[flake] flake-parts works maybe???? · pyrox.dev/nix@0e1a3e2

··· 1 + { 2 + ... 3 + }: 4 + { 5 + perSystem = 6 + { pkgs, ... }: 7 + { 8 + devShells = { 9 + default = pkgs.callPackage ./default { }; 10 + }; 11 + }; 12 + }

+34 -143

flake.lock

··· 52 52 "nixpkgs": [ 53 53 "nixpkgs" 54 54 ], 55 - "treefmt-nix": "treefmt-nix" 55 + "treefmt-nix": [] 56 56 }, 57 57 "locked": { 58 - "lastModified": 1758204241, 59 - "narHash": "sha256-xKl3mXyML/NCWUYrZ9ww/fXfTWvGvNnXgDBrpDy/c2Y=", 60 - "owner": "Mic92", 58 + "lastModified": 1758897213, 59 + "narHash": "sha256-pLZgNsmCMhTWd8aRuGkK23ik5nclpIn1flnURKH6QjI=", 60 + "owner": "nix-community", 61 61 "repo": "buildbot-nix", 62 - "rev": "82745470e3fa50e1bdcc8f59745121aa29f1ac7a", 62 + "rev": "985d069a2a45cf4a571a4346107671adc2bd2a16", 63 63 "type": "github" 64 64 }, 65 65 "original": { 66 - "owner": "Mic92", 66 + "owner": "nix-community", 67 67 "repo": "buildbot-nix", 68 68 "type": "github" 69 69 } ··· 105 105 "owner": "lnl7", 106 106 "ref": "master", 107 107 "repo": "nix-darwin", 108 - "type": "github" 109 - } 110 - }, 111 - "deploy-rs": { 112 - "inputs": { 113 - "flake-compat": [ 114 - "flake-compat" 115 - ], 116 - "nixpkgs": [ 117 - "nixpkgs" 118 - ], 119 - "utils": [ 120 - "flake-utils" 121 - ] 122 - }, 123 - "locked": { 124 - "lastModified": 1756719547, 125 - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", 126 - "owner": "serokell", 127 - "repo": "deploy-rs", 128 - "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", 129 - "type": "github" 130 - }, 131 - "original": { 132 - "owner": "serokell", 133 - "repo": "deploy-rs", 134 108 "type": "github" 135 109 } 136 110 }, ··· 246 220 "type": "github" 247 221 } 248 222 }, 223 + "easy-hosts": { 224 + "locked": { 225 + "lastModified": 1755470564, 226 + "narHash": "sha256-KB1ZryVDoQcbIsItOf4WtxkHhh3ppj+XwMpSnt/2QHc=", 227 + "owner": "tgirlcloud", 228 + "repo": "easy-hosts", 229 + "rev": "d0422bc7b3db26268982aa15d07e60370e76ee1d", 230 + "type": "github" 231 + }, 232 + "original": { 233 + "owner": "tgirlcloud", 234 + "repo": "easy-hosts", 235 + "type": "github" 236 + } 237 + }, 249 238 "flake-compat": { 250 239 "locked": { 251 240 "lastModified": 1747046372, ··· 315 304 "type": "github" 316 305 } 317 306 }, 318 - "flake-utils-plus": { 319 - "inputs": { 320 - "flake-utils": "flake-utils_2" 321 - }, 322 - "locked": { 323 - "lastModified": 1715533576, 324 - "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", 325 - "owner": "gytis-ivaskevicius", 326 - "repo": "flake-utils-plus", 327 - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", 328 - "type": "github" 329 - }, 330 - "original": { 331 - "owner": "gytis-ivaskevicius", 332 - "repo": "flake-utils-plus", 333 - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", 334 - "type": "github" 335 - } 336 - }, 337 307 "flake-utils_2": { 338 308 "inputs": { 339 - "systems": "systems" 340 - }, 341 - "locked": { 342 - "lastModified": 1694529238, 343 - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", 344 - "owner": "numtide", 345 - "repo": "flake-utils", 346 - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", 347 - "type": "github" 348 - }, 349 - "original": { 350 - "owner": "numtide", 351 - "repo": "flake-utils", 352 - "type": "github" 353 - } 354 - }, 355 - "flake-utils_3": { 356 - "inputs": { 357 - "systems": "systems_3" 309 + "systems": "systems_2" 358 310 }, 359 311 "locked": { 360 312 "lastModified": 1694529238, ··· 443 395 }, 444 396 "gomod2nix": { 445 397 "inputs": { 446 - "flake-utils": "flake-utils_3", 398 + "flake-utils": "flake-utils_2", 447 399 "nixpkgs": [ 448 - "tangled-sh", 400 + "tangled", 449 401 "nixpkgs" 450 402 ] 451 403 }, ··· 835 787 "agenix": "agenix", 836 788 "buildbot-nix": "buildbot-nix", 837 789 "ctp": "ctp", 838 - "deploy-rs": "deploy-rs", 839 790 "determinate": "determinate", 840 791 "dix": "dix", 841 792 "dns": "dns", 793 + "easy-hosts": "easy-hosts", 842 794 "flake-compat": "flake-compat", 843 795 "flake-parts": "flake-parts", 844 796 "flake-utils": "flake-utils", ··· 854 806 "nixpkgs": "nixpkgs_2", 855 807 "nixpkgs-lib": "nixpkgs-lib", 856 808 "nixpkgs-stalwart-fix": "nixpkgs-stalwart-fix", 857 - "snowfall-lib": "snowfall-lib", 858 809 "stable": "stable", 859 - "systems": "systems_2", 860 - "tangled-sh": "tangled-sh" 861 - } 862 - }, 863 - "snowfall-lib": { 864 - "inputs": { 865 - "flake-compat": [ 866 - "flake-compat" 867 - ], 868 - "flake-utils-plus": "flake-utils-plus", 869 - "nixpkgs": [ 870 - "nixpkgs" 871 - ] 872 - }, 873 - "locked": { 874 - "lastModified": 1736130495, 875 - "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", 876 - "owner": "snowfallorg", 877 - "repo": "lib", 878 - "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", 879 - "type": "github" 880 - }, 881 - "original": { 882 - "owner": "snowfallorg", 883 - "repo": "lib", 884 - "type": "github" 810 + "systems": "systems", 811 + "tangled": "tangled" 885 812 } 886 813 }, 887 814 "sqlite-lib-src": { ··· 943 870 "type": "github" 944 871 } 945 872 }, 946 - "systems_3": { 947 - "locked": { 948 - "lastModified": 1681028828, 949 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 950 - "owner": "nix-systems", 951 - "repo": "default", 952 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 953 - "type": "github" 954 - }, 955 - "original": { 956 - "owner": "nix-systems", 957 - "repo": "default", 958 - "type": "github" 959 - } 960 - }, 961 - "tangled-sh": { 873 + "tangled": { 962 874 "inputs": { 963 875 "flake-compat": "flake-compat_2", 964 876 "gomod2nix": "gomod2nix", ··· 972 884 "sqlite-lib-src": "sqlite-lib-src" 973 885 }, 974 886 "locked": { 975 - "lastModified": 1758343819, 976 - "narHash": "sha256-lXoRA/zM7V8f5SvSZMdPSMpZiFkFnx3RV0RfovQbqzg=", 887 + "lastModified": 1758990466, 888 + "narHash": "sha256-PPxdekQr5z5N37CznPm98XBm7WeMZ5+5pctJ0n/5O0I=", 977 889 "ref": "refs/heads/master", 978 - "rev": "796f739caf7df25436e0ac3a8880dca54d6238db", 979 - "revCount": 1366, 890 + "rev": "4132d1b923e4b9f65cb74339a3d72f38b0379195", 891 + "revCount": 1452, 980 892 "type": "git", 981 - "url": "https://tangled.sh/@tangled.sh/core" 893 + "url": "https://tangled.org/@tangled.org/core" 982 894 }, 983 895 "original": { 984 896 "type": "git", 985 - "url": "https://tangled.sh/@tangled.sh/core" 986 - } 987 - }, 988 - "treefmt-nix": { 989 - "inputs": { 990 - "nixpkgs": [ 991 - "buildbot-nix", 992 - "nixpkgs" 993 - ] 994 - }, 995 - "locked": { 996 - "lastModified": 1756662192, 997 - "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", 998 - "owner": "numtide", 999 - "repo": "treefmt-nix", 1000 - "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", 1001 - "type": "github" 1002 - }, 1003 - "original": { 1004 - "owner": "numtide", 1005 - "repo": "treefmt-nix", 1006 - "type": "github" 897 + "url": "https://tangled.org/@tangled.org/core" 1007 898 } 1008 899 } 1009 900 },

+50 -92

flake.nix

··· 19 19 description = "PyroNet machines and services"; 20 20 21 21 inputs = { 22 - snowfall-lib = { 23 - url = "github:snowfallorg/lib"; 24 - inputs.nixpkgs.follows = "nixpkgs"; 25 - inputs.flake-compat.follows = "flake-compat"; 22 + flake-parts = { 23 + url = "github:hercules-ci/flake-parts"; 24 + inputs.nixpkgs-lib.follows = "nixpkgs-lib"; 26 25 }; 27 26 nixpkgs.url = "https://nixpkgs.dev/channel/nixpkgs-unstable"; 28 27 nixpkgs-stalwart-fix.url = "github:pyrox0/nixpkgs/fix/stalwart-module"; ··· 30 29 # Overrides 31 30 flake-compat.url = "github:edolstra/flake-compat"; 32 31 systems.url = "github:nix-systems/default"; 33 - flake-parts = { 34 - url = "github:hercules-ci/flake-parts"; 35 - inputs.nixpkgs-lib.follows = "nixpkgs-lib"; 36 - }; 37 32 flake-utils = { 38 33 url = "github:numtide/flake-utils"; 39 34 inputs.systems.follows = "systems"; ··· 50 45 }; 51 46 }; 52 47 buildbot-nix = { 53 - url = "github:Mic92/buildbot-nix"; 48 + url = "github:nix-community/buildbot-nix"; 54 49 inputs.nixpkgs.follows = "nixpkgs"; 55 50 inputs.flake-parts.follows = "flake-parts"; 51 + inputs.treefmt-nix.follows = ""; 56 52 }; 57 53 ctp = { 58 54 url = "github:catppuccin/nix"; 59 55 }; 60 - deploy-rs = { 61 - url = "github:serokell/deploy-rs"; 62 - inputs = { 63 - nixpkgs.follows = "nixpkgs"; 64 - utils.follows = "flake-utils"; 65 - flake-compat.follows = "flake-compat"; 66 - }; 67 - }; 68 56 dix = { 69 57 url = "https://flakehub.com/f/DeterminateSystems/nix-src/*"; 70 58 inputs = { ··· 88 76 inputs.flake-utils.follows = "flake-utils"; 89 77 inputs.nixpkgs.follows = "nixpkgs"; 90 78 }; 91 - 79 + easy-hosts.url = "github:tgirlcloud/easy-hosts"; 92 80 golink = { 93 81 url = "github:tailscale/golink"; 94 82 inputs.systems.follows = "systems"; ··· 131 119 url = "git+https://git.pyrox.dev/pyrox/pkgs"; 132 120 inputs.nixpkgs.follows = "nixpkgs"; 133 121 }; 134 - tangled-sh = { 135 - url = "git+https://tangled.sh/@tangled.sh/core"; 122 + tangled = { 123 + url = "git+https://tangled.org/@tangled.org/core"; 136 124 }; 137 125 }; 138 126 139 127 outputs = 140 - inputs@{ self, ... }: 141 - let 142 - lib = inputs.snowfall-lib.mkLib { 143 - inherit inputs; 144 - src = ./.; 145 - snowfall = { 146 - meta = { 147 - name = "pyronet"; 148 - title = "PyroNet Config"; 149 - }; 150 - namespace = "py"; 151 - }; 152 - }; 153 - overlays = [ 154 - self.overlays.pyronet-packages 155 - self.overlays.nix-index 156 - self.overlays.openssh-fixperms 157 - inputs.golink.overlays.default 128 + inputs: 129 + inputs.flake-parts.lib.mkFlake { inherit inputs; } { 130 + # Systems we want to build for 131 + systems = [ 132 + "x86_64-linux" 158 133 ]; 159 - in 160 - lib.mkFlake { 161 - # Nixpkgs configuration 162 - channels-config = { 163 - allowUnfree = true; 164 - }; 165 134 166 - # Overlays for Nixpkgs. 167 - inherit overlays; 168 - 169 - # Home-manager configurations 170 - homes = { 171 - # Default modules for all homes 172 - modules = with inputs; [ 173 - nix-index-database.homeModules.nix-index 174 - ctp.homeModules.catppuccin 175 - ]; 176 - }; 177 - 178 - # NixOS Configurations 179 - systems = { 180 - # Modules for all systems 181 - modules.nixos = with inputs; [ 182 - agenix.nixosModules.default 183 - buildbot-nix.nixosModules.buildbot-worker 184 - ctp.nixosModules.catppuccin 185 - determinate.nixosModules.default 186 - ]; 187 - hosts = { 188 - # Zaphod, my personal Framework 16 laptop 189 - zaphod.modules = with inputs; [ hardware.nixosModules.framework-16-7040-amd ]; 135 + # Flake modules 136 + imports = [ 137 + inputs.easy-hosts.flakeModule 138 + inputs.home-manager.flakeModules.home-manager 139 + ./packages 140 + ./lib 141 + ./overlays 142 + ./devShells 143 + ./nixosModules 144 + ./homeModules 145 + ./templates 146 + ./hosts 147 + ]; 190 148 191 - # Prefect, my main VPS 192 - prefect.modules = with inputs; [ mailserver.nixosModule ]; 149 + # # Flake attributes 150 + # flake = { 151 + # 152 + # }; 193 153 194 - # Marvin, my main homelab machine 195 - marvin.modules = with inputs; [ 196 - buildbot-nix.nixosModules.buildbot-master 197 - golink.nixosModules.default 198 - iceshrimp.nixosModules.default 199 - tangled-sh.nixosModules.knot 200 - tangled-sh.nixosModules.spindle 201 - ]; 154 + # Per-system stuff 155 + perSystem = 156 + { 157 + pkgs, 158 + system, 159 + ... 160 + }: 161 + { 162 + _module.args.pkgs = import inputs.nixpkgs { 163 + inherit system; 164 + overlays = [ 165 + # inputs.self.overlays.pyronet-packages 166 + inputs.self.overlays.openssh-fixperms 167 + inputs.golink.overlays.default 168 + ]; 169 + config = { 170 + allowUnfree = true; 171 + }; 172 + }; 173 + formatter = pkgs.nixfmt; 202 174 }; 203 - }; 204 - templates = { 205 - uv.description = "Python template flake that uses uv"; 206 - }; 207 - 208 - outputs-builder = channels: { 209 - # Define default packages to use everywhere 210 - packages = { 211 - nvim = channels.nixpkgs.neovim-unwrapped; 212 - }; 213 - formatter = channels.nixpkgs.nixfmt-rfc-style; 214 - 215 - }; 216 - deploy = lib.mkDeploy { inherit (inputs) self; }; 217 175 }; 218 176 }

+15

homeModules/all-modules.nix

··· 1 + { inputs, ... }: 2 + { 3 + imports = [ 4 + inputs.self.homeModules.profiles 5 + inputs.self.homeModules.programs 6 + inputs.self.homeModules.scripts 7 + inputs.self.homeModules.services 8 + inputs.self.homeModules.theming 9 + inputs.self.homeModules.wayland 10 + inputs.self.homeModules.xdg 11 + 12 + inputs.nix-index-database.homeModules.nix-index 13 + inputs.ctp.homeModules.catppuccin 14 + ]; 15 + }

+13

homeModules/default.nix

··· 1 + { inputs, flake-parts-lib, ... }: 2 + { 3 + flake.homeModules = { 4 + wayland = import ./wayland; 5 + xdg = import ./xdg; 6 + programs = import ./programs; 7 + services = import ./services; 8 + scripts = import ./scripts; 9 + theming = import ./theming; 10 + profiles = import ./profiles; 11 + allModules = flake-parts-lib.importApply ./all-modules.nix { inherit inputs; }; 12 + }; 13 + }

+10

homeModules/profiles/default.nix

··· 1 + { 2 + imports = [ 3 + ./base/default.nix 4 + ./cli/default.nix 5 + ./desktop/default.nix 6 + ./development/default.nix 7 + ./gui/default.nix 8 + ./server/default.nix 9 + ]; 10 + }

+15

homeModules/profiles/server/default.nix

··· 1 + { 2 + lib, 3 + config, 4 + ... 5 + }: 6 + let 7 + cfg = config.py.profiles.server; 8 + in 9 + { 10 + options.py.profiles.server.enable = lib.mkEnableOption "Server Profile"; 11 + config = lib.mkIf cfg.enable { 12 + py.profiles.base.enable = true; 13 + py.profiles.cli.enable = true; 14 + }; 15 + }

+21

homeModules/programs/default.nix

··· 1 + { 2 + imports = [ 3 + ./chromium 4 + ./firefox 5 + ./fish 6 + ./ghostty 7 + ./git 8 + ./gpg 9 + ./helix 10 + ./kitty 11 + ./misc-programs 12 + ./neovim 13 + ./nushell 14 + ./onagre 15 + ./ssh 16 + ./starship 17 + ./vscodium 18 + ./wlogout 19 + ./zed-editor 20 + ]; 21 + }

+35

homeModules/programs/neovim/default.nix

··· 1 + { 2 + pkgs, 3 + config, 4 + lib, 5 + ... 6 + }: 7 + let 8 + cfg = config.py.programs.neovim; 9 + in 10 + { 11 + options.py.programs.neovim.enable = lib.mkEnableOption "Neovim Configuration"; 12 + 13 + config.programs.neovim = lib.mkIf cfg.enable { 14 + enable = true; 15 + viAlias = true; 16 + vimAlias = true; 17 + vimdiffAlias = true; 18 + withRuby = false; 19 + withNodeJs = false; 20 + withPython3 = false; 21 + extraPackages = [ 22 + pkgs.bottom 23 + pkgs.fd 24 + pkgs.gcc 25 + pkgs.go 26 + pkgs.nodejs 27 + ] 28 + ++ lib.optionals config.py.profiles.gui.enable [ 29 + pkgs.ffmpegthumbnailer 30 + pkgs.fontpreview 31 + pkgs.poppler 32 + pkgs.ueberzug 33 + ]; 34 + }; 35 + }

+10

homeModules/services/default.nix

··· 1 + { 2 + imports = [ 3 + ./gpg-agent 4 + ./kanshi 5 + ./kdeconnect 6 + ./mako 7 + ./swayidle 8 + ./syncthing 9 + ]; 10 + }

-8

homes/x86_64-linux/pyrox@marvin/default.nix

··· 1 - { 2 - snowfallorg.user = { 3 - enable = true; 4 - }; 5 - py = { 6 - profiles.server.enable = true; 7 - }; 8 - }

-8

homes/x86_64-linux/pyrox@prefect/default.nix

··· 1 - { 2 - snowfallorg.user = { 3 - enable = true; 4 - }; 5 - py = { 6 - profiles.server.enable = true; 7 - }; 8 - }

-8

homes/x86_64-linux/pyrox@thought/default.nix

··· 1 - { 2 - snowfallorg.user = { 3 - enable = true; 4 - }; 5 - py = { 6 - profiles.server.enable = true; 7 - }; 8 - }

-55

homes/x86_64-linux/pyrox@zaphod/default.nix

··· 1 - { 2 - pkgs, 3 - ... 4 - }: 5 - { 6 - imports = [ 7 - ./files/pamKeys.nix 8 - ./files/distrobox-config.nix 9 - ]; 10 - snowfallorg.user = { 11 - enable = true; 12 - }; 13 - home.packages = [ 14 - pkgs.mindustry 15 - ]; 16 - py = { 17 - profiles.desktop.enable = true; 18 - }; 19 - py.services.kanshi.settings = [ 20 - { 21 - profile = { 22 - name = "laptop-only"; 23 - outputs = [ 24 - { 25 - criteria = "eDP-1"; 26 - status = "enable"; 27 - scale = 1.2; 28 - position = "0,0"; 29 - adaptiveSync = true; 30 - } 31 - ]; 32 - }; 33 - } 34 - { 35 - profile = { 36 - name = "office"; 37 - outputs = [ 38 - { 39 - criteria = "eDP-1"; 40 - status = "enable"; 41 - scale = 1.2; 42 - position = "0,0"; 43 - adaptiveSync = true; 44 - } 45 - { 46 - criteria = "Acer Technologies SA241Y 0x1497CF17"; 47 - status = "enable"; 48 - scale = 1.0; 49 - position = "2160,0"; 50 - } 51 - ]; 52 - }; 53 - } 54 - ]; 55 - }

homes/x86_64-linux/pyrox@zaphod/files/distrobox-config.nix nixosModules/homes/pyrox-zaphod/files/distrobox-config.nix

homes/x86_64-linux/pyrox@zaphod/files/pamKeys.nix nixosModules/homes/pyrox-zaphod/files/pamKeys.nix

-8

homes/x86_64-linux/thehedgehog@marvin/default.nix

··· 1 - { 2 - snowfallorg.user = { 3 - enable = true; 4 - }; 5 - py = { 6 - profiles.server.enable = true; 7 - }; 8 - }

-8

homes/x86_64-linux/thehedgehog@prefect/default.nix

··· 1 - { 2 - snowfallorg.user = { 3 - enable = true; 4 - }; 5 - py = { 6 - profiles.server.enable = true; 7 - }; 8 - }

-8

homes/x86_64-linux/thehedgehog@thought/default.nix

··· 1 - { 2 - snowfallorg.user = { 3 - enable = true; 4 - }; 5 - py = { 6 - profiles.server.enable = true; 7 - }; 8 - }

-63

homes/x86_64-linux/thehedgehog@zaphod/default.nix

··· 1 - { 2 - pkgs, 3 - config, 4 - ... 5 - }: 6 - { 7 - snowfallorg.user = { 8 - enable = true; 9 - }; 10 - home.packages = [ 11 - pkgs.mindustry 12 - pkgs.signal-desktop 13 - ]; 14 - py.profiles.desktop.enable = true; 15 - services.wpaperd = { 16 - enable = true; 17 - settings = { 18 - default = { 19 - path = "${config.home.homeDirectory}/bgs"; 20 - duration = "3h"; 21 - sorting = "random"; 22 - queue-size = 50; 23 - recursive = false; 24 - }; 25 - }; 26 - }; 27 - py.services.kanshi.settings = [ 28 - { 29 - profile = { 30 - name = "laptop-only"; 31 - outputs = [ 32 - { 33 - criteria = "eDP-1"; 34 - status = "enable"; 35 - scale = 1.2; 36 - position = "0,0"; 37 - adaptiveSync = true; 38 - } 39 - ]; 40 - }; 41 - } 42 - { 43 - profile = { 44 - name = "office"; 45 - outputs = [ 46 - { 47 - criteria = "eDP-1"; 48 - status = "enable"; 49 - scale = 1.2; 50 - position = "0,0"; 51 - adaptiveSync = true; 52 - } 53 - { 54 - criteria = "Acer Technologies SA241Y 0x1497CF17"; 55 - status = "enable"; 56 - scale = 1.0; 57 - position = "2160,0"; 58 - } 59 - ]; 60 - }; 61 - } 62 - ]; 63 - }

+69

hosts/default.nix

··· 1 + { inputs, ... }: 2 + { 3 + easy-hosts = { 4 + shared = { 5 + modules = [ 6 + inputs.agenix.nixosModules.default 7 + inputs.ctp.nixosModules.catppuccin 8 + inputs.determinate.nixosModules.default 9 + inputs.home-manager.nixosModules.home-manager 10 + inputs.self.nixosModules.chromium 11 + inputs.self.nixosModules.defaultConfig 12 + inputs.self.nixosModules.defaultUsers 13 + inputs.self.nixosModules.firefox 14 + inputs.self.nixosModules.forgejo-runner 15 + inputs.self.nixosModules.hm-pyrox 16 + inputs.self.nixosModules.hm-thehedgehog 17 + inputs.self.nixosModules.miscPrograms 18 + inputs.self.nixosModules.neovim 19 + inputs.self.nixosModules.profiles 20 + inputs.self.nixosModules.scrutiny 21 + ]; 22 + }; 23 + path = ./.; 24 + hosts = { 25 + marvin = { 26 + deployable = true; 27 + tags = [ 28 + "server" 29 + "home" 30 + ]; 31 + modules = [ 32 + inputs.golink.nixosModules.default 33 + inputs.tangled.nixosModules.knot 34 + inputs.tangled.nixosModules.spindle 35 + ]; 36 + }; 37 + prefect = { 38 + deployable = true; 39 + tags = [ 40 + "server" 41 + "vps" 42 + ]; 43 + modules = [ 44 + inputs.mailserver.nixosModule 45 + ]; 46 + }; 47 + thought = { 48 + deployable = true; 49 + tags = [ 50 + "server" 51 + "vps" 52 + ]; 53 + }; 54 + zaphod = { 55 + deployable = true; 56 + tags = [ "laptop" ]; 57 + modules = [ 58 + inputs.hardware.nixosModules.framework-16-7040-amd 59 + inputs.self.nixosModules.hm-pyrox-zaphod 60 + inputs.self.nixosModules.hm-thehedgehog-zaphod 61 + { 62 + home-manager.useGlobalPkgs = true; 63 + home-manager.useUserPackages = true; 64 + } 65 + ]; 66 + }; 67 + }; 68 + }; 69 + }

+4 -4

lib/data/default.nix

··· 1 1 { 2 - data.hosts = builtins.fromTOML (builtins.readFile ./hosts.toml); 3 - data.services = builtins.fromTOML (builtins.readFile ./services.toml); 4 - data.mail = builtins.fromTOML (builtins.readFile ./mail.toml); 5 - data.tsNet = "coelacanth-dragon.ts.net"; 2 + hosts = builtins.fromTOML (builtins.readFile ./hosts.toml); 3 + services = builtins.fromTOML (builtins.readFile ./services.toml); 4 + mail = builtins.fromTOML (builtins.readFile ./mail.toml); 5 + tsNet = "coelacanth-dragon.ts.net"; 6 6 }

lib/default.nix

··· 1 + { 2 + ... 3 + }: 4 + { 5 + flake = { 6 + lib.data = import ./data; 7 + }; 8 + }

+2 -2

modules/home/profiles/base/default.nix homeModules/profiles/base/default.nix

··· 3 3 lib, 4 4 ... 5 5 }: 6 + 6 7 let 7 8 cfg = config.py.profiles.base; 8 9 in 9 10 { 10 11 options.py.profiles.base.enable = lib.mkEnableOption "Base Home Profile"; 11 12 config = lib.mkIf cfg.enable { 12 - programs.home-manager.enable = true; 13 - home.stateVersion = "25.05"; 13 + home.stateVersion = "25.11"; 14 14 home.language = { 15 15 base = "en_US.utf8"; 16 16 };

+4 -5

modules/home/profiles/cli/default.nix homeModules/profiles/cli/default.nix

··· 2 2 pkgs, 3 3 lib, 4 4 config, 5 - inputs, 6 - system, 7 5 ... 8 6 }: 9 7 let 8 + inherit (lib) mkDefault mkEnableOption; 10 9 cfg = config.py.profiles.cli; 11 - inherit (lib) mkEnableOption mkDefault mkIf; 12 10 in 13 11 { 14 12 options.py.profiles.cli.enable = mkEnableOption "CLI Profile"; 15 - config = mkIf cfg.enable { 13 + config = lib.mkIf cfg.enable { 14 + py.profiles.base.enable = true; 16 15 py.programs = { 17 16 bat.enable = mkDefault true; 18 17 direnv.enable = mkDefault true; ··· 58 57 fzf 59 58 glow 60 59 gnupg 60 + nix-search 61 61 pinentry 62 62 rbw 63 63 rsync 64 64 xdg-utils 65 65 yt-dlp 66 - inputs.nix-search.packages.${system}.default 67 66 ]; 68 67 }; 69 68 }

modules/home/profiles/cli/rbw-config.json homeModules/profiles/cli/rbw-config.json

+5 -7

modules/home/profiles/desktop/default.nix homeModules/profiles/desktop/default.nix

··· 1 1 { 2 2 pkgs, 3 - config, 4 3 lib, 4 + config, 5 5 ... 6 6 }: 7 7 let ··· 11 11 { 12 12 options.py.profiles.desktop.enable = mkEnableOption "Desktop Config"; 13 13 config = mkIf cfg.enable { 14 - py.profiles = { 15 - base.enable = mkDefault true; 16 - cli.enable = mkDefault true; 17 - gui.enable = mkDefault true; 18 - development.enable = mkDefault true; 19 - }; 14 + py.profiles.base.enable = true; 15 + py.profiles.cli.enable = true; 16 + py.profiles.gui.enable = true; 17 + py.profiles.development.enable = true; 20 18 programs.mpv = { 21 19 enable = mkDefault true; 22 20 scripts = with pkgs.mpvScripts; [

+1 -1

modules/home/profiles/development/default.nix homeModules/profiles/development/default.nix

··· 1 1 { 2 2 pkgs, 3 - lib, 4 3 config, 4 + lib, 5 5 ... 6 6 }: 7 7 let

+3 -4

modules/home/profiles/gui/default.nix homeModules/profiles/gui/default.nix

··· 1 1 { 2 2 pkgs, 3 3 lib, 4 - config, 5 4 osConfig, 5 + config, 6 6 ... 7 7 }: 8 8 let 9 + inherit (lib) mkDefault mkEnableOption; 9 10 cfg = config.py.profiles.gui; 10 - inherit (lib) mkEnableOption mkIf mkDefault; 11 11 in 12 12 { 13 13 options.py.profiles.gui.enable = mkEnableOption "GUI Profile"; 14 - config = mkIf cfg.enable { 14 + config = lib.mkIf cfg.enable { 15 15 home.sessionVariables = { 16 16 XDG_CURRENT_DESKTOP = "sway"; 17 17 }; 18 18 py = { 19 - gui.enable = true; 20 19 programs = { 21 20 chromium.enable = mkDefault true; 22 21 firefox.enable = mkDefault true;

-13

modules/home/profiles/server/default.nix

··· 1 - { lib, config, ... }: 2 - let 3 - cfg = config.py.profiles.server; 4 - in 5 - { 6 - options.py.profiles.server.enable = lib.mkEnableOption "Server Profile"; 7 - config = lib.mkIf cfg.enable { 8 - py.profiles = { 9 - base.enable = lib.mkDefault true; 10 - cli.enable = lib.mkDefault true; 11 - }; 12 - }; 13 - }

modules/home/programs/chromium/default.nix homeModules/programs/chromium/default.nix

modules/home/programs/firefox/default.nix homeModules/programs/firefox/default.nix

modules/home/programs/fish/default.nix homeModules/programs/fish/default.nix

modules/home/programs/ghostty/default.nix homeModules/programs/ghostty/default.nix

modules/home/programs/ghostty/settings.nix homeModules/programs/ghostty/settings.nix

+3 -3

modules/home/programs/git/default.nix homeModules/programs/git/default.nix

··· 58 58 extraConfig = { 59 59 branch.sort = "-committerdate"; 60 60 column.ui = "auto"; 61 - core.editor = lib.getExe pkgs.py.nvim; 61 + core.editor = lib.getExe pkgs.neovim; 62 62 "credential \"https://git.pyrox.dev\"".username = "pyrox"; 63 63 credential.helper = "rbw"; 64 64 diff = { ··· 117 117 enable = true; 118 118 gitCredentialHelper.enable = true; 119 119 settings = { 120 - editor = lib.getExe pkgs.py.nvim; 120 + editor = lib.getExe pkgs.neovim; 121 121 git_protocol = "https"; 122 - browser = lib.mkIf config.py.gui.enable pkgs.firefox; 122 + browser = lib.mkIf config.py.profiles.gui.enable pkgs.firefox; 123 123 prompt = "enabled"; 124 124 }; 125 125 };

modules/home/programs/gpg/default.nix homeModules/programs/gpg/default.nix

modules/home/programs/helix/default.nix homeModules/programs/helix/default.nix

modules/home/programs/helix/settings.nix homeModules/programs/helix/settings.nix

modules/home/programs/kitty/default.nix homeModules/programs/kitty/default.nix

modules/home/programs/kitty/settings.nix homeModules/programs/kitty/settings.nix

modules/home/programs/misc-programs/default.nix homeModules/programs/misc-programs/default.nix

modules/home/programs/misc-programs/direnv-stdlib.sh homeModules/programs/misc-programs/direnv-stdlib.sh

-37

modules/home/programs/neovim/default.nix

··· 1 - { 2 - pkgs, 3 - config, 4 - lib, 5 - ... 6 - }: 7 - let 8 - cfg = config.py.programs.neovim; 9 - in 10 - { 11 - options.py.programs.neovim.enable = lib.mkEnableOption "Neovim Configuration"; 12 - 13 - config.programs.neovim = lib.mkIf cfg.enable { 14 - enable = true; 15 - package = pkgs.py.nvim; 16 - viAlias = true; 17 - vimAlias = true; 18 - vimdiffAlias = true; 19 - withRuby = false; 20 - withNodeJs = false; 21 - withPython3 = false; 22 - extraPackages = 23 - [ 24 - pkgs.bottom 25 - pkgs.fd 26 - pkgs.gcc 27 - pkgs.go 28 - pkgs.nodejs 29 - ] 30 - ++ lib.optionals config.py.profiles.gui.enable [ 31 - pkgs.ffmpegthumbnailer 32 - pkgs.fontpreview 33 - pkgs.poppler 34 - pkgs.ueberzug 35 - ]; 36 - }; 37 - }

modules/home/programs/nushell/config.nu homeModules/programs/nushell/config.nu

modules/home/programs/nushell/default.nix homeModules/programs/nushell/default.nix

modules/home/programs/nushell/env.nu homeModules/programs/nushell/env.nu

modules/home/programs/onagre/default.nix homeModules/programs/onagre/default.nix

modules/home/programs/ssh/backup.pub homeModules/programs/ssh/backup.pub

modules/home/programs/ssh/default.nix homeModules/programs/ssh/default.nix

modules/home/programs/ssh/ssh-auth-signers.nix homeModules/programs/ssh/ssh-auth-signers.nix

modules/home/programs/ssh/yubikey-back.pub homeModules/programs/ssh/yubikey-back.pub

modules/home/programs/ssh/yubikey-main.pub homeModules/programs/ssh/yubikey-main.pub

modules/home/programs/ssh/yubikey-new.pub homeModules/programs/ssh/yubikey-new.pub

modules/home/programs/starship/default.nix homeModules/programs/starship/default.nix

modules/home/programs/starship/settings.nix homeModules/programs/starship/settings.nix

+1 -1

modules/home/programs/vscodium/default.nix homeModules/programs/vscodium/default.nix

··· 47 47 "update.showReleaseNotes" = false; 48 48 "workbench.colorTheme" = "Catppuccin Mocha"; 49 49 "workbench.iconTheme" = "catppuccin-mocha"; 50 - "vscode-neovim.neovimExecutablePaths.linux" = lib.getExe pkgs.py.nvim; 50 + "vscode-neovim.neovimExecutablePaths.linux" = lib.getExe pkgs.neovim; 51 51 "python.formatting.provider" = "black"; 52 52 }; 53 53 };

modules/home/programs/wlogout/default.nix homeModules/programs/wlogout/default.nix

modules/home/programs/wlogout/style.nix homeModules/programs/wlogout/style.nix

modules/home/programs/zed-editor/default.nix homeModules/programs/zed-editor/default.nix

modules/home/programs/zed-editor/settings.nix homeModules/programs/zed-editor/settings.nix

modules/home/scripts/default.nix homeModules/scripts/default.nix

modules/home/services/gpg-agent/default.nix homeModules/services/gpg-agent/default.nix

modules/home/services/kanshi/default.nix homeModules/services/kanshi/default.nix

modules/home/services/kdeconnect/default.nix homeModules/services/kdeconnect/default.nix

modules/home/services/mako/default.nix homeModules/services/mako/default.nix

modules/home/services/swayidle/default.nix homeModules/services/swayidle/default.nix

modules/home/services/syncthing/default.nix homeModules/services/syncthing/default.nix

+6 -5

modules/home/theming/default.nix homeModules/theming/default.nix

··· 6 6 }: 7 7 let 8 8 pro = config.py.profiles; 9 + inherit (lib) mkDefault mkIf; 9 10 in 10 11 { 11 12 catppuccin = { 12 13 flavor = "mocha"; 13 14 accent = "blue"; 14 15 }; 15 - home.pointerCursor = lib.mkIf pro.gui.enable { 16 + home.pointerCursor = mkIf pro.gui.enable { 16 17 package = pkgs.catppuccin-cursors.mochaBlue; 17 18 name = "Catppuccin-Mocha-Blue"; 18 19 gtk.enable = true; 19 20 }; 20 - gtk = lib.mkIf pro.gui.enable { 21 + gtk = mkIf pro.gui.enable { 21 22 enable = true; 22 - theme = { 23 + theme = mkDefault { 23 24 name = "Colloid-Dark-Compact-Catppuccin"; 24 25 package = pkgs.colloid-gtk-theme.override { 25 26 tweaks = [ ··· 36 37 size = 14; 37 38 }; 38 39 gtk3.bookmarks = [ "file:///${config.home.homeDirectory}/Downloads" ]; 39 - iconTheme = { 40 - package = pkgs.colloid-icon-theme; 40 + iconTheme = mkIf pro.gui.enable { 41 + package = mkDefault pkgs.colloid-icon-theme; 41 42 name = "Colloid-Dark"; 42 43 }; 43 44 };

modules/home/wayland/default.nix homeModules/wayland/default.nix

+1 -1

modules/home/wayland/keybindings.nix homeModules/wayland/keybindings.nix

··· 7 7 slurp-screen = "\"$(slurp -c -b '#1e1e2e80' -o -r)\" -"; 8 8 slurp-box = "\"$(slurp -c '#f38ba8ff' -b '#1e1e2e80' -w 1 -d -F 'IBM Plex Mono')\" -"; 9 9 satty = "satty -f -"; 10 - cfg = config.py.gui; 10 + cfg = config.py.profiles.gui; 11 11 in 12 12 { 13 13 config.wayland.windowManager.sway.config.keybindings = lib.mkIf cfg.enable (

+1 -4

modules/home/wayland/sway.nix homeModules/wayland/sway.nix

··· 7 7 let 8 8 term = config.wayland.windowManager.sway.config.terminal; 9 9 homeDir = config.home.homeDirectory; 10 - cfg = config.py.gui; 10 + cfg = config.py.profiles.gui; 11 11 in 12 12 { 13 - options.py.gui = { 14 - enable = lib.mkEnableOption "GUI Configuration"; 15 - }; 16 13 config = lib.mkIf cfg.enable { 17 14 catppuccin = { 18 15 sway.enable = true;

+1 -1

modules/home/wayland/swaylock.nix homeModules/wayland/swaylock.nix

··· 5 5 ... 6 6 }: 7 7 let 8 - cfg = config.py.gui; 8 + cfg = config.py.profiles.gui; 9 9 in 10 10 { 11 11 catppuccin = {

modules/home/wayland/waybar-mocha.css homeModules/wayland/waybar-mocha.css

modules/home/wayland/waybar-style.css homeModules/wayland/waybar-style.css

+1 -1

modules/home/wayland/waybar.nix homeModules/wayland/waybar.nix

··· 5 5 ... 6 6 }: 7 7 let 8 - cfg = config.py.gui; 8 + cfg = config.py.profiles.gui; 9 9 in 10 10 { 11 11 config = {

modules/home/xdg/default.nix homeModules/xdg/default.nix

modules/nixos/default-config/bootloader.nix nixosModules/default-config/bootloader.nix

modules/nixos/default-config/default.nix nixosModules/default-config/default.nix

modules/nixos/default-config/networking.nix nixosModules/default-config/networking.nix

+5 -12

modules/nixos/default-config/nixConfig.nix nixosModules/default-config/nixConfig.nix

··· 30 30 # Compress build logs to save space 31 31 compress-build-log = true; 32 32 # Use all available cores to build 33 - cores = 0; 33 + cores = lib.mkDefault 8; 34 34 experimental-features = [ 35 35 # Use auto-generated uids instead of users in the nixbld group 36 36 "auto-allocate-uids" ··· 44 44 "nix-command" 45 45 # Disallow URL Literals as they are deprecated 46 46 "no-url-literals" 47 - # Allow Nix to call itself 48 - "recursive-nix" 49 47 ]; 50 48 # Build from source if substitution fails 51 49 fallback = true; ··· 62 60 keep-outputs = true; 63 61 # Show fewer log lines from failed builds since I get them from nh 64 62 log-lines = 10; 63 + # Limit the max amount of builds 64 + max-jobs = lib.mkDefault 4; 65 65 # Extra system features 66 66 system-features = [ 67 67 "big-parallel" 68 68 "kvm" 69 69 "nixos-test" 70 - "recursive-nix" 71 70 ]; 72 71 # The pubkeys of the below substituters 73 72 trusted-public-keys = [ 74 73 "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 75 - "crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" 76 - "isabelroses.cachix.org-1:mXdV/CMcPDaiTmkQ7/4+MzChpOe6Cb97njKmBQQmLPM=" 77 74 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 78 - "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" 79 - "viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8=" 75 + "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" 80 76 ]; 81 77 # Extra substituters 82 78 trusted-substituters = [ 83 79 "https://cache.nixos.org" 84 - "https://crane.cachix.org" 85 - "https://isabelroses.cachix.org" 86 80 "https://nix-community.cachix.org" 87 - "https://nixpkgs-wayland.cachix.org" 88 - "https://viperml.cachix.org" 81 + "https://install.determinate.systems" 89 82 ]; 90 83 # These users have additional daemon rights 91 84 trusted-users = userList;

-7

modules/nixos/default-config/nixpkgsConfig.nix

··· 1 - { 2 - nixpkgs = { 3 - config = { 4 - allowUnfree = true; 5 - }; 6 - }; 7 - }

modules/nixos/default-config/packages.nix nixosModules/default-config/packages.nix

modules/nixos/default-config/programs/default.nix nixosModules/default-config/programs/default.nix

modules/nixos/default-config/programs/nh.nix nixosModules/default-config/programs/nh.nix

modules/nixos/default-config/programs/ssh.nix nixosModules/default-config/programs/ssh.nix

modules/nixos/default-config/root.nix nixosModules/default-config/root.nix

modules/nixos/default-config/secrets/powerdns-secrets.age nixosModules/default-config/secrets/powerdns-secrets.age

modules/nixos/default-config/secrets/secrets.nix nixosModules/default-config/secrets/secrets.nix

modules/nixos/default-config/security.nix nixosModules/default-config/security.nix

modules/nixos/default-config/services/default.nix nixosModules/default-config/services/default.nix

modules/nixos/default-config/services/ntp.nix nixosModules/default-config/services/ntp.nix

modules/nixos/default-config/services/tailscale.nix nixosModules/default-config/services/tailscale.nix

modules/nixos/default-config/ssh.nix nixosModules/default-config/ssh.nix

modules/nixos/default-config/users.nix nixosModules/default-config/users.nix

modules/nixos/default-users/backup.pub nixosModules/default-users/backup.pub

modules/nixos/default-users/default.nix nixosModules/default-users/default.nix

modules/nixos/default-users/yubikey-back.pub nixosModules/default-users/yubikey-back.pub

modules/nixos/default-users/yubikey-main.pub nixosModules/default-users/yubikey-main.pub

modules/nixos/default-users/yubikey-new.pub nixosModules/default-users/yubikey-new.pub

+2 -2

modules/nixos/profiles/default.nix nixosModules/profiles/default.nix

··· 7 7 base.enable = lib.mkEnableOption "Base Profile"; 8 8 cli.enable = lib.mkEnableOption "CLI Profile"; 9 9 development.enable = lib.mkEnableOption "Development Profile"; 10 - graphical.enable = lib.mkEnableOption "Graphical Profile"; 10 + gui.enable = lib.mkEnableOption "GUI Profile"; 11 11 server.enable = lib.mkEnableOption "Server Profile"; 12 12 }; 13 13 config = { 14 14 py.profiles = { 15 15 base.enable = lib.mkDefault true; 16 16 cli.enable = lib.mkDefault true; 17 - development.enable = lib.mkDefault cfg.graphical.enable; 17 + development.enable = lib.mkDefault cfg.gui.enable; 18 18 }; 19 19 }; 20 20 }

modules/nixos/programs/chromium/default.nix nixosModules/programs/chromium/default.nix

modules/nixos/programs/chromium/extraOpts.nix nixosModules/programs/chromium/extraOpts.nix

modules/nixos/programs/firefox/default.nix nixosModules/programs/firefox/default.nix

modules/nixos/programs/firefox/extensions.nix nixosModules/programs/firefox/extensions.nix

modules/nixos/programs/firefox/extraPrefs.nix nixosModules/programs/firefox/extraPrefs.nix

modules/nixos/programs/firefox/policies.nix nixosModules/programs/firefox/policies.nix

modules/nixos/programs/misc/default.nix nixosModules/programs/misc/default.nix

-1

modules/nixos/programs/neovim/default.nix nixosModules/programs/neovim/default.nix

··· 12 12 13 13 config.programs.neovim = lib.mkIf cfg.enable { 14 14 enable = true; 15 - package = pkgs.py.nvim; 16 15 defaultEditor = true; 17 16 viAlias = true; 18 17 vimAlias = true;

modules/nixos/services/buildbot/default.nix nixosModules/services/buildbot/default.nix

modules/nixos/services/forgejo-runner/default.nix nixosModules/services/forgejo-runner/default.nix

+4 -2

modules/nixos/services/scrutiny/default.nix nixosModules/services/scrutiny/default.nix

··· 1 1 { 2 2 config, 3 3 lib, 4 + self, 4 5 ... 5 6 }: 6 7 let 7 8 cfg = config.py.services.scrutiny.collector; 8 - apiUrl = "https://marvin.${lib.py.data.tsNet}:${toString lib.py.data.services.scrutiny.port}"; 9 + apiUrl = "https://marvin.${self.lib.data.tsNet}:${toString self.lib.data.services.scrutiny.port}"; 9 10 in 10 11 { 11 12 options.py.services.scrutiny = { ··· 23 24 settings = { 24 25 host.id = config.networking.hostName; 25 26 api.endpoint = apiUrl; 26 - } // cfg.extraSettings; 27 + } 28 + // cfg.extraSettings; 27 29 }; 28 30 }

+15

nixosModules/default-config/nixpkgsConfig.nix

··· 1 + { 2 + inputs, 3 + ... 4 + }: 5 + { 6 + nixpkgs = { 7 + overlays = [ 8 + inputs.self.overlays.openssh-fixperms 9 + inputs.golink.overlays.default 10 + ]; 11 + config = { 12 + allowUnfree = true; 13 + }; 14 + }; 15 + }

+27

nixosModules/default.nix

··· 1 + { 2 + ... 3 + }: 4 + { 5 + flake.nixosModules = { 6 + # Top-level 7 + defaultConfig = import ./default-config; 8 + defaultUsers = import ./default-users; 9 + profiles = import ./profiles; 10 + 11 + # Programs 12 + chromium = import ./programs/chromium; 13 + firefox = import ./programs/firefox; 14 + miscPrograms = import ./programs/misc; 15 + neovim = import ./programs/neovim; 16 + 17 + # Services 18 + buildbot = import ./services/buildbot; 19 + forgejo-runner = import ./services/forgejo-runner; 20 + scrutiny = import ./services/scrutiny; 21 + 22 + hm-pyrox = import ./homes/pyrox; 23 + hm-thehedgehog = import ./homes/thehedgehog; 24 + hm-pyrox-zaphod = import ./homes/pyrox-zaphod; 25 + hm-thehedgehog-zaphod = import ./homes/thehedgehog-zaphod; 26 + }; 27 + }

+123

nixosModules/homes/.default.nix.bak

··· 1 + { 2 + lib, 3 + withSystem, 4 + inputs, 5 + ... 6 + }: 7 + let 8 + mkHM = withSystem "x86_64-linux" ( 9 + { pkgs, system, ... }: 10 + extra: 11 + inputs.home-manager.lib.homeManagerConfiguration ( 12 + lib.mergeAttrs { 13 + inherit pkgs; 14 + extraSpecialArgs = { inherit inputs system; }; 15 + } extra 16 + ) 17 + ); 18 + defaultModules = [ 19 + inputs.ctp.homeModules.default 20 + inputs.self.homeModules.theming 21 + inputs.self.homeModules.programs 22 + inputs.self.homeModules.services 23 + ]; 24 + 25 + in 26 + { 27 + flake.homeConfigurations = { 28 + marvin-pyrox = mkHM { 29 + modules = [ 30 + inputs.self.homeModules.profiles 31 + ./pyrox 32 + { 33 + py.profiles.server.enable = true; 34 + } 35 + ] 36 + ++ defaultModules; 37 + }; 38 + marvin-thehedgehog = mkHM { 39 + modules = [ 40 + inputs.self.homeModules.profiles 41 + ./thehedgehog 42 + { 43 + py.profiles.server.enable = true; 44 + } 45 + ] 46 + ++ defaultModules; 47 + }; 48 + prefect-pyrox = mkHM { 49 + modules = [ 50 + inputs.self.homeModules.profiles 51 + ./pyrox 52 + { 53 + py.profiles.server.enable = true; 54 + } 55 + ] 56 + ++ defaultModules; 57 + }; 58 + prefect-thehedgehog = mkHM { 59 + modules = [ 60 + inputs.self.homeModules.profiles 61 + ./thehedgehog 62 + { 63 + py.profiles.server.enable = true; 64 + } 65 + ] 66 + ++ defaultModules; 67 + }; 68 + thought-pyrox = mkHM { 69 + modules = [ 70 + inputs.self.homeModules.profiles 71 + ./pyrox 72 + { 73 + py.profiles.server.enable = true; 74 + } 75 + ] 76 + ++ defaultModules; 77 + }; 78 + thought-thehedgehog = mkHM { 79 + modules = [ 80 + inputs.self.homeModules.profiles 81 + ./thehedgehog 82 + { 83 + py.profiles.server.enable = true; 84 + } 85 + ] 86 + ++ defaultModules; 87 + }; 88 + zaphod-pyrox = withSystem "x86_64-linux" ( 89 + { pkgs, ... }: 90 + inputs.home-manager.lib.homeManagerConfiguration { 91 + inherit pkgs; 92 + modules = [ 93 + inputs.self.homeModules.profiles 94 + { 95 + imports = [ 96 + ./pyrox 97 + "${inputs.self}/homeConfigurations/pyrox@zaphod" 98 + ]; 99 + py.profiles.desktop.enable = true; 100 + } 101 + ] 102 + ++ defaultModules; 103 + } 104 + ); 105 + zaphod-thehedgehog = withSystem "x86_64-linux" ( 106 + { pkgs, ... }: 107 + inputs.home-manager.lib.homeManagerConfiguration { 108 + inherit pkgs; 109 + modules = [ 110 + inputs.self.homeModules.profiles 111 + { 112 + imports = [ 113 + ./thehedgehog 114 + "${inputs.self}/homeConfigurations/thehedgehog@zaphod" 115 + ]; 116 + py.profiles.desktop.enable = true; 117 + } 118 + ] 119 + ++ defaultModules; 120 + } 121 + ); 122 + }; 123 + }

+52

nixosModules/homes/pyrox-zaphod/default.nix

··· 1 + { 2 + pkgs, 3 + ... 4 + }: 5 + { 6 + home-manager.users.pyrox = { 7 + imports = [ 8 + ./files/pamKeys.nix 9 + ./files/distrobox-config.nix 10 + ]; 11 + home.packages = [ 12 + pkgs.mindustry 13 + ]; 14 + py.profiles.desktop.enable = true; 15 + py.services.kanshi.settings = [ 16 + { 17 + profile = { 18 + name = "laptop-only"; 19 + outputs = [ 20 + { 21 + criteria = "eDP-1"; 22 + status = "enable"; 23 + scale = 1.2; 24 + position = "0,0"; 25 + adaptiveSync = true; 26 + } 27 + ]; 28 + }; 29 + } 30 + { 31 + profile = { 32 + name = "office"; 33 + outputs = [ 34 + { 35 + criteria = "eDP-1"; 36 + status = "enable"; 37 + scale = 1.2; 38 + position = "0,0"; 39 + adaptiveSync = true; 40 + } 41 + { 42 + criteria = "Acer Technologies SA241Y 0x1497CF17"; 43 + status = "enable"; 44 + scale = 1.0; 45 + position = "2160,0"; 46 + } 47 + ]; 48 + }; 49 + } 50 + ]; 51 + }; 52 + }

+18

nixosModules/homes/pyrox/default.nix

··· 1 + { 2 + lib, 3 + inputs, 4 + ... 5 + }: 6 + { 7 + home-manager.users.pyrox = { 8 + imports = [ 9 + inputs.self.homeModules.allModules 10 + { 11 + home.username = "pyrox"; 12 + home.stateVersion = "25.11"; 13 + py.profiles.server.enable = lib.mkDefault true; 14 + py.profiles.desktop.enable = lib.mkDefault false; 15 + } 16 + ]; 17 + }; 18 + }

+65

nixosModules/homes/thehedgehog-zaphod/default.nix

··· 1 + { 2 + pkgs, 3 + config, 4 + ... 5 + }: 6 + let 7 + hmConfig = config.home-manager.users.thehedgehog; 8 + in 9 + { 10 + home-manager.users.thehedgehog = { 11 + home.packages = [ 12 + pkgs.mindustry 13 + pkgs.signal-desktop 14 + ]; 15 + services.wpaperd = { 16 + enable = true; 17 + settings = { 18 + default = { 19 + path = "${hmConfig.home.homeDirectory}/bgs"; 20 + duration = "3h"; 21 + sorting = "random"; 22 + queue-size = 50; 23 + recursive = false; 24 + }; 25 + }; 26 + }; 27 + py.profiles.desktop.enable = true; 28 + py.services.kanshi.settings = [ 29 + { 30 + profile = { 31 + name = "laptop-only"; 32 + outputs = [ 33 + { 34 + criteria = "eDP-1"; 35 + status = "enable"; 36 + scale = 1.2; 37 + position = "0,0"; 38 + adaptiveSync = true; 39 + } 40 + ]; 41 + }; 42 + } 43 + { 44 + profile = { 45 + name = "office"; 46 + outputs = [ 47 + { 48 + criteria = "eDP-1"; 49 + status = "enable"; 50 + scale = 1.2; 51 + position = "0,0"; 52 + adaptiveSync = true; 53 + } 54 + { 55 + criteria = "Acer Technologies SA241Y 0x1497CF17"; 56 + status = "enable"; 57 + scale = 1.0; 58 + position = "2160,0"; 59 + } 60 + ]; 61 + }; 62 + } 63 + ]; 64 + }; 65 + }

+18

nixosModules/homes/thehedgehog/default.nix

··· 1 + { 2 + lib, 3 + inputs, 4 + ... 5 + }: 6 + { 7 + home-manager.users.thehedgehog = { 8 + imports = [ 9 + inputs.self.homeModules.allModules 10 + { 11 + home.username = "thehedgehog"; 12 + home.stateVersion = "25.11"; 13 + py.profiles.server.enable = lib.mkDefault true; 14 + py.profiles.desktop.enable = lib.mkDefault false; 15 + } 16 + ]; 17 + }; 18 + }

overlays/default.nix

··· 1 + { 2 + flake.overlays = { 3 + cinny = import ./cinny; 4 + openssh-fixperms = import ./openssh-fixperms; 5 + }; 6 + }

+1 -1

overlays/openssh-fixperms/default.nix

··· 1 - _: final: prev: { 1 + final: prev: { 2 2 openssh-patched = prev.openssh.overrideAttrs (old: { 3 3 patches = (old.patches or [ ]) ++ [ ./permfix.patch ]; 4 4 doCheck = false;

+31

packages/default.nix

··· 1 + { ... }: 2 + { 3 + 4 + perSystem = 5 + { 6 + pkgs, 7 + lib, 8 + ... 9 + }: 10 + let 11 + packages = lib.makeScope pkgs.newScope (_: { 12 + anubis-files = pkgs.callPackage ./anubis-files { }; 13 + doc2dash = pkgs.callPackage ./doc2dash { }; 14 + jellyfin-exporter = pkgs.callPackage ./jellyfin-exporter { }; 15 + pingvin-share-config = pkgs.callPackage ./pingvin-share-config { }; 16 + 17 + }); 18 + in 19 + { 20 + legacyPackages = packages; 21 + packages = lib.filterAttrs ( 22 + _: pkg: 23 + let 24 + isDerivation = lib.isDerivation pkg; 25 + availableOnHost = lib.meta.availableOn pkgs.stdenv.hostPlatform pkg; 26 + isBroken = pkg.meta.broken or false; 27 + in 28 + isDerivation && !isBroken && availableOnHost 29 + ) packages; 30 + }; 31 + }

+3 -3

packages/jellyfin-exporter/default.nix

··· 6 6 }: 7 7 buildGoModule (finalAttrs: { 8 8 pname = "jellyfin-exporter"; 9 - version = "1.3.5"; 9 + version = "1.3.8"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "rebelcore"; 13 13 repo = "jellyfin_exporter"; 14 14 tag = "v${finalAttrs.version}"; 15 - hash = "sha256-TKKP0zBdQiAgWQJ8BKcPOR6I+ZKKwjDBq0r36E0BAVs="; 15 + hash = "sha256-7fIrjcy6y/Ayj43WeuPNCx3uVJyl5Wf6bWs5ta2PpWc="; 16 16 }; 17 17 18 18 # We need to patch the tests since we don't move the binary to `$GOPATH/bin`, but to `$out/bin` instead. ··· 21 21 --replace-fail "GOPATH" "out" 22 22 ''; 23 23 24 - vendorHash = "sha256-/VCE2C8EismFg1puajWmBK8qf3hLYXzywA1R/qqAMr0="; 24 + vendorHash = "sha256-JSOKDbefQyDLNy2y1oW7HUplQw8uhhOGZ+ueWyUYYQ0="; 25 25 26 26 meta = { 27 27 changelog = "https://github.com/rebelcore/jellyfin_exporter/blob/v${finalAttrs.version}/CHANGELOG.md";

shells/default/default.nix devShells/default/default.nix

systems/x86_64-linux/marvin/bootloader.nix hosts/marvin/bootloader.nix

+3 -3

systems/x86_64-linux/marvin/default.nix hosts/marvin/default.nix

··· 1 - { system, ... }: 1 + { ... }: 2 2 { 3 3 imports = [ 4 4 # Machine-specific configurations. ··· 17 17 ./services/git.nix 18 18 ./services/golink.nix 19 19 ./services/grafana.nix 20 - ./services/iceshrimp.nix 20 + # ./services/iceshrimp.nix 21 21 ./services/jellyfin.nix 22 22 ./services/matrix.nix 23 23 ./services/miniflux.nix ··· 39 39 ./services/zfs.nix 40 40 ]; 41 41 nix.settings.max-jobs = 12; 42 - nixpkgs.hostPlatform.system = system; 43 42 networking = { 44 43 networkmanager = { 45 44 enable = true; ··· 73 72 users.groups.misc.gid = 1000; 74 73 time.timeZone = "America/New_York"; 75 74 py = { 75 + profiles.server.enable = true; 76 76 users.default.enable = true; 77 77 programs = { 78 78 fish.enable = true;

systems/x86_64-linux/marvin/firewall.nix hosts/marvin/firewall.nix

systems/x86_64-linux/marvin/hardware.nix hosts/marvin/hardware.nix

systems/x86_64-linux/marvin/networking.nix hosts/marvin/networking.nix

systems/x86_64-linux/marvin/services/anubis.nix hosts/marvin/services/anubis.nix

+2 -3

systems/x86_64-linux/marvin/services/authentik.nix hosts/marvin/services/authentik.nix

··· 1 1 { 2 2 config, 3 - lib, 4 - pkgs, 3 + self, 5 4 ... 6 5 }: 7 6 let 8 - d = lib.py.data.services.authentik; 7 + d = self.lib.data.services.authentik; 9 8 in 10 9 { 11 10 virtualisation.oci-containers.containers =

systems/x86_64-linux/marvin/services/avahi.nix hosts/marvin/services/avahi.nix

systems/x86_64-linux/marvin/services/bookstack.nix hosts/marvin/services/bookstack.nix

systems/x86_64-linux/marvin/services/bots.nix hosts/marvin/services/bots.nix

+3 -3

systems/x86_64-linux/marvin/services/buildbot.nix hosts/marvin/services/buildbot.nix

··· 1 - { config, lib, ... }: 1 + { config, self, ... }: 2 2 let 3 3 as = config.age.secrets; 4 - d = lib.py.data.services.buildbot; 5 - g = lib.py.data.services.git; 4 + d = self.lib.data.services.buildbot; 5 + g = self.lib.data.services.git; 6 6 bbSecret = { 7 7 owner = "buildbot"; 8 8 group = "buildbot";

+2 -2

systems/x86_64-linux/marvin/services/deemix.nix hosts/marvin/services/deemix.nix

··· 1 - { lib, ... }: 1 + { self, ... }: 2 2 let 3 - d = lib.py.data.services.deemix; 3 + d = self.lib.data.services.deemix; 4 4 in 5 5 { 6 6 virtualisation.oci-containers.containers.deemix = {

systems/x86_64-linux/marvin/services/gdq-cals.nix hosts/marvin/services/gdq-cals.nix

+4 -2

systems/x86_64-linux/marvin/services/git.nix hosts/marvin/services/git.nix

··· 2 2 config, 3 3 lib, 4 4 pkgs, 5 + self', 6 + self, 5 7 ... 6 8 }: 7 9 let ··· 13 15 group = "forgejo"; 14 16 }; 15 17 16 - d = lib.py.data.services.git; 18 + d = self.lib.data.services.git; 17 19 in 18 20 { 19 21 catppuccin.forgejo.enable = true; ··· 149 151 services.anubis.instances.forgejo = lib.mkIf config.services.forgejo.enable { 150 152 settings = { 151 153 BIND = ":${toString d.anubis}"; 152 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/forgejo.yaml"; 154 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/forgejo.yaml"; 153 155 TARGET = "http://localhost:${toString d.port}"; 154 156 }; 155 157 };

systems/x86_64-linux/marvin/services/golink.nix hosts/marvin/services/golink.nix

+5 -5

systems/x86_64-linux/marvin/services/grafana.nix hosts/marvin/services/grafana.nix

··· 1 1 { 2 2 config, 3 - lib, 4 - pkgs, 3 + self', 4 + self, 5 5 ... 6 6 }: 7 7 let 8 - d = lib.py.data.services.grafana; 9 - a = lib.py.data.services.authentik; 8 + d = self.lib.data.services.grafana; 9 + a = self.lib.data.services.authentik; 10 10 in 11 11 { 12 12 services.grafana = { ··· 62 62 services.anubis.instances.grafana = { 63 63 settings = { 64 64 BIND = ":${toString d.anubis}"; 65 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/grafana.yaml"; 65 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/grafana.yaml"; 66 66 TARGET = "http://localhost:${toString d.port}"; 67 67 }; 68 68 };

+2 -1

systems/x86_64-linux/marvin/services/iceshrimp.nix hosts/marvin/services/iceshrimp.nix

··· 3 3 inputs, 4 4 pkgs, 5 5 lib, 6 + self, 6 7 ... 7 8 }: 8 9 let 9 10 10 - d = lib.py.data.services.iceshrimp; 11 + d = self.lib.data.services.iceshrimp; 11 12 12 13 package = inputs.iceshrimp.packages.x86_64-linux.iceshrimp-pre.overrideAttrs rec { 13 14 version = "2023.12.8-pyrox1";

+2 -2

systems/x86_64-linux/marvin/services/jellyfin.nix hosts/marvin/services/jellyfin.nix

··· 1 1 { 2 - pkgs, 3 2 lib, 4 3 config, 4 + self', 5 5 ... 6 6 }: 7 7 let ··· 39 39 ]; 40 40 description = "Jellyfin Metrics Exporter for Prometheus"; 41 41 serviceConfig = { 42 - ExecStart = "${lib.getExe pkgs.py.jellyfin-exporter} @${config.age.secrets.jellyfin-exporter-config.path}"; 42 + ExecStart = "${lib.getExe self'.packages.jellyfin-exporter} @${config.age.secrets.jellyfin-exporter-config.path}"; 43 43 ReadOnlyPaths = [ config.age.secrets.jellyfin-exporter-config.path ]; 44 44 Restart = "always"; 45 45 DynamicUser = true;

+2 -2

systems/x86_64-linux/marvin/services/matrix.nix hosts/marvin/services/matrix.nix

··· 1 1 { 2 - lib, 2 + self, 3 3 ... 4 4 }: 5 5 let 6 - d = lib.py.data.services.matrix-server; 6 + d = self.lib.data.services.matrix-server; 7 7 in 8 8 { 9 9 services.matrix-conduit = {

+4 -4

systems/x86_64-linux/marvin/services/miniflux.nix hosts/marvin/services/miniflux.nix

··· 1 1 { 2 2 config, 3 - lib, 4 - pkgs, 3 + self', 4 + self, 5 5 ... 6 6 }: 7 7 let 8 - d = lib.py.data.services.miniflux; 8 + d = self.lib.data.services.miniflux; 9 9 in 10 10 { 11 11 services.miniflux = { ··· 33 33 services.anubis.instances.miniflux = { 34 34 settings = { 35 35 BIND = ":${toString d.anubis}"; 36 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/miniflux.yaml"; 36 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/miniflux.yaml"; 37 37 TARGET = "http://localhost:${toString d.port}"; 38 38 }; 39 39 };

systems/x86_64-linux/marvin/services/minio.nix hosts/marvin/services/minio.nix

+5 -3

systems/x86_64-linux/marvin/services/nextcloud/default.nix hosts/marvin/services/nextcloud/default.nix

··· 2 2 config, 3 3 pkgs, 4 4 lib, 5 + self', 6 + self, 5 7 ... 6 8 }: 7 9 let 8 - d = lib.py.data.services.nextcloud; 9 - i = lib.py.data.services.nextcloud-imaginary; 10 + d = self.lib.data.services.nextcloud; 11 + i = self.lib.data.services.nextcloud-imaginary; 10 12 in 11 13 { 12 14 imports = [ ··· 104 106 services.anubis.instances.nextcloud = { 105 107 settings = { 106 108 BIND = ":${toString d.anubis}"; 107 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/nextcloud.yaml"; 109 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/nextcloud.yaml"; 108 110 TARGET = "http://localhost:${toString d.port}"; 109 111 }; 110 112 };

+2 -2

systems/x86_64-linux/marvin/services/nextcloud/imaginary.nix hosts/marvin/services/nextcloud/imaginary.nix

··· 1 - { lib, ... }: 1 + { self, ... }: 2 2 let 3 - d = lib.py.data.services.nextcloud-imaginary; 3 + d = self.lib.data.services.nextcloud-imaginary; 4 4 in 5 5 { 6 6 services.imaginary = {

systems/x86_64-linux/marvin/services/nextcloud/nextcloud-admin-pw.age hosts/marvin/services/nextcloud/nextcloud-admin-pw.age

+3 -3

systems/x86_64-linux/marvin/services/nextcloud/office.nix hosts/marvin/services/nextcloud/office.nix

··· 1 - { lib, pkgs, ... }: 1 + { self', self, ... }: 2 2 let 3 - d = lib.py.data.services.nextcloud-office; 3 + d = self.lib.data.services.nextcloud-office; 4 4 in 5 5 { 6 6 services.collabora-online = { ··· 22 22 services.anubis.instances.nextcloud-office = { 23 23 settings = { 24 24 BIND = ":${toString d.anubis}"; 25 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/nextcloud-office.yaml"; 25 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/nextcloud-office.yaml"; 26 26 TARGET = "http://localhost:${toString d.port}"; 27 27 }; 28 28 };

+2 -2

systems/x86_64-linux/marvin/services/nginx.nix hosts/marvin/services/nginx.nix

··· 1 - { lib, ... }: 1 + { self, ... }: 2 2 let 3 - n = lib.py.data.services.nextcloud; 3 + n = self.lib.data.services.nextcloud; 4 4 in 5 5 { 6 6 services.nginx = {

+7 -2

systems/x86_64-linux/marvin/services/pinchflat.nix hosts/marvin/services/pinchflat.nix

··· 1 - { config, lib, ... }: 1 + { 2 + config, 3 + lib, 4 + self, 5 + ... 6 + }: 2 7 let 3 8 cfg = config.services.pinchflat; 4 9 age = config.age.secrets; 5 - d = lib.py.data.services.pinchflat; 10 + d = self.lib.data.services.pinchflat; 6 11 in 7 12 { 8 13 services.pinchflat = {

+5 -4

systems/x86_64-linux/marvin/services/pingvin-share.nix hosts/marvin/services/pingvin-share.nix

······

+4 -4

systems/x86_64-linux/marvin/services/planka.nix hosts/marvin/services/planka.nix

··· 1 1 { 2 2 config, 3 - lib, 4 - pkgs, 3 + self', 4 + self, 5 5 ... 6 6 }: 7 7 let 8 8 dataDir = "/var/lib/planka"; 9 - d = lib.py.data.services.planka; 9 + d = self.lib.data.services.planka; 10 10 in 11 11 { 12 12 virtualisation.oci-containers.containers = { ··· 48 48 settings = { 49 49 COOKIE_DOMAIN = ".cs2a.club"; 50 50 BIND = ":${toString d.anubis}"; 51 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/planka.yaml"; 51 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/planka.yaml"; 52 52 TARGET = "http://localhost:${toString d.port}"; 53 53 }; 54 54 };

+4 -4

systems/x86_64-linux/marvin/services/pocket-id.nix hosts/marvin/services/pocket-id.nix

··· 1 1 { 2 2 config, 3 - lib, 4 - pkgs, 3 + self', 4 + self, 5 5 ... 6 6 }: 7 7 let 8 - d = lib.py.data.services.pocket-id; 8 + d = self.lib.data.services.pocket-id; 9 9 in 10 10 { 11 11 services.pocket-id = { ··· 43 43 pocket-id = { 44 44 settings = { 45 45 BIND = ":${toString d.anubis}"; 46 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pocket-id.yaml"; 46 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/pocket-id.yaml"; 47 47 TARGET = "http://localhost:${toString d.port}"; 48 48 }; 49 49 };

systems/x86_64-linux/marvin/services/podman.nix hosts/marvin/services/podman.nix

systems/x86_64-linux/marvin/services/postgres.nix hosts/marvin/services/postgres.nix

systems/x86_64-linux/marvin/services/prometheus.nix hosts/marvin/services/prometheus.nix

systems/x86_64-linux/marvin/services/prosody.nix hosts/marvin/services/prosody.nix

+2 -2

systems/x86_64-linux/marvin/services/redlib.nix hosts/marvin/services/redlib.nix

··· 1 - { pkgs, lib, ... }: 1 + { pkgs, self, ... }: 2 2 let 3 - d = lib.py.data.services.redlib; 3 + d = self.lib.data.services.redlib; 4 4 in 5 5 { 6 6 services.libreddit = {

+2 -2

systems/x86_64-linux/marvin/services/scrutiny.nix hosts/marvin/services/scrutiny.nix

··· 1 - { config, lib, ... }: 1 + { self, ... }: 2 2 let 3 - d = lib.py.data.services.scrutiny; 3 + d = self.lib.data.services.scrutiny; 4 4 in 5 5 { 6 6 services.scrutiny = {

systems/x86_64-linux/marvin/services/secrets/anubis-key.age hosts/marvin/services/secrets/anubis-key.age

systems/x86_64-linux/marvin/services/secrets/authentik-env.age hosts/marvin/services/secrets/authentik-env.age

systems/x86_64-linux/marvin/services/secrets/buildbot/gitea-token.age hosts/marvin/services/secrets/buildbot/gitea-token.age

systems/x86_64-linux/marvin/services/secrets/buildbot/oauth-secret.age hosts/marvin/services/secrets/buildbot/oauth-secret.age

systems/x86_64-linux/marvin/services/secrets/buildbot/worker-password.age hosts/marvin/services/secrets/buildbot/worker-password.age

systems/x86_64-linux/marvin/services/secrets/buildbot/workers.age hosts/marvin/services/secrets/buildbot/workers.age

systems/x86_64-linux/marvin/services/secrets/forgejo/aux-docs-runner-token.age hosts/marvin/services/secrets/forgejo/aux-docs-runner-token.age

systems/x86_64-linux/marvin/services/secrets/forgejo/db-pw.age hosts/marvin/services/secrets/forgejo/db-pw.age

systems/x86_64-linux/marvin/services/secrets/forgejo/default-runner-token.age hosts/marvin/services/secrets/forgejo/default-runner-token.age

systems/x86_64-linux/marvin/services/secrets/forgejo/gitgay-runner-token.age hosts/marvin/services/secrets/forgejo/gitgay-runner-token.age

systems/x86_64-linux/marvin/services/secrets/forgejo/internal-token.age hosts/marvin/services/secrets/forgejo/internal-token.age

systems/x86_64-linux/marvin/services/secrets/forgejo/lfs-jwt-secret.age hosts/marvin/services/secrets/forgejo/lfs-jwt-secret.age

systems/x86_64-linux/marvin/services/secrets/forgejo/mail-pw.age hosts/marvin/services/secrets/forgejo/mail-pw.age

systems/x86_64-linux/marvin/services/secrets/forgejo/oauth2-jwt-secret.age hosts/marvin/services/secrets/forgejo/oauth2-jwt-secret.age

systems/x86_64-linux/marvin/services/secrets/forgejo/secret-key.age hosts/marvin/services/secrets/forgejo/secret-key.age

systems/x86_64-linux/marvin/services/secrets/golink-authkey.age hosts/marvin/services/secrets/golink-authkey.age

systems/x86_64-linux/marvin/services/secrets/grafana-admin-password.age hosts/marvin/services/secrets/grafana-admin-password.age

systems/x86_64-linux/marvin/services/secrets/grafana-smtp-password.age hosts/marvin/services/secrets/grafana-smtp-password.age

systems/x86_64-linux/marvin/services/secrets/iceshrimp-db-password.age hosts/marvin/services/secrets/iceshrimp-db-password.age

systems/x86_64-linux/marvin/services/secrets/iceshrimp-secret-config.age hosts/marvin/services/secrets/iceshrimp-secret-config.age

systems/x86_64-linux/marvin/services/secrets/jellyfin-exporter-config.age hosts/marvin/services/secrets/jellyfin-exporter-config.age

systems/x86_64-linux/marvin/services/secrets/miniflux-admin.age hosts/marvin/services/secrets/miniflux-admin.age

systems/x86_64-linux/marvin/services/secrets/minio-root.age hosts/marvin/services/secrets/minio-root.age

systems/x86_64-linux/marvin/services/secrets/nix-serve-priv.age hosts/marvin/services/secrets/nix-serve-priv.age

systems/x86_64-linux/marvin/services/secrets/pinchflat-secrets.age hosts/marvin/services/secrets/pinchflat-secrets.age

systems/x86_64-linux/marvin/services/secrets/pingvin-secrets.age hosts/marvin/services/secrets/pingvin-secrets.age

systems/x86_64-linux/marvin/services/secrets/planka-env.age hosts/marvin/services/secrets/planka-env.age

systems/x86_64-linux/marvin/services/secrets/pocket-id-secrets.age hosts/marvin/services/secrets/pocket-id-secrets.age

systems/x86_64-linux/marvin/services/secrets/secrets.nix hosts/marvin/services/secrets/secrets.nix

systems/x86_64-linux/marvin/services/secrets/thehedgehog-key.age hosts/marvin/services/secrets/thehedgehog-key.age

systems/x86_64-linux/marvin/services/secrets/thehedgehog-pem.age hosts/marvin/services/secrets/thehedgehog-pem.age

systems/x86_64-linux/marvin/services/secrets/vaultwarden-pgpass.age hosts/marvin/services/secrets/vaultwarden-pgpass.age

systems/x86_64-linux/marvin/services/secrets/vaultwarden-vars.age hosts/marvin/services/secrets/vaultwarden-vars.age

systems/x86_64-linux/marvin/services/secrets/webmentiond-env.age hosts/marvin/services/secrets/webmentiond-env.age

systems/x86_64-linux/marvin/services/syncthing.nix hosts/marvin/services/syncthing.nix

systems/x86_64-linux/marvin/services/tailscale.nix hosts/marvin/services/tailscale.nix

+3 -2

systems/x86_64-linux/marvin/services/tangled.nix hosts/marvin/services/tangled.nix

··· 1 1 { 2 2 config, 3 3 lib, 4 + self, 4 5 ... 5 6 }: 6 7 let 7 8 cfg = config.services.tangled-knot; 8 - dk = lib.py.data.services.tangled-knot; 9 - ds = lib.py.data.services.tangled-spindle; 9 + dk = self.lib.data.services.tangled-knot; 10 + ds = self.lib.data.services.tangled-spindle; 10 11 in 11 12 { 12 13 services = {

+4 -3

systems/x86_64-linux/marvin/services/vaultwarden.nix hosts/marvin/services/vaultwarden.nix

··· 1 1 { 2 2 pkgs, 3 3 config, 4 - lib, 4 + self, 5 + self', 5 6 ... 6 7 }: 7 8 let 8 9 9 - d = lib.py.data.services.vaultwarden; 10 + d = self.lib.data.services.vaultwarden; 10 11 11 12 vaultwardenSecret = { 12 13 owner = "vaultwarden"; ··· 118 119 services.anubis.instances.vaultwarden = { 119 120 settings = { 120 121 BIND = ":${toString d.anubis}"; 121 - POLICY_FNAME = "${pkgs.py.anubis-files}/policies/vaultwarden.yaml"; 122 + POLICY_FNAME = "${self'.packages.anubis-files}/policies/vaultwarden.yaml"; 122 123 TARGET = "http://localhost:${toString d.port}"; 123 124 }; 124 125 };

+2 -2

systems/x86_64-linux/marvin/services/webmentiond.nix hosts/marvin/services/webmentiond.nix

··· 1 - { config, lib, ... }: 1 + { config, self, ... }: 2 2 let 3 - d = lib.py.data.services.webmentiond; 3 + d = self.lib.data.services.webmentiond; 4 4 p = toString d.port; 5 5 in 6 6 {

systems/x86_64-linux/marvin/services/zfs.nix hosts/marvin/services/zfs.nix

systems/x86_64-linux/prefect/bootloader.nix hosts/prefect/bootloader.nix

+4 -1

systems/x86_64-linux/prefect/default.nix hosts/prefect/default.nix

··· 36 36 ./services/tailscale.nix 37 37 # ./services/zerotier.nix 38 38 ]; 39 - nixpkgs.hostPlatform.system = system; 40 39 fileSystems = { 41 40 "/" = { 42 41 fsType = "ext4"; ··· 44 43 }; 45 44 }; 46 45 46 + nix.settings.max-jobs = 2; 47 + nix.settings.cores = 2; 48 + 47 49 programs.fish.enable = true; 48 50 programs.fish.interactiveShellInit = '' 49 51 ${pkgs.direnv}/bin/direnv hook fish | source 50 52 ''; 51 53 py = { 54 + profiles.server.enable = true; 52 55 users.default.enable = true; 53 56 programs = { 54 57 fish.enable = true;

systems/x86_64-linux/prefect/dn42/bgp.nix hosts/prefect/dn42/bgp.nix

systems/x86_64-linux/prefect/dn42/bird.conf hosts/prefect/dn42/bird.conf

systems/x86_64-linux/prefect/dn42/default.nix hosts/prefect/dn42/default.nix

systems/x86_64-linux/prefect/dn42/services.nix hosts/prefect/dn42/services.nix

systems/x86_64-linux/prefect/dn42/tunnels.nix hosts/prefect/dn42/tunnels.nix

systems/x86_64-linux/prefect/dn42/wireguard.nix hosts/prefect/dn42/wireguard.nix

systems/x86_64-linux/prefect/firewall.nix hosts/prefect/firewall.nix

systems/x86_64-linux/prefect/hardware.nix hosts/prefect/hardware.nix

systems/x86_64-linux/prefect/networking.nix hosts/prefect/networking.nix

systems/x86_64-linux/prefect/packages.nix hosts/prefect/packages.nix

systems/x86_64-linux/prefect/secrets/acme-creds.age hosts/prefect/secrets/acme-creds.age

systems/x86_64-linux/prefect/secrets/dn42-peerfinder-uuid.age hosts/prefect/secrets/dn42-peerfinder-uuid.age

systems/x86_64-linux/prefect/secrets/dn42-privkey.age hosts/prefect/secrets/dn42-privkey.age

systems/x86_64-linux/prefect/secrets/headscale-oidc-secret.age hosts/prefect/secrets/headscale-oidc-secret.age

systems/x86_64-linux/prefect/secrets/secrets.nix hosts/prefect/secrets/secrets.nix

systems/x86_64-linux/prefect/secrets/stalwart-desec-token.age hosts/prefect/secrets/stalwart-desec-token.age

systems/x86_64-linux/prefect/secrets/stalwart-fallback-admin-pw.age hosts/prefect/secrets/stalwart-fallback-admin-pw.age

systems/x86_64-linux/prefect/secrets/stalwart-secret-ed25519.age hosts/prefect/secrets/stalwart-secret-ed25519.age

systems/x86_64-linux/prefect/secrets/stalwart-secret-rsa.age hosts/prefect/secrets/stalwart-secret-rsa.age

systems/x86_64-linux/prefect/secrets/wireguard-priv-key.age hosts/prefect/secrets/wireguard-priv-key.age

systems/x86_64-linux/prefect/services/acme.nix hosts/prefect/services/acme.nix

systems/x86_64-linux/prefect/services/blog-update.nix hosts/prefect/services/blog-update.nix

systems/x86_64-linux/prefect/services/blog-update.sh hosts/prefect/services/blog-update.sh

+7 -7

systems/x86_64-linux/prefect/services/caddy.nix hosts/prefect/services/caddy.nix

··· 1 - { pkgs, lib, ... }: 1 + { pkgs, self, ... }: 2 2 let 3 - pns = lib.py.data.services; 4 - mail = lib.py.data.mail; 5 - marvin = "http://${lib.py.data.hosts.marvin.ts.ip4}"; 6 - marvinIP = lib.py.data.hosts.marvin.ts.ip4; 7 - tsNet = lib.py.data.tsNet; 3 + pns = self.lib.data.services; 4 + mail = self.lib.data.mail; 5 + marvin = "http://${self.lib.data.hosts.marvin.ts.ip4}"; 6 + marvinIP = self.lib.data.hosts.marvin.ts.ip4; 7 + tsNet = self.lib.data.tsNet; 8 8 in 9 9 { 10 10 services.caddy = { ··· 17 17 "github.com/mholt/caddy-l4@v0.0.0-20250902102621-4a517a98d7fa" 18 18 "github.com/mohammed90/caddy-git-fs@v0.0.0-20240805164056-529acecd1830" 19 19 ]; 20 - hash = "sha256-1R6t8JgBoF/H1m0ZNrxFyx2yRfNkgucoPf321aQnvM8="; 20 + hash = "sha256-mmiBqKgzWm6HehThvd3zMuF7Vi0NiT1zcrJMw6K305I="; 21 21 }; 22 22 email = "pyrox@pyrox.dev"; 23 23 virtualHosts = {

systems/x86_64-linux/prefect/services/dn42-peerfinder.nix hosts/prefect/services/dn42-peerfinder.nix

systems/x86_64-linux/prefect/services/fail2ban.nix hosts/prefect/services/fail2ban.nix

systems/x86_64-linux/prefect/services/headscale.nix hosts/prefect/services/headscale.nix

systems/x86_64-linux/prefect/services/mailserver/default.nix hosts/prefect/services/mailserver/default.nix

systems/x86_64-linux/prefect/services/mailserver/logins.nix hosts/prefect/services/mailserver/logins.nix

systems/x86_64-linux/prefect/services/mailserver/monitoring.nix hosts/prefect/services/mailserver/monitoring.nix

systems/x86_64-linux/prefect/services/mailserver/overrides.nix hosts/prefect/services/mailserver/overrides.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/acme.nix hosts/prefect/services/mailserver/stalwart/acme.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/auth.nix hosts/prefect/services/mailserver/stalwart/auth.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/auto-ban.nix hosts/prefect/services/mailserver/stalwart/auto-ban.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/calendar.nix hosts/prefect/services/mailserver/stalwart/calendar.nix

+2 -1

systems/x86_64-linux/prefect/services/mailserver/stalwart/default.nix hosts/prefect/services/mailserver/stalwart/default.nix

··· 1 1 { 2 2 config, 3 3 lib, 4 + self, 4 5 ... 5 6 }: 6 7 let 7 - d = lib.py.data.mail; 8 + d = self.lib.data.mail; 8 9 cfg = config.services.stalwart-mail; 9 10 sec = config.age.secrets; 10 11 creds = config.services.stalwart-mail.credentials;

systems/x86_64-linux/prefect/services/mailserver/stalwart/imap.nix hosts/prefect/services/mailserver/stalwart/imap.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/queue.nix hosts/prefect/services/mailserver/stalwart/queue.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/report.nix hosts/prefect/services/mailserver/stalwart/report.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/server.nix hosts/prefect/services/mailserver/stalwart/server.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/session.nix hosts/prefect/services/mailserver/stalwart/session.nix

systems/x86_64-linux/prefect/services/mailserver/stalwart/signature.nix hosts/prefect/services/mailserver/stalwart/signature.nix

systems/x86_64-linux/prefect/services/named.conf hosts/prefect/services/named.conf

systems/x86_64-linux/prefect/services/netdata.nix hosts/prefect/services/netdata.nix

systems/x86_64-linux/prefect/services/nginx/default.nix hosts/prefect/services/nginx/default.nix

systems/x86_64-linux/prefect/services/nginx/pyrox.dev.nix hosts/prefect/services/nginx/pyrox.dev.nix

systems/x86_64-linux/prefect/services/prometheus.nix hosts/prefect/services/prometheus.nix

systems/x86_64-linux/prefect/services/secrets.nix hosts/prefect/services/secrets.nix

systems/x86_64-linux/prefect/services/tailscale.nix hosts/prefect/services/tailscale.nix

systems/x86_64-linux/prefect/services/zerotier.nix hosts/prefect/services/zerotier.nix

systems/x86_64-linux/thought/bootloader.nix hosts/thought/bootloader.nix

systems/x86_64-linux/thought/default.nix hosts/thought/default.nix

··· 14 14 ]; 15 15 nixpkgs.hostPlatform.system = system; 16 16 py = { 17 + profiles.server.enable = true; 17 18 users.default.enable = true; 18 19 programs = { 19 20 fish.enable = true;

systems/x86_64-linux/thought/disks.nix hosts/thought/disks.nix

systems/x86_64-linux/thought/firewall.nix hosts/thought/firewall.nix

systems/x86_64-linux/thought/hardware.nix hosts/thought/hardware.nix

systems/x86_64-linux/thought/networking.nix hosts/thought/networking.nix

systems/x86_64-linux/thought/packages.nix hosts/thought/packages.nix

systems/x86_64-linux/thought/secrets/secrets.nix hosts/thought/secrets/secrets.nix

systems/x86_64-linux/thought/services/prometheus.nix hosts/thought/services/prometheus.nix

systems/x86_64-linux/thought/services/tailscale.nix hosts/thought/services/tailscale.nix

systems/x86_64-linux/zaphod/bootloader.nix hosts/zaphod/bootloader.nix

systems/x86_64-linux/zaphod/console.nix hosts/zaphod/console.nix

+2 -2

systems/x86_64-linux/zaphod/default.nix hosts/zaphod/default.nix

··· 1 - { system, ... }: 1 + { ... }: 2 2 { 3 3 imports = [ 4 4 # Machine specific configs ··· 26 26 # Agenix secrets 27 27 # ./secret-files.nix 28 28 ]; 29 - nixpkgs.hostPlatform.system = system; 30 29 py = { 30 + profiles.gui.enable = true; 31 31 users.default.enable = true; 32 32 programs = { 33 33 appimage.enable = true;

systems/x86_64-linux/zaphod/fonts.nix hosts/zaphod/fonts.nix

systems/x86_64-linux/zaphod/hardware.nix hosts/zaphod/hardware.nix

systems/x86_64-linux/zaphod/kde.nix hosts/zaphod/kde.nix

systems/x86_64-linux/zaphod/misc.nix hosts/zaphod/misc.nix

systems/x86_64-linux/zaphod/networking.nix hosts/zaphod/networking.nix

-1

systems/x86_64-linux/zaphod/packages.nix hosts/zaphod/packages.nix

··· 21 21 pkgs.qbittorrent 22 22 pkgs.scrcpy 23 23 pkgs.steam-run 24 - pkgs.py.doc2dash 25 24 ]; 26 25 }

systems/x86_64-linux/zaphod/power.nix hosts/zaphod/power.nix

systems/x86_64-linux/zaphod/programs/gnupg.nix hosts/zaphod/programs/gnupg.nix

systems/x86_64-linux/zaphod/programs/ssh.nix hosts/zaphod/programs/ssh.nix

systems/x86_64-linux/zaphod/programs/sway.nix hosts/zaphod/programs/sway.nix

systems/x86_64-linux/zaphod/programs/zsh.nix hosts/zaphod/programs/zsh.nix

systems/x86_64-linux/zaphod/secret-files.nix hosts/zaphod/secret-files.nix

systems/x86_64-linux/zaphod/secrets/secrets.nix hosts/zaphod/secrets/secrets.nix

systems/x86_64-linux/zaphod/secrets/wg-privkey.age hosts/zaphod/secrets/wg-privkey.age

systems/x86_64-linux/zaphod/security/modules.nix hosts/zaphod/security/modules.nix

systems/x86_64-linux/zaphod/security/pam.nix hosts/zaphod/security/pam.nix

systems/x86_64-linux/zaphod/services/avahi.nix hosts/zaphod/services/avahi.nix

systems/x86_64-linux/zaphod/services/docker.nix hosts/zaphod/services/docker.nix

systems/x86_64-linux/zaphod/services/flatpak.nix hosts/zaphod/services/flatpak.nix

systems/x86_64-linux/zaphod/services/fprintd.nix hosts/zaphod/services/fprintd.nix

systems/x86_64-linux/zaphod/services/fwupd.nix hosts/zaphod/services/fwupd.nix

systems/x86_64-linux/zaphod/services/greeter.nix hosts/zaphod/services/greeter.nix

systems/x86_64-linux/zaphod/services/kmscon.nix hosts/zaphod/services/kmscon.nix

systems/x86_64-linux/zaphod/services/misc.nix hosts/zaphod/services/misc.nix

systems/x86_64-linux/zaphod/services/modules.nix hosts/zaphod/services/modules.nix

systems/x86_64-linux/zaphod/services/packagekit.nix hosts/zaphod/services/packagekit.nix

systems/x86_64-linux/zaphod/services/pcscd.nix hosts/zaphod/services/pcscd.nix

systems/x86_64-linux/zaphod/services/pipewire.nix hosts/zaphod/services/pipewire.nix

systems/x86_64-linux/zaphod/services/ssh.nix hosts/zaphod/services/ssh.nix

systems/x86_64-linux/zaphod/services/tailscale.nix hosts/zaphod/services/tailscale.nix

+15

templates/default.nix

··· 1 + { 2 + self, 3 + ... 4 + }: 5 + { 6 + flake = { 7 + templates = { 8 + uv = { 9 + path = ./uv; 10 + description = "uv project template"; 11 + }; 12 + }; 13 + defaultTemplate = self.templates.uv; 14 + }; 15 + }

Configure Feed

Configure Feed