fabian/nix
1
0
Fork 2
Code Issues 20 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: fabian:master
Branches Tags
fabian:master
chema:master
fabian:v0.1
chema:v0.1
..
compare: chema:master
Branches Tags
chema:master
fabian:master
chema:v0.1
fabian:v0.1

34 commits
master ... master

Author SHA1 Message Date
chem
4136bfe92d added trilium-next 2025-09-08 12:59:59 -06:00
chem
e1ee53c6b3 added vintage story yeet 2025-09-08 12:59:35 -06:00
chem
8795fa3bb4 re-remove syncthing lol 2025-09-08 12:56:42 -06:00
chem
38c41707e9 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/0e6684e6c5755325f801bda1751a8a4038145d7d?narHash=sha256-6tooT142NLcFjt24Gi4B0G1pgWLvfw7y93sYEfSHlLI%3D' (2025-09-03)
  → 'github:nixos/nixpkgs/092c565d333be1e17b4779ac22104338941d913f?narHash=sha256-AeqTqY0Y95K1Fgs6wuT1LafBNcmKxcOkWnm4alD9pqM%3D' (2025-09-07)
• Updated input 'nur':
    'github:nix-community/NUR/4819403ddfde2dadb4ef81f06eb52fbd19d8d368?narHash=sha256-ZpE882PIKCqjDvLo%2BGY8f7/b2EMTsEy5b1b8QaG%2BhVI%3D' (2025-09-04)
  → 'github:nix-community/NUR/9009f3b97f820b7b5c2732d423a08bb8d82d179a?narHash=sha256-ZvNfl8pu1iwJW0uUZKV8XHIM7JqJxoZX%2BEqzjayMDqU%3D' (2025-09-08)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1?narHash=sha256-rw/PHa1cqiePdBxhF66V7R%2BWAP8WekQ0mCDG4CFqT8Y%3D' (2025-09-02)
  → 'github:nixos/nixpkgs/8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9?narHash=sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4%3D' (2025-09-05)
• Updated input 'trivionomicon':
    'path:./trivionomicon'
  → 'path:./trivionomicon'
• Updated input 'unstable':
    'github:nixos/nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1?narHash=sha256-rw/PHa1cqiePdBxhF66V7R%2BWAP8WekQ0mCDG4CFqT8Y%3D' (2025-09-02)
  → 'github:nixos/nixpkgs/8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9?narHash=sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4%3D' (2025-09-05)
 2025-09-08 12:47:20 -06:00
chem
d970feb995 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f?narHash=sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk%3D' (2025-08-23)
  → 'github:nix-community/home-manager/07fc025fe10487dd80f2ec694f1cd790e752d0e8?narHash=sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB%2BgTQ%3D' (2025-08-31)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/b1b3291469652d5a2edb0becc4ef0246fff97a7c?narHash=sha256-wY1%2B2JPH0ZZC4BQefoZw/k%2B3%2BDowFyfOxv17CN/idKs%3D' (2025-08-23)
  → 'github:nixos/nixpkgs/0e6684e6c5755325f801bda1751a8a4038145d7d?narHash=sha256-6tooT142NLcFjt24Gi4B0G1pgWLvfw7y93sYEfSHlLI%3D' (2025-09-03)
• Updated input 'nur':
    'github:nix-community/NUR/278516dbc557696d283514f8c33a054dcace4ace?narHash=sha256-X3V3G2GhSms2QT45olNd2hcU8MqlTdMxDSty%2BiWV1D0%3D' (2025-08-26)
  → 'github:nix-community/NUR/4819403ddfde2dadb4ef81f06eb52fbd19d8d368?narHash=sha256-ZpE882PIKCqjDvLo%2BGY8f7/b2EMTsEy5b1b8QaG%2BhVI%3D' (2025-09-04)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
  → 'github:nixos/nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1?narHash=sha256-rw/PHa1cqiePdBxhF66V7R%2BWAP8WekQ0mCDG4CFqT8Y%3D' (2025-09-02)
• Updated input 'trivionomicon':
    'path:./trivionomicon'
  → 'path:./trivionomicon'
• Updated input 'unstable':
    'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
  → 'github:nixos/nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1?narHash=sha256-rw/PHa1cqiePdBxhF66V7R%2BWAP8WekQ0mCDG4CFqT8Y%3D' (2025-09-02)
 2025-09-03 20:03:12 -06:00
Fabian Montero
1b10d48137 re-add syncthing 2025-09-03 18:27:29 -06:00
chem
191df3545f re-added telegram on launch lmao my bad g 2025-09-03 18:01:30 -06:00
chem
935c82cced waybar: resolve random TODOs 2025-08-28 14:16:46 -06:00
chem
3a692719f2 waybar: fix weird jump when changing workspace 2025-08-28 14:15:29 -06:00
chem
4bc3853bcb merging fuckery gotta aprender git bien lmao 2025-08-28 00:13:44 -06:00
chem
d40c4b2413 zed:deuggo the zedditor theme uwu y other terminal shits 2025-08-28 00:12:32 -06:00
chem
77a1e74bbb zed:deuggo the zedditor theme uwu 2025-08-27 23:52:41 -06:00
chem
e4d2f83c9b some branch fuckery im just vibin 2025-08-27 22:04:02 -06:00
Fabian Montero
d7bc9b85a0 zed: turn off whitespace removal on save 2025-08-27 22:00:07 -06:00
Fabian Montero
8024a1ed64 config: add zed editor 2025-08-27 22:00:03 -06:00
Fabian Montero
3e9486099d config: replace kitty with foot 2025-08-27 21:57:05 -06:00
chem
b89521fb7b fix zedditor fuckup and redo font size kitteh 2025-08-27 21:29:46 -06:00
Fabian Montero
e5df34d7e2 sway: add a more visible color to focused windows' titlebar 2025-08-27 19:05:29 -06:00
chem
7b5c19a19a add zedditor 2025-08-27 18:51:00 -06:00
chem
d41d67a858 hotfixes 2025-08-25 22:37:29 -06:00
chem
84cacc56d2 hotfixes 2025-08-25 21:51:56 -06:00
chem
a2849b213f flake.lock: Update 
Flake lock file updates:

• Removed input 'authentik-nix'
• Removed input 'authentik-nix/authentik-src'
• Removed input 'authentik-nix/flake-compat'
• Removed input 'authentik-nix/flake-parts'
• Removed input 'authentik-nix/flake-parts/nixpkgs-lib'
• Removed input 'authentik-nix/flake-utils'
• Removed input 'authentik-nix/flake-utils/systems'
• Removed input 'authentik-nix/napalm'
• Removed input 'authentik-nix/napalm/flake-utils'
• Removed input 'authentik-nix/napalm/nixpkgs'
• Removed input 'authentik-nix/nixpkgs'
• Removed input 'authentik-nix/pyproject-build-systems'
• Removed input 'authentik-nix/pyproject-build-systems/nixpkgs'
• Removed input 'authentik-nix/pyproject-build-systems/pyproject-nix'
• Removed input 'authentik-nix/pyproject-build-systems/uv2nix'
• Removed input 'authentik-nix/pyproject-nix'
• Removed input 'authentik-nix/pyproject-nix/nixpkgs'
• Removed input 'authentik-nix/systems'
• Removed input 'authentik-nix/uv2nix'
• Removed input 'authentik-nix/uv2nix/nixpkgs'
• Removed input 'authentik-nix/uv2nix/pyproject-nix'
• Updated input 'home-manager':
    'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204?narHash=sha256-oV695RvbAE4%2BR9pcsT9shmp6zE/%2BIZe6evHWX63f2Qg%3D' (2025-07-27)
  → 'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f?narHash=sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk%3D' (2025-08-23)
• Removed input 'homepage'
• Removed input 'homepage/flake-utils'
• Removed input 'homepage/flake-utils/systems'
• Removed input 'homepage/nixpkgs'
• Removed input 'mediawikiSkinCitizen'
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/e728d7ae4bb6394bbd19eec52b7358526a44c414?narHash=sha256-YzNTExe3kMY9lYs23mZR7jsVHe5TWnpwNrsPOpFs/b8%3D' (2025-08-07)
  → 'github:nixos/nixpkgs/b1b3291469652d5a2edb0becc4ef0246fff97a7c?narHash=sha256-wY1%2B2JPH0ZZC4BQefoZw/k%2B3%2BDowFyfOxv17CN/idKs%3D' (2025-08-23)
• Updated input 'nur':
    'github:nix-community/NUR/a7f9761c9dd71359cd9a6529078302a83e6deaac?narHash=sha256-GH%2BUMIOJj7u/bW55dOOpD8HpVpc9WfU61iweM2nM68A%3D' (2025-08-08)
  → 'github:nix-community/NUR/278516dbc557696d283514f8c33a054dcace4ace?narHash=sha256-X3V3G2GhSms2QT45olNd2hcU8MqlTdMxDSty%2BiWV1D0%3D' (2025-08-26)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/c2ae88e026f9525daf89587f3cbee584b92b6134?narHash=sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs%3D' (2025-08-06)
  → 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
• Updated input 'trivionomicon':
    'path:./trivionomicon'
  → 'path:./trivionomicon'
• Updated input 'unstable':
    'github:nixos/nixpkgs/c2ae88e026f9525daf89587f3cbee584b92b6134?narHash=sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs%3D' (2025-08-06)
  → 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
• Removed input 'vpsadminos'
 2025-08-25 21:41:36 -06:00
chem
62cd093202 updates post explanation fatberoo 2025-08-25 21:40:59 -06:00
chem
82f58738ad switch kernel to zen 
also remove ads fuckery
 2025-08-25 20:05:03 -06:00
Fabian Montero
9f9bb57797 remove redundant functions from pkgs that are in trivionomicon 2025-08-25 19:29:27 -06:00
Fabian Montero
739fcca51a remove st override 2025-08-25 19:14:23 -06:00
Fabian Montero
726cb23d3e remove homepage as an input for pkgs 2025-08-25 19:14:02 -06:00
Fabian Montero
a5cc2f536d move to standard trivionomicon flake.nix 2025-08-25 19:13:29 -06:00
Fabian Montero
d33b712fc1 fmt mako.nix 2025-08-25 19:13:02 -06:00
chem
ad9c16de0c Add 'trivionomicon/' from commit '0ae8676d50' 
git-subtree-dir: trivionomicon
git-subtree-mainline: 00d3799f90
git-subtree-split: 0ae8676d50
 2025-08-25 19:10:09 -06:00
chem
00d3799f90 remove startup apps + change wallpaper 2025-08-25 18:52:59 -06:00
chem
dd6508a03d fix monitor names and sizes 2025-08-24 15:07:09 -06:00
chem
e9a92ab48f disable fuckery de interface 2025-08-24 15:06:40 -06:00
chem
b77f64cc27 it's forkin' time config de fabian 2025-08-24 13:37:52 -06:00
84 changed files with 364 additions and 2886 deletions
Download patch file Download diff file Expand all files Collapse all files

43
README.md
View file

@ -1,41 +1,12 @@
# Nix configuration
## Unified nix configuration
## Updating
Update whole flake (clean working directory 1st): `nix flake update --commit-lock-file`
Update flake
Switch current machine: `sudo nixos-rebuild switch --flake . --show-trace`
nix flake update --commit-lock-file
Switch current home manager: `home-manager switch --flake . --show-trace`
Switch current machine
## Maintenance shit ()
Clean shit de Home: `nix store gc`
sudo nixos-rebuild switch --flake . --show-trace
Switch current home manager
home-manager switch --flake . --show-trace
Switch server
nixos-rebuild switch --target-host root@posixlycorrect.com --use-substitutes --show-trace --flake .\#vps
Update homepage
nix flake update --commit-lock-file homepage
## Cleanup
Collect garbage (run with sudo to collect root garbage)
nix-collect-garbage -d
## Submodule management
Trivionomicon
git subtree push --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master
git subtree pull --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master
## About
This is a unification of my old configs, which had a combined 506 commits.
Clean shit de sys: `sudo nix store gc`

374
flake.lock generated
View file

@ -1,86 +1,6 @@
{
"nodes": {
"authentik-nix": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1757676906,
"narHash": "sha256-2Zbde5orbGsYdzroe51P1AW8pFMCNyqHgLjmHYJvOmE=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "04db807ac00ba6d62808ffab18b3b6d500b6f7cb",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1755873658,
"narHash": "sha256-5l1g55b0xozGg0NaZFimiO5JbHGcudaNSEn1/XsweaU=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "dd7c6b29d950664deadbcf5390272619a8bf9a5e",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.8.1",
"repo": "authentik",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1754487366,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nur",
@ -103,10 +23,7 @@
},
"flake-utils": {
"inputs": {
"systems": [
"authentik-nix",
"systems"
]
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
@ -144,42 +61,6 @@
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
@ -216,11 +97,11 @@
]
},
"locked": {
"lastModified": 1757808926,
"narHash": "sha256-K6PEI5PYY94TVMH0mX3MbZNYFme7oNRKml/85BpRRAo=",
"lastModified": 1756679287,
"narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f21d9167782c086a33ad53e2311854a8f13c281e",
"rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8",
"type": "github"
},
"original": {
@ -230,27 +111,6 @@
"type": "github"
}
},
"homepage": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758437709,
"narHash": "sha256-EyflOWOdq007z0P4JdzxAwPoZmuo33Rq/5opdcQ7miQ=",
"ref": "refs/heads/master",
"rev": "f0cecfa02d67e986cb3eaf537ec2f7007e1b9583",
"revCount": 68,
"type": "git",
"url": "https://git.posixlycorrect.com/fabian/homepage.git"
},
"original": {
"type": "git",
"url": "https://git.posixlycorrect.com/fabian/homepage.git"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
@ -266,52 +126,9 @@
"type": "github"
}
},
"mediawikiSkinCitizen": {
"flake": false,
"locked": {
"lastModified": 1724097552,
"narHash": "sha256-+o5FDWMrEqnva5qcdc45wAYyE2ZtUhEjygUGVt0HsaA=",
"owner": "StarCitizenTools",
"repo": "mediawiki-skins-Citizen",
"rev": "28cd4e18b52aed3270fe7b55bff4545c8314a687",
"type": "github"
},
"original": {
"owner": "StarCitizenTools",
"ref": "v2.27.0",
"repo": "mediawiki-skins-Citizen",
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
"authentik-nix",
"flake-utils"
],
"nixpkgs": [
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725806412,
"narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "willibutz",
"repo": "napalm",
"rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github"
},
"original": {
"owner": "willibutz",
"ref": "avoid-foldl-stack-overflow",
"repo": "napalm",
"type": "github"
}
},
"nixGL": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
@ -343,28 +160,13 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1753579242,
"narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1757810152,
"narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=",
"lastModified": 1757244434,
"narHash": "sha256-AeqTqY0Y95K1Fgs6wuT1LafBNcmKxcOkWnm4alD9pqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9a094440e02a699be5c57453a092a8baf569bdad",
"rev": "092c565d333be1e17b4779ac22104338941d913f",
"type": "github"
},
"original": {
@ -376,11 +178,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1757745802,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"lastModified": 1757068644,
"narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9",
"type": "github"
},
"original": {
@ -392,15 +194,15 @@
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1757879066,
"narHash": "sha256-EHZWQe3a04DvOlUR2j7LwGCaGqYTStYExpstYezfq3c=",
"lastModified": 1757345656,
"narHash": "sha256-ZvNfl8pu1iwJW0uUZKV8XHIM7JqJxoZX+EqzjayMDqU=",
"owner": "nix-community",
"repo": "NUR",
"rev": "087c74cd9cc63e44dd20f1dcc5cdb4e5fddc9e14",
"rev": "9009f3b97f820b7b5c2732d423a08bb8d82d179a",
"type": "github"
},
"original": {
@ -409,85 +211,31 @@
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
],
"pyproject-nix": [
"authentik-nix",
"pyproject-nix"
],
"uv2nix": [
"authentik-nix",
"uv2nix"
]
},
"locked": {
"lastModified": 1756087852,
"narHash": "sha256-4jc3JDQt75fYXFrglgqyzF6C6zLU0QGLymzian4aP+U=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "6edb3ae27395cd88be3d64b732d1539957dad59c",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1756395552,
"narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "030dffc235dcf240d918c651c78dc5f158067b51",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"authentik-nix": "authentik-nix",
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"hm-isolation": "hm-isolation",
"home-manager": "home-manager",
"homepage": "homepage",
"impermanence": "impermanence",
"mediawikiSkinCitizen": "mediawikiSkinCitizen",
"nixGL": "nixGL",
"nixpkgs": "nixpkgs_2",
"nur": "nur",
"trivionomicon": "trivionomicon",
"unstable": "unstable",
"vpsadminos": "vpsadminos"
"unstable": "unstable"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},
@ -521,39 +269,9 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"trivionomicon": {
"inputs": {
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
@ -570,11 +288,11 @@
},
"unstable": {
"locked": {
"lastModified": 1757745802,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"lastModified": 1757068644,
"narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9",
"type": "github"
},
"original": {
@ -583,46 +301,6 @@
"repo": "nixpkgs",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
],
"pyproject-nix": [
"authentik-nix",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1756466761,
"narHash": "sha256-ALXRHIMXQ4qVNfCbcWykC23MjMwUoHn9BreoBfqmq0Y=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "0529e6d8227517205afcd1b37eee3088db745730",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
},
"vpsadminos": {
"locked": {
"lastModified": 1755964485,
"narHash": "sha256-+YzznL/mHiSjDFC8vJsSgQ+pvjhqWMsLRjegEKSNv/4=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
"rev": "20f55b1d9bee4fdab62494d4471854d6586d3637",
"type": "github"
},
"original": {
"owner": "vpsfreecz",
"repo": "vpsadminos",
"type": "github"
}
}
},
"root": "root",

29
flake.nix
View file

@ -8,32 +8,16 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
impermanence.url = "github:nix-community/impermanence";
hm-isolation.url = "github:3442/hm-isolation";
nixGL.url = "github:guibou/nixGL";
flake-utils.url = "github:numtide/flake-utils";
trivionomicon = {
url = "./trivionomicon";
inputs.nixpkgs.follows = "nixpkgs";
};
homepage = {
url = "git+https://git.posixlycorrect.com/fabian/homepage.git";
inputs.nixpkgs.follows = "nixpkgs";
};
authentik-nix = {
url = "github:nix-community/authentik-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
mediawikiSkinCitizen = {
url = "github:StarCitizenTools/mediawiki-skins-Citizen/v2.27.0";
flake = false;
};
flake-utils.url = "github:numtide/flake-utils";
hm-isolation.url = "github:3442/hm-isolation";
impermanence.url = "github:nix-community/impermanence";
nixGL.url = "github:guibou/nixGL";
nur.url = "github:nix-community/NUR";
vpsadminos.url = "github:vpsfreecz/vpsadminos";
};
outputs = flakes:
@ -41,6 +25,7 @@
inherit flakes;
system = "x86_64-linux";
doctrinePrefix = "local";
paths = {
localOverlay = "pkgs";

22
home/modules/accounts.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.services.accounts;
in {
options.local.services.accounts.enable = mkEnableOption "accounts settings";
config = mkIf cfg.enable {
accounts.email.accounts = {
"fabian@posixlycorrect.com" = {
address = "fabian@posixlycorrect.com";
userName = "fabianmontero@fastmail.com";
realName = "fabian";
primary = true;
flavor = "fastmail.com";
};
};
};
}

36
home/modules/baseline.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
flakes,
...
}:
with lib; let
@ -12,18 +11,6 @@ in {
enable = mkEnableOption "Basic home settings";
};
config = mkIf cfg.enable {
programs.home-manager.enable = true;
nix.registry = {
"system".to = {
type = "path";
path = "/home/fabian/nix";
};
"nixpkgs".flake = flakes.nixpkgs;
"unstable".flake = flakes.unstable;
};
xdg = {
enable = true;
};
@ -31,30 +18,20 @@ in {
home = {
stateVersion = "24.05"; # DO NOT CHANGE
username = "fabian";
homeDirectory = "/home/fabian";
packages = with pkgs; [
calc
dysk
fd
file
fzf
gcc
htop
killall
man-pages
man-pages-posix
nmap
pv
ripgrep
tree
units
unzip
vim
wl-clipboard
zip
zoxide
];
keyboard = {
layout = "us";
@ -67,17 +44,8 @@ in {
programs.git = {
enable = true;
userEmail = "fabian@posixlycorrect.com";
userName = "Fabian Montero";
};
local = {
services = {
zsh.enable = true;
};
programs = {
neovim.enable = true;
};
userEmail = "josescalante9808@gmail.com";
userName = "josEscalante";
};
};
}

6
home/modules/default.nix
View file

@ -9,17 +9,11 @@
./neovim.nix
./baseline.nix
./gaming.nix
./yubikey.nix
./firefox.nix
./gui
./zsh
./gpg.nix
./defaultDesktopPack.nix
./accounts.nix
./syncthing.nix
./mapping.nix
./zed.nix
./pass.nix
./halloy.nix
];
}

42
home/modules/defaultDesktopPack.nix
View file

@ -5,60 +5,28 @@
...
}:
with lib; let
cfg = config.local.defaultDesktopPack;
cfg = config.local.apps.defaultDesktopPack;
in {
options.local.defaultDesktopPack = {
enable = mkEnableOption "common desktop programs and services";
laptop = mkOption {
type = types.bool;
default = false;
};
options.local.apps.defaultDesktopPack = {
enable = mkEnableOption "common desktop apps";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
calibre
chromium
discord
(gajim.override {
enableSecrets = true;
enableUPnP = true;
enableAppIndicator = true;
enableE2E = true;
enableRST = true;
})
kdePackages.gwenview
libreoffice-fresh
mpv
obs-studio
pavucontrol
pdfarranger
qimgv
qpdfview
qbittorrent
runelite
spotify
tdesktop
thunderbird
usbutils
vpsfree-client
vscodium-fhs
zola
trilium-next-desktop
];
local = {
baseline.enable = true;
services = {
gpg.enable = true;
accounts.enable = true;
pass.enable = true;
syncthing.enable = true;
};
programs = {
firefox.enable = true;
zed.enable = true;
halloy.enable = true;
terminal.enable = true;
};
};
};
}

54
home/modules/firefox.nix
View file

@ -5,33 +5,41 @@
...
}:
with lib; let
cfg = config.local.programs.firefox;
cfg = config.local.apps.firefox;
in {
options.local.programs.firefox = {
enable = mkEnableOption "firefox";
options.local.apps.firefox = {
enable = mkEnableOption "firefox settings";
makeDefaultBrowser = mkOption {
type = types.bool;
default = true;
description = ''
Take a guess
'';
};
};
config = mkIf cfg.enable {
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
nativeMessagingHosts = [pkgs.passff-host];
};
};
config = mkIf cfg.enable (mkMerge [
{
programs.firefox.enable = true;
}
xdg = {
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = ["firefox.desktop"];
"text/uri-list" = ["firefox.desktop"];
"x-scheme-handler/http" = ["firefox.desktop"];
"x-scheme-handler/https" = ["firefox.desktop"];
"x-scheme-handler/about" = ["firefox.desktop"];
"x-scheme-handler/unknown" = ["firefox.desktop"];
(mkIf cfg.makeDefaultBrowser {
xdg = {
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = ["firefox"];
"text/uri-list" = ["firefox"];
"x-scheme-handler/http" = ["firefox"];
"x-scheme-handler/https" = ["firefox"];
"x-scheme-handler/about" = ["firefox"];
"x-scheme-handler/unknown" = ["firefox"];
};
};
};
};
home.sessionVariables.DEFAULT_BROWSER = "${lib.getExe pkgs.firefox}";
};
home.sessionVariables.DEFAULT_BROWSER = "${lib.getExe pkgs.firefox}";
})
]);
}

12
home/modules/gaming.nix
View file

@ -5,16 +5,16 @@
...
}:
with lib; let
cfg = config.local.programs.gaming;
cfg = config.local.apps.gaming;
in {
options.local.programs.gaming = {
options.local.apps.gaming = {
enable = mkEnableOption "gaming apps";
};
config = mkIf cfg.enable {
home.packages = [
pkgs.lutris
pkgs.openrct2
pkgs.prismlauncher
home.packages = with pkgs; [
lutris
openrct2
prismlauncher
];
};
}

61
home/modules/gpg.nix
View file

@ -1,61 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.services.gpg;
in {
options.local.services.gpg = {
enable = mkEnableOption "gpg settings";
defaultKey = mkOption {
type = types.str;
description = "fingerprint of default public key to be used in gpg, git, email, etc.";
example = "A8981D346F8F4130CA16A7775517E687FCCE0BB9";
};
};
config = mkIf cfg.enable {
programs.gpg = {
enable = true;
settings = {
default-key = config.local.services.gpg.defaultKey;
};
};
services.gpg-agent = {
enable = true;
enableZshIntegration = true;
enableBashIntegration = true;
enableExtraSocket = true;
enableSshSupport = true;
defaultCacheTtl = 3600 * 3;
defaultCacheTtlSsh = 3600 * 3;
maxCacheTtl = 3600 * 6;
maxCacheTtlSsh = 3600 * 6;
pinentry.package = pkgs.pinentry-emacs;
};
accounts.email.accounts = {
"fabian@posixlycorrect.com" = {
gpg = {
encryptByDefault = true;
signByDefault = true;
key = config.local.services.gpg.defaultKey;
};
};
};
programs.git = {
signing = {
key = config.local.services.gpg.defaultKey;
signByDefault = true;
};
};
};
}

4
home/modules/gui/default.nix
View file

@ -61,8 +61,8 @@ in {
mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = with pkgs; ["qpdfview.desktop"];
"x-scheme-handler/file" = with pkgs; ["foot.desktop"];
"application/pdf" = with pkgs; ["qpdfview"];
"x-scheme-handler/file" = with pkgs; ["foot"];
};
};
};

5
home/modules/gui/fonts.nix
View file

@ -8,7 +8,7 @@
enable = true;
defaultFonts = {
monospace = [
"JetBrainsMono Nerd Font"
"JetBrains Mono"
"Noto Sans Mono CJK SC"
"Noto Sans Mono"
"Noto Color Emoji"
@ -31,10 +31,11 @@
# with fonts.packages buy im too lazy to check
home.packages = with pkgs; [
jetbrains-mono
nerd-fonts.jetbrains-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
];
}

2
home/modules/gui/mako.nix
View file

@ -18,7 +18,7 @@ in {
progress-color = "over #FFFFFF";
border-radius = 0;
default-timeout = 7000;
font = "JetBrainsMono Nerd Font 10";
font = "JetBrains Mono 10";
icons = true;
ignore-timeout = false;
layer = "top";

11
home/modules/gui/sway.nix
View file

@ -62,7 +62,7 @@ in {
};
fonts = {
names = ["JetBrainsMono Nerd Font"];
names = ["JetBrains Mono"];
style = "Regular";
size = 8.0;
};
@ -136,7 +136,7 @@ in {
keybindings = let
mod = config.wayland.windowManager.sway.config.modifier;
grimshot = getExe pkgs.sway-contrib.grimshot;
bemenuCommand = ''bemenu-run --center --width-factor 0.2 --fixed-height --list 10 --scrollbar none --auto-select --accept-single --fn "JetBrainsMono Nerd Font 12" --prompt "" --tb "#000000" --tf "#EAEAEA" --fb "#000000" --ff "#EAEAEA" --cb "#EAEAEA" --cf "#000000" --nb "#000000" --nf "#EAEAEA" --sb "#000000" --sf "#EAEAEA" --hb "#000000" --hf "#EAEAEA" --fbb "#000000" --fbf "#000000" --ab "#000000" --af "#EAEAEA"'';
bemenuCommand = ''bemenu-run --center --width-factor 0.2 --fixed-height --list 10 --scrollbar none --auto-select --accept-single --fn "JetBrains Mono 12" --prompt "" --tb "#000000" --tf "#EAEAEA" --fb "#000000" --ff "#EAEAEA" --cb "#EAEAEA" --cf "#000000" --nb "#000000" --nf "#EAEAEA" --sb "#000000" --sf "#EAEAEA" --hb "#000000" --hf "#EAEAEA" --fbb "#000000" --fbf "#000000" --ab "#000000" --af "#EAEAEA"'';
in
mkOptionDefault {
"${mod}+a" = "focus parent";
@ -156,13 +156,10 @@ in {
command = "${lib.getExe pkgs.sway} 'workspace 1; exec ${lib.getExe pkgs.firefox}'";
}
{
command = "${lib.getExe pkgs.sway} 'workspace 2; exec ${lib.getExe pkgs.tdesktop}'";
command = "${lib.getExe pkgs.sway} 'workspace 10; exec ${lib.getExe pkgs.tdesktop}'";
}
{
command = "${lib.getExe pkgs.sway} 'workspace 2; exec ${lib.getExe pkgs.gajim}'";
}
{
command = "${lib.getExe pkgs.swaybg} -m fill -i ${config.home.homeDirectory}/Pictures/wallpapers/jupiter.png";
command = "${lib.getExe pkgs.swaybg} -m fill -i ${config.home.homeDirectory}/Pictures/wallpapers/wallpaper.jpg";
always = true;
}
{

57
home/modules/gui/waybar.nix
View file

@ -6,7 +6,6 @@
}:
with lib; let
cfg = config.local.gui;
laptop = config.local.defaultDesktopPack.laptop;
in {
config = mkIf cfg.enable {
programs.waybar = {
@ -27,74 +26,58 @@ in {
];
modules-right = [
"keyboard-state"
"privacy"
"cpu"
"memory"
"disk"
"temperature"
"keyboard-state"
"tray"
]
++ lists.optionals laptop [
"battery"
];
battery = mkIf laptop {
format = "{capacity}% {icon}";
format-plugged = "{capacity}% 󱐥{icon}";
format-icons = [ "󰂃" "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹" ];
states = {
warning = 20;
critical = 10;
};
};
keyboard-state = {
"keyboard-state" = {
numlock = true;
capslock = true;
format.capslock = "{icon}";
format-icons = {
locked = "󰘲 ";
unlocked = "";
};
};
tray = {
"tray" = {
icon-size = 13;
spacing = 8;
};
clock = {
"clock" = {
interval = 60;
format = "{:%A %B %d %Y %H:%M}";
tooltip = false;
};
cpu = {
format = " {usage}%";
"cpu" = {
format = "cpu {usage}%";
tooltip = false;
};
memory = {
format = " {percentage}% ";
"memory" = {
format = "mem {percentage}%";
tooltip = true;
tooltip-format = "{used}/{total}";
};
disk = {
format = " {specific_used:0.0f}/{specific_total:0.0f}";
"disk" = {
format = "disk {specific_used:0.0f}/{specific_total:0.0f}";
unit = "GiB";
tooltip = false;
};
privacy = {
"privacy" = {
icon-size = 12;
};
};
};
style = ''
* {
font-family: "JetBrainsMono Nerd Font", monospace;
font-family: "JetBrains Mono", monospace;
font-size: 12px;
font-weight: 500;
border: none;
box-shadow: none;
}
/* Entire bar: fully transparent, no border */
/* Entire bar: blacc, no border */
window#waybar {
background: transparent;
background: #000000;
color: #eaeaea;
margin: 0;
padding: 0;
@ -155,21 +138,21 @@ in {
margin: 0;
background: rgba(255, 255, 255, 0.10);
color: #ffffff;
box-shadow: inset 0 -2px #ffffff;
border-bottom: 2px solid #ffffff;
}
/* Status modules keep them flat and compact */
#clock, #battery, #network, #pulseaudio, #backlight, #cpu, #memory, #temperature, #tray {
padding: 0 6px;
margin: 0;
background: transparent;
background: #000000;
color: #eaeaea;
}
/* States (battery, network, audio) */
#battery.charging { color: #27f902; }
#battery.warning:not(.charging) { color: #fc8b02; }
#battery.critical:not(.charging) { color: #fc0000; }
#battery.charging { color: #c9ffbf; }
#battery.warning:not(.charging) { color: #ffd29a; }
#battery.critical:not(.charging) { color: #ff9a9a; }
#network.disconnected { color: #ffb4b4; }
#pulseaudio.muted { color: #9aa0a6; }

114
home/modules/halloy.nix
View file

@ -1,114 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.local.programs.halloy;
in {
options.local.programs.halloy = {
enable = mkEnableOption "halloy irc client";
};
config = mkIf cfg.enable {
programs.halloy = {
enable = true;
settings = {
theme = "macawCustom";
font.size = 16;
preview.enabled = false;
sidebar = {
buffer_action = "replace-pane";
focused_buffer_action = "close-pane";
};
buffer = {
channel.topic = {
enabled = true;
};
chathistory.infinite_scroll = true;
server_messages = {
join.exclude = ["*"];
quit.exclude = ["*"];
};
};
servers.liberachat = {
nickname = "posixlycorrect";
nick_password_command = "pass show liberachat_irc";
username = "fabiansoju/irc.libera.chat";
password_command = "pass show soju";
server = "soju.posixlycorrect.com";
port = 6697;
chathistory = true;
channels = [
"##chat"
"##politics"
"##rust"
"#datahoarder"
"#git"
"#indieweb"
"#indieweb-dev"
"#linux"
"#lobsters"
"#nixos"
"#OSRS"
"#soju"
];
};
};
themes = {
macawCustom = {
general = {
background = "#333333";
border = "#505050";
horizontal_rule = "#333333";
unread_indicator = "#2884FC";
};
text = {
primary = "#DFDFDF";
secondary = "#C2C2C2";
tertiary = "#8839EF";
success = "#959595";
error = "#959595";
};
buffer = {
action = "#959595";
background = "#1E1E1E";
background_text_input = "#2E2E2E";
background_title_bar = "#2E2E2E";
border = "#1A1A1A";
border_selected = "#1A1A1A";
code = "#7287FD";
highlight = "#454645";
nickname = "#00C8FF";
selection = "#777777";
timestamp = "#959595";
topic = "#DFDFDF";
url = "#2884FC";
buffer.server_messages = {
default = "#959595";
};
};
buttons.primary = {
background = "#00000000";
background_hover = "#484848";
background_selected = "#4A4A4A";
background_selected_hover = "#666666";
};
buttons.secondary = {
background = "#3B3B3B";
background_hover = "#484848";
background_selected = "#646464";
background_selected_hover = "#666666";
};
};
};
};
};
}

4
home/modules/mapping.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.local.programs.mapping;
cfg = config.local.apps.mapping;
in {
options.local.programs.mapping = {
options.local.apps.mapping = {
enable = mkEnableOption "mapping apps";
};
config = mkIf cfg.enable {

62
home/modules/neovim.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.local.programs.neovim;
cfg = config.local.apps.neovim;
in {
options.local.programs.neovim = {
options.local.apps.neovim = {
enable = mkEnableOption "Neovim settings";
};
config = mkIf cfg.enable {
@ -40,66 +40,8 @@ in {
'';
plugins = with pkgs.vimPlugins; [
barbar-nvim
nvim-web-devicons
vim-nix
vim-visual-multi
{
plugin = nvim-tree-lua;
type = "lua";
config = ''
require("nvim-tree").setup({
renderer = {
icons = {
show = {
file = true,
folder = true,
folder_arrow = true,
git = true,
},
glyphs = {
git = {
unstaged = "",
staged = "",
unmerged = "",
renamed = "",
untracked = "",
deleted = "",
ignored = "",
},
},
},
},
view = {
width = 30,
side = 'left',
},
sync_root_with_cwd = true, --fix to open cwd with tree
respect_buf_cwd = true,
update_cwd = true,
update_focused_file = {
enable = true,
update_cwd = true,
update_root = true,
},
})
vim.g.nvim_tree_respect_buf_cwd = 1
-- use g? for bindings help while in tree
'';
}
{
plugin = gruvbox-nvim;
type = "lua";
config = ''
require("gruvbox").setup({
contrast = "high",
})
vim.o.background = "dark"
vim.cmd([[colorscheme gruvbox]])
'';
}
];
};
home.sessionVariables = {

30
home/modules/pass.nix
View file

@ -1,30 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.services.pass;
in {
options.local.services.pass = {
enable = mkEnableOption "pass settings";
};
config = mkIf cfg.enable {
programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts:
with exts; [
pass-audit
pass-genphrase
pass-otp
pass-tomb
pass-update
]);
settings = {
PASSWORD_STORE_DIR = "${config.home.homeDirectory}/safe/trust";
};
};
};
}

20
home/modules/syncthing.nix
View file

@ -1,20 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.services.syncthing;
in {
options.local.services.syncthing = {
enable = mkEnableOption "syncthing settings";
};
config = mkIf cfg.enable {
services.syncthing = {
enable = true;
tray.enable = true;
};
};
}

38
home/modules/terminal.nix
View file

@ -5,11 +5,9 @@
...
}:
with lib; let
cfg = config.local.programs.terminal;
cfg = config.local.apps.terminal;
in {
options.local.programs.terminal = {
enable = mkEnableOption "terminal emulator settings";
};
options.local.apps.terminal.enable = mkEnableOption "terminal emulator settings";
config = mkIf cfg.enable {
programs = {
foot = {
@ -17,10 +15,10 @@ in {
settings = {
main = {
term = "xterm-256color";
font = "JetBrainsMono Nerd Font:style=Medium:size=15";
font-bold = "JetBrainsMono Nerd Font:style=Bold:size=15";
font-italic = "JetBrainsMono Nerd Font:style=Italic:size=15";
font-bold-italic = "JetBrainsMono Nerd Font:style=Bold Italic:size=15";
font = "JetBrains Mono:style=Medium:size=12";
font-bold = "JetBrains Mono:style=Bold:size=12";
font-italic = "JetBrains Mono:style=Italic:size=12";
font-bold-italic = "JetBrains Mono:style=Bold Italic:size=12";
dpi-aware = "yes";
initial-window-size-pixels = "1200x600";
};
@ -31,15 +29,15 @@ in {
};
colors = {
background = "000000";
regular0 = "616161";
regular1 = "ff4d51";
regular2 = "35d450";
regular3 = "e9e836";
regular4 = "5dc5f8";
regular5 = "feabf2";
regular6 = "24dfc4";
regular7 = "ffffff";
background = "111111";
regular0 = "1E201E"; #black
regular1 = "BE3144"; #red
regular2 = "1F7D53"; #green
regular3 = "FEC260"; #yellow
regular4 = "065084"; #blue
regular5 = "940B92"; #magenta
regular6 = "008B8B"; #cyan
regular7 = "D3DAD9"; #white
};
bell = {
@ -109,12 +107,6 @@ in {
set -g status-justify left
'';
};
fzf = {
enable = true;
enableZshIntegration = true;
tmux.enableShellIntegration = true;
};
};
home = {
sessionVariables = {

20
home/modules/yubikey.nix
View file

@ -1,20 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.services.yubikey;
in {
options.local.services.yubikey = {
enable = mkEnableOption "Yubikey home settings";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
yubikey-manager
yubico-pam
yubikey-personalization
];
};
}

16
home/modules/zed.nix
View file

@ -5,18 +5,16 @@
...
}:
with lib; let
cfg = config.local.programs.zed;
cfg = config.local.apps.zed;
in {
options.local.programs.zed = {
enable = mkEnableOption "zed editor settings";
};
options.local.apps.zed.enable = mkEnableOption "zed editor settings";
config = mkIf cfg.enable {
programs.zed-editor = {
enable = true;
extensions = [
"nix"
"codebook"
"vscode-dark-high-contrast"
"one-dark"
"catppuccin-icons"
];
extraPackages = with pkgs; [
@ -25,8 +23,8 @@ in {
userSettings = {
disable_ai = true;
theme = {
dark = "VSCode Dark High Contrast";
light = "VSCode Dark High Contrast";
dark = "One Dark";
light = "One Dark";
};
icon_theme = {
dark = "Catppuccin Latte";
@ -42,8 +40,8 @@ in {
};
autosave = "on_focus_change";
auto_update = false;
buffer_font_family = "JetBrainsMono Nerd Font";
buffer_font_size = 22;
buffer_font_family = "JetBrains Mono";
buffer_font_size = 16;
hide_mouse = "never";
minimap.show = "auto";
tabs = {

1
home/modules/zsh/default.nix
View file

@ -13,7 +13,6 @@ in {
type = types.str;
description = "prompt for your terminal";
example = literalExpression "%B[%~] \${vcs_info_msg_0_}%b";
default = "%B[%~] \${vcs_info_msg_0_}%b";
};
};
config = mkIf cfg.enable {

13
home/modules/zsh/zshrc.nix
View file

@ -18,7 +18,7 @@
zstyle ':completion:*' original true
zstyle ':completion:*' preserve-prefix '//[^/]##/'
zstyle ':completion:*' verbose true
zstyle :compinstall filename '/home/fabian/.zshrc'
zstyle :compinstall filename '/home/chem/.zshrc'
autoload -Uz compinit
compinit
@ -79,8 +79,11 @@
alias l='ls --color -FhAltr'
alias x='killall --ignore-case --user=$(whoami) --interactive'
alias tree='tree -CF'
alias lock="betterlockscreen -l"
alias nightmode="${lib.getExe pkgs.redshift} -P -O 1000"
alias lightmode="${lib.getExe pkgs.redshift} -x="
alias nixoide="nix repl '<nixpkgs>'"
alias vps="ssh -A vps"
alias vim=nvim
bindkey -e
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5C" forward-word
@ -98,8 +101,8 @@
local pkg
pkg="$1"
shift
echo "nix shell nixpkgs#$pkg --impure"
nix shell "nixpkgs#$pkg" "$@" --impure
echo "nix shell unstable#$pkg --impure"
nix shell "unstable#$pkg" "$@" --impure
}
function spawn () {
@ -127,6 +130,4 @@
export VISUAL=nvim
export PATH="$PATH:$HOME/.local/bin:$HOME/.cargo/bin"
export NIXPKGS_ALLOW_UNFREE=1
eval "$(fzf --zsh)"
''

77
home/platforms/chem@yuki/default.nix Normal file
View file

@ -0,0 +1,77 @@
{
flakes,
config,
pkgs,
lib,
...
}: {
imports = [
./systemd
./isolation.nix
];
nix.registry = {
"system".to = {
type = "path";
path = "/home/chem/nix";
};
"nixpkgs".flake = flakes.nixpkgs;
"unstable".flake = flakes.unstable;
};
local = {
baseline.enable = true;
services = {
zsh = {
enable = true;
prompt = "%B[%~] \${vcs_info_msg_0_}%b";
};
};
apps = {
#todo move some of this to defaultDesktop pack?
terminal.enable = true;
neovim.enable = true;
gaming.enable = true;
defaultDesktopPack.enable = true;
firefox.enable = true;
mapping.enable = true;
zed.enable = true;
};
gui = {
enable = true;
monitors = {
HDMI-A-4 = {
width = "1920";
height = "1080";
rate = "59.94";
};
DP-1 = {
width = "1600";
height = "900";
rate = "59.94";
posX = "1920";
};
};
};
};
home = {
packages = with pkgs; [
gnucash
kdePackages.kdenlive
nmap
qbittorrent
virt-manager
vintagestory
];
username = "chem";
homeDirectory = "/home/chem";
};
programs.home-manager.enable = true;
}

0
home/platforms/fabian@posixlycorrect/isolation.nix → home/platforms/chem@yuki/isolation.nix
View file

0
home/platforms/fabian@posixlycorrect/shenvs/c.nix → home/platforms/chem@yuki/shenvs/c.nix
View file

0
home/platforms/fabian@posixlycorrect/shenvs/python.nix → home/platforms/chem@yuki/shenvs/python.nix
View file

2
home/platforms/fabian@posixlycorrect/systemd/default.nix → home/platforms/chem@yuki/systemd/default.nix
View file

@ -5,6 +5,6 @@
}:
with lib; {
systemd.user.tmpfiles.rules = [
"d %t/tmp 0700 fabian fabian 24h"
"d %t/tmp 0700 chem chem 24h"
];
}

52
home/platforms/fabian@posixlycorrect/default.nix
View file

@ -1,52 +0,0 @@
{
flakes,
config,
pkgs,
lib,
...
}: {
imports = [
./systemd
./isolation.nix
];
local = {
defaultDesktopPack.enable = true;
services = {
gpg.defaultKey = "A8981D346F8F4130CA16A7775517E687FCCE0BB9";
yubikey.enable = true;
};
programs = {
gaming.enable = true;
mapping.enable = true;
};
gui = {
enable = true;
monitors = {
DP-1 = {
width = "1920";
height = "1080";
rate = "59.94";
};
DP-2 = {
width = "1920";
height = "1080";
rate = "143.855";
posX = "1920";
};
};
};
};
home = {
packages = with pkgs; [
darktable
gnucash
kdePackages.kdenlive
virt-manager
];
};
}

45
home/platforms/fabian@t14/default.nix
View file

@ -1,45 +0,0 @@
{
flakes,
config,
pkgs,
lib,
...
}: {
imports = [
./systemd
./isolation.nix
];
local = {
defaultDesktopPack = {
enable = true;
laptop = true;
};
services = {
gpg.defaultKey = "A8981D346F8F4130CA16A7775517E687FCCE0BB9";
yubikey.enable = true;
};
programs = {
gaming.enable = true;
mapping.enable = true;
};
gui = {
enable = true;
monitors = {
eDP-1 = {
width = "1920";
height = "1080";
rate = "60.00";
};
};
};
};
home = {
packages = with pkgs; [
];
};
}

22
home/platforms/fabian@t14/isolation.nix
View file

@ -1,22 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib; {
home.isolation = {
enable = true;
btrfsSupport = true;
defaults = {
static = true;
bindHome = "home/";
persist = {
base = "shenvs";
btrfs = true;
};
};
modulesUnder = ./shenvs;
};
}

13
home/platforms/fabian@t14/shenvs/c.nix
View file

@ -1,13 +0,0 @@
{pkgs, ...}: {
static = true;
packages = with pkgs; [
binutils
cmake
curl
gdb
gnumake
rustup
valgrind
];
}

11
home/platforms/fabian@t14/shenvs/python.nix
View file

@ -1,11 +0,0 @@
{pkgs, ...}: {
static = true;
packages = with pkgs; [
pipenv
(python310.withPackages (packages:
with packages; [
setuptools
]))
];
}

10
home/platforms/fabian@t14/systemd/default.nix
View file

@ -1,10 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
systemd.user.tmpfiles.rules = [
"d %t/tmp 0700 fabian fabian 24h"
];
}

24
home/platforms/fabian@vps/default.nix
View file

@ -1,24 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
imports = [
];
local = {
baseline.enable = true;
services = {
zsh.prompt = "%B<%~> \${vcs_info_msg_0_}%b";
};
};
home = {
packages = with pkgs; [
];
};
}

3
pkgs/config/default.nix
View file

@ -1,5 +1,6 @@
{lib}:
with lib; {
android_sdk.accept_license = true;
android_sdk.accept_license = true; #TODO: what the fuck is this
allowUnfreePredicate = pkg: import ./unfree.nix lib (getName pkg);
allowInsecurePredicate = pkg: import ./insecure.nix lib (getName pkg);
}

4
pkgs/config/insecure.nix Normal file
View file

@ -0,0 +1,4 @@
lib: name:
with lib;
elem name [
]

1
pkgs/config/unfree.nix
View file

@ -8,4 +8,5 @@ with lib;
"steam-original"
"steam-unwrapped"
"steam-run"
"vintagestory"
]

2
pkgs/default.nix
View file

@ -6,8 +6,6 @@
with prev.lib; let
inherit (final) callPackage fetchpatch;
in {
homepage = flakes.homepage.packages.${final.system}.default;
override =
{
# add python modules here to make them available in all versions

15
sys/modules/baseline.nix
View file

@ -53,17 +53,6 @@ in {
];
};
fonts.packages = with pkgs; [
jetbrains-mono
nerd-fonts.jetbrains-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
];
services = {
openssh.enable = mkDefault true;
@ -73,8 +62,6 @@ in {
};
};
programs.dconf.enable = true;
# Coredumps are a security risk and may use up a lot of disk space
systemd.coredump.extraConfig = ''
Storage=none
@ -85,7 +72,5 @@ in {
enable = true;
defaultBitSize = 4096;
};
i18n.defaultLocale = "en_US.UTF-8";
};
}

63
sys/modules/borgsync.nix
View file

@ -1,63 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.sys.borgsync;
in {
options.local.sys.borgsync = {
enable = mkEnableOption "borg backup to an rsync.net repo";
paths = mkOption {
type = with types; nullOr (coercedTo str singleton (listOf str));
default = null;
description = "Paths to back up.";
};
exclude = mkOption {
type = with types; listOf str;
description = "Exclude paths.";
default = [];
};
repoName = mkOption {
type = types.str;
description = "Remote rsync repository to back up to.";
};
};
config = mkIf cfg.enable {
services.borgbackup.jobs.rsync = {
paths = cfg.paths;
exclude = cfg.exclude;
user = "root";
group = "root";
doInit = true;
startAt = [
"hourly"
];
inhibitsSleep = true;
persistentTimer = true;
repo = "zh5777@zh5777.rsync.net:${cfg.repoName}";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /var/trust/borg/${cfg.repoName}_passphrase";
};
compression = "auto,lz4";
prune = {
keep = {
hourly = 24;
daily = 7;
weekly = 4;
monthly = 12;
yearly = 99;
};
};
extraArgs = [
"--remote-path=borg14"
];
};
environment.sessionVariables.BORG_REMOTE_PATH = "borg14";
};
}

14
sys/modules/default.nix
View file

@ -6,7 +6,6 @@
}: {
imports = [
./baseline.nix
./yubikey.nix
./audio.nix
./graphics.nix
./virtualisation.nix
@ -16,8 +15,15 @@
./net.nix
./steam.nix
./gtklock.nix
./borgsync.nix
./dufs.nix
./defaultDesktopPack.nix
];
fonts.packages = with pkgs; [
jetbrains-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
];
}

40
sys/modules/defaultDesktopPack.nix
View file

@ -1,40 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.sys.defaultDesktopPack;
in {
options.local.sys.defaultDesktopPack = {
enable = mkEnableOption "common desktop programs and services";
};
config = mkIf cfg.enable {
local.sys = {
baseline.enable = true;
audio.enable = true;
graphics.enable = true;
gtklock.enable = true;
steam.enable = true;
users = {
fabian = {
enable = true;
unixId = 1002; #TODO !!!!!!
};
};
};
trivium = {
sway.enable = true;
trivionomiconMotd.enable = true;
};
networking = {
networkmanager.enable = true;
useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here.
};
};
}

233
sys/modules/dufs.nix
View file

@ -1,233 +0,0 @@
# https://github.com/NixOS/nixpkgs/blob/c77cd68706b590b44334bb8c506239b3384c26a0/nixos/modules/services/misc/dufs.nix
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.sys.dufs;
types = lib.types;
in {
options.local.sys.dufs = {
enable = lib.mkEnableOption "the dufs server";
package = lib.mkPackageOption pkgs "dufs" {};
settings = lib.mkOption {
type = types.submodule {
options = {
serve-path = lib.mkOption {
type = types.path;
description = "Specific path to serve.";
};
bind = lib.mkOption {
type = types.nullOr types.str;
description = "Specify bind address or unix socket.";
default = null;
};
port = lib.mkOption {
type = types.port;
description = "Specify port to listen on.";
default = 5000;
};
path-prefix = lib.mkOption {
type = types.nullOr types.path;
description = "Specify a path prefix.";
default = null;
};
hidden = lib.mkOption {
type = types.listOf types.str;
description = "Hide paths from directory listings, e.g. tmp,*.log,*.lock.";
default = [];
example = lib.literalExpression ''
[
"tmp"
"*.log"
"*.lock."
]
'';
};
allow-all = lib.mkOption {
type = types.bool;
description = "Allow all operations.";
default = true;
};
allow-upload = lib.mkOption {
type = types.bool;
description = "Allow upload files/folders.";
default = false;
};
allow-delete = lib.mkOption {
type = types.bool;
description = "Allow delete files/folders.";
default = false;
};
allow-search = lib.mkOption {
type = types.bool;
description = "Allow search files/folders.";
default = false;
};
allow-symlink = lib.mkOption {
type = types.bool;
description = "Allow symlink to files/folders outside root directory.";
default = false;
};
allow-archive = lib.mkOption {
type = types.bool;
description = "Allow zip archive generation.";
default = false;
};
enable-cors = lib.mkOption {
type = types.bool;
description = "Enable CORS, sets `Access-Control-Allow-Origin: *`.";
default = false;
};
render-index = lib.mkOption {
type = types.bool;
description = "Serve index.html when requesting a directory, returns 404 if not found index.html.";
default = false;
};
render-try-index = lib.mkOption {
type = types.bool;
description = "Serve index.html when requesting a directory, returns directory listing if not found index.html.";
default = false;
};
render-spa = lib.mkOption {
type = types.bool;
description = "Serve SPA(Single Page Application).";
default = false;
};
assets = lib.mkOption {
type = types.nullOr types.path;
description = "Set the path to the assets directory for overriding the built-in assets.";
default = null;
};
log-format = lib.mkOption {
type = types.nullOr types.str;
description = "Customize http log format.";
default = null;
example = lib.literalExpression ''
"$remote_addr \"$request\" $status"
'';
};
compress = lib.mkOption {
type = types.enum [
"none"
"low"
"medium"
"high"
];
description = "Customize http log format.";
default = "none";
};
tls-cert = lib.mkOption {
type = types.nullOr types.path;
description = "Path to an SSL/TLS certificate to serve with HTTPS.";
default = null;
};
tls-key = lib.mkOption {
type = types.nullOr types.path;
description = "Path to the SSL/TLS certificate's private key.";
default = null;
};
};
};
description = "Settings for dufs.";
};
authFile = lib.mkOption {
type = types.nullOr types.path;
description = ''
Path to file containing auth roles (e.g. user:pass@/dir1:rw,/dir2), one per line.
Passwords may be hashed, see https://github.com/sigoden/dufs#hashed-password.
'';
default = null;
};
openFirewall = lib.mkOption {
type = types.bool;
description = "Open firewall on configured port.";
default = false;
};
user = lib.mkOption {
type = types.str;
description = "User to run dufs under.";
default = "dufs";
};
group = lib.mkOption {
type = types.str;
description = "Group to run dufs under.";
default = "dufs";
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.port];
systemd.services.dufs = let
settings = lib.filterAttrs (_: v: v != null) cfg.settings;
pathWritable = settings.allow-all || settings.allow-upload || settings.allow-delete;
in {
after = ["network.target"];
wantedBy = ["multi-user.target"];
environment.DUFS_CONFIG = (pkgs.formats.yaml {}).generate "dufs-config.yaml" settings;
script = ''
${lib.optionalString (cfg.authFile != null) ''
export DUFS_AUTH=$(tr '\n' '|' < ${lib.escapeShellArg cfg.authFile} | sed 's/|$//')
''}
exec ${lib.escapeShellArg (lib.getExe cfg.package)}
'';
serviceConfig = {
BindReadOnlyPaths =
[
builtins.storeDir
]
++ lib.optional (!pathWritable) settings.serve-path
++ lib.optional (cfg.authFile != null) cfg.authFile;
BindPaths = lib.mkIf pathWritable settings.serve-path;
CapabilityBoundingSet = "";
DeviceAllow = "";
Group = cfg.group;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RootDirectory = "/run/dufs";
RuntimeDirectory = "dufs";
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@resources"
"~@privileged"
];
User = cfg.user;
};
};
users = {
users.dufs = lib.mkIf (cfg.user == "dufs") {
group = cfg.group;
home = cfg.settings.serve-path;
isSystemUser = true;
};
groups.dufs = lib.mkIf (cfg.group == "dufs") {};
};
};
meta.maintainers = with lib.maintainers; [jackwilsdon];
}

2
sys/modules/graphics.nix
View file

@ -16,5 +16,7 @@ in {
};
hardware.graphics.enable = true;
programs.dconf.enable = true;
};
}

2
sys/modules/gtklock.nix
View file

@ -26,7 +26,7 @@ in {
window {
background-color: black;
color: #eaeaea;
font-family: "JetBrainsMono Nerd Font", monospace;
font-family: "JetBrains Mono", monospace;
font-size: 14px;
}

4
sys/modules/users.nix
View file

@ -31,7 +31,7 @@ in {
config = {
local.sys.users = {
fabian = {
chem = {
unixId = mkDefault 1000;
admin = true;
};
@ -54,7 +54,7 @@ in {
shell = pkgs.zsh;
extraGroups =
["users" "networkmanager"]
++ optionals (v.admin) ["wheel" "libvirtd" "dialout" "adbusers" "video" "input"];
++ optionals (v.admin) ["wheel" "libvirtd" "dialout" "adbusers"];
openssh.authorizedKeys.keyFiles = v.sshKeyPublicFile;
})
enabledUsers;

44
sys/modules/yubikey.nix
View file

@ -1,44 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.sys.yubikey;
in {
options.local.sys.yubikey = {
enable = mkEnableOption "yubikey settings";
};
config = mkIf cfg.enable {
services = {
pcscd.enable = true;
udev.packages = [pkgs.yubikey-personalization];
};
environment.etc."pkcs11/modules/ykcs11".text = ''
module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so
'';
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
security.pam = {
services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
u2f = {
enable = true;
control = "sufficient";
settings = {
debug = false;
cue = true;
};
};
};
};
}

50
sys/platforms/posixlycorrect/default.nix
View file

@ -1,50 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}: {
imports = [
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
];
local.sys = {
defaultDesktopPack.enable = true;
yubikey.enable = true;
virtualisation.enable = true;
androidSupport.enable = true;
borgsync = {
enable = true;
paths = [
"/home/fabian/nix"
"/home/fabian/safe"
"/xtern/backup"
];
repoName = "posixlycorrect";
};
};
networking = {
hostName = "posixlycorrect";
hostId = "0414a727";
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
tmp.useTmpfs = true;
supportedFilesystems = ["zfs"];
zfs = {
forceImportRoot = false;
useKeyringForCredentials = true;
};
};
time.timeZone = "America/Costa_Rica";
}

44
sys/platforms/posixlycorrect/hardware-configuration.nix
View file

@ -1,44 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}: let
subvol = subvol: {
device = "/dev/disk/by-uuid/645fdba0-5c03-4285-926b-facded1ee259";
fsType = "btrfs";
options = ["subvol=${subvol}" "compress=zstd" "noatime" "ssd"];
};
in {
imports = [
flakes.nixpkgs.nixosModules.notDetected
];
boot.initrd = {
availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
luks.devices."toplevel" = {
device = "/dev/disk/by-uuid/58277baa-90d4-4a5e-a658-1b918b89130a";
preLVM = false;
};
};
fileSystems = {
"/" = subvol "root";
"/toplevel" = subvol "/";
"/boot" = {
device = "/dev/disk/by-uuid/B007-B007";
fsType = "vfat";
options = ["umask=027"];
};
"/extern" = {
device = "/dev/disk/by-uuid/7d8d3ec9-b456-4e2a-9396-551dcaf7705b";
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

45
sys/platforms/t14/default.nix
View file

@ -1,45 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}: {
imports = [
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
];
local.sys = {
defaultDesktopPack.enable = true;
yubikey.enable = true;
bluetooth.enable = true;
};
trivium = {
laptop.enable = true;
thinkpad.enable = true;
};
services = {
fwupd.enable = true; #TODO
pcscd.enable = true; #TODO
};
hardware.acpilight.enable = true;
networking.hostName = "t14";
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
tmp.useTmpfs = true;
kernelPackages = pkgs.linuxPackages_latest;
};
time.timeZone = "America/Costa_Rica";
}

62
sys/platforms/t14/hardware-configuration.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
services.xserver.videoDrivers = ["i915" "modesetting" "fbdev"];
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "sdhci_pci"];
kernelModules = ["dm-snapshot"];
luks.devices."tomb" = {
device = "/dev/disk/by-uuid/0b2b9aec-c239-4cce-948d-4411d9300c1d";
preLVM = true;
};
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
options = ["subvol=root"];
};
"/boot" = {
device = "/dev/disk/by-uuid/A7E5-EEAB";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
options = ["subvol=nix"];
};
"/home" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
options = ["subvol=home"];
};
"/toplevel" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
};
};
swapDevices = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

140
sys/platforms/vps/default.nix
View file

@ -1,140 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
doctrine,
...
}:
with lib; {
imports = [
flakes.vpsadminos.nixosConfigurations.container
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
./srv
./networkMap.nix
];
local.sys = {
baseline.enable = true;
borgsync = {
enable = true;
paths = [
"/var/lib/forgejo"
"/var/lib/mealie"
"/var/lib/trilium"
"/var/lib/forgejo"
];
repoName = "vps";
};
users.fabian = {
enable = true;
sshKeyPublicFile = [pki/id_ed25519.pub]; # move this out someday
};
};
trivium.soju = {
enable = true;
fullyQualifiedDomain = "soju.posixlycorrect.com";
};
services.openssh = {
settings.PasswordAuthentication = false;
};
programs.mosh.enable = true;
networking = {
hostName = "vps";
domain = "posixlycorrect.com";
firewall.allowedUDPPorts = [51820]; #TODO
};
time.timeZone = "Europe/Amsterdam";
systemd = {
extraConfig = ''
DefaultTimeoutStartSec=900s
'';
network = let
inherit (config.local.sys) nets;
in {
enable = true;
netdevs = {
wg-vpn = {
netdevConfig = {
Name = "wg-vpn";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/var/trust/wg/vpn/key.priv";
ListenPort = "51820";
};
wireguardPeers = [
{
PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk";
AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"];
}
{
PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk";
AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"];
}
];
};
};
networks = {
wg-vpn = {
name = "wg-vpn";
networkConfig = {
Address = [
nets.vpn-vps.hosts.vps.v6.cidr
];
};
routes = [
{
Destination = nets.vpn.v6.cidr;
}
{
Source = nets.vpn.v6.cidr;
}
];
};
};
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit flakes;
doctrine = flakes.trivionomicon.lib.mkDoctrine {
inherit pkgs;
inherit (doctrine) prefix;
namespace = "home";
};
};
users.fabian = {
imports = [
flakes.impermanence.nixosModules.home-manager.impermanence
"${flakes.self}/home/platforms/fabian@vps"
"${flakes.self}/home"
];
};
};
}

29
sys/platforms/vps/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}: let
in {
fileSystems = {
"/mnt/export2008" = {
device = "172.16.129.19:/nas/5876";
fsType = "nfs";
options = ["nofail" "noatime"];
};
"/mnt/export2178" = {
device = "172.16.129.151:/nas/5876/immich";
fsType = "nfs";
options = ["nofail" "noatime"];
};
"/mnt/export2179" = {
device = "172.16.131.31:/nas/5876/syncthing";
fsType = "nfs";
options = ["nofail"];
};
};
}

78
sys/platforms/vps/networkMap.nix
View file

@ -1,78 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
local.sys.nets = {
default = {
v4 = {
bits = 32;
prefix = "37.205.12.34";
};
v6 = {
bits = 64;
prefix = "2a03:3b40:fe:102";
};
hosts = {
vps.v6.suffix = "1";
vps.v4.suffix = "";
};
};
vpn = {
v6 = {
bits = 48;
prefix = "2a03:3b40:2b";
};
};
vpn-vps = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1000";
};
hosts = {
vps.v6.suffix = "1";
};
};
vpn-posixlycorrect = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1001";
};
hosts = {
posixlycorrect.v6.suffix = "1";
};
};
vpn-pixel8 = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1002";
};
hosts = {
pixel8.v6.suffix = "1";
};
};
vpn-t14 = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1003";
};
hosts = {
t14.v6.suffix = "1";
};
};
};
}

1
sys/platforms/vps/pki/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICls/LbyzkIXj5HCp7Qc4eoGcUXzJdQFshNX2caPwgNh openpgp:0x1B7A8CB7

30
sys/platforms/vps/srv/calibre-web.nix
View file

@ -1,30 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."calibre.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://[::1]:8083";
};
};
};
calibre-web = {
enable = true;
options = {
enableBookUploading = true;
calibreLibrary = "/var/lib/calibre-web/calibre_library";
};
};
};
}

25
sys/platforms/vps/srv/default.nix
View file

@ -1,25 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
imports = [
./net.nix
./mediawiki.nix
./forgejo.nix
./vaultwarden.nix
./msmtp.nix
./trilium.nix
./syncthing.nix
./calibre-web.nix
./immich.nix
./mealie.nix
./dufs.nix
./isso.nix
./miniflux.nix
./radicale.nix
];
}

32
sys/platforms/vps/srv/dufs.nix
View file

@ -1,32 +0,0 @@
{
lib,
pkgs,
config,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."public.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:5000";
};
};
};
};
local.sys.dufs = {
enable = true;
settings = {
serve-path = "/var/public";
allow-all = false;
allow-archive = true;
};
};
}

62
sys/platforms/vps/srv/forgejo.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
...
}:
with lib; {
config = {
environment.etc."fail2ban/filter.d/gitea.local".text = ''
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =
'';
services = {
nginx = {
virtualHosts."git.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/".proxyPass = "http://localhost:9170";
};
};
fail2ban.jails.gitea.settings = {
filter = "gitea";
logpath = "${config.services.gitea.stateDir}/log/gitea.log";
maxretry = "10";
findtime = "3600";
bantime = "900";
action = "iptables-allports";
};
forgejo = {
enable = true;
lfs.enable = true;
useWizard = false;
settings = {
general.APP_NAME = "posixlycorrect";
ui.DEFAULT_THEME = "forgejo-dark";
server = {
DOMAIN = "git.posixlycorrect.com";
ROOT_URL = "https://git.posixlycorrect.com";
HTTP_PORT = 9170;
LANDING_PAGE = "explore";
};
service.DISABLE_REGISTRATION = true;
actions = {
ENABLED = true;
};
mailer = {
ENABLED = false;
};
};
};
};
};
}

72
sys/platforms/vps/srv/immich.nix
View file

@ -1,72 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."photos.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://localhost:2283";
};
};
};
immich = {
enable = true;
secretsFile = "/var/trust/immich/secrets.txt";
mediaLocation = "/mnt/export2178/immich/media";
machine-learning.enable = false;
environment = {
IMMICH_TELEMETRY_EXCLUDE = "host,api,io,repo,job";
};
settings = {
machineLearning = {
enabled = false;
};
job = {
backgroundTask = {
concurrency = 1;
};
smartSearch = {
concurrency = 1;
};
metadataExtraction = {
concurrency = 1;
};
faceDetection = {
concurrency = 1;
};
search = {
concurrency = 1;
};
sidecar = {
concurrency = 1;
};
library = {
concurrency = 1;
};
migration = {
concurrency = 1;
};
thumbnailGeneration = {
concurrency = 1;
};
videoConversion = {
concurrency = 1;
};
notifications = {
concurrency = 1;
};
};
};
};
};
}

45
sys/platforms/vps/srv/isso.nix
View file

@ -1,45 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."isso.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8888/";
};
};
};
isso = {
enable = true;
settings = {
general = {
host = "https://posixlycorrect.com/";
dbpath = "/var/lib/isso/comments.db";
notify = "stdout";
};
moderation = {
enabled = false;
approve-if-email-previously-approved = false;
purge-after = "365d";
};
server = {
listen = "http://127.0.0.1:8888/";
};
guard = {
require-author = true;
require-email = true;
};
};
};
};
}

37
sys/platforms/vps/srv/mealie.nix
View file

@ -1,37 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
systemd.services.wiki-js = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services = {
nginx = {
virtualHosts."food.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:9000";
};
};
};
mealie = {
enable = true;
listenAddress = "127.0.0.1";
port = 9000;
credentialsFile = "/var/trust/mealie/credentials.env";
settings = {
ALLOW_SIGNUP = "false";
};
};
};
}

71
sys/platforms/vps/srv/mediawiki.nix
View file

@ -1,71 +0,0 @@
{
lib,
pkgs,
flakes,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."wiki.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
};
};
mediawiki = {
enable = true;
name = "posixlycorrect wiki";
webserver = "nginx";
nginx.hostName = "wiki.posixlycorrect.com";
database.type = "postgres";
passwordFile = "/run/keys/mediawiki-password";
skins = {
citizen = "${flakes.mediawikiSkinCitizen}";
};
extraConfig = ''
# Disable anonymous editing and account creation
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgDefaultSkin = 'citizen';
$wgDefaultMobileSkin = 'citizen';
$wgCitizenThemeDefault = 'dark';
$wgCitizenShowPageTools = 'login';
$wgLogos = [
'icon' => "https://posixlycorrect.com/favicon.png",
'1x' => "https://posixlycorrect.com/favicon.png",
'2x' => "https://posixlycorrect.com/favicon.png",
];
$wgEnableEmail = false; #TODO: arreglar esto
$wgNoReplyAddress = 'mediawiki@posixlycorrect.com';
$wgEmergencyContact = 'mediawiki@posixlycorrect.com';
$wgPasswordSender = 'mediawiki@posixlycorrect.com';
'';
extensions = {
# some extensions are included and can enabled by passing null
VisualEditor = null;
CategoryTree = null;
CiteThisPage = null;
Scribunto = null;
Cite = null;
CodeEditor = null;
Math = null;
MultimediaViewer = null;
PdfHandler = null;
Poem = null;
SecureLinkFixer = null;
WikiEditor = null;
ParserFunctions = null;
};
};
};
}

33
sys/platforms/vps/srv/miniflux.nix
View file

@ -1,33 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."rss.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8087";
};
};
};
miniflux = {
enable = true;
adminCredentialsFile = "/var/trust/miniflux/adminCredentialsFile";
config = {
CLEANUP_FREQUENCY = 48;
LISTEN_ADDR = "127.0.0.1:8087";
BASE_URL = "https://rss.posixlycorrect.com";
CREATE_ADMIN = 1;
};
};
};
}

35
sys/platforms/vps/srv/msmtp.nix
View file

@ -1,35 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
users.groups = {
mailsenders = {
members = ["fabian" "mediawiki"];
};
};
# esto sirve para que PHP pueda accesar la clave smtp de fastmail
#systemd.services.phpfpm-mediawiki = {
# path = [ "/run/wrappers" ];
# serviceConfig.ReadWritePaths = [ "/run/wrappers" "/var/trust/fastmail" ];
#};
programs = {
msmtp = {
enable = true;
accounts = {
default = {
auth = true;
host = "smtp.fastmail.com";
port = 587;
passwordeval = "cat /var/trust/fastmail/smtp_key";
user = "fabianmontero@fastmail.com";
tls = true;
tls_starttls = true;
};
};
};
};
}

100
sys/platforms/vps/srv/net.nix
View file

@ -1,100 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
inherit (config.local.sys) nets;
in {
# adds "/var/lib/acme/acme-challenge" as a webroot fallback
options = {
security.acme = {
certs = mkOption {
type = with types;
attrsOf (submodule ({config, ...}: {
config = {
webroot =
if config.dnsProvider == null
then "/var/lib/acme/acme-challenge"
else null;
};
}));
};
};
};
config = {
networking = {
nftables.enable = false; # learn how to use this later
firewall = {
enable = true;
allowedTCPPorts = [80 443];
};
domain = "posixlycorrect.com";
};
# ver https://nixos.org/manual/nixos/stable/index.html#module-security-acme-nginx
security.acme = {
acceptTerms = true;
defaults = {
email = "fabian@posixlycorrect.com";
};
};
services = {
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
logError = "/var/log/nginx/error.log";
clientMaxBodySize = "99M";
virtualHosts = {
"posixlycorrect.com" = {
forceSSL = true;
enableACME = true;
locations = {
"/".root = "${pkgs.trivium.homepage}";
"/.well-known/openpgpkey/hu/".alias = "/var/public/wkd/";
};
};
};
};
fail2ban = {
enable = true;
bantime = "10m";
ignoreIP = [
nets.default.hosts.vps.v6.cidr
nets.default.hosts.vps.v4.address
nets.vpn.v6.cidr
];
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
maxtime = "48h"; # Do not ban for more than 48h
rndtime = "10m";
overalljails = true; # Calculate the bantime based on all the violations
};
jails = {
# https://discourse.nixos.org/t/fail2ban-with-nginx-and-authelia/31419
nginx-botsearch.settings = {
# Usar log en vez de journalctl
# TODO: Pasar todo a systemd?
backend = "pyinotify";
logpath = "/var/log/nginx/*.log";
journalmatch = "";
};
nginx-bad-request.settings = {
backend = "pyinotify";
logpath = "/var/log/nginx/*.log";
journalmatch = "";
maxretry = 10;
};
};
};
};
};
}

41
sys/platforms/vps/srv/radicale.nix
View file

@ -1,41 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."dav.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:5232";
};
};
};
radicale = {
enable = true;
settings = {
server = {
hosts = ["127.0.0.1:5232"];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/var/trust/radicale/htpasswd";
htpasswd_encryption = "bcrypt";
};
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
web.type = "internal";
rights.type = "authenticated";
};
};
};
}

42
sys/platforms/vps/srv/syncthing.nix
View file

@ -1,42 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
syncthing = {
enable = true;
systemService = true;
overrideFolders = false;
overrideDevices = false;
openDefaultPorts = true;
guiAddress = "127.0.0.1:8384";
settings.options.urAccepted = -1;
dataDir = "/mnt/export2179/syncthing";
relay = {
enable = true;
pools = [];
providedBy = "vps.posixlycorrect.com";
};
};
};
# calibre web stuff. make this better someday, this is pure duct-tape
users.groups."calybresync".members = ["syncthing" "calibre-web"];
systemd = {
services."calybreown" = {
script = ''
chgrp -R calybresync /var/lib/calibre-web/calibre_library
chmod -R g+w /var/lib/calibre-web/calibre_library
'';
serviceConfig.Type = "oneshot";
};
timers."calybreown" = {
wantedBy = [
"timers.target"
];
timerConfig.OnCalendar = "*-*-* *:00/30:00";
};
};
}

34
sys/platforms/vps/srv/trilium.nix
View file

@ -1,34 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."notes.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
};
};
trilium-server = {
enable = true;
package = pkgs.trilium-next-server;
host = "127.0.0.1";
port = 8458;
noAuthentication = false;
noBackup = true; # I already backup the whole dataDir, so no need for this
instanceName = "posixlycorrect";
dataDir = "/var/lib/trilium";
nginx = {
enable = true;
hostName = "notes.posixlycorrect.com";
};
};
};
}

63
sys/platforms/vps/srv/vaultwarden.nix
View file

@ -1,63 +0,0 @@
{
config,
lib,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."vault.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
#fail2ban.jails.gitea.settings = { };
postgresql = {
ensureDatabases = ["vaultwarden"];
ensureUsers = [
{
name = "vaultwarden";
ensureDBOwnership = true;
}
];
};
vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = "/var/trust/vaultwarden/smtp_key";
config = {
DOMAIN = "https://vault.posixlycorrect.com";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
# Using FASTMAIL mail server
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
SMTP_HOST = "smtp.fastmail.com";
SMTP_PORT = 587;
SMTP_SECURITY = "starttls";
SMTP_FROM = "vault@posixlycorrect.com";
SMTP_FROM_NAME = "posixlycorrect vaultwarden server";
SMTP_AUTH_MECHANISM = "PLAIN";
DATABASE_URL = "postgresql:///vaultwarden";
};
};
bitwarden-directory-connector-cli.domain = "https://vault.posixlycorrect.com";
};
}

55
sys/platforms/yuki/default.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
pkgs,
lib,
flakes,
...
}: {
imports = [
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
];
local.sys = {
baseline.enable = true;
audio.enable = true;
graphics.enable = true;
virtualisation.enable = true;
androidSupport.enable = true;
steam.enable = true;
gtklock.enable = true;
users = {
chem = {
enable = true;
};
};
};
local.sway.enable = true;
networking = {
hostName = "yuki";
networkmanager.enable = true;
useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here.
#interfaces.enp7s0.useDHCP = true; # Per-interface useDHCP will be mandatory in the future, so this generated config
#interfaces.wlp6s0.useDHCP = true; # replicates the default behaviour.
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
tmp.useTmpfs = true;
kernelPackages = pkgs.linuxPackages_zen;
};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; #todo: move to baseline?
time.timeZone = "America/Costa_Rica"; #todo: move to baseline?
}

42
sys/platforms/yuki/hardware-configuration.nix Normal file
View file

@ -0,0 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b925ebc0-f717-4f0d-83ca-a9a29990b8e2";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EC62-0FDF";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

51
trivionomicon/flake.nix
View file

@ -9,11 +9,11 @@
nixpkgs,
flake-utils,
}: let
mapOverlayOverride = prefix: overlay: final: prev: let
mapOverlayOverride = namespace: overlay: final: prev: let
overlayPkgs = overlay final prev;
in
{
"${prefix}" = (prev.${prefix} or {}) // builtins.removeAttrs overlayPkgs ["override"];
"${namespace}" = builtins.removeAttrs overlayPkgs ["override"];
}
// (overlayPkgs.override or {});
@ -30,7 +30,7 @@
packages =
(import nixpkgs {
inherit system;
overlays = [self.overlays.default];
overlays = [(mapOverlayOverride doctrineNoPkgs.prefix (import ./pkgs))];
}).${
doctrineNoPkgs.prefix
};
@ -121,7 +121,7 @@
}
# NB: Preserve the relative order
{
overlay = mapOverlayOverride prefix (import ./pkgs);
overlay = self.overlays.default;
condition = true;
}
{
@ -164,12 +164,24 @@
}
// optionalAttrs (paths ? nixosSource) {
nixosConfigurations = let
hostConfig = platform:
self.lib.mkSystem {
inherit flakes pkgs;
doctrine = doctrineNoPkgs;
nixosSystem = {modules}:
lib.makeOverridable nixpkgs.lib.nixosSystem {
inherit modules pkgs system;
specialArgs = {
inherit flakes;
doctrine = mkDoctrine {
inherit pkgs;
namespace = "sys";
};
};
};
hostConfig = platform:
nixosSystem {
modules = [
self.nixosModules.default
nixosSourcePath
platform
];
@ -201,29 +213,6 @@
in
lib.mapAttrs home (importAll {root = hmPlatformsPath;});
};
mkSystem = {
pkgs,
flakes,
doctrine,
modules,
}:
flakes.nixpkgs.lib.makeOverridable flakes.nixpkgs.lib.nixosSystem {
inherit pkgs;
inherit (pkgs) system;
modules = [self.nixosModules.default] ++ modules;
specialArgs = {
inherit flakes;
doctrine = self.lib.mkDoctrine {
inherit pkgs;
inherit (doctrine) prefix;
namespace = "sys";
};
};
};
};
};
}

13
trivionomicon/modules/soju/default.nix
View file

@ -1,13 +0,0 @@
{
config,
lib,
pkgs,
doctrine,
...
}:
doctrine.lib.mkModule {
inherit config;
name = "soju";
sys = ./sys.nix;
options = ./options.nix;
}

16
trivionomicon/modules/soju/options.nix
View file

@ -1,16 +0,0 @@
{lib, ...}:
with lib.types; {
sys = {
fullyQualifiedDomain = lib.mkOption {
type = str;
example = "soju.trivionomicon.com";
description = "fully qualified domain name to be used by soju";
};
port = lib.mkOption {
type = port;
default = 6697;
description = "port to be used by soju";
};
};
}

47
trivionomicon/modules/soju/sys.nix
View file

@ -1,47 +0,0 @@
{
config,
pkgs,
lib,
cfg,
doctrine,
...
}:
with lib; {
security.acme.certs."${cfg.fullyQualifiedDomain}" = {
reloadServices = ["soju.service"];
group = "soju";
};
networking.firewall.allowedTCPPorts = [cfg.port];
services.soju = let
sojuCertDir = config.security.acme.certs."${cfg.fullyQualifiedDomain}".directory;
in {
enable = true;
hostName = "${cfg.fullyQualifiedDomain}";
listen = ["ircs://[::]:${toString cfg.port}"];
tlsCertificate = "${sojuCertDir}/fullchain.pem";
tlsCertificateKey = "${sojuCertDir}/key.pem";
};
systemd.services.soju = {
after = ["acme-${cfg.fullyQualifiedDomain}.service"];
serviceConfig = {
DynamicUser = mkForce false; # fuck dynamic users
User = "soju";
Group = "soju";
ProtectSystem = "strict";
ProtectHome = "read-only";
PrivateTmp = true;
RemoveIPC = true;
};
};
users = {
users.soju = {
isSystemUser = true;
group = "soju";
};
groups.soju = {};
};
}

10
trivionomicon/modules/trivionomiconMotd/default.nix
View file

@ -1,10 +0,0 @@
{
config,
doctrine,
...
}:
doctrine.lib.mkModule {
inherit config;
name = "trivionomiconMotd";
sys = ./sys.nix;
}

22
trivionomicon/modules/trivionomiconMotd/sys.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
users.motd = ''
_ _ _ _
| | | | | | | |
_ __ _____ _____ _ __ ___ __| | | |__ _ _ | |_| |__ ___
| '_ \ / _ \ \ /\ / / _ \ '__/ _ \/ _` | | '_ \| | | | | __| '_ \ / _ \
| |_) | (_) \ V V / __/ | | __/ (_| | | |_) | |_| | | |_| | | | __/
| .__/ \___/ \_/\_/ \___|_| \___|\__,_| |_.__/ \__, | \__|_| |_|\___|
| | __/ |
|_|_____ _____ _______ _______ ____ _ _|___/_ __ __ _____ _____ ____ _ _
|__ __| __ \|_ _\ \ / /_ _/ __ \| \ | |/ __ \| \/ |_ _/ ____/ __ \| \ | |
| | | |__) | | | \ \ / / | || | | | \| | | | | \ / | | || | | | | | \| |
| | | _ / | | \ \/ / | || | | | . ` | | | | |\/| | | || | | | | | . ` |
| | | | \ \ _| |_ \ / _| || |__| | |\ | |__| | | | |_| || |___| |__| | |\ |
|_| |_| \_\_____| \/ |_____\____/|_| \_|\____/|_| |_|_____\_____\____/|_| \_|
'';
}

1
trivionomicon/pkgs/default.nix
View file

@ -5,6 +5,5 @@ in {
override = {};
athena-bccr = callPackage ./athena-bccr {};
snapborg = final.python3Packages.callPackage ./snapborg {};
spliit = callPackage ./spliit {};
}

29
trivionomicon/pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch
View file

@ -1,29 +0,0 @@
From c363931656938f9cc3354b8e2797fe9abac1b0e3 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Sun, 31 Aug 2025 13:30:45 -0600
Subject: [PATCH] Remove "env" arg from subprocess calls
---
snapborg/borg.py | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/snapborg/borg.py b/snapborg/borg.py
index 89a3d84..b74ddf7 100644
--- a/snapborg/borg.py
+++ b/snapborg/borg.py
@@ -173,11 +173,10 @@ def launch_borg(args, password=None, print_output=False, dryrun=False, cwd=None)
# TODO: parse output from JSON log lines
try:
if print_output:
- subprocess.run(cmd, env=env, check=True, cwd=cwd)
+ subprocess.run(cmd, check=True, cwd=cwd)
else:
subprocess.check_output(cmd,
stderr=subprocess.STDOUT,
- env=env,
cwd=cwd)
except CalledProcessError as e:
if e.returncode == 1:
--
2.49.0

34
trivionomicon/pkgs/snapborg/default.nix
View file

@ -1,34 +0,0 @@
{
borgbackup,
buildPythonApplication,
fetchFromGitHub,
lib,
packaging,
pyyaml,
}:
buildPythonApplication {
pname = "snapborg";
version = "0.1.0-unstable-20250331";
src = fetchFromGitHub {
repo = "snapborg";
owner = "enzingerm";
rev = "7e860395319f995161a6e0c7954ce47635e3cd59";
hash = "sha256-RzYL4IHulk1Q/ALWFs6YCTeCO8ohwqXH2NMHRctRVSA=";
};
patches = [
./0001-Remove-env-arg-from-subprocess-calls.patch # Fixes broken $PATH when calling borg
];
propagatedBuildInputs = [
borgbackup
packaging
pyyaml
];
preFixup = ''
makeWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [borgbackup]})
'';
}