cry/flake
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: cry:laptop
Branches Tags
cry:main
cry:laptop
cry:lolcathost-24.05
cry:myputer
cry:lolcathost
...
pull from: cry:main
Branches Tags
cry:main
cry:laptop
cry:lolcathost-24.05
cry:myputer
cry:lolcathost

No commits in common. "laptop" and "main" have entirely different histories.
laptop ... main

138 changed files with 6177 additions and 4256 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &cry age1e5e32alqa20cf40wt9jq8aaa2x3gh32207xj6ea5veszlpxnzgjqd2htm7
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *cry

109
GUIDE.md
View file

@ -1,109 +0,0 @@
# The Nix Documentation Situation
The Nix documentation situation is notorious bad. It's difficult to find
a concise answer with detailed justification/explanation. And most people
(myself included) tend resort to the [ArchWiki](https://wiki.archlinux.org).
> [!NOTE]
> The [Nix documentation team](https://nixos.org/community/teams/documentation) has an incredibly difficult job.
Unlike the *centralised* [ArchWiki](https://wiki.archlinux.org), the Nix ecosystem
is incredibly large:
1. **Nix** (the package manager)
2. **Nix/NixLang** (the programming language)
3. **Nixpkgs** (the package repository)
4. **NixOS** (the linux distribution)
5. **Home-Manager** (user environment management)
6. **NUR** (Nix User Repository, like the AUR but Nix!)
7. *and **many** more...*
Often each project has its own website, wiki, styling, etc. There is tonnes
of information available online but its so hard to find it.
**Notable organisations:**
1. NixOS Foundation (*official organisation that maintains Nix/Nixpkgs/NixOS*)
2. Nix Community (*unofficial community providing infrastructure/hosting/visibility for projects*)
## About Me
I love and hate Nix simultaneously.
Originally *(circa 2023)* I used Windows 10/11 exclusively for programming.
But this is tedious and my friend started mentioning Arch Linux. So with their
help I formatted a spare SSD and began my journey.
But I **REALLY** like computers... I have servers, routers, 3 computers
actively powered in my bedroom, and *I believe* 8 laptops *currently* in my posession.
Documenting **every** change I make to a system and spending a week
setting up a device I don't really care about isn't sustainable.
And then *(circa October 2024)* I learnt about NixOS... And now life is "easy".
But learning Nix/NixLang/Nixpkgs/NixOS/Home-Manager/blah-blah-blah was exhausting.
So now I'll try to simplify this learning curve for other newbies **<3**
## Nix/NixOS How To
### NixOS Documentation
Using "the" NixOS wiki is surprisingly confusing (at least it was for me).
Why? Because there are multiple and you probably won't realise the difference.
**Main Wikis:**
> These are visually and structurally identical... And are both community run.
> But they're content does differ. [nixos.wiki] was created
> because ""[wiki.nixos.org] was too limiting with regards to wiki features".
1. [https://wiki.nixos.org] (the **official** NixOS wiki)
2. [https://nixos.wiki] (the **unofficial** user's wiki, community run)
**Other Resources:**
> [!TODO]
### Migrate to a Newer Version of Nixpkgs
```bash
# Determine the channel name you're using
nix-channel --list
nix-channel --remove <OLD_CHANNEL>
nix-channel --add <NEW_CHANNEL> # ie https://nixos.org/channels/nixos-25.05
nix-channel --update
# Now upgrade system profile (log to file in case of failure)
nixos-rebuild boot --upgrade | tee rebuild.log
```
## Security Implications
### NixOS Default Home Permissions
```bash
# Executing from $HOME
>>> mkdir example.d && ls -l example.d
-rw-r--r-- 1 me users 1 Jul 25 10:13 example.d
>>> echo > example.f && ls -l example.f
-rw-r--r-- 1 me users 1 Jul 25 10:15 example.f
## But these ignore facl?
>>> getfacl "$HOME"
# file: home/me
# owner: me
# group: users
user::rwx
group::---
other::---
```
Many commands default to permissions that ignore the file access control listl (file ACLs).
This is not a NixOS specific issue. However this isn't ideal from a security perspective.
The simplest solution is a recursive `chmod -R 600 ~` but there are plenty of files we
intentionally want to be different.
> [!TODO]
> Solution: Make a Nix/Home-Manager package allowing for control over folder permissions.
> SOlution: Also it should warn if any files owned by $USER have a 2
## Further Reading
### Finding New Things to Do
`man 5 configuration.nix` is incredibly useful
similar info can be found at https://mynixos.com/options
### For your curiosity
1. https://wiki.nixos.org/wiki/Firejail

39
README.md
View file

@ -1,38 +1,11 @@
## My NixOS Flake
>[!TIP]
> My flake is written using [my Cerulean project](https://github.com/cry128/cerulean). Hopefully
> it can serve as a decent example of my vision with the Cerulean + Snowflake projects.
### Philosophy
> [!TODO] My philosophy has kinda changed since the beginning
### Repo Structure
Modules are organised into groups (ie "Core"), from here a module is structured as either:
1. a single `.nix` file (ie bluetooth.nix). I do this when I won't implement an alternative
2. a directory (ie `sound`) containing a set of alternative implementations and a `default.nix`
that simply imports one of the implementations. For the `sound` example I currently have it structured
to default to `pipewire.nix`. I haven't made alternatives yet but the idea is that it is HIGHLY likely
I do in future.
### Security Considerations
###### Hashing
For services where password hashing is done infrequently (ie my forgejo instance with signups disabled)
use argon2 (argon2id) with default `argon2$2$65536$8$50` (typically). Otherwise bcrypt is preferred.
### TODO
There are a lot of commented `# TODO: ...` items in this repository.
All (most) of my commented directives can be found via this pattern:
```sh
grep -rnE '^\s*(//|#)\s*[A-Z]*:\s*.+$' --exclude-dir=.git 2>/dev/null
```
### Random Explanation of Fonts
There are four types of fonts (to my knowledge at least):
1. serif (funny squigles / small elegant strokes included)
2. sans-serif (meaning "without serifs")
3. monospace (all glyphs are of a uniform size)
4. emoji (cute lil faces)
Fun fact: on Android, the emojis you are seeing are part of the noto-emoji font :)
For finding a font for programming I highly recommend trying https://www.codingfont.com/
>[!TODO]
> My philosophy has kinda changed since the beginning
### Links
#### Inspiration

33
TODO
View file

@ -1,33 +0,0 @@
## Next Up
0. Rename TODO -> TODO.md
1. Rename user "ae" to "cry" or "vps"
2. Add 404 page to nginx on hyrule
3. Add a user called "mirror" that stores important mirrors (inspiration: https://git.gay/mirror)
## TODO
SOON: fix having to keep specifying new sha256 for home-manager (where I fetchTarball for it)
Create a command palette accessible with MOD+P (MOD => Windows Key)
(ie make fullscreen, send to monitor, etc)
Boring stuff (ie work and uni should go on a separate user account)
on in some separate $HOME atleast
Is home-manager installed standalone? If so please remove that...
Rewrite the README.md file its all over the place (add more structure to the `docs` directory instead)
Add a MAC Changer module like
https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/blob/main/nixos/mac-randomize.nix
Make each monitor's window styling slightly different (just for fun)
Research "input methods" ie https://wiki.archlinux.org/title/Input_method
Bind 5 workspaces per connected monitor.
Then use the command palette (discussed prior) to send to
a different workspace (ie because I currently use MOD+SHIFT+n
but if n>=10 then it doesnt work! hence we need a command palette!)
Can I run openvpn only for a specific proccess and its children?
then ie run qbittorrent (just in case the VPN isnt private)

9
TODO.md Normal file
View file

@ -0,0 +1,9 @@
- [ ] Update the README.md
- [ ] switch ssh keys to ECC (fuck RSA)
- [ ] forgejo not post-quantum (fix that)
- [X] migrate forge.dobutterfliescry.net -> tearforge.net
- [X] rename forgejo user to git
- [ ] setup my own VPN
- [ ] connect matcha to my VPN
- [ ] use matcha to build stuff instead of using my laptop

20
colors.rasi Normal file
View file

@ -0,0 +1,20 @@
* {
background: rgba(51,37,65,0.9);
foreground: rgba(198,186,227,0.9);
color00: rgba(78,66,70,0.9);
color01: rgba(111,91,159,0.9);
color02: rgba(120,98,164,0.9);
color03: rgba(131,128,181,0.9);
color04: rgba(154,127,183,0.9);
color05: rgba(157,129,185,0.9);
color06: rgba(123,153,183,0.9);
color07: rgba(165,148,207,0.9);
color08: rgba(115,103,145,0.9);
color09: rgba(129,102,193,0.9);
color10: rgba(140,112,199,0.9);
color11: rgba(145,141,218,0.9);
color12: rgba(170,126,217,0.9);
color13: rgba(174,130,220,0.9);
color14: rgba(135,181,228,0.9);
color15: rgba(165,148,207,0.9);
}

371
config.temp/hyprland.conf
View file

@ -1,371 +0,0 @@
# All hyprland configuration variables are listed (even niche ones)
# to save you the hassle. Reference: https://wiki.hypr.land/Configuring/Variables/
#
# You can split this configuration into multiple files
# Create your files separately and then link them to this file like this:
# source = ~/.config/hypr/myColors.conf
################
### MONITORS ###
################
# Programming:
monitor=eDP-1, highres@highrr, auto, 1.0
# Comfy:
#monitor=eDP-1, highres@highrr, auto, 1.5
###################
### MY PROGRAMS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Set programs that you use
$terminal = ghostty #rio
$fileManager = thunar
#$menu = wofi --show drun
$menu = ags -t "applauncher"
$colorpicker = hyprpicker | head -c 7 | wl-copy
#################
### AUTOSTART ###
#################
# Autostart necessary processes (like notifications daemons, status bars, etc.)
# Or execute your favorite apps at launch like this:
# exec-once = $terminal
# exec-once = nm-applet &
# exec-once = waybar & hyprpaper & firefox
exec-once = swww-daemon &
# TODO: or do I do `swww init` or `swww restore`?
# █▀▀ █▄░█ █░█   █░█ ▄▀█ █▀█
# ██▄ █░▀█ ▀▄▀   ▀▄▀ █▀█ █▀▄
# See https://wiki.hyprland.org/Configuring/Environment-variables/
#env = HYPRCURSOR_THEME,Bibata-Modern-Ice
env = HYPRCURSOR_SIZE,16
#env = XCURSOR_THEME,Bibata-Modern-Ice
env = XCURSOR_SIZE,16
env = QT_QPA_PLATFORM,wayland
env = QT_QPA_PLATFORMTHEME,qt5ct
env = XDG_MENU_PREFIX,arch-
# TODO: make this variable (not dependent on helix) in my flake
env = EDITOR,hx
env = TERMINAL,rio
# DEBUG: attempting to get screensharing working... (please god help me)
# REFERENCE: https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/251#issuecomment-2345631820
env = XDG_CURRENT_DESKTOP,Hyprland
exec-once = dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
#exec-once = dbus-update-activation-environment --systemd --all
#exec-once = systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
# .__. .___ __..___. . . .___ .___. ._. __ __.
# [__] [__ (__ | |__| [__ | | / ` (__
# | | [___ .__) | | | [___ | _|_ \__. .__)
# Refer to https://wiki.hyprland.org/Configuring/Variables/
# https://wiki.hyprland.org/Configuring/Variables/#general
general {
gaps_in = 12 # margin between windows
gaps_out = 25 # margin from windows to monitor edge
gaps_workspaces = 0 # margin between workspaces (stacks with gaps_out)
# float_gaps = 0 # gaps_out but for floating windows
border_size = 4
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(00000000)
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
layout = dwindle
snap {
enabled = false
window_gap = 10
monitor_gap = 10
border_overlap = false
# respect_gaps = false
}
}
# https://wiki.hyprland.org/Configuring/Variables/#decoration
decoration {
rounding = 20
rounding_power = 4.0 # Lp norm
border_part_of_window = true # consider border as part of its window
screen_shader = # path to custom GLSL fragment shader
# Window Transparency
active_opacity = 1.0
inactive_opacity = 0.95
fullscreen_opacity = 1.0 # fullscreened windows
# Inactive Window Dimming
dim_inactive = false
dim_strength = 0.5
dim_special = 0.2
dim_around = 0.4
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur {
enabled = true
new_optimizations = true
xray = false # floating windows xray through tiling windows
ignore_opacity = true
# Blur Parameters
size = 8
passes = 1
noise = 0.0117 # default
contrast = 0.8916 # default
brightness = 0.8172 # default
vibrancy = 0.1696 # default
vibrancy_darkness = 0.0 # default
# Blurring For Specific Window Types
special = false # blur special windows
popups = false # blur popups
popups_ignorealpha = 0.2
input_methods = false
input_methods_ignorealpha = 0.2
}
shadow {
enabled = true
ignore_window = true # only render at edges (not behind)
range = 3
render_power = 1 # falloff rate
sharp = false # aka infinite shadow.render_power
offset = 0 0 # vec2
scale = 1.0
color = rgba(00000000)
color_inactive = rgba(000000ff) # defaults to shadow.color if unset
}
}
# https://wiki.hyprland.org/Configuring/Variables/#animations
animations {
enabled = yes, please :)
# Animation Declaration Format:
# "animation = NAME, ENABLE, SPEED, BEZIER [,STYLE]"
# SPEED: in ds (where 1ds = 100ms)
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = easeOutQuint,0.23,1,0.32,1
bezier = easeInOutCubic,0.65,0.05,0.36,1
bezier = linear,0,0,1,1
bezier = almostLinear,0.5,0.5,0.75,1.0
bezier = quick,0.15,0,0.1,1
animation = global, 1, 10, default
animation = border, 1, 5.39, easeOutQuint
#animation = windows, 1, 4.79, easeOutQuint
#animation = windowsIn, 1, 4.1, easeOutQuint, popin 87%
animation = windowsIn, 1, 4, linear, slide bottom
# animation = windowsOut, 1, 1.49, linear, popin 87%
animation = windowsOut, 1, 10, linear, popin
animation = fadeIn, 1, 1.73, almostLinear
animation = fadeOut, 1, 1.46, almostLinear
animation = fade, 1, 3.03, quick
animation = layers, 1, 3.81, easeOutQuint
animation = layersIn, 1, 4, easeOutQuint, fade
animation = layersOut, 1, 1.5, linear, fade
animation = fadeLayersIn, 1, 1.79, almostLinear
animation = fadeLayersOut, 1, 1.39, almostLinear
animation = workspaces, 1, 1.94, almostLinear, fade
animation = workspacesIn, 1, 1.21, almostLinear, fade
animation = workspacesOut, 1, 1.94, almostLinear, fade
}
# Ref https://wiki.hyprland.org/Configuring/Workspace-Rules/
# "Smart gaps" / "No gaps when only"
# uncomment all if you wish to use that.
# workspace = w[t1], gapsout:0, gapsin:0
# workspace = w[tg1], gapsout:0, gapsin:0
# workspace = f[1], gapsout:0, gapsin:0
# windowrulev2 = bordersize 0, floating:0, onworkspace:w[t1]
# windowrulev2 = rounding 0, floating:0, onworkspace:w[t1]
# windowrulev2 = bordersize 0, floating:0, onworkspace:w[tg1]
# windowrulev2 = rounding 0, floating:0, onworkspace:w[tg1]
# windowrulev2 = bordersize 0, floating:0, onworkspace:f[1]
# windowrulev2 = rounding 0, floating:0, onworkspace:f[1]
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle {
pseudotile = true # Master switch for pseudotiling. Enabling is bound to MOD + P in the keybinds section below
preserve_split = true # You probably want this
}
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master {
new_status = master
}
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc {
#force_default_wallpaper = -1 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = true # If true disables the random hyprland logo / anime girl background. :(
disable_splash_rendering = true
}
#############
### INPUT ###
#############
# https://wiki.hyprland.org/Configuring/Variables/#input
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
touchpad {
natural_scroll = false
}
}
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures {
workspace_swipe = true
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
#device {
# name = epic-mouse-v1
# sensitivity = -0.5
#}
###################
### KEYBINDINGS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
$MOD = SUPER # Sets "Windows" key as main modifier
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $MOD, RETURN, exec, $terminal
bind = $MOD, E, exec, $fileManager
bind = $MOD, R, exec, $menu
bind = $MOD, H, exec, $colorpicker
bind = $MOD, F, fullscreen
bind = $MOD, V, togglefloating,
bind = $MOD, P, pseudo, # dwindle
bind = $MOD, J, togglesplit, # dwindle
bind = $MOD, C, killactive,
#bind = $MOD, M, exit,
# Move focus with MOD + arrow keys
bind = $MOD, left, movefocus, l
bind = $MOD, right, movefocus, r
bind = $MOD, up, movefocus, u
bind = $MOD, down, movefocus, d
# Switch workspaces with MOD + [0-9]
bind = $MOD, 1, workspace, 1
bind = $MOD, 2, workspace, 2
bind = $MOD, 3, workspace, 3
bind = $MOD, 4, workspace, 4
bind = $MOD, 5, workspace, 5
bind = $MOD, 6, workspace, 6
bind = $MOD, 7, workspace, 7
bind = $MOD, 8, workspace, 8
bind = $MOD, 9, workspace, 9
bind = $MOD, 0, workspace, 10
# Move active window to a workspace with MOD + SHIFT + [0-9]
bind = $MOD SHIFT, 1, movetoworkspace, 1
bind = $MOD SHIFT, 2, movetoworkspace, 2
bind = $MOD SHIFT, 3, movetoworkspace, 3
bind = $MOD SHIFT, 4, movetoworkspace, 4
bind = $MOD SHIFT, 5, movetoworkspace, 5
bind = $MOD SHIFT, 6, movetoworkspace, 6
bind = $MOD SHIFT, 7, movetoworkspace, 7
bind = $MOD SHIFT, 8, movetoworkspace, 8
bind = $MOD SHIFT, 9, movetoworkspace, 9
bind = $MOD SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $MOD, S, togglespecialworkspace, magic
bind = $MOD SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with MOD + scroll
bind = $MOD, mouse_up, workspace, e-1
bind = $MOD, mouse_down, workspace, e+1
# Or with the keyboard
bind = $MOD SHIFT, left, workspace, e-1
bind = $MOD SHIFT, right, workspace, e+1
# Move/resize windows with MOD + LMB/RMB and dragging
bindm = $MOD, mouse:272, movewindow
bindm = $MOD, mouse:273, resizewindow
# Laptop multimedia keys for volume and LCD brightness
bindel = ,XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+
bindel = ,XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-
bindel = ,XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
bindel = ,XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
bindel = ,XF86MonBrightnessUp, exec, brightnessctl s 10%+
bindel = ,XF86MonBrightnessDown, exec, brightnessctl s 10%-
# Requires playerctl
bindl = , XF86AudioNext, exec, playerctl next
bindl = , XF86AudioPause, exec, playerctl play-pause
bindl = , XF86AudioPlay, exec, playerctl play-pause
bindl = , XF86AudioPrev, exec, playerctl previous
##############################
### WINDOWS AND WORKSPACES ###
##############################
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# See https://wiki.hyprland.org/Configuring/Workspace-Rules/ for workspace rules
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
# Ignore maximize requests from apps. You'll probably like this.
windowrulev2 = suppressevent maximize, class:.*
# Fix some dragging issues with XWayland
windowrulev2 = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0

82
deploy
View file

@ -1,82 +0,0 @@
#!/usr/bin/env bash
set -e
# TODO: use `nixos-rebuild build-vm`
usage="Usage: $(basename $0) [OPTIONS]
Options:
-f, --fresh Remove old content in the nixstore (good for debugging)
-b, --bootloader Reinstall the bootloader
-r, --remote Locally build and remotely deploy Colmena hive
-h, --help Show this message (^_^)"
# delete all cached entries
# to make the system from scratch
collect_garbage () {
sudo nix-collect-garbage --delete-old
}
rebuild_flake () {
# make sure all changes are visible to nixos
git add . --verbose
local FLAGS=
if [ "$1" = "reinstall-bootloader" ]; then
FLAGS="--install-bootloader"
# sudo nixos-rebuild switch --flake . --install-bootloader
# STC_DISPLAY_ALL_UNITS=1 (verbose, show output of all units)
fi
# LOG="$(mktemp /tmp/rebuild-XXXXXXXX)"
LOG="./rebuild.log"
echo "[*] Logging to $LOG"
sudo nixos-rebuild switch --flake . $FLAGS 2>&1 | tee "$LOG"
#nixos-rebuild build --flake .# --cores 8 -j 1
}
deploy_hive () {
echo "[+] Adding keys to ssh-agent"
ssh-add ~/.ssh/id_hyrule
printf "\n"
git add . --verbose
# Deploy to all Colmena hives
colmena build --experimental-flake-eval
colmena apply --experimental-flake-eval
# colmena apply --on hyrule --experimental-flake-eval
}
# check which flags were given
flag_fresh=false
flag_bootloader=false
for flag in "$@"; do
case "$flag" in
-r|--remote)
deploy_hive
exit 0 ;;
-f|--fresh)
flag_fresh=true ;;
-b|--bootloader)
flag_bootloader=true ;;
-h|--help)
echo "$usage"
exit 0 ;;
*)
echo "[!] Unknown flag \"$flag\""
exit 1 ;;
esac
done
# delete cached items in nixstore
if [ "$flag_fresh" = true ]; then
collect_garbage
exit 0
fi
# nixos-rebuild switch ...
if [ "$flag_bootloader" = true ]; then
collect_garbage
rebuild_flake "reinstall-bootloader"
else
rebuild_flake
fi

25
docs/DEVDOC.md
View file

@ -1,25 +0,0 @@
## Users
#### me
My main personal account, used on my PC and laptop.
Contains a hyprland graphical environment by default.
#### ae
Primary account on my servers. Contains the bare
essentials for my work, no graphical environment.
#### friends
A simple account I let me friends connect to.
Limited functionality, mostly just for letting
them test small things or for giving them files.
## Setup Guide
##### Adding a New Server
Enable an ssh server on the remote host, then on the
local machine set `.ssh/config` to have a profile for
your desired host and have a key pair that's authorised
to your desired user.
NOTE: these keys must have permission 600 (only readable/writable by you)

67
docs/DEV_ENV.md
View file

@ -1,67 +0,0 @@
This file will document what features I believe I need
for NixOS to be a good development environment.
Issues I've encountered:
- [X] Audio not working
- [X] Tesseract is a pain in the ass to setup on Nix
- [ ] ags no longer supports `-t` flag, so applauncher won't work, requires switching to Astral
- [ ] script to enable/disable passwordless sudo
- [X] Move Emile.Vault to new vault (I lost the password...)
- [X] Add a simple and ugly bar
- [ ] Install powertop (funny name) for monitoring power usage by processes
- [ ] Try to make my battery life bettery
- [ ] Apply for JetBrains student license
- [ ] JetBrains Rider and VSCodium for C#
2. Imperative development environment behind NixOS (declarative),
similar to python's virtualenv but for the entirety of my system.
- [X] Call my wishlist command "subspace (highway)" (Scott Pilgrim reference)
- [ ] Create a GitHub profile readme like this persons:
https://github.com/yuyudhn
- [ ] Set a new GitHub profile picture (like github:@Vendicated)
artists credit: https://dotpict.net/users/1598051
- [ ] Change GitHub location to /dev/zero, /dev/null, www, World Wide Web, etc
- [ ] Clean up my GitHub profile (only have things I'm proud of)
- [X] Put a template website on my VPS
- [ ] Put a neoweb-esque webiste on my VPS
- [ ] Host a blog on my VPS
- [ ] Clean laptop and PC, there's tons of unnecessary files and documents now
- [ ] Clean nixdots repo, start modularising it ^_^
- [ ] Disable `allowUnfree` in nixdots everywhere, if a program needs it then they
can `mkForce` override it
- [X] Add LSP for Nix in helix
- [ ] Make a way for me to put my laptop in a low power state, doing very specific actions like:
1. disabling LSP use by default temporarily
- [ ] Add https://github.com/levnikmyskin/hyprland-virtual-desktops
TODO:
- [X] make btop theming declarative
- [X] Merge laptop and PC dotfiles repos
- [ ] declaratively install themes for gitkraken using home-manager
Cool Technologies:
- wishlist (by charmbracelet)
- Vaultwarden server + Keyguard client
- devbox
Random Idea List:
- [ ] powertop is cool but it's outdated and ugly, make a prettier one with charmbracelet's tui library
and call it powerbtm lmao
- [ ] Blog Post: a modern alternative to the suckless philosphy,
why GNU keeps failing cause their programs are amazing but
aren't designed for humans. suckless programs are excellent
too when writing shell scripts, but they suck in dev environments.
The solution is to gamify our code and focus on aesthetics
and "ergonomics" (usability) like what CharmBracelet does

5
docs/PROBLEMLOG.md
View file

@ -1,5 +0,0 @@
180GB of disk space were used by my system which seemed absurd. Running the NixOS
garbage collector only removed 7GB. The rest was found via:
`du -hs ./.local/share/Games/drive_c/Program\ Files\ \(x86\)/Steam/dumps/reports/*`
tldr: there were 2714 30MB crash report files generated every minute of May 2nd 2025 (10 days ago)
SOLUTION: delete them all and hope it doesn't happen again

91
docs/TODO.md
View file

@ -1,91 +0,0 @@
Get Utilities:
1. httpie
2. curlie
3. zoxide
4. doggo
1. Get helix editor
2. Custom helix
3. Complete helix tutorial
Get nixcord working
Get thunar working
Set a GTK theme & icon theme
Get better wallpapers
Get hyprcursor working with Bibata-Modern-Ice
Get a GRUB theme working
Get SDDM and a theme working
Make a custom hyprlock screen
Get AGS working
Make an applauncher in AGS
Remove hyprland splash screen on init
Made lolcathost home modular
Overtime just install more programs that I need regularly: ie
- btop/htop/etc
Get GTK Bibata Cursors to be the same size as my system cursor (NOT SURE WHAT I DID...)
Get waybar (or another bar) working
Get a QT theme
Fix pipewire audio sometimes working and sometimes not :(
Bind new terminal to SUPER+Enter instead of SUPER+Q
Join Rio Terminal's discord and ask if they support nerdfonts or if I'm doing something wrong
Change Dell loading screen (Boot Graphics Resource Table, aka BGRT)
Fix: your 131072x1 screen size is bogus. expect trouble
Search for all "TODO" items in my nix dotfiles
Push nixdots to github
Check out the Ekala Project (I joined their discord server)
Create a program that enables/disables passwordless sudo access
(add to github too)
Learn to package my own home-manager modules
Ideal Features:
1. AI assistant
2. searching can also be used to calculate stuff (like I do on my iPad)
Fork nixcord and fix documentation (the installation is confusing)
But firstly the first code snippet is wrong...
```nix
inputs.nixcord = {
url = "github:kaylorben/nixcord"
};
```
Should actually be
```nix
inputs.nixcord = {
url = "github:kaylorben/nixcord"; # dont forget the semicolon
};
```

3
docs/TODO_UI.md
View file

@ -1,3 +0,0 @@
1. Create more themes for my applauncher
2. Create more themes for hyprlock
check out: https://github.com/MrVivekRajan/Hyprlock-Styles

12
docs/inspiration.md
View file

@ -1,12 +0,0 @@
Godlike
https://github.com/end-4/dots-hyprland
Gorgeous
https://github.com/prasanthrangan/hyprdots
Very nice
https://github.com/linuxmobile/hyprland-dots
I love their hyprpanel!
https://www.reddit.com/r/unixporn/comments/1ha3mjw/hyprlandnixos_is_the_pretty_ucking_solid_i_love/

2
docs/nixos_notes.md
View file

@ -1,2 +0,0 @@
Building specific parts of a NixOS system
https://nixos.org/manual/nixos/stable/#sec-building-parts

1468
flake.lock generated
View file

File diff suppressed because it is too large Load diff

151
flake.nix
View file

@ -1,98 +1,105 @@
{
description = "Emile's Nix Dotfiles";
description = "im gonna cry again ;-;";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
systems.url = "github:nix-systems/default-linux";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
#home-manager = {
# url = "github:nix-community/home-manager";
# inputs.nixpkgs.follows = "nixpkgs";
#};
grub2-themes.url = "github:vinceliuice/grub2-themes";
ags.url = "github:Aylur/ags";
colmena.url = "github:zhaofengli/colmena/?rev=47b6414d800c8471e98ca072bc0835345741a56a";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
grub2-themes,
colmena,
...
} @ inputs: let
system = "x86_64-linux";
nt.url = "git+https://tearforge.net/cry/nt";
pkgs = import nixpkgs {
inherit system;
config = {
allowUnfree = false; # sanity check
cerulean = {
# url = "github:cry128/cerulean/bleeding";
url = "/home/me/cry/mk/cerulean";
inputs = {
nt.follows = "nt";
systems.follows = "systems";
nixpkgs.follows = "nixpkgs";
};
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
config = {
allowUnfree = true; # TODO: bandaid solution... (for minecraft-server)
};
};
# TODO: come back to this its really cool
# this is just something I'm experimenting with
# PROJECT_ROOT = builtins.toString ./.;
in {
devShells."x86_64-linux".default = pkgs.mkShell {
shell = "${pkgs.bash}/bin/bash";
packages = with pkgs; [
# ./script/* dependencies
mkpasswd
];
grub2-themes = {
url = "github:vinceliuice/grub2-themes";
inputs.nixpkgs.follows = "nixpkgs";
};
nixosConfigurations = {
# i be on my puter fr
myputer = nixpkgs.lib.nixosSystem {
# nix passes these to every single module
specialArgs = {inherit inputs pkgs-unstable;};
modules = [
./hosts/myputer
grub2-themes.nixosModules.default
];
sddm-silent = {
url = "github:uiriansan/SilentSDDM";
inputs.nixpkgs.follows = "nixpkgs";
};
# my laptop 0w0
lolcathost = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs-unstable;};
mango = {
url = "github:DreamMaoMao/mango";
inputs.nixpkgs.follows = "nixpkgs";
};
modules = [
./hosts/lolcathost
grub2-themes.nixosModules.default
];
hyprland = {
# FUCK HYPRLAND
# url = "github:hyprwm/Hyprland/4152ac76d0813d9d0f67d2f04653a13fa6e17433";
url = "git+https://tearforge.net/cry/Hyprland";
inputs = {
nixpkgs.follows = "nixpkgs";
systems.follows = "systems";
};
};
# remote deployment to my servers!!
colmenaHive = colmena.lib.makeHive {
meta = {
nixpkgs = pkgs;
specialArgs = {inherit pkgs-unstable;};
awww = {
url = "git+https://codeberg.org/LGFae/awww";
inputs.nixpkgs.follows = "nixpkgs";
};
# set nixpkgs per server
nodeNixpkgs = {
hyrule = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = false;
nixcats.url = "github:BirdeeHub/nixCats-nvim";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
nixcord = {
url = "github:FlameFlag/nixcord";
inputs.nixpkgs.follows = "nixpkgs";
};
millennium = {
url = "github:SteamClientHomebrew/millennium?dir=packages/nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
spicetify-nix = {
url = "github:Gerg-L/spicetify-nix";
inputs = {
systems.follows = "systems";
nixpkgs.follows = "nixpkgs-unstable";
};
};
zen-browser = {
url = "github:0xc000022070/zen-browser-flake";
inputs = {
nixpkgs.follows = "nixpkgs-unstable";
home-manager.follows = "home-manager";
};
};
dobutterfliescry-net = {
url = "git+https://tearforge.net/cry/site";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-unstable.follows = "nixpkgs-unstable";
systems.follows = "systems";
};
};
};
# meine vps
hyrule = import ./hosts/hyrule;
};
nixConfig = {
extra-experimental-features = "pipe-operators";
};
outputs = {cerulean, ...} @ inputs:
cerulean.snow.flake inputs ./.;
}

68
groups/all/default.nix Normal file
View file

@ -0,0 +1,68 @@
{
pkgs,
lib,
...
}: {
imports = [
./modules/flatpak.nix
];
security.sudo-rs = {
enable = true;
wheelNeedsPassword = lib.mkOverride 200 true;
};
networking = {
networkmanager.enable = true;
nftables.enable = true;
firewall = {
enable = lib.mkDefault true;
allowPing = lib.mkDefault true;
};
# Use CloudFlare's WARP+ 1.1.1.1 DNS service
nameservers = [
"1.1.1.1"
"1.0.0.1"
];
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 7d --keep 3";
# TODO: move nh config to be home-manager
flake = "/home/me/flake"; # sets NH_OS_FLAKE variable for you
};
nix.settings = {
# make wheel group trusted users allows my "ae" user
# to import packages not signed by a trusted key
# (aka super duper easier to remote deploy)
trusted-users = ["root" "@wheel"];
experimental-features = [
"nix-command"
"flakes"
"pipe-operators"
];
download-buffer-size = 524288000; # 500 MiB
};
time.timeZone = lib.mkDefault "Australia/Brisbane";
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
users.defaultUserShell = pkgs.bash;
environment.systemPackages = with pkgs; [
git
vim
wget
tree
];
}

12
groups/all/modules/flatpak.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
services.flatpak = {
# DEBUG: remotes = [
# DEBUG: {
# DEBUG: location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
# DEBUG: name = "flathub";
# DEBUG: }
# DEBUG: ];
# DEBUG: uninstallUnmanaged = true;
};
}

127
groups/cryde/default.nix Normal file
View file

@ -0,0 +1,127 @@
{
inputs,
pkgs,
lib,
config,
...
}: {
imports = [
./programs.nix
../../hosts/modules/bashistrans.nix
../../hosts/modules/wm/hyprland.nix
../../hosts/modules/steam.nix
../../hosts/modules/obsidian.nix
];
boot.loader.grub2-theme = {
enable = true;
# GitHub: vinceliuice/grub2-themes
theme = "whitesur"; # stylish, vimix, or whitesur
footer = true;
customResolution = "1920x1080";
};
services = {
# Set display manager (login screen)
displayManager = {
# sddm relies on pkgs.libsForQt5.qt5.qtgraphicaleffects
sddm = {
enable = true;
wayland.enable = ! config.services.xserver.enable; # experimental
# theme = lib.mkForce "silent";
};
# defaultSession = "mango"; # DEBUG
defaultSession =
if config.programs.hyprland.withUWSM == true
then "hyprland-uwsm"
else "hyprland";
};
tumbler.enable = true; # Thunar image thumbnail support
gvfs.enable = true; # Thunar mount, trash, and other functionality
};
home-manager.sharedModules = [
inputs.mango.hmModules.mango
];
programs = {
zsh.enable = true;
fish.enable = true;
nix-ld.enable = true;
mango.enable = true;
# silentSDDM = {
# enable = true;
# theme = "rei";
# };
# Thunar also uses: `services.tumbler` & `services.gvfs`
thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-volman # for removable drives (ie USBs)
thunar-archive-plugin # create and extract archives
thunar-media-tags-plugin # change metadata for media files
];
};
# mozilla's email client
thunderbird.enable = true;
};
# ----- FONTS -----
fonts = {
enableDefaultPackages = true; # no clue what this line does tbh
packages = with pkgs;
[
geist-font # for my hyprlock theme
# texlive maintains a noto-emoji flake
texlivePackages.noto-emoji
]
++ builtins.filter lib.attrsets.isDerivation (
builtins.attrValues pkgs.nerd-fonts
);
# TODO: change my default fonts
fontconfig = {
defaultFonts = {
serif = ["Geist"]; # TODO: package Iosevka Etoile since Iosevka isn't a serif font
sansSerif = ["Geist"];
monospace = ["Cousine"];
emoji = ["Noto Emoji"];
};
};
};
# ---- ENVIRONMENT VARIABLES ----
environment = {
sessionVariables = {
# Hint Electrons apps to use Wayland
NIXOS_OZONE_WL = "1";
};
# systemPackages = with pkgs; [
# sddm-theme-corners
# ];
};
# ------- USERS -------
users = {
users = {
# literally me fr (personal account)
me = {
isNormalUser = true;
extraGroups = ["wheel" "netdev" "docker"];
shell = pkgs.bash;
packages = with pkgs; [
firefox
gitkraken
];
};
};
};
}

33
groups/cryde/programs.nix Normal file
View file

@ -0,0 +1,33 @@
{
pkgs,
upkgs,
...
}: {
# ---- SYSTEM PACKAGES -----
environment.systemPackages = with pkgs; [
# User Environment
awww # swww
helvum
easyeffects
pavucontrol
ani-cli
bluetui
wl-clipboard # clipboard for wayland
hyprpicker # color picker
hyprshot # screenshot utility
wl-screenrec # screen recording utility
qbittorrent # torrenting
signal-desktop
kdePackages.gwenview # image viewer
video-trimmer
element-desktop
vlc
# Games
prismlauncher # minecraft
upkgs.olympus # celeste
discord
discordo
upkgs.ekphos
];
}

118
groups/cryos/default.nix Normal file
View file

@ -0,0 +1,118 @@
{lib, ...}: {
imports = [
./programs.nix
];
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
grub = {
efiSupport = true;
device = "nodev";
# useOSProber = true;
};
};
# Enable initrd hook for virtual console customisation
# aka cool colours when bootting yay!!
console = {
enable = true;
earlySetup = true; # initrd pre hook
keyMap = "us";
font = "Lat2-Terminus16";
# ANSI 24-bit color definitions (theme: dracula)
colors = [
"21222c"
"ff5555"
"50fa7b"
"f1fa8c"
"bd93f9"
"ff79c6"
"8be9fd"
"f8f8f2"
"6272a4"
"ff6e6e"
"69ff94"
"ffffa5"
"d6acff"
"ff92df"
"a4ffff"
"ffffff"
];
};
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
bluetooth = {
enable = true;
powerOnBoot = true;
};
};
virtualisation.docker.enable = true;
services = {
# systemd-resolved provides network name resolution
# to local processes via a D-Bus interface.
resolved = {
enable = true;
dnssec = "true";
domains = ["~."];
# Use CloudFlare's WARP+ 1.1.1.1 DNS service
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
# Multimedia Framework
# With backwards compatability for alsa/pulseaudio/jack
pipewire = {
enable = true;
audio.enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
# pulse.enable = true;
# jack.enable = true;
};
};
security.rtkit.enable = true; # I *think* this is for pipewire
# ---- ENVIRONMENT VARIABLES ----
environment = {
# always install "dev" derivation outputs
extraOutputsToInstall = ["dev" "man"];
sessionVariables = {
# folder names with capitalisation look awful!
XDG_DOWNLOAD_DIR = "$HOME/downloads";
XDG_CONFIG_HOME = "$HOME/.config";
};
};
documentation = {
enable = true;
doc.enable = true; # install /share/doc packages
man = {
enable = true; # install manpages
generateCaches = false;
};
info.enable = true; # install GNU info
dev.enable = true; # install docs intended for developers
nixos = {
enable = true; # install NixOS documentation (ie man -k nix, & nixos-help)
options.splitBuild = true;
includeAllModules = false;
};
};
}

123
groups/cryos/programs.nix Normal file
View file

@ -0,0 +1,123 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
# Shell
bash
fish
shellcheck
grc # colorise command outputs
moreutils
# Systems Emulation
qemu # Fellice Bellard's Quick Emulator
# Binaries
binutils
strace
ltrace
perf-tools # ftrace + perf
radare2
gdb
hexyl
# ASM
nasm
x86-manpages
# C Family
gcc
clang
clang-tools
gnumake
cmake
# Rust
cargo
rustc
rustfmt
# Go
go
# Nim
nim
nimble
# Haskell
ghc
ghcid
ormolu
# Nix
nix-prefetch-git
nix-index
nix-unit
# Python
python312 # I use 3.12 since it's in a pretty stable state now
python314 # also 3.14 for latest features
poetry
# Sage
sageWithDoc # SageMath + HTML Documentation
# .NET
dotnetCorePackages.dotnet_9.sdk
dotnetCorePackages.dotnet_9.aspnetcore
dotnetCorePackages.dotnet_9.runtime
openvpn
inetutils
wireguard-tools
# security tools
rustscan
nmap
dig
gobuster
nth
zap
httpie
curlie
zoxide
doggo
tlrc
btop
eza
yazi
ripgrep
viddy # modern `watch` command
timg # terminal image (sixel) viewer
wormhole-rs
# Pretty necessary
git
git-filter-repo
brightnessctl
acpi
# upower
vim
powertop
imagemagick
usbutils
# "Standard" Unix Commands
file
wget
tree
pstree
zip
unzip
unrar-free
lz4
man-pages
man-pages-posix
# Cryptography
gnupg
openssl
libargon2
];
services.pcscd.enable = true;
programs = {
gnupg.agent = {
enable = true;
# pinentryPackage = pkgs.pinentry-curses;
enableSSHSupport = true;
};
};
}

81
groups/server/default.nix Normal file
View file

@ -0,0 +1,81 @@
{
pkgs,
lib,
...
}: {
networking = {
firewall = {
allowedTCPPorts = [
42069 # ssh
];
};
nftables.enable = true;
};
security = {
# accept Lets Encrypt's security policy
acme = {
acceptTerms = true;
defaults.email = "eclarkboman@gmail.com";
};
# allow SSH keys for passwordless auth
pam = {
sshAgentAuth.enable = true;
services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
};
};
services = {
openssh = {
enable = true;
ports = [42069];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
AllowUsers = ["cry"]; # DO NOT ALLOW ALL
UseDns = true;
X11Forwarding = false;
};
};
};
# simple fail2ban config (not production ready or anything though)
# refer to: https://nixos.wiki/wiki/Fail2Ban
services.fail2ban = {
enable = true;
ignoreIP = ["192.168.0.0/16"];
maxretry = 5;
bantime = "10m"; # 10 minute ban
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
# multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # dont ban for more than 1 week
overalljails = true;
};
};
users = {
users = {
# primary user
cry = {
isNormalUser = true;
createHome = true;
home = "/home/cry";
extraGroups = ["wheel"];
openssh.authorizedKeys.keys = lib.mkDefault [
(throw ''
You goofy goober :3
Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`.
'')
];
};
};
};
environment.systemPackages = with pkgs; [
unixtools.netstat
];
}

17
homes/ae/default.nix → homes/cry/default.nix
View file

@ -1,15 +1,4 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
nixpkgs = {
config.allowUnfree = false;
};
{...}: {
imports = [
../modules/fish.nix
../modules/bat.nix
@ -17,8 +6,8 @@
];
home = {
username = "ae";
homeDirectory = "/home/ae";
username = "cry";
homeDirectory = "/home/cry";
};
# Nicely reload system units when changing configs

125
homes/me/default.nix
View file

@ -1,36 +1,39 @@
{
inputs,
outputs,
lib,
config,
pkgs,
pkgs-unstable,
...
}: {
imports = [
../modules/fish.nix
../modules/btop.nix
../modules/tmux.nix
../modules/git.nix
../modules/bat.nix
../modules/fish.nix
../modules/editor/helix.nix
# ../modules/editor/vscodium.nix
../modules/btop.nix
../modules/term/ghostty.nix
../modules/term/foot.nix
# ../modules/term/rio.nix
../modules/firefox.nix
#../modules/wm/hypr/hypridle.nix
../modules/wm/hypr/hyprlock.nix
../modules/editor/helix.nix
../modules/editor/neovim
../modules/apps/firefox.nix
../modules/apps/zen-browser.nix
../modules/apps/thunderbird.nix
../modules/apps/nixcord.nix
../modules/apps/spicetify.nix
# ../modules/wm
../modules/wm/mangowc.nix
# ../modules/wm/hypr/hyprland.nix
# ../modules/wm/hypr/hyprlock.nix
../modules/kanshi.nix
../modules/ags
../modules/mako.nix
];
home = {
username = "me";
homeDirectory = "/home/me";
shellAliases = {
# rebuild = "sudo nixos-rebuild switch --flake /home/me/flake --show-trace";
# trybuild = "sudo nixos-rebuild test --flake /home/me/flake --show-trace";
rebuild = "nh os switch ~/flake";
trybuild = "nh os test ~/flake";
brip = "batgrep"; # bat + ripgrep
man = "batman"; # bat + man
};
@ -42,6 +45,19 @@
name = "Bibata-Modern-Ice";
size = 16;
};
packages = with pkgs; [
# for services.gnome-keyring
pkgs.gcr # provides org.gnome.keyring.SystemPrompter
seahorse # gui
krita
tor-browser
fuzzel
speedtest-cli
];
};
gtk = {
@ -71,8 +87,19 @@
};
programs = {
# these are both required for home-manager to work
home-manager.enable = true;
hyfetch = {
enable = true;
settings = {
preset = "nonbinary";
mode = "rgb";
backend = "fastfetch";
color_align = {
mode = "vertical";
};
auto_detect_light_dark = true;
pride_month_disable = false;
};
};
zsh = {
enable = true;
@ -91,43 +118,43 @@
};
# set ssh profiles
# NOTE: (IMPORTANT) this DOES NOT start the ssh-agent
# for that you need to use `services.ssh-agent.enable`
# WARNING: this DOES NOT start the ssh-agent
# WARNING: for that you need to use `services.ssh-agent.enable`
ssh = {
enable = true;
forwardAgent = false;
addKeysToAgent = "no";
addKeysToAgent = "yes";
matchBlocks = {
hyrule = {
hostname = "imbored.dev";
user = "ae";
port = 22;
identityFile = "~/.ssh/id_hyrule";
setEnv = {
TERM = "linux";
};
};
subspace = {
hostname = "imbored.dev";
user = "subspace";
port = 22;
identityFile = "~/.ssh/id_subspace";
};
dead = {
hostname = "deadlyserver.com";
user = "emile";
port = 29843;
identityFile = "~/.ssh/id_deadlyserver";
butterfly = {
hostname = "dobutterfliescry.net";
user = "cry";
port = 42069;
identityFile = "~/keys/butterfly";
setEnv = {
TERM = "xterm-256color";
};
};
hyrule = {
hostname = "hyrule.dobutterfliescry.net";
user = "cry";
port = 42069;
identityFile = "~/keys/hyrule";
setEnv = {
TERM = "xterm-256color";
};
};
matcha = {
hostname = "192.168.88.250";
user = "emile";
port = 22;
identityFile = "~/keys/matcha";
};
youcue = {
hostname = "moss.labs.eait.uq.edu.au";
user = "s4740056";
port = 22;
identityFile = "~/.ssh/id_youcue";
identityFile = "~/keys/other/youcue";
setEnv = {
TERM = "xterm-256color";
};
@ -136,12 +163,14 @@
};
};
services = {
# enable OpenSSH private key agent
services.ssh-agent.enable = true;
# ssh-agent.enable = true;
gnome-keyring.enable = true;
};
# the ssh-agent won't set this for itself...
systemd.user.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent";
# Nicely reload system units when changing configs
systemd.user.startServices = "sd-switch";
# systemd.user.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent";
home.stateVersion = "24.05"; # don't change this
}

0
homes/modules/firefox.nix → homes/modules/apps/firefox.nix
View file

250
homes/modules/apps/nixcord.nix Normal file
View file

@ -0,0 +1,250 @@
{inputs, ...}: {
imports = [
inputs.nixcord.homeModules.nixcord
];
programs.nixcord = {
enable = true;
equibop.enable = true;
discord = {
vencord.enable = false;
equicord.enable = true;
};
config = {
enabledThemes = [
"aurorastheme.css"
"base16-colors.css"
];
plugins = {
anonymiseFileNames = {
enable = true;
anonymiseByDefault = true;
method = 0;
randomisedLength = 16;
};
betterSessions = {
backgroundCheck = true;
checkInterval = 1;
};
biggerStreamPreview.enable = true;
callTimer.enable = true;
fixYoutubeEmbeds.enable = true;
fixSpotifyEmbeds.enable = true;
tidalEmbeds.enable = true;
youtubeAdblock.enable = true;
followVoiceUser.enable = true;
friendsSince.enable = true;
ircColors = {
enable = true;
lightness = 80;
memberListColors = true;
applyColorOnlyInDms = false;
applyColorOnlyToUsersWithoutColor = false;
};
messageLogger = {
enable = true;
showEditDiffs = true;
separatedDiffs = false;
};
fakeNitro.enable = true;
ghosted.enable = true;
noF1.enable = true;
noMaskedUrlPaste.enable = true;
messageLatency = {
enable = false;
latency = -1;
showMillis = true;
};
openInApp.enable = true;
crashHandler.enable = true;
disableCallIdle.enable = true;
experiments.enable = true;
expressionCloner.enable = true;
favoriteGifSearch.enable = true;
fixImagesQuality.enable = true;
forceOwnerCrown.enable = true;
forwardAnywhere.enable = true;
spotifyCrack.enable = true;
spotifyShareCommands.enable = true;
spotifyControls.enable = true;
fullUserInChatbox.enable = true;
gifPaste.enable = true;
ignoreActivities = {
enable = true;
ignorePlaying = true;
ignoreStreaming = true;
ignoreListening = true;
ignoreWatching = true;
ignoreCompeting = true;
};
imageLink.enable = true;
imageZoom.enable = true;
memberCount.enable = true;
noDevtoolsWarning.enable = true;
noUnblockToJump.enable = true;
pauseInvitesForever.enable = true;
permissionsViewer.enable = true;
pictureInPicture = {
enable = true;
loop = true;
};
platformIndicators.enable = true;
previewMessage.enable = true;
relationshipNotifier.enable = true;
revealAllSpoilers.enable = true;
serverInfo.enable = true;
serverListIndicators.enable = true;
showHiddenChannels.enable = true;
showHiddenThings.enable = true;
showTimeoutDuration = {
enable = true;
displayStyle = "tooltip";
};
silentTyping = {
enable = true;
enabledGlobally = true;
};
startupTimings.enable = true;
typingIndicator.enable = true;
unlockedAvatarZoom = {
enable = true;
zoomMultiplier = 4.0;
};
userMessagesPronouns.enable = true;
validUser.enable = true;
validReply.enable = true;
viewIcons = {
enable = true;
format = "webp";
imgSize = "4096";
};
voiceChatDoubleClick.enable = true;
voiceDownload.enable = true;
voiceMessages = {
enable = true;
noiseSuppression = false;
echoCancellation = true;
};
volumeBooster.enable = true;
webKeybinds.enable = true;
webScreenShareFixes.enable = true;
whoReacted.enable = true;
whosWatching.enable = true;
quickReply.enable = true;
questCompleter.enable = true;
shikiCodeblocks = {
enable = true;
useDevIcon = "COLOR";
theme = "https://raw.githubusercontent.com/shikijs/textmate-grammars-themes/2d87559c7601a928b9f7e0f0dda243d2fb6d4499/packages/tm-themes/themes/kanagawa-wave.json";
};
};
};
};
programs.nixcord.config.plugins.PinDMs = {
enable = true;
canCollapseDmSection = true;
# userBasedCategoryList = {
# "1202666382760607774" = [
# {
# id = "i9dflmraztc";
# name = "🏳️‍⚧️ girlfriends!!! :3 🏳️‍⚧️";
# color = 16359423;
# collapsed = false;
# channels = [
# "1436964273162289185"
# "1436988320474206311"
# "1449837047383855119"
# "1436965652861685891"
# "1436968495190642722"
# "1465424321919975454"
# "1468324280445046824"
# ];
# }
# {
# id = "p2v1f5y9zbd";
# name = "🦋 best frens <3 🦋";
# color = 10223511;
# collapsed = false;
# channels = [
# "1436985374286155799"
# "1436965657076826222"
# "1429921297160212681"
# "1394808379381387385"
# "1433593753183977545"
# "1438254055452446881"
# "1436966389549236376"
# "1202678007026819134"
# "1437151552224624660"
# "1441906462094921789"
# "1450340272079769712"
# "1458123717124165764"
# "1436975341129306155"
# "1461885176534794427"
# "1462155159470866443"
# "1468735915076878407"
# "1461929299727749145"
# "1470963392121536657"
# ];
# }
# {
# id = "c0mg5w635j8";
# name = "🏳️‍🌈 close frens x3 🏳️‍🌈";
# color = 10780927;
# collapsed = false;
# channels = [
# "1437077103873888290"
# "1436975346338762823"
# "1437123353101205590"
# "1441516692164575283"
# "1419557866502754334"
# "1436985041203892315"
# "1438071327515742229"
# ];
# }
# {
# id = "ghjrq5el3b";
# name = "frens :3";
# color = 7334399;
# collapsed = false;
# channels = [
# "1437007154132422701"
# "1437006448948416526"
# "1446781617422209068"
# "1444723474835837103"
# "1437098569483161721"
# "1437237573146771469"
# "1436973705421914123"
# "1437135359359320125"
# "1438010723837022343"
# "1440553969461104740"
# "1437097082887475201"
# "1447222320015085740"
# "1462624704027164824"
# "1449513783893692589"
# "1463737720961634461"
# "1463000874392748249"
# "1436984534712451105"
# "1436983282582683813"
# "1437283420312047659"
# "1437089201651847315"
# "1467307140443148288"
# ];
# }
# {
# id = "zbmj00xw7d8";
# name = "goop chats";
# color = 14876549;
# collapsed = false;
# channels = [
# "1437132769141719040"
# "1445549416516681902"
# "1458849972815663209"
# ];
# }
# ];
# };
};
}

32
homes/modules/apps/spicetify.nix Normal file
View file

@ -0,0 +1,32 @@
{
inputs,
upkgs,
system,
...
}: let
spicetifyPkgs = inputs.spicetify-nix.legacyPackages.${system};
in {
imports = [inputs.spicetify-nix.homeManagerModules.default];
programs.spicetify = {
enable = true;
enabledExtensions = with spicetifyPkgs.extensions; [
adblock
shuffle
keyboardShortcut
{
src =
(upkgs.fetchFromGitHub {
owner = "Spikerko";
repo = "spicy-lyrics";
rev = "568c83326aa6aba6ded28c95df6fcfb25cab3648";
hash = "sha256-lej93EDzGkmyrg5YMdPSqzrxlIfKsfaDBZosTvxoTNw=";
})
+ /builds;
name = "spicy-lyrics.mjs";
}
];
theme = spicetifyPkgs.themes.comfy;
colorScheme = "Sakura";
};
}

10
homes/modules/apps/thunderbird.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
programs.thunderbird = {
enable = true;
profiles = {
"me" = {
isDefault = true;
};
};
};
}

17
homes/modules/apps/zen-browser.nix Normal file
View file

@ -0,0 +1,17 @@
{
inputs,
system,
...
}: let
inherit (inputs) zen-browser;
in {
imports = [
zen-browser.homeModules.twilight
];
programs.zen-browser = {
enable = true;
package = zen-browser.packages.${system}.twilight;
# suppressXdgMigrationWarning = true;
};
}

4
homes/modules/btop.nix
View file

@ -16,9 +16,9 @@
# UI
background_update = true;
update_ms = 2000;
update_ms = 100;
rounded_corners = false;
graph_symbol = "block"; # braille/block/tty
graph_symbol = "braille"; # braille/block/tty
graph_symbol_cpu = "default";
graph_symbol_mem = "default";
graph_symbol_net = "default";

142
homes/modules/editor/helix.nix
View file

@ -1,5 +1,64 @@
{pkgs, ...}: {
# read https://docs.helix-editor.com/editor.html
{
pkgs,
# upkgs,
...
}: let
lsps = {
bash-language-server = {
pkg = pkgs.bash-language-server;
cmd = "bash-language-server";
};
clangd = {
pkg = pkgs.clang-tools;
cmd = "clangd";
};
glsl_analyzer = {
pkg = pkgs.glsl_analyzer;
cmd = "glsl_analyzer";
};
haskell-language-server = {
pkg = pkgs.haskell-language-server;
cmd = "haskell-language-server-wrapper";
};
# TODO: once upgraded past Nix-24.07 this line won't be necessary (I think)
# helix will support nixd by default
# SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix
nixd = {
pkg = pkgs.nixd;
cmd = "nixd";
};
OmniSharp = {
pkg = pkgs.omnisharp-roslyn;
cmd = "OmniSharp";
};
rust-analyzer = {
pkg = pkgs.rust-analyzer;
cmd = "rust-analyzer";
};
ty = {
pkg = pkgs.ty; # DEBUG: upkgs.ty;
cmd = "ty";
};
typescript-language-server = {
pkg = pkgs.typescript-language-server;
cmd = "typescript-language-server";
};
};
in {
home.packages =
lsps
|> builtins.attrValues
|> map (lsp: lsp.pkg);
# REF: https://docs.helix-editor.com/editor.html
programs.helix = {
enable = true;
settings = {
@ -73,7 +132,7 @@
hidden = true; # show hidden files
follow-symlinks = true;
deduplicate-links = true;
git-ignore = false; # dont read .gitignore files
git-ignore = true; # dont read .gitignore files
ignore = true; # use .ignore for helix instead of .gitignore
};
@ -128,28 +187,79 @@
};
auto-format = false; # my python is beautiful ^_^
rulers = [80];
language-servers = ["ty"];
}
{
name = "c";
file-types = ["c" "h"]; # use .hpp for C++
auto-format = false;
auto-format = true;
formatter.command = "${pkgs.clang-tools}/bin/clang-format";
language-servers = ["clangd"];
}
{
name = "haskell";
auto-format = true;
formatter.command = "${pkgs.ormolu}/bin/ormolu";
language-servers = ["haskell-language-server"];
}
{
name = "rust";
indent = {
tab-width = 2;
unit = " ";
};
auto-format = true;
formatter.command = "${pkgs.rustfmt}/bin/rustfmt";
language-servers = ["rust-analyzer"];
}
{
name = "c-sharp";
file-types = ["cs"];
indent = {
tab-width = 4;
unit = " ";
};
block-comment-tokens = {
start = "/*";
end = "*/";
};
# auto-format = true;
# formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp";
# language-servers = ["OmniSharp"];
}
{
name = "javascript";
file-types = ["js"];
indent = {
tab-width = 2;
unit = " ";
};
block-comment-tokens = {
start = "/*";
end = "*/";
};
auto-format = true;
language-servers = ["typescript-language-server"];
}
{
name = "glsl";
file-types = ["glsl"];
indent = {
tab-width = 2;
unit = " ";
};
block-comment-tokens = {
start = "/*";
end = "*/";
};
auto-format = false;
language-servers = ["glsl_analyzer"];
}
];
language-server = {
# use nixd as default nix lsp (I haven't tried nil yet)
# NOTE: nixd will be supported by default after nix 24.07
# SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix
nixd = {
command = "${pkgs.nixd}/bin/nixd";
};
# clangd for C
clangd = {
command = "${pkgs.clang-tools}/bin/clangd";
};
};
language-server =
lsps
|> builtins.mapAttrs (_: lsp: {command = "${lsp.pkg}/bin/${lsp.cmd}";});
};
};
}

247
homes/modules/editor/neovim/default.nix Normal file
View file

@ -0,0 +1,247 @@
# TODO: look into changing to this:
# https://github.com/BirdeeHub/nix-wrapper-modules
{
inputs,
pkgs,
mpkgs,
...
}: let
inherit
(inputs.nixcats)
utils
;
in {
imports = [
inputs.nixcats.homeModule
];
config = {
# this value, nixCats is the defaultPackageName you pass to mkNixosModules
# it will be the namespace for your options.
nixCats = {
enable = true;
nixpkgs_version = inputs.nixpkgs-unstable;
# this will add the overlays from ./overlays and also,
# add any plugins in inputs named "plugins-pluginName" to pkgs.neovimPlugins
# It will not apply to overall system, just nixCats.
addOverlays =
# (import ./overlays inputs) ++
[
(utils.standardPluginOverlay inputs)
];
# see the packageDefinitions below.
# This says which of those to install.
packageNames = ["cryvim"];
luaPath = "${./.}";
# the .replace vs .merge options are for modules based on existing configurations,
# they refer to how multiple categoryDefinitions get merged together by the module.
# for useage of this section, refer to :h nixCats.flake.outputs.categories
categoryDefinitions.replace = {
pkgs,
settings,
categories,
extra,
name,
mkNvimPlugin,
...
} @ packageDef: {
lspsAndRuntimeDeps = with pkgs; {
general = [
ripgrep
fd
];
treesitter = [
tree-sitter
];
lang = {
lua = [
lua-language-server
stylua
];
nix = [
nil
nix-doc # TODO: i forgot what this is for
nixfmt
];
rust = [
cargo
mpkgs.rust-analyzer
rustfmt
];
zig = [
pkgs.zls # FIX: using spkgs version as zls is broken rn ;-;
];
elixir = [
elixir-ls
];
gleam = [
gleam
];
haskell = [
haskell-language-server
ormolu
];
java = [
jdt-language-server
javaPackages.compiler.openjdk17
javaPackages.compiler.openjdk21
];
protobuf = [
protols
buf
];
};
};
startupPlugins = with pkgs.vimPlugins; {
general = [
lze
plenary-nvim
nvim-notify
nvim-web-devicons
base16-nvim
mini-nvim
];
treesitter = [
nvim-treesitter-textobjects
nvim-treesitter.withAllGrammars
];
};
optionalPlugins = with pkgs.vimPlugins; {
general = [
];
ui = [
dressing-nvim
];
qol = [
undotree
mini-hipatterns
];
telescope = [
telescope-nvim
telescope-fzf-native-nvim
telescope-ui-select-nvim
];
fyler = [
fyler-nvim
];
lsp = [
nvim-lspconfig
];
completion = [
blink-cmp
nvim-cmp
luasnip
friendly-snippets
cmp_luasnip
cmp-buffer
cmp-path
cmp-nvim-lua
cmp-nvim-lsp
cmp-cmdline
cmp-nvim-lsp-signature-help
cmp-cmdline-history
lspkind-nvim
];
format = [
conform-nvim
];
comment = [
comment-nvim
];
lang = {
java = [
nvim-jdtls
];
};
};
# shared libraries to be added to LD_LIBRARY_PATH
# variable available to nvim runtime
sharedLibraries = {
general = with pkgs; [
# libgit2
];
};
environmentVariables = {
lang = {
rust.lsp = {
# it literally won't see the rust-analyzer provided to it
# if you don't use an envrionment variable to tell it
RUST_ANALYZER_CMD = "${mpkgs.rust-analyzer}/bin/rust-analyzer";
};
elixir.lsp = {
ELIXIR_LS_CMD = "${pkgs.elixir-ls}/scripts/language_server.sh";
};
java.lsp = {
JAVA_HOME = "${pkgs.javaPackages.compiler.openjdk17}";
OPENJDK_17 = "${pkgs.javaPackages.compiler.openjdk17}";
OPENJDK_21 = "${pkgs.javaPackages.compiler.openjdk21}";
};
};
};
extraWrapperArgs = {};
# lists of the functions you would have passed to
# python.withPackages or lua.withPackages
# get the path to this python environment
# in your lua config via
# vim.g.python3_host_prog
# or run from nvim terminal via :!<packagename>-python3
extraPython3Packages = {};
# populates $LUA_PATH and $LUA_CPATH
extraLuaPackages = {};
};
# see :help nixCats.flake.outputs.packageDefinitions
packageDefinitions.replace = {
# these are the names of your packages
# you can include as many as you wish.
cryvim = {pkgs, ...}: {
# they contain a settings set defined above
# see :help nixCats.flake.outputs.settings
settings = {
wrapRc = true;
# IMPORTANT:
# your alias may not conflict with your other packages.
aliases = [
"cvim"
];
};
# and a set of categories that you want
# (and other information to pass to lua)
categories = {
general = true;
ui = true;
qol = true;
telescope = true;
fyler = true;
lsp = true;
completion = true;
treesitter = true;
format = true;
comment = true;
lang = {
lua = true;
nix = true;
rust = true;
zig = true;
elixir = true;
gleam = true;
haskell = true;
java = true;
protobuf = true;
};
};
};
};
};
};
}

9
homes/modules/editor/neovim/init.lua Normal file
View file

@ -0,0 +1,9 @@
vim.g.mapleader = " "
vim.opt.termguicolors = true -- use terminal colors
vim.opt.relativenumber = true
vim.opt.wrap = false
vim.opt.colorcolumn = "80"
require("plugins")
require("lsp")

66
homes/modules/editor/neovim/lua/lsp/capabilities.lua Normal file
View file

@ -0,0 +1,66 @@
local M = {}
function M.on_attach(_, bufnr)
-- we create a function that lets us more easily define mappings specific
-- for LSP related items. It sets the mode, buffer and description for us each time.
local nmap = function(keys, func, desc)
if desc then
desc = "LSP: " .. desc
end
vim.keymap.set("n", keys, func, { buffer = bufnr, desc = desc })
end
nmap("<leader>rn", vim.lsp.buf.rename, "[R]e[n]ame")
nmap("<leader>ca", vim.lsp.buf.code_action, "[C]ode [A]ction")
nmap("gd", vim.lsp.buf.definition, "[G]oto [D]efinition")
-- NOTE: why are these functions that call the telescope builtin?
-- because otherwise they would load telescope eagerly when this is defined.
-- due to us using the on_require handler to make sure it is available.
if nixCats("general.telescope") then
nmap("gr", function()
require("telescope.builtin").lsp_references()
end, "[G]oto [R]eferences")
nmap("gI", function()
require("telescope.builtin").lsp_implementations()
end, "[G]oto [I]mplementation")
nmap("<leader>ds", function()
require("telescope.builtin").lsp_document_symbols()
end, "[D]ocument [S]ymbols")
nmap("<leader>ws", function()
require("telescope.builtin").lsp_dynamic_workspace_symbols()
end, "[W]orkspace [S]ymbols")
nmap("<leader>dd", "<cmd>Telescope diagnostics bufnr=0<CR>", "[D]ocument [D]iagnostics")
nmap("<leader>wd", "<cmd>Telescope diagnostics<CR>", "[W]orkspace [D]iagnostics")
end -- TODO: someone who knows the builtin versions of these to do instead help me out please.
nmap("<leader>D", vim.lsp.buf.type_definition, "Type [D]efinition")
nmap("<leader>e", vim.diagnostic.open_float, "Show [E]rror")
-- See `:help K` for why this keymap
nmap("K", vim.lsp.buf.hover, "Hover Documentation")
nmap("<C-k>", vim.lsp.buf.signature_help, "Signature Documentation")
-- Lesser used LSP functionality
nmap("gD", vim.lsp.buf.declaration, "[G]oto [D]eclaration")
nmap("<leader>wa", vim.lsp.buf.add_workspace_folder, "[W]orkspace [A]dd Folder")
nmap("<leader>wr", vim.lsp.buf.remove_workspace_folder, "[W]orkspace [R]emove Folder")
nmap("<leader>wl", function()
print(vim.inspect(vim.lsp.buf.list_workspace_folders()))
end, "[W]orkspace [L]ist Folders")
-- Create a command `:Format` local to the LSP buffer
vim.api.nvim_buf_create_user_command(bufnr, "Format", function(_)
vim.lsp.buf.format()
end, { desc = "Format current buffer with LSP" })
end
function M.get(server_name)
local capabilities = require("blink.cmp").get_lsp_capabilities()
return capabilities
end
return M

103
homes/modules/editor/neovim/lua/lsp/completion.lua Normal file
View file

@ -0,0 +1,103 @@
return {
{
"friendly-snippets",
dep_of = { "blink.cmp" },
},
{
"blink.cmp",
event = { "InsertEnter", "CmdlineEnter" },
on_require = "blink",
load = function(name)
vim.cmd.packadd(name)
end,
after = function(plugin)
local blink = require("blink.cmp")
blink.setup({
keymap = {
["<C-space>"] = { "show", "show_documentation", "hide_documentation" },
["<C-e>"] = { "hide", "fallback" },
["<C-y>"] = { "select_and_accept", "fallback" },
["<C-k>"] = { "select_prev", "fallback_to_mappings" },
["<C-j>"] = { "select_next", "fallback_to_mappings" },
["<Up>"] = { "select_prev", "fallback" },
["<Down>"] = { "select_next", "fallback" },
["<C-b>"] = { "scroll_documentation_up", "fallback" },
["<C-f>"] = { "scroll_documentation_down", "fallback" },
["<Tab>"] = { "snippet_forward", "fallback" },
["<S-Tab>"] = { "snippet_backward", "fallback" },
["<C-S-k>"] = { "show_signature", "hide_signature", "fallback" },
},
appearance = {
nerd_font_variant = "mono",
},
sources = {
default = { "lsp", "path", "snippets", "buffer" },
providers = {
lsp = {
name = "LSP",
module = "blink.cmp.sources.lsp",
enabled = true,
},
path = {
name = "Path",
module = "blink.cmp.sources.path",
enabled = true,
},
snippets = {
name = "Snippets",
module = "blink.cmp.sources.snippets",
enabled = true,
},
buffer = {
name = "Buffer",
module = "blink.cmp.sources.buffer",
enabled = true,
},
},
},
completion = {
accept = {
auto_brackets = {
enabled = true,
},
},
menu = {
border = "rounded",
max_height = 12,
scrolloff = 2,
draw = {
columns = {
{ "kind_icon", gap = 1 },
{ "label", "label_description", gap = 1 },
},
},
},
documentation = {
auto_show = false,
window = {
border = "rounded",
},
},
},
signature = {
enabled = true,
window = {
border = "rounded",
},
},
})
end,
},
}

20
homes/modules/editor/neovim/lua/lsp/indentation.lua Normal file
View file

@ -0,0 +1,20 @@
vim.api.nvim_create_autocmd("FileType", {
pattern = { "lua", "nix", "gleam" },
callback = function()
vim.opt_local.shiftwidth = 2
vim.opt_local.tabstop = 2
vim.opt_local.expandtab = true
end,
})
vim.api.nvim_create_autocmd("User", {
pattern = "TelescopePreviewerLoaded",
callback = function(args)
local ft = args.data.filetype
if vim.tbl_contains({ "lua", "nix", "gleam", "rust" }, ft) then
vim.bo.shiftwidth = 2
vim.bo.tabstop = 2
vim.bo.expandtab = true
end
end,
})

6
homes/modules/editor/neovim/lua/lsp/init.lua Normal file
View file

@ -0,0 +1,6 @@
require("lze").load({
{ import = "lsp.completion" },
})
require("lsp.indentation")
require("lsp.lsp")

134
homes/modules/editor/neovim/lua/lsp/lsp.lua Normal file
View file

@ -0,0 +1,134 @@
local servers = {}
servers.lua_ls = {
settings = {
Lua = {
formatters = {
ignoreComments = false,
},
signatureHelp = { enable = true },
diagnostics = {
globals = { "nixCats", "vim" },
-- disable = { 'missing-fields' },
},
workspace = {
-- make the server aware of the neovim runtime files
library = vim.api.nvim_get_runtime_file("", true),
checkThirdParty = false,
},
},
telemetry = { enabled = false },
},
}
servers.nil_ls = {
settings = {},
}
local rust_analyzer_cmd = os.getenv("RUST_ANALYZER_CMD")
servers.rust_analyzer = {
cmd = { rust_analyzer_cmd },
settings = {
server = {
-- For debugging rust-analyzer, to see log location do :LspInfo in neovim
-- extraEnv = { {["RA_LOG"]="project_model=debug"} },
},
cargo = {
allFeatures = false,
allTargets = false,
buildScripts = { enable = true },
target = "x86_64-unknown-linux-gnu",
},
diagnostics = {
enable = true,
},
},
}
servers.zls = {
settings = {},
}
local elixir_ls_cmd = os.getenv("ELIXIR_LS_CMD")
servers.elixirls = {
cmd = { elixir_ls_cmd },
settings = {},
}
servers.gleam = {
settings = {},
}
servers.hls = {
settings = {},
}
local java_home = os.getenv("JAVA_HOME")
servers.jdtls = {
settings = {
java = {
contentProvider = { preferred = "fernflower" },
configuration = {
runtimes = {
{
name = "OpenJDK 17",
path = os.getenv("OPENJDK_17"),
},
{
name = "OpenJDK 21",
path = os.getenv("OPENJDK_21"),
},
},
},
},
},
}
servers.protols = {
settings = {},
}
-- Taken from nixCats example:
-- If you were to comment out this autocommand
-- and instead pass the on attach function directly to
-- nvim-lspconfig, it would do the same thing.
-- come to think of it, it might be better because then lspconfig doesnt have to be called before lsp attach?
-- but you would still end up triggering on a FileType event anyway, so, it makes little difference.
vim.api.nvim_create_autocmd("LspAttach", {
group = vim.api.nvim_create_augroup("nixCats-lsp-attach", { clear = true }),
callback = function(event)
require("lsp.capabilities").on_attach(vim.lsp.get_client_by_id(event.data.client_id), event.buf)
end,
})
require("lze").load({
{
"nvim-lspconfig",
event = "FileType",
after = function(plugin)
-- Just register configs, don't enable yet
for server_name, cfg in pairs(servers) do
vim.lsp.config(server_name, {
capabilities = require("lsp.capabilities").get(server_name),
settings = (cfg or {}).settings,
filetypes = (cfg or {}).filetypes,
cmd = (cfg or {}).cmd,
root_pattern = (cfg or {}).root_pattern,
})
end
-- Enable on-demand per filetype
for server_name, cfg in pairs(servers) do
local filetypes = cfg.filetypes or vim.lsp.config[server_name].filetypes
if filetypes then
vim.api.nvim_create_autocmd("FileType", {
pattern = filetypes,
callback = function()
vim.lsp.enable(server_name)
end,
})
end
end
end,
},
})

23
homes/modules/editor/neovim/lua/plugins/comment.lua Normal file
View file

@ -0,0 +1,23 @@
return {
{
"comment.nvim",
event = { "BufReadPost", "BufNewFile" },
after = function(plugin)
require("Comment").setup({
toggler = {
line = "<leader>cc",
block = "<leader>bc",
},
opleader = {
line = "<leader>c",
block = "<leader>b",
},
extra = {
above = "<leader>c<S-o>",
below = "<leader>co",
eol = "<leader>cA",
},
})
end,
},
}

5
homes/modules/editor/neovim/lua/plugins/dressing.lua Normal file
View file

@ -0,0 +1,5 @@
return {
{
"dressing.nvim",
},
}

34
homes/modules/editor/neovim/lua/plugins/format.lua Normal file
View file

@ -0,0 +1,34 @@
-- docs -> https://github.com/stevearc/conform.nvim
return {
{
"conform.nvim",
enabled = nixCats("format") or false,
keys = {
{ "<leader>p", desc = "Format File (pretty :3)" },
},
after = function(plugin)
local conform = require("conform")
conform.setup({
formatters_by_ft = {
lua = nixCats("lang.lua") and { "stylua" } or nil,
nix = nixCats("lang.nix") and { "nixfmt" } or nil,
rust = nixCats("lang.rust") and { "rustfmt", lsp_format = "fallback" } or nil,
haskell = nixCats("lang.haskell") and { "ormolu" } or nil,
proto = nixCats("lang.protobuf") and { "buf" } or nil,
},
format_on_save = {
timeout_ms = 500,
},
})
vim.keymap.set({ "n", "v" }, "<leader>p", function()
conform.format({
lsp_fallback = false,
async = false,
timeout_ms = 1000,
})
end, { desc = "Format File (pretty :3)" })
end,
},
}

22
homes/modules/editor/neovim/lua/plugins/fyler.lua Normal file
View file

@ -0,0 +1,22 @@
return {
{
"fyler.nvim",
cmd = { "Fyler" },
keys = {
{
"<leader>tf",
function()
return require("fyler").toggle({ kind = "split_right" })
end,
mode = { "n" },
desc = "Open [F]yler",
},
},
load = function(name)
vim.cmd.packadd(name)
end,
after = function(plugin)
local fyler = require("fyler").setup()
end,
},
}

9
homes/modules/editor/neovim/lua/plugins/init.lua Normal file
View file

@ -0,0 +1,9 @@
require("lze").load({
{ import = "plugins.dressing" },
{ import = "plugins.telescope" },
{ import = "plugins.treesitter" },
{ import = "plugins.fyler" },
{ import = "plugins.mini-hipatterns" },
{ import = "plugins.format" },
{ import = "plugins.comment" },
})

76
homes/modules/editor/neovim/lua/plugins/mini-hipatterns.lua Normal file
View file

@ -0,0 +1,76 @@
return {
{
"mini.hipatterns",
after = function(plugin)
local hipatterns = require("mini.hipatterns")
-- Returns hex color group for matching short hex color.
--
---@param match string
---@return string
local hex_color_short = function(_, match)
local style = "fg" -- 'fg' or 'bg', for extmark_opts_inline use 'fg'
local r, g, b = match:sub(2, 2), match:sub(3, 3), match:sub(4, 4)
local hex = string.format("#%s%s%s%s%s%s", r, r, g, g, b, b)
return hipatterns.compute_hex_color_group(hex, style)
end
-- Returns hex color group for matching alpha hex color.
--
---@param match string
---@return string
local hex_color_alpha = function(_, match)
local style = "fg" -- 'fg' or 'bg', for extmark_opts_inline use 'fg'
local r, g, b = match:sub(2, 3), match:sub(4, 5), match:sub(6, 7)
local hex = string.format("#%s%s%s", r, g, b)
return hipatterns.compute_hex_color_group(hex, style)
end
-- Returns extmark opts for highlights with virtual inline text.
--
---@param data table Includes `hl_group`, `full_match` and more.
---@return table
local extmark_opts_inline = function(_, _, data)
return {
virt_text = { { "󰧞", data.hl_group } },
virt_text_pos = "inline",
right_gravity = false,
}
end
-- Returns extmark opts for highlights with virtual inline text.
--
---@param data table Includes `hl_group`, `full_match` and more.
---@return table
local extmark_opts_inline_alpha = function(_, _, data)
return {
virt_text = { { "󱡓", data.hl_group } },
virt_text_pos = "inline",
right_gravity = false,
}
end
hipatterns.setup({
highlighters = {
-- #rrggbb
hex_color = hipatterns.gen_highlighter.hex_color({
style = "inline",
inline_text = "󰧞",
}),
-- #rgb
hex_color_short = {
pattern = "#%x%x%x%f[%X]",
group = hex_color_short,
extmark_opts = extmark_opts_inline,
},
-- #rrggbbaa
hex_color_alpha = {
pattern = "#%x%x%x%x%x%x%x%x%f[%X]",
group = hex_color_alpha,
extmark_opts = extmark_opts_inline_alpha,
},
},
})
end,
},
}

78
homes/modules/editor/neovim/lua/plugins/telescope.lua Normal file
View file

@ -0,0 +1,78 @@
return {
{
"telescope.nvim",
cmd = { "Telescope" },
keys = {
{
"<leader>f",
function()
return require("telescope.builtin").find_files()
end,
mode = { "n" },
desc = "Telescope search [F]iles",
},
{
"<leader>tr",
function()
return require("telescope.builtin").oldfiles()
end,
mode = { "n" },
desc = "[T]elescope search [R]ecent files",
},
{
"<leader>ts",
function()
return require("telescope.builtin").live_grep()
end,
mode = { "n" },
desc = "[T]elescope [S]earch cwd with grep",
},
{
"<leader>tw",
function()
return require("telescope.builtin").grep_string()
end,
mode = { "n" },
desc = "[T]elescope search current [W]ord",
},
{
"<leader>tk",
function()
return require("telescope.builtin").keymaps()
end,
mode = { "n" },
desc = "[T]elescope search [K]eymaps",
},
{
"<leader>tb",
function()
return require("telescope.builtin").buffers()
end,
mode = { "n" },
desc = "[T]elescope search [B]uffers",
},
},
load = function(name)
vim.cmd.packadd(name)
vim.cmd.packadd("telescope-fzf-native.nvim")
end,
after = function(plugin)
local telescope = require("telescope")
local actions = require("telescope.actions")
telescope.setup({
defaults = {
mappings = {
i = {
["<C-k>"] = actions.move_selection_previous, -- move to prev result
["<C-j>"] = actions.move_selection_next, -- move to next result
["<C-q>"] = actions.send_selected_to_qflist + actions.open_qflist,
},
},
},
})
pcall(telescope.load_extension, "fzf")
end,
},
}

95
homes/modules/editor/neovim/lua/plugins/treesitter.lua Normal file
View file

@ -0,0 +1,95 @@
-- to help me write this after nvim-treesitter updated, i used:
-- https://github.com/BirdeeHub/nixCats-nvim/blob/3c9bc4d7123e1b48d92f25ba505b889af541e897/templates/example/lua/myLuaConf/plugins/treesitter.lua
return {
{
"nvim-treesitter",
lazy = false,
after = function(plugin)
--@param buf integer
--@param language string
local function treesitter_try_attach(buf, language)
--check if parser exists and load it
if not vim.treesitter.language.add(language) then
return
end
-- enables syntax highlight and other treesitter features
vim.treesitter.start(buf, language)
-- enables treesitter based folds
vim.wo.foldexpr = "v:lua.vim.treesitter.foldexpr()"
-- enables treesiter based indentation
vim.bo.indentexpr = "v:lua.require'nvim-treesitter'.indentexpr()"
end
local available_parsers = require("nvim-treesitter").get_available()
vim.api.nvim_create_autocmd("FileType", {
callback = function(args)
local buf, filetype = args.buf, args.match
local language = vim.treesitter.language.get_lang(filetype)
if not language then
return
end
local installed_parsers = require("nvim-treesitter").get_installed("parsers")
if vim.tbl_contains(installed_parsers, language) then
-- enable the parser if it is installed
treesitter_try_attach(buf, language)
elseif vim.tbl_contains(available_parsers, language) then
-- if a parser is available in `nvim-treesitter` enable it after ensuring it is installed
require("nvim-treesitter").install(language):await(function()
treesitter_try_attach(buf, language)
end)
else
-- try to enable treesitter features in case the parser exists but is not available from `nvim-treesitter`
treesitter_try_attach(buf, language)
end
end,
})
end,
},
{
"nvim-treesitter-textobjects",
lazy = false,
before = function(plugin)
vim.g.no_plugin_maps = true
end,
after = function(plugin)
require("nvim-treesitter-textobjects").setup({
select = {
lookahead = true,
selection_modes = {
["@parameter.outer"] = "v", -- charwise
["@function.outer"] = "V", -- linewise
},
include_surrounding_whitespace = false,
},
})
-- keymaps
vim.keymap.set({ "x", "o" }, "am", function()
require("nvim-treesitter-textobjects.select").select_textobject("@function.outer", "textobjects")
end)
vim.keymap.set({ "x", "o" }, "im", function()
require("nvim-treesitter-textobjects.select").select_textobject("@function.inner", "textobjects")
end)
vim.keymap.set({ "x", "o" }, "ac", function()
require("nvim-treesitter-textobjects.select").select_textobject("@class.outer", "textobjects")
end)
vim.keymap.set({ "x", "o" }, "ic", function()
require("nvim-treesitter-textobjects.select").select_textobject("@class.inner", "textobjects")
end)
-- You can also use captures from other query groups like `locals.scm`
vim.keymap.set({ "x", "o" }, "as", function()
require("nvim-treesitter-textobjects.select").select_textobject("@local.scope", "locals")
end)
-- NOTE: for more textobjects options, see the following link.
-- This template is using the new `main` branch of the repo.
-- https://github.com/nvim-treesitter/nvim-treesitter-textobjects/tree/main
end,
},
}

24
homes/modules/editor/nixvim.nix
View file

@ -1,24 +0,0 @@
{
config,
pkgs,
...
}: {
programs.nixvim = {
enable = true;
# TODO: allow clipboard to be configurable based on system clipboard
colorschemes.dracula.enable = true;
plugins = {
lualine.enable = true;
treesitter.enable = true;
};
opts = {
number = true;
tabstop = 4;
softtabstop = 4;
shiftwidth = 4;
};
clipboard.providers.wl-copy.enable = true;
};
}

134
homes/modules/editor/vscode.nix Normal file
View file

@ -0,0 +1,134 @@
{
config,
lib,
pkgs,
vscodium ? false,
secret-service ? "gnome-libsecret",
vscode-argv ? ".vscode/argv.json",
...
}: {
nixpkgs.overlays = [
(
self: super: {
vscode-extensions = super.vscode-extensions.overrideAttrs (prev: let
mkVscMarketplaceExtension = {
publisher,
name,
version,
hash,
description ? "",
homepage ? null,
changelog ? null,
license ? null,
maintainers ? [lib.maintainers.emileclarkb],
}:
with pkgs.vscode-utils.buildVscodeMarketplaceExtension; {
${publisher}.${name} = buildVscodeMarketplaceExtension {
mktplcRef = {
inherit
publisher
name
version
hash
;
};
meta = {
inherit
(
if license != null
then {license = license;}
else {}
)
description
homepage
maintainers
;
downloadPage = "https://marketplace.visualstudio.com/items?itemName=${publisher}.${name}";
changelog =
if changelog != null
then changelog
else "https://marketplace.visualstudio.com/items/${publisher}.${name}/changelog";
};
};
};
in
lib.mergeAttrsList [
(mkVscMarketplaceExtension {
publisher = "ms-dotnettools";
name = "dotnet-maui";
version = "1.11.14";
hash = lib.fakeHash;
description = "Extend C# Dev Kit with tools for building .NET Multi-platform App UI (MAUI) apps";
homepage = "https://github.com/microsoft/vscode-dotnettools";
license = lib.licenses.unfree;
})
]);
}
)
];
# REF: https://home-manager-options.extranix.com/?query=vscode&release=release-25.05
programs.vscode = {
enable = true;
# TODO: clean up
package =
(
if vscodium
then pkgs.vscodium
else pkgs.vscode
).overrideAttrs (oldAttrs: {
# runtimeDependencies = oldAttrs.runtimeDependencies ++ []
});
mutableExtensionsDir = true;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
# extension format: USER.PACKAGENAME
extensions = with pkgs.vscode-extensions; [
# .NET
ms-dotnettools.csharp
ms-dotnettools.csdevkit
ms-dotnettools.vscode-dotnet-runtime
# TODO: these extensions aren't packaged :(
# deitry.solution-syntax
# ms-dotnettools.vscode-dotnet-pack
# ms-dotnettools.dotnet-maui
# Python
ms-python.python
# GitLens by GitKraken
eamodio.gitlens
ms-azuretools.vscode-docker
github.copilot
github.copilot-chat
# Colors & Themes
dracula-theme.theme-dracula
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
mvllow.rose-pine
];
userSettings = {
"workbench.colorTheme" = "Dracula Theme";
"github.copilot.nextEditSuggestions.enabled" = true;
};
};
};
# TODO: this is super ugly, make sure the JSON is formatted!!
home.file.${vscode-argv}.text = builtins.toJSON {
password-store = secret-service;
disable-hardware-acceleration = false;
disable-color-correct-rendering = false;
enable-crash-reporter = false;
# crash-report-id = ...;
};
}

30
homes/modules/editor/vscodium.nix
View file

@ -1,9 +1,37 @@
{pkgs, ...}: {
{
lib,
pkgs,
...
}: {
# REF: https://home-manager-options.extranix.com/?query=vscode&release=release-25.05
programs.vscode = {
enable = true;
package = pkgs.vscodium;
mutableExtensionsDir = true;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
# extension format: USER.PACKAGENAME
extensions = with pkgs.vscode-extensions; [
# .NET
ms-dotnettools.csharp
ms-dotnettools.csdevkit
ms-dotnettools.vscode-dotnet-runtime
# ms-dotnettools.vscode-dotnet-pack
# ms-dotnettools.dotnet-maui
# Colors & Themes
dracula-theme.theme-dracula
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
mvllow.rose-pine
];
userSettings = {
"workbench.colorTheme" = "Dracula Theme";
};
};
};
}

50
homes/modules/fish.nix
View file

@ -12,21 +12,59 @@
config = {
programs.fish = {
enable = true;
interactiveShellInit = ''
generateCompletions = true;
# vendor = {
# config.enable = true;
# functions.enable = true;
# completions.enable = true;
# };
interactiveShellInit = let
greetings =
[
"Welcome weary traveller to my shop"
"It's dangerous to go alone! Take this."
"Do butterflies cry when they're sad?"
"I hope they do"
"I think Alice is lost..."
"I once again retreat to the sanctuary of my virtual realm"
"Something wicked this way comes"
"May your L's be many... and your bitches few"
"What a horrible night to have a curse."
"The ancient spirits of light and dark have been released."
"The god of the stars rejects your offering. The ritual can only be performed at night."
"You should have just died..."
"Supreme Witch, Calamitas has killed every player!"
"A broken heart beats in fractals" # Key Fairy
"Remember our promise" # Signalis
]
|> map (x: "\"${x}\"")
|> builtins.concatStringsSep " ";
in ''
# add dotnet completions if it exists (ie we're in a virtual environment)
if type -q dotnet
complete -f -c dotnet -a "(dotnet complete (commandline -cp))"
end
function rand_greet
set weary "Welcome weary traveller to my shop"
set alone "It's dangerous to go alone! Take this."
set sad "Do butterflies cry when they're sad?"
set alice "I think Alice is lost..."
set greetings "$weary" "$alone" "$sad" "$alice"
set greetings ${greetings}
echo -n $greetings[(random 1 (count $greetings))]
end
function gitignore -a type
curl -sL "https://www.gitignore.io/api/$type"
end
# ripgrep on files
function rgf
rg --files | rg $args
end
set -g fish_greeting (rand_greet)

105
homes/modules/git.nix
View file

@ -3,27 +3,120 @@
pkgs,
...
}: {
programs.git = {
home.packages = with pkgs; [
delta # git diff viewer
];
programs = {
git = {
enable = true;
extraConfig = {
lfs.enable = true;
signing = {
key = "F68745A836CA0412";
format = "openpgp";
signByDefault = true;
};
settings = {
user.name = "_cry64";
user.email = "them@dobutterfliescry.net";
alias = {
s = "status";
d = "diff";
l = "log";
c = "commit";
p = "push";
};
color.ui = true;
core.editor = "hx";
github.user = "emileclarkb";
github.user = "cry128";
# delta diff viewer
core.pager = "delta";
interactive.diffFilter = "delta --color-only";
delta = {
navigate = true;
line-numbers = true;
side-by-side = true;
};
merge.conflictStyle = "zdiff3";
init = {
defaultBranch = "main";
};
url = {
"https://github.com/" = {
"git@github.com:" = {
insteadOf = [
"gh:"
"github:"
];
};
"https://gitlab.com/" = {
insteadOf = [
"gl:"
"gitlab:"
];
};
"git@codeberg.org:" = {
insteadOf = [
"cb:"
"codeberg:"
];
};
"git@tearforge.net/" = {
insteadOf = [
"cry:"
"forge:"
];
};
};
};
userName = "Emile Clark-Boman";
userEmail = "eclarkboman@gmail.com";
includes = [
{
path = "/home/me/agribit/.gitconfig";
condition = "gitdir:/home/me/agribit/**";
}
# {
# path = "/home/me/luminary/.gitconfig";
# condition = "gitdir:/home/me/luminary/**";
# }
];
};
lazygit = {
enable = true;
enableFishIntegration = true;
enableZshIntegration = true;
shellWrapperName = "lg";
settings = {
gui = {
useHunkModeInStagingView = false;
skipDiscardChangeWarning = false;
skipStashWarning = true;
animateExplosion = true; # FUCK YEAHHHHHHHHHHHHHHHHHHHHHHHHH
theme = {
lightTheme = false;
activeBorderColor = ["green" "bold"];
inactiveBorderColor = ["white"];
selectedLineBgColor = ["default"];
};
};
git.pagers = [
{
pager = "delta --dark --pager=never";
}
];
};
};
};
}

54
homes/modules/mako.nix Normal file
View file

@ -0,0 +1,54 @@
{...}: let
dracula = rec {
background = "#282A36";
border = cyan;
cyan = "#8BE9FD";
yellow = "#F1FA8C";
red = "#FF5555";
};
theme = dracula;
in {
# notification daemon for Wayland
services.mako = {
enable = true;
settings = {
actions = true;
anchor = "top-right";
layer = "overlay";
sort = "-time";
height = 100;
width = 300;
margin = 50;
background-color = theme.background;
border-color = theme.border;
border-radius = 20;
border-size = 4;
font = "monospace 10";
markup = true;
icons = true;
max-icon-size = 64;
default-timeout = 5000;
ignore-timeout = false;
"actionable=true" = {
anchor = "top-left";
};
"urgency=low" = {
border-color = theme.border;
};
"urgency=normal" = {
border-color = theme.yellow;
};
"urgency=high" = {
default-timeout = 0;
border-color = theme.red;
};
};
};
}

16
homes/modules/nixcord.nix
View file

@ -1,16 +0,0 @@
{
config,
pkgs,
...
}: {
programs.nixcord = {
enable = true;
config = {
frameless = true;
plugins = {
# TODO: remove this plugin
hideAttachments.enable = true;
};
};
};
}

17
homes/modules/server/fail2ban.nix
View file

@ -1,17 +0,0 @@
{...}: {
# simple fail2ban config (not production ready or anything though)
# refer to: https://nixos.wiki/wiki/Fail2Ban
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "10m"; # 10 minute ban
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # dont ban for more than 1 week
overalljails = true;
};
};
}

35
homes/modules/server/nginx.nix
View file

@ -1,35 +0,0 @@
{...}: {
services = {
# use nginx as the reverse proxy
# (also will use certbot and Let's Encrypt)
# refer to: https://nixos.wiki/wiki/Nginx
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
# https://imbored.dev
virtualHosts = {
"imbored.dev" = {
forceSSL = true;
enableACME = true;
# config reverse proxy paths
locations = {
"/" = {
# TODO
proxyPass = "http://127.0.0.1:12345";
};
};
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "eclarkboman@gmail.com";
};
}

13
homes/modules/server/ssh.nix
View file

@ -1,13 +0,0 @@
{...}: {
services.openssh = {
enable = true;
ports = [22];
settings = {
PasswordAuthentication = true;
PermitRootLogin = "no";
AllowUsers = null; # allow all users by default
UseDns = true;
X11Forwarding = false;
};
};
}

5
homes/modules/term/foot.nix
View file

@ -1,7 +1,8 @@
{pkgs-unstable, ...}: {
# DEBUG: {upkgs, ...}: {
{pkgs, ...}: {
programs.foot = {
enable = true;
package = pkgs-unstable.foot;
package = pkgs.foot; # DEBUG: upkgs.foot;
server.enable = true;

5
homes/modules/tmux.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
programs.tmux = {
enable = true;
};
}

39
homes/modules/wm/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
pkgs,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkOption
types
;
in {
imports = [
./hypr/hyprland.nix
./mangowc.nix
];
options.cryos = {
wm = {
default = mkOption {
type = types.enum ["mangowc" "hyprland"];
default = "mangowc";
example = "hyprland";
description = "Window manager to boot by default.";
};
hyprland.enabled = mkEnableOption "hyprland";
mangowc.enabled = mkEnableOption "mangowc";
};
};
config = {
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
# xdg-desktop-portal-gtk
];
};
};
}

29
homes/modules/wm/hypr/hyprland.nix
View file

@ -1,2 +1,29 @@
# NOTE: hyprland must be enabled in BOTH your host config (for running hyprland)
# and your home-manager config (for managing hyprland's config files)
# NOTE: and your home-manager config (for managing hyprland's config files)
{
pkgs,
inputs,
...
}: {
config = {
wayland.windowManager.hyprland = {
enable = true;
# package = pkgs.hyprland;
package = null;
portalPackage = null;
xwayland.enable = true;
# systemd = {
# enable = true;
# # enable autostart of applications
# # REF: `man 8 systemd-xdg-autostart-generator`
# enableXdgAutostart = true;
# };
# plugins = with inputs; [
# split-monitor-workspaces.packages.${pkgs.system}.split
# ];
};
};
}

107
homes/modules/wm/mangowc.nix Normal file
View file

@ -0,0 +1,107 @@
{...}: {
home.shellAliases = {
logoff = "mmsg -q";
};
wayland.windowManager.mango = {
enable = true;
systemd = {
enable = true;
# enable autostart of applications
# REF: `man 8 systemd-xdg-autostart-generator`
xdgAutostart = true;
};
settings = ''
# REF: config.conf
exec-once = awww-daemon
exec-once = mako
bind=SUPER,Return,spawn,foot
bind=SUPER,R,spawn,fuzzel
bind=SUPER+SHIFT,R,reload_config
bind=SUPER,Q,killclient
# Brightness
bind=NONE,XF86MonBrightnessUp,spawn,brightnessctl -e4 -n2 set 5%+
bind=NONE,XF86MonBrightnessDown,spawn,brightnessctl -e4 -n2 set 5%-
bind=SUPER+SHIFT,-,spawn brightnessctl -e4 -n2 set 5%+
bind=SUPER+SHIFT,+,spawn brightnessctl -e4 -n2 set 5%-
# Window Options
bind=SUPER,F,togglefullscreen
bind=SUPER+SHIFT,F,togglefakefullscreen
# Window Movement
bind=SUPER,Tab,focusstack,next
bind=SUPER,h,focusdir,left
bind=SUPER,l,focusdir,right
bind=SUPER,k,focusdir,up
bind=SUPER,j,focusdir,down
bind=SUPER,Left,focusdir,left
bind=SUPER,Right,focusdir,right
bind=SUPER,Up,focusdir,up
bind=SUPER,Down,focusdir,down
keymode=resize
bind=NONE,Left,resizewin,-10.0
bind=NONE,Right,resizewin,+10.0
bind=NONE,Escape,setkeymode,default
# Keyboard
repeat_rate=25
repeat_delay=300
numlockon=0
xkb_rules_layout=us
# Laptop Specific Things
# disable_trackpad=0
# mouse_natural_scrolling=1
bind=SUPER,1,view,1,0
bind=SUPER,2,view,2,0
bind=SUPER,3,view,3,0
bind=SUPER,4,view,4,0
bind=SUPER,5,view,5,0
bind=SUPER,6,view,6,0
bind=SUPER,7,view,7,0
bind=SUPER,8,view,8,0
bind=SUPER,9,view,9,0
bind=SUPER+SHIFT,1,tag,1,0
bind=SUPER+SHIFT,2,tag,2,0
bind=SUPER+SHIFT,3,tag,3,0
bind=SUPER+SHIFT,4,tag,4,0
bind=SUPER+SHIFT,5,tag,5,0
bind=SUPER+SHIFT,6,tag,6,0
bind=SUPER+SHIFT,7,tag,7,0
bind=SUPER+SHIFT,8,tag,8,0
bind=SUPER+SHIFT,9,tag,9,0
bind=SUPER+SHIFT,h,focusmon,left
bind=SUPER+SHIFT,l,focusmon,right
bind=SUPER+SHIFT,k,focusmon,up
bind=SUPER+SHIFT,j,focusmon,down
# bind=SUPER,Left,tagmon,left
# bind=SUPER,Right,tagmon,right
# bind=SUPER,Up,tagmon,up
# bind=SUPER,Down,tagmon,down
bind=SUPER,g,toggleglobal
bind=SUPER,o,toggleoverlay
bind=SUPER,a,togglefloating
bind=SUPER,z,toggle_scratchpad
'';
autostart_sh = ''
# REF: autostart.sh
# XDG_CURRENT_DESKTOP=mango
# dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
'';
};
}

87
homes/subspace/default.nix
View file

@ -1,87 +0,0 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
nixpkgs = {
config.allowUnfree = false;
};
imports = [
];
home = {
username = "subspace";
homeDirectory = "/home/subspace";
};
programs = {
fish = {
enable = true;
# Extra commands to run when entering a interactive shell
# (for the subspace user this will be exiting fish to
# run wishlist instead, a shell should not pop up!)
loginShellInit = ''
clear
exec wishlist
'';
};
ssh = {
enable = true;
forwardAgent = true;
addKeysToAgent = "yes";
matchBlocks = {
hyrule = {
hostname = "imbored.dev";
user = "ae";
port = 22;
identityFile = "~/.ssh/id_hyrule";
setEnv = {
TERM = "linux";
};
};
dead = {
hostname = "deadlyserver.com";
user = "emile";
port = 29843;
identityFile = "~/.ssh/id_deadlyserver";
setEnv = {
TERM = "xterm-256color";
};
};
youcue = {
hostname = "moss.labs.eait.uq.edu.au";
user = "s4740056";
port = 22;
identityFile = "~/.ssh/id_youcue";
setEnv = {
TERM = "xterm-256color";
};
};
};
};
};
# Nicely reload system units when changing configs
systemd.user.startServices = "sd-switch";
# SERVICE: webfishing (example for wishlist)
#systemd.user.services.webfishing = {
# Unit.Description = "I be out here webfishing frfr";
# Install.WantedBy = ["default.target"];
# Service = {
# Type = "exec";
# ExecStart = "echo $HOME; cat $HOME/.ssh/config";
# Restart = "always";
# };
#};
home.stateVersion = "24.11"; # DO NOT MODIFY
}

91
hosts/butterfly/default.nix Executable file
View file

@ -0,0 +1,91 @@
{...}: {
imports = [
./hardware.nix
./services
];
# super duper minimum grub2 config
boot.loader.grub = {
enable = true;
device = "/dev/vda";
};
networking = {
hostName = "butterfly";
firewall = {
allowedTCPPorts = [
22 # forgejo ssh
80 # nginx
# 143 # IMAP4
443 # nginx
# 587 # SMTPS
2222 # TEMP: forgejo ssh
# 3000 (INTERNAL) forgejo
# 3306 (INTERNAL) forgejo sqlite3 database
# 8222 (INTERNAL) vaultwarden
42069 # ssh
45000 # minecaft server
];
allowedUDPPorts = [
54231 # Wireguard
];
};
# wg-quick.interfaces = {
# wg0 = {
# address = [
# "10.10.10.4/24"
# ];
# dns = ["10.10.10.1"];
# privateKeyFile = "/root/wg_agrivpn_hyrule";
# peers = [
# {
# # peer's public key
# publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY=";
# # choose which traffic to forward
# allowedIPs = [
# "10.0.51.0/24"
# "10.10.10.0/24"
# ];
# endpoint = "150.242.34.33:54231";
# }
# ];
# };
# };
};
services.pixiecore = {
enable = false;
port = 1234;
statusPort = 1234;
openFirewall = true;
listen = "0.0.0.0";
quick = "xyz";
mode = "boot";
};
users.users = {
cry = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"
];
};
foxora = {
isNormalUser = true;
createHome = true;
home = "/home/foxora";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSBRYKap1p5lPocRTkguhJN72D2R2CImt5cFYx3Qa7h aurora@nixarawrui"
];
};
};
virtualisation.docker.enable = true;
system.stateVersion = "24.11"; # DO NOT MODIFY
}

0
hosts/hyrule/hardware-configuration.nix → hosts/butterfly/hardware.nix
View file

7
hosts/butterfly/services/default.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
imports = [
./nginx.nix
./forgejo.nix
./vaultwarden.nix
];
}

181
hosts/butterfly/services/forgejo.nix Normal file
View file

@ -0,0 +1,181 @@
{
config,
lib,
...
}: let
cfg = config.services.forgejo;
in {
# REF: https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/services/misc/forgejo.nix
# REF: forgejo doesn't create the user/group by default if its name isn't "forgejo"
users.users = lib.mkIf (cfg.user != "forgejo") {
${cfg.user} = {
home = cfg.stateDir;
useDefaultShell = true;
group = cfg.group;
isSystemUser = true;
};
};
users.groups = lib.mkIf (cfg.group != "forgejo") {
${cfg.group} = {};
};
# more options here: https://mynixos.com/nixpkgs/options/services.forgejo
# TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo
# (might need me to override settings in the nixpkg)
# TODO: create a custom theme for forgejo (modify the source files most likely)
services.forgejo = {
enable = true;
# XXX: WARNING: XXX: WARNING: XXX: TODO: set user="git" and settings.server.SSH_PORT=22
# XXX: WARNING: XXX: WARNING: XXX: TODO: (currently both cause errors)
# XXX: WARNING: XXX: WARNING: XXX: TODO: THE USER FAILS I THINK CAUSE THE DIRECTORY DOESNT CHANGE THE USER PERMISSIONS
user = "git"; # user forgejo runs as
# group = "forgejo"; # group forgejo runs as
# stateDir = "/var/lib/forgejo";
# enable support for Git Large File Storage
lfs.enable = true;
database = {
type = "sqlite3"; # postgres
host = "127.0.0.1";
port = "3306"; # 5432 if postgres
};
# settings are written directly to the `app.ini` config file
# refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/
settings = {
server = {
# ENABLE_ACME = true;
# ACME_EMAIL = "them@dobutterfliescry.net";
DOMAIN = "tearforge.net";
ROOT_URL = "https://tearforge.net";
# address and port to listen on
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3000;
PROTOCOL = "http"; # http internally, reverse proxy uses https externally
START_SSH_SERVER = true;
DISABLE_SSH = false;
SSH_PORT = 2222;
SSH_SERVER_CIPHERS = "chacha20-poly1305@openssh.com,";
SSH_SERVER_KEY_EXCHANGES = "sntrup761x25519-sha512,mlkem768x25519-sha256";
};
DEFAULT = {
APP_NAME = "tearforge";
APP_SLOGIN = "but cozy";
APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::";
};
repository = {
DEFAULT_PRIVATE = "private"; # last, private, public
# repo/org created on push to non-existent
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_PUSH_CREATE_PRIVATE = true;
MAX_CREATION_LIMIT = -1;
};
"repository.upload" = {
# max per-file size in MB
FILE_MAX_SIZE = 50;
# max number of files per upload
MAX_FILES = 5;
};
badges = let
# flat, flat-square, plastic, for-the-badge, social
style = "for-the-badge";
in {
ENABLED = true;
GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}";
};
ui = {
DEFAULT_THEME = "forgejo-dark";
THEMES = "forgejo-auto,forgejo-light,forgejo-dark";
};
"ui.meta" = {
AUTHOR = "Emile Clark-Boman - emileclarkb";
DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?";
KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies,cry,tearforge";
};
markdown = {
ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true;
ENABLE_MATH = true;
};
admin = {
DEFAULT_EMAIL_NOTIFICATIONS = "enabled";
SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true;
};
security = {
# Controls access to the installation page.
# When set to “true”, the installation page is not accessible.
#INSTALL_LOCK = false;
PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50)
MIN_PASSWORD_LENGTH = 12;
PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
PASSWORD_CHECK_PWN = true;
};
service = {
DISABLE_REGISTRATION = true; # toggle for new users
#DEFAULT_USER_IS_RESTRICTED = true;
# Forbid login with third-party services (ie github)
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
ENABLE_CAPTCHA = true;
REQUIRE_CAPTCHA_FOR_LOGIN = true;
REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true;
LOGIN_REMEMBER_DAYS = 365;
ENABLE_NOTIFY_MAIL = true;
};
"service.explore" = {
REQUIRE_SIGNIN_VIEW = false;
DISABLE_USERS_PAGE = false;
DISABLE_ORGANIZATIONS_PAGE = false;
DISABLE_CODE_PAGE = false;
};
cache = {
ADAPTER = "twoqueue";
HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}";
ITEM_TTL = "16h";
};
# TODO: fill this in once my mail server is configured
# email.incoming = { ... };
# optional
mailer = {
ENABLED = false;
SMTP_ADDR = "mail.tearforge.net";
FROM = "noreply@tearforge.net";
USER = "noreply@tearforge.net";
};
log = {
MODE = "file";
LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical"
ENABLE_SSH_LOG = true;
};
cron = {
ENABLED = true;
RUN_AT_START = false;
};
other = {
SHOW_FOOTER_VERSION = true;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true;
SHOW_FOOTER_POWERED_BY = true;
ENABLE_SITEMAP = true;
ENABLE_FEED = true;
};
};
};
}

1
hosts/hyrule/mailserver.nix → hosts/butterfly/services/mailserver.nix
View file

@ -28,6 +28,7 @@
aliases = ["emile@imbored.dev"];
hashedPasswordFile = let
CWD = builtins.getEnv "PWD";
# XXX: TODO: use a secrets manager!
in "${CWD}/secrets/passwd/me";
};
};

4
hosts/hyrule/minecraft-server.nix → hosts/butterfly/services/minecraft-server.nix
View file

@ -1,11 +1,11 @@
{
pkgs,
pkgs-unstable,
upkgs,
...
}: {
services.minecraft-server = {
enable = true;
package = pkgs-unstable.minecraft-server; # use latest version only!
package = upkgs.minecraft-server; # use latest version only!
declarative = true;
eula = true;

57
hosts/butterfly/services/nginx.nix Normal file
View file

@ -0,0 +1,57 @@
{pkgs, ...}: {
services.nginx = {
enable = true;
# NOTE: in wake of CVE-2022-3602/CVE-2022-3786 nginxStable is overlayed
package = pkgs.nginx;
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
# recommendedProxySettings = true;
# recommendedTlsSettings = true;
# streamConfig = ''
# server {
# listen 127.0.0.1:53 udp reuseport;
# proxy_timeout 20s;
# proxy_pass 192.168.0.1:53535;
# }
# '';
virtualHosts = let
localhost = "http://127.0.0.1";
std = {
# TODO: should I run over QUIC+HTTP3? (experimental)
# quic = true;
# http3 = true;
enableACME = true;
# kTLS = true; # offload TLS to the linux kernel
};
in {
"dobutterfliescry.net" =
{
default = true;
addSSL = true; # addSSL NOT forceSSL <3
root = "${pkgs.dobutterfliescry-net}/www";
# extraConfig = ''
# error_page 404 /custom_404.html;
# '';
}
// std;
"vault.imbored.dev" =
{
forceSSL = true;
locations."/".proxyPass = "${localhost}:8222";
}
// std;
"tearforge.net" =
{
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "${localhost}:3000";
}
// std;
};
};
}

25
hosts/butterfly/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,25 @@
{...}: {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
# backupDir = "/var/backup/vaultwarden"; # disable with null
# https://mynixos.com/nixpkgs/option/services.vaultwarden.config
config = {
# internal address and port to listen on
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
# hostname to listen for
DOMAIN = "https://vault.imbored.dev";
# signup policy
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true;
};
# https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile
environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
};
}

460
hosts/hyrule/default.nix
View file

@ -1,65 +1,8 @@
{
pkgs,
pkgs-unstable,
inputs,
lib,
...
}: let
home-manager = builtins.fetchTarball {
url = "https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz";
sha256 = "026rvynmzmpigax9f8gy9z67lsl6dhzv2p6s8wz4w06v3gjvspm1";
};
in {
{...}: {
imports = [
./hardware-configuration.nix
(import "${home-manager}/nixos")
./mailserver.nix # TEMP: location
./minecraft-server.nix # TEMP: location
#../modules/server/nginx.nix
#../modules/server/ssh.nix
#../modules/server/fail2ban.nix
./hardware.nix
];
nix.settings = {
# make wheel group trusted users allows my "ae" user
# to import packages not signed by a trusted key
# (aka super duper easier to remote deploy)
trusted-users = ["root" "@wheel"];
experimental-features = [
"nix-command"
"flakes"
];
};
# nixpkgs.config.allowUnfreePredicate = let
# whitelist = map lib.getName [
# "minecraft-server"
# pkgs.minecraft-server
# pkgs-unstable.minecraft-server
# ];
# in
# pkg: builtins.elem (lib.getName pkg) whitelist;
time.timeZone = "Australia/Brisbane";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# colmena deployment configuration
deployment = {
targetHost = "imbored.dev";
targetUser = "ae";
targetPort = 22;
sshOptions = [
"-A" # forward ssh-agent
];
buildOnTarget = false; # build locally then deploy
};
# super duper minimum grub2 config
boot.loader.grub = {
enable = true;
@ -68,408 +11,31 @@ in {
networking = {
hostName = "hyrule";
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # sshd
80 # nginx
# 143 # IMAP4
443 # nginx
# 587 # SMTPS
2222 # forgejo ssh
2035 # debug (for my job)
# 3000 (INTERNAL) forgejo
# 3306 (INTERNAL) forgejo sqlite3 database
5000 # debug (for my job)
# 8222 (INTERNAL) vaultwarden
45000 # minecaft server
];
allowedUDPPorts = [
];
};
};
users = {
defaultUserShell = pkgs.bash;
users = {
# primary user
ae = {
isNormalUser = true;
extraGroups = ["wheel"];
shell = pkgs.bash;
users.users = {
cry = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@imbored.dev"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"
];
};
# TODO: reduce security implications of subspace
subspace = {
foxora = {
isNormalUser = true;
shell = pkgs.bash;
home = "/home/subspace";
packages = with pkgs; [
wishlist
createHome = true;
home = "/home/foxora";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSBRYKap1p5lPocRTkguhJN72D2R2CImt5cFYx3Qa7h aurora@nixarawrui"
];
};
};
};
virtualisation.docker.enable = true;
home-manager = {
users = {
ae = import ../../homes/ae;
subspace = import ../../homes/subspace;
};
};
services = {
# simple nginx instance to host static construction page
# TODO: I want sshd and forgejo's ssh server to both be bound to port 22
# So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc)
# and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address)
nginx = {
enable = true;
# in wake of CVE-2022-3602/CVE-2022-3786
package = pkgs.nginxStable.override {openssl = pkgs.libressl;};
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# streamConfig = ''
# server {
# listen 127.0.0.1:53 udp reuseport;
# proxy_timeout 20s;
# proxy_pass 192.168.0.1:53535;
# }
# '';
virtualHosts = let
localhost = "http://127.0.0.1";
std = {
# TODO: should I run over QUIC+HTTP3? (experimental)
# quic = true;
# http3 = true;
enableACME = true;
# kTLS = true; # offload TLS to the linux kernel
};
in {
"imbored.dev" =
{
default = true;
addSSL = true; # not strictly enforced <3
root = "/var/www/imbored";
# extraConfig = ''
# error_page 404 /custom_404.html;
# '';
}
// std;
# Route "vault" subdomain to vaultwarden
"vault.imbored.dev" =
{
forceSSL = true;
locations."/".proxyPass = "${localhost}:8222";
}
// std;
# Route "forge" subdomain to forgejo
# TODO: use `forgejo.settings.server.ENABLE_ACME` instead?
"forge.imbored.dev" =
{
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "${localhost}:3000";
}
// std;
};
};
openssh = {
enable = true;
ports = [22];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
AllowUsers = ["ae" "subspace"]; # DO NOT ALLOW ALL
UseDns = true;
X11Forwarding = false;
};
};
vaultwarden = {
enable = true;
dbBackend = "sqlite";
# backupDir = "/var/backup/vaultwarden"; # disable with null
# https://mynixos.com/nixpkgs/option/services.vaultwarden.config
config = {
# internal address and port to listen on
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
# hostname to listen for
DOMAIN = "https://vault.imbored.dev";
# signup policy
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true;
};
# https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile
environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
};
# stalwart-mail = let
# domain = "imbored.dev";
# in {
# enable = false; # true;
# # openFirewall = true; # im doing this manually rn
# settings = {
# certificate."${domain}" = {
# cert = "file://${certs.${domain}.cert}";
# private-key = "file://${certs.${domain}.key}";
# };
# server = {
# hostname = domain;
# tls = {
# certificate = "${domain}";
# enable = true;
# implicit = false;
# };
# listener = {
# "smtp-submission" = {
# bind = ["127.0.0.1:587"];
# protocol = "smtp";
# };
# "imap" = {
# bind = ["127.0.0.1:143"];
# protocol = "imap";
# };
# };
# };
# session = {
# rcpt.directory = "in-memory";
# auth = {
# mechanisms = ["PLAIN"];
# directory = "in-memory";
# };
# };
# jmap.directory = "in-memory";
# queue.outbound.next-hop = ["local"];
# directory."in-memory" = {
# type = "memory";
# users = [
# {
# name = "me";
# secret = "foobar";
# email = ["me@${domain}"];
# }
# {
# name = "Emile";
# secret = "foobar";
# email = ["emile@${domain}"];
# }
# ];
# };
# };
# };
# more options here: https://mynixos.com/nixpkgs/options/services.forgejo
# TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo
# (might need me to override settings in the nixpkg)
# TODO: create a custom theme for forgejo (modify the source files most likely)
forgejo = {
enable = true;
# enable support for Git Large File Storage
lfs.enable = true;
database = {
type = "sqlite3"; # postgres
host = "127.0.0.1";
port = "3306"; # 5432 if postgres
};
# settings are written directly to the `app.ini` config file
# refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/
settings = {
server = {
# ENABLE_ACME = true;
# ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev"
DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"?
ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server
# address and port to listen on
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3000;
PROTOCOL = "http"; # http internally, reverse proxy uses https externally
START_SSH_SERVER = true;
DISABLE_SSH = false;
SSH_PORT = 2222;
};
DEFAULT = {
APP_NAME = "tearforge";
APP_SLOGIN = "but cozy";
APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::";
};
repository = {
DEFAULT_PRIVATE = "private"; # last, private, public
# repo/org created on push to non-existent
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = false;
DEFAULT_PUSH_CREATE_PRIVATE = true;
MAX_CREATION_LIMIT = -1;
};
"repository.upload" = {
# max per-file size in MB
FILE_MAX_SIZE = 50;
# max number of files per upload
MAX_FILES = 5;
};
badges = let
# flat, flat-square, plastic, for-the-badge, social
style = "for-the-badge";
in {
ENABLED = true;
GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}";
};
ui = {
DEFAULT_THEME = "forgejo-dark";
THEMES = "forgejo-auto,forgejo-light,forgejo-dark";
};
"ui.meta" = {
AUTHOR = "Emile Clark-Boman - emileclarkb";
DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?";
KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies";
};
markdown = {
ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true;
ENABLE_MATH = true;
};
admin = {
DEFAULT_EMAIL_NOTIFICATIONS = "enabled";
SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true;
};
security = {
# Controls access to the installation page.
# When set to “true”, the installation page is not accessible.
#INSTALL_LOCK = false;
PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50)
MIN_PASSWORD_LENGTH = 12;
PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
PASSWORD_CHECK_PWN = true;
};
service = {
DISABLE_REGISTRATION = true; # toggle for new users
#DEFAULT_USER_IS_RESTRICTED = true;
# Forbid login with third-party services (ie github)
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
ENABLE_CAPTCHA = true;
REQUIRE_CAPTCHA_FOR_LOGIN = true;
REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true;
LOGIN_REMEMBER_DAYS = 365;
ENABLE_NOTIFY_MAIL = true;
};
"service.explore" = {
REQUIRE_SIGNIN_VIEW = false;
DISABLE_USERS_PAGE = false;
DISABLE_ORGANIZATIONS_PAGE = false;
DISABLE_CODE_PAGE = false;
};
cache = {
ADAPTER = "twoqueue";
HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}";
ITEM_TTL = "16h";
};
# TODO: fill this in once my mail server is configured
# email.incoming = { ... };
# optional
# TODO: fill this in once my mail server is configured
mailer = {
ENABLED = false;
SMTP_ADDR = "mail.imbored.dev";
FROM = "noreply@imbored.dev";
USER = "noreply@imbored.dev";
};
log = {
MODE = "file";
LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical"
ENABLE_SSH_LOG = true;
};
cron = {
ENABLED = true;
RUN_AT_START = false;
};
other = {
SHOW_FOOTER_VERSION = true;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true;
SHOW_FOOTER_POWERED_BY = true;
ENABLE_SITEMAP = true;
ENABLE_FEED = true;
};
};
};
};
security = {
# accept Lets Encrypt's security policy (for nginx)
acme = {
acceptTerms = true;
# TODO: change this to me@imbored.dev
defaults.email = "eclarkboman@gmail.com";
};
sudo = {
enable = true;
wheelNeedsPassword = true;
};
# allow SSH keys for passwordless auth
# TODO: DO NOT USE THIS (create my own alternative to colmena)
pam = {
enableSSHAgentAuth = true;
services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
};
};
environment.systemPackages = with pkgs; [
git
vim
helix
];
programs = {
fish.enable = true;
bash = {
completion.enable = true;
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
};
system.stateVersion = "24.11"; # DO NOT MODIFY
system.stateVersion = "25.11"; # DO NOT MODIFY
}

37
hosts/hyrule/hardware.nix Normal file
View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

420
hosts/lolcathost/default.nix
View file

@ -1,424 +1,20 @@
{
lib,
pkgs,
pkgs-unstable,
inputs,
config,
...
}: let
home-manager = builtins.fetchTarball {
url = "https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz";
sha256 = "1y919cqrlmq0k44rgnacaq4zq37jj4rdh6f2swp6y2jiz28xb0iq";
};
in {
{...}: {
imports = [
./hardware-configuration.nix
(import "${home-manager}/nixos")
../modules/wm/hyprland.nix
# ../modules/wm/river.nix
../modules/wm/crywl.nix
../modules/steam.nix
../modules/obsidian.nix
../modules/angryoxide.nix
../modules/flipperzero.nix
../modules/chameleonultragui.nix
./hardware.nix
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfreePredicate = let
whitelist = map lib.getName [
pkgs.obsidian
pkgs.gitkraken
pkgs.steam
pkgs.steamcmd
pkgs.steam-unwrapped
pkgs.dwarf-fortress
];
in
pkg: builtins.elem (lib.getName pkg) whitelist;
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
grub = {
efiSupport = true;
device = "nodev";
useOSProber = false;
};
# GitHub: vinceliuice/grub2-themes
grub2-theme = {
enable = true;
theme = "whitesur"; # stylish, vimix, or whitesur
footer = true;
customResolution = "1920x1080";
};
};
time.timeZone = "Australia/Brisbane";
i18n.defaultLocale = "en_US.UTF-8"; # internationalisation
# Enable initrd hook for virtual console customisation
# aka cool colours when bootting yay!!
console = {
enable = true;
earlySetup = true; # initrd pre hook
keyMap = "us";
font = "Lat2-Terminus16";
# ANSI 24-bit color definitions (theme: dracula)
colors = [
"21222c"
"ff5555"
"50fa7b"
"f1fa8c"
"bd93f9"
"ff79c6"
"8be9fd"
"f8f8f2"
"6272a4"
"ff6e6e"
"69ff94"
"ffffa5"
"d6acff"
"ff92df"
"a4ffff"
"ffffff"
];
};
# ----- NETWORKING -----
networking = {
hostName = "lolcathost";
networkmanager.enable = true;
firewall.enable = false;
};
networking.hostName = "lolcathost";
# ----- SERVICES -----
services = {
# Set display manager (login screen)
displayManager = {
# sddm relies on pkgs.libsForQt5.qt5.qtgraphicaleffects
sddm = {
enable = true;
wayland.enable = true; # experimental
theme = "corners";
};
defaultSession =
"hyprland"
+ (
if config.programs.hyprland.withUWSM == true
then "-uwsm"
else null
);
};
dbus = {
# NOTE: programs.uwsm.enable sets implementation to dbus-broker,
# NOTE: however this seems to break dbus
implementation = lib.mkForce "dbus";
};
# Multimedia Framework
# With backwards compatability for alsa/pulseaudio/jack
pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
# dbus = {
# # NOTE: programs.uwsm.enable sets implementation to dbus-broker,
# # NOTE: however this seems to break dbus
# implementation = lib.mkForce "dbus";
# };
# Touchpad support
libinput.enable = true;
tumbler.enable = true; # Thunar image thumbnail support
gvfs.enable = true; # Thunar mount, trash, and other functionality
};
security.rtkit.enable = true; # I *think* this is for pipewire
# ------- USERS -------
users = {
# Using fish as the login shell tends to go very poorly because it isn't
# POSIX compliant, so we default the login shell to Bash instead :)
defaultUserShell = pkgs.bash;
users = {
# literally me fr (personal account)
me = {
isNormalUser = true;
extraGroups = ["wheel" "netdev" "docker"];
shell = pkgs.bash;
packages = let
# TODO: can I just do this: https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake#url-like-syntax
# instead to use colmena's flake.nix by specifying a rev hash in the flake input?
colmena-src = pkgs.fetchFromGitHub {
owner = "zhaofengli";
repo = "colmena";
rev = "47b6414d800c8471e98ca072bc0835345741a56a";
sha256 = "rINodqeUuezuCWOnpJgrH7u9vJ86fYT+Dj8Mu8T/IBc=";
};
colmena-latest = pkgs.callPackage "${colmena-src}/package.nix" {};
in
with pkgs; [
firefox
nitch
starfetch
colmena-latest
gitkraken
];
};
# user for friends to ssh into
friends = {
isNormalUser = true;
shell = pkgs.fish;
};
};
};
home-manager = {
users.me = import ../../homes/me;
extraSpecialArgs = {inherit inputs pkgs pkgs-unstable;};
sharedModules = [
inputs.ags.homeManagerModules.default
];
};
# ---- ENVIRONMENT VARIABLES ----
environment.sessionVariables = {
# folder names with capitalisation look awful!
XDG_DOWNLOAD_DIR = "$HOME/downloads";
# Hint Electrons apps to use Wayland
NIXOS_OZONE_WL = "1";
};
# ---- SYSTEM PACKAGES -----
environment.systemPackages = with pkgs; [
# User Environment
# crywl
swww
helvum
easyeffects
pavucontrol
ani-cli
bluetui
wl-clipboard # clipboard for wayland
qbittorrent # torrenting
signal-desktop
(callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners
# dependencies for my sddm theme:
pkgs.libsForQt5.qt5.qtgraphicaleffects
# Shell
bash
fish
shellcheck
grc # colorise command outputs
# Systems Emulation
qemu # Fellice Bellard's Quick Emulator
# GNU Utils
gnumake
binutils
# C Family
gcc
clang
clang-tools
# Rust
cargo
rustc
# Nim
nim
# Go
go
# Python
python312 # I use 3.12 since it's in a pretty stable state now
python314 # also 3.14 for latest features
poetry
# Sage
sageWithDoc # SageMath + HTML Documentation
openvpn
inetutils
# security tools
rustscan
nmap
dig
gobuster
nth
zap
httpie
curlie
zoxide
doggo
tldr
# btop
eza
yazi
lazygit
ripgrep
viddy # modern `watch` command
thefuck
# TODO: once upgraded past Nix-24.07 this line won't be necessary (I think)
# helix will support nixd by default
# SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix
nixd # lsp for nix
# Pretty necessary
git
git-filter-repo
nix-prefetch-git
brightnessctl
acpi
# upower
vim
powertop
imagemagick
# "Standard" Unix Commands
file
wget
tree
unzip
unrar-free
man-pages
man-pages-posix
# Cryptography
gnupg
openssl
libargon2
# Games
mindustry
dwarf-fortress
prismlauncher # minecraft
];
programs = {
crywl = {
enable = true;
xwayland.enable = false;
defaultSession = false;
useUnmodifiedDWL = false;
};
fish.enable = true;
nix-ld.enable = true;
# I want to use fish as my login shell but it always goes terrible
# cause it isn't POSIX compliant, so instead Bash is my login and
# will just exec fish (^-^)
bash = {
blesh.enable = false; # ble.sh replacement for GNU readline
completion.enable = true;
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
# Thunar also uses: `services.tumbler` & `services.gvfs`
thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-volman # for removable drives (ie USBs)
thunar-archive-plugin # create and extract archives
thunar-media-tags-plugin # change metadata for media files
];
};
# mozilla's email client
thunderbird.enable = true;
};
# ----- FONTS -----
fonts = {
enableDefaultPackages = true; # no clue what this line does tbh
packages = with pkgs;
[
#(nerdfonts.override {
# fonts = [
# "Cousine"
# "Iosevka"
# "JetBrainsMono"
# ];
# })
geist-font # for my hyprlock theme
# texlive maintains a noto-emoji flake
texlivePackages.noto-emoji
]
++ builtins.filter lib.attrsets.isDerivation (
builtins.attrValues pkgs.nerd-fonts
);
# TODO: change my default fonts
fontconfig = {
defaultFonts = {
serif = ["Geist"]; # TODO: package Iosevka Etoile since Iosevka isn't a serif font
sansSerif = ["Geist"];
monospace = ["Cousine"];
emoji = ["Noto Emoji"];
};
};
};
documentation = {
enable = true;
doc.enable = true; # install /share/doc packages
man.enable = true; # install manpages
info.enable = true; # install GNU info
dev.enable = true; # install docs intended for developers
nixos = {
enable = true; # install NixOS documentation (ie man -k nix, & nixos-help)
options.splitBuild = true;
# includeAllModules = true;
};
};
virtualisation.docker.enable = true;
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
# opengl = {
# enable = true;
# driSupport = true;
# driSupport32Bit = true;
# }
bluetooth = {
enable = true;
powerOnBoot = true;
};
};
# DO NOT MODIFY

0
hosts/lolcathost/hardware-configuration.nix → hosts/lolcathost/hardware.nix
View file

26
hosts/matcha/default.nix Normal file
View file

@ -0,0 +1,26 @@
{...}: {
imports = [
./hardware.nix
./state.nix
];
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
grub = {
efiSupport = true;
device = "nodev";
};
};
networking.hostName = "matcha";
users.users.cry = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYwbPjW26fHivB+UpxRArY7nFI09VLAD9xxOiPk/u+YPAOVR8SYTpsHj3L8kI3ENRtt3PRJb97ZfLpPaAJ0LJiZv4qzisDjbfck12FxSDseQlF2JaJZ4wrJ9llcqJbRLKd5wV4KotrDm8Ct2JSBFOdTBQBGJqtNrLOcAtDqVmDPXsWyONINegtcYHumTbJcQU1ksCABdjW5R1dhJesOuMOM8EvrUtDyftvD7sgnBlXTzybP9c1AphUuBMSR5yEz/cDl+iPtQq7tgB+iepCCuNMGQu1wZFPBCMrZtMoxq6gzmZ4oV+W6tfmGEbtdkY+ix+2j960Zngcw7Gj+aYyMY2TyVJuJmIvlzfcrlsbr1TH35Y/5oYhJA+X6aFpgomUsurJ6/QdI1wQ+ceUCnZEeg/8z+WNaq/Bp2hPzT9Y7SPWolpaotDhh9wiuyVqn5VQqwL2lELfvZM4Lu8l6vRPDeMZTemI1nc5jg3aVpJqZTPqFVcCWrWXfdCFwnfy/SdU0JAprCzVvoqkwDHsJwkxY/NcxlNGNha+8oYZgSH1CZhEp3Z7CDJCTDd5PxxCQHs90ENCWFsoGQIV01dAgwD63460En9q2kGr6gO2aRewMD5Vr8AzeGV87vsR3ARpPQVzEWLX08B076Idjwrz8aebdRYBEg7WCxRe5UVI1i/V8j/zQw== emile@deadlyserver.com"
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGEvtRs3C4hjSuvVm2lukqOvObCz5gVlFthcvpGHAqlBgZo47CNJM78WoviEQWceqtu9ZzJdRJ7qEK9ZGvTM0XTSgExkOs6YdS3J7M3i3YS1vcj9KVPinLhiE90aED/319pbYKFrRs/lRzl8XLeaPNqenNMNJBqeary8+r5u9JC6zYCeQ== me@lolcathost"
];
};
}

33
hosts/matcha/hardware.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d54a5644-744b-4b2a-8c4b-c12836498724";
fsType = "ext4";
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/12CE-A600";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9513ded6-662e-42f7-926e-64d198c2ae7c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

20
hosts/matcha/state.nix Normal file
View file

@ -0,0 +1,20 @@
{...}: {
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.11"; # Did you read the comment?
}

5
hosts/modules/angryoxide.nix
View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
(callPackage ../packages/angryoxide {})
];
}

25
hosts/modules/apps/rider.nix Normal file
View file

@ -0,0 +1,25 @@
{
pkgs,
upkgs,
dotnetVersions ? [8 9 10],
...
}: {
imports = [
../langs/dotnet.nix
];
environment.systemPackages = with pkgs; [
# Ensure latest stable Rider version (not necessarily stable on NixOS)
upkgs.jetbrains.rider
# NOTE: Blazor requires a Chromium-based browser
chromium
];
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
icu
];
};
}

6
hosts/modules/apps/winbox.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
programs.winbox = {
enable = true;
openFirewall = false; # port: 5678
};
}

27
hosts/modules/bashistrans.nix Normal file
View file

@ -0,0 +1,27 @@
{pkgs, ...}: {
# I want to use fish as my login shell but it always goes terrible
# cause it isn't POSIX compliant, so instead Bash is my login and
# will just exec fish (^-^)
programs = {
fish.enable = true;
bash = {
blesh.enable = false; # ble.sh replacement for GNU readline
completion.enable = true;
interactiveShellInit = ''
# help bash transition into a beautiful fish!
if [[ -z $CRY_BASH_IS_TRANS ]]
then
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
fi
# bash is trans now! (no more transitioning required)
export CRY_BASH_IS_TRANS=true
'';
};
};
}

5
hosts/modules/chameleonultragui.nix
View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
(callPackage ../packages/chameleonultragui {})
];
}

20
hosts/modules/colmena.nix
View file

@ -1,20 +0,0 @@
{}: {
# Colmena's latest stable version is
# unusable so get latest unstable version.
colmena = let
src = pkgsBuild.fetchFromGitHub {
owner = "zhaofengli";
repo = "colmena";
rev = "47b6414d800c8471e98ca072bc0835345741a56a";
sha256 = "rINodqeUuezuCWOnpJgrH7u9vJ86fYT+Dj8Mu8T/IBc=";
};
flake =
pkgsBuild.callPackage "${src}/flake.nix" {
};
in
flake.packages."${system}".colmena;
nixpkgs.config.packageOverrides = pkgs: {
colmena = pkgs.callPackage
};
}

12
hosts/modules/core/bluetooth.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
# TODO: this should be managed by home-manager
environment.systemPackages = with pkgs; [
overskride
];
}

15
hosts/modules/core/bootloader/grub.nix
View file

@ -1,15 +0,0 @@
{...}:
{
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
grub = {
efiSupport = true;
#efiInstallAsRemovable = true; # in case canTouchEfiVariables doesn't work on your system
device = "nodev";
};
};
}

8
hosts/modules/core/bootloader/systemd-boot.nix
View file

@ -1,8 +0,0 @@
{...}:
{
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
}

0
hosts/modules/core/sound/default.nix
View file

29
hosts/modules/core/sound/pipewire.nix
View file

@ -1,29 +0,0 @@
# Credit: https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/
{ pkgs, ... }:
{
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
# media-session.enable = true;
};
# TODO: these should instead be manager but home-manager
environment.systemPackages = with pkgs; [
helvum
easyeffects
];
}

29
hosts/modules/discord/nixcord.nix
View file

@ -1,29 +0,0 @@
{
lib,
pkgs,
config,
inputs,
outputs,
...
}:
{
imports = [
config.nixcord.homeManagerModules.nixcord
];
programs.nixcord = {
enable = true;
config = {
#themeLinks = [
# ""
#];
# no surrounding window frame
frameless = true;
plugins = {
};
};
};
}

31
hosts/modules/flakes/wishlist/README
View file

@ -1,31 +0,0 @@
#### wishlist.nix
This is a simple Nix flake defining a service from which
wishlist can run automatically. This flake runs wishlist-0.15.1
and lacks configurability unfortunately. However this was an
intentional choice, allowing wishlist to read from the user's
`~/.ssh/config` file, which can be configured seperately using
the something akin to the follow home-manager snippet:
```nix
programs.ssh = {
enable = true;
addKeysToAgent = "yes"; # always add keys to ssh-agent
matchBlocks = {
hyrule = {
hostname = "imbored.dev";
user = "ae";
port = 22;
identityFile = "/home/me/.ssh/id_hyrule";
};
};
};
```
This decision was mostly selfish as it was easiest...
But it comes at the cost of not being able to set the
port wishlist listens on. So for now you're stuck with `2222`.
###### The Future!! (woooowwww)
Create an option for wishlist that is used to construct
the `config.yaml` file

93
hosts/modules/flakes/wishlist/flake.nix
View file

@ -1,93 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = {
self,
config,
nixpkgs,
lib,
flake-utils,
}: let
cfg = config.services.wishlist;
supportedSystems = ["x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"];
in {
# TODO: 1. add options (ie one to set whether the server should be enabled),
# 2. create a systemd service
# 3. create a main program
# 4. celibrate
# TODO: do I need to make this a home-manager option and set the yaml config?
# define what settings a user can change
options = {
services.wishlist = with lib; {
enable = mkEnableOption "wishlist";
port = mkOption {
type = types.port;
default = 2222;
description = "Port to listen on";
};
package = mkOption {
type = types.package;
default = self.packages.${nixpkgs.system}.default;
description = "Package to use";
};
};
};
# define a systemd service for wishlist ^_^
config = lib.mkIf cfg.enable {
systemd.services.wishlist = {
description = "Single entrypoint for multiple SSH endpoints";
wantedBy = ["multi-user.target"];
serviceConfig = {
DynamicUser = "yes";
ExecStart = "${cfg.package}/bin/wishlist serve";
Restart = "always";
RestartSec = "2s";
};
};
};
packages = flake-utils.lib.eachSystem supportedSystems (
system: let
version = "0.15.1";
#pkgs = nixpkgs.legacyPackages.${system};
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = false;
};
#lib = pkgs.lib;
in rec {
defaultPackage = self.packages.${system}.wishlist;
wishlist = pkgs.buildGoModule {
pname = "wishlist";
inherit version;
meta = with lib; {
description = "Single entrypoint for multiple SSH endpoints";
homepage = "https://github.com/charmbracelet/wishlist";
changelog = "https://github.com/charmbracelet/wishlist/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [caarlos0 penguwin];
mainProgram = "wishlist";
};
src = pkgs.fetchFromGitHub {
owner = "charmbracelet";
repo = "wishlist";
rev = "v${version}";
# rev = "d7f058e115a8b4a4131406d01dde84fb4a8e93c4";
hash = "53fojA+gdvpSVNjx6QncH16F8/x+lpY5SkNs7obW2XQ=";
};
vendorSha256 = "0x6rss3fwv2398wrd5kyzkrqaphzvh4ykwfqai9glxm01y6fhxz7";
};
}
);
};
}

99
hosts/modules/flakes/wishlist/wishlist.nix
View file

@ -1,99 +0,0 @@
# NOTE: Wishlist service fails on nix because of readonly file system
# and it can't find a config file for itself, it needs to write that
# itself I suppose :(
# So:
# 1. Get it to write that file, and
# 2. Allow it to inherit profiles from configured ssh
{
self,
config,
pkgs,
lib,
}: let
cfg = config.services.wishlist;
in {
options = {
services.wishlist = with lib; {
enable = mkEnableOption "wishlist";
name = mkOption {
type = types.str;
default =
};
port = mkOption {
type = types.port;
default = 2222;
description = "Port to listen on";
};
#configPath = mkOption {
# type = types.path;
# default = ;
# description = "Path to config file";
#};
package = mkOption {
type = types.package;
default = self.packages.${nixpkgs.system}.default;
description = "Package to use";
};
};
};
# define a systemd service for wishlist ^_^
config = lib.mkIf cfg.enable {
systemd.services.wishlist = {
description = "Single entrypoint for multiple SSH endpoints";
wantedBy = ["multi-user.target"];
serviceConfig = let
wishlistServiceConfig = pkgs.writeText "config.yaml" ''
hello world!
'';
in {
DynamicUser = "yes";
ExecStart = "${pkgs.wishlist}/bin/wishlist serve --config ${wishlistServiceConfig}";
Restart = "always";
RestartSec = "2s";
};
};
};
/*
packages = flake-utils.lib.eachSystem supportedSystems (
system: let
version = "0.15.1";
#pkgs = nixpkgs.legacyPackages.${system};
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = false;
};
#lib = pkgs.lib;
in rec {
defaultPackage = self.packages.${system}.wishlist;
wishlist = pkgs.buildGoModule {
pname = "wishlist";
inherit version;
meta = with lib; {
description = "Single entrypoint for multiple SSH endpoints";
homepage = "https://github.com/charmbracelet/wishlist";
changelog = "https://github.com/charmbracelet/wishlist/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [caarlos0 penguwin];
mainProgram = "wishlist";
};
src = pkgs.fetchFromGitHub {
owner = "charmbracelet";
repo = "wishlist";
rev = "v${version}";
# rev = "d7f058e115a8b4a4131406d01dde84fb4a8e93c4";
hash = "53fojA+gdvpSVNjx6QncH16F8/x+lpY5SkNs7obW2XQ=";
};
vendorSha256 = "0x6rss3fwv2398wrd5kyzkrqaphzvh4ykwfqai9glxm01y6fhxz7";
};
}
);
*/
}

6
hosts/modules/flipperzero.nix
View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
# flipper zero desktop app
qflipper
];
}

30
hosts/modules/hyprland/default.nix
View file

@ -1,30 +0,0 @@
# NOTE: hyprland must be enabled in BOTH your host config (for running hyprland)
# and your home-manager config (for managing hyprland's config files)
{
pkgs,
inputs,
config,
lib,
...
}: {
options.hyprland = {
enable = lib.mkEnableOption "Hyprland";
};
config = lib.mkIf config.hyprland.enable {
programs.hyprland = {
enable = true;
#package = inputs.hyprland.packages.${pkgs.system}.hyprland;
xwayland.enable = true;
};
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
# TODO: finish this (I didn't like the dotfiles I was getting inspo from and stopped)
};
}

61
hosts/modules/langs/dotnet.nix Normal file
View file

@ -0,0 +1,61 @@
{
lib,
pkgs,
upkgs,
...
}: let
dotnetVersions = [8 9 10];
dotnetCombined =
pkgs.dotnetCorePackages.combinePackages
(builtins.concatMap
(v: let
# dotnet = pkgs.dotnetCorePackages."dotnet_${builtins.toString x}";
in [
# dotnet.sdk
# the runtime+aspnetcore packaged with the sdk
pkgs.dotnetCorePackages."sdk_${builtins.toString v}_0"
])
dotnetVersions);
# Custom packaged tools
dotnetTools = with lib; {
uno-check = with pkgs.dotnetCorePackages;
buildDotnetGlobalTool {
pname = "Uno.Check";
version = "1.32.17";
nugetHash = "sha256-BfTVF5uHu9/nyLXqdDEOHCxq6BVQWhsnDBbARzdLDAE=";
executables = "uno-check";
dotnet-sdk = dotnet_9.sdk;
dotnet-runtime = dotnet_9.runtime;
meta = {
homepage = "https://github.com/unoplatform/uno.check";
license = licenses.mit;
maintainers = [maintainers.emileclarkb];
};
};
};
in {
environment.systemPackages = with pkgs; [
# .NET
dotnetCombined
# .NET Tools
dotnetTools.uno-check
# Mono
mono
# NOTE: nixupkgs uses .NET8 SDK
# WARNING: nixpkgs-25.05 uses .NET6 SDK (now marked insecure)
upkgs.msbuild
# .NET Framework Tools/Services
omnisharp-roslyn
netcoredbg
];
}

34
hosts/modules/steam.nix
View file

@ -1,24 +1,34 @@
{
pkgs,
lib,
upkgs,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
nixpkgs.overlays = [
(self: super: {
lutris = super.lutris.overrideAttrs (final: prev: {
# WARNING: pkgs.mbedtls_2 is marked insecure!
# Replace pkgs.mbedtls_2 (v2.28.10) with pkgs.mbedtls (v3.6.4)
targetPkgs = pkgs: (
(builtins.filter (p: p != pkgs.mbedtls_2) (prev.targetPkgs pkgs))
++ [pkgs.mbedtls]
);
});
})
];
programs = {
steam = {
enable = true;
gamescopeSession.enable = true;
package = upkgs.millennium-steam;
gamescopeSession.enable = false; # .desktop entry for gamescope
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
gamemode.enable = true;
@ -29,8 +39,12 @@
mangohud
protonup-qt
lutris
# XXX: DEBUG: disable lutris
# XXX: NOTE: pkgs.lutris depends on pkgs.mbedtls_2 which is marked insecure!
# XXX: NOTE: Use the provided overlay to patch pkgs.mbedtls_2 -> pkgs.mbedtls
# lutris
bottles
heroic
];
}

72
hosts/modules/wishlist.nix
View file

@ -1,72 +0,0 @@
{
description = "Wishlist: Your SSH directory."
inputs = {
};
outputs = {
self
}: let
nixosModule = {
config,
lib,
pkgs,
...
}: {
options.services.wishlist = {
enable = lib.mkEnableOption "Your SSH directory.";
port = lib.mkOption {
type = lib.types.port;
default = 22;
description = "Port to listen on";
};
};
config = lib.mkIf config.services.wishlist.enable {
# configure the systemd service
systemd.services.wishlist = {
description = "Your SSH directory.";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${self.packages.${pkgs.system}.default}/bin/wishlist";
Restart = "always";
Type = "simple";
DynamicUser = "yes";
};
# environment variables
environment = {
};
};
};
};
in
(flake-utils.lib.eachDefaultSystem (system: let
gopkg = go-nixpkgs.legacyPackages.${system};
in {
packages.default = gopkg.buildGoModule ############################
}))
buildGoModule rec { # is rec necessary?
pname = "wishlist";
version = "0.15.1"
src = fetchFromGithub {
owner = "charmbracelet";
repo = "wishlist";
rev = "v${version}";
hash = "0c9g1s8j9znzd1mw61d0klc6sqri0wx6hljibxdwzi3cabfy3ld6";
};
vendorSha256 = lib.fakeSha256;
meta = with lib; {
homepage = "https://github.com/charmbracelet/wishlist";
description = "Your SSH directory.";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ caarlos0 ];
};
};
}

22
hosts/modules/wishlist.nix.bak
View file

@ -1,22 +0,0 @@
{lib}: {
buildGoModule rec { # is rec necessary?
pname = "wishlist";
version = "0.15.1"
src = fetchFromGithub {
owner = "charmbracelet";
repo = "wishlist";
rev = "v${version}";
hash = "0c9g1s8j9znzd1mw61d0klc6sqri0wx6hljibxdwzi3cabfy3ld6";
};
vendorSha256 = lib.fakeSha256;
meta = with lib; {
homepage = "https://github.com/charmbracelet/wishlist";
description = "Your SSH directory.";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ caarlos0 ];
};
};
}

Some files were not shown because too many files have changed in this diff Show more