chore(formatting): run `treefmt` · 74k1.sh/tix@17d0b38

+38 -25

flake.nix

··· 170 170 }; 171 171 }; 172 172 173 - outputs = inputs: 174 - inputs.flake-parts.lib.mkFlake { inherit inputs; } ({ withSystem, flake-parts-lib, ... }: { 175 - systems = [ 176 - "aarch64-linux" 177 - "x86_64-linux" 178 - "aarch64-darwin" 179 - "x86_64-darwin" 180 - ]; 173 + outputs = 174 + inputs: 175 + inputs.flake-parts.lib.mkFlake { inherit inputs; } ( 176 + { withSystem, flake-parts-lib, ... }: 177 + { 178 + systems = [ 179 + "aarch64-linux" 180 + "x86_64-linux" 181 + "aarch64-darwin" 182 + "x86_64-darwin" 183 + ]; 181 184 182 - imports = [ 183 - ./modules/flake/configurations.nix 184 - ./modules/flake/devshells.nix 185 - ./modules/flake/modules.nix 186 - ./modules/flake/agenix.nix 187 - ./modules/flake/topology.nix 188 - ./modules/flake/nixpkgs.nix 189 - inputs.rix101.flakeModules.agenix 190 - ]; 185 + imports = [ 186 + ./modules/flake/configurations.nix 187 + ./modules/flake/devshells.nix 188 + ./modules/flake/modules.nix 189 + ./modules/flake/agenix.nix 190 + ./modules/flake/topology.nix 191 + ./modules/flake/nixpkgs.nix 192 + inputs.rix101.flakeModules.agenix 193 + ]; 191 194 192 - debug = true; 195 + debug = true; 193 196 194 - perSystem = { self, lib, pkgs, system, inputs', ... }: { 195 - # Stuff with auto-inserted ${system}, like `packages` and `devShells` 196 - }; 197 + perSystem = 198 + { 199 + self, 200 + lib, 201 + pkgs, 202 + system, 203 + inputs', 204 + ... 205 + }: 206 + { 207 + # Stuff with auto-inserted ${system}, like `packages` and `devShells` 208 + }; 197 209 198 - flake = { 199 - # Stuff that gets directly exported, like `nixosConfigurations` 200 - }; 201 - }); 210 + flake = { 211 + # Stuff that gets directly exported, like `nixosConfigurations` 212 + }; 213 + } 214 + ); 202 215 }

+12 -5

hosts/darwin/arisu/darwin-configuration.nix

··· 1 - { inputs, outputs, config, pkgs, lib, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + pkgs, 6 + lib, 7 + ... 8 + }: 2 9 3 10 { 4 11 imports = with outputs.darwinModules; [ 5 12 brew 6 13 # aerospace 7 14 ]; 8 - 15 + 9 16 # List packages installed in system profile. To search by name, run: 10 17 # $ nix-env -qaP | grep wget 11 18 environment.systemPackages = with pkgs; [ ··· 57 64 # nix.package = pkgs.nix; 58 65 59 66 # Create /etc/zshrc that loads the nix-darwin environment. 60 - programs.zsh.enable = true; # default shell on catalina 67 + programs.zsh.enable = true; # default shell on catalina 61 68 programs.fish.enable = true; 62 69 63 70 # GPG as Agent ··· 78 85 finder = { 79 86 AppleShowAllExtensions = true; 80 87 CreateDesktop = false; 81 - FXPreferredViewStyle = "Nlsv"; # icnv Icon view, Nlsv list view, clmv column view, Flwv gallery view 88 + FXPreferredViewStyle = "Nlsv"; # icnv Icon view, Nlsv list view, clmv column view, Flwv gallery view 82 89 FXRemoveOldTrashItems = true; 83 90 NewWindowTarget = "Home"; 84 91 ShowPathbar = true; ··· 133 140 }; 134 141 }; 135 142 }; 136 - 143 + 137 144 ids.gids.nixbld = 350; 138 145 139 146 # Used for backwards compatibility, please read the changelog before changing.

+17 -8

hosts/darwin/arisu/darwin-home.nix

··· 1 - { inputs, outputs, lib, pkgs, config, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + pkgs, 6 + config, 7 + ... 8 + }: 2 9 3 10 { 4 11 imports = with outputs.homeManagerModules; [ ··· 30 37 # }; 31 38 32 39 # install macos applications to the user env if targetplatform is darwin 33 - home.file."Applications/home-manager".source = let 34 - apps = pkgs.buildEnv { 35 - name = "home-manager-applications"; 36 - paths = config.home.packages; 37 - pathsToLink = "/Applications"; 38 - }; 39 - in lib.mkIf pkgs.stdenv.targetPlatform.isDarwin "${apps}/Applications"; 40 + home.file."Applications/home-manager".source = 41 + let 42 + apps = pkgs.buildEnv { 43 + name = "home-manager-applications"; 44 + paths = config.home.packages; 45 + pathsToLink = "/Applications"; 46 + }; 47 + in 48 + lib.mkIf pkgs.stdenv.targetPlatform.isDarwin "${apps}/Applications"; 40 49 41 50 disabledModules = [ 42 51 "target/darwin/linkapps.nix"

+47 -26

hosts/nixos/duvet/configuration.nix

··· 1 - { inputs, outputs, config, lib, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 # See [NixOS on Hetzner Cloud Wiki](https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud) 4 12 5 - imports = with outputs.nixosModules; [ 6 - # Include the results of the hardware scan. 7 - ./hardware-configuration.nix 13 + imports = with outputs.nixosModules; [ 14 + # Include the results of the hardware scan. 15 + ./hardware-configuration.nix 8 16 9 - # inputs.agenix.nixosModules.default 10 - # inputs.agenix-rekey.nixosModules.default 17 + # inputs.agenix.nixosModules.default 18 + # inputs.agenix-rekey.nixosModules.default 11 19 12 - # fail2ban 13 - # vector 20 + # fail2ban 21 + # vector 14 22 15 - locale 16 - nix 17 - taki 18 - ]; 23 + locale 24 + nix 25 + taki 26 + ]; 19 27 20 28 # Use the GRUB 2 boot loader. 21 29 boot.loader.grub.enable = true; ··· 28 36 networkmanager.enable = true; 29 37 firewall = { 30 38 enable = true; 31 - allowedUDPPorts = [ 80 443 2202 ]; 32 - allowedTCPPorts = [ 80 443 2202 ]; 39 + allowedUDPPorts = [ 40 + 80 41 + 443 42 + 2202 43 + ]; 44 + allowedTCPPorts = [ 45 + 80 46 + 443 47 + 2202 48 + ]; 33 49 }; 34 50 }; 35 51 36 52 programs.zsh.enable = true; 37 - 53 + 38 54 environment.systemPackages = with pkgs; [ 39 55 btop 40 - git wget curl tmux unzip zip 56 + git 57 + wget 58 + curl 59 + tmux 60 + unzip 61 + zip 41 62 fastfetch 42 63 ]; 43 64 44 65 users.users.root.hashedPassword = "!"; # Disable root login 45 66 46 - system.activationScripts.buildBlog = /* bash */ '' 47 - echo "Deploying pre-built blog..." 48 - ${pkgs.coreutils}/bin/rm -rf /var/www/blog 49 - ${pkgs.coreutils}/bin/install -d -m 0755 -o taki -g users /var/www/blog 50 - ${pkgs.coreutils}/bin/cp -r ${inputs.blog.packages.x86_64-linux.website}/* /var/www/blog/ 51 - ${pkgs.coreutils}/bin/chmod -R 0755 /var/www/blog 52 - ${pkgs.coreutils}/bin/chown -R taki:users /var/www/blog 53 - echo "Finished deploying blog." 54 - ''; 67 + system.activationScripts.buildBlog = # bash 68 + '' 69 + echo "Deploying pre-built blog..." 70 + ${pkgs.coreutils}/bin/rm -rf /var/www/blog 71 + ${pkgs.coreutils}/bin/install -d -m 0755 -o taki -g users /var/www/blog 72 + ${pkgs.coreutils}/bin/cp -r ${inputs.blog.packages.x86_64-linux.website}/* /var/www/blog/ 73 + ${pkgs.coreutils}/bin/chmod -R 0755 /var/www/blog 74 + ${pkgs.coreutils}/bin/chown -R taki:users /var/www/blog 75 + echo "Finished deploying blog." 76 + ''; 55 77 56 78 systemd.tmpfiles.rules = [ 57 79 "d /var/www/blog 0755 taki users -" ··· 202 224 system.stateVersion = "24.05"; # Did you read the comment? 203 225 204 226 } 205 -

+26 -13

hosts/nixos/duvet/hardware-configuration.nix

··· 1 1 # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 2 # and may be overwritten by future invocations. Please make changes 3 3 # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 5 11 6 12 { 7 - imports = 8 - [ (modulesPath + "/profiles/qemu-guest.nix") 9 - ]; 13 + imports = [ 14 + (modulesPath + "/profiles/qemu-guest.nix") 15 + ]; 10 16 11 - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; 17 + boot.initrd.availableKernelModules = [ 18 + "ahci" 19 + "xhci_pci" 20 + "virtio_pci" 21 + "virtio_scsi" 22 + "sd_mod" 23 + "sr_mod" 24 + ]; 12 25 boot.initrd.kernelModules = [ ]; 13 26 boot.kernelModules = [ ]; 14 27 boot.extraModulePackages = [ ]; 15 28 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/6018e89e-550f-489d-9680-b80c7c270dd3"; 18 - fsType = "ext4"; 19 - }; 29 + fileSystems."/" = { 30 + device = "/dev/disk/by-uuid/6018e89e-550f-489d-9680-b80c7c270dd3"; 31 + fsType = "ext4"; 32 + }; 20 33 21 - fileSystems."/boot" = 22 - { device = "/dev/disk/by-uuid/e4044cfd-40f9-49b6-a01a-631f375986da"; 23 - fsType = "ext4"; 24 - }; 34 + fileSystems."/boot" = { 35 + device = "/dev/disk/by-uuid/e4044cfd-40f9-49b6-a01a-631f375986da"; 36 + fsType = "ext4"; 37 + }; 25 38 26 39 swapDevices = [ ]; 27 40

+8 -1

hosts/nixos/duvet/home.nix

··· 1 - { inputs, outputs, lib, pkgs, config, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + pkgs, 6 + config, 7 + ... 8 + }: 2 9 { 3 10 imports = builtins.concatLists [ 4 11 (with outputs.homeManagerModules; [

+38 -23

hosts/nixos/eiri/configuration.nix

··· 1 - { inputs, outputs, lib, config, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + config, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 age.secrets = { 4 12 # "cifs_secret" = { ··· 12 20 rekeyFile = "${inputs.self}/secrets/namecheap_api_secrets.age"; 13 21 }; 14 22 }; 15 - 23 + 16 24 imports = with outputs.nixosModules; [ 17 25 # Include the results of the hardware scan. 18 26 ./hardware-configuration.nix ··· 44 52 forgejo 45 53 immich 46 54 locale 47 - 55 + 48 56 ai-chat 49 57 karakeep 50 58 ··· 57 65 syncthing 58 66 # atuin 59 67 plex 60 - navidrome 68 + navidrome 61 69 # send 62 70 servarr 63 71 taki ··· 176 184 access_log /var/log/nginx/access.log; 177 185 error_log /var/log/nginx/error.log; 178 186 ''; 179 - 187 + 180 188 virtualHosts = { 181 189 "eiri.${allSecrets.global.domain01}" = { 182 190 addSSL = true; ··· 259 267 "/mnt/btrfs_pool" = { 260 268 device = "UUID=9ce8e79d-aa13-4f76-981f-c438eb821669"; 261 269 fsType = "btrfs"; 262 - options = [ "defaults" "noatime" "compress=zstd" "autodefrag" ]; 270 + options = [ 271 + "defaults" 272 + "noatime" 273 + "compress=zstd" 274 + "autodefrag" 275 + ]; 263 276 }; 264 277 "/mnt/koi" = { 265 278 device = "${allSecrets.per_host.koi.int_ip}:/volume1/backup"; # TODO ··· 283 296 email = "${allSecrets.global.mail.acme}"; 284 297 group = "nginx"; 285 298 }; 286 - certs = let 287 - inherit (allSecrets.global) domain01; 288 - in { 289 - "eiri.${domain01}" = { 290 - domain = "eiri.${domain01}"; 291 - dnsProvider = "namecheap"; 292 - dnsPropagationCheck = false; 293 - environmentFile = config.age.secrets."namecheap_api_secrets".path; 294 - # credentialFiles = { 295 - # "NAMECHEAP_API_KEY_FILE" = ; 296 - # "NAMECHEAP_API_USER_FILE" = ; 297 - # }; 298 - extraDomainNames = [ 299 - "*.eiri.${domain01}" 300 - ]; 301 - webroot = null; 299 + certs = 300 + let 301 + inherit (allSecrets.global) domain01; 302 + in 303 + { 304 + "eiri.${domain01}" = { 305 + domain = "eiri.${domain01}"; 306 + dnsProvider = "namecheap"; 307 + dnsPropagationCheck = false; 308 + environmentFile = config.age.secrets."namecheap_api_secrets".path; 309 + # credentialFiles = { 310 + # "NAMECHEAP_API_KEY_FILE" = ; 311 + # "NAMECHEAP_API_USER_FILE" = ; 312 + # }; 313 + extraDomainNames = [ 314 + "*.eiri.${domain01}" 315 + ]; 316 + webroot = null; 317 + }; 302 318 }; 303 - }; 304 319 }; 305 320 306 321 # Open ports in the firewall.

+23 -13

hosts/nixos/eiri/hardware-configuration.nix

··· 1 1 # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 2 # and may be overwritten by future invocations. Please make changes 3 3 # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 5 11 6 12 { 7 - imports = 8 - [ (modulesPath + "/installer/scan/not-detected.nix") 9 - ]; 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 10 16 11 - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ]; 17 + boot.initrd.availableKernelModules = [ 18 + "xhci_pci" 19 + "ahci" 20 + "nvme" 21 + ]; 12 22 boot.initrd.kernelModules = [ ]; 13 23 boot.kernelModules = [ ]; 14 24 boot.extraModulePackages = [ ]; 15 25 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/9db5f74a-5a64-43d4-a450-42fc04bfc02d"; 18 - fsType = "ext4"; 19 - }; 26 + fileSystems."/" = { 27 + device = "/dev/disk/by-uuid/9db5f74a-5a64-43d4-a450-42fc04bfc02d"; 28 + fsType = "ext4"; 29 + }; 20 30 21 - fileSystems."/boot" = 22 - { device = "/dev/disk/by-uuid/739C-ACF9"; 23 - fsType = "vfat"; 24 - }; 31 + fileSystems."/boot" = { 32 + device = "/dev/disk/by-uuid/739C-ACF9"; 33 + fsType = "vfat"; 34 + }; 25 35 26 36 swapDevices = [ ]; 27 37

+13 -4

hosts/nixos/eiri/home.nix

··· 1 - { inputs, outputs, lib, pkgs, config, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + pkgs, 6 + config, 7 + ... 8 + }: 2 9 3 10 { 4 11 imports = builtins.concatLists [ ··· 26 33 home.packages = with pkgs; [ 27 34 # term 28 35 #zoxide 29 - bat bat-extras.batman 36 + bat 37 + bat-extras.batman 30 38 eza 31 - feh viu 39 + feh 40 + viu 32 41 yazi 33 42 # joshuto 34 43 ripgrep ··· 37 46 tealdeer 38 47 zellij 39 48 ]; 40 - 49 + 41 50 services.gpg-agent = { 42 51 enable = true; 43 52 defaultCacheTtl = 86400;

+251 -234

hosts/nixos/knights/configuration.nix

··· 6 6 pkgs, 7 7 allSecrets, 8 8 ... 9 - }: { 9 + }: 10 + { 10 11 age.secrets = { 11 12 "knights_wireguard_private_key" = { 12 13 rekeyFile = "${inputs.self}/secrets/knights_wireguard_private_key.age"; ··· 62 63 networkmanager.enable = true; 63 64 firewall = { 64 65 enable = true; 65 - allowedUDPPorts = [80 443 2202 2277 51820]; 66 - allowedTCPPorts = [80 443 2202 2277 51820 22]; # Added port 22 for Forgejo SSH 66 + allowedUDPPorts = [ 67 + 80 68 + 443 69 + 2202 70 + 2277 71 + 51820 72 + ]; 73 + allowedTCPPorts = [ 74 + 80 75 + 443 76 + 2202 77 + 2277 78 + 51820 79 + 22 80 + ]; # Added port 22 for Forgejo SSH 67 81 }; 68 82 wireguard.interfaces = { 69 83 wg0 = { 70 - ips = ["10.100.0.2/24"]; 84 + ips = [ "10.100.0.2/24" ]; 71 85 listenPort = 51820; 72 86 privateKeyFile = config.age.secrets."knights_wireguard_private_key".path; 73 87 peers = [ 74 88 { 75 89 publicKey = "vnmW4+i/tKuiUx86JGOax3wHl1eAPwZj+/diVkpiZgM="; 76 - allowedIPs = ["10.100.0.1"]; 90 + allowedIPs = [ "10.100.0.1" ]; 77 91 endpoint = "${allSecrets.global.pub_ip}:51820"; 78 92 persistentKeepalive = 25; 79 93 } ··· 110 124 isNormalUser = true; 111 125 description = "only used for syncing certs"; 112 126 shell = pkgs.bashInteractive; 113 - extraGroups = ["nginx"]; 127 + extraGroups = [ "nginx" ]; 114 128 openssh.authorizedKeys.keys = [ 115 129 allSecrets.per_host.eiri.ssh_pub 116 130 ]; ··· 139 153 140 154 openssh = { 141 155 enable = true; 142 - ports = [2202]; 156 + ports = [ 2202 ]; 143 157 settings = { 144 158 PermitRootLogin = "no"; 145 159 PasswordAuthentication = false; ··· 213 227 } 214 228 ''; 215 229 216 - virtualHosts = let 217 - inherit (allSecrets.global) domain00 domain0; 218 - in { 219 - "it.74k1.sh" = { 220 - addSSL = true; 221 - enableACME = true; 222 - locations."/" = { 223 - proxyPass = "http://10.100.0.1:80"; # nginx based on url 230 + virtualHosts = 231 + let 232 + inherit (allSecrets.global) domain00 domain0; 233 + in 234 + { 235 + "it.74k1.sh" = { 236 + addSSL = true; 237 + enableACME = true; 238 + locations."/" = { 239 + proxyPass = "http://10.100.0.1:80"; # nginx based on url 240 + }; 224 241 }; 225 - }; 226 - # "send.74k1.sh" = { 227 - # addSSL = true; 228 - # enableACME = true; 229 - # locations."/" = { 230 - # proxyPass = "http://10.100.0.1:1444"; 231 - # proxyWebsockets = true; 232 - # }; 233 - # }; 234 - "umami.74k1.sh" = { 235 - addSSL = true; 236 - enableACME = true; 237 - locations."/" = { 238 - proxyPass = "http://10.100.0.1:3034"; 242 + # "send.74k1.sh" = { 243 + # addSSL = true; 244 + # enableACME = true; 245 + # locations."/" = { 246 + # proxyPass = "http://10.100.0.1:1444"; 247 + # proxyWebsockets = true; 248 + # }; 249 + # }; 250 + "umami.74k1.sh" = { 251 + addSSL = true; 252 + enableACME = true; 253 + locations."/" = { 254 + proxyPass = "http://10.100.0.1:3034"; 255 + }; 239 256 }; 240 - }; 241 - "${domain00}" = { 242 - addSSL = true; 243 - useACMEHost = "${allSecrets.global.domain00}"; 244 - # enableACME = true; 245 - root = "/var/www/${domain00}/"; 246 - }; 247 - "auth.${domain00}" = { 248 - addSSL = true; 249 - useACMEHost = "${allSecrets.global.domain00}"; 250 - # enableACME = true; 251 - locations."/" = { 252 - proxyPass = "http://10.100.0.1:1411"; 253 - # proxyWebsockets = true; 254 - # recommendedProxySettings = true; 255 - extraConfig = '' 256 - # proxy_set_header Host $host; 257 - # proxy_set_header X-Real-IP $remote_addr; 258 - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 259 - # proxy_set_header X-Forwarded-Proto $scheme; 257 + "${domain00}" = { 258 + addSSL = true; 259 + useACMEHost = "${allSecrets.global.domain00}"; 260 + # enableACME = true; 261 + root = "/var/www/${domain00}/"; 262 + }; 263 + "auth.${domain00}" = { 264 + addSSL = true; 265 + useACMEHost = "${allSecrets.global.domain00}"; 266 + # enableACME = true; 267 + locations."/" = { 268 + proxyPass = "http://10.100.0.1:1411"; 269 + # proxyWebsockets = true; 270 + # recommendedProxySettings = true; 271 + extraConfig = '' 272 + # proxy_set_header Host $host; 273 + # proxy_set_header X-Real-IP $remote_addr; 274 + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 275 + # proxy_set_header X-Forwarded-Proto $scheme; 260 276 261 - proxy_busy_buffers_size 512k; 262 - proxy_buffers 4 512k; 263 - proxy_buffer_size 256k; 264 - ''; 277 + proxy_busy_buffers_size 512k; 278 + proxy_buffers 4 512k; 279 + proxy_buffer_size 256k; 280 + ''; 281 + }; 265 282 }; 266 - }; 267 - # "vw.${domain00}" = { 268 - # addSSL = true; 269 - # useACMEHost = "${allSecrets.global.domain00}"; 270 - # locations."/" = { 271 - # proxyPass = "http://10.100.0.1:8222"; 272 - # proxyWebsockets = true; 273 - # }; 274 - # }; 275 - # "git.${domain00}" = { 276 - # addSSL = true; 277 - # useACMEHost = "${allSecrets.global.domain00}"; 278 - # locations."/" = { 279 - # proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND}"; 280 - # recommendedProxySettings = true; 281 - # proxyWebsockets = true; 282 - # extraConfig = '' 283 - # client_max_body_size 0; 284 - # ''; 285 - # }; 286 - # }; 287 - # "news.${domain00}" = { 288 - # addSSL = true; 289 - # useACMEHost = "${allSecrets.global.domain00}"; 290 - # locations."/" = { 291 - # proxyPass = "http://10.100.0.1:8084"; 292 - # }; 293 - # }; 294 - # Opencloud! 295 - # "files.${domain00}" = { 296 - # addSSL = true; 297 - # useACMEHost = "${allSecrets.global.domain00}"; 298 - # locations = { 299 - # "/" = { 300 - # proxyPass = "http://10.100.0.1:80"; 301 - # extraConfig = '' 302 - # client_max_body_size 100G; 303 - # client_body_buffer_size 400M; 304 - # ''; 305 - # }; 306 - # # "/.well-known/carddav" = { 307 - # # return = "301 $scheme://$host$remote.php/dav"; 308 - # # }; 309 - # # "/.well-known/caldav" = { 310 - # # return = "301 $scheme://$host$remote.php/dav"; 311 - # # }; 312 - # }; 313 - # }; 314 - # change mum n sister 315 - # "immich.${domain00}" = { 316 - # addSSL = true; 317 - # useACMEHost = "${allSecrets.global.domain00}"; 318 - # locations."/" = { 319 - # proxyPass = "http://10.100.0.1:3001"; 320 - # # see https://immich.app/docs/administration/reverse-proxy/ 321 - # extraConfig = '' 322 - # client_max_body_size 50G; 323 - # proxy_set_header Host $host; 324 - # proxy_set_header X-Real-IP $remote_addr; 325 - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 326 - # proxy_set_header X-Forwarded-Proto $scheme; 327 - # 328 - # proxy_http_version 1.1; 329 - # proxy_set_header Upgrade $http_upgrade; 330 - # proxy_set_header Connection "upgrade"; 331 - # 332 - # proxy_read_timeout 43200s; 333 - # proxy_send_timeout 43200s; 334 - # send_timeout 43200s; 335 - # ''; 336 - # }; 337 - # }; 338 - # should perhaps run on chatai.74k1.sh as well 339 - # "chat.${domain00}" = { 340 - # addSSL = true; 341 - # useACMEHost = "${allSecrets.global.domain00}"; 342 - # locations."/" = { 343 - # proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.chat.settings.BIND}"; 344 - # proxyWebsockets = true; 345 - # }; 346 - # }; 347 - "${domain0}" = { 348 - addSSL = true; 349 - enableACME = true; 350 - root = "/var/www/${domain0}/"; 351 - }; 352 - "vw.${domain0}" = { 353 - enableACME = true; 354 - forceSSL = true; 355 - locations."/" = { 356 - proxyPass = "http://10.100.0.1:8222"; 357 - proxyWebsockets = true; 283 + # "vw.${domain00}" = { 284 + # addSSL = true; 285 + # useACMEHost = "${allSecrets.global.domain00}"; 286 + # locations."/" = { 287 + # proxyPass = "http://10.100.0.1:8222"; 288 + # proxyWebsockets = true; 289 + # }; 290 + # }; 291 + # "git.${domain00}" = { 292 + # addSSL = true; 293 + # useACMEHost = "${allSecrets.global.domain00}"; 294 + # locations."/" = { 295 + # proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND}"; 296 + # recommendedProxySettings = true; 297 + # proxyWebsockets = true; 298 + # extraConfig = '' 299 + # client_max_body_size 0; 300 + # ''; 301 + # }; 302 + # }; 303 + # "news.${domain00}" = { 304 + # addSSL = true; 305 + # useACMEHost = "${allSecrets.global.domain00}"; 306 + # locations."/" = { 307 + # proxyPass = "http://10.100.0.1:8084"; 308 + # }; 309 + # }; 310 + # Opencloud! 311 + # "files.${domain00}" = { 312 + # addSSL = true; 313 + # useACMEHost = "${allSecrets.global.domain00}"; 314 + # locations = { 315 + # "/" = { 316 + # proxyPass = "http://10.100.0.1:80"; 317 + # extraConfig = '' 318 + # client_max_body_size 100G; 319 + # client_body_buffer_size 400M; 320 + # ''; 321 + # }; 322 + # # "/.well-known/carddav" = { 323 + # # return = "301 $scheme://$host$remote.php/dav"; 324 + # # }; 325 + # # "/.well-known/caldav" = { 326 + # # return = "301 $scheme://$host$remote.php/dav"; 327 + # # }; 328 + # }; 329 + # }; 330 + # change mum n sister 331 + # "immich.${domain00}" = { 332 + # addSSL = true; 333 + # useACMEHost = "${allSecrets.global.domain00}"; 334 + # locations."/" = { 335 + # proxyPass = "http://10.100.0.1:3001"; 336 + # # see https://immich.app/docs/administration/reverse-proxy/ 337 + # extraConfig = '' 338 + # client_max_body_size 50G; 339 + # proxy_set_header Host $host; 340 + # proxy_set_header X-Real-IP $remote_addr; 341 + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 342 + # proxy_set_header X-Forwarded-Proto $scheme; 343 + # 344 + # proxy_http_version 1.1; 345 + # proxy_set_header Upgrade $http_upgrade; 346 + # proxy_set_header Connection "upgrade"; 347 + # 348 + # proxy_read_timeout 43200s; 349 + # proxy_send_timeout 43200s; 350 + # send_timeout 43200s; 351 + # ''; 352 + # }; 353 + # }; 354 + # should perhaps run on chatai.74k1.sh as well 355 + # "chat.${domain00}" = { 356 + # addSSL = true; 357 + # useACMEHost = "${allSecrets.global.domain00}"; 358 + # locations."/" = { 359 + # proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.chat.settings.BIND}"; 360 + # proxyWebsockets = true; 361 + # }; 362 + # }; 363 + "${domain0}" = { 364 + addSSL = true; 365 + enableACME = true; 366 + root = "/var/www/${domain0}/"; 358 367 }; 359 - }; 360 - "git.${domain0}" = { 361 - enableACME = true; 362 - forceSSL = true; 363 - locations."/" = { 364 - proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND}"; 365 - recommendedProxySettings = true; 366 - proxyWebsockets = true; 367 - extraConfig = '' 368 - client_max_body_size 0; 369 - ''; 370 - }; 371 - }; 372 - "news.${domain0}" = { 373 - enableACME = true; 374 - forceSSL = true; 375 - locations."/" = { 376 - proxyPass = "http://10.100.0.1:8084"; 368 + "vw.${domain0}" = { 369 + enableACME = true; 370 + forceSSL = true; 371 + locations."/" = { 372 + proxyPass = "http://10.100.0.1:8222"; 373 + proxyWebsockets = true; 374 + }; 377 375 }; 378 - }; 379 - "files.${domain0}" = { 380 - enableACME = true; 381 - forceSSL = true; 382 - locations = { 383 - "/" = { 384 - proxyPass = "http://10.100.0.1:80"; 376 + "git.${domain0}" = { 377 + enableACME = true; 378 + forceSSL = true; 379 + locations."/" = { 380 + proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND}"; 381 + recommendedProxySettings = true; 382 + proxyWebsockets = true; 385 383 extraConfig = '' 386 - client_max_body_size 100G; 387 - client_body_buffer_size 400M; 384 + client_max_body_size 0; 388 385 ''; 389 386 }; 390 - # "/.well-known/carddav" = { 391 - # return = "301 $scheme://$host$remote.php/dav"; 392 - # }; 393 - # "/.well-known/caldav" = { 394 - # return = "301 $scheme://$host$remote.php/dav"; 395 - # }; 396 387 }; 397 - }; 398 - "immich.${domain0}" = { 399 - enableACME = true; 400 - forceSSL = true; 401 - locations."/" = { 402 - proxyPass = "http://10.100.0.1:3001"; 403 - # see https://immich.app/docs/administration/reverse-proxy/ 404 - extraConfig = '' 405 - client_max_body_size 50G; 406 - proxy_set_header Host $host; 407 - proxy_set_header X-Real-IP $remote_addr; 408 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 409 - proxy_set_header X-Forwarded-Proto $scheme; 388 + "news.${domain0}" = { 389 + enableACME = true; 390 + forceSSL = true; 391 + locations."/" = { 392 + proxyPass = "http://10.100.0.1:8084"; 393 + }; 394 + }; 395 + "files.${domain0}" = { 396 + enableACME = true; 397 + forceSSL = true; 398 + locations = { 399 + "/" = { 400 + proxyPass = "http://10.100.0.1:80"; 401 + extraConfig = '' 402 + client_max_body_size 100G; 403 + client_body_buffer_size 400M; 404 + ''; 405 + }; 406 + # "/.well-known/carddav" = { 407 + # return = "301 $scheme://$host$remote.php/dav"; 408 + # }; 409 + # "/.well-known/caldav" = { 410 + # return = "301 $scheme://$host$remote.php/dav"; 411 + # }; 412 + }; 413 + }; 414 + "immich.${domain0}" = { 415 + enableACME = true; 416 + forceSSL = true; 417 + locations."/" = { 418 + proxyPass = "http://10.100.0.1:3001"; 419 + # see https://immich.app/docs/administration/reverse-proxy/ 420 + extraConfig = '' 421 + client_max_body_size 50G; 422 + proxy_set_header Host $host; 423 + proxy_set_header X-Real-IP $remote_addr; 424 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 425 + proxy_set_header X-Forwarded-Proto $scheme; 410 426 411 - proxy_http_version 1.1; 412 - proxy_set_header Upgrade $http_upgrade; 413 - proxy_set_header Connection "upgrade"; 427 + proxy_http_version 1.1; 428 + proxy_set_header Upgrade $http_upgrade; 429 + proxy_set_header Connection "upgrade"; 414 430 415 - proxy_read_timeout 43200s; 416 - proxy_send_timeout 43200s; 417 - send_timeout 43200s; 418 - ''; 431 + proxy_read_timeout 43200s; 432 + proxy_send_timeout 43200s; 433 + send_timeout 43200s; 434 + ''; 435 + }; 419 436 }; 420 - }; 421 - # "n8n.${domain0}" = { 422 - # enableACME = true; 423 - # forceSSL = true; 424 - # locations."/" = { 425 - # proxyPass = "http://10.100.0.1:5678" 426 - # }; 427 - # }; 428 - "chatai.${allSecrets.global.domain01}" = { 429 - enableACME = true; 430 - forceSSL = true; 431 - locations."/" = { 432 - proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.chat.settings.BIND}"; 433 - proxyWebsockets = true; 437 + # "n8n.${domain0}" = { 438 + # enableACME = true; 439 + # forceSSL = true; 440 + # locations."/" = { 441 + # proxyPass = "http://10.100.0.1:5678" 442 + # }; 443 + # }; 444 + "chatai.${allSecrets.global.domain01}" = { 445 + enableACME = true; 446 + forceSSL = true; 447 + locations."/" = { 448 + proxyPass = "http://127.0.0.1${toString config.services.anubis.instances.chat.settings.BIND}"; 449 + proxyWebsockets = true; 450 + }; 434 451 }; 435 - }; 436 - # catch-all for domain00 437 - "*.${allSecrets.global.domain00}" = { 438 - forceSSL = true; 439 - useACMEHost = "${allSecrets.global.domain00}"; 440 - locations."/" = { 441 - return = "444"; # Close connection without response 452 + # catch-all for domain00 453 + "*.${allSecrets.global.domain00}" = { 454 + forceSSL = true; 455 + useACMEHost = "${allSecrets.global.domain00}"; 456 + locations."/" = { 457 + return = "444"; # Close connection without response 458 + }; 442 459 }; 443 460 }; 444 - }; 445 461 }; 446 462 }; 447 - 448 463 449 464 security.acme = { 450 465 acceptTerms = true; ··· 452 467 email = "${allSecrets.global.mail.acme}"; 453 468 group = "nginx"; 454 469 }; 455 - certs = let 456 - inherit (allSecrets.global) domain00; 457 - in { 458 - "${domain00}" = { 459 - domain = "${domain00}"; 460 - dnsProvider = "namecheap"; 461 - dnsPropagationCheck = true; 462 - environmentFile = config.age.secrets."namecheap_api_secrets".path; 463 - extraDomainNames = [ 464 - "*.${domain00}" 465 - ]; 466 - webroot = null; 470 + certs = 471 + let 472 + inherit (allSecrets.global) domain00; 473 + in 474 + { 475 + "${domain00}" = { 476 + domain = "${domain00}"; 477 + dnsProvider = "namecheap"; 478 + dnsPropagationCheck = true; 479 + environmentFile = config.age.secrets."namecheap_api_secrets".path; 480 + extraDomainNames = [ 481 + "*.${domain00}" 482 + ]; 483 + webroot = null; 484 + }; 467 485 }; 468 - }; 469 486 }; 470 487 471 488 # Open ports in the firewall.

+26 -13

hosts/nixos/knights/hardware-configuration.nix

··· 1 1 # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 2 # and may be overwritten by future invocations. Please make changes 3 3 # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 5 11 6 12 { 7 - imports = 8 - [ (modulesPath + "/profiles/qemu-guest.nix") 9 - ]; 13 + imports = [ 14 + (modulesPath + "/profiles/qemu-guest.nix") 15 + ]; 10 16 11 - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; 17 + boot.initrd.availableKernelModules = [ 18 + "ahci" 19 + "xhci_pci" 20 + "virtio_pci" 21 + "virtio_scsi" 22 + "sd_mod" 23 + "sr_mod" 24 + ]; 12 25 boot.initrd.kernelModules = [ ]; 13 26 boot.kernelModules = [ ]; 14 27 boot.extraModulePackages = [ ]; 15 28 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/95ffe4e2-ce50-4bbd-b77f-ea11ca33a456"; 18 - fsType = "ext4"; 19 - }; 29 + fileSystems."/" = { 30 + device = "/dev/disk/by-uuid/95ffe4e2-ce50-4bbd-b77f-ea11ca33a456"; 31 + fsType = "ext4"; 32 + }; 20 33 21 - fileSystems."/boot" = 22 - { device = "/dev/disk/by-uuid/686c7af7-a95d-4264-a56b-ea5eb8b1f33c"; 23 - fsType = "ext4"; 24 - }; 34 + fileSystems."/boot" = { 35 + device = "/dev/disk/by-uuid/686c7af7-a95d-4264-a56b-ea5eb8b1f33c"; 36 + fsType = "ext4"; 37 + }; 25 38 26 39 swapDevices = [ ]; 27 40

+10 -2

hosts/nixos/knights/home.nix

··· 1 - { inputs, outputs, lib, pkgs, config, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + pkgs, 6 + config, 7 + ... 8 + }: 2 9 { 3 10 imports = builtins.concatLists [ 4 11 (with outputs.homeManagerModules; [ ··· 20 27 home.packages = with pkgs; [ 21 28 bat 22 29 eza 23 - feh viu 30 + feh 31 + viu 24 32 ripgrep 25 33 scc 26 34 tealdeer

+40 -15

hosts/nixos/wired/configuration.nix

··· 1 - { inputs, outputs, lib, config, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + config, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 disabledModules = [ "services/networking/syncthing.nix" ]; 4 11 ··· 32 39 bash 33 40 # kanidm-client 34 41 ]; 35 - 36 42 37 43 # Bootloader. 38 44 boot = { ··· 119 125 pkgs.xdg-desktop-portal-gtk 120 126 ]; 121 127 config.common = { 122 - default = [ "gnome" "gtk" ]; 128 + default = [ 129 + "gnome" 130 + "gtk" 131 + ]; 123 132 "org.freedesktop.impl.portal.FileChooser" = [ "gtk" ]; 124 133 "org.freedesktop.impl.portal.ScreenCast" = [ "gnome" ]; 125 134 "org.freedesktop.impl.portal.RemoteDesktop" = [ "gnome" ]; ··· 150 159 }; 151 160 }; 152 161 }; 153 - 162 + 154 163 xserver = { 155 164 enable = true; # XWayland support 156 165 ··· 170 179 libinput = { 171 180 enable = true; 172 181 mouse.accelProfile = "flat"; 173 - touchpad.accelProfile = "flat"; 182 + touchpad.accelProfile = "flat"; 174 183 }; 175 184 176 - fprintd = { # fingerprint 185 + fprintd = { 186 + # fingerprint 177 187 enable = true; 178 188 # tod = { 179 189 # enable = true; ··· 183 193 # package = pkgs."24.11".fprintd.override { 184 194 # libfprint = pkgs.tix.libfprint-focaltech-gpd; 185 195 # }; 186 - package = (pkgs."24.11".fprintd.override { 187 - libfprint = pkgs.tix.libfprint-focaltech-gpd; 188 - }); 196 + package = ( 197 + pkgs."24.11".fprintd.override { 198 + libfprint = pkgs.tix.libfprint-focaltech-gpd; 199 + } 200 + ); 189 201 }; 190 202 191 203 fwupd = { ··· 213 225 ''; 214 226 215 227 # Enable AMD GPU 216 - services.xserver.videoDrivers = [ "modesetting" "amdgpu" ]; 228 + services.xserver.videoDrivers = [ 229 + "modesetting" 230 + "amdgpu" 231 + ]; 217 232 boot = { 218 233 kernelModules = [ "amdgpu" ]; 219 234 initrd.kernelModules = [ "amdgpu" ]; ··· 230 245 amdgpu.initrd.enable = true; 231 246 }; 232 247 systemd.packages = [ pkgs.lact ]; 233 - systemd.services.lactd.wantedBy = ["multi-user.target"]; 248 + systemd.services.lactd.wantedBy = [ "multi-user.target" ]; 234 249 235 250 # Enable CUPS to print documents. 236 251 services.printing = { ··· 314 329 "bluez5.enable-msbc" = true; 315 330 "bluez5.enable-hw-volume" = true; 316 331 # "bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ]; 317 - "bluez5.roles" = [ "a2dp_sink" "a2dp_source" ]; 332 + "bluez5.roles" = [ 333 + "a2dp_sink" 334 + "a2dp_source" 335 + ]; 318 336 }; 319 337 }; 320 338 }; ··· 327 345 328 346 services.dbus = { 329 347 enable = true; 330 - packages = [ pkgs.dconf pkgs.gcr ]; 348 + packages = [ 349 + pkgs.dconf 350 + pkgs.gcr 351 + ]; 331 352 }; 332 353 333 354 programs.dconf.enable = true; 334 355 programs.gpaste.enable = true; 335 - 356 + 336 357 # udev stuff 337 358 services.udev = { 338 359 packages = [ ··· 377 398 environment.systemPackages = with pkgs; [ 378 399 lact 379 400 ntfs3g 380 - git wget curl tmux jq 401 + git 402 + wget 403 + curl 404 + tmux 405 + jq 381 406 shpool 382 407 pavucontrol 383 408 nvidia-vaapi-driver

+5 -4

hosts/nixos/wired/disko.nix

··· 1 - {inputs, ...}: { 1 + { inputs, ... }: 2 + { 2 3 imports = [ 3 4 inputs.disko.nixosModules.disko 4 5 ]; ··· 21 22 type = "filesystem"; 22 23 format = "vfat"; 23 24 mountpoint = "/boot"; 24 - mountOptions = ["umask=0077"]; 25 + mountOptions = [ "umask=0077" ]; 25 26 }; 26 27 }; 27 28 root = { ··· 29 30 name = "root"; 30 31 content = { 31 32 type = "btrfs"; 32 - extraArgs = ["-f"]; # Override existing partition 33 + extraArgs = [ "-f" ]; # Override existing partition 33 34 subvolumes = { 34 35 # Subvolume name is different from mountpoint 35 36 "/rootfs" = { ··· 38 39 # Mountpoints inferred from subvolume name 39 40 "/home" = { 40 41 mountpoint = "/home"; 41 - mountOptions = ["compress=zstd"]; 42 + mountOptions = [ "compress=zstd" ]; 42 43 }; 43 44 "/nix" = { 44 45 mountpoint = "/nix";

+18 -6

hosts/nixos/wired/hardware-configuration.nix

··· 1 1 # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 2 # and may be overwritten by future invocations. Please make changes 3 3 # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 5 11 6 12 { 7 - imports = 8 - [ (modulesPath + "/installer/scan/not-detected.nix") 9 - ]; 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 10 16 11 - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; 17 + boot.initrd.availableKernelModules = [ 18 + "nvme" 19 + "xhci_pci" 20 + "thunderbolt" 21 + "usbhid" 22 + "usb_storage" 23 + "sd_mod" 24 + ]; 12 25 boot.initrd.kernelModules = [ ]; 13 26 boot.kernelModules = [ "kvm-amd" ]; 14 27 boot.extraModulePackages = [ ]; 15 28 16 29 # GPD Pocket 4 17 - 18 30 19 31 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 20 32 # (the default) this is the recommended approach. When using systemd-networkd it's

+18 -11

hosts/nixos/wired/home.nix

··· 1 - { inputs, outputs, lib, pkgs, config, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + pkgs, 6 + config, 7 + ... 8 + }: 2 9 3 10 { 4 11 imports = builtins.concatLists [ ··· 7 14 inputs.stylix.homeModules.stylix 8 15 #inputs.nix-colors.homeManagerModules.default 9 16 ] 10 - 17 + 11 18 # int 12 19 (with outputs.homeManagerModules; [ 13 20 niri ··· 41 48 kanshi 42 49 xdg 43 50 zsh 44 - fish 51 + fish 45 52 yazi 46 53 gpg-agent 47 54 ]) 48 55 ]; 49 - 50 56 51 57 # nixpkgs = { 52 58 # config = { ··· 69 75 home.packages = with pkgs; [ 70 76 # theme 71 77 papirus-icon-theme 72 - 78 + 73 79 # my own scriptiboo 74 80 pkgs.tix.duvolbr 75 81 # inputs.unfree-fonts.packages.x86_64-linux.berkeley-nolig-otf ··· 81 87 82 88 # uhhh clipboard 83 89 wl-clipboard-rs 84 - 90 + 85 91 # term 86 92 bat 87 93 eza 88 - feh viu 94 + feh 95 + viu 89 96 loupe 90 97 seahorse 91 98 gnome-calculator ··· 95 102 96 103 # beekeeper-studio 97 104 pkgs.tix.outerbase-studio-desktop 98 - 105 + 99 106 pulsemixer 100 107 qmk 101 108 vial ··· 145 152 zui 146 153 brimcap 147 154 # pcmanfm 148 - 155 + 149 156 vscode 150 157 151 158 r2modman ··· 234 241 restic 235 242 # firefox 236 243 ]; 237 - 244 + 238 245 # evolution stuff 239 246 #services.gnome3.evolution-data-server.enable = true; 240 247 ··· 244 251 theme.ukiyo = { 245 252 package = inputs.ukiyo.packages.x86_64-linux.default; 246 253 }; 247 - 254 + 248 255 home.sessionVariables = { 249 256 SHELL = "${pkgs.zsh}/bin/zsh"; 250 257 EDITOR = "nvim";

+6 -1

modules/darwin/brew/default.nix

··· 1 - { lib, pkgs, config, ... }: 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 2 7 { 3 8 # Requires Homebrew to be installed 4 9 system.activationScripts.preUserActivation.text = ''

+25 -8

modules/flake/agenix.nix

··· 1 - { lib, config, self, inputs, withSystem, ... }: 1 + { 2 + lib, 3 + config, 4 + self, 5 + inputs, 6 + withSystem, 7 + ... 8 + }: 2 9 3 10 { 4 11 imports = [ 5 12 inputs.agenix-rekey.flakeModule 6 13 ]; 7 14 8 - perSystem = { self', lib, pkgs, system, inputs', ... }: { 9 - agenix-rekey.nodes = { 10 - inherit (self.nixosConfigurations) 11 - knights 12 - eiri; 15 + perSystem = 16 + { 17 + self', 18 + lib, 19 + pkgs, 20 + system, 21 + inputs', 22 + ... 23 + }: 24 + { 25 + agenix-rekey.nodes = { 26 + inherit (self.nixosConfigurations) 27 + knights 28 + eiri 29 + ; 30 + }; 31 + agenix-rekey.homeConfigurations = { }; 13 32 }; 14 - agenix-rekey.homeConfigurations = {}; 15 - }; 16 33 }

+139 -121

modules/flake/configurations.nix

··· 6 6 withSystem, 7 7 allSecrets, 8 8 ... 9 - }: let 9 + }: 10 + let 10 11 lib = config._module.args.lib; 11 12 outputs = self; 12 13 13 - allSecrets = 14 - lib.rageImportEncrypted ../../secrets/secrets.nix.age; 14 + allSecrets = lib.rageImportEncrypted ../../secrets/secrets.nix.age; 15 15 16 - mkNixosHost = hostname: { 17 - system, 18 - home-manager ? true, 19 - }: 16 + mkNixosHost = 17 + hostname: 18 + { 19 + system, 20 + home-manager ? true, 21 + }: 20 22 lib.nixosSystem { 21 23 inherit system; 22 24 # the `perSystem` function gives you access to the shit inside the `perSystem` blocks 23 - pkgs = withSystem system ({pkgs, ...}: pkgs); 24 - modules = 25 - [ 26 - # Main config 27 - "${inputs.self}/hosts/nixos/${hostname}/configuration.nix" 28 - # nix-topology 29 - inputs.nix-topology.nixosModules.default 30 - ] 31 - ++ lib.optionals home-manager [ 32 - # Home Manager 33 - inputs.home-manager.nixosModules.home-manager 34 - { 35 - home-manager = { 36 - # Use same `pkgs` as the NixOS above 37 - useGlobalPkgs = true; 38 - useUserPackages = true; 39 - users.taki = import "${inputs.self}/hosts/nixos/${hostname}/home.nix"; 40 - extraSpecialArgs = { 41 - inherit inputs outputs; 42 - }; 43 - backupFileExtension = "backup"; 25 + pkgs = withSystem system ({ pkgs, ... }: pkgs); 26 + modules = [ 27 + # Main config 28 + "${inputs.self}/hosts/nixos/${hostname}/configuration.nix" 29 + # nix-topology 30 + inputs.nix-topology.nixosModules.default 31 + ] 32 + ++ lib.optionals home-manager [ 33 + # Home Manager 34 + inputs.home-manager.nixosModules.home-manager 35 + { 36 + home-manager = { 37 + # Use same `pkgs` as the NixOS above 38 + useGlobalPkgs = true; 39 + useUserPackages = true; 40 + users.taki = import "${inputs.self}/hosts/nixos/${hostname}/home.nix"; 41 + extraSpecialArgs = { 42 + inherit inputs outputs; 44 43 }; 45 - } 46 - ]; 44 + backupFileExtension = "backup"; 45 + }; 46 + } 47 + ]; 47 48 specialArgs = { 48 49 inherit inputs outputs; 49 50 inherit allSecrets; ··· 51 52 }; 52 53 }; 53 54 54 - mkNixDarwinHost = hostname: { 55 - system, 56 - home-manager ? true, 57 - }: 55 + mkNixDarwinHost = 56 + hostname: 57 + { 58 + system, 59 + home-manager ? true, 60 + }: 58 61 inputs.nix-darwin.lib.darwinSystem { 59 62 inherit system; 60 - pkgs = withSystem system ({pkgs, ...}: pkgs); 63 + pkgs = withSystem system ({ pkgs, ... }: pkgs); 61 64 62 65 modules = [ 63 66 # Main config ··· 86 89 }; 87 90 }; 88 91 89 - mkDeployNode = { 90 - hostname, 91 - system, 92 - # "nixos" or "darwin" 93 - configType ? "nixos", 94 - }: { 95 - # NOTE: to be overridden 96 - hostname = null; 97 - sshOpts = ["-p" "22"]; 98 - sshUser = "taki"; 99 - user = "root"; 100 - interactiveSudo = true; 101 - autoRollback = true; 102 - magicRollback = true; 103 - remoteBuild = false; 104 - profiles.system = { 92 + mkDeployNode = 93 + { 94 + hostname, 95 + system, 96 + # "nixos" or "darwin" 97 + configType ? "nixos", 98 + }: 99 + { 100 + # NOTE: to be overridden 101 + hostname = null; 102 + sshOpts = [ 103 + "-p" 104 + "22" 105 + ]; 106 + sshUser = "taki"; 105 107 user = "root"; 106 - path = inputs.deploy-rs.lib.${system}.activate.${configType} self."${configType}Configurations".${hostname}; 108 + interactiveSudo = true; 109 + autoRollback = true; 110 + magicRollback = true; 111 + remoteBuild = false; 112 + profiles.system = { 113 + user = "root"; 114 + path = 115 + inputs.deploy-rs.lib.${system}.activate.${configType} 116 + self."${configType}Configurations".${hostname}; 117 + }; 107 118 }; 108 - }; 109 - in { 119 + in 120 + { 110 121 flake = { 111 122 nixosConfigurations = 112 123 lib.flip lib.pipe 113 - [ 114 - (builtins.mapAttrs mkNixosHost) 115 - ] 116 - { 117 - wired = { 118 - system = "x86_64-linux"; 119 - }; 120 - eiri = { 121 - system = "x86_64-linux"; 122 - }; 123 - knights = { 124 - system = "x86_64-linux"; 124 + [ 125 + (builtins.mapAttrs mkNixosHost) 126 + ] 127 + { 128 + wired = { 129 + system = "x86_64-linux"; 130 + }; 131 + eiri = { 132 + system = "x86_64-linux"; 133 + }; 134 + knights = { 135 + system = "x86_64-linux"; 136 + }; 137 + duvet = { 138 + system = "x86_64-linux"; 139 + }; 125 140 }; 126 - duvet = { 127 - system = "x86_64-linux"; 128 - }; 129 - }; 130 141 131 142 darwinConfigurations = 132 143 lib.flip lib.pipe 133 - [ 134 - (builtins.mapAttrs mkNixDarwinHost) 135 - ] 136 - { 137 - arisu = { 138 - system = "aarch64-darwin"; 144 + [ 145 + (builtins.mapAttrs mkNixDarwinHost) 146 + ] 147 + { 148 + arisu = { 149 + system = "aarch64-darwin"; 150 + }; 139 151 }; 140 - }; 141 152 142 153 deploy.nodes = 143 154 lib.flip lib.pipe 144 - [ 145 - (lib.concatMapAttrs 146 - (configType: hosts: 147 - builtins.mapAttrs 148 - (hostname: settings: 149 - mkDeployNode { 150 - inherit hostname; 151 - inherit (self."${configType}Configurations".${hostname}.pkgs) system; 152 - inherit configType; 153 - } 154 - // settings) 155 - hosts)) 156 - ] 157 - { 158 - nixos = { 159 - eiri = { 160 - # should change this to 10.0.0.1 someday, when i have wg on cyberia 161 - # but how do I deploy from wired 162 - hostname = "${allSecrets.per_host.eiri.int_ip}"; 163 - }; 164 - knights = { 165 - hostname = "${allSecrets.per_host.knights.pub_ip}"; 166 - sshOpts = ["-p" "2202"]; 167 - }; 168 - octo = { 169 - # temporarily ? 170 - hostname = "${allSecrets.per_host.octo.int_ip}"; 171 - # important, weak device 172 - remoteBuild = false; 173 - }; 174 - duvet = { 175 - hostname = "${allSecrets.per_host.duvet.pub_ip}"; 176 - sshOpts = ["-p" "2202"]; 177 - }; 178 - cyberia = { 179 - hostname = "${allSecrets.per_host.cyberia.int_ip}"; 180 - # sshOpts = [ "-p" "2202" ]; 155 + [ 156 + (lib.concatMapAttrs ( 157 + configType: hosts: 158 + builtins.mapAttrs ( 159 + hostname: settings: 160 + mkDeployNode { 161 + inherit hostname; 162 + inherit (self."${configType}Configurations".${hostname}.pkgs) system; 163 + inherit configType; 164 + } 165 + // settings 166 + ) hosts 167 + )) 168 + ] 169 + { 170 + nixos = { 171 + eiri = { 172 + # should change this to 10.0.0.1 someday, when i have wg on cyberia 173 + # but how do I deploy from wired 174 + hostname = "${allSecrets.per_host.eiri.int_ip}"; 175 + }; 176 + knights = { 177 + hostname = "${allSecrets.per_host.knights.pub_ip}"; 178 + sshOpts = [ 179 + "-p" 180 + "2202" 181 + ]; 182 + }; 183 + octo = { 184 + # temporarily ? 185 + hostname = "${allSecrets.per_host.octo.int_ip}"; 186 + # important, weak device 187 + remoteBuild = false; 188 + }; 189 + duvet = { 190 + hostname = "${allSecrets.per_host.duvet.pub_ip}"; 191 + sshOpts = [ 192 + "-p" 193 + "2202" 194 + ]; 195 + }; 196 + cyberia = { 197 + hostname = "${allSecrets.per_host.cyberia.int_ip}"; 198 + # sshOpts = [ "-p" "2202" ]; 199 + }; 181 200 }; 182 - }; 183 - darwin = { 184 - arisu = { 185 - hostname = "${allSecrets.per_host.arisu.int_ip}"; 186 - remoteBuild = true; 187 - user = "taki"; 201 + darwin = { 202 + arisu = { 203 + hostname = "${allSecrets.per_host.arisu.int_ip}"; 204 + remoteBuild = true; 205 + user = "taki"; 206 + }; 188 207 }; 189 208 }; 190 - }; 191 209 }; 192 210 }

+40 -20

modules/flake/devshells.nix

··· 1 - { lib, config, self, inputs, withSystem, ... }: 2 1 { 3 - perSystem = { self, lib, pkgs, system, inputs', ... }: { 4 - devShells = { 5 - # usage: 6 - # `nix develop <name>` 7 - default = pkgs.mkShell { 8 - buildInputs = [ 9 - # pkgs.git 10 - # inputs'.agenix-rekey.packages.agenix-rekey 11 - # inputs'.deploy-rs.packages.deploy-rs 12 - inputs'.rix101.packages.nix-enraged 13 - (inputs'.nixos-anywhere.packages.nixos-anywhere.override { nix = inputs'.rix101.packages.nix-enraged; }) 14 - (inputs'.nixpkgs.legacyPackages.nixos-rebuild.override { nix = inputs'.rix101.packages.nix-enraged; }) 15 - ]; 2 + lib, 3 + config, 4 + self, 5 + inputs, 6 + withSystem, 7 + ... 8 + }: 9 + { 10 + perSystem = 11 + { 12 + self, 13 + lib, 14 + pkgs, 15 + system, 16 + inputs', 17 + ... 18 + }: 19 + { 20 + devShells = { 21 + # usage: 22 + # `nix develop <name>` 23 + default = pkgs.mkShell { 24 + buildInputs = [ 25 + # pkgs.git 26 + # inputs'.agenix-rekey.packages.agenix-rekey 27 + # inputs'.deploy-rs.packages.deploy-rs 28 + inputs'.rix101.packages.nix-enraged 29 + (inputs'.nixos-anywhere.packages.nixos-anywhere.override { 30 + nix = inputs'.rix101.packages.nix-enraged; 31 + }) 32 + (inputs'.nixpkgs.legacyPackages.nixos-rebuild.override { 33 + nix = inputs'.rix101.packages.nix-enraged; 34 + }) 35 + ]; 36 + }; 37 + # with-macchina = pkgs.mkShell { 38 + # buildInputs = with pkgs; [ 39 + # macchina 40 + # ]; 41 + # }; 16 42 }; 17 - # with-macchina = pkgs.mkShell { 18 - # buildInputs = with pkgs; [ 19 - # macchina 20 - # ]; 21 - # }; 22 43 }; 23 - }; 24 44 }

+8 -1

modules/flake/modules.nix

··· 1 - { lib, config, self, inputs, withSystem, ... }: 1 + { 2 + lib, 3 + config, 4 + self, 5 + inputs, 6 + withSystem, 7 + ... 8 + }: 2 9 3 10 { 4 11 flake = {

+59 -45

modules/flake/nixpkgs.nix

··· 1 - { inputs, self, lib, config, ... }: 1 + { 2 + inputs, 3 + self, 4 + lib, 5 + config, 6 + ... 7 + }: 2 8 3 9 { 4 - perSystem = { pkgs, system, ... }: { 5 - _module.args.pkgs = let 6 - overlays = lib.attrValues self.overlays ++ [ 7 - inputs.nix-topology.overlays.default 10 + perSystem = 11 + { pkgs, system, ... }: 12 + { 13 + _module.args.pkgs = 14 + let 15 + overlays = lib.attrValues self.overlays ++ [ 16 + inputs.nix-topology.overlays.default 8 17 9 - (_: _: inputs.tixpkgs.packages.${system}) 18 + (_: _: inputs.tixpkgs.packages.${system}) 10 19 11 - # Pseudo-overlay to add our own packages everywhere 12 - (_: _: self.packages.${system}) 13 - ]; 14 - config = { 15 - allowUnfree = true; 16 - # hack, might work, forgor 17 - allowUnfreePredicate = _: true; 20 + # Pseudo-overlay to add our own packages everywhere 21 + (_: _: self.packages.${system}) 22 + ]; 23 + config = { 24 + allowUnfree = true; 25 + # hack, might work, forgor 26 + allowUnfreePredicate = _: true; 18 27 19 - # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved 20 - permittedInsecurePackages = [ 21 - "aspnetcore-runtime-6.0.36" 22 - "aspnetcore-runtime-wrapped-6.0.36" 23 - "dotnet-sdk-6.0.428" 24 - "dotnet-sdk-wrapped-6.0.428" 25 - ]; 26 - }; 27 - in import inputs.nixpkgs { 28 - inherit system; 29 - overlays = overlays ++ [ 30 - # NOTE: `nixpkgs-stable` -> `pkgs.stable.*` 31 - # NOTE: `nixpkgs-master` -> `pkgs.master.*` 32 - # NOTE: `nixpkgs` -> `pkgs.*` 33 - (_: _: lib.pipe inputs [ 34 - (lib.concatMapAttrs 35 - (name: input: 36 - lib.optionalAttrs (lib.hasPrefix "nixpkgs-" name) { 37 - ${lib.removePrefix "nixpkgs-" name} = import input { 38 - inherit system; 39 - inherit overlays; 40 - inherit config; 41 - }; 42 - })) 43 - ]) 44 - # NOTE: `tixpkgs` -> `pkgs.tix.*` 45 - (_: _: { 46 - tix = inputs.tixpkgs.packages.${system}; 47 - }) 48 - ]; 49 - inherit config; 28 + # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved 29 + permittedInsecurePackages = [ 30 + "aspnetcore-runtime-6.0.36" 31 + "aspnetcore-runtime-wrapped-6.0.36" 32 + "dotnet-sdk-6.0.428" 33 + "dotnet-sdk-wrapped-6.0.428" 34 + ]; 35 + }; 36 + in 37 + import inputs.nixpkgs { 38 + inherit system; 39 + overlays = overlays ++ [ 40 + # NOTE: `nixpkgs-stable` -> `pkgs.stable.*` 41 + # NOTE: `nixpkgs-master` -> `pkgs.master.*` 42 + # NOTE: `nixpkgs` -> `pkgs.*` 43 + ( 44 + _: _: 45 + lib.pipe inputs [ 46 + (lib.concatMapAttrs ( 47 + name: input: 48 + lib.optionalAttrs (lib.hasPrefix "nixpkgs-" name) { 49 + ${lib.removePrefix "nixpkgs-" name} = import input { 50 + inherit system; 51 + inherit overlays; 52 + inherit config; 53 + }; 54 + } 55 + )) 56 + ] 57 + ) 58 + # NOTE: `tixpkgs` -> `pkgs.tix.*` 59 + (_: _: { 60 + tix = inputs.tixpkgs.packages.${system}; 61 + }) 62 + ]; 63 + inherit config; 64 + }; 50 65 }; 51 - }; 52 66 }

+27 -14

modules/flake/topology.nix

··· 1 - 2 - { lib, config, self, inputs, ... }: 1 + { 2 + lib, 3 + config, 4 + self, 5 + inputs, 6 + ... 7 + }: 3 8 4 9 { 5 10 imports = [ 6 11 inputs.nix-topology.flakeModule 7 12 ]; 8 13 9 - perSystem = { lib, pkgs, self', system, ... }: { 10 - # NOTE: make you able to `nix build .#topology` 11 - legacyPackages = { 12 - topology = self.topology.${system}.config.output; 13 - }; 14 + perSystem = 15 + { 16 + lib, 17 + pkgs, 18 + self', 19 + system, 20 + ... 21 + }: 22 + { 23 + # NOTE: make you able to `nix build .#topology` 24 + legacyPackages = { 25 + topology = self.topology.${system}.config.output; 26 + }; 14 27 15 - topology = { 16 - nixosConfigurations = self.nixosConfigurations; 17 - modules = [ 18 - { 19 - } 20 - ]; 28 + topology = { 29 + nixosConfigurations = self.nixosConfigurations; 30 + modules = [ 31 + { 32 + } 33 + ]; 34 + }; 21 35 }; 22 - }; 23 36 }

+49 -36

modules/home-manager/apps/firefox/default.nix

··· 1 - { inputs 2 - , config 3 - , pkgs 4 - , ... }: 1 + { 2 + inputs, 3 + config, 4 + pkgs, 5 + ... 6 + }: 5 7 { 6 8 programs.firefox = { 7 9 enable = true; ··· 12 14 "bing".metaData.hidden = true; 13 15 "ebay".metaData.hidden = true; 14 16 "google" = { 15 - urls = [{ template = "https://www.google.com/search?q={searchTerms}"; }]; 17 + urls = [ { template = "https://www.google.com/search?q={searchTerms}"; } ]; 16 18 icon = "https://icons.duckduckgo.com/ip3/google.com.ico"; 17 - definedAliases = [ ":g" "@google" ]; 19 + definedAliases = [ 20 + ":g" 21 + "@google" 22 + ]; 18 23 }; 19 24 "ddg" = { 20 - urls = [{ template = "https://duckduckgo.com/?t=h_&q={searchTerms}&ia=web"; }]; 25 + urls = [ { template = "https://duckduckgo.com/?t=h_&q={searchTerms}&ia=web"; } ]; 21 26 icon = "https://icons.duckduckgo.com/ip3/duckduckgo.com.ico"; 22 - definedAliases = [ ":g" "@google" ]; 27 + definedAliases = [ 28 + ":g" 29 + "@google" 30 + ]; 23 31 }; 24 32 "Perplexity" = { 25 - urls = [{ template = "https://www.perplexity.ai/search?focus=internet&q={searchTerms}"; }]; 33 + urls = [ { template = "https://www.perplexity.ai/search?focus=internet&q={searchTerms}"; } ]; 26 34 icon = "https://icons.duckduckgo.com/ip3/perplexity.ai.ico"; 27 - definedAliases = [ ":p" "@perplexity @pp" ]; 35 + definedAliases = [ 36 + ":p" 37 + "@perplexity @pp" 38 + ]; 28 39 }; 29 40 "Brave Search" = { 30 - urls = [{ template = "https://search.brave.com/search?q={searchTerms}&source=web"; }]; 41 + urls = [ { template = "https://search.brave.com/search?q={searchTerms}&source=web"; } ]; 31 42 icon = "https://icons.duckduckgo.com/ip3/search.brave.com.ico"; 32 - definedAliases = [ ":b" "@brave" ]; 43 + definedAliases = [ 44 + ":b" 45 + "@brave" 46 + ]; 33 47 }; 34 48 "MyNixOS" = { 35 - urls = [{ template = "https://mynixos.com/search?q={searchTerms}"; }]; 49 + urls = [ { template = "https://mynixos.com/search?q={searchTerms}"; } ]; 36 50 icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 37 - definedAliases = [ ":n" "@mynixos" ]; 51 + definedAliases = [ 52 + ":n" 53 + "@mynixos" 54 + ]; 38 55 }; 39 56 }; 40 57 # userChrome == FF Interface 41 - userChrome = /* css */ '' 42 - .toolbarbutton-icon[src^="page-icon:https://github.com"]{ 43 - filter: invert(1) !important; 44 - } 45 - .tab-icon-image[src*="github.com"] { 46 - filter: invert(1) !important; 47 - } 48 - ''; 58 + userChrome = # css 59 + '' 60 + .toolbarbutton-icon[src^="page-icon:https://github.com"]{ 61 + filter: invert(1) !important; 62 + } 63 + .tab-icon-image[src*="github.com"] { 64 + filter: invert(1) !important; 65 + } 66 + ''; 49 67 # userContent == web-pages and internal pages like about:newtab & about:home 50 - userContent = /* css */ '' 68 + userContent = # css 69 + '' 51 70 52 - ''; 71 + ''; 53 72 settings = { 54 73 # USER CONF 55 74 "browser.download.panel.shown" = true; ··· 61 80 # "general.smoothScroll.mouseWheel.durationMaxMS" = 250; 62 81 # "general.smoothScroll.stopDecelerationWeighting" = 0.82; 63 82 # "mousewheel.min_line_scroll_amount" = 25; 64 - 83 + 65 84 # Main Config is based on BetterFox @ 66 85 # https://github.com/yokoffing/Betterfox 67 86 ################# FAST FOX ################# ··· 105 124 # Tracking Protection 106 125 "browser.contentblocking.category" = "strict"; 107 126 "privacy.trackingprotection.emailtracking.enabled" = true; 108 - "urlclassifier.trackingSkipURLs" = 109 - "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; 110 - "urlclassifier.features.socialtracking.skipURLs" = 111 - "*.instagram.com, *.twitter.com, *.twimg.com"; 127 + "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; 128 + "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com"; 112 129 "privacy.query_stripping.strip_list" = 113 130 "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"; 114 131 "browser.uitour.enabled" = false; ··· 245 262 "extensions.getAddons.showPane" = false; 246 263 "extensions.htmlaboutaddons.recommendations.enabled" = false; 247 264 "browser.shell.checkDefaultBrowser" = false; 248 - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = 249 - false; 250 - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = 251 - false; 265 + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; 266 + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; 252 267 "browser.preferences.moreFromMozilla" = false; 253 268 "browser.tabs.tabmanager.enabled" = false; 254 269 "browser.aboutwelcome.enabled" = false; ··· 307 322 "general.smoothScroll.stopDecelerationWeighting" = "1"; 308 323 "mousewheel.default.delta_multiplier_y" = 300; 309 324 310 - 311 325 ################# OVERRIDES ################# 312 326 "browser.startup.homepage" = ""; 313 327 # Enable HTTPS-Only Mode ··· 328 342 "experiments.supported" = false; 329 343 "network.allow-experiments" = false; 330 344 # Disable Pocket Integration 331 - "browser.newtabpage.activity-stream.section.highlights.includePocket" = 332 - false; 345 + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; 333 346 "extensions.pocket.api" = ""; 334 347 "extensions.pocket.oAuthConsumerKey" = ""; 335 348 "extensions.pocket.showHome" = false;

+11 -3

modules/home-manager/apps/polybar/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 3 10 with lib; 4 11 5 12 let 6 13 cfg = config.services.polybar; 7 - in { 14 + in 15 + { 8 16 config = { 9 17 home.packages = with pkgs; [ 10 18 # polybar ··· 13 21 #material-symbols 14 22 #font-awesome 15 23 ]; 16 - 24 + 17 25 services.polybar = { 18 26 enable = true; 19 27 package = pkgs.polybar.override {

+1 -1

modules/home-manager/apps/qutebrowser/default.nix

··· 1 - {lib, ...}: 1 + { lib, ... }: 2 2 { 3 3 programs.qutebrowser = { 4 4 enable = true;

+8 -2

modules/home-manager/apps/rofi/default.nix

··· 1 - { config, inputs, pkgs, self, ... }: 1 + { 2 + config, 3 + inputs, 4 + pkgs, 5 + self, 6 + ... 7 + }: 2 8 { 3 9 programs.rofi = { 4 10 enable = true; 5 11 #theme = "ukiyo"; 6 12 # TODO 7 - font="FiraCode Nerd Font 14"; 13 + font = "FiraCode Nerd Font 14"; 8 14 #font = "FantasqueSansMono Nerd Font 14"; 9 15 plugins = [ 10 16 pkgs.rofi-emoji

+19 -13

modules/home-manager/apps/spotify/default.nix

··· 1 - { config, inputs, pkgs, lib, ... }: 1 + { 2 + config, 3 + inputs, 4 + pkgs, 5 + lib, 6 + ... 7 + }: 2 8 3 9 let 4 10 spicePkgs = inputs.spicetify-nix.packages.${pkgs.system}.default; ··· 16 22 colorScheme = "custom"; 17 23 # TODO 18 24 customColorScheme = { 19 - accent = "5665FB"; 20 - accent-active = "6D7CFF"; 21 - accent-inactive = "0E0C36"; 22 - banner = "6D7CFF"; 23 - border-active = "6D7CFF"; 24 - border-inactive = "404040"; 25 - header = "404040"; 26 - highlight = "0E0C36"; 27 - main = "06040C"; 28 - notification = "1AE981"; 25 + accent = "5665FB"; 26 + accent-active = "6D7CFF"; 27 + accent-inactive = "0E0C36"; 28 + banner = "6D7CFF"; 29 + border-active = "6D7CFF"; 30 + border-inactive = "404040"; 31 + header = "404040"; 32 + highlight = "0E0C36"; 33 + main = "06040C"; 34 + notification = "1AE981"; 29 35 notification-error = "FF5A74"; 30 - subtext = "b3b3b3"; 31 - text = "EEF2EE"; 36 + subtext = "b3b3b3"; 37 + text = "EEF2EE"; 32 38 }; 33 39 34 40 enabledExtensions = with spicePkgs.extensions; [

+124 -128

modules/home-manager/apps/wezterm/config.nix

··· 1 1 { transparency, ... }: 2 - /* lua */ 2 + # lua 3 3 '' 4 - local wezterm = require 'wezterm' 5 - local config = {} 4 + local wezterm = require 'wezterm' 5 + local config = {} 6 6 7 - -- In newer versions of wezterm, use the config_builder which will 8 - -- help provide clearer error messages 9 - if wezterm.config_builder then 10 - config = wezterm.config_builder() 11 - end 7 + -- In newer versions of wezterm, use the config_builder which will 8 + -- help provide clearer error messages 9 + if wezterm.config_builder then 10 + config = wezterm.config_builder() 11 + end 12 12 13 - -- font 14 - -- TODO 15 - config.font = wezterm.font_with_fallback { 16 - "PP Supply Mono", 17 - -- "TX-02", 18 - -- "BerkeleyMono Nerd Font Mono", 19 - -- "Berkeley Mono", 20 - "FiraCode Nerd Font Mono", 21 - "FiraMono Nerd Font", 22 - "JetBrains Mono" 23 - } 13 + -- font 14 + -- TODO 15 + config.font = wezterm.font_with_fallback { 16 + "PP Supply Mono", 17 + -- "TX-02", 18 + -- "BerkeleyMono Nerd Font Mono", 19 + -- "Berkeley Mono", 20 + "FiraCode Nerd Font Mono", 21 + "FiraMono Nerd Font", 22 + "JetBrains Mono" 23 + } 24 24 25 - -- temp fix. (NixOS/nixpkgs/issues/336069) 26 - -- config.front_end = "WebGpu" 25 + -- temp fix. (NixOS/nixpkgs/issues/336069) 26 + -- config.front_end = "WebGpu" 27 27 28 - -- wayland 29 - config.enable_wayland = true 28 + -- wayland 29 + config.enable_wayland = true 30 30 31 - -- font options 32 - config.harfbuzz_features = { 33 - 'calt=0', 34 - 'clig=0', 35 - 'liga=0' 36 - } 31 + -- font options 32 + config.harfbuzz_features = { 33 + 'calt=0', 34 + 'clig=0', 35 + 'liga=0' 36 + } 37 37 38 - -- font rendering 39 - config.freetype_render_target = "Light" 38 + -- font rendering 39 + config.freetype_render_target = "Light" 40 40 41 - -- window opacity 42 - config.window_background_opacity = ${ 43 - if transparency 44 - then "0.75" 45 - else "1" 46 - } 41 + -- window opacity 42 + config.window_background_opacity = ${if transparency then "0.75" else "1"} 47 43 48 - -- color 49 - config.colors = { 50 - foreground = '#EEF2EE', 51 - --background = 'rgba(50% 50% 50% 50%)', 52 - background = '#06040C', 44 + -- color 45 + config.colors = { 46 + foreground = '#EEF2EE', 47 + --background = 'rgba(50% 50% 50% 50%)', 48 + background = '#06040C', 53 49 54 - -- Override cursor: 55 - --cursor_bg = 'xy', 56 - --cursor_fg = 'xy', 57 - --cursor_border = 'xy', 50 + -- Override cursor: 51 + --cursor_bg = 'xy', 52 + --cursor_fg = 'xy', 53 + --cursor_border = 'xy', 58 54 59 - --selection_fg = '#FAFBFA', 60 - selection_bg = '#221754',--'#0e0c36', 55 + --selection_fg = '#FAFBFA', 56 + selection_bg = '#221754',--'#0e0c36', 61 57 62 - scrollbar_thumb = '#110b22', 58 + scrollbar_thumb = '#110b22', 63 59 64 - split = '#110b22', 60 + split = '#110b22', 65 61 66 - ansi = { 67 - '#000000', 68 - '#FC4A5C', 69 - '#1AE981', 70 - '#FCDF6D', 71 - '#5665FB', 72 - '#E068FB', 73 - '#46D0F8', 74 - '#EEF2EE', 75 - }, 62 + ansi = { 63 + '#000000', 64 + '#FC4A5C', 65 + '#1AE981', 66 + '#FCDF6D', 67 + '#5665FB', 68 + '#E068FB', 69 + '#46D0F8', 70 + '#EEF2EE', 71 + }, 76 72 77 - brights = { 78 - '#404040', 79 - '#FF5A74', 80 - '#40FE9F', 81 - '#FFECA1', 82 - '#6D7CFF', 83 - '#ED77FF', 84 - '#6BDAFD', 85 - '#EEF2EE', 73 + brights = { 74 + '#404040', 75 + '#FF5A74', 76 + '#40FE9F', 77 + '#FFECA1', 78 + '#6D7CFF', 79 + '#ED77FF', 80 + '#6BDAFD', 81 + '#EEF2EE', 82 + } 86 83 } 87 - } 88 84 89 - -------------- 90 - -- Keybinds -- 91 - -------------- 92 - local function keybind(mods, key, action) 93 - if type(action) == "table" then 94 - action = wezterm.action(action) 95 - end 85 + -------------- 86 + -- Keybinds -- 87 + -------------- 88 + local function keybind(mods, key, action) 89 + if type(action) == "table" then 90 + action = wezterm.action(action) 91 + end 96 92 97 - return { 98 - mods = mods, 99 - key = key, 100 - action = action, 101 - } 102 - end 93 + return { 94 + mods = mods, 95 + key = key, 96 + action = action, 97 + } 98 + end 103 99 104 - config.disable_default_key_bindings = true 105 - config.keys = { 106 - --------------- 107 - -- Clipboard -- 108 - --------------- 109 - keybind("CTRL|SHIFT", "c", { CopyTo = "Clipboard" }), 110 - keybind("CTRL|SHIFT", "v", { PasteFrom = "Clipboard" }), 100 + config.disable_default_key_bindings = true 101 + config.keys = { 102 + --------------- 103 + -- Clipboard -- 104 + --------------- 105 + keybind("CTRL|SHIFT", "c", { CopyTo = "Clipboard" }), 106 + keybind("CTRL|SHIFT", "v", { PasteFrom = "Clipboard" }), 111 107 112 - --------------- 113 - -- Font size -- 114 - --------------- 115 - keybind("CTRL|SHIFT", "UpArrow", "IncreaseFontSize"), 116 - keybind("CTRL|SHIFT", "DownArrow", "DecreaseFontSize"), 108 + --------------- 109 + -- Font size -- 110 + --------------- 111 + keybind("CTRL|SHIFT", "UpArrow", "IncreaseFontSize"), 112 + keybind("CTRL|SHIFT", "DownArrow", "DecreaseFontSize"), 117 113 118 - ------------ 119 - -- Scroll -- 120 - ------------ 121 - keybind("ALT", "u", { ScrollByPage = -1 }), 122 - keybind("ALT", "d", { ScrollByPage = 1 }), 114 + ------------ 115 + -- Scroll -- 116 + ------------ 117 + keybind("ALT", "u", { ScrollByPage = -1 }), 118 + keybind("ALT", "d", { ScrollByPage = 1 }), 123 119 124 - ------------ 125 - -- Reload -- 126 - ------------ 127 - keybind("CTRL|SHIFT", "r", "ReloadConfiguration"), 128 - } 120 + ------------ 121 + -- Reload -- 122 + ------------ 123 + keybind("CTRL|SHIFT", "r", "ReloadConfiguration"), 124 + } 129 125 130 - -- tab bar 131 - config.enable_tab_bar = false 126 + -- tab bar 127 + config.enable_tab_bar = false 132 128 133 - -- links 134 - config.hyperlink_rules = { 135 - -- make urls clickable 136 - -- This is default if no hyperlink_rules 137 - { 138 - regex = "\\b\\w+://(?:[\\w.-]+)\\.[a-z]{2,15}\\S*\\b", 139 - format = "$0" 140 - }, 129 + -- links 130 + config.hyperlink_rules = { 131 + -- make urls clickable 132 + -- This is default if no hyperlink_rules 133 + { 134 + regex = "\\b\\w+://(?:[\\w.-]+)\\.[a-z]{2,15}\\S*\\b", 135 + format = "$0" 136 + }, 141 137 142 - -- linkify email addresses 143 - { 144 - regex = "\\b\\w+@[\\w-]+(\\.[\\w-]+)+\\b", 145 - format = "mailto:$0" 146 - }, 138 + -- linkify email addresses 139 + { 140 + regex = "\\b\\w+@[\\w-]+(\\.[\\w-]+)+\\b", 141 + format = "mailto:$0" 142 + }, 147 143 148 - -- linkify file:// URIs 149 - { 150 - regex = "\\bfile://\\S*\\b", 151 - format = "$0" 144 + -- linkify file:// URIs 145 + { 146 + regex = "\\bfile://\\S*\\b", 147 + format = "$0" 148 + } 152 149 } 153 - } 154 150 155 - -- disable bell 156 - config.audible_bell = "Disabled"; 151 + -- disable bell 152 + config.audible_bell = "Disabled"; 157 153 158 - return config 154 + return config 159 155 ''

+6 -1

modules/home-manager/apps/wezterm/default.nix

··· 1 - { lib, pkgs, config, ... }: 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 2 7 3 8 let 4 9 cfg = config.programs.wezterm;

+6 -1

modules/home-manager/apps/wired/default.nix

··· 1 1 # lets all love lain 2 - { lib, pkgs, config, ... }: 2 + { 3 + lib, 4 + pkgs, 5 + config, 6 + ... 7 + }: 3 8 { 4 9 services.wired = { 5 10 enable = true;

+100 -79

modules/home-manager/apps/zen/default.nix

··· 1 - { inputs 2 - , config 3 - , pkgs 4 - , ... }: 1 + { 2 + inputs, 3 + config, 4 + pkgs, 5 + ... 6 + }: 5 7 { 6 8 imports = [ inputs.zen-browser.homeModules.twilight ]; 7 9 programs.zen-browser = { ··· 14 16 "bing".metaData.hidden = true; 15 17 "ebay".metaData.hidden = true; 16 18 "google" = { 17 - urls = [{ template = "https://www.google.com/search?q={searchTerms}"; }]; 19 + urls = [ { template = "https://www.google.com/search?q={searchTerms}"; } ]; 18 20 icon = "https://icons.duckduckgo.com/ip3/google.com.ico"; 19 - definedAliases = [ ":g" "@google" ]; 21 + definedAliases = [ 22 + ":g" 23 + "@google" 24 + ]; 20 25 }; 21 26 "Perplexity" = { 22 - urls = [{ template = "https://www.perplexity.ai/search?focus=internet&q={searchTerms}"; }]; 27 + urls = [ { template = "https://www.perplexity.ai/search?focus=internet&q={searchTerms}"; } ]; 23 28 icon = "https://icons.duckduckgo.com/ip3/perplexity.ai.ico"; 24 - definedAliases = [ ":p" "@pp" "@perplexity" ]; 29 + definedAliases = [ 30 + ":p" 31 + "@pp" 32 + "@perplexity" 33 + ]; 25 34 }; 26 35 "Kagi" = { 27 - urls = [{ template = "https://kagi.com/search?q={searchTerms}"; }]; 36 + urls = [ { template = "https://kagi.com/search?q={searchTerms}"; } ]; 28 37 icon = "https://kagi.com/favicon.ico"; 29 - definedAliases = [ ":k" "@kagi" ]; 38 + definedAliases = [ 39 + ":k" 40 + "@kagi" 41 + ]; 30 42 }; 31 43 "ddg" = { 32 - urls = [{ template = "https://duckduckgo.com/?t=h_&q={searchTerms}&ia=web"; }]; 44 + urls = [ { template = "https://duckduckgo.com/?t=h_&q={searchTerms}&ia=web"; } ]; 33 45 icon = "https://icons.duckduckgo.com/ip3/duckduckgo.com.ico"; 34 - definedAliases = [ ":d" "@ddg" "@duckduckgo" ]; 46 + definedAliases = [ 47 + ":d" 48 + "@ddg" 49 + "@duckduckgo" 50 + ]; 35 51 }; 36 52 "Brave Search" = { 37 - urls = [{ template = "https://search.brave.com/search?q={searchTerms}&source=web"; }]; 53 + urls = [ { template = "https://search.brave.com/search?q={searchTerms}&source=web"; } ]; 38 54 icon = "https://icons.duckduckgo.com/ip3/search.brave.com.ico"; 39 - definedAliases = [ ":b" "@brave" ]; 55 + definedAliases = [ 56 + ":b" 57 + "@brave" 58 + ]; 40 59 }; 41 60 "MyNixOS" = { 42 - urls = [{ template = "https://mynixos.com/search?q={searchTerms}"; }]; 61 + urls = [ { template = "https://mynixos.com/search?q={searchTerms}"; } ]; 43 62 icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 44 - definedAliases = [ ":mn" "@mynixos" ]; 63 + definedAliases = [ 64 + ":mn" 65 + "@mynixos" 66 + ]; 45 67 }; 46 68 "Nixplorer" = { 47 - urls = [{ template = "https://nixplorer.com/search?q={searchTerms}"; }]; 69 + urls = [ { template = "https://nixplorer.com/search?q={searchTerms}"; } ]; 48 70 icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 49 - definedAliases = [ ":np" "@nixplorer" ]; 71 + definedAliases = [ 72 + ":np" 73 + "@nixplorer" 74 + ]; 50 75 }; 51 76 "NixOS Wiki" = { 52 - urls = [{template = "https://wiki.nixos.org/w/index.php?search={searchTerms}";}]; 77 + urls = [ { template = "https://wiki.nixos.org/w/index.php?search={searchTerms}"; } ]; 53 78 icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 54 - definedAliases = ["@nw"]; 79 + definedAliases = [ "@nw" ]; 55 80 }; 56 81 }; 57 82 # userChrome == FF Interface 58 - userChrome = /* css */ '' 59 - .toolbarbutton-icon[src^="page-icon:https://github.com"]{ 60 - filter: invert(1) !important; 61 - } 62 - .tab-icon-image[src*="github.com"] { 63 - filter: invert(1) !important; 64 - } 83 + userChrome = # css 84 + '' 85 + .toolbarbutton-icon[src^="page-icon:https://github.com"]{ 86 + filter: invert(1) !important; 87 + } 88 + .tab-icon-image[src*="github.com"] { 89 + filter: invert(1) !important; 90 + } 65 91 66 - /** 67 - * Dynamic Horizontal Tabs Toolbar (with animations) 68 - * sidebar.verticalTabs: false (with native horizontal tabs) 69 - */ 70 - #main-window #TabsToolbar > .toolbar-items { 71 - overflow: hidden; 72 - transition: height 0.3s 0.3s !important; 73 - } 74 - /* Default state: Set initial height to enable animation */ 75 - #main-window #TabsToolbar > .toolbar-items { height: 3em !important; } 76 - #main-window[uidensity="touch"] #TabsToolbar > .toolbar-items { height: 3.35em !important; } 77 - #main-window[uidensity="compact"] #TabsToolbar > .toolbar-items { height: 2.7em !important; } 78 - /* Hidden state: Hide native tabs strip */ 79 - #main-window[titlepreface*=""] #TabsToolbar > .toolbar-items { height: 0 !important; } 80 - /* Hidden state: Fix z-index of active pinned tabs */ 81 - #main-window[titlepreface*=""] #tabbrowser-tabs { z-index: 0 !important; } 82 - /* Hidden state: Hide window buttons in tabs-toolbar */ 83 - #main-window[titlepreface*=""] #TabsToolbar .titlebar-spacer, 84 - #main-window[titlepreface*=""] #TabsToolbar .titlebar-buttonbox-container { 85 - display: none !important; 86 - } 87 - /* [Optional] Uncomment block below to show window buttons in nav-bar (maybe, I didn't test it on non-linux-i3wm env) */ 88 - /* #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-buttonbox-container, 89 - #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-buttonbox-container > .titlebar-buttonbox { 90 - display: flex !important; 91 - } */ 92 - /* [Optional] Uncomment one of the line below if you need space near window buttons */ 93 - /* #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-spacer[type="pre-tabs"] { display: flex !important; } */ 94 - /* #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-spacer[type="post-tabs"] { display: flex !important; } */ 95 - ''; 92 + /** 93 + * Dynamic Horizontal Tabs Toolbar (with animations) 94 + * sidebar.verticalTabs: false (with native horizontal tabs) 95 + */ 96 + #main-window #TabsToolbar > .toolbar-items { 97 + overflow: hidden; 98 + transition: height 0.3s 0.3s !important; 99 + } 100 + /* Default state: Set initial height to enable animation */ 101 + #main-window #TabsToolbar > .toolbar-items { height: 3em !important; } 102 + #main-window[uidensity="touch"] #TabsToolbar > .toolbar-items { height: 3.35em !important; } 103 + #main-window[uidensity="compact"] #TabsToolbar > .toolbar-items { height: 2.7em !important; } 104 + /* Hidden state: Hide native tabs strip */ 105 + #main-window[titlepreface*=""] #TabsToolbar > .toolbar-items { height: 0 !important; } 106 + /* Hidden state: Fix z-index of active pinned tabs */ 107 + #main-window[titlepreface*=""] #tabbrowser-tabs { z-index: 0 !important; } 108 + /* Hidden state: Hide window buttons in tabs-toolbar */ 109 + #main-window[titlepreface*=""] #TabsToolbar .titlebar-spacer, 110 + #main-window[titlepreface*=""] #TabsToolbar .titlebar-buttonbox-container { 111 + display: none !important; 112 + } 113 + /* [Optional] Uncomment block below to show window buttons in nav-bar (maybe, I didn't test it on non-linux-i3wm env) */ 114 + /* #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-buttonbox-container, 115 + #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-buttonbox-container > .titlebar-buttonbox { 116 + display: flex !important; 117 + } */ 118 + /* [Optional] Uncomment one of the line below if you need space near window buttons */ 119 + /* #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-spacer[type="pre-tabs"] { display: flex !important; } */ 120 + /* #main-window[titlepreface*="XXX"] #nav-bar > .titlebar-spacer[type="post-tabs"] { display: flex !important; } */ 121 + ''; 96 122 # userContent == web-pages and internal pages like about:newtab & about:home 97 - userContent = /* css */ '' 98 - @media (-moz-bool-pref: "zen.view.compact") { 99 - #tabbrowser-tabpanels:not([zen-split-view]) { 100 - --zen-webview-border-radius: 0 0 0 0; 101 - --zen-element-separation: 0; 102 - } 103 - & .browserSidebarContainer { 104 - margin-left: 0 !important; 123 + userContent = # css 124 + '' 125 + @media (-moz-bool-pref: "zen.view.compact") { 126 + #tabbrowser-tabpanels:not([zen-split-view]) { 127 + --zen-webview-border-radius: 0 0 0 0; 128 + --zen-element-separation: 0; 129 + } 130 + & .browserSidebarContainer { 131 + margin-left: 0 !important; 132 + } 105 133 } 106 - } 107 - ''; 134 + ''; 108 135 settings = { 109 136 # USER CONF 110 137 "browser.download.panel.shown" = true; ··· 117 144 # "general.smoothScroll.mouseWheel.durationMaxMS" = 250; 118 145 # "general.smoothScroll.stopDecelerationWeighting" = 0.82; 119 146 # "mousewheel.min_line_scroll_amount" = 25; 120 - 147 + 121 148 # Main Config is based on BetterFox @ 122 149 # https://github.com/yokoffing/Betterfox 123 150 ################# FAST FOX ################# ··· 161 188 # Tracking Protection 162 189 "browser.contentblocking.category" = "strict"; 163 190 "privacy.trackingprotection.emailtracking.enabled" = true; 164 - "urlclassifier.trackingSkipURLs" = 165 - "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; 166 - "urlclassifier.features.socialtracking.skipURLs" = 167 - "*.instagram.com, *.twitter.com, *.twimg.com"; 191 + "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; 192 + "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com"; 168 193 "privacy.query_stripping.strip_list" = 169 194 "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"; 170 195 "browser.uitour.enabled" = false; ··· 301 326 "extensions.getAddons.showPane" = false; 302 327 "extensions.htmlaboutaddons.recommendations.enabled" = false; 303 328 "browser.shell.checkDefaultBrowser" = false; 304 - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = 305 - false; 306 - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = 307 - false; 329 + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; 330 + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; 308 331 "browser.preferences.moreFromMozilla" = false; 309 332 "browser.tabs.tabmanager.enabled" = false; 310 333 "browser.aboutwelcome.enabled" = false; ··· 363 386 "general.smoothScroll.stopDecelerationWeighting" = "1"; 364 387 "mousewheel.default.delta_multiplier_y" = 300; 365 388 366 - 367 389 ################# OVERRIDES ################# 368 390 "browser.startup.homepage" = ""; 369 391 # Enable HTTPS-Only Mode ··· 384 406 "experiments.supported" = false; 385 407 "network.allow-experiments" = false; 386 408 # Disable Pocket Integration 387 - "browser.newtabpage.activity-stream.section.highlights.includePocket" = 388 - false; 409 + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; 389 410 "extensions.pocket.api" = ""; 390 411 "extensions.pocket.oAuthConsumerKey" = ""; 391 412 "extensions.pocket.showHome" = false;

+8 -1

modules/home-manager/nix-colors/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 config.nix-colors.colorScheme = { 4 11 slug = "tsukiyo";

+62 -59

modules/home-manager/services/easyeffects/default.nix

··· 3 3 config, 4 4 pkgs, 5 5 ... 6 - }: { 6 + }: 7 + { 7 8 services.easyeffects = { 8 9 enable = true; 9 10 preset = "mic-filter"; ··· 57 58 stereo-base = 0.0; 58 59 stereo-phase = 0.0; 59 60 }; 60 - "equalizer#0" = let 61 - eq-cfg = { 62 - band0 = { 63 - frequency = 30.0; 64 - gain = 0.0; 65 - mode = "RLC (BT)"; 66 - mute = false; 67 - q = 0.7162904212787583; 68 - slope = "x1"; 69 - solo = false; 70 - type = "Hi-shelf"; 71 - width = 4.0; 61 + "equalizer#0" = 62 + let 63 + eq-cfg = { 64 + band0 = { 65 + frequency = 30.0; 66 + gain = 0.0; 67 + mode = "RLC (BT)"; 68 + mute = false; 69 + q = 0.7162904212787583; 70 + slope = "x1"; 71 + solo = false; 72 + type = "Hi-shelf"; 73 + width = 4.0; 74 + }; 75 + band1 = { 76 + frequency = 166.0; 77 + gain = 4.0; 78 + mode = "RLC (BT)"; 79 + mute = false; 80 + q = 0.72; 81 + slope = "x1"; 82 + solo = false; 83 + type = "Bell"; 84 + width = 4.0; 85 + }; 86 + band2 = { 87 + frequency = 850.0; 88 + gain = -2.0; 89 + mode = "RLC (BT)"; 90 + mute = false; 91 + q = 0.72; 92 + slope = "x1"; 93 + solo = false; 94 + type = "Bell"; 95 + width = 4.0; 96 + }; 97 + band3 = { 98 + frequency = 5000.0; 99 + gain = 3.5; 100 + mode = "RLC (BT)"; 101 + mute = false; 102 + q = 0.72; 103 + slope = "x1"; 104 + solo = false; 105 + type = "Bell"; 106 + width = 4.0; 107 + }; 72 108 }; 73 - band1 = { 74 - frequency = 166.0; 75 - gain = 4.0; 76 - mode = "RLC (BT)"; 77 - mute = false; 78 - q = 0.72; 79 - slope = "x1"; 80 - solo = false; 81 - type = "Bell"; 82 - width = 4.0; 83 - }; 84 - band2 = { 85 - frequency = 850.0; 86 - gain = -2.0; 87 - mode = "RLC (BT)"; 88 - mute = false; 89 - q = 0.72; 90 - slope = "x1"; 91 - solo = false; 92 - type = "Bell"; 93 - width = 4.0; 94 - }; 95 - band3 = { 96 - frequency = 5000.0; 97 - gain = 3.5; 98 - mode = "RLC (BT)"; 99 - mute = false; 100 - q = 0.72; 101 - slope = "x1"; 102 - solo = false; 103 - type = "Bell"; 104 - width = 4.0; 105 - }; 109 + in 110 + { 111 + balance = 0.0; 112 + bypass = false; 113 + input-gain = 0.0; 114 + left = eq-cfg; 115 + right = eq-cfg; 116 + mode = "IIR"; 117 + num-bands = 4; 118 + output-gain = 9.0; 119 + pitch-left = 0.0; 120 + pitch-right = 0.0; 121 + split-channels = false; 106 122 }; 107 - in { 108 - balance = 0.0; 109 - bypass = false; 110 - input-gain = 0.0; 111 - left = eq-cfg; 112 - right = eq-cfg; 113 - mode = "IIR"; 114 - num-bands = 4; 115 - output-gain = 9.0; 116 - pitch-left = 0.0; 117 - pitch-right = 0.0; 118 - split-channels = false; 119 - }; 120 123 }; 121 124 }; 122 125 };

+21 -12

modules/home-manager/services/gpg-agent/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 services.gpg-agent = { 4 11 enable = true; ··· 7 14 pinentry.package = pkgs.pinentry-gnome3; # pinentry-mac for aarch64-darwin 8 15 enableSshSupport = true; 9 16 }; 10 - 11 - programs.zsh.initContent = let 12 - gpgconf = lib.getExe' pkgs.gnupg "gpgconf"; 13 - gpg-connect-agent = lib.getExe' pkgs.gnupg "gpg-connect-agent"; 14 - tty = lib.getExe' pkgs.toybox "tty"; 15 - in '' 16 - unset SSH_AGENT_PID 17 - export SSH_AUTH_SOCK=$(${gpgconf} --list-dirs agent-ssh-socket) 18 - ${gpg-connect-agent} updatestartuptty /bye >/dev/null 19 - export GPG_TTY=$(${tty}) 20 - ''; 17 + 18 + programs.zsh.initContent = 19 + let 20 + gpgconf = lib.getExe' pkgs.gnupg "gpgconf"; 21 + gpg-connect-agent = lib.getExe' pkgs.gnupg "gpg-connect-agent"; 22 + tty = lib.getExe' pkgs.toybox "tty"; 23 + in 24 + '' 25 + unset SSH_AGENT_PID 26 + export SSH_AUTH_SOCK=$(${gpgconf} --list-dirs agent-ssh-socket) 27 + ${gpg-connect-agent} updatestartuptty /bye >/dev/null 28 + export GPG_TTY=$(${tty}) 29 + ''; 21 30 }

+15 -7

modules/home-manager/shell/bash/default.nix

··· 1 - { lib, pkgs, config, ... }: 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 2 7 3 8 { 4 9 home.packages = with pkgs; [ ··· 25 30 enable = true; 26 31 }; 27 32 }; 28 - 33 + 29 34 # blesh (https://github.com/nix-community/home-manager/pull/3238) 30 35 # programs.blesh = { 31 36 # enable = true; ··· 72 77 eval "$(${pkgs.atuin}/bin/atuin init bash)" 73 78 bindkey '^r' _atuin_search_widget 74 79 # eval "$(${pkgs.zoxide}/bin/zoxide init --cmd y bash)" 75 - 80 + 76 81 # eva reference :^) 77 82 youcannotrebuild () { 78 83 ${ 79 84 let 80 85 inherit (lib.strings) 81 - hasInfix; 86 + hasInfix 87 + ; 82 88 inherit (pkgs.hostPlatform) 83 - isx86_64 isAarch64 84 - isLinux isDarwin; 89 + isx86_64 90 + isAarch64 91 + isLinux 92 + isDarwin 93 + ; 85 94 in 86 95 if isx86_64 && isLinux then 87 96 "sudo --validate && sudo nixos-rebuild" ··· 133 142 134 143 complete -F _fish_completion -o default -o bashdefault $(compgen -c) 135 144 ''; 136 - 137 145 138 146 # plugins = [ 139 147 # {

+2 -1

modules/home-manager/shell/fastfetch/default.nix

··· 3 3 pkgs, 4 4 config, 5 5 ... 6 - }: { 6 + }: 7 + { 7 8 # home.packages = with pkgs; [ 8 9 # atuin 9 10 # zoxide

+26 -12

modules/home-manager/shell/fish/default.nix

··· 5 5 pkgs, 6 6 config, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 home = { 10 11 packages = with pkgs; [ 11 12 atuin ··· 19 20 generateCompletions = true; 20 21 21 22 plugins = [ 22 - { name = "pure"; src = pkgs.fishPlugins.pure.src; } 23 - { name = "bass"; src = pkgs.fishPlugins.bass.src; } 24 - { name = "puffer"; src = pkgs.fishPlugins.puffer.src; } 25 - { name = "autopair"; src = pkgs.fishPlugins.autopair.src; } 23 + { 24 + name = "pure"; 25 + src = pkgs.fishPlugins.pure.src; 26 + } 27 + { 28 + name = "bass"; 29 + src = pkgs.fishPlugins.bass.src; 30 + } 31 + { 32 + name = "puffer"; 33 + src = pkgs.fishPlugins.puffer.src; 34 + } 35 + { 36 + name = "autopair"; 37 + src = pkgs.fishPlugins.autopair.src; 38 + } 26 39 ]; 27 40 28 41 functions = { ··· 32 45 echo "nix run nixpkgs#$argv[1] -- $argv[2..]" 33 46 ''; 34 47 }; 35 - 48 + 36 49 shellAliases = { 37 50 ":E" = "${config.programs.neovim.finalPackage}/bin/nvim +E"; 38 51 ":q" = "exit"; ··· 63 76 today-1 = "date -d yesterday '+%Y-%m-%d' | tr -d '\n'"; 64 77 }; 65 78 66 - interactiveShellInit = /* fish */ '' 67 - atuin init fish | source 68 - zoxide init --cmd z fish | source 69 - COMPLETE=fish jj | source 70 - ${if config.programs.eww.enable then "eww shell-completions --shell fish | source" else ""} 71 - ''; 79 + interactiveShellInit = # fish 80 + '' 81 + atuin init fish | source 82 + zoxide init --cmd z fish | source 83 + COMPLETE=fish jj | source 84 + ${if config.programs.eww.enable then "eww shell-completions --shell fish | source" else ""} 85 + ''; 72 86 }; 73 87 }

+2 -1

modules/home-manager/shell/git/default.nix

··· 3 3 inputs, 4 4 pkgs, 5 5 ... 6 - }: { 6 + }: 7 + { 7 8 programs.git = { 8 9 enable = true; 9 10 userName = "74k1";

+6 -2

modules/home-manager/shell/jujutsu/default.nix

··· 4 4 inputs, 5 5 pkgs, 6 6 ... 7 - }: { 7 + }: 8 + { 8 9 programs.jujutsu = { 9 10 enable = true; 10 11 settings = { ··· 39 40 ]; 40 41 }; 41 42 aliases = { 42 - l = [ "log" "--no-pager" ]; 43 + l = [ 44 + "log" 45 + "--no-pager" 46 + ]; 43 47 }; 44 48 templates = { 45 49 # log_node = ''

+11 -21

modules/home-manager/shell/neovim/default.nix

··· 1 - {pkgs, ...}: let 1 + { pkgs, ... }: 2 + let 2 3 yueye-nvim = pkgs.vimUtils.buildVimPlugin { 3 4 name = "yueye-nvim"; 4 5 src = pkgs.fetchFromGitHub { ··· 26 27 # hash = "sha256-V5dwIJdxBulFVKk1iSlf4H5NRz1UH7uYQeMvwtgkpIs="; 27 28 # }; 28 29 # }; 29 - in { 30 - imports = []; 30 + in 31 + { 32 + imports = [ ]; 31 33 32 34 programs.neovim = { 33 35 enable = true; ··· 54 56 # pkgs.nodejs # for copilot-lua 55 57 ]; 56 58 extraConfig = 57 - /* 58 - vim 59 - */ 59 + # vim 60 60 '' 61 61 set shiftwidth=2 softtabstop=2 expandtab 62 62 set number relativenumber ··· 121 121 plugin = mini-ai; 122 122 type = "lua"; 123 123 config = 124 - /* 125 - lua 126 - */ 124 + # lua 127 125 '' 128 126 require("mini.ai").setup() 129 127 ''; ··· 132 130 plugin = mini-map; 133 131 type = "lua"; 134 132 config = 135 - /* 136 - lua 137 - */ 133 + # lua 138 134 '' 139 135 require("mini.map").setup() 140 136 ''; ··· 143 139 plugin = mini-indentscope; 144 140 type = "lua"; 145 141 config = 146 - /* 147 - lua 148 - */ 142 + # lua 149 143 '' 150 144 require("mini.indentscope").setup({ 151 145 draw = { ··· 163 157 plugin = mini-fuzzy; 164 158 type = "lua"; 165 159 config = 166 - /* 167 - lua 168 - */ 160 + # lua 169 161 '' 170 162 require("mini.fuzzy").setup() 171 163 ''; ··· 174 166 plugin = mini-diff; 175 167 type = "lua"; 176 168 config = 177 - /* 178 - lua 179 - */ 169 + # lua 180 170 '' 181 171 require("mini.diff").setup() 182 172 '';

+7 -2

modules/home-manager/shell/starship/default.nix

··· 1 - { lib, pkgs, config, ... }: 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 2 7 3 8 { 4 - imports = []; 9 + imports = [ ]; 5 10 6 11 programs.starship = { 7 12 enable = false;

+16 -3

modules/home-manager/shell/yazi/default.nix

··· 1 - { inputs, outputs, lib, pkgs, config, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + pkgs, 6 + config, 7 + ... 8 + }: 2 9 3 10 { 4 11 home = { ··· 37 44 # https://yazi-rs.github.io/docs/configuration/keymap 38 45 keymap = { 39 46 input.prepend_keymap = [ 40 - { run = "close"; on = [ "<c-q>" ]; } 41 - { run = "close --submit"; on = [ "<enter>" ]; } 47 + { 48 + run = "close"; 49 + on = [ "<c-q>" ]; 50 + } 51 + { 52 + run = "close --submit"; 53 + on = [ "<enter>" ]; 54 + } 42 55 # { run = "escape"; on = [ "<esc>" ]; } 43 56 # { run = "backspace"; on = [ "<backspace>" ]; } 44 57 ];

+24 -15

modules/home-manager/shell/zsh/default.nix

··· 1 - { inputs, outputs, lib, pkgs, config, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + pkgs, 6 + config, 7 + ... 8 + }: 2 9 3 10 { 4 11 home = { ··· 60 67 }; 61 68 62 69 # ${builtins.readFile ./cfg/functions.zsh} 63 - initContent = lib.mkBefore /* sh */ '' 64 - # source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme 65 - # export XDG_RUNTIME_DIR=/run/user/$(id -u) 70 + initContent = 71 + lib.mkBefore # sh 72 + '' 73 + # source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme 74 + # export XDG_RUNTIME_DIR=/run/user/$(id -u) 66 75 67 - # Atuin 68 - # export ATUIN_NOBIND="true" 69 - # eval "$(${pkgs.atuin}/bin/atuin init zsh)" 70 - # bindkey '^r' _atuin_search_widget 76 + # Atuin 77 + # export ATUIN_NOBIND="true" 78 + # eval "$(${pkgs.atuin}/bin/atuin init zsh)" 79 + # bindkey '^r' _atuin_search_widget 71 80 72 - # Zoxide 73 - # eval "$(${pkgs.zoxide}/bin/zoxide init --cmd z zsh)" 81 + # Zoxide 82 + # eval "$(${pkgs.zoxide}/bin/zoxide init --cmd z zsh)" 74 83 75 - if [[ $(ps -o command= -p "$PPID" | awk '{print $1}') != 'fish' ]] 76 - then 77 - exec ${pkgs.fish}/bin/fish -l 78 - fi 79 - ''; 84 + if [[ $(ps -o command= -p "$PPID" | awk '{print $1}') != 'fish' ]] 85 + then 86 + exec ${pkgs.fish}/bin/fish -l 87 + fi 88 + ''; 80 89 }; 81 90 82 91 programs.direnv = {

+4 -2

modules/home-manager/stylix/default.nix

··· 4 4 lib, 5 5 pkgs, 6 6 ... 7 - }: let 7 + }: 8 + let 8 9 cfg = config.theme.ukiyo; 9 10 icon = { 10 11 # name = "bloom-dark"; ··· 20 21 ''; 21 22 }); 22 23 }; 23 - in { 24 + in 25 + { 24 26 options = { 25 27 theme.ukiyo = { 26 28 package = lib.mkOption {

+2 -1

modules/home-manager/wayland/copyq/default.nix

··· 1 - {pkgs, ...}: { 1 + { pkgs, ... }: 2 + { 2 3 services.copyq = { 3 4 enable = true; 4 5 forceXWayland = false;

+2 -1

modules/home-manager/wayland/fuzzel/default.nix

··· 5 5 lib, 6 6 pkgs, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 home.packages = [ 10 11 pkgs.libqalculate 11 12 ];

+8 -1

modules/home-manager/wayland/hyprlock/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ...}: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 programs.hyprlock = { 4 11 enable = true;

+2 -1

modules/home-manager/wayland/kanshi/default.nix

··· 5 5 lib, 6 6 pkgs, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 services.kanshi = { 10 11 enable = true; 11 12 # no process seems to start with niri-session.target.

+431 -383

modules/home-manager/wayland/niri/default.nix

··· 5 5 inputs, 6 6 outputs, 7 7 ... 8 - }: let 8 + }: 9 + let 9 10 wallpaper_image = pkgs.fetchurl { 10 11 url = "https://upload.wikimedia.org/wikipedia/commons/0/07/Johan_Christian_Dahl_-_View_of_Dresden_by_Moonlight_-_Google_Art_Project.jpg"; 11 12 name = "wallpaper.jpg"; 12 13 hash = "sha256-MjBzldNqNQa1aPoxUPyimovl+YSA4m74Dx7MIsswxtU="; 13 14 }; 14 - in { 15 + in 16 + { 15 17 imports = [ 16 18 inputs.niri.homeModules.niri 17 19 ]; ··· 45 47 }; 46 48 }; 47 49 48 - programs.niri = let 49 - makeCommand = command: { 50 - command = [command]; 51 - }; 52 - in { 53 - enable = true; 54 - package = pkgs.niri; 55 - # config = /* kdl */ { 56 - # }; 57 - settings = { 58 - environment = { 59 - # CLUTTER_BACKEND = "wayland"; 60 - DISPLAY = ":0"; 61 - GDK_BACKEND = "wayland"; 62 - GTK_USE_PORTAL = "1"; 63 - MOZ_ENABLE_WAYLAND = "1"; 64 - NIXOS_OZONE_WL = "1"; 65 - # QT_QPA_PLATFORM = "wayland;xcb"; 66 - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; 67 - # SDL_VIDEODRIVER = "wayland"; 50 + programs.niri = 51 + let 52 + makeCommand = command: { 53 + command = [ command ]; 68 54 }; 69 - spawn-at-startup = [ 70 - (makeCommand "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1") 71 - (makeCommand "${lib.getExe pkgs.swww} img ${wallpaper_image}") 72 - # (makeCommand "${lib.getExe pkgs.swaynotificationcenter}") 73 - (makeCommand "${pkgs.xwayland-satellite}/bin/xwayland-satellite") 74 - ]; 75 - clipboard.disable-primary = true; 76 - hotkey-overlay.skip-at-startup = false; 77 - screenshot-path = "~/%Y%m%d%H%M%S_Screenshot.png"; 78 - binds = with config.lib.niri.actions; { 79 - # Multimedia 80 - "XF86AudioPlay".action = spawn "${pkgs.playerctl}/bin/playerctl" "play-pause"; 81 - "XF86AudioPause".action = spawn "${pkgs.playerctl}/bin/playerctl" "play-pause"; 82 - "XF86AudioNext".action = spawn "${pkgs.tix.duvolbr}/bin/duvolbr" "next_track"; 83 - "XF86AudioPrev".action = spawn "${pkgs.tix.duvolbr}/bin/duvolbr" "prev_track"; 55 + in 56 + { 57 + enable = true; 58 + package = pkgs.niri; 59 + # config = /* kdl */ { 60 + # }; 61 + settings = { 62 + environment = { 63 + # CLUTTER_BACKEND = "wayland"; 64 + DISPLAY = ":0"; 65 + GDK_BACKEND = "wayland"; 66 + GTK_USE_PORTAL = "1"; 67 + MOZ_ENABLE_WAYLAND = "1"; 68 + NIXOS_OZONE_WL = "1"; 69 + # QT_QPA_PLATFORM = "wayland;xcb"; 70 + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; 71 + # SDL_VIDEODRIVER = "wayland"; 72 + }; 73 + spawn-at-startup = [ 74 + (makeCommand "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1") 75 + (makeCommand "${lib.getExe pkgs.swww} img ${wallpaper_image}") 76 + # (makeCommand "${lib.getExe pkgs.swaynotificationcenter}") 77 + (makeCommand "${pkgs.xwayland-satellite}/bin/xwayland-satellite") 78 + ]; 79 + clipboard.disable-primary = true; 80 + hotkey-overlay.skip-at-startup = false; 81 + screenshot-path = "~/%Y%m%d%H%M%S_Screenshot.png"; 82 + binds = with config.lib.niri.actions; { 83 + # Multimedia 84 + "XF86AudioPlay".action = spawn "${pkgs.playerctl}/bin/playerctl" "play-pause"; 85 + "XF86AudioPause".action = spawn "${pkgs.playerctl}/bin/playerctl" "play-pause"; 86 + "XF86AudioNext".action = spawn "${pkgs.tix.duvolbr}/bin/duvolbr" "next_track"; 87 + "XF86AudioPrev".action = spawn "${pkgs.tix.duvolbr}/bin/duvolbr" "prev_track"; 84 88 85 - "XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; 89 + "XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; 86 90 87 - "XF86AudioRaiseVolume".action = spawn "wpctl" "set-volume" "-l" "1" "@DEFAULT_AUDIO_SINK@" "5%+"; 88 - "XF86AudioLowerVolume".action = spawn "wpctl" "set-volume" "-l" "1" "@DEFAULT_AUDIO_SINK@" "5%-"; 91 + "XF86AudioRaiseVolume".action = spawn "wpctl" "set-volume" "-l" "1" "@DEFAULT_AUDIO_SINK@" "5%+"; 92 + "XF86AudioLowerVolume".action = spawn "wpctl" "set-volume" "-l" "1" "@DEFAULT_AUDIO_SINK@" "5%-"; 89 93 90 - "XF86MonBrightnessUp".action = spawn "${pkgs.brillo}/bin/brillo" "-q" "-u" "300000" "-A" "5"; 91 - "XF86MonBrightnessDown".action = spawn "${pkgs.brillo}/bin/brillo" "-q" "-u" "300000" "-U" "5"; 94 + "XF86MonBrightnessUp".action = spawn "${pkgs.brillo}/bin/brillo" "-q" "-u" "300000" "-A" "5"; 95 + "XF86MonBrightnessDown".action = spawn "${pkgs.brillo}/bin/brillo" "-q" "-u" "300000" "-U" "5"; 92 96 93 - # Bindings 94 - "Mod+Return" = { repeat = false; action = spawn "${pkgs.ghostty}/bin/ghostty"; }; 97 + # Bindings 98 + "Mod+Return" = { 99 + repeat = false; 100 + action = spawn "${pkgs.ghostty}/bin/ghostty"; 101 + }; 95 102 96 - "Mod+R" = { repeat = false; action = spawn "${lib.getExe pkgs.fuzzel}"; }; 97 - # "Mod+Space" = { repeat = false; action = spawn "${lib.getExe pkgs.fuzzel}"; }; 103 + "Mod+R" = { 104 + repeat = false; 105 + action = spawn "${lib.getExe pkgs.fuzzel}"; 106 + }; 107 + # "Mod+Space" = { repeat = false; action = spawn "${lib.getExe pkgs.fuzzel}"; }; 98 108 99 - # "Mod+R" = { repeat = false; action = spawn "${lib.getExe pkgs.fuzzel}"; }; 100 - "Mod+Space" = { repeat = false; action = spawn "${lib.getExe inputs.sherlock.packages.${pkgs.system}.default}"; }; 109 + # "Mod+R" = { repeat = false; action = spawn "${lib.getExe pkgs.fuzzel}"; }; 110 + "Mod+Space" = { 111 + repeat = false; 112 + action = spawn "${lib.getExe inputs.sherlock.packages.${pkgs.system}.default}"; 113 + }; 101 114 102 - # "Mod+V" = { repeat = false; action = spawn "sh" "-c" "${pkgs.cliphist}/bin/cliphist list | ${pkgs.wofi}/bin/wofi -dmenu | ${pkgs.cliphist}/bin/cliphist decode | ${pkgs.wl-clipboard-rs}/bin/wl-copy"; }; 115 + # "Mod+V" = { repeat = false; action = spawn "sh" "-c" "${pkgs.cliphist}/bin/cliphist list | ${pkgs.wofi}/bin/wofi -dmenu | ${pkgs.cliphist}/bin/cliphist decode | ${pkgs.wl-clipboard-rs}/bin/wl-copy"; }; 103 116 104 - "Print" = { repeat = false; action = screenshot; }; 105 - "Mod+Shift+S" = { repeat = false; action = screenshot; }; 117 + "Print" = { 118 + repeat = false; 119 + action = screenshot; 120 + }; 121 + "Mod+Shift+S" = { 122 + repeat = false; 123 + action = screenshot; 124 + }; 106 125 107 - "Mod+E" = { repeat = false; action = spawn "${pkgs.nautilus}/bin/nautilus"; }; 108 - "Mod+N" = { repeat = false; action = spawn "${pkgs.nautilus}/bin/nautilus"; }; 126 + "Mod+E" = { 127 + repeat = false; 128 + action = spawn "${pkgs.nautilus}/bin/nautilus"; 129 + }; 130 + "Mod+N" = { 131 + repeat = false; 132 + action = spawn "${pkgs.nautilus}/bin/nautilus"; 133 + }; 109 134 110 - "Ctrl+Alt+L" = { repeat = false; action = spawn "sh" "-c" "pgrep hyprlock || ${pkgs.hyprlock}/bin/hyprlock"; }; 111 - "Mod+Ctrl+Q" = { repeat = false; action = spawn "sh" "-c" "pgrep hyprlock || ${pkgs.hyprlock}/bin/hyprlock"; }; 135 + "Ctrl+Alt+L" = { 136 + repeat = false; 137 + action = spawn "sh" "-c" "pgrep hyprlock || ${pkgs.hyprlock}/bin/hyprlock"; 138 + }; 139 + "Mod+Ctrl+Q" = { 140 + repeat = false; 141 + action = spawn "sh" "-c" "pgrep hyprlock || ${pkgs.hyprlock}/bin/hyprlock"; 142 + }; 112 143 113 - "Mod+C" = { repeat = false; action = close-window; }; 114 - "Mod+S".action = switch-preset-column-width; 115 - "Mod+F".action = maximize-column; 116 - "Mod+Shift+F".action = fullscreen-window; 117 - "Mod+W".action = toggle-column-tabbed-display; 144 + "Mod+C" = { 145 + repeat = false; 146 + action = close-window; 147 + }; 148 + "Mod+S".action = switch-preset-column-width; 149 + "Mod+F".action = maximize-column; 150 + "Mod+Shift+F".action = fullscreen-window; 151 + "Mod+W".action = toggle-column-tabbed-display; 118 152 119 - # "Mod+Minus".action = set-column-width "-10%"; 120 - # "Mod+Equal".action = set-column-width "+10%"; 153 + # "Mod+Minus".action = set-column-width "-10%"; 154 + # "Mod+Equal".action = set-column-width "+10%"; 121 155 122 - # "Mod+Shift+Minus".action = set-column-height "-10%"; 123 - # "Mod+Shift+Equal".action = set-column-height "+10%"; 156 + # "Mod+Shift+Minus".action = set-column-height "-10%"; 157 + # "Mod+Shift+Equal".action = set-column-height "+10%"; 124 158 125 - "Mod+Comma".action = consume-window-into-column; 126 - "Mod+Period".action = expel-window-from-column; 127 - "Mod+Tab".action = switch-focus-between-floating-and-tiling; 128 - "Mod+Alt+Space".action = toggle-window-floating; 159 + "Mod+Comma".action = consume-window-into-column; 160 + "Mod+Period".action = expel-window-from-column; 161 + "Mod+Tab".action = switch-focus-between-floating-and-tiling; 162 + "Mod+Alt+Space".action = toggle-window-floating; 129 163 130 - # workspace 131 - "Mod+H".action = focus-column-or-monitor-left; 132 - "Mod+J".action = focus-window-or-workspace-down; 133 - "Mod+K".action = focus-window-or-workspace-up; 134 - "Mod+L".action = focus-column-or-monitor-right; 164 + # workspace 165 + "Mod+H".action = focus-column-or-monitor-left; 166 + "Mod+J".action = focus-window-or-workspace-down; 167 + "Mod+K".action = focus-window-or-workspace-up; 168 + "Mod+L".action = focus-column-or-monitor-right; 135 169 136 - "Mod+Left".action = focus-column-or-monitor-left; 137 - "Mod+Down".action = focus-window-or-workspace-down; 138 - "Mod+Up".action = focus-window-or-workspace-up; 139 - "Mod+Right".action = focus-column-or-monitor-right; 170 + "Mod+Left".action = focus-column-or-monitor-left; 171 + "Mod+Down".action = focus-window-or-workspace-down; 172 + "Mod+Up".action = focus-window-or-workspace-up; 173 + "Mod+Right".action = focus-column-or-monitor-right; 140 174 141 - "Mod+Shift+H".action = move-column-left; 142 - "Mod+Shift+J".action = move-column-to-workspace-down; 143 - "Mod+Shift+K".action = move-column-to-workspace-up; 144 - "Mod+Shift+L".action = move-column-right; 175 + "Mod+Shift+H".action = move-column-left; 176 + "Mod+Shift+J".action = move-column-to-workspace-down; 177 + "Mod+Shift+K".action = move-column-to-workspace-up; 178 + "Mod+Shift+L".action = move-column-right; 145 179 146 - "Mod+Shift+Left".action = move-column-left-or-to-monitor-left; 147 - "Mod+Shift+Down".action = move-column-to-workspace-down; 148 - "Mod+Shift+Up".action = move-column-to-workspace-up; 149 - "Mod+Shift+Right".action = move-column-right-or-to-monitor-right; 180 + "Mod+Shift+Left".action = move-column-left-or-to-monitor-left; 181 + "Mod+Shift+Down".action = move-column-to-workspace-down; 182 + "Mod+Shift+Up".action = move-column-to-workspace-up; 183 + "Mod+Shift+Right".action = move-column-right-or-to-monitor-right; 150 184 151 - "Mod+WheelScrollLeft".action = focus-column-left; 152 - "Mod+WheelScrollDown".action = focus-workspace-down; 153 - "Mod+WheelScrollUp".action = focus-workspace-up; 154 - "Mod+WheelScrollRight".action = focus-column-right; 155 - 156 - "Mod+1".action.focus-workspace = 1; 157 - "Mod+2".action.focus-workspace = 2; 158 - "Mod+3".action.focus-workspace = 3; 159 - "Mod+4".action.focus-workspace = 4; 160 - "Mod+5".action.focus-workspace = 5; 161 - "Mod+6".action.focus-workspace = 6; 162 - "Mod+7".action.focus-workspace = 7; 163 - "Mod+8".action.focus-workspace = 8; 164 - "Mod+9".action.focus-workspace = 9; 165 - "Mod+0".action.focus-workspace = 10; 166 - 167 - "Mod+Shift+1".action.move-window-to-workspace = "1"; 168 - "Mod+Shift+2".action.move-window-to-workspace = "2"; 169 - "Mod+Shift+3".action.move-window-to-workspace = "3"; 170 - "Mod+Shift+4".action.move-window-to-workspace = "4"; 171 - "Mod+Shift+5".action.move-window-to-workspace = "5"; 172 - "Mod+Shift+6".action.move-window-to-workspace = "6"; 173 - "Mod+Shift+7".action.move-window-to-workspace = "7"; 174 - "Mod+Shift+8".action.move-window-to-workspace = "8"; 175 - "Mod+Shift+9".action.move-window-to-workspace = "9"; 176 - "Mod+Shift+0".action.move-window-to-workspace = "10"; 177 - }; 178 - layout = { 179 - border = { 180 - enable = true; 181 - width = 1; 182 - active = { color = "#816BFF"; }; 183 - inactive = { color = "#1C1B28"; }; 184 - }; 185 - focus-ring = { 186 - enable = false; 187 - width = 1; 188 - active = { color = "#816BFF"; }; 189 - inactive = { color = "#1C1B28"; }; 190 - }; 191 - shadow = { 192 - enable = true; 193 - # color = "#00000070"; 194 - # draw-behind-window = false; 195 - # inactive-color = null; 196 - # # offset.x = 0.0; 197 - # # offset.y = 0.0; 198 - # softness = 30.0; 199 - # spread = 5.0; 200 - }; 201 - insert-hint = { 202 - enable = false; 203 - display = { color = "rgb(87 103 255 / 50%)"; }; 204 - }; 205 - preset-column-widths = [ 206 - {proportion = 0.25;} 207 - {proportion = 0.5;} 208 - {proportion = 0.75;} 209 - {proportion = 1.0;} 210 - ]; 211 - default-column-width.proportion = 0.5; 185 + "Mod+WheelScrollLeft".action = focus-column-left; 186 + "Mod+WheelScrollDown".action = focus-workspace-down; 187 + "Mod+WheelScrollUp".action = focus-workspace-up; 188 + "Mod+WheelScrollRight".action = focus-column-right; 212 189 213 - gaps = 8; 190 + "Mod+1".action.focus-workspace = 1; 191 + "Mod+2".action.focus-workspace = 2; 192 + "Mod+3".action.focus-workspace = 3; 193 + "Mod+4".action.focus-workspace = 4; 194 + "Mod+5".action.focus-workspace = 5; 195 + "Mod+6".action.focus-workspace = 6; 196 + "Mod+7".action.focus-workspace = 7; 197 + "Mod+8".action.focus-workspace = 8; 198 + "Mod+9".action.focus-workspace = 9; 199 + "Mod+0".action.focus-workspace = 10; 214 200 215 - struts = { 216 - left = 1; 217 - right = 1; 218 - top = 1; 219 - bottom = 1; 201 + "Mod+Shift+1".action.move-window-to-workspace = "1"; 202 + "Mod+Shift+2".action.move-window-to-workspace = "2"; 203 + "Mod+Shift+3".action.move-window-to-workspace = "3"; 204 + "Mod+Shift+4".action.move-window-to-workspace = "4"; 205 + "Mod+Shift+5".action.move-window-to-workspace = "5"; 206 + "Mod+Shift+6".action.move-window-to-workspace = "6"; 207 + "Mod+Shift+7".action.move-window-to-workspace = "7"; 208 + "Mod+Shift+8".action.move-window-to-workspace = "8"; 209 + "Mod+Shift+9".action.move-window-to-workspace = "9"; 210 + "Mod+Shift+0".action.move-window-to-workspace = "10"; 220 211 }; 221 - 222 - tab-indicator = { 223 - hide-when-single-tab = true; 224 - place-within-column = true; 225 - position = "left"; 226 - corner-radius = 0.0; 227 - gap = -9.0; 228 - gaps-between-tabs = 10.0; 229 - width = 4.0; 230 - length.total-proportion = 0.1; 231 - }; 232 - }; 233 - layer-rules = [ 234 - { 235 - # namespaced swww-daemon layer is named `swww-daemonbackdrop` 236 - matches = [ { namespace = "^swww-daemonbackdrop$"; } ]; 237 - place-within-backdrop = true; 238 - } 239 - ]; 240 - prefer-no-csd = true; 241 - window-rules = let 242 - mkMatchRule = { 243 - appId, 244 - title ? "", 245 - openFloating ? false, 246 - }: let 247 - baseRule = { 248 - matches = [ 249 - { 250 - app-id = appId; 251 - inherit title; 252 - } 253 - ]; 212 + layout = { 213 + border = { 214 + enable = true; 215 + width = 1; 216 + active = { 217 + color = "#816BFF"; 218 + }; 219 + inactive = { 220 + color = "#1C1B28"; 221 + }; 222 + }; 223 + focus-ring = { 224 + enable = false; 225 + width = 1; 226 + active = { 227 + color = "#816BFF"; 228 + }; 229 + inactive = { 230 + color = "#1C1B28"; 231 + }; 232 + }; 233 + shadow = { 234 + enable = true; 235 + # color = "#00000070"; 236 + # draw-behind-window = false; 237 + # inactive-color = null; 238 + # # offset.x = 0.0; 239 + # # offset.y = 0.0; 240 + # softness = 30.0; 241 + # spread = 5.0; 242 + }; 243 + insert-hint = { 244 + enable = false; 245 + display = { 246 + color = "rgb(87 103 255 / 50%)"; 247 + }; 254 248 }; 255 - floatingRule = 256 - if openFloating 257 - then {open-floating = true;} 258 - else {}; 259 - in 260 - baseRule // floatingRule; 249 + preset-column-widths = [ 250 + { proportion = 0.25; } 251 + { proportion = 0.5; } 252 + { proportion = 0.75; } 253 + { proportion = 1.0; } 254 + ]; 255 + default-column-width.proportion = 0.5; 261 256 262 - openFloatingAppIds = [ 263 - "^(pavucontrol)" 264 - "^(Volume Control)" 265 - "^(dialog)" 266 - "^(file_progress)" 267 - "^(confirm)" 268 - "^(download)" 269 - "^(error)" 270 - "^(notification)" 271 - ]; 257 + gaps = 8; 272 258 273 - floatingRules = builtins.map (appId: 274 - mkMatchRule { 275 - appId = appId; 276 - openFloating = true; 277 - }) 278 - openFloatingAppIds; 259 + struts = { 260 + left = 1; 261 + right = 1; 262 + top = 1; 263 + bottom = 1; 264 + }; 279 265 280 - windowRules = [ 266 + tab-indicator = { 267 + hide-when-single-tab = true; 268 + place-within-column = true; 269 + position = "left"; 270 + corner-radius = 0.0; 271 + gap = -9.0; 272 + gaps-between-tabs = 10.0; 273 + width = 4.0; 274 + length.total-proportion = 0.1; 275 + }; 276 + }; 277 + layer-rules = [ 281 278 { 282 - geometry-corner-radius = let 283 - radius = 0.0; 284 - in { 285 - bottom-left = radius; 286 - bottom-right = radius; 287 - top-left = radius; 288 - top-right = radius; 289 - }; 290 - clip-to-geometry = true; 291 - draw-border-with-background = false; 279 + # namespaced swww-daemon layer is named `swww-daemonbackdrop` 280 + matches = [ { namespace = "^swww-daemonbackdrop$"; } ]; 281 + place-within-backdrop = true; 292 282 } 293 - { 294 - matches = [ 295 - {is-floating = true;} 283 + ]; 284 + prefer-no-csd = true; 285 + window-rules = 286 + let 287 + mkMatchRule = 288 + { 289 + appId, 290 + title ? "", 291 + openFloating ? false, 292 + }: 293 + let 294 + baseRule = { 295 + matches = [ 296 + { 297 + app-id = appId; 298 + inherit title; 299 + } 300 + ]; 301 + }; 302 + floatingRule = if openFloating then { open-floating = true; } else { }; 303 + in 304 + baseRule // floatingRule; 305 + 306 + openFloatingAppIds = [ 307 + "^(pavucontrol)" 308 + "^(Volume Control)" 309 + "^(dialog)" 310 + "^(file_progress)" 311 + "^(confirm)" 312 + "^(download)" 313 + "^(error)" 314 + "^(notification)" 296 315 ]; 297 - shadow.enable = true; 298 - } 299 - { 300 - matches = [ 316 + 317 + floatingRules = builtins.map ( 318 + appId: 319 + mkMatchRule { 320 + appId = appId; 321 + openFloating = true; 322 + } 323 + ) openFloatingAppIds; 324 + 325 + windowRules = [ 326 + { 327 + geometry-corner-radius = 328 + let 329 + radius = 0.0; 330 + in 331 + { 332 + bottom-left = radius; 333 + bottom-right = radius; 334 + top-left = radius; 335 + top-right = radius; 336 + }; 337 + clip-to-geometry = true; 338 + draw-border-with-background = false; 339 + } 301 340 { 302 - is-window-cast-target = true; 341 + matches = [ 342 + { is-floating = true; } 343 + ]; 344 + shadow.enable = true; 303 345 } 304 - ]; 346 + { 347 + matches = [ 348 + { 349 + is-window-cast-target = true; 350 + } 351 + ]; 305 352 306 - border = { 307 - active.color = "#f38ba8"; 308 - inactive.color = "#7d0d2d"; 309 - }; 353 + border = { 354 + active.color = "#f38ba8"; 355 + inactive.color = "#7d0d2d"; 356 + }; 310 357 311 - shadow = { 312 - color = "#7d0d2d70"; 313 - }; 358 + shadow = { 359 + color = "#7d0d2d70"; 360 + }; 314 361 315 - tab-indicator = { 316 - active.color = "#f38ba8"; 317 - inactive.color = "#7d0d2d"; 318 - }; 319 - } 320 - { 321 - matches = [{app-id = "org.telegram.desktop";}]; 322 - block-out-from = "screencast"; 323 - } 324 - { 325 - matches = [{app-id = "app.drey.PaperPlane";}]; 326 - block-out-from = "screencast"; 327 - } 328 - { 329 - matches = [ 330 - {app-id = "^(zen|zen-.*|firefox|chromium-browser|edge|chrome-.*)$";} 331 - {app-id = "^discord$";} 332 - ]; 333 - open-maximized = true; 334 - } 335 - { 336 - matches = [ 337 - {title = "^wired$";} 338 - ]; 339 - open-floating = true; 340 - open-focused = false; 341 - default-floating-position = { 342 - relative-to = "top-right"; 343 - x = 320; 344 - y = 16; 345 - }; 346 - } 347 - { 348 - matches = [ 362 + tab-indicator = { 363 + active.color = "#f38ba8"; 364 + inactive.color = "#7d0d2d"; 365 + }; 366 + } 349 367 { 350 - app-id = "firefox$"; 351 - title = "^Picture-in-Picture$"; 368 + matches = [ { app-id = "org.telegram.desktop"; } ]; 369 + block-out-from = "screencast"; 352 370 } 353 371 { 354 - app-id = "zen-.*$"; 355 - title = "^Picture-in-Picture$"; 372 + matches = [ { app-id = "app.drey.PaperPlane"; } ]; 373 + block-out-from = "screencast"; 356 374 } 357 375 { 358 - app-id = "zen-.*$"; 359 - title = ".*Bitwarden Password Manager.*"; 376 + matches = [ 377 + { app-id = "^(zen|zen-.*|firefox|chromium-browser|edge|chrome-.*)$"; } 378 + { app-id = "^discord$"; } 379 + ]; 380 + open-maximized = true; 381 + } 382 + { 383 + matches = [ 384 + { title = "^wired$"; } 385 + ]; 386 + open-floating = true; 387 + open-focused = false; 388 + default-floating-position = { 389 + relative-to = "top-right"; 390 + x = 320; 391 + y = 16; 392 + }; 393 + } 394 + { 395 + matches = [ 396 + { 397 + app-id = "firefox$"; 398 + title = "^Picture-in-Picture$"; 399 + } 400 + { 401 + app-id = "zen-.*$"; 402 + title = "^Picture-in-Picture$"; 403 + } 404 + { 405 + app-id = "zen-.*$"; 406 + title = ".*Bitwarden Password Manager.*"; 407 + } 408 + { title = "^Picture in picture$"; } 409 + { title = "^Discord Popout$"; } 410 + ]; 411 + open-floating = true; 412 + default-floating-position = { 413 + x = 32; 414 + y = 32; 415 + relative-to = "top-right"; 416 + }; 360 417 } 361 - {title = "^Picture in picture$";} 362 - {title = "^Discord Popout$";} 363 418 ]; 364 - open-floating = true; 365 - default-floating-position = { 366 - x = 32; 367 - y = 32; 368 - relative-to = "top-right"; 419 + in 420 + windowRules ++ floatingRules; 421 + # workspaces = { 422 + # "01" = { open-on-output = "DP-1"; name = "一"; }; 423 + # "02" = { open-on-output = "DP-1"; name = "二"; }; 424 + # "03" = { open-on-output = "DP-1"; name = "三"; }; 425 + # "04" = { open-on-output = "DP-1"; name = "四"; }; 426 + # "05" = { open-on-output = "DP-1"; name = "五"; }; 427 + # "06" = { open-on-output = "DP-2"; name = "六"; }; 428 + # "07" = { open-on-output = "DP-2"; name = "七"; }; 429 + # "08" = { open-on-output = "DP-2"; name = "八"; }; 430 + # "09" = { open-on-output = "DP-2"; name = "九"; }; 431 + # "10" = { open-on-output = "DP-2"; name = "十"; }; 432 + # }; 433 + # outputs = { 434 + # # Internal Monitor 435 + # "eDP-1" = { 436 + # enable = true; 437 + # mode = { 438 + # height = 2560; 439 + # width = 1600; 440 + # # refresh = 144.0; 441 + # }; 442 + # position = { 443 + # x = 0; 444 + # y = 0; 445 + # }; 446 + # scale = 1.75; 447 + # transform.rotation = 270; 448 + # variable-refresh-rate = false; 449 + # focus-at-startup = false; 450 + # }; 451 + # "DP-6" = { 452 + # enable = true; 453 + # mode = { 454 + # height = 2560; 455 + # width = 1440; 456 + # }; 457 + # position = { 458 + # x = 0; 459 + # y = 0; 460 + # }; 461 + # scale = 1; 462 + # variable-refresh-rate = false; 463 + # focus-at-startup = true; 464 + # }; 465 + # "DP-7" = { 466 + # enable = true; 467 + # mode = { 468 + # height = 1080; 469 + # width = 1920; 470 + # }; 471 + # position = { 472 + # x = -1080; 473 + # y = 0; 474 + # }; 475 + # scale = 1; 476 + # transform.rotation = 90; 477 + # variable-refresh-rate = false; 478 + # }; 479 + # }; 480 + cursor = { 481 + theme = "Ukiyo"; 482 + size = 24; 483 + }; 484 + input = { 485 + focus-follows-mouse = { 486 + enable = true; 487 + # max-scroll-amount = "2"; 488 + }; 489 + warp-mouse-to-focus.enable = true; 490 + keyboard = { 491 + repeat-delay = 200; 492 + repeat-rate = 50; 493 + track-layout = "global"; 494 + xkb = { 495 + layout = "ch"; 369 496 }; 370 - } 371 - ]; 372 - in windowRules ++ floatingRules; 373 - # workspaces = { 374 - # "01" = { open-on-output = "DP-1"; name = "一"; }; 375 - # "02" = { open-on-output = "DP-1"; name = "二"; }; 376 - # "03" = { open-on-output = "DP-1"; name = "三"; }; 377 - # "04" = { open-on-output = "DP-1"; name = "四"; }; 378 - # "05" = { open-on-output = "DP-1"; name = "五"; }; 379 - # "06" = { open-on-output = "DP-2"; name = "六"; }; 380 - # "07" = { open-on-output = "DP-2"; name = "七"; }; 381 - # "08" = { open-on-output = "DP-2"; name = "八"; }; 382 - # "09" = { open-on-output = "DP-2"; name = "九"; }; 383 - # "10" = { open-on-output = "DP-2"; name = "十"; }; 384 - # }; 385 - # outputs = { 386 - # # Internal Monitor 387 - # "eDP-1" = { 388 - # enable = true; 389 - # mode = { 390 - # height = 2560; 391 - # width = 1600; 392 - # # refresh = 144.0; 393 - # }; 394 - # position = { 395 - # x = 0; 396 - # y = 0; 397 - # }; 398 - # scale = 1.75; 399 - # transform.rotation = 270; 400 - # variable-refresh-rate = false; 401 - # focus-at-startup = false; 402 - # }; 403 - # "DP-6" = { 404 - # enable = true; 405 - # mode = { 406 - # height = 2560; 407 - # width = 1440; 408 - # }; 409 - # position = { 410 - # x = 0; 411 - # y = 0; 412 - # }; 413 - # scale = 1; 414 - # variable-refresh-rate = false; 415 - # focus-at-startup = true; 416 - # }; 417 - # "DP-7" = { 418 - # enable = true; 419 - # mode = { 420 - # height = 1080; 421 - # width = 1920; 422 - # }; 423 - # position = { 424 - # x = -1080; 425 - # y = 0; 426 - # }; 427 - # scale = 1; 428 - # transform.rotation = 90; 429 - # variable-refresh-rate = false; 430 - # }; 431 - # }; 432 - cursor = { 433 - theme = "Ukiyo"; 434 - size = 24; 435 - }; 436 - input = { 437 - focus-follows-mouse = { 438 - enable = true; 439 - # max-scroll-amount = "2"; 440 - }; 441 - warp-mouse-to-focus.enable = true; 442 - keyboard = { 443 - repeat-delay = 200; 444 - repeat-rate = 50; 445 - track-layout = "global"; 446 - xkb = { 447 - layout = "ch"; 497 + }; 498 + mouse = { 499 + enable = true; 500 + accel-profile = null; 501 + # scroll-button = "BTN_MIDDLE"; 502 + # scroll-factor = 1.0; 503 + # scroll-method = "on-button-down"; 504 + }; 505 + touch = { 506 + enable = true; 507 + }; 508 + touchpad = { 509 + enable = true; 510 + # click-method = "button-areas"; 511 + dwt = true; 512 + dwtp = true; 513 + natural-scroll = false; 514 + scroll-method = "two-finger"; 515 + tap = true; 516 + tap-button-map = "left-right-middle"; 517 + # accel-profile = "adaptive"; 518 + accel-profile = "flat"; 519 + # scroll-factor = 0.2; 448 520 }; 449 521 }; 450 - mouse = { 451 - enable = true; 452 - accel-profile = null; 453 - # scroll-button = "BTN_MIDDLE"; 454 - # scroll-factor = 1.0; 455 - # scroll-method = "on-button-down"; 456 - }; 457 - touch = { 458 - enable = true; 459 - }; 460 - touchpad = { 461 - enable = true; 462 - # click-method = "button-areas"; 463 - dwt = true; 464 - dwtp = true; 465 - natural-scroll = false; 466 - scroll-method = "two-finger"; 467 - tap = true; 468 - tap-button-map = "left-right-middle"; 469 - # accel-profile = "adaptive"; 470 - accel-profile = "flat"; 471 - # scroll-factor = 0.2; 472 - }; 473 522 }; 474 523 }; 475 - }; 476 524 }

+17 -8

modules/home-manager/wayland/sherlock/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: { 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 9 + { 2 10 3 11 # disabledModules = [ "programs/sherlock.nix" ]; 4 12 # ··· 15 23 package = inputs.sherlock.packages.${pkgs.system}.default; 16 24 17 25 # config.json / config.toml 18 - settings = {}; 26 + settings = { }; 19 27 20 28 # sherlock_alias.json 21 29 # aliases = { ··· 43 51 { 44 52 name = "App Launcher"; 45 53 type = "app_launcher"; 46 - args = {}; 54 + args = { }; 47 55 priority = 2; 48 56 home = "Home"; 49 57 } 50 58 ]; 51 59 52 60 # main.css 53 - style = /* css */ '' 54 - * { 55 - font-family: "PP Supply Mono"; 56 - } 57 - ''; 61 + style = # css 62 + '' 63 + * { 64 + font-family: "PP Supply Mono"; 65 + } 66 + ''; 58 67 }; 59 68 }

+20 -19

modules/home-manager/wayland/swaync/default.nix

··· 1 - {pkgs,...}: 1 + { pkgs, ... }: 2 2 { 3 3 services.swaync = { 4 4 enable = true; ··· 21 21 notification-body-image-width = 200; 22 22 }; 23 23 # https://github.com/ErikReider/SwayNotificationCenter/blob/main/src/style.css 24 - style = /* css */ '' 25 - .notification-row { 26 - outline: none; 27 - } 28 - 29 - .notification-row:focus, 30 - .notification-row:hover { 31 - background: @noti-bg-focus; 32 - } 33 - 34 - .notification { 35 - border-radius: 12px; 36 - margin: 6px 12px; 37 - box-shadow: 0 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 3px 1px rgba(0, 0, 0, 0.7), 38 - 0 2px 6px 2px rgba(0, 0, 0, 0.3); 39 - padding: 0; 40 - } 41 - ''; 24 + style = # css 25 + '' 26 + .notification-row { 27 + outline: none; 28 + } 29 + 30 + .notification-row:focus, 31 + .notification-row:hover { 32 + background: @noti-bg-focus; 33 + } 34 + 35 + .notification { 36 + border-radius: 12px; 37 + margin: 6px 12px; 38 + box-shadow: 0 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 3px 1px rgba(0, 0, 0, 0.7), 39 + 0 2px 6px 2px rgba(0, 0, 0, 0.3); 40 + padding: 0; 41 + } 42 + ''; 42 43 }; 43 44 }

+262 -266

modules/home-manager/wayland/waybar/default.nix

··· 5 5 lib, 6 6 pkgs, 7 7 ... 8 - }: let 8 + }: 9 + let 9 10 modules = { 10 11 "group/power" = { 11 12 orientation = "inherit"; ··· 204 205 pkgs.swaynotificationcenter 205 206 ]; 206 207 text = 207 - /* 208 - sh 209 - */ 208 + # sh 210 209 '' 211 210 #!/usr/bin/env bash 212 211 ··· 298 297 ]; 299 298 }; 300 299 }; 301 - in { 300 + in 301 + { 302 302 home.packages = [ 303 303 pkgs.material-symbols 304 304 pkgs.material-icons ··· 308 308 enable = true; 309 309 systemd.enable = true; 310 310 settings = { 311 - smallBar = 312 - { 313 - height = 32; 314 - spacing = 8; 315 - position = "top"; 316 - layer = "top"; 317 - margin-left = 8; 318 - margin-right = 8; 319 - margin-top = 8; 311 + smallBar = { 312 + height = 32; 313 + spacing = 8; 314 + position = "top"; 315 + layer = "top"; 316 + margin-left = 8; 317 + margin-right = 8; 318 + margin-top = 8; 320 319 321 - output = [ 322 - "DP-7" 323 - ]; 320 + output = [ 321 + "DP-7" 322 + ]; 324 323 325 - modules-left = [ 326 - "group/power" 327 - ]; 324 + modules-left = [ 325 + "group/power" 326 + ]; 328 327 329 - modules-center = [ 330 - "clock" 331 - ]; 328 + modules-center = [ 329 + "clock" 330 + ]; 332 331 333 - modules-right = [ 334 - "battery" 335 - ]; 336 - } 337 - // modules; 332 + modules-right = [ 333 + "battery" 334 + ]; 335 + } 336 + // modules; 338 337 339 - mainBar = 340 - { 341 - height = 32; 342 - spacing = 8; 343 - position = "top"; 344 - layer = "top"; 345 - margin-left = 8; 346 - margin-right = 8; 347 - margin-top = 8; 338 + mainBar = { 339 + height = 32; 340 + spacing = 8; 341 + position = "top"; 342 + layer = "top"; 343 + margin-left = 8; 344 + margin-right = 8; 345 + margin-top = 8; 348 346 349 - output = [ 350 - "DP-6" 351 - "eDP-1" 352 - ]; 347 + output = [ 348 + "DP-6" 349 + "eDP-1" 350 + ]; 353 351 354 - modules-left = [ 355 - "group/power" 356 - "cpu" 357 - "custom/mem" 358 - ]; 352 + modules-left = [ 353 + "group/power" 354 + "cpu" 355 + "custom/mem" 356 + ]; 359 357 360 - modules-center = [ 361 - "clock" 362 - ]; 358 + modules-center = [ 359 + "clock" 360 + ]; 363 361 364 - modules-right = [ 365 - "group/interactibles" 366 - "custom/net" 367 - "custom/swaync" 368 - "wireplumber" 369 - "power-profiles-daemon" 370 - "battery" 371 - ]; 372 - } 373 - // modules; 362 + modules-right = [ 363 + "group/interactibles" 364 + "custom/net" 365 + "custom/swaync" 366 + "wireplumber" 367 + "power-profiles-daemon" 368 + "battery" 369 + ]; 370 + } 371 + // modules; 374 372 }; 375 373 style = 376 374 lib.mkForce 377 - /* 378 - css 379 - */ 380 - '' 381 - /* @define-color fg0 #EBE9F1; */ 382 - @define-color fg0 #938FA8; 383 - @define-color bg0 #07060B; 384 - /* @define-color bg1 #1C1B28; */ 385 - @define-color bg1 #07060B; 386 - @define-color bg2 #323246; 387 - @define-color bg3 #4C4B69; 388 - @define-color accent #816BFF; 389 - @define-color cyan #4CCEFE; 390 - @define-color green #50E074; 391 - @define-color red #FF5487; 392 - @define-color yellow #FFE375; 375 + # css 376 + '' 377 + /* @define-color fg0 #EBE9F1; */ 378 + @define-color fg0 #938FA8; 379 + @define-color bg0 #07060B; 380 + /* @define-color bg1 #1C1B28; */ 381 + @define-color bg1 #07060B; 382 + @define-color bg2 #323246; 383 + @define-color bg3 #4C4B69; 384 + @define-color accent #816BFF; 385 + @define-color cyan #4CCEFE; 386 + @define-color green #50E074; 387 + @define-color red #FF5487; 388 + @define-color yellow #FFE375; 393 389 394 - * { 395 - border: none; 396 - border-radius: 0px; 397 - font-family: "PP Supply Mono", "JetBrainsMono NF Regular", "JetBrains Mono"; 398 - font-size: 16px; 399 - min-height: 32px; 400 - } 390 + * { 391 + border: none; 392 + border-radius: 0px; 393 + font-family: "PP Supply Mono", "JetBrainsMono NF Regular", "JetBrains Mono"; 394 + font-size: 16px; 395 + min-height: 32px; 396 + } 401 397 402 - #custom-power-icon, 403 - #custom-power-lock, 404 - #custom-power-logout, 405 - #custom-power-off, 406 - #custom-power-reboot, 407 - #custom-net, 408 - #custom-swaync, 409 - #custom-tray-btn, 410 - #power-profiles-daemon { 411 - font-family: "PP Supply Mono", "Material Symbols Sharp"; 412 - font-weight: 600; 413 - } 398 + #custom-power-icon, 399 + #custom-power-lock, 400 + #custom-power-logout, 401 + #custom-power-off, 402 + #custom-power-reboot, 403 + #custom-net, 404 + #custom-swaync, 405 + #custom-tray-btn, 406 + #power-profiles-daemon { 407 + font-family: "PP Supply Mono", "Material Symbols Sharp"; 408 + font-weight: 600; 409 + } 414 410 415 - window#waybar { 416 - background-color: @bg0; 417 - color: @fg0; 418 - transition-property: background-color; 419 - } 411 + window#waybar { 412 + background-color: @bg0; 413 + color: @fg0; 414 + transition-property: background-color; 415 + } 420 416 421 - window#waybar.hidden { 422 - opacity: 0.2; 423 - } 417 + window#waybar.hidden { 418 + opacity: 0.2; 419 + } 424 420 425 - #clock, 426 - #battery, 427 - #cpu, 428 - #memory, 429 - #disk, 430 - #temperature, 431 - #backlight, 432 - #network, 433 - #pulseaudio, 434 - #mpris, 435 - #wireplumber, 436 - #tags, 437 - #taskbar, 438 - #tray, 439 - #mode, 440 - #idle_inhibitor, 441 - #custom-tray-btn, 442 - #custom-mem, 443 - #custom-swaync, 444 - #custom-power-icon, 445 - #custom-power-lock, 446 - #custom-power-logout, 447 - #custom-power-off, 448 - #custom-power-reboot, 449 - #mpd { 450 - padding: 0 8px; 451 - background-color: @bg1; 452 - color: @fg0; 453 - } 421 + #clock, 422 + #battery, 423 + #cpu, 424 + #memory, 425 + #disk, 426 + #temperature, 427 + #backlight, 428 + #network, 429 + #pulseaudio, 430 + #mpris, 431 + #wireplumber, 432 + #tags, 433 + #taskbar, 434 + #tray, 435 + #mode, 436 + #idle_inhibitor, 437 + #custom-tray-btn, 438 + #custom-mem, 439 + #custom-swaync, 440 + #custom-power-icon, 441 + #custom-power-lock, 442 + #custom-power-logout, 443 + #custom-power-off, 444 + #custom-power-reboot, 445 + #mpd { 446 + padding: 0 8px; 447 + background-color: @bg1; 448 + color: @fg0; 449 + } 454 450 455 - #clock { 456 - background-color: @bg1; 457 - color: @fg0; 458 - } 451 + #clock { 452 + background-color: @bg1; 453 + color: @fg0; 454 + } 459 455 460 - #battery { 461 - background-color: @bg1; 462 - color: @fg0; 463 - } 456 + #battery { 457 + background-color: @bg1; 458 + color: @fg0; 459 + } 464 460 465 - #battery.charging, #battery.plugged { 466 - color: @green; 467 - background-color: @bg1; 468 - /* border: 1px solid #FFFFFF; */ 469 - } 461 + #battery.charging, #battery.plugged { 462 + color: @green; 463 + background-color: @bg1; 464 + /* border: 1px solid #FFFFFF; */ 465 + } 470 466 471 - @keyframes blink { 472 - to { 473 - background-color: @bg1; 474 - color: @fg0; 475 - } 476 - } 467 + @keyframes blink { 468 + to { 469 + background-color: @bg1; 470 + color: @fg0; 471 + } 472 + } 477 473 478 - #battery.critical:not(.charging) { 479 - background-color: @bg1; 480 - color: @red; 481 - animation-name: blink; 482 - animation-duration: 0.5s; 483 - animation-timing-function: linear; 484 - animation-iteration-count: infinite; 485 - animation-direction: alternate; 486 - } 474 + #battery.critical:not(.charging) { 475 + background-color: @bg1; 476 + color: @red; 477 + animation-name: blink; 478 + animation-duration: 0.5s; 479 + animation-timing-function: linear; 480 + animation-iteration-count: infinite; 481 + animation-direction: alternate; 482 + } 487 483 488 - label:focus { 489 - background-color: @bg0; 490 - } 484 + label:focus { 485 + background-color: @bg0; 486 + } 491 487 492 - #cpu { 493 - background-color: @bg1; 494 - color: @fg0; 495 - } 488 + #cpu { 489 + background-color: @bg1; 490 + color: @fg0; 491 + } 496 492 497 - #memory { 498 - background-color: @bg1; 499 - color: @fg0; 500 - } 493 + #memory { 494 + background-color: @bg1; 495 + color: @fg0; 496 + } 501 497 502 - #disk { 503 - background-color: @bg1; 504 - color: @fg0; 505 - } 498 + #disk { 499 + background-color: @bg1; 500 + color: @fg0; 501 + } 506 502 507 - #backlight { 508 - background-color: @bg1; 509 - color: @fg0; 510 - } 503 + #backlight { 504 + background-color: @bg1; 505 + color: @fg0; 506 + } 511 507 512 - #network { 513 - background-color: @bg1; 514 - color: @fg0; 515 - } 508 + #network { 509 + background-color: @bg1; 510 + color: @fg0; 511 + } 516 512 517 - #network.disconnected { 518 - background-color: @bg1; 519 - color: @red; 520 - } 513 + #network.disconnected { 514 + background-color: @bg1; 515 + color: @red; 516 + } 521 517 522 - #pulseaudio { 523 - background-color: @bg1; 524 - color: @fg0; 525 - } 518 + #pulseaudio { 519 + background-color: @bg1; 520 + color: @fg0; 521 + } 526 522 527 - #pulseaudio.muted { 528 - background-color: @bg1; 529 - color: @red; 530 - } 523 + #pulseaudio.muted { 524 + background-color: @bg1; 525 + color: @red; 526 + } 531 527 532 - #mpris { 533 - background-color: @bg1; 534 - color: @fg0; 535 - } 528 + #mpris { 529 + background-color: @bg1; 530 + color: @fg0; 531 + } 536 532 537 - #mpris.spotify { 538 - background-color: @bg1; 539 - color: @fg0; 540 - } 533 + #mpris.spotify { 534 + background-color: @bg1; 535 + color: @fg0; 536 + } 541 537 542 - #mpris.vlc { 543 - background-color: @bg1; 544 - color: @fg0; 545 - } 538 + #mpris.vlc { 539 + background-color: @bg1; 540 + color: @fg0; 541 + } 546 542 547 - #mpris.brave { 548 - background-color: @bg1; 549 - color: @fg0; 550 - } 543 + #mpris.brave { 544 + background-color: @bg1; 545 + color: @fg0; 546 + } 551 547 552 - #custom-power{ 553 - background-color: @bg1; 554 - color: @fg0; 555 - } 548 + #custom-power{ 549 + background-color: @bg1; 550 + color: @fg0; 551 + } 556 552 557 - #tags{ 558 - background-color: @bg1; 559 - color: @fg0; 560 - } 553 + #tags{ 554 + background-color: @bg1; 555 + color: @fg0; 556 + } 561 557 562 - #tags button.occupied { 563 - background-color: @bg1; 564 - color: @fg0; 565 - } 558 + #tags button.occupied { 559 + background-color: @bg1; 560 + color: @fg0; 561 + } 566 562 567 - #tags button.focused { 568 - background-color: @bg2; 569 - color: @fg0; 570 - } 563 + #tags button.focused { 564 + background-color: @bg2; 565 + color: @fg0; 566 + } 571 567 572 - #tags button.urgent{ 573 - background-color: @bg1; 574 - color: @red; 575 - } 568 + #tags button.urgent{ 569 + background-color: @bg1; 570 + color: @red; 571 + } 576 572 577 573 578 - #temperature { 579 - background-color: @bg1; 580 - color: @fg0; 581 - } 574 + #temperature { 575 + background-color: @bg1; 576 + color: @fg0; 577 + } 582 578 583 - #temperature.critical { 584 - background-color: @bg1; 585 - color: @red; 586 - } 579 + #temperature.critical { 580 + background-color: @bg1; 581 + color: @red; 582 + } 587 583 588 - #tray { 589 - background-color: @bg1; 590 - color: @fg0; 591 - } 584 + #tray { 585 + background-color: @bg1; 586 + color: @fg0; 587 + } 592 588 593 - #tray > .passive { 594 - -gtk-icon-effect: dim; 595 - background-color: @bg0; 596 - color: @fg0; 597 - } 589 + #tray > .passive { 590 + -gtk-icon-effect: dim; 591 + background-color: @bg0; 592 + color: @fg0; 593 + } 598 594 599 - #tray > .needs-attention { 600 - -gtk-icon-effect: highlight; 601 - background-color: @bg2; 602 - color: @fg0; 603 - } 595 + #tray > .needs-attention { 596 + -gtk-icon-effect: highlight; 597 + background-color: @bg2; 598 + color: @fg0; 599 + } 604 600 605 - #language { 606 - background-color: @bg1; 607 - color: @fg0; 608 - min-width: 16px; 609 - } 601 + #language { 602 + background-color: @bg1; 603 + color: @fg0; 604 + min-width: 16px; 605 + } 610 606 611 - #keyboard-state { 612 - background-color: @bg1; 613 - color: @fg0; 614 - min-width: 16px; 615 - } 607 + #keyboard-state { 608 + background-color: @bg1; 609 + color: @fg0; 610 + min-width: 16px; 611 + } 616 612 617 - #keyboard-state > label.locked { 618 - background: rgba(0, 0, 0, 0.2); 619 - } 620 - ''; 613 + #keyboard-state > label.locked { 614 + background: rgba(0, 0, 0, 0.2); 615 + } 616 + ''; 621 617 }; 622 618 }

+6 -1

modules/home-manager/x11/colors/default.nix

··· 1 - { lib, pkgs, config, ... }: 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 2 7 { 3 8 colorScheme = { 4 9 slug = "kokuyoseki";

+10 -4

modules/home-manager/x11/picom/default.nix

··· 1 - { lib, pkgs, config, ... }: 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 2 7 { 3 8 services.picom = { 4 9 enable = true; 5 - 10 + 6 11 shadow = true; # false 7 12 shadowOffsets = [ 8 - (0) (0) 13 + (0) 14 + (0) 9 15 ]; # (-15) (-15) 10 16 shadowOpacity = 0.2; # 0.75 11 17 shadowExclude = [ ··· 17 23 activeOpacity = 1.0; # 1.0 18 24 inactiveOpacity = 0.95; # 1.0 19 25 menuOpacity = 0.95; # 1.0 20 - 26 + 21 27 wintypes = { 22 28 normal = { 23 29 blur-background = true;

+11 -4

modules/home-manager/x11/theme/default.nix

··· 1 - { inputs, config, pkgs, lib, ... }: 1 + { 2 + inputs, 3 + config, 4 + pkgs, 5 + lib, 6 + ... 7 + }: 2 8 3 9 let 4 10 cfg = config.theme.ukiyo; 5 - in { 11 + in 12 + { 6 13 options = { 7 14 theme.ukiyo = { 8 15 package = lib.mkOption { ··· 16 23 home.packages = [ 17 24 cfg.package 18 25 ]; 19 - 26 + 20 27 qt = { 21 28 enable = true; 22 - 29 + 23 30 platformTheme = "gtk"; 24 31 # style = { 25 32 # name = "Ukiyo";

+6 -2

modules/home-manager/x11/wall/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 3 8 with lib; 4 9 ··· 36 41 }; 37 42 }; 38 43 } 39 -

+6 -1

modules/home-manager/x11/xdg/default.nix

··· 1 - { lib, pkgs, config, ... }: 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 2 7 { 3 8 xdg.userDirs = { 4 9 enable = true;

+99 -94

modules/nixos/daemons/ai-chat/default.nix

··· 5 5 pkgs, 6 6 lib, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 age.secrets."litellm_env" = { 10 11 rekeyFile = "${inputs.self}/secrets/litellm_env.age"; 11 12 # mode = "770"; ··· 53 54 { 54 55 name = "litellm"; 55 56 ensureDBOwnership = true; 56 - 57 + 57 58 } 58 59 ]; 59 - ensureDatabases = ["litellm"]; 60 + ensureDatabases = [ "litellm" ]; 60 61 authentication = '' 61 62 local all all trust 62 63 host all all 127.0.0.1/32 trust ··· 64 65 ''; 65 66 }; 66 67 67 - virtualisation.quadlet = let 68 - inherit (config.virtualisation.quadlet) networks pods; 69 - in { 70 - containers."litellm" = let 71 - litellm_config = { 72 - model_list = [ 73 - # DEEPSEEK 🐋 74 - { 75 - model_name = "deepseek-coder"; 76 - litellm_params = { 77 - model = "deepseek/deepseek-coder"; 78 - api_key = "os.environ/DEEPSEEK_API_KEY"; 79 - }; 80 - } 81 - { 82 - model_name = "deepseek-reasoner"; 83 - litellm_params = { 84 - model = "deepseek/deepseek-reasoner"; 85 - api_key = "os.environ/DEEPSEEK_API_KEY"; 86 - }; 87 - } 88 - { 89 - model_name = "deepseek-chat"; 90 - litellm_params = { 91 - model = "deepseek/deepseek-chat"; 92 - api_key = "os.environ/DEEPSEEK_API_KEY"; 93 - }; 94 - } 68 + virtualisation.quadlet = 69 + let 70 + inherit (config.virtualisation.quadlet) networks pods; 71 + in 72 + { 73 + containers."litellm" = 74 + let 75 + litellm_config = { 76 + model_list = [ 77 + # DEEPSEEK 🐋 78 + { 79 + model_name = "deepseek-coder"; 80 + litellm_params = { 81 + model = "deepseek/deepseek-coder"; 82 + api_key = "os.environ/DEEPSEEK_API_KEY"; 83 + }; 84 + } 85 + { 86 + model_name = "deepseek-reasoner"; 87 + litellm_params = { 88 + model = "deepseek/deepseek-reasoner"; 89 + api_key = "os.environ/DEEPSEEK_API_KEY"; 90 + }; 91 + } 92 + { 93 + model_name = "deepseek-chat"; 94 + litellm_params = { 95 + model = "deepseek/deepseek-chat"; 96 + api_key = "os.environ/DEEPSEEK_API_KEY"; 97 + }; 98 + } 99 + 100 + # Claude 🧠 101 + { 102 + model_name = "claude-4-sonnet-20250514"; 103 + litellm_params = { 104 + model = "anthropic/claude-4-sonnet-20250514"; 105 + api_key = "os.environ/ANTHROPIC_API_KEY"; 106 + }; 107 + } 108 + { 109 + model_name = "claude-3-7-sonnet-20250219"; 110 + litellm_params = { 111 + model = "anthropic/claude-3-7-sonnet-20250219"; 112 + api_key = "os.environ/ANTHROPIC_API_KEY"; 113 + }; 114 + } 95 115 96 - # Claude 🧠 97 - { 98 - model_name = "claude-4-sonnet-20250514"; 99 - litellm_params = { 100 - model = "anthropic/claude-4-sonnet-20250514"; 101 - api_key = "os.environ/ANTHROPIC_API_KEY"; 102 - }; 103 - } 104 - { 105 - model_name = "claude-3-7-sonnet-20250219"; 106 - litellm_params = { 107 - model = "anthropic/claude-3-7-sonnet-20250219"; 108 - api_key = "os.environ/ANTHROPIC_API_KEY"; 116 + # OpenAI 🤖 117 + { 118 + model_name = "*"; 119 + litellm_params = { 120 + model = "openai/*"; # All OpenAI Models 121 + api_key = "os.environ/OPENAI_API_KEY"; 122 + }; 123 + } 124 + ]; 125 + }; 126 + litellm_yaml = pkgs.writeText "config.yaml" (lib.generators.toYAML { } litellm_config); 127 + in 128 + { 129 + autoStart = true; 130 + serviceConfig = { 131 + RestartSec = "10"; 132 + Restart = "always"; 133 + }; 134 + containerConfig = { 135 + image = "ghcr.io/berriai/litellm-database:main-latest"; 136 + autoUpdate = "registry"; 137 + publishPorts = [ "3336:4000" ]; 138 + # userns = "keep-id"; 139 + networks = [ "podman" ]; 140 + # pod = pods.servarr.ref; 141 + environments = { 142 + DATABASE_URL = "postgresql://litellm@localhost/litellm?host=/var/run/postgresql&schema=litellm"; 143 + STORE_MODEL_IN_DB = "true"; 144 + # LITELLM_RUN_DB_MIGRATIONS = "true"; 109 145 }; 110 - } 146 + environmentFiles = [ 147 + # required: 148 + # LITELLM_MASTER_KEY (rand key, starting with "sk") 149 + # LITELLM_SALT_KEY (rand key, starting with "sk") 150 + # ANTHROPIC_API_KEY 151 + # DEEPSEEK_API_KEY 152 + # OPENAI_API_KEY 111 153 112 - # OpenAI 🤖 113 - { 114 - model_name = "*"; 115 - litellm_params = { 116 - model = "openai/*"; # All OpenAI Models 117 - api_key = "os.environ/OPENAI_API_KEY"; 118 - }; 119 - } 120 - ]; 121 - }; 122 - litellm_yaml = pkgs.writeText "config.yaml" (lib.generators.toYAML { } litellm_config); 123 - in { 124 - autoStart = true; 125 - serviceConfig = { 126 - RestartSec = "10"; 127 - Restart = "always"; 128 - }; 129 - containerConfig = { 130 - image = "ghcr.io/berriai/litellm-database:main-latest"; 131 - autoUpdate = "registry"; 132 - publishPorts = [ "3336:4000" ]; 133 - # userns = "keep-id"; 134 - networks = [ "podman" ]; 135 - # pod = pods.servarr.ref; 136 - environments = { 137 - DATABASE_URL = "postgresql://litellm@localhost/litellm?host=/var/run/postgresql&schema=litellm"; 138 - STORE_MODEL_IN_DB = "true"; 139 - # LITELLM_RUN_DB_MIGRATIONS = "true"; 154 + # optional: 155 + # OPENAI_BASE_URL 156 + # OPENAI_ORGANIZATION 157 + config.age.secrets."litellm_env".path 158 + ]; 159 + # environmentHost = true; 160 + # podmanArgs = [ ]; 161 + volumes = [ 162 + "${litellm_yaml}:/app/config.yaml:ro" 163 + "/var/run/postgresql:/var/run/postgresql" 164 + ]; 165 + }; 140 166 }; 141 - environmentFiles = [ 142 - # required: 143 - # LITELLM_MASTER_KEY (rand key, starting with "sk") 144 - # LITELLM_SALT_KEY (rand key, starting with "sk") 145 - # ANTHROPIC_API_KEY 146 - # DEEPSEEK_API_KEY 147 - # OPENAI_API_KEY 148 - 149 - # optional: 150 - # OPENAI_BASE_URL 151 - # OPENAI_ORGANIZATION 152 - config.age.secrets."litellm_env".path 153 - ]; 154 - # environmentHost = true; 155 - # podmanArgs = [ ]; 156 - volumes = [ 157 - "${litellm_yaml}:/app/config.yaml:ro" 158 - "/var/run/postgresql:/var/run/postgresql" 159 - ]; 160 - }; 161 167 }; 162 - }; 163 168 164 169 # services.litellm = { 165 170 # enable = true;

+8 -1

modules/nixos/daemons/anubis/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 services.anubis.defaultOptions.settings = { 4 11 DIFFICULTY = 4;

+8 -1

modules/nixos/daemons/atuin/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 services.atuin = { 4 11 enable = true;

+2 -1

modules/nixos/daemons/audiobookshelf/default.nix

··· 5 5 lib, 6 6 pkgs, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 services.audiobookshelf = { 10 11 enable = true; 11 12 host = "0.0.0.0";

+7 -2

modules/nixos/daemons/fail2ban/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 # Fail2Ban 4 - services.fail2ban = { 9 + services.fail2ban = { 5 10 enable = true; 6 11 maxretry = 3; 7 12 bantime = "30m";

+9 -1

modules/nixos/daemons/forgejo/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 age.secrets."forgejo_runner_token" = { 4 12 rekeyFile = "${inputs.self}/secrets/forgejo_runner_token.age";

+7 -1

modules/nixos/daemons/glance/default.nix

··· 1 - { config, lib, pkgs, allSecrets, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + allSecrets, 6 + ... 7 + }: 2 8 { 3 9 # Glance (https://github.com/glanceapp/glance) 4 10 services.glance = {

+2 -1

modules/nixos/daemons/graylog/default.nix

··· 6 6 outputs, 7 7 allSecrets, 8 8 ... 9 - }: { 9 + }: 10 + { 10 11 # send logs to ${allSecrets.per_host.eiri.int_ip}:1515 :) 11 12 services = { 12 13 graylog = {

+8 -1

modules/nixos/daemons/immich/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 services.immich = { 4 11 enable = true;

+8 -7

modules/nixos/daemons/it-tools/default.nix

··· 1 1 { 2 - inputs 3 - , outputs 4 - , config 5 - , lib 6 - , pkgs 7 - , allSecrets 8 - , ... }: 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 9 10 { 10 11 imports = [ 11 12 "${inputs.nixpkgs-akotro-it-tools}/nixos/modules/services/web-apps/it-tools.nix"

+8 -7

modules/nixos/daemons/karakeep/default.nix

··· 1 1 { 2 - inputs 3 - , outputs 4 - , config 5 - , lib 6 - , pkgs 7 - , allSecrets 8 - , ... }: 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 9 10 { 10 11 age.secrets."karakeep_secret" = { 11 12 rekeyFile = "${inputs.self}/secrets/karakeep_secret.age";

+9 -1

modules/nixos/daemons/miniflux/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 age.secrets."miniflux_admin" = { 4 12 rekeyFile = "${inputs.self}/secrets/miniflux_admin.age";

+7 -2

modules/nixos/daemons/n8n/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 services.n8n = { 4 9 enable = true; ··· 9 14 }; 10 15 11 16 # environment.systemPackages = with pkgs; [ nodejs ]; 12 - 17 + 13 18 # systemd.services.n8n = { 14 19 # serviceConfig = { 15 20 # Environment = [

+9 -1

modules/nixos/daemons/navidrome/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 # age.secrets."miniflux_admin" = { 4 12 # rekeyFile = "${inputs.self}/secrets/miniflux_admin.age";

+8 -1

modules/nixos/daemons/nextcloud/default.nix

··· 1 - { config, pkgs, inputs, outputs, allSecrets, ... }: 1 + { 2 + config, 3 + pkgs, 4 + inputs, 5 + outputs, 6 + allSecrets, 7 + ... 8 + }: 2 9 { 3 10 age.secrets."nextcloud_admin" = { 4 11 rekeyFile = "${inputs.self}/secrets/nextcloud_admin.age";

+6 -1

modules/nixos/daemons/openssh/default.nix

··· 1 - { config, inputs, pkgs, ... }: 1 + { 2 + config, 3 + inputs, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 services.openssh = { 4 9 enable = true;

+2 -1

modules/nixos/daemons/paperless/default.nix

··· 6 6 outputs, 7 7 allSecrets, 8 8 ... 9 - }: { 9 + }: 10 + { 10 11 age.secrets."paperless_pass" = { 11 12 rekeyFile = "${inputs.self}/secrets/paperless_pass.age"; 12 13 # mode = "770";

+6 -1

modules/nixos/daemons/pcscd/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 services.pcscd = { 4 9 enable = true;

+7 -2

modules/nixos/daemons/plex/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 # PLEX 4 9 hardware.graphics = { ··· 18 23 package = pkgs.master.plex; 19 24 dataDir = "/var/lib/plex"; 20 25 }; 21 - 26 + 22 27 tautulli.enable = true; 23 28 }; 24 29 }

+2 -1

modules/nixos/daemons/pocket-id/default.nix

··· 6 6 pkgs, 7 7 allSecrets, 8 8 ... 9 - }: { 9 + }: 10 + { 10 11 age.secrets."pocketid_env" = { 11 12 rekeyFile = "${inputs.self}/secrets/pocketid_env.age"; 12 13 };

+78 -75

modules/nixos/daemons/restic/default.nix

··· 4 4 config, 5 5 pkgs, 6 6 ... 7 - }: { 7 + }: 8 + { 8 9 age.secrets."restic_password" = { 9 10 rekeyFile = "${inputs.self}/secrets/restic_password.age"; 10 11 }; 11 12 12 - services.restic.backups = let 13 - eiri_data = [ 14 - "/var/lib/acme" 13 + services.restic.backups = 14 + let 15 + eiri_data = [ 16 + "/var/lib/acme" 15 17 16 - "/var/lib/bitwarden_rs" 17 - "/var/lib/vaultwarden.bak" 18 + "/var/lib/bitwarden_rs" 19 + "/var/lib/vaultwarden.bak" 18 20 19 - "/var/lib/pocket-id" 21 + "/var/lib/pocket-id" 20 22 21 - "/var/lib/nextcloud" 22 - "/mnt/btrfs_pool/nextcloud_data" 23 + "/var/lib/nextcloud" 24 + "/mnt/btrfs_pool/nextcloud_data" 23 25 24 - "/var/lib/forgejo" 25 - "/var/lib/gitea" 26 + "/var/lib/forgejo" 27 + "/var/lib/gitea" 26 28 27 - "/var/lib/paperless" 28 - "/mnt/btrfs_pool/paperless" 29 + "/var/lib/paperless" 30 + "/mnt/btrfs_pool/paperless" 29 31 30 - "/var/lib/karakeep" 31 - "/mnt/btrfs_pool/karakeep" 32 + "/var/lib/karakeep" 33 + "/mnt/btrfs_pool/karakeep" 32 34 33 - "/var/lib/n8n" 35 + "/var/lib/n8n" 34 36 35 - "/var/lib/lego" 37 + "/var/lib/lego" 36 38 37 - "/var/lib/plex" 38 - "/var/lib/plexpy" 39 - "/var/lib/overseerr" 39 + "/var/lib/plex" 40 + "/var/lib/plexpy" 41 + "/var/lib/overseerr" 40 42 41 - "/var/lib/vikunja" 43 + "/var/lib/vikunja" 42 44 43 - "/var/lib/open-webui" 44 - "/var/lib/litellm" 45 + "/var/lib/open-webui" 46 + "/var/lib/litellm" 45 47 46 - "/var/lib/immich" 47 - "/mnt/btrfs_pool/immich_media" 48 + "/var/lib/immich" 49 + "/mnt/btrfs_pool/immich_media" 48 50 49 - "/mnt/btrfs_pool/syncthing_data" 51 + "/mnt/btrfs_pool/syncthing_data" 50 52 51 - "/mnt/btrfs_pool/docmost_storage" 52 - "/var/lib/docmost" 53 - ]; 54 - in { 55 - "mc" = { 56 - initialize = true; 57 - passwordFile = config.age.secrets."restic_password".path; 58 - paths = [ 59 - "/home/taki/minecraft" 53 + "/mnt/btrfs_pool/docmost_storage" 54 + "/var/lib/docmost" 60 55 ]; 61 - repository = "/home/taki/minecraft_backup"; 62 - timerConfig = { 63 - OnCalendar = "hourly"; 64 - Persistent = true; 56 + in 57 + { 58 + "mc" = { 59 + initialize = true; 60 + passwordFile = config.age.secrets."restic_password".path; 61 + paths = [ 62 + "/home/taki/minecraft" 63 + ]; 64 + repository = "/home/taki/minecraft_backup"; 65 + timerConfig = { 66 + OnCalendar = "hourly"; 67 + Persistent = true; 68 + }; 69 + pruneOpts = [ 70 + "--keep-daily 31" 71 + ]; 65 72 }; 66 - pruneOpts = [ 67 - "--keep-daily 31" 68 - ]; 69 - }; 70 - "local" = { 71 - initialize = true; 72 - passwordFile = config.age.secrets."restic_password".path; 73 - paths = eiri_data; 74 - repository = "/mnt/btrfs_pool/restic_backup"; 75 - timerConfig = { 76 - OnCalendar = "daily"; 77 - Persistent = true; 73 + "local" = { 74 + initialize = true; 75 + passwordFile = config.age.secrets."restic_password".path; 76 + paths = eiri_data; 77 + repository = "/mnt/btrfs_pool/restic_backup"; 78 + timerConfig = { 79 + OnCalendar = "daily"; 80 + Persistent = true; 81 + }; 82 + pruneOpts = [ 83 + "--keep-daily 31" # one backup per day for the last 31 days 84 + "--keep-weekly 8" # one backup per week for the last 8 weeks 85 + "--keep-monthly 24" # one backup per month for the last 13 months 86 + "--keep-yearly 75" # one backup per year, for the last 75 years 87 + ]; 78 88 }; 79 - pruneOpts = [ 80 - "--keep-daily 31" # one backup per day for the last 31 days 81 - "--keep-weekly 8" # one backup per week for the last 8 weeks 82 - "--keep-monthly 24" # one backup per month for the last 13 months 83 - "--keep-yearly 75" # one backup per year, for the last 75 years 84 - ]; 85 - }; 86 - "external" = { 87 - initialize = true; 88 - passwordFile = config.age.secrets."restic_password".path; 89 - paths = eiri_data; 90 - repository = "/mnt/koi/"; 91 - timerConfig = { 92 - OnCalendar = "daily"; 93 - Persistent = true; 89 + "external" = { 90 + initialize = true; 91 + passwordFile = config.age.secrets."restic_password".path; 92 + paths = eiri_data; 93 + repository = "/mnt/koi/"; 94 + timerConfig = { 95 + OnCalendar = "daily"; 96 + Persistent = true; 97 + }; 98 + pruneOpts = [ 99 + "--keep-daily 31" # one backup per day for the last 31 days 100 + "--keep-weekly 8" # one backup per week for the last 8 weeks 101 + "--keep-monthly 24" # one backup per month for the last 13 months 102 + "--keep-yearly 75" # one backup per year, for the last 75 years 103 + ]; 94 104 }; 95 - pruneOpts = [ 96 - "--keep-daily 31" # one backup per day for the last 31 days 97 - "--keep-weekly 8" # one backup per week for the last 8 weeks 98 - "--keep-monthly 24" # one backup per month for the last 13 months 99 - "--keep-yearly 75" # one backup per year, for the last 75 years 100 - ]; 105 + # TODO 106 + # "remote" = {}; 101 107 }; 102 - # TODO 103 - # "remote" = {}; 104 - }; 105 108 }

+6 -2

modules/nixos/daemons/rustdesk-server/default.nix

··· 6 6 outputs, 7 7 allSecrets, 8 8 ... 9 - }: { 9 + }: 10 + { 10 11 services.rustdesk-server = { 11 12 enable = true; 12 13 relay = { ··· 14 15 }; 15 16 signal = { 16 17 enable = true; 17 - relayHosts = ["${allSecrets.per_host.eiri.int_ip}" "rd.eiri.74k1.sh"]; 18 + relayHosts = [ 19 + "${allSecrets.per_host.eiri.int_ip}" 20 + "rd.eiri.74k1.sh" 21 + ]; 18 22 }; 19 23 }; 20 24 }

+22 -6

modules/nixos/daemons/scrutiny/default.nix

··· 3 3 lib, 4 4 config, 5 5 ... 6 - }: { 6 + }: 7 + { 7 8 services.scrutiny = { 8 9 enable = true; 9 10 settings = { ··· 15 16 collector = { 16 17 enable = true; 17 18 settings.devices = [ 18 - { device = "/dev/nvme0n1"; type = "nvme"; } 19 - { device = "/dev/sda"; type = "scsi"; } 20 - { device = "/dev/sdb"; type = "scsi"; } 21 - { device = "/dev/sdc"; type = "scsi"; } 22 - { device = "/dev/sdd"; type = "scsi"; } 19 + { 20 + device = "/dev/nvme0n1"; 21 + type = "nvme"; 22 + } 23 + { 24 + device = "/dev/sda"; 25 + type = "scsi"; 26 + } 27 + { 28 + device = "/dev/sdb"; 29 + type = "scsi"; 30 + } 31 + { 32 + device = "/dev/sdc"; 33 + type = "scsi"; 34 + } 35 + { 36 + device = "/dev/sdd"; 37 + type = "scsi"; 38 + } 23 39 ]; 24 40 }; 25 41 };

+9 -1

modules/nixos/daemons/send/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 services.send = { 4 12 enable = true;

+97 -78

modules/nixos/daemons/servarr/default.nix

··· 5 5 lib, 6 6 pkgs, 7 7 ... 8 - }: let 8 + }: 9 + let 9 10 cfg_sonarr = config.services.sonarr; 10 - in { 11 + in 12 + { 11 13 disabledModules = [ 12 14 "services/misc/servarr/prowlarr.nix" 13 15 "services/misc/overseerr.nix" ··· 68 70 69 71 users.users = { 70 72 # lidarr.extraGroups = ["plex" "transmission"]; 71 - radarr.extraGroups = ["plex" "transmission"]; 72 - radarr-alt.extraGroups = ["plex" "transmission"]; 73 - radarr-alp.extraGroups = ["plex" "transmission"]; 74 - sonarr.extraGroups = ["plex" "transmission"]; 75 - sonarr-alp.extraGroups = ["plex" "transmission"]; 73 + radarr.extraGroups = [ 74 + "plex" 75 + "transmission" 76 + ]; 77 + radarr-alt.extraGroups = [ 78 + "plex" 79 + "transmission" 80 + ]; 81 + radarr-alp.extraGroups = [ 82 + "plex" 83 + "transmission" 84 + ]; 85 + sonarr.extraGroups = [ 86 + "plex" 87 + "transmission" 88 + ]; 89 + sonarr-alp.extraGroups = [ 90 + "plex" 91 + "transmission" 92 + ]; 76 93 }; 77 94 78 - virtualisation.quadlet = let 79 - inherit (config.virtualisation.quadlet) networks pods; 80 - in { 81 - containers = { 82 - # "homarr" = { 83 - # autoStart = true; 84 - # serviceConfig = { 85 - # RestartSec = "10"; 86 - # Restart = "always"; 87 - # }; 88 - # containerConfig = { 89 - # image = "ghcr.io/ajnart/homarr:latest"; 90 - # publishPorts = [ "7575:7575" ]; 91 - # userns = "keep-id"; 92 - # networks = [ networks.podman-bridge.ref ]; 93 - # # networks = [ "podman" networks.podman-bridge.ref ]; 94 - # # pod = pods.servarr.ref; 95 - # volumes = [ 96 - # # optional for docker integration 97 - # #"/var/run/docker.sock:/var/run/docker.sock" 98 - # "/var/lib/homarr/configs:/app/data/configs" 99 - # "/var/lib/homarr/icons:/app/public/icons" 100 - # "/var/lib/homarr/data:/data" 101 - # ]; 102 - # }; 103 - # }; 104 - # "overseerr" = { 105 - # autoStart = true; 106 - # serviceConfig = { 107 - # RestartSec = "10"; 108 - # Restart = "always"; 109 - # }; 110 - # containerConfig = { 111 - # image = "sctx/overseerr:1.32.5"; 112 - # # publishPorts = [ "5055:5055" ]; 113 - # # userns = "keep-id"; 114 - # # networks = [ "host" ]; 115 - # networks = [ "host" ]; 116 - # # dns = [ "9.9.9.9" "149.112.112.112" ]; 117 - # # networks = [ "podman" networks.podman-bridge.ref ]; 118 - # # pod = pods.servarr.ref; 119 - # volumes = [ 120 - # "/var/lib/overseerr/config:/app/config" 121 - # ]; 122 - # environments = { 123 - # LOG_LEVEL = "warn"; 124 - # TZ = "Europe/Zurich"; 125 - # # optional 126 - # #PORT = "5055"; 127 - # }; 128 - # }; 129 - # }; 130 - "flaresolverr" = { 131 - autoStart = true; 132 - serviceConfig = { 133 - RestartSec = "10"; 134 - Restart = "always"; 135 - }; 136 - containerConfig = { 137 - image = "ghcr.io/flaresolverr/flaresolverr:latest"; 138 - publishPorts = [ "8191:8191" ]; 139 - networks = [ "podman" ]; 140 - # networks = [ networks.podman-bridge.ref ]; 141 - # networks = [ "podman" networks.podman-bridge.ref ]; 142 - # pod = pods.servarr.ref; 143 - environments = { 144 - LOG_LEVEL = "info"; 145 - LOG_HTML = "false"; 146 - CAPTCHA_SOLVER = "none"; 147 - TZ = "Europe/Zurich"; 95 + virtualisation.quadlet = 96 + let 97 + inherit (config.virtualisation.quadlet) networks pods; 98 + in 99 + { 100 + containers = { 101 + # "homarr" = { 102 + # autoStart = true; 103 + # serviceConfig = { 104 + # RestartSec = "10"; 105 + # Restart = "always"; 106 + # }; 107 + # containerConfig = { 108 + # image = "ghcr.io/ajnart/homarr:latest"; 109 + # publishPorts = [ "7575:7575" ]; 110 + # userns = "keep-id"; 111 + # networks = [ networks.podman-bridge.ref ]; 112 + # # networks = [ "podman" networks.podman-bridge.ref ]; 113 + # # pod = pods.servarr.ref; 114 + # volumes = [ 115 + # # optional for docker integration 116 + # #"/var/run/docker.sock:/var/run/docker.sock" 117 + # "/var/lib/homarr/configs:/app/data/configs" 118 + # "/var/lib/homarr/icons:/app/public/icons" 119 + # "/var/lib/homarr/data:/data" 120 + # ]; 121 + # }; 122 + # }; 123 + # "overseerr" = { 124 + # autoStart = true; 125 + # serviceConfig = { 126 + # RestartSec = "10"; 127 + # Restart = "always"; 128 + # }; 129 + # containerConfig = { 130 + # image = "sctx/overseerr:1.32.5"; 131 + # # publishPorts = [ "5055:5055" ]; 132 + # # userns = "keep-id"; 133 + # # networks = [ "host" ]; 134 + # networks = [ "host" ]; 135 + # # dns = [ "9.9.9.9" "149.112.112.112" ]; 136 + # # networks = [ "podman" networks.podman-bridge.ref ]; 137 + # # pod = pods.servarr.ref; 138 + # volumes = [ 139 + # "/var/lib/overseerr/config:/app/config" 140 + # ]; 141 + # environments = { 142 + # LOG_LEVEL = "warn"; 143 + # TZ = "Europe/Zurich"; 144 + # # optional 145 + # #PORT = "5055"; 146 + # }; 147 + # }; 148 + # }; 149 + "flaresolverr" = { 150 + autoStart = true; 151 + serviceConfig = { 152 + RestartSec = "10"; 153 + Restart = "always"; 154 + }; 155 + containerConfig = { 156 + image = "ghcr.io/flaresolverr/flaresolverr:latest"; 157 + publishPorts = [ "8191:8191" ]; 158 + networks = [ "podman" ]; 159 + # networks = [ networks.podman-bridge.ref ]; 160 + # networks = [ "podman" networks.podman-bridge.ref ]; 161 + # pod = pods.servarr.ref; 162 + environments = { 163 + LOG_LEVEL = "info"; 164 + LOG_HTML = "false"; 165 + CAPTCHA_SOLVER = "none"; 166 + TZ = "Europe/Zurich"; 167 + }; 148 168 }; 149 169 }; 150 170 }; 151 171 }; 152 - }; 153 172 }

+8 -2

modules/nixos/daemons/servarr/radarr-alp.nix

··· 1 - { config, pkgs, lib, ... }: 1 + { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: 2 7 3 8 with lib; 4 9 5 10 let 6 11 cfg = config.services.radarr-alp; 7 - in { 12 + in 13 + { 8 14 options = { 9 15 services.radarr-alp = { 10 16 enable = mkEnableOption "Radarr-alp, a UsetNet/BitTorrent movie downloader";

+8 -2

modules/nixos/daemons/servarr/radarr-alt.nix

··· 1 - { config, pkgs, lib, ... }: 1 + { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: 2 7 3 8 with lib; 4 9 5 10 let 6 11 cfg = config.services.radarr-alt; 7 - in { 12 + in 13 + { 8 14 options = { 9 15 services.radarr-alt = { 10 16 enable = mkEnableOption "Radarr-alt, a UsetNet/BitTorrent movie downloader";

+6 -2

modules/nixos/daemons/servarr/sonarr-alp.nix

··· 1 - { config, pkgs, lib, ... }: 1 + { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: 2 7 3 8 with lib; 4 9 ··· 76 81 }; 77 82 }; 78 83 } 79 -

+6 -2

modules/nixos/daemons/servarr/sonarr-alt.nix

··· 1 - { config, pkgs, lib, ... }: 1 + { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: 2 7 3 8 with lib; 4 9 ··· 76 81 }; 77 82 }; 78 83 } 79 -

+2 -1

modules/nixos/daemons/slskd/default.nix

··· 5 5 pkgs, 6 6 allSecrets, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 imports = [ 10 11 ../vpnconfinement 11 12 ];

+7 -2

modules/nixos/daemons/soularr/default.nix

··· 5 5 lib, 6 6 pkgs, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 imports = [ 10 11 "${inputs.tixpkgs}/modules/nixos/misc/soularr.nix" 11 12 ]; ··· 22 23 downloadDir = "/var/lib/slskd/downloads"; 23 24 }; 24 25 search = { 25 - allowedFiletypes = ["flac" "mp3" "wav"]; 26 + allowedFiletypes = [ 27 + "flac" 28 + "mp3" 29 + "wav" 30 + ]; 26 31 numberOfAlbumsToGrab = 20; 27 32 }; 28 33 };

+8 -1

modules/nixos/daemons/syncthing/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 disabledModules = [ "services/networking/syncthing.nix" ]; 4 11

+2 -1

modules/nixos/daemons/transmission/default.nix

··· 7 7 # self, 8 8 allSecrets, 9 9 ... 10 - }: { 10 + }: 11 + { 11 12 imports = [ 12 13 ../vpnconfinement 13 14 ];

+3 -2

modules/nixos/daemons/umami/default.nix

··· 5 5 lib, 6 6 pkgs, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 # imports = [ 10 11 # "${inputs.nixpkgs-master}/nixos/modules/services/web-apps/umami.nix" 11 12 # # "${inputs.diogotcorreira-umami}/pkgs/by-name/um/umami/package.nix" ··· 24 25 package = pkgs.umami; 25 26 settings = { 26 27 APP_SECRET_FILE = config.age.secrets."umami_secret".path; 27 - TRACKER_SCRIPT_NAME = ["umami.js"]; 28 + TRACKER_SCRIPT_NAME = [ "umami.js" ]; 28 29 DISABLE_TELEMETRY = true; 29 30 HOSTNAME = "0.0.0.0"; 30 31 PORT = 3034;

+9 -1

modules/nixos/daemons/vaultwarden/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 age.secrets."vaultwarden_secret" = { 4 12 rekeyFile = "${inputs.self}/secrets/vaultwarden_secret.age";

+4 -2

modules/nixos/daemons/vector/default.nix

··· 5 5 inputs, 6 6 outputs, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 # age.secrets."paperless_pass" = { 10 11 # rekeyFile = "${inputs.self}/secrets/paperless_pass.age"; 11 12 # # mode = "770"; 12 13 # # owner = "nextcloud"; 13 14 # # group = "nextcloud"; 14 15 # }; 15 - services.rsyslogd = { # TODO 16 + services.rsyslogd = { 17 + # TODO 16 18 enable = true; 17 19 }; 18 20 services.vector = {

+3 -2

modules/nixos/daemons/vpnconfinement/default.nix

··· 5 5 pkgs, 6 6 allSecrets, 7 7 ... 8 - }: { 8 + }: 9 + { 9 10 imports = [ 10 11 inputs.ouro.nixosModules.default 11 12 ]; ··· 20 21 name = "prtr.conf"; 21 22 }; 22 23 23 - vpnNamespaces = { 24 + vpnNamespaces = { 24 25 prsl = { 25 26 enable = true; 26 27 wireguardConfigFile = config.age.secrets."proton_slskd".path;

+20 -7

modules/nixos/daemons/wireguard/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 age.secrets."wireguard_private_key" = { 4 11 rekeyFile = "${inputs.self}/secrets/wireguard_private_key.age"; ··· 33 40 # privateKeyFile = "/home/taki/wg_private_key_secrets"; 34 41 privateKeyFile = config.age.secrets."wireguard_private_key".path; 35 42 36 - peers = [ # TODO 37 - { # knights / proxy 43 + peers = [ 44 + # TODO 45 + { 46 + # knights / proxy 38 47 publicKey = "dVVhzsUPOT4ln5v4agYw/MxhIb8frEp74oSEIIadgH0="; 39 48 allowedIPs = [ 40 49 "10.100.0.2/32" 41 50 ]; 42 51 } 43 - { # cyberia 52 + { 53 + # cyberia 44 54 publicKey = "eR6y0rHuhb+qhBaZWWigQnjHjZ1m4oRJzYVPrv3CgBM="; 45 55 allowedIPs = [ 46 56 "10.100.0.10/32" 47 57 ]; 48 58 } 49 - { # MAGI 59 + { 60 + # MAGI 50 61 publicKey = "JOf290ilGAOw2msc6aQsE+oSjvLA1g9Cvw6RvmsTJj4="; 51 62 allowedIPs = [ 52 63 "10.100.0.3/32" 53 64 ]; 54 65 } 55 - { # NERV 66 + { 67 + # NERV 56 68 publicKey = "vnmW4+i/tKuiUx86JGOax3wHl1eAPwZj+/diVkpiZgM="; 57 69 allowedIPs = [ 58 70 "10.100.0.4/32" 59 71 ]; 60 72 } 61 - { # EVA 73 + { 74 + # EVA 62 75 publicKey = "qL6QmOPbBx6Ej7HzNE/HwRo4vPts7EbTfIr/QMBIcyw="; 63 76 allowedIPs = [ 64 77 "10.100.0.5/32"

+11 -2

modules/nixos/nix/default.nix

··· 1 - { inputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + config, 4 + lib, 5 + pkgs, 6 + ... 7 + }: 2 8 { 3 9 nix = { 4 10 # package = inputs.rix101.packages.${pkgs.hostPlatform.system}.nix-enraged; ··· 10 16 ''; 11 17 12 18 settings = { 13 - trusted-users = [ "root" "taki" ]; 19 + trusted-users = [ 20 + "root" 21 + "taki" 22 + ]; 14 23 # cores = 4; 15 24 # max-jobs = 1; 16 25 };

+20 -15

modules/nixos/nix/substituters/default.nix

··· 5 5 ... 6 6 }: 7 7 { 8 - nix.settings = lib.foldl' 9 - (acc: { substituter, public-key}: { 10 - substituters = acc.substituters ++ [ substituter ]; 11 - trusted-public-keys = acc.trusted-public-keys ++ [ public-key ]; 12 - }) 13 - { 14 - substituters = []; 15 - trusted-public-keys = []; 16 - } 17 - [ 18 - { 19 - substituter = "http://nix-community.cachix.org"; 20 - public-key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; 21 - } 22 - ]; 8 + nix.settings = 9 + lib.foldl' 10 + ( 11 + acc: 12 + { substituter, public-key }: 13 + { 14 + substituters = acc.substituters ++ [ substituter ]; 15 + trusted-public-keys = acc.trusted-public-keys ++ [ public-key ]; 16 + } 17 + ) 18 + { 19 + substituters = [ ]; 20 + trusted-public-keys = [ ]; 21 + } 22 + [ 23 + { 24 + substituter = "http://nix-community.cachix.org"; 25 + public-key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; 26 + } 27 + ]; 23 28 }

+7 -2

modules/nixos/nvidia/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 3 8 { 4 9 # NVIDIA ··· 19 24 # libva 20 25 libva 21 26 libva-utils 22 - 27 + 23 28 # vaapi 24 29 nvidia-vaapi-driver 25 30 ];

+7 -2

modules/nixos/profile/locale/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 3 8 { 4 9 # Set your time zone. ··· 29 34 evdev:name:*:* 30 35 XKBLAYOUT=ch 31 36 XKBVARIANT=de 32 - 37 + 33 38 evdev:name:HAILUCK CO.,LTD USB KEYBOARD:* 34 39 XKBLAYOUT=us 35 40 '';

+16 -3

modules/nixos/profile/taki/default.nix

··· 1 - { inputs, outputs, lib, config, pkgs, allSecrets, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + lib, 5 + config, 6 + pkgs, 7 + allSecrets, 8 + ... 9 + }: 2 10 { 3 11 options = { 4 12 taki.gui = { ··· 14 22 users.taki = { 15 23 isNormalUser = true; 16 24 description = "taki"; 17 - extraGroups = [ "wheel" "networkmanager" "plex" "user-with-access-to-virtualbox" ]; 25 + extraGroups = [ 26 + "wheel" 27 + "networkmanager" 28 + "plex" 29 + "user-with-access-to-virtualbox" 30 + ]; 18 31 openssh.authorizedKeys.keys = allSecrets.per_service.openssh.authorizedKeys.keys; 19 32 shell = pkgs.zsh; 20 33 initialHashedPassword = "$6$TbBYnHu9RRCkuV6.$q7aBn/LLC2doT6MKoFY9yV8j9qzNz45UWmaMgCsGCKrb0pf7kpPmcBzrc7puOmoJT5B5Cz/guST2.WFgs2FKo1"; ··· 49 62 nerd-fonts.tinos 50 63 nerd-fonts.lilex 51 64 nerd-fonts.zed-mono 52 - 65 + 53 66 # inputs.unfree-fonts.packages.x86_64-linux.berkeley-nolig-otf 54 67 inputs.unfree-fonts.packages.x86_64-linux.suisse-intl-mono 55 68 inputs.apple-emoji.packages.x86_64-linux.apple-emoji-linux

+29 -24

modules/nixos/programs/bash/default.nix

··· 48 48 nr = "nix run"; 49 49 nd = "nix develop"; 50 50 }; 51 - shellInit = /* bash */ '' 52 - export ATUIN_NOBIND="true" 53 - eval "$(${pkgs.atuin}/bin/atuin init bash)" 54 - bindkey '^r' _atuin_search_widget 51 + shellInit = # bash 52 + '' 53 + export ATUIN_NOBIND="true" 54 + eval "$(${pkgs.atuin}/bin/atuin init bash)" 55 + bindkey '^r' _atuin_search_widget 55 56 56 57 57 - youcannotrebuild () { 58 - ${ 59 - let 60 - inherit (lib.strings) 61 - hasInfix; 62 - inherit (pkgs.hostPlatform) 63 - isx86_64 isAarch64 64 - isLinux isDarwin; 65 - in 66 - if isx86_64 && isLinux then 67 - "sudo --validate && sudo nixos-rebuild" 68 - else if isDarwin then 69 - "darwin-rebuild" 70 - else if isAarch64 then 71 - "nix-on-droid" 72 - else 73 - "home-manager" # what is this? plain home-manager, works on every system? ye, like wsl, not darwin, not nixos, not android :holeymoley: havent used yes on such a system but in theory all home mnanager modules would work on it aha. alr alr :hm: 74 - } --flake ~/tix ''$''\{1:-switch''\} "''$''\{@:2''\}" |& nix run nixpkgs#nix-output-monitor 75 - } 76 - ''; 58 + youcannotrebuild () { 59 + ${ 60 + let 61 + inherit (lib.strings) 62 + hasInfix 63 + ; 64 + inherit (pkgs.hostPlatform) 65 + isx86_64 66 + isAarch64 67 + isLinux 68 + isDarwin 69 + ; 70 + in 71 + if isx86_64 && isLinux then 72 + "sudo --validate && sudo nixos-rebuild" 73 + else if isDarwin then 74 + "darwin-rebuild" 75 + else if isAarch64 then 76 + "nix-on-droid" 77 + else 78 + "home-manager" # what is this? plain home-manager, works on every system? ye, like wsl, not darwin, not nixos, not android :holeymoley: havent used yes on such a system but in theory all home mnanager modules would work on it aha. alr alr :hm: 79 + } --flake ~/tix ''$''\{1:-switch''\} "''$''\{@:2''\}" |& nix run nixpkgs#nix-output-monitor 80 + } 81 + ''; 77 82 blesh.enable = true; 78 83 }; 79 84 }

+4 -2

modules/nixos/programs/firefox/default.nix

··· 4 4 pkgs, 5 5 self, 6 6 ... 7 - }: let 7 + }: 8 + let 8 9 lock-false = { 9 10 Value = false; 10 11 Status = "locked"; ··· 17 18 Value = ""; 18 19 Status = "locked"; 19 20 }; 20 - in { 21 + in 22 + { 21 23 programs.firefox = { 22 24 enable = true; 23 25

+7 -1

modules/nixos/programs/steam/default.nix

··· 1 - { config, inputs, pkgs, self, ... }: 1 + { 2 + config, 3 + inputs, 4 + pkgs, 5 + self, 6 + ... 7 + }: 2 8 { 3 9 programs.steam = { 4 10 enable = true;

+12 -2

modules/nixos/quadlet/default.nix

··· 1 - { inputs, outputs, config, lib, pkgs, ... }: 1 + { 2 + inputs, 3 + outputs, 4 + config, 5 + lib, 6 + pkgs, 7 + ... 8 + }: 2 9 { 3 10 imports = [ 4 11 inputs.quadlet.nixosModules.quadlet ··· 11 18 virtualisation.quadlet = { 12 19 networks."podman-bridge".networkConfig = { 13 20 driver = "bridge"; 14 - dns = [ "9.9.9.9" "149.112.112.112" ]; 21 + dns = [ 22 + "9.9.9.9" 23 + "149.112.112.112" 24 + ]; 15 25 }; 16 26 # pods.servarr = {}; 17 27 };

+10 -16

modules/nixos/vm-test/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 3 8 { 4 9 # VM shenanigans 5 10 virtualisation.vmVariant = { 6 11 users = { 7 12 mutableUsers = false; 8 - users = 9 - lib.pipe 10 - config.users.users 11 - [ 12 - (lib.filterAttrs 13 - (user: config: 14 - config.isNormalUser 15 - ) 16 - ) 17 - (lib.mapAttrs 18 - (user: _: 19 - { password = "password"; } 20 - ) 21 - ) 22 - ]; 13 + users = lib.pipe config.users.users [ 14 + (lib.filterAttrs (user: config: config.isNormalUser)) 15 + (lib.mapAttrs (user: _: { password = "password"; })) 16 + ]; 23 17 }; 24 18 }; 25 19 }

+459 -367

modules/syncthing.nix

··· 1 - { config, lib, options, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + options, 5 + pkgs, 6 + ... 7 + }: 2 8 3 9 with lib; 4 10 ··· 8 14 defaultUser = "syncthing"; 9 15 defaultGroup = defaultUser; 10 16 settingsFormat = pkgs.formats.json { }; 11 - cleanedConfig = converge (filterAttrsRecursive (_: v: v != null && v != {})) cfg.settings; 17 + cleanedConfig = converge (filterAttrsRecursive (_: v: v != null && v != { })) cfg.settings; 12 18 13 19 isUnixGui = (builtins.substring 0 1 cfg.guiAddress) == "/"; 14 20 ··· 16 22 # API is served over the Unix socket as well. This function returns the correct 17 23 # curl arguments for the address portion of the curl command for both network 18 24 # and Unix socket addresses. 19 - curlAddressArgs = path: if isUnixGui 25 + curlAddressArgs = 26 + path: 27 + if 28 + isUnixGui 20 29 # if cfg.guiAddress is a unix socket, tell curl explicitly about it 21 30 # note that the dot in front of `${path}` is the hostname, which is 22 31 # required. 23 - then "--unix-socket ${cfg.guiAddress} http://.${path}" 32 + then 33 + "--unix-socket ${cfg.guiAddress} http://.${path}" 24 34 # no adjustments are needed if cfg.guiAddress is a network address 25 - else "${cfg.guiAddress}${path}" 26 - ; 35 + else 36 + "${cfg.guiAddress}${path}"; 27 37 28 - devices = mapAttrsToList (_: device: device // { 29 - deviceID = device.id; 30 - }) cfg.settings.devices; 38 + devices = mapAttrsToList ( 39 + _: device: 40 + device 41 + // { 42 + deviceID = device.id; 43 + } 44 + ) cfg.settings.devices; 31 45 32 46 anyAutoAccept = builtins.any (dev: dev.autoAcceptFolders) devices; 33 47 34 - folders = mapAttrsToList (_: folder: folder // 35 - throwIf (folder?rescanInterval || folder?watch || folder?watchDelay) '' 36 - The options services.syncthing.settings.folders.<name>.{rescanInterval,watch,watchDelay} 37 - were removed. Please use, respectively, {rescanIntervalS,fsWatcherEnabled,fsWatcherDelayS} instead. 38 - '' { 39 - devices = map (device: 40 - if builtins.isString device then 41 - { deviceId = cfg.settings.devices.${device}.id; } 42 - else 43 - device 44 - ) folder.devices; 45 - }) (filterAttrs (_: folder: 46 - folder.enable 47 - ) cfg.settings.folders); 48 + folders = mapAttrsToList ( 49 + _: folder: 50 + folder 51 + // 52 + throwIf (folder ? rescanInterval || folder ? watch || folder ? watchDelay) 53 + '' 54 + The options services.syncthing.settings.folders.<name>.{rescanInterval,watch,watchDelay} 55 + were removed. Please use, respectively, {rescanIntervalS,fsWatcherEnabled,fsWatcherDelayS} instead. 56 + '' 57 + { 58 + devices = map ( 59 + device: 60 + if builtins.isString device then { deviceId = cfg.settings.devices.${device}.id; } else device 61 + ) folder.devices; 62 + } 63 + ) (filterAttrs (_: folder: folder.enable) cfg.settings.folders); 48 64 49 65 jq = "${pkgs.jq}/bin/jq"; 50 - updateConfig = pkgs.writers.writeBash "merge-syncthing-config" ('' 51 - set -efu 66 + updateConfig = pkgs.writers.writeBash "merge-syncthing-config" ( 67 + '' 68 + set -efu 52 69 53 - # be careful not to leak secrets in the filesystem or in process listings 54 - umask 0077 70 + # be careful not to leak secrets in the filesystem or in process listings 71 + umask 0077 55 72 56 - curl() { 57 - # get the api key by parsing the config.xml 58 - while 59 - ! ${pkgs.libxml2}/bin/xmllint \ 60 - --xpath 'string(configuration/gui/apikey)' \ 61 - ${cfg.configDir}/config.xml \ 62 - >"$RUNTIME_DIRECTORY/api_key" 63 - do sleep 1; done 64 - (printf "X-API-Key: "; cat "$RUNTIME_DIRECTORY/api_key") >"$RUNTIME_DIRECTORY/headers" 65 - ${pkgs.curl}/bin/curl -sSLk -H "@$RUNTIME_DIRECTORY/headers" \ 66 - --retry 1000 --retry-delay 1 --retry-all-errors \ 67 - "$@" 68 - } 69 - '' + 73 + curl() { 74 + # get the api key by parsing the config.xml 75 + while 76 + ! ${pkgs.libxml2}/bin/xmllint \ 77 + --xpath 'string(configuration/gui/apikey)' \ 78 + ${cfg.configDir}/config.xml \ 79 + >"$RUNTIME_DIRECTORY/api_key" 80 + do sleep 1; done 81 + (printf "X-API-Key: "; cat "$RUNTIME_DIRECTORY/api_key") >"$RUNTIME_DIRECTORY/headers" 82 + ${pkgs.curl}/bin/curl -sSLk -H "@$RUNTIME_DIRECTORY/headers" \ 83 + --retry 1000 --retry-delay 1 --retry-all-errors \ 84 + "$@" 85 + } 86 + '' 87 + + 70 88 71 - /* Syncthing's rest API for the folders and devices is almost identical. 72 - Hence we iterate them using lib.pipe and generate shell commands for both at 73 - the same time. */ 74 - (lib.pipe { 75 - # The attributes below are the only ones that are different for devices / 76 - # folders. 77 - devs = { 78 - new_conf_IDs = map (v: v.id) devices; 79 - GET_IdAttrName = "deviceID"; 80 - override = cfg.overrideDevices; 81 - conf = devices; 82 - baseAddress = curlAddressArgs "/rest/config/devices"; 83 - }; 84 - dirs = { 85 - new_conf_IDs = map (v: v.id) folders; 86 - GET_IdAttrName = "id"; 87 - override = cfg.overrideFolders; 88 - conf = folders; 89 - baseAddress = curlAddressArgs "/rest/config/folders"; 90 - }; 91 - } [ 92 - # Now for each of these attributes, write the curl commands that are 93 - # identical to both folders and devices. 94 - (mapAttrs (conf_type: s: 95 - # We iterate the `conf` list now, and run a curl -X POST command for each, that 96 - # should update that device/folder only. 97 - lib.pipe s.conf [ 98 - # Quoting https://docs.syncthing.net/rest/config.html: 99 - # 100 - # > PUT takes an array and POST a single object. In both cases if a 101 - # given folder/device already exists, it’s replaced, otherwise a new 102 - # one is added. 103 - # 104 - # What's not documented, is that using PUT will remove objects that 105 - # don't exist in the array given. That's why we use here `POST`, and 106 - # only if s.override == true then we DELETE the relevant folders 107 - # afterwards. 108 - (map (new_cfg: '' 109 - curl -d ${lib.escapeShellArg (builtins.toJSON new_cfg)} -X POST ${s.baseAddress} 89 + /* 90 + Syncthing's rest API for the folders and devices is almost identical. 91 + Hence we iterate them using lib.pipe and generate shell commands for both at 92 + the same time. 93 + */ 94 + (lib.pipe 95 + { 96 + # The attributes below are the only ones that are different for devices / 97 + # folders. 98 + devs = { 99 + new_conf_IDs = map (v: v.id) devices; 100 + GET_IdAttrName = "deviceID"; 101 + override = cfg.overrideDevices; 102 + conf = devices; 103 + baseAddress = curlAddressArgs "/rest/config/devices"; 104 + }; 105 + dirs = { 106 + new_conf_IDs = map (v: v.id) folders; 107 + GET_IdAttrName = "id"; 108 + override = cfg.overrideFolders; 109 + conf = folders; 110 + baseAddress = curlAddressArgs "/rest/config/folders"; 111 + }; 112 + } 113 + [ 114 + # Now for each of these attributes, write the curl commands that are 115 + # identical to both folders and devices. 116 + (mapAttrs ( 117 + conf_type: s: 118 + # We iterate the `conf` list now, and run a curl -X POST command for each, that 119 + # should update that device/folder only. 120 + lib.pipe s.conf [ 121 + # Quoting https://docs.syncthing.net/rest/config.html: 122 + # 123 + # > PUT takes an array and POST a single object. In both cases if a 124 + # given folder/device already exists, it’s replaced, otherwise a new 125 + # one is added. 126 + # 127 + # What's not documented, is that using PUT will remove objects that 128 + # don't exist in the array given. That's why we use here `POST`, and 129 + # only if s.override == true then we DELETE the relevant folders 130 + # afterwards. 131 + (map (new_cfg: '' 132 + curl -d ${lib.escapeShellArg (builtins.toJSON new_cfg)} -X POST ${s.baseAddress} 133 + '')) 134 + (lib.concatStringsSep "\n") 135 + ] 136 + /* 137 + If we need to override devices/folders, we iterate all currently configured 138 + IDs, via another `curl -X GET`, and we delete all IDs that are not part of 139 + the Nix configured list of IDs 140 + */ 141 + + lib.optionalString s.override '' 142 + stale_${conf_type}_ids="$(curl -X GET ${s.baseAddress} | ${jq} \ 143 + --argjson new_ids ${lib.escapeShellArg (builtins.toJSON s.new_conf_IDs)} \ 144 + --raw-output \ 145 + '[.[].${s.GET_IdAttrName}] - $new_ids | .[]' 146 + )" 147 + for id in ''${stale_${conf_type}_ids}; do 148 + >&2 echo "Deleting stale device: $id" 149 + curl -X DELETE ${s.baseAddress}/$id 150 + done 151 + '' 152 + )) 153 + builtins.attrValues 154 + (lib.concatStringsSep "\n") 155 + ] 156 + ) 157 + + 158 + /* 159 + Now we update the other settings defined in cleanedConfig which are not 160 + "folders" or "devices". 161 + */ 162 + (lib.pipe cleanedConfig [ 163 + builtins.attrNames 164 + (lib.subtractLists [ 165 + "folders" 166 + "devices" 167 + ]) 168 + (map (subOption: '' 169 + curl -X PUT -d ${ 170 + lib.escapeShellArg (builtins.toJSON cleanedConfig.${subOption}) 171 + } ${curlAddressArgs "/rest/config/${subOption}"} 110 172 '')) 111 173 (lib.concatStringsSep "\n") 112 - ] 113 - /* If we need to override devices/folders, we iterate all currently configured 114 - IDs, via another `curl -X GET`, and we delete all IDs that are not part of 115 - the Nix configured list of IDs 116 - */ 117 - + lib.optionalString s.override '' 118 - stale_${conf_type}_ids="$(curl -X GET ${s.baseAddress} | ${jq} \ 119 - --argjson new_ids ${lib.escapeShellArg (builtins.toJSON s.new_conf_IDs)} \ 120 - --raw-output \ 121 - '[.[].${s.GET_IdAttrName}] - $new_ids | .[]' 122 - )" 123 - for id in ''${stale_${conf_type}_ids}; do 124 - >&2 echo "Deleting stale device: $id" 125 - curl -X DELETE ${s.baseAddress}/$id 126 - done 127 - '' 128 - )) 129 - builtins.attrValues 130 - (lib.concatStringsSep "\n") 131 - ]) + 132 - /* Now we update the other settings defined in cleanedConfig which are not 133 - "folders" or "devices". */ 134 - (lib.pipe cleanedConfig [ 135 - builtins.attrNames 136 - (lib.subtractLists ["folders" "devices"]) 137 - (map (subOption: '' 138 - curl -X PUT -d ${lib.escapeShellArg (builtins.toJSON cleanedConfig.${subOption})} ${curlAddressArgs "/rest/config/${subOption}"} 139 - '')) 140 - (lib.concatStringsSep "\n") 141 - ]) + '' 142 - # restart Syncthing if required 143 - if curl ${curlAddressArgs "/rest/config/restart-required"} | 144 - ${jq} -e .requiresRestart > /dev/null; then 145 - curl -X POST ${curlAddressArgs "/rest/system/restart"} 146 - fi 147 - ''); 148 - in { 174 + ]) 175 + + '' 176 + # restart Syncthing if required 177 + if curl ${curlAddressArgs "/rest/config/restart-required"} | 178 + ${jq} -e .requiresRestart > /dev/null; then 179 + curl -X POST ${curlAddressArgs "/rest/system/restart"} 180 + fi 181 + '' 182 + ); 183 + in 184 + { 149 185 ###### interface 150 186 options = { 151 187 services.syncthing = { ··· 203 239 options = { 204 240 # global options 205 241 options = mkOption { 206 - default = {}; 242 + default = { }; 207 243 description = '' 208 244 The options element contains all other global configuration options 209 245 ''; 210 - type = types.submodule ({ name, ... }: { 211 - freeformType = settingsFormat.type; 212 - options = { 213 - localAnnounceEnabled = mkOption { 214 - type = types.nullOr types.bool; 215 - default = null; 216 - description = '' 217 - Whether to send announcements to the local LAN, also use such announcements to find other devices. 218 - ''; 219 - }; 246 + type = types.submodule ( 247 + { name, ... }: 248 + { 249 + freeformType = settingsFormat.type; 250 + options = { 251 + localAnnounceEnabled = mkOption { 252 + type = types.nullOr types.bool; 253 + default = null; 254 + description = '' 255 + Whether to send announcements to the local LAN, also use such announcements to find other devices. 256 + ''; 257 + }; 220 258 221 - localAnnouncePort = mkOption { 222 - type = types.nullOr types.int; 223 - default = null; 224 - description = '' 225 - The port on which to listen and send IPv4 broadcast announcements to. 226 - ''; 227 - }; 259 + localAnnouncePort = mkOption { 260 + type = types.nullOr types.int; 261 + default = null; 262 + description = '' 263 + The port on which to listen and send IPv4 broadcast announcements to. 264 + ''; 265 + }; 228 266 229 - relaysEnabled = mkOption { 230 - type = types.nullOr types.bool; 231 - default = null; 232 - description = '' 233 - When true, relays will be connected to and potentially used for device to device connections. 234 - ''; 235 - }; 267 + relaysEnabled = mkOption { 268 + type = types.nullOr types.bool; 269 + default = null; 270 + description = '' 271 + When true, relays will be connected to and potentially used for device to device connections. 272 + ''; 273 + }; 236 274 237 - urAccepted = mkOption { 238 - type = types.nullOr types.int; 239 - default = null; 240 - description = '' 241 - Whether the user has accepted to submit anonymous usage data. 242 - The default, 0, mean the user has not made a choice, and Syncthing will ask at some point in the future. 243 - "-1" means no, a number above zero means that that version of usage reporting has been accepted. 244 - ''; 245 - }; 275 + urAccepted = mkOption { 276 + type = types.nullOr types.int; 277 + default = null; 278 + description = '' 279 + Whether the user has accepted to submit anonymous usage data. 280 + The default, 0, mean the user has not made a choice, and Syncthing will ask at some point in the future. 281 + "-1" means no, a number above zero means that that version of usage reporting has been accepted. 282 + ''; 283 + }; 246 284 247 - limitBandwidthInLan = mkOption { 248 - type = types.nullOr types.bool; 249 - default = null; 250 - description = '' 251 - Whether to apply bandwidth limits to devices in the same broadcast domain as the local device. 252 - ''; 253 - }; 285 + limitBandwidthInLan = mkOption { 286 + type = types.nullOr types.bool; 287 + default = null; 288 + description = '' 289 + Whether to apply bandwidth limits to devices in the same broadcast domain as the local device. 290 + ''; 291 + }; 254 292 255 - maxFolderConcurrency = mkOption { 256 - type = types.nullOr types.int; 257 - default = null; 258 - description = '' 259 - This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning. 260 - The mechanism is described in detail in a [separate chapter](https://docs.syncthing.net/advanced/option-max-concurrency.html). 261 - ''; 293 + maxFolderConcurrency = mkOption { 294 + type = types.nullOr types.int; 295 + default = null; 296 + description = '' 297 + This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning. 298 + The mechanism is described in detail in a [separate chapter](https://docs.syncthing.net/advanced/option-max-concurrency.html). 299 + ''; 300 + }; 262 301 }; 263 - }; 264 - }); 302 + } 303 + ); 265 304 }; 266 305 267 306 # device settings 268 307 devices = mkOption { 269 - default = {}; 308 + default = { }; 270 309 description = '' 271 310 Peers/devices which Syncthing should communicate with. 272 311 ··· 280 319 addresses = [ "tcp://192.168.0.10:51820" ]; 281 320 }; 282 321 }; 283 - type = types.attrsOf (types.submodule ({ name, ... }: { 284 - freeformType = settingsFormat.type; 285 - options = { 322 + type = types.attrsOf ( 323 + types.submodule ( 324 + { name, ... }: 325 + { 326 + freeformType = settingsFormat.type; 327 + options = { 286 328 287 - name = mkOption { 288 - type = types.str; 289 - default = name; 290 - description = '' 291 - The name of the device. 292 - ''; 293 - }; 329 + name = mkOption { 330 + type = types.str; 331 + default = name; 332 + description = '' 333 + The name of the device. 334 + ''; 335 + }; 294 336 295 - id = mkOption { 296 - type = types.str; 297 - description = '' 298 - The device ID. See <https://docs.syncthing.net/dev/device-ids.html>. 299 - ''; 300 - }; 337 + id = mkOption { 338 + type = types.str; 339 + description = '' 340 + The device ID. See <https://docs.syncthing.net/dev/device-ids.html>. 341 + ''; 342 + }; 301 343 302 - autoAcceptFolders = mkOption { 303 - type = types.bool; 304 - default = false; 305 - description = '' 306 - Automatically create or share folders that this device advertises at the default path. 307 - See <https://docs.syncthing.net/users/config.html?highlight=autoaccept#config-file-format>. 308 - ''; 309 - }; 344 + autoAcceptFolders = mkOption { 345 + type = types.bool; 346 + default = false; 347 + description = '' 348 + Automatically create or share folders that this device advertises at the default path. 349 + See <https://docs.syncthing.net/users/config.html?highlight=autoaccept#config-file-format>. 350 + ''; 351 + }; 310 352 311 - }; 312 - })); 353 + }; 354 + } 355 + ) 356 + ); 313 357 }; 314 358 315 359 # folder settings 316 360 folders = mkOption { 317 - default = {}; 361 + default = { }; 318 362 description = '' 319 363 Folders which should be shared by Syncthing. 320 364 ··· 330 374 }; 331 375 } 332 376 ''; 333 - type = types.attrsOf (types.submodule ({ name, ... }: { 334 - freeformType = settingsFormat.type; 335 - options = { 377 + type = types.attrsOf ( 378 + types.submodule ( 379 + { name, ... }: 380 + { 381 + freeformType = settingsFormat.type; 382 + options = { 336 383 337 - enable = mkOption { 338 - type = types.bool; 339 - default = true; 340 - description = '' 341 - Whether to share this folder. 342 - This option is useful when you want to define all folders 343 - in one place, but not every machine should share all folders. 344 - ''; 345 - }; 384 + enable = mkOption { 385 + type = types.bool; 386 + default = true; 387 + description = '' 388 + Whether to share this folder. 389 + This option is useful when you want to define all folders 390 + in one place, but not every machine should share all folders. 391 + ''; 392 + }; 346 393 347 - path = mkOption { 348 - # TODO for release 23.05: allow relative paths again and set 349 - # working directory to cfg.dataDir 350 - type = types.str // { 351 - check = x: types.str.check x && (substring 0 1 x == "/" || substring 0 2 x == "~/"); 352 - description = types.str.description + " starting with / or ~/"; 353 - }; 354 - default = name; 355 - description = '' 356 - The path to the folder which should be shared. 357 - Only absolute paths (starting with `/`) and paths relative to 358 - the [user](#opt-services.syncthing.user)'s home directory 359 - (starting with `~/`) are allowed. 360 - ''; 361 - }; 394 + path = mkOption { 395 + # TODO for release 23.05: allow relative paths again and set 396 + # working directory to cfg.dataDir 397 + type = types.str // { 398 + check = x: types.str.check x && (substring 0 1 x == "/" || substring 0 2 x == "~/"); 399 + description = types.str.description + " starting with / or ~/"; 400 + }; 401 + default = name; 402 + description = '' 403 + The path to the folder which should be shared. 404 + Only absolute paths (starting with `/`) and paths relative to 405 + the [user](#opt-services.syncthing.user)'s home directory 406 + (starting with `~/`) are allowed. 407 + ''; 408 + }; 362 409 363 - id = mkOption { 364 - type = types.str; 365 - default = name; 366 - description = '' 367 - The ID of the folder. Must be the same on all devices. 368 - ''; 369 - }; 410 + id = mkOption { 411 + type = types.str; 412 + default = name; 413 + description = '' 414 + The ID of the folder. Must be the same on all devices. 415 + ''; 416 + }; 370 417 371 - label = mkOption { 372 - type = types.str; 373 - default = name; 374 - description = '' 375 - The label of the folder. 376 - ''; 377 - }; 418 + label = mkOption { 419 + type = types.str; 420 + default = name; 421 + description = '' 422 + The label of the folder. 423 + ''; 424 + }; 378 425 379 - type = mkOption { 380 - type = types.enum [ "sendreceive" "sendonly" "receiveonly" "receiveencrypted" ]; 381 - default = "sendreceive"; 382 - description = '' 383 - Controls how the folder is handled by Syncthing. 384 - See <https://docs.syncthing.net/users/config.html#config-option-folder.type>. 385 - ''; 386 - }; 426 + type = mkOption { 427 + type = types.enum [ 428 + "sendreceive" 429 + "sendonly" 430 + "receiveonly" 431 + "receiveencrypted" 432 + ]; 433 + default = "sendreceive"; 434 + description = '' 435 + Controls how the folder is handled by Syncthing. 436 + See <https://docs.syncthing.net/users/config.html#config-option-folder.type>. 437 + ''; 438 + }; 387 439 388 - devices = mkOption { 389 - type = types.listOf types.str; 390 - default = []; 391 - description = '' 392 - The devices this folder should be shared with. Each device must 393 - be defined in the [devices](#opt-services.syncthing.settings.devices) option. 394 - ''; 395 - }; 440 + devices = mkOption { 441 + type = types.listOf types.str; 442 + default = [ ]; 443 + description = '' 444 + The devices this folder should be shared with. Each device must 445 + be defined in the [devices](#opt-services.syncthing.settings.devices) option. 446 + ''; 447 + }; 396 448 397 - versioning = mkOption { 398 - default = null; 399 - description = '' 400 - How to keep changed/deleted files with Syncthing. 401 - There are 4 different types of versioning with different parameters. 402 - See <https://docs.syncthing.net/users/versioning.html>. 403 - ''; 404 - example = literalExpression '' 405 - [ 406 - { 407 - versioning = { 408 - type = "simple"; 409 - params.keep = "10"; 410 - }; 411 - } 412 - { 413 - versioning = { 414 - type = "trashcan"; 415 - params.cleanoutDays = "1000"; 416 - }; 417 - } 418 - { 419 - versioning = { 420 - type = "staggered"; 421 - fsPath = "/syncthing/backup"; 422 - params = { 423 - cleanInterval = "3600"; 424 - maxAge = "31536000"; 449 + versioning = mkOption { 450 + default = null; 451 + description = '' 452 + How to keep changed/deleted files with Syncthing. 453 + There are 4 different types of versioning with different parameters. 454 + See <https://docs.syncthing.net/users/versioning.html>. 455 + ''; 456 + example = literalExpression '' 457 + [ 458 + { 459 + versioning = { 460 + type = "simple"; 461 + params.keep = "10"; 462 + }; 463 + } 464 + { 465 + versioning = { 466 + type = "trashcan"; 467 + params.cleanoutDays = "1000"; 468 + }; 469 + } 470 + { 471 + versioning = { 472 + type = "staggered"; 473 + fsPath = "/syncthing/backup"; 474 + params = { 475 + cleanInterval = "3600"; 476 + maxAge = "31536000"; 477 + }; 478 + }; 479 + } 480 + { 481 + versioning = { 482 + type = "external"; 483 + params.versionsPath = pkgs.writers.writeBash "backup" ''' 484 + folderpath="$1" 485 + filepath="$2" 486 + rm -rf "$folderpath/$filepath" 487 + '''; 488 + }; 489 + } 490 + ] 491 + ''; 492 + type = 493 + with types; 494 + nullOr (submodule { 495 + freeformType = settingsFormat.type; 496 + options = { 497 + type = mkOption { 498 + type = enum [ 499 + "external" 500 + "simple" 501 + "staggered" 502 + "trashcan" 503 + ]; 504 + description = '' 505 + The type of versioning. 506 + See <https://docs.syncthing.net/users/versioning.html>. 507 + ''; 508 + }; 425 509 }; 426 - }; 427 - } 428 - { 429 - versioning = { 430 - type = "external"; 431 - params.versionsPath = pkgs.writers.writeBash "backup" ''' 432 - folderpath="$1" 433 - filepath="$2" 434 - rm -rf "$folderpath/$filepath" 435 - '''; 436 - }; 437 - } 438 - ] 439 - ''; 440 - type = with types; nullOr (submodule { 441 - freeformType = settingsFormat.type; 442 - options = { 443 - type = mkOption { 444 - type = enum [ "external" "simple" "staggered" "trashcan" ]; 445 - description = '' 446 - The type of versioning. 447 - See <https://docs.syncthing.net/users/versioning.html>. 448 - ''; 449 - }; 510 + }); 450 511 }; 451 - }); 452 - }; 453 512 454 - copyOwnershipFromParent = mkOption { 455 - type = types.bool; 456 - default = false; 457 - description = '' 458 - On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in). 459 - Requires running Syncthing as a privileged user, or granting it additional capabilities (e.g. CAP_CHOWN on Linux). 460 - ''; 461 - }; 462 - }; 463 - })); 513 + copyOwnershipFromParent = mkOption { 514 + type = types.bool; 515 + default = false; 516 + description = '' 517 + On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in). 518 + Requires running Syncthing as a privileged user, or granting it additional capabilities (e.g. CAP_CHOWN on Linux). 519 + ''; 520 + }; 521 + }; 522 + } 523 + ) 524 + ); 464 525 }; 465 526 466 527 }; 467 528 }; 468 - default = {}; 529 + default = { }; 469 530 description = '' 470 531 Extra configuration options for Syncthing. 471 532 See <https://docs.syncthing.net/users/config.html>. ··· 557 618 ''; 558 619 }; 559 620 560 - configDir = let 561 - cond = versionAtLeast config.system.stateVersion "19.03"; 562 - in mkOption { 563 - type = types.path; 564 - description = '' 565 - The path where the settings and keys will exist. 566 - ''; 567 - default = cfg.dataDir + optionalString cond "/.config/syncthing"; 568 - defaultText = literalMD '' 569 - * if `stateVersion >= 19.03`: 621 + configDir = 622 + let 623 + cond = versionAtLeast config.system.stateVersion "19.03"; 624 + in 625 + mkOption { 626 + type = types.path; 627 + description = '' 628 + The path where the settings and keys will exist. 629 + ''; 630 + default = cfg.dataDir + optionalString cond "/.config/syncthing"; 631 + defaultText = literalMD '' 632 + * if `stateVersion >= 19.03`: 570 633 571 - config.${opt.dataDir} + "/.config/syncthing" 572 - * otherwise: 634 + config.${opt.dataDir} + "/.config/syncthing" 635 + * otherwise: 573 636 574 - config.${opt.dataDir} 575 - ''; 576 - }; 637 + config.${opt.dataDir} 638 + ''; 639 + }; 577 640 578 641 databaseDir = mkOption { 579 642 type = types.path; ··· 586 649 587 650 extraFlags = mkOption { 588 651 type = types.listOf types.str; 589 - default = []; 652 + default = [ ]; 590 653 example = [ "--reset-deltas" ]; 591 654 description = '' 592 655 Extra flags passed to the syncthing command in the service definition. ··· 617 680 This option was removed because Syncthing now has the inotify functionality included under the name "fswatcher". 618 681 It can be enabled on a per-folder basis through the web interface. 619 682 '') 620 - (mkRenamedOptionModule [ "services" "syncthing" "extraOptions" ] [ "services" "syncthing" "settings" ]) 621 - (mkRenamedOptionModule [ "services" "syncthing" "folders" ] [ "services" "syncthing" "settings" "folders" ]) 622 - (mkRenamedOptionModule [ "services" "syncthing" "devices" ] [ "services" "syncthing" "settings" "devices" ]) 623 - (mkRenamedOptionModule [ "services" "syncthing" "options" ] [ "services" "syncthing" "settings" "options" ]) 624 - ] ++ map (o: 625 - mkRenamedOptionModule [ "services" "syncthing" "declarative" o ] [ "services" "syncthing" o ] 626 - ) [ "cert" "key" "devices" "folders" "overrideDevices" "overrideFolders" "extraOptions"]; 683 + (mkRenamedOptionModule 684 + [ "services" "syncthing" "extraOptions" ] 685 + [ "services" "syncthing" "settings" ] 686 + ) 687 + (mkRenamedOptionModule 688 + [ "services" "syncthing" "folders" ] 689 + [ "services" "syncthing" "settings" "folders" ] 690 + ) 691 + (mkRenamedOptionModule 692 + [ "services" "syncthing" "devices" ] 693 + [ "services" "syncthing" "settings" "devices" ] 694 + ) 695 + (mkRenamedOptionModule 696 + [ "services" "syncthing" "options" ] 697 + [ "services" "syncthing" "settings" "options" ] 698 + ) 699 + ] 700 + ++ 701 + map 702 + (o: mkRenamedOptionModule [ "services" "syncthing" "declarative" o ] [ "services" "syncthing" o ]) 703 + [ 704 + "cert" 705 + "key" 706 + "devices" 707 + "folders" 708 + "overrideDevices" 709 + "overrideFolders" 710 + "extraOptions" 711 + ]; 627 712 628 713 ###### implementation 629 714 ··· 640 725 641 726 networking.firewall = mkIf cfg.openDefaultPorts { 642 727 allowedTCPPorts = [ 22000 ]; 643 - allowedUDPPorts = [ 21027 22000 ]; 728 + allowedUDPPorts = [ 729 + 21027 730 + 22000 731 + ]; 644 732 }; 645 733 646 734 systemd.packages = [ pkgs.syncthing ]; 647 735 648 736 users.users = mkIf (cfg.systemService && cfg.user == defaultUser) { 649 - ${defaultUser} = 650 - { group = cfg.group; 651 - home = cfg.dataDir; 652 - createHome = true; 653 - uid = config.ids.uids.syncthing; 654 - description = "Syncthing daemon user"; 655 - }; 737 + ${defaultUser} = { 738 + group = cfg.group; 739 + home = cfg.dataDir; 740 + createHome = true; 741 + uid = config.ids.uids.syncthing; 742 + description = "Syncthing daemon user"; 743 + }; 656 744 }; 657 745 658 746 users.groups = mkIf (cfg.systemService && cfg.group == defaultGroup) { 659 - ${defaultGroup}.gid = 660 - config.ids.gids.syncthing; 747 + ${defaultGroup}.gid = config.ids.gids.syncthing; 661 748 }; 662 749 663 750 systemd.services = { ··· 670 757 STNORESTART = "yes"; 671 758 STNOUPGRADE = "yes"; 672 759 inherit (cfg) all_proxy; 673 - } // config.networking.proxy.envVars; 760 + } 761 + // config.networking.proxy.envVars; 674 762 wantedBy = [ "multi-user.target" ]; 675 763 serviceConfig = { 676 764 Restart = "on-failure"; 677 765 SuccessExitStatus = "3 4"; 678 - RestartForceExitStatus="3 4"; 766 + RestartForceExitStatus = "3 4"; 679 767 User = cfg.user; 680 768 Group = cfg.group; 681 - ExecStartPre = mkIf (cfg.cert != null || cfg.key != null) 682 - "+${pkgs.writers.writeBash "syncthing-copy-keys" '' 683 - install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir} 684 - ${optionalString (cfg.cert != null) '' 685 - install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.cert} ${cfg.configDir}/cert.pem 686 - ''} 687 - ${optionalString (cfg.key != null) '' 688 - install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.key} ${cfg.configDir}/key.pem 689 - ''} 690 - ''}" 691 - ; 769 + ExecStartPre = 770 + mkIf (cfg.cert != null || cfg.key != null) 771 + "+${pkgs.writers.writeBash "syncthing-copy-keys" '' 772 + install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir} 773 + ${optionalString (cfg.cert != null) '' 774 + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.cert} ${cfg.configDir}/cert.pem 775 + ''} 776 + ${optionalString (cfg.key != null) '' 777 + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.key} ${cfg.configDir}/key.pem 778 + ''} 779 + ''}"; 692 780 ExecStart = '' 693 781 ${cfg.package}/bin/syncthing \ 694 782 -no-browser \ ··· 711 799 RestrictRealtime = true; 712 800 RestrictSUIDSGID = true; 713 801 CapabilityBoundingSet = [ 714 - "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" 715 - "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" 716 - "~CAP_SYS_TIME" "~CAP_KILL" 802 + "~CAP_SYS_PTRACE" 803 + "~CAP_SYS_ADMIN" 804 + "~CAP_SETGID" 805 + "~CAP_SETUID" 806 + "~CAP_SETPCAP" 807 + "~CAP_SYS_TIME" 808 + "~CAP_KILL" 717 809 ]; 718 810 }; 719 811 }; 720 - syncthing-init = mkIf (cleanedConfig != {}) { 812 + syncthing-init = mkIf (cleanedConfig != { }) { 721 813 description = "Syncthing configuration updater"; 722 814 requisite = [ "syncthing.service" ]; 723 815 after = [ "syncthing.service" ];

Configure Feed

Configure Feed