: super: {
packages = import ./pkgs {pkgs = super;};
}
{
nixpkgs.overlays = [
(final: prev: {
# packages accessible through pkgs.unstable.package
unstable = import inputs.nixpkgs-unstable {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
}
];
};
nixosConfigurations.boreal = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
./boreal.nix
agenix.overlays.default
]
++ builtins.attrValues self.overlays;
sharedModules =
[
agenix.nixosModules.default
home-manager.nixosModules.default
{
nixpkgs = {
overlays = shared_overlays;
config.permittedInsecurePackages = [];
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
}
{
nixpkgs.overlays = [
emacs-overlay.overlay
(self: super: {
packages = import ./pkgs { pkgs = super; };
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
hardware.enableRedistributableFirmware = true;
}
]
++ (nixpkgs.lib.attrValues self.nixosModules);
in {
hades = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
./hades.nix
]
++ sharedModules;
};
boreal = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
./boreal.nix
steam = self.unstable.steam;
})
{
nixpkgs.overlays = [
# uncomment this to build everything from scratch, fun but takes a
# while
#
# (self: super: {
# stdenv = super.impureUseNativeOptimizations super.stdenv;
# })
];
}
]
++ sharedModules;
};
talos = nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
disko.nixosModules.default
./talos.nix
]
++ sharedModules;
};
thanatos = nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
disko.nixosModules.default
./thanatos.nix
]
++ sharedModules;
};
};
}
// inputs.flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
in {
packages =
inputs.flake-utils.lib.flattenTree
(import ./pkgs {inherit pkgs;});
devShells.default = pkgs.mkShellNoCC {
buildInputs = [
pkgs.alejandra
];
};
});
# uncomment this to build everything from scratch, fun but takes a
# while
#
# (self: super: {
# stdenv = super.impureUseNativeOptimizations super.stdenv;
# })
];
}
];
};
};
}

23
hades.nix
View file

@ -1,23 +0,0 @@
{...}: {
imports = [
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services
# Host-specific config
./hosts/hades
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

30
home/alacritty.nix
View file

@ -1,29 +1,16 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.alacritty;
alacrittyTheme = config.my.theme.alacrittyTheme;
in {
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // {default = config.my.home.x.enable;};
in
{
options.my.home.alacritty.enable = lib.mkEnableOption "Alacritty terminal";
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
programs.alacritty = {
enable = true;
settings = {
env = {
WINIT_X11_SCALE_FACTOR = "1.0";
};
window = {
padding = {
x = 8;
@ -43,8 +30,9 @@ in {
};
};
home.packages = [pkgs.iosevka-bin];
home.packages = with pkgs; [
iosevka-bin
];
# make sure font is discoverable
fonts.fontconfig.enable = true;
};

28
home/bat.nix
View file

@ -1,28 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.bat;
batTheme = config.my.theme.batTheme;
in {
options.my.home.bat = {
enable = (mkEnableOption "bat code display tool") // {default = true;};
};
config = mkIf cfg.enable {
programs.bat = {
enable = true;
config = {
theme = batTheme.name;
};
};
};
}

28
home/default.nix
View file

@ -1,35 +1,19 @@
{config, ...}: {
{ ... }:
{
imports = [
./alacritty.nix
./bat.nix
./direnv.nix
./emacs.nix
./env.nix
./firefox.nix
./fish
./flameshot.nix
./git.nix
./gtk.nix
./jj.nix
./laptop.nix
./mail.nix
./rbw.nix
./rofi.nix
./ssh.nix
./secrets
./starship.nix
./themes
./tmux.nix
./tridactyl.nix
./x
];
home.username = "alarsyo";
home.stateVersion = "20.09";
home.sessionVariables = let
gpgPackage = config.programs.gpg.package;
in {
BROWSER = "firefox";
# FIXME: only set if gpg-agent not in use, otherwise home manager already does that
SSH_AUTH_SOCK = "$(${gpgPackage}/bin/gpgconf --list-dirs agent-ssh-socket)";
XDG_DATA_HOME = "$HOME/.local/share";
};
home.username = "alarsyo";
}

26
home/direnv.nix
View file

@ -1,26 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.direnv;
in {
options.my.home.direnv = {
enable = (mkEnableOption "setup direnv usage") // {default = true;};
};
config = mkIf cfg.enable {
programs.direnv = {
enable = true;
nix-direnv = {
enable = true;
};
};
};
}

51
home/emacs.nix
View file

@ -1,39 +1,17 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
in {
options.my.home.emacs = {
options.my.home.emacs = with lib; {
enable = mkEnableOption "Emacs daemon configuration";
};
config = mkIf config.my.home.emacs.enable {
home.sessionPath = ["${config.xdg.configHome}/emacs/bin"];
home.sessionVariables = {
EDITOR = "emacsclient -t";
};
config = lib.mkIf config.my.home.emacs.enable {
home.packages = with pkgs; [
sqlite # needed by org-roam
home.packages = builtins.attrValues {
inherit
(pkgs)
sqlite # needed by org-roam
# fonts used by my config
emacs-all-the-icons-fonts
;
inherit
(pkgs.nerd-fonts)
iosevka
;
};
# fonts used by my config
emacs-all-the-icons-fonts
iosevka-bin
];
# make sure above fonts are discoverable
fonts.fontconfig.enable = true;
@ -41,20 +19,11 @@ in {
enable = true;
# generate emacsclient desktop file
client.enable = true;
socketActivation.enable = true;
};
programs.emacs = {
enable = true;
package = pkgs.emacs30-pgtk;
extraPackages = epkgs: [
epkgs.vterm
epkgs.pdf-tools
epkgs.mu4e
epkgs.treesit-grammars.with-all-grammars
pkgs.lilypond
];
package = pkgs.emacsPgtkGcc;
};
};
}

4
home/env.nix
View file

@ -1,5 +1,7 @@
{config, ...}: {
{ config, ... }:
{
home.sessionPath = [
"${config.xdg.configHome}/emacs/bin"
"${config.home.homeDirectory}/.cargo/bin"
"${config.home.homeDirectory}/.local/bin"
];

29
home/firefox.nix
View file

@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.firefox;
in {
options.my.home.firefox = {
enable = (mkEnableOption "firefox config") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.tridactyl-native
];
};
};
};
}

38
home/fish/default.nix
View file

@ -1,39 +1,15 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, ... }:
let
cfg = config.my.home.fish;
in {
options.my.home.fish.enable = (mkEnableOption "Fish shell") // {default = true;};
config = mkIf cfg.enable {
home.sessionVariables = {
# automatically prompt to run program in nix-shell if it's not installed
NIX_AUTO_RUN = "1";
NIX_AUTO_RUN_INTERACTIVE = "1";
};
in
{
options.my.home.fish.enable = lib.mkEnableOption "Fish shell";
config = lib.mkIf cfg.enable {
programs.fish = {
enable = true;
shellAliases = {
"bt" = "bluetoothctl";
};
shellAbbrs = {
"bton" = "bluetoothctl power on";
"btoff" = "bluetoothctl power off";
"btcon" = "bluetoothctl connect";
"btdis" = "bluetoothctl disconnect";
"btinfo" = "bluetoothctl info";
};
};
xdg.configFile."fish/functions" = {source = ./. + "/functions";};
xdg.configFile."fish/functions" = { source = ./. + "/functions"; };
};
}

23
home/fish/functions/dock.fish
View file

@ -1,23 +0,0 @@
function dock
xrandr \
--output eDP-1 --mode 1920x1080 --pos 0x120 --rotate normal \
--output HDMI-1 --off \
--output DP-1 --off \
--output DP-2 --off \
--output DP-3 --primary --mode 1920x1200 --pos 1920x0 --rotate normal \
--output DP-4 --mode 1920x1200 --pos 3840x0 --rotate normal \
--output DP-4 --off \
--output DP-5 --off
i3-msg -q '[workspace="1"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="2"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="3"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="4"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="5"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="7"]' move workspace to output eDP-1 2>/dev/null
i3-msg -q '[workspace="8"]' move workspace to output DP-4 2>/dev/null
i3-msg -q '[workspace="9"]' move workspace to output DP-4 2>/dev/null
i3-msg -q '[workspace="10"]' move workspace to output DP-4 2>/dev/null
end

16
home/fish/functions/dock2.fish
View file

@ -1,16 +0,0 @@
function dock2
xrandr \
--output eDP-1 --mode 1920x1080 --pos 2560x0 --rotate normal \
--output DP-1 --primary --mode 2560x1440 --pos 0x0 --rotate normal \
--output HDMI-1 --off \
--output DP-2 --off \
--output HDMI-2 --off
i3-msg -q '[workspace="1"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="2"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="3"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="4"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="9"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="10"]' move workspace to output eDP-1 2>/dev/null
end

5
home/fish/functions/exit.fish
View file

@ -1,5 +0,0 @@
function exit \
--description "Disown all jobs started from this shell to avoid killing them on exit" \
--on-event fish_exit
jobs -q; and disown (jobs -p)
end

3
home/fish/functions/magit.fish
View file

@ -1,3 +0,0 @@
function magit
emacsclient --tty --eval '(magit-status)' --suppress-output
end

5
home/fish/functions/nfl.fish
View file

@ -1,4 +1,7 @@
function nfl
set -l flags "--commit-lock-file"
nix flake update $flags $argv
for flake in $argv
set -a flags "--update-input" "$flake"
end
nix flake lock $flags
end

10
home/fish/functions/undock.fish
View file

@ -1,10 +0,0 @@
function undock
xrandr \
--output eDP-1 --primary --mode 1920x1080 --pos 0x0 --rotate normal \
--output HDMI-1 --off \
--output DP-1 --off \
--output DP-2 --off \
--output DP-3 --off \
--output DP-4 --off \
--output DP-5 --off
end

8
home/fish/functions/undock2.fish
View file

@ -1,8 +0,0 @@
function undock2
xrandr \
--output eDP-1 --primary --mode 1920x1080 --rotate normal \
--output DP-1 --off \
--output HDMI-1 --off \
--output DP-2 --off \
--output HDMI-2 --off
end

14
home/fish/functions/wake.fish
View file

@ -1,14 +0,0 @@
function wake -d "Wake-on-WiFi shortcut" -a host
if not set -q host[1]
echo "Usage: wake HOSTNAME"
return 1
end
switch $host
case boreal
ssh -t pi@pi.alarsyo.net "bash -ic wakywaky"
case *
echo "Unknown host!"
return 1
end
end

20
home/flameshot.nix
View file

@ -1,21 +1,13 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, ... }:
let
cfg = config.my.home.flameshot;
in {
options.my.home.flameshot = {
in
{
options.my.home.flameshot = with lib; {
enable = mkEnableOption "flameshot autolaunch";
};
config.services.flameshot = mkIf cfg.enable {
config.services.flameshot = lib.mkIf cfg.enable {
enable = true;
};
}

69
home/git.nix
View file

@ -1,69 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.git;
in {
options.my.home.git.enable = (mkEnableOption "Git configuration") // {default = true;};
config = mkIf cfg.enable {
programs.git = {
enable = true;
lfs.enable = true;
settings = {
user = {
name = "Antoine Martin";
email = "antoine@alarsyo.net";
};
alias = {
push-wip = "push -o ci.skip";
push-merge = "push -o merge_request.create -o merge_request.merge_when_pipeline_succeeds -o merge_request.remove_source_branch";
push-mr = "push -o merge_request.create -o merge_request.remove_source_branch";
};
commit = {verbose = true;};
core = {editor = "vim";};
init = {defaultBranch = "main";};
pull = {rebase = true;};
rerere = {enabled = true;};
maintenance.prefetch.enabled = false;
};
includes = [
{
condition = "gitdir:~/work/lrde/";
contents = {user = {email = "amartin@lrde.epita.fr";};};
}
{
condition = "gitdir:~/work/prologin/";
contents = {user = {email = "antoine.martin@prologin.org";};};
}
{
condition = "gitdir:~/work/epita/";
contents = {user = {email = "antoine4.martin@epita.fr";};};
}
];
ignores = [
"/.direnv/"
"/.envrc"
];
};
programs.delta = {
enable = true;
enableGitIntegration = true;
options = {
syntax-theme = "Solarized (light)";
};
};
};
}

40
home/gtk.nix
View file

@ -1,40 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.my.home.gtk;
in {
options.my.home.gtk = with lib; {
enable = (mkEnableOption "GTK configuration") // {default = config.my.home.x.enable;};
};
config.gtk = lib.mkIf cfg.enable {
enable = true;
font = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
gtk2 = {
# No garbage polluting my $HOME
#
# I had this enabled but some program somehow couldn't find my
# configuration there. I think it was nm-applet.
#
#configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
};
iconTheme = {
package = pkgs.gnome-themes-extra;
name = "Adwaita";
};
theme = {
package = pkgs.gnome-themes-extra;
name = "Adwaita";
};
};
}

8
home/jj.nix
View file

@ -1,8 +0,0 @@
{pkgs, ...}: {
home.packages = [
pkgs.unstable.jujutsu
];
xdg.configFile = {
"jj/config.toml".source = ./jj/config.toml;
};
}

106
home/jj/config.toml
View file

@ -1,106 +0,0 @@
[user]
name = "Antoine Martin"
email = "antoine@alarsyo.net"
[ui]
diff-editor = ":builtin"
paginate = "auto"
editor = "vim"
pager = "less -FRX"
default-command = "logstatus"
[ui.movement]
edit = false
[git]
subprocess = true
[snapshot]
auto-track = "none()"
[aliases]
pdiff = ["diff", "-r", "@-"]
tug = ["bookmark", "move", "--from", "closest_bookmark(@-)", "--to", "@-"]
ll = ["log", "-T", "builtin_log_detailed"]
l = ["log", "-T", "builtin_log_compact"]
logstatus = ["util", "exec", "--", "sh", "-c", "jj status && jj log"]
[revset-aliases]
'closest_bookmark(to)' = 'heads(::to & bookmarks())'
[templates]
log = "builtin_log_comfortable"
log_node = '''
coalesce(
if(!self, label("elided", "~")),
label(
separate(" ",
if(current_working_copy, "working_copy"),
if(immutable, "immutable"),
if(conflict, "conflict"),
if(description.starts_with("wip:"), "wip"),
if(description.starts_with("private:"), "private"),
),
coalesce(
if(current_working_copy, "@"),
if(immutable, "◆"),
if(conflict, "×"),
if(description.starts_with("wip:"), "!"),
if(description.starts_with("private:"), "!"),
"○",
)
)
)
'''
draft_commit_description = "commit_description_verbose(self)"
[template-aliases]
"commit_description_verbose(commit)" = '''
concat(
commit_description(commit),
"JJ: ignore-rest\n",
diff.git(),
)
'''
"changelog_entry(file)" = '''
concat(
"* ",
f.path(),
":\n",
)
'''
"commit_description_changelog(commit)" = '''
concat(
commit.description(), "\n",
surround("", "\n", diff.files().map(|f| if(!commit.description().contains(f.path()),
changelog_entry(f)
)
).join("")),
"JJ: This commit contains the following changes:\n",
indent("JJ: ", diff.stat(72)),
)
'''
"commit_description(commit)" = '''
concat(
commit.description(), "\n",
"JJ: This commit contains the following changes:\n",
indent("JJ: ", diff.stat(72)),
)
'''
[[--scope]]
--when.repositories = ["~/work/lrde/"]
[--scope.user]
email = "amartin@lrde.epita.fr"
[[--scope]]
--when.repositories = ["~/work/prologin/"]
[--scope.user]
email = "antoine.martin@prologin.org"
[[--scope]]
--when.repositories = ["~/work/epita/"]
[--scope.user]
email = "antoine4.martin@epita.fr"

14
home/laptop.nix
View file

@ -1,14 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
options.my.home.laptop = {
enable = mkEnableOption "Laptop settings";
};
}

190
home/mail.nix
View file

@ -1,190 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mapAttrs
mkEnableOption
mkIf
;
inherit
(builtins)
typeOf
;
myName = "Antoine Martin";
email_perso = "antoine@alarsyo.net";
email_lrde = "amartin@lrde.epita.fr";
email_prologin = "antoine.martin@prologin.org";
cfg = config.my.home.mail;
make_mbsync_channel = patterns:
(
if (typeOf patterns) == "list"
then {
inherit patterns;
}
else {
farPattern = patterns.far;
nearPattern = patterns.near;
}
)
// {
extraConfig = {
Create = "Both";
Expunge = "Both";
Remove = "None";
SyncState = "*";
};
};
make_mbsync_channels = mapAttrs (_: value: make_mbsync_channel value);
gmail_far_near_patterns = {
sent = {
far = "[Gmail]/Sent Mail";
near = "Sent";
};
drafts = {
far = "[Gmail]/Drafts";
near = "Drafts";
};
junk = {
far = "[Gmail]/Spam";
near = "Junk";
};
trash = {
far = "[Gmail]/Trash";
near = "Trash";
};
};
gmail_mbsync_channels = make_mbsync_channels gmail_far_near_patterns;
in {
options.my.home.mail = {
# I *could* read email in a terminal emacs client on a server, but in
# practice I don't think it'll happen very often, so let's enable this only
# when I'm on a machine with a Xorg server.
enable = (mkEnableOption "email configuration") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
accounts.email = {
maildirBasePath = "${config.home.homeDirectory}/.mail";
accounts = {
alarsyo = {
address = email_perso;
userName = email_perso;
realName = myName;
aliases = [
"alarsyo@alarsyo.net"
"antoine@amartin.email"
"mail@antoinemartin.fr"
];
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}";
primary = true;
mbsync = {
enable = true;
create = "both";
expunge = "both";
groups = {
alarsyo-main.channels = make_mbsync_channels {
main = ["INBOX" "Sent" "Drafts" "Junk" "Trash"];
};
alarsyo-full.channels = make_mbsync_channels {
full = ["*" "!INBOX" "!Sent" "!Drafts" "!Junk" "!Trash"];
};
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.migadu.com";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.migadu.com";
port = 465;
tls.enable = true;
};
};
lrde = {
address = email_lrde;
userName = "amartin";
realName = myName;
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get lre.epita.fr amartin";
mbsync = {
enable = true;
create = "both";
expunge = "both";
patterns = ["*" "!Archives*"];
extraConfig.account = {
# otherwise mbsync tries GSSAPI, but I don't have Kerberos setup
# on this machine
AuthMechs = "LOGIN";
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.lrde.epita.fr";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.lrde.epita.fr";
port = 465;
tls.enable = true;
};
};
prologin = {
address = email_prologin;
userName = email_prologin;
realName = myName;
aliases = [
"alarsyo@prologin.org"
];
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get google.com ${email_prologin}-mailpass";
primary = false;
mbsync = {
enable = true;
create = "both";
expunge = "both";
groups = {
prologin-main.channels =
(make_mbsync_channels {
main = ["INBOX" "membres@"];
})
// gmail_mbsync_channels;
prologin-info.channels = make_mbsync_channels {
info = ["info@" "info@gcc"];
};
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true;
};
};
};
};
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.mu.enable = true;
};
}

56
home/rbw.nix
View file

@ -1,56 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.mail;
in {
options.my.home.rbw = {
enable = mkEnableOption "rbw configuration";
};
config = mkIf cfg.enable {
programs.rbw = {
enable = true;
settings = {
email = "antoine@alarsyo.net";
base_url = "https://pass.alarsyo.net";
lock_timeout = 60 * 60 * 12;
pinentry = pkgs.pinentry-qt;
};
};
# `rbw-agent` should be launched on first call to `rbw`, so this shouldn't
# be necessary.
#
# However, if for instance `rbw` if first called by the emacs-daemon (when
# accessing an IMAP account password), then restarting the user service
# associated to the emacs daemon also kills the rbw-agent it spawned,
# resetting the lock status and prompting for a passphrase again.
#
# This user service makes sure the rbw-agent is started when the user
# session launches.
systemd.user.services.rbw = {
Unit = {
Description = "rbw agent autostart";
After = "graphical-session.target";
PartOf = "graphical-session.target";
};
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${pkgs.rbw}/bin/rbw-agent";
Restart = "on-abort";
Type = "forking";
PIDFile = "%t/rbw/pidfile";
};
};
};
}

26
home/rofi.nix
View file

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.rofi;
in {
options.my.home.rofi = {
enable = (mkEnableOption "rofi configuration") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
programs.rofi = {
enable = true;
terminal = "${pkgs.alacritty}/bin/alacritty";
};
};
}

BIN
home/secrets/bluetooth-mouse-mac-address.secret Normal file
View file

Binary file not shown.

13
home/secrets/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, ... }:
with lib;
{
options.my.secrets = mkOption {
type = types.attrs;
};
config.my.secrets = {
# I'm not sure hiding this is very important, but it *seems* like a bad idea
# to expose this
bluetooth-mouse-mac-address = fileContents ./bluetooth-mouse-mac-address.secret;
};
}

63
home/ssh.nix
View file

@ -1,63 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.ssh;
in {
options.my.home.ssh = {
enable = (mkEnableOption "ssh configuration") // {default = true;};
};
config = mkIf cfg.enable {
programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = let
addGPGAgentForwarding = hostConf:
{
remoteForwards = [
{
# shhhh this is a path but it works
bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
}
];
}
// hostConf;
in {
boreal = addGPGAgentForwarding {hostname = "boreal.alarsyo.net";};
hades = addGPGAgentForwarding {hostname = "hades.alarsyo.net";};
thanatos = addGPGAgentForwarding {hostname = "thanatos.alarsyo.net";};
pi = addGPGAgentForwarding {
hostname = "pi.alarsyo.net";
user = "pi";
};
"thanatos.lrde.epita.fr" =
lib.hm.dag.entryBefore ["*.lrde.epita.fr"]
(addGPGAgentForwarding {
user = "alarsyo";
});
"*.lrde.epita.fr" = {
user = "amartin";
};
lrde-proxyjump = {
host = "*.lrde.epita.fr !ssh.lrde.epita.fr";
proxyJump = "ssh.lrde.epita.fr";
};
};
includes = ["prologin_config"];
};
};
}

17
home/starship.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
let
cfg = config.my.home.starship;
in
{
options.my.home.starship.enable = lib.mkEnableOption "Starship.rs prompt";
config = lib.mkIf cfg.enable {
programs.starship = {
enable = true;
enableFishIntegration = true;
settings = {
add_newline = false;
};
};
};
}

122
home/themes/alacritty.nix
View file

@ -1,11 +1,7 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
{ lib }:
with lib;
let
mkColorOption = import ./color.nix { inherit lib; };
primaryColorModule = types.submodule {
options = {
@ -34,60 +30,60 @@
};
};
in
types.submodule {
options = {
primary = mkOption {
type = primaryColorModule;
default = {
foreground = "#c5c8c6";
background = "#1d1f21";
};
};
cursor = mkOption {
type = cursorColorModule;
default = {
text = "#1d1f21";
cursor = "#c5c8c6";
};
};
normal = mkOption {
type = rainbowColorModule;
default = {
black = "#1d1f21";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#c5c8c6";
};
};
bright = mkOption {
type = rainbowColorModule;
default = {
black = "#666666";
red = "#d54e53";
green = "#b9ca4a";
yellow = "#e7c547";
blue = "#7aa6da";
magenta = "#c397d8";
cyan = "#70c0b1";
white = "#eaeaea";
};
};
dim = mkOption {
type = rainbowColorModule;
default = {
black = "#131415";
red = "#864343";
green = "#777c44";
yellow = "#9e824c";
blue = "#556a7d";
magenta = "#75617b";
cyan = "#5b7d78";
white = "#828482";
};
types.submodule {
options = {
primary = mkOption {
type = primaryColorModule;
default = {
foreground = "#c5c8c6";
background = "#1d1f21";
};
};
}
cursor = mkOption {
type = cursorColorModule;
default = {
text = "#1d1f21";
cursor = "#c5c8c6";
};
};
normal = mkOption {
type = rainbowColorModule;
default = {
black = "#1d1f21";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#c5c8c6";
};
};
bright = mkOption {
type = rainbowColorModule;
default = {
black = "#666666";
red = "#d54e53";
green = "#b9ca4a";
yellow = "#e7c547";
blue = "#7aa6da";
magenta = "#c397d8";
cyan = "#70c0b1";
white = "#eaeaea";
};
};
dim = mkOption {
type = rainbowColorModule;
default = {
black = "#131415";
red = "#864343";
green = "#777c44";
yellow = "#9e824c";
blue = "#556a7d";
magenta = "#75617b";
cyan = "#5b7d78";
white = "#828482";
};
};
};
}

15
home/themes/bat.nix
View file

@ -1,15 +0,0 @@
{lib}: let
inherit
(lib)
mkOption
types
;
in
types.submodule {
options = {
name = mkOption {
type = types.str;
default = "";
};
};
}

25
home/themes/color.nix
View file

@ -1,18 +1,9 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = {
default ? "#000000",
description ? "",
}:
mkOption {
inherit description default;
example = "#abcdef";
type = types.strMatching "#[0-9a-f]{6}";
};
{ lib }:
let
mkColorOption = with lib; {default ? "#000000", description ? "" }: mkOption {
inherit description default;
example = "#abcdef";
type = types.strMatching "#[0-9a-f]{6}";
};
in
mkColorOption
mkColorOption

33
home/themes/default.nix
View file

@ -1,42 +1,31 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkOption
types
;
{ config, lib, ... }:
with lib;
let
themeType = types.submodule {
options = {
alacrittyTheme = mkOption {
type = import ./alacritty.nix {inherit lib;};
default = {};
};
batTheme = mkOption {
type = import ./bat.nix {inherit lib;};
type = import ./alacritty.nix { inherit lib; };
default = {};
};
i3Theme = mkOption {
type = import ./i3.nix {inherit lib;};
type = import ./i3.nix { inherit lib; };
default = {};
};
i3BarTheme = mkOption {
type = import ./i3bar.nix {inherit lib;};
type = import ./i3bar.nix { inherit lib; };
default = {};
};
};
};
in {
in
{
options.my.theme = mkOption {
type = themeType;
default = {};
type = themeType;
default = {};
};
options.my.themes = mkOption {
type = types.attrsOf themeType;
type = with types; attrsOf themeType;
};
config.my.themes = {

301
home/themes/i3.nix
View file

@ -1,11 +1,7 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
{ lib }:
with lib;
let
mkColorOption = import ./color.nix { inherit lib; };
barColorSetModule = types.submodule {
options = {
@ -25,164 +21,165 @@
};
};
in
types.submodule {
options = {
bar = mkOption {
type = types.submodule {
options = {
background = mkColorOption {
default = "#000000";
description = "Background color of the bar.";
};
types.submodule {
options = {
bar = mkOption {
type = types.submodule {
options = {
background = mkColorOption {
default = "#000000";
description = "Background color of the bar.";
};
statusline = mkColorOption {
default = "#ffffff";
description = "Text color to be used for the statusline.";
};
statusline = mkColorOption {
default = "#ffffff";
description = "Text color to be used for the statusline.";
};
separator = mkColorOption {
default = "#666666";
description = "Text color to be used for the separator.";
};
separator = mkColorOption {
default = "#666666";
description = "Text color to be used for the separator.";
};
focusedWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace has focus.
'';
focusedWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace has focus.
'';
};
activeWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace is active.
'';
activeWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace is active.
'';
};
inactiveWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
};
description = ''
Border, background and text color for a workspace button when the workspace does not
have focus and is not active.
'';
inactiveWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
};
description = ''
Border, background and text color for a workspace button when the workspace does not
have focus and is not active.
'';
};
urgentWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace contains
a window with the urgency hint set.
'';
urgentWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace contains
a window with the urgency hint set.
'';
};
bindingMode = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description = "Border, background and text color for the binding mode indicator";
bindingMode = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description =
"Border, background and text color for the binding mode indicator";
};
};
default = {};
};
background = mkOption {
type = types.str;
default = "#ffffff";
description = ''
Background color of the window. Only applications which do not cover
the whole area expose the color.
'';
};
focused = mkOption {
type = colorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
indicator = "#2e9ef4";
childBorder = "#285577";
};
description = "A window which currently has the focus.";
};
focusedInactive = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
indicator = "#484e50";
childBorder = "#5f676a";
};
description = ''
A window which is the focused one of its container,
but it does not have the focus at the moment.
'';
};
unfocused = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
indicator = "#292d2e";
childBorder = "#222222";
};
description = "A window which is not focused.";
};
urgent = mkOption {
type = colorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
indicator = "#900000";
childBorder = "#900000";
};
description = "A window which has its urgency hint activated.";
};
placeholder = mkOption {
type = colorSetModule;
default = {
border = "#000000";
background = "#0c0c0c";
text = "#ffffff";
indicator = "#000000";
childBorder = "#0c0c0c";
};
description = ''
Background and text color are used to draw placeholder window
contents (when restoring layouts). Border and indicator are ignored.
'';
};
default = {};
};
}
background = mkOption {
type = types.str;
default = "#ffffff";
description = ''
Background color of the window. Only applications which do not cover
the whole area expose the color.
'';
};
focused = mkOption {
type = colorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
indicator = "#2e9ef4";
childBorder = "#285577";
};
description = "A window which currently has the focus.";
};
focusedInactive = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
indicator = "#484e50";
childBorder = "#5f676a";
};
description = ''
A window which is the focused one of its container,
but it does not have the focus at the moment.
'';
};
unfocused = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
indicator = "#292d2e";
childBorder = "#222222";
};
description = "A window which is not focused.";
};
urgent = mkOption {
type = colorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
indicator = "#900000";
childBorder = "#900000";
};
description = "A window which has its urgency hint activated.";
};
placeholder = mkOption {
type = colorSetModule;
default = {
border = "#000000";
background = "#0c0c0c";
text = "#ffffff";
indicator = "#000000";
childBorder = "#0c0c0c";
};
description = ''
Background and text color are used to draw placeholder window
contents (when restoring layouts). Border and indicator are ignored.
'';
};
};
}

42
home/themes/i3bar.nix
View file

@ -1,28 +1,24 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
{ lib }:
with lib;
let
mkColorOption = import ./color.nix { inherit lib; };
in
types.submodule {
options = {
theme = mkOption {
type = types.submodule {
options = {
name = mkOption {
type = types.str;
default = "plain";
};
overrides = mkOption {
type = types.attrsOf types.str;
default = {};
};
types.submodule {
options = {
theme = mkOption {
type = types.submodule {
options = {
name = mkOption {
type = types.str;
default = "plain";
};
overrides = mkOption {
type = types.attrsOf types.str;
default = {};
};
};
default = {};
};
default = {};
};
}
};
}

24
home/themes/solarizedLight/alacritty.nix
View file

@ -1,24 +1,8 @@
let
inherit
(import ./colors.nix)
base0
base00
base01
base02
base03
base1
base2
base3
blue
cyan
green
magenta
orange
red
violet
yellow
;
in {
colors = import ./colors.nix;
in
with colors;
{
primary = {
background = base3;
foreground = base00;

3
home/themes/solarizedLight/bat.nix
View file

@ -1,3 +0,0 @@
{
name = "Solarized (light)";
}

30
home/themes/solarizedLight/colors.nix
View file

@ -1,18 +1,18 @@
{
base03 = "#002b36"; # brblack
base02 = "#073642"; # black
base01 = "#586e75"; # brgreen
base00 = "#657b83"; # bryellow
base0 = "#839496"; # brblue
base1 = "#93a1a1"; # brcyan
base2 = "#eee8d5"; # white
base3 = "#fdf6e3"; # brwhite
yellow = "#b58900"; # yellow
orange = "#cb4b16"; # brred
red = "#dc322f"; # red
base03 = "#002b36"; # brblack
base02 = "#073642"; # black
base01 = "#586e75"; # brgreen
base00 = "#657b83"; # bryellow
base0 = "#839496"; # brblue
base1 = "#93a1a1"; # brcyan
base2 = "#eee8d5"; # white
base3 = "#fdf6e3"; # brwhite
yellow = "#b58900"; # yellow
orange = "#cb4b16"; # brred
red = "#dc322f"; # red
magenta = "#d33682"; # magenta
violet = "#6c71c4"; # brmagenta
blue = "#268bd2"; # blue
cyan = "#2aa198"; # cyan
green = "#859900"; # green
violet = "#6c71c4"; # brmagenta
blue = "#268bd2"; # blue
cyan = "#2aa198"; # cyan
green = "#859900"; # green
}

3
home/themes/solarizedLight/default.nix
View file

@ -1,6 +1,5 @@
{
alacrittyTheme = import ./alacritty.nix;
batTheme = import ./bat.nix;
i3Theme = import ./i3.nix;
i3BarTheme = import ./i3bar.nix;
alacrittyTheme = import ./alacritty.nix;
}

16
home/themes/solarizedLight/i3.nix
View file

@ -1,16 +1,8 @@
let
inherit
(import ./colors.nix)
base00
base2
base3
blue
magenta
orange
red
yellow
;
in {
colors = import ./colors.nix;
in
with colors;
{
bar = {
background = base3;
statusline = yellow;

15
home/themes/solarizedLight/i3bar.nix
View file

@ -1,15 +1,8 @@
let
inherit
(import ./colors.nix)
base00
base2
base3
blue
green
red
yellow
;
in {
colors = import ./colors.nix;
in
with colors;
{
theme = {
name = "solarized-light";
overrides = {

51
home/tmux.nix
View file

@ -1,46 +1,15 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.tmux;
in {
options.my.home.tmux = {
enable = (mkEnableOption "tmux dotfiles") // {default = true;};
in
{
options.my.home.tmux = with lib; {
enable = mkEnableOption "tmux dotfiles";
};
config = mkIf cfg.enable {
programs.tmux = {
enable = true;
escapeTime = 0;
baseIndex = 1;
terminal = "screen-256color";
clock24 = true;
plugins = let
inherit (pkgs) tmuxPlugins;
in [
{
plugin = tmuxPlugins.cpu;
extraConfig = ''
set -g status-right 'CPU: #{cpu_percentage} | %a %d-%h %H:%M '
'';
}
{
plugin = pkgs.tmuxPlugins.catppuccin;
extraConfig = ''
set -g @catppuccin_flavor 'latte'
set -g @catppuccin_window_status_style "rounded"
'';
}
];
};
config.programs.tmux = lib.mkIf cfg.enable {
enable = true;
baseIndex = 1;
terminal = "screen-256color";
};
}

21
home/tridactyl.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.tridactyl;
in {
options.my.home.tridactyl = {
enable = (mkEnableOption "tridactyl code display tool") // {default = config.my.home.firefox.enable;};
};
config = mkIf cfg.enable {
xdg.configFile."tridactyl/tridactylrc".source = ./tridactylrc;
};
}

51
home/tridactylrc
View file

@ -1,51 +0,0 @@
" -*- tridactylrc -*-
" This wipes all existing settings. This means that if a setting in this file is
" removed, then it will return to default. In other words, this file serves as
" as an enforced single point of truth for Tridactyl's configuration.
sanitize tridactyllocal tridactylsync
" Ergo-L chars, alternating between right and left hand. I also omitted
" punctuation like `-` and `,`. Tridactyl supports it but the visual hints won't
" look as good.
set hintchars rnteisualfhvdockzgxyq
" Ctrl-F should use the browser's native 'find' functionality.
unbind <C-f>
" Tridactyl has an incomplete find mode
bind / fillcmdline find
bind ? fillcmdline find -?
bind n findnext 1
bind N findnext -1
bind ,<Space> nohlsearch
" case insensitive if lowercase, case sensitive if using some uppercase letters
set findcase smart
set modeindicatormodes {"ignore": "false"}
" New reddit is bad
" autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
" Orange site / Reddit / Lobste.rs specific hints to toggle comments
bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"]
" Use emacs as editor
set editorcmd emacsclient -c
" copy all the things
set yankto both
blacklistadd calendar.google.com
blacklistadd keybr.com
blacklistadd ergol.org
blacklistadd monkeytype.com
blacklistadd jellyfin.alarsyo.net
blacklistadd localhost
blacklistadd netflix.com
blacklistadd primevideo.com
blacklistadd youtube.com
" prevent teams from crashing
seturl teams.microsoft.com superignore true

38
home/x/cursor.nix
View file

@ -1,31 +1,17 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.x.cursor;
in {
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;};
in
{
options.my.home.x.cursor.enable = lib.mkEnableOption "X cursor";
config = mkIf cfg.enable {
home.pointerCursor = {
#package = pkgs.capitaine-cursors;
#name = "capitaine-cursors";
#package = pkgs.catppuccin-cursors.frappeDark;
#name = "catppuccin-frappe-dark-cursors";
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
# https://unix.stackexchange.com/a/743543
size = 24;
x11.enable = true;
gtk.enable = true;
config = lib.mkIf cfg.enable {
xsession.pointerCursor = {
package = pkgs.capitaine-cursors;
name = "capitaine-cursors";
# available sizes for capitaine-cursors are:
# 24, 30, 36, 48, 60, 72
size = 30;
};
};
}

13
home/x/default.nix
View file

@ -1,21 +1,12 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
imports = [
./cursor.nix
./i3.nix
./i3bar.nix
];
options.my.home.x = {
options.my.home.x = with lib; {
enable = mkEnableOption "X server configuration";
};
}

192
home/x/i3.nix
View file

@ -1,17 +1,6 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
mkOptionDefault
;
isEnabled = config.my.home.x.i3.enable;
{ config, lib, pkgs, ... }:
let
isEnabled = config.my.home.x.enable;
myTerminal =
# FIXME: fix when terminal is setup in home
@ -26,20 +15,16 @@
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
i3Theme = config.my.theme.i3Theme;
in {
options.my.home.x.i3 = {
enable = mkEnableOption "i3wm configuration";
};
config = mkIf isEnabled {
in
{
config = lib.mkIf isEnabled {
my.home = {
flameshot.enable = true;
};
home.packages = [pkgs.betterlockscreen pkgs.playerctl];
# used to control music
services.playerctld.enable = true;
home.packages = with pkgs; [
betterlockscreen
];
xsession.windowManager.i3 = {
enable = true;
@ -47,38 +32,37 @@ in {
config = {
inherit modifier;
bars = let
barConfigPath =
config.xdg.configFile."i3status-rust/config-top.toml".target;
in [
{
statusCommand = "i3status-rs ~/${barConfigPath}";
position = "top";
fonts = {
names = ["DejaVuSansMono" "FontAwesome6Free"];
size = 9.0;
};
bars =
let
barConfigPath =
config.xdg.configFile."i3status-rust/config-top.toml".target;
in
[
{
statusCommand = "i3status-rs ${barConfigPath}";
position = "top";
fonts = {
names = [ "DejaVuSansMono" "FontAwesome5Free" ];
size = 9.0;
};
colors = i3Theme.bar;
colors = i3Theme.bar;
trayOutput = "primary";
# disable mouse scroll wheel in bar
extraConfig = ''
bindsym button4 nop
bindsym button5 nop
'';
}
];
# disable mouse scroll wheel in bar
extraConfig = ''
bindsym button4 nop
bindsym button5 nop
'';
}
];
colors = {
inherit
(i3Theme)
inherit (i3Theme)
focused
focusedInactive
unfocused
urgent
;
;
};
focus = {
@ -89,15 +73,13 @@ in {
workspaceAutoBackAndForth = true;
fonts = {
names = ["DejaVu Sans Mono"];
names = [ "DejaVu Sans Mono" ];
size = 8.0;
};
keybindings = mkOptionDefault {
keybindings = lib.mkOptionDefault {
"${modifier}+Shift+e" = ''mode "${logoutMode}"'';
"${modifier}+b" = "exec --no-startup-id bluetoothctl power on";
"${modifier}+i" = "exec emacsclient --create-frame";
"${modifier}+o" = "exec emacsclient --create-frame --eval '(load \"${config.xdg.configHome}/doom/launch-agenda.el\")'";
"${modifier}+i" = "exec emacsclient -c";
# Volume handling
"XF86AudioRaiseVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%";
@ -105,109 +87,51 @@ in {
"XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle";
# I need play-pause everywhere because somehow, keycode 172 seems to
# be interpreted as pause everytime when sent by my keyboard. Ugh,
# computers.
"XF86AudioPlay" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPause" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPrev" = "exec --no-startup-id playerctl previous";
"XF86AudioNext" = "exec --no-startup-id playerctl next";
"XF86MonBrightnessDown" = "exec --no-startup-id light -U 5";
"XF86MonBrightnessUp" = "exec --no-startup-id light -A 5";
"${modifier}+XF86MonBrightnessDown" = "exec --no-startup-id light -U 0.1";
"${modifier}+XF86MonBrightnessUp" = "exec --no-startup-id light -A 0.1";
"${modifier}+l" = "exec --no-startup-id betterlockscreen --lock";
"${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run";
"${modifier}+Shift+a" = ''exec --no-startup-id autorandr --change'';
};
modes = let
makeModeBindings = attrs:
attrs
// {
modes =
let
makeModeBindings = attrs: attrs // {
"Escape" = "mode default";
"Return" = "mode default";
};
in
mkOptionDefault {
"${logoutMode}" = makeModeBindings {
"l" = "exec --no-startup-id i3-msg exit, mode default";
"s" = "exec --no-startup-id betterlockscreen --suspend, mode default";
"p" = "exec --no-startup-id systemctl poweroff, mode default";
"r" = "exec --no-startup-id systemctl reboot, mode default";
in
lib.mkOptionDefault {
"${logoutMode}" = makeModeBindings {
"l" = "exec --no-startup-id i3-msg exit, mode default";
"s" = "exec --no-startup-id betterlockscreen --suspend, mode default";
"p" = "exec --no-startup-id systemctl poweroff, mode default";
"r" = "exec --no-startup-id systemctl reboot, mode default";
};
};
};
startup = [
# FIXME: make it conditional on "nvidia" being part of video drivers
{
command = "nvidia-settings -a '[gpu:0]/GPUPowerMizerMode=1'";
notification = false;
}
];
terminal = myTerminal;
assigns = {
"10" = [
{class = "Slack";}
{class = "discord";}
{ class = "Slack"; }
{ class = "discord"; }
];
};
# TODO: make it configurable per machine
workspaceOutputAssign = [
{
workspace = "1";
output = ["DP-4" "eDP-1"];
}
{
workspace = "2";
output = ["DP-4" "eDP-1"];
}
{
workspace = "3";
output = ["DP-5" "eDP-1"];
}
{
workspace = "4";
output = ["DP-5" "eDP-1"];
}
{
workspace = "5";
output = ["DP-5" "eDP-1"];
}
{
workspace = "6";
output = ["eDP-1"];
}
{
workspace = "7";
output = ["eDP-1"];
}
{
workspace = "8";
output = ["DP-4" "eDP-1"];
}
{
workspace = "9";
output = ["DP-4" "eDP-1"];
}
{
workspace = "10";
output = ["DP-4" "eDP-1"];
}
];
window.commands = [
{
command = "border pixel 2";
criteria = {class = "Alacritty";};
}
{ command = "border pixel 2"; criteria = { class = "Alacritty"; }; }
# NOTE: should be done with an assign command, but Spotify doesn't set
# its class until after initialization, so has to be done this way.
#
# See https://i3wm.org/docs/userguide.html#assign_workspace
{
criteria = {class = "Spotify";};
criteria = { class = "Spotify"; };
command = "move --no-auto-back-and-forth to workspace 8";
}
];

227
home/x/i3bar.nix
View file

@ -1,49 +1,16 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
lists
mkIf
mkOption
optional
types
;
isEnabled = config.my.home.x.i3.enable;
{ config, lib, pkgs, ... }:
let
isEnabled = config.my.home.x.enable;
i3BarTheme = config.my.theme.i3BarTheme;
cfg = config.my.home.x.i3bar;
in {
options.my.home.x.i3bar = {
temperature.chip = mkOption {
type = types.str;
example = "coretemp-isa-*";
default = "";
};
temperature.inputs = mkOption {
type = types.listOf types.str;
example = ["Core 0" "Core 1" "Core 2" "Core 3"];
default = "";
};
in
{
networking.throughput_interfaces = mkOption {
type = types.listOf types.str;
example = ["wlp1s0"];
default = [];
};
};
config = mkIf isEnabled {
home.packages = builtins.attrValues {
inherit
(pkgs)
# FIXME: is this useful?
font-awesome
;
};
config = lib.mkIf isEnabled {
home.packages = with pkgs; [
iw # Used by `net` block
lm_sensors # Used by `temperature` block
font-awesome
];
programs.i3status-rust = {
enable = true;
@ -51,105 +18,81 @@ in {
bars = {
top = {
icons = "awesome5";
settings.theme = {
theme = i3BarTheme.theme.name;
overrides = i3BarTheme.theme.overrides;
};
theme = i3BarTheme.theme.name;
settings = i3BarTheme;
blocks =
[
{
block = "pomodoro";
notify_cmd = "i3nag";
blocking_cmd = true;
}
{
block = "disk_space";
path = "/";
info_type = "available";
interval = 60;
warning = 20.0;
alert = 10.0;
alert_unit = "GB";
}
{
block = "memory";
format = " $icon $mem_used.eng(prefix:G)/$mem_total.eng(prefix:G) ";
warning_mem = 70.0;
critical_mem = 90.0;
}
{
block = "cpu";
interval = 1;
format = " $icon $barchart ";
}
{
block = "temperature";
interval = 10;
format = " $icon $max ";
chip = cfg.temperature.chip;
inputs = cfg.temperature.inputs;
}
{
block = "custom";
# TODO: get service name programmatically somehow
command = let
systemctl = lib.getExe' pkgs.systemd "systemctl";
in
pkgs.writeShellScript "check-restic.sh" ''
BACKUP_STATUS=Good
if ${systemctl} is-failed --quiet restic-backups-backblaze.service; then
BACKUP_STATUS=Critical
fi
echo "{\"state\": \"$BACKUP_STATUS\", \"text\": \"Backup\"}"
'';
json = true;
interval = 60;
}
]
++ (
lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0)
(map
(interface: {
block = "net";
device = interface;
interval = 1;
missing_format = "";
})
cfg.networking.throughput_interfaces)
)
++ [
{
block = "net";
format = " $icon {$ip|} {SSID: $ssid|}";
theme_overrides = {
idle_bg = {link = "good_bg";};
idle_fg = {link = "good_fg";};
};
}
{
block = "sound";
driver = "pulseaudio";
}
]
++ (
optional config.my.home.laptop.enable
{
block = "battery";
format = " $icon $percentage ($power) ";
}
)
++ [
# {
# block = "notify";
# }
{
block = "time";
interval = 5;
format = " $icon $timestamp.datetime(f:'%a %d/%m %T', l:fr_FR) ";
timezone = "Europe/Paris";
}
];
blocks = [
{
block = "pomodoro";
length = 60;
break_length = 10;
use_nag = true;
}
{
block = "disk_space";
path = "/";
alias = "/";
info_type = "available";
unit = "GB";
interval = 60;
warning = 20.0;
alert = 10.0;
}
{
block = "memory";
display_type = "memory";
format_mem = "{mem_used;G}/{mem_total;G}";
warning_mem = 70.0;
critical_mem = 90.0;
# don't show swap
clickable = false;
}
{
block = "cpu";
interval = 1;
format = "{barchart}";
}
{
block = "temperature";
collapsed = false;
interval = 10;
format = "{max}";
# FIXME: specific to my AMD Ryzen CPU. Make this depend on
# hostname or something else
chip = "k10temp-pci-*";
inputs = [ "Tccd1" ];
}
{
block = "networkmanager";
primary_only = true;
}
{
block = "bluetooth";
mac = config.my.secrets.bluetooth-mouse-mac-address;
hide_disconnected = true;
format = "{percentage}";
}
{
block = "music";
player = "spotify";
buttons = ["prev" "play" "next"];
hide_when_empty = true;
}
{
block = "sound";
driver = "pulseaudio";
}
# {
# block = "notify";
# }
{
block = "time";
interval = 5;
format = "%a %d/%m %T";
locale = "fr_FR";
timezone = "Europe/Paris";
}
];
};
};
};

143
hosts/boreal/default.nix
View file

@ -1,38 +1,34 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./home.nix
];
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages;
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
boot.supportedFilesystems = {
btrfs = true;
ntfs = true;
};
boot.supportedFilesystems = [
"btrfs"
"ntfs"
];
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
fileSystems = [ "/" ];
};
};
@ -42,14 +38,25 @@
# Set your time zone.
time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.interfaces.enp7s0.useDHCP = true;
networking.interfaces.wlp3s0.useDHCP = true;
# List services that you want to enable:
my.services = {
restic-backup = {
borg-backup = {
enable = true;
repo = "b2:boreal-backup";
passwordFile = config.age.secrets."restic-backup/boreal-password".path;
environmentFile = config.age.secrets."restic-backup/boreal-credentials".path;
repo = secrets.borg-backup.boreal-repo;
# for a workstation, having backups spanning the last month should be
# enough
prune = {
keep = {
daily = 7;
weekly = 4;
};
};
paths = [
"/home/alarsyo"
];
@ -57,11 +64,7 @@
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/*/target"
# C build crap
"*.a"
@ -69,70 +72,58 @@
"*.so"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
"re:^/home/alarsyo/\\."
];
};
pipewire.enable = true;
tailscale = {
enable = true;
useRoutingFeatures = "both";
wireguard = {
enable = false;
iface = "wg";
port = 51820;
net = {
v4 = {
subnet = "10.0.0";
mask = 24;
};
v6 = {
subnet = "fd42:42:42";
mask = 64;
};
};
};
};
services = {
openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
};
my.gui = {
enable = true;
isNvidia = true;
};
hardware = {
bluetooth = {
xserver = {
enable = true;
powerOnBoot = true;
};
nvidia = {
open = true;
modesetting.enable = true;
videoDrivers = [ "nvidia" ];
windowManager.i3.enable = true;
layout = "fr";
xkbVariant = "us";
libinput.enable = true;
};
};
my.displayManager.sddm.enable = true;
programs.foot.enable = true;
my.displayManager.gdm.enable = true;
services.displayManager = {
autoLogin = {
enable = true;
user = "games";
};
defaultSession = "gnome";
};
services.desktopManager.gnome.enable = true;
services.power-profiles-daemon.enable = true;
programs.gamescope = {
enable = true;
};
environment.systemPackages = [
pkgs.gamescope-wsi
pkgs.wineWowPackages.stable
pkgs.bottles
pkgs.lutris
pkgs.gnomeExtensions.no-overview
environment.systemPackages = with pkgs; [
chrysalis
];
users.users.games = {
hashedPassword = "$y$j9T$jOursEp6BvOSgyhtU0fca0$xAh.iLgoiDTswHVlAbvtHg4jOHXZuWhl55kSqlD.daA";
isNormalUser = true;
extraGroups = [
"media"
"networkmanager"
"video" # for `light` permissions
];
shell = pkgs.fish;
services.udev.packages = with pkgs; [
packages.kaleidoscope-udev-rules
];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
}

42
hosts/boreal/hardware-configuration.nix
View file

@ -1,34 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fsType = "btrfs";
options = ["subvol=nixos" "compress=zstd:1" "noatime"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fsType = "btrfs";
options = [ "subvol=nixos" "compress=zstd:1" "noatime" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/17C7-368D";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/17C7-368D";
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
hardware.cpu.amd.updateMicrocode = true;
}

29
hosts/boreal/home.nix
View file

@ -1,31 +1,28 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
home-manager.users.alarsyo = {
home.stateVersion = "20.09";
# Keyboard settings & i3 settings
my.home.x.enable = true;
#my.home.x.i3.enable = true;
#my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
#my.home.x.i3bar.temperature.inputs = ["Tccd1"];
#my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"];
my.home.x.cursor.enable = true;
my.home.alacritty.enable = true;
my.home.emacs.enable = true;
my.home.tmux.enable = true;
my.home.starship.enable = false;
my.home.fish.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues {
inherit
(pkgs)
home.packages = with pkgs; [
blender
# some websites only work there :(
chromium
# dev
rustup
;
inherit (pkgs.packages) spot;
};
unstable.beancount
unstable.fava
];
};
}

23
hosts/boreal/secrets.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

224
hosts/hades/default.nix
View file

@ -1,224 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
efiSupport = false;
devices = ["/dev/sda" "/dev/sdb"];
};
# TODO: I've setup the address to avoid a spurious failure of the `mdmonitor`
# systemd unit, but sending email is not actually setup on this server. Might
# need to setup Postfix or msmtp
boot.swraid.mdadmConf = ''
MAILADDR=antoine@alarsyo.net
'';
boot.tmp.useTmpfs = true;
networking.hostName = "hades"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
networking.useDHCP = false;
networking.interfaces.enp35s0.ipv4.addresses = [
{
address = "95.217.121.60";
prefixLength = 26;
}
];
networking.interfaces.enp35s0.ipv6.addresses = [
{
address = "2a01:4f9:4a:3649::2";
prefixLength = 64;
}
];
networking.defaultGateway = "95.217.121.1";
networking.defaultGateway6 = {
address = "fe80::1";
interface = "enp35s0";
};
networking.nameservers = ["1.1.1.1" "1.0.0.1"];
my.networking.externalInterface = "enp35s0";
# List services that you want to enable:
my.services = {
fail2ban.enable = true;
forgejo = {
enable = true;
privatePort = 8082;
};
immich = {
enable = true;
port = 8089;
};
jellyfin = {
enable = true;
};
lohr = {
enable = true;
port = 8083;
};
matrix = {
enable = true;
secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
};
mealie = {
enable = true;
port = 8090;
credentialsFile = config.age.secrets."mealie/secret-config".path;
};
microbin = {
enable = true;
privatePort = 8088;
passwordFile = config.age.secrets."microbin/secret-config".path;
};
miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path;
privatePort = 8080;
};
navidrome = {
enable = true;
musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs";
};
nextcloud = {
enable = true;
adminpassFile = config.age.secrets."nextcloud/admin-pass".path;
};
nginx.enable = true;
paperless = {
enable = true;
port = 8085;
passwordFile = config.age.secrets."paperless/admin-password".path;
secretKeyFile = config.age.secrets."paperless/secret-key".path;
};
pleroma = {
enable = false;
port = 8086;
secretConfigFile = config.age.secrets."pleroma/pleroma-config".path;
};
restic-backup = {
enable = true;
repo = "b2:hades-backup-alarsyo";
passwordFile = config.age.secrets."restic-backup/hades-password".path;
environmentFile = config.age.secrets."restic-backup/hades-credentials".path;
paths = ["/home/alarsyo"];
};
scribe = {
enable = true;
port = 8087;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
};
transmission = {
enable = true;
username = "alarsyo";
};
vaultwarden = {
enable = true;
privatePort = 8081;
websocketPort = 3012;
};
};
services = {
openssh.enable = true;
vnstat.enable = true;
gitlab-runner = {
enable = true;
settings = {
concurrent = 4;
};
services = {
nix = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-nix-runner-env".path;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
};
};
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker-compose
];
# Takes a long while to build
documentation.nixos.enable = false;
}

29
hosts/hades/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/2a24010c-14bd-439b-b30b-d0e18db69952";
fsType = "ext4";
};
swapDevices = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

6
hosts/hades/home.nix
View file

@ -1,6 +0,0 @@
{config, ...}: {
home-manager.users.alarsyo = {
home.stateVersion = "22.05";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

46
hosts/hades/secrets.nix
View file

@ -1,46 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"gitlab-runner/hades-nix-runner-env" = {};
"lohr/shared-secret" = {};
"matrix-synapse/secret-config" = {
owner = "matrix-synapse";
};
"mealie/secret-config" = {};
"microbin/secret-config" = {};
"miniflux/admin-credentials" = {};
"nextcloud/admin-pass" = {
owner = "nextcloud";
};
"ovh/credentials" = {};
"paperless/admin-password" = {};
"paperless/secret-key" = {};
"restic-backup/hades-credentials" = {};
"restic-backup/hades-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

152
hosts/poseidon/default.nix Normal file
View file

@ -0,0 +1,152 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.supportedFilesystems = [ "btrfs" ];
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = [ "/" ];
};
};
networking.hostName = "poseidon"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eno1.ipv4.addresses = [
{
address = "163.172.11.110";
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "163.172.11.1";
interface = "eno1";
};
networking.nameservers = [
"62.210.16.6"
"62.210.16.7"
];
my.networking.externalInterface = "eno1";
# List services that you want to enable:
my.services = {
bitwarden_rs = {
enable = true;
privatePort = 8081;
websocketPort = 3012;
};
borg-backup = {
enable = true;
repo = secrets.borg-backup.poseidon-repo;
};
fail2ban = {
enable = true;
};
gitea = {
enable = true;
privatePort = 8082;
};
jellyfin = {
enable = true;
};
lohr = {
enable = true;
port = 8083;
};
miniflux = {
enable = true;
adminCredentialsFile = "${../../secrets/miniflux-admin-credentials.secret}";
privatePort = 8080;
};
matrix = {
enable = true;
registration_shared_secret = secrets.matrix-registration-shared-secret;
emailConfig = secrets.matrixEmailConfig;
};
monitoring = {
enable = true;
useACME = true;
domain = "monitoring.${config.networking.domain}";
};
nextcloud = {
enable = true;
};
postgresql-backup = {
enable = true;
};
tgv = {
enable = true;
};
transmission = {
enable = true;
username = "alarsyo";
password = secrets.transmission-password;
};
wireguard = {
enable = true;
iface = "wg";
port = 51820;
net = {
v4 = {
subnet = "10.0.0";
mask = 24;
};
v6 = {
subnet = "fd42:42:42";
mask = 64;
};
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "antoine97.martin@gmail.com";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = "no";
services.openssh.passwordAuthentication = false;
# Takes a long while to build
documentation.nixos.enable = false;
}

36
hosts/poseidon/hardware-configuration.nix Normal file
View file

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fsType = "btrfs";
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

7
hosts/poseidon/home.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, ... }:
{
home-manager.users.alarsyo = {
my.home.tmux.enable = true;
my.home.fish.enable = true;
};
}

186
hosts/talos/default.nix
View file

@ -1,186 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-config.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages_6_12;
# Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could
# lead to bad Wi-Fi performance
boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
boot.extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot = {
enable = true;
editor = false;
consoleMode = "auto";
};
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
};
};
networking.hostName = "talos"; # Define your hostname.
networking.domain = "alarsyo.net";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager = {
enable = true;
wifi.powersave = true;
};
# Set your time zone.
time.timeZone = "Europe/Paris";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
programs = {
light.enable = true;
};
services = {
fwupd.enable = true;
openssh.enable = true;
};
virtualisation = {
docker.enable = true;
libvirtd.enable = false;
virtualbox.host = {
enable = false;
};
};
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:talos-backup";
passwordFile = config.age.secrets."restic-backup/talos-password".path;
environmentFile = config.age.secrets."restic-backup/talos-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
"*.vbox"
"*.vdi"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
};
my.gui.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
settings.General.Experimental = true;
};
hardware.keyboard.qmk.enable = true;
# Configure console keymap
console.keyMap = "us";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
};
# Enable the KDE Plasma Desktop Environment.
my.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true;
services.desktopManager.cosmic.enable = true;
services.power-profiles-daemon.enable = true;
environment.systemPackages = [
pkgs.foot
# FIXME: is this needed?
pkgs.darkman
];
#programs.hyprland.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# TODO: These are overriden by files from
# ~/.config/xdg-desktop-portal/sway-portals.conf so they should be moved to
# home
xdg.portal.config.sway = {
"org.freedesktop.impl.portal.Settings" = "darkman";
"org.freedesktop.impl.portal.Inhibit" = "none";
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
}

68
hosts/talos/disko-config.nix
View file

@ -1,68 +0,0 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "600G";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"@home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
"@persist" = {
mountpoint = "/persist";
mountOptions = ["compress=zstd" "noatime"];
};
"@snapshots" = {};
"@swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
};
}

29
hosts/talos/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

224
hosts/talos/home.nix
View file

@ -1,224 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkOptionDefault
;
in {
home-manager.users.alarsyo = {
home.stateVersion = "23.11";
my.home.laptop.enable = true;
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tctl"];
my.home.x.i3bar.networking.throughput_interfaces = ["wlp1s0"];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
services = {
# TODO: place in global home conf
dunst.enable = true;
wlsunset = {
enable = true;
latitude = 48.9;
longitude = 2.3;
temperature = {
day = 6500;
night = 3500;
};
};
darkman = {
enable = true;
settings = {
lat = 48.9;
lng = 2.3;
};
};
playerctld.enable = true;
};
home.packages = builtins.attrValues {
inherit
(pkgs)
#ansel
chromium # some websites only work there :(
font-awesome # for pretty icons
gnome-solanum
nwg-displays
shikane # output autoconfig
swaybg
zotero
grim
wl-clipboard
slurp
pdfpc
;
inherit
(pkgs.packages)
spot
;
};
wayland.windowManager.sway = let
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
lock = "swaylock --daemonize --image ~/.wallpaper --scaling fill";
in {
enable = true;
swaynag.enable = true;
wrapperFeatures.gtk = true;
config = {
modifier = "Mod4";
input = {
"type:keyboard" = {
xkb_layout = "fr,fr";
xkb_variant = "us,ergol";
xkb_options = "grp:shift_caps_toggle";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
middle_emulation = "enabled";
natural_scroll = "enabled";
};
};
output = {
"eDP-1" = {
scale = "1.5";
};
};
fonts = {
names = ["Iosevka Fixed" "FontAwesome7FreeSolid"];
size = 9.0;
};
bars = [];
workspaceAutoBackAndForth = true;
bindkeysToCode = true;
keybindings = mkOptionDefault {
"Mod4+Shift+a" = "exec shikanectl reload";
"Mod4+Shift+e" = ''mode "${logoutMode}"'';
"Mod4+i" = "exec emacsclient --create-frame";
"Mod4+bracketleft" = "move workspace to output left";
"Mod4+bracketright" = "move workspace to output right";
"Mod4+Shift+equal" = "move workspace to output up";
"Mod4+equal" = "move workspace to output down";
"Mod4+Control+l" = "exec ${lock}";
"XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
"XF86AudioLowerVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.2";
"XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.2";
"XF86MonBrightnessUp" = "exec light -A 5";
"XF86MonBrightnessDown" = "exec light -U 5";
"XF86AudioPlay" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPause" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPrev" = "exec --no-startup-id playerctl previous";
"XF86AudioNext" = "exec --no-startup-id playerctl next";
};
modes = mkOptionDefault {
"${logoutMode}" = {
"l" = "exec --no-startup-id swaymsg exit, mode default";
"s" = "exec --no-startup-id systemctl suspend, mode default";
"p" = "exec --no-startup-id systemctl poweroff, mode default";
"r" = "exec --no-startup-id systemctl reboot, mode default";
"Escape" = "mode default";
"Return" = "mode default";
};
};
menu = "fuzzel --list-executables-in-path";
startup = [
{command = "shikane";}
{command = "waybar";}
{
command = "swaybg --image ~/.wallpaper --mode fill";
always = true;
}
{command = "swayidle -w idlehint 1 before-sleep \"${lock}\"";}
];
};
extraConfig = ''
bindswitch --reload --locked lid:off output eDP-1 enable;
bindswitch --reload --locked lid:on output eDP-1 disable;
bindgesture swipe:right workspace prev
bindgesture swipe:left workspace next
set $rosewater #dc8a78
set $flamingo #dd7878
set $pink #ea76cb
set $mauve #8839ef
set $red #d20f39
set $maroon #e64553
set $peach #fe640b
set $yellow #df8e1d
set $green #40a02b
set $teal #179299
set $sky #04a5e5
set $sapphire #209fb5
set $blue #1e66f5
set $lavender #7287fd
set $text #4c4f69
set $subtext1 #5c5f77
set $subtext0 #6c6f85
set $overlay2 #7c7f93
set $overlay1 #8c8fa1
set $overlay0 #9ca0b0
set $surface2 #acb0be
set $surface1 #bcc0cc
set $surface0 #ccd0da
set $base #eff1f5
set $mantle #e6e9ef
set $crust #dce0e8
# target title bg text indicator border
client.focused $lavender $lavender $base $rosewater $lavender
client.focused_inactive $overlay0 $base $text $rosewater $overlay0
client.unfocused $overlay0 $base $text $rosewater $overlay0
client.urgent $peach $base $peach $overlay0 $peach
client.placeholder $overlay0 $base $text $overlay0 $overlay0
client.background $base
smart_borders on
default_border pixel 3
gaps inner 5
gaps outer 3
'';
};
programs = {
fuzzel.enable = true;
swaylock.enable = true;
waybar = {
enable = true;
};
};
home.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
};
# FIXME: belongs elsewhere
services = {
logind = {
settings.Login = {
HandleLidSwitch = "suspend";
HandleLidSwitchExternalPower = "ignore";
IdleAction = "suspend";
IdleActionSec = "10min";
};
};
upower.enable = true;
};
}

23
hosts/talos/secrets.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/talos-credentials" = {};
"restic-backup/talos-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

98
hosts/thanatos/default.nix
View file

@ -1,98 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-configuration.nix
./home.nix
./secrets.nix
];
boot.loader.grub.enable = true;
boot.tmp.useTmpfs = true;
networking.hostName = "thanatos"; # Define your hostname.
networking.domain = "lrde.epita.fr";
# Set your time zone.
time.timeZone = "Europe/Paris";
# List services that you want to enable:
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "both";
};
};
services = {
gitlab-runner = {
enable = true;
settings = {
concurrent = 4;
};
services = {
nix = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-nix-runner-env".path;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
default = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
dockerImage = "debian:stable";
};
};
};
openssh.enable = true;
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker-compose
];
nix.gc.automatic = lib.mkForce false;
}

52
hosts/thanatos/disko-configuration.nix
View file

@ -1,52 +0,0 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-CT250MX500SSD1_2301E69A20C4";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
}

29
hosts/thanatos/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

7
hosts/thanatos/home.nix
View file

@ -1,7 +0,0 @@
{config, ...}: {
home-manager.users.alarsyo = {
home.stateVersion = "23.11";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

22
hosts/thanatos/secrets.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
"gitlab-runner/thanatos-runner-env" = {};
"gitlab-runner/thanatos-nix-runner-env" = {};
};
};
}

6
modules/default.nix
View file

@ -1,8 +1,6 @@
{...}: {
{ ... }:
{
imports = [
./gdm.nix
./sddm.nix
./secrets
./wakeonwlan.nix
];
}

23
modules/gdm.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.displayManager.gdm;
in {
options.my.displayManager.gdm.enable = mkEnableOption "GDM setup";
config = mkIf cfg.enable {
services.displayManager.gdm = {
enable = true;
wayland = true;
};
};
}

38
modules/sddm.nix
View file

@ -1,31 +1,23 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.displayManager.sddm;
in {
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
in
{
options.my.displayManager.sddm.enable = lib.mkEnableOption "SDDM setup";
config = mkIf cfg.enable {
services.displayManager.sddm = {
config = lib.mkIf cfg.enable {
services.xserver.displayManager.sddm = {
enable = true;
theme = "catppuccin-latte";
wayland.enable = true;
theme = "sugar-candy";
};
environment.systemPackages = [
(pkgs.catppuccin-sddm.override
{
flavor = "latte";
})
environment.systemPackages = with pkgs; [
packages.sddm-sugar-candy
# dependencies for sugar-candy theme
libsForQt5.qt5.qtgraphicaleffects
libsForQt5.qt5.qtquickcontrols2
libsForQt5.qt5.qtsvg
];
};
}

7
modules/secrets/default.nix
View file

@ -1,7 +0,0 @@
{
config,
lib,
options,
...
}: {
}

12
modules/secrets/gandi/api-key.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw E972A3kem7+3ul2Ai8TV8EVkF9upClr46y1pbN+AfDY
qZdZuv+F9c46uxKWYdBKp6AGkTA5IEjcBwDlBHpEbCU
-> ssh-ed25519 pX8y2g WEBknhwaTqfVzaLQRg1tfEY/aGZDFnH0PvXOZ3pC1k8
A23ELihRVsx8jhTcJAy3a1/saKWPc6ojf8HhPHj0niw
-> ssh-ed25519 z6Eu8Q IsN3L8xlk8VwrqUByYiUhthAk06KCn6hcYlZrodk/Vg
lX/SjRJIZEt1/Q6iLKFiUTHB4eH8ig4WJN79mU/AVUw
-> &r29]-grease #}
100ULy2nfLIOODMNPyvq0ATuGdVBAgwcXAs
--- VkOZ7Vy9R4QPqvgAveJae/L4/nuDnQ/bAoN7UEKzxyw
wQ{3ɔ3
m2eÞ?×ò¥. M„<19>:Df)ïˆ;t {zR½ªo ñ²‡òE#c·çáéTE…Ú9¹H67ÊqAÜ_Lb}

7
modules/secrets/gitlab-runner/hades-nix-runner-env.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw S9umvubn93fPFsh/ogqAohdlvDOLYxm3hHrliw5vqAQ
EG8RYYX7i2GazNTb/bnzCPs2zrIYN/kOulJc4e5pTW4
-> ssh-ed25519 pX8y2g ux6qHpLuHTleRYpAIvO3iDztVsxPGlcu1+jzs1+MHF0
R5wtxwQyqB1Hc6KI0U9tUOYxzHBtvkzQkgy6Z8AoOYc
--- w1Wpu3guHKTT0FDAR6KaFYLHaXYsEdCWX/7IuM2wb7Q
=náÒbg\™\™!IiízA,pgƒ pP»a\p/<2F>_ut8náÍ÷CèLö5,Äaç<i<dVMdÞ̤¼¨Vù—Ô<>H2æ&u1G¤ÂÙÚ±ƒ<>ÞÙ?'K³é^Ò<>¤4L±Išk[ŒؘÓ<E28099>¸+é

7
modules/secrets/gitlab-runner/thanatos-nix-runner-env.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw gFnRWwKy4sm1O4/zeVXcUk3Y451FFZmOfuDY/lI9RW0
8Mpdm4n7JzepEg2+KRs0HfkrtVTMk0oRFBUZ7Sf08Jw
-> ssh-ed25519 6UUuZw cAAsvPXReyc5s3ornw5wPSuJ3dSwcxUaG+TxJnIu8Ak
hKk7q/8jltBMXoB1G29GQBH0v/IWu29r1tGfI9QrpgU
--- 1YEL0aF6L1Hg74seiR6rUBaaPfX9/R5rc1a6O9P8skQ
4‡on0%³•lÙ·Fïvà1!ä¥ <0B>­=ƒ-é¾)Ñî4úòŒ…ÀÇÜ…±hÔSég D^ÖÒþè sþëkSÎ; ôBT¤oˆ•'hJ\N”ªC‰Áu#[ëtñ>x§"‡­è gZ€oë\m

BIN
modules/secrets/gitlab-runner/thanatos-runner-env.age
View file

Binary file not shown.

10
modules/secrets/lohr/shared-secret.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw R7jnkS7fFFSouPgvjrCnyfWNHOanOWKVUDp4Fd2xqFU
MdWD5E8dWfDHqFNTDCqOlyMhwpfEtqhlpnx3opft70w
-> ssh-ed25519 pX8y2g /CAWr94ucfxWKLWQPSQD2fl09TuUZELywWoZgHZS0AY
NeDHZc2ooKl2Bp0nAEY9P/Apdramb2TpHWpx0jkceyk
-> bzN-grease F &,%3jl~w &]8&d*N6 5UJ
58BUbsIwRkkUrNoSbgbMo/o1tKttXP2YWIJs9cbfXrT6XcO+Km0g90LPbYCmsqTZ
pr8TINM2Wd8RQw
--- 7K7sEw2zIWhuR3intlPGFipaVhHli+tWHqmyobRjLYo
oÔèÛ„Å[\ñ²û¸©lN/X•ô:<03>±Œu¥N¾Öó ƒ{ ïÁmeÿ0A=,h_¤÷è,œ4S&‰ù<E280B0>9œhÙ1/ÄÍž’¥é÷ypa³öz2Ñ€†íTº,©Réâ€U

BIN
modules/secrets/matrix-synapse/secret-config.age
View file

Binary file not shown.

BIN
modules/secrets/mealie/secret-config.age
View file

Binary file not shown.

BIN
modules/secrets/microbin/secret-config.age
View file

Binary file not shown.

BIN
modules/secrets/miniflux/admin-credentials.age
View file

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more