v
/
infrastructure
1
0
Fork 0
Code Issues 13 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

merge into: v:main
Branches Tags
v:main
v:new
v:reboot
v:renovate/renovate-renovate-37.x
...
pull from: v:new
Branches Tags
v:main
v:new
v:reboot
v:renovate/renovate-renovate-37.x

33 Commits
main ... new

Author SHA1 Message Date
Vivian 2dd983451d various updates
Lint / lint (push) Failing after 2m50s Details
2024-04-24 12:05:59 +02:00
Vivian 57b166f13c various updates
Lint / lint (push) Failing after 2m24s Details
2024-04-03 10:45:17 +02:00
Vivian cbeb09796d monitor mirroring
Lint / lint (push) Failing after 2m31s Details
2024-04-02 17:54:13 +02:00
Vivian 33d3631fd0 very simple waybar
Lint / lint (push) Failing after 2m30s Details
2024-03-23 22:48:37 +01:00
Vivian fe9f7e5efd fix theming
Lint / lint (push) Failing after 2m34s Details
2024-03-23 20:43:43 +01:00
Vivian 19f59b609d default hyprland conf
Lint / lint (push) Failing after 2m31s Details
2024-03-23 12:23:57 +01:00
Vivian 741da44456 some cleanup
Lint / lint (push) Failing after 2m29s Details
2024-03-21 20:21:07 +01:00
Vivian 9cf23df9ec more nvim config
Lint / lint (push) Failing after 2m27s Details
2024-03-21 17:20:29 +01:00
Vivian 71d1aee2a0 more nvim config
Lint / lint (push) Failing after 2m36s Details
2024-03-21 14:41:17 +01:00
Vivian d0e01e9f73 even more nvim config
Lint / lint (push) Failing after 2m42s Details
2024-03-19 17:26:28 +01:00
Vivian 2f65b2f692 more nvim config
Lint / lint (push) Failing after 2m35s Details
2024-03-19 12:37:21 +01:00
Vivian b7f7c8f0a3 mold in rust
Lint / lint (push) Failing after 2m40s Details
2024-03-19 10:27:04 +01:00
Vivian 86e4c4b78d big nvim updates
Lint / lint (push) Failing after 2m40s Details
2024-03-19 10:14:30 +01:00
Vivian 868112e4cc various updates
Lint / lint (push) Failing after 2m38s Details
2024-03-18 17:12:51 +01:00
Vivian 73f968c074 some minor config
Lint / lint (push) Failing after 2m34s Details
2024-03-14 11:47:49 +01:00
Vivian 421949a671 minor updates 2024-03-04 15:22:52 +01:00
Vivian 0629b8ec6a more net sec stuff
Lint / lint (push) Failing after 2m17s Details
2024-02-26 12:19:32 +01:00
Vivian a4dd20beb5 wireshark
Lint / lint (push) Failing after 2m18s Details
2024-02-20 16:18:54 +01:00
Vivian 35adb9eb84 aoife updates
Lint / lint (push) Failing after 2m6s Details
2024-02-20 10:56:17 +01:00
Vivian 7db895045e update
Lint / lint (push) Failing after 1m57s Details
2024-02-04 14:27:26 +01:00
Vivian f71da21947 pin kernel to fix flicker
Lint / lint (push) Failing after 2m37s Details
2024-01-26 10:31:50 +01:00
Vivian 0dec077ddf update lock
Lint / lint (push) Failing after 2m14s Details
2024-01-08 10:55:23 +01:00
Vivian 1fbff29d2a initial implementation of meta 2024-01-05 17:30:26 +01:00
Vivian 9f943fa7d2 fix aoife
Lint / lint (push) Failing after 2m1s Details
2024-01-05 10:45:34 +01:00
Vivian 2106adca7b add aoife 2024-01-03 17:01:29 +01:00
Vivian 5e16312be4 fix plex_update
Lint / lint (push) Failing after 2m6s Details
2024-01-03 15:53:19 +01:00
Vivian 2bcb4c3fbb move pkgs
Lint / lint (push) Failing after 2m7s Details
2024-01-03 15:50:11 +01:00
Vivian e4eefd8279 fix infinite recursion
Lint / lint (push) Failing after 2m4s Details
2024-01-03 15:49:32 +01:00
Vivian 8ce5a9699d switch to fup
Lint / lint (push) Failing after 2m18s Details
2024-01-03 12:06:11 +01:00
Vivian fbce62aee6 move common completely 2024-01-03 11:41:04 +01:00
Vivian af10f6570e add modules 2024-01-03 11:40:31 +01:00
Vivian b11cd37ad2 add hm 2024-01-03 11:36:37 +01:00
Vivian e9f9a8e84d initial rewrite
Lint / lint (push) Failing after 3m16s Details
2024-01-03 11:33:00 +01:00
132 changed files with 2863 additions and 10196 deletions
Show Stats Expand all files Collapse all files

4
.forgejo/workflows/plex_update.yml
View File

@ -26,9 +26,9 @@ jobs:
git config user.email "<>"
# Run Update script
./nixos/pkgs/plex-pass/update.sh
./pkgs/plex-pass/update.sh
git add ./nixos/pkgs/plex-pass/
git add ./pkgs/plex-pass/
# Push if changed
if git status ./nixos/pkgs/plex-pass/ | grep -q "to be committed"; then

BIN
assets/wallpaper-nix-pink.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

34
nixos/common/default.nix → common/default.nix
View File

@ -1,17 +1,8 @@
{ lib, pkgs, inputs, config, ... }: {
imports =
[ ./users ./modules inputs.vault-secrets.nixosModules.vault-secrets ];
vault-secrets =
let
inherit (config.networking) domain hostName;
server = if domain == "olympus" then "vault" else "vault-0";
in
lib.mkIf (domain == "olympus" || domain == "hades") {
vaultPrefix = "${domain}_secrets/nixos";
vaultAddress = "http://${server}.${domain}:8200/";
approlePrefix = "${domain}-${hostName}";
};
{ lib, inputs, pkgs, ... }: {
imports = [
./users
./modules
];
home-manager = {
useGlobalPkgs = true;
@ -22,9 +13,6 @@
virtualisation.oci-containers.backend = lib.mkDefault "podman";
# Clean /tmp on boot.
boot.tmp.cleanOnBoot = true;
# Set your time zone.
time.timeZone = lib.mkDefault "Europe/Amsterdam";
@ -33,7 +21,7 @@
# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
systemd.oomd = {
enableRootSlice = true;
enableUserServices = true;
enableUserSlices = true;
};
# security.polkit.enable = lib.mkDefault true;
@ -50,16 +38,14 @@
substituters = [
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
"https://colmena.cachix.org"
# "https://cache.garnix.io"
"https://cachix.cachix.org"
"https://cosmic.cachix.org"
];
trusted-public-keys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
# "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
};
optimise = {
@ -77,8 +63,6 @@
'';
};
nixpkgs.config.allowUnfree = true;
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''
@ -86,6 +70,8 @@
MaxFileSec=7day
'';
services.dbus.implementation = "broker";
# Enable SSH
services.openssh = {
enable = true;

0
nixos/common/desktop/README.md → common/desktop/README.md
View File

57
nixos/common/desktop/default.nix → common/desktop/default.nix
View File

@ -1,4 +1,10 @@
{ pkgs, lib, inputs, ... }: {
{
pkgs,
lib,
inputs,
...
}:
{
# Bootloader.
boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -7,36 +13,41 @@
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
};
kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; };
kernel.sysctl = lib.mkDefault { "fs.inotify.max_user_watches" = 524288; };
initrd = {
systemd.enable = true;
verbose = false;
};
};
programs.nix-ld.enable = true;
# programs.nix-ld.enable = true;
hardware.keyboard.qmk.enable = true;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.vivian = import ./home.nix;
extraSpecialArgs = { inherit inputs; };
extraSpecialArgs = {
inherit inputs;
};
};
hardware.pulseaudio.enable = false;
services = {
# Enable my config for the gnome desktop environment
v.gnome.enable = true;
v.gnome.enable = lib.mkDefault true;
# Enable CUPS to print documents.
printing.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
audio.enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
@ -62,19 +73,16 @@
};
# Global Packages
environment.systemPackages = with pkgs; [ wireguard-tools sbctl podman-compose ];
environment.systemPackages = with pkgs; [
wireguard-tools
sbctl
]; # ++ (if config.virtualisation.podman.enable then [ pkgs.podman-compose ] else []);
# programs.virt-manager = {
# enable = true;
# };
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
virtualisation = {
podman.enable = true;
podman.enable = lib.mkDefault true;
libvirtd = {
enable = true;
qemu.package = pkgs.qemu_kvm;
@ -88,23 +96,28 @@
noto-fonts-emoji
dejavu_fonts
(nerdfonts.override {
fonts =
[ "DejaVuSansMono" "Ubuntu" "DroidSansMono" "NerdFontsSymbolsOnly" ];
fonts = [
"DejaVuSansMono"
"Ubuntu"
"DroidSansMono"
"NerdFontsSymbolsOnly"
];
})
];
programs = {
steam = {
enable = true;
# Open ports in the firewall for Steam Remote Play
remotePlay.openFirewall = true;
package = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [ gamescope mangohud ];
extraPkgs =
pkgs: with pkgs; [
gamescope
mangohud
];
};
};
gamemode.enable = true;
adb.enable = true;
};
networking = {

89
nixos/common/desktop/home.nix → common/desktop/home.nix
View File

@ -1,35 +1,50 @@
{ pkgs, inputs, config, ... }:
{
pkgs,
inputs,
config,
...
}:
let
tex = pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full;
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
dnd-5e-latex-template = {
pkgs = [ pkgs.v.dnd-5e-latex-template ];
};
};
my-python-packages = ps: with ps; [ pandas requests numpy ];
in {
my-python-packages =
ps: with ps; [
pandas
requests
numpy
scapy
pyshark
cryptography
flask
ipwhois
pyasn
z3-solver
];
in
{
home.packages = with pkgs; [
(python3.withPackages my-python-packages)
btop
calibre
celluloid
celluloid # video player
cinny-desktop
element-desktop
fusee-launcher
fractal-next
foliate
foliate # epub reader
gcc
gimp
helix
inputs.attic.packages.${pkgs.system}.attic
inputs.comma.packages.${pkgs.system}.default
inputs.webcord.packages.${pkgs.system}.default
jetbrains.clion
comma
discord
jetbrains.rust-rover
kdenlive
libreoffice-fresh
mattermost-desktop
mullvad-vpn
neofetch
nixfmt
nixpkgs-review
plex-media-player
plexamp
@ -39,6 +54,7 @@ in {
tex
unzip
yt-dlp
# z3
];
# Enable my own hm modules
@ -50,11 +66,6 @@ in {
rust.enable = true;
};
riff = {
enable = true;
direnv = true;
};
firefox.enable = true;
chromium = {
@ -69,28 +80,38 @@ in {
zsh = {
enable = true;
sessionVariables = { DIRENV_LOG_FORMAT = ""; };
sessionVariables = {
DIRENV_LOG_FORMAT = "";
};
};
thunderbird = {
enable = true;
profiles.default = { isDefault = true; };
profiles.default = {
isDefault = true;
};
};
kitty = {
enable = true;
shellIntegration.enableZshIntegration = true;
};
};
# Syncthing
services.syncthing.enable = true;
xdg.userDirs = let home = config.home.homeDirectory;
in {
enable = true;
createDirectories = true;
desktop = "${home}/.desktop";
documents = "${home}/cloud/Documents";
download = "${home}/dl";
music = "${home}/cloud/Music";
pictures = "${home}/cloud/Pictures";
publicShare = "${home}/.publicShare";
templates = "${home}/.templates";
videos = "${home}/cloud/Videos";
};
xdg.userDirs =
let
home = config.home.homeDirectory;
in
{
enable = true;
createDirectories = true;
desktop = "${home}/.desktop";
documents = "${home}/cloud/Documents";
download = "${home}/dl";
music = "${home}/cloud/Music";
pictures = "${home}/cloud/Pictures";
publicShare = "${home}/.publicShare";
templates = "${home}/.templates";
videos = "${home}/cloud/Videos";
};
}

4
nixos/common/generic-vm.nix → common/generic-vm.nix
View File

@ -1,5 +1,5 @@
_: {
networking.useDHCP = true;
{ lib, ... }: {
networking.useDHCP = lib.mkDefault true;
# Enable qemu guest agent
services.qemuGuest.enable = true;

90
common/hm-modules/catppuccin/default.nix Normal file
View File

@ -0,0 +1,90 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
inherit (builtins) fromTOML readFile;
cfg = config.themes.v.catppuccin;
mako = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "mako";
rev = "9dd088aa5f4529a3dd4d9760415e340664cb86df";
sha256 = "sha256-nUzWkQVsIH4rrCFSP87mXAka6P+Td2ifNbTuP7NM/SQ=";
};
starship = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "starship";
rev = "5629d2356f62a9f2f8efad3ff37476c19969bd4f";
sha256 = "sha256-nsRuxQFKbQkyEI4TXgvAjcroVdG+heKX5Pauq/4Ota0=";
};
in
{
options.themes.v.catppuccin = {
enable = mkEnableOption "catppuccin";
};
config = mkIf cfg.enable {
home.pointerCursor = {
name = "Bibata_Ghost";
size = 24;
package = pkgs.bibata-cursors-translucent;
};
programs.kitty = {
theme = "Catppuccin-Frappe";
font.name = "DejaVuSansMono Nerd Font";
};
gtk = {
enable = true;
theme = {
name = "Catppuccin-Frappe-Standard-Pink-Dark";
package = pkgs.catppuccin-gtk.override {
accents = [ "pink" ];
variant = "frappe";
size = "standard";
};
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme.override { color = "violet"; };
};
cursorTheme = {
inherit (config.home.pointerCursor) name package size;
};
};
qt = {
enable = true;
platformTheme = "qtct";
style.name = "kvantum";
};
xdg.configFile = {
"Kvantum/kvantum.kvconfig".text = ''
[General]
theme=Catppuccin-Frappe-Pink
'';
};
home.packages = with pkgs; [
(catppuccin-kvantum.override {
accent = "Pink";
variant = "Frappe";
})
];
programs.mako.extraConfig = readFile "${mako}/src/frappe";
programs.starship.settings = {
palette = "catppuccin_frappe";
} //fromTOML (readFile "${starship}/palettes/frappe.toml");
programs.vscode = {
userSettings."workbench.colorTheme" = "Catppuccin Frappé";
extensions = [ pkgs.vscode-extensions.catppuccin.catppuccin-vsc ];
};
};
}

10
common/hm-modules/default.nix Normal file
View File

@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./catppuccin
./nvim
./vscode.nix
./git.nix
./rust.nix
];
}

0
nixos/common/hm-modules/git.nix → common/hm-modules/git.nix
View File

409
common/hm-modules/nvim/default.nix Normal file
View File

@ -0,0 +1,409 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.programs.v.nvim;
nvim-nio = pkgs.vimUtils.buildVimPlugin {
name = "nvim-nio";
src = pkgs.fetchFromGitHub {
owner = "nvim-neotest";
repo = "nvim-nio";
rev = "refs/tags/v1.8.0";
sha256 = "sha256-RFmH+683vrg4BELwtAQqjV8oGkvRgzcd6kd5r1s3Jp8=";
};
};
in
with lib;
{
options.programs.v.nvim = {
enable = mkEnableOption "nvim";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ fd ];
home.file.".config/nvim/lua".source = ./lua;
programs.nixvim = {
enable = true;
package = pkgs.neovim-unwrapped;
vimAlias = true;
luaLoader.enable = true;
globals.mapleader = " ";
options = {
number = true;
conceallevel = 2;
};
clipboard.providers.wl-copy.enable = true;
keymaps = [
# General
{
mode = "n";
key = "<leader>";
action = ":noh<CR>";
}
# Telescope
{
mode = "n";
key = "<leader>ff";
action = ":Telescope find_files<CR>";
}
{
mode = "n";
key = "<leader>fs";
action = ":Telescope file_browser<CR>";
}
{
mode = "n";
key = "<leader>fg";
action = "require('telescope.builtin').live_grep";
lua = true;
}
{
mode = "n";
key = "<leader>fb";
action = ":Telescope buffers<CR>";
}
{
mode = "n";
key = "<leader>fo";
action = ":Telescope oldfiles<CR>";
}
{
mode = "n";
key = "<leader>fr";
action = ":Telescope frecency<CR>";
}
{
mode = "n";
key = "<leader>ob";
action = "require('obsidian_picker').obsidian_picker";
lua = true;
}
# Commenting
{
mode = "n";
key = "<C-/>";
action = "require('Comment.api').toggle.linewise.current";
lua = true;
}
{
mode = "x";
key = "<C-/>";
action = ''
function()
local esc = vim.api.nvim_replace_termcodes(
'<ESC>', true, false, true
)
vim.api.nvim_feedkeys(esc, 'nx', false)
require('Comment.api').toggle.linewise(vim.fn.visualmode())
end
'';
lua = true;
}
# Float Term
{
mode = "n";
key = "t";
action = ":FloatermToggle myfloat<CR>";
}
{
mode = "t";
key = "<ESC>";
action = "function() vim.cmd(':FloatermToggle myfloat') end";
lua = true;
}
# Switch buffers
{
mode = "n";
key = "<leader>q";
action = ":bd<CR>"; # Delete buffer
}
{
mode = "n";
key = "<leader>s";
action = ":bn<CR>"; # Buffer next
}
{
mode = "n";
key = "<leader>a";
action = ":bp<CR>"; # Buffer previous
}
# Change Indenting
{
mode = "n";
key = "<S-Tab>";
action = "<<_";
}
{
mode = "n";
key = "<Tab>";
action = ">>_";
}
{
mode = "v";
key = "<Tab>";
action = ">gv";
}
{
mode = "v";
key = "<S-Tab>";
action = "<gv";
}
# Neotest
{
mode = "n";
key = "<leader>nr";
lua = true;
action = "require('neotest').run.run";
}
{
mode = "n";
key = "<leader>no";
lua = true;
action = "require('neotest').output.open";
}
{
mode = "n";
key = "<leader>ns";
lua = true;
action = "require('neotest').run.stop";
}
{
mode = "n";
key = "<leader>nf";
lua = true;
action = "function() require('neotest').run.run(vim.fn.expand('%')) end";
}
# LSP
{
mode = "n";
key = "<M-CR>";
action = ":Lspsaga code_action<CR>";
}
];
extraPlugins = with pkgs.vimPlugins; [
FixCursorHold-nvim
nvim-web-devicons
nvim-nio
nvim-surround
];
extraConfigLua = "
require('nvim-surround').setup()
";
colorschemes.catppuccin = {
enable = true;
flavour = "frappe";
};
plugins = {
image = {
enable = true;
};
bufferline.enable = true;
nix.enable = true;
luasnip.enable = true;
typst-vim.enable = true;
startup = {
enable = true;
theme = "my_theme";
};
obsidian = {
enable = true;
settings = {
new_notes_location = "notes_subdir";
daily_notes = {
folder = "daily";
};
workspaces = [
{
name = "uni";
path = "~/cloud/Documents/CESE/notes";
}
{
name = "notes";
path = "~/cloud/Notes";
}
];
completion = {
min_chars = 2;
nvim_cmp = true;
};
picker.name = "telescope.nvim";
note_id_func = ''
function(title)
-- Create note IDs in a Zettelkasten format with a timestamp and a suffix.
-- In this case a note with the title 'My new note' will be given an ID that looks
-- like '1657296016-my-new-note', and therefore the file name '1657296016-my-new-note.md'
local suffix = ""
if title ~= nil then
-- If title is given, transform it into valid file name.
suffix = title:gsub(" ", "-"):gsub("[^A-Za-z0-9-]", ""):lower()
else
-- If title is nil, just add 4 random uppercase letters to the suffix.
for _ = 1, 4 do
suffix = suffix .. string.char(math.random(65, 90))
end
end
return tostring(os.time()) .. "-" .. suffix
end
'';
};
};
fidget = {
enable = true;
progress = {
ignoreDoneAlready = true;
ignore = [ "ltex" ];
display.doneTtl = 5;
};
notification = {
overrideVimNotify = true;
};
};
neotest = {
enable = true;
adapters = {
plenary.enable = true;
python.enable = true;
rust = {
enable = true;
settings.args = [ "--no-capture" ];
};
};
};
treesitter = {
enable = true;
nixGrammars = true;
disabledLanguages = [ "latex" ];
};
# surround.enable = true;
fugitive.enable = true;
gitgutter.enable = true;
lualine = {
enable = true;
theme = "catppuccin";
};
telescope = {
enable = true;
defaults.preview.ls_short = true;
extensions.file-browser = {
enable = true;
hijackNetrw = true;
dirIcon = "";
};
extensions.fzf-native.enable = true;
extensions.fzf-native.fuzzy = true;
extensions.frecency.enable = true;
extraOptions = { };
};
comment-nvim.enable = true;
none-ls = {
enable = true;
sources = {
formatting = {
nixfmt = {
enable = true;
package = pkgs.nixfmt-rfc-style;
};
};
};
};
lsp = {
enable = true;
keymaps = {
lspBuf = {
K = "hover";
gD = "references";
gd = "definition";
gi = "implementation";
gt = "type_definition";
"g=" = "format";
};
diagnostic = {
"<leader>j" = "goto_next";
"<leader>k" = "goto_prev";
};
};
servers = {
cssls.enable = true;
nil_ls.enable = true; #NixOS
dockerls.enable = true;
rust-analyzer = {
enable = true;
installCargo = false;
installRustc = false;
};
pyright.enable = true;
pylsp = {
enable = true;
settings.plugins = {
black = {
enabled = true;
cache_config = true;
};
pycodestyle = {
maxLineLength = 100;
};
};
};
elixirls.enable = true;
clangd.enable = true;
yamlls.enable = true;
lua-ls.enable = true;
};
};
trouble.enable = true;
lspkind.enable = true;
lspsaga = {
enable = true;
lightbulb.enable = false;
};
nvim-lightbulb = {
enable = true;
settings = {
autocmd.enabled = true;
number.enabled = true;
};
};
vimtex.enable = true;
floaterm.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
cmdline.":".sources = [ { name = "path"; } ];
snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
mapping = {
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
};
sources = [
{ name = "nvim_lsp_signature_help"; }
{ name = "path"; }
{ name = "nvim_lsp"; }
{ name = "luasnip"; }
{
name = "buffer";
# Words from other open buffers can also be suggested.
option.get_bufnrs.__raw = "vim.api.nvim_list_bufs";
}
];
};
};
};
};
};
}

48
common/hm-modules/nvim/lua/obsidian_picker.lua Normal file
View File

@ -0,0 +1,48 @@
local pickers = require "telescope.pickers"
local finders = require "telescope.finders"
local conf = require("telescope.config").values
local actions = require("telescope.actions")
local action_state = require("telescope.actions.state")
local obsidian_commands = require("obsidian.commands").commands
local results = {}
for key, _ in pairs(obsidian_commands) do
table.insert(results, string.sub(key, 9))
end
Local = 100
local Local = 3
print(Local)
local obsidian_picker = function(opts)
opts = opts or require("telescope.themes").get_dropdown{}
pickers.new(opts, {
prompt_title = "Obsidian",
finder = finders.new_table {
results = results,
-- entry_maker = function(entry)
-- return {
-- value = entry,
-- display = entry[1],
-- ordinal = entry[1],
-- }
-- end
},
sorter = conf.generic_sorter(opts),
attach_mappings = function(prompt_bufnr, map)
actions.select_default:replace(function()
actions.close(prompt_bufnr)
local selection = action_state.get_selected_entry()
vim.cmd(':Obsidian' .. selection[1])
end)
return true
end,
}):find()
end
-- obsidian_picker()
return {
obsidian_picker = obsidian_picker
}

75
common/hm-modules/nvim/lua/startup/themes/my_theme.lua Normal file
View File

@ -0,0 +1,75 @@
local settings = {
-- every line should be same width without escaped \
header = {
type = "text",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Header",
margin = 5,
content = {
" ███╗ ██╗ ███████╗ ██████╗ ██╗ ██╗ ██╗ ███╗ ███╗",
" ████╗ ██║ ██╔════╝██╔═══██╗ ██║ ██║ ██║ ████╗ ████║",
" ██╔██╗ ██║ █████╗ ██║ ██║ ██║ ██║ ██║ ██╔████╔██║",
" ██║╚██╗██║ ██╔══╝ ██║ ██║ ╚██╗ ██╔╝ ██║ ██║╚██╔╝██║",
" ██║ ╚████║ ███████╗╚██████╔╝ ╚████╔╝ ██║ ██║ ╚═╝ ██║",
" ╚═╝ ╚═══╝ ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝",
},
highlight = "Statement",
default_color = "",
oldfiles_amount = 0,
},
-- name which will be displayed and command
body = {
type = "mapping",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Basic Commands",
margin = 5,
content = {
{ " Find File", "Telescope find_files", "<leader>ff"},
{ "󰍉 Find Word ", "Telescope live_grep", "<leader>fg"},
{ " Recent Files", "Telescope oldfiles", "<leader>fo"},
{ " File Browser", "Telescope file_browser", "<leader>fs"},
{ " New File", "lua require'startup'.new_file()", "<leader>nf"},
},
highlight = "String",
default_color = "",
oldfiles_amount = 0,
},
footer = {
type = "text",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Footer",
margin = 5,
content = { "bottom text" },
highlight = "Number",
default_color = "",
oldfiles_amount = 0,
},
options = {
mapping_keys = true,
cursor_column = 0.5,
empty_lines_between_mappings = true,
disable_statuslines = true,
paddings = { 1, 3, 3, 0 },
},
mappings = {
execute_command = "<CR>",
open_file = "o",
open_file_split = "<c-o>",
open_section = "<TAB>",
open_help = "?",
},
colors = {
background = "#1f2227",
folded_section = "#56b6c2",
},
parts = { "header", "body", "footer" },
}
return settings

35
common/hm-modules/nvim/obsidian_picker.lua Normal file
View File

@ -0,0 +1,35 @@
local pickers = require "telescope.pickers"
local finders = require "telescope.finders"
local conf = require("telescope.config").values
local actions = require("telescope.actions")
local action_state = require("telescope.actions.state")
local obsidian_commands = require("obsidian.commands").commands
local results = {}
for key, _ in pairs(obsidian_commands) do
table.insert(results, string.sub(key, 9))
end
local obsidian_picker = function(opts)
opts = opts or require("telescope.themes").get_dropdown {}
pickers.new(opts, {
prompt_title = "Obsidian",
finder = finders.new_table {
results = results,
},
sorter = conf.generic_sorter(opts),
attach_mappings = function(prompt_bufnr, map)
actions.select_default:replace(function()
actions.close(prompt_bufnr)
local selection = action_state.get_selected_entry()
vim.cmd(':Obsidian' .. selection[1])
end)
return true
end,
}):find()
end
return {
obsidian_picker = obsidian_picker
}

44
common/hm-modules/rust.nix Normal file
View File

@ -0,0 +1,44 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.programs.v.rust;
in
{
options.programs.v.rust.enable = mkEnableOption "rust";
config = mkIf cfg.enable {
home = {
packages = with pkgs; [
rustup
cargo-binutils
cargo-nextest
cargo-msrv
cargo-dist
cargo-cross
];
file.".cargo/config.toml".text = ''
[registries.crates-io]
protocol = "sparse"
[build]
rustc-wrapper = "${pkgs.sccache}/bin/sccache"
[profile.rust-analyzer]
inherits = "dev"
'';
# [target.'cfg(not(target_arch = "mips"))']
# linker = "${pkgs.clang}/bin/clang"
# rustflags = ["-C", "link-arg=-fuse-ld=${pkgs.mold}/bin/mold"]
sessionPath = [ "$HOME/.cargo/bin" ];
};
};
}

0
nixos/common/hm-modules/vscode.nix → common/hm-modules/vscode.nix
View File

11
common/modules/default.nix Normal file
View File

@ -0,0 +1,11 @@
{ ... }: {
imports = [
./meta.nix
./nginx.nix
./dns.nix
./flood.nix
./gnome
./unpackerr.nix
./vault.nix
];
}

30
nixos/common/modules/dns.nix → common/modules/dns.nix
View File

@ -1,18 +1,22 @@
{ config, pkgs, lib, hosts, flat_hosts, ... }:
{ config, pkgs, lib, self, ... }:
# DNS Module to set up Unbound DNS with all my hosts in the config
# Used for DNS Servers and my laptop
with lib;
let
inherit (builtins) filter hasAttr attrNames;
domains = attrNames hosts;
ipv4Host = filter (hasAttr "ip") flat_hosts;
ipv6Hosts = filter (hasAttr "ip6") flat_hosts;
inherit (builtins) filter attrValues;
domains = [ "hades" "olympus" "thalassa" ];
mapConfig = host: {
inherit (host.config.networking) hostName domain;
inherit (host.config.meta) ipv4 ipv6;
};
hosts = (map mapConfig (attrValues self.nixosConfigurations));
ipv4Hosts = filter (v: v.ipv4 != null) hosts;
ipv6Hosts = filter (v: v.ipv6 != null) hosts;
localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"'';
local6Data = { hostname, realm, ip6, ... }:
''"${hostname}.${realm}. AAAA ${ip6}"'';
ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"'';
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"'';
local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"'';
ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"'';
ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"'';
cfg = config.services.v.dns;
in {
@ -37,7 +41,7 @@ in {
};
mode = mkOption {
type = enum [ "server" "laptop" ];
type = types.enum [ "server" "laptop" ];
default = "laptop";
description = ''
Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost)
@ -69,8 +73,8 @@ in {
local-zone =
map (localdomain: ''"${localdomain}}." transparent'') domains;
local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts);
local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts);
private-address = [
"127.0.0.0/8"

0
nixos/common/modules/flood.nix → common/modules/flood.nix
View File

35
nixos/common/modules/gnome/default.nix → common/modules/gnome/default.nix
View File

@ -1,11 +1,14 @@
{ config, pkgs, lib, inputs, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let cfg = config.services.v.gnome;
in {
imports = [
inputs.gnome-autounlock-keyring.nixosModules.default
];
let
cfg = config.services.v.gnome;
in
{
options.services.v.gnome = {
enable = mkEnableOption "v.gnome";
hm = mkOption {
@ -33,14 +36,14 @@ in {
xserver = {
enable = true;
excludePackages = [ pkgs.xterm ];
# Configure keymap in X11
layout = "us";
xkbVariant = "altgr-intl";
xkb = {
layout = "us";
variant = "altgr-intl";
};
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
displayManager.gdm.enable = lib.mkDefault true;
desktopManager.gnome.enable = true;
};
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
@ -53,12 +56,16 @@ in {
# Add Home-manager dconf stuff
home-manager.sharedModules = mkIf cfg.hm [ ./hm.nix ];
environment.gnome.excludePackages =
(with pkgs; [ gnome-photos gnome-tour gnome-connections ])
(with pkgs; [
gnome-photos
gnome-tour
gnome-connections
])
++ (with pkgs.gnome; [
atomix # puzzle game
epiphany # web browser
geary # email reader
gedit # text editor
pkgs.gedit # text editor
gnome-calendar
gnome-clocks
gnome-contacts

50
nixos/common/modules/gnome/hm.nix → common/modules/gnome/hm.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }:
{ lib, pkgs, ... }:
with lib.hm.gvariant;
let
@ -34,29 +34,29 @@ in {
"application/x-extension-html" = "firefox.desktop";
# Images
"image/bmp" = "org.gnome.eog.desktop";
"image/gif" = "org.gnome.eog.desktop";
"image/jpg" = "org.gnome.eog.desktop";
"image/pjpeg" = "org.gnome.eog.desktop";
"image/png" = "org.gnome.eog.desktop";
"image/tiff" = "org.gnome.eog.desktop";
"image/webp" = "org.gnome.eog.desktop";
"image/x-bmp" = "org.gnome.eog.desktop";
"image/x-gray" = "org.gnome.eog.desktop";
"image/x-icb" = "org.gnome.eog.desktop";
"image/x-ico" = "org.gnome.eog.desktop";
"image/x-png" = "org.gnome.eog.desktop";
"image/x-portable-anymap" = "org.gnome.eog.desktop";
"image/x-portable-bitmap" = "org.gnome.eog.desktop";
"image/x-portable-graymap" = "org.gnome.eog.desktop";
"image/x-portable-pixmap" = "org.gnome.eog.desktop";
"image/x-xbitmap" = "org.gnome.eog.desktop";
"image/x-xpixmap" = "org.gnome.eog.desktop";
"image/x-pcx" = "org.gnome.eog.desktop";
"image/svg+xml" = "org.gnome.eog.desktop";
"image/svg+xml-compressed" = "org.gnome.eog.desktop";
"image/vnd.wap.wbmp" = "org.gnome.eog.desktop";
"image/x-icns" = "org.gnome.eog.desktop";
"image/bmp" = "org.gnome.Loupe.desktop";
"image/gif" = "org.gnome.Loupe.desktop";
"image/jpg" = "org.gnome.Loupe.desktop";
"image/pjpeg" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/tiff" = "org.gnome.Loupe.desktop";
"image/webp" = "org.gnome.Loupe.desktop";
"image/x-bmp" = "org.gnome.Loupe.desktop";
"image/x-gray" = "org.gnome.Loupe.desktop";
"image/x-icb" = "org.gnome.Loupe.desktop";
"image/x-ico" = "org.gnome.Loupe.desktop";
"image/x-png" = "org.gnome.Loupe.desktop";
"image/x-portable-anymap" = "org.gnome.Loupe.desktop";
"image/x-portable-bitmap" = "org.gnome.Loupe.desktop";
"image/x-portable-graymap" = "org.gnome.Loupe.desktop";
"image/x-portable-pixmap" = "org.gnome.Loupe.desktop";
"image/x-xbitmap" = "org.gnome.Loupe.desktop";
"image/x-xpixmap" = "org.gnome.Loupe.desktop";
"image/x-pcx" = "org.gnome.Loupe.desktop";
"image/svg+xml" = "org.gnome.Loupe.desktop";
"image/svg+xml-compressed" = "org.gnome.Loupe.desktop";
"image/vnd.wap.wbmp" = "org.gnome.Loupe.desktop";
"image/x-icns" = "org.gnome.Loupe.desktop";
};
dconf.settings = {
@ -120,7 +120,7 @@ in {
} // generate_custom_keybindings {
"terminal" = {
binding = "<Super>Return";
command = "kgx";
command = "${pkgs.kitty}/bin/kitty";
name = "Open Terminal";
};
"firefox" = {

89
common/modules/meta.nix Normal file
View File

@ -0,0 +1,89 @@
{ lib, config, ... }:
with lib;
let
exposesOpts = {
options = {
domain = mkOption {
type = types.str;
example = "<name>.example.com";
description = lib.mdDoc ''
The domain under which this service should be available
'';
};
port = mkOption {
type = types.int;
default = 80;
example = 4242;
description = lib.mdDoc ''
The port under which the service runs on the host
'';
};
};
};
in {
options.meta = {
exposes = mkOption {
type = with types; attrsOf (submodule exposesOpts);
default = { };
description = ''
Exposed services
'';
};
ipv4 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv4 Address
'';
};
ipv6 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv6 address
'';
};
mac = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Own MAC Address
'';
};
isLaptop = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Is this host a Laptop (i.e. no DNS entries should be made).
'';
};
realm = mkOption {
readOnly = true;
type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]);
default = config.networking.domain;
defaultText = literalExpression "config.network.domain";
};
};
config = {
# TODO: Open Firewall
assertions = [
{
assertion = config.meta.mac != null;
message =
"${config.networking.fqdnOrHostName} is missing a mac address";
}
{
assertion = !config.meta.isLaptop -> config.meta.ipv4 != null;
message =
"${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop";
}
];
};
}

0
nixos/common/modules/nginx.nix → common/modules/nginx.nix
View File

0
nixos/common/modules/unpackerr.nix → common/modules/unpackerr.nix
View File

0
nixos/common/modules/vault.nix → common/modules/vault.nix
View File

33
nixos/common/users/default.nix → common/users/default.nix
View File

@ -1,5 +1,16 @@
{ config, pkgs, lib, ... }: {
imports = [ ./laura.nix ./vivian.nix ./jonathan.nix ];
{
config,
pkgs,
lib,
inputs,
...
}:
{
imports = [
./laura.nix
./vivian.nix
./jonathan.nix
];
programs = {
# Setup ZSH to use grml config
@ -11,12 +22,16 @@
interactiveShellInit = ''
source "${pkgs.grml-zsh-config}/etc/zsh/zshrc"
export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow"
source "${pkgs.fzf}/share/fzf/key-bindings.zsh"
source "${pkgs.fzf}/share/fzf/completion.zsh"
export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND"
export FZF_CTRL_R_COMMAND="$FZF_DEFAULT_COMMAND"
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
eval "$(${pkgs.fzf}/bin/fzf --zsh)"
export TEMPDIRS="$HOME/tmp"
source "${inputs.t.packages.${pkgs.system}.default}/bin/t-rs.sh"
'';
# otherwise it'll override the grml prompt
promptInit = "";
# promptInit = lib.mkDefault "";
};
# Install Neovim and set it as alias for vi(m)
@ -36,8 +51,7 @@
# Configure the root account
users.extraUsers.root = {
# Allow my SSH keys for logging in as root.
openssh.authorizedKeys.keys =
config.users.extraUsers.vivian.openssh.authorizedKeys.keys;
openssh.authorizedKeys.keys = config.users.extraUsers.vivian.openssh.authorizedKeys.keys;
# Also use zsh for root
shell = pkgs.zsh;
};
@ -54,6 +68,9 @@
ripgrep
rsync
zoxide
# Terminfo
pkgs.kitty.terminfo
];
programs.tmux = {
@ -66,6 +83,4 @@
setw -g mouse on
'';
};
}

0
nixos/common/users/jonathan.nix → common/users/jonathan.nix
View File

0
nixos/common/users/laura.nix → common/users/laura.nix
View File

1
nixos/common/users/vivian.nix → common/users/vivian.nix
View File

@ -41,6 +41,5 @@
homeDirectory = "/home/vivian";
stateVersion = "23.05";
};
};
}

1199
flake.lock
View File

File diff suppressed because it is too large Load Diff

236
flake.nix
View File

@ -6,7 +6,7 @@
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
nixpkgs_stable.url = "nixpkgs/nixos-23.05";
flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0";
nur.url = "github:nix-community/NUR";
colmena.url = "github:zhaofengli/colmena";
deploy.url = "github:serokell/deploy-rs";
@ -17,12 +17,6 @@
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
riff.url = "github:DeterminateSystems/riff";
webcord.url = "github:fufexan/webcord-flake";
comma.url = "github:nix-community/comma";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
mailserver.inputs.nixpkgs.follows = "nixpkgs";
@ -33,132 +27,152 @@
nixos-hardware.url = "github:nixos/nixos-hardware";
lanzaboote = {
url = "github:nix-community/lanzaboote";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote.url = "github:nix-community/lanzaboote";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git";
vault-unseal.inputs.nixpkgs.follows = "nixpkgs";
gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git";
gnome-autounlock-keyring.inputs.nixpkgs.follows = "nixpkgs";
t.url = "github:jdonszelmann/t-rs";
t.inputs.nixpkgs.follows = "nixpkgs";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs";
# Website(s)
essentials.url = "github:jdonszelmann/essentials";
essentials.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{ self
, nixpkgs
, nixpkgs_stable
, vault-secrets
, colmena
, nixos-generators
, nur
, attic
, deploy
, ...
{
self,
nixpkgs,
flake-utils-plus,
nur,
attic,
deploy,
home-manager,
gnome-autounlock-keyring,
lanzaboote,
t,
...
}@inputs:
let
inherit (nixpkgs) lib;
util = import ./nixos/util.nix inputs;
inherit (util) hosts flat_hosts nixHosts;
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ];
};
pkgs_stable = import nixpkgs_stable {
inherit system;
config.allowUnfree = true;
};
# Define args each module gets access to (access to hosts is useful for DNS/DHCP)
specialArgs = { inherit hosts flat_hosts inputs pkgs_stable; };
# Script to apply local colmena deployments
pkgs = self.pkgs.x86_64-linux.nixpkgs;
apply-local = pkgs.writeShellScriptBin "apply-local" ''
"${
colmena.packages.${system}.colmena
}"/bin/colmena apply-local --sudo $@
'';
fast-repl = pkgs.writeShellScriptBin "fast-repl" ''
source /etc/set-environment
nix repl --file "${./.}/repl.nix" $@
nh os switch --ask
'';
in
{
# Make the nixosConfigurations for compat reasons (e.g. vault)
nixosConfigurations =
(import (inputs.colmena + "/src/nix/hive/eval.nix") {
rawFlake = self;
colmenaOptions =
import (inputs.colmena + "/src/nix/hive/options.nix");
colmenaModules =
import (inputs.colmena + "/src/nix/hive/modules.nix");
}).nodes;
flake-utils-plus.lib.mkFlake {
# `self` and `inputs` arguments are required
inherit self inputs;
# Make the colmena configuration
colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el)
{
meta = {
inherit specialArgs;
nixpkgs = pkgs;
};
}
nixHosts;
# Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`.
supportedSystems = [ "x86_64-linux" ];
packages.${system} = {
inherit apply-local;
# Channels config
channelsConfig = {
allowUnfree = true;
};
sharedOverlays = [
(import ./pkgs)
nur.overlay
];
default = colmena.packages.${system}.colmena;
# host defaults
hostDefaults = {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
gnome-autounlock-keyring.nixosModules.default
./common
];
proxmox-lxc = nixos-generators.nixosGenerate {
inherit system specialArgs;
format = "proxmox-lxc";
modules = util.base_imports
++ [ (import ./nixos/templates/proxmox-lxc.nix) ];
};
# Broken
proxmox-vm = nixos-generators.nixosGenerate {
inherit system specialArgs;
format = "proxmox";
modules = util.base_imports
++ [ (import ./nixos/templates/proxmox-vm.nix) ];
specialArgs = {
inherit self inputs home-manager;
};
};
# Use by running `nix develop`
devShells.${system}.default = pkgs.mkShell {
VAULT_ADDR = "http://vault.olympus:8200/";
buildInputs = with pkgs; [
attic.packages.${pkgs.system}.attic
apply-local
colmena.packages.${system}.colmena
deploy.packages.${system}.deploy-rs
cachix
deadnix
statix
nixfmt
nixpkgs-fmt
nixUnstable
nil
vault
yamllint
jq
(vault-push-approle-envs self { })
(vault-push-approles self { })
fast-repl
];
# hosts
hosts = {
# TODO: Figure out why this is reversed, and how/why it sets the FQDN
"olympus.bastion" = {
modules = [
./common/generic-vm.nix
./hosts/olympus/bastion
];
};
aoife = {
modules = [
lanzaboote.nixosModules.lanzaboote
./common/desktop
./hosts/thalassa/aoife
];
};
};
# deploy-rs
deploy = {
user = "root";
nodes = {
"bastion-olympus" = {
hostname = "bastion.olympus";
fastConnection = true;
remoteBuild = true;
profiles = {
system = {
path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations."olympus.bastion";
};
};
};
aoife = {
remoteBuild = true;
fastConnection = true;
hostname = "aoife";
profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.aoife;
};
};
};
# Outputs
outputsBuilder = channels: {
devShells.default = channels.nixpkgs.mkShell {
name = "devShell";
VAULT_ADDR = "http://vault.olympus:8200/";
FLAKE = "/home/vivian/src/infrastructure-new";
packages = with pkgs; [
attic.packages.${system}.attic
apply-local
deploy.packages.${system}.deploy-rs
deadnix
statix
nixUnstable
vault
yamllint
jq
fup-repl
nh
];
};
};
# Checks
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // {
x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation {
name = "mac check";
src = self;
dontBuild = true;
doCheck = true;
checkPhase = ''
echo "Hello World"
'';
installPhase = "mkdir $out";
};
};
};
}

1
flux/.gitignore vendored
View File

@ -1 +0,0 @@
old_cluster

12
flux/README.md
View File

@ -1,12 +0,0 @@
# Kubernetes Cluster
This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster.
## Bootstrap
```sh
flux bootstrap git --url ssh://gitea@git.0x76.dev:42/v/infrastructure.git --branch=main --path=flux/olympus/base --ssh-key-algorithm=ed25519
```
## References
Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster)
[Flux]: https://github.com/fluxcd/flux2

15
flux/olympus/apps/flux-system/external-secret.yaml
View File

@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: weave-gitops
namespace: flux-system
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: oidc-auth
dataFrom:
- extract:
key: flux-system/weave-gitops

6
flux/olympus/apps/flux-system/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- external-secret.yaml
- weave-gitops-dashboard.yaml

76
flux/olympus/apps/flux-system/rbac.yaml
View File

@ -1,76 +0,0 @@
---
# Admin cluster role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: weave-admin
rules:
# Flux Resources
- apiGroups: ["kustomize.toolkit.fluxcd.io"]
resources: ["kustomizations"]
verbs: ["get", "list", "patch"]
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources: ["helmreleases"]
verbs: ["get", "list", "patch"]
- apiGroups: ["source.toolkit.fluxcd.io"]
resources:
[
"buckets",
"helmcharts",
"gitrepositories",
"helmrepositories",
"ocirepositories",
]
verbs: ["get", "list", "patch"]
- apiGroups: ["notification.toolkit.fluxcd.io"]
resources: ["providers", "alerts"]
verbs: ["get", "list"]
- apiGroups: ["infra.contrib.fluxcd.io"]
resources: ["terraforms"]
verbs: ["get", "list", "patch"]
# Resources managed via Flux
- apiGroups: [""]
resources:
[
"configmaps",
"secrets",
"pods",
"services",
"namespaces",
"persistentvolumes",
"persistentvolumeclaims",
]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets", "statefulsets"]
verbs: ["get", "list"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["get", "list"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"]
verbs: ["get", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list"]
# Feedback
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "watch", "list"]
---
# Bind the cluster admin role to admins
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: weave-admin
subjects:
- kind: User
name: "victor@xirion.net"
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: weave-admin
apiGroup: rbac.authorization.k8s.io

48
flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml
View File

@ -1,48 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
annotations:
metadata.weave.works/description: This is the source location for the Weave GitOps
Dashboard's helm chart.
labels:
app.kubernetes.io/component: ui
app.kubernetes.io/created-by: weave-gitops-cli
app.kubernetes.io/name: weave-gitops-dashboard
app.kubernetes.io/part-of: weave-gitops
name: ww-gitops
namespace: flux-system
spec:
interval: 1h0m0s
type: oci
url: oci://ghcr.io/weaveworks/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
annotations:
metadata.weave.works/description: This is the Weave GitOps Dashboard. It provides
a simple way to get insights into your GitOps workloads.
name: ww-gitops
namespace: flux-system
spec:
chart:
spec:
chart: weave-gitops
sourceRef:
kind: HelmRepository
name: ww-gitops
interval: 1h0m0s
values:
ingress:
enabled: true
hosts:
- host: flux.0x76.dev
paths:
- path: /
pathType: ImplementationSpecific
adminUser:
create: true
passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC
username: admin

6
flux/olympus/apps/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- flux-system
- services
- websites

4
flux/olympus/apps/services/kustomization.yaml
View File

@ -1,4 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- renovate

57
flux/olympus/apps/services/renovate/config.yaml
View File

@ -1,57 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: renovate
namespace: services
data:
config.js: |-
module.exports = {
"binarySource": "install",
"repositories": ["v/infrastructure"],
"flux": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"helm-values": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"kubernetes": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"hostRules": [
{
"hostType": "docker",
"matchHost": "ghcr.io",
"username": "NULLx76",
"password": process.env.GITHUB_COM_TOKEN
}
],
"packageRules": [
{
"automerge": true,
"automergeType": "branch",
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"matchPackageNames": [
"renovate/renovate"
],
"matchPackagePrefixes": [
"git.0x76.dev"
]
}
],
// ignore individual fluxcd images
"ignoreDeps": [
"ghcr.io/fluxcd/helm-controller",
"ghcr.io/fluxcd/image-automation-controller",
"ghcr.io/fluxcd/image-reflector-controller",
"ghcr.io/fluxcd/kustomize-controller",
"ghcr.io/fluxcd/notification-controller",
"ghcr.io/fluxcd/source-controller"
],
"regexManagers": [
{
"fileMatch": [".+\\.nix"],
"matchStrings": ["image\\s*=\\s*\"(?<depName>.*?):(?<currentValue>.*?)\"\\s*;\\s*"],
"datasourceTemplate": "docker"
}
]
};

46
flux/olympus/apps/services/renovate/cronjob.yaml
View File

@ -1,46 +0,0 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: renovate
namespace: services
spec:
# Run every 8 hours
schedule: "0 */8 * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
volumes:
- name: config-volume
configMap:
name: renovate
- name: work-volume
emptyDir: {}
containers:
- name: renovate
image: renovate/renovate:37.67.3
volumeMounts:
- name: config-volume
mountPath: /opt/renovate/
- name: work-volume
mountPath: /tmp/renovate/
env:
- name: LOG_LEVEL
value: debug
- name: RENOVATE_ENDPOINT
value: "https://git.0x76.dev/api/v1/"
- name: RENOVATE_PLATFORM
value: gitea
- name: RENOVATE_AUTODISCOVER
value: "false"
- name: RENOVATE_GIT_AUTHOR
value: "Renovate Bot <renovate@xirion.net>"
- name: RENOVATE_CONFIG_FILE
value: "/opt/renovate/config.js"
- name: RENOVATE_BASE_DIR
value: "/tmp/renovate"
envFrom:
- secretRef:
name: renovate
restartPolicy: Never

21
flux/olympus/apps/services/renovate/external-secret.yaml
View File

@ -1,21 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: renovate
namespace: services
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: renovate
data:
- secretKey: RENOVATE_TOKEN
remoteRef:
key: gitops/renovate
property: gitea_token
- secretKey: GITHUB_COM_TOKEN
remoteRef:
key: gitops/renovate
property: github_token

6
flux/olympus/apps/services/renovate/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secret.yaml
- config.yaml
- cronjob.yaml

52
flux/olympus/apps/websites/0x76.yaml
View File

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: x76dev
namespace: websites
labels:
app: x76dev
spec:
replicas: 1
selector:
matchLabels:
app: x76dev
template:
metadata:
labels:
app: x76dev
spec:
containers:
- name: x76dev
image: git.0x76.dev/v/0x76.dev:5
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: x76dev
namespace: websites
spec:
selector:
app: x76dev
ports:
- protocol: TCP
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: x76dev
namespace: websites
spec:
rules:
- host: "0x76.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: x76dev
port:
number: 80

52
flux/olympus/apps/websites/blog.yaml
View File

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: blog
namespace: websites
labels:
app: blog
spec:
replicas: 1
selector:
matchLabels:
app: blog
template:
metadata:
labels:
app: blog
spec:
containers:
- name: blog
image: git.0x76.dev/v/blog.xirion.net:5
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: blog
namespace: websites
spec:
selector:
app: blog
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blog
namespace: websites
spec:
rules:
- host: "blog.xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blog
port:
number: 8080

52
flux/olympus/apps/websites/internal.yaml
View File

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal
namespace: websites
labels:
app: internal
spec:
replicas: 1
selector:
matchLabels:
app: internal
template:
metadata:
labels:
app: internal
spec:
containers:
- name: internal
image: git.0x76.dev/v/internal.xirion.net:1
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: internal
namespace: websites
spec:
selector:
app: internal
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: internal
namespace: websites
spec:
rules:
- host: "internal.xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: internal
port:
number: 8080

9
flux/olympus/apps/websites/kustomization.yaml
View File

@ -1,9 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
namespace: websites
resources:
- 0x76.yaml
- internal.yaml
- blog.yaml
- xirion.yaml

52
flux/olympus/apps/websites/xirion.yaml
View File

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: xirion
namespace: websites
labels:
app: xirion
spec:
replicas: 1
selector:
matchLabels:
app: xirion
template:
metadata:
labels:
app: xirion
spec:
containers:
- name: xirion
image: git.0x76.dev/v/xirion.net:2
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: xirion
namespace: websites
spec:
selector:
app: xirion
ports:
- protocol: TCP
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: xirion
namespace: websites
spec:
rules:
- host: "xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xirion
port:
number: 80

15
flux/olympus/base/apps.yaml
View File

@ -1,15 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: core
path: ./flux/olympus/apps
prune: true
sourceRef:
kind: GitRepository
name: flux-system

13
flux/olympus/base/core.yaml
View File

@ -1,13 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: core
namespace: flux-system
spec:
interval: 10m0s
path: ./flux/olympus/core
prune: true
sourceRef:
kind: GitRepository
name: flux-system

8029
flux/olympus/base/flux-system/gotk-components.yaml
View File

File diff suppressed because it is too large Load Diff

27
flux/olympus/base/flux-system/gotk-sync.yaml
View File

@ -1,27 +0,0 @@
# This manifest was generated by flux. DO NOT EDIT.
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: main
secretRef:
name: flux-system
url: ssh://gitea@git.0x76.dev:42/v/infrastructure.git
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./flux/olympus/base
prune: true
sourceRef:
kind: GitRepository
name: flux-system

6
flux/olympus/base/flux-system/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
- repositories

8
flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml
View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: external-secrets
namespace: flux-system
spec:
interval: 1h
url: https://charts.external-secrets.io

5
flux/olympus/base/flux-system/repositories/helm/kustomization.yaml
View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secrets.yaml

5
flux/olympus/base/flux-system/repositories/kustomization.yaml
View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm

1
flux/olympus/core/external-secrets/.gitignore vendored
View File

@ -1 +0,0 @@
vault-secret-id.yaml

29
flux/olympus/core/external-secrets/helm-release.yaml
View File

@ -1,29 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: external-secrets
namespace: security
spec:
interval: 30m
chart:
spec:
chart: external-secrets
version: 0.9.9
interval: 30m
sourceRef:
kind: HelmRepository
name: external-secrets
namespace: flux-system
values:
installCRDs: true
replicaCount: 1
leaderElect: true
# serviceMonitor:
# enabled: true
# webhook:
# serviceMonitor:
# enabled: true
# certController:
# serviceMonitor:
# enabled: true

5
flux/olympus/core/external-secrets/kustomization.yaml
View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- vault-secret-store.yaml

7
flux/olympus/core/external-secrets/vault-secret-id.example.yaml
View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: vault-secret-id
namespace: security
data:
secret-id: XXXXXX # Obtain by `vault write -f auth/approle/role/external-secrets/secret-id`

27
flux/olympus/core/external-secrets/vault-secret-store.yaml
View File

@ -1,27 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
namespace: security
spec:
provider:
vault:
server: "http://vault.olympus:8200"
path: "k8s"
version: "v2"
auth:
# VaultAppRole authenticates with Vault using the
# App Role auth mechanism
# https://www.vaultproject.io/docs/auth/approle
appRole:
# Path where the App Role authentication backend is mounted
path: "approle"
# RoleID configured in the App Role authentication backend
# `vault read auth/approle/role/external-secrets/role-id`
roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
# Reference to a key in a K8 Secret that contains the App Role SecretId
# (not commited in git)
secretRef:
name: "vault-secret-id"
namespace: "security"
key: "secret-id"

5
flux/olympus/core/kustomization.yaml
View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces
- external-secrets

6
flux/olympus/core/namespaces/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- websites.yaml
- security.yaml
- services.yaml

4
flux/olympus/core/namespaces/security.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: security

4
flux/olympus/core/namespaces/services.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: services

4
flux/olympus/core/namespaces/websites.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: websites

12
hosts/olympus/bastion/containers/common.nix Normal file
View File

@ -0,0 +1,12 @@
# common container config
{ lib, home-manager, ... }: {
imports = [
# ../../../../common/modules
home-manager.nixosModules.home-manager # TODO: I don't like this
];
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
networking.useHostResolvConf = lib.mkForce false;
services.resolved.enable = true;
system.stateVersion = lib.mkDefault "24.05";
}

33
hosts/olympus/bastion/containers/default.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, ... }:
let
hostAddress = "10.42.99.1";
hostAddress6 = "fc00::1";
in {
# TODO: Loop over subdirs, create nixos container for each
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "ens18";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;
forwardPorts = [
];
};
# Containers network is
# * 10.42.99.0/24
# * fc00:x
containers = {
dns = {
autoStart = true;
inherit hostAddress hostAddress6;
localAddress = "10.42.99.1";
localAddress6 = "fc00::2";
config = ./dns.nix;
};
};
}

8
hosts/olympus/bastion/containers/dns.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }: {
imports = [ ./common.nix ];
services.v.dns = {
enable = true;
openFirewall = true;
mode = "server";
};
}

39
hosts/olympus/bastion/default.nix Normal file
View File

@ -0,0 +1,39 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./containers
# ./vms.nix
];
programs.nix-ld.enable = true;
meta = {
ipv4 = "10.42.42.4";
ipv6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d";
mac = "82:F0:7C:CB:BD:6D";
};
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
virtualisation.podman.enable = true;
# Additional packages
environment.systemPackages = with pkgs; [ vault ];
networking.useNetworkd = true;
}

25
hosts/olympus/bastion/hardware-configuration.nix Normal file
View File

@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
}

32
hosts/olympus/bastion/vms.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, pkgs, inputs, ... }: {
imports = [
inputs.microvm.nixosModules.host
];
microvm.vms = {
test-vm = {
inherit pkgs;
# (Optional) A set of special arguments to be passed to the MicroVM's NixOS modules.
#specialArgs = {};
# The configuration for the MicroVM.
# Multiple definitions will be merged as expected.
config = {
# It is highly recommended to share the host's nix-store
# with the VMs to prevent building huge images.
microvm.hypervisor = "crosvm";
microvm.shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}];
# Any other configuration for your MicroVM
# [...]
};
};
};
}

0
nixos/hosts/thalassa/aoife/README.md → hosts/thalassa/aoife/README.md
View File

46
nixos/hosts/thalassa/aoife/configuration.nix → hosts/thalassa/aoife/default.nix
View File

@ -2,13 +2,29 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ inputs, lib, ... }: {
{
inputs,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
./hardware.nix
./uni.nix
];
meta = {
mac = "04:7b:cb:b6:2d:88";
isLaptop = true;
};
users.users.vivian.extraGroups = [ "adbusers" ];
security.pki.certificateFiles = [ ./domain.crt ];
# Bootloader.
boot = {
bootspec.enable = true;
@ -29,11 +45,35 @@
home-manager.users.vivian = import ./home;
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.hyprland.enable = true;
services.gnome.gnome-keyring.enable = true;
# services.gnome-autounlock-keyring = {
# enable = true;
# target = "hyprland-session.target";
# };
services.interception-tools = {
enable = true;
plugins = [ pkgs.interception-tools-plugins.caps2esc ];
udevmonConfig = ''
- JOB: "${pkgs.interception-tools}/bin/intercept -g $DEVNODE | ${pkgs.interception-tools-plugins.caps2esc}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE"
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK, KEY_ESC]
'';
};
# Enable Ozone rendering for Chromium and Electron apps.
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

21
hosts/thalassa/aoife/domain.crt Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIUcCV6T0NduGa58qOcAhe9n8oOcEIwDQYJKoZIhvcNAQEL
BQAwWzELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDEOMAwGA1UE
BwwFRGVsZnQxETAPBgNVBAoMCFRVIERlbGZ0MRIwEAYDVQQDDAlsb2NhbGhvc3Qw
HhcNMjQwNDA1MDgyMDQxWhcNMjUwNDA1MDgyMDQxWjBbMQswCQYDVQQGEwJOTDEV
MBMGA1UECAwMWnVpZC1Ib2xsYW5kMQ4wDAYDVQQHDAVEZWxmdDERMA8GA1UECgwI
VFUgRGVsZnQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIcX6xGqorbXkIqtH0ek2L9YAc0ruKF7aTpY9q7n6EpD4OC1
Q575fvnEqBsvKC74xh1AO58x7HLxAIWmy76UqUxJIQ7vtfCKxFDjBDhgitmnxWK1
3QCrHwFS3MThqOq0zhK7AqnpzzdHsj9zfPWbrhP86m4uugIAund2YiSUPX7ZrSSO
pY60bZiA2c3hJbqxg+NvNN1vZHEsPGaZHXMMrycw0bLOBoKPvbenl3ig23vsyRSO
MwiJgLK/ztMI6r2KMJVZofjbu1Mz+WPzotKaCrSArSRF36BOzafyxqgO0h3Vqp4W
Z6UpS1bFTpbJckz8LqNvlP/Z4mV5+1QyrwwN/iMCAwEAAaMhMB8wHQYDVR0OBBYE
FOSRI3SKLWlk2RamJJwyyFlP9UnhMA0GCSqGSIb3DQEBCwUAA4IBAQARLh5z4Ius
0kiejnMtzV5xAckbqbcultdEdGfjZciv3BM9C7DpEF5Nj8CbaK6TXrKh98bxQ6w+
lPL/6LECkPhvHWRhTOsrhDV5h6eSPyV/TX4Jj127WnzA1LcjoEngUY97y6p/eBkE
hZWepPPAhuEmu/ws1UmF8vrT4sc+nMKXrOTsqkdUKHh2JZuFby3+SHDkYX66ZxXK
bQ3dEi6GyOkZIOuaNK+mS76yVanRU4k0A3dhIpW4pV6W12AAWioGaZv34uKVTp9E
XgNhqDC39lU4rLp260NvuRywAKxvR7hKyWfmwak5lr0dZ9t4eufPI4jU5SD+aotq
FVTMFwAKZO5v
-----END CERTIFICATE-----

0
nixos/hosts/thalassa/aoife/hardware-configuration.nix → hosts/thalassa/aoife/hardware-configuration.nix
View File

44
nixos/hosts/thalassa/aoife/hardware.nix → hosts/thalassa/aoife/hardware.nix
View File

@ -1,28 +1,48 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pciutils
usbutils
lshw
];
hardware = {
enableAllFirmware = true;
bluetooth.enable = true;
# Vulkan
opengl.driSupport = true;
opengl.extraPackages = with pkgs; [
amdvlk
rocm-opencl-icd
rocm-opencl-runtime
];
# OpenGL + Vulkan
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
amdvlk
rocm-opencl-icd
rocm-opencl-runtime
mesa.drivers
];
};
};
services = {
fwupd.enable = true;
hardware.bolt.enable = true;
fprintd.enable = true;
fprintd = {
enable = true;
# fprintd test suite fails
package = pkgs.fprintd.overrideAttrs {
mesonCheckFlags = [
"--no-suite"
"fprintd:TestPamFprintd"
];
};
};
# Video Driver
xserver.videoDrivers = [ "amdgpu" ];
xserver = {
dpi = 280;
xkbOptions = "caps:swapescape";
xkb.options = "caps:swapescape";
};
# SSD Trim

0
nixos/hosts/thalassa/aoife/home/.gitignore → hosts/thalassa/aoife/home/.gitignore vendored
View File

12
nixos/hosts/thalassa/aoife/home/default.nix → hosts/thalassa/aoife/home/default.nix
View File

@ -1,4 +1,10 @@
{ pkgs, ... }: {
imports = [
./starship.nix
./hyprland.nix
];
# Custom dconf settings
dconf.settings."org/gnome/desktop/input-sources" = {
xkb-options = [ "caps:swapescape" ];
@ -10,7 +16,11 @@
home.packages = with pkgs; [
libreoffice-fresh
jetbrains.clion
jetbrains.rust-rover
eduvpn-client
localsend
obsidian
typst
prismlauncher
];
}

0
nixos/hosts/thalassa/null/home/eww/eww.scss → hosts/thalassa/aoife/home/eww/eww.scss
View File

0
nixos/hosts/thalassa/null/home/eww/eww.yuck → hosts/thalassa/aoife/home/eww/eww.yuck
View File

0
nixos/hosts/thalassa/null/home/eww/scripts/do-not-disturb.sh → hosts/thalassa/aoife/home/eww/scripts/do-not-disturb.sh
View File

12
hosts/thalassa/aoife/home/eww/scripts/getvol Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
if command -v pamixer &>/dev/null; then
if [ true == $(pamixer --get-mute) ]; then
echo 0
exit
else
pamixer --get-volume
fi
else
amixer -D pulse sget Master | awk -F '[^0-9]+' '/Left:/{print $3}'
fi

15
hosts/thalassa/aoife/home/eww/scripts/volume.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
per="???"
if pamixer --get-mute | rg -q true; then
icon="婢"
elif [ "$per" -gt 66 ]; then
icon="墳" # high
elif [ "$per" -gt 33 ]; then
icon="奔" # med
else
icon="奄" #low
fi
printf "{\"icon\": \"${icon}\", \"percent\": \"${per}\"}"

0
nixos/hosts/thalassa/null/home/eww/scripts/wifi.sh → hosts/thalassa/aoife/home/eww/scripts/wifi.sh
View File

0
nixos/hosts/thalassa/null/home/eww/scripts/workspaces.lua → hosts/thalassa/aoife/home/eww/scripts/workspaces.lua
View File

0
nixos/hosts/thalassa/null/home/eww/scripts/workspaces.sh → hosts/thalassa/aoife/home/eww/scripts/workspaces.sh
View File

341
hosts/thalassa/aoife/home/hyprland.nix Normal file
View File

@ -0,0 +1,341 @@
{
pkgs,
config,
inputs,
...
}:
let
terminal = "${config.programs.kitty.package}/bin/kitty -1";
in
{
home.packages = with pkgs; [
v.hyprland-workspaces
];
systemd.user.services.mako = {
Install = {
WantedBy = [ "hyprland-session.target" ];
};
Service = {
Type = "dbus";
BusName = "org.freedesktop.Notifications";
ExecCondition = ''
${pkgs.bash}/bin/bash -c '[ -n "$WAYLAND_DISPLAY" ]'
'';
ExecStart = ''
${pkgs.mako}/bin/mako
'';
ExecReload = ''
${pkgs.mako}/bin/makoctl reload
'';
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
xdg.configFile."hypr/hyprpaper.conf".text =
let
wallpaper = "/home/vivian/cloud/Pictures/Wallpapers-Laptop/wallpaper-nix-pink.png";
in
''
'';
programs = {
wofi = {
enable = true;
};
# eww = {
# enable = true;
# configDir = ./eww;
# };
mako.enable = true;
waybar = {
enable = true;
style = ./waybar.css;
settings = {
mainBar = {
layer = "top";
position = "top";
height = 30;
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "clock" ];
modules-right = [
"wireplumber"
"power-profiles-daemon"
"network"
"battery"
];
wireplumber = {
format = "󰕾 {volume}%";
format-muted = "󰖁";
on-click = "${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_SINK@ toggle";
};
network =
let
nmtui = pkgs.writeScriptBin "nmtui.sh" ''
#!${pkgs.stdenv.shell}
unset COLORTERM
TERM=xterm-old ${pkgs.networkmanager}/bin/nmtui
'';
in
{
format-wifi = "󰖩 {essid} ({signalStrength}%)";
format-ethernet = "󰈀 {ifname}: {ipaddr}/{cidr}";
format-disconnected = "󰌙 ";
tooltip-format = "{ifname}: {ipaddr}";
on-click = "touch ~/a && ${terminal} --execute ${nmtui}/bin/nmtui.sh";
};
power-profiles-daemon = {
format = "{icon}";
format-icons = {
performance = "󰓅";
balanced = "󰾅";
power-saver = "󰾆";
};
};
battery = {
states = {
warning = 30;
critical = 15;
};
format = "󱐋 {capacity}%";
format-discharging = "{icon} {capacity}%";
format-icons = [
"󰂎"
"󰁺"
"󰁻"
"󰁼"
"󰁽"
"󰁾"
"󰁿"
"󰂀"
"󰂁"
"󰂂"
"󰁹"
];
};
};
};
systemd = {
enable = true;
target = "hyprland-session.target";
};
};
};
wayland.windowManager.hyprland =
let
toggle_mirror = pkgs.writeScriptBin "toggle_mirror.sh" ''
#!${pkgs.stdenv.shell}
if [ $(hyprctl monitors all -j | ${pkgs.jq}/bin/jq '.[1].activeWorkspace.id') = '-1' ]; then
hyprctl keyword monitor ",preferred,auto,1"
else
hyprctl keyword monitor ",preferred,auto,1,mirror,eDP-1"
fi
'';
startup = pkgs.writeScriptBin "startup.sh" ''
#!${pkgs.stdenv.shell}
firefox &
discord &
# start keyring, then unlock it, then start Element
gnome-keyring-daemon -r -d && ${
inputs.gnome-autounlock-keyring.packages.${pkgs.system}.default
}/bin/gnome-autounlock-keyring unlock && element-desktop &
'';
hyprpaper-conf =
let
wallpaper = ../../../../assets/wallpaper-nix-pink.png;
in
pkgs.writeText "hyprpaper.conf" ''
preload = ${wallpaper}
wallpaper = eDP-1,${wallpaper}
splash = false
ipc = off
'';
in
{
enable = true;
systemd.enable = true;
settings =
let
inherit (builtins) genList concatLists toString;
wpctl = "${pkgs.wireplumber}/bin/wpctl";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
menu = "${config.programs.wofi.package}/bin/wofi --show run,drun";
fileManager = "${pkgs.gnome.nautilus}/bin/nautilus";
in
{
"$mod" = "SUPER";
exec-once = [
"${pkgs.hyprpaper}/bin/hyprpaper -c ${hyprpaper-conf}"
"${startup}/bin/startup.sh"
];
monitor = [
"eDP-1, 3840x2400@60,0x0,2"
",highres,auto,1"
];
input = {
touchpad.natural_scroll = true;
};
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 2;
"col.active_border" = "rgba(8caaeeee) rgba(a6d189ee) 45deg";
"col.inactive_border" = "rgba(303446aa)";
layout = "dwindle";
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false;
};
group = {
"col.border_active" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg";
"col.border_inactive" = "rgba(232634aa)";
groupbar = {
font_size = 16;
"col.active" = "rgba(babbf1aa)";
"col.inactive" = "rgba(414559aa)";
text_color = "rgba(81c8beee)";
};
};
decoration = {
rounding = 10;
blur = {
enabled = true;
size = 3;
passes = 1;
};
drop_shadow = "yes";
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
};
animations = {
enabled = "yes";
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
preserve_split = "yes";
pseudotile = "yes";
};
gestures.workspace_swipe = true;
misc = {
force_default_wallpaper = 2;
disable_splash_rendering = true;
disable_hyprland_logo = true;
disable_autoreload = true;
};
windowrulev2 = [
"suppressevent maximize, class:.* # You'll probably like this."
"workspace 1 silent, class:^(Element)$"
"workspace 1 silent, class:^(discord)$"
"group, class:^(Element|discord)$,workspace:1"
"workspace 2 silent, class:^(firefox)$"
"float,class:^(firefox)$,title:^(Picture-in-Picture)$"
];
# l -> works when screen is locked
# e -> repeats when held
bindel = [
",XF86AudioRaiseVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%-"
",XF86MonBrightnessUp,exec,${brightnessctl} -q s +5%"
",XF86MonBrightnessDown,exec,${brightnessctl} -q s 5%-"
];
bindl = [ ",XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" ];
bind =
[
"$mod, RETURN, exec, ${terminal}"
"$mod, Q, killactive,"
"$mod SHIFT, escape, exit,"
"$mod, E, exec, ${fileManager}"
"$mod, V, togglefloating,"
"$mod, D, exec, ${menu}"
"$mod, P, pseudo, # dwindle"
"$mod, J, togglesplit, # dwindle"
"$mod,m,fullscreen"
# Move focus with arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Scratch workspace
"$mod, S, togglespecialworkspace, magic"
"$mod SHIFT, S, movetoworkspace, special:magic"
# Groups aka Tabs
"$mod,g,togglegroup"
"$mod,tab,changegroupactive"
# PrintScreen
",Print,exec,${pkgs.grimblast}/bin/grimblast copysave area /home/vivian/cloud/Pictures/Screenshots/$(date --iso=seconds).png"
# Toggle Mirror for external displays on/off
",XF86Display,exec,${toggle_mirror}/bin/toggle_mirror.sh"
]
++ (
# workspaces
# binds $mod + [shift +] {1..10} to [move to] workspace {1..10}
concatLists (
genList (
x:
let
ws =
let
c = (x + 1) / 10;
in
toString (x + 1 - (c * 10));
in
[
"$mod, ${ws}, workspace, ${toString (x + 1)}"
"$mod SHIFT, ${ws}, movetoworkspacesilent, ${toString (x + 1)}"
]
) 10
)
);
# Bind mouse
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
};
};
}

17
hosts/thalassa/aoife/home/starship.nix Normal file
View File

@ -0,0 +1,17 @@
{ pkgs, config, ...}:
let
starshipNerdFont = pkgs.runCommand "starship-nerd-font.toml" { STARSHIP_CACHE = "/tmp"; } ''
${config.programs.starship.package}/bin/starship preset nerd-font-symbols > $out
'';
in{
programs.starship = {
enable = true;
enableZshIntegration = true;
enableFishIntegration = true;
enableNushellIntegration = true;
settings = {
nix_shell.heuristic = true;
} // builtins.fromTOML (builtins.readFile starshipNerdFont);
};
}

125
hosts/thalassa/aoife/home/waybar.css Normal file
View File

@ -0,0 +1,125 @@
/* Catppucin Frappe */
@define-color base #303446;
@define-color mantle #292c3c;
@define-color crust #232634;
@define-color text #c6d0f5;
@define-color subtext0 #a5adce;
@define-color subtext1 #b5bfe2;
@define-color surface0 #414559;
@define-color surface1 #51576d;
@define-color surface2 #626880;
@define-color overlay0 #737994;
@define-color overlay1 #838ba7;
@define-color overlay2 #949cbb;
@define-color blue #8caaee;
@define-color lavender #babbf1;
@define-color sapphire #85c1dc;
@define-color sky #99d1db;
@define-color teal #81c8be;
@define-color green #a6d189;
@define-color yellow #e5c890;
@define-color peach #ef9f76;
@define-color maroon #ea999c;
@define-color red #e78284;
@define-color mauve #ca9ee6;
@define-color pink #f4b8e4;
@define-color flamingo #eebebe;
@define-color rosewater #f2d5cf;
window {
border: none;
font-family: DejaVuSansM Nerd Font, sans-serif;
font-size: 13px;
color: @text;
}
window#waybar {
color: @text;
background-color: rgba(0, 0, 0, 0);
transition-property: background-color;
transition-duration: 0.5s;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
#workspaces {
/* background: @overlay0; */
}
#workspaces button {
color: @text;
/* background: @background3; */
/* margin: 7px 5px 10px 5px; */
}
#workspaces button:hover {
background: @surface0;
color: @text;
}
#workspaces button.active {
color: @crust;
background: @overlay2;
border: none;
}
#clock,
#battery,
#network,
#power-profiles-daemon,
#wireplumber {
padding: 0px 20px;
border-radius: 8px;
margin-left: 5px;
color: @crust;
}
#wireplumber {
padding: 0px 20px 0px 17px;
background-color: @teal;
}
#network {
padding: 0px 15px 0px 20px;
background-color: @green;
}
#battery {
background-color: @lavender;
}
#clock {
background-color: @pink;
}
#power-profiles-daemon {
background-color: @mauve;
}
@keyframes blink {
to {
background-color: rgba(30, 34, 42, 0.5);
color: #abb2bf;
}
}
#battery.critical:not(.charging) {
color: #f53c3c;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}

38
hosts/thalassa/aoife/uni.nix Normal file
View File

@ -0,0 +1,38 @@
# Config options needed for various university courses, such as:
# * Wireless IoT and Local Area Networks
# * Network Security
# * Smart Phone Sensing
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
android-studio
docker-compose
bridge-utils
nettools
wget
];
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
virtualisation.lxc.enable = false;
virtualisation.lxd.enable = false;
virtualisation.podman.enable = false;
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "btrfs";
users.extraUsers.vivian.extraGroups = [
"wireshark"
"docker"
"lxd"
];
programs.nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
libraries = [
];
};
}

0
nixos/hosts/thalassa/null/README.md → hosts/thalassa/null/README.md
View File

5
nixos/hosts/thalassa/null/configuration.nix → hosts/thalassa/null/configuration.nix
View File

@ -30,8 +30,7 @@ let
exec Hyprland
'';
in
{
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -46,6 +45,7 @@ in
users.vivian = import ./home;
extraSpecialArgs = { inherit inputs; };
};
security = {
pam.services.swaylock = { };
@ -106,7 +106,6 @@ in
kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; };
};
services = {
gnome.gnome-keyring.enable = true;
udisks2.enable = true;

0
nixos/hosts/thalassa/null/hardware-configuration.nix → hosts/thalassa/null/hardware-configuration.nix
View File

184
nixos/hosts/thalassa/null/home/default.nix → hosts/thalassa/null/home/default.nix
View File

@ -1,15 +1,25 @@
{ config, pkgs, inputs, texlive, ... }:
{
config,
pkgs,
inputs,
texlive,
...
}:
let
tex = pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full;
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
dnd-5e-latex-template = {
pkgs = [ pkgs.v.dnd-5e-latex-template ];
};
};
in
{
programs = {
home-manager.enable = true;
foot = { enable = true; };
foot = {
enable = true;
};
nix-index.enable = true;
@ -64,18 +74,142 @@ in
"latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%";
};
"workbench.colorTheme" = "Catppuccin Frappé";
"editor.fontFamily" =
"'DejaVuSansMono Nerd Font', 'monospace', monospace";
"editor.fontFamily" = "'DejaVuSansMono Nerd Font', 'monospace', monospace";
"keyboard.dispatch" = "keyCode";
"rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer";
"terminal.integrated.defaultProfile.linux" = "zsh";
"nix.enableLanguageServer" = true; # Enable LSP.
"nix.serverPath" =
"${pkgs.nil}/bin/nil"; # The path to the LSP server executable.
"[nix]" = { "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; };
"nix.serverPath" = "${pkgs.nil}/bin/nil"; # The path to the LSP server executable.
"[nix]" = {
"editor.defaultFormatter" = "brettm12345.nixfmt-vscode";
};
"latex-workshop.latex.tools" = [
{
"name" = "latexmk";
"command" = "latexmk";
"args" = [
"-shell-escape"
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"-pdf"
"-outdir=%OUTDIR%"
"%DOC%"
];
"env" = { };
}
{
"name" = "lualatexmk";
"command" = "latexmk";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"-lualatex"
"-outdir=%OUTDIR%"
"%DOC%"
];
"env" = { };
}
{
"name" = "xelatexmk";
"command" = "latexmk";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"-xelatex"
"-outdir=%OUTDIR%"
"%DOC%"
];
"env" = { };
}
{
"name" = "latexmk_rconly";
"command" = "latexmk";
"args" = [ "%DOC%" ];
"env" = { };
}
{
"name" = "pdflatex";
"command" = "pdflatex";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"%DOC%"
];
"env" = { };
}
{
"name" = "bibtex";
"command" = "bibtex";
"args" = [ "%DOCFILE%" ];
"env" = { };
}
{
"name" = "rnw2tex";
"command" = "Rscript";
"args" = [
"-e"
"knitr==opts_knit$set(concordance = TRUE); knitr==knit('%DOCFILE_EXT%')"
];
"env" = { };
}
{
"name" = "jnw2tex";
"command" = "julia";
"args" = [
"-e"
"using Weave; weave(\"%DOC_EXT%\"; doctype=\"tex\")"
];
"env" = { };
}
{
"name" = "jnw2texminted";
"command" = "julia";
"args" = [
"-e"
"using Weave; weave(\"%DOC_EXT%\"; doctype=\"texminted\")"
];
"env" = { };
}
{
"name" = "pnw2tex";
"command" = "pweave";
"args" = [
"-f"
"tex"
"%DOC_EXT%"
];
"env" = { };
}
{
"name" = "pnw2texminted";
"command" = "pweave";
"args" = [
"-f"
"texminted"
"%DOC_EXT%"
];
"env" = { };
}
{
"name" = "tectonic";
"command" = "tectonic";
"args" = [
"--synctex"
"--keep-logs"
"%DOC%.tex"
];
"env" = { };
}
];
};
extensions = with pkgs.vscode-extensions;
with pkgs.v.vscode-extensions; [
extensions =
with pkgs.vscode-extensions;
with pkgs.v.vscode-extensions;
[
# astro-build.astro-vscode
brettm12345.nixfmt-vscode
catppuccin.catppuccin-vsc
@ -99,12 +233,16 @@ in
direnv = {
enable = true;
nix-direnv = { enable = true; };
nix-direnv = {
enable = true;
};
};
zsh = {
enable = true;
sessionVariables = { DIRENV_LOG_FORMAT = ""; };
sessionVariables = {
DIRENV_LOG_FORMAT = "";
};
};
};
home = {
@ -128,8 +266,7 @@ in
gnome.gnome-font-viewer
gnome.nautilus
grim # Screenshot tool
inputs.comma.packages.${pkgs.system}.default
inputs.riff.packages.${pkgs.system}.riff
# inputs.comma.packages.${pkgs.system}.default
inputs.webcord.packages.${pkgs.system}.default
k9s
kubectl
@ -159,13 +296,20 @@ in
];
};
imports = [ ./hyprland.nix ./neovim.nix ./eww ./theme.nix ];
imports = [
./hyprland.nix
./neovim.nix
./eww
./theme.nix
];
xdg.mimeApps = {
enable = true;
defaultApplications =
let browser = [ "firefox.desktop" ];
in {
let
browser = [ "firefox.desktop" ];
in
{
"image/*" = "org.gnome.eog.desktop";
"text/html" = browser;
"x-scheme-handler/http" = browser;
@ -189,8 +333,10 @@ in
};
xdg.userDirs =
let home = config.home.homeDirectory;
in {
let
home = config.home.homeDirectory;
in
{
enable = true;
createDirectories = true;
desktop = "${home}/.desktop";

0
nixos/hosts/thalassa/null/home/eww/default.nix → hosts/thalassa/null/home/eww/default.nix
View File

138
hosts/thalassa/null/home/eww/eww.scss Normal file
View File

@ -0,0 +1,138 @@
$light-gray: #9699b7;
* {
all: unset; //Unsets everything so you can style everything from scratch
font-family: "JetBrainsMono"
}
tooltip {
background-color: $base;
border-radius: 5px
}
button {
transition: background-color 200ms, color 200ms;
}
.active {
color: $pink;
font-size: 1.4rem;
}
.inactive {
color: $base;
font-size: 1.4rem;
}
.inactive:hover {
color: $light-gray;
}
.bar {
background-color: $mantle;
}
.clock {
font-weight: bold;
background-color: $base;
color: $text;
border-radius: 10px;
padding: 0.2rem;
margin: 0.5rem;
}
.date {
font-size: 1.5rem;
color: $text;
}
.battery {
font-family: monospace;
font-size: 1.5rem;
color: $teal;
}
.volume,
.dnd,
.wifi {
font-family: monospace;
font-size: 1.5rem;
color: $mauve;
padding: 0 5px;
}
// battery menu
.batterywindow {
background-color: $mantle;
border-radius: 5px;
font-size: 18px;
font-weight: normal;
color: $text;
progressbar {
border-radius: 5px;
}
progressbar progress {
background-color: $green;
}
progressbar trough {
background-color: $base;
}
.batterymenu {
padding: 10px;
}
}
// Calendar
.cal {
background-color: $mantle;
border-radius: 5px;
font-size: 18px;
font-weight: normal;
.cal-in {
padding: 0px 10px 0px 10px;
color: $text;
.cal {
&.highlight {
padding: 20px;
}
padding: 5px 5px 5px 5px;
margin-left: 10px;
}
}
}
calender {
color: $text;
}
calendar:selected {
color: $mauve;
}
calendar.header {
color: $overlay0;
font-weight: bold;
}
calendar.button {
color: $base;
}
calendar.highlight {
color: $overlay0;
font-weight: bold;
}
calendar:indeterminate {
color: $text;
}

164
hosts/thalassa/null/home/eww/eww.yuck Normal file
View File

@ -0,0 +1,164 @@
(defwidget bar []
(centerbox
:orientation "v"
(box
:valign "start"
:hexpand false
:vexpand false
:orientation "v"
:space-evenly false
)
(workspaces
:halign "center"
:vexpand true
:hexpand false
:orientation "v"
)
(box :valign "end" :hexpand false :vexpand true :orientation "v" :space-evenly false
(wifi)
(do-not-disturb)
(volume)
(battery)
(time)
)
)
)
;; ━━━ BATTERY ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
(defwidget battery []
(eventbox :onclick "eww open batterywindow --toggle"
(label
:text `${
EWW_BATTERY.BAT0.status == "Charging" ? "" :
EWW_BATTERY.BAT0.capacity < 10 ? "" :
EWW_BATTERY.BAT0.capacity < 20 ? "" :
EWW_BATTERY.BAT0.capacity < 30 ? "" :
EWW_BATTERY.BAT0.capacity < 40 ? "" :
EWW_BATTERY.BAT0.capacity < 50 ? "" :
EWW_BATTERY.BAT0.capacity < 60 ? "" :
EWW_BATTERY.BAT0.capacity < 70 ? "" :
EWW_BATTERY.BAT0.capacity < 80 ? "" :
EWW_BATTERY.BAT0.capacity < 90 ? "" : ""
}`
:class "battery"
))
)
(defwidget batterymenu []
(box :orientation "v"
:class "batterymenu"
(label :text "${EWW_BATTERY.BAT0.status}: ${EWW_BATTERY.BAT0.capacity}%")
(progress :value "${EWW_BATTERY.BAT0.capacity}" :orientation "h") ; TODO: change class (and color) on low juice
)
)
(defwindow batterywindow
:monitor 0
:geometry (geometry
:x "53px"
:y "30px"
:anchor "bottom left"
)
(batterymenu)
)
; ━━━ do-not-disturb ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
(defvar dnd "")
(defwidget do-not-disturb []
(eventbox
:orientation "h"
:halign "center"
:space-evenly false
:onclick "nohup ./scripts/do-not-disturb.sh &"
(label
:text {dnd}
:class "dnd"
)
)
)
;; ━━━ WIFI ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
(defpoll wifi :interval "30s" "./scripts/wifi.sh")
(defwidget wifi []
(box
:orientation "h"
:halign "center"
:space-evenly false
(label
:text {wifi.icon}
:tooltip {wifi.status}
:class "wifi"
)
)
)
;; ━━━ VOLUME ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
(defpoll volume :interval "1s" "./scripts/volume.sh")
(defwidget volume []
(eventbox
:orientation "h"
:halign "center"
:space-evenly false
:onclick "pamixer -t"
(label
:text {volume.icon}
:tooltip "${volume.percent}%"
:class "volume"
)
)
)
;; ━━━ TIME ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
(defpoll hour :interval "10s" "date +%H")
(defpoll minute :interval "10s" "date +%M")
(defpoll dateVar :interval "600s" "date '+%A %d.%m.%y'")
(defwidget time []
(eventbox
:cursor "hand"
:hexpand false
:vexpand false
:tooltip "${dateVar}"
:onclick "eww open calendar --toggle &"
(box :orientation "v" :hexpand false :vexpand false :space-evenly false :class "clock"
(label :class "date" :text "${hour}")
(label :class "date" :text "${minute}")
)
)
)
;; Calendar
(defpoll calendar_day :interval "20h" "date '+%d'")
(defpoll calendar_year :interval "20h" "date '+%Y'")
(defwidget cal []
(box :class "cal" :orientation "v"
(box :class "cal-in"
(calendar :class "cal"
:day calendar_day
:year calendar_year))))
(defwindow calendar
:monitor 0
:geometry (geometry :x "53px"
:y "5px"
:anchor "bottom left"
:width "270px"
:height "60px")
(cal))
(deflisten workspaces_listen "./scripts/workspaces.sh")
(defwidget workspaces []
(literal :content workspaces_listen))
(defwindow bar
:monitor 0
:exclusive false
:geometry (geometry :height "1080px" :x "-4px" :y "0px"
:width "52px"
:anchor "top left")
:stacking "fg"
(bar))

10
hosts/thalassa/null/home/eww/scripts/do-not-disturb.sh Executable file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env nix-shell
#! nix-shell -p jq -i bash
if makoctl mode | rg -q "do-not-disturb"; then
eww update dnd=""
makoctl mode -r do-not-disturb > /dev/null
else
eww update dnd=""
makoctl mode -a do-not-disturb > /dev/null
fi

0
nixos/hosts/thalassa/null/home/eww/scripts/volume.sh → hosts/thalassa/null/home/eww/scripts/volume.sh
View File

Some files were not shown because too many files have changed in this diff Show More