jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jawz:main
Branches Tags
jawz:main
jawz:clean
jawz:modules
jawz:weekly-2025-10-29
jawz:weekly-2025-10-11
jawz:weekly-2025-10-06
jawz:weekly-2025-10-04
jawz:weekly-2025-09-30
jawz:weekly-2025-09-29
..
compare: jawz:modules
Branches Tags
jawz:main
jawz:clean
jawz:modules
jawz:weekly-2025-10-29
jawz:weekly-2025-10-11
jawz:weekly-2025-10-06
jawz:weekly-2025-10-04
jawz:weekly-2025-09-30
jawz:weekly-2025-09-29

No commits in common. "main" and "modules" have entirely different histories.
main ... modules

200 changed files with 3814 additions and 10547 deletions
Show Stats Expand all files Collapse all files

92
.github/workflows/build-schemes.yml vendored
View File

@ -1,92 +0,0 @@
name: Build All Color Schemes
on:
push:
paths:
- "config/schemes.nix"
- "config/scheme-utils.nix"
workflow_dispatch:
jobs:
build-schemes:
runs-on: nixos
env:
HOSTNAME: server
steps:
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
echo "========================================="
echo "Processing scheme: $scheme"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "All schemes built and pushed successfully!"
echo "========================================="
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
echo "You can now switch schemes quickly without waiting for builds!"

99
.github/workflows/weekly-build-cache.yml vendored
View File

@ -1,99 +0,0 @@
name: Weekly NixOS Build & Cache
on:
schedule:
- cron: "30 09 * * 1,5"
workflow_dispatch: # Allow manual trigger
jobs:
build-and-cache:
runs-on: nixos
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure Git for automated commits
run: |
git config user.name "NixOS Builder Bot"
git config user.email "noreply@servidos.lat"
- name: Update flake inputs
run: |
nix flake update
- name: Check for changes
id: check_changes
run: |
if git diff --quiet flake.lock; then
echo "changes=false" >> $GITHUB_OUTPUT
echo "No changes in flake.lock"
else
echo "changes=true" >> $GITHUB_OUTPUT
echo "Changes detected in flake.lock"
fi
- name: Configure Attic cache
if: steps.check_changes.outputs.changes == 'true'
run: |
# Configure attic client to use your cache server
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build workstation configuration
if: steps.check_changes.outputs.changes == 'true'
run: |
echo "Building workstation configuration..."
nix build .#nixosConfigurations.workstation.config.system.build.toplevel --quiet
- name: Build server configuration
if: steps.check_changes.outputs.changes == 'true'
run: |
echo "Building server configuration..."
nix build .#nixosConfigurations.server.config.system.build.toplevel --quiet
- name: Build emacs-vm configuration
if: steps.check_changes.outputs.changes == 'true'
run: |
echo "Building emacs-vm configuration..."
nix build .#emacs-vm --quiet
- name: Push to cache
if: steps.check_changes.outputs.changes == 'true'
run: |
echo "Pushing builds to cache..."
# Push all built derivations to cache
if ls result* 1> /dev/null 2>&1; then
attic push servidos:nixos result*
fi
# Push the specific system derivations we just built
nix build .#nixosConfigurations.workstation.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
nix build .#nixosConfigurations.server.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
nix build .#emacs-vm --print-out-paths | attic push servidos:nixos --stdin
- name: Commit updated flake.lock
if: steps.check_changes.outputs.changes == 'true'
run: |
git add flake.lock
git commit -m "Weekly flake update: $(date -u '+%Y-%m-%d %H:%M UTC')"
git push origin main
- name: Create release tag
if: steps.check_changes.outputs.changes == 'true'
run: |
TAG_NAME="weekly-$(date -u '+%Y-%m-%d')"
git tag -a "$TAG_NAME" -m "Weekly build and cache update for $(date -u '+%Y-%m-%d')"
git push origin "$TAG_NAME"
- name: Summary
run: |
if [[ "${{ steps.check_changes.outputs.changes }}" == "true" ]]; then
echo "✅ Weekly build completed successfully!"
echo "- Updated flake.lock"
echo "- Built workstation and server configurations"
echo "- Pushed builds to Atticd cache"
echo "- Committed changes and created release tag"
else
echo " No updates needed - flake.lock is already up to date"
fi

7
.gitignore vendored
View File

@ -1,8 +1 @@
.direnv
config.el
*.qcow2
result
# Prevent accidentally committing unencrypted secrets
**/secrets/*.yaml.dec
**/*-decrypted.*
**/temp-secrets.*

38
.sops.yaml
View File

@ -1,8 +1,10 @@
keys:
- &devkey age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
- &workstation age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz
- &server age15hx530yrqmhm80vsjmffyg9deq9gssj7hl5rsqdnsn3dwegj9qusv4sjf5
- &miniserver age13w4elx3x6afrte2d82lak59mwr2k25wfz3hx79tny6sfdk66lqjq989dzl
- &users:
- &devkey age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
- &hosts:
- &workstation age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz
- &server age15hx530yrqmhm80vsjmffyg9deq9gssj7hl5rsqdnsn3dwegj9qusv4sjf5
- &miniserver age13w4elx3x6afrte2d82lak59mwr2k25wfz3hx79tny6sfdk66lqjq989dzl
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
@ -25,31 +27,3 @@ creation_rules:
- *workstation
- *server
- *miniserver
- path_regex: secrets/gallery.yaml$
key_groups:
- age:
- *devkey
- *workstation
- *server
- *miniserver
- path_regex: secrets/wireguard.yaml$
key_groups:
- age:
- *devkey
- *workstation
- *server
- *miniserver
- path_regex: secrets/homepage.yaml$
key_groups:
- age:
- *devkey
- *workstation
- *server
- *miniserver
- path_regex: secrets/certs.yaml$
key_groups:
- age:
- *devkey
- *workstation
- *server
- *miniserver

239
README.org
View File

@ -1,239 +0,0 @@
#+TITLE: JawZ NixOS Configuration
#+AUTHOR: JawZ
#+EMAIL: danilo.reyes.251@proton.me
#+OPTIONS: toc:t num:t
#+STARTUP: content
* Overview
This repository contains my personal NixOS configuration flake, managing
multiple hosts with a modular approach. Designed the configuration for a
self-hosted infrastructure with services and development environments.
* Architecture
** Hosts
- =workstation= :: Main development machine with GNOME desktop
- =server= :: Primary server with containerized services
- =miniserver= :: Secondary server for additional services
- =galaxy= :: Minimal configuration host
- =emacs= :: Development VM for Emacs configuration
** Key Features
- Modular configuration system
- SOPS-based secrets management
- Container orchestration with Podman
- Automated builds and caching
- Multi-language development environments
- Self-hosted service stack
* Quick Start
** Prerequisites
- NixOS 23.05 or later
- SOPS configured with age keys
- SSH keys for remote builds
** Initial Setup
#+BEGIN_SRC bash
# Clone the repository git clone <repository-url> /home/jawz/Development/NixOS
cd /home/jawz/Development/NixOS
# Install dependencies nix flake update
# Build and switch to configuration sudo nixos-rebuild switch --flake
.#<hostname>
#+END_SRC
** Development Environment
#+BEGIN_SRC bash
# Enter development shell for specific language nix develop .#<language>
# Available languages: python, rust, go, haskell, javascript, julia, zig, sh,
cc, nix
#+END_SRC
* Configuration Structure
** Core Configuration
- =config/base.nix= :: Common system configuration
- =config/jawz.nix= :: User and SSH configuration
- =config/stylix.nix= :: Theming configuration
- =config/schemes.nix= :: Color scheme definitions
** Host Configurations
- =hosts/<hostname>/configuration.nix= :: Host-specific settings
- =hosts/<hostname>/hardware-configuration.nix= :: Hardware-specific config
- =hosts/<hostname>/toggles.nix= :: Feature toggles
** Modules
- =modules/apps/= :: Application packages and configurations
- =modules/dev/= :: Development environment modules
- =modules/servers/= :: Self-hosted service configurations
- =modules/services/= :: System service configurations
- =modules/scripts/= :: Custom scripts and utilities
- =modules/shell/= :: Shell and terminal configurations
* Services
** Core Services
- PostgreSQL 17 :: Database backend
- Nginx :: Reverse proxy and web server
- Podman :: Container runtime
- Syncthing :: File synchronization
- WireGuard :: VPN connectivity
** Self-Hosted Applications
- Nextcloud :: File sharing and collaboration
- Gitea :: Git repository hosting
- Jellyfin :: Media server
- Plex :: Media streaming
- Sonarr/Radarr/Lidarr :: Media management
- Vaultwarden :: Password manager
- Homepage :: Service dashboard
- And more...
* Development
** Available Development Shells
The configuration provides development shells for my favorite programming
languages:
#+BEGIN_SRC bash
# Python development nix develop .#python
# Rust development nix develop .#rust
# Go development nix develop .#go
# JavaScript/Node.js development nix develop .#javascript
# Haskell development nix develop .#haskell
# Julia development nix develop .#julia
# Zig development nix develop .#zig
# Shell scripting nix develop .#sh
# C/C++ development nix develop .#cc
# Nix development nix develop .#nix
#+END_SRC
** Adding New Modules
1. Create module file in appropriate directory under =modules/=
2. Add module to =modules/modules.nix= if needed
3. Enable module in host configuration or toggles
** Adding New Hosts
1. Create host directory under =hosts/<hostname>/
2. Add =configuration.nix= and =hardware-configuration.nix=
3. Add host to =flake.nix= outputs
4. Create =toggles.nix= for feature management
* Secrets Management
** SOPS Configuration
Manage secrets using SOPS with age encryption:
- =secrets/secrets.yaml= :: Main secrets file
- =secrets/keys.yaml= :: SSH and encryption keys
- =secrets/env.yaml= :: Environment variables
- =secrets/wireguard.yaml= :: VPN configuration
- =secrets/certs.yaml= :: SSL certificates
** Adding New Secrets
#+BEGIN_SRC bash
# Edit secrets file sops secrets/secrets.yaml
# Add new secret sops -i -a 'new-secret: "value"' secrets/secrets.yaml
#+END_SRC
* CI/CD
** GitHub Actions
The repository includes automated workflows:
- =weekly-build-cache.yml= :: Weekly builds and cache updates
- =build-schemes.yml= :: Color scheme builds
** Build Cache
Builds are automatically cached using Atticd for faster rebuilds.
* Customization
** Theming
The configuration uses Stylix for theming. Define color schemes in
=config/schemes.nix= and can set them via the =config/stylix.nix= file.
** Adding New Services
1. Create service module in =modules/servers/=
2. Add service configuration
3. Enable service in host toggles
4. Add to homepage if needed
** Custom Scripts
Scripts are in =modules/scripts/= and toggle them per host.
* Troubleshooting
** Common Issues
*** Build Failures
- Check flake inputs are up to date: =nix flake update=
- Verify all required secrets are present
- Check host-specific configuration
*** Service Issues
- Check service status: =systemctl status <service>=
- View logs: =journalctl -u <service>=
- Verify firewall rules
*** Development Environment
- Rebuild development shell: =nix develop .#<language>=
- Check available packages: =nix search nixpkgs <package>=
** Getting Help
- Check NixOS documentation
- Review module documentation
- Check service-specific documentation
* Maintenance
** Regular Tasks
- Update flake inputs weekly
- Review and rotate secrets quarterly
- Update system packages monthly
- Clean old generations: =sudo nix-collect-garbage -d=
** Backup Strategy
- Configuration is version controlled
- Secrets are encrypted and backed up
- BTRFS snapshots for data protection
* Contributing
** Code Style
- Use consistent formatting
- Add comments for complex configurations
- Follow Nix conventions
** Pull Requests
- Test changes on development host first
- Update documentation as needed
- Ensure all secrets are properly managed
* License
This configuration is for personal use. Please respect the licenses of
individual packages and services used.
* Contact
For questions or issues, contact danilo.reyes.251@proton.me
---
*Last updated: 2025*

134
config/base.nix → base.nix
View File

@ -1,21 +1,18 @@
{
lib,
pkgs,
inputs,
outputs,
config,
...
}:
{
{ lib, pkgs, inputs, outputs, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
./modules/apps.nix
./modules/dev.nix
./modules/shell.nix
./modules/services.nix
./modules/servers.nix
./modules/scripts.nix
./jawz.nix
../modules/modules.nix
];
system.stateVersion = "23.05";
system.stateVersion = "24.05";
sops = {
defaultSopsFormat = "yaml";
defaultSopsFile = ../secrets/secrets.yaml;
defaultSopsFile = ./secrets/secrets.yaml;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
@ -23,109 +20,113 @@
};
};
home-manager = {
backupFileExtension = "hbckup";
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inherit inputs outputs;
};
extraSpecialArgs = { inherit inputs outputs; };
users.jawz = import ./home-manager.nix;
};
time = {
inherit (config.my) timeZone;
timeZone = "America/Mexico_City";
hardwareClockInLocalTime = true;
};
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
LC_MONETARY = "es_MX.UTF-8";
};
extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; };
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
security = {
polkit.enable = true;
sudo-rs = {
sudo = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [
{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}
];
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}];
};
users = {
mutableUsers = false;
groups = {
users.gid = 100;
piracy.gid = 985;
};
groups.piracy.gid = 985;
};
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
"mbedtls-2.28.10"
nixpkgs.config.allowUnfree = true;
nix = let
featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-znver3"
"gccarch-skylake"
"gccarch-alderlake"
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
in {
distributedBuilds = true;
optimise.automatic = true;
settings = {
use-xdg-base-directories = true;
auto-optimise-store = true;
trusted-users = [
"jawz"
"root"
"nixremote"
];
experimental-features = [
"nix-command"
"flakes"
"pipe-operators"
];
trusted-users = [ "nixremote" ];
system-features = featuresList;
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"${config.my.servers.atticd.url}/nixos"
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
"https://ai.cachix.org"
"https://cache.lix.systems"
"https://cosmic.cachix.org"
];
trusted-public-keys = [
"nixos:kubuWhYCk9/aZp5GDJFAScYgigM66DszP8i1Pzbq0Fc="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
};
};
documentation.enable = false;
environment = {
systemPackages = builtins.attrValues {
inherit (pkgs)
wget
sops
;
systemPackages = with pkgs; [ wget sops ];
variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
GOPATH = "${XDG_DATA_HOME}/go";
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
# OPTIONS
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
# NVIDIA
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
# Themes
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
PATH = [ "\${HOME}/.local/bin" ];
};
variables = inputs.self.lib.xdgEnvironment;
};
programs = {
nh = {
@ -142,7 +143,6 @@
};
};
services = {
udev.packages = [ pkgs.yubikey-personalization ];
smartd.enable = true;
fstrim.enable = true;
avahi = {

82
config/home-manager.nix
View File

@ -1,82 +0,0 @@
{
inputs,
config,
pkgs,
lib,
osConfig,
...
}:
let
inherit (pkgs) fd fzf;
inherit (inputs.jawz-scripts.packages.x86_64-linux) pokemon-colorscripts;
shellType = osConfig.my.shell.type;
commonInit = ''
${pokemon-colorscripts}/bin/pokemon-colorscripts -r --no-title
export command_timeout=60
'';
commonAliases = inputs.self.lib.commonAliases // {
open-gallery = ''
cd /srv/pool/scrapping/JawZ/gallery-dl &&
xdg-open "$(${fd}/bin/fd . ./ Husbands wikifeet -tdirectory -d 1 | ${fzf}/bin/fzf -i)"'';
};
in
{
home.stateVersion = "23.05";
programs = {
direnv = {
enable = true;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
nix-direnv.enable = true;
};
git = {
enable = true;
delta.enable = true;
userName = "Danilo Reyes";
userEmail = osConfig.my.email;
extraConfig = {
init.defaultBranch = "main";
pull.rebase = true;
};
};
bash = lib.mkIf (shellType == "bash") {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
shellAliases = commonAliases;
enableVteIntegration = true;
initExtra = commonInit;
historyControl = [
"erasedups"
"ignorespace"
"ignoredups"
];
};
zsh = lib.mkIf (shellType == "zsh") {
enable = true;
dotDir = ".config/zsh";
shellAliases = commonAliases;
initContent = commonInit;
history = {
path = "\${XDG_STATE_HOME}/zsh/history";
expireDuplicatesFirst = true;
ignoreSpace = true;
ignoreAllDups = true;
};
};
};
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile.wgetrc.text = "hsts-file=\${XDG_CACHE_HOME}/wget-hsts";
};
}

82
config/jawz.nix
View File

@ -1,82 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (config.networking) hostName;
nixosHosts = inputs.self.lib.getNixosHosts config.my.ips hostName lib;
nixosHostsMatch = lib.concatStringsSep " " nixosHosts;
in
{
sops.secrets = lib.mkIf config.my.secureHost (
let
baseDir = ".ssh/ed25519";
keyConfig = file: {
sopsFile = ../secrets/keys.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/${file}";
};
in
{
jawz-password.neededForUsers = true;
"private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
"git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
}
);
home-manager.users.jawz = {
home.file.".librewolf/.stignore".source = ../dotfiles/stignore;
programs.ssh = lib.mkIf config.my.secureHost {
enable = true;
matchBlocks = {
vps = {
hostname = config.my.ips.vps;
user = "jawz";
port = 3456;
identityFile = config.sops.secrets."private_keys/${hostName}".path;
};
"${nixosHostsMatch}" = {
user = "jawz";
identityFile = config.sops.secrets."private_keys/${hostName}".path;
};
"${config.my.servers.gitea.host} github.com gitlab.com bitbucket.org".identityFile =
config.sops.secrets."git_private_keys/${hostName}".path;
};
};
};
users.users.jawz = {
uid = 1000;
linger = true;
isNormalUser = true;
hashedPasswordFile = lib.mkIf config.my.secureHost config.sops.secrets.jawz-password.path;
hashedPassword =
lib.mkIf (!config.my.secureHost)
"$6$s4kbia4u7xVwCmyo$LCN7.Ki2n3xQOqPKnTwa5idwOWYeMNTieQYbLkiiKcMFkFmK76BjtNofJk3U7yRmLGnW3oFT433.nTRq1aoN.1";
extraGroups = [
"wheel"
"networkmanager"
"scanner"
"lp"
"piracy"
"kavita"
"video"
"docker"
"libvirt"
"rslsync"
"plugdev"
"bluetooth"
];
openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
"deacero"
"workstation"
"server"
"miniserver"
"galaxy"
"phone"
"vps"
"windows_vm"
];
};
}

48
config/overlay.nix
View File

@ -1,48 +0,0 @@
{
mkpkgs,
inputs,
...
}:
let
pkgs = mkpkgs inputs.nixpkgs;
pkgsU = mkpkgs inputs.nixpkgs-unstable;
in
_final: prev: {
handbrake = prev.handbrake.override { useGtk = true; };
ripgrep = prev.ripgrep.override { withPCRE2 = true; };
nautilus = prev.nautilus.overrideAttrs (old: {
buildInputs =
old.buildInputs
++ builtins.attrValues {
inherit (pkgs.gst_all_1)
gst-plugins-good
gst-plugins-bad
;
};
});
lutris = prev.lutris.override {
extraPkgs =
pkgs:
builtins.attrValues {
inherit (pkgs) pango winetricks;
}
++ (with pkgs; [
wine64Packages.stable
wineWowPackages.stable
]);
};
discord = prev.discord.override {
withVencord = true;
withOpenASAR = true;
};
waybar = prev.waybar.overrideAttrs (old: {
mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ];
});
inherit (pkgsU)
code-cursor
symbola
mealie
flaresolver
deadnix
;
}

120
config/schemes.nix
View File

@ -1,120 +0,0 @@
{ pkgs, inputs }:
let
inherit (inputs) wallpapers;
mkScheme =
{
color ? null,
name ? null,
polarity,
image,
iconPackage ? pkgs.papirus-icon-theme.override { inherit color; },
base16Scheme ? if name != null then "${pkgs.base16-schemes}/share/themes/${name}.yaml" else null,
}:
{
inherit
color
name
polarity
image
iconPackage
base16Scheme
;
};
in
{
schemes = {
vulcano = mkScheme {
name = "mocha";
color = "brown";
polarity = "dark";
image = "${wallpapers}/la_fragua_de_vulcano.jpg";
};
who = mkScheme {
name = "catppuccin-frappe";
polarity = "dark";
image = "${wallpapers}/Nikolay_Kasatkin_Who.jpeg";
iconPackage = pkgs.catppuccin-papirus-folders.override {
flavor = "frappe";
accent = "peach";
};
};
space = mkScheme {
name = "solarflare";
color = "darkcyan";
polarity = "dark";
image = "${wallpapers}/space.jpg";
};
jesus = mkScheme {
color = "red";
name = "equilibrium-light";
polarity = "light";
image = "${wallpapers}/jesus.png";
};
ballerinas = mkScheme {
color = "brown";
name = "mocha";
polarity = "dark";
image = "${wallpapers}/Waay-Ballerinas.jpeg";
};
febroary = mkScheme {
color = "yellow";
name = "gruvbox-light";
polarity = "light";
image = "${wallpapers}/febroary.jpg";
};
paul3 = mkScheme {
color = "bluegrey";
name = "mexico-light";
polarity = "light";
image = "${wallpapers}/paul3.jpg";
};
paul = mkScheme {
color = "green";
name = "valua";
polarity = "light";
image = "${wallpapers}/paul1.jpg";
base16Scheme = {
base00 = "#1a1f16"; # dark forest floor (was deep green-black)
base01 = "#23291a"; # bark shadow
base02 = "#3c422c"; # damp moss
base03 = "#50573c"; # lichen-streaked rock
base04 = "#767d5e"; # moss + sun mix
base05 = "#a9ae8a"; # dry fern or lichen dust
base06 = "#dfe1d2"; # pale sage
base07 = "#f5f7f0"; # slightly sunlit leaf white
base08 = "#4c7c4a"; # deep fern green
base09 = "#6b8f3c"; # olive bark
base0A = "#b5b938"; # lichen gold
base0B = "#7CC844"; # success green (kept from original)
base0C = "#4fbf87"; # turquoise vine
base0D = "#2aaf6f"; # jungle leaf
base0E = "#88a337"; # mossy lime
base0F = "#5c8b55"; # swamp olive
};
};
cheems = mkScheme {
color = "yellow";
name = "equilibrium-light";
polarity = "light";
image = "${wallpapers}/cheems.png";
base16Scheme = {
base00 = "#f5f0e9"; # very light cream
base01 = "#e8ddd4"; # light beige
base02 = "#d4c4b0"; # warm tan
base03 = "#b8a082"; # golden brown
base04 = "#9c7c5a"; # medium brown
base05 = "#7a5f3f"; # darker brown
base06 = "#5c4328"; # dark brown
base07 = "#3e2d1a"; # very dark brown
base08 = "#d2691e"; # golden orange
base09 = "#cd853f"; # peru
base0A = "#daa520"; # goldenrod
base0B = "#228b22"; # forest green
base0C = "#20b2aa"; # light sea green
base0D = "#daa520"; # goldenrod
base0E = "#8b008b"; # dark magenta
base0F = "#dc143c"; # crimson
};
};
};
}

52
config/stylix.nix
View File

@ -1,52 +0,0 @@
{
pkgs,
lib,
config,
inputs,
...
}:
let
schemesFile = import ./schemes.nix {
inherit pkgs inputs;
};
scheme = schemesFile.schemes.febroary;
cfg = config.my.stylix;
gnomeEnabled = config.services.xserver.desktopManager.gnome.enable;
in
{
options.my.stylix.enable = lib.mkEnableOption "system-wide theming with Stylix";
config = {
stylix = {
inherit (scheme) image polarity;
enable = true;
autoEnable = cfg.enable;
targets.qt.platform = lib.mkForce "qtct";
}
// lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
home-manager.users.jawz = {
gtk = lib.mkIf (!cfg.enable && gnomeEnabled) {
enable = true;
iconTheme = {
name = "Papirus-Light";
package = pkgs.papirus-icon-theme.override {
color = "yellow";
};
};
};
stylix = {
inherit (cfg) enable;
autoEnable = cfg.enable;
iconTheme = {
inherit (cfg) enable;
package = scheme.iconPackage;
light = "Papirus-Light";
dark = "Papirus-Dark";
};
targets.librewolf = {
firefoxGnomeTheme.enable = true;
profileNames = [ "jawz" ];
};
};
};
};
}

10
dotfiles/doom/bookmarks
View File

@ -1,10 +0,0 @@
;;;; Emacs Bookmark Format Version 1;;;; -*- coding: utf-8-emacs; mode: lisp-data -*-
;;; This format is meant to be slightly human-readable;
;;; nevertheless, you probably don't want to edit it.
;;; -*- End Of Bookmark File Format Version Stamp -*-
(("org-capture-last-stored"
(filename . "~/Documents/Notes/20240518175854-egypt.org")
(front-context-string)
(rear-context-string . "\n#+title: Egypt\n")
(position . 83))
)

1076
dotfiles/doom/config.org
View File

File diff suppressed because it is too large Load Diff

21
dotfiles/doom/custom.el
View File

@ -1,21 +0,0 @@
(custom-set-variables
;; custom-set-variables was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(flycheck-flake8-maximum-line-length 88)
'(safe-local-variable-values
'((org-hugo-auto-export-on-save . t)
(org-hugo-base-dir . /home/jawz/Development/Websites/portfolio/)
(git-commit-major-mode . git-commit-elisp-text-mode))))
(custom-set-faces
;; custom-set-faces was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(org-document-title ((t (:inherit outline-1 :height 2.0))))
'(org-level-1 ((t (:inherit outline-1 :height 1.4))))
'(org-level-2 ((t (:inherit outline-2 :height 1.3))))
'(org-level-3 ((t (:inherit outline-3 :height 1.2))))
'(org-level-4 ((t (:inherit outline-4 :height 1.1))))
'(org-level-5 ((t (:inherit outline-5 :height 1.0)))))

192
dotfiles/doom/init.el
View File

@ -1,192 +0,0 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a link to Doom's Module Index where all
;; of our modules are listed, including what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;bidi ; (tfel ot) thgir etirw uoy gnipleh
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
;; company ; the ultimate code completion backend
(corfu +orderless) ; complete with cap(f), cape and a flying feather!
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
;;(ivy +fuzzy +childframe +icons) ; a search engine for love and life
vertico ; the search engine of the future
:ui
deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
;;doom-quit ; DOOM quit-message prompts when you quit Emacs
;;(emoji +unicode +github) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;indent-guides ; highlighted indent columns
;;(ligatures +extra +iosevka) ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
;;nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
(treemacs +lsp) ; a project drawer, like neotree but cooler
;;unicode ; extended unicode support for various languages
(vc-gutter +pretty) ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
;;window-select ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
;;zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
;;multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
;;word-wrap ; soft wrapping with language-aware indent
:emacs
dired ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
eww ; the internet is gross
ibuffer ; interactive buffer management
(undo +tree) ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
;;eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
(spell +flyspell +hunspell) ; tasing you for misspelling mispelling
grammar ; tasing grammar mistake every you make
:tools
;;ansible
;;biblio ; Writes a PhD for you (citation needed)
;;collab ; buffers with friends
;;debugger ; FIXME stepping through code, to help you add bugs
direnv
(docker +lsp)
editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
(lookup +dictionary + offline) ; navigate your code and its documentation
(lsp +peek) ; M-x vscode
magit ; a git porcelain for Emacs
;;make ; run make tasks from Emacs
;;pass ; password manager for nerds
;;pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;terraform ; infrastructure as code
tmux ; an API for interacting with tmux
;; tree-sitter ; syntax and parsing, sitting in a tree...
upload ; map local to remote projects via ssh/ftp
:os
;;(:if (featurep :system 'macos) macos) ; improve compatibility with macOS tty ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
(cc +lsp) ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;; (csharp +lsp) ; unity, .NET, and mono shenanigans
;;data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
;;elixir ; erlang done right
;;elm ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER)
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
(gdscript +lsp) ; the language you waited for
;;(go +lsp) ; the hipster dialect
;;(graphql +lsp) ; Give queries a REST
(haskell +lspr) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
(json +lsp) ; At least it ain't XML
;;(java +lsp) ; the poster child for carpal tunnel syndrome
(javascript +lsp) ; all(hope(abandon(ye(who(enter(here))))))
(julia +lsp) ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
;;latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
;;ledger ; be audit you can be
;;lua ; one-based indices? one-based indices
;;markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
(nix +lsp) ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +hugo +pretty +roam2) ; organize your plain life in plain text
;;(php +lsp) ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more
;; graphviz ; diagrams for confusing yourself even more
;;purescript ; javascript, but functional
(python +pyright +lsp) ; beautiful is better than ugly
;;qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
;;rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
(sh +lsp) ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
(yaml +lsp) ; JSON, but readable
;;zig ; C, but simpler
:email
;;(mu4e +org +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
calendar
;;emms
everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
;;(rss +org) ; emacs as an RSS reader
:config
literate
(default +bindings +smartparens))

96
dotfiles/doom/packages.el
View File

@ -1,96 +0,0 @@
;; -*- no-byte-compile: t; -*-
;;; $DOOMDIR/packages.el
;; To install a package with Doom you must declare them here and run 'doom sync'
;; on the command line, then restart Emacs for the changes to take effect -- or
;; use 'M-x doom/reload'.
;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
;(package! some-package)
;; To install a package directly from a remote git repo, you must specify a
;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
;; https://github.com/raxod502/straight.el#the-recipe-format
;(package! another-package
; :recipe (:host github :repo "username/repo"))
;; If the package you are trying to install does not contain a PACKAGENAME.el
;; file, or is located in a subdirectory of the repo, you'll need to specify
;; `:files' in the `:recipe':
;(package! this-package
; :recipe (:host github :repo "username/repo"
; :files ("some-file.el" "src/lisp/*.el")))
;; If you'd like to disable a package included with Doom, you can do so here
;; with the `:disable' property:
;(package! builtin-package :disable t)
;; You can override the recipe of a built in package without having to specify
;; all the properties for `:recipe'. These will inherit the rest of its recipe
;; from Doom or MELPA/ELPA/Emacsmirror:
;(package! builtin-package :recipe (:nonrecursive t))
;(package! builtin-package-2 :recipe (:repo "myfork/package"))
;; Specify a `:branch' to install a package from a particular branch or tag.
;; This is required for some packages whose default branch isn't 'master' (which
;; our package manager can't deal with; see raxod502/straight.el#279)
;(package! builtin-package :recipe (:branch "develop"))
;; Use `:pin' to specify a particular commit to install.
;(package! builtin-package :pin "1a2b3c4d5e")
;; Doom's packages are pinned to a specific commit and updated from release to
;; release. The `unpin!' macro allows you to unpin single packages...
;(unpin! pinned-package)
;; ...or multiple packages
;(unpin! pinned-package another-pinned-package)
;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
;(unpin! t)
;; (package! nixos-options) ;; enable when migrating to nixos
;; (package! quick-preview) ;; preview files with sushi
;; (package! codeium :recipe (:host github :repo "Exafunction/codeium.el"))
(package! config-general-mode)
(package! dired-open)
(package! dired-subtree)
;; (package! doom-modeline-now-playing)
(package! ini-mode)
(package! insert-esv) ;; bible passages
(package! olivetti) ;; writing mode centering text, looks like word
(package! org-alert)
(package! org-auto-tangle)
(package! org-roam-ui)
(package! org-transclusion)
(package! peep-dired) ;; kind of cool but never could make it work
(package! php-cs-fixer)
(package! systemd)
;; (package! 2048-game)
;; (package! academic-phrases)
;; (package! caddyfile-mode)
;; (package! clippy)
;; (package! crontab-mode) ;; crontab colors
;; (package! evil-tutor) ;; vim tutorial
;; (package! ewal) ;; theme colors based on pywal
;; (package! ewal-doom-themes)
;; (package! ewal-evil-cursors)
;; (package! fish-completion) ;; what does it do???????????????????????????
;; (package! flycheck-aspell)
;; (package! ivy-posframe)
;; (package! mw-thesaurus)
;; (package! org-appear) ;; couldn't get it to work
;; (package! org-recur) ;; works but I want to keep org vanilla
;; (package! ox-chameleon
;; :recipe (:host github :repo "tecosaur/ox-chameleon"))
;; (package! renpy)
;; (package! resize-window)
;; (package! tldr)
;; (package! typit) ;; type speed test
;; (package! vimgolf) ;; vim puzzles
;; (package! wc-mode) ;; displays character count of buffer
(package! expand-region)
(package! gptel :recipe (:nonrecursive t))

1
dotfiles/doom/templates/default.org
View File

@ -1 +0,0 @@
%?

21
dotfiles/doom/templates/events.org
View File

@ -1,21 +0,0 @@
%?
* Sources
1.
* Belligerents
1.
* Casualties and losses
* Location
* Causes
* Events
* Major Contention Events
* Outcome
* Important Notes

13
dotfiles/doom/templates/programming.org
View File

@ -1,13 +0,0 @@
%?
- Influenced by
- Influenced
- Related tools
* Hello World
* Tips
* Resources
- Documentation
- YouTube channels

301
dotfiles/gallery-dl.nix
View File

@ -1,301 +0,0 @@
{
extractor = {
skip = "abort:5";
cookies = [
"firefox"
"/home/jawz/.librewolf/jawz"
"gnomekeyring"
];
retries = 10;
sleep-request = 0;
directlink = {
filename = "{filename}.{extension}";
directory = [ ];
};
bluesky = {
limit-rate = "400k-1M";
username = "blablablamagic.bsky.social";
reposts = false;
videos = true;
directory = [ "{author['handle']}" ];
include = [ "media" ];
};
twitter = {
skip = "abort:1";
retweets = false;
videos = "ytdl";
logout = true;
include = [ "media" ];
directory = [ "{user[name]}" ];
};
flickr = {
size-max = "Original";
directory = [
"{category}"
"{owner[username]}"
];
};
pinterest.directory = [
"{board[owner][username]}"
"{board[name]}"
];
wikifeet = {
page-reverse = true;
directory = [
"{category}"
"{celebrity}"
];
};
instagram = {
limit-rate = "200k-300k";
browser = "firefox:linux";
user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0";
sleep = "66-123";
sleep-request = "66-123";
parent-directory = true;
directory = [ "{username}" ];
previews = true;
highlights = {
reverse = true;
directory = [ "{username}" ];
};
stories = {
reverse = true;
directory = [ "{username}" ];
};
tagged.directory = [
"{username}"
"tagged"
"{tagged_username}"
];
};
kemonoparty = {
limit-rate = "200k-300k";
retries = 10;
timeout = 5;
filename = "{id}_{filename}.{extension}";
directory = [
"{category}"
"{user}"
];
};
exhentai.directory = [
"{category}"
"{title}"
];
tumblr = {
external = true;
inline = true;
posts = "all";
reblogs = false;
parent-directory = true;
directory = [ "{blog_name}" ];
};
deviantart = {
limit-rate = "200k-300k";
include = "gallery,scraps";
flat = true;
original = true;
mature = true;
auto-watch = true;
auto-unwatch = true;
directory = [ "{username}" ];
};
furaffinity = {
directory = [
"{user}"
"{subcategory}"
];
include = [
"scraps"
"gallery"
];
};
patreon = {
limit-rate = "400k-1M";
filename = "{filename}.{num}.{extension}";
browser = "firefox";
directory = [
"(Patreon) {creator[vanity]}"
"({date:%Y%m%d}) {title} ({id})"
];
};
blogger = {
filename = "{filename} - {num}.{extension}";
directory = [
"{blog[name]}"
"{post[author]}"
"{post[title]} - [{post[id]}]"
];
};
artstation = {
external = true;
directory = [ "{userinfo[username]}" ];
};
gfycat.format = "webm";
reddit = {
user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
client-id = "T7nZ6WZ3_onJWBhLP8r08g";
parent-directory = true;
directory = [ "{author}" ];
};
redgifs = {
reverse = true;
directory = [ "{userName}" ];
};
imgur.mp4 = true;
paheal.directory = [
"Husbands"
"{search_tags}"
];
rule34.directory = [
"Husbands"
"{search_tags}"
];
e621.directory = [
"Husbands"
"{search_tags}"
];
baraag.directory = [ "{account[username]}" ];
pixiv = {
directory = [ "{user[account]} - {user[id]}" ];
ugoira = true;
favorite.directory = [
"{user_bookmark[account]} - {user_bookmark[id]}"
"Bookmarks"
];
postprocessors = [
{
name = "ugoira";
extension = "webm";
keep-files = false;
whitelist = [ "pixiv" ];
ffmpeg-twopass = true;
ffmpeg-args = [
"-c:v"
"libvpx"
"-crf"
"4"
"-b:v"
"5000k"
"-an"
];
}
];
};
fanbox = {
embeds = true;
directory = [
"{category}"
"{creatorId}"
];
};
readcomiconline = {
limit-rate = "400k-1M";
chapter-reverse = true;
quality = "hq";
captcha = "wait";
postprocessors = [ "cbz" ];
directory = [
"comics"
"{comic}"
"{comic} #{issue}"
];
};
kissmanga = {
chapter-reverse = true;
captcha = "wait";
postprocessors = [ "cbz" ];
directory = [
"manga"
"{subcategory}"
"{manga}"
"{manga} Ch.{chapter}{chapter_minor}"
];
};
mangahere = {
chapter-reverse = true;
postprocessors = [ "cbz" ];
directory = [
"manga"
"{subcategory}"
"{manga}"
"{manga} Ch.{chapter}{chapter_minor}"
];
};
mangadex = {
chapter-reverse = true;
chapter-filter = "lang == 'en'";
postprocessors = [ "cbz" ];
directory = [
"manga"
"manga"
"{manga}"
"{manga} Ch.{chapter}{chapter_minor}"
];
};
manganelo = {
chapter-reverse = true;
chapter-filter = "lang == 'en'";
postprocessors = [ "cbz" ];
directory = [
"manga"
"{subcategory}"
"{manga}"
"{manga} Ch.{chapter}{chapter_minor}"
];
};
mangareader = {
chapter-reverse = true;
postprocessors = [ "cbz" ];
directory = [
"manga"
"{subcategory}"
"{manga}"
"{manga} Ch.{chapter}{chapter_minor}"
];
};
mangapanda = {
chapter-reverse = true;
postprocessors = [ "cbz" ];
directory = [
"manga"
"{subcategory}"
"{manga}"
"{manga} Ch.{chapter}{chapter_minor}"
];
};
webtoons = {
chapter-reverse = true;
postprocessors = [ "cbz" ];
directory = [
"webtoons"
"{comic}"
"{comic} #{episode}"
];
};
};
output.mode = "auto";
downloader = {
part = true;
part-directory = "/home/jawz/.cache/gallery-dl";
ytdl = {
logging = true;
format = "bestvideo+bestaudio/best";
module = "yt_dlp";
forward-cookies = true;
};
http = {
rate = null;
retries = 5;
timeout = 10.0;
verify = true;
};
};
postprocessor.cbz = {
name = "zip";
compression = "store";
mode = "safe";
extension = "cbz";
};
}

228
dotfiles/gallery-dl/config.json Normal file
View File

@ -0,0 +1,228 @@
{
"extractor": {
"skip": "abort:5",
"cookies": ["firefox", "yw8fhvh4.default-release", "gnomekeyring"],
"user-agent": "Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0",
"retries": 10,
"sleep-request": 0,
"directlink": {
"directory": [],
"filename": "{filename}.{extension}"
},
"twitter": {
"skip": "abort:1",
"directory": ["{user[name]}"],
"include": ["media"],
"retweets": false,
"videos": "ytdl",
"logout": true
},
"flickr": {
"directory": ["{category}", "{owner[username]}"],
"size-max": "Original",
"access-token": "72157720915197374-51a26dc4fdfdf173",
"access-token-secret": "a1ddb10902f3fa85"
},
"pinterest": {
"directory": ["{board[owner][username]}", "{board[name]}"]
},
"wikifeet": {
"page-reverse": true,
"directory": ["{category}", "{celebrity}"]
},
"instagram": {
"sleep-request": "25-45",
"sleep": "25-45",
"directory": ["{username}"],
"parent-directory": true,
"highlights": {
"reverse": "true",
"directory": ["{username}"]
},
"stories": {
"reverse": "true",
"directory": ["{username}"]
},
"tagged": {
"directory": ["{tagged_username}", "tagged"]
}
},
"kemonoparty": {
"directory": ["{category}", "{user}"],
"retries": 10,
"timeout": 5,
"filename": "{id}_{filename}.{extension}"
},
"exhentai": {
"directory": ["{category}", "{title}"]
},
"tumblr": {
"directory": ["{blog_name}"],
"access-token": "5VwIW8TNBoNVPo9CzvKMza2wcn9gJXd6rnUBy6Ctqb4BCPpI59",
"access-token-secret": "8krZGeauA171aZpXZhwgZN8nZCxKQkXYKXWL473mTQPKrqoP3e",
"external": true,
"inline": true,
"posts": "all",
"reblogs": false,
"parent-directory": true,
"api-key": "uhBUtgPaX9gl7eaD8suGWW6ZInRedQoVT6xsZzopljy0jXHqm5",
"api-secret": "D3FDj1INyPzXikVpp4jmzSqjlC9czFUQ8oj2I883PSYJdqwURv"
},
"deviantart": {
"client-id": "20016",
"client-secret": "52e1f9b0cb26e673da36f69e2ddd0e9a",
"refresh-token": "3fd25b06f97853a93cbe3729edf5d1d196d44700",
"directory": ["{username}"],
"include": "gallery,scraps",
"flat": true,
"original": true,
"mature": true,
"auto-watch": true,
"auto-unwatch": true
},
"furaffinity": {
"directory": ["{user}", "{subcategory}"],
"include": ["scraps", "gallery"]
},
"patreon": {
"directory": [
"(Patreon) {creator[vanity]}",
"({date:%Y%m%d}) {title} ({id})"
],
"filename": "{filename}.{num}.{extension}",
"browser": "firefox"
},
"blogger": {
"directory": [
"{blog[name]}",
"{post[author]}",
"{post[title]} - [{post[id]}]"
],
"filename": "{filename} - {num}.{extension}"
},
"artstation": {
"directory": ["{userinfo[username]}"],
"external": true
},
"gfycat": {
"format": "webm"
},
"reddit": {
"user-agent": "Python:gallery-dl:v1.0 (by /u/captainjawz)",
"client-id": "T7nZ6WZ3_onJWBhLP8r08g",
"refresh-token": "184157546842-UHdPQX1c7kG1kbO09NAHY2O2taEiwg",
"directory": ["{author}"],
"parent-directory": true
},
"redgifs": {
"reverse": "true",
"directory": ["{userName}"]
},
"imgur": {
"mp4": true
},
"paheal": {
"directory": ["Husbands", "{search_tags}"]
},
"rule34": {
"directory": ["Husbands", "{search_tags}"]
},
"e621": {
"directory": ["Husbands", "{search_tags}"]
},
"baraag": {
"directory": ["{account[username]}"]
},
"pixiv": {
"refresh-token": "O4kc9tTzGItuuacDcfmevW6NELjm5CJdWiAbZdUv3Kk",
"directory": ["{user[account]} - {user[id]}"],
"ugoira": true,
"favorite": {
"directory": [
"{user_bookmark[account]} - {user_bookmark[id]}",
"Bookmarks"
]
},
"postprocessors": [
{
"name": "ugoira",
"extension": "webm",
"keep-files": false,
"whitelist": ["pixiv"],
"ffmpeg-twopass": true,
"ffmpeg-args": ["-c:v", "libvpx", "-crf", "4", "-b:v", "5000k", "-an"]
}
]
},
"fanbox": {
"directory": ["{category}", "{creatorId}"],
"embeds": true
},
"readcomiconline": {
"chapter-reverse": true,
"directory": ["Comics", "{comic}", "{comic} #{issue}"],
"quality": "hq",
"captcha": "wait",
"postprocessors": ["cbz"]
},
"kissmanga": {
"chapter-reverse": true,
"directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
"captcha": "wait",
"postprocessors": ["cbz"]
},
"mangahere": {
"chapter-reverse": true,
"directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
"postprocessors": ["cbz"]
},
"mangadex": {
"chapter-reverse": true,
"chapter-filter": "lang == 'en'",
"directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
"postprocessors": ["cbz"]
},
"mangareader": {
"chapter-reverse": true,
"directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
"postprocessors": ["cbz"]
},
"mangapanda": {
"chapter-reverse": true,
"directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
"postprocessors": ["cbz"]
},
"webtoons": {
"chapter-reverse": true,
"directory": ["Webtoons", "{comic}", "{comic} #{episode}"],
"postprocessors": ["cbz"]
}
},
"output": {
"mode": "auto"
},
"downloader": {
"part": true,
"part-directory": "/home/jawz/.cache/gallery-dl",
"ytdl": {
"logging": true,
"format": "bestvideo+bestaudio/best",
"module": "yt_dlp",
"forward-cookies": true
},
"http": {
"rate": null,
"retries": 5,
"timeout": 10.0,
"verify": true
}
},
"postprocessor": {
"cbz": {
"name": "zip",
"compression": "store",
"mode": "safe",
"extension": "cbz"
}
}
}

10
dotfiles/gopass/config.yml Normal file
View File

@ -0,0 +1,10 @@
autoclip: true
autoimport: false
cliptimeout: 45
exportkeys: false
nopager: false
notifications: false
parsing: true
path: /home/jawz/.local/share/pass
safecontent: true
mounts: {}

61
dotfiles/htop/htoprc Normal file
View File

@ -0,0 +1,61 @@
# Beware! This file is rewritten by htop when settings are changed in the interface.
# The parser is also very primitive, and not human-friendly.
htop_version=3.2.1
config_reader_min_version=3
fields=18 0 123 124 46 47 38 50 1
hide_kernel_threads=0
hide_userland_threads=0
shadow_other_users=0
show_thread_names=0
show_program_path=0
highlight_base_name=1
highlight_deleted_exe=1
highlight_megabytes=1
highlight_threads=1
highlight_changes=0
highlight_changes_delay_secs=5
find_comm_in_cmdline=1
strip_exe_from_cmdline=1
show_merged_command=1
header_margin=1
screen_tabs=1
detailed_cpu_time=0
cpu_count_from_one=1
show_cpu_usage=1
show_cpu_frequency=1
show_cpu_temperature=1
degree_fahrenheit=0
update_process_names=0
account_guest_in_cpu_meter=0
color_scheme=3
enable_mouse=1
delay=15
hide_function_bar=0
header_layout=two_67_33
column_meters_0=LeftCPUs Swap Tasks NetworkIO Memory
column_meter_modes_0=1 1 2 2 2
column_meters_1=RightCPUs Hostname Uptime LoadAverage
column_meter_modes_1=1 2 2 2
tree_view=1
sort_key=38
tree_sort_key=0
sort_direction=-1
tree_sort_direction=1
tree_view_always_by_pid=1
all_branches_collapsed=1
screen:Main=NICE PID COMM EXE PERCENT_CPU PERCENT_MEM M_VIRT NLWP Command
.sort_key=M_VIRT
.tree_sort_key=PID
.tree_view=1
.tree_view_always_by_pid=1
.sort_direction=-1
.tree_sort_direction=1
.all_branches_collapsed=1
screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE PERCENT_SWAP_DELAY PERCENT_IO_DELAY Command
.sort_key=IO_RATE
.tree_sort_key=PID
.tree_view=0
.tree_view_always_by_pid=0
.sort_direction=-1
.tree_sort_direction=1
.all_branches_collapsed=0

0
dotfiles/npmrc → dotfiles/npm/npmrc
View File

4
dotfiles/npm/update-notifier-npm-check.json Normal file
View File

@ -0,0 +1,4 @@
{
"optOut": false,
"lastUpdateCheck": 1646662583446
}

1
dotfiles/secrets/mailserver Normal file
View File

@ -0,0 +1 @@
b/run/current-system/sw/bin/bash5/BpvLE.0dXQuzNskhAD94U6zFCFvfhzqWJEiBi

8
dotfiles/stignore
View File

@ -1,8 +0,0 @@
(?d)jawz/chrome/userChrome.css
(?d)jawz/chrome/userContent.css
(?d)jawz/lock
(?d)jawz/storage
(?d)jawz/user.js
(?d)native-messaging-hosts/org.gnome.browser_connector.json
(?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json
(?d)profiles.ini

222
dotfiles/unpackerr.conf Normal file
View File

@ -0,0 +1,222 @@
## Unpackerr Example Configuration File ##
## The following values are application defaults. ##
## Environment Variables may override all values. ##
####################################################
# [true/false] Turn on debug messages in the output. Do not wrap this in quotes.
# Recommend trying this so you know what it looks like. I personally leave it on.
debug = false
# Disable writing messages to stdout. This silences the app. You should set a log
# file below if you set this to true. Recommended when starting with systemctl.
quiet = false
# Setting activity to true will silence all app queue log lines with only zeros.
# Set this to true when you want less log spam.
activity = false
# The application queue data is logged on an interval. Adjust that interval with this setting.
# Default is a minute. 2m, 5m, 10m, 30m, 1h are also perfectly acceptable.
log_queues = "1m"
# Write messages to a log file. This is the same data that is normally output to stdout.
# This setting is great for Docker users that want to export their logs to a file.
# The alternative is to use syslog to log the output of the application to a file.
# Default is no log file; this is unset. log_files=0 turns off auto-rotation.
# Default files is 10 and size(mb) is 10 Megabytes; both doubled if debug is true.
#log_file = '/downloads/unpackerr.log'
log_files = 10
log_file_mb = 10
# How often to poll sonarr and radarr.
# Recommend 1m-5m. Uses Go Duration.
interval = "5m"
# How long an item must be queued (download complete) before extraction will start.
# One minute is the historic default and works well. Set higher if your downloads
# take longer to finalize (or transfer locally). Uses Go Duration.
start_delay = "1m"
# How long to wait before removing the history for a failed extraction.
# Once the history is deleted the item will be recognized as new and
# extraction will start again. Uses Go Duration.
retry_delay = "5m"
# How many files may be extracted in parallel. 1 works fine.
# Do not wrap the number in quotes. Raise this only if you have fast disks and CPU.
parallel = 1
# Use these configurations to control the file modes used for newly extracted
# files and folders. Recommend 0644/0755 or 0666/0777.
file_mode = "0664"
dir_mode = "0775"
[webserver]
## The web server currently only supports metrics; set this to true if you wish to use it.
metrics = false
## This may be set to a port or an ip:port to bind a specific IP. 0.0.0.0 binds ALL IPs.
listen_addr = "0.0.0.0:5656"
## Recommend setting a log file for HTTP requests. Otherwise, they go with other logs.
log_file = ""
## This app automatically rotates logs. Set these to the size and number to keep.
log_files = 10
log_file_mb = 10
## Set both of these to valid file paths to enable HTTPS/TLS.
ssl_cert_file = ""
ssl_key_file = ""
## Base URL from which to serve content.
urlbase = "/"
## Upstreams should be set to the IP or CIDR of your trusted upstream proxy.
## Setting this correctly allows X-Forwarded-For to be used in logs.
## In the future it may control auth proxy trust. Must be a list of strings.
upstreams = [ ] # example: upstreams = [ "127.0.0.1/32", "10.1.2.0/24" ]
##-Notes-#######-READ THIS!!!-##################################################
## The following sections can be repeated if you have more than one Sonarr, ##
## Radarr or Lidarr, Readarr, Folder, Webhook, or Command Hook. ##
## You MUST uncomment the [[header]] and api_key at a minimum for Starr apps. ##
## ALL LINES BEGINNING WITH A HASH # ARE IGNORED ##
## REMOVE THE HASH # FROM CONFIG LINES YOU WANT TO CHANGE ##
################################################################################
[[sonarr]]
url = "http://localhost:8989"
api_key = "52869fe7bec4482dafb21c4053fe71e4"
## File system path where downloaded Sonarr items are located.
paths = ['/mnt/pool/multimedia/downloads/torrent']
## Default protocols is torrent. Alternative: "torrent,usenet"
protocols = "torrent"
## How long to wait for a reply from the backend.
timeout = "10s"
## How long to wait after import before deleting the extracted items.
delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
[[radarr]]
url = "http://127.0.0.1:7878"
api_key = "a987ac45ca2c47bc88e762031ea33296"
## File system path where downloaded Radarr items are located.
paths = ['/mnt/pool/multimedia/downloads/torrent']
## Default protocols is torrents. Alternative: "torrent,usenet"
protocols = "torrent"
## How long to wait for a reply from the backend.
timeout = "10s"
## How long to wait after import before deleting the extracted items.
delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
#[[lidarr]]
# url = "http://127.0.0.1:8686"
# api_key = "0123456789abcdef0123456789abcdef"
## File system path where downloaded Lidarr items are located.
# paths = ['/downloads']
## Default protocols is torrent. Alternative: "torrent,usenet"
# protocols = "torrent"
## How long to wait for a reply from the backend.
# timeout = "10s"
## How long to wait after import before deleting the extracted items.
# delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
#[[readarr]]
# url = "http://127.0.0.1:8787"
# api_key = "0123456789abcdef0123456789abc"
## File system path where downloaded Readarr items are located.
# paths = ['/downloads']
## Default protocols is torrent. Alternative: "torrent,usenet"
# protocols = "torrent"
## How long to wait for a reply from the backend.
# timeout = "10s"
## How long to wait after import before deleting the extracted items.
# delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
##################################################################################
### ### STOP HERE ### STOP HERE ### STOP HERE ### STOP HERE #### STOP HERE ### #
### Only using Starr apps? The things above. The below configs are OPTIONAL. ### #
##################################################################################
##-Folders-#######################################################################
## This application can also watch folders for things to extract. If you copy a ##
## subfolder into a watched folder (defined below) any extractable items in the ##
## folder will be decompressed. This has nothing to do with Starr applications. ##
##################################################################################
#[[folder]]
# path = '/some/folder/to/watch'
## Path to extract files to. The default (leaving this blank) is the same as `path` (above).
# extract_path = ""
## Delete extracted or original files this long after extraction.
## The default is 0. Set to 0 to disable all deletes. Uncomment it to enable deletes. Uses Go Duration.
# delete_after = "10m"
## Delete extracted files after successful extraction? true/false, no quotes. Honors delete_after.
# delete_files = false
## Delete original items after successful extraction? true/false, no quotes. Honors delete_after.
# delete_original = false
## Disable extraction log (unpackerred.txt) file creation? true/false, no quotes.
# disable_log = false
## Move extracted files into original folder? If false, files go into an _unpackerred folder.
# move_back = false
## Set this to true if you want this app to extract ISO files with .iso extension.
# extract_isos = false
################
### Webhooks ###
################
# Sends a webhook when an extraction queues, starts, finishes, and/or is deleted.
# Created to integrate with notifiarr.com.
# Also works natively with Discord.com, Telegram.org, and Slack.com webhooks.
# Can possibly be used with other services by providing a custom template_path.
###### Don't forget to uncomment [[webhook]] and url at a minimum !!!!
#[[webhook]]
# url = "https://notifiarr.com/api/v1/notification/unpackerr/api_key_from_notifiarr_com"
# name = "" # Set this to hide the URL in logs.
# silent = false # do not log success (less log spam)
# events = [0] # list of event ids to include, 0 == all.
## Advanced Optional Webhook Configuration
# nickname = "" # Used in Discord and Slack templates as bot name, in Telegram as chat_id.
# channel = "" # Also passed into templates. Used in Slack templates for destination channel.
# exclude = [] # list of apps to exclude, ie. ["radarr", "lidarr"]
# template_path = "" # Override internal webhook template for discord.com or other hooks.
# template = "" # Override automatic template detection. Values: notifiarr, discord, telegram, gotify, pushover, slack
# ignore_ssl = false # Set this to true to ignore the SSL certificate on the server.
# timeout = "10s" # You can adjust how long to wait for a server response.
# content_type = "application/json" # If your custom template uses another MIME type, set this.
#####################
### Command Hooks ###
#####################
# Executes a script or command when an extraction queues, starts, finishes, and/or is deleted.
# All data is passed in as environment variables. Try /usr/bin/env to see what variables are available.
###### Don't forget to uncomment [[cmdhook]] and url at a minimum !!!!
#[[cmdhook]]
# command = '/my/cool/app' # Path to command or script.
# shell = false # Runs the command inside /bin/sh ('nix) or cmd.exe (Windows).
# name = "" # Provide an optional name for logging.
# silent = false # Hides command output from logs.
# events = [0] # list of event ids to include, 0 == all.
## Optional Command Hook Configuration
# exclude = [] # list of apps to exclude, ie. ["radarr", "lidarr"]
# timeout = "10s" # You can adjust how long to wait for a server response.

1
dotfiles/wget/wgetrc Normal file
View File

@ -0,0 +1 @@
hsts-file = /home/jawz/.cache/wget-hsts

21
environments/cinnamon.nix
View File

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
services = {
libinput.enable = true;
xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.cinnamon.enable = true;
};
};
qt = {
enable = true;
style = "adwaita";
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
adw-gtk3 # theme legacy applications
papirus-icon-theme # icon theme
;
};
}

46
environments/gnome.nix
View File

@ -1,46 +0,0 @@
{
pkgs,
lib,
...
}:
{
qt.enable = true;
services = {
gvfs.enable = true;
libinput.enable = true;
xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager = {
gnome.enable = true;
xterm.enable = lib.mkForce false;
};
};
};
environment.gnome.excludePackages = builtins.attrValues {
inherit (pkgs)
baobab
cheese
epiphany
gnome-characters
gnome-connections
gnome-font-viewer
gnome-photos
# gnome-text-editor
gnome-tour
yelp
gnome-music
totem
;
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs.gnomeExtensions)
tactile # window manager
freon # hardware temperature monitor
gamemode-shell-extension # I guess I'm a gamer now?
burn-my-windows # special effects for when closing windows
pano # clipboard manager
pop-shell
;
};
}

137
environments/hyprland.nix
View File

@ -1,137 +0,0 @@
{
pkgs,
config,
...
}:
let
mod = "SUPER";
waybarConfig = import ./waybar-config.nix { inherit pkgs config; };
waybarStyle = import ./waybar-style.nix { inherit config; };
in
{
programs.hyprland.enable = true;
services.greetd = {
enable = true;
settings.default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd Hyprland";
user = "greeter";
};
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
# Wayland utilities
wl-clipboard-rs
wf-recorder
grimblast # screenshots
mako # notification daemon
libnotify # dependency of mako
swaylock-effects # screen locker
yazi # file manager
imv # images
playerctl # media player control
;
};
home-manager.users.jawz = {
programs = {
wofi = {
enable = true;
settings = {
allow_images = true;
allow_markup = true;
insensitive = true;
width = "30%";
};
};
waybar = waybarConfig.programs.waybar // {
style = waybarStyle;
};
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 3;
layout = "dwindle";
};
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
force_default_wallpaper = 0;
};
dwindle = {
pseudotile = true;
preserve_split = true;
force_split = 2;
};
bind = [
"${mod}, return, exec, ghostty"
"${mod}, Q, killactive,"
"${mod} SHIFT, F, togglefloating,"
"${mod}, F, fullscreen,"
"${mod}, T, pin,"
"${mod}, G, togglegroup,"
"${mod}, bracketleft, changegroupactive, b"
"${mod}, bracketright, changegroupactive, f"
"${mod}, S, exec, wofi --show drun icons"
"${mod}, P, pin, active"
"${mod}, left, movefocus, l"
"${mod}, right, movefocus, r"
"${mod}, up, movefocus, u"
"${mod}, down, movefocus, d"
"${mod}, h, movefocus, l"
"${mod}, l, movefocus, r"
"${mod}, k, movefocus, u"
"${mod}, j, movefocus, d"
"${mod} SHIFT, left, movewindow, l"
"${mod} SHIFT, right, movewindow, r"
"${mod} SHIFT, up, movewindow, u"
"${mod} SHIFT, down, movewindow, d"
"${mod} SHIFT, h, movewindow, l"
"${mod} SHIFT, l, movewindow, r"
"${mod} SHIFT, k, movewindow, u"
"${mod} SHIFT, j, movewindow, d"
"${mod}, 1, workspace, 1"
"${mod}, 2, workspace, 2"
"${mod}, 3, workspace, 3"
"${mod}, 4, workspace, 4"
"${mod}, 5, workspace, 5"
"${mod}, 6, workspace, 6"
"${mod}, 7, workspace, 7"
"${mod}, 8, workspace, 8"
"${mod}, 9, workspace, 9"
"${mod}, 0, workspace, 10"
"${mod} SHIFT, 1, movetoworkspace, 1"
"${mod} SHIFT, 2, movetoworkspace, 2"
"${mod} SHIFT, 3, movetoworkspace, 3"
"${mod} SHIFT, 4, movetoworkspace, 4"
"${mod} SHIFT, 5, movetoworkspace, 5"
"${mod} SHIFT, 6, movetoworkspace, 6"
"${mod} SHIFT, 7, movetoworkspace, 7"
"${mod} SHIFT, 8, movetoworkspace, 8"
"${mod} SHIFT, 9, movetoworkspace, 9"
"${mod} SHIFT, 0, movetoworkspace, 10"
"${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
"${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
];
binde = [
"${mod} SHIFT, h, moveactive, -20 0"
"${mod} SHIFT, l, moveactive, 20 0"
"${mod} SHIFT, k, moveactive, 0 -20"
"${mod} SHIFT, j, moveactive, 0 20"
"${mod} CTRL, l, resizeactive, 30 0"
"${mod} CTRL, h, resizeactive, -30 0"
"${mod} CTRL, k, resizeactive, 0 -10"
"${mod} CTRL, j, resizeactive, 0 10"
",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%-"
];
bindm = [
"${mod}, mouse:272, movewindow"
"${mod}, mouse:273, resizewindow"
];
};
};
};
}

113
environments/waybar-config.nix
View File

@ -1,113 +0,0 @@
_: {
programs.waybar = {
enable = true;
systemd.enable = true;
settings.main-bar = {
layer = "top";
height = 18;
tray.spacing = 5;
clock = {
format = "{:%a %b %d %I:%M %p}";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
modules-left = [
"hyprland/workspaces"
"custom/separator"
"temperature#cpu"
"custom/gpu-temp"
];
modules-center = [
"clock"
];
modules-right = [
"tray"
"mpris"
"wireplumber"
"wireplumber#microphone"
];
"hyprland/workspaces" = {
format = "{icon}";
active-only = true;
on-scroll-up = "hyprctl dispatch workspace e-1";
on-scroll-down = "hyprctl dispatch workspace e+1";
persistent-workspaces."*" = 10; # Show 5 workspaces on all monitors
};
"custom/separator" = {
format = "|";
tooltip = false;
};
cava = {
bars = 14;
method = "pulse";
framerate = 20;
bar_delimiter = 0;
stereo = false;
format-icons.default = [
""
""
""
""
""
""
""
""
];
};
"temperature#cpu" = {
interval = 2;
format = " {temperatureC}°C";
critical-threshold = 80;
hwmon-path = "/sys/class/hwmon/hwmon1/temp1_input";
tooltip-format = "CPU: {temperatureC}°C";
};
"custom/gpu-temp" = {
exec = "nvidia-smi --query-gpu=temperature.gpu --format=csv,noheader,nounits";
format = "󰢮 {}°C";
interval = 2;
tooltip-format = "GPU: {}°C";
};
mpris = {
interval = 2;
format = "{player_icon} {dynamic}";
format-paused = "{status_icon} {dynamic}";
dynamic-len = 40;
on-click = "playerctl play-pause";
on-scroll-up = "playerctl next";
on-scroll-down = "playerctl previous";
dynamic-order = [
"title"
"artist"
];
player-icons = {
default = "🎵";
firefox = "🦊";
librewolf = "🦊";
};
status-icons = {
paused = "";
playing = "";
};
};
wireplumber = {
format = "{icon} {volume}%";
format-muted = "󰝟 muted";
scroll-step = 5;
on-click = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
format-icons.default = [
"󰕿"
"󰖀"
"󰕾"
];
};
"wireplumber#microphone" = {
format = "{format_source}";
format-source = " {volume}%";
format-source-muted = "";
on-click = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
on-scroll-up = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%+";
on-scroll-down = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%-";
tooltip-format = "{source_desc}";
};
};
};
}

41
environments/waybar-style.nix
View File

@ -1,41 +0,0 @@
{
config,
...
}:
let
inherit (config.lib.stylix) colors;
in
''
* {
border: none;
font-family: "${config.stylix.fonts.monospace.name}";
font-size: ${toString config.stylix.fonts.sizes.desktop}pt;
color: #${colors.base04};
}
window#waybar {
background: #${colors.base00};
min-height: 18px;
}
.module {
background: #${colors.base00};
margin: 0px 3px 0px 3px;
padding: 4px 6px 4px 6px;
}
#workspaces button {
padding: 2px 8px;
margin: 2px;
border-radius: 8px;
background: transparent;
color: #${colors.base03};
border: none;
min-width: 20px;
}
#workspaces button.active {
background: #${colors.base02};
color: #${colors.base05};
}
#workspaces button:hover {
background: #${colors.base01};
color: #${colors.base04};
}
''

1238
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

118
flake.nix
View File

@ -1,72 +1,74 @@
{
description = "JawZ NixOS flake setup";
inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
doom-emacs = {
url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8";
inputs.nixpkgs.follows = "";
};
jawz-scripts = {
url = "git+https://git.lebubu.org/jawz/scripts.git";
inputs.nixpkgs.follows = "nixpkgs";
};
nur = {
url = "github:nix-community/nur";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-gaming = {
url = "github:fufexan/nix-gaming";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.05";
unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
master.url = "github:nixos/nixpkgs?ref=master";
home-manager = {
url = "github:nix-community/home-manager?ref=release-25.05";
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-gaming.url = "github:fufexan/nix-gaming";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:danth/stylix/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixtendo-switch = {
url = "github:nyawox/nixtendo-switch";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
wallpapers = {
url = "git+https://git.lebubu.org/jawz/wallpapers.git";
flake = false;
};
fonts = {
url = "git+https://git.lebubu.org/jawz/fonts.git";
flake = false;
};
qbit_manage = {
url = "github:StuffAnThings/qbit_manage";
flake = false;
};
};
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./parts/core.nix
./parts/hosts.nix
./parts/packages.nix
./parts/devshells.nix
];
{ self, nixpkgs, unstable, master, home-manager, sops-nix, ... }@inputs:
let
inherit (self) outputs;
lib = nixpkgs.lib // home-manager.lib;
system = "x86_64-linux";
makePkgs = repo:
import repo {
inherit system;
config.allowUnfree = true;
};
pkgs = makePkgs nixpkgs;
pkgsU = makePkgs unstable;
pkgsM = makePkgs master;
in {
inherit lib pkgs;
formatter = pkgs.alejandra;
nixosConfigurations = {
workstation = lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/workstation/configuration.nix
sops-nix.nixosModules.sops
({ pkgs, ... }: {
nixpkgs.overlays =
[ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
})
];
};
miniserver = lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/miniserver/configuration.nix
sops-nix.nixosModules.sops
({ pkgs, ... }: {
nixpkgs.overlays =
[ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
})
];
};
server = lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/server/configuration.nix
sops-nix.nixosModules.sops
({ pkgs, ... }: {
nixpkgs.overlays =
[ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
})
];
};
};
};
}

58
gnome.nix Normal file
View File

@ -0,0 +1,58 @@
{ pkgs, ... }:
{
services = {
gvfs.enable = true;
libinput.enable = true;
xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['variable-refresh-rate', 'scale-monitor-framebuffer']
'';
};
};
};
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
# gnome-shell-extensions
baobab
]) ++ (with pkgs.gnome; [
# totem
gnome-music
epiphany
gnome-characters
yelp
gnome-font-viewer
cheese
]);
qt = {
enable = true;
style = "adwaita-dark";
};
users.users.jawz.packages = (with pkgs; [
# ffmpegthumbnailer # generate thumbnails
adw-gtk3 # theme legacy applications
gnome.gnome-tweaks # tweaks for the gnome desktop environment
papirus-icon-theme # icon theme
libgda # for pano shell extension
# gradience # theme customizer, allows you to modify adw-gtk3 themes
]) ++ (with pkgs.gnomeExtensions; [
appindicator # applets for open applications
reading-strip # like putting a finger on every line I read
tactile # window manager
pano # clipboard manager
freon # hardware temperature monitor
gamemode-indicator-in-system-settings # I guess I'm a gamer now?
blur-my-shell # make the overview more visually appealing
burn-my-windows
# forge # window manager
]);
}

57
home-manager.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, ... }: {
home.stateVersion = "24.05";
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" "ignorespace" "ignoredups" ];
shellAliases = {
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
c = "cat";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = ''
cd /mnt/miniserver/pool/scrapping/JawZ/gallery-dl &&
xdg-open "$(fd . ./ Husbands -tdirectory -d 1 | fzf -i)"'';
};
enableVteIntegration = true;
initExtra = ''
$HOME/.local/bin/pokemon-colorscripts -r --no-title
export command_timeout=60
'';
};
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile."wgetrc".source = ./dotfiles/wget/wgetrc;
};
programs = {
helix.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
git = {
enable = true;
userName = "Danilo Reyes";
userEmail = "CaptainJawZ@protonmail.com";
};
};
}

49
hosts/emacs/configuration.nix
View File

@ -1,49 +0,0 @@
{
lib,
...
}:
{
imports = [
../../config/base.nix
../../config/stylix.nix
../../environments/hyprland.nix
];
virtualisation.vmVariant.virtualisation = {
memorySize = 4096;
cores = 4;
graphics = true;
resolution = {
x = 1920;
y = 1080;
};
};
my = {
secureHost = false;
stylix.enable = true;
emacs.enable = true;
apps.fonts.enable = true;
shell.tools.enable = true;
services.network.enable = true;
dev = {
nix.enable = true;
python.enable = true;
sh.enable = true;
rust.enable = true;
ruby.enable = true;
javascript.enable = true;
go.enable = true;
haskell.enable = true;
cc.enable = true;
julia.enable = true;
zig.enable = true;
docker.enable = true;
};
interfaces = lib.mkMerge [
{
emacs = "eth0";
}
];
};
networking.hostName = "emacs";
environment.systemPackages = [ ];
}

7
hosts/galaxy/configuration.nix
View File

@ -1,7 +0,0 @@
{ ... }:
{
imports = [
../../config/base.nix
../../config/stylix.nix
];
}

139
hosts/miniserver/configuration.nix
View File

@ -1,32 +1,65 @@
{ config, inputs, ... }:
{
imports = [
./hardware-configuration.nix
../../config/base.nix
../../config/stylix.nix
];
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 3;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
];
};
nix.buildMachines =
let
buildMachine = hostName: maxJobs: speedFactor: {
inherit hostName maxJobs speedFactor;
system = "x86_64-linux";
sshUser = "nixremote";
supportedFeatures = config.my.nix.features;
{ ... }: {
imports = [ ./hardware-configuration.nix ../../base.nix ];
my = {
emacs.enable = true;
apps.dictionaries.enable = true;
shell.tools.enable = true;
services.network.enable = true;
dev = {
nix.enable = true;
python.enable = true;
sh.enable = true;
};
units = {
download.enable = true;
stream-dl.enable = true;
};
scripts = {
run.enable = true;
split-dir.enable = true;
download.enable = true;
ffmpreg.enable = true;
ffmpeg4discord.enable = true;
manage-library.enable = true;
pika-list.enable = true;
find-dup-episodes.enable = true;
update-dns.enable = true;
};
servers = {
jellyfin = {
enable = true;
enableCron = false;
};
in
[
(buildMachine "workstation" 8 40)
(buildMachine "server" 6 17)
];
nextcloud = {
enable = true;
enableCron = true;
};
adguardhome.enable = false;
audiobookshelf.enable = false;
bazarr.enable = false;
collabora.enable = true;
flame.enable = true;
flameSecret.enable = true;
go-vod.enable = false;
kavita.enable = false;
lidarr.enable = false;
maloja.enable = true;
mealie.enable = true;
metube.enable = false;
microbin.enable = true;
multi-scrobbler.enable = true;
paperless.enable = true;
postgres.enable = true;
prowlarr.enable = false;
qbittorrent.enable = true;
radarr.enable = false;
ryot.enable = true;
shiori.enable = true;
sonarr.enable = false;
vaultwarden.enable = true;
firefly-iii.enable = true;
};
};
networking = {
hostName = "miniserver";
firewall = {
@ -34,19 +67,53 @@
allowedUDPPorts = [ 2049 ];
};
};
nix = let
featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-znver3"
"gccarch-skylake"
"gccarch-alderlake"
];
in {
settings.cores = 3;
buildMachines = [{
hostName = "workstation";
system = "x86_64-linux";
sshUser = "nixremote";
maxJobs = 14;
speedFactor = 1;
supportedFeatures = featuresList;
}];
};
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
users = {
groups.nixremote.gid = 555;
users.nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys =
[ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
};
};
services = {
btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" ];
};
minidlna = {
enable = false;
openFirewall = true;
settings = {
inotify = "yes";
media_dir = [ "/srv/pool/" ];
};
};
# minidlna = {
# enable = true;
# openFirewall = true;
# settings = {
# inotify = "yes";
# media_dir = [
# "/mnt/pool/glue"
# ];
# };
# };
};
}

217
hosts/miniserver/hardware-configuration.nix
View File

@ -1,23 +1,23 @@
{
lib,
modulesPath,
pkgs,
...
}:
{
{ lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true;
graphics = {
opengl = {
enable = true;
enable32Bit = true;
extraPackages = [ pkgs.vpl-gpu-rt ];
driSupport = true;
driSupport32Bit = true;
};
};
boot = {
kernelModules = [ "kvm-intel" ];
kernel.sysctl."vm.swappiness" = 80;
kernel.sysctl = {
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
};
loader = {
efi = {
canTouchEfiVariables = true;
@ -30,14 +30,30 @@
enableCryptodisk = true;
};
};
extraModulePackages = [ ];
initrd = {
secrets."/keyfile" = /etc/keyfile;
luks.devices.nvme = {
initrd.luks.devices = {
nvme = {
device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233";
keyFile = "keyfile";
preLVM = true;
};
# disk1 = {
# device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
# preLVM = true;
# };
# disk2 = {
# device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
# preLVM = true;
# };
# disk3 = {
# device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
# preLVM = true;
# };
# disk4 = {
# device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
# preLVM = true;
# };
};
extraModulePackages = [ ];
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
@ -51,89 +67,92 @@
kernelModules = [ "kvm-intel" ];
};
};
fileSystems =
let
nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=600"
];
};
in
{
"/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
"noatime"
];
};
"/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=home"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/0C7B-4D4C";
fsType = "vfat";
};
"/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ];
depends = [ "/srv/pool" ];
};
"/export/pool" = {
device = "/srv/pool";
options = [ "bind" ];
depends = [ "/srv/pool" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
depends = [ "/srv/pool" ];
};
"/srv/server/pool" = nfsMount "server" "pool" // { };
"/srv/server/jawz" = nfsMount "server" "jawz" // { };
fileSystems = {
"/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
"noatime"
];
};
"/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=home"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
];
};
# "/mnt/pool" = {
# device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
# fsType = "btrfs";
# options = [
# "subvol=@data"
# "compress=zstd:3"
# "space_cache=v2"
# "commit=120"
# "datacow"
# ];
# };
"/boot" = {
device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/0C7B-4D4C";
fsType = "vfat";
};
"/var/lib/nextcloud/data" = {
device = "/mnt/pool/nextcloud";
options = [ "bind" ];
depends = [ "/mnt/pool" ];
};
# "/mnt/jellyfin/media" = {
# device = "/mnt/pool/multimedia/media";
# options = [ "bind" "ro" ];
# depends = [ "/mnt/pool" ];
# };
# NFS
"/export/pool" = {
device = "/mnt/pool";
options = [ "bind" ];
depends = [ "/mnt/pool" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
depends = [ "/mnt/pool" ];
};
services.nfs.server = {
enable = true;
exports = ''
/export workstation(rw,fsid=0,no_subtree_check)
/export/jawz workstation(rw,nohide,insecure,no_subtree_check)
/export/pool workstation(rw,nohide,insecure,no_subtree_check)
'';
};
swapDevices = [
{
device = "/dev/nvme0n1p3";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}
];
services.nfs = {
server = {
enable = true;
exports = ''
/export workstation(rw,fsid=0,no_subtree_check)
/export/jawz workstation(rw,nohide,insecure,no_subtree_check)
/export/pool workstation(rw,nohide,insecure,no_subtree_check)
'';
};
};
swapDevices = [{
device = "/dev/nvme0n1p3";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}];
}

40
hosts/miniserver/toggles.nix
View File

@ -1,40 +0,0 @@
{ inputs }:
let
inherit (inputs.self.lib) mkEnabled mkEnabledWithProxy enableList;
in
{
emacs.enable = true;
enableProxy = true;
websites.portfolio.enableProxy = true;
apps = enableList mkEnabled [
"dictionaries"
];
services = enableList mkEnabled [
"network"
];
shell = enableList mkEnabled [
"tools"
"multimedia"
];
dev = enableList mkEnabled [
"nix"
"python"
"sh"
];
units = enableList mkEnabled [
"download"
"stream-dl"
];
scripts = enableList mkEnabled [
"split-dir"
"pika-list"
"update-dns"
];
servers =
enableList mkEnabled [
"qbittorrent"
]
// enableList mkEnabledWithProxy [
"audiobookshelf"
];
}

116
hosts/server/configuration.nix
View File

@ -1,75 +1,63 @@
{
pkgs,
config,
lib,
inputs,
...
}:
{
imports = [
./hardware-configuration.nix
../../config/base.nix
../../config/stylix.nix
];
my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 6;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixminiserver"
];
network.firewall.enabledServicePorts = true;
network.firewall.additionalPorts = [
2049 # idk
8384 # syncthing gui
22000 # syncthing relay
3452 # sonarqube
8448 # synapse ssl
];
};
nix.buildMachines = [
{
hostName = "workstation";
system = "x86_64-linux";
sshUser = "nixremote";
maxJobs = 8;
speedFactor = 2;
supportedFeatures = config.my.nix.features;
}
];
sops.secrets."vps/home/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
{ ... }: {
imports = [ ./hardware-configuration.nix ../../base.nix ];
my = {
emacs.enable = true;
apps.dictionaries.enable = true;
shell.tools.enable = true;
services.network.enable = true;
dev = {
nix.enable = true;
python.enable = true;
sh.enable = true;
};
scripts = {
run.enable = true;
split-dir.enable = true;
ffmpreg.enable = true;
ffmpeg4discord.enable = true;
};
};
networking = {
hostName = "server";
firewall = {
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
interfaces.wg0.allowedTCPPorts = [ 8081 ];
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."vps/home/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820";
allowedIPs = [
"${config.my.ips.wg-vps}/32"
"${config.my.ips.wg-friends}/24" # all friends
];
persistentKeepalive = 25;
}
];
allowedTCPPorts = [ 2049 ];
allowedUDPPorts = [ 2049 ];
};
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) podman-compose attic-client;
nix = let
featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-znver3"
"gccarch-skylake"
"gccarch-alderlake"
];
in {
settings.cores = 6;
buildMachines = [{
hostName = "workstation";
system = "x86_64-linux";
sshUser = "nixremote";
maxJobs = 14;
speedFactor = 1;
supportedFeatures = featuresList;
}];
};
users = {
groups.nixremote.gid = 555;
users.nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys =
[ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
};
};
services.btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
"/srv/pool"
];
fileSystems = [ "/" ];
};
}

202
hosts/server/hardware-configuration.nix
View File

@ -1,36 +1,17 @@
{ lib, modulesPath, ... }:
let
getUUID = uuid: "/dev/disk/by-uuid/${uuid}";
in
{
{ lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
security.pam.loginLimits = [
{
domain = "*";
type = "hard";
item = "nofile";
value = "131072";
}
{
domain = "*";
type = "soft";
item = "nofile";
value = "131072";
}
{
domain = "*";
type = "hard";
item = "nproc";
value = "8192";
}
{
domain = "*";
type = "soft";
item = "nproc";
value = "8192";
}
];
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
boot = {
loader = {
efi = {
@ -44,41 +25,39 @@ in
enableCryptodisk = true;
};
};
initrd = {
secrets."/keyfile" = /etc/keyfile;
luks.devices =
let
decryptLuks = uuid: {
device = getUUID uuid;
keyFile = "/keyfile";
preLVM = true;
};
in
{
nvme = decryptLuks "af72f45c-cf7c-4e7d-8eab-2a95ab754921";
disk1 = decryptLuks "a9b0f346-7e38-40a6-baf6-3ad80cafc842";
disk2 = decryptLuks "0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
disk3 = decryptLuks "8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
disk4 = decryptLuks "7fcac808-491f-4846-a4a9-a34cc77cb43d";
disk5 = decryptLuks "1d05cf50-0f5f-427a-b41f-fab0d11e85e9";
};
initrd.luks.devices = {
nvme = {
device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921";
preLVM = true;
};
# disk1 = {
# device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
# preLVM = true;
# };
# disk2 = {
# device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
# preLVM = true;
# };
# disk3 = {
# device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
# preLVM = true;
# };
# disk4 = {
# device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
# preLVM = true;
# };
};
kernelModules = [ "kvm-intel" ];
kernel.sysctl = {
"vm.swappiness" = 80;
"vm.max_map_count" = 524288;
"fs.file-max" = 131072;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
};
extraModulePackages = [ ];
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"nvme"
"usb_storage"
"sd_mod"
];
availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
};
@ -110,78 +89,71 @@ in
"datacow"
];
};
# "/mnt/pool" = {
# device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
# fsType = "btrfs";
# options = [
# "subvol=@data"
# "compress=zstd:3"
# "space_cache=v2"
# "commit=120"
# "datacow"
# ];
# };
"/boot" = {
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4";
options = [ "nofail" ];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/CBE7-5DEB";
fsType = "vfat";
};
"/srv/pool" = {
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
options = [
"subvol=@data"
"compress=zstd:3"
"space_cache=v2"
"commit=120"
"datacow"
];
depends = [ "/boot/efi" ];
};
"/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ];
depends = [ "/srv/pool" ];
};
"/srv/jellyfin/media" = {
device = "/srv/pool/multimedia/media";
options = [
"bind"
"ro"
];
depends = [ "/srv/pool" ];
};
# NEXTCCLOUD
# "/var/lib/nextcloud/data" = {
# device = "/mnt/pool/nextcloud";
# options = [ "bind" ];
# depends = [ "/mnt/pool" ];
# };
# "/mnt/jellyfin/media" = {
# device = "/mnt/pool/multimedia/media";
# options = [ "bind" "ro" ];
# depends = [ "/mnt/pool" ];
# };
# NFS
"/export/pool" = {
device = "/srv/pool";
device = "/mnt/pool";
options = [ "bind" ];
depends = [ "/srv/pool" ];
depends = [ "/mnt/pool" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
depends = [ "/srv/pool" ];
depends = [ "/mnt/pool" ];
};
"/export/backups" = {
device = "/srv/backups";
"/export/btrfs" = {
device = "/mnt/btrfs";
options = [ "bind" ];
depends = [ "/srv/pool" ];
depends = [ "/mnt/pool" ];
};
};
services.nfs.server = {
enable = true;
exports = ''
/export workstation(rw,fsid=0,no_subtree_check)
miniserver(rw,fsid=0,no_subtree_check)
/export/jawz workstation(rw,nohide,insecure,no_subtree_check)
miniserver(rw,nohide,insecure,no_subtree_check)
/export/pool workstation(rw,nohide,insecure,no_subtree_check)
miniserver(rw,nohide,insecure,no_subtree_check)
/export/backups workstation(rw,nohide,insecure,no_subtree_check)
miniserver(rw,nohide,insecure,no_subtree_check)
'';
services.nfs = {
server = {
enable = true;
exports = ''
/export workstation(rw,fsid=0,no_subtree_check)
/export/jawz workstation(rw,nohide,insecure,no_subtree_check)
/export/pool workstation(rw,nohide,insecure,no_subtree_check)
/export/btrfs workstation(rw,nohide,insecure,no_subtree_check)
'';
};
};
swapDevices = [
{
device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}
];
swapDevices = [{
device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}];
}

84
hosts/server/toggles.nix
View File

@ -1,84 +0,0 @@
{ config, inputs }:
let
inherit (inputs.self.lib) mkEnabled enableList;
mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
in
{
mainServer = "server";
emacs.enable = true;
stylix.enable = true;
enableProxy = true;
enableContainers = true;
apps.dictionaries.enable = true;
shell = enableList mkEnabled [
"tools"
"multimedia"
];
services = enableList mkEnabled [
"network"
"nvidia"
"syncthing"
];
dev = enableList mkEnabled [
"nix"
"python"
"sh"
];
units = enableList mkEnabled [
"downloadManga"
"download"
"stream-dl"
];
scripts = enableList mkEnabled [
"run"
"download"
"split-dir"
"ffmpreg"
"ffmpeg4discord"
"manage-library"
"library-report"
"stream-dl"
"pika-list"
"find-dup-episodes"
"tuh-activity-logger"
];
servers = {
nextcloud = {
enable = true;
enableCron = true;
enableProxy = true;
};
}
// enableList mkEnabled [
"qbittorrent"
"sabnzbd"
"unpackerr"
"postgres"
"paperless"
"stash"
"bazarr"
"collabora"
"homepage"
"kavita"
"lidarr"
"maloja"
"microbin"
"multi-scrobbler"
"plex"
"prowlarr"
"radarr"
"ryot"
"sonarr"
"synapse"
"jellyfin"
"gitea"
"mealie"
"metube"
"atticd"
]
// enableList mkEnabledIp [
"audiobookshelf"
"vaultwarden"
"readeck"
];
}

230
hosts/workstation/configuration.nix
View File

@ -1,97 +1,99 @@
{
pkgs,
config,
inputs,
...
}:
let
shellType = config.my.shell.type;
krita-thumbnailer = pkgs.writeTextFile {
name = "krita-thumbnailer";
destination = "/share/thumbnailers/kra.thumbnailer";
text = ''
[Thumbnailer Entry]
Exec=sh -c "${pkgs.unzip}/bin/unzip -p %i preview.png > %o"
MimeType=application/x-krita;
'';
};
in
{
{ pkgs, config, lib, ... }: {
imports = [
./hardware-configuration.nix
../../config/base.nix
../../config/stylix.nix
../../environments/gnome.nix
../../base.nix
../../gnome.nix
../../pkgs/obs-studio.nix
];
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 8;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixserver"
"nixminiserver"
];
my = {
emacs.enable = true;
apps = {
art.enable = true;
dictionaries.enable = true;
fonts.enable = true;
gaming.enable = true;
internet.enable = true;
multimedia.enable = true;
office.enable = true;
misc.enable = true;
};
dev = {
haskell.enable = true;
nix.enable = true;
python.enable = true;
gameDev.enable = true;
sh.enable = true;
javascript.enable = true;
};
shell = {
exercism.enable = true;
multimedia.enable = true;
tools.enable = true;
};
services = {
network.enable = true;
nvidia.enable = true;
printing.enable = true;
sound.enable = true;
};
scripts = {
tasks.enable = true;
run.enable = true;
split-dir.enable = true;
download.enable = true;
ffmpreg.enable = true;
ffmpeg4discord.enable = true;
};
};
home-manager.users.jawz.programs = {
vscode = {
enable = true;
package = pkgs.code-cursor;
};
ghostty = {
enable = true;
package = pkgs.ghostty;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
installBatSyntax = true;
installVimSyntax = true;
settings.term = "xterm-256color";
};
sops.secrets = {
"resilio/user" = { };
"resilio/host" = { };
"resilio/password" = { };
};
networking = {
hostName = "workstation";
firewall = {
allowedTCPPorts = [
firewall = let
openPorts = [
6674 # ns-usbloader
8384 # syncthing
];
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
openPortRanges = [{
from = 1714; # kdeconnect
to = 1764; # kdeconnect
}];
in {
allowedTCPPorts = openPorts;
allowedUDPPorts = openPorts;
allowedTCPPortRanges = openPortRanges;
allowedUDPPortRanges = openPortRanges;
};
};
users.users.jawz.packages = [
(pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
])
]
++ builtins.attrValues {
inherit (pkgs)
distrobox # install packages from other os
gocryptfs # encrypted filesystem! shhh!!!
vcsi # video thumbnails for torrents, can I replace it with ^?
keypunch # practice typing
google-cloud-sdk-gce
;
nix.settings.cores = 16;
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ ];
};
environment = {
pathsToLink = [ "share/thumbnailers" ];
systemPackages = builtins.attrValues {
# thumbnail for heif files & videos
inherit krita-thumbnailer;
inherit (pkgs)
libheif
ffmpegthumbnailer
bign-handheld-thumbnailer
gnome-epub-thumbnailer
podman-compose
scrcpy
;
inherit (pkgs.libheif) out;
users = {
groups.nixremote.gid = 555;
users = {
jawz.packages = (with pkgs; [
gocryptfs # encrypted filesystem! shhh!!!
torrenttools # create torrent files from the terminal!
vcsi # video thumbnails for torrents, can I replace it with ^?
]);
nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
(builtins.readFile ../../secrets/ssh/ed25519_nixserver.pub)
(builtins.readFile ../../secrets/ssh/ed25519_nixminiserver.pub)
];
};
};
etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
};
environment.etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
@ -108,65 +110,29 @@ in
obs-studio = {
enable = true;
enableVirtualCamera = true;
plugins = builtins.attrValues {
inherit (pkgs.obs-studio-plugins)
droidcam-obs
obs-vkcapture
obs-vaapi
obs-tuna
input-overlay
;
};
};
};
security.pki.certificateFiles = [
../../secrets/ssh/iqQCY4iAWO-ca.pem
../../secrets/ssh/root-private-ca.pem
];
services = {
flatpak.enable = true;
open-webui.enable = true;
tailscale = {
enable = true;
useRoutingFeatures = "client";
extraUpFlags = [
"--accept-routes"
"--shields-up"
];
};
scx = {
enable = true;
scheduler = "scx_lavd";
};
btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" ];
};
protonmail-bridge = {
resilio = {
enable = true;
path = [ pkgs.gnome-keyring ];
};
ollama = {
enable = true;
acceleration = "cuda";
models = "/srv/ai/ollama";
};
postgresql = {
enable = true;
package = pkgs.postgresql_17;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all ${config.my.localhost}/32 trust
host all all ::1/128 trust
'';
ensureDatabases = [ "webref" ];
ensureUsers = [
{
name = "webref";
ensureDBOwnership = true;
}
];
useUpnp = true;
enableWebUI = true;
httpPass =
"Uplifting-Proofs-Eggshell-Molecule-Wriggly-Janitor3-Padded-Oxidizing";
deviceName = "Oversweet3834";
httpLogin = "Oversweet3834";
httpListenPort = 9876;
httpListenAddr = "0.0.0.0";
directoryRoot = "/resilio";
};
};
virtualisation.podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
}

193
hosts/workstation/hardware-configuration.nix
View File

@ -1,57 +1,29 @@
{
modulesPath,
config,
pkgs,
inputs,
lib,
...
}:
let
getMapper = mapper: "/dev/mapper/${mapper}";
getUUID = uuid: "/dev/disk/by-uuid/${uuid}";
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.ucodenix.nixosModules.default
];
services = {
udev.extraRules = lib.mkIf config.my.apps.gaming.enable ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="0cf3", ATTRS{idProduct}=="3005", TAG+="uaccess"
'';
ucodenix = {
{ config, pkgs, modulesPath, lib, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
bluetooth = {
enable = true;
cpuModelId = "00A50F00";
settings.General = {
Enable = "Source,Sink,Media,Socket";
Experimental = true;
};
};
};
hardware.bluetooth = {
enable = true;
settings.General = {
Enable = "Source,Sink,Media,Socket";
Experimental = true;
opentabletdriver = {
enable = true;
daemon.enable = false;
};
};
boot = {
plymouth.enable = true;
consoleLogLevel = 0;
loader.timeout = 3;
kernelParams = [
"splash"
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
"preempt=full"
"microcode.amd_sha_check=off"
];
kernelPackages = pkgs.linuxPackages;
kernelPackages = pkgs.linuxPackages_zen;
kernel.sysctl = {
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
"net.ipv4.tcp_mtu_probing" = 1;
"kernel.sched_cfsbandwidth_slice_us" = lib.mkDefault 3000;
"net.ipv4.tcp_fin_timeout" = lib.mkDefault 5;
"vm.max_map_count" = lib.mkDefault 2147483642;
};
loader = {
efi = {
@ -64,81 +36,66 @@ in
efiSupport = true;
useOSProber = true;
enableCryptodisk = true;
extraEntries = ''
menuentry "Fedora" {
set root=(hd1,1)
chainloader /EFI/fedora/grub.efi
}
'';
};
};
initrd = {
verbose = false;
secrets."/keyfile" = /etc/keyfile;
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"nvme"
"usb_storage"
"sd_mod"
];
luks.devices.nvme = {
device = getUUID "e9618e85-a631-4374-b2a4-22c376d6e41b";
keyFile = "/keyfile";
preLVM = true;
};
initrd.luks.devices.nvme = {
device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b";
preLVM = true;
};
initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
};
fileSystems =
let
nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=600"
];
};
btrfsMount = device: subvol: extraOpts: {
inherit device;
fsType = "btrfs";
options = extraOpts ++ [
"subvol=${subvol}"
"ssd"
"compress=lzo"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
];
};
trashOptions = [
"x-gvfs-trash"
"x-gvfs-show"
];
in
{
"/" = btrfsMount (getMapper "nvme") "nixos" [ "noatime" ];
"/home" = btrfsMount (getMapper "nvme") "home" [ ];
"/srv/games" = btrfsMount (getMapper "nvme") "games" trashOptions;
"/srv/ai" = btrfsMount (getUUID "ca1671e1-e201-4960-ad30-593393f970fb") "ai" trashOptions;
"/srv/pool" = nfsMount "server" "pool";
"/srv/server_home" = nfsMount "server" "jawz";
"/srv/backups" = nfsMount "server" "backups";
"/boot" = {
device = getUUID "ac6d349a-96b9-499e-9009-229efd7743a5";
fsType = "ext4";
};
"/boot/efi" = {
device = getUUID "B05D-B5FB";
fsType = "vfat";
};
fileSystems = let
nfsMount = (server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
});
btrfsMount = subvol: {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=${subvol}"
"ssd"
"compress=lzo"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
] ++ (if subvol == "nixos" then [ "noatime" ] else [ ]);
};
swapDevices = [
{
device = "/dev/disk/by-partuuid/c1bd22d7-e62c-440a-88d1-6464be1aa1b0";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}
];
in {
"/" = btrfsMount "nixos" // { };
"/home" = btrfsMount "home" // { };
"/mnt/games" = btrfsMount "games" // { };
"/mnt/miniserver/pool" = nfsMount "miniserver" "pool" // { };
"/mnt/miniserver/jawz" = nfsMount "miniserver" "jawz" // { };
# "/mnt/server/pool" = nfsMount "server" "pool" // { };
# "/mnt/server/jawz" = nfsMount "server" "jawz" // { };
# "/mnt/server/btrfs" = nfsMount "server" "btrfs" // { };
"/boot" = {
device = "/dev/disk/by-uuid/ac6d349a-96b9-499e-9009-229efd7743a5";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/B05D-B5FB";
fsType = "vfat";
};
};
swapDevices = [{
device = "/dev/disk/by-partuuid/c1bd22d7-e62c-440a-88d1-6464be1aa1b0";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}];
}

47
hosts/workstation/toggles.nix
View File

@ -1,47 +0,0 @@
{ inputs }:
let
inherit (inputs.self.lib) mkEnabled enableList;
in
{
stylix.enable = true;
emacs.enable = true;
enableContainers = true;
servers.drpp.enable = true;
apps = enableList mkEnabled [
"art"
"dictionaries"
"fonts"
"gaming"
"switch"
"internet"
"multimedia"
"office"
"misc"
];
dev = enableList mkEnabled [
"nix"
"python"
"sh"
];
shell = enableList mkEnabled [
"exercism"
"multimedia"
"tools"
];
services = enableList mkEnabled [
"network"
"nvidia"
"printing"
"sound"
"syncthing"
];
scripts = enableList mkEnabled [
"tasks"
"run"
"split-dir"
"download"
"ffmpreg"
"ffmpeg4discord"
"update-org-agenda-cache"
];
}

41
jawz.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, ... }: {
sops.secrets = let
keyConfig = file: {
sopsFile = ./secrets/keys.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.ssh/${file}";
};
in {
jawz-password.neededForUsers = true;
"private_keys/age" = keyConfig "ed25519_age";
"public_keys/age" = keyConfig "ed25519_age.pub";
"private_keys/${config.networking.hostName}" =
keyConfig "ed25519_${config.networking.hostName}";
"git_private_keys/${config.networking.hostName}" = keyConfig "ed25519_git";
};
users.users.jawz = {
linger = true;
isNormalUser = true;
hashedPasswordFile = config.sops.secrets.jawz-password.path;
extraGroups = [
"wheel"
"networkmanager"
"scanner"
"lp"
"piracy"
"kavita"
"video"
"docker"
"libvirt"
"rslsync"
];
openssh.authorizedKeys.keys = [
(builtins.readFile ./secrets/ssh/ed25519_deacero.pub)
(builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
(builtins.readFile ./secrets/ssh/ed25519_server.pub)
(builtins.readFile ./secrets/ssh/ed25519_miniserver.pub)
(builtins.readFile ./secrets/ssh/ed25519_galaxy.pub)
];
};
}

25
modules/apps.nix Normal file
View File

@ -0,0 +1,25 @@
{ lib, ... }: {
imports = [
./apps/art.nix
./apps/dictionaries.nix
./apps/fonts.nix
./apps/gaming.nix
./apps/internet.nix
./apps/multimedia.nix
./apps/office.nix
./apps/misc.nix
];
my = {
dev.gameDev.enable = lib.mkDefault false;
apps = {
art.enable = lib.mkDefault false;
dictionaries.enable = lib.mkDefault false;
fonts.enable = lib.mkDefault false;
gaming.enable = lib.mkDefault false;
internet.enable = lib.mkDefault false;
multimedia.enable = lib.mkDefault false;
office.enable = lib.mkDefault false;
misc.enable = lib.mkDefault false;
};
};
}

52
modules/apps/art.nix
View File

@ -1,43 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
# Patch to libpng so that big brushes can be loaded
patched-krita = pkgs.replaceDependency {
drv = pkgs.krita;
oldDependency = pkgs.libpng;
newDependency = pkgs.libpng.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [ ../../patches/libpng.patch ];
});
{ config, lib, pkgs, ... }: {
options.my = {
apps.art.enable = lib.mkEnableOption "enable";
dev.gameDev.enable = lib.mkEnableOption "enable";
};
attrValuesIf = cond: attrs: if cond then builtins.attrValues attrs else [ ];
artPackages = attrValuesIf config.my.apps.art.enable {
inherit patched-krita; # art to your heart desire!
inherit (pkgs)
eyedropper # color picker
emulsion-palette # self explanatory
config = lib.mkIf config.my.apps.art.enable {
users.users.jawz.packages = (with pkgs; [
gimp # the coolest bestest art program to never exist
krita # art to your heart desire!
mypaint # not the best art program
mypaint-brushes # but it's got some
mypaint-brushes1 # nice damn brushes
blender # cgi animation and sculpting
pureref # create inspiration/reference boards
;
blender # cgi animation and sculpting
# drawpile # arty party with friends!!
]) ++ (if config.my.dev.gameDev.enable then
with pkgs;
[
godot_4 # game development
# gdtoolkit # gdscript language server
]
else
[ ]);
};
gameDevPackages = attrValuesIf config.my.dev.gameDev.enable {
inherit (pkgs)
godot_4 # game development
gdtoolkit_4 # gdscript language server
;
};
in
{
options.my = {
apps.art.enable = lib.mkEnableOption "digital art and creative applications";
dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
};
config.users.users.jawz.packages = artPackages ++ gameDevPackages;
}

26
modules/apps/dictionaries.nix
View File

@ -1,21 +1,11 @@
{
config,
lib,
pkgs,
...
}:
{
options.my.apps.dictionaries.enable = lib.mkEnableOption "dictionaries and language tools";
{ config, lib, pkgs, ... }: {
options.my.apps.dictionaries.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.dictionaries.enable {
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
hunspell
;
inherit (pkgs.hunspellDicts)
it_IT
es_MX
en_CA-large
;
};
users.users.jawz.packages = with pkgs; [
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA-large
];
};
}

44
modules/apps/fonts.nix
View File

@ -1,44 +1,6 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
customFonts = pkgs.stdenvNoCC.mkDerivation {
name = "custom-fonts";
src = inputs.fonts;
installPhase = ''
mkdir -p $out/share/fonts
find $src -type f \( \
-name "*.ttf" -o \
-name "*.otf" -o \
-name "*.woff" -o \
-name "*.woff2" \
\) -exec cp {} $out/share/fonts/ \;
'';
};
in
{
options.my.apps.fonts.enable = lib.mkEnableOption "additional fonts and typography";
{ config, lib, pkgs, ... }: {
options.my.apps.fonts.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.fonts.enable {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "corefonts" ];
fonts.packages = builtins.attrValues {
inherit customFonts;
inherit (pkgs)
symbola
comic-neue
cascadia-code
corefonts
;
inherit (pkgs.nerd-fonts)
caskaydia-cove
open-dyslexic
comic-shanns-mono
iosevka
agave
;
};
users.users.jawz.packages = with pkgs; [ nerdfonts symbola ];
};
}

87
modules/apps/gaming.nix
View File

@ -1,38 +1,7 @@
{
inputs,
config,
lib,
pkgs,
...
}:
let
retroarchWithCores = pkgs.retroarch.withCores (
cores:
builtins.attrValues {
inherit (cores)
mgba # gba
pcsx2 # ps2
dolphin # wii / gamecube
snes9x2010 # snes
desmume # nintendo ds
citra # 3ds
;
}
);
in
{
{ config, lib, pkgs, inputs, ... }: {
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
options.my.apps = {
gaming.enable = lib.mkEnableOption "gaming applications and emulators";
switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
};
options.my.apps.gaming.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.gaming.enable {
# sops.secrets.switch-presence = lib.mkIf config.my.apps.gaming.switch.enable {
# sopsFile = ../../secrets/env.yaml;
# format = "dotenv";
# owner = config.users.users.jawz.name;
# inherit (config.users.users.jawz) group;
# };
programs = {
gamemode.enable = true;
steam = {
@ -43,30 +12,32 @@ in
platformOptimizations.enable = true;
};
};
services = lib.mkIf config.my.apps.switch.enable {
switch-boot.enable = true;
# switch-presence = {
# enable = true;
# environmentFile = config.sops.secrets.switch-presence.path;
# };
};
users.users.jawz.packages = builtins.attrValues {
inherit retroarchWithCores;
inherit (pkgs)
shipwright # zelda OoT port
mangohud # fps & stats overlay
lutris # games launcher & emulator hub
cartridges # games launcher
gamemode # optimizes linux to have better gaming performance
heroic # install epic games
protonup-qt # update proton-ge
ns-usbloader # load games into my switch
# emulators
rpcs3 # ps3
cemu # wii u
ryubing # switch
prismlauncher # minecraft launcher with jdk overlays
;
};
users.users.jawz.packages = let
polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { };
citra-nightly =
pkgs.callPackage ../../pkgs/citra/default.nix { branch = "nightly"; };
in (with pkgs; [
shipwright # zelda OoT port
mangohud # fps & stats overlay
lutris # games launcher & emulator hub
cartridges # games launcher
gamemode # optimizes linux to have better gaming performance
heroic # install epic games
protonup-qt # update proton-ge
# minecraft # minecraft official launcher
ns-usbloader # load games into my switch
grapejuice # roblox manager
# emulators
rpcs3 # ps3 emulator
pcsx2 # ps2 emulator
cemu # wii u emulator
dolphin-emu # wii emulator
snes9x-gtk # snes emulator
ryujinx # switch emulator
]) ++ [
citra-nightly # 3Ds emulator
polymc # minecraft launcher with mod support
];
};
}

65
modules/apps/internet.nix
View File

@ -1,55 +1,30 @@
{
config,
lib,
pkgs,
...
}:
let
krisp-patcher =
pkgs.writers.writePython3Bin "krisp-patcher"
{
libraries = builtins.attrValues {
inherit (pkgs.python3Packages)
capstone
pyelftools
;
};
flakeIgnore = [
"E501" # line too long (82 > 79 characters)
"F403" # 'from module import *' used; unable to detect undefined names
"F405" # name may be undefined, or defined from star imports: module
];
}
(
builtins.readFile (
pkgs.fetchurl {
url = "https://pastebin.com/raw/8tQDsMVd";
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
}
)
);
in
{
options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";
{ config, lib, pkgs, ... }: {
options.my.apps.internet.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.internet.enable {
home-manager.users.jawz.programs.librewolf = import ./librewolf.nix;
programs.geary.enable = true;
users.users.jawz.packages = builtins.attrValues {
# inherit (inputs.zen-browser.packages.x86_64-linux) twilight;
inherit krisp-patcher;
inherit (pkgs)
# thunderbird # email client
warp # transfer files with based ppl
programs = {
geary.enable = true;
firefox = {
enable = true;
languagePacks = [ "en-CA" "es-MX" "it" ];
};
};
services.psd.enable = true;
users.users.jawz.packages =
let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { };
in (with pkgs; [
# gpt4all
nextcloud-client # self-hosted google-drive alternative
fragments # beautiful torrent client
protonmail-bridge # bridge for protonmail
tor-browser-bundle-bin # dark web, so dark!
chromium # web browser with spyware included
telegram-desktop # furry chat
nicotine-plus # remember Ares?
vesktop # screen share with audio discord
discord # :3
# hugo # website engine
]) ++ [
vdhcoapp # video download helper assistant
nextcloud-talk-desktop # nextcloud talk client
fractal # matrix client
;
};
];
};
}

100
modules/apps/librewolf.nix
View File

@ -1,100 +0,0 @@
{
enable = true;
languagePacks = [
"en-CA"
"es-MX"
"it"
];
policies.DisabledFirefoxAccounts = false;
profiles.jawz = {
containersForce = true;
containers = {
Private = {
id = 1;
icon = "chill";
color = "purple";
};
Work = {
id = 2;
icon = "briefcase";
color = "orange";
};
Banking = {
id = 3;
icon = "dollar";
color = "green";
};
};
id = 0;
name = "jawz";
path = "jawz";
settings = {
# Enable custom userChrome.css (for GNOME theme)
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
# Enables Firefox GNOME Theme SVG icons
"svg.context-properties.content.enabled" = true;
# GNOME theme refinements
"gnomeTheme.hideSingleTab" = true;
"gnomeTheme.bookmarksToolbarUnderTabs" = true;
"gnomeTheme.allTabsButtonOnOverflow" = true;
# Normal UI density
"browser.uidensity" = 0;
"browser.toolbars.bookmarks.visibility" = "never";
"general.autoScroll" = true;
# Tabs
"browser.sessionstore.resume_from_crash" = true;
"browser.sessionstore.max_tabs_undo" = 50;
"browser.startup.page" = 3;
# DRM
"media.eme.enabled" = true;
# Prevents private windows from using dark theme
"browser.theme.dark-private-windows" = false;
# Enables rounded corners on the main window
"widget.gtk.rounded-bottom-corners.enabled" = true;
# General privacy & fingerprinting
"privacy.sanitize.sanitizeOnShutdown" = false;
"privacy.clearOnShutdown_v2.browsingHistoryAndDownloads" = false;
"privacy.resistFingerprinting" = false; # You explicitly disabled this
"privacy.fingerprintingProtection" = true;
"privacy.query_stripping.enabled" = true;
"privacy.query_stripping.enabled.pbmode" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.bounceTrackingProtection.mode" = 1;
"privacy.clearSiteData.cookiesAndStorage" = false;
"privacy.clearSiteData.historyFormDataAndDownloads" = true;
# Do Not Track
"privacy.donottrackheader.enabled" = true;
# GPC (Global Privacy Control)
"privacy.globalprivacycontrol.was_ever_enabled" = true;
# DNS-over-HTTPS (LibreDNS with adblock)
"network.trr.mode" = 2;
"network.trr.uri" = "https://doh.libredns.gr/noads";
# Prevent predictive browsing
"network.prefetch-next" = false;
"network.predictor.enabled" = false;
"network.http.speculative-parallel-limit" = 0;
# Referrer sanitization
"network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation" = true;
# Partitioning and isolation
"network.cookie.cookieBehavior.optInPartitioning" = true;
# HTTPS-only
"dom.security.https_only_mode_ever_enabled" = true;
# Disable captive portal checks
"network.captive-portal-service.enabled" = false;
"network.connectivity-service.enabled" = false;
# Permissions tightening
"permissions.delegation.enabled" = false;
# Disable safe browsing remote lookups (relies on Google)
"browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.downloads.remote.block_uncommon" = false;
# Enable anti-cookie tracking + purge trackers
"privacy.annotate_channels.strict_list.enabled" = true;
# Enable Multi-Account Containers
"privacy.userContext.enabled" = true;
"privacy.userContext.ui.enabled" = true;
};
};
}

27
modules/apps/misc.nix
View File

@ -1,19 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
options.my.apps.misc.enable = lib.mkEnableOption "miscellaneous desktop applications";
{ config, lib, pkgs, ... }: {
options.my.apps.misc.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.misc.enable {
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
blanket # background noise
metadata-cleaner # remove any metadata and geolocation from files
pika-backup # backups
gnome-obfuscate # censor private information
;
};
users.users.jawz.packages = with pkgs; [
# celeste # sync tool for any cloud provider
# czkawka # duplicate finder
# sequeler # friendly SQL client
blanket # background noise
metadata-cleaner # remove any metadata and geolocation from files
pika-backup # backups
gnome-obfuscate # censor private information
];
};
}

37
modules/apps/multimedia.nix
View File

@ -1,23 +1,20 @@
{
config,
lib,
pkgs,
...
}:
{
options.my.apps.multimedia.enable = lib.mkEnableOption "multimedia applications and media players";
{ config, lib, pkgs, ... }: {
options.my.apps.multimedia.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.multimedia.enable {
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
recordbox # libadwaita music player
celluloid # video player
curtail # image compressor
easyeffects # equalizer
identity # compare images or videos
mousai # poor man shazam
shortwave # listen to world radio
tagger # tag music files
;
};
users.users.jawz.packages = with pkgs; [
fooyin # foobar inspired music player
pitivi # video editor
celluloid # video player
curtail # image compressor
easyeffects # equalizer
handbrake # video converter, may be unnecessary
identity # compare images or videos
mousai # poor man shazam
shortwave # listen to world radio
tagger # tag music files
# cozy # audiobooks player
# gnome-podcasts # podcast player
# hakuneko # manga & comic GUI downloader
];
};
}

18
modules/apps/music.nix
View File

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
options.my.apps.piano.enable = lib.mkEnableOption "piano learning and music theory apps";
config = lib.mkIf config.my.apps.piano.enable {
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
neothesia
linthesia
timidity
;
};
};
}

30
modules/apps/office.nix
View File

@ -1,22 +1,16 @@
{
config,
lib,
pkgs,
...
}:
{
options.my.apps.office.enable = lib.mkEnableOption "office applications and productivity tools";
{ config, lib, pkgs, ... }: {
options.my.apps.office.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.office.enable {
environment.variables.CALIBRE_USE_SYSTEM_THEME = "1";
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
jre17_minimal # for libreoffice extensions
libreoffice # office, but based & european
calibre # ugly af eBook library manager
newsflash # feed reader, syncs with nextcloud
furtherance # I packaged this one tehee track time utility
# planify # let's pretend I will organize my tasks
;
};
users.users.jawz.packages = with pkgs; [
libreoffice # office, but based
calibre # ugly af eBook library manager
newsflash # feed reader, syncs with nextcloud
furtherance # I packaged this one tehee track time utility
planify # let's pretend I will organize my tasks
# foliate # gtk eBook reader
# wike # gtk wikipedia wow!
# denaro # manage your finances
];
};
}

20
modules/dev.nix Normal file
View File

@ -0,0 +1,20 @@
{ lib, ... }: {
imports = [
./dev/sh.nix
./dev/nix.nix
./dev/docker.nix
./dev/python.nix
./dev/haskell.nix
./dev/javascript.nix
./emacs.nix
];
my.emacs.enable = lib.mkDefault false;
my.dev = {
sh.enable = lib.mkDefault false;
nix.enable = lib.mkDefault false;
docker.enable = lib.mkDefault false;
python.enable = lib.mkDefault false;
haskell.enable = lib.mkDefault false;
javascript.enable = lib.mkDefault false;
};
}

36
modules/dev/cc.nix
View File

@ -1,36 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs)
clang # C/C++ compiler frontend (part of LLVM)
clang-tools # Extra LLVM tools (e.g. clang-tidy, clang-apply-replacements)
gcc # GNU Compiler Collection (C, C++, etc.)
gdb # GNU Debugger
valgrind # Memory leak detector and performance profiler
;
};
in
{
options = {
my.dev.cc.enable = lib.mkEnableOption "Install C/C++ tooling globally";
devShells.cc = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "cc-dev-shell";
shellHook = ''
echo "🔧 C/C++ dev environment"
'';
};
description = "C/C++ development shell";
};
};
config = lib.mkIf config.my.dev.cc.enable {
users.users.jawz = { inherit packages; };
};
}

44
modules/dev/docker.nix
View File

@ -1,38 +1,10 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs) dockfmt; # Format Dockerfiles
inherit (pkgs.nodePackages)
dockerfile-language-server-nodejs # LSP for Dockerfiles
;
{ config, lib, pkgs, ... }: {
options.my.dev.docker.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.docker.enable {
environment.variables.DOCKER_CONFIG = "\${XDG_CONFIG_HOME}/docker";
users.users.jawz.packages = with pkgs; [
dockfmt
nodePackages.dockerfile-language-server-nodejs
];
};
in
{
options = {
my.dev.docker.enable = lib.mkEnableOption "Install Docker tooling globally";
devShells.docker = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "docker-dev-shell";
shellHook = ''
echo "🐳 Docker dev environment"
'';
};
description = "Docker and Dockerfile tooling shell";
};
};
config = lib.mkMerge [
(lib.mkIf config.my.dev.docker.enable {
users.users.jawz = { inherit packages; };
})
{
environment.variables.DOCKER_CONFIG = "\${XDG_CONFIG_HOME}/docker";
}
];
}

76
modules/dev/emacs.nix
View File

@ -1,76 +0,0 @@
{
config,
inputs,
lib,
pkgs,
...
}:
{
options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration";
config = lib.mkIf config.my.emacs.enable {
home-manager.users.jawz = {
xdg.dataFile = {
"doom/templates/events.org".source = ../../dotfiles/doom/templates/events.org;
"doom/templates/default.org".source = ../../dotfiles/doom/templates/default.org;
"doom/templates/programming.org".source = ../../dotfiles/doom/templates/programming.org;
};
services.lorri.enable = true;
programs.${config.my.shell.type}.shellAliases =
inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
{
edit = "emacsclient -t";
e = "edit";
};
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs.xorg) xwininfo;
inherit (pkgs)
#emacs everywhere
xdotool
xclip
wl-clipboard-rs
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
tree-sitter # code parsing based on symbols and shit, I do not get it
graphviz # graphs
tetex # export pdf
languagetool # proofreader for English
# lsps
yaml-language-server
markdownlint-cli
;
inherit (pkgs.nodePackages)
vscode-json-languageserver
prettier # multi-language linter
;
};
services.emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacsWithDoom {
doomDir = ../../dotfiles/doom;
doomLocalDir = "/home/jawz/.local/share/nix-doom";
tangleArgs = "--all config.org";
extraPackages =
epkgs:
let
inherit (config.home-manager.users.jawz.programs.emacs)
extraPackages
extraConfig
;
extra = extraPackages epkgs;
themes = lib.optional config.my.stylix.enable [
(epkgs.trivialBuild {
pname = "stylix-theme";
src = pkgs.writeText "stylix-theme.el" extraConfig;
version = "0.1.0";
packageRequires = extra;
})
];
in
extra ++ themes;
};
};
};
}

44
modules/dev/go.nix
View File

@ -1,44 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs)
go # Go compiler and core toolchain
gocode-gomod # Code completion for Go (modern fork of gocode)
gotools # Contains godoc, gorename, goimports, etc.
gore # Go REPL
gotests # Generate Go tests from function signatures
gomodifytags # Struct tag manipulation
golangci-lint # Linter aggregation
;
};
GOPATH = "\${XDG_DATA_HOME}/go";
in
{
options = {
my.dev.go.enable = lib.mkEnableOption "Install Go tooling globally";
devShells.go = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages GOPATH;
name = "go-dev-shell";
shellHook = ''
echo "🐹 Go dev environment"
'';
};
description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
};
};
config = lib.mkMerge [
{
environment.variables = { inherit GOPATH; };
}
(lib.mkIf config.my.dev.go.enable {
users.users.jawz = { inherit packages; };
})
];
}

54
modules/dev/haskell.nix
View File

@ -1,46 +1,14 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs)
haskell-language-server # LSP server for Haskell
cabal-install # Standard Haskell build tool
hlint # Linter for Haskell source code
;
inherit (pkgs.haskellPackages)
hoogle # Haskell API search engine
;
};
in
{
options = {
my.dev.haskell.enable = lib.mkEnableOption "Install Haskell tooling globally";
devShells.haskell = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "haskell-dev-shell";
shellHook = ''
echo "λ Haskell dev environment"
'';
};
description = "Haskell development shell";
{ config, lib, pkgs, ... }: {
options.my.dev.haskell.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.haskell.enable {
users.users.jawz.packages = with pkgs; [
ghc # compiler
haskell-language-server # lsp
];
environment.variables = {
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
STACK_ROOT = "\${XDG_DATA_HOME}/stack";
GHCUP_USE_XDG_DIRS = "true";
};
};
config = lib.mkMerge [
(lib.mkIf config.my.dev.haskell.enable {
users.users.jawz = { inherit packages; };
})
{
environment.variables = {
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
STACK_ROOT = "\${XDG_DATA_HOME}/stack";
GHCUP_USE_XDG_DIRS = "true";
};
}
];
}

60
modules/dev/javascript.nix
View File

@ -1,50 +1,16 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs) nodejs; # Node.js runtime
inherit (pkgs.nodePackages) pnpm; # Fast package manager alternative to npm
};
in
{
options = {
my.dev.javascript.enable = lib.mkEnableOption "Install JavaScript tooling globally";
devShells.javascript = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "javascript-dev-shell";
shellHook = ''
echo "📦 JavaScript dev environment"
'';
};
description = "JavaScript/Node development shell with npm/pnpm support";
{ config, lib, pkgs, ... }: {
options.my.dev.javascript.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.javascript.enable {
home-manager.users.jawz.xdg.configFile = {
"npm/npmrc".source = ../../dotfiles/npm/npmrc;
"configstore/update-notifier-npm-check.json".source =
../../dotfiles/npm/update-notifier-npm-check.json;
};
users.users.jawz.packages = with pkgs; [ nodejs nodePackages.pnpm ];
environment.variables = {
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
PATH = [ "\${XDG_DATA_HOME}/npm/bin" "\${XDG_DATA_HOME}/pnpm" ];
};
};
config = lib.mkMerge [
(lib.mkIf config.my.dev.javascript.enable {
users.users.jawz = { inherit packages; };
})
{
home-manager.users.jawz.xdg.configFile = {
"npm/npmrc".source = ../../dotfiles/npmrc;
"configstore/update-notifier-npm-check.json".text = builtins.toJSON {
optOut = false;
lastUpdateCheck = 1646662583446;
};
};
environment.variables = {
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
PATH = [
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
];
};
}
];
}

30
modules/dev/julia.nix
View File

@ -1,30 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs) julia; # High-performance dynamic language for technical computing
};
in
{
options = {
my.dev.julia.enable = lib.mkEnableOption "Install Julia globally";
devShells.julia = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "julia-dev-shell";
shellHook = ''
echo "🔬 Julia dev environment"
'';
};
description = "Julia development shell";
};
};
config = lib.mkIf config.my.dev.julia.enable {
users.users.jawz = { inherit packages; };
};
}

52
modules/dev/nix.nix
View File

@ -1,47 +1,11 @@
{
config,
inputs,
lib,
pkgs,
...
}:
let
shellType = config.my.shell.type;
packages = builtins.attrValues {
inherit (pkgs)
nixfmt-rfc-style # formatting
cachix # binary cache management
nixd # language server for Nix
deadnix # detext unused/uneeded dependencies
statix # linter for Nix expressions
;
};
in
{
options = {
my.dev.nix.enable = lib.mkEnableOption "Install Nix tooling globally";
devShells.nix = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "nix-dev-shell";
shellHook = ''
echo " Nix dev environment"
'';
};
description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
};
};
{ config, lib, pkgs, ... }: {
options.my.dev.nix.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.nix.enable {
users.users.jawz = { inherit packages; };
home-manager.users.jawz.programs.${shellType}.shellAliases =
inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
{
nixformat = ''
deadnix -e && \
nix run nixpkgs#nixfmt-tree && \
statix fix
'';
};
users.users.jawz.packages = with pkgs; [
nixfmt-classic # linting
nixfmt-rfc-style # linting
cachix # why spend time compiling?
nixd # language server
];
};
}

75
modules/dev/python.nix
View File

@ -1,56 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
python = pkgs.python3.withPackages (
ps:
builtins.attrValues {
inherit (ps)
black # Python code formatter
editorconfig # follow rules of contributin
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
pyflakes # checks source code for errors
pylint # bug and style checker for python
pytest # tests
speedtest-cli # check internet speed from the comand line
;
}
);
packages = builtins.attrValues {
inherit python;
inherit (pkgs)
{ config, lib, pkgs, ... }: {
options.my.dev.python.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.python.enable {
home-manager.users.jawz.xdg.configFile."python/pythonrc".source =
../../dotfiles/pythonrc;
environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc";
users.users.jawz.packages = with pkgs; [
pipenv # python development workflow for humans
pyright # LSP
;
nodePackages.pyright # LSP
(python3.withPackages (ps:
with ps; [
black # Python code formatter
editorconfig # follow rules of contributin
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
pyflakes # checks source code for errors
pylint # bug and style checker for python
speedtest-cli # check internet speed from the comand line
# nose # testing and running python scripts
# poetry # dependency management made easy
# pytest # framework for writing tests
]))
];
};
in
{
options = {
my.dev.python.enable = lib.mkEnableOption "Install Python tools globally";
devShells.python = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "python-dev-shell";
shellHook = ''
echo "🐍 Python dev environment"
which python
'';
description = "Python development shell";
};
};
};
config = lib.mkMerge [
(lib.mkIf config.my.dev.python.enable {
users.users.jawz = { inherit packages; };
})
{
home-manager.users.jawz.xdg.configFile."python/pythonrc".source = ../../dotfiles/pythonrc;
environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc";
}
];
}

40
modules/dev/ruby.nix
View File

@ -1,40 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs) ruby; # Ruby interpreter
inherit (pkgs.rubyPackages) solargraph; # LSP for Ruby
};
in
{
options = {
my.dev.ruby.enable = lib.mkEnableOption "Install Ruby tooling globally";
devShells.ruby = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "ruby-dev-shell";
shellHook = ''
echo "💎 Ruby dev environment"
'';
};
description = "Ruby development shell with interpreter and Solargraph LSP";
};
};
config = lib.mkMerge [
(lib.mkIf config.my.dev.ruby.enable {
users.users.jawz = { inherit packages; };
})
{
environment.variables = {
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
};
}
];
}

41
modules/dev/rust.nix
View File

@ -1,41 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs)
rustc # Rust compiler
cargo # Rust package manager
rust-analyzer # Language server for Rust
clippy # Linter for Rust
rustfmt # Formatter for Rust code
;
};
in
{
options = {
my.dev.rust.enable = lib.mkEnableOption "Install Rust tooling globally";
devShells.rust = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "rust-dev-shell";
shellHook = ''
echo "🦀 Rust dev environment"
'';
};
description = "Rust development shell with cargo and rust-analyzer";
};
};
config = lib.mkMerge [
(lib.mkIf config.my.dev.rust.enable {
users.users.jawz = { inherit packages; };
})
{
environment.variables.CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
}
];
}

41
modules/dev/sh.nix
View File

@ -1,36 +1,11 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs)
bashdb # Debugger and completion support
shellcheck # Shell script linter
shfmt # Shell parser and formatter
;
# LSP for Bash and sh
inherit (pkgs.nodePackages) bash-language-server;
};
in
{
options = {
my.dev.sh.enable = lib.mkEnableOption "Install shell scripting tools globally";
devShells.sh = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "sh-dev-shell";
shellHook = ''
echo "💻 Shell scripting dev environment"
'';
};
description = "Shell scripting dev shell";
};
};
{ config, lib, pkgs, ... }: {
options.my.dev.sh.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.sh.enable {
users.users.jawz = { inherit packages; };
users.users.jawz.packages = with pkgs; [
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
nodePackages.bash-language-server # LSP
];
};
}

33
modules/dev/zig.nix
View File

@ -1,33 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
packages = builtins.attrValues {
inherit (pkgs)
zig # Zig compiler and stdlib
zls # Language server for Zig
;
};
in
{
options = {
my.dev.zig.enable = lib.mkEnableOption "Install Zig tooling globally";
devShells.zig = lib.mkOption {
type = lib.types.package;
default = pkgs.mkShell {
inherit packages;
name = "zig-dev-shell";
shellHook = ''
echo "🦎 Zig dev environment"
'';
};
description = "Zig development shell with compiler and LSP";
};
};
config = lib.mkIf config.my.dev.zig.enable {
users.users.jawz = { inherit packages; };
};
}

51
modules/emacs.nix Normal file
View File

@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }: {
options.my.emacs.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.emacs.enable {
home-manager.users.jawz = {
services.lorri.enable = true;
programs.bash = {
initExtra = ''
emacs-sqlite-fix () {
nix-shell -p cmake sqlite --command "doom sync &&
sc restart emacs &&
emacsclient -e '(org-roam-db-sync)'" &&
doom sync
}
'';
shellAliases = {
edit = "emacsclient -t";
e = "edit";
};
};
};
users.users.jawz.packages = (with pkgs; [
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
tree-sitter # code parsing based on symbols and shit, I do not get it
graphviz # graphs
tetex # export pdf
languagetool # proofreader for English
# doom everywhere
xorg.xwininfo
xdotool
xclip
# lsps
yaml-language-server
markdownlint-cli
]) ++ (with pkgs.nodePackages; [
vscode-json-languageserver
# linters
prettier
]);
services.emacs = {
enable = true;
package = with pkgs;
((emacsPackagesFor emacs-gtk).emacsWithPackages
(epkgs: with epkgs; [ vterm ]));
defaultEditor = true;
};
};
}

80
modules/factories/mkscript.nix
View File

@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
options.my.scripts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
options = {
enable = lib.mkEnableOption "Whether to enable this script";
install = lib.mkEnableOption "Whether to install the script package";
service = lib.mkEnableOption "Whether to enable the script service";
name = lib.mkOption {
type = lib.types.str;
description = "Name of the script.";
};
timer = lib.mkOption {
type = lib.types.str;
default = "*:0";
description = "Systemd timer schedule.";
};
description = lib.mkOption {
type = lib.types.str;
description = "Description of the service.";
};
package = lib.mkOption {
type = lib.types.package;
description = "Package containing the executable script.";
};
};
}
);
default = { };
description = "Configuration for multiple scripts.";
};
config = lib.mkIf (lib.any (s: s.enable) (lib.attrValues config.my.scripts)) {
users.users.jawz.packages =
config.my.scripts
|> lib.mapAttrsToList (_name: script: lib.optional (script.enable && script.install) script.package)
|> lib.flatten;
systemd.user.services =
config.my.scripts
|> lib.mapAttrs' (
_name: script:
lib.nameValuePair "${script.name}" (
lib.mkIf (script.enable && script.service) {
restartIfChanged = true;
inherit (script) description;
wantedBy = [ "default.target" ];
path = [
pkgs.nix
script.package
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${script.package}/bin/${script.name}";
};
}
)
);
systemd.user.timers =
config.my.scripts
|> lib.mapAttrs' (
_name: script:
lib.nameValuePair "${script.name}" (
lib.mkIf (script.enable && script.service) {
enable = true;
inherit (script) description;
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = script.timer;
};
}
)
);
};
}

60
modules/factories/mkserver.nix
View File

@ -1,60 +0,0 @@
{ lib, config, ... }:
let
mkOptions = name: subdomain: port: {
enable = lib.mkEnableOption "this server service";
enableCron = lib.mkEnableOption "enable cronjob";
enableProxy = lib.mkEnableOption "enable reverse proxy";
port = lib.mkOption {
type = lib.types.int;
default = port;
};
name = lib.mkOption {
type = lib.types.str;
default = name;
};
domain = lib.mkOption {
type = lib.types.str;
default = config.my.domain;
};
host = lib.mkOption {
type = lib.types.str;
default = "${subdomain}.${config.my.servers.${name}.domain}";
};
hostName = lib.mkOption {
type = lib.types.str;
default = config.networking.hostName;
};
url = lib.mkOption {
type = lib.types.str;
default = "https://${config.my.servers.${name}.host}";
};
ip = lib.mkOption {
type = lib.types.str;
default =
if config.my.servers."${name}".isLocal then
config.my.localhost
else
config.my.ips."${config.my.servers.${name}.hostName}";
};
local = lib.mkOption {
type = lib.types.str;
default = "http://${config.my.servers.${name}.ip}:${toString port}";
};
isLocal = lib.mkOption {
type = lib.types.bool;
default = "${config.my.servers.${name}.hostName}" == config.my.mainServer;
};
enableSocket = lib.mkOption {
type = lib.types.bool;
default = false;
};
certPath = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
};
};
in
{
inherit mkOptions;
mkServerOptions = mkOptions;
}

202
modules/modules.nix
View File

@ -1,202 +0,0 @@
{
lib,
config,
inputs,
...
}:
let
filterNames = file: file != "librewolf.nix";
in
{
imports =
inputs.self.lib.autoImport ./apps filterNames
++ inputs.self.lib.autoImport ./dev filterNames
++ inputs.self.lib.autoImport ./scripts filterNames
++ inputs.self.lib.autoImport ./servers filterNames
++ inputs.self.lib.autoImport ./services filterNames
++ inputs.self.lib.autoImport ./shell filterNames
++ inputs.self.lib.autoImport ./network filterNames
++ [
./factories/mkscript.nix
./nix/build.nix
./users/nixremote.nix
];
options.my = {
localhost = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
description = "The localhost address.";
};
localhost6 = lib.mkOption {
type = lib.types.str;
default = "::1";
description = "The localhost ipv6 address.";
};
secureHost = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether this is a secure host that should use SOPS,";
};
domain = lib.mkOption {
type = lib.types.str;
default = "lebubu.org";
description = "The domain name.";
};
ips = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {
router = "192.168.100.1";
server = "192.168.100.15";
miniserver = "192.168.1.100";
workstation = "192.168.100.18";
vps = "45.79.25.87";
wg-vps = "10.77.0.1";
wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2";
wg-friends = "10.8.0.0";
};
description = "Set of IP's for all my computers.";
};
interfaces = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {
server = "enp0s31f6";
miniserver = "enp2s0";
workstation = "enp5s0";
};
description = "Set of network interface names for all my computers.";
};
mainServer = lib.mkOption {
type = lib.types.str;
default = "miniserver";
description = "The hostname of the main server.";
};
postgresSocket = lib.mkOption {
type = lib.types.str;
default = "/run/postgresql";
description = "The PostgreSQL socket path.";
};
containerSocket = lib.mkOption {
type = lib.types.str;
default = "/var/run/docker.sock";
description = "The docker/podman socket path.";
};
containerData = lib.mkOption {
type = lib.types.str;
default = "/var/lib/docker-configs";
description = "The docker/podman socket path.";
};
smtpemail = lib.mkOption {
type = lib.types.str;
default = "stunner6399@gmail.com";
description = "localhost smtp email";
};
email = lib.mkOption {
type = lib.types.str;
default = "danilo.reyes.251@proton.me";
description = "localhost smtp email";
};
timeZone = lib.mkOption {
type = lib.types.str;
default = "America/Mexico_City";
description = "Timezone";
};
enableContainers = lib.mkEnableOption "container services (Docker/Podman)";
enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
};
config = {
assertions =
# PostgreSQL dependency assertions
inputs.self.lib.mkPostgresDependencies config [
{
service = "nextcloud";
name = "Nextcloud";
}
{
service = "vaultwarden";
name = "Vaultwarden";
}
{
service = "firefly-iii";
name = "Firefly III";
}
{
service = "mealie";
name = "Mealie";
}
{
service = "shiori";
name = "Shiori";
}
{
service = "ryot";
name = "Ryot";
}
{
service = "synapse";
name = "Matrix Synapse";
}
{
service = "gitea";
name = "Gitea";
}
]
++
# Other assertions
[
{
assertion =
config.my.enableProxy
-> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
message = "enableProxy is true but no services have enableProxy enabled";
}
{
assertion =
config.my.enableContainers
|| !(builtins.any (opt: opt) [
config.my.servers.ryot.enable
config.my.servers.lidarr.enable
config.my.servers.prowlarr.enable
config.my.servers.maloja.enable
config.my.servers.multi-scrobbler.enable
config.my.servers.flame.enable
config.my.servers.flameSecret.enable
config.my.servers.metube.enable
config.my.servers.go-vod.enable
config.my.servers.tranga.enable
config.my.servers.drpp.enable
config.my.servers.plex-discord-bot.enable
]);
message = "Container services are enabled but enableContainers is false";
}
];
virtualisation = {
containers.enable = true;
oci-containers.backend = "podman";
podman = lib.mkIf config.my.enableContainers {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
dates = "weekly";
};
};
};
security.acme = lib.mkIf config.services.nginx.enable {
acceptTerms = true;
defaults.email = config.my.email;
};
services.nginx = {
enable = config.my.enableProxy;
clientMaxBodySize = "4096m";
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
};
}

52
modules/network/firewall.nix
View File

@ -1,52 +0,0 @@
{
lib,
config,
inputs,
...
}:
let
firewallBlacklist = [
"sabnzbd"
"lidarr"
"maloja"
"tranga"
"flame"
"flameSecret"
"ryot"
"drpp"
"metube"
"multi-scrobbler"
"plex-discord-bot"
];
nativeServicesWithOpenFirewall = inputs.self.lib.getServicesWithNativeFirewall config firewallBlacklist;
servicesConfig = lib.listToAttrs (
map (serviceName: {
name = serviceName;
value.openFirewall = config.my.servers.${serviceName}.enable or false;
}) nativeServicesWithOpenFirewall
);
in
{
options.my.network.firewall = {
enabledServicePorts = lib.mkEnableOption "auto-open ports for enabled services";
staticPorts = lib.mkOption {
type = lib.types.listOf lib.types.int;
default = [ ];
description = "Static ports to always open";
};
additionalPorts = lib.mkOption {
type = lib.types.listOf lib.types.int;
default = [ ];
description = "Additional ports to open (like syncthing, gitea, etc.)";
};
};
config = lib.mkIf config.my.network.firewall.enabledServicePorts {
services = servicesConfig;
networking.firewall.allowedTCPPorts =
inputs.self.lib.generateFirewallPorts config nativeServicesWithOpenFirewall lib
++ (lib.optionals config.services.nginx.enable [
config.services.nginx.defaultHTTPListenPort
config.services.nginx.defaultSSLListenPort
]);
};
}

65
modules/network/nginx.nix
View File

@ -1,65 +0,0 @@
{
lib,
config,
inputs,
...
}:
let
proxyReverseServices = [
"firefox-syncserver"
"readeck"
"microbin"
"ryot"
"bazarr"
"shiori"
"metube"
"maloja"
"vaultwarden"
"mealie"
"kavita"
"multi-scrobbler"
"nix-serve"
"flame"
"flameSecret"
];
proxyReverseFixServices = [
"audiobookshelf"
"lidarr"
"gitea"
"prowlarr"
"ombi"
"radarr"
"sonarr"
"stash"
"atticd"
];
proxyReversePrivateServices = [
"homepage"
];
mkServiceConfig =
type: services: lib.listToAttrs (map (name: lib.nameValuePair name { inherit type; }) services);
standardProxyServices =
(mkServiceConfig "proxyReverse" proxyReverseServices)
// (mkServiceConfig "proxyReverseFix" proxyReverseFixServices)
// (mkServiceConfig "proxyReversePrivate" proxyReversePrivateServices);
generateProxyConfig =
serviceName: serviceConfig:
let
cfg = config.my.servers.${serviceName};
proxyFunc =
if serviceConfig.type == "proxyReverse" then
inputs.self.lib.proxyReverse
else if serviceConfig.type == "proxyReverseFix" then
inputs.self.lib.proxyReverseFix
else if serviceConfig.type == "proxyReversePrivate" then
inputs.self.lib.proxyReversePrivate
else
throw "Unknown proxy type: ${serviceConfig.type}";
in
lib.nameValuePair cfg.host (lib.mkIf cfg.enableProxy (proxyFunc cfg));
in
{
config = lib.mkIf config.my.enableProxy {
services.nginx.virtualHosts = lib.mapAttrs' generateProxyConfig standardProxyServices;
};
}

47
modules/nix/build.nix
View File

@ -1,47 +0,0 @@
{ lib, config, ... }:
{
options.my.nix = {
features = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-znver3"
"gccarch-skylake"
"gccarch-alderlake"
];
description = "List of supported nix build features for this system";
};
buildMachines = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [ ];
description = "List of remote build machines configuration";
};
cores = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = null;
description = "Number of cores to use for builds (null = auto-detect)";
};
maxJobs = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = null;
description = "Maximum number of parallel jobs (null = auto-detect)";
};
};
config = {
nix.settings = lib.mkMerge [
{
system-features = config.my.nix.features;
}
(lib.mkIf (config.my.nix.cores != null) {
inherit (config.my.nix) cores;
})
(lib.mkIf (config.my.nix.maxJobs != null) {
max-jobs = config.my.nix.maxJobs;
})
];
nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines;
};
}

50
modules/nix/gitea-actions-runners/nixos.nix
View File

@ -1,50 +0,0 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.my.servers.gitea;
in
{
config = lib.mkIf (cfg.enable && config.my.secureHost) {
users.groups.gitea-runner = { };
users.users.gitea-runner = {
isSystemUser = true;
group = "gitea-runner";
extraGroups = [
"docker"
"podman"
];
};
nix.settings = {
allowed-users = [ "gitea-runner" ];
trusted-users = [ "gitea-runner" ];
};
services.gitea-actions-runner.instances.nixos = {
inherit (cfg) url enable;
name = "${config.networking.hostName}-nixos";
tokenFile = config.sops.secrets.gitea.path;
labels = [
"nix:host"
"nixos:host"
];
hostPackages = builtins.attrValues {
inherit (pkgs)
bash
curl
coreutils
gitMinimal
attic-client
podman
podman-compose
nix
nodejs
openssh
python3
;
};
};
};
}

59
modules/nix/gitea-actions-runners/ryujinx.nix
View File

@ -1,59 +0,0 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.my.servers.gitea;
in
{
config = lib.mkIf (cfg.enable && config.my.secureHost) {
services.gitea-actions-runner.instances.ryujinx = {
inherit (cfg) url enable;
name = "${config.networking.hostName}-ryujinx";
tokenFile = config.sops.secrets.gitea.path;
labels = [
"ubuntu-latest:host"
"ubuntu-20.04:host"
];
hostPackages =
let
python3 = pkgs.python3.withPackages (
ps:
builtins.attrValues {
inherit (ps)
pyyaml
lxml
;
}
);
in
builtins.attrValues {
inherit python3;
inherit (pkgs.xorg) libX11;
inherit (pkgs)
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
gnutar
gzip
dotnet-sdk_8
openal
vulkan-loader
libGL
gtk3
llvm_15
rcodesign
gh
p7zip
;
};
};
};
}

17
modules/scripts.nix Normal file
View File

@ -0,0 +1,17 @@
{ lib, ... }: {
imports = [
./scripts/download.nix
./scripts/ffmpeg4discord.nix
./scripts/ffmpreg.nix
./scripts/find-dup-episode.nix
./scripts/manage-library.nix
./scripts/pika-list.nix
./scripts/run.nix
./scripts/split-dir.nix
./scripts/tasks.nix
./scripts/update-dns.nix
./scripts/stream-dl.nix
];
my.units.download.enable = lib.mkDefault false;
my.units.stream-dl.enable = lib.mkDefault false;
}

59
modules/scripts/base.nix Normal file
View File

@ -0,0 +1,59 @@
{ config, lib, pkgs, ... }: {
options.my.scripts = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
enable = lib.mkEnableOption "Whether to enable this script";
install = lib.mkEnableOption "Whether to install the script package";
service = lib.mkEnableOption "Whether to enable the script service";
name = lib.mkOption {
type = lib.types.str;
description = "Name of the script.";
};
timer = lib.mkOption {
type = lib.types.str;
default = "*:0";
description = "Systemd timer schedule.";
};
description = lib.mkOption {
type = lib.types.str;
description = "Description of the service.";
};
package = lib.mkOption {
type = lib.types.package;
description = "Package containing the executable script.";
};
};
});
default = { };
description = "Configuration for multiple scripts.";
};
config = lib.mkIf (lib.any (s: s.enable) (lib.attrValues config.my.scripts)) {
users.users.jawz.packages = lib.flatten (lib.mapAttrsToList (name: script:
lib.optional (script.enable && script.install) script.package)
config.my.scripts);
systemd.user.services = lib.mapAttrs' (name: script:
lib.nameValuePair "${script.name}"
(lib.mkIf (script.enable && script.service) {
restartIfChanged = true;
description = script.description;
wantedBy = [ "default.target" ];
path = [ pkgs.nix script.package ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${script.package}/bin/${script.name}";
};
})) config.my.scripts;
systemd.user.timers = lib.mapAttrs' (name: script:
lib.nameValuePair "${script.name}"
(lib.mkIf (script.enable && script.service) {
enable = true;
description = script.description;
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = script.timer; };
})) config.my.scripts;
};
}

202
modules/scripts/download.nix
View File

@ -1,114 +1,96 @@
{
inputs,
pkgs,
lib,
config,
...
}:
{
options.my.units = {
download.enable = lib.mkEnableOption "media download automation scripts";
downloadManga.enable = lib.mkEnableOption "manga download automation";
};
config =
let
inherit (inputs.jawz-scripts.packages.x86_64-linux) download;
in
{
home-manager.users.jawz.programs.${config.my.shell.type} = {
shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
dl = "${download}/bin/download -u jawz -i";
comic = ''dl "$(cat "$LC" | fzf --multi --exact -i)"'';
gallery = ''dl "$(cat "$LW" | fzf --multi --exact -i)"'';
};
}
//
inputs.self.lib.shellConditional config.my.shell.type
''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
''
''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
'';
systemd.user = {
services =
let
mkDownloadService = desc: execStartCmd: {
restartIfChanged = true;
description = "Downloads ${desc}";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
];
serviceConfig = {
TimeoutStartSec = 2000;
TimeoutStopSec = 2000;
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${download}/bin/download ${execStartCmd}";
};
};
in
{
tuhmayto = lib.mkIf config.my.units.download.enable (
mkDownloadService "tuhmayto stuff" ''
-u jawz -i https://x.com/tuhmayto/media \
https://www.furaffinity.net/user/tuhmayto/ \
https://bsky.app/profile/tumayto.bsky.social''
);
"download@" = lib.mkIf (config.my.units.download.enable || config.my.units.downloadManga.enable) (
mkDownloadService "post from multiple sources" "%I"
);
"instagram@" = lib.mkIf config.my.units.download.enable (
mkDownloadService "post types from instagram" "instagram -u jawz -t %I"
);
};
timers =
let
downloadTimer = time: delay: {
enable = true;
description = "Downloads post types from different sites";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = time;
RandomizedDelaySec = delay;
Persistent = true;
};
};
in
{
# "instagram@stories" = lib.mkIf config.my.units.download.enable (
# downloadTimer "*-*-* 12:34:00" 120 // { }
# );
"download@main" = lib.mkIf config.my.units.download.enable (
downloadTimer "*-*-* 06,18:02:00" 30 // { }
);
"download@push" = lib.mkIf config.my.units.download.enable (downloadTimer "*:0/5" 30 // { });
"download@manga" = lib.mkIf config.my.units.downloadManga.enable (
downloadTimer "*-*-* 03:08:00" 30 // { }
);
tuhmayto = lib.mkIf config.my.units.download.enable {
enable = true;
description = "Downloads tuhmayto stuff";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
};
{ pkgs, lib, config, ... }: {
imports = [ ./base.nix ];
options.my.units.download.enable = lib.mkEnableOption "enable";
config = let
download = with pkgs;
python3Packages.buildPythonApplication {
pname = "download";
version = "2.5";
src = ../../scripts/download/.;
buildInputs = [ python3Packages.setuptools ];
propagatedBuildInputs = [
python3Packages.pyyaml
python3Packages.types-pyyaml
yt-dlp
gallery-dl
ffmpeg
];
};
my.scripts.download = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "download";
package = download;
in {
home-manager.users.jawz = {
xdg.configFile."gallery-dl/config.json".source =
../../dotfiles/gallery-dl/config.json;
services.lorri.enable = true;
programs.bash = {
shellAliases = {
comic = ''download -u jawz -i "$(cat $LC | fzf --multi --exact -i)"'';
gallery =
''download -u jawz -i "$(cat $LW | fzf --multi --exact -i)"'';
dl = "download -u jawz -i";
};
initExtra = ''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
'';
};
};
systemd.user = lib.mkIf config.my.units.download.enable {
services = let
mkDownloadService = desc: execStartCmd: {
restartIfChanged = true;
description = "Downloads ${desc}";
wantedBy = [ "default.target" ];
path = [ pkgs.bash download ];
serviceConfig = {
TimeoutStartSec = 2000;
TimeoutStopSec = 2000;
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${download}/bin/download ${execStartCmd}";
};
};
in {
tuhmayto = mkDownloadService "tuhmayto stuff" ''
-u jawz -i https://x.com/tuhmayto/media \
https://www.furaffinity.net/user/tuhmayto/'';
"download@" = mkDownloadService "post from multiple sources" "%I";
"instagram@" = mkDownloadService "post types from instagram"
"instagram -u jawz -t %I";
};
timers = let
downloadTimer = time: delay: {
enable = true;
description = "Downloads post types from different sites";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = time;
RandomizedDelaySec = delay;
Persistent = true;
};
};
in {
"instagram@stories" = downloadTimer "*-*-* 08:12:00" 120 // { };
"download@main" = downloadTimer "*-*-* 06,18:02:00" 30 // { };
"download@push" = downloadTimer "*:0/5" 30 // { };
"download@manga" = downloadTimer "Fri *-*-* 03:08:00" 30 // { };
# "download@kemono" = downloadTimer
# "*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 18:06:00" 60 // { };
tuhmayto = {
enable = true;
description = "Downloads tuhmayto stuff";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
};
};
my.scripts.download = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "download";
package = download;
};
};
}

7
modules/scripts/ffmpeg4discord.nix
View File

@ -1,10 +1,11 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.ffmpeg4discord = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "ffmpeg4discord";
package = inputs.jawz-scripts.packages.x86_64-linux.ffmpeg4discord;
package = pkgs.writeScriptBin "ffmpeg4discord"
(builtins.readFile ../../scripts/ffmpeg4discord.py);
};
}

7
modules/scripts/ffmpreg.nix
View File

@ -1,10 +1,11 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.ffmpreg = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "ffmpreg";
package = inputs.jawz-scripts.packages.x86_64-linux.ffmpreg;
package = pkgs.writeScriptBin "ffmpreg"
(builtins.readFile ../../scripts/ffmpreg.sh);
};
}

7
modules/scripts/find-dup-episode.nix
View File

@ -1,10 +1,11 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.find-dup-episodes = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "find-dup-episodes";
package = inputs.jawz-scripts.packages.x86_64-linux.find-dup-episodes;
package = pkgs.writeScriptBin "find-dup-episodes"
(builtins.readFile ../../scripts/find-dup-episodes.sh);
};
}

10
modules/scripts/library-report.nix
View File

@ -1,10 +0,0 @@
{ inputs, lib, ... }:
{
config.my.scripts.library-report = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "library-report";
package = inputs.jawz-scripts.packages.x86_64-linux.library-report;
};
}

7
modules/scripts/manage-library.nix
View File

@ -1,5 +1,5 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.manage-library = {
enable = lib.mkDefault false;
install = true;
@ -7,6 +7,7 @@
name = "manage-library";
timer = "00:30";
description = "scans the library directory and sorts files";
package = inputs.jawz-scripts.packages.x86_64-linux.manage-library;
package = pkgs.writeScriptBin "manage-library"
(builtins.readFile ../../scripts/manage-library.sh);
};
}

7
modules/scripts/pika-list.nix
View File

@ -1,10 +1,11 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.pika-list = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "pika-list";
package = inputs.jawz-scripts.packages.x86_64-linux.pika-list;
package = pkgs.writeScriptBin "pika-list"
(builtins.readFile ../../scripts/pika-list.sh);
};
}

7
modules/scripts/run.nix
View File

@ -1,10 +1,11 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.run = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "run";
package = inputs.jawz-scripts.packages.x86_64-linux.run;
package =
pkgs.writeScriptBin "run" (builtins.readFile ../../scripts/run.sh);
};
}

7
modules/scripts/split-dir.nix
View File

@ -1,10 +1,11 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.split-dir = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "split-dir";
package = inputs.jawz-scripts.packages.x86_64-linux.split-dir;
package = pkgs.writeScriptBin "split-dir"
(builtins.readFile ../../scripts/split-dir.sh);
};
}

94
modules/scripts/stream-dl.nix
View File

@ -1,59 +1,47 @@
{
inputs,
pkgs,
lib,
config,
...
}:
{
options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service";
config =
let
inherit (inputs.jawz-scripts.packages.x86_64-linux) stream-dl;
in
{
systemd.user = lib.mkIf config.my.units.stream-dl.enable {
services."stream@" = {
{ pkgs, lib, config, ... }: {
imports = [ ./base.nix ];
options.my.units.stream-dl.enable = lib.mkEnableOption "enable";
config = let
stream-dl = pkgs.writeScriptBin "stream-dl"
(builtins.readFile ../../scripts/stream-dl.sh);
in {
systemd.user = lib.mkIf config.my.units.stream-dl.enable {
services."stream@" = {
description = "monitors a stream channel for online streams.";
restartIfChanged = true;
wantedBy = [ "default.target" ];
path = [ pkgs.nix stream-dl ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${stream-dl}/bin/stream-dl %I";
};
};
timers = let
streamTimer = {
enable = true;
description = "monitors a stream channel for online streams.";
restartIfChanged = true;
wantedBy = [ "default.target" ];
path = [
pkgs.nix
stream-dl
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${stream-dl}/bin/stream-dl %I";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "65min";
RandomizedDelaySec = 30;
};
};
timers =
let
streamTimer = {
enable = true;
description = "monitors a stream channel for online streams.";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "65min";
RandomizedDelaySec = 30;
};
};
in
{
"stream@johnneal911" = streamTimer // { };
"stream@uk2011boy" = streamTimer // { };
"stream@tommy9x6" = streamTimer // { };
"stream@brocollirob" = streamTimer // { };
"stream@tomayto\\x20picarto" = streamTimer // { };
};
};
my.scripts.stream-dl = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "stream-dl";
package = stream-dl;
in {
"stream@johnneal911" = streamTimer // { };
"stream@uk2011boy" = streamTimer // { };
"stream@tommy9x6" = streamTimer // { };
"stream@brocollirob" = streamTimer // { };
"stream@tomayto\\x20picarto" = streamTimer // { };
};
};
my.scripts.stream-dl = {
enable = lib.mkDefault false;
install = true;
service = false;
name = "stream-dl";
package = stream-dl;
};
};
}

7
modules/scripts/tasks.nix
View File

@ -1,5 +1,5 @@
{ inputs, lib, ... }:
{
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.tasks = {
enable = lib.mkDefault false;
install = true;
@ -7,6 +7,7 @@
name = "tasks";
timer = "*:0/10";
description = "Runs a bunch of organizing tasks on selected directories";
package = inputs.jawz-scripts.packages.x86_64-linux.tasks;
package =
pkgs.writeScriptBin "tasks" (builtins.readFile ../../scripts/tasks.sh);
};
}

12
modules/scripts/tuh-activity-logger.nix
View File

@ -1,12 +0,0 @@
{ inputs, lib, ... }:
{
config.my.scripts.tuh-activity-logger = {
enable = lib.mkDefault false;
install = true;
service = true;
name = "tuh-activity-logger";
timer = "0/4:00";
description = "Logs the online activity on a website";
package = inputs.jawz-scripts.packages.x86_64-linux.tuh-activity-logger;
};
}

55
modules/scripts/update-dns.nix
View File

@ -1,30 +1,10 @@
{
inputs,
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf config.my.secureHost {
sops.secrets = {
cloudflare-api.sopsFile = ../../secrets/env.yaml;
dns = {
sopsFile = ../../secrets/env.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
};
};
services.cloudflare-dyndns = {
# inherit (config.my.scripts.update-dns) enable;
enable = false;
ipv4 = true;
ipv6 = false;
proxied = false;
domains = [
config.my.domain
];
apiTokenFile = config.sops.secrets.cloudflare-api.path;
{ config, pkgs, lib, ... }: {
imports = [ ./base.nix ];
config = {
sops.secrets.dns = {
sopsFile = ../../secrets/env.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
};
my.scripts.update-dns = {
enable = lib.mkDefault false;
@ -33,18 +13,15 @@
name = "update-dns";
timer = "*:0/30";
description = "Updates the IP of all my domains";
package =
let
inherit (inputs.jawz-scripts.packages.x86_64-linux) update-dns;
in
pkgs.writeScriptBin "update-dns" ''
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bash curl
set -a
source ${config.sops.secrets.dns.path}
set -a
${update-dns}/bin/update-dns
'';
package = let
update-dns = pkgs.writeScriptBin "update-dns"
(builtins.readFile ../../scripts/update-dns.sh);
in pkgs.writeScriptBin "update-dns" ''
set -a &&
source ${config.sops.secrets.dns.path} &&
set -a &&
${update-dns}/bin/update-dns;
'';
};
};
}

21
modules/scripts/update-org-agenda-cache.nix
View File

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.my.scripts.update-org-agenda-cache = {
enable = lib.mkDefault false;
install = config.my.emacs.enable;
service = config.my.emacs.enable;
name = "update-org-agenda-cache";
timer = "*:0/30";
description = "runs a function which builds a cache file.";
package = pkgs.writeScriptBin "update-org-agenda-cache" ''
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bash
${config.services.emacs.package}/bin/emacsclient --eval '(my/update-org-agenda-cache)'
'';
};
}

Some files were not shown because too many files have changed in this diff Show More