this repo has no description
Redo All Modules
+504
-526
+32
flake.nix
+32
flake.nix
···
84
84
};
85
85
};
86
86
87
+
homeModule = {lib, ...}: {
88
+
_module.args = {inherit inputs;};
89
+
imports = let
90
+
deps = [
91
+
inputs.nixvim.homeModules.nixvim
92
+
inputs.nix-index-db.homeModules.nix-index
93
+
inputs.catppuccin.homeModules.catppuccin
94
+
inputs.niri.homeModules.niri
95
+
];
96
+
myMods = lib.mapAttrsToList (k: v: ./homeModules/${k}) (builtins.readDir ./homeModules);
97
+
in
98
+
deps ++ myMods;
99
+
};
100
+
101
+
nixosModule = {lib, ...}: {
102
+
_module.args = {inherit inputs;};
103
+
imports = let
104
+
deps = [
105
+
inputs.hm.nixosModules.default
106
+
inputs.catppuccin.nixosModules.catppuccin
107
+
inputs.lanzaboote.nixosModules.lanzaboote
108
+
inputs.musnix.nixosModules.musnix
109
+
inputs.imperm.nixosModules.default
110
+
inputs.tranquil.nixosModules.default
111
+
inputs.tangled.nixosModules.knot
112
+
inputs.tangled.nixosModules.spindle
113
+
];
114
+
myMods = lib.mapAttrsToList (k: v: ./nixosModules/${k}) (builtins.readDir ./nixosModules);
115
+
in
116
+
deps ++ myMods;
117
+
};
118
+
87
119
nixDir = ./.;
88
120
legacyPackages = pkgs: pkgs;
89
121
nixpkgs.config = {
+1
-2
homeModules/btop.nix
+1
-2
homeModules/btop.nix
+1
-3
homeModules/cat.nix
+1
-3
homeModules/cat.nix
+2
-3
homeModules/comma.nix
+2
-3
homeModules/comma.nix
-7
homeModules/default.nix
-7
homeModules/default.nix
+1
-5
homeModules/dev.nix
+1
-5
homeModules/dev.nix
+1
-1
homeModules/firewall.nix
+1
-1
homeModules/firewall.nix
+2
-3
homeModules/gdi.nix
+2
-3
homeModules/gdi.nix
···
1
-
{inputs, ...}: {
1
+
{
2
2
config,
3
3
lib,
4
4
pkgs,
5
+
inputs,
5
6
...
6
7
}: {
7
-
imports = [inputs.niri.homeModules.niri];
8
-
9
8
options.cow.gdi = {
10
9
enable = lib.mkEnableOption "Niri + Customizations";
11
10
doIdle = lib.mkEnableOption "Turn off screen, sleep, etc. from inactivity";
+2
-1
homeModules/music.nix
+2
-1
homeModules/music.nix
+1
-3
homeModules/nvim.nix
+1
-3
homeModules/nvim.nix
+1
-2
homeModules/utils.nix
+1
-2
homeModules/utils.nix
+2
-1
homeModules/waybar.nix
+2
-1
homeModules/waybar.nix
+91
-92
nixosConfigurations/aperture.nix
+91
-92
nixosConfigurations/aperture.nix
···
6
6
}: {
7
7
system = "x86_64-linux";
8
8
9
-
modules =
10
-
(builtins.attrValues outputs.nixosModules)
11
-
++ [
12
-
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
13
-
(
14
-
{pkgs, ...}: {
15
-
home-manager.users.bean.home.stateVersion = "25.05";
16
-
system.stateVersion = "25.05";
17
-
networking.hostName = "aperture";
9
+
modules = [
10
+
outputs.nixosModules.default
11
+
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
12
+
(
13
+
{pkgs, ...}: {
14
+
home-manager.users.bean.home.stateVersion = "25.05";
15
+
system.stateVersion = "25.05";
16
+
networking.hostName = "aperture";
18
17
19
-
nix.settings = {
20
-
substituters = lib.mkForce [
21
-
"https://bincache.bwc9876.dev"
22
-
"https://cache.nixos.org"
23
-
];
24
-
trusted-substituters = [
25
-
"https://bincache.bwc9876.dev"
26
-
];
27
-
trusted-public-keys = [
28
-
"bincache.bwc9876.dev:Hld97kaStrWo7zlLpiay2NDeDF3OpOYPzM0Kzfqj+Kw="
18
+
nix.settings = {
19
+
substituters = lib.mkForce [
20
+
"https://bincache.bwc9876.dev"
21
+
"https://cache.nixos.org"
22
+
];
23
+
trusted-substituters = [
24
+
"https://bincache.bwc9876.dev"
25
+
];
26
+
trusted-public-keys = [
27
+
"bincache.bwc9876.dev:Hld97kaStrWo7zlLpiay2NDeDF3OpOYPzM0Kzfqj+Kw="
28
+
];
29
+
};
30
+
31
+
users.users = let
32
+
secureRoot = "/nix/persist/secure";
33
+
in {
34
+
bean = {
35
+
hashedPasswordFile = "${secureRoot}/hashed-passwd";
36
+
extraGroups = [
37
+
"adbusers"
38
+
"kvm"
29
39
];
30
40
};
41
+
root.hashedPasswordFile = "${secureRoot}/hashed-passwd";
42
+
};
31
43
32
-
users.users = let
33
-
secureRoot = "/nix/persist/secure";
34
-
in {
35
-
bean = {
36
-
hashedPasswordFile = "${secureRoot}/hashed-passwd";
37
-
extraGroups = [
38
-
"adbusers"
39
-
"kvm"
40
-
];
41
-
};
42
-
root.hashedPasswordFile = "${secureRoot}/hashed-passwd";
44
+
home-manager.users.bean.cow = {
45
+
kde-connect = {
46
+
enable = true;
47
+
dev-name = "APERTURE";
43
48
};
49
+
dev.mc = true;
50
+
};
44
51
45
-
home-manager.users.bean.cow = {
46
-
kde-connect = {
47
-
enable = true;
48
-
dev-name = "APERTURE";
49
-
};
50
-
dev.mc = true;
52
+
services.keyd = {
53
+
enable = true;
54
+
keyboards.default.settings.main = {
55
+
"capslock" = "7";
56
+
"media" = "delete";
51
57
};
58
+
};
52
59
53
-
services.keyd = {
60
+
home-manager.users.bean.programs.niri.settings = {
61
+
outputs."eDP-1".scale = 1.25;
62
+
};
63
+
64
+
environment.systemPackages = with pkgs; [
65
+
android-tools
66
+
];
67
+
68
+
cow = {
69
+
audio.tweaks = {
54
70
enable = true;
55
-
keyboards.default.settings.main = {
56
-
"capslock" = "7";
57
-
"media" = "delete";
58
-
};
71
+
threadirqs = true;
72
+
soundCard = "00:1f.3";
59
73
};
60
-
61
-
home-manager.users.bean.programs.niri.settings = {
62
-
outputs."eDP-1".scale = 1.25;
74
+
base.sysrqs = true;
75
+
bean.sudoer = true;
76
+
lanzaboote.enable = true;
77
+
hypervisor.enable = true;
78
+
role-laptop = {
79
+
enable = true;
80
+
fingerPrintSensor = true;
63
81
};
64
-
65
-
environment.systemPackages = with pkgs; [
66
-
android-tools
67
-
];
68
-
69
-
cow = {
70
-
audio.tweaks = {
71
-
enable = true;
72
-
threadirqs = true;
73
-
soundCard = "00:1f.3";
74
-
};
75
-
base.sysrqs = true;
76
-
bean.sudoer = true;
77
-
lanzaboote.enable = true;
78
-
hypervisor.enable = true;
79
-
role-laptop = {
80
-
enable = true;
81
-
fingerPrintSensor = true;
82
-
};
83
-
gaming.enable = true;
84
-
imperm.enable = true;
85
-
disks = {
86
-
enable = true;
87
-
swap = true;
88
-
luks = true;
89
-
};
82
+
gaming.enable = true;
83
+
imperm.enable = true;
84
+
disks = {
85
+
enable = true;
86
+
swap = true;
87
+
luks = true;
90
88
};
89
+
};
91
90
92
-
boot.initrd.availableKernelModules = [
93
-
"xhci_pci"
94
-
"thunderbolt"
95
-
"nvme"
96
-
"usb_storage"
97
-
"sd_mod"
98
-
];
99
-
boot.initrd.kernelModules = [];
100
-
boot.kernelModules = ["kvm-intel"];
101
-
boot.extraModulePackages = [];
102
-
boot.binfmt.emulatedSystems = ["aarch64-linux"];
91
+
boot.initrd.availableKernelModules = [
92
+
"xhci_pci"
93
+
"thunderbolt"
94
+
"nvme"
95
+
"usb_storage"
96
+
"sd_mod"
97
+
];
98
+
boot.initrd.kernelModules = [];
99
+
boot.kernelModules = ["kvm-intel"];
100
+
boot.extraModulePackages = [];
101
+
boot.binfmt.emulatedSystems = ["aarch64-linux"];
103
102
104
-
programs.wireshark = {
105
-
enable = true;
106
-
dumpcap.enable = true;
107
-
};
103
+
programs.wireshark = {
104
+
enable = true;
105
+
dumpcap.enable = true;
106
+
};
108
107
109
-
hardware.framework.enableKmod = false;
108
+
hardware.framework.enableKmod = false;
110
109
111
-
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
112
-
hardware.enableRedistributableFirmware = lib.mkDefault true;
113
-
hardware.cpu.intel.updateMicrocode = true;
114
-
}
115
-
)
116
-
];
110
+
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
111
+
hardware.enableRedistributableFirmware = lib.mkDefault true;
112
+
hardware.cpu.intel.updateMicrocode = true;
113
+
}
114
+
)
115
+
];
117
116
}
+224
-207
nixosConfigurations/black-mesa.nix
+224
-207
nixosConfigurations/black-mesa.nix
···
5
5
}: {
6
6
system = "x86_64-linux";
7
7
8
-
modules =
9
-
(builtins.attrValues outputs.nixosModules)
10
-
++ [
11
-
inputs.nixos-hardware.nixosModules.common-gpu-amd
12
-
inputs.nixos-hardware.nixosModules.common-cpu-amd
13
-
inputs.spoon.nixosModules.black-mesa
14
-
(
15
-
{config, ...}: {
16
-
home-manager.users.bean.home.stateVersion = "25.05";
17
-
system.stateVersion = "25.05";
18
-
networking.hostName = "black-mesa";
8
+
modules = [
9
+
outputs.nixosModules.default
10
+
inputs.nixos-hardware.nixosModules.common-gpu-amd
11
+
inputs.nixos-hardware.nixosModules.common-cpu-amd
12
+
inputs.spoon.nixosModules.black-mesa
13
+
(
14
+
{config, ...}: {
15
+
home-manager.users.bean.home.stateVersion = "25.05";
16
+
system.stateVersion = "25.05";
17
+
networking.hostName = "black-mesa";
19
18
20
-
powerManagement.cpuFreqGovernor = "performance";
19
+
powerManagement.cpuFreqGovernor = "performance";
21
20
22
-
boot.initrd.availableKernelModules = [
23
-
"nvme"
24
-
"xhci_pci"
25
-
"ahci"
26
-
"usbhid"
27
-
"usb_storage"
28
-
"sd_mod"
29
-
];
30
-
boot.kernelModules = ["kvm-amd"];
31
-
boot.extraModulePackages = [];
21
+
boot.initrd.availableKernelModules = [
22
+
"nvme"
23
+
"xhci_pci"
24
+
"ahci"
25
+
"usbhid"
26
+
"usb_storage"
27
+
"sd_mod"
28
+
];
29
+
boot.kernelModules = ["kvm-amd"];
30
+
boot.extraModulePackages = [];
32
31
33
-
hardware.enableRedistributableFirmware = true;
32
+
hardware.enableRedistributableFirmware = true;
34
33
35
-
# Other disks handled by cow.disks
36
-
fileSystems."/mnt/storage" = {
37
-
device = "/dev/sda1";
38
-
fsType = "btrfs";
39
-
};
34
+
# Other disks handled by cow.disks
35
+
fileSystems."/mnt/storage" = {
36
+
device = "/dev/sda1";
37
+
fsType = "btrfs";
38
+
};
40
39
41
-
users.users = let
42
-
secureRoot = "/nix/persist/secure";
43
-
in {
44
-
bean.hashedPasswordFile = "${secureRoot}/hashed-passwd";
45
-
root = {
46
-
openssh.authorizedKeys.keys = [config.cow.bean.pubkey];
47
-
hashedPasswordFile = "${secureRoot}/hashed-passwd";
48
-
};
40
+
users.users = let
41
+
secureRoot = "/nix/persist/secure";
42
+
in {
43
+
bean.hashedPasswordFile = "${secureRoot}/hashed-passwd";
44
+
root = {
45
+
openssh.authorizedKeys.keys = [config.cow.bean.pubkey];
46
+
hashedPasswordFile = "${secureRoot}/hashed-passwd";
49
47
};
48
+
};
50
49
51
-
home-manager.users.bean.cow = {
52
-
sync.enable = true;
53
-
dev.enable = true;
50
+
home-manager.users.bean.cow = {
51
+
sync.enable = true;
52
+
dev.enable = true;
53
+
};
54
+
55
+
cow = {
56
+
audio.tweaks = {
57
+
enable = true;
58
+
threadirqs = true;
59
+
};
60
+
bean.sudoer = true;
61
+
lanzaboote.enable = true;
62
+
ssh-server.enable = true;
63
+
role-desktop.enable = true;
64
+
gaming.enable = true;
65
+
imperm.enable = true;
66
+
disks = {
67
+
enable = true;
68
+
partition-prefix = "cow-bm";
69
+
swap = false;
70
+
luks = true;
54
71
};
72
+
};
73
+
}
74
+
)
75
+
{
76
+
# Bingus!
77
+
imports = [inputs.bingus.nixosModules.default];
55
78
56
-
cow = {
57
-
audio.tweaks = {
79
+
cow.imperm.keep = [
80
+
"/var/lib/bingus"
81
+
];
82
+
83
+
services.bingus-bot = {
84
+
enable = true;
85
+
tokenFile = "/nix/persist/secure/bingus-token";
86
+
replyChannels = [
87
+
1295245646542143489
88
+
1479180106508271697
89
+
];
90
+
};
91
+
}
92
+
(
93
+
{
94
+
config,
95
+
pkgs,
96
+
lib,
97
+
...
98
+
}: {
99
+
# Self hosted stuff
100
+
101
+
cow = {
102
+
tranquil = {
103
+
enable = true;
104
+
domainName = "tranquil.bwc9876.dev";
105
+
envFile = "/nix/persist/secure/tranquil.env";
106
+
};
107
+
tangled = {
108
+
knot = {
58
109
enable = true;
59
-
threadirqs = true;
110
+
hostname = "knot.bwc9876.dev";
111
+
gitUser = "gurt";
60
112
};
61
-
bean.sudoer = true;
62
-
lanzaboote.enable = true;
63
-
ssh-server.enable = true;
64
-
role-desktop.enable = true;
65
-
gaming.enable = true;
66
-
imperm.enable = true;
67
-
disks = {
113
+
spindle = {
68
114
enable = true;
69
-
partition-prefix = "cow-bm";
70
-
swap = false;
71
-
luks = true;
115
+
hostname = "spindle.bwc9876.dev";
72
116
};
73
117
};
74
-
}
75
-
)
76
-
{
77
-
# Bingus!
78
-
imports = [inputs.bingus.nixosModules.default];
118
+
imperm.keep = ["/var/lib/acme"];
119
+
};
79
120
80
-
cow.imperm.keep = [
81
-
"/var/lib/bingus"
121
+
networking.firewall.allowedTCPPorts = [
122
+
80
123
+
443
82
124
];
83
125
84
-
services.bingus-bot = {
126
+
services.nginx = {
85
127
enable = true;
86
-
tokenFile = "/nix/persist/secure/bingus-token";
87
-
replyChannels = [
88
-
1295245646542143489
89
-
1479180106508271697
90
-
];
91
-
};
92
-
}
93
-
(
94
-
{
95
-
config,
96
-
pkgs,
97
-
lib,
98
-
...
99
-
}: {
100
-
# Self hosted stuff
128
+
129
+
recommendedTlsSettings = true;
130
+
recommendedBrotliSettings = true;
131
+
recommendedOptimisation = true;
132
+
recommendedGzipSettings = true;
133
+
recommendedProxySettings = true;
134
+
experimentalZstdSettings = true;
101
135
102
-
cow = {
103
-
tranquil = {
104
-
enable = true;
105
-
domainName = "tranquil.bwc9876.dev";
106
-
envFile = "/nix/persist/secure/tranquil.env";
136
+
# TODO: HTTP Challenge instead?
137
+
virtualHosts."knot.bwc9876.dev" = {
138
+
addSSL = true;
139
+
acmeRoot = null; # Doing DNS challenges
140
+
useACMEHost = "bwc9876.dev";
141
+
};
142
+
virtualHosts."tranquil.bwc9876.dev" = {
143
+
addSSL = true;
144
+
acmeRoot = null; # DNS
145
+
useACMEHost = "bwc9876.dev";
146
+
};
147
+
virtualHosts."*.tranquil.bwc9876.dev" = {
148
+
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.tranquil-pds.settings.server.port}";
149
+
addSSL = true;
150
+
acmeRoot = null; # DNS
151
+
useACMEHost = "tranquil.bwc9876.dev";
152
+
};
153
+
virtualHosts."spindle.bwc9876.dev" = {
154
+
addSSL = true;
155
+
acmeRoot = null; # DNS
156
+
useACMEHost = "bwc9876.dev";
157
+
};
158
+
virtualHosts."bincache.bwc9876.dev" = {
159
+
addSSL = true;
160
+
acmeRoot = null;
161
+
useACMEHost = "bwc9876.dev";
162
+
locations."/" = {
163
+
proxyPass = "http://localhost:6767";
164
+
recommendedProxySettings = true;
107
165
};
108
-
tangled = {
109
-
knot = {
110
-
enable = true;
111
-
hostname = "knot.bwc9876.dev";
112
-
gitUser = "gurt";
113
-
};
114
-
spindle = {
115
-
enable = true;
116
-
hostname = "spindle.bwc9876.dev";
117
-
};
118
-
};
119
-
imperm.keep = ["/var/lib/acme"];
120
166
};
167
+
};
121
168
122
-
networking.firewall.allowedTCPPorts = [
123
-
80
124
-
443
169
+
services.tranquil-pds.settings.email = {
170
+
from_address = lib.strings.join "@" [
171
+
"beanpds"
172
+
(lib.strings.join "." [
173
+
"gmail"
174
+
"com"
175
+
])
125
176
];
126
-
127
-
services.nginx = {
128
-
enable = true;
129
-
130
-
recommendedTlsSettings = true;
131
-
recommendedBrotliSettings = true;
132
-
recommendedOptimisation = true;
133
-
recommendedGzipSettings = true;
134
-
recommendedProxySettings = true;
135
-
experimentalZstdSettings = true;
177
+
from_name = "Bean PDS";
178
+
};
136
179
137
-
# TODO: HTTP Challenge instead?
138
-
virtualHosts."knot.bwc9876.dev" = {
139
-
addSSL = true;
140
-
acmeRoot = null; # Doing DNS challenges
141
-
useACMEHost = "bwc9876.dev";
142
-
};
143
-
virtualHosts."tranquil.bwc9876.dev" = {
144
-
addSSL = true;
145
-
acmeRoot = null; # DNS
146
-
useACMEHost = "bwc9876.dev";
147
-
};
148
-
virtualHosts."*.tranquil.bwc9876.dev" = {
149
-
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.tranquil-pds.settings.server.port}";
150
-
addSSL = true;
151
-
acmeRoot = null; # DNS
152
-
useACMEHost = "tranquil.bwc9876.dev";
153
-
};
154
-
virtualHosts."spindle.bwc9876.dev" = {
155
-
addSSL = true;
156
-
acmeRoot = null; # DNS
157
-
useACMEHost = "bwc9876.dev";
158
-
};
159
-
virtualHosts."bincache.bwc9876.dev" = {
160
-
addSSL = true;
161
-
acmeRoot = null;
162
-
useACMEHost = "bwc9876.dev";
163
-
locations."/" = {
164
-
proxyPass = "http://localhost:6767";
165
-
recommendedProxySettings = true;
166
-
};
167
-
};
180
+
programs.msmtp = {
181
+
enable = true;
182
+
accounts.default = {
183
+
auth = true;
184
+
# ssshhhhh
185
+
host = "smtp.gmail.com";
186
+
user = lib.strings.join "@" [
187
+
"beanpds"
188
+
(lib.strings.join "." [
189
+
"gmail"
190
+
"com"
191
+
])
192
+
];
193
+
from = lib.strings.join "@" [
194
+
"beanpds"
195
+
(lib.strings.join "." [
196
+
"gmail"
197
+
"com"
198
+
])
199
+
];
200
+
passwordeval = "cat /nix/persist/secure/smtp-pass";
201
+
port = 587;
202
+
tls = true;
168
203
};
204
+
};
169
205
170
-
services.tranquil-pds.settings.email = {
171
-
from_address = lib.strings.join "@" ["beanpds" (lib.strings.join "." ["gmail" "com"])];
172
-
from_name = "Bean PDS";
173
-
};
206
+
services.nix-serve = {
207
+
enable = true;
208
+
package = pkgs.nix-serve-ng;
209
+
port = 6767;
210
+
bindAddress = "127.0.0.1";
211
+
secretKeyFile = "/nix/persist/secure/nix-serve.key";
212
+
};
174
213
175
-
programs.msmtp = {
176
-
enable = true;
177
-
accounts.default = {
178
-
auth = true;
179
-
# ssshhhhh
180
-
host = "smtp.gmail.com";
181
-
user = lib.strings.join "@" ["beanpds" (lib.strings.join "." ["gmail" "com"])];
182
-
from = lib.strings.join "@" ["beanpds" (lib.strings.join "." ["gmail" "com"])];
183
-
passwordeval = "cat /nix/persist/secure/smtp-pass";
184
-
port = 587;
185
-
tls = true;
186
-
};
214
+
security.acme = {
215
+
acceptTerms = true;
216
+
defaults = {
217
+
email = "ben@bwc9876.dev";
187
218
};
188
-
189
-
services.nix-serve = {
190
-
enable = true;
191
-
package = pkgs.nix-serve-ng;
192
-
port = 6767;
193
-
bindAddress = "127.0.0.1";
194
-
secretKeyFile = "/nix/persist/secure/nix-serve.key";
219
+
certs."tranquil.bwc9876.dev" = {
220
+
domain = "*.tranquil.bwc9876.dev";
221
+
reloadServices = ["nginx"];
222
+
group = config.services.nginx.group;
223
+
dnsProvider = "porkbun";
224
+
environmentFile = "/nix/persist/secure/porkbun.env";
195
225
};
196
-
197
-
security.acme = {
198
-
acceptTerms = true;
199
-
defaults = {
200
-
email = "ben@bwc9876.dev";
201
-
};
202
-
certs."tranquil.bwc9876.dev" = {
203
-
domain = "*.tranquil.bwc9876.dev";
204
-
reloadServices = ["nginx"];
205
-
group = config.services.nginx.group;
206
-
dnsProvider = "porkbun";
207
-
environmentFile = "/nix/persist/secure/porkbun.env";
208
-
};
209
-
certs."bwc9876.dev" = {
210
-
domain = "*.bwc9876.dev";
211
-
reloadServices = [
212
-
"nginx"
213
-
];
214
-
group = config.services.nginx.group;
215
-
dnsProvider = "porkbun";
216
-
environmentFile = "/nix/persist/secure/porkbun.env";
217
-
};
226
+
certs."bwc9876.dev" = {
227
+
domain = "*.bwc9876.dev";
228
+
reloadServices = [
229
+
"nginx"
230
+
];
231
+
group = config.services.nginx.group;
232
+
dnsProvider = "porkbun";
233
+
environmentFile = "/nix/persist/secure/porkbun.env";
218
234
};
219
-
}
220
-
)
221
-
{
222
-
# WOL
223
-
systemd.network.links."79-eth-wol" = {
224
-
matchConfig = {
225
-
Type = "ether";
226
-
Driver = "!veth";
227
-
Virtualization = "false";
228
-
};
229
-
linkConfig = {
230
-
WakeOnLan = "magic";
231
-
NamePolicy = "keep kernel database onboard slot path";
232
-
AlternativeNamesPolicy = "database onboard slot path mac";
233
-
MACAddressPolicy = "persistent";
234
-
};
235
+
};
236
+
}
237
+
)
238
+
{
239
+
# WOL
240
+
systemd.network.links."79-eth-wol" = {
241
+
matchConfig = {
242
+
Type = "ether";
243
+
Driver = "!veth";
244
+
Virtualization = "false";
245
+
};
246
+
linkConfig = {
247
+
WakeOnLan = "magic";
248
+
NamePolicy = "keep kernel database onboard slot path";
249
+
AlternativeNamesPolicy = "database onboard slot path mac";
250
+
MACAddressPolicy = "persistent";
235
251
};
252
+
};
253
+
}
254
+
(
255
+
{lib, ...}: {
256
+
virtualisation.podman.enable = true;
257
+
# spoon.mc-srv.cobblemon.enable = lib.mkForce false;
258
+
spoon.yggdrasil.enable = lib.mkForce false;
259
+
spoon.yggdrasil.config.Listen = lib.mkForce [];
260
+
cow.imperm.keep = ["/var/lib/containers"];
236
261
}
237
-
(
238
-
{lib, ...}: {
239
-
virtualisation.podman.enable = true;
240
-
# spoon.mc-srv.cobblemon.enable = lib.mkForce false;
241
-
spoon.yggdrasil.enable = lib.mkForce false;
242
-
spoon.yggdrasil.config.Listen = lib.mkForce [];
243
-
cow.imperm.keep = ["/var/lib/containers"];
244
-
}
245
-
)
246
-
];
262
+
)
263
+
];
247
264
}
+75
-80
nixosConfigurations/installer.nix
+75
-80
nixosConfigurations/installer.nix
···
5
5
}: {
6
6
system = "x86_64-linux";
7
7
8
-
modules =
9
-
(builtins.attrValues outputs.nixosModules)
10
-
++ [
11
-
(
12
-
{
13
-
modulesPath,
14
-
pkgs,
15
-
...
16
-
}: {
17
-
imports = [
18
-
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
8
+
modules = [
9
+
outputs.nixosModules.default
10
+
(
11
+
{
12
+
modulesPath,
13
+
pkgs,
14
+
...
15
+
}: {
16
+
imports = [
17
+
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
18
+
];
19
+
20
+
services.getty.autologinUser = lib.mkForce "root";
21
+
22
+
services.kmscon = {
23
+
enable = true;
24
+
fonts = [
25
+
{
26
+
name = "SauceCodePro Nerd Font Mono";
27
+
package = pkgs.nerd-fonts.sauce-code-pro;
28
+
}
19
29
];
30
+
};
20
31
21
-
services.kmscon = {
22
-
enable = true;
23
-
autologinUser = "root";
24
-
fonts = [
25
-
{
26
-
name = "SauceCodePro Nerd Font Mono";
27
-
package = pkgs.nerd-fonts.sauce-code-pro;
28
-
}
29
-
];
32
+
boot = let
33
+
supportedFilesystems = {
34
+
btrfs = true;
35
+
reiserfs = lib.mkForce false;
36
+
vfat = true;
37
+
f2fs = true;
38
+
xfs = true;
39
+
ntfs = true;
40
+
cifs = true;
41
+
zfs = lib.mkForce false;
30
42
};
31
-
32
-
boot = let
33
-
supportedFilesystems = {
34
-
btrfs = true;
35
-
reiserfs = lib.mkForce false;
36
-
vfat = true;
37
-
f2fs = true;
38
-
xfs = true;
39
-
ntfs = true;
40
-
cifs = true;
41
-
zfs = lib.mkForce false;
42
-
};
43
-
in {
44
-
initrd.systemd.enable = false;
43
+
in {
44
+
initrd.systemd.enable = false;
45
+
inherit supportedFilesystems;
46
+
initrd = {
45
47
inherit supportedFilesystems;
46
-
initrd = {
47
-
inherit supportedFilesystems;
48
-
};
49
48
};
49
+
};
50
50
51
-
system.extraDependencies = [
52
-
outputs.nixosConfigurations.aperture.config.system.build.toplevel
53
-
outputs.nixosConfigurations.black-mesa.config.system.build.toplevel
54
-
];
51
+
environment.systemPackages = with pkgs; [
52
+
disko
53
+
sbctl
54
+
];
55
+
}
56
+
)
57
+
(
58
+
{pkgs, ...}: {
59
+
system.stateVersion = "25.05";
60
+
networking.hostName = "cow-installer";
55
61
56
-
environment.systemPackages = with pkgs; [
57
-
disko
58
-
sbctl
59
-
];
60
-
}
61
-
)
62
-
(
63
-
{pkgs, ...}: {
64
-
system.stateVersion = "25.05";
65
-
networking.hostName = "cow-installer";
62
+
networking.networkmanager.enable = lib.mkForce false;
66
63
67
-
networking.networkmanager.enable = lib.mkForce false;
64
+
isoImage.squashfsCompression = "xz -Xdict-size 100%";
68
65
69
-
isoImage.squashfsCompression = "xz -Xdict-size 100%";
66
+
users.users.root = {
67
+
shell = pkgs.nushell;
68
+
};
70
69
71
-
users.users.root = {
72
-
shell = pkgs.nushell;
70
+
home-manager.users.root.home.stateVersion = "25.05";
71
+
home-manager.users.root.cow = {
72
+
nushell = {
73
+
enable = true;
74
+
commandNotFound = true;
73
75
};
76
+
neovim.enable = true;
77
+
starship.enable = true;
78
+
yazi.enable = true;
79
+
dev.enable = false;
80
+
comma.enable = true;
81
+
cat.enable = true;
82
+
};
74
83
75
-
home-manager.users.root.home.stateVersion = "25.05";
76
-
home-manager.users.root.cow = {
77
-
nushell = {
78
-
enable = true;
79
-
commandNotFound = true;
80
-
};
81
-
neovim.enable = true;
82
-
starship.enable = true;
83
-
yazi.enable = true;
84
-
dev.enable = false;
85
-
comma.enable = true;
86
-
cat.enable = true;
87
-
};
88
-
89
-
cow = {
90
-
base.enable = true;
91
-
network = {
92
-
enable = true;
93
-
wireless = true;
94
-
};
95
-
hm.enable = true;
96
-
cat.enable = true;
84
+
cow = {
85
+
base.enable = true;
86
+
network = {
87
+
enable = true;
88
+
wireless = true;
97
89
};
98
-
}
99
-
)
100
-
];
90
+
hm.enable = true;
91
+
cat.enable = true;
92
+
};
93
+
}
94
+
)
95
+
];
101
96
}
+29
-30
nixosConfigurations/mann-co.nix
+29
-30
nixosConfigurations/mann-co.nix
···
5
5
}: {
6
6
system = "aarch64-linux";
7
7
8
-
modules =
9
-
(builtins.attrValues outputs.nixosModules)
10
-
++ [
11
-
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
12
-
{disabledModules = ["${inputs.nixpkgs}/nixos/modules/profiles/base.nix"];}
13
-
inputs.nixos-hardware.nixosModules.raspberry-pi-4
14
-
(
15
-
{pkgs, ...}: {
16
-
nixpkgs.overlays = [
17
-
(final: super: {
18
-
makeModulesClosure = x: super.makeModulesClosure (x // {allowMissing = true;});
19
-
})
20
-
];
8
+
modules = [
9
+
outputs.nixosModules.default
10
+
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
11
+
{disabledModules = ["${inputs.nixpkgs}/nixos/modules/profiles/base.nix"];}
12
+
inputs.nixos-hardware.nixosModules.raspberry-pi-4
13
+
(
14
+
{pkgs, ...}: {
15
+
nixpkgs.overlays = [
16
+
(final: super: {
17
+
makeModulesClosure = x: super.makeModulesClosure (x // {allowMissing = true;});
18
+
})
19
+
];
21
20
22
-
system.stateVersion = "25.05";
23
-
networking.hostName = "mann-co";
21
+
system.stateVersion = "25.05";
22
+
networking.hostName = "mann-co";
24
23
25
-
security.sudo.wheelNeedsPassword = false;
24
+
security.sudo.wheelNeedsPassword = false;
26
25
27
-
cow = {
28
-
base = {
29
-
enable = true;
30
-
linux-latest = false;
31
-
};
32
-
bean = {
33
-
enable = true;
34
-
sudoer = true;
35
-
};
36
-
network.enable = true;
37
-
ssh-server.enable = true;
26
+
cow = {
27
+
base = {
28
+
enable = true;
29
+
linux-latest = false;
30
+
};
31
+
bean = {
32
+
enable = true;
33
+
sudoer = true;
38
34
};
39
-
}
40
-
)
41
-
];
35
+
network.enable = true;
36
+
ssh-server.enable = true;
37
+
};
38
+
}
39
+
)
40
+
];
42
41
}
+1
-3
nixosModules/audio.nix
+1
-3
nixosModules/audio.nix
+1
-2
nixosModules/base.nix
+1
-2
nixosModules/base.nix
···
1
-
{...}: {
1
+
{
2
2
pkgs,
3
3
inputs,
4
4
config,
···
30
30
(lib.mkIf conf.env {
31
31
environment.etc = {
32
32
"machine-id".text = builtins.hashString "md5" config.networking.hostName;
33
-
"flake-src".source = inputs.self;
34
33
};
35
34
environment.variables.HOSTNAME = config.networking.hostName;
36
35
})
+1
-4
nixosModules/cat.nix
+1
-4
nixosModules/cat.nix
-7
nixosModules/default.nix
-7
nixosModules/default.nix
+3
-4
nixosModules/hm.nix
+3
-4
nixosModules/hm.nix
···
1
-
{outputs, ...}: {
1
+
{
2
2
lib,
3
-
inputs,
4
3
config,
4
+
inputs,
5
5
...
6
6
}: {
7
-
imports = [inputs.hm.nixosModules.default];
8
7
options.cow.hm.enable = lib.mkEnableOption "Home Manager";
9
8
10
9
config.home-manager = lib.mkIf config.cow.hm.enable {
11
-
sharedModules = builtins.attrValues outputs.homeModules;
10
+
sharedModules = [inputs.self.homeModules.default];
12
11
useUserPackages = true;
13
12
useGlobalPkgs = false;
14
13
};
+1
-4
nixosModules/imperm.nix
+1
-4
nixosModules/imperm.nix
···
1
-
{...}: {
1
+
{
2
2
config,
3
3
lib,
4
-
inputs,
5
4
...
6
5
}: {
7
-
imports = [inputs.imperm.nixosModules.default];
8
-
9
6
options.cow.imperm = {
10
7
enable = lib.mkEnableOption "Impermanence, turns off mutable users and expects you to define their password hashes";
11
8
persistRoot = lib.mkOption {
+1
-4
nixosModules/lanzaboote.nix
+1
-4
nixosModules/lanzaboote.nix
···
1
-
{...}: {
2
-
inputs,
1
+
{
3
2
lib,
4
3
config,
5
4
...
6
5
}: {
7
-
imports = [inputs.lanzaboote.nixosModules.lanzaboote];
8
-
9
6
options.cow.lanzaboote.enable = lib.mkEnableOption "Use lanzaboote for booting and secure boot";
10
7
11
8
config.boot = lib.mkIf config.cow.lanzaboote.enable {
+1
-7
nixosModules/tangled.nix
+1
-7
nixosModules/tangled.nix
+1
-4
nixosModules/tranquil.nix
+1
-4
nixosModules/tranquil.nix
-17
packages/packwiz.nix
-17
packages/packwiz.nix
···
1
-
{
2
-
packwiz,
3
-
fetchFromGitHub,
4
-
...
5
-
}:
6
-
packwiz.overrideAttrs (prev: next: {
7
-
version = "0-unstable-2025-11-24";
8
-
9
-
src = fetchFromGitHub {
10
-
owner = "packwiz";
11
-
repo = "packwiz";
12
-
rev = "52b123018f9e19b49703f76e78ad415642acf5c5";
13
-
sha256 = "sha256-EVs2PngdapCUSf6J946rpJWnEbM8TtlDQQS/Zg16Qfs=";
14
-
};
15
-
16
-
vendorHash = "sha256-P1SsvHTYKUoPve9m1rloBfMxUNcDKr/YYU4dr4vZbTE=";
17
-
})