comparing use-themed-sddm and main on wiro.world/dotfiles

+1 -1

.github/workflows/nix.yml

···

       8
       8
        
           name: Check flake

     

       9
       9
        
           runs-on: ubuntu-latest

     

       10
       10
        
           steps:

     

       11
       11
       -
             - uses: actions/checkout@v4

     

       11
       11
       +
             - uses: actions/checkout@v5

     

       12
       12
        
             - uses: cachix/install-nix-action@v31

     

       13
       13
        
               with:

     

       14
       14
        
                 github_access_token: ${{ secrets.GITHUB_TOKEN }}

.ignore

···

       1
       1
       +
       *.age

+18 -12

Justfile

···

       2
       2
        
       	@just --list --unsorted --list-heading '' --list-prefix '—— '

     

       3
       3
        
       

     

       4
       4
        
       [linux]

     

       5
       5
       -
       switch PROFILE="" *ARGS:

     

       6
       6
       -
       	sudo nixos-rebuild switch --show-trace --flake .#{{PROFILE}} {{ARGS}}

     

       5
       5
       +
       switch profile="" *args:

     

       6
       6
       +
       	sudo nixos-rebuild switch --show-trace --flake .#{{profile}} {{args}}

     

       7
       7
        
       [macos]

     

       8
       8
       -
       switch PROFILE="" *ARGS:

     

       9
       9
       -
       	darwin-rebuild switch --show-trace --flake .#{{PROFILE}} {{ARGS}}

     

       8
       8
       +
       switch profile="" *args:

     

       9
       9
       +
       	darwin-rebuild switch --show-trace --flake .#{{profile}} {{args}}

     

       10
       10
        
       

     

       11
       11
        
       [linux]

     

       12
       12
       -
       build PROFILE="" *ARGS:

     

       13
       13
       -
       	nixos-rebuild build --show-trace --flake .#{{PROFILE}} {{ARGS}}

     

       12
       12
       +
       build profile="" *args:

     

       13
       13
       +
       	nixos-rebuild build --show-trace --flake .#{{profile}} {{args}}

     

       14
       14
        
       [macos]

     

       15
       15
       -
       build PROFILE="" *ARGS:

     

       16
       16
       -
       	darwin-rebuild build --show-trace --flake .#{{PROFILE}} {{ARGS}}

     

       15
       15
       +
       build profile="" *args:

     

       16
       16
       +
       	darwin-rebuild build --show-trace --flake .#{{profile}} {{args}}

     

       17
       17
        
       

     

       18
       18
       -
       home-build PROFILE *ARGS:

     

       19
       19
       -
       	home-manager build --show-trace --flake .#{{PROFILE}} {{ARGS}}

     

       18
       18
       +
       home-build profile *args:

     

       19
       19
       +
       	home-manager build --show-trace --flake .#{{profile}} {{args}}

     

       20
       20
       +
       

     

       21
       21
       +
       home-switch profile *args:

     

       22
       22
       +
       	home-manager switch --show-trace --flake .#{{profile}} {{args}}

     

       20
       23
        
       

     

       21
       21
       -
       home-switch PROFILE *ARGS:

     

       22
       22
       -
       	home-manager switch --show-trace --flake .#{{PROFILE}} {{ARGS}}

     

       24
       24
       +
       switch-target host *args:

     

       25
       25
       +
       	nixos-rebuild switch \

     

       26
       26
       +
       		--flake .#{{host}} \

     

       27
       27
       +
       		--target-host {{host}} \

     

       28
       28
       +
       		--sudo {{args}}

+10 -1

README.md

···

       20
       20
        
       	- `fragments`: Home Manager configuration fragments

     

       21
       21
        
       	- `options`: Home Manager configuration flags

     

       22
       22
        
       	- `profiles`: Base Home Manager configurations to build upon (e.g. `desktop`, `minimal`)

     

       23
       23
       -
       - `lib`: Additional custom lib and flake helpers 

     

       23
       23
       +
       - `lib`: Additional custom lib and flake helpers

     

       24
       24
        
       - `modules`: modules that fill a missing feature of NixOS or Home Manager

     

       25
       25
        
       - `nixos`: NixOS related config

     

       26
       26
        
       	- `hardware/<hostname>.nix`: Device-specific settings like settings generated by `nixos-generate-config`

     
···

       106
       106
        
       	--target-host 2a01:4f8:c2c:76d2::1 \

     

       107
       107
        
       	--use-remote-sudo

     

       108
       108
        
       ```

     

       109
       109
       +
       

     

       110
       110
       +
       ## LUKS reminders

     

       111
       111
       +
       

     

       112
       112
       +
       - [Backup and Restore LUKS header](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore)

     

       113
       113
       +
       

     

       114
       114
       +
       ## Secure boot

     

       115
       115
       +
       

     

       116
       116
       +
       - Lanzaboote

     

       117
       117
       +
       - [SystemD cryptenroll](https://wiki.archlinux.org/title/Systemd-cryptenroll)

     

       109
       118
        
       

     

       110
       119
        
       ---

     

       111
       120

+1 -1

apps/flash-installer.nix

···

       29
       29
        
           fi

     

       30
       30
        
       

     

       31
       31
        
           echo "Flashing to $dev"

     

       32
       32
       -
           

     

       32
       32
       +
       

     

       33
       33
        
           # Format selected disk

     

       34
       34
        
           pv -tpreb "${isoPath}" | sudo dd bs=4M of="$dev" iflag=fullblock conv=notrunc,noerror oflag=sync

     

       35
       35
        
         '';

+2 -1

configurations.nix

···

       19
       19
        
       

     

       20
       20
        
           # Servers

     

       21
       21
        
           "weird-row-server" = createSystem pkgs [

     

       22
       22
       -
             (system "weird-row-server" "server")

     

       22
       22
       +
             (host "weird-row-server")

     

       23
       23
        
             (managedDiskLayout "ext4-hetzner" { device = "sda"; swapSize = 2; })

     

       24
       24
       +
             # TODO: should we keep a real user there?

     

       24
       25
        
             (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; })

     

       25
       26
        
           ];

     

       26
       27
        
         };

+565 -101

flake.lock

···

       1
       1
        
       {

     

       2
       2
        
         "nodes": {

     

       3
       3
       +
           "actor-typeahead-src": {

     

       4
       4
       +
             "flake": false,

     

       5
       5
       +
             "locked": {

     

       6
       6
       +
               "lastModified": 1762835797,

     

       7
       7
       +
               "narHash": "sha256-heizoWUKDdar6ymfZTnj3ytcEv/L4d4fzSmtr0HlXsQ=",

     

       8
       8
       +
               "ref": "refs/heads/main",

     

       9
       9
       +
               "rev": "677fe7f743050a4e7f09d4a6f87bbf1325a06f6b",

     

       10
       10
       +
               "revCount": 6,

     

       11
       11
       +
               "type": "git",

     

       12
       12
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       13
       13
       +
             },

     

       14
       14
       +
             "original": {

     

       15
       15
       +
               "type": "git",

     

       16
       16
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       17
       17
       +
             }

     

       18
       18
       +
           },

     

       3
       19
        
           "agenix": {

     

       4
       20
        
             "inputs": {

     

       5
       21
        
               "darwin": "darwin",

     
···

       12
       28
        
               "systems": "systems"

     

       13
       29
        
             },

     

       14
       30
        
             "locked": {

     

       15
       15
       -
               "lastModified": 1754433428,

     

       16
       16
       -
               "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",

     

       31
       31
       +
               "lastModified": 1762618334,

     

       32
       32
       +
               "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",

     

       17
       33
        
               "owner": "ryantm",

     

       18
       34
        
               "repo": "agenix",

     

       19
       19
       -
               "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",

     

       35
       35
       +
               "rev": "fcdea223397448d35d9b31f798479227e80183f6",

     

       20
       36
        
               "type": "github"

     

       21
       37
        
             },

     

       22
       38
        
             "original": {

     
···

       25
       41
        
               "type": "github"

     

       26
       42
        
             }

     

       27
       43
        
           },

     

       44
       44
       +
           "base16": {

     

       45
       45
       +
             "inputs": {

     

       46
       46
       +
               "fromYaml": "fromYaml"

     

       47
       47
       +
             },

     

       48
       48
       +
             "locked": {

     

       49
       49
       +
               "lastModified": 1755819240,

     

       50
       50
       +
               "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=",

     

       51
       51
       +
               "owner": "SenchoPens",

     

       52
       52
       +
               "repo": "base16.nix",

     

       53
       53
       +
               "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6",

     

       54
       54
       +
               "type": "github"

     

       55
       55
       +
             },

     

       56
       56
       +
             "original": {

     

       57
       57
       +
               "owner": "SenchoPens",

     

       58
       58
       +
               "repo": "base16.nix",

     

       59
       59
       +
               "type": "github"

     

       60
       60
       +
             }

     

       61
       61
       +
           },

     

       62
       62
       +
           "base16-fish": {

     

       63
       63
       +
             "flake": false,

     

       64
       64
       +
             "locked": {

     

       65
       65
       +
               "lastModified": 1754405784,

     

       66
       66
       +
               "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",

     

       67
       67
       +
               "owner": "tomyun",

     

       68
       68
       +
               "repo": "base16-fish",

     

       69
       69
       +
               "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",

     

       70
       70
       +
               "type": "github"

     

       71
       71
       +
             },

     

       72
       72
       +
             "original": {

     

       73
       73
       +
               "owner": "tomyun",

     

       74
       74
       +
               "repo": "base16-fish",

     

       75
       75
       +
               "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",

     

       76
       76
       +
               "type": "github"

     

       77
       77
       +
             }

     

       78
       78
       +
           },

     

       79
       79
       +
           "base16-helix": {

     

       80
       80
       +
             "flake": false,

     

       81
       81
       +
             "locked": {

     

       82
       82
       +
               "lastModified": 1752979451,

     

       83
       83
       +
               "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=",

     

       84
       84
       +
               "owner": "tinted-theming",

     

       85
       85
       +
               "repo": "base16-helix",

     

       86
       86
       +
               "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac",

     

       87
       87
       +
               "type": "github"

     

       88
       88
       +
             },

     

       89
       89
       +
             "original": {

     

       90
       90
       +
               "owner": "tinted-theming",

     

       91
       91
       +
               "repo": "base16-helix",

     

       92
       92
       +
               "type": "github"

     

       93
       93
       +
             }

     

       94
       94
       +
           },

     

       95
       95
       +
           "base16-vim": {

     

       96
       96
       +
             "flake": false,

     

       97
       97
       +
             "locked": {

     

       98
       98
       +
               "lastModified": 1732806396,

     

       99
       99
       +
               "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",

     

       100
       100
       +
               "owner": "tinted-theming",

     

       101
       101
       +
               "repo": "base16-vim",

     

       102
       102
       +
               "rev": "577fe8125d74ff456cf942c733a85d769afe58b7",

     

       103
       103
       +
               "type": "github"

     

       104
       104
       +
             },

     

       105
       105
       +
             "original": {

     

       106
       106
       +
               "owner": "tinted-theming",

     

       107
       107
       +
               "repo": "base16-vim",

     

       108
       108
       +
               "rev": "577fe8125d74ff456cf942c733a85d769afe58b7",

     

       109
       109
       +
               "type": "github"

     

       110
       110
       +
             }

     

       111
       111
       +
           },

     

       112
       112
       +
           "crane": {

     

       113
       113
       +
             "locked": {

     

       114
       114
       +
               "lastModified": 1754269165,

     

       115
       115
       +
               "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",

     

       116
       116
       +
               "owner": "ipetkov",

     

       117
       117
       +
               "repo": "crane",

     

       118
       118
       +
               "rev": "444e81206df3f7d92780680e45858e31d2f07a08",

     

       119
       119
       +
               "type": "github"

     

       120
       120
       +
             },

     

       121
       121
       +
             "original": {

     

       122
       122
       +
               "owner": "ipetkov",

     

       123
       123
       +
               "repo": "crane",

     

       124
       124
       +
               "type": "github"

     

       125
       125
       +
             }

     

       126
       126
       +
           },

     

       28
       127
        
           "darwin": {

     

       29
       128
        
             "inputs": {

     

       30
       129
        
               "nixpkgs": [

     
···

       54
       153
        
               ]

     

       55
       154
        
             },

     

       56
       155
        
             "locked": {

     

       57
       57
       -
               "lastModified": 1758287904,

     

       58
       58
       -
               "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",

     

       156
       156
       +
               "lastModified": 1764627417,

     

       157
       157
       +
               "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",

     

       59
       158
        
               "owner": "nix-community",

     

       60
       159
        
               "repo": "disko",

     

       61
       61
       -
               "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",

     

       160
       160
       +
               "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",

     

       62
       161
        
               "type": "github"

     

       63
       162
        
             },

     

       64
       163
        
             "original": {

     
···

       67
       166
        
               "type": "github"

     

       68
       167
        
             }

     

       69
       168
        
           },

     

       169
       169
       +
           "firefox-gnome-theme": {

     

       170
       170
       +
             "flake": false,

     

       171
       171
       +
             "locked": {

     

       172
       172
       +
               "lastModified": 1758112371,

     

       173
       173
       +
               "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=",

     

       174
       174
       +
               "owner": "rafaelmardojai",

     

       175
       175
       +
               "repo": "firefox-gnome-theme",

     

       176
       176
       +
               "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d",

     

       177
       177
       +
               "type": "github"

     

       178
       178
       +
             },

     

       179
       179
       +
             "original": {

     

       180
       180
       +
               "owner": "rafaelmardojai",

     

       181
       181
       +
               "repo": "firefox-gnome-theme",

     

       182
       182
       +
               "type": "github"

     

       183
       183
       +
             }

     

       184
       184
       +
           },

     

       70
       185
        
           "flake-compat": {

     

       71
       186
        
             "flake": false,

     

       72
       187
        
             "locked": {

     

       188
       188
       +
               "lastModified": 1761588595,

     

       189
       189
       +
               "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",

     

       190
       190
       +
               "owner": "edolstra",

     

       191
       191
       +
               "repo": "flake-compat",

     

       192
       192
       +
               "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",

     

       193
       193
       +
               "type": "github"

     

       194
       194
       +
             },

     

       195
       195
       +
             "original": {

     

       196
       196
       +
               "owner": "edolstra",

     

       197
       197
       +
               "repo": "flake-compat",

     

       198
       198
       +
               "type": "github"

     

       199
       199
       +
             }

     

       200
       200
       +
           },

     

       201
       201
       +
           "flake-compat_2": {

     

       202
       202
       +
             "locked": {

     

       203
       203
       +
               "lastModified": 1761588595,

     

       204
       204
       +
               "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",

     

       205
       205
       +
               "owner": "edolstra",

     

       206
       206
       +
               "repo": "flake-compat",

     

       207
       207
       +
               "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",

     

       208
       208
       +
               "type": "github"

     

       209
       209
       +
             },

     

       210
       210
       +
             "original": {

     

       211
       211
       +
               "owner": "edolstra",

     

       212
       212
       +
               "repo": "flake-compat",

     

       213
       213
       +
               "type": "github"

     

       214
       214
       +
             }

     

       215
       215
       +
           },

     

       216
       216
       +
           "flake-compat_3": {

     

       217
       217
       +
             "flake": false,

     

       218
       218
       +
             "locked": {

     

       73
       219
        
               "lastModified": 1751685974,

     

       74
       220
        
               "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",

     

       75
       221
        
               "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",

     
···

       81
       227
        
               "url": "https://git.lix.systems/lix-project/flake-compat/archive/main.tar.gz"

     

       82
       228
        
             }

     

       83
       229
        
           },

     

       84
       84
       -
           "flake-utils": {

     

       230
       230
       +
           "flake-parts": {

     

       85
       231
        
             "inputs": {

     

       86
       86
       -
               "systems": "systems_2"

     

       232
       232
       +
               "nixpkgs-lib": [

     

       233
       233
       +
                 "stylix",

     

       234
       234
       +
                 "nixpkgs"

     

       235
       235
       +
               ]

     

       87
       236
        
             },

     

       88
       237
        
             "locked": {

     

       89
       89
       -
               "lastModified": 1731533236,

     

       90
       90
       -
               "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",

     

       91
       91
       -
               "owner": "numtide",

     

       92
       92
       -
               "repo": "flake-utils",

     

       93
       93
       -
               "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",

     

       238
       238
       +
               "lastModified": 1756770412,

     

       239
       239
       +
               "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",

     

       240
       240
       +
               "owner": "hercules-ci",

     

       241
       241
       +
               "repo": "flake-parts",

     

       242
       242
       +
               "rev": "4524271976b625a4a605beefd893f270620fd751",

     

       94
       243
        
               "type": "github"

     

       95
       244
        
             },

     

       96
       245
        
             "original": {

     

       97
       97
       -
               "owner": "numtide",

     

       98
       98
       -
               "repo": "flake-utils",

     

       246
       246
       +
               "owner": "hercules-ci",

     

       247
       247
       +
               "repo": "flake-parts",

     

       99
       248
        
               "type": "github"

     

       100
       249
        
             }

     

       101
       250
        
           },

     

       102
       102
       -
           "flake-utils_2": {

     

       251
       251
       +
           "flake-utils": {

     

       103
       252
        
             "inputs": {

     

       104
       253
        
               "systems": "systems_3"

     

       105
       254
        
             },

     
···

       117
       266
        
               "type": "github"

     

       118
       267
        
             }

     

       119
       268
        
           },

     

       269
       269
       +
           "fromYaml": {

     

       270
       270
       +
             "flake": false,

     

       271
       271
       +
             "locked": {

     

       272
       272
       +
               "lastModified": 1731966426,

     

       273
       273
       +
               "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",

     

       274
       274
       +
               "owner": "SenchoPens",

     

       275
       275
       +
               "repo": "fromYaml",

     

       276
       276
       +
               "rev": "106af9e2f715e2d828df706c386a685698f3223b",

     

       277
       277
       +
               "type": "github"

     

       278
       278
       +
             },

     

       279
       279
       +
             "original": {

     

       280
       280
       +
               "owner": "SenchoPens",

     

       281
       281
       +
               "repo": "fromYaml",

     

       282
       282
       +
               "type": "github"

     

       283
       283
       +
             }

     

       284
       284
       +
           },

     

       120
       285
        
           "git-leave": {

     

       121
       286
        
             "inputs": {

     

       122
       287
        
               "gitignore": "gitignore",

     
···

       126
       291
        
               "rust-overlay": "rust-overlay"

     

       127
       292
        
             },

     

       128
       293
        
             "locked": {

     

       129
       129
       -
               "lastModified": 1747139554,

     

       130
       130
       -
               "narHash": "sha256-CpjdfdzyN0tAcBvtg9AQk+mDlNSb+NAZPUBpx/4VzvA=",

     

       294
       294
       +
               "lastModified": 1764804992,

     

       295
       295
       +
               "narHash": "sha256-6XIwDQwquGUfiwoTsukMyE6DcXW4Cx0fjE4cLTgQ7RM=",

     

       131
       296
        
               "owner": "mrnossiom",

     

       132
       297
        
               "repo": "git-leave",

     

       133
       133
       -
               "rev": "bf125663fa992097620ca034ec57ebd20ed50532",

     

       298
       298
       +
               "rev": "3c09ab6afafae76be08956cc7bf563f80e0f8394",

     

       134
       299
        
               "type": "github"

     

       135
       300
        
             },

     

       136
       301
        
             "original": {

     
···

       147
       312
        
               ]

     

       148
       313
        
             },

     

       149
       314
        
             "locked": {

     

       315
       315
       +
               "lastModified": 1762808025,

     

       316
       316
       +
               "narHash": "sha256-XmjITeZNMTQXGhhww6ed/Wacy2KzD6svioyCX7pkUu4=",

     

       317
       317
       +
               "owner": "hercules-ci",

     

       318
       318
       +
               "repo": "gitignore.nix",

     

       319
       319
       +
               "rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c",

     

       320
       320
       +
               "type": "github"

     

       321
       321
       +
             },

     

       322
       322
       +
             "original": {

     

       323
       323
       +
               "owner": "hercules-ci",

     

       324
       324
       +
               "repo": "gitignore.nix",

     

       325
       325
       +
               "type": "github"

     

       326
       326
       +
             }

     

       327
       327
       +
           },

     

       328
       328
       +
           "gitignore_2": {

     

       329
       329
       +
             "inputs": {

     

       330
       330
       +
               "nixpkgs": [

     

       331
       331
       +
                 "hypixel-bank-tracker",

     

       332
       332
       +
                 "nixpkgs"

     

       333
       333
       +
               ]

     

       334
       334
       +
             },

     

       335
       335
       +
             "locked": {

     

       336
       336
       +
               "lastModified": 1762808025,

     

       337
       337
       +
               "narHash": "sha256-XmjITeZNMTQXGhhww6ed/Wacy2KzD6svioyCX7pkUu4=",

     

       338
       338
       +
               "owner": "hercules-ci",

     

       339
       339
       +
               "repo": "gitignore.nix",

     

       340
       340
       +
               "rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c",

     

       341
       341
       +
               "type": "github"

     

       342
       342
       +
             },

     

       343
       343
       +
             "original": {

     

       344
       344
       +
               "owner": "hercules-ci",

     

       345
       345
       +
               "repo": "gitignore.nix",

     

       346
       346
       +
               "type": "github"

     

       347
       347
       +
             }

     

       348
       348
       +
           },

     

       349
       349
       +
           "gitignore_3": {

     

       350
       350
       +
             "inputs": {

     

       351
       351
       +
               "nixpkgs": [

     

       352
       352
       +
                 "lanzaboote",

     

       353
       353
       +
                 "pre-commit",

     

       354
       354
       +
                 "nixpkgs"

     

       355
       355
       +
               ]

     

       356
       356
       +
             },

     

       357
       357
       +
             "locked": {

     

       150
       358
        
               "lastModified": 1709087332,

     

       151
       359
        
               "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",

     

       152
       360
        
               "owner": "hercules-ci",

     
···

       160
       368
        
               "type": "github"

     

       161
       369
        
             }

     

       162
       370
        
           },

     

       163
       163
       -
           "gitignore_2": {

     

       371
       371
       +
           "gitignore_4": {

     

       164
       372
        
             "inputs": {

     

       165
       373
        
               "nixpkgs": [

     

       166
       374
        
                 "wakatime-ls",

     
···

       181
       389
        
               "type": "github"

     

       182
       390
        
             }

     

       183
       391
        
           },

     

       392
       392
       +
           "gnome-shell": {

     

       393
       393
       +
             "flake": false,

     

       394
       394
       +
             "locked": {

     

       395
       395
       +
               "host": "gitlab.gnome.org",

     

       396
       396
       +
               "lastModified": 1762869044,

     

       397
       397
       +
               "narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=",

     

       398
       398
       +
               "owner": "GNOME",

     

       399
       399
       +
               "repo": "gnome-shell",

     

       400
       400
       +
               "rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad",

     

       401
       401
       +
               "type": "gitlab"

     

       402
       402
       +
             },

     

       403
       403
       +
             "original": {

     

       404
       404
       +
               "host": "gitlab.gnome.org",

     

       405
       405
       +
               "owner": "GNOME",

     

       406
       406
       +
               "ref": "gnome-49",

     

       407
       407
       +
               "repo": "gnome-shell",

     

       408
       408
       +
               "type": "gitlab"

     

       409
       409
       +
             }

     

       410
       410
       +
           },

     

       184
       411
        
           "gomod2nix": {

     

       185
       412
        
             "inputs": {

     

       186
       186
       -
               "flake-utils": "flake-utils_2",

     

       413
       413
       +
               "flake-utils": "flake-utils",

     

       187
       414
        
               "nixpkgs": [

     

       188
       415
        
                 "tangled",

     

       189
       416
        
                 "nixpkgs"

     
···

       203
       430
        
               "type": "github"

     

       204
       431
        
             }

     

       205
       432
        
           },

     

       206
       206
       -
           "helix": {

     

       207
       207
       -
             "inputs": {

     

       208
       208
       -
               "nixpkgs": [

     

       209
       209
       -
                 "unixpkgs"

     

       210
       210
       -
               ],

     

       211
       211
       -
               "rust-overlay": "rust-overlay_2"

     

       212
       212
       -
             },

     

       213
       213
       -
             "locked": {

     

       214
       214
       -
               "lastModified": 1759201995,

     

       215
       215
       -
               "narHash": "sha256-3STv6fITv8Ar/kl0H7vIA7VV0d2gyLh8UL0BOiVacXg=",

     

       216
       216
       -
               "owner": "helix-editor",

     

       217
       217
       -
               "repo": "helix",

     

       218
       218
       -
               "rev": "bfcbef10c513108c7b43317569416c2eefc4ed44",

     

       219
       219
       -
               "type": "github"

     

       220
       220
       -
             },

     

       221
       221
       -
             "original": {

     

       222
       222
       -
               "owner": "helix-editor",

     

       223
       223
       -
               "repo": "helix",

     

       224
       224
       -
               "type": "github"

     

       225
       225
       -
             }

     

       226
       226
       -
           },

     

       227
       433
        
           "home-manager": {

     

       228
       434
        
             "inputs": {

     

       229
       435
        
               "nixpkgs": [

     
···

       231
       437
        
               ]

     

       232
       438
        
             },

     

       233
       439
        
             "locked": {

     

       234
       234
       -
               "lastModified": 1747556831,

     

       235
       235
       -
               "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",

     

       440
       440
       +
               "lastModified": 1764398914,

     

       441
       441
       +
               "narHash": "sha256-YPrpwlVQidzQlMh0OnquaJR+58rKe9YNnuRis293Ilo=",

     

       236
       442
        
               "owner": "nix-community",

     

       237
       443
        
               "repo": "home-manager",

     

       238
       238
       -
               "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",

     

       444
       444
       +
               "rev": "d0c5fdc48db6f19471b8adc954eca09194e68036",

     

       239
       445
        
               "type": "github"

     

       240
       446
        
             },

     

       241
       447
        
             "original": {

     

       242
       448
        
               "owner": "nix-community",

     

       243
       243
       -
               "ref": "release-25.05",

     

       449
       449
       +
               "ref": "release-25.11",

     

       244
       450
        
               "repo": "home-manager",

     

       245
       451
        
               "type": "github"

     

       246
       452
        
             }

     
···

       269
       475
        
               "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"

     

       270
       476
        
             }

     

       271
       477
        
           },

     

       478
       478
       +
           "hypixel-bank-tracker": {

     

       479
       479
       +
             "inputs": {

     

       480
       480
       +
               "gitignore": "gitignore_2",

     

       481
       481
       +
               "nixpkgs": [

     

       482
       482
       +
                 "nixpkgs"

     

       483
       483
       +
               ],

     

       484
       484
       +
               "rust-overlay": "rust-overlay_2"

     

       485
       485
       +
             },

     

       486
       486
       +
             "locked": {

     

       487
       487
       +
               "lastModified": 1764455123,

     

       488
       488
       +
               "narHash": "sha256-ePlZ3OHBLTRlRa9zs2IeHNA8CuiMLyu5ZUzxoGI5Hp0=",

     

       489
       489
       +
               "owner": "pixilie",

     

       490
       490
       +
               "repo": "hypixel-bank-tracker",

     

       491
       491
       +
               "rev": "8e4e91b1a8fa264895fa40dda93c3363be33a958",

     

       492
       492
       +
               "type": "github"

     

       493
       493
       +
             },

     

       494
       494
       +
             "original": {

     

       495
       495
       +
               "owner": "pixilie",

     

       496
       496
       +
               "repo": "hypixel-bank-tracker",

     

       497
       497
       +
               "type": "github"

     

       498
       498
       +
             }

     

       499
       499
       +
           },

     

       272
       500
        
           "ibm-plex-mono-src": {

     

       273
       501
        
             "flake": false,

     

       274
       502
        
             "locked": {

     
···

       311
       539
        
               "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip"

     

       312
       540
        
             }

     

       313
       541
        
           },

     

       314
       314
       -
           "jujutsu": {

     

       542
       542
       +
           "lanzaboote": {

     

       315
       543
        
             "inputs": {

     

       316
       316
       -
               "flake-utils": "flake-utils",

     

       544
       544
       +
               "crane": "crane",

     

       317
       545
        
               "nixpkgs": [

     

       318
       546
        
                 "unixpkgs"

     

       319
       547
        
               ],

     

       548
       548
       +
               "pre-commit": "pre-commit",

     

       320
       549
        
               "rust-overlay": "rust-overlay_3"

     

       321
       550
        
             },

     

       322
       551
        
             "locked": {

     

       323
       323
       -
               "lastModified": 1759360197,

     

       324
       324
       -
               "narHash": "sha256-OW8kSDBBSZr0G3U27AAkZ3cH3TJmSARbg9Pc4qZ6tA0=",

     

       325
       325
       -
               "owner": "jj-vcs",

     

       326
       326
       -
               "repo": "jj",

     

       327
       327
       -
               "rev": "22900c9a9ba362efa442fed2dd4e6e1d5c22cc7a",

     

       552
       552
       +
               "lastModified": 1764622702,

     

       553
       553
       +
               "narHash": "sha256-HggOVvg2U3EwT44wPHEwFKromf9qR9rTqfV1i3q7rYs=",

     

       554
       554
       +
               "owner": "nix-community",

     

       555
       555
       +
               "repo": "lanzaboote",

     

       556
       556
       +
               "rev": "6242b3b2b5e5afcf329027ed4eb5fa6e2eab10f1",

     

       328
       557
        
               "type": "github"

     

       329
       558
        
             },

     

       330
       559
        
             "original": {

     

       331
       331
       -
               "owner": "jj-vcs",

     

       332
       332
       -
               "repo": "jj",

     

       560
       560
       +
               "owner": "nix-community",

     

       561
       561
       +
               "repo": "lanzaboote",

     

       333
       562
        
               "type": "github"

     

       334
       563
        
             }

     

       335
       564
        
           },

     
···

       346
       575
        
               "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip"

     

       347
       576
        
             }

     

       348
       577
        
           },

     

       578
       578
       +
           "nix-alien": {

     

       579
       579
       +
             "inputs": {

     

       580
       580
       +
               "flake-compat": "flake-compat_2",

     

       581
       581
       +
               "nix-index-database": "nix-index-database",

     

       582
       582
       +
               "nixpkgs": [

     

       583
       583
       +
                 "nixpkgs"

     

       584
       584
       +
               ]

     

       585
       585
       +
             },

     

       586
       586
       +
             "locked": {

     

       587
       587
       +
               "lastModified": 1764061716,

     

       588
       588
       +
               "narHash": "sha256-xKnIoMPv2kIsWhjRhJayqMWU2xkjeq2pyPmR1dLFPHs=",

     

       589
       589
       +
               "owner": "thiagokokada",

     

       590
       590
       +
               "repo": "nix-alien",

     

       591
       591
       +
               "rev": "9bc9c1ab671eb1b610f549e15bc0b750ab987409",

     

       592
       592
       +
               "type": "github"

     

       593
       593
       +
             },

     

       594
       594
       +
             "original": {

     

       595
       595
       +
               "owner": "thiagokokada",

     

       596
       596
       +
               "repo": "nix-alien",

     

       597
       597
       +
               "type": "github"

     

       598
       598
       +
             }

     

       599
       599
       +
           },

     

       349
       600
        
           "nix-darwin": {

     

       350
       601
        
             "inputs": {

     

       351
       602
        
               "nixpkgs": [

     
···

       353
       604
        
               ]

     

       354
       605
        
             },

     

       355
       606
        
             "locked": {

     

       356
       356
       -
               "lastModified": 1748004251,

     

       357
       357
       -
               "narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=",

     

       358
       358
       -
               "owner": "LnL7",

     

       607
       607
       +
               "lastModified": 1764161084,

     

       608
       608
       +
               "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",

     

       609
       609
       +
               "owner": "nix-darwin",

     

       359
       610
        
               "repo": "nix-darwin",

     

       360
       360
       -
               "rev": "33220d4791784e4dd4739edd3f6c028020082f91",

     

       611
       611
       +
               "rev": "e95de00a471d07435e0527ff4db092c84998698e",

     

       361
       612
        
               "type": "github"

     

       362
       613
        
             },

     

       363
       614
        
             "original": {

     

       364
       364
       -
               "owner": "LnL7",

     

       615
       615
       +
               "owner": "nix-darwin",

     

       616
       616
       +
               "ref": "nix-darwin-25.11",

     

       365
       617
        
               "repo": "nix-darwin",

     

       366
       618
        
               "type": "github"

     

       367
       619
        
             }

     

       368
       620
        
           },

     

       621
       621
       +
           "nix-index-database": {

     

       622
       622
       +
             "inputs": {

     

       623
       623
       +
               "nixpkgs": [

     

       624
       624
       +
                 "nix-alien",

     

       625
       625
       +
                 "nixpkgs"

     

       626
       626
       +
               ]

     

       627
       627
       +
             },

     

       628
       628
       +
             "locked": {

     

       629
       629
       +
               "lastModified": 1762660502,

     

       630
       630
       +
               "narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",

     

       631
       631
       +
               "owner": "nix-community",

     

       632
       632
       +
               "repo": "nix-index-database",

     

       633
       633
       +
               "rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",

     

       634
       634
       +
               "type": "github"

     

       635
       635
       +
             },

     

       636
       636
       +
             "original": {

     

       637
       637
       +
               "owner": "nix-community",

     

       638
       638
       +
               "repo": "nix-index-database",

     

       639
       639
       +
               "type": "github"

     

       640
       640
       +
             }

     

       641
       641
       +
           },

     

       369
       642
        
           "nixos-hardware": {

     

       370
       643
        
             "locked": {

     

       371
       371
       -
               "lastModified": 1758663926,

     

       372
       372
       -
               "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=",

     

       644
       644
       +
               "lastModified": 1764440730,

     

       645
       645
       +
               "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",

     

       373
       646
        
               "owner": "nixos",

     

       374
       647
        
               "repo": "nixos-hardware",

     

       375
       375
       -
               "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1",

     

       648
       648
       +
               "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",

     

       376
       649
        
               "type": "github"

     

       377
       650
        
             },

     

       378
       651
        
             "original": {

     
···

       383
       656
        
           },

     

       384
       657
        
           "nixpkgs": {

     

       385
       658
        
             "locked": {

     

       386
       386
       -
               "lastModified": 1747953325,

     

       387
       387
       -
               "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=",

     

       659
       659
       +
               "lastModified": 1764406085,

     

       660
       660
       +
               "narHash": "sha256-CYbMp8hwuOf4umokSNp+t1s4Hjd4vxXq4S5CD+xvgNs=",

     

       388
       661
        
               "owner": "nixos",

     

       389
       662
        
               "repo": "nixpkgs",

     

       390
       390
       -
               "rev": "55d1f923c480dadce40f5231feb472e81b0bab48",

     

       663
       663
       +
               "rev": "9561691c9f450fad7c3526916e1c4f44be0d1192",

     

       391
       664
        
               "type": "github"

     

       392
       665
        
             },

     

       393
       666
        
             "original": {

     

       394
       667
        
               "owner": "nixos",

     

       395
       395
       -
               "ref": "nixos-25.05",

     

       668
       668
       +
               "ref": "nixos-25.11",

     

       396
       669
        
               "repo": "nixpkgs",

     

       397
       670
        
               "type": "github"

     

       398
       671
        
             }

     

       399
       672
        
           },

     

       673
       673
       +
           "nur": {

     

       674
       674
       +
             "inputs": {

     

       675
       675
       +
               "flake-parts": [

     

       676
       676
       +
                 "stylix",

     

       677
       677
       +
                 "flake-parts"

     

       678
       678
       +
               ],

     

       679
       679
       +
               "nixpkgs": [

     

       680
       680
       +
                 "stylix",

     

       681
       681
       +
                 "nixpkgs"

     

       682
       682
       +
               ]

     

       683
       683
       +
             },

     

       684
       684
       +
             "locked": {

     

       685
       685
       +
               "lastModified": 1758998580,

     

       686
       686
       +
               "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=",

     

       687
       687
       +
               "owner": "nix-community",

     

       688
       688
       +
               "repo": "NUR",

     

       689
       689
       +
               "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728",

     

       690
       690
       +
               "type": "github"

     

       691
       691
       +
             },

     

       692
       692
       +
             "original": {

     

       693
       693
       +
               "owner": "nix-community",

     

       694
       694
       +
               "repo": "NUR",

     

       695
       695
       +
               "type": "github"

     

       696
       696
       +
             }

     

       697
       697
       +
           },

     

       698
       698
       +
           "pre-commit": {

     

       699
       699
       +
             "inputs": {

     

       700
       700
       +
               "flake-compat": "flake-compat",

     

       701
       701
       +
               "gitignore": "gitignore_3",

     

       702
       702
       +
               "nixpkgs": [

     

       703
       703
       +
                 "lanzaboote",

     

       704
       704
       +
                 "nixpkgs"

     

       705
       705
       +
               ]

     

       706
       706
       +
             },

     

       707
       707
       +
             "locked": {

     

       708
       708
       +
               "lastModified": 1763988335,

     

       709
       709
       +
               "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",

     

       710
       710
       +
               "owner": "cachix",

     

       711
       711
       +
               "repo": "pre-commit-hooks.nix",

     

       712
       712
       +
               "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",

     

       713
       713
       +
               "type": "github"

     

       714
       714
       +
             },

     

       715
       715
       +
             "original": {

     

       716
       716
       +
               "owner": "cachix",

     

       717
       717
       +
               "repo": "pre-commit-hooks.nix",

     

       718
       718
       +
               "type": "github"

     

       719
       719
       +
             }

     

       720
       720
       +
           },

     

       400
       721
        
           "root": {

     

       401
       722
        
             "inputs": {

     

       402
       723
        
               "agenix": "agenix",

     

       403
       724
        
               "disko": "disko",

     

       404
       725
        
               "git-leave": "git-leave",

     

       405
       405
       -
               "helix": "helix",

     

       406
       726
        
               "home-manager": "home-manager",

     

       407
       407
       -
               "jujutsu": "jujutsu",

     

       727
       727
       +
               "hypixel-bank-tracker": "hypixel-bank-tracker",

     

       728
       728
       +
               "lanzaboote": "lanzaboote",

     

       729
       729
       +
               "nix-alien": "nix-alien",

     

       408
       730
        
               "nix-darwin": "nix-darwin",

     

       409
       731
        
               "nixos-hardware": "nixos-hardware",

     

       410
       732
        
               "nixpkgs": "nixpkgs",

     

       411
       733
        
               "srvos": "srvos",

     

       734
       734
       +
               "stylix": "stylix",

     

       412
       735
        
               "tangled": "tangled",

     

       413
       736
        
               "unixpkgs": "unixpkgs",

     

       414
       414
       -
               "wakatime-ls": "wakatime-ls"

     

       737
       737
       +
               "wakatime-ls": "wakatime-ls",

     

       738
       738
       +
               "zen-browser": "zen-browser"

     

       415
       739
        
             }

     

       416
       740
        
           },

     

       417
       741
        
           "rust-overlay": {

     
···

       422
       746
        
               ]

     

       423
       747
        
             },

     

       424
       748
        
             "locked": {

     

       425
       425
       -
               "lastModified": 1744599145,

     

       426
       426
       -
               "narHash": "sha256-yzaDPkJwZdUtRj/dzdOeB74yryWzpngYaD7BedqFKk8=",

     

       749
       749
       +
               "lastModified": 1764557621,

     

       750
       750
       +
               "narHash": "sha256-kX5PoY8hQZ80+amMQgOO9t8Tc1JZ70gYRnzaVD4AA+o=",

     

       427
       751
        
               "owner": "oxalica",

     

       428
       752
        
               "repo": "rust-overlay",

     

       429
       429
       -
               "rev": "fd6795d3d28f956de01a0458b6fa7baae5c793b4",

     

       753
       753
       +
               "rev": "93316876c2229460a5d6f5f052766cc4cef538ce",

     

       430
       754
        
               "type": "github"

     

       431
       755
        
             },

     

       432
       756
        
             "original": {

     
···

       438
       762
        
           "rust-overlay_2": {

     

       439
       763
        
             "inputs": {

     

       440
       764
        
               "nixpkgs": [

     

       441
       441
       -
                 "helix",

     

       765
       765
       +
                 "hypixel-bank-tracker",

     

       442
       766
        
                 "nixpkgs"

     

       443
       767
        
               ]

     

       444
       768
        
             },

     

       445
       769
        
             "locked": {

     

       446
       446
       -
               "lastModified": 1740623427,

     

       447
       447
       -
               "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",

     

       770
       770
       +
               "lastModified": 1763087910,

     

       771
       771
       +
               "narHash": "sha256-eB9Z1mWd1U6N61+F8qwDggX0ihM55s4E0CluwNukJRU=",

     

       448
       772
        
               "owner": "oxalica",

     

       449
       773
        
               "repo": "rust-overlay",

     

       450
       450
       -
               "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",

     

       774
       774
       +
               "rev": "cf4a68749733d45c0420726596367acd708eb2e8",

     

       451
       775
        
               "type": "github"

     

       452
       776
        
             },

     

       453
       777
        
             "original": {

     
···

       459
       783
        
           "rust-overlay_3": {

     

       460
       784
        
             "inputs": {

     

       461
       785
        
               "nixpkgs": [

     

       462
       462
       -
                 "jujutsu",

     

       786
       786
       +
                 "lanzaboote",

     

       463
       787
        
                 "nixpkgs"

     

       464
       788
        
               ]

     

       465
       789
        
             },

     

       466
       790
        
             "locked": {

     

       467
       467
       -
               "lastModified": 1755139244,

     

       468
       468
       -
               "narHash": "sha256-SN1BFA00m+siVAQiGLtTwjv9LV9TH5n8tQcSziV6Nv4=",

     

       791
       791
       +
               "lastModified": 1761791894,

     

       792
       792
       +
               "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",

     

       469
       793
        
               "owner": "oxalica",

     

       470
       794
        
               "repo": "rust-overlay",

     

       471
       471
       -
               "rev": "aeae248beb2a419e39d483dd9b7fec924aba8d4d",

     

       795
       795
       +
               "rev": "59c45eb69d9222a4362673141e00ff77842cd219",

     

       472
       796
        
               "type": "github"

     

       473
       797
        
             },

     

       474
       798
        
             "original": {

     
···

       485
       809
        
               ]

     

       486
       810
        
             },

     

       487
       811
        
             "locked": {

     

       488
       488
       -
               "lastModified": 1748746145,

     

       489
       489
       -
               "narHash": "sha256-bwkCAK9pOyI2Ww4Q4oO1Ynv7O9aZPrsIAMMASmhVGp4=",

     

       812
       812
       +
               "lastModified": 1761705569,

     

       813
       813
       +
               "narHash": "sha256-dqljv29XldlKvdTwFw8GkxOQHrz3/13yxdwHW8+nzBI=",

     

       490
       814
        
               "owner": "oxalica",

     

       491
       815
        
               "repo": "rust-overlay",

     

       492
       492
       -
               "rev": "12a0d94a2f2b06714f747ab97b2fa546f46b460c",

     

       816
       816
       +
               "rev": "bca7909cb02f5139e0a490b0ff4bae775ea3ebf6",

     

       493
       817
        
               "type": "github"

     

       494
       818
        
             },

     

       495
       819
        
             "original": {

     
···

       518
       842
        
               ]

     

       519
       843
        
             },

     

       520
       844
        
             "locked": {

     

       521
       521
       -
               "lastModified": 1759107752,

     

       522
       522
       -
               "narHash": "sha256-VEdL1J4rk+Z/5wHhLSsvj5QmXWKHHDeN1P8YLGLa1RM=",

     

       845
       845
       +
               "lastModified": 1764205213,

     

       846
       846
       +
               "narHash": "sha256-VWKPkM4m5kGgJ0HY1WKfvlPkKka6tYwUR8snetAFTu8=",

     

       523
       847
        
               "owner": "nix-community",

     

       524
       848
        
               "repo": "srvos",

     

       525
       525
       -
               "rev": "97708379b1f3b64224632eb49a56e45fe6995e6f",

     

       849
       849
       +
               "rev": "8b90cbaadae462563297a2d08870cccfd986ca28",

     

       526
       850
        
               "type": "github"

     

       527
       851
        
             },

     

       528
       852
        
             "original": {

     
···

       531
       855
        
               "type": "github"

     

       532
       856
        
             }

     

       533
       857
        
           },

     

       858
       858
       +
           "stylix": {

     

       859
       859
       +
             "inputs": {

     

       860
       860
       +
               "base16": "base16",

     

       861
       861
       +
               "base16-fish": "base16-fish",

     

       862
       862
       +
               "base16-helix": "base16-helix",

     

       863
       863
       +
               "base16-vim": "base16-vim",

     

       864
       864
       +
               "firefox-gnome-theme": "firefox-gnome-theme",

     

       865
       865
       +
               "flake-parts": "flake-parts",

     

       866
       866
       +
               "gnome-shell": "gnome-shell",

     

       867
       867
       +
               "nixpkgs": [

     

       868
       868
       +
                 "nixpkgs"

     

       869
       869
       +
               ],

     

       870
       870
       +
               "nur": "nur",

     

       871
       871
       +
               "systems": "systems_2",

     

       872
       872
       +
               "tinted-foot": "tinted-foot",

     

       873
       873
       +
               "tinted-kitty": "tinted-kitty",

     

       874
       874
       +
               "tinted-schemes": "tinted-schemes",

     

       875
       875
       +
               "tinted-tmux": "tinted-tmux",

     

       876
       876
       +
               "tinted-zed": "tinted-zed"

     

       877
       877
       +
             },

     

       878
       878
       +
             "locked": {

     

       879
       879
       +
               "lastModified": 1764193603,

     

       880
       880
       +
               "narHash": "sha256-guX30TWe8HRG2qPFiM9893F2uTw4B8D/xkE6Mq7MiYg=",

     

       881
       881
       +
               "owner": "nix-community",

     

       882
       882
       +
               "repo": "stylix",

     

       883
       883
       +
               "rev": "9bf8725a3d65b3ff0ba68ce13779657f5095e36b",

     

       884
       884
       +
               "type": "github"

     

       885
       885
       +
             },

     

       886
       886
       +
             "original": {

     

       887
       887
       +
               "owner": "nix-community",

     

       888
       888
       +
               "ref": "release-25.11",

     

       889
       889
       +
               "repo": "stylix",

     

       890
       890
       +
               "type": "github"

     

       891
       891
       +
             }

     

       892
       892
       +
           },

     

       534
       893
        
           "systems": {

     

       535
       894
        
             "locked": {

     

       536
       895
        
               "lastModified": 1681028828,

     
···

       578
       937
        
           },

     

       579
       938
        
           "tangled": {

     

       580
       939
        
             "inputs": {

     

       581
       581
       -
               "flake-compat": "flake-compat",

     

       940
       940
       +
               "actor-typeahead-src": "actor-typeahead-src",

     

       941
       941
       +
               "flake-compat": "flake-compat_3",

     

       582
       942
        
               "gomod2nix": "gomod2nix",

     

       583
       943
        
               "htmx-src": "htmx-src",

     

       584
       944
        
               "htmx-ws-src": "htmx-ws-src",

     
···

       592
       952
        
               "sqlite-lib-src": "sqlite-lib-src"

     

       593
       953
        
             },

     

       594
       954
        
             "locked": {

     

       595
       595
       -
               "lastModified": 1759247161,

     

       596
       596
       -
               "narHash": "sha256-Th0+karP19f0BC4cYBI27adn+lGFYCWq5C+FfQFrHXA=",

     

       955
       955
       +
               "lastModified": 1764005195,

     

       956
       956
       +
               "narHash": "sha256-PzuWiW/nMxwQTX0i1bHwGazQF4ptLNI9OGwpmhDb9i0=",

     

       597
       957
        
               "ref": "refs/heads/master",

     

       598
       598
       -
               "rev": "5c9bf597da9a0f19635187a10f6711dd1917a9d7",

     

       599
       599
       -
               "revCount": 1467,

     

       958
       958
       +
               "rev": "7358ec6edfa4d17b8b8f543d99e83a4705901148",

     

       959
       959
       +
               "revCount": 1687,

     

       600
       960
        
               "type": "git",

     

       601
       601
       -
               "url": "https://tangled.org/@tangled.org/core"

     

       961
       961
       +
               "url": "https://tangled.org/tangled.org/core"

     

       602
       962
        
             },

     

       603
       963
        
             "original": {

     

       604
       964
        
               "type": "git",

     

       605
       605
       -
               "url": "https://tangled.org/@tangled.org/core"

     

       965
       965
       +
               "url": "https://tangled.org/tangled.org/core"

     

       966
       966
       +
             }

     

       967
       967
       +
           },

     

       968
       968
       +
           "tinted-foot": {

     

       969
       969
       +
             "flake": false,

     

       970
       970
       +
             "locked": {

     

       971
       971
       +
               "lastModified": 1726913040,

     

       972
       972
       +
               "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",

     

       973
       973
       +
               "owner": "tinted-theming",

     

       974
       974
       +
               "repo": "tinted-foot",

     

       975
       975
       +
               "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",

     

       976
       976
       +
               "type": "github"

     

       977
       977
       +
             },

     

       978
       978
       +
             "original": {

     

       979
       979
       +
               "owner": "tinted-theming",

     

       980
       980
       +
               "repo": "tinted-foot",

     

       981
       981
       +
               "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",

     

       982
       982
       +
               "type": "github"

     

       983
       983
       +
             }

     

       984
       984
       +
           },

     

       985
       985
       +
           "tinted-kitty": {

     

       986
       986
       +
             "flake": false,

     

       987
       987
       +
             "locked": {

     

       988
       988
       +
               "lastModified": 1735730497,

     

       989
       989
       +
               "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",

     

       990
       990
       +
               "owner": "tinted-theming",

     

       991
       991
       +
               "repo": "tinted-kitty",

     

       992
       992
       +
               "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",

     

       993
       993
       +
               "type": "github"

     

       994
       994
       +
             },

     

       995
       995
       +
             "original": {

     

       996
       996
       +
               "owner": "tinted-theming",

     

       997
       997
       +
               "repo": "tinted-kitty",

     

       998
       998
       +
               "type": "github"

     

       999
       999
       +
             }

     

       1000
       1000
       +
           },

     

       1001
       1001
       +
           "tinted-schemes": {

     

       1002
       1002
       +
             "flake": false,

     

       1003
       1003
       +
             "locked": {

     

       1004
       1004
       +
               "lastModified": 1757716333,

     

       1005
       1005
       +
               "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=",

     

       1006
       1006
       +
               "owner": "tinted-theming",

     

       1007
       1007
       +
               "repo": "schemes",

     

       1008
       1008
       +
               "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559",

     

       1009
       1009
       +
               "type": "github"

     

       1010
       1010
       +
             },

     

       1011
       1011
       +
             "original": {

     

       1012
       1012
       +
               "owner": "tinted-theming",

     

       1013
       1013
       +
               "repo": "schemes",

     

       1014
       1014
       +
               "type": "github"

     

       1015
       1015
       +
             }

     

       1016
       1016
       +
           },

     

       1017
       1017
       +
           "tinted-tmux": {

     

       1018
       1018
       +
             "flake": false,

     

       1019
       1019
       +
             "locked": {

     

       1020
       1020
       +
               "lastModified": 1757811970,

     

       1021
       1021
       +
               "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=",

     

       1022
       1022
       +
               "owner": "tinted-theming",

     

       1023
       1023
       +
               "repo": "tinted-tmux",

     

       1024
       1024
       +
               "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e",

     

       1025
       1025
       +
               "type": "github"

     

       1026
       1026
       +
             },

     

       1027
       1027
       +
             "original": {

     

       1028
       1028
       +
               "owner": "tinted-theming",

     

       1029
       1029
       +
               "repo": "tinted-tmux",

     

       1030
       1030
       +
               "type": "github"

     

       1031
       1031
       +
             }

     

       1032
       1032
       +
           },

     

       1033
       1033
       +
           "tinted-zed": {

     

       1034
       1034
       +
             "flake": false,

     

       1035
       1035
       +
             "locked": {

     

       1036
       1036
       +
               "lastModified": 1757811247,

     

       1037
       1037
       +
               "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=",

     

       1038
       1038
       +
               "owner": "tinted-theming",

     

       1039
       1039
       +
               "repo": "base16-zed",

     

       1040
       1040
       +
               "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e",

     

       1041
       1041
       +
               "type": "github"

     

       1042
       1042
       +
             },

     

       1043
       1043
       +
             "original": {

     

       1044
       1044
       +
               "owner": "tinted-theming",

     

       1045
       1045
       +
               "repo": "base16-zed",

     

       1046
       1046
       +
               "type": "github"

     

       606
       1047
        
             }

     

       607
       1048
        
           },

     

       608
       1049
        
           "unixpkgs": {

     

       609
       1050
        
             "locked": {

     

       610
       610
       -
               "lastModified": 1759036355,

     

       611
       611
       -
               "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",

     

       1051
       1051
       +
               "lastModified": 1764950072,

     

       1052
       1052
       +
               "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",

     

       612
       1053
        
               "owner": "nixos",

     

       613
       1054
        
               "repo": "nixpkgs",

     

       614
       614
       -
               "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",

     

       1055
       1055
       +
               "rev": "f61125a668a320878494449750330ca58b78c557",

     

       615
       1056
        
               "type": "github"

     

       616
       1057
        
             },

     

       617
       1058
        
             "original": {

     
···

       623
       1064
        
           },

     

       624
       1065
        
           "wakatime-ls": {

     

       625
       1066
        
             "inputs": {

     

       626
       626
       -
               "gitignore": "gitignore_2",

     

       1067
       1067
       +
               "gitignore": "gitignore_4",

     

       627
       1068
        
               "nixpkgs": [

     

       628
       1069
        
                 "nixpkgs"

     

       629
       1070
        
               ],

     

       630
       1071
        
               "rust-overlay": "rust-overlay_4"

     

       631
       1072
        
             },

     

       632
       1073
        
             "locked": {

     

       633
       633
       -
               "lastModified": 1752245636,

     

       634
       634
       -
               "narHash": "sha256-T6nLp1UsnKwrL7coEgH+aTcTavM5OIiNRufA3sM2okk=",

     

       1074
       1074
       +
               "lastModified": 1761849542,

     

       1075
       1075
       +
               "narHash": "sha256-5fNSKIUG54TD5jq5hgsCmB4FB0mO8teiBE18fU81mfc=",

     

       635
       1076
        
               "owner": "mrnossiom",

     

       636
       1077
        
               "repo": "wakatime-ls",

     

       637
       637
       -
               "rev": "711644814c8e6842499c6c0852407321e9901597",

     

       1078
       1078
       +
               "rev": "89e4091ef5e4c1830dd9bd463f8b063f8335bfad",

     

       638
       1079
        
               "type": "github"

     

       639
       1080
        
             },

     

       640
       1081
        
             "original": {

     

       641
       1082
        
               "owner": "mrnossiom",

     

       642
       1083
        
               "repo": "wakatime-ls",

     

       1084
       1084
       +
               "type": "github"

     

       1085
       1085
       +
             }

     

       1086
       1086
       +
           },

     

       1087
       1087
       +
           "zen-browser": {

     

       1088
       1088
       +
             "inputs": {

     

       1089
       1089
       +
               "home-manager": [

     

       1090
       1090
       +
                 "home-manager"

     

       1091
       1091
       +
               ],

     

       1092
       1092
       +
               "nixpkgs": [

     

       1093
       1093
       +
                 "unixpkgs"

     

       1094
       1094
       +
               ]

     

       1095
       1095
       +
             },

     

       1096
       1096
       +
             "locked": {

     

       1097
       1097
       +
               "lastModified": 1764414951,

     

       1098
       1098
       +
               "narHash": "sha256-pZ2m2JmTTMyqiKB8WSigsSvAeoShI6OSRhzBuRO9SVY=",

     

       1099
       1099
       +
               "owner": "0xc000022070",

     

       1100
       1100
       +
               "repo": "zen-browser-flake",

     

       1101
       1101
       +
               "rev": "10d2aa53ada9b14f6df2f9877d6a057f0a2b262f",

     

       1102
       1102
       +
               "type": "github"

     

       1103
       1103
       +
             },

     

       1104
       1104
       +
             "original": {

     

       1105
       1105
       +
               "owner": "0xc000022070",

     

       1106
       1106
       +
               "repo": "zen-browser-flake",

     

       643
       1107
        
               "type": "github"

     

       644
       1108
        
             }

     

       645
       1109
        
           }

+26 -14

flake.nix

···

       2
       2
        
         description = "NixOS and Home Manager configuration for Milo's laptops";

     

       3
       3
        
       

     

       4
       4
        
         inputs = {

     

       5
       5
       -
           nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";

     

       5
       5
       +
           nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";

     

       6
       6
        
           unixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

     

       7
       7
        
       

     

       8
       8
       -
           home-manager.url = "github:nix-community/home-manager/release-25.05";

     

       8
       8
       +
           home-manager.url = "github:nix-community/home-manager/release-25.11";

     

       9
       9
        
           home-manager.inputs.nixpkgs.follows = "nixpkgs";

     

       10
       10
        
       

     

       11
       11
       -
           nix-darwin.url = "github:LnL7/nix-darwin";

     

       11
       11
       +
           nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-25.11";

     

       12
       12
        
           nix-darwin.inputs.nixpkgs.follows = "nixpkgs";

     

       13
       13
        
       

     

       14
       14
       +
           stylix.url = "github:nix-community/stylix/release-25.11";

     

       15
       15
       +
           stylix.inputs.nixpkgs.follows = "nixpkgs";

     

       16
       16
       +
       

     

       17
       17
       +
           ## Miscellaneous

     

       18
       18
       +
       

     

       14
       19
        
           agenix.url = "github:ryantm/agenix";

     

       15
       20
        
           agenix.inputs.nixpkgs.follows = "nixpkgs";

     

       16
       21
        
           agenix.inputs.home-manager.follows = "home-manager";

     
···

       20
       25
        
       

     

       21
       26
        
           nixos-hardware.url = "github:nixos/nixos-hardware";

     

       22
       27
        
       

     

       28
       28
       +
           lanzaboote.url = "github:nix-community/lanzaboote";

     

       29
       29
       +
           lanzaboote.inputs.nixpkgs.follows = "unixpkgs";

     

       30
       30
       +
       

     

       23
       31
        
           srvos.url = "github:nix-community/srvos";

     

       24
       24
       -
           # srvos.inputs.nixpkgs.follows = "srvos/nixpkgs";

     

       25
       32
        
           srvos.inputs.nixpkgs.follows = "nixpkgs";

     

       26
       33
        
       

     

       27
       27
       -
           # ——— Packages

     

       34
       34
       +
           ## Packages

     

       35
       35
       +
       

     

       28
       36
        
           git-leave.url = "github:mrnossiom/git-leave";

     

       29
       37
        
           git-leave.inputs.nixpkgs.follows = "nixpkgs";

     

       30
       38
        
       

     

       31
       31
       -
           helix.url = "github:helix-editor/helix";

     

       32
       32
       -
           helix.inputs.nixpkgs.follows = "unixpkgs";

     

       39
       39
       +
           hypixel-bank-tracker.url = "github:pixilie/hypixel-bank-tracker";

     

       40
       40
       +
           hypixel-bank-tracker.inputs.nixpkgs.follows = "nixpkgs";

     

       33
       41
        
       

     

       34
       34
       -
           jujutsu.url = "github:jj-vcs/jj";

     

       35
       35
       -
           jujutsu.inputs.nixpkgs.follows = "unixpkgs";

     

       42
       42
       +
           nix-alien.url = "github:thiagokokada/nix-alien";

     

       43
       43
       +
           nix-alien.inputs.nixpkgs.follows = "nixpkgs";

     

       36
       44
        
       

     

       37
       37
       -
           tangled.url = "git+https://tangled.org/@tangled.org/core";

     

       45
       45
       +
           tangled.url = "git+https://tangled.org/tangled.org/core";

     

       38
       46
        
           tangled.inputs.nixpkgs.follows = "unixpkgs";

     

       39
       47
        
       

     

       40
       48
        
           wakatime-ls.url = "github:mrnossiom/wakatime-ls";

     

       41
       49
        
           wakatime-ls.inputs.nixpkgs.follows = "nixpkgs";

     

       50
       50
       +
       

     

       51
       51
       +
           zen-browser.url = "github:0xc000022070/zen-browser-flake";

     

       52
       52
       +
           zen-browser.inputs.nixpkgs.follows = "unixpkgs";

     

       53
       53
       +
           zen-browser.inputs.home-manager.follows = "home-manager";

     

       42
       54
        
         };

     

       43
       55
        
       

     

       44
       56
        
         outputs = { self, nixpkgs, ... }:

     
···

       48
       60
        
       

     

       49
       61
        
             flake-lib = import ./lib/flake (nixpkgs // { inherit self; });

     

       50
       62
        
       

     

       51
       51
       -
             forAllPkgs = func: forAllSystems (system: func pkgs.${system});

     

       52
       52
       -
       

     

       53
       63
        
             # This should be the only constructed nixpkgs instances in this flake

     

       54
       54
       -
             pkgs = forAllSystems (system: (import nixpkgs {

     

       64
       64
       +
             allPkgs = forAllSystems (system: (import nixpkgs {

     

       55
       65
        
               inherit system;

     

       56
       66
        
               config.allowUnfreePredicate = import ./lib/unfree.nix { lib = nixpkgs.lib; };

     

       57
       67
        
               overlays = [ outputs.overlays.all ];

     

       58
       68
        
             }));

     

       69
       69
       +
       

     

       70
       70
       +
             forAllPkgs = func: forAllSystems (system: func allPkgs.${system});

     

       59
       71
        
           in

     

       60
       72
        
           {

     

       61
       73
        
             formatter = forAllPkgs (pkgs: pkgs.nixpkgs-fmt);

     
···

       64
       76
        
             lib = forAllPkgs (import ./lib);

     

       65
       77
        
             templates = import ./templates;

     

       66
       78
        
       

     

       67
       67
       -
             apps = forAllPkgs (import ./apps { pkgs-per-system = pkgs; });

     

       79
       79
       +
             apps = forAllPkgs (import ./apps { pkgs-per-system = allPkgs; });

     

       68
       80
        
             devShells = forAllPkgs (import ./shells.nix);

     

       69
       81
        
             overlays = import ./overlays (nixpkgs // { inherit self; });

     

       70
       82
        
             packages = forAllPkgs (import ./pkgs);

-3

home-manager/fragments/agenix.nix

···

       8
       8
        
         inherit (self.inputs) agenix;

     

       9
       9
        
       

     

       10
       10
        
         cfg = config.local.fragment.agenix;

     

       11
       11
       -
       

     

       12
       12
       -
         all-secrets = import ../../secrets;

     

       13
       11
        
       in

     

       14
       12
        
       {

     

       15
       13
        
         options.local.fragment.agenix.enable = lib.mkEnableOption ''

     
···

       19
       17
        
         imports = [ agenix.homeManagerModules.default ];

     

       20
       18
        
       

     

       21
       19
        
         config = lib.mkIf cfg.enable {

     

       22
       22
       -
           age.secrets = all-secrets.home-manager;

     

       23
       20
        
           # This allows us to decrypt user space secrets without having to use a

     

       24
       21
        
           # passwordless ssh key as you cannot interact with age in the service.

     

       25
       22
        
           age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_home_manager" ];

+147

home-manager/fragments/compose-key.nix

···

       1
       1
       +
       { self

     

       2
       2
       +
       , config

     

       3
       3
       +
       , lib

     

       4
       4
       +
       , ...

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       

     

       8
       8
       +
       let

     

       9
       9
       +
         inherit (self.outputs) homeManagerModules;

     

       10
       10
       +
       

     

       11
       11
       +
         cfg = config.local.fragment.compose-key;

     

       12
       12
       +
       in

     

       13
       13
       +
       {

     

       14
       14
       +
         imports = [ homeManagerModules.xcompose ];

     

       15
       15
       +
       

     

       16
       16
       +
         options.local.fragment.compose-key.enable = lib.mkEnableOption ''

     

       17
       17
       +
           Compose key related

     

       18
       18
       +
         '';

     

       19
       19
       +
       

     

       20
       20
       +
         config.programs.xcompose = lib.mkIf cfg.enable {

     

       21
       21
       +
           enable = true;

     

       22
       22
       +
           includeLocaleCompose = true;

     

       23
       23
       +
           loadConfigInEnv = false;

     

       24
       24
       +
       

     

       25
       25
       +
           sequences.Multi_key = {

     

       26
       26
       +
             e.grave = "è";

     

       27
       27
       +
             E.grave = "È";

     

       28
       28
       +
             e.apostrophe = "é";

     

       29
       29
       +
             E.apostrophe = "É";

     

       30
       30
       +
             a.grave = "à";

     

       31
       31
       +
             A.grave = "À";

     

       32
       32
       +
             u.grave = "ù";

     

       33
       33
       +
             U.grave = "Ù";

     

       34
       34
       +
             e.quotedbl = "ë";

     

       35
       35
       +
             E.quotedbl = "Ë";

     

       36
       36
       +
             a.quotedbl = "ä";

     

       37
       37
       +
             A.quotedbl = "Ä";

     

       38
       38
       +
       

     

       39
       39
       +
             quotedbl.quotedbl = "¨";

     

       40
       40
       +
             apostrophe.apostrophe = "´";

     

       41
       41
       +
       

     

       42
       42
       +
             s.s = "ß";

     

       43
       43
       +
       

     

       44
       44
       +
             # Lower case [g]reek letters

     

       45
       45
       +
             g = {

     

       46
       46
       +
               a = "α";

     

       47
       47
       +
               b = "β";

     

       48
       48
       +
               g = "γ";

     

       49
       49
       +
               d = "δ";

     

       50
       50
       +
               e = "ε";

     

       51
       51
       +
               z = "ζ";

     

       52
       52
       +
               h = "η";

     

       53
       53
       +
               u = "θ";

     

       54
       54
       +
               i = "ι";

     

       55
       55
       +
               k = "κ";

     

       56
       56
       +
               l = "λ";

     

       57
       57
       +
               m = "μ";

     

       58
       58
       +
               n = "ν";

     

       59
       59
       +
               x = "ξ";

     

       60
       60
       +
               q.o = "ο";

     

       61
       61
       +
               p = "π";

     

       62
       62
       +
               r = "ρ";

     

       63
       63
       +
               s = "σ";

     

       64
       64
       +
               t = "τ";

     

       65
       65
       +
               y = "υ";

     

       66
       66
       +
               f = "φ";

     

       67
       67
       +
               o = "ω";

     

       68
       68
       +
             };

     

       69
       69
       +
             # Upper case [G]reek letters

     

       70
       70
       +
             G = {

     

       71
       71
       +
               A = "Α";

     

       72
       72
       +
               B = "Β";

     

       73
       73
       +
               G = "Γ";

     

       74
       74
       +
               D = "Δ";

     

       75
       75
       +
               E = "Ε";

     

       76
       76
       +
               Z = "Ζ";

     

       77
       77
       +
               H = "Η";

     

       78
       78
       +
               U = "Θ";

     

       79
       79
       +
               I = "Ι";

     

       80
       80
       +
               K = "Κ";

     

       81
       81
       +
               L = "Λ";

     

       82
       82
       +
               M = "Μ";

     

       83
       83
       +
               N = "Ν";

     

       84
       84
       +
               X = "Ξ";

     

       85
       85
       +
               Q.O = "Ο";

     

       86
       86
       +
               P = "Π";

     

       87
       87
       +
               R = "Ρ";

     

       88
       88
       +
               S = "Σ";

     

       89
       89
       +
               T = "Τ";

     

       90
       90
       +
               Y = "Υ";

     

       91
       91
       +
               F = "Φ";

     

       92
       92
       +
               O = "Ω";

     

       93
       93
       +
             };

     

       94
       94
       +
       

     

       95
       95
       +
             # Math

     

       96
       96
       +
             l.equal = "≤";

     

       97
       97
       +
             g.equal = "≥";

     

       98
       98
       +
             s.u.m = "∑";

     

       99
       99
       +
             asciitilde.asciitilde = "≈";

     

       100
       100
       +
       

     

       101
       101
       +
             # Math double-struck symbols

     

       102
       102
       +
             M = {

     

       103
       103
       +
               A = "𝔸";

     

       104
       104
       +
               B = "𝔹";

     

       105
       105
       +
               C = "ℂ";

     

       106
       106
       +
               D = "𝔻";

     

       107
       107
       +
               E = "𝔼";

     

       108
       108
       +
               F = "𝔽";

     

       109
       109
       +
               G = "𝔾";

     

       110
       110
       +
               H = "ℍ";

     

       111
       111
       +
               I = "𝕀";

     

       112
       112
       +
               J = "𝕁";

     

       113
       113
       +
               K = "𝕂";

     

       114
       114
       +
               L = "𝕃";

     

       115
       115
       +
               M = "𝕄";

     

       116
       116
       +
               N = "ℕ";

     

       117
       117
       +
               O = "𝕆";

     

       118
       118
       +
               P = "ℙ";

     

       119
       119
       +
               Q = "ℚ";

     

       120
       120
       +
               R = "ℝ";

     

       121
       121
       +
               S = "𝕊";

     

       122
       122
       +
               T = "𝕋";

     

       123
       123
       +
               U = "𝕌";

     

       124
       124
       +
               V = "𝕍";

     

       125
       125
       +
               X = "𝕏";

     

       126
       126
       +
               Y = "𝕐";

     

       127
       127
       +
               Z = "ℤ";

     

       128
       128
       +
             };

     

       129
       129
       +
       

     

       130
       130
       +
             # Symbols

     

       131
       131
       +
             o.o = "∞";

     

       132
       132
       +
             # Irony point

     

       133
       133
       +
             question.question = "⸮";

     

       134
       134
       +
       

     

       135
       135
       +
             minus.greater = "→";

     

       136
       136
       +
             less.minus = "←";

     

       137
       137
       +
             less.greater.minus = "↔";

     

       138
       138
       +
       

     

       139
       139
       +
             equal.greater = "⇒";

     

       140
       140
       +
             less.equal = "⇐";

     

       141
       141
       +
             less.greater.equal = "⇔";

     

       142
       142
       +
       

     

       143
       143
       +
             "0"."0" = "°";

     

       144
       144
       +
             minus.minus = "—";

     

       145
       145
       +
           };

     

       146
       146
       +
         };

     

       147
       147
       +
       }

+8 -4

home-manager/fragments/default.nix

···

       9
       9
        
           ./agenix.nix

     

       10
       10
        
           ./aws.nix

     

       11
       11
        
           ./chromium.nix

     

       12
       12
       +
           ./compose-key.nix

     

       12
       13
        
           ./epita.nix

     

       13
       14
        
           ./firefox.nix

     

       14
       15
        
           ./foot.nix

     
···

       16
       17
        
           ./helix.nix

     

       17
       18
        
           ./imv.nix

     

       18
       19
        
           ./jujutsu.nix

     

       20
       20
       +
           ./kanshi.nix

     

       19
       21
        
           ./kitty.nix

     

       22
       22
       +
           ./launcher.nix

     

       20
       23
        
           ./rust.nix

     

       21
       24
        
           ./shell.nix

     

       25
       25
       +
           ./stylix.nix

     

       26
       26
       +
           ./swaybar.nix

     

       27
       27
       +
           ./sway.nix

     

       22
       28
        
           ./thunderbird.nix

     

       23
       29
        
           ./tools.nix

     

       24
       24
       -
           ./vm-bar.nix

     

       25
       25
       -
           ./vm-compose.nix

     

       26
       26
       -
           ./vm.nix

     

       27
       27
       -
           ./vm-search.nix

     

       28
       30
        
           ./vscodium.nix

     

       31
       31
       +
           ./waybar.nix

     

       29
       32
        
           ./xdg-mime.nix

     

       33
       33
       +
           ./zed.nix

     

       30
       34
        
           ./zellij

     

       31
       35
        
         ];

     

       32
       36

+9 -13

home-manager/fragments/epita.nix

···

       27
       27
        
       {

     

       28
       28
        
         options.local.fragment.epita.enable = lib.mkEnableOption ''

     

       29
       29
        
           EPITA related

     

       30
       30
       -
       

     

       31
       31
       -
           Depends on:

     

       32
       32
       -
           - `ssh` program: Mount AFS script needs SSH

     

       33
       30
        
         '';

     

       34
       31
        
       

     

       35
       32
        
         config = lib.mkIf cfg.enable {

     

       36
       36
       -
           assertions = [

     

       37
       37
       -
             { assertion = config.programs.ssh.enable; message = "`epita` fragment depends on `ssh` program"; }

     

       38
       38
       -
           ];

     

       33
       33
       +
           programs.ssh = {

     

       34
       34
       +
             package = pkgs.openssh_gssapi;

     

       39
       35
        
       

     

       40
       40
       -
           programs.ssh.package = pkgs.openssh_gssapi;

     

       41
       41
       -
       

     

       42
       42
       -
           # Needed for sshfs

     

       43
       43
       -
           programs.ssh.matchBlocks."ssh.cri.epita.fr" = {

     

       44
       44
       -
             extraOptions = {

     

       45
       45
       -
               GSSAPIAuthentication = "yes";

     

       46
       46
       -
               GSSAPIDelegateCredentials = "yes";

     

       36
       36
       +
             # Needed for sshfs

     

       37
       37
       +
             enable = true;

     

       38
       38
       +
             matchBlocks."ssh.cri.epita.fr" = {

     

       39
       39
       +
               extraOptions = {

     

       40
       40
       +
                 GSSAPIAuthentication = "yes";

     

       41
       41
       +
                 GSSAPIDelegateCredentials = "yes";

     

       42
       42
       +
               };

     

       47
       43
        
             };

     

       48
       44
        
           };

     

       49
       45

+97 -50

home-manager/fragments/firefox.nix

···

       1
       1
       -
       { config

     

       1
       1
       +
       { self

     

       2
       2
       +
       , config

     

       2
       3
        
       , lib

     

       3
       4
        
       , pkgs

     

       4
       5
        
       , ...

     

       5
       6
        
       }:

     

       6
       7
        
       

     

       7
       8
        
       let

     

       9
       9
       +
         inherit (self.inputs) zen-browser;

     

       10
       10
       +
       

     

       11
       11
       +
         policies = {

     

       12
       12
       +
           DisableTelemetry = true;

     

       13
       13
       +
           DisableFirefoxStudies = true;

     

       14
       14
       +
           DontCheckDefaultBrowser = true;

     

       15
       15
       +
           DisablePocket = true;

     

       16
       16
       +
           SearchBar = "unified";

     

       17
       17
       +
         };

     

       18
       18
       +
       

     

       19
       19
       +
         settings = {

     

       20
       20
       +
           # Privacy and default bloat

     

       21
       21
       +
           "extensions.pocket.enabled" = false;

     

       22
       22
       +
           "browser.newtabpage.pinned" = "";

     

       23
       23
       +
           "browser.topsites.contile.enabled" = false;

     

       24
       24
       +
           "browser.newtabpage.activity-stream.showSponsored" = false;

     

       25
       25
       +
           "browser.newtabpage.activity-stream.system.showSponsored" = false;

     

       26
       26
       +
           "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;

     

       27
       27
       +
       

     

       28
       28
       +
           # Reopen previous session

     

       29
       29
       +
           "browser.startup.page" = true;

     

       30
       30
       +
       

     

       31
       31
       +
           # Use vertical tabs

     

       32
       32
       +
           "sidebar.revamp" = true;

     

       33
       33
       +
           "sidebar.verticalTabs" = true;

     

       34
       34
       +
       

     

       35
       35
       +
           # Disable swipe gesture

     

       36
       36
       +
           "browser.gesture.swipe.left" = "";

     

       37
       37
       +
           "browser.gesture.swipe.right" = "";

     

       38
       38
       +
       

     

       39
       39
       +
           "browser.search.defaultenginename" = "DuckDuckGo";

     

       40
       40
       +
           "browser.search.order.1" = "DuckDuckGo";

     

       41
       41
       +
       

     

       42
       42
       +
           "signon.rememberSignons" = false;

     

       43
       43
       +
           "widget.use-xdg-desktop-portal.file-picker" = 1;

     

       44
       44
       +
           "browser.aboutConfig.showWarning" = false;

     

       45
       45
       +
       

     

       46
       46
       +
           # Enable meta devtools to inspect Firefox Chrome UI

     

       47
       47
       +
           "devtools.chrome.enabled" = true;

     

       48
       48
       +
           "devtools.debugger.remote-enabled" = true;

     

       49
       49
       +
       

     

       50
       50
       +
           # Pickup userChrome styles at startup

     

       51
       51
       +
           "toolkit.legacyUserProfileCustomizations.stylesheets" = true;

     

       52
       52
       +
       

     

       53
       53
       +
           # Firefox 75+ remembers the last workspace it was opened on as part of its session management.

     

       54
       54
       +
           # This is annoying, because I can have a blank workspace, click Firefox from the launcher, and

     

       55
       55
       +
           # then have Firefox open on some other workspace.

     

       56
       56
       +
           "widget.disable-workspace-management" = true;

     

       57
       57
       +
         };

     

       58
       58
       +
       

     

       59
       59
       +
         userContent = ''

     

       60
       60
       +
           /* Darken PDFs in viewer to match system color scheme */

     

       61
       61
       +
           @media (prefers-color-scheme: dark) {

     

       62
       62
       +
             #viewerContainer > #viewer > .page > .canvasWrapper > canvas,

     

       63
       63
       +
             #viewerContainer > #viewer > div.spread > .page > .canvasWrapper > canvas {

     

       64
       64
       +
                 filter: grayscale(1) invert(1) sepia(1);

     

       65
       65
       +
             }

     

       66
       66
       +
           }

     

       67
       67
       +
         '';

     

       68
       68
       +
       

     

       8
       69
        
         cfg = config.local.fragment.firefox;

     

       9
       70
        
       in

     

       10
       71
        
       {

     
···

       12
       73
        
           Firefox related

     

       13
       74
        
         '';

     

       14
       75
        
       

     

       76
       76
       +
         imports = [

     

       77
       77
       +
           zen-browser.homeModules.beta

     

       78
       78
       +
         ];

     

       79
       79
       +
       

     

       15
       80
        
         config = lib.mkIf cfg.enable {

     

       16
       16
       -
           home.sessionVariables.BROWSER = lib.getExe pkgs.firefox;

     

       81
       81
       +
           home.sessionVariables.BROWSER = lib.getExe config.programs.zen-browser.package;

     

       82
       82
       +
       

     

       83
       83
       +
           stylix.targets.firefox = {

     

       84
       84
       +
             enable = false;

     

       85
       85
       +
             profileNames = [ "default" ];

     

       86
       86
       +
           };

     

       87
       87
       +
           stylix.targets.zen-browser = {

     

       88
       88
       +
             enable = false;

     

       89
       89
       +
             profileNames = [ "default" ];

     

       90
       90
       +
           };

     

       17
       91
        
       

     

       18
       18
       -
           programs.firefox = {

     

       92
       92
       +
           programs.zen-browser = {

     

       19
       93
        
             enable = true;

     

       20
       94
        
       

     

       21
       21
       -
             policies = {

     

       22
       22
       -
               DisableTelemetry = true;

     

       23
       23
       -
               DisableFirefoxStudies = true;

     

       24
       24
       -
               DontCheckDefaultBrowser = true;

     

       25
       25
       -
               DisablePocket = true;

     

       26
       26
       -
               SearchBar = "unified";

     

       27
       27
       -
             };

     

       95
       95
       +
             inherit policies;

     

       28
       96
        
       

     

       29
       97
        
             profiles.default = {

     

       30
       98
        
               isDefault = true;

     

       31
       99
        
       

     

       32
       32
       -
               settings = {

     

       33
       33
       -
                 # Privacy and default bloat

     

       34
       34
       -
                 "extensions.pocket.enabled" = false;

     

       35
       35
       -
                 "browser.newtabpage.pinned" = "";

     

       36
       36
       -
                 "browser.topsites.contile.enabled" = false;

     

       37
       37
       -
                 "browser.newtabpage.activity-stream.showSponsored" = false;

     

       38
       38
       -
                 "browser.newtabpage.activity-stream.system.showSponsored" = false;

     

       39
       39
       -
                 "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;

     

       100
       100
       +
               inherit

     

       101
       101
       +
                 settings

     

       102
       102
       +
                 userContent;

     

       103
       103
       +
             };

     

       104
       104
       +
           };

     

       40
       105
        
       

     

       41
       41
       -
                 # Use vertical tabs

     

       42
       42
       -
                 "sidebar.revamp" = true;

     

       43
       43
       -
                 "sidebar.verticalTabs" = true;

     

       106
       106
       +
           programs.firefox = {

     

       107
       107
       +
             enable = true;

     

       44
       108
        
       

     

       45
       45
       -
                 # Disable swipe gesture

     

       46
       46
       -
                 "browser.gesture.swipe.left" = "";

     

       47
       47
       -
                 "browser.gesture.swipe.right" = "";

     

       109
       109
       +
             inherit policies;

     

       48
       110
        
       

     

       49
       49
       -
                 "browser.search.defaultenginename" = "DuckDuckGo";

     

       50
       50
       -
                 "browser.search.order.1" = "DuckDuckGo";

     

       51
       51
       -
       

     

       52
       52
       -
                 "signon.rememberSignons" = false;

     

       53
       53
       -
                 "widget.use-xdg-desktop-portal.file-picker" = 1;

     

       54
       54
       -
                 "browser.aboutConfig.showWarning" = false;

     

       55
       55
       -
       

     

       56
       56
       -
                 # Enable meta devtools to inspect Firefox Chrome UI

     

       57
       57
       -
                 "devtools.chrome.enabled" = true;

     

       58
       58
       -
                 "devtools.debugger.remote-enabled" = true;

     

       111
       111
       +
             profiles.default = {

     

       112
       112
       +
               isDefault = true;

     

       59
       113
        
       

     

       60
       60
       -
                 # Pickup userChrome styles at startup

     

       61
       61
       -
                 "toolkit.legacyUserProfileCustomizations.stylesheets" = true;

     

       114
       114
       +
               settings = settings // {

     

       115
       115
       +
                 "zen.view.experimental-no-window-controls" = true;

     

       116
       116
       +
                 "zen.view.show-newtab-button-top" = false;

     

       62
       117
        
       

     

       63
       63
       -
                 # Firefox 75+ remembers the last workspace it was opened on as part of its session management.

     

       64
       64
       -
                 # This is annoying, because I can have a blank workspace, click Firefox from the launcher, and

     

       65
       65
       -
                 # then have Firefox open on some other workspace.

     

       66
       66
       -
                 "widget.disable-workspace-management" = true;

     

       118
       118
       +
                 "zen.welcome-screen.seen" = true;

     

       119
       119
       +
                 "zen.workspaces.continue-where-left-off" = true;

     

       120
       120
       +
                 "zen.view.compact.enable-at-startup" = true;

     

       121
       121
       +
                 "zen.view.window.scheme" = 2; # 0 dark theme, 1 light theme, 2 auto

     

       67
       122
        
               };

     

       123
       123
       +
       

     

       124
       124
       +
               inherit userContent;

     

       68
       125
        
       

     

       69
       126
        
               # <https://www.userchrome.org/how-create-userchrome-css.html>

     

       70
       127
        
               userChrome = ''

     

       71
       128
        
                 /* Hide close button */

     

       72
       129
        
                 .titlebar-close { display: none !important; }

     

       73
       73
       -
               '';

     

       74
       74
       -
       

     

       75
       75
       -
               userContent = ''

     

       76
       76
       -
                 /* Darken PDFs in viewer to match system color scheme */

     

       77
       77
       -
                 @media (prefers-color-scheme: dark) {

     

       78
       78
       -
                   #viewerContainer > #viewer > .page > .canvasWrapper > canvas,

     

       79
       79
       -
                   #viewerContainer > #viewer > div.spread > .page > .canvasWrapper > canvas {

     

       80
       80
       -
                       filter: grayscale(1) invert(1) sepia(1);

     

       81
       81
       -
                   }

     

       82
       82
       -
                 }

     

       83
       130
        
               '';

     

       84
       131
        
       

     

       85
       132
        
               search = {

-10

home-manager/fragments/foot.nix

···

       25
       25
        
       

     

       26
       26
        
             # TODO: promising but too buggy

     

       27
       27
        
             # server.enable = true;

     

       28
       28
       -
       

     

       29
       29
       -
             settings = {

     

       30
       30
       -
               main = {

     

       31
       31
       -
                 font = "monospace:size=10";

     

       32
       32
       -
               };

     

       33
       33
       -
               colors = {

     

       34
       34
       -
                 background = "000000";

     

       35
       35
       -
                 foreground = "ffffff";

     

       36
       36
       -
               };

     

       37
       37
       -
             };

     

       38
       28
        
           };

     

       39
       29
        
         };

     

       40
       30
        
       }

+56 -62

home-manager/fragments/git.nix

···

       12
       12
        
       {

     

       13
       13
        
         options.local.fragment.git.enable = lib.mkEnableOption ''

     

       14
       14
        
           Git related

     

       15
       15
       -
       

     

       16
       16
       -
           Depends on:

     

       17
       17
       -
           - `agenix` fragment: Need for GPG key and GitGuardian API key

     

       18
       15
        
         '';

     

       19
       16
        
       

     

       20
       17
        
         config = lib.mkIf cfg.enable {

     

       21
       21
       -
           assertions = [

     

       22
       22
       -
             { assertion = config.local.fragment.agenix.enable; message = "`git` fragment depends on `agenix` fragment"; }

     

       23
       23
       -
           ];

     

       24
       24
       -
       

     

       25
       18
        
           home.sessionVariables = {

     

       26
       19
        
             # Disable annoying warning message

     

       27
       20
        
             GIT_DISCOVERY_ACROSS_FILESYSTEM = 0;

     
···

       31
       24
        
             enable = true;

     

       32
       25
        
             lfs.enable = true;

     

       33
       26
        
       

     

       34
       34
       -
             userName = "Milo Moisson";

     

       35
       35
       -
             # TODO: this email should be behind a secret or at least a config

     

       36
       36
       -
             userEmail = "milo@wiro.world";

     

       37
       37
       -
       

     

       38
       27
        
             signing.signByDefault = true;

     

       39
       28
        
             signing.key = "~/.ssh/id_ed25519.pub";

     

       40
       29
        
       

     
···

       46
       35
        
               "result"

     

       47
       36
        
             ];

     

       48
       37
        
       

     

       49
       49
       -
             aliases = {

     

       50
       50
       -
               b = "branch --all";

     

       51
       51
       -
               brm = "branch --delete";

     

       38
       38
       +
             settings = {

     

       39
       39
       +
               user = {

     

       40
       40
       +
                 name = "Milo Moisson";

     

       41
       41
       +
                 # TODO: this email should be behind a secret or at least a config

     

       42
       42
       +
                 email = "milo@wiro.world";

     

       43
       43
       +
               };

     

       52
       44
        
       

     

       53
       53
       -
               ll = "log --graph --oneline --pretty=custom";

     

       54
       54
       -
               lla = "log --graph --oneline --pretty=custom --all";

     

       55
       55
       -
               last = "log -1 HEAD --stat";

     

       45
       45
       +
               alias = {

     

       46
       46
       +
                 b = "branch --all";

     

       47
       47
       +
                 brm = "branch --delete";

     

       56
       48
        
       

     

       57
       57
       -
               st = "status --short --branch";

     

       49
       49
       +
                 ll = "log --graph --oneline --pretty=custom";

     

       50
       50
       +
                 lla = "log --graph --oneline --pretty=custom --all";

     

       51
       51
       +
                 last = "log -1 HEAD --stat";

     

       58
       52
        
       

     

       59
       59
       -
               cm = "commit --message";

     

       60
       60
       -
               oups = "commit --amend";

     

       53
       53
       +
                 st = "status --short --branch";

     

       61
       54
        
       

     

       62
       62
       -
               ui = "!lazygit";

     

       55
       55
       +
                 cm = "commit --message";

     

       56
       56
       +
                 oups = "commit --amend";

     

       63
       57
        
       

     

       64
       64
       -
               rv = "remote --verbose";

     

       58
       58
       +
                 ui = "!lazygit";

     

       65
       59
        
       

     

       66
       66
       -
               ri = "rebase --interactive";

     

       67
       67
       -
               ris = "!git ri $(git slc)";

     

       68
       68
       -
               rc = "rebase --continue";

     

       69
       69
       -
               rs = "rebase --skip";

     

       70
       70
       -
               ra = "rebase --abort";

     

       60
       60
       +
                 rv = "remote --verbose";

     

       71
       61
        
       

     

       72
       72
       -
               # Select commit

     

       73
       73
       -
               slc = "!git log --oneline --pretty=custom | fzf | awk '{printf $1}'";

     

       62
       62
       +
                 ri = "rebase --interactive";

     

       63
       63
       +
                 ris = "!git ri $(git slc)";

     

       64
       64
       +
                 rc = "rebase --continue";

     

       65
       65
       +
                 rs = "rebase --skip";

     

       66
       66
       +
                 ra = "rebase --abort";

     

       74
       67
        
       

     

       75
       75
       -
               a = "add";

     

       76
       76
       -
               al = "add --all";

     

       77
       77
       -
               ac = "add .";

     

       78
       78
       -
               ap = "add --patch";

     

       68
       68
       +
                 # Select commit

     

       69
       69
       +
                 slc = "!git log --oneline --pretty=custom | fzf | awk '{printf $1}'";

     

       79
       70
        
       

     

       80
       80
       -
               pu = "push";

     

       81
       81
       -
               put = "push --follow-tags";

     

       82
       82
       -
               puf = "push --force-with-lease";

     

       83
       83
       -
               pl = "pull";

     

       71
       71
       +
                 a = "add";

     

       72
       72
       +
                 al = "add --all";

     

       73
       73
       +
                 ac = "add .";

     

       74
       74
       +
                 ap = "add --patch";

     

       84
       75
        
       

     

       85
       85
       -
               f = "fetch";

     

       76
       76
       +
                 pu = "push";

     

       77
       77
       +
                 put = "push --follow-tags";

     

       78
       78
       +
                 puf = "push --force-with-lease";

     

       79
       79
       +
                 pl = "pull";

     

       86
       80
        
       

     

       87
       87
       -
               s = "switch";

     

       88
       88
       -
               sc = "switch --create";

     

       81
       81
       +
                 f = "fetch";

     

       89
       82
        
       

     

       90
       90
       -
               ck = "checkout";

     

       83
       83
       +
                 s = "switch";

     

       84
       84
       +
                 sc = "switch --create";

     

       91
       85
        
       

     

       92
       92
       -
               cp = "cherry-pick";

     

       86
       86
       +
                 ck = "checkout";

     

       93
       87
        
       

     

       94
       94
       -
               df = "diff";

     

       95
       95
       -
               dfs = "diff --staged";

     

       96
       96
       -
               dfc = "diff --cached";

     

       88
       88
       +
                 cp = "cherry-pick";

     

       97
       89
        
       

     

       98
       98
       -
               m = "merge";

     

       90
       90
       +
                 df = "diff";

     

       91
       91
       +
                 dfs = "diff --staged";

     

       92
       92
       +
                 dfc = "diff --cached";

     

       99
       93
        
       

     

       100
       100
       -
               rms = "restore --staged";

     

       101
       101
       -
               res = "restore";

     

       94
       94
       +
                 m = "merge";

     

       102
       95
        
       

     

       103
       103
       -
               sh = "stash";

     

       104
       104
       -
               shl = "stash list";

     

       105
       105
       -
               sha = "stash apply";

     

       106
       106
       -
               shp = "stash pop";

     

       107
       107
       -
             };

     

       96
       96
       +
                 rms = "restore --staged";

     

       97
       97
       +
                 res = "restore";

     

       108
       98
        
       

     

       109
       109
       -
             hooks = {

     

       110
       110
       -
               git-guardian = pkgs.writeShellScript "git-guardian" ''

     

       111
       111
       -
                 export GITGUARDIAN_API_KEY="$(cat ${config.age.secrets.api-gitguardian.path})"

     

       112
       112
       -
                 ${lib.getExe' pkgs.ggshield "ggshield"} secret scan pre-commit "$@"

     

       113
       113
       -
               '';

     

       114
       114
       -
             };

     

       99
       99
       +
                 sh = "stash";

     

       100
       100
       +
                 shl = "stash list";

     

       101
       101
       +
                 sha = "stash apply";

     

       102
       102
       +
                 shp = "stash pop";

     

       103
       103
       +
               };

     

       115
       104
        
       

     

       116
       116
       -
             extraConfig = {

     

       117
       105
        
               fetch.prune = true;

     

       118
       106
        
               color.ui = true;

     

       119
       107
        
               init.defaultBranch = "main";

     
···

       141
       129
        
               "credentials \"https://github.com\"".helper = "!${lib.getExe pkgs.gh} auth git-credential";

     

       142
       130
        
       

     

       143
       131
        
               # TODO: change to $PROJECTS env var?

     

       144
       144
       -
               leaveTool.defaultFolder = "~/Development";

     

       132
       132
       +
               leaveTool = {

     

       133
       133
       +
                 defaultFolder = "${config.home.homeDirectory}/Development";

     

       134
       134
       +
                 checks = [ "dirty" "ahead-branches" ];

     

       135
       135
       +
               };

     

       145
       136
        
             };

     

       146
       137
        
           };

     

       147
       138
        
       

     
···

       168
       159
        
                 showCommandLog = false;

     

       169
       160
        
                 border = "single";

     

       170
       161
        
               };

     

       162
       162
       +
       

     

       171
       163
        
               git = {

     

       172
       172
       -
                 paging.externalDiffCommand = "difft --color=always";

     

       164
       164
       +
                 pagers = [

     

       165
       165
       +
                   { externalDiffCommand = "difft --color=always"; }

     

       166
       166
       +
                 ];

     

       173
       167
        
               };

     

       174
       168
        
       

     

       175
       169
        
               # to be declarative or not to be declarative?

+11 -5

home-manager/fragments/helix.nix

···

       1
       1
        
       { self

     

       2
       2
        
       , config

     

       3
       3
        
       , pkgs

     

       4
       4
       +
       , upkgs

     

       4
       5
        
       , lpkgs

     

       5
       6
        
       , lib

     

       6
       7
        
       , ...

     
···

       28
       29
        
             { assertion = config.local.fragment.agenix.enable; message = "`helix` fragment depends on `agenix` fragment"; }

     

       29
       30
        
           ];

     

       30
       31
        
       

     

       32
       32
       +
           stylix.targets.helix.enable = false;

     

       33
       33
       +
       

     

       31
       34
        
           programs.helix = {

     

       32
       35
        
             enable = true;

     

       33
       33
       -
             package = if flags.onlyCached then pkgs.helix else lpkgs.helix;

     

       36
       36
       +
             package = upkgs.helix;

     

       34
       37
        
             defaultEditor = true;

     

       35
       38
        
       

     

       36
       39
        
             settings = {

     

       37
       37
       -
               theme = "monokai_pro_octagon";

     

       40
       40
       +
               theme = lib.mkDefault "monokai_pro_octagon";

     

       38
       41
        
       

     

       39
       42
        
               editor = {

     

       40
       43
        
                 auto-format = true;

     
···

       76
       79
        
       

     

       77
       80
        
                   # Toggle inlay hints

     

       78
       81
        
                   "A-u" = ":toggle lsp.display-inlay-hints";

     

       79
       79
       -
                   # Toogle wrapping

     

       82
       82
       +
                   # Toggle wrapping

     

       80
       83
        
                   # TODO: change to `soft-wrap.enable` when supported by `:toggle`

     

       81
       84
        
                   "A-w" = ":toggle soft-wrap.wrap-at-text-width";

     

       82
       85
        
                 };

     
···

       90
       93
        
             };

     

       91
       94
        
       

     

       92
       95
        
             extraPackages = with pkgs; [

     

       93
       93
       -
               ansible-language-server

     

       94
       96
        
               clang-tools

     

       95
       97
        
               gopls

     

       96
       98
        
               kotlin-language-server

     
···

       140
       142
        
             };

     

       141
       143
        
           };

     

       142
       144
        
       

     

       145
       145
       +
           age.secrets.api-wakatime.file = ../../secrets/api-wakatime.age;

     

       146
       146
       +
           age.secrets.api-wakapi.file = ../../secrets/api-wakapi.age;

     

       143
       147
        
           programs.wakatime = {

     

       144
       148
        
             enable = true;

     

       145
       145
       -
             apiKeyFile = secrets.api-wakatime.path;

     

       149
       149
       +
             apiKeyFile = secrets.api-wakapi.path;

     

       146
       150
        
             settings = {

     

       151
       151
       +
               api_url = "https://wakapi.dev/api";

     

       152
       152
       +
       

     

       147
       153
        
               exclude_unknown_project = true;

     

       148
       154
        
             };

     

       149
       155
        
           };

+4 -6

home-manager/fragments/jujutsu.nix

···

       1
       1
        
       { config

     

       2
       2
        
       , lib

     

       3
       3
        
       , pkgs

     

       4
       4
       -
       , lpkgs

     

       4
       4
       +
       , upkgs

     

       5
       5
        
       , ...

     

       6
       6
        
       }:

     

       7
       7
        
       

     

       8
       8
        
       let

     

       9
       9
       -
         flags = config.local.flags;

     

       10
       10
       -
       

     

       11
       9
        
         keys = import ../../secrets/keys.nix;

     

       12
       10
        
       

     

       13
       11
        
         cfg = config.local.fragment.jujutsu;

     
···

       20
       18
        
         config = lib.mkIf cfg.enable {

     

       21
       19
        
           programs.jujutsu = {

     

       22
       20
        
             enable = true;

     

       23
       23
       -
             package = if flags.onlyCached then pkgs.jujutsu else lpkgs.jujutsu;

     

       21
       21
       +
             package = upkgs.jujutsu;

     

       24
       22
        
       

     

       25
       23
        
             settings = {

     

       26
       24
        
               user = {

     
···

       31
       29
        
               signing = {

     

       32
       30
        
                 behavior = "own";

     

       33
       31
        
                 backend = "ssh";

     

       34
       34
       -
                 key = keys.milomoisson;

     

       35
       35
       -
       

     

       32
       32
       +
                 key = keys.milo-ed25519;

     

       36
       33
        
                 git.sign-on-push = true;

     

       37
       34
        
               };

     

       38
       35
        
       

     
···

       65
       62
        
       

     

       66
       63
        
               templates = {

     

       67
       64
        
                 log = "custom_log_compact";

     

       65
       65
       +
                 git_push_bookmark = ''"push-" ++ change_id.short()'';

     

       68
       66
        
               };

     

       69
       67
        
       

     

       70
       68
        
               ui = {

+55

home-manager/fragments/kanshi.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , lib

     

       3
       3
       +
       

     

       4
       4
       +
       , isDarwin

     

       5
       5
       +
       , ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.local.fragment.kanshi;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       12
       12
       +
         options.local.fragment.kanshi.enable = lib.mkEnableOption ''

     

       13
       13
       +
           Kanshi related

     

       14
       14
       +
         '';

     

       15
       15
       +
       

     

       16
       16
       +
         config = lib.mkIf cfg.enable {

     

       17
       17
       +
           assertions = [

     

       18
       18
       +
             { assertion = !isDarwin; message = "this is a non-darwin fragment"; }

     

       19
       19
       +
           ];

     

       20
       20
       +
       

     

       21
       21
       +
           services.kanshi = {

     

       22
       22
       +
             enable = true;

     

       23
       23
       +
       

     

       24
       24
       +
             settings = [

     

       25
       25
       +
               { output = { criteria = "eDP-1"; scale = 2.0; }; }

     

       26
       26
       +
       

     

       27
       27
       +
               {

     

       28
       28
       +
                 profile.name = "undocked";

     

       29
       29
       +
                 profile.outputs = [

     

       30
       30
       +
                   { criteria = "eDP-1"; }

     

       31
       31
       +
                 ];

     

       32
       32
       +
               }

     

       33
       33
       +
       

     

       34
       34
       +
               {

     

       35
       35
       +
                 profile.name = "eizo-dock";

     

       36
       36
       +
                 # position external screen centered above

     

       37
       37
       +
                 profile.outputs = [

     

       38
       38
       +
                   { criteria = "Eizo Nanao Corporation CG222W 29804118"; position = "0,0"; }

     

       39
       39
       +
                   { criteria = "eDP-1"; position = "120,1050"; }

     

       40
       40
       +
                 ];

     

       41
       41
       +
               }

     

       42
       42
       +
       

     

       43
       43
       +
               {

     

       44
       44
       +
                 profile.name = "hdmi-default";

     

       45
       45
       +
                 # position external screen right

     

       46
       46
       +
                 profile.outputs = [

     

       47
       47
       +
                   { criteria = "eDP-1"; position = "0,0"; }

     

       48
       48
       +
                   { criteria = "HDMI"; position = "1440,0"; }

     

       49
       49
       +
                 ];

     

       50
       50
       +
               }

     

       51
       51
       +
             ];

     

       52
       52
       +
           };

     

       53
       53
       +
         };

     

       54
       54
       +
       }

     

       55
       55
       +

+1 -1

home-manager/fragments/kitty.nix

···

       13
       13
        
           Kitty related

     

       14
       14
        
       

     

       15
       15
        
           Depends on:

     

       16
       16
       -
           - (Darwin) `fish` program: lauches fish on startup

     

       16
       16
       +
           - (Darwin) `fish` program: launches fish on startup

     

       17
       17
        
       

     

       18
       18
        
             Has weird behavior if set as login shell

     

       19
       19
        
         '';

+65

home-manager/fragments/launcher.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , lib

     

       3
       3
       +
       , pkgs

     

       4
       4
       +
       , ...

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       let

     

       8
       8
       +
         cfg = config.local.fragment.sway;

     

       9
       9
       +
       

     

       10
       10
       +
         colors = config.lib.stylix.colors.withHashtag;

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       13
       13
       +
         config = lib.mkIf cfg.enable {

     

       14
       14
       +
           wayland.windowManager.sway.config.menu =

     

       15
       15
       +
             let

     

       16
       16
       +
               tofi-drun = lib.getExe' pkgs.tofi "tofi-drun";

     

       17
       17
       +
               swaymsg = lib.getExe' config.wayland.windowManager.sway.package "swaymsg";

     

       18
       18
       +
               jq = lib.getExe pkgs.jq;

     

       19
       19
       +
             in

     

       20
       20
       +
             "${tofi-drun} --output `${swaymsg} -t get_outputs| ${jq} -r '.[] | select(.focused).name'` | xargs ${swaymsg} exec --";

     

       21
       21
       +
       

     

       22
       22
       +
           programs.tofi = {

     

       23
       23
       +
             enable = true;

     

       24
       24
       +
             settings = {

     

       25
       25
       +
               anchor = "top";

     

       26
       26
       +
               horizontal = true;

     

       27
       27
       +
               height = 52;

     

       28
       28
       +
               width = "100%";

     

       29
       29
       +
       

     

       30
       30
       +
               outline-width = 0;

     

       31
       31
       +
               border-width = 0;

     

       32
       32
       +
       

     

       33
       33
       +
               min-input-width = 100;

     

       34
       34
       +
               result-spacing = 30;

     

       35
       35
       +
       

     

       36
       36
       +
               padding-top = 12;

     

       37
       37
       +
               padding-bottom = 12;

     

       38
       38
       +
               padding-left = 20;

     

       39
       39
       +
               padding-right = 20;

     

       40
       40
       +
       

     

       41
       41
       +
               prompt-text = " ";

     

       42
       42
       +
               prompt-padding = 30;

     

       43
       43
       +
               prompt-background-padding = "5, 10";

     

       44
       44
       +
               prompt-background-corner-radius = 5;

     

       45
       45
       +
       

     

       46
       46
       +
               input-background-padding = "5, 10";

     

       47
       47
       +
               input-background-corner-radius = 5;

     

       48
       48
       +
       

     

       49
       49
       +
               selection-color = lib.mkForce colors.base07;

     

       50
       50
       +
               selection-match-color = colors.base0A;

     

       51
       51
       +
               selection-background = lib.mkForce colors.base02;

     

       52
       52
       +
               selection-background-padding = "5, 10";

     

       53
       53
       +
               selection-background-corner-radius = 8;

     

       54
       54
       +
       

     

       55
       55
       +
               default-result-background = lib.mkForce colors.base01;

     

       56
       56
       +
               default-result-background-corner-radius = 8;

     

       57
       57
       +
               default-result-background-padding = "5, 10";

     

       58
       58
       +
       

     

       59
       59
       +
               font = lib.mkForce "Sans";

     

       60
       60
       +
       

     

       61
       61
       +
               clip-to-padding = false;

     

       62
       62
       +
             };

     

       63
       63
       +
           };

     

       64
       64
       +
         };

     

       65
       65
       +
       }

home-manager/fragments/rust.nix

···

       25
       25
        
           home.sessionPath = [ "${config.home.sessionVariables.CARGO_HOME}/bin" ];

     

       26
       26
        
       

     

       27
       27
        
           # cargo config

     

       28
       28
       +
           age.secrets.api-crates-io.file = ../../secrets/api-crates-io.age;

     

       28
       29
        
           home.file."${config.home.sessionVariables.CARGO_HOME}/config.toml".source =

     

       29
       30
        
             let

     

       30
       31
        
               clang = lib.getExe pkgs.llvmPackages.clang;

+20 -20

home-manager/fragments/shell.nix

···

       1
       1
        
       { config

     

       2
       2
        
       , lib

     

       3
       3
        
       , pkgs

     

       4
       4
       +
       , upkgs

     

       4
       5
        
       , lpkgs

     

       5
       6
        
       

     

       6
       7
        
       , isDarwin

     
···

       28
       29
        
               git_status.disabled = true;

     

       29
       30
        
       

     

       30
       31
        
               nix_shell = {

     

       31
       31
       -
                 format = "via [$symbol$state]($style) "; # Remove nix shell name

     

       32
       32
       +
                  # remove nix shell name

     

       33
       33
       +
                 format = "via [$symbol]($style)";

     

       32
       34
        
                 symbol = " ";

     

       33
       35
        
               };

     

       34
       36
        
             };

     
···

       37
       39
        
           programs.direnv = {

     

       38
       40
        
             enable = true;

     

       39
       41
        
             silent = true;

     

       42
       42
       +
       

     

       40
       43
        
             nix-direnv.enable = true;

     

       41
       41
       -
           };

     

       42
       44
        
       

     

       43
       43
       -
           programs.nushell = {

     

       44
       44
       -
             enable = true;

     

       45
       45
       -
       

     

       46
       46
       -
             extraConfig = ''

     

       47
       47
       -
               $env.config = {

     

       48
       48
       -
                 show_banner: false,

     

       49
       49
       -
               }

     

       45
       45
       +
             stdlib = ''

     

       46
       46
       +
               use angrr

     

       50
       47
        
             '';

     

       51
       48
        
           };

     

       49
       49
       +
           # TODO: depend on osConfig

     

       50
       50
       +
           xdg.configFile."direnv/lib/angrr.sh".text = ''

     

       51
       51
       +
             use_angrr() {

     

       52
       52
       +
               layout_dir="$(direnv_layout_dir)"

     

       53
       53
       +
               log_status "angrr: touch GC roots $layout_dir"

     

       54
       54
       +
               RUST_LOG="''${ANGRR_DIRENV_LOG:-angrr=error}" ${lib.getExe upkgs.angrr} touch "$layout_dir" --silent

     

       55
       55
       +
             }

     

       56
       56
       +
           '';

     

       52
       57
        
       

     

       53
       58
        
           programs.zoxide = {

     

       54
       59
        
             enable = true;

     
···

       70
       75
        
               # This is also a more pure version than using `__fish_ls_*` variables

     

       71
       76
        
               # that depends on fish internal ls wrappers and can be overridden by

     

       72
       77
        
               # bad configuration. (e.g. NixOS `environment.shellAliases` default)

     

       73
       73
       -
               ls = "${lib.getExe pkgs.eza} --color=auto --icons=auto --hyperlink";

     

       78
       78
       +
               ls = "${lib.getExe upkgs.lsr}";

     

       74
       79
        
       

     

       75
       80
        
               pasters = "${lib.getExe pkgs.curl} --data-binary @- https://paste.rs/";

     

       81
       81
       +
       

     

       82
       82
       +
               mkcd = "mkdir $argv[1] && builtin cd $argv[1]";

     

       76
       83
        
             };

     

       77
       84
        
       

     

       78
       85
        
             shellAbbrs = {

     
···

       93
       100
        
               tp = "trash-put";

     

       94
       101
        
       

     

       95
       102
        
               # Listing utilities

     

       96
       96
       -
               l = "ls -aF";

     

       97
       97
       -
               ll = "ls -lhaF";

     

       98
       98
       -
               tree = "ls -T";

     

       103
       103
       +
               l = "ls -A1";

     

       104
       104
       +
               ll = "ls -Al";

     

       99
       105
        
       

     

       100
       106
        
               # Nix-related

     

       101
       107
        
               ur = " unlink result";

     

       102
       102
       -
       

     

       103
       103
       -
               # Use newer tools

     

       104
       104
       -
               clear = "#"; # <ctrl-l>

     

       105
       105
       -
               cat = "#"; # bat

     

       106
       106
       -
               rm = "#"; # trash-put

     

       107
       107
       -
               tr = "#"; # srgn

     

       108
       108
        
       

     

       109
       109
        
               # Do not keep these commands in history

     

       110
       110
        
               exit = " exit";

     
···

       151
       151
        
               '';

     

       152
       152
        
       

     

       153
       153
        
               # Quickly explore a derivation (using registry syntax)

     

       154
       154
       -
               # e.g. `cdd nixpkgs#fontforge` or `cdd unixpkgs#fontforge` 

     

       154
       154
       +
               # e.g. `cdd nixpkgs#fontforge` or `cdd unixpkgs#fontforge`

     

       155
       155
        
               cdd = "cd (nix build --no-link --print-out-paths $argv | ${lib.getExe pkgs.fzf})";

     

       156
       156
        
             } // lib.optionalAttrs (!flags.onlyCached) {

     

       157
       157
        
               # Quickly get outta here to test something

+68

home-manager/fragments/stylix.nix

···

       1
       1
       +
       { self

     

       2
       2
       +
       , config

     

       3
       3
       +
       , lib

     

       4
       4
       +
       , pkgs

     

       5
       5
       +
       , ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       

     

       8
       8
       +
       let

     

       9
       9
       +
         inherit (self.inputs) stylix;

     

       10
       10
       +
       

     

       11
       11
       +
         cfg = config.local.fragment.stylix;

     

       12
       12
       +
       in

     

       13
       13
       +
       {

     

       14
       14
       +
         imports = [

     

       15
       15
       +
           stylix.homeModules.stylix

     

       16
       16
       +
           # issues a warning because we use `useGlobalPkgs`

     

       17
       17
       +
           { config.stylix.overlays.enable = false; }

     

       18
       18
       +
         ];

     

       19
       19
       +
       

     

       20
       20
       +
         options.local.fragment.stylix.enable = lib.mkEnableOption ''

     

       21
       21
       +
           Stylix related

     

       22
       22
       +
         '';

     

       23
       23
       +
       

     

       24
       24
       +
         config = lib.mkIf cfg.enable {

     

       25
       25
       +
           # TODO: take a lot of build time

     

       26
       26
       +
           # specialisation.light.configuration = {

     

       27
       27
       +
           #   stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/one-light.yaml";

     

       28
       28
       +
           # };

     

       29
       29
       +
       

     

       30
       30
       +
           stylix = {

     

       31
       31
       +
             enable = true;

     

       32
       32
       +
             base16Scheme = lib.mkDefault "${pkgs.base16-schemes}/share/themes/onedark-dark.yaml";

     

       33
       33
       +
       

     

       34
       34
       +
             image = ../../assets/wallpaper-binary-cloud.png;

     

       35
       35
       +
       

     

       36
       36
       +
             fonts = {

     

       37
       37
       +
               sansSerif = { package = pkgs.inter; name = "Inter"; };

     

       38
       38
       +
               serif = { package = pkgs.merriweather; name = "Merriweather"; };

     

       39
       39
       +
               monospace = { package = pkgs.nerd-fonts.jetbrains-mono; name = "JetBrainsMono Nerd Font"; };

     

       40
       40
       +
       

     

       41
       41
       +
               sizes = {

     

       42
       42
       +
                 applications = 12;

     

       43
       43
       +
                 terminal = 10;

     

       44
       44
       +
       

     

       45
       45
       +
                 desktop = 12;

     

       46
       46
       +
                 popups = 14;

     

       47
       47
       +
               };

     

       48
       48
       +
             };

     

       49
       49
       +
       

     

       50
       50
       +
             opacity = {

     

       51
       51
       +
               popups = 0.8;

     

       52
       52
       +
             };

     

       53
       53
       +
       

     

       54
       54
       +
             cursor = {

     

       55
       55
       +
               name = "Bibata-Modern-Ice";

     

       56
       56
       +
               package = pkgs.bibata-cursors;

     

       57
       57
       +
               size = 24;

     

       58
       58
       +
             };

     

       59
       59
       +
       

     

       60
       60
       +
             icons = {

     

       61
       61
       +
               enable = true;

     

       62
       62
       +
               package = pkgs.papirus-icon-theme;

     

       63
       63
       +
               light = "Papirus-Light";

     

       64
       64
       +
               dark = "Papirus-Dark";

     

       65
       65
       +
             };

     

       66
       66
       +
           };

     

       67
       67
       +
         };

     

       68
       68
       +
       }

+312

home-manager/fragments/sway.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , lib

     

       3
       3
       +
       , pkgs

     

       4
       4
       +
       

     

       5
       5
       +
       , isDarwin

     

       6
       6
       +
       , ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       let

     

       10
       10
       +
         cfg = config.local.fragment.sway;

     

       11
       11
       +
         cfg-sway = config.wayland.windowManager.sway.config;

     

       12
       12
       +
       

     

       13
       13
       +
         workspacesRange = lib.zipListsWith (key-idx: workspace-idx: { inherit key-idx workspace-idx; }) [ 1 2 3 4 5 6 7 8 9 0 ] (lib.range 1 10);

     

       14
       14
       +
       in

     

       15
       15
       +
       {

     

       16
       16
       +
         options.local.fragment.sway.enable = lib.mkEnableOption ''

     

       17
       17
       +
           Sway related

     

       18
       18
       +
         '';

     

       19
       19
       +
       

     

       20
       20
       +
         config = lib.mkIf cfg.enable {

     

       21
       21
       +
           assertions = [

     

       22
       22
       +
             { assertion = !isDarwin; message = "this is a non-darwin fragment"; }

     

       23
       23
       +
           ];

     

       24
       24
       +
       

     

       25
       25
       +
           programs.swaylock = {

     

       26
       26
       +
             enable = true;

     

       27
       27
       +
             settings = {

     

       28
       28
       +
               daemonize = true;

     

       29
       29
       +
               ignore-empty-password = true;

     

       30
       30
       +
               show-failed-attempts = true;

     

       31
       31
       +
       

     

       32
       32
       +
               # relies on custom swaylock version in `overlays/patches.nix`

     

       33
       33
       +
               indicator-y-position = -100;

     

       34
       34
       +
               indicator-x-position = 100;

     

       35
       35
       +
             };

     

       36
       36
       +
           };

     

       37
       37
       +
       

     

       38
       38
       +
           programs.fish.loginShellInit = ''

     

       39
       39
       +
             if test (id --user $USER) -ge 1000 && test (tty) = "/dev/tty1"

     

       40
       40
       +
               exec sway 2> /tmp/sway.(date -u +%Y-%m-%dT%H:%M:%S).log

     

       41
       41
       +
             end

     

       42
       42
       +
           '';

     

       43
       43
       +
       

     

       44
       44
       +
           services.mako = {

     

       45
       45
       +
             enable = true;

     

       46
       46
       +
             settings = {

     

       47
       47
       +
               width = 500;

     

       48
       48
       +
               max-visible = 5;

     

       49
       49
       +
               sort = "-priority";

     

       50
       50
       +
       

     

       51
       51
       +
               default-timeout = 3 * 1000;

     

       52
       52
       +
       

     

       53
       53
       +
               layer = "overlay";

     

       54
       54
       +
       

     

       55
       55
       +
               border-size = 2;

     

       56
       56
       +
               border-radius = 5;

     

       57
       57
       +
       

     

       58
       58
       +
               "mode=dnd".invisible = 1;

     

       59
       59
       +
       

     

       60
       60
       +
               "urgency=critical" = {

     

       61
       61
       +
                 invisible = 0;

     

       62
       62
       +
                 default-timeout = 0;

     

       63
       63
       +
               };

     

       64
       64
       +
             };

     

       65
       65
       +
           };

     

       66
       66
       +
       

     

       67
       67
       +
           gtk = {

     

       68
       68
       +
             enable = true;

     

       69
       69
       +
             gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";

     

       70
       70
       +
           };

     

       71
       71
       +
       

     

       72
       72
       +
           services.swayidle =

     

       73
       73
       +
             let

     

       74
       74
       +
               swaymsg = lib.getExe' config.wayland.windowManager.sway.package "swaymsg";

     

       75
       75
       +
               loginctl = lib.getExe' pkgs.systemd "loginctl";

     

       76
       76
       +
               systemctl = lib.getExe' pkgs.systemd "systemctl";

     

       77
       77
       +
             in

     

       78
       78
       +
             {

     

       79
       79
       +
               enable = true;

     

       80
       80
       +
               timeouts = [

     

       81
       81
       +
                 # TODO: this doesn't work find a way to quickly cut output when locked and idle

     

       82
       82
       +
                 # {

     

       83
       83
       +
                 #   timeout = 10;

     

       84
       84
       +
                 #   command = "if ${pgrep} -x swaylock; then ${swaymsg} \"output * power off\"; fi";

     

       85
       85
       +
                 #   resumeCommand = "${swaymsg} \"output * power on\"";

     

       86
       86
       +
                 # }

     

       87
       87
       +
       

     

       88
       88
       +
                 {

     

       89
       89
       +
                   timeout = 60 * 5;

     

       90
       90
       +
                   # ——————————————— Dims the screen for n seconds ↓↓ and then switch it off

     

       91
       91
       +
                   command = ''${lib.getExe pkgs.chayang} -d${toString 10} && ${swaymsg} "output * power off"'';

     

       92
       92
       +
                   resumeCommand = ''${swaymsg} "output * power on"'';

     

       93
       93
       +
                 }

     

       94
       94
       +
                 { timeout = 60 * 10; command = "${loginctl} lock-session"; }

     

       95
       95
       +
                 { timeout = 60 * 15; command = "${systemctl} suspend"; }

     

       96
       96
       +
               ];

     

       97
       97
       +
               events = [

     

       98
       98
       +
                 { event = "before-sleep"; command = "${lib.getExe pkgs.playerctl} pause"; }

     

       99
       99
       +
                 { event = "before-sleep"; command = "${loginctl} lock-session"; }

     

       100
       100
       +
                 # Can be triggered with `loginctl lock-session`

     

       101
       101
       +
                 { event = "lock"; command = lib.getExe pkgs.swaylock; }

     

       102
       102
       +
               ];

     

       103
       103
       +
             };

     

       104
       104
       +
       

     

       105
       105
       +
           wayland.windowManager.sway = {

     

       106
       106
       +
             enable = true;

     

       107
       107
       +
       

     

       108
       108
       +
             xwayland = true; # explicit, op is true by default

     

       109
       109
       +
       

     

       110
       110
       +
             config = {

     

       111
       111
       +
               modifier = "Mod4"; # Super key

     

       112
       112
       +
               terminal = config.home.sessionVariables.TERMINAL;

     

       113
       113
       +
       

     

       114
       114
       +
               defaultWorkspace = "workspace number 1";

     

       115
       115
       +
       

     

       116
       116
       +
               left = "h";

     

       117
       117
       +
               down = "j";

     

       118
       118
       +
               up = "k";

     

       119
       119
       +
               right = "l";

     

       120
       120
       +
       

     

       121
       121
       +
               window = {

     

       122
       122
       +
                 titlebar = false;

     

       123
       123
       +
                 commands = [

     

       124
       124
       +
                   # Tag of shame

     

       125
       125
       +
                   {

     

       126
       126
       +
                     # Equivalent to `[shell="xwayland"] title_format "%title [XWayland]"` but for all other shells

     

       127
       127
       +
                     criteria.shell = "^((?!xdg_shell).)*$";

     

       128
       128
       +
                     command = ''title_format "%title <small>[%shell]</small>"'';

     

       129
       129
       +
                   }

     

       130
       130
       +
       

     

       131
       131
       +
                   # Toggle floating mode for some specific windows

     

       132
       132
       +
                   {

     

       133
       133
       +
                     # TODO: Bitwarden window glitches on opening

     

       134
       134
       +
                     criteria = { app_id = "^firefox$"; title = "Bitwarden Password Manager"; };

     

       135
       135
       +
                     command = ''floating enable'';

     

       136
       136
       +
                   }

     

       137
       137
       +
                   {

     

       138
       138
       +
                     # Toggles floating for every Unity window but the main one

     

       139
       139
       +
                     # Only the main window begins with `Unity - `

     

       140
       140
       +
                     criteria = { title = "^((?!^Unity - ).)*$"; class = "^Unity$"; instance = "^Unity$"; };

     

       141
       141
       +
                     command = ''floating enable'';

     

       142
       142
       +
                   }

     

       143
       143
       +
       

     

       144
       144
       +
                   # Inhibit IDLE when these are fullscreen

     

       145
       145
       +
                   { criteria.app_id = "firefox"; command = "inhibit_idle fullscreen"; }

     

       146
       146
       +
                   { criteria.app_id = "mpv"; command = "inhibit_idle fullscreen"; }

     

       147
       147
       +
                   { criteria.app_id = "spotify"; command = "inhibit_idle fullscreen"; }

     

       148
       148
       +
                   { criteria.app_id = "zen-beta"; command = "inhibit_idle fullscreen"; }

     

       149
       149
       +
                 ];

     

       150
       150
       +
               };

     

       151
       151
       +
       

     

       152
       152
       +
               focus.followMouse = false;

     

       153
       153
       +
       

     

       154
       154
       +
               gaps.smartBorders = "no_gaps";

     

       155
       155
       +
       

     

       156
       156
       +
               input = {

     

       157
       157
       +
                 "type:keyboard" = {

     

       158
       158
       +
                   xkb_layout = "us,fr(ergol),fr";

     

       159
       159
       +
       

     

       160
       160
       +
                   # List of all options: https://www.mankier.com/7/xkeyboard-config#Options

     

       161
       161
       +
                   xkb_options = "grp:menu_toggle,compose:caps";

     

       162
       162
       +
       

     

       163
       163
       +
                   repeat_delay = toString 300;

     

       164
       164
       +
                   repeat_rate = toString 30;

     

       165
       165
       +
                 };

     

       166
       166
       +
       

     

       167
       167
       +
                 "type:touchpad" = {

     

       168
       168
       +
                   dwt = "enabled";

     

       169
       169
       +
                   tap = "enabled";

     

       170
       170
       +
                   tap_button_map = "lrm";

     

       171
       171
       +
                 };

     

       172
       172
       +
       

     

       173
       173
       +
                 # Split keyboard also acts as a mouse

     

       174
       174
       +
                 # "type:touchpad" = { events = "disabled_on_external_mouse"; };

     

       175
       175
       +
       

     

       176
       176
       +
                 # Disable touchscreen by default

     

       177
       177
       +
                 "type:touch" = { events = "disabled"; };

     

       178
       178
       +
               };

     

       179
       179
       +
       

     

       180
       180
       +
               output."*".bg = lib.mkForce "#000000 solid_color";

     

       181
       181
       +
       

     

       182
       182
       +
               seat."*" = {

     

       183
       183
       +
                 # disable cursor when typing or on purpose

     

       184
       184
       +
                 hide_cursor = "when-typing enable";

     

       185
       185
       +
               };

     

       186
       186
       +
       

     

       187
       187
       +
               bindkeysToCode = true;

     

       188
       188
       +
               keybindings =

     

       189
       189
       +
                 let

     

       190
       190
       +
                   pamixer = lib.getExe pkgs.pamixer;

     

       191
       191
       +
                   playerctl = lib.getExe pkgs.playerctl;

     

       192
       192
       +
                   brightnessctl = lib.getExe pkgs.brightnessctl;

     

       193
       193
       +
                   makoctl = lib.getExe' pkgs.mako "makoctl";

     

       194
       194
       +
       

     

       195
       195
       +
                   grim = lib.getExe pkgs.grim;

     

       196
       196
       +
                   slurp = lib.getExe pkgs.slurp;

     

       197
       197
       +
                   wl-copy = lib.getExe' pkgs.wl-clipboard "wl-copy";

     

       198
       198
       +
                   wl-paste = lib.getExe' pkgs.wl-clipboard "wl-paste";

     

       199
       199
       +
                 in

     

       200
       200
       +
                 lib.foldl (acc: val: acc // val) { }

     

       201
       201
       +
                   (map

     

       202
       202
       +
                     (modifier: {

     

       203
       203
       +
                       "${modifier}+Return" = "exec ${cfg-sway.terminal}";

     

       204
       204
       +
                       "${modifier}+Shift+Return" = "exec ${lib.getExe' pkgs.nautilus "nautilus"}";

     

       205
       205
       +
                       "${modifier}+Shift+q" = "kill";

     

       206
       206
       +
                       "${modifier}+d" = "exec ${cfg-sway.menu}";

     

       207
       207
       +
                       "${modifier}+Space" = "exec ${makoctl} dismiss";

     

       208
       208
       +
       

     

       209
       209
       +
                       "${modifier}+Escape" = "exec ${lib.getExe' pkgs.systemd "loginctl"} lock-session";

     

       210
       210
       +
                       "${modifier}+Alt+Escape" = "exec ${pkgs.writeShellScript "lock-screenshot.sh" ''

     

       211
       211
       +
                         tmpimg=$(${lib.getExe' pkgs.coreutils "mktemp"} /tmp/lock-bg.XXX)

     

       212
       212
       +
       

     

       213
       213
       +
                         # Give some time to hide the bar

     

       214
       214
       +
                         sleep 1

     

       215
       215
       +
       

     

       216
       216
       +
                         ${grim} $tmpimg

     

       217
       217
       +
                         ${lib.getExe pkgs.swaylock} --image $tmpimg

     

       218
       218
       +
       

     

       219
       219
       +
                         rm $tmpimg

     

       220
       220
       +
                       ''}";

     

       221
       221
       +
       

     

       222
       222
       +
                       "${modifier}+t" = ''input "type:touch" events toggle'';

     

       223
       223
       +
       

     

       224
       224
       +
                       "${modifier}+${cfg-sway.left}" = "focus left";

     

       225
       225
       +
                       "${modifier}+${cfg-sway.down}" = "focus down";

     

       226
       226
       +
                       "${modifier}+${cfg-sway.up}" = "focus up";

     

       227
       227
       +
                       "${modifier}+${cfg-sway.right}" = "focus right";

     

       228
       228
       +
       

     

       229
       229
       +
                       "${modifier}+Shift+${cfg-sway.left}" = "move left";

     

       230
       230
       +
                       "${modifier}+Shift+${cfg-sway.down}" = "move down";

     

       231
       231
       +
                       "${modifier}+Shift+${cfg-sway.up}" = "move up";

     

       232
       232
       +
                       "${modifier}+Shift+${cfg-sway.right}" = "move right";

     

       233
       233
       +
                       "${modifier}+b" = "split vertical";

     

       234
       234
       +
                       "${modifier}+n" = "split horizontal";

     

       235
       235
       +
       

     

       236
       236
       +
                       "${modifier}+Alt+${cfg-sway.left}" = "resize shrink width 60 px";

     

       237
       237
       +
                       "${modifier}+Alt+${cfg-sway.down}" = "resize grow height 60 px";

     

       238
       238
       +
                       "${modifier}+Alt+${cfg-sway.up}" = "resize shrink height 60 px";

     

       239
       239
       +
                       "${modifier}+Alt+${cfg-sway.right}" = "resize grow width 60 px";

     

       240
       240
       +
                       "${modifier}+f" = "fullscreen toggle";

     

       241
       241
       +
                       "${modifier}+Shift+space" = "floating toggle";

     

       242
       242
       +
                       # Change between tiling and floating focus

     

       243
       243
       +
                       "${modifier}+Alt+space" = "focus mode_toggle";

     

       244
       244
       +
                       "${modifier}+Alt+c" = "move position cursor";

     

       245
       245
       +
                       "${modifier}+p" = "sticky toggle";

     

       246
       246
       +
       

     

       247
       247
       +
                       # Screenshotting

     

       248
       248
       +
                       "${modifier}+s" = ''exec ${grim} -g "$(${slurp})" - | ${wl-copy}'';

     

       249
       249
       +
                       "${modifier}+Shift+s" = "exec ${wl-paste} | ${lib.getExe pkgs.swappy} --file - --output-file - | ${wl-copy}";

     

       250
       250
       +
       

     

       251
       251
       +
                       # Soundcontrol Keys

     

       252
       252
       +
                       "--locked XF86AudioPrev" = "exec ${playerctl} previous";

     

       253
       253
       +
                       "--locked XF86AudioNext" = "exec ${playerctl} next";

     

       254
       254
       +
                       "--locked XF86AudioPlay" = "exec ${playerctl} play-pause";

     

       255
       255
       +
                       "--locked XF86AudioStop" = "exec ${playerctl} stop";

     

       256
       256
       +
                       "--locked XF86AudioRaiseVolume" = "exec ${pamixer} --unmute --increase 5";

     

       257
       257
       +
                       "--locked XF86AudioLowerVolume" = "exec ${pamixer} --unmute --decrease 5";

     

       258
       258
       +
                       "--locked XF86AudioMute" = "exec ${pamixer} --toggle-mute";

     

       259
       259
       +
                       "--locked XF86AudioMicMute" = "exec ${pamixer} --default-source --toggle-mute";

     

       260
       260
       +
                       "--locked XF86MonBrightnessUp" = "exec ${brightnessctl} --exponent set 5%+";

     

       261
       261
       +
                       "--locked XF86MonBrightnessDown" = "exec ${brightnessctl} --exponent  set 5%- --min-value=1";

     

       262
       262
       +
                       "--locked XF86TouchpadToggle" = ''input "type:touchpad" events toggle enabled disabled_on_external_mouse'';

     

       263
       263
       +
                     }

     

       264
       264
       +
                     // lib.listToAttrs (lib.flatten (map

     

       265
       265
       +
                       ({ key-idx, workspace-idx }: [

     

       266
       266
       +
                         { name = "${modifier}+${toString key-idx}"; value = "workspace number ${toString workspace-idx}"; }

     

       267
       267
       +
                         { name = "${modifier}+Alt+${toString key-idx}"; value = "move container to workspace number ${toString workspace-idx}"; }

     

       268
       268
       +
                         { name = "${modifier}+Shift+${toString key-idx}"; value = "move container to workspace number ${toString workspace-idx}; workspace number ${toString workspace-idx}"; }

     

       269
       269
       +
                       ])

     

       270
       270
       +
                       workspacesRange))

     

       271
       271
       +
                     ) [ cfg-sway.modifier ]);

     

       272
       272
       +
             };

     

       273
       273
       +
           };

     

       274
       274
       +
       

     

       275
       275
       +
           services.blueman-applet.enable = true;

     

       276
       276
       +
       

     

       277
       277
       +
           services.poweralertd.enable = true;

     

       278
       278
       +
       

     

       279
       279
       +
           services.darkman = {

     

       280
       280
       +
             enable = true;

     

       281
       281
       +
             settings.usegeoclue = true;

     

       282
       282
       +
       

     

       283
       283
       +
             darkModeScripts.gtk-theme = ''

     

       284
       284
       +
               # Change system theme scheme to dark

     

       285
       285
       +
               ${lib.getExe pkgs.dconf} write /org/gnome/desktop/interface/color-scheme "'prefer-dark'"

     

       286
       286
       +
       

     

       287
       287
       +
               # Do not change brightness as I'm usually on my computer as this time

     

       288
       288
       +
             '';

     

       289
       289
       +
       

     

       290
       290
       +
             lightModeScripts.gtk-theme = ''

     

       291
       291
       +
               # Change system theme scheme to light

     

       292
       292
       +
               ${lib.getExe pkgs.dconf} write /org/gnome/desktop/interface/color-scheme "'prefer-light'"

     

       293
       293
       +
       

     

       294
       294
       +
               # TODO: change config specialization

     

       295
       295
       +
       

     

       296
       296
       +
               # Prepare laptop for wake: set full brightness and disable kbd backlight

     

       297
       297
       +
               ${lib.getExe pkgs.brightnessctl} --class backlight set 100%

     

       298
       298
       +
               ${lib.getExe pkgs.brightnessctl} --class leds --device "*::kbd_backlight" set 0%

     

       299
       299
       +
             '';

     

       300
       300
       +
           };

     

       301
       301
       +
       

     

       302
       302
       +
           services.gammastep = {

     

       303
       303
       +
             enable = true;

     

       304
       304
       +
             tray = true;

     

       305
       305
       +
             provider = "geoclue2";

     

       306
       306
       +
             settings.general = {

     

       307
       307
       +
               adjustment-method = "wayland";

     

       308
       308
       +
               gamma = 0.8;

     

       309
       309
       +
             };

     

       310
       310
       +
           };

     

       311
       311
       +
         };

     

       312
       312
       +
       }

+95

home-manager/fragments/swaybar.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , lib

     

       3
       3
       +
       , pkgs

     

       4
       4
       +
       , ...

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       let

     

       8
       8
       +
         cfg = config.local.fragment.swaybar;

     

       9
       9
       +
       

     

       10
       10
       +
         integrated-keyboard-id = "1:1:AT_Translated_Set_2_keyboard";

     

       11
       11
       +
         integrated-keyboard-id-bis = "1:1:kanata";

     

       12
       12
       +
       

     

       13
       13
       +
         swaymsg = lib.getExe' pkgs.sway "swaymsg";

     

       14
       14
       +
       in

     

       15
       15
       +
       {

     

       16
       16
       +
         options.local.fragment.swaybar.enable = lib.mkEnableOption ''

     

       17
       17
       +
           Swaybar related

     

       18
       18
       +
         '';

     

       19
       19
       +
       

     

       20
       20
       +
         config = lib.mkIf cfg.enable {

     

       21
       21
       +
           programs.i3status-rust = {

     

       22
       22
       +
             enable = true;

     

       23
       23
       +
       

     

       24
       24
       +
             bars.default = {

     

       25
       25
       +
               theme = "modern";

     

       26
       26
       +
               icons = "awesome6";

     

       27
       27
       +
       

     

       28
       28
       +
               settings.icon_format = " <span font_family='FontAwesome6'>{icon}</span> ";

     

       29
       29
       +
       

     

       30
       30
       +
               blocks = [

     

       31
       31
       +
                 {

     

       32
       32
       +
                   block = "custom";

     

       33
       33
       +
                   command = ''

     

       34
       34
       +
                     echo 󰌌  $(swaymsg --raw --type get_inputs \

     

       35
       35
       +
                       | jq --raw-output '

     

       36
       36
       +
                         .[]

     

       37
       37
       +
                         | select(.identifier=="${integrated-keyboard-id}")

     

       38
       38
       +
                         | .libinput.send_events')

     

       39
       39
       +
                   '';

     

       40
       40
       +
                   click = [{

     

       41
       41
       +
                     button = "left";

     

       42
       42
       +
                     cmd = ''

     

       43
       43
       +
                       ${swaymsg} input ${integrated-keyboard-id} events toggle;

     

       44
       44
       +
                       ${swaymsg} input ${integrated-keyboard-id-bis} events toggle

     

       45
       45
       +
                     '';

     

       46
       46
       +
                     update = true;

     

       47
       47
       +
                   }];

     

       48
       48
       +
                   interval = "once";

     

       49
       49
       +
                 }

     

       50
       50
       +
       

     

       51
       51
       +
                 {

     

       52
       52
       +
                   block = "custom";

     

       53
       53
       +
                   command = "echo  $(${lib.getExe' pkgs.mako "makoctl"} mode)";

     

       54
       54
       +
                   click = [{

     

       55
       55
       +
                     button = "left";

     

       56
       56
       +
                     # Toggle DND mode

     

       57
       57
       +
                     cmd = "${lib.getExe' pkgs.mako "makoctl"} mode -t dnd";

     

       58
       58
       +
                     update = true;

     

       59
       59
       +
                   }];

     

       60
       60
       +
                   interval = "once";

     

       61
       61
       +
                 }

     

       62
       62
       +
       

     

       63
       63
       +
                 { block = "music"; }

     

       64
       64
       +
                 {

     

       65
       65
       +
                   format = " 󰌌  $variant";

     

       66
       66
       +
                   block = "keyboard_layout";

     

       67
       67
       +
                   driver = "sway";

     

       68
       68
       +
                 }

     

       69
       69
       +
                 { block = "backlight"; device = "intel_backlight"; }

     

       70
       70
       +
                 { block = "sound"; }

     

       71
       71
       +
                 { block = "battery"; }

     

       72
       72
       +
                 {

     

       73
       73
       +
                   block = "time";

     

       74
       74
       +
                   interval = 60;

     

       75
       75
       +
                   format = " $timestamp.datetime(f:'%a %d/%m %R') ";

     

       76
       76
       +
                 }

     

       77
       77
       +
               ];

     

       78
       78
       +
             };

     

       79
       79
       +
           };

     

       80
       80
       +
       

     

       81
       81
       +
           wayland.windowManager.sway.config.bars = [

     

       82
       82
       +
             ({

     

       83
       83
       +
               statusCommand = "${lib.getExe pkgs.i3status-rust} ${config.home.homeDirectory}/${config.xdg.configFile."i3status-rust/config-default.toml".target}";

     

       84
       84
       +
       

     

       85
       85
       +
               hiddenState = "hide";

     

       86
       86
       +
               mode = "hide";

     

       87
       87
       +
       

     

       88
       88
       +
               # TODO: fix color theme on the bar

     

       89
       89
       +
               # TODO: would be nice to have rounded corners and padding when appearing

     

       90
       90
       +
       

     

       91
       91
       +
               extraConfig = "icon_theme Papirus";

     

       92
       92
       +
             } // config.stylix.targets.sway.exportedBarConfig)

     

       93
       93
       +
           ];

     

       94
       94
       +
         };

     

       95
       95
       +
       }

+15 -6

home-manager/fragments/tools.nix

···

       1
       1
        
       { config

     

       2
       2
        
       , lib

     

       3
       3
        
       , pkgs

     

       4
       4
       -
       , lpkgs

     

       5
       4
        
       , ...

     

       6
       5
        
       }:

     

       7
       6
        
       

     
···

       27
       26
        
             # CLIs

     

       28
       27
        
             asciinema

     

       29
       28
        
             calc

     

       29
       29
       +
             csvlens

     

       30
       30
        
             delta

     

       31
       31
        
             dogdns

     

       32
       32
       -
             du-dust

     

       32
       32
       +
             dust

     

       33
       33
        
             encfs

     

       34
       34
        
             fastfetch

     

       35
       35
        
             fd

     

       36
       36
        
             ffmpeg

     

       37
       37
        
             file

     

       38
       38
        
             fzf

     

       39
       39
       +
             gemini-cli

     

       39
       40
        
             inetutils

     

       40
       41
        
             jq

     

       41
       42
        
             just

     
···

       44
       45
        
             lsof

     

       45
       46
        
             mediainfo

     

       46
       47
        
             openssl

     

       48
       48
       +
             otree

     

       47
       49
        
             ouch

     

       48
       50
        
             parallel

     

       51
       51
       +
             perf

     

       49
       52
        
             pv

     

       50
       53
        
             restic

     

       51
       54
        
             ripgrep

     
···

       56
       59
        
             tlrc

     

       57
       60
        
             tokei

     

       58
       61
        
             trash-cli

     

       62
       62
       +
             uni

     

       59
       63
        
             unzip

     

       60
       64
        
             vlock

     

       61
       61
       -
             wcurl

     

       62
       65
        
             wormhole-rs

     

       63
       63
       -
           ]) ++ lib.optionals (!flags.onlyCached) [

     

       64
       64
       -
             lpkgs.otree

     

       65
       65
       -
           ];

     

       66
       66
       +
           ]) ++ lib.optionals (!flags.onlyCached) [ ];

     

       67
       67
       +
       

     

       68
       68
       +
           programs.fish.shellAbbrs = {

     

       69
       69
       +
             # Use newer tools

     

       70
       70
       +
             clear = "#"; # <ctrl-l>

     

       71
       71
       +
             cat = "#"; # bat

     

       72
       72
       +
             rm = "#"; # trash-put

     

       73
       73
       +
             tr = "#"; # srgn

     

       74
       74
       +
           };

     

       66
       75
        
       

     

       67
       76
        
           programs.bat = {

     

       68
       77
        
             enable = true;

-128

home-manager/fragments/vm-bar.nix

···

       1
       1
       -
       { config

     

       2
       2
       -
       , lib

     

       3
       3
       -
       , pkgs

     

       4
       4
       -
       , ...

     

       5
       5
       -
       }:

     

       6
       6
       -
       

     

       7
       7
       -
       let

     

       8
       8
       -
         cfg = config.local.fragment.vm;

     

       9
       9
       -
       

     

       10
       10
       -
         integrated-keyboard-id = "1:1:AT_Translated_Set_2_keyboard";

     

       11
       11
       -
         integrated-keyboard-id-bis = "1:1:kanata";

     

       12
       12
       -
         swaymsg = lib.getExe' pkgs.sway "swaymsg";

     

       13
       13
       -
       

     

       14
       14
       -
         theme = config.local.colorScheme.palette;

     

       15
       15
       -
       in

     

       16
       16
       -
       {

     

       17
       17
       -
         config = lib.mkIf cfg.enable {

     

       18
       18
       -
           programs.i3status-rust = {

     

       19
       19
       -
             enable = true;

     

       20
       20
       -
       

     

       21
       21
       -
             bars.default = {

     

       22
       22
       -
               theme = "modern";

     

       23
       23
       -
               icons = "awesome6";

     

       24
       24
       -
               blocks = [

     

       25
       25
       -
                 {

     

       26
       26
       -
                   block = "custom";

     

       27
       27
       -
                   command = ''

     

       28
       28
       -
                     echo 󰌌 $(swaymsg --raw --type get_inputs \

     

       29
       29
       -
                       | jq --raw-output '

     

       30
       30
       -
                         .[]

     

       31
       31
       -
                         | select(.identifier=="${integrated-keyboard-id}")

     

       32
       32
       -
                         | .libinput.send_events')

     

       33
       33
       -
                   '';

     

       34
       34
       -
                   click = [{

     

       35
       35
       -
                     button = "left";

     

       36
       36
       -
                     cmd = ''

     

       37
       37
       -
                       ${swaymsg} input ${integrated-keyboard-id} events toggle;

     

       38
       38
       -
                       ${swaymsg} input ${integrated-keyboard-id-bis} events toggle

     

       39
       39
       -
                     '';

     

       40
       40
       -
                     update = true;

     

       41
       41
       -
                   }];

     

       42
       42
       -
                   interval = "once";

     

       43
       43
       -
                 }

     

       44
       44
       -
       

     

       45
       45
       -
                 {

     

       46
       46
       -
                   block = "custom";

     

       47
       47
       -
                   command = "echo  $(${lib.getExe' pkgs.mako "makoctl"} mode)";

     

       48
       48
       -
                   click = [{

     

       49
       49
       -
                     button = "left";

     

       50
       50
       -
                     cmd = "${lib.getExe' pkgs.mako "makoctl"} mode -t dnd";

     

       51
       51
       -
                     update = true;

     

       52
       52
       -
                   }];

     

       53
       53
       -
                   interval = "once";

     

       54
       54
       -
                 }

     

       55
       55
       -
       

     

       56
       56
       -
                 { block = "music"; }

     

       57
       57
       -
                 {

     

       58
       58
       -
                   block = "memory";

     

       59
       59
       -
                   format = " $icon $mem_used_percents.eng(w:2) ";

     

       60
       60
       -
                 }

     

       61
       61
       -
                 {

     

       62
       62
       -
                   format = " 󰌌 $variant";

     

       63
       63
       -
                   block = "keyboard_layout";

     

       64
       64
       -
                   driver = "sway";

     

       65
       65
       -
                 }

     

       66
       66
       -
                 { block = "backlight"; device = "intel_backlight"; }

     

       67
       67
       -
                 { block = "sound"; }

     

       68
       68
       -
                 { block = "battery"; }

     

       69
       69
       -
                 {

     

       70
       70
       -
                   block = "time";

     

       71
       71
       -
                   interval = 60;

     

       72
       72
       -
                   format = " $timestamp.datetime(f:'%a %d/%m %R') ";

     

       73
       73
       -
                 }

     

       74
       74
       -
               ];

     

       75
       75
       -
             };

     

       76
       76
       -
           };

     

       77
       77
       -
       

     

       78
       78
       -
           wayland.windowManager.sway.config.bars = [{

     

       79
       79
       -
             statusCommand = "${lib.getExe pkgs.i3status-rust} ${config.home.homeDirectory}/${config.xdg.configFile."i3status-rust/config-default.toml".target}";

     

       80
       80
       -
             hiddenState = "hide";

     

       81
       81
       -
             mode = "hide";

     

       82
       82
       -
             fonts.size = 11.0;

     

       83
       83
       -
       

     

       84
       84
       -
             colors = {

     

       85
       85
       -
               background = "#${theme.base00}";

     

       86
       86
       -
               focusedBackground = "#${theme.base00}";

     

       87
       87
       -
               separator = "#cccccc";

     

       88
       88
       -
               focusedSeparator = "#cccccc";

     

       89
       89
       -
               statusline = "#cccccc";

     

       90
       90
       -
               focusedStatusline = "#cccccc";

     

       91
       91
       -
       

     

       92
       92
       -
               focusedWorkspace = rec {

     

       93
       93
       -
                 text = "#${theme.base07}";

     

       94
       94
       -
                 background = "#${theme.base0C}";

     

       95
       95
       -
                 border = background;

     

       96
       96
       -
               };

     

       97
       97
       -
       

     

       98
       98
       -
               inactiveWorkspace = rec {

     

       99
       99
       -
                 text = "#${theme.base05}";

     

       100
       100
       -
                 background = "#${theme.base01}";

     

       101
       101
       -
                 border = background;

     

       102
       102
       -
               };

     

       103
       103
       -
       

     

       104
       104
       -
               activeWorkspace = rec {

     

       105
       105
       -
                 text = "#${theme.base08}";

     

       106
       106
       -
                 background = "#${theme.base0C}";

     

       107
       107
       -
                 border = background;

     

       108
       108
       -
               };

     

       109
       109
       -
       

     

       110
       110
       -
               urgentWorkspace = rec {

     

       111
       111
       -
                 text = "#ffffff";

     

       112
       112
       -
                 background = "#${theme.base0F}";

     

       113
       113
       -
                 border = background;

     

       114
       114
       -
               };

     

       115
       115
       -
       

     

       116
       116
       -
               bindingMode = rec {

     

       117
       117
       -
                 text = "#ffffff";

     

       118
       118
       -
                 background = "#${theme.base0F}";

     

       119
       119
       -
                 border = background;

     

       120
       120
       -
               };

     

       121
       121
       -
             };

     

       122
       122
       -
       

     

       123
       123
       -
             # Would be nice to have rounded corners and padding when appearing

     

       124
       124
       -
       

     

       125
       125
       -
             extraConfig = "icon_theme Papirus";

     

       126
       126
       -
           }];

     

       127
       127
       -
         };

     

       128
       128
       -
       }

-141

home-manager/fragments/vm-compose.nix

···

       1
       1
       -
       { self

     

       2
       2
       -
       , config

     

       3
       3
       -
       , lib

     

       4
       4
       -
       , ...

     

       5
       5
       -
       }:

     

       6
       6
       -
       

     

       7
       7
       -
       

     

       8
       8
       -
       let

     

       9
       9
       -
         inherit (self.outputs) homeManagerModules;

     

       10
       10
       -
       

     

       11
       11
       -
         cfg = config.local.fragment.vm;

     

       12
       12
       -
       in

     

       13
       13
       -
       {

     

       14
       14
       -
         imports = [ homeManagerModules.xcompose ];

     

       15
       15
       -
       

     

       16
       16
       -
         config.programs.xcompose = lib.mkIf cfg.enable {

     

       17
       17
       -
           enable = true;

     

       18
       18
       -
           includeLocaleCompose = true;

     

       19
       19
       -
           loadConfigInEnv = false;

     

       20
       20
       -
       

     

       21
       21
       -
           sequences.Multi_key = {

     

       22
       22
       -
             e.grave = "è";

     

       23
       23
       -
             E.grave = "È";

     

       24
       24
       -
             e.apostrophe = "é";

     

       25
       25
       -
             E.apostrophe = "É";

     

       26
       26
       -
             a.grave = "à";

     

       27
       27
       -
             A.grave = "À";

     

       28
       28
       -
             u.grave = "ù";

     

       29
       29
       -
             U.grave = "Ù";

     

       30
       30
       -
             e.quotedbl = "ë";

     

       31
       31
       -
             E.quotedbl = "Ë";

     

       32
       32
       -
             a.quotedbl = "ä";

     

       33
       33
       -
             A.quotedbl = "Ä";

     

       34
       34
       -
       

     

       35
       35
       -
             quotedbl.quotedbl = "¨";

     

       36
       36
       -
             apostrophe.apostrophe = "´";

     

       37
       37
       -
       

     

       38
       38
       -
             s.s = "ß";

     

       39
       39
       -
       

     

       40
       40
       -
             # Lower case [g]reek letters

     

       41
       41
       -
             g = {

     

       42
       42
       -
               a = "α";

     

       43
       43
       -
               b = "β";

     

       44
       44
       -
               g = "γ";

     

       45
       45
       -
               d = "δ";

     

       46
       46
       -
               e = "ε";

     

       47
       47
       -
               z = "ζ";

     

       48
       48
       -
               h = "η";

     

       49
       49
       -
               u = "θ";

     

       50
       50
       -
               i = "ι";

     

       51
       51
       -
               k = "κ";

     

       52
       52
       -
               l = "λ";

     

       53
       53
       -
               m = "μ";

     

       54
       54
       -
               n = "ν";

     

       55
       55
       -
               x = "ξ";

     

       56
       56
       -
               q.o = "ο";

     

       57
       57
       -
               p = "π";

     

       58
       58
       -
               r = "ρ";

     

       59
       59
       -
               s = "σ";

     

       60
       60
       -
               t = "τ";

     

       61
       61
       -
               y = "υ";

     

       62
       62
       -
               f = "φ";

     

       63
       63
       -
               o = "ω";

     

       64
       64
       -
             };

     

       65
       65
       -
             # Upper case [G]reek letters

     

       66
       66
       -
             G = {

     

       67
       67
       -
               A = "Α";

     

       68
       68
       -
               B = "Β";

     

       69
       69
       -
               G = "Γ";

     

       70
       70
       -
               D = "Δ";

     

       71
       71
       -
               E = "Ε";

     

       72
       72
       -
               Z = "Ζ";

     

       73
       73
       -
               H = "Η";

     

       74
       74
       -
               U = "Θ";

     

       75
       75
       -
               I = "Ι";

     

       76
       76
       -
               K = "Κ";

     

       77
       77
       -
               L = "Λ";

     

       78
       78
       -
               M = "Μ";

     

       79
       79
       -
               N = "Ν";

     

       80
       80
       -
               X = "Ξ";

     

       81
       81
       -
               Q.O = "Ο";

     

       82
       82
       -
               P = "Π";

     

       83
       83
       -
               R = "Ρ";

     

       84
       84
       -
               S = "Σ";

     

       85
       85
       -
               T = "Τ";

     

       86
       86
       -
               Y = "Υ";

     

       87
       87
       -
               F = "Φ";

     

       88
       88
       -
               O = "Ω";

     

       89
       89
       -
             };

     

       90
       90
       -
       

     

       91
       91
       -
             # Math

     

       92
       92
       -
             l.equal = "≤";

     

       93
       93
       -
             g.equal = "≥";

     

       94
       94
       -
             s.u.m = "∑";

     

       95
       95
       -
             asciitilde.asciitilde = "≈";

     

       96
       96
       -
       

     

       97
       97
       -
             # Math double-struck symbols

     

       98
       98
       -
             M = {

     

       99
       99
       -
               A = "𝔸";

     

       100
       100
       -
               B = "𝔹";

     

       101
       101
       -
               C = "ℂ";

     

       102
       102
       -
               D = "𝔻";

     

       103
       103
       -
               E = "𝔼";

     

       104
       104
       -
               F = "𝔽";

     

       105
       105
       -
               G = "𝔾";

     

       106
       106
       -
               H = "ℍ";

     

       107
       107
       -
               I = "𝕀";

     

       108
       108
       -
               J = "𝕁";

     

       109
       109
       -
               K = "𝕂";

     

       110
       110
       -
               L = "𝕃";

     

       111
       111
       -
               M = "𝕄";

     

       112
       112
       -
               N = "ℕ";

     

       113
       113
       -
               O = "𝕆";

     

       114
       114
       -
               P = "ℙ";

     

       115
       115
       -
               Q = "ℚ";

     

       116
       116
       -
               R = "ℝ";

     

       117
       117
       -
               S = "𝕊";

     

       118
       118
       -
               T = "𝕋";

     

       119
       119
       -
               U = "𝕌";

     

       120
       120
       -
               V = "𝕍";

     

       121
       121
       -
               X = "𝕏";

     

       122
       122
       -
               Y = "𝕐";

     

       123
       123
       -
               Z = "ℤ";

     

       124
       124
       -
             };

     

       125
       125
       -
       

     

       126
       126
       -
             # Symbols

     

       127
       127
       -
             o.o = "∞";

     

       128
       128
       -
       

     

       129
       129
       -
             minus.greater = "→";

     

       130
       130
       -
             less.minus = "←";

     

       131
       131
       -
             less.greater.minus = "↔";

     

       132
       132
       -
       

     

       133
       133
       -
             equal.greater = "⇒";

     

       134
       134
       -
             less.equal = "⇐";

     

       135
       135
       -
             less.greater.equal = "⇔";

     

       136
       136
       -
       

     

       137
       137
       -
             "0"."0" = "°";

     

       138
       138
       -
             minus.minus = "—";

     

       139
       139
       -
           };

     

       140
       140
       -
         };

     

       141
       141
       -
       }

-66

home-manager/fragments/vm-search.nix

···

       1
       1
       -
       { config

     

       2
       2
       -
       , lib

     

       3
       3
       -
       , pkgs

     

       4
       4
       -
       , ...

     

       5
       5
       -
       }:

     

       6
       6
       -
       

     

       7
       7
       -
       let

     

       8
       8
       -
         cfg = config.local.fragment.vm;

     

       9
       9
       -
       

     

       10
       10
       -
         theme = config.local.colorScheme.palette;

     

       11
       11
       -
         keyValueFormat = lib.generators.toKeyValue { };

     

       12
       12
       -
       in

     

       13
       13
       -
       {

     

       14
       14
       -
         config = lib.mkIf cfg.enable {

     

       15
       15
       -
           wayland.windowManager.sway.config.menu =

     

       16
       16
       -
             let

     

       17
       17
       -
               tofi-drun = lib.getExe' pkgs.tofi "tofi-drun";

     

       18
       18
       -
               swaymsg = lib.getExe' config.wayland.windowManager.sway.package "swaymsg";

     

       19
       19
       -
       

     

       20
       20
       -
               jetbrains-nerd-font-regular = "${pkgs.nerd-fonts.jetbrains-mono}/share/fonts/truetype/JetBrainsMonoNerdFont-Regular.ttf";

     

       21
       21
       -
             in

     

       22
       22
       -
             "${tofi-drun} --font ${jetbrains-nerd-font-regular} | xargs ${swaymsg} exec --";

     

       23
       23
       -
       

     

       24
       24
       -
           xdg.configFile."tofi/config".text = keyValueFormat {

     

       25
       25
       -
             font-size = 14;

     

       26
       26
       -
       

     

       27
       27
       -
             horizontal = true;

     

       28
       28
       -
             anchor = "top";

     

       29
       29
       -
             width = "100%";

     

       30
       30
       -
             height = 48;

     

       31
       31
       -
       

     

       32
       32
       -
             outline-width = 0;

     

       33
       33
       -
             border-width = 0;

     

       34
       34
       -
       

     

       35
       35
       -
             min-input-width = 100;

     

       36
       36
       -
             result-spacing = 20;

     

       37
       37
       -
       

     

       38
       38
       -
             padding-top = 12;

     

       39
       39
       -
             padding-bottom = 12;

     

       40
       40
       -
             padding-left = 20;

     

       41
       41
       -
             padding-right = 20;

     

       42
       42
       -
       

     

       43
       43
       -
             text-color = "#${theme.base06}";

     

       44
       44
       -
             background-color = "#${theme.base00}";

     

       45
       45
       -
       

     

       46
       46
       -
             prompt-text = " ";

     

       47
       47
       -
             prompt-padding = 30;

     

       48
       48
       -
             prompt-background = "#${theme.base01}";

     

       49
       49
       -
             prompt-background-padding = "5, 10";

     

       50
       50
       -
             prompt-background-corner-radius = 5;

     

       51
       51
       -
       

     

       52
       52
       -
             input-color = "#${theme.base07}";

     

       53
       53
       -
             input-background = "#${theme.base01}";

     

       54
       54
       -
             input-background-padding = "5, 10";

     

       55
       55
       -
             input-background-corner-radius = 5;

     

       56
       56
       -
       

     

       57
       57
       -
             selection-color = "#${theme.base0E}";

     

       58
       58
       -
             selection-background = "#${theme.base01}";

     

       59
       59
       -
             selection-background-padding = "5, 10";

     

       60
       60
       -
             selection-background-corner-radius = 8;

     

       61
       61
       -
             selection-match-color = "#${theme.base08}";

     

       62
       62
       -
       

     

       63
       63
       -
             clip-to-padding = false;

     

       64
       64
       -
           };

     

       65
       65
       -
         };

     

       66
       66
       -
       }

-383

home-manager/fragments/vm.nix

···

       1
       1
       -
       { self

     

       2
       2
       -
       , config

     

       3
       3
       -
       , lib

     

       4
       4
       -
       , pkgs

     

       5
       5
       -
       

     

       6
       6
       -
       , isDarwin

     

       7
       7
       -
       , ...

     

       8
       8
       -
       }:

     

       9
       9
       -
       

     

       10
       10
       -
       let

     

       11
       11
       -
         inherit (self.outputs) homeManagerModules;

     

       12
       12
       -
       

     

       13
       13
       -
         cfg = config.local.fragment.vm;

     

       14
       14
       -
       

     

       15
       15
       -
         theme = config.local.colorScheme.palette;

     

       16
       16
       -
         cfg-sway = config.wayland.windowManager.sway.config;

     

       17
       17
       -
       

     

       18
       18
       -
         workspacesRange = lib.zipListsWith (key-idx: workspace-idx: { inherit key-idx workspace-idx; }) [ 1 2 3 4 5 6 7 8 9 0 ] (lib.range 1 10);

     

       19
       19
       -
       in

     

       20
       20
       -
       {

     

       21
       21
       -
         imports = [

     

       22
       22
       -
           homeManagerModules.wl-clip-persist

     

       23
       23
       -
         ];

     

       24
       24
       -
       

     

       25
       25
       -
         options.local.fragment.vm.enable = lib.mkEnableOption ''

     

       26
       26
       -
           Sway related

     

       27
       27
       -
         '';

     

       28
       28
       -
       

     

       29
       29
       -
         config = lib.mkIf cfg.enable {

     

       30
       30
       -
           assertions = [

     

       31
       31
       -
             { assertion = !isDarwin; message = "this is a non-darwin fragment"; }

     

       32
       32
       -
           ];

     

       33
       33
       -
       

     

       34
       34
       -
           programs.swaylock = {

     

       35
       35
       -
             enable = true;

     

       36
       36
       -
             settings = {

     

       37
       37
       -
               daemonize = true;

     

       38
       38
       -
               ignore-empty-password = true;

     

       39
       39
       -
               show-failed-attempts = true;

     

       40
       40
       -
       

     

       41
       41
       -
               image = toString ../../assets/wallpaper-binary-cloud.png;

     

       42
       42
       -
       

     

       43
       43
       -
               indicator-y-position = -100;

     

       44
       44
       -
               indicator-x-position = 100;

     

       45
       45
       -
             };

     

       46
       46
       -
           };

     

       47
       47
       -
       

     

       48
       48
       -
           programs.fish.loginShellInit = ''

     

       49
       49
       -
             if test (id --user $USER) -ge 1000 && test (tty) = "/dev/tty1"

     

       50
       50
       -
               exec sway 2> /tmp/sway.(date -u +%Y-%m-%dT%H:%M:%S).log

     

       51
       51
       -
             end

     

       52
       52
       -
           '';

     

       53
       53
       -
       

     

       54
       54
       -
           services.mako = {

     

       55
       55
       -
             enable = true;

     

       56
       56
       -
             settings = {

     

       57
       57
       -
               font = "sans-serif 10";

     

       58
       58
       -
               background-color = "#${theme.base0D}";

     

       59
       59
       -
               text-color = "#ffffff";

     

       60
       60
       -
       

     

       61
       61
       -
               icons = true;

     

       62
       62
       -
       

     

       63
       63
       -
               width = 500;

     

       64
       64
       -
               max-visible = 3;

     

       65
       65
       -
               sort = "-priority";

     

       66
       66
       -
       

     

       67
       67
       -
               default-timeout = 5000;

     

       68
       68
       -
       

     

       69
       69
       -
               layer = "overlay";

     

       70
       70
       -
       

     

       71
       71
       -
               border-size = 0;

     

       72
       72
       -
               border-radius = 5;

     

       73
       73
       -
       

     

       74
       74
       -
               "urgency=low" = {

     

       75
       75
       -
                 background-color = "#${theme.base0A}";

     

       76
       76
       -
               };

     

       77
       77
       -
               "urgency=critical" = {

     

       78
       78
       -
                 background-color = "#${theme.base0F}";

     

       79
       79
       -
               };

     

       80
       80
       -
       

     

       81
       81
       -
               "mode=dnd" = {

     

       82
       82
       -
                 invisible = 1;

     

       83
       83
       -
               };

     

       84
       84
       -
             };

     

       85
       85
       -
           };

     

       86
       86
       -
       

     

       87
       87
       -
           gtk = {

     

       88
       88
       -
             enable = true;

     

       89
       89
       -
       

     

       90
       90
       -
             gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";

     

       91
       91
       -
       

     

       92
       92
       -
             theme = {

     

       93
       93
       -
               name = "Arc-Dark";

     

       94
       94
       -
               package = pkgs.arc-theme;

     

       95
       95
       -
             };

     

       96
       96
       -
             cursorTheme = {

     

       97
       97
       -
               name = "Bibata-Modern-Ice";

     

       98
       98
       -
               package = pkgs.bibata-cursors;

     

       99
       99
       -
             };

     

       100
       100
       -
             iconTheme = {

     

       101
       101
       -
               name = "Papirus";

     

       102
       102
       -
               package = pkgs.papirus-icon-theme;

     

       103
       103
       -
             };

     

       104
       104
       -
           };

     

       105
       105
       -
       

     

       106
       106
       -
           services.swayidle =

     

       107
       107
       -
             let

     

       108
       108
       -
               swaymsg = lib.getExe' config.wayland.windowManager.sway.package "swaymsg";

     

       109
       109
       -
               loginctl = lib.getExe' pkgs.systemd "loginctl";

     

       110
       110
       -
               systemctl = lib.getExe' pkgs.systemd "systemctl";

     

       111
       111
       -
             in

     

       112
       112
       -
             {

     

       113
       113
       -
               enable = true;

     

       114
       114
       -
               timeouts = [

     

       115
       115
       -
                 # TODO: this doesn't work find a way to quickly cut output when locked and idle

     

       116
       116
       -
                 # {

     

       117
       117
       -
                 #   timeout = 10;

     

       118
       118
       -
                 #   command = "if ${pgrep} -x swaylock; then ${swaymsg} \"output * power off\"; fi";

     

       119
       119
       -
                 #   resumeCommand = "${swaymsg} \"output * power on\"";

     

       120
       120
       -
                 # }

     

       121
       121
       -
       

     

       122
       122
       -
                 {

     

       123
       123
       -
                   timeout = 60 * 5;

     

       124
       124
       -
                   # ——————————————— Dims the screen for n seconds ↓↓ and then switch it off

     

       125
       125
       -
                   command = ''${lib.getExe pkgs.chayang} -d${toString 10} && ${swaymsg} "output * power off"'';

     

       126
       126
       -
                   resumeCommand = ''${swaymsg} "output * power on"'';

     

       127
       127
       -
                 }

     

       128
       128
       -
                 { timeout = 60 * 10; command = "${loginctl} lock-session"; }

     

       129
       129
       -
                 { timeout = 60 * 15; command = "${systemctl} suspend"; }

     

       130
       130
       -
               ];

     

       131
       131
       -
               events = [

     

       132
       132
       -
                 { event = "before-sleep"; command = "${lib.getExe pkgs.playerctl} pause"; }

     

       133
       133
       -
                 { event = "before-sleep"; command = "${loginctl} lock-session"; }

     

       134
       134
       -
                 # Can be triggered with `loginctl lock-session`

     

       135
       135
       -
                 { event = "lock"; command = lib.getExe pkgs.swaylock; }

     

       136
       136
       -
               ];

     

       137
       137
       -
             };

     

       138
       138
       -
       

     

       139
       139
       -
           wayland.windowManager.sway = {

     

       140
       140
       -
             enable = true;

     

       141
       141
       -
       

     

       142
       142
       -
             xwayland = true; # explicit, op is true by default

     

       143
       143
       -
       

     

       144
       144
       -
             config = {

     

       145
       145
       -
               modifier = "Mod4"; # Super key

     

       146
       146
       -
               terminal = config.home.sessionVariables.TERMINAL;

     

       147
       147
       -
       

     

       148
       148
       -
               defaultWorkspace = "workspace number 1";

     

       149
       149
       -
       

     

       150
       150
       -
               left = "h";

     

       151
       151
       -
               down = "j";

     

       152
       152
       -
               up = "k";

     

       153
       153
       -
               right = "l";

     

       154
       154
       -
       

     

       155
       155
       -
               fonts = { names = [ "sans-serif" ]; size = 11.0; };

     

       156
       156
       -
       

     

       157
       157
       -
               window = {

     

       158
       158
       -
                 titlebar = false;

     

       159
       159
       -
                 commands = [

     

       160
       160
       -
                   # Tag of shame

     

       161
       161
       -
                   {

     

       162
       162
       -
                     # Equivalent to `[shell="xwayland"] title_format "%title [XWayland]"` but for all other shells

     

       163
       163
       -
                     criteria.shell = "^((?!xdg_shell).)*$";

     

       164
       164
       -
                     command = ''title_format "%title <small>[%shell]</small>"'';

     

       165
       165
       -
                   }

     

       166
       166
       -
       

     

       167
       167
       -
                   # Toggle floating mode for some specific windows

     

       168
       168
       -
                   {

     

       169
       169
       -
                     # TODO: Bitwarden window glitches on opening

     

       170
       170
       -
                     criteria = { app_id = "^firefox$"; title = "Bitwarden Password Manager"; };

     

       171
       171
       -
                     command = ''floating enable'';

     

       172
       172
       -
                   }

     

       173
       173
       -
                   {

     

       174
       174
       -
                     # Toggles floating for every Unity window but the main one

     

       175
       175
       -
                     # Only the main window begins with `Unity - `

     

       176
       176
       -
                     criteria = { title = "^((?!^Unity - ).)*$"; class = "^Unity$"; instance = "^Unity$"; };

     

       177
       177
       -
                     command = ''floating enable'';

     

       178
       178
       -
                   }

     

       179
       179
       -
       

     

       180
       180
       -
                   # Inhibit IDLE when these are fullscreen

     

       181
       181
       -
                   { criteria.app_id = "firefox"; command = "inhibit_idle fullscreen"; }

     

       182
       182
       -
                   { criteria.app_id = "mpv"; command = "inhibit_idle fullscreen"; }

     

       183
       183
       -
                   { criteria.app_id = "spotify"; command = "inhibit_idle fullscreen"; }

     

       184
       184
       -
                 ];

     

       185
       185
       -
               };

     

       186
       186
       -
       

     

       187
       187
       -
               focus.followMouse = false;

     

       188
       188
       -
       

     

       189
       189
       -
               gaps.smartBorders = "no_gaps";

     

       190
       190
       -
       

     

       191
       191
       -
               colors = {

     

       192
       192
       -
                 background = "#${theme.base00}";

     

       193
       193
       -
       

     

       194
       194
       -
                 focused = {

     

       195
       195
       -
                   background = "#285577";

     

       196
       196
       -
                   border = "#4c7899";

     

       197
       197
       -
                   childBorder = "#285577";

     

       198
       198
       -
                   indicator = "#2e9ef4";

     

       199
       199
       -
                   text = "#ffffff";

     

       200
       200
       -
                 };

     

       201
       201
       -
       

     

       202
       202
       -
                 focusedInactive = {

     

       203
       203
       -
                   background = "#5f676a";

     

       204
       204
       -
                   border = "#333333";

     

       205
       205
       -
                   childBorder = "#5f676a";

     

       206
       206
       -
                   indicator = "#484e50";

     

       207
       207
       -
                   text = "#ffffff";

     

       208
       208
       -
                 };

     

       209
       209
       -
       

     

       210
       210
       -
                 placeholder = {

     

       211
       211
       -
                   background = "#0c0c0c";

     

       212
       212
       -
                   border = "#000000";

     

       213
       213
       -
                   childBorder = "#0c0c0c";

     

       214
       214
       -
                   indicator = "#000000";

     

       215
       215
       -
                   text = "#ffffff";

     

       216
       216
       -
                 };

     

       217
       217
       -
       

     

       218
       218
       -
                 unfocused = {

     

       219
       219
       -
                   background = "#222222";

     

       220
       220
       -
                   border = "#333333";

     

       221
       221
       -
                   childBorder = "#222222";

     

       222
       222
       -
                   indicator = "#292d2e";

     

       223
       223
       -
                   text = "#888888";

     

       224
       224
       -
                 };

     

       225
       225
       -
       

     

       226
       226
       -
                 urgent = {

     

       227
       227
       -
                   background = "#900000";

     

       228
       228
       -
                   border = "#2f343a";

     

       229
       229
       -
                   childBorder = "#900000";

     

       230
       230
       -
                   indicator = "#900000";

     

       231
       231
       -
                   text = "#ffffff";

     

       232
       232
       -
                 };

     

       233
       233
       -
               };

     

       234
       234
       -
       

     

       235
       235
       -
               input = {

     

       236
       236
       -
                 "type:keyboard" = {

     

       237
       237
       -
                   xkb_layout = "us,fr(ergol),fr";

     

       238
       238
       -
       

     

       239
       239
       -
                   # List of all options: https://www.mankier.com/7/xkeyboard-config#Options

     

       240
       240
       -
                   xkb_options = "grp:menu_toggle,compose:caps";

     

       241
       241
       -
       

     

       242
       242
       -
                   repeat_delay = toString 300;

     

       243
       243
       -
                   repeat_rate = toString 30;

     

       244
       244
       -
                 };

     

       245
       245
       -
       

     

       246
       246
       -
                 # Split keyboard also acts as a mouse

     

       247
       247
       -
                 # "type:touchpad" = { events = "disabled_on_external_mouse"; };

     

       248
       248
       -
       

     

       249
       249
       -
                 # Disable touchscreen by default

     

       250
       250
       -
                 "type:touch" = { events = "disabled"; };

     

       251
       251
       -
               };

     

       252
       252
       -
       

     

       253
       253
       -
               output."*".bg = "#000000 solid_color";

     

       254
       254
       -
       

     

       255
       255
       -
               seat = {

     

       256
       256
       -
                 "seat0" = {

     

       257
       257
       -
                   xcursor_theme = "Bibata-Modern-Ice";

     

       258
       258
       -
                   # disable cursor when typing or on purpose

     

       259
       259
       -
                   hide_cursor = "when-typing enable";

     

       260
       260
       -
                 };

     

       261
       261
       -
               };

     

       262
       262
       -
       

     

       263
       263
       -
               bindkeysToCode = true;

     

       264
       264
       -
               keybindings =

     

       265
       265
       -
                 let

     

       266
       266
       -
                   pamixer = lib.getExe pkgs.pamixer;

     

       267
       267
       -
                   playerctl = lib.getExe pkgs.playerctl;

     

       268
       268
       -
                   brightnessctl = lib.getExe pkgs.brightnessctl;

     

       269
       269
       -
                   makoctl = lib.getExe' pkgs.mako "makoctl";

     

       270
       270
       -
       

     

       271
       271
       -
                   grim = lib.getExe pkgs.grim;

     

       272
       272
       -
                   slurp = lib.getExe pkgs.slurp;

     

       273
       273
       -
                   wl-copy = lib.getExe' pkgs.wl-clipboard "wl-copy";

     

       274
       274
       -
                   wl-paste = lib.getExe' pkgs.wl-clipboard "wl-paste";

     

       275
       275
       -
                 in

     

       276
       276
       -
                 lib.foldl (acc: val: acc // val) { }

     

       277
       277
       -
                   (map

     

       278
       278
       -
                     (modifier: {

     

       279
       279
       -
                       "${modifier}+Return" = "exec ${cfg-sway.terminal}";

     

       280
       280
       -
                       "${modifier}+Shift+Return" = "exec ${lib.getExe' pkgs.nautilus "nautilus"}";

     

       281
       281
       -
                       "${modifier}+Shift+q" = "kill";

     

       282
       282
       -
                       "${modifier}+d" = "exec ${cfg-sway.menu}";

     

       283
       283
       -
                       "${modifier}+Space" = "exec ${makoctl} dismiss";

     

       284
       284
       -
       

     

       285
       285
       -
                       "${modifier}+Escape" = "exec ${lib.getExe' pkgs.systemd "loginctl"} lock-session";

     

       286
       286
       -
                       "${modifier}+Alt+Escape" = "exec ${pkgs.writeShellScript "lock-screenshot.sh" ''

     

       287
       287
       -
                         tmpimg=$(${lib.getExe' pkgs.coreutils "mktemp"} /tmp/lock-bg.XXX)

     

       288
       288
       -
       

     

       289
       289
       -
                         # Give some time to hide the bar

     

       290
       290
       -
                         sleep 1

     

       291
       291
       -
       

     

       292
       292
       -
                         ${grim} $tmpimg

     

       293
       293
       -
                         ${lib.getExe pkgs.swaylock} --image $tmpimg

     

       294
       294
       -
       

     

       295
       295
       -
                         rm $tmpimg

     

       296
       296
       -
                       ''}";

     

       297
       297
       -
       

     

       298
       298
       -
                       "${modifier}+${cfg-sway.left}" = "focus left";

     

       299
       299
       -
                       "${modifier}+${cfg-sway.down}" = "focus down";

     

       300
       300
       -
                       "${modifier}+${cfg-sway.up}" = "focus up";

     

       301
       301
       -
                       "${modifier}+${cfg-sway.right}" = "focus right";

     

       302
       302
       -
       

     

       303
       303
       -
                       "${modifier}+Shift+${cfg-sway.left}" = "move left";

     

       304
       304
       -
                       "${modifier}+Shift+${cfg-sway.down}" = "move down";

     

       305
       305
       -
                       "${modifier}+Shift+${cfg-sway.up}" = "move up";

     

       306
       306
       -
                       "${modifier}+Shift+${cfg-sway.right}" = "move right";

     

       307
       307
       -
                       "${modifier}+b" = "split vertical";

     

       308
       308
       -
                       "${modifier}+n" = "split horizontal";

     

       309
       309
       -
       

     

       310
       310
       -
                       "${modifier}+Alt+${cfg-sway.left}" = "resize shrink width 60 px";

     

       311
       311
       -
                       "${modifier}+Alt+${cfg-sway.down}" = "resize grow height 60 px";

     

       312
       312
       -
                       "${modifier}+Alt+${cfg-sway.up}" = "resize shrink height 60 px";

     

       313
       313
       -
                       "${modifier}+Alt+${cfg-sway.right}" = "resize grow width 60 px";

     

       314
       314
       -
                       "${modifier}+f" = "fullscreen toggle";

     

       315
       315
       -
                       "${modifier}+Shift+space" = "floating toggle";

     

       316
       316
       -
                       # Change between tiling and floating focus

     

       317
       317
       -
                       "${modifier}+Alt+space" = "focus mode_toggle";

     

       318
       318
       -
                       "${modifier}+Alt+c" = "move position cursor";

     

       319
       319
       -
                       "${modifier}+p" = "sticky toggle";

     

       320
       320
       -
       

     

       321
       321
       -
                       # Screenshotting

     

       322
       322
       -
                       "${modifier}+s" = ''exec ${grim} -g "$(${slurp})" - | ${wl-copy}'';

     

       323
       323
       -
                       "${modifier}+Shift+s" = "exec ${wl-paste} | ${lib.getExe pkgs.swappy} --file - --output-file - | ${wl-copy}";

     

       324
       324
       -
       

     

       325
       325
       -
                       # Soundcontrol Keys

     

       326
       326
       -
                       "--locked XF86AudioPrev" = "exec ${playerctl} previous";

     

       327
       327
       -
                       "--locked XF86AudioNext" = "exec ${playerctl} next";

     

       328
       328
       -
                       "--locked XF86AudioPlay" = "exec ${playerctl} play-pause";

     

       329
       329
       -
                       "--locked XF86AudioStop" = "exec ${playerctl} stop";

     

       330
       330
       -
                       "--locked XF86AudioRaiseVolume" = "exec ${pamixer} --unmute --increase 5";

     

       331
       331
       -
                       "--locked XF86AudioLowerVolume" = "exec ${pamixer} --unmute --decrease 5";

     

       332
       332
       -
                       "--locked XF86AudioMute" = "exec ${pamixer} --toggle-mute";

     

       333
       333
       -
                       "--locked XF86AudioMicMute" = "exec ${pamixer} --default-source --toggle-mute";

     

       334
       334
       -
                       "--locked XF86MonBrightnessUp" = "exec ${brightnessctl} --exponent set 5%+";

     

       335
       335
       -
                       "--locked XF86MonBrightnessDown" = "exec ${brightnessctl} --exponent  set 5%- --min-value=1";

     

       336
       336
       -
                       "--locked XF86TouchpadToggle" = ''input "type:touchpad" events toggle enabled disabled_on_external_mouse'';

     

       337
       337
       -
                     }

     

       338
       338
       -
                     // lib.listToAttrs (lib.flatten (map

     

       339
       339
       -
                       ({ key-idx, workspace-idx }: [

     

       340
       340
       -
                         { name = "${modifier}+${toString key-idx}"; value = "workspace number ${toString workspace-idx}"; }

     

       341
       341
       -
                         { name = "${modifier}+Alt+${toString key-idx}"; value = "move container to workspace number ${toString workspace-idx}"; }

     

       342
       342
       -
                         { name = "${modifier}+Shift+${toString key-idx}"; value = "move container to workspace number ${toString workspace-idx}; workspace number ${toString workspace-idx}"; }

     

       343
       343
       -
                       ])

     

       344
       344
       -
                       workspacesRange))

     

       345
       345
       -
                     ) [ cfg-sway.modifier ]);

     

       346
       346
       -
             };

     

       347
       347
       -
           };

     

       348
       348
       -
       

     

       349
       349
       -
           services.blueman-applet.enable = true;

     

       350
       350
       -
       

     

       351
       351
       -
           services.poweralertd.enable = true;

     

       352
       352
       -
       

     

       353
       353
       -
           services.darkman = {

     

       354
       354
       -
             enable = true;

     

       355
       355
       -
             settings.usegeoclue = true;

     

       356
       356
       -
       

     

       357
       357
       -
             darkModeScripts.gtk-theme = ''

     

       358
       358
       -
               # Change system theme scheme to dark

     

       359
       359
       -
               ${lib.getExe pkgs.dconf} write /org/gnome/desktop/interface/color-scheme "'prefer-dark'"

     

       360
       360
       -
       

     

       361
       361
       -
               # Do not change brightness as I'm usually on my computer as this time

     

       362
       362
       -
             '';

     

       363
       363
       -
       

     

       364
       364
       -
             lightModeScripts.gtk-theme = ''

     

       365
       365
       -
               # Change system theme scheme to light

     

       366
       366
       -
               ${lib.getExe pkgs.dconf} write /org/gnome/desktop/interface/color-scheme "'prefer-light'"

     

       367
       367
       -
       

     

       368
       368
       -
               # Prepare laptop for wake: set full brightness and disable kbd backlight

     

       369
       369
       -
               ${lib.getExe pkgs.brightnessctl} --class backlight set 100%

     

       370
       370
       -
               ${lib.getExe pkgs.brightnessctl} --class leds --device "*::kbd_backlight" set 0%

     

       371
       371
       -
             '';

     

       372
       372
       -
           };

     

       373
       373
       -
       

     

       374
       374
       -
           services.gammastep = {

     

       375
       375
       -
             enable = true;

     

       376
       376
       -
             provider = "geoclue2";

     

       377
       377
       -
             settings.general = {

     

       378
       378
       -
               adjustment-method = "wayland";

     

       379
       379
       -
               gamma = 0.8;

     

       380
       380
       -
             };

     

       381
       381
       -
           };

     

       382
       382
       -
         };

     

       383
       383
       -
       }

+277

home-manager/fragments/waybar.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , lib

     

       3
       3
       +
       , pkgs

     

       4
       4
       +
       , ...

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       let

     

       8
       8
       +
         cfg = config.local.fragment.waybar;

     

       9
       9
       +
       

     

       10
       10
       +
         makoctl = lib.getExe' config.services.mako.package "makoctl";

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       13
       13
       +
         options.local.fragment.waybar.enable = lib.mkEnableOption ''

     

       14
       14
       +
           Waybar related

     

       15
       15
       +
         '';

     

       16
       16
       +
       

     

       17
       17
       +
         config = lib.mkIf cfg.enable {

     

       18
       18
       +
           stylix.targets.waybar = {

     

       19
       19
       +
             font = "sansSerif";

     

       20
       20
       +
             addCss = false;

     

       21
       21
       +
           };

     

       22
       22
       +
       

     

       23
       23
       +
           services.playerctld.enable = true;

     

       24
       24
       +
       

     

       25
       25
       +
           programs.waybar = {

     

       26
       26
       +
             enable = true;

     

       27
       27
       +
       

     

       28
       28
       +
             settings =

     

       29
       29
       +
               let

     

       30
       30
       +
                 modules-settings = {

     

       31
       31
       +
                   "sway/workspaces" = {

     

       32
       32
       +
                     disable-scroll = true;

     

       33
       33
       +
                     format = "{name} {icon}";

     

       34
       34
       +
                     format-icons = {

     

       35
       35
       +
                       default = " ";

     

       36
       36
       +
       

     

       37
       37
       +
                       "1" = " ";

     

       38
       38
       +
                       "2" = " ";

     

       39
       39
       +
                       "3" = " ";

     

       40
       40
       +
                       "4" = " ";

     

       41
       41
       +
                       "9" = " ";

     

       42
       42
       +
                       "10" = " ";

     

       43
       43
       +
                     };

     

       44
       44
       +
                   };

     

       45
       45
       +
       

     

       46
       46
       +
                   "group/misc" = {

     

       47
       47
       +
                     orientation = "inherit";

     

       48
       48
       +
                     modules = [

     

       49
       49
       +
                       "custom/notifications"

     

       50
       50
       +
                       "tray"

     

       51
       51
       +
                       "idle_inhibitor"

     

       52
       52
       +
                     ];

     

       53
       53
       +
       

     

       54
       54
       +
                     drawer = {

     

       55
       55
       +
                       transition-duration = 250;

     

       56
       56
       +
                       transition-left-to-right = false;

     

       57
       57
       +
                     };

     

       58
       58
       +
                   };

     

       59
       59
       +
       

     

       60
       60
       +
                   "custom/notifications" = {

     

       61
       61
       +
                     format = "{icon}";

     

       62
       62
       +
                     format-icons = {

     

       63
       63
       +
                       normal = " ";

     

       64
       64
       +
                       dnd = " ";

     

       65
       65
       +
                     };

     

       66
       66
       +
                     tooltip = false;

     

       67
       67
       +
       

     

       68
       68
       +
                     interval = "once";

     

       69
       69
       +
                     return-type = "json";

     

       70
       70
       +
                     exec = ''${makoctl} mode | rg dnd >/dev/null; if [ $? == 0 ]; then echo '{"alt":"dnd"}'; else echo '{"alt":"normal"}'; fi'';

     

       71
       71
       +
                     on-click = "${makoctl} mode -t dnd; pkill -SIGRTMIN+10 waybar";

     

       72
       72
       +
                     signal = 10;

     

       73
       73
       +
                     # rely on on click pkill signal

     

       74
       74
       +
                     exec-on-event = false;

     

       75
       75
       +
                   };

     

       76
       76
       +
       

     

       77
       77
       +
                   idle_inhibitor = {

     

       78
       78
       +
                     format = "{icon}";

     

       79
       79
       +
                     format-icons = {

     

       80
       80
       +
                       activated = " ";

     

       81
       81
       +
                       deactivated = " ";

     

       82
       82
       +
                     };

     

       83
       83
       +
                     tooltip = false;

     

       84
       84
       +
                   };

     

       85
       85
       +
       

     

       86
       86
       +
                   tray.spacing = 10;

     

       87
       87
       +
       

     

       88
       88
       +
                   clock = {

     

       89
       89
       +
                     format = "{:%d %b %H:%M}";

     

       90
       90
       +
                     tooltip = false;

     

       91
       91
       +
                   };

     

       92
       92
       +
       

     

       93
       93
       +
                   battery = {

     

       94
       94
       +
                     states = {

     

       95
       95
       +
                       good = 95;

     

       96
       96
       +
                       warning = 30;

     

       97
       97
       +
                       critical = 15;

     

       98
       98
       +
                     };

     

       99
       99
       +
       

     

       100
       100
       +
                     format = "{capacity}% {icon}";

     

       101
       101
       +
                     format-full = "{capacity}% {icon}";

     

       102
       102
       +
                     format-charging = "{capacity}% ";

     

       103
       103
       +
                     format-plugged = "{capacity}% ";

     

       104
       104
       +
                     format-icons = [ " " " " " " " " " " ];

     

       105
       105
       +
                   };

     

       106
       106
       +
       

     

       107
       107
       +
                   pulseaudio = {

     

       108
       108
       +
                     scroll-step = 5;

     

       109
       109
       +
                     tooltip = false;

     

       110
       110
       +
       

     

       111
       111
       +
                     format = "{volume}% {icon}{format_source}";

     

       112
       112
       +
                     format-bluetooth = "{volume}% {icon}{format_source}";

     

       113
       113
       +
                     format-bluetooth-muted = " {icon} {format_source}";

     

       114
       114
       +
                     format-muted = " {format_source}";

     

       115
       115
       +
                     format-source = "";

     

       116
       116
       +
                     format-source-muted = "  ";

     

       117
       117
       +
       

     

       118
       118
       +
                     format-icons = {

     

       119
       119
       +
                       headset = " ";

     

       120
       120
       +
                       headphone = " ";

     

       121
       121
       +
                       hands-free = " ";

     

       122
       122
       +
                       phone = " ";

     

       123
       123
       +
                       portable = " ";

     

       124
       124
       +
                       car = " ";

     

       125
       125
       +
                       default = [ "" " " "  " ];

     

       126
       126
       +
                     };

     

       127
       127
       +
       

     

       128
       128
       +
                     on-click = "pavucontrol";

     

       129
       129
       +
                   };

     

       130
       130
       +
       

     

       131
       131
       +
                   mpris = {

     

       132
       132
       +
                     format = "{title:.30} - {artist:.30}";

     

       133
       133
       +
                     tooltip-format = "{album} ({player})";

     

       134
       134
       +
                   };

     

       135
       135
       +
       

     

       136
       136
       +
                   cava = {

     

       137
       137
       +
                     bars = 6;

     

       138
       138
       +
                     format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ];

     

       139
       139
       +
                     bar_delimiter = 0;

     

       140
       140
       +
                     hide_on_silence = true;

     

       141
       141
       +
                   };

     

       142
       142
       +
                 };

     

       143
       143
       +
       

     

       144
       144
       +
               in

     

       145
       145
       +
               {

     

       146
       146
       +
                 primary = {

     

       147
       147
       +
                   mode = "hide";

     

       148
       148
       +
                   ipc = true;

     

       149
       149
       +
                   position = "bottom";

     

       150
       150
       +
                   output = [ "eDP-1" ];

     

       151
       151
       +
       

     

       152
       152
       +
                   modules-left = [

     

       153
       153
       +
                     "sway/workspaces"

     

       154
       154
       +
                   ];

     

       155
       155
       +
       

     

       156
       156
       +
                   modules-center = [ ];

     

       157
       157
       +
       

     

       158
       158
       +
                   modules-right = [

     

       159
       159
       +
                     "cava"

     

       160
       160
       +
                     "mpris"

     

       161
       161
       +
                     "pulseaudio"

     

       162
       162
       +
                     "battery"

     

       163
       163
       +
                     "clock"

     

       164
       164
       +
                     "group/misc"

     

       165
       165
       +
                   ];

     

       166
       166
       +
                 } // modules-settings;

     

       167
       167
       +
       

     

       168
       168
       +
                 additional = {

     

       169
       169
       +
                   mode = "hide";

     

       170
       170
       +
                   ipc = true;

     

       171
       171
       +
                   position = "bottom";

     

       172
       172
       +
                   output = [

     

       173
       173
       +
                     "DP-1"

     

       174
       174
       +
                     "DP-2"

     

       175
       175
       +
                     "DP-3"

     

       176
       176
       +
                     "DP-4"

     

       177
       177
       +
                     "HDMI-1"

     

       178
       178
       +
                     "HDMI-2"

     

       179
       179
       +
                     "HDMI-3"

     

       180
       180
       +
                     "HDMI-4"

     

       181
       181
       +
                   ];

     

       182
       182
       +
       

     

       183
       183
       +
                   modules-left = [

     

       184
       184
       +
                     "sway/workspaces"

     

       185
       185
       +
                   ];

     

       186
       186
       +
       

     

       187
       187
       +
                   modules-right = [

     

       188
       188
       +
                     "clock"

     

       189
       189
       +
                     "group/misc"

     

       190
       190
       +
                   ];

     

       191
       191
       +
                 } // modules-settings;

     

       192
       192
       +
               };

     

       193
       193
       +
       

     

       194
       194
       +
             style = ''

     

       195
       195
       +
               #waybar { color: @base00; }

     

       196
       196
       +
               tooltip { border-color: @base0D; background-color: @base00; }

     

       197
       197
       +
               tooltip label { color: @base05; }

     

       198
       198
       +
       

     

       199
       199
       +
               #workspaces button { border-bottom: 3px solid transparent; }

     

       200
       200
       +
               #workspaces button.focused, workspaces button.active { border-bottom: 3px solid @base05; }

     

       201
       201
       +
       

     

       202
       202
       +
               #tray { background-color: @base03; }

     

       203
       203
       +
               #idle_inhibitor { background-color: @base03; }

     

       204
       204
       +
               #custom-notifications { background-color: @base03; }

     

       205
       205
       +
       

     

       206
       206
       +
               #clock { background-color: @base03; }

     

       207
       207
       +
       

     

       208
       208
       +
               #battery { color: @base00; background-color: @base0D; }

     

       209
       209
       +
               #battery.charging { background-color: @base0E; }

     

       210
       210
       +
       

     

       211
       211
       +
               #pulseaudio { color: @base00; background-color: @base09; }

     

       212
       212
       +
               #pulseaudio.muted { background-color: @base0C; }

     

       213
       213
       +
       

     

       214
       214
       +
               #mpris { color: @base00; background-color: @base0B; }

     

       215
       215
       +
       

     

       216
       216
       +
               #cava { color: @base00; background-color: @base0D; }

     

       217
       217
       +
             ''

     

       218
       218
       +
             + ''

     

       219
       219
       +
               * {

     

       220
       220
       +
                 border-radius: 0;

     

       221
       221
       +
               }

     

       222
       222
       +
       

     

       223
       223
       +
               /* Apply transparency to the bar */

     

       224
       224
       +
               #waybar { background: alpha(white, 0); }

     

       225
       225
       +
       

     

       226
       226
       +
               /* Apply margin to all module groups */

     

       227
       227
       +
               .modules-left, .modules-center, .modules-right {

     

       228
       228
       +
                 /*margin: .5rem .8rem;*/

     

       229
       229
       +
               }

     

       230
       230
       +
       

     

       231
       231
       +
               /* Apply padding to all modules */

     

       232
       232
       +
               .modules-right widget .module {

     

       233
       233
       +
                 padding: 0 1rem;

     

       234
       234
       +
       

     

       235
       235
       +
                 color: @base07;

     

       236
       236
       +
               }

     

       237
       237
       +
       

     

       238
       238
       +
               /* Round first and last child of left, right and center modules. Disable rounding on the sides*/

     

       239
       239
       +
               .modules-left > widget:last-child .module,

     

       240
       240
       +
               .modules-center > widget:last-child .module/*,

     

       241
       241
       +
               .modules-right > widget:last-child .module*/ {

     

       242
       242
       +
                 border-top-right-radius: 5px;

     

       243
       243
       +
               }

     

       244
       244
       +
               /*.modules-left > widget:first-child .module,*/

     

       245
       245
       +
               .modules-center > widget:first-child .module,

     

       246
       246
       +
               .modules-right > widget:first-child .module {

     

       247
       247
       +
                 border-top-left-radius: 5px;

     

       248
       248
       +
               }

     

       249
       249
       +
       

     

       250
       250
       +
               /* Round first and last child of workspaces. */

     

       251
       251
       +
               #workspaces > button:first-child {

     

       252
       252
       +
                 /*border-top-left-radius: 5px;*/

     

       253
       253
       +
               }

     

       254
       254
       +
               #workspaces > button:last-child {

     

       255
       255
       +
                 border-top-right-radius: 5px;

     

       256
       256
       +
               }

     

       257
       257
       +
       

     

       258
       258
       +
               #workspaces button {

     

       259
       259
       +
                 color: @base07;

     

       260
       260
       +
                 background-color: @base03;

     

       261
       261
       +
               }

     

       262
       262
       +
               #workspaces button:hover {

     

       263
       263
       +
                 color: @base07;

     

       264
       264
       +
                 background-color: @base03;

     

       265
       265
       +
               }

     

       266
       266
       +
               #workspaces button.urgent { color: @base08; }

     

       267
       267
       +
             '';

     

       268
       268
       +
           };

     

       269
       269
       +
       

     

       270
       270
       +
           wayland.windowManager.sway.config.bars = [{

     

       271
       271
       +
             command = lib.getExe pkgs.waybar;

     

       272
       272
       +
       

     

       273
       273
       +
             mode = "hide";

     

       274
       274
       +
             hiddenState = "hide";

     

       275
       275
       +
           }];

     

       276
       276
       +
         };

     

       277
       277
       +
       }

+3 -1

home-manager/fragments/xdg-mime.nix

···

       24
       24
        
             { assertion = lib.lists.count (drv: (drv.pname or "") == pkgs.nautilus.pname) config.home.packages > 0; message = "`xdg-mime` fragment depends on `nautilus` program"; }

     

       25
       25
        
           ];

     

       26
       26
        
       

     

       27
       27
       +
           xdg.enable = true;

     

       28
       28
       +
       

     

       27
       29
        
           xdg.mimeApps = {

     

       28
       30
        
             enable = true;

     

       29
       31
        
       

     

       30
       32
        
             defaultApplications =

     

       31
       33
        
               let

     

       32
       34
        
                 files = [ "org.gnome.Nautilus.desktop" ];

     

       33
       33
       -
                 browser = [ "firefox.desktop" ];

     

       35
       35
       +
                 browser = [ "zen-beta.desktop" ];

     

       34
       36
        
                 images = [ "imv.desktop" ];

     

       35
       37
        
               in

     

       36
       38
        
               {

+30

home-manager/fragments/zed.nix

···

       1
       1
       +
       { lib

     

       2
       2
       +
       , config

     

       3
       3
       +
       , upkgs

     

       4
       4
       +
       , ...

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       let

     

       8
       8
       +
         cfg = config.local.fragment.zed;

     

       9
       9
       +
       in

     

       10
       10
       +
       {

     

       11
       11
       +
         options.local.fragment.zed.enable = lib.mkEnableOption ''

     

       12
       12
       +
           Zed related

     

       13
       13
       +
         '';

     

       14
       14
       +
       

     

       15
       15
       +
         config = lib.mkIf cfg.enable {

     

       16
       16
       +
           programs.zed-editor = {

     

       17
       17
       +
             enable = true;

     

       18
       18
       +
             package = upkgs.zed-editor;

     

       19
       19
       +
       

     

       20
       20
       +
             userSettings = {

     

       21
       21
       +
               theme = lib.mkForce "Alabaster Dark";

     

       22
       22
       +
       

     

       23
       23
       +
               helix_mode = true;

     

       24
       24
       +
               disable_ai = true;

     

       25
       25
       +
       

     

       26
       26
       +
               autosave = "on_focus_change";

     

       27
       27
       +
             };

     

       28
       28
       +
           };

     

       29
       29
       +
         };

     

       30
       30
       +
       }

+25 -44

home-manager/profiles/desktop.nix

···

       1
       1
       -
       { self

     

       2
       2
       -
       , config

     

       3
       3
       -
       , llib

     

       1
       1
       +
       { config

     

       4
       2
        
       , pkgs

     

       5
       3
        
       

     

       6
       4
        
       , isDarwin

     

       7
       5
        
       , ...

     

       8
       6
        
       }:

     

       9
       7
        
       

     

       10
       10
       -
       let

     

       11
       11
       -
         inherit (self.outputs) homeManagerModules;

     

       12
       12
       -
       

     

       13
       13
       -
         toml-format = pkgs.formats.toml { };

     

       14
       14
       -
       in

     

       15
       8
        
       {

     

       16
       16
       -
         imports = [

     

       17
       17
       -
           homeManagerModules.color-scheme

     

       18
       18
       -
           { config.local.colorScheme = llib.colorSchemes.oneDark; }

     

       19
       19
       -
         ];

     

       20
       20
       -
       

     

       21
       9
        
         config = {

     

       22
       10
        
           assertions = [

     

       23
       11
        
             { assertion = !isDarwin; message = "this is a HM non-darwin config"; }

     

       24
       12
        
           ];

     

       25
       13
        
       

     

       26
       14
        
           local.fragment = {

     

       27
       27
       -
             agenix.enable = true;

     

       28
       28
       -
             aws.enable = true;

     

       15
       15
       +
             # Interface

     

       29
       16
        
             chromium.enable = true;

     

       17
       17
       +
             compose-key.enable = true;

     

       30
       18
        
             epita.enable = true;

     

       31
       19
        
             firefox.enable = true;

     

       32
       32
       -
             foot.enable = true;

     

       20
       20
       +
             imv.enable = true;

     

       21
       21
       +
             kanshi.enable = true;

     

       22
       22
       +
             stylix.enable = true;

     

       23
       23
       +
             sway.enable = true;

     

       24
       24
       +
             thunderbird.enable = true;

     

       25
       25
       +
             waybar.enable = true;

     

       26
       26
       +
             xdg-mime.enable = true;

     

       27
       27
       +
       

     

       28
       28
       +
             # Tools

     

       29
       29
       +
             agenix.enable = true;

     

       30
       30
       +
             aws.enable = true;

     

       33
       31
        
             git.enable = true;

     

       34
       32
        
             helix.enable = true;

     

       35
       35
       -
             imv.enable = true;

     

       36
       33
        
             jujutsu.enable = true;

     

       34
       34
       +
             kitty.enable = true;

     

       37
       35
        
             rust.enable = true;

     

       38
       36
        
             shell.enable = true;

     

       39
       39
       -
             thunderbird.enable = true;

     

       40
       37
        
             tools.enable = true;

     

       41
       41
       -
             vm.enable = true;

     

       42
       38
        
             vscodium.enable = true;

     

       43
       43
       -
             xdg-mime.enable = true;

     

       39
       39
       +
             zed.enable = true;

     

       44
       40
        
             zellij.enable = true;

     

       45
       41
        
           };

     

       46
       42
        
       

     

       47
       43
        
           home = {

     

       48
       44
        
             sessionVariables = {

     

       49
       45
        
               # Quick access to `~/Development` folder

     

       50
       50
       -
               DEV = "${config.home.homeDirectory}/Development";

     

       46
       46
       +
               dev = "${config.home.homeDirectory}/Development";

     

       51
       47
        
       

     

       52
       52
       -
               # Would love to get rid of the Desktop folder

     

       48
       48
       +
               # Would love to get rid of the Desktop folder ☹

     

       53
       49
        
               XDG_DESKTOP_DIR = "$HOME";

     

       54
       50
        
       

     

       55
       51
        
               # Makes electron apps use ozone and not crash because xwayland is not there

     
···

       73
       69
        
               jetbrains-toolbox

     

       74
       70
        
               spotify

     

       75
       71
        
       

     

       76
       76
       -
               # Game

     

       77
       77
       -
               superTuxKart

     

       78
       78
       -
       

     

       79
       72
        
               # GUIs

     

       80
       73
        
               audacity

     

       81
       74
        
               baobab

     
···

       88
       81
        
               figma-linux

     

       89
       82
        
               file-roller

     

       90
       83
        
               gnome-disk-utility

     

       91
       91
       -
               # TODO: move and embed config in nix

     

       92
       92
       -
               halloy

     

       93
       93
       -
               heroic

     

       94
       84
        
               insomnia

     

       95
       85
        
               kicad

     

       96
       96
       -
               ldtk

     

       86
       86
       +
               legcord

     

       97
       87
        
               libreoffice-qt

     

       98
       88
        
               localsend

     

       99
       89
        
               mpv

     
···

       101
       91
        
               pavucontrol

     

       102
       92
        
               prismlauncher

     

       103
       93
        
               rawtherapee

     

       104
       104
       -
               showmethekey

     

       105
       94
        
               simple-scan

     

       106
       106
       -
               sonic-pi

     

       107
       95
        
               transmission_4-gtk

     

       108
       108
       -
               vesktop

     

       109
       96
        
               wdisplays

     

       110
       97
        
               wireshark

     

       98
       98
       +
               zulip

     

       111
       99
        
       

     

       112
       100
        
               # Needed for libreoffice spellchecking

     

       113
       101
        
               hunspell

     
···

       135
       123
        
       

     

       136
       124
        
           programs.broot.enable = true;

     

       137
       125
        
       

     

       138
       138
       -
           # TODO: move out

     

       139
       139
       -
           programs.ssh = {

     

       140
       140
       -
             enable = true;

     

       141
       141
       -
       

     

       142
       142
       -
             matchBlocks."weird-row-server" = {

     

       143
       143
       -
               hostname = "weird-row.portal.wiro.world";

     

       144
       144
       -
               # TODO: reduce automated load on ssh port by changing to a random port

     

       145
       145
       -
               # port = ""

     

       146
       146
       -
             };

     

       147
       147
       -
           };

     

       148
       148
       -
       

     

       149
       126
        
           programs.go = {

     

       150
       127
        
             enable = true;

     

       151
       151
       -
             goPath = ".local/share/go";

     

       128
       128
       +
             env.GOPATH = "${config.home.homeDirectory}/.local/share/go";

     

       152
       129
        
           };

     

       153
       130
        
       

     

       154
       131
        
           programs.gpg = {

     
···

       162
       139
        
             enableFishIntegration = false;

     

       163
       140
        
             enableZshIntegration = false;

     

       164
       141
        
           };

     

       142
       142
       +
       

     

       143
       143
       +
           programs.ssh.enableDefaultConfig = false;

     

       144
       144
       +
       

     

       145
       145
       +
           services.tailscale-systray.enable = true;

     

       165
       146
        
         };

     

       166
       147
        
       }

+2 -8

home-manager/profiles/lightweight.nix

···

       1
       1
        
       { self

     

       2
       2
        
       , config

     

       3
       3
       -
       , llib

     

       4
       3
        
       , pkgs

     

       5
       4
        
       

     

       6
       5
        
       , isDarwin

     
···

       8
       7
        
       }:

     

       9
       8
        
       

     

       10
       9
        
       let

     

       11
       11
       -
         inherit (self.outputs) homeManagerModules;

     

       12
       12
       -
       

     

       13
       13
       -
         toml-format = pkgs.formats.toml { };

     

       10
       10
       +
         inherit (self.inputs) stylix;

     

       14
       11
        
       in

     

       15
       12
        
       {

     

       16
       16
       -
         imports = [

     

       17
       17
       -
           homeManagerModules.color-scheme

     

       18
       18
       -
           { config.local.colorScheme = llib.colorSchemes.oneDark; }

     

       19
       19
       -
         ];

     

       13
       13
       +
         imports = [ ];

     

       20
       14
        
       

     

       21
       15
        
         config = {

     

       22
       16
        
           assertions = [

-8

home-manager/profiles/macintosh.nix

···

       1
       1
        
       { self

     

       2
       2
        
       , config

     

       3
       3
       -
       , llib

     

       4
       3
        
       , pkgs

     

       5
       4
        
       

     

       6
       5
        
       , isDarwin

     
···

       10
       9
        
       }:

     

       11
       10
        
       

     

       12
       11
        
       let

     

       13
       13
       -
         inherit (self.outputs) homeManagerModules;

     

       14
       12
        
         inherit (self.inputs) agenix;

     

       15
       15
       -
       

     

       16
       16
       -
         all-secrets = import ../../secrets;

     

       17
       13
        
       in

     

       18
       14
        
       {

     

       19
       15
        
         imports = [

     

       20
       16
        
           agenix.homeManagerModules.default

     

       21
       17
        
           {

     

       22
       22
       -
             age.secrets = all-secrets.home-manager;

     

       23
       18
        
             # This allows us to decrypt user space secrets without having to use a

     

       24
       19
        
             # passwordless ssh key as you cannot interact with age in the service.

     

       25
       20
        
             age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_home_manager" ];

     

       26
       21
        
           }

     

       27
       27
       -
       

     

       28
       28
       -
           homeManagerModules.color-scheme

     

       29
       29
       -
           { config.local.colorScheme = llib.colorSchemes.oneDark; }

     

       30
       22
        
         ];

     

       31
       23
        
       

     

       32
       24
        
         config = {

+163

hosts/weird-row-server/authelia.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         authelia-port = 3008;

     

       7
       7
       +
         authelia-hostname = "auth.wiro.world";

     

       8
       8
       +
       

     

       9
       9
       +
         authelia-metrics-port = 9004;

     

       10
       10
       +
         headscale-hostname = "headscale.wiro.world";

     

       11
       11
       +
         grafana-hostname = "console.net.wiro.world";

     

       12
       12
       +
         miniflux-hostname = "news.wiro.world";

     

       13
       13
       +
       in

     

       14
       14
       +
       {

     

       15
       15
       +
         config = {

     

       16
       16
       +
           age.secrets.authelia-jwt-secret = { file = secrets/authelia-jwt-secret.age; owner = config.services.authelia.instances.main.user; };

     

       17
       17
       +
           age.secrets.authelia-issuer-private-key = { file = secrets/authelia-issuer-private-key.age; owner = config.services.authelia.instances.main.user; };

     

       18
       18
       +
           age.secrets.authelia-storage-key = { file = secrets/authelia-storage-key.age; owner = config.services.authelia.instances.main.user; };

     

       19
       19
       +
           age.secrets.authelia-ldap-password = { file = secrets/authelia-ldap-password.age; owner = config.services.authelia.instances.main.user; };

     

       20
       20
       +
           age.secrets.authelia-smtp-password = { file = secrets/authelia-smtp-password.age; owner = config.services.authelia.instances.main.user; };

     

       21
       21
       +
           services.authelia.instances.main = {

     

       22
       22
       +
             enable = true;

     

       23
       23
       +
       

     

       24
       24
       +
             secrets = {

     

       25
       25
       +
               jwtSecretFile = config.age.secrets.authelia-jwt-secret.path;

     

       26
       26
       +
               oidcIssuerPrivateKeyFile = config.age.secrets.authelia-issuer-private-key.path;

     

       27
       27
       +
               storageEncryptionKeyFile = config.age.secrets.authelia-storage-key.path;

     

       28
       28
       +
             };

     

       29
       29
       +
             environmentVariables = {

     

       30
       30
       +
               AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.age.secrets.authelia-ldap-password.path;

     

       31
       31
       +
               AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = config.age.secrets.authelia-smtp-password.path;

     

       32
       32
       +
             };

     

       33
       33
       +
             settings = {

     

       34
       34
       +
               server.address = "localhost:${toString authelia-port}";

     

       35
       35
       +
               storage.local.path = "/var/lib/authelia-main/db.sqlite3";

     

       36
       36
       +
               telemetry.metrics = {

     

       37
       37
       +
                 enabled = true;

     

       38
       38
       +
                 address = "tcp://:${toString authelia-metrics-port}/metrics";

     

       39
       39
       +
               };

     

       40
       40
       +
       

     

       41
       41
       +
               session = {

     

       42
       42
       +
                 cookies = [{

     

       43
       43
       +
                   domain = "wiro.world";

     

       44
       44
       +
                   authelia_url = "https://${authelia-hostname}";

     

       45
       45
       +
                   default_redirection_url = "https://wiro.world";

     

       46
       46
       +
                 }];

     

       47
       47
       +
               };

     

       48
       48
       +
       

     

       49
       49
       +
               authentication_backend.ldap = {

     

       50
       50
       +
                 address = "ldap://localhost:3890";

     

       51
       51
       +
                 timeout = "5m"; # replace with systemd dependency

     

       52
       52
       +
       

     

       53
       53
       +
                 user = "uid=authelia,ou=people,dc=wiro,dc=world";

     

       54
       54
       +
                 # Set in `AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE`.

     

       55
       55
       +
                 # password = "";

     

       56
       56
       +
       

     

       57
       57
       +
                 base_dn = "dc=wiro,dc=world";

     

       58
       58
       +
                 users_filter = "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))";

     

       59
       59
       +
                 additional_users_dn = "ou=people";

     

       60
       60
       +
                 groups_filter = "(&(member={dn})(objectClass=groupOfNames))";

     

       61
       61
       +
                 additional_groups_dn = "ou=groups";

     

       62
       62
       +
       

     

       63
       63
       +
                 attributes = {

     

       64
       64
       +
                   username = "uid";

     

       65
       65
       +
                   display_name = "cn";

     

       66
       66
       +
                   given_name = "givenname";

     

       67
       67
       +
                   family_name = "last_name";

     

       68
       68
       +
                   mail = "mail";

     

       69
       69
       +
                   picture = "avatar";

     

       70
       70
       +
       

     

       71
       71
       +
                   group_name = "cn";

     

       72
       72
       +
                 };

     

       73
       73
       +
               };

     

       74
       74
       +
       

     

       75
       75
       +
               access_control = {

     

       76
       76
       +
                 default_policy = "deny";

     

       77
       77
       +
                 # Rules are sequential and do not apply to OIDC

     

       78
       78
       +
                 rules = [

     

       79
       79
       +
                   {

     

       80
       80
       +
                     domain = "headscale.wiro.world";

     

       81
       81
       +
                     policy = "two_factor";

     

       82
       82
       +
       

     

       83
       83
       +
                   }

     

       84
       84
       +
                   {

     

       85
       85
       +
                     domain = "news.wiro.world";

     

       86
       86
       +
                     policy = "one_factor";

     

       87
       87
       +
       

     

       88
       88
       +
                     subject = [ [ "group:miniflux" "oauth2:client:miniflux" ] ];

     

       89
       89
       +
                   }

     

       90
       90
       +
                   {

     

       91
       91
       +
                     domain = "*.wiro.world";

     

       92
       92
       +
                     policy = "two_factor";

     

       93
       93
       +
                   }

     

       94
       94
       +
                 ];

     

       95
       95
       +
               };

     

       96
       96
       +
       

     

       97
       97
       +
               identity_providers.oidc = {

     

       98
       98
       +
                 enforce_pkce = "always";

     

       99
       99
       +
       

     

       100
       100
       +
                 authorization_policies =

     

       101
       101
       +
                   let

     

       102
       102
       +
                     mkStrictPolicy = policy: subject:

     

       103
       103
       +
                       { default_policy = "deny"; rules = [{ inherit policy subject; }]; };

     

       104
       104
       +
                   in

     

       105
       105
       +
                   {

     

       106
       106
       +
                     headscale = mkStrictPolicy "two_factor" [ "group:headscale" ];

     

       107
       107
       +
                     tailscale = mkStrictPolicy "two_factor" [ "group:headscale" ];

     

       108
       108
       +
                     grafana = mkStrictPolicy "one_factor" [ "group:grafana" ];

     

       109
       109
       +
                     miniflux = mkStrictPolicy "one_factor" [ "group:miniflux" ];

     

       110
       110
       +
                   };

     

       111
       111
       +
       

     

       112
       112
       +
                 claims_policies.headscale = { id_token = [ "email" "name" "preferred_username" "picture" "groups" ]; };

     

       113
       113
       +
       

     

       114
       114
       +
                 clients = [

     

       115
       115
       +
                   {

     

       116
       116
       +
                     client_name = "Headscale";

     

       117
       117
       +
                     client_id = "headscale";

     

       118
       118
       +
                     client_secret = "$pbkdf2-sha256$310000$XY680D9gkSoWhD0UtYHNFg$ptWB3exOYCga6uq1N.oimuV3ILjK3F8lBWBpsBpibos";

     

       119
       119
       +
                     redirect_uris = [ "https://${headscale-hostname}/oidc/callback" ];

     

       120
       120
       +
                     authorization_policy = "headscale";

     

       121
       121
       +
                     claims_policy = "headscale";

     

       122
       122
       +
                   }

     

       123
       123
       +
                   {

     

       124
       124
       +
                     client_name = "Tailscale";

     

       125
       125
       +
                     client_id = "tailscale";

     

       126
       126
       +
                     client_secret = "$pbkdf2-sha256$310000$PcUaup9aWKI9ZLeCF6.avw$FpsTxkDaxcoQlBi8aIacegXpjEDiCI6nXcaHyZ2Sxyc";

     

       127
       127
       +
                     redirect_uris = [ "https://login.tailscale.com/a/oauth_response" ];

     

       128
       128
       +
                     authorization_policy = "tailscale";

     

       129
       129
       +
                   }

     

       130
       130
       +
                   {

     

       131
       131
       +
                     client_name = "Grafana Console";

     

       132
       132
       +
                     client_id = "grafana";

     

       133
       133
       +
                     client_secret = "$pbkdf2-sha256$310000$UkwrqxTZodGMs9.Ca2cXAA$HCWFgQbFHGXZpuz.I3HHdkTZLUevRVGlhKEFaOlPmKs";

     

       134
       134
       +
                     redirect_uris = [ "https://${grafana-hostname}/login/generic_oauth" ];

     

       135
       135
       +
                     authorization_policy = "grafana";

     

       136
       136
       +
                   }

     

       137
       137
       +
                   {

     

       138
       138
       +
                     client_name = "Miniflux";

     

       139
       139
       +
                     client_id = "miniflux";

     

       140
       140
       +
                     client_secret = "$pbkdf2-sha256$310000$uPqbWfCOBXDY6nV1vsx3uA$HOWG2hL.c/bs9Dwaee3b9DxjH7KFO.SaZMbasXV9Vdw";

     

       141
       141
       +
                     redirect_uris = [ "https://${miniflux-hostname}/oauth2/oidc/callback" ];

     

       142
       142
       +
                     authorization_policy = "miniflux";

     

       143
       143
       +
                   }

     

       144
       144
       +
                 ];

     

       145
       145
       +
               };

     

       146
       146
       +
       

     

       147
       147
       +
               notifier.smtp = {

     

       148
       148
       +
                 address = "smtp://smtp.resend.com:2587";

     

       149
       149
       +
                 username = "resend";

     

       150
       150
       +
                 # Set in `AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE`.

     

       151
       151
       +
                 # password = "";

     

       152
       152
       +
                 sender = "authelia@wiro.world";

     

       153
       153
       +
               };

     

       154
       154
       +
             };

     

       155
       155
       +
           };

     

       156
       156
       +
       

     

       157
       157
       +
           services.caddy = {

     

       158
       158
       +
             virtualHosts.${authelia-hostname}.extraConfig = ''

     

       159
       159
       +
               reverse_proxy http://localhost:${toString authelia-port}

     

       160
       160
       +
             '';

     

       161
       161
       +
           };

     

       162
       162
       +
         };

     

       163
       163
       +
       }

+143

hosts/weird-row-server/default.nix

···

       1
       1
       +
       { self

     

       2
       2
       +
       , config

     

       3
       3
       +
       , pkgs

     

       4
       4
       +
       , ...

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       let

     

       8
       8
       +
         inherit (self.inputs) srvos;

     

       9
       9
       +
       

     

       10
       10
       +
         ext-if = "eth0";

     

       11
       11
       +
         external-ip = "91.99.55.74";

     

       12
       12
       +
         external-netmask = 27;

     

       13
       13
       +
         external-gw = "144.x.x.255";

     

       14
       14
       +
         external-ip6 = "2a01:4f8:c2c:76d2::1";

     

       15
       15
       +
         external-netmask6 = 64;

     

       16
       16
       +
         external-gw6 = "fe80::1";

     

       17
       17
       +
       

     

       18
       18
       +
         website-hostname = "wiro.world";

     

       19
       19
       +
       

     

       20
       20
       +
         static-hostname = "static.wiro.world";

     

       21
       21
       +
       in

     

       22
       22
       +
       {

     

       23
       23
       +
         imports = [

     

       24
       24
       +
           srvos.nixosModules.server

     

       25
       25
       +
           srvos.nixosModules.hardware-hetzner-cloud

     

       26
       26
       +
           srvos.nixosModules.mixins-terminfo

     

       27
       27
       +
       

     

       28
       28
       +
           ./authelia.nix

     

       29
       29
       +
           ./goatcounter.nix

     

       30
       30
       +
           ./grafana.nix

     

       31
       31
       +
           ./headscale.nix

     

       32
       32
       +
           ./hypixel-bank-tracker.nix

     

       33
       33
       +
           ./lldap.nix

     

       34
       34
       +
           ./miniflux.nix

     

       35
       35
       +
           ./pds.nix

     

       36
       36
       +
           ./tangled.nix

     

       37
       37
       +
           ./thelounge.nix

     

       38
       38
       +
           ./tuwunel.nix

     

       39
       39
       +
           ./vaultwarden.nix

     

       40
       40
       +
           ./warrior.nix

     

       41
       41
       +
           ./webfinger.nix

     

       42
       42
       +
         ];

     

       43
       43
       +
       

     

       44
       44
       +
         config = {

     

       45
       45
       +
           boot.loader.grub.enable = true;

     

       46
       46
       +
           boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" "ext4" ];

     

       47
       47
       +
       

     

       48
       48
       +
           # Single network card is `eth0`

     

       49
       49
       +
           networking.usePredictableInterfaceNames = false;

     

       50
       50
       +
       

     

       51
       51
       +
           networking.nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" ];

     

       52
       52
       +
       

     

       53
       53
       +
           networking = {

     

       54
       54
       +
             interfaces.${ext-if} = {

     

       55
       55
       +
               ipv4.addresses = [{ address = external-ip; prefixLength = external-netmask; }];

     

       56
       56
       +
               ipv6.addresses = [{ address = external-ip6; prefixLength = external-netmask6; }];

     

       57
       57
       +
             };

     

       58
       58
       +
             defaultGateway = { interface = ext-if; address = external-gw; };

     

       59
       59
       +
             defaultGateway6 = { interface = ext-if; address = external-gw6; };

     

       60
       60
       +
       

     

       61
       61
       +
             # Reflect firewall configuration on Hetzner

     

       62
       62
       +
             firewall.allowedTCPPorts = [ 22 80 443 ];

     

       63
       63
       +
           };

     

       64
       64
       +
       

     

       65
       65
       +
           services.qemuGuest.enable = true;

     

       66
       66
       +
       

     

       67
       67
       +
           services.openssh.enable = true;

     

       68
       68
       +
       

     

       69
       69
       +
           # age.secrets.tailscale-authkey.file = secrets/tailscale-authkey.age;

     

       70
       70
       +
           services.tailscale = {

     

       71
       71
       +
             enable = true;

     

       72
       72
       +
             extraSetFlags = [ "--advertise-exit-node" ];

     

       73
       73
       +
             # authKeyFile = config.age.secrets.tailscale-authkey.path;

     

       74
       74
       +
             authKeyParameters = {

     

       75
       75
       +
               baseURL = "https://headscale.wiro.world";

     

       76
       76
       +
               ephemeral = true;

     

       77
       77
       +
               preauthorized = true;

     

       78
       78
       +
             };

     

       79
       79
       +
           };

     

       80
       80
       +
       

     

       81
       81
       +
           security.sudo.wheelNeedsPassword = false;

     

       82
       82
       +
       

     

       83
       83
       +
           local.fragment.nix.enable = true;

     

       84
       84
       +
       

     

       85
       85
       +
           programs.fish.enable = true;

     

       86
       86
       +
       

     

       87
       87
       +
           services.fail2ban = {

     

       88
       88
       +
             enable = true;

     

       89
       89
       +
       

     

       90
       90
       +
             maxretry = 5;

     

       91
       91
       +
             ignoreIP = [ ];

     

       92
       92
       +
       

     

       93
       93
       +
             bantime = "24h";

     

       94
       94
       +
             bantime-increment = {

     

       95
       95
       +
               enable = true;

     

       96
       96
       +
               multipliers = "1 2 4 8 16 32 64";

     

       97
       97
       +
               maxtime = "168h";

     

       98
       98
       +
               overalljails = true;

     

       99
       99
       +
             };

     

       100
       100
       +
       

     

       101
       101
       +
             jails = { };

     

       102
       102
       +
           };

     

       103
       103
       +
       

     

       104
       104
       +
           age.secrets.caddy-env.file = secrets/caddy-env.age;

     

       105
       105
       +
           services.caddy = {

     

       106
       106
       +
             enable = true;

     

       107
       107
       +
             package = pkgs.caddy.withPlugins {

     

       108
       108
       +
               plugins = [

     

       109
       109
       +
                 "github.com/caddy-dns/hetzner/v2@v2.0.0-preview-1"

     

       110
       110
       +
                 "github.com/tailscale/caddy-tailscale@v0.0.0-20251016213337-01d084e119cb"

     

       111
       111
       +
               ];

     

       112
       112
       +
               hash = "sha256-muKwDYs5Jp4ib/psZxpp1Kyfsqz6wPz/lpHFGtx67uY=";

     

       113
       113
       +
             };

     

       114
       114
       +
       

     

       115
       115
       +
             environmentFile = config.age.secrets.caddy-env.path;

     

       116
       116
       +
       

     

       117
       117
       +
             globalConfig = ''

     

       118
       118
       +
               tailscale {

     

       119
       119
       +
                 # this caddy instance already proxies headscale but needs to access headscale to start

     

       120
       120
       +
                 # control_url https://headscale.wiro.world

     

       121
       121
       +
                 control_url http://localhost:3006

     

       122
       122
       +
       

     

       123
       123
       +
                 ephemeral

     

       124
       124
       +
               }

     

       125
       125
       +
             '';

     

       126
       126
       +
       

     

       127
       127
       +
             virtualHosts.${website-hostname}.extraConfig =

     

       128
       128
       +
               # TODO: host website on server with automatic deployment

     

       129
       129
       +
               ''

     

       130
       130
       +
                 reverse_proxy https://mrnossiom.github.io {

     

       131
       131
       +
                 	header_up Host {http.request.host}

     

       132
       132
       +
                 }

     

       133
       133
       +
               '';

     

       134
       134
       +
       

     

       135
       135
       +
             virtualHosts.${static-hostname}.extraConfig = ''

     

       136
       136
       +
               root /var/www/static

     

       137
       137
       +
               file_server browse

     

       138
       138
       +
             '';

     

       139
       139
       +
           };

     

       140
       140
       +
       

     

       141
       141
       +
           # TODO: use bind to declare dns records declaratively

     

       142
       142
       +
         };

     

       143
       143
       +
       }

+25

hosts/weird-row-server/goatcounter.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         goatcounter-port = 3010;

     

       7
       7
       +
         goatcounter-hostname = "stats.wiro.world";

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         config = {

     

       11
       11
       +
           services.goatcounter = {

     

       12
       12
       +
             enable = true;

     

       13
       13
       +
       

     

       14
       14
       +
             port = goatcounter-port;

     

       15
       15
       +
             proxy = true;

     

       16
       16
       +
             extraArgs = [ "-automigrate" ];

     

       17
       17
       +
           };

     

       18
       18
       +
       

     

       19
       19
       +
           services.caddy = {

     

       20
       20
       +
             virtualHosts.${goatcounter-hostname}.extraConfig = ''

     

       21
       21
       +
               reverse_proxy http://localhost:${toString config.services.goatcounter.port}

     

       22
       22
       +
             '';

     

       23
       23
       +
           };

     

       24
       24
       +
         };

     

       25
       25
       +
       }

+85

hosts/weird-row-server/grafana.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         grafana-port = 3002;

     

       7
       7
       +
         grafana-hostname = "console.net.wiro.world";

     

       8
       8
       +
       

     

       9
       9
       +
         prometheus-port = 9001;

     

       10
       10
       +
         prometheus-node-exporter-port = 9002;

     

       11
       11
       +
         caddy-metrics-port = 2019;

     

       12
       12
       +
         authelia-metrics-port = 9004;

     

       13
       13
       +
         headscale-metrics-port = 9003;

     

       14
       14
       +
       in

     

       15
       15
       +
       {

     

       16
       16
       +
         config = {

     

       17
       17
       +
           age.secrets.grafana-oidc-secret = { file = secrets/grafana-oidc-secret.age; owner = "grafana"; };

     

       18
       18
       +
           services.grafana = {

     

       19
       19
       +
             enable = true;

     

       20
       20
       +
       

     

       21
       21
       +
             settings = {

     

       22
       22
       +
               server = {

     

       23
       23
       +
                 http_port = grafana-port;

     

       24
       24
       +
                 domain = grafana-hostname;

     

       25
       25
       +
                 root_url = "https://${grafana-hostname}";

     

       26
       26
       +
               };

     

       27
       27
       +
       

     

       28
       28
       +
               "auth.generic_oauth" = {

     

       29
       29
       +
                 enable = true;

     

       30
       30
       +
                 name = "Authelia";

     

       31
       31
       +
                 icon = "signin";

     

       32
       32
       +
       

     

       33
       33
       +
                 client_id = "grafana";

     

       34
       34
       +
                 client_secret_path = config.age.secrets.grafana-oidc-secret.path;

     

       35
       35
       +
                 auto_login = true;

     

       36
       36
       +
       

     

       37
       37
       +
                 scopes = [ "openid" "profile" "email" "groups" ];

     

       38
       38
       +
                 auth_url = "https://auth.wiro.world/api/oidc/authorization";

     

       39
       39
       +
                 token_url = "https://auth.wiro.world/api/oidc/token";

     

       40
       40
       +
                 api_url = "https://auth.wiro.world/api/oidc/userinfo";

     

       41
       41
       +
                 use_pkce = true;

     

       42
       42
       +
               };

     

       43
       43
       +
             };

     

       44
       44
       +
           };

     

       45
       45
       +
       

     

       46
       46
       +
           services.prometheus = {

     

       47
       47
       +
             enable = true;

     

       48
       48
       +
             port = prometheus-port;

     

       49
       49
       +
       

     

       50
       50
       +
             exporters.node = {

     

       51
       51
       +
               enable = true;

     

       52
       52
       +
               port = prometheus-node-exporter-port;

     

       53
       53
       +
             };

     

       54
       54
       +
       

     

       55
       55
       +
             scrapeConfigs = [

     

       56
       56
       +
               {

     

       57
       57
       +
                 job_name = "caddy";

     

       58
       58
       +
                 static_configs = [{ targets = [ "localhost:${toString caddy-metrics-port}" ]; }];

     

       59
       59
       +
               }

     

       60
       60
       +
               {

     

       61
       61
       +
                 job_name = "node-exporter";

     

       62
       62
       +
                 static_configs = [{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }];

     

       63
       63
       +
               }

     

       64
       64
       +
               {

     

       65
       65
       +
                 job_name = "headscale";

     

       66
       66
       +
                 static_configs = [{ targets = [ "localhost:${toString headscale-metrics-port}" ]; }];

     

       67
       67
       +
               }

     

       68
       68
       +
               {

     

       69
       69
       +
                 job_name = "authelia";

     

       70
       70
       +
                 static_configs = [{ targets = [ "localhost:${toString authelia-metrics-port}" ]; }];

     

       71
       71
       +
               }

     

       72
       72
       +
             ];

     

       73
       73
       +
           };

     

       74
       74
       +
       

     

       75
       75
       +
           services.caddy = {

     

       76
       76
       +
             globalConfig = ''

     

       77
       77
       +
               metrics { per_host }

     

       78
       78
       +
             '';

     

       79
       79
       +
             virtualHosts."http://${grafana-hostname}".extraConfig = ''

     

       80
       80
       +
               bind tailscale/console

     

       81
       81
       +
               reverse_proxy http://localhost:${toString grafana-port}

     

       82
       82
       +
             '';

     

       83
       83
       +
           };

     

       84
       84
       +
         };

     

       85
       85
       +
       }

+84

hosts/weird-row-server/headscale.nix

···

       1
       1
       +
       { pkgs

     

       2
       2
       +
       , config

     

       3
       3
       +
       , ...

     

       4
       4
       +
       }:

     

       5
       5
       +
       

     

       6
       6
       +
       let

     

       7
       7
       +
         json-format = pkgs.formats.json { };

     

       8
       8
       +
       

     

       9
       9
       +
         headscale-port = 3006;

     

       10
       10
       +
         headscale-derp-port = 3478;

     

       11
       11
       +
         headscale-hostname = "headscale.wiro.world";

     

       12
       12
       +
       

     

       13
       13
       +
         headscale-metrics-port = 9003;

     

       14
       14
       +
       in

     

       15
       15
       +
       {

     

       16
       16
       +
         config = {

     

       17
       17
       +
           networking.firewall.allowedUDPPorts = [ headscale-derp-port ];

     

       18
       18
       +
       

     

       19
       19
       +
           age.secrets.headscale-oidc-secret = { file = secrets/headscale-oidc-secret.age; owner = config.services.headscale.user; };

     

       20
       20
       +
           services.headscale = {

     

       21
       21
       +
             enable = true;

     

       22
       22
       +
       

     

       23
       23
       +
             port = headscale-port;

     

       24
       24
       +
             settings = {

     

       25
       25
       +
               server_url = "https://${headscale-hostname}";

     

       26
       26
       +
               metrics_listen_addr = "127.0.0.1:${toString headscale-metrics-port}";

     

       27
       27
       +
       

     

       28
       28
       +
               policy.path = json-format.generate "policy.json" {

     

       29
       29
       +
                 acls = [

     

       30
       30
       +
                   {

     

       31
       31
       +
                     action = "accept";

     

       32
       32
       +
                     src = [ "autogroup:member" ];

     

       33
       33
       +
                     dst = [ "autogroup:self:*" ];

     

       34
       34
       +
                   }

     

       35
       35
       +
                 ];

     

       36
       36
       +
                 ssh = [

     

       37
       37
       +
                   {

     

       38
       38
       +
                     action = "accept";

     

       39
       39
       +
                     src = [ "autogroup:member" ];

     

       40
       40
       +
                     dst = [ "autogroup:self" ];

     

       41
       41
       +
                     # Adding root here is privilege escalation as a feature :)

     

       42
       42
       +
                     users = [ "autogroup:nonroot" ];

     

       43
       43
       +
                   }

     

       44
       44
       +
                 ];

     

       45
       45
       +
               };

     

       46
       46
       +
       

     

       47
       47
       +
               # disable TLS

     

       48
       48
       +
               tls_cert_path = null;

     

       49
       49
       +
               tls_key_path = null;

     

       50
       50
       +
       

     

       51
       51
       +
               dns = {

     

       52
       52
       +
                 magic_dns = true;

     

       53
       53
       +
                 base_domain = "net.wiro.world";

     

       54
       54
       +
       

     

       55
       55
       +
                 override_local_dns = true;

     

       56
       56
       +
                 # Quad9 nameservers

     

       57
       57
       +
                 nameservers.global = [ "9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9" ];

     

       58
       58
       +
               };

     

       59
       59
       +
       

     

       60
       60
       +
               oidc = {

     

       61
       61
       +
                 only_start_if_oidc_is_available = true;

     

       62
       62
       +
                 issuer = "https://auth.wiro.world";

     

       63
       63
       +
                 client_id = "headscale";

     

       64
       64
       +
                 client_secret_path = config.age.secrets.headscale-oidc-secret.path;

     

       65
       65
       +
                 scope = [ "openid" "profile" "email" "groups" ];

     

       66
       66
       +
                 pkce.enabled = true;

     

       67
       67
       +
               };

     

       68
       68
       +
       

     

       69
       69
       +
               derp.server = {

     

       70
       70
       +
                 enable = true;

     

       71
       71
       +
                 stun_listen_addr = "0.0.0.0:${toString headscale-derp-port}";

     

       72
       72
       +
               };

     

       73
       73
       +
             };

     

       74
       74
       +
           };

     

       75
       75
       +
           # headscale only starts if oidc is available

     

       76
       76
       +
           systemd.services.headscale.after = [ "authelia-main.service" ];

     

       77
       77
       +
       

     

       78
       78
       +
           services.caddy = {

     

       79
       79
       +
             virtualHosts.${headscale-hostname}.extraConfig = ''

     

       80
       80
       +
               reverse_proxy http://localhost:${toString headscale-port}

     

       81
       81
       +
             '';

     

       82
       82
       +
           };

     

       83
       83
       +
         };

     

       84
       84
       +
       }

+42

hosts/weird-row-server/hypixel-bank-tracker.nix

···

       1
       1
       +
       { self

     

       2
       2
       +
       , config

     

       3
       3
       +
       , ...

     

       4
       4
       +
       }:

     

       5
       5
       +
       

     

       6
       6
       +
       let

     

       7
       7
       +
         inherit (self.inputs) hypixel-bank-tracker;

     

       8
       8
       +
       

     

       9
       9
       +
         hbt-main-port = 3013;

     

       10
       10
       +
         hbt-banana-port = 3014;

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       13
       13
       +
         imports = [ hypixel-bank-tracker.nixosModules.default ];

     

       14
       14
       +
       

     

       15
       15
       +
         config = {

     

       16
       16
       +
           age.secrets.hypixel-bank-tracker-main.file = secrets/hypixel-bank-tracker-main.age;

     

       17
       17
       +
           services.hypixel-bank-tracker.instances.main = {

     

       18
       18
       +
             enable = true;

     

       19
       19
       +
       

     

       20
       20
       +
             port = hbt-main-port;

     

       21
       21
       +
             environmentFile = config.age.secrets.hypixel-bank-tracker-main.path;

     

       22
       22
       +
           };

     

       23
       23
       +
       

     

       24
       24
       +
           age.secrets.hypixel-bank-tracker-banana.file = secrets/hypixel-bank-tracker-banana.age;

     

       25
       25
       +
           services.hypixel-bank-tracker.instances.banana = {

     

       26
       26
       +
             enable = true;

     

       27
       27
       +
       

     

       28
       28
       +
             port = hbt-banana-port;

     

       29
       29
       +
             environmentFile = config.age.secrets.hypixel-bank-tracker-banana.path;

     

       30
       30
       +
           };

     

       31
       31
       +
       

     

       32
       32
       +
           services.caddy = {

     

       33
       33
       +
             virtualHosts."hypixel-bank-tracker.xyz".extraConfig = ''

     

       34
       34
       +
               reverse_proxy http://localhost:${toString config.services.hypixel-bank-tracker.instances.main.port}

     

       35
       35
       +
             '';

     

       36
       36
       +
       

     

       37
       37
       +
             virtualHosts."banana.hypixel-bank-tracker.xyz".extraConfig = ''

     

       38
       38
       +
               reverse_proxy http://localhost:${toString config.services.hypixel-bank-tracker.instances.banana.port}

     

       39
       39
       +
             '';

     

       40
       40
       +
           };

     

       41
       41
       +
         };

     

       42
       42
       +
       }

+39

hosts/weird-row-server/lldap.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         lldap-port = 3007;

     

       7
       7
       +
         lldap-hostname = "ldap.net.wiro.world";

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         config = {

     

       11
       11
       +
           age.secrets.lldap-env.file = secrets/lldap-env.age;

     

       12
       12
       +
           users.users.lldap = { isSystemUser = true; group = "lldap"; };

     

       13
       13
       +
           users.groups.lldap = { };

     

       14
       14
       +
           age.secrets.lldap-user-pass = { file = secrets/lldap-user-pass.age; owner = "lldap"; };

     

       15
       15
       +
           services.lldap = {

     

       16
       16
       +
             enable = true;

     

       17
       17
       +
       

     

       18
       18
       +
             silenceForceUserPassResetWarning = true;

     

       19
       19
       +
       

     

       20
       20
       +
             settings = {

     

       21
       21
       +
               http_url = "https://${lldap-hostname}";

     

       22
       22
       +
               http_port = lldap-port;

     

       23
       23
       +
       

     

       24
       24
       +
               ldap_user_pass_file = config.age.secrets.lldap-user-pass.path;

     

       25
       25
       +
               force_ldap_user_pass_reset = false;

     

       26
       26
       +
       

     

       27
       27
       +
               ldap_base_dn = "dc=wiro,dc=world";

     

       28
       28
       +
             };

     

       29
       29
       +
             environmentFile = config.age.secrets.lldap-env.path;

     

       30
       30
       +
           };

     

       31
       31
       +
       

     

       32
       32
       +
           services.caddy = {

     

       33
       33
       +
             virtualHosts."http://${lldap-hostname}".extraConfig = ''

     

       34
       34
       +
               bind tailscale/ldap

     

       35
       35
       +
               reverse_proxy http://localhost:${toString config.services.lldap.settings.http_port}

     

       36
       36
       +
             '';

     

       37
       37
       +
           };

     

       38
       38
       +
         };

     

       39
       39
       +
       }

+52

hosts/weird-row-server/miniflux.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         miniflux-port = 3012;

     

       7
       7
       +
         miniflux-hostname = "news.wiro.world";

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         config = {

     

       11
       11
       +
           users.users.miniflux = { isSystemUser = true; group = "miniflux"; };

     

       12
       12
       +
           users.groups.miniflux = { };

     

       13
       13
       +
           age.secrets.miniflux-oidc-secret = { file = secrets/miniflux-oidc-secret.age; owner = "miniflux"; };

     

       14
       14
       +
           services.miniflux = {

     

       15
       15
       +
             enable = true;

     

       16
       16
       +
       

     

       17
       17
       +
             createDatabaseLocally = true;

     

       18
       18
       +
             config = {

     

       19
       19
       +
               BASE_URL = "https://${miniflux-hostname}/";

     

       20
       20
       +
               LISTEN_ADDR = "127.0.0.1:${toString miniflux-port}";

     

       21
       21
       +
               CREATE_ADMIN = 0;

     

       22
       22
       +
       

     

       23
       23
       +
               METRICS_COLLECTOR = 1;

     

       24
       24
       +
       

     

       25
       25
       +
               OAUTH2_PROVIDER = "oidc";

     

       26
       26
       +
               OAUTH2_OIDC_PROVIDER_NAME = "wiro.world SSO";

     

       27
       27
       +
               OAUTH2_CLIENT_ID = "miniflux";

     

       28
       28
       +
               OAUTH2_CLIENT_SECRET_FILE = config.age.secrets.miniflux-oidc-secret.path;

     

       29
       29
       +
               OAUTH2_REDIRECT_URL = "https://${miniflux-hostname}/oauth2/oidc/callback";

     

       30
       30
       +
               OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.wiro.world";

     

       31
       31
       +
               OAUTH2_USER_CREATION = 1;

     

       32
       32
       +
               DISABLE_LOCAL_AUTH = 1;

     

       33
       33
       +
       

     

       34
       34
       +
               RUN_MIGRATIONS = 1;

     

       35
       35
       +
       

     

       36
       36
       +
               # NetNewsWire is a very good iOS oss client that integrates well

     

       37
       37
       +
               # https://b.j4.lc/2025/05/05/setting-up-netnewswire-with-miniflux/

     

       38
       38
       +
             };

     

       39
       39
       +
           };

     

       40
       40
       +
       

     

       41
       41
       +
           services.prometheus.scrapeConfigs = [{

     

       42
       42
       +
             job_name = "miniflux";

     

       43
       43
       +
             static_configs = [{ targets = [ "localhost:${toString miniflux-port}" ]; }];

     

       44
       44
       +
           }];

     

       45
       45
       +
       

     

       46
       46
       +
           services.caddy = {

     

       47
       47
       +
             virtualHosts.${miniflux-hostname}.extraConfig = ''

     

       48
       48
       +
               reverse_proxy http://localhost:${toString miniflux-port}

     

       49
       49
       +
             '';

     

       50
       50
       +
           };

     

       51
       51
       +
         };

     

       52
       52
       +
       }

+43

hosts/weird-row-server/pds.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         pds-port = 3001;

     

       7
       7
       +
         pds-hostname = "pds.wiro.world";

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         config = {

     

       11
       11
       +
           age.secrets.pds-env.file = secrets/pds-env.age;

     

       12
       12
       +
           services.bluesky-pds = {

     

       13
       13
       +
             enable = true;

     

       14
       14
       +
       

     

       15
       15
       +
             settings = {

     

       16
       16
       +
               PDS_HOSTNAME = "pds.wiro.world";

     

       17
       17
       +
               PDS_PORT = pds-port;

     

       18
       18
       +
               # is in systemd /tmp subfolder

     

       19
       19
       +
               LOG_DESTINATION = "/tmp/pds.log";

     

       20
       20
       +
             };

     

       21
       21
       +
       

     

       22
       22
       +
             environmentFiles = [

     

       23
       23
       +
               config.age.secrets.pds-env.path

     

       24
       24
       +
             ];

     

       25
       25
       +
           };

     

       26
       26
       +
       

     

       27
       27
       +
           services.caddy = {

     

       28
       28
       +
             globalConfig = ''

     

       29
       29
       +
               on_demand_tls {

     

       30
       30
       +
                 ask http://localhost:${toString pds-port}/tls-check

     

       31
       31
       +
               }

     

       32
       32
       +
             '';

     

       33
       33
       +
       

     

       34
       34
       +
             virtualHosts.${pds-hostname} = {

     

       35
       35
       +
               serverAliases = [ "*.${pds-hostname}" ];

     

       36
       36
       +
               extraConfig = ''

     

       37
       37
       +
               	tls { on_demand }

     

       38
       38
       +
                 reverse_proxy http://localhost:${toString config.services.bluesky-pds.settings.PDS_HOSTNAME}

     

       39
       39
       +
               '';

     

       40
       40
       +
             };

     

       41
       41
       +
           };

     

       42
       42
       +
         };

     

       43
       43
       +
       }

hosts/weird-row-server/secrets/authelia-issuer-private-key.age

This is a binary file and will not be displayed.

hosts/weird-row-server/secrets/authelia-jwt-secret.age

This is a binary file and will not be displayed.

hosts/weird-row-server/secrets/authelia-ldap-password.age

This is a binary file and will not be displayed.

hosts/weird-row-server/secrets/authelia-smtp-password.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg 0duJYaUlZd2G3tYi7CuV+c7KNaqWusLoMpoILvaajgc

     

       3
       3
       +
       AnAlDVzRdeoXGXvyllhSNCoDQjZ+nucLGHCfPWR8IBQ

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg oX82fe4sQmKyjJqv9AFRY6Bww43V/8myNRsN9/M8Sho

     

       5
       5
       +
       Et6ycO8hm2XV36X5q7iO+nJCtjkYoq6mDBEssrjt/70

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA /gU1tIVjqExV8NXB1gSDsWIXpVfxm3zPJX7xOAqeqWM

     

       7
       7
       +
       szrd67kHWslLO+jMCuDmzYR0LPVVzd7idgl3AKt+USU

     

       8
       8
       +
       --- ojxyQVhx4rX+x5gzEEx8KFiorwywqEEyTNWUJY39jIk

     

       9
       9
       +
       �������ş*
l��1����=n�Ŏ��(�	�Iamz~B�����������鰦�.�.Z>�',p��

+11

hosts/weird-row-server/secrets/authelia-storage-key.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg PYC6LaFo/DTQlRMewqbVtS4lzVtKyuFZQSqCrQwwEyg

     

       3
       3
       +
       kj0sHy8IpnBsMBQy/XYtj2pLXlk6wprF3MxjFTOiZ6E

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg rvlLGzf6D96Dh1lL8as2vjc3PB7G/86U8AR7/lAELT0

     

       5
       5
       +
       qcdOqVV6o+5OfJYj5pfZ62hOnrBQwY0DAeIJkLoyYss

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA eALgQVN5OA0EuYYEyEbFnju/Yii71e+xcs98LkXnyyo

     

       7
       7
       +
       Rbxu60qvXKdFaJ7lfs7LeYx37TIKYK2Gxw2QcxF3soA

     

       8
       8
       +
       --- ryt5q5lXn1Cyn4T6RSU1IR7dHZOTbyanaG6ZqeYYGBQ

     

       9
       9
       +
       �G���*	\�ʕ�|���

     

       10
       10
       +
       �S�T���z�!
�FIG͍��,��2Q��+�s�76Z�D`��Q�hM�],��E7�2<Q�

     

       11
       11
       +
       ?ׯ�t��u\���xpe/rrR��L}��S��g�%�:�Oj����{T%h��D�~�+DЫ��W%� �ŗ�r�v$%m$

hosts/weird-row-server/secrets/caddy-env.age

This is a binary file and will not be displayed.

+27

hosts/weird-row-server/secrets/default.nix

···

       1
       1
       +
       keys:

     

       2
       2
       +
       let

     

       3
       3
       +
         inherit (keys) servers users;

     

       4
       4
       +
         deploy = servers ++ users;

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       7
       7
       +
         # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`.

     

       8
       8
       +
         "pds-env.age".publicKeys = deploy;

     

       9
       9
       +
         # Defines `LLDAP_JWT_SECRET`, `LLDAP_KEY_SEED`.

     

       10
       10
       +
         "lldap-env.age".publicKeys = deploy;

     

       11
       11
       +
         "lldap-user-pass.age".publicKeys = deploy;

     

       12
       12
       +
         "headscale-oidc-secret.age".publicKeys = deploy;

     

       13
       13
       +
         "grafana-oidc-secret.age".publicKeys = deploy;

     

       14
       14
       +
         "authelia-jwt-secret.age".publicKeys = deploy;

     

       15
       15
       +
         "authelia-issuer-private-key.age".publicKeys = deploy;

     

       16
       16
       +
         "authelia-storage-key.age".publicKeys = deploy;

     

       17
       17
       +
         "authelia-ldap-password.age".publicKeys = deploy;

     

       18
       18
       +
         "authelia-smtp-password.age".publicKeys = deploy;

     

       19
       19
       +
         "tuwunel-registration-tokens.age".publicKeys = deploy;

     

       20
       20
       +
         # Defines `SMTP_PASSWORD`

     

       21
       21
       +
         "vaultwarden-env.age".publicKeys = deploy;

     

       22
       22
       +
         "miniflux-oidc-secret.age".publicKeys = deploy;

     

       23
       23
       +
         # Defines `HYPIXEL_API_KEY`, `PROFILE_UUID`

     

       24
       24
       +
         "hypixel-bank-tracker-main.age".publicKeys = deploy;

     

       25
       25
       +
         "hypixel-bank-tracker-banana.age".publicKeys = deploy;

     

       26
       26
       +
         "caddy-env.age".publicKeys = deploy;

     

       27
       27
       +
       }

hosts/weird-row-server/secrets/grafana-oidc-secret.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg 2+JZ3WMnTgnnNYmJqdqAtOsEIk9pAefHfwLcXZQpqlg

     

       3
       3
       +
       yE0R9b0mSzoT6mvoWUG829UmkgGkm6vg0i7WLORaTis

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg c8goAmCIPQ5rsTwoOej9ndGc0uBpWILSn/wy6XJHK14

     

       5
       5
       +
       ArjlEl4hxi4N6Py1emxgxUFKvSXIwLWsy6HrWNqJUHw

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA t72V+A0n5Tnb0VqvBrzt3j75CbcfvQltodKMhF64SXY

     

       7
       7
       +
       V+Ynzd4tIUI8JPy9uyoi+frW6wJnQxDavHAqnp/lem8

     

       8
       8
       +
       --- mzRky/dA1MDArnDSSaGyZP9yAQgD2va4MfopbrdM0iU

     

       9
       9
       +
       ��*�٪l����a5�QE£uަ��"�;��3�l.!`	�u�
_+)$��d��ˤ����ff�F��mѳc�a�EV��Nߧ��,�@����

hosts/weird-row-server/secrets/headscale-oidc-secret.age

This is a binary file and will not be displayed.

hosts/weird-row-server/secrets/hypixel-bank-tracker-banana.age

This is a binary file and will not be displayed.

+12

hosts/weird-row-server/secrets/hypixel-bank-tracker-main.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg B3wX5eWrSUivBKJzdiSOVvWEdGuZvGJHVDCCSFa29kw

     

       3
       3
       +
       F1H0QzBPS1FPvactH7z3OvR5wPdawkMzIj1awUmkrqA

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg DtmTaO1Ox4y+AyZbOgaJU2PxMRdHloHECLOrvdI/g28

     

       5
       5
       +
       my6GKU1rxPyClyos0efuInWok5w3xwwoJ4p3M6roBIw

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA LKyAN4v78N/OcleCPuYpPlZ0se5Dmp4qiWynY4zTfDo

     

       7
       7
       +
       2lOqk3QF2lB/b7Md6yWq4R2jn+J3PiATIkrFUxgt104

     

       8
       8
       +
       -> OR`n;K-grease

     

       9
       9
       +
       lWGBER6K10zAcNHyiUMJAnJ84h1ppo5MJ5ztgw

     

       10
       10
       +
       --- abe4RLNH3d9h7UpWD3PRIBgHWagt8cU+AHIFbX1D9/E

     

       11
       11
       +
       �LJu���k؜��_��%��|�J]��KN��?]��tR�<�]�|���ߟ��¾FzU��������:�Y��TX����p,9v6q�7�~�y�]X���͇ǷR5՚>[������#�#�-

     

       12
       12
       +
       cM,1Ǜ"M��"'F�W�3o�

hosts/weird-row-server/secrets/lldap-env.age

This is a binary file and will not be displayed.

+11

hosts/weird-row-server/secrets/lldap-user-pass.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg rkX6nxV4pATfwzkzJtI08/Z0bvi0wYwnLJsppUAsz20

     

       3
       3
       +
       X+znUc5AKAunPqr1jdq10obvQBU+rqs/LmeQaZzI+F4

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg xaZtLP6GOocdiMf3hgoujWigGgi7KxDUMGuPYNqS8WU

     

       5
       5
       +
       00Y+8L4QssKFqRlGB2e0yiv9SyoqbxeZ/lWL6DCLlpo

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA kHA5wVVhmpodSn3OcZuc78xttymjOoy9voa8GqIE+F8

     

       7
       7
       +
       a7HpZf6sjmxr49QoV9tXrATheu8u20JmKCEIkmAZdhA

     

       8
       8
       +
       -> U=6S`1*-grease \8na]onc

     

       9
       9
       +
       PP5XQ1vbpadHeiMBOkmEccTIAg

     

       10
       10
       +
       --- 1hkJN6ZLX8GJ8y0WuFcMEv66om+Phc0wYJFKCB8Amzg

     

       11
       11
       +
       �M�	��}ޘ*;f��y��]����2ef���}�d������J�\��8�h��1�u� ������SHN��yS�D>W��x�J���yh������

hosts/weird-row-server/secrets/miniflux-oidc-secret.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg E4UVPOuq5ZUSxGvIvr0Tod9PQRqDdqHu2Byv4fKi2io

     

       3
       3
       +
       FcdCyfLmRCmK5rmoLQ/m1KOJe9Etu9N/GHCM5lWCIPE

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg wrKv3V6uSLnWQqIp65Rgi0qv7lQtyOXaxnahMo+s3EU

     

       5
       5
       +
       mXsJ1CbS3pzstf3xaWWF150+aXxW2kY2J5kAZWqtl+A

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA 91npFfTkw9Ur6aZp/pLzLUOIwwPJ9OA1peaZyTlROBU

     

       7
       7
       +
       12sib8HLjvgN06X6H0/AN4wMewQ8xup813DauZKQ+QY

     

       8
       8
       +
       --- /AGwAMAsPvvuRH6PPNrizBCsJedclYzdj6Kq4V3mx0o

     

       9
       9
       +
       zN��0�=�YP������rլ�!U�n;���n���/��}mCo�F��������!z���r������)u��o�3�>��>Z�f�񡤙1Ň
����

hosts/weird-row-server/secrets/pds-env.age

This is a binary file and will not be displayed.

hosts/weird-row-server/secrets/tuwunel-registration-tokens.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg TVYRDtTe5khTJo0q8ShrR5o1WBrbK2htHjYCvi5QYAA

     

       3
       3
       +
       kx6Hke5RAZFfugR4aU28SRh4U8e4ymzeIY/+kYlAWhw

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg AyJOM5lQHETeGiI/V5vUtu2vD6PqCZNnuTPvfnU90zE

     

       5
       5
       +
       9vM7/8JUbScHaeDWig16MgqtULryofSrRqhw2OMWfBs

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA TeUNtmHquyhhDrXf+zXY56oTGvzkhkaReIoBx5Yb+TE

     

       7
       7
       +
       DLfVy9cO1JrVln9CHV1ag66z2kIMrVzhcaIugLytojE

     

       8
       8
       +
       --- nr/3KZTVXNdemLdmp2bO2bjxKDHvcy3gezZKYN5Z1qI

     

       9
       9
       +
       �"��Z8��ԛ�GvJ�{��(�V9��1�N"��o���o����Х�oJ�~�1�!�}Egd�!�

hosts/weird-row-server/secrets/vaultwarden-env.age

This is a binary file and will not be displayed.

+54

hosts/weird-row-server/tangled.nix

···

       1
       1
       +
       { self

     

       2
       2
       +
       , config

     

       3
       3
       +
       , ...

     

       4
       4
       +
       }:

     

       5
       5
       +
       

     

       6
       6
       +
       let

     

       7
       7
       +
         inherit (self.inputs) tangled;

     

       8
       8
       +
       

     

       9
       9
       +
         tangled-owner = "did:plc:xhgrjm4mcx3p5h3y6eino6ti";

     

       10
       10
       +
         tangled-knot-port = 3003;

     

       11
       11
       +
         tangled-knot-hostname = "knot.wiro.world";

     

       12
       12
       +
         tangled-spindle-port = 3004;

     

       13
       13
       +
         tangled-spindle-hostname = "spindle.wiro.world";

     

       14
       14
       +
       in

     

       15
       15
       +
       {

     

       16
       16
       +
         imports = [

     

       17
       17
       +
           tangled.nixosModules.knot

     

       18
       18
       +
           tangled.nixosModules.spindle

     

       19
       19
       +
         ];

     

       20
       20
       +
       

     

       21
       21
       +
         config = {

     

       22
       22
       +
           services.tangled.knot = {

     

       23
       23
       +
             enable = true;

     

       24
       24
       +
             openFirewall = true;

     

       25
       25
       +
       

     

       26
       26
       +
             motd = "Welcome to @wiro.world's knot!\n";

     

       27
       27
       +
             server = {

     

       28
       28
       +
               listenAddr = "localhost:${toString tangled-knot-port}";

     

       29
       29
       +
               hostname = tangled-knot-hostname;

     

       30
       30
       +
               owner = tangled-owner;

     

       31
       31
       +
             };

     

       32
       32
       +
           };

     

       33
       33
       +
       

     

       34
       34
       +
           services.tangled.spindle = {

     

       35
       35
       +
             enable = true;

     

       36
       36
       +
       

     

       37
       37
       +
             server = {

     

       38
       38
       +
               listenAddr = "localhost:${toString tangled-spindle-port}";

     

       39
       39
       +
               hostname = tangled-spindle-hostname;

     

       40
       40
       +
               owner = tangled-owner;

     

       41
       41
       +
             };

     

       42
       42
       +
           };

     

       43
       43
       +
       

     

       44
       44
       +
           services.caddy = {

     

       45
       45
       +
             virtualHosts.${tangled-knot-hostname}.extraConfig = ''

     

       46
       46
       +
               reverse_proxy http://localhost:${toString tangled-knot-port}

     

       47
       47
       +
             '';

     

       48
       48
       +
       

     

       49
       49
       +
             virtualHosts.${tangled-spindle-hostname}.extraConfig = ''

     

       50
       50
       +
               reverse_proxy http://localhost:${toString tangled-spindle-port}

     

       51
       51
       +
             '';

     

       52
       52
       +
           };

     

       53
       53
       +
         };

     

       54
       54
       +
       }

+31

hosts/weird-row-server/thelounge.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         thelounge-port = 3005;

     

       7
       7
       +
         thelounge-hostname = "irc-lounge.net.wiro.world";

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         config = {

     

       11
       11
       +
           services.thelounge = {

     

       12
       12
       +
             enable = true;

     

       13
       13
       +
             port = thelounge-port;

     

       14
       14
       +
             public = false;

     

       15
       15
       +
       

     

       16
       16
       +
             extraConfig = {

     

       17
       17
       +
               host = "127.0.0.1";

     

       18
       18
       +
               reverseProxy = true;

     

       19
       19
       +
       

     

       20
       20
       +
               # TODO: use ldap, find a way to hide password

     

       21
       21
       +
             };

     

       22
       22
       +
           };

     

       23
       23
       +
       

     

       24
       24
       +
           services.caddy = {

     

       25
       25
       +
             virtualHosts."http://${thelounge-hostname}".extraConfig = ''

     

       26
       26
       +
               bind tailscale/irc-lounge

     

       27
       27
       +
               reverse_proxy http://localhost:${toString config.services.thelounge.port}

     

       28
       28
       +
             '';

     

       29
       29
       +
           };

     

       30
       30
       +
         };

     

       31
       31
       +
       }

+45

hosts/weird-row-server/tuwunel.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         matrix-port = 3009;

     

       7
       7
       +
         matrix-hostname = "matrix.wiro.world";

     

       8
       8
       +
       

     

       9
       9
       +
         website-hostname = "wiro.world";

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       12
       12
       +
         config = {

     

       13
       13
       +
           age.secrets.tuwunel-registration-tokens = { file = secrets/tuwunel-registration-tokens.age; owner = config.services.matrix-tuwunel.user; };

     

       14
       14
       +
           services.matrix-tuwunel = {

     

       15
       15
       +
             enable = true;

     

       16
       16
       +
       

     

       17
       17
       +
             settings.global = {

     

       18
       18
       +
               address = [ "127.0.0.1" ];

     

       19
       19
       +
               port = [ matrix-port ];

     

       20
       20
       +
       

     

       21
       21
       +
               server_name = "wiro.world";

     

       22
       22
       +
               well_known = {

     

       23
       23
       +
                 client = "https://matrix.wiro.world";

     

       24
       24
       +
                 server = "matrix.wiro.world:443";

     

       25
       25
       +
               };

     

       26
       26
       +
       

     

       27
       27
       +
               grant_admin_to_first_user = true;

     

       28
       28
       +
               new_user_displayname_suffix = "";

     

       29
       29
       +
       

     

       30
       30
       +
               allow_registration = true;

     

       31
       31
       +
               registration_token_file = config.age.secrets.tuwunel-registration-tokens.path;

     

       32
       32
       +
             };

     

       33
       33
       +
           };

     

       34
       34
       +
       

     

       35
       35
       +
           services.caddy = {

     

       36
       36
       +
             virtualHosts.${matrix-hostname}.extraConfig = ''

     

       37
       37
       +
               reverse_proxy /_matrix/* http://localhost:${toString matrix-port}

     

       38
       38
       +
             '';

     

       39
       39
       +
       

     

       40
       40
       +
             virtualHosts.${website-hostname}.extraConfig = ''

     

       41
       41
       +
               reverse_proxy /.well-known/matrix/* http://localhost:${toString matrix-port}

     

       42
       42
       +
             '';

     

       43
       43
       +
           };

     

       44
       44
       +
         };

     

       45
       45
       +
       }

+38

hosts/weird-row-server/vaultwarden.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         vaultwarden-port = 3011;

     

       7
       7
       +
         vaultwarden-hostname = "vault.wiro.world";

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         config = {

     

       11
       11
       +
           age.secrets.vaultwarden-env.file = secrets/vaultwarden-env.age;

     

       12
       12
       +
           services.vaultwarden = {

     

       13
       13
       +
             enable = true;

     

       14
       14
       +
       

     

       15
       15
       +
             environmentFile = config.age.secrets.vaultwarden-env.path;

     

       16
       16
       +
             config = {

     

       17
       17
       +
               ROCKET_PORT = vaultwarden-port;

     

       18
       18
       +
               DOMAIN = "https://${vaultwarden-hostname}";

     

       19
       19
       +
               SIGNUPS_ALLOWED = false;

     

       20
       20
       +
               ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$YIe9wmrTsmjgZNPxe8m34O/d3XW3Fl/uZPPLQs79dAc$mjDVQSdBJqz2uBJuxtAvCIoHPzOnTDhNPuhER3dhHrY";

     

       21
       21
       +
       

     

       22
       22
       +
               SMTP_HOST = "smtp.resend.com";

     

       23
       23
       +
               SMTP_PORT = 2465;

     

       24
       24
       +
               SMTP_SECURITY = "force_tls";

     

       25
       25
       +
               SMTP_USERNAME = "resend";

     

       26
       26
       +
               # SMTP_PASSWORD = ...; # Via secret env

     

       27
       27
       +
               SMTP_FROM = "bitwarden@wiro.world";

     

       28
       28
       +
               SMTP_FROM_NAME = "Bitwarden wiro.world";

     

       29
       29
       +
             };

     

       30
       30
       +
           };

     

       31
       31
       +
       

     

       32
       32
       +
           services.caddy = {

     

       33
       33
       +
             virtualHosts.${vaultwarden-hostname}.extraConfig = ''

     

       34
       34
       +
               reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}

     

       35
       35
       +
             '';

     

       36
       36
       +
           };

     

       37
       37
       +
         };

     

       38
       38
       +
       }

+24

hosts/weird-row-server/warrior.nix

···

       1
       1
       +
       { config

     

       2
       2
       +
       , ...

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         warrior-port = 3015;

     

       7
       7
       +
         warrior-hostname = "warrior.net.wiro.world";

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         config = {

     

       11
       11
       +
           virtualisation.oci-containers.containers.archive-warrior = {

     

       12
       12
       +
             image = "atdr.meo.ws/archiveteam/warrior-dockerfile";

     

       13
       13
       +
             ports = [ "127.0.0.1:${toString warrior-port}:8001" ];

     

       14
       14
       +
             pull = "newer";

     

       15
       15
       +
           };

     

       16
       16
       +
       

     

       17
       17
       +
           services.caddy = {

     

       18
       18
       +
             virtualHosts."http://${warrior-hostname}".extraConfig = ''

     

       19
       19
       +
               bind tailscale/warrior

     

       20
       20
       +
               reverse_proxy http://localhost:${toString warrior-port}

     

       21
       21
       +
             '';

     

       22
       22
       +
           };

     

       23
       23
       +
         };

     

       24
       24
       +
       }

+77

hosts/weird-row-server/webfinger.nix

···

       1
       1
       +
       { pkgs

     

       2
       2
       +
       , config

     

       3
       3
       +
       , ...

     

       4
       4
       +
       }:

     

       5
       5
       +
       

     

       6
       6
       +
       let

     

       7
       7
       +
         webfinger-dir = pkgs.writeTextDir ".well-known/webfinger" ''

     

       8
       8
       +
           {

     

       9
       9
       +
             "subject": "acct:milo@wiro.world",

     

       10
       10
       +
             "aliases": [

     

       11
       11
       +
               "mailto:milo@wiro.world",

     

       12
       12
       +
               "https://wiro.world/"

     

       13
       13
       +
             ],

     

       14
       14
       +
             "links": [

     

       15
       15
       +
               {

     

       16
       16
       +
                 "rel": "http://wiro.world/rel/avatar",

     

       17
       17
       +
                 "href": "https://wiro.world/logo.jpg",

     

       18
       18
       +
                 "type": "image/jpeg"

     

       19
       19
       +
               },

     

       20
       20
       +
               {

     

       21
       21
       +
                 "rel": "http://webfinger.net/rel/profile-page",

     

       22
       22
       +
                 "href": "https://wiro.world/",

     

       23
       23
       +
                 "type": "text/html"

     

       24
       24
       +
               },

     

       25
       25
       +
               {

     

       26
       26
       +
                 "rel": "http://openid.net/specs/connect/1.0/issuer",

     

       27
       27
       +
                 "href": "https://auth.wiro.world"

     

       28
       28
       +
               }

     

       29
       29
       +
             ]

     

       30
       30
       +
           }

     

       31
       31
       +
         '';

     

       32
       32
       +
       

     

       33
       33
       +
         well-known-discord-dir = pkgs.writeTextDir ".well-known/discord" ''

     

       34
       34
       +
           dh=919234284ceb2aba439d15b9136073eb2308989b

     

       35
       35
       +
         '';

     

       36
       36
       +
       

     

       37
       37
       +
         website-hostname = "wiro.world";

     

       38
       38
       +
       in

     

       39
       39
       +
       {

     

       40
       40
       +
         config = {

     

       41
       41
       +
           services.caddy = {

     

       42
       42
       +
             virtualHosts.${website-hostname}.extraConfig = ''

     

       43
       43
       +
               @webfinger {

     

       44
       44
       +
                 path /.well-known/webfinger

     

       45
       45
       +
                 method GET HEAD

     

       46
       46
       +
                 query resource=acct:milo@wiro.world

     

       47
       47
       +
                 query resource=mailto:milo@wiro.world

     

       48
       48
       +
                 query resource=https://wiro.world

     

       49
       49
       +
                 query resource=https://wiro.world/

     

       50
       50
       +
               }

     

       51
       51
       +
               route @webfinger {

     

       52
       52
       +
                 header {

     

       53
       53
       +
                   Content-Type "application/jrd+json"

     

       54
       54
       +
                   Access-Control-Allow-Origin "*"

     

       55
       55
       +
                   X-Robots-Tag "noindex"

     

       56
       56
       +
                 }

     

       57
       57
       +
                 root ${webfinger-dir}

     

       58
       58
       +
                 file_server

     

       59
       59
       +
               }

     

       60
       60
       +
             '' +

     

       61
       61
       +
             ''

     

       62
       62
       +
               @discord {

     

       63
       63
       +
                 path /.well-known/discord

     

       64
       64
       +
                 method GET HEAD

     

       65
       65
       +
               }

     

       66
       66
       +
               route @discord {

     

       67
       67
       +
                 header {

     

       68
       68
       +
                   Access-Control-Allow-Origin "*"

     

       69
       69
       +
                   X-Robots-Tag "noindex"

     

       70
       70
       +
                 }

     

       71
       71
       +
                 root ${well-known-discord-dir}

     

       72
       72
       +
                 file_server

     

       73
       73
       +
               }

     

       74
       74
       +
             '';

     

       75
       75
       +
           };

     

       76
       76
       +
         };

     

       77
       77
       +
       }

-37

lib/colorSchemes.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         # Found in <https://github.com/tinted-theming/schemes/blob/spec-0.11/base24/one-dark.yaml>

     

       3
       3
       -
         # Transformed using `yaml2nix`

     

       4
       4
       -
         oneDark = {

     

       5
       5
       -
           name = "One Dark";

     

       6
       6
       -
           author = "FredHappyface (https://github.com/FredHappyface)";

     

       7
       7
       -
           variant = "dark";

     

       8
       8
       -
           # system = "base24";

     

       9
       9
       -
           palette = {

     

       10
       10
       -
             base00 = "282c34";

     

       11
       11
       -
             base01 = "3f4451";

     

       12
       12
       -
             base02 = "4f5666";

     

       13
       13
       -
             base03 = "545862";

     

       14
       14
       -
             base04 = "9196a1";

     

       15
       15
       -
             base05 = "abb2bf";

     

       16
       16
       -
             base06 = "e6e6e6";

     

       17
       17
       -
             base07 = "ffffff";

     

       18
       18
       -
             base08 = "e05561";

     

       19
       19
       -
             base09 = "d18f52";

     

       20
       20
       -
             base0A = "e6b965";

     

       21
       21
       -
             base0B = "8cc265";

     

       22
       22
       -
             base0C = "42b3c2";

     

       23
       23
       -
             base0D = "4aa5f0";

     

       24
       24
       -
             base0E = "c162de";

     

       25
       25
       -
             base0F = "bf4034";

     

       26
       26
       -
             base10 = "21252b";

     

       27
       27
       -
             base11 = "181a1f";

     

       28
       28
       -
             base12 = "ff616e";

     

       29
       29
       -
             base13 = "f0a45d";

     

       30
       30
       -
             base14 = "a5e075";

     

       31
       31
       -
             base15 = "4cd1e0";

     

       32
       32
       -
             base16 = "4dc4ff";

     

       33
       33
       -
             base17 = "de73ff";

     

       34
       34
       -
           };

     

       35
       35
       -
         };

     

       36
       36
       -
       

     

       37
       37
       -
       }

+1 -3

lib/default.nix

···

       1
       1
        
       # This flake library is available to modules via the `llib` arg

     

       2
       2
       -
       pkgs: {

     

       3
       3
       -
         colorSchemes = import ./colorSchemes.nix;

     

       4
       4
       -
       }

     

       2
       2
       +
       pkgs: { }

+12 -2

lib/flake/default.nix

···

       20
       20
        
           # local packages set

     

       21
       21
        
           lpkgs = import ../../pkgs pkgs;

     

       22
       22
        
           # unstable nixpkgs set

     

       23
       23
       -
           upkgs = import unixpkgs { inherit (pkgs) system config; };

     

       23
       23
       +
           upkgs = import unixpkgs {

     

       24
       24
       +
             config = pkgs.config;

     

       25
       25
       +
             system = pkgs.stdenv.hostPlatform.system;

     

       26
       26
       +
           };

     

       24
       27
        
           # indicates if system is darwin

     

       25
       28
        
           isDarwin = pkgs.stdenv.isDarwin;

     

       26
       29
        
         };

     
···

       41
       44
        
               ../../nixos/hardware/${hostName}.nix

     

       42
       45
        
               ../../nixos/profiles/${profile}.nix

     

       43
       46
        
             ];

     

       44
       44
       -
             networking.hostName = hostName;

     

       47
       47
       +
             config.networking.hostName = hostName;

     

       48
       48
       +
           };

     

       49
       49
       +
           host = hostName: {

     

       50
       50
       +
             imports = [

     

       51
       51
       +
               ../../nixos/hardware/${hostName}.nix

     

       52
       52
       +
               ../../hosts/${hostName}/default.nix

     

       53
       53
       +
             ];

     

       54
       54
       +
             config.networking.hostName = hostName;

     

       45
       55
        
           };

     

       46
       56
        
           user = import ./user.nix;

     

       47
       57
        
           managedDiskLayout = import ./managedDiskLayout.nix;

+1 -1

lib/flake/managedDiskLayout.nix

···

       26
       26
        
       

     

       27
       27
        
               The recommended amount from RedHat is:

     

       28
       28
        
       

     

       29
       29
       -
               Amount of RAM    Recommended swap space       Recommended swap space 

     

       29
       29
       +
               Amount of RAM    Recommended swap space       Recommended swap space

     

       30
       30
        
               in the system                                 if allowing for hibernation

     

       31
       31
        
               ——————————————   ——————————————————————————   ———————————————————————————

     

       32
       32
        
               ⩽ 2 GB           2 times the amount of RAM    3 times the amount of RAM

lib/flake/user.nix

···

       36
       36
        
           } else {

     

       37
       37
        
             home = "/home/${name}";

     

       38
       38
        
             extraGroups = [

     

       39
       39
       +
               # TODO: remove or put under an condition

     

       39
       40
        
               "wheel" # sudo access

     

       40
       41
        
               "networkmanager" # needed for nm

     

       41
       42
        
             ];

-101

modules/home-manager/color-scheme.nix

···

       1
       1
       -
       { config

     

       2
       2
       -
       , lib

     

       3
       3
       -
       , ...

     

       4
       4
       -
       }:

     

       5
       5
       -
       

     

       6
       6
       -
       let

     

       7
       7
       -
         cfg = config.colorScheme;

     

       8
       8
       -
       

     

       9
       9
       -
         hexColorType = with lib; mkOptionType {

     

       10
       10
       -
           name = "hex-color";

     

       11
       11
       -
           descriptionClass = "noun";

     

       12
       12
       -
           description = "RGB color in hex format";

     

       13
       13
       -
           check = x: isString x && !(hasPrefix "#" x);

     

       14
       14
       -
         };

     

       15
       15
       -
       in

     

       16
       16
       -
       {

     

       17
       17
       -
         options.local.colorScheme = with lib; {

     

       18
       18
       -
           slug = mkOption {

     

       19
       19
       -
             type = types.str;

     

       20
       20
       -
             example = "awesome-scheme";

     

       21
       21
       -
             description = ''

     

       22
       22
       -
               Color scheme slug (sanitized name)

     

       23
       23
       -
             '';

     

       24
       24
       -
           };

     

       25
       25
       -
           name = mkOption {

     

       26
       26
       -
             type = types.str;

     

       27
       27
       -
             default = "";

     

       28
       28
       -
             example = "Awesome Scheme";

     

       29
       29
       -
             description = ''

     

       30
       30
       -
               Color scheme (pretty) name

     

       31
       31
       -
             '';

     

       32
       32
       -
           };

     

       33
       33
       -
           description = mkOption {

     

       34
       34
       -
             type = types.str;

     

       35
       35
       -
             default = "";

     

       36
       36
       -
             example = "A very nice theme";

     

       37
       37
       -
             description = ''

     

       38
       38
       -
               Color scheme author

     

       39
       39
       -
             '';

     

       40
       40
       -
           };

     

       41
       41
       -
           author = mkOption {

     

       42
       42
       -
             type = types.str;

     

       43
       43
       -
             default = "";

     

       44
       44
       -
             example = "Gabriel Fontes (https://m7.rs)";

     

       45
       45
       -
             description = ''

     

       46
       46
       -
               Color scheme author

     

       47
       47
       -
             '';

     

       48
       48
       -
           };

     

       49
       49
       -
           variant = mkOption {

     

       50
       50
       -
             type = types.enum [ "dark" "light" ];

     

       51
       51
       -
             default =

     

       52
       52
       -
               if builtins.substring 0 1 cfg.palette.base00 < "5" then

     

       53
       53
       -
                 "dark"

     

       54
       54
       -
               else

     

       55
       55
       -
                 "light";

     

       56
       56
       -
             description = ''

     

       57
       57
       -
               Whether the scheme is dark or light

     

       58
       58
       -
             '';

     

       59
       59
       -
           };

     

       60
       60
       -
       

     

       61
       61
       -
           palette = mkOption {

     

       62
       62
       -
             type = with types; attrsOf (

     

       63
       63
       -
               coercedTo str (removePrefix "#") hexColorType

     

       64
       64
       -
             );

     

       65
       65
       -
             default = { };

     

       66
       66
       -
             example = literalExpression ''

     

       67
       67
       -
               {

     

       68
       68
       -
                 base00 = "002635";

     

       69
       69
       -
                 base01 = "00384d";

     

       70
       70
       -
                 base02 = "517F8D";

     

       71
       71
       -
                 base03 = "6C8B91";

     

       72
       72
       -
                 base04 = "869696";

     

       73
       73
       -
                 base05 = "a1a19a";

     

       74
       74
       -
                 base06 = "e6e6dc";

     

       75
       75
       -
                 base07 = "fafaf8";

     

       76
       76
       -
                 base08 = "ff5a67";

     

       77
       77
       -
                 base09 = "f08e48";

     

       78
       78
       -
                 base0A = "ffcc1b";

     

       79
       79
       -
                 base0B = "7fc06e";

     

       80
       80
       -
                 base0C = "14747e";

     

       81
       81
       -
                 base0D = "5dd7b9";

     

       82
       82
       -
                 base0E = "9a70a4";

     

       83
       83
       -
                 base0F = "c43060";

     

       84
       84
       -
               }

     

       85
       85
       -
             '';

     

       86
       86
       -
             description = ''

     

       87
       87
       -
               Atribute set of hex colors.

     

       88
       88
       -
       

     

       89
       89
       -
               These are usually base00-base0F, but you may use any name you want.

     

       90
       90
       -
               For example, these can have meaningful names (bg, fg), or be base24.

     

       91
       91
       -
       

     

       92
       92
       -
               The colorschemes provided by nix-colors follow the base16 standard.

     

       93
       93
       -
               Some might leverage base24 and have 24 colors, but these can be safely

     

       94
       94
       -
               used as if they were base16.

     

       95
       95
       -
       

     

       96
       96
       -
               You may include a leading #, but it will be stripped when accessed from

     

       97
       97
       -
               config.colorscheme.palette.

     

       98
       98
       -
             '';

     

       99
       99
       -
           };

     

       100
       100
       -
         };

     

       101
       101
       -
       }

+2 -4

modules/home-manager/default.nix

···

       1
       1
        
       {

     

       2
       2
       -
         color-scheme = import ./color-scheme.nix;

     

       3
       3
       -
         wakatime = import ./wakatime.nix;

     

       4
       4
       -
         wl-clip-persist = import ./wl-clip-persist.nix;

     

       5
       5
       -
         xcompose = import ./xcompose.nix;

     

       2
       2
       +
         wakatime = ./wakatime.nix;

     

       3
       3
       +
         xcompose = ./xcompose.nix;

     

       6
       4
        
       }

-99

modules/home-manager/wl-clip-persist.nix

···

       1
       1
       -
       { config

     

       2
       2
       -
       , lib

     

       3
       3
       -
       , pkgs

     

       4
       4
       -
       , ...

     

       5
       5
       -
       }:

     

       6
       6
       -
       

     

       7
       7
       -
       let

     

       8
       8
       -
         cfg = config.services.wl-clip-persist;

     

       9
       9
       -
       in

     

       10
       10
       -
       {

     

       11
       11
       -
         options.services.wl-clip-persist = with lib; {

     

       12
       12
       -
           enable = mkEnableOption "";

     

       13
       13
       -
       

     

       14
       14
       -
           package = mkPackageOption pkgs "wl-clip-persist" { };

     

       15
       15
       -
       

     

       16
       16
       -
           clipboard = mkOption {

     

       17
       17
       -
             description = "The clipboard type to operate on";

     

       18
       18
       -
             default = "regular";

     

       19
       19
       -
             type = types.enum [ "regular" "primary" "both" ];

     

       20
       20
       -
           };

     

       21
       21
       -
       

     

       22
       22
       -
           display = mkOption {

     

       23
       23
       -
             description = "The wayland display to operate on";

     

       24
       24
       -
             default = null;

     

       25
       25
       -
             type = types.nullOr types.str;

     

       26
       26
       -
           };

     

       27
       27
       -
       

     

       28
       28
       -
           ignoreEventOnError = mkOption {

     

       29
       29
       -
             description = "Only handle selection events where no error occurred";

     

       30
       30
       -
             default = null;

     

       31
       31
       -
             type = types.nullOr types.bool;

     

       32
       32
       -
           };

     

       33
       33
       -
       

     

       34
       34
       -
           allMimeTypeRegex = mkOption {

     

       35
       35
       -
             description = "Only handle selection events where all offered MIME types have a match for the regex";

     

       36
       36
       -
             default = null;

     

       37
       37
       -
             type = types.nullOr types.str;

     

       38
       38
       -
           };

     

       39
       39
       -
       

     

       40
       40
       -
           interruptOldClipboardRequests = mkOption {

     

       41
       41
       -
             description = "Interrupt trying to send the old clipboard to other programs when the clipboard has been updated";

     

       42
       42
       -
             default = null;

     

       43
       43
       -
             type = types.nullOr types.bool;

     

       44
       44
       -
           };

     

       45
       45
       -
       

     

       46
       46
       -
           selectionSizeLimit = mkOption {

     

       47
       47
       -
             description = "Only handle selection events whose total data size does not exceed the size limit";

     

       48
       48
       -
             default = null;

     

       49
       49
       -
             type = types.nullOr types.int;

     

       50
       50
       -
           };

     

       51
       51
       -
       

     

       52
       52
       -
           readTimeout = mkOption {

     

       53
       53
       -
             description = "Timeout for trying to get the current clipboard";

     

       54
       54
       -
             default = 500;

     

       55
       55
       -
             type = types.int;

     

       56
       56
       -
           };

     

       57
       57
       -
       

     

       58
       58
       -
           ignoreEventOnTimeout = mkOption {

     

       59
       59
       -
             description = "Only handle selection events where no timeout occurred";

     

       60
       60
       -
             default = null;

     

       61
       61
       -
             type = types.nullOr types.bool;

     

       62
       62
       -
           };

     

       63
       63
       -
       

     

       64
       64
       -
           writeTimeout = mkOption {

     

       65
       65
       -
             description = "Timeout for trying to send the current clipboard to other programs";

     

       66
       66
       -
             default = 3000;

     

       67
       67
       -
             type = types.int;

     

       68
       68
       -
           };

     

       69
       69
       -
         };

     

       70
       70
       -
       

     

       71
       71
       -
         config = lib.mkIf cfg.enable {

     

       72
       72
       -
           systemd.user.services.wl-clip-persist = {

     

       73
       73
       -
             Unit = {

     

       74
       74
       -
               Description = "wl-clip-persist system service";

     

       75
       75
       -
               PartOf = [ "graphical-session.target" ];

     

       76
       76
       -
               BindsTo = [ "graphical-session.target" ];

     

       77
       77
       -
             };

     

       78
       78
       -
       

     

       79
       79
       -
             Service = {

     

       80
       80
       -
               Type = "simple";

     

       81
       81
       -
               ExecStart = "${lib.getExe cfg.package} ${lib.cli.toGNUCommandLineShell {} {

     

       82
       82
       -
                 clipboard = cfg.clipboard;

     

       83
       83
       -
                 display = cfg.display;

     

       84
       84
       -
                 ignore-event-on-error = cfg.ignoreEventOnError;

     

       85
       85
       -
                 all-mime-type-regex = cfg.allMimeTypeRegex;

     

       86
       86
       -
                 interrupt-old-clipboard-requests = cfg.interruptOldClipboardRequests;

     

       87
       87
       -
                 selection-size-limit = cfg.selectionSizeLimit;

     

       88
       88
       -
                 read-timeout = cfg.readTimeout;

     

       89
       89
       -
                 ignore-event-on-timeout = cfg.ignoreEventOnTimeout;

     

       90
       90
       -
                 write-timeout = cfg.writeTimeout;

     

       91
       91
       -
               }}";

     

       92
       92
       -
               Restart = "on-failure";

     

       93
       93
       -
               TimeoutStopSec = 15;

     

       94
       94
       -
             };

     

       95
       95
       -
       

     

       96
       96
       -
             Install.WantedBy = lib.mkDefault [ "graphical-session.target" ];

     

       97
       97
       -
           };

     

       98
       98
       -
         };

     

       99
       99
       -
       }

+2 -2

modules/home-manager/xcompose.nix

···

       14
       14
        
           loadConfigInEnv = mkOption {

     

       15
       15
        
             description = ''

     

       16
       16
        
               Load the XCompose file by passing the `XCOMPOSEFILE` environment variable instead of linking to ~/.XCompose.

     

       17
       17
       -
               

     

       17
       17
       +
       

     

       18
       18
        
               That is nice to avoid cluttering the HOME directory, it's preferable to disable it when experimenting

     

       19
       19
       -
               with your compose config to reload faster than having to reload your VM

     

       19
       19
       +
               with your compose config to reload faster than having to reload your VM.

     

       20
       20
        
             '';

     

       21
       21
        
             default = true;

     

       22
       22
        
             type = types.bool;

-1

modules/nixos/default.nix

···

       1
       1
        
       {

     

       2
       2
       -
         geoclue2 = ./geoclue2.nix;

     

       3
       2
        
         logiops = ./logiops.nix;

     

       4
       3
        
       }

-324

modules/nixos/geoclue2.nix

···

       1
       1
       -
       # Adapted from the original nixpkgs repo

     

       2
       2
       -
       #

     

       3
       3
       -
       # It supports static location fallback. This is a workaround waiting for an

     

       4
       4
       -
       # alternative to MLS (Mozilla Location Services).

     

       5
       5
       -
       

     

       6
       6
       -
       # Target interface to manage the static file would be:

     

       7
       7
       -
       # static = {

     

       8
       8
       -
       #   latitude = 48.8;

     

       9
       9
       -
       #   logitude = 2.3;

     

       10
       10
       -
       # };

     

       11
       11
       -
       #

     

       12
       12
       -
       # I spent way too much time getting this to work with a submodule.

     

       13
       13
       -
       

     

       14
       14
       -
       { config

     

       15
       15
       -
       , lib

     

       16
       16
       -
       , pkgs

     

       17
       17
       -
       , ...

     

       18
       18
       -
       }:

     

       19
       19
       -
       

     

       20
       20
       -
       let

     

       21
       21
       -
         package = pkgs.geoclue2.override { withDemoAgent = config.services.geoclue2.enableDemoAgent; };

     

       22
       22
       -
       

     

       23
       23
       -
         cfg = config.services.geoclue2;

     

       24
       24
       -
       

     

       25
       25
       -
         defaultWhitelist = [ "gnome-shell" "io.elementary.desktop.agent-geoclue2" ];

     

       26
       26
       -
       

     

       27
       27
       -
         appConfigModule = lib.types.submodule ({ name, ... }: with lib; {

     

       28
       28
       -
           options = {

     

       29
       29
       -
             desktopID = mkOption {

     

       30
       30
       -
               type = types.str;

     

       31
       31
       -
               description = "Desktop ID of the application.";

     

       32
       32
       -
             };

     

       33
       33
       -
       

     

       34
       34
       -
             isAllowed = mkOption {

     

       35
       35
       -
               type = types.bool;

     

       36
       36
       -
               description = ''

     

       37
       37
       -
                 Whether the application will be allowed access to location information.

     

       38
       38
       -
               '';

     

       39
       39
       -
             };

     

       40
       40
       -
       

     

       41
       41
       -
             isSystem = mkOption {

     

       42
       42
       -
               type = types.bool;

     

       43
       43
       -
               description = ''

     

       44
       44
       -
                 Whether the application is a system component or not.

     

       45
       45
       -
               '';

     

       46
       46
       -
             };

     

       47
       47
       -
       

     

       48
       48
       -
             users = mkOption {

     

       49
       49
       -
               type = types.listOf types.str;

     

       50
       50
       -
               default = [ ];

     

       51
       51
       -
               description = ''

     

       52
       52
       -
                 List of UIDs of all users for which this application is allowed location

     

       53
       53
       -
                 info access, Defaults to an empty string to allow it for all users.

     

       54
       54
       -
               '';

     

       55
       55
       -
             };

     

       56
       56
       -
           };

     

       57
       57
       -
       

     

       58
       58
       -
           config.desktopID = mkDefault name;

     

       59
       59
       -
         });

     

       60
       60
       -
       

     

       61
       61
       -
         # staticModule = types.submodule ({ name, ... }: {

     

       62
       62
       -
         #   options = {

     

       63
       63
       -
         #     latitude = mkOption {

     

       64
       64
       -
         #       type = types.float;

     

       65
       65
       -
         #       example = 40.6893129;

     

       66
       66
       -
         #     };

     

       67
       67
       -
       

     

       68
       68
       -
         #     longitude = mkOption {

     

       69
       69
       -
         #       type = types.float;

     

       70
       70
       -
         #       example = -74.0445531;

     

       71
       71
       -
         #     };

     

       72
       72
       -
       

     

       73
       73
       -
         #     altitude = mkOption {

     

       74
       74
       -
         #       type = types.float;

     

       75
       75
       -
         #       default = 0;

     

       76
       76
       -
         #       example = 96;

     

       77
       77
       -
         #     };

     

       78
       78
       -
       

     

       79
       79
       -
         #     accuracyRadius = mkOption {

     

       80
       80
       -
         #       type = types.float;

     

       81
       81
       -
         #       default = 0;

     

       82
       82
       -
         #       example = 1.83;

     

       83
       83
       -
         #     };

     

       84
       84
       -
         #   };

     

       85
       85
       -
         # });

     

       86
       86
       -
       

     

       87
       87
       -
         appConfigToINICompatible = _: { desktopID, isAllowed, isSystem, users, ... }: {

     

       88
       88
       -
           name = desktopID;

     

       89
       89
       -
           value = {

     

       90
       90
       -
             allowed = isAllowed;

     

       91
       91
       -
             system = isSystem;

     

       92
       92
       -
             users = lib.concatStringsSep ";" users;

     

       93
       93
       -
           };

     

       94
       94
       -
         };

     

       95
       95
       -
       

     

       96
       96
       -
       in

     

       97
       97
       -
       {

     

       98
       98
       -
         disabledModules = [ "services/desktops/geoclue2.nix" ];

     

       99
       99
       -
       

     

       100
       100
       -
         options.services.geoclue2 = with lib; {

     

       101
       101
       -
           enable = mkOption {

     

       102
       102
       -
             type = types.bool;

     

       103
       103
       -
             default = false;

     

       104
       104
       -
             description = ''

     

       105
       105
       -
               Whether to enable GeoClue 2 daemon, a DBus service

     

       106
       106
       -
               that provides location information for accessing.

     

       107
       107
       -
             '';

     

       108
       108
       -
           };

     

       109
       109
       -
       

     

       110
       110
       -
           enableDemoAgent = mkOption {

     

       111
       111
       -
             type = types.bool;

     

       112
       112
       -
             default = true;

     

       113
       113
       -
             description = ''

     

       114
       114
       -
               Whether to use the GeoClue demo agent. This should be

     

       115
       115
       -
               overridden by desktop environments that provide their own

     

       116
       116
       -
               agent.

     

       117
       117
       -
             '';

     

       118
       118
       -
           };

     

       119
       119
       -
       

     

       120
       120
       -
           enableNmea = mkOption {

     

       121
       121
       -
             type = types.bool;

     

       122
       122
       -
             default = true;

     

       123
       123
       -
             description = ''

     

       124
       124
       -
               Whether to fetch location from NMEA sources on local network.

     

       125
       125
       -
             '';

     

       126
       126
       -
           };

     

       127
       127
       -
       

     

       128
       128
       -
           enable3G = mkOption {

     

       129
       129
       -
             type = types.bool;

     

       130
       130
       -
             default = true;

     

       131
       131
       -
             description = ''

     

       132
       132
       -
               Whether to enable 3G source.

     

       133
       133
       -
             '';

     

       134
       134
       -
           };

     

       135
       135
       -
       

     

       136
       136
       -
           enableCDMA = mkOption {

     

       137
       137
       -
             type = types.bool;

     

       138
       138
       -
             default = true;

     

       139
       139
       -
             description = ''

     

       140
       140
       -
               Whether to enable CDMA source.

     

       141
       141
       -
             '';

     

       142
       142
       -
           };

     

       143
       143
       -
       

     

       144
       144
       -
           enableModemGPS = mkOption {

     

       145
       145
       -
             type = types.bool;

     

       146
       146
       -
             default = true;

     

       147
       147
       -
             description = ''

     

       148
       148
       -
               Whether to enable Modem-GPS source.

     

       149
       149
       -
             '';

     

       150
       150
       -
           };

     

       151
       151
       -
       

     

       152
       152
       -
           enableWifi = mkOption {

     

       153
       153
       -
             type = types.bool;

     

       154
       154
       -
             default = true;

     

       155
       155
       -
             description = ''

     

       156
       156
       -
               Whether to enable WiFi source.

     

       157
       157
       -
             '';

     

       158
       158
       -
           };

     

       159
       159
       -
       

     

       160
       160
       -
           geoProviderUrl = mkOption {

     

       161
       161
       -
             type = types.str;

     

       162
       162
       -
             default = "https://location.services.mozilla.com/v1/geolocate?key=geoclue";

     

       163
       163
       -
             example = "https://www.googleapis.com/geolocation/v1/geolocate?key=YOUR_KEY";

     

       164
       164
       -
             description = ''

     

       165
       165
       -
               The url to the wifi GeoLocation Service.

     

       166
       166
       -
             '';

     

       167
       167
       -
           };

     

       168
       168
       -
       

     

       169
       169
       -
           submitData = mkOption {

     

       170
       170
       -
             type = types.bool;

     

       171
       171
       -
             default = false;

     

       172
       172
       -
             description = ''

     

       173
       173
       -
               Whether to submit data to a GeoLocation Service.

     

       174
       174
       -
             '';

     

       175
       175
       -
           };

     

       176
       176
       -
       

     

       177
       177
       -
           submissionUrl = mkOption {

     

       178
       178
       -
             type = types.str;

     

       179
       179
       -
             default = "https://location.services.mozilla.com/v1/submit?key=geoclue";

     

       180
       180
       -
             description = ''

     

       181
       181
       -
               The url to submit data to a GeoLocation Service.

     

       182
       182
       -
             '';

     

       183
       183
       -
           };

     

       184
       184
       -
       

     

       185
       185
       -
           submissionNick = mkOption {

     

       186
       186
       -
             type = types.str;

     

       187
       187
       -
             default = "geoclue";

     

       188
       188
       -
             description = ''

     

       189
       189
       -
               A nickname to submit network data with.

     

       190
       190
       -
               Must be 2-32 characters long.

     

       191
       191
       -
             '';

     

       192
       192
       -
           };

     

       193
       193
       -
       

     

       194
       194
       -
           appConfig = mkOption {

     

       195
       195
       -
             type = types.attrsOf appConfigModule;

     

       196
       196
       -
             default = { };

     

       197
       197
       -
             example = {

     

       198
       198
       -
               "com.github.app" = {

     

       199
       199
       -
                 isAllowed = true;

     

       200
       200
       -
                 isSystem = true;

     

       201
       201
       -
                 users = [ "300" ];

     

       202
       202
       -
               };

     

       203
       203
       -
             };

     

       204
       204
       -
             description = ''

     

       205
       205
       -
               Specify extra settings per application.

     

       206
       206
       -
             '';

     

       207
       207
       -
           };

     

       208
       208
       -
       

     

       209
       209
       -
           # static = mkOption {

     

       210
       210
       -
           #   type = types.nullOr (types.attrsOf staticModule);

     

       211
       211
       -
           #   default = null;

     

       212
       212
       -
           #   description = ''

     

       213
       213
       -
           #     Add a fallback location that will be overriden by other location services

     

       214
       214
       -
           #   '';

     

       215
       215
       -
           # };

     

       216
       216
       -
       

     

       217
       217
       -
           staticFile = mkOption {

     

       218
       218
       -
             type = types.nullOr (types.str);

     

       219
       219
       -
             default = null;

     

       220
       220
       -
             description = ''

     

       221
       221
       -
               Add a fallback location that will be overriden by other location services

     

       222
       222
       -
             '';

     

       223
       223
       -
           };

     

       224
       224
       -
         };

     

       225
       225
       -
       

     

       226
       226
       -
         config = lib.mkIf cfg.enable {

     

       227
       227
       -
           environment.systemPackages = [ package ];

     

       228
       228
       -
       

     

       229
       229
       -
           services.dbus.packages = [ package ];

     

       230
       230
       -
       

     

       231
       231
       -
           systemd.packages = [ package ];

     

       232
       232
       -
       

     

       233
       233
       -
           # we cannot use DynamicUser as we need the the geoclue user to exist for the

     

       234
       234
       -
           # dbus policy to work

     

       235
       235
       -
           users = {

     

       236
       236
       -
             users.geoclue = {

     

       237
       237
       -
               isSystemUser = true;

     

       238
       238
       -
               home = "/var/lib/geoclue";

     

       239
       239
       -
               group = "geoclue";

     

       240
       240
       -
               description = "Geoinformation service";

     

       241
       241
       -
             };

     

       242
       242
       -
       

     

       243
       243
       -
             groups.geoclue = { };

     

       244
       244
       -
           };

     

       245
       245
       -
       

     

       246
       246
       -
           systemd.services.geoclue = {

     

       247
       247
       -
             wants = lib.optionals cfg.enableWifi [ "network-online.target" ];

     

       248
       248
       -
             after = lib.optionals cfg.enableWifi [ "network-online.target" ];

     

       249
       249
       -
             # restart geoclue service when the configuration changes

     

       250
       250
       -
             restartTriggers = [

     

       251
       251
       -
               config.environment.etc."geoclue/geoclue.conf".source

     

       252
       252
       -
             ];

     

       253
       253
       -
             serviceConfig.StateDirectory = "geoclue";

     

       254
       254
       -
           };

     

       255
       255
       -
       

     

       256
       256
       -
           # this needs to run as a user service, since it's associated with the

     

       257
       257
       -
           # user who is making the requests

     

       258
       258
       -
           systemd.user.services = lib.mkIf cfg.enableDemoAgent {

     

       259
       259
       -
             geoclue-agent = {

     

       260
       260
       -
               description = "Geoclue agent";

     

       261
       261
       -
               # this should really be `partOf = [ "geoclue.service" ]`, but

     

       262
       262
       -
               # we can't be part of a system service, and the agent should

     

       263
       263
       -
               # be okay with the main service coming and going

     

       264
       264
       -
               wantedBy = [ "default.target" ];

     

       265
       265
       -
               wants = lib.optionals cfg.enableWifi [ "network-online.target" ];

     

       266
       266
       -
               after = lib.optionals cfg.enableWifi [ "network-online.target" ];

     

       267
       267
       -
               unitConfig.ConditionUser = "!@system";

     

       268
       268
       -
               serviceConfig = {

     

       269
       269
       -
                 Type = "exec";

     

       270
       270
       -
                 ExecStart = "${package}/libexec/geoclue-2.0/demos/agent";

     

       271
       271
       -
                 Restart = "on-failure";

     

       272
       272
       -
                 PrivateTmp = true;

     

       273
       273
       -
               };

     

       274
       274
       -
             };

     

       275
       275
       -
           };

     

       276
       276
       -
       

     

       277
       277
       -
           services.geoclue2.appConfig = {

     

       278
       278
       -
             epiphany = { isAllowed = true; isSystem = false; };

     

       279
       279
       -
             firefox = { isAllowed = true; isSystem = false; };

     

       280
       280
       -
           };

     

       281
       281
       -
       

     

       282
       282
       -
           environment.etc."geoclue/geoclue.conf".text =

     

       283
       283
       -
             lib.generators.toINI { } ({

     

       284
       284
       -
               agent = {

     

       285
       285
       -
                 whitelist = lib.concatStringsSep ";"

     

       286
       286
       -
                   (lib.optional cfg.enableDemoAgent "geoclue-demo-agent" ++ defaultWhitelist);

     

       287
       287
       -
               };

     

       288
       288
       -
               network-nmea = {

     

       289
       289
       -
                 enable = cfg.enableNmea;

     

       290
       290
       -
               };

     

       291
       291
       -
               "3g" = {

     

       292
       292
       -
                 enable = cfg.enable3G;

     

       293
       293
       -
               };

     

       294
       294
       -
               cdma = {

     

       295
       295
       -
                 enable = cfg.enableCDMA;

     

       296
       296
       -
               };

     

       297
       297
       -
               modem-gps = {

     

       298
       298
       -
                 enable = cfg.enableModemGPS;

     

       299
       299
       -
               };

     

       300
       300
       -
               wifi = {

     

       301
       301
       -
                 enable = cfg.enableWifi;

     

       302
       302
       -
                 url = cfg.geoProviderUrl;

     

       303
       303
       -
                 submit-data = lib.boolToString cfg.submitData;

     

       304
       304
       -
                 submission-url = cfg.submissionUrl;

     

       305
       305
       -
                 submission-nick = cfg.submissionNick;

     

       306
       306
       -
               };

     

       307
       307
       -
             } // lib.mapAttrs' appConfigToINICompatible cfg.appConfig);

     

       308
       308
       -
       

     

       309
       309
       -
           # environment.etc."geolocation" = mkIf (cfg.static != null) {

     

       310
       310
       -
           #   text = ''

     

       311
       311
       -
           #     ${toString cfg.static.latitude}

     

       312
       312
       -
           #     ${toString cfg.static.longitude}

     

       313
       313
       -
           #     ${toString cfg.static.altitude}

     

       314
       314
       -
           #     ${toString cfg.static.accuracyRadius}

     

       315
       315
       -
           #   '';

     

       316
       316
       -
           # };

     

       317
       317
       -
       

     

       318
       318
       -
           environment.etc."geolocation" = lib.mkIf (cfg.staticFile != null) { text = cfg.staticFile; };

     

       319
       319
       -
         };

     

       320
       320
       -
       

     

       321
       321
       -
         meta = with lib; {

     

       322
       322
       -
           maintainers = with maintainers; [ ] ++ teams.pantheon.members;

     

       323
       323
       -
         };

     

       324
       324
       -
       }

+5 -7

modules/nixos/logiops.nix

···

       11
       11
        
         rendered-config = libconfig-format.generate "logid.cfg" cfg.settings;

     

       12
       12
        
       in

     

       13
       13
        
       {

     

       14
       14
       -
         options.services.logiops = with lib; {

     

       15
       15
       -
           enable = mkEnableOption (mdDoc "Logiops HID++ configuration");

     

       14
       14
       +
         options.services.logiops = {

     

       15
       15
       +
           enable = lib.mkEnableOption "Logiops HID++ configuration";

     

       16
       16
        
       

     

       17
       17
       -
           package = mkPackageOption pkgs "logiops" { };

     

       17
       17
       +
           package = lib.mkPackageOption pkgs "logiops_0_2_3" { };

     

       18
       18
        
       

     

       19
       19
       -
           settings = mkOption {

     

       19
       19
       +
           settings = lib.mkOption {

     

       20
       20
        
             type = libconfig-format.type;

     

       21
       21
        
             default = { };

     

       22
       22
        
             example = {

     
···

       54
       54
        
                 ];

     

       55
       55
        
               }];

     

       56
       56
        
             };

     

       57
       57
       -
             description = mdDoc ''

     

       57
       57
       +
             description = lib.mdDoc ''

     

       58
       58
        
               Logid configuration. Refer to

     

       59
       59
        
               [the `logiops` wiki](https://github.com/PixlOne/logiops/wiki/Configuration)

     

       60
       60
        
               for details on supported values.

     
···

       72
       72
        
             restartTriggers = [ rendered-config ];

     

       73
       73
        
           };

     

       74
       74
        
         };

     

       75
       75
       -
       

     

       76
       76
       -
         meta.maintainers = with lib.maintainers; [ ckie ];

     

       77
       75
        
       }

+3 -3

nixos/fragments/agenix.nix

···

       10
       10
        
         inherit (self.inputs) agenix;

     

       11
       11
        
       

     

       12
       12
        
         cfg = config.local.fragment.agenix;

     

       13
       13
       -
         all-secrets = import ../../secrets;

     

       14
       13
        
       in

     

       15
       14
        
       {

     

       16
       15
        
         imports = [

     
···

       26
       25
        
       

     

       27
       26
        
         config = lib.mkIf cfg.enable {

     

       28
       27
        
           assertions = [

     

       29
       29
       -
             { assertion = config.services.openssh.enable; message = "`agenix` fragement depends on `openssh` program"; }

     

       28
       28
       +
             { assertion = config.services.openssh.enable; message = "`agenix` fragment depends on `openssh` program"; }

     

       30
       29
        
           ];

     

       31
       30
        
       

     

       32
       31
        
           age = {

     
···

       35
       34
        
             # be located on luks protected partitions.

     

       36
       35
        
             # identityPaths = [ ];

     

       37
       36
        
       

     

       38
       38
       -
             secrets = all-secrets.nixos;

     

       37
       37
       +
             # Secrets are defined in the fragments that use it

     

       38
       38
       +
             # secrets = ...;

     

       39
       39
        
           };

     

       40
       40
        
         };

     

       41
       41
        
       }

+63 -56

nixos/fragments/backup.nix

···

       17
       17
        
           Backup related

     

       18
       18
        
         '';

     

       19
       19
        
       

     

       20
       20
       -
         # TODO: fix module

     

       21
       21
       -
         config.assertions = lib.optional cfg.enable { assertion = false; message = "module is broken"; };

     

       22
       22
       -
         config.services.restic.backups = lib.mkIf cfg.enable {

     

       23
       23
       -
           # Backup documents and repos code

     

       24
       24
       -
           google-drive = {

     

       25
       25
       -
             repository = "rclone:googledrive:/Backups/${hostname}";

     

       26
       26
       -
             passwordFile = secrets.backup-restic-key.path;

     

       27
       27
       -
             rcloneConfigFile = secrets.backup-rclone-googledrive.path;

     

       28
       28
       -
             initialize = true;

     

       29
       20
        
       

     

       30
       30
       -
             paths = [

     

       31
       31
       -
               "/home/${mainUsername}/Documents"

     

       32
       32
       -
               # Equivalent of `~/Development` but needs extra handling as explained below

     

       33
       33
       -
               "/home/${mainUsername}/.local/backup/repos"

     

       34
       34
       -
             ];

     

       21
       21
       +
         config = lib.mkIf cfg.enable {

     

       22
       22
       +
           # TODO: fix module

     

       23
       23
       +
           assertions = [{ assertion = false; message = "module is broken"; }];

     

       35
       24
        
       

     

       36
       36
       -
             # Extra handling for Development folder to respect `.gitignore` files.

     

       37
       37
       -
             #

     

       38
       38
       -
             # Backup folder should be stored somewhere to avoid changing ctimes

     

       39
       39
       -
             # which would cause otherwise unchanged files to be backed up again.

     

       40
       40
       -
             # Since `--link-dest` is used, file contents won't be duplicated on disk.

     

       41
       41
       -
             backupPrepareCommand = ''

     

       42
       42
       -
               # Remove stale Restic locks

     

       43
       43
       -
               ${lib.getExe pkgs.restic} unlock || true

     

       25
       25
       +
           age.secrets.backup-restic-key.file = ../../secrets/backup/restic-key.age;

     

       26
       26
       +
           age.secrets.backup-rclone-google-drive.file = ../../secrets/backup/rclone-googledrive.age;

     

       44
       27
        
       

     

       45
       45
       -
               ${lib.getExe pkgs.rsync} \

     

       46
       46
       -
                 ${"\\" /* Archive mode and delete files that are not in the source directory. `--mkpath` is like `mkdir`'s `-p` option */}

     

       47
       47
       -
                 --archive --delete --mkpath \

     

       48
       48
       -
                 ${"\\" /* `:-` operator uses .gitignore files as exclude patterns */}

     

       49
       49
       -
                 --filter=':- .gitignore' \

     

       50
       50
       -
                 ${"\\" /* Exclude nixpkgs repository because they have some weird symlink test files that break rsync */}

     

       51
       51
       -
                 --exclude 'nixpkgs' \

     

       52
       52
       -
                 ${"\\" /* Hardlink files to avoid taking up more space */}

     

       53
       53
       -
                 --link-dest=/home/${mainUsername}/Development \

     

       54
       54
       -
                 /home/${mainUsername}/Development/ /home/${mainUsername}/.local/backup/repos

     

       55
       55
       -
             '';

     

       28
       28
       +
           services.restic.backups = {

     

       29
       29
       +
             # Backup documents and repos code

     

       30
       30
       +
             google-drive = {

     

       31
       31
       +
               repository = "rclone:googledrive:/Backups/${hostname}";

     

       32
       32
       +
               passwordFile = secrets.backup-restic-key.path;

     

       33
       33
       +
               rcloneConfigFile = secrets.backup-rclone-googledrive.path;

     

       34
       34
       +
               initialize = true;

     

       35
       35
       +
       

     

       36
       36
       +
               paths = [

     

       37
       37
       +
                 "/home/${mainUsername}/Documents"

     

       38
       38
       +
                 # Equivalent of `~/Development` but needs extra handling as explained below

     

       39
       39
       +
                 "/home/${mainUsername}/.local/backup/repos"

     

       40
       40
       +
               ];

     

       41
       41
       +
       

     

       42
       42
       +
               # Extra handling for Development folder to respect `.gitignore` files.

     

       43
       43
       +
               #

     

       44
       44
       +
               # Backup folder should be stored somewhere to avoid changing ctimes

     

       45
       45
       +
               # which would cause otherwise unchanged files to be backed up again.

     

       46
       46
       +
               # Since `--link-dest` is used, file contents won't be duplicated on disk.

     

       47
       47
       +
               backupPrepareCommand = ''

     

       48
       48
       +
                 # Remove stale Restic locks

     

       49
       49
       +
                 ${lib.getExe pkgs.restic} unlock || true

     

       50
       50
       +
       

     

       51
       51
       +
                 ${lib.getExe pkgs.rsync} \

     

       52
       52
       +
                   ${"\\" /* Archive mode and delete files that are not in the source directory. `--mkpath` is like `mkdir`'s `-p` option */}

     

       53
       53
       +
                   --archive --delete --mkpath \

     

       54
       54
       +
                   ${"\\" /* `:-` operator uses .gitignore files as exclude patterns */}

     

       55
       55
       +
                   --filter=':- .gitignore' \

     

       56
       56
       +
                   ${"\\" /* Exclude nixpkgs repository because they have some weird symlink test files that break rsync */}

     

       57
       57
       +
                   --exclude 'nixpkgs' \

     

       58
       58
       +
                   ${"\\" /* Hardlink files to avoid taking up more space */}

     

       59
       59
       +
                   --link-dest=/home/${mainUsername}/Development \

     

       60
       60
       +
                   /home/${mainUsername}/Development/ /home/${mainUsername}/.local/backup/repos

     

       61
       61
       +
               '';

     

       56
       62
        
       

     

       57
       57
       -
             pruneOpts = [

     

       58
       58
       -
               "--keep-daily 7"

     

       59
       59
       -
               "--keep-weekly 5"

     

       60
       60
       -
               "--keep-yearly 10"

     

       61
       61
       -
             ];

     

       63
       63
       +
               pruneOpts = [

     

       64
       64
       +
                 "--keep-daily 7"

     

       65
       65
       +
                 "--keep-weekly 5"

     

       66
       66
       +
                 "--keep-yearly 10"

     

       67
       67
       +
               ];

     

       62
       68
        
       

     

       63
       69
        
       

     

       64
       64
       -
             # TODO: fix config

     

       65
       65
       -
             timerConfig = null;

     

       66
       66
       -
             # timerConfig = {

     

       67
       67
       -
             #   OnCalendar = "00:05";

     

       68
       68
       -
             #   RandomizedDelaySec = "5h";

     

       69
       69
       -
             # };

     

       70
       70
       -
           };

     

       70
       70
       +
               # TODO: fix config

     

       71
       71
       +
               timerConfig = null;

     

       72
       72
       +
               # timerConfig = {

     

       73
       73
       +
               #   OnCalendar = "00:05";

     

       74
       74
       +
               #   RandomizedDelaySec = "5h";

     

       75
       75
       +
               # };

     

       76
       76
       +
             };

     

       71
       77
        
       

     

       72
       72
       -
           # Backup documents and large files

     

       73
       73
       -
           archaic-bak = {

     

       74
       74
       -
             repository = "/run/media/${mainUsername}/ArchaicBak/Backups/${hostname}";

     

       75
       75
       -
             passwordFile = secrets.backup-restic-key.path;

     

       76
       76
       -
             initialize = true;

     

       78
       78
       +
             # Backup documents and large files

     

       79
       79
       +
             archaic-bak = {

     

       80
       80
       +
               repository = "/run/media/${mainUsername}/ArchaicBak/Backups/${hostname}";

     

       81
       81
       +
               passwordFile = secrets.backup-restic-key.path;

     

       82
       82
       +
               initialize = true;

     

       77
       83
        
       

     

       78
       78
       -
             # this would fix issue that folder is created as root

     

       79
       79
       -
             # but we cannot access the backup key

     

       80
       80
       -
             user = config.local.user.username;

     

       84
       84
       +
               # this would fix issue that folder is created as root

     

       85
       85
       +
               # but we cannot access the backup key

     

       86
       86
       +
               user = config.local.user.username;

     

       81
       87
        
       

     

       82
       82
       -
             paths = [ "/home/${mainUsername}/Documents" ];

     

       88
       88
       +
               paths = [ "/home/${mainUsername}/Documents" ];

     

       83
       89
        
       

     

       84
       84
       -
             # Should only be ran manually when the backup Disk is attached

     

       85
       85
       -
             timerConfig = null;

     

       90
       90
       +
               # Should only be ran manually when the backup Disk is attached

     

       91
       91
       +
               timerConfig = null;

     

       92
       92
       +
             };

     

       86
       93
        
           };

     

       87
       94
        
         };

     

       88
       95
        
       }

+1 -1

nixos/fragments/default.nix

···

       12
       12
        
           ./kanata

     

       13
       13
        
           ./logiops.nix

     

       14
       14
        
           ./nix.nix

     

       15
       15
       -
           ./sddm.nix

     

       15
       15
       +
           ./secure-boot.nix

     

       16
       16
        
           ./security.nix

     

       17
       17
        
           ./virtualisation.nix

     

       18
       18
        
           ./wireless.nix

+1 -1

nixos/fragments/kanata/arsenik.kbd.lisp

···

       59
       59
        
       ;; Numrow layer

     

       60
       60
        
       (deflayer numrow

     

       61
       61
        
         XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX

     

       62
       62
       -
         XX   XX   XX   XX   XX        XX   XX   XX   XX   XX  

     

       62
       62
       +
         XX   XX   XX   XX   XX        XX   XX   XX   XX   XX

     

       63
       63
        
         @1   @2   @3   @4   @5        @6   @7   @8   @9   @0

     

       64
       64
        
         XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX

     

       65
       65
        
              XX   XX             XX             XX   XX

+2 -4

nixos/fragments/logiops.nix

···

       1
       1
        
       { self

     

       2
       2
        
       , config

     

       3
       3
        
       , lib

     

       4
       4
       -
       , pkgs

     

       5
       4
        
       , ...

     

       6
       5
        
       }:

     

       7
       6
        
       

     
···

       19
       18
        
       

     

       20
       19
        
         config.services.logiops = lib.mkIf cfg.enable {

     

       21
       20
        
           enable = true;

     

       22
       22
       -
           package = pkgs.logiops_0_2_3;

     

       23
       21
        
       

     

       24
       22
        
           settings =

     

       25
       23
        
             let

     

       26
       24
        
               cid = {

     

       27
       25
        
                 #                  Control IDs │ reprog? │ fn key? │ mouse key? │ gesture support?

     

       28
       28
       -
                 leftMouse = 80; #         0x50 │         │         │ YES        │ 

     

       29
       29
       -
                 rightMouse = 81; #        0x51 │         │         │ YES        │ 

     

       26
       26
       +
                 leftMouse = 80; #         0x50 │         │         │ YES        │

     

       27
       27
       +
                 rightMouse = 81; #        0x51 │         │         │ YES        │

     

       30
       28
        
                 middleMouse = 81; #       0x52 │ YES     │         │ YES        │ YES

     

       31
       29
        
                 back = 83; #              0x53 │ YES     │         │ YES        │ YES

     

       32
       30
        
                 forward = 86; #           0x56 │ YES     │         │ YES        │ YES

+9 -1

nixos/fragments/nix.nix

···

       33
       33
        
               # Make NixOS system's legacy channels consistent with registry and flake inputs

     

       34
       34
        
               else lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;

     

       35
       35
        
       

     

       36
       36
       -
       

     

       37
       36
        
             gc = {

     

       38
       37
        
               automatic = true;

     

       39
       38
        
               # absolute disk space saver, if you forget to run GC

     
···

       55
       54
        
               # avoid network calls at each nix invoation.

     

       56
       55
        
               flake-registry = "";

     

       57
       56
        
       

     

       57
       57
       +
               use-xdg-base-directories = true;

     

       58
       58
       +
       

     

       58
       59
        
               keep-going = true;

     

       59
       60
        
       

     

       60
       61
        
               extra-platforms = config.boot.binfmt.emulatedSystems;

     
···

       63
       64
        
               extra-substituters = [ "https://nix-community.cachix.org" ];

     

       64
       65
        
               extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];

     

       65
       66
        
             };

     

       67
       67
       +
           };

     

       68
       68
       +
       

     

       69
       69
       +
           # other disk space saver

     

       70
       70
       +
           services.angrr = {

     

       71
       71
       +
             enable = true;

     

       72
       72
       +
             period = "2weeks";

     

       73
       73
       +
             enableNixGcIntegration = true;

     

       66
       74
        
           };

     

       67
       75
        
         };

     

       68
       76
        
       }

-33

nixos/fragments/sddm.nix

···

       1
       1
       -
       { config

     

       2
       2
       -
       , lib

     

       3
       3
       -
       , pkgs

     

       4
       4
       -
       , lpkgs

     

       5
       5
       -
       , ...

     

       6
       6
       -
       }:

     

       7
       7
       -
       

     

       8
       8
       -
       let

     

       9
       9
       -
         cfg = config.local.fragment.sddm;

     

       10
       10
       -
       in

     

       11
       11
       -
       

     

       12
       12
       -
       {

     

       13
       13
       -
         options.local.fragment.sddm.enable = lib.mkEnableOption ''

     

       14
       14
       -
           SDDM related

     

       15
       15
       -
         '';

     

       16
       16
       -
       

     

       17
       17
       -
         # Hours wasted trying to add a working SDDM theme: 3h + 3h

     

       18
       18
       -
       

     

       19
       19
       -
         config = lib.mkIf cfg.enable {

     

       20
       20
       -
           services.displayManager.sddm = {

     

       21
       21
       -
             enable = true;

     

       22
       22
       -
             wayland.enable = true;

     

       23
       23
       -
             # theme = "where_is_my_sddm_theme";

     

       24
       24
       -
             theme = "catppuccin-mocha";

     

       25
       25
       -
           };

     

       26
       26
       -
       

     

       27
       27
       -
           environment.systemPackages = [

     

       28
       28
       -
             lpkgs.where-is-my-sddm-theme

     

       29
       29
       -
             pkgs.catppuccin-sddm

     

       30
       30
       -
           ];

     

       31
       31
       -
         };

     

       32
       32
       -
       }

     

       33
       33
       -

+41

nixos/fragments/secure-boot.nix

···

       1
       1
       +
       { self

     

       2
       2
       +
       , config

     

       3
       3
       +
       , lib

     

       4
       4
       +
       , upkgs

     

       5
       5
       +
       , ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       

     

       8
       8
       +
       # https://github.com/nix-community/lanzaboote/blob/master/docs/QUICK_START.md

     

       9
       9
       +
       

     

       10
       10
       +
       let

     

       11
       11
       +
         inherit (self.inputs) lanzaboote;

     

       12
       12
       +
       

     

       13
       13
       +
         cfg = config.local.fragment.secure-boot;

     

       14
       14
       +
       in

     

       15
       15
       +
       {

     

       16
       16
       +
         imports = [

     

       17
       17
       +
           lanzaboote.nixosModules.lanzaboote

     

       18
       18
       +
         ];

     

       19
       19
       +
       

     

       20
       20
       +
         options.local.fragment.secure-boot.enable = lib.mkEnableOption ''

     

       21
       21
       +
           Secure boot related

     

       22
       22
       +
         '';

     

       23
       23
       +
       

     

       24
       24
       +
         config = lib.mkIf cfg.enable {

     

       25
       25
       +
           boot.loader.systemd-boot.enable = lib.mkForce false;

     

       26
       26
       +
       

     

       27
       27
       +
           boot.lanzaboote = {

     

       28
       28
       +
             enable = true;

     

       29
       29
       +
             pkiBundle = "/var/lib/sbctl";

     

       30
       30
       +
           };

     

       31
       31
       +
       

     

       32
       32
       +
           boot.initrd.systemd.enable = true;

     

       33
       33
       +
       

     

       34
       34
       +
           environment.systemPackages = [

     

       35
       35
       +
             # For debugging and troubleshooting Secure Boot

     

       36
       36
       +
             upkgs.sbctl

     

       37
       37
       +
           ];

     

       38
       38
       +
         };

     

       39
       39
       +
       }

     

       40
       40
       +
       

     

       41
       41
       +

+9 -8

nixos/fragments/security.nix

···

       21
       21
        
           security.rtkit.enable = true;

     

       22
       22
        
       

     

       23
       23
        
           # Systemd Login

     

       24
       24
       -
           services.logind = {

     

       25
       25
       -
             lidSwitch = "suspend";

     

       26
       26
       -
             extraConfig = lib.generators.toKeyValue { } {

     

       27
       27
       -
               IdleAction = "lock";

     

       28
       28
       -
               # Don’t shutdown when power button is short-pressed

     

       29
       29
       -
               HandlePowerKey = "lock";

     

       30
       30
       -
               HandlePowerKeyLongPress = "suspend";

     

       31
       31
       -
             };

     

       24
       24
       +
           services.logind.settings.Login = {

     

       25
       25
       +
             HandleLidSwitch = "suspend";

     

       26
       26
       +
             IdleAction = "lock";

     

       27
       27
       +
             # Don’t shutdown when power button is short-pressed

     

       28
       28
       +
             HandlePowerKey = "lock";

     

       29
       29
       +
             HandlePowerKeyLongPress = "suspend";

     

       32
       30
        
           };

     

       33
       31
        
       

     

       34
       32
        
           # `swaylock` pam service must be at least declared to work properly

     
···

       40
       38
        
           # Signing

     

       41
       39
        
           programs.gnupg.agent.enable = true;

     

       42
       40
        
           services.gnome.gnome-keyring.enable = true;

     

       41
       41
       +
           services.gnome.gcr-ssh-agent.enable = false;

     

       43
       42
        
       

     

       44
       43
        
           # SSH

     

       45
       44
        
           services.openssh = {

     
···

       51
       50
        
           };

     

       52
       51
        
       

     

       53
       52
        
           programs.ssh.startAgent = true;

     

       53
       53
       +
       

     

       54
       54
       +
           services.fwupd.enable = true;

     

       54
       55
        
         };

     

       55
       56
        
       }

+9 -21

nixos/profiles/laptop.nix

···

       1
       1
       -
       { self

     

       2
       2
       -
       , config

     

       1
       1
       +
       { config

     

       3
       2
        
       , pkgs

     

       4
       4
       -
       , upkgs

     

       5
       3
        
       , ...

     

       6
       4
        
       }:

     

       7
       5
        
       

     

       8
       8
       -
       let

     

       9
       9
       -
         inherit (self.outputs) nixosModules;

     

       10
       10
       -
       in

     

       11
       6
        
       {

     

       12
       12
       -
         imports = [

     

       13
       13
       -
           # Replaces nixpkgs module with a custom one that support fallback static location

     

       14
       14
       -
           nixosModules.geoclue2

     

       15
       15
       -
         ];

     

       16
       16
       -
       

     

       17
       7
        
         config = {

     

       18
       8
        
           local.fragment = {

     

       19
       9
        
             agenix.enable = true;

     
···

       22
       12
        
             kanata.enable = true;

     

       23
       13
        
             logiops.enable = true;

     

       24
       14
        
             nix.enable = true;

     

       25
       25
       -
             sddm.enable = true;

     

       15
       15
       +
             secure-boot.enable = true;

     

       26
       16
        
             security.enable = true;

     

       27
       17
        
             virtualisation.enable = true;

     

       28
       18
        
             wireless.enable = true;

     
···

       43
       33
        
             kernel.sysctl."kernel.perf_event_paranoid" = -1;

     

       44
       34
        
       

     

       45
       35
        
             kernelPackages = pkgs.linuxKernel.packages.linux_zen;

     

       46
       46
       -
             extraModulePackages = with config.boot.kernelPackages; [ perf xone ];

     

       36
       36
       +
             extraModulePackages = with config.boot.kernelPackages; [ xone ];

     

       47
       37
        
       

     

       48
       38
        
             loader = {

     

       49
       39
        
               systemd-boot.enable = true;

     
···

       57
       47
        
       

     

       58
       48
        
           # Once in a while, the session stop job hangs and lasts the full default

     

       59
       49
        
           # time (1min30). I just want to shutdown my computer please.

     

       60
       60
       -
           systemd.extraConfig = ''

     

       61
       61
       -
             DefaultTimeoutStopSec = 10s

     

       62
       62
       -
           '';

     

       50
       50
       +
           systemd.settings.Manager.DefaultTimeoutStopSec = "10s";

     

       63
       51
        
       

     

       64
       52
        
           programs.dconf.enable = true;

     

       65
       53
        
       

     
···

       86
       74
        
                 LC_TIME = french-locale;

     

       87
       75
        
               };

     

       88
       76
        
             };

     

       89
       89
       -
       

     

       90
       90
       -
           programs.command-not-found.enable = false;

     

       91
       77
        
       

     

       92
       78
        
           # This is needed for services like `darkman` and `gammastep`

     

       93
       79
        
           services.geoclue2 = {

     

       94
       80
        
             enable = true;

     

       95
       81
        
       

     

       96
       96
       -
             # Fallback using custom geoclue2 module waitng for an alternative to MLS

     

       82
       82
       +
             # Fallback using custom geoclue2 module waiting for an alternative to MLS

     

       97
       83
        
             # (Mozilla Location Services). See related module in repo.

     

       98
       84
        
             # INFO:   lat vvvv  vvv long → Paris rough location

     

       99
       99
       -
             staticFile = "48.8\n2.3\n0\n0\n";

     

       85
       85
       +
             # staticFile = "48.8\n2.3\n0\n0\n";

     

       100
       86
        
           };

     

       101
       87
        
       

     

       102
       88
        
           programs.wireshark = {

     
···

       105
       91
        
           };

     

       106
       92
        
           users.users.${config.local.user.username}.extraGroups = [ "wireshark" "plugdev" ];

     

       107
       93
        
       

     

       108
       108
       -
           # This option is already filled with aliases that snowball and have 

     

       94
       94
       +
           # This option is already filled with aliases that snowball and have

     

       109
       95
        
           # priority on fish internal `ls` aliases

     

       110
       96
        
           environment.shellAliases = { ls = null; ll = null; l = null; };

     

       111
       97
        
           programs.fish.enable = true;

     
···

       168
       154
        
               obs-pipewire-audio-capture

     

       169
       155
        
             ];

     

       170
       156
        
           };

     

       157
       157
       +
       

     

       158
       158
       +
           services.earlyoom.enable = true;

     

       171
       159
        
         };

     

       172
       160
        
       }

-220

nixos/profiles/server.nix

···

       1
       1
       -
       { self

     

       2
       2
       -
       , config

     

       3
       3
       -
       , pkgs

     

       4
       4
       -
       , upkgs

     

       5
       5
       -
       , ...

     

       6
       6
       -
       }:

     

       7
       7
       -
       

     

       8
       8
       -
       let

     

       9
       9
       -
         inherit (self.inputs) srvos agenix tangled;

     

       10
       10
       -
       

     

       11
       11
       -
         all-secrets = import ../../secrets;

     

       12
       12
       -
       

     

       13
       13
       -
         ext-if = "eth0";

     

       14
       14
       -
         external-ip = "91.99.55.74";

     

       15
       15
       -
         external-netmask = 27;

     

       16
       16
       -
         external-gw = "144.x.x.255";

     

       17
       17
       -
         external-ip6 = "2a01:4f8:c2c:76d2::1";

     

       18
       18
       -
         external-netmask6 = 64;

     

       19
       19
       -
         external-gw6 = "fe80::1";

     

       20
       20
       -
       

     

       21
       21
       -
         pds-port = 3001;

     

       22
       22
       -
         pds-hostname = "pds.wiro.world";

     

       23
       23
       -
       

     

       24
       24
       -
         tangled-owner = "did:plc:xhgrjm4mcx3p5h3y6eino6ti";

     

       25
       25
       -
         tangled-knot-port = 3002;

     

       26
       26
       -
         tangled-knot-hostname = "knot.wiro.world";

     

       27
       27
       -
         tangled-spindle-port = 3003;

     

       28
       28
       -
         tangled-spindle-hostname = "spindle.wiro.world";

     

       29
       29
       -
       

     

       30
       30
       -
         grafana-port = 9000;

     

       31
       31
       -
         grafana-hostname = "console.wiro.world";

     

       32
       32
       -
         prometheus-port = 9001;

     

       33
       33
       -
         prometheus-node-exporter-port = 9002;

     

       34
       34
       -
       

     

       35
       35
       -
         thelounge-port = 3004;

     

       36
       36
       -
         thelounge-hostname = "lounge.wiro.world";

     

       37
       37
       -
       in

     

       38
       38
       -
       {

     

       39
       39
       -
         imports = [

     

       40
       40
       -
           srvos.nixosModules.server

     

       41
       41
       -
           srvos.nixosModules.hardware-hetzner-cloud

     

       42
       42
       -
           srvos.nixosModules.mixins-terminfo

     

       43
       43
       -
       

     

       44
       44
       -
           agenix.nixosModules.default

     

       45
       45
       -
       

     

       46
       46
       -
           tangled.nixosModules.knot

     

       47
       47
       -
           tangled.nixosModules.spindle

     

       48
       48
       -
         ];

     

       49
       49
       -
       

     

       50
       50
       -
         config = {

     

       51
       51
       -
           age.secrets = all-secrets.deploy;

     

       52
       52
       -
       

     

       53
       53
       -
           boot.loader.grub.enable = true;

     

       54
       54
       -
           boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" "ext4" ];

     

       55
       55
       -
       

     

       56
       56
       -
           # Single network card is `eth0`

     

       57
       57
       -
           networking.usePredictableInterfaceNames = false;

     

       58
       58
       -
       

     

       59
       59
       -
           networking.nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" ];

     

       60
       60
       -
       

     

       61
       61
       -
           networking = {

     

       62
       62
       -
             interfaces.${ext-if} = {

     

       63
       63
       -
               ipv4.addresses = [{ address = external-ip; prefixLength = external-netmask; }];

     

       64
       64
       -
               ipv6.addresses = [{ address = external-ip6; prefixLength = external-netmask6; }];

     

       65
       65
       -
             };

     

       66
       66
       -
             defaultGateway = { interface = ext-if; address = external-gw; };

     

       67
       67
       -
             defaultGateway6 = { interface = ext-if; address = external-gw6; };

     

       68
       68
       -
       

     

       69
       69
       -
             # TODO: rely on Hetzner firewall instead?

     

       70
       70
       -
             # firewall.enable = false;

     

       71
       71
       -
             firewall.allowedTCPPorts = [ 22 80 443 ];

     

       72
       72
       -
           };

     

       73
       73
       -
       

     

       74
       74
       -
           services.openssh.enable = true;

     

       75
       75
       -
       

     

       76
       76
       -
           services.qemuGuest.enable = true;

     

       77
       77
       -
       

     

       78
       78
       -
           services.fail2ban = {

     

       79
       79
       -
             enable = true;

     

       80
       80
       -
       

     

       81
       81
       -
             maxretry = 5;

     

       82
       82
       -
             ignoreIP = [ ];

     

       83
       83
       -
       

     

       84
       84
       -
             bantime = "24h";

     

       85
       85
       -
             bantime-increment = {

     

       86
       86
       -
               enable = true;

     

       87
       87
       -
               multipliers = "1 2 4 8 16 32 64";

     

       88
       88
       -
               maxtime = "168h";

     

       89
       89
       -
               overalljails = true;

     

       90
       90
       -
             };

     

       91
       91
       -
       

     

       92
       92
       -
             jails = { };

     

       93
       93
       -
           };

     

       94
       94
       -
       

     

       95
       95
       -
           services.tailscale.enable = true;

     

       96
       96
       -
       

     

       97
       97
       -
           services.pds = {

     

       98
       98
       -
             enable = true;

     

       99
       99
       -
             package = upkgs.bluesky-pds;

     

       100
       100
       -
       

     

       101
       101
       -
             settings = {

     

       102
       102
       -
               PDS_HOSTNAME = "pds.wiro.world";

     

       103
       103
       -
               PDS_PORT = pds-port;

     

       104
       104
       -
               # is in systemd /tmp subfolder

     

       105
       105
       -
               LOG_DESTINATION = "/tmp/pds.log";

     

       106
       106
       -
             };

     

       107
       107
       -
       

     

       108
       108
       -
             environmentFiles = [

     

       109
       109
       -
               config.age.secrets.pds-config.path

     

       110
       110
       -
             ];

     

       111
       111
       -
           };

     

       112
       112
       -
       

     

       113
       113
       -
           services.caddy = {

     

       114
       114
       -
             enable = true;

     

       115
       115
       -
             package = pkgs.caddy;

     

       116
       116
       -
       

     

       117
       117
       -
             globalConfig = ''

     

       118
       118
       -
               metrics { per_host }

     

       119
       119
       -
       

     

       120
       120
       -
               on_demand_tls {

     

       121
       121
       -
                 ask http://localhost:${toString pds-port}/tls-check

     

       122
       122
       -
               }

     

       123
       123
       -
             '';

     

       124
       124
       -
       

     

       125
       125
       -
             # Grafana has its own auth

     

       126
       126
       -
             virtualHosts.${grafana-hostname}.extraConfig = ''

     

       127
       127
       -
               reverse_proxy http://localhost:${toString grafana-port}

     

       128
       128
       -
             '';

     

       129
       129
       -
       

     

       130
       130
       -
             virtualHosts.${pds-hostname} = {

     

       131
       131
       -
               serverAliases = [ "*.${pds-hostname}" ];

     

       132
       132
       -
               extraConfig = ''

     

       133
       133
       -
                 	tls { on_demand }

     

       134
       134
       -
                   reverse_proxy http://localhost:${toString pds-port}

     

       135
       135
       -
               '';

     

       136
       136
       -
             };

     

       137
       137
       -
       

     

       138
       138
       -
             virtualHosts.${tangled-knot-hostname}.extraConfig = ''

     

       139
       139
       -
               reverse_proxy http://localhost:${toString tangled-knot-port}

     

       140
       140
       -
             '';

     

       141
       141
       -
       

     

       142
       142
       -
             virtualHosts.${tangled-spindle-hostname}.extraConfig = ''

     

       143
       143
       -
               reverse_proxy http://localhost:${toString tangled-spindle-port}

     

       144
       144
       -
             '';

     

       145
       145
       -
       

     

       146
       146
       -
             virtualHosts.${thelounge-hostname}.extraConfig = ''

     

       147
       147
       -
               reverse_proxy http://localhost:${toString thelounge-port}

     

       148
       148
       -
             '';

     

       149
       149
       -
           };

     

       150
       150
       -
       

     

       151
       151
       -
           security.sudo.wheelNeedsPassword = false;

     

       152
       152
       -
       

     

       153
       153
       -
           local.fragment.nix.enable = true;

     

       154
       154
       -
       

     

       155
       155
       -
           programs.fish.enable = true;

     

       156
       156
       -
       

     

       157
       157
       -
           services.tangled-knot = {

     

       158
       158
       -
             enable = true;

     

       159
       159
       -
             openFirewall = true;

     

       160
       160
       -
       

     

       161
       161
       -
             motd = "Welcome to @wiro.world's knot!\n";

     

       162
       162
       -
             server = {

     

       163
       163
       -
               listenAddr = "localhost:${toString tangled-knot-port}";

     

       164
       164
       -
               hostname = tangled-knot-hostname;

     

       165
       165
       -
               owner = tangled-owner;

     

       166
       166
       -
             };

     

       167
       167
       -
           };

     

       168
       168
       -
       

     

       169
       169
       -
       

     

       170
       170
       -
           services.tangled-spindle = {

     

       171
       171
       -
             enable = true;

     

       172
       172
       -
       

     

       173
       173
       -
             server = {

     

       174
       174
       -
               listenAddr = "localhost:${toString tangled-spindle-port}";

     

       175
       175
       -
               hostname = tangled-spindle-hostname;

     

       176
       176
       -
               owner = tangled-owner;

     

       177
       177
       -
             };

     

       178
       178
       -
           };

     

       179
       179
       -
       

     

       180
       180
       -
           services.grafana = {

     

       181
       181
       -
             enable = true;

     

       182
       182
       -
       

     

       183
       183
       -
             settings.server = {

     

       184
       184
       -
               http_port = grafana-port;

     

       185
       185
       -
               domain = grafana-hostname;

     

       186
       186
       -
             };

     

       187
       187
       -
           };

     

       188
       188
       -
       

     

       189
       189
       -
           services.prometheus = {

     

       190
       190
       -
             enable = true;

     

       191
       191
       -
             port = prometheus-port;

     

       192
       192
       -
       

     

       193
       193
       -
             scrapeConfigs = [

     

       194
       194
       -
               {

     

       195
       195
       -
                 job_name = "caddy";

     

       196
       196
       -
                 static_configs = [{ targets = [ "localhost:${toString 2019}" ]; }];

     

       197
       197
       -
               }

     

       198
       198
       -
               {

     

       199
       199
       -
                 job_name = "node";

     

       200
       200
       -
                 static_configs = [{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }];

     

       201
       201
       -
               }

     

       202
       202
       -
             ];

     

       203
       203
       -
       

     

       204
       204
       -
             exporters.node = {

     

       205
       205
       -
               enable = true;

     

       206
       206
       -
               port = prometheus-node-exporter-port;

     

       207
       207
       -
             };

     

       208
       208
       -
           };

     

       209
       209
       -
       

     

       210
       210
       -
           services.thelounge = {

     

       211
       211
       -
             enable = true;

     

       212
       212
       -
             port = thelounge-port;

     

       213
       213
       -
             public = false;

     

       214
       214
       -
             extraConfig = {

     

       215
       215
       -
               host = "127.0.0.1";

     

       216
       216
       -
               reverseProxy = true;

     

       217
       217
       -
             };

     

       218
       218
       -
           };

     

       219
       219
       -
         };

     

       220
       220
       -
       }

+2 -2

overlays/patches.nix

···

       8
       8
        
           src = prev.fetchFromGitHub {

     

       9
       9
        
             owner = "mrnossiom";

     

       10
       10
        
             repo = "swaylock";

     

       11
       11
       -
             rev = "5aebb558663bebb09b86d6c4ca9b760791507b88";

     

       12
       12
       -
             hash = "sha256-1XotT0XKoDyg7ytzoqgxdHHA64oce4b8CZU53luI5j0=";

     

       11
       11
       +
             rev = "1e949610081ea0788d9fba6f0d7c909d7b62e9e0";

     

       12
       12
       +
             hash = "sha256-3YN6n5mYB7r1Xk22AGYMusNbA6aBD6OMU3Gn9OOuS6o=";

     

       13
       13
        
           };

     

       14
       14
        
         });

     

       15
       15
        
       }

+20 -11

pkgs/default.nix

···

       1
       1
       -
       { self, system, ... }@pkgs:

     

       1
       1
       +
       { self

     

       2
       2
       +
       

     

       3
       3
       +
       , stdenv

     

       4
       4
       +
       , callPackage

     

       5
       5
       +
       , ...

     

       6
       6
       +
       }:

     

       2
       7
        
       

     

       3
       8
        
       let

     

       4
       4
       -
         inherit (self.inputs) agenix git-leave helix jujutsu wakatime-ls;

     

       9
       9
       +
         inherit (stdenv.hostPlatform) system;

     

       10
       10
       +
       

     

       11
       11
       +
         inherit (self.inputs)

     

       12
       12
       +
           agenix

     

       13
       13
       +
           git-leave

     

       14
       14
       +
           nix-alien

     

       15
       15
       +
           wakatime-ls

     

       16
       16
       +
           ;

     

       5
       17
        
       in

     

       6
       18
        
       {

     

       7
       7
       -
         asak = pkgs.callPackage ./asak.nix { };

     

       8
       8
       -
         ebnfer = pkgs.callPackage ./ebnfer.nix { };

     

       9
       9
       -
         find-unicode = pkgs.callPackage ./find-unicode.nix { };

     

       10
       10
       -
         names = pkgs.callPackage ./names.nix { };

     

       11
       11
       -
         otree = pkgs.callPackage ./otree.nix { };

     

       12
       12
       -
         probe-rs-udev-rules = pkgs.callPackage ./probe-rs-udev-rules.nix { };

     

       13
       13
       -
         where-is-my-sddm-theme = pkgs.callPackage ./where-is-my-sddm-theme.nix { };

     

       19
       19
       +
         asak = callPackage ./asak.nix { };

     

       20
       20
       +
         ebnfer = callPackage ./ebnfer.nix { };

     

       21
       21
       +
         find-unicode = callPackage ./find-unicode.nix { };

     

       22
       22
       +
         names = callPackage ./names.nix { };

     

       23
       23
       +
         probe-rs-udev-rules = callPackage ./probe-rs-udev-rules.nix { };

     

       14
       24
        
       

     

       15
       25
        
         # Import packages defined in foreign repositories

     

       16
       26
        
         inherit (agenix.packages.${system}) agenix;

     

       17
       27
        
         inherit (git-leave.packages.${system}) git-leave;

     

       18
       18
       -
         inherit (helix.packages.${system}) helix;

     

       19
       19
       -
         inherit (jujutsu.packages.${system}) jujutsu;

     

       28
       28
       +
         inherit (nix-alien.packages.${system}) nix-alien;

     

       20
       29
        
         inherit (wakatime-ls.packages.${system}) wakatime-ls;

     

       21
       30
        
       }

+1 -1

pkgs/find-unicode.nix

···

       15
       15
        
           hash = "sha256-hfTOUrFSlqOEzh2X3SnRx4UkmgCNDDfOjUT9325XSP8=";

     

       16
       16
        
         };

     

       17
       17
        
       

     

       18
       18
       -
         cargoHash = "sha256-Ap7aLgmwh1xJWUxL/PQcPo6KxlJNE47LFs+WNxLFWi8=";

     

       18
       18
       +
         cargoHash = "sha256-b+fRwdEI97Cljlz6r4sukPvkb9/x6UBKEhUDmLONh2w=";

     

       19
       19
        
       

     

       20
       20
        
         meta = with lib; {

     

       21
       21
        
           description = "Find Unicode characters, the easy way! A simple command line application to find unicode characters with minimum effort.";

-38

pkgs/otree.nix

···

       1
       1
       -
       { lib

     

       2
       2
       -
       

     

       3
       3
       -
       , stdenv

     

       4
       4
       -
       , rustPlatform

     

       5
       5
       -
       , fetchFromGitHub

     

       6
       6
       -
       , darwin

     

       7
       7
       -
       }:

     

       8
       8
       -
       

     

       9
       9
       -
       rustPlatform.buildRustPackage rec {

     

       10
       10
       -
         pname = "otree";

     

       11
       11
       -
         version = "0.1.0";

     

       12
       12
       -
       

     

       13
       13
       -
         src = fetchFromGitHub {

     

       14
       14
       -
           owner = "fioncat";

     

       15
       15
       -
           repo = pname;

     

       16
       16
       -
           # rev = "v${version}";

     

       17
       17
       -
           rev = "bbaf9d53659e242eb7e85517c2d8aacefcac7d25";

     

       18
       18
       -
           hash = "sha256-xqTfNFot8wXSTxsQVwM+4hD+z0BIbblC/lpd9uBJf8I=";

     

       19
       19
       -
         };

     

       20
       20
       -
       

     

       21
       21
       -
         cargoLock = {

     

       22
       22
       -
           lockFile = "${src}/Cargo.lock";

     

       23
       23
       -
           outputHashes = {

     

       24
       24
       -
             "tui-tree-widget-0.20.0" = "sha256-/uLp63J4FoMT1rMC9cv49JAX3SuPvFWPtvdS8pspsck=";

     

       25
       25
       -
           };

     

       26
       26
       -
         };

     

       27
       27
       -
       

     

       28
       28
       -
         buildInputs = [ ]

     

       29
       29
       -
           ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.IOKit ];

     

       30
       30
       -
       

     

       31
       31
       -
         meta = with lib; {

     

       32
       32
       -
           description = "A command line tool to view objects (JSON/YAML/TOML) in TUI tree widget";

     

       33
       33
       -
           homepage = "https://github.com/fioncat/otree";

     

       34
       34
       -
           license = licenses.mit;

     

       35
       35
       -
           maintainers = with maintainers; [ mrnossiom ];

     

       36
       36
       -
           mainProgram = "otree";

     

       37
       37
       -
         };

     

       38
       38
       -
       }

-21

pkgs/where-is-my-sddm-theme.nix

···

       1
       1
       -
       { stdenv

     

       2
       2
       -
       , fetchFromGitHub

     

       3
       3
       -
       }:

     

       4
       4
       -
       

     

       5
       5
       -
       stdenv.mkDerivation rec {

     

       6
       6
       -
         pname = "where-is-my-sddm-theme";

     

       7
       7
       -
         version = "v1.12.0";

     

       8
       8
       -
       

     

       9
       9
       -
         src = fetchFromGitHub {

     

       10
       10
       -
           owner = "stepanzubkov";

     

       11
       11
       -
           repo = "where-is-my-sddm-theme";

     

       12
       12
       -
           rev = version;

     

       13
       13
       -
           hash = "sha256-+R0PX84SL2qH8rZMfk3tqkhGWPR6DpY1LgX9bifNYCg=";

     

       14
       14
       -
         };

     

       15
       15
       -
       

     

       16
       16
       -
         dontBuild = true;

     

       17
       17
       -
         installPhase = ''

     

       18
       18
       -
           mkdir -p $out/share/sddm/themes

     

       19
       19
       -
           cp -aR $src/where_is_my_sddm_theme/ $out/share/sddm/themes/

     

       20
       20
       -
         '';

     

       21
       21
       -
       }

-9

secrets/api-digital-ocean.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> X25519 QjkxfMP9vtiSZ+Y/7jkOURnuAdVCtQ/Rt1FAalv9Ijs

     

       3
       3
       -
       f4YwmiPs/u9A0x0tQ6UNK0697l6E6FrGhmyLJOZGsmI

     

       4
       4
       -
       -> ssh-ed25519 SmMcWg 7U9uVnJECX84xjSV1v18pzIb7GDd1zjaLNWfx1SWFBI

     

       5
       5
       -
       QZq9+tEJOh9C6XOiZdg4ISE8qt6Dzw9ABKZd6XAwZkk

     

       6
       6
       -
       -> ssh-ed25519 Q8rMFA wSgLP9znMedYlvWIJUmm9crT6nmItaxH2ajilON45gE

     

       7
       7
       -
       LqWiMQ4wJVVdUQZKXrJINFvVfQAK51vd0F4ENQgnZ7Y

     

       8
       8
       -
       --- iGtdwVDXIMUcgytMAUDg0hvcI2mJpupSIrhEaZZxi18

     

       9
       9
       -
       �k�UR�H��Jr�e���]�$��U����DT���\9;`o\<N�f�N���K�M�!'���������;���}߯�L���۟:v����@׫�X/�

-9

secrets/api-gitguardian.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> X25519 P02aVaHZQ2qXu3isJo+EYi3l+8ah016KyFnmSMYZjzk

     

       3
       3
       -
       LhVoE334CQuJQkX983mH6HH7zr1UWe3xc+Mz6O0FzDk

     

       4
       4
       -
       -> ssh-ed25519 SmMcWg n8gZ++y3KQag3oTL/57CX+/X1wRvDT88hKxVE0CxRVQ

     

       5
       5
       -
       Ntsbw27gg3qsnCsx0myrsp08Er+KDL2okMI5wsC5NPU

     

       6
       6
       -
       -> ssh-ed25519 Q8rMFA fiOu3mPZzZDRNCKERYeqiVt4dcR1Jbzk0BUF0h2bPCM

     

       7
       7
       -
       97jBhXpNGD/p6VmfOZJWn+XMdZlKv/OqbVwfUuha1Qc

     

       8
       8
       -
       --- Q1AjMGJdUTSjfkYBSiZBrh5ra7rhfSKW/+f4daXP1iU

     

       9
       9
       -
       J��n�AL�����g<�7�En��kM�tk�����c*���L��P�R���M�P��::%�x��������x��V<$�M���\�4�r����6g�r���]

secrets/api-wakapi.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> X25519 P3dUySI4VwJJUWjpuvnNgNOc5qm+tts7ZJuvWUYgeS4

     

       3
       3
       +
       kEVQQz087nplbJ9GkZUe0MqxLPwrH1T6KpsZWiZL2mo

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg F5mQDfhuSx6OBGeIM+um+ieZcTFEKJE7lXjVT+uAnBk

     

       5
       5
       +
       Cy2b9Nn4ssEAtqLF5Vz3nUmmf8OXMuMWrnVcDvS3kKE

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA JQXHaBwrI1W+vUjShzXegUk1+Ljp3ri6LIs29koks0g

     

       7
       7
       +
       SU3a1I74g2lh+/cXa5tXxC5HzedLcaOdp1e7IFUb6/Y

     

       8
       8
       +
       --- z7a/0fV4R8019GUsAsZ5TX1g2wLl34UBHvzE/7Cz3WM

     

       9
       9
       +
       L٦h|�
��e�S���H����n4\̵����G͵���8ư*M`>���S�
@R�p҂�l�>�3C�

secrets/backup/rclone-googledrive.age

This is a binary file and will not be displayed.

-11

secrets/backup/restic-key.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> ssh-ed25519 y5GeNA 1N1OVMREI3zSaiCLoQxMQ9Wr86qZY8VyjozUISnWCW0

     

       3
       3
       -
       2FN3NfQPL/kwY7aYqrVpCtmLukgr9i7kx0JGPnYhxAw

     

       4
       4
       -
       -> ssh-ed25519 eJgqzQ TTEr023Bnn3aoRkBa323tMiaNRdrRxyACSpx54IR9xw

     

       5
       5
       -
       4E1qMVjoITuAgIxU+LxOWcaifiMSW4CG9do9Difx364

     

       6
       6
       -
       -> ssh-ed25519 SmMcWg r5x4S4NKIChSblXmCIKOECKGyIF+nviiFH4wICWjaC4

     

       7
       7
       -
       yGmvndLj+skZHqXMWME3VWOM8J/FTnf/GpDx5mqmask

     

       8
       8
       -
       -> ssh-ed25519 Q8rMFA Qqn/Mn1LePKebEC/yVPFL8mVQ//yYI4W/A+suQ3JWxg

     

       9
       9
       -
       cogONQEq9n053vHfBFc+WGU34m1jrnwwvWF6VXapA2U

     

       10
       10
       -
       --- ikgNePR9NDxtZrxZCEhww8eMUxoo43GUq09qxNtmNOY

     

       11
       11
       -
       y���f�ж?�,7򻌮9���̕ JL����_�^Q�BۖN�P�ṭ��K	�Di�Op��&��⁺A���O�T-�%��u'TݼVZ��>ƭ+�{}��M�B�$�����$�k(PR�r�m���LQ����=�r/���rh�]t>e��F�S/���� �����"_s'������`����-3�4@ª�E�}���Q{&.�^��'�

secrets/backup-rclone-googledrive.age

This is a binary file and will not be displayed.

+11

secrets/backup-restic-key.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 y5GeNA 1N1OVMREI3zSaiCLoQxMQ9Wr86qZY8VyjozUISnWCW0

     

       3
       3
       +
       2FN3NfQPL/kwY7aYqrVpCtmLukgr9i7kx0JGPnYhxAw

     

       4
       4
       +
       -> ssh-ed25519 eJgqzQ TTEr023Bnn3aoRkBa323tMiaNRdrRxyACSpx54IR9xw

     

       5
       5
       +
       4E1qMVjoITuAgIxU+LxOWcaifiMSW4CG9do9Difx364

     

       6
       6
       +
       -> ssh-ed25519 SmMcWg r5x4S4NKIChSblXmCIKOECKGyIF+nviiFH4wICWjaC4

     

       7
       7
       +
       yGmvndLj+skZHqXMWME3VWOM8J/FTnf/GpDx5mqmask

     

       8
       8
       +
       -> ssh-ed25519 Q8rMFA Qqn/Mn1LePKebEC/yVPFL8mVQ//yYI4W/A+suQ3JWxg

     

       9
       9
       +
       cogONQEq9n053vHfBFc+WGU34m1jrnwwvWF6VXapA2U

     

       10
       10
       +
       --- ikgNePR9NDxtZrxZCEhww8eMUxoo43GUq09qxNtmNOY

     

       11
       11
       +
       y���f�ж?�,7򻌮9���̕ JL����_�^Q�BۖN�P�ṭ��K	�Di�Op��&��⁺A���O�T-�%��u'TݼVZ��>ƭ+�{}��M�B�$�����$�k(PR�r�m���LQ����=�r/���rh�]t>e��F�S/���� �����"_s'������`����-3�4@ª�E�}���Q{&.�^��'�

+18 -21

secrets/default.nix

···

       1
       1
       +
       keys:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         inherit (keys) sessions systems users;

     

       5
       5
       +
       

     

       6
       6
       +
         nixos = systems ++ users;

     

       7
       7
       +
         home-manager = sessions ++ users;

     

       8
       8
       +
       in

     

       1
       9
        
       {

     

       2
       2
       -
         nixos = {

     

       3
       3
       -
           backup-rclone-googledrive.file = ./backup/rclone-googledrive.age;

     

       4
       4
       -
           backup-restic-key.file = ./backup/restic-key.age;

     

       5
       5
       -
         };

     

       10
       10
       +
         # Used in NixOS config

     

       11
       11
       +
         "backup-rclone-googledrive.age".publicKeys = nixos;

     

       12
       12
       +
         "backup-restic-key.age".publicKeys = nixos;

     

       6
       13
        
       

     

       7
       7
       -
         home-manager = {

     

       8
       8
       -
           api-crates-io.file = ./api-crates-io.age;

     

       9
       9
       -
           api-digital-ocean.file = ./api-digital-ocean.age;

     

       10
       10
       -
           api-gitguardian.file = ./api-gitguardian.age;

     

       11
       11
       -
           api-wakatime.file = ./api-wakatime.age;

     

       12
       12
       -
         };

     

       14
       14
       +
         # Used in Home Manager

     

       15
       15
       +
         "api-crates-io.age".publicKeys = home-manager;

     

       16
       16
       +
         "api-wakatime.age".publicKeys = home-manager;

     

       17
       17
       +
         "api-wakapi.age".publicKeys = home-manager;

     

       13
       18
        
       

     

       14
       14
       -
         deploy = {

     

       15
       15
       -
           # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`,

     

       16
       16
       -
           # `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL` and

     

       17
       17
       -
           # `PDS_EMAIL_FROM_ADDRESS`

     

       18
       18
       -
           pds-config.file = ./pds-env.age;

     

       19
       19
       -
         };

     

       20
       20
       -
       

     

       21
       21
       -
         none = {

     

       22
       22
       -
           pgp-ca5e.file = ./pgp-ca5e.age;

     

       23
       23
       -
           ssh-uxgi.file = ./ssh-uxgi.age;

     

       24
       24
       -
         };

     

       19
       19
       +
         # Not used in config but useful

     

       20
       20
       +
         "pgp-ca5e.age".publicKeys = users;

     

       21
       21
       +
         "ssh-uxgi.age".publicKeys = users;

     

       25
       22
        
       }

+10 -10

secrets/keys.nix

···

       1
       1
        
       rec {

     

       2
       2
        
         # Machine SSH key (/etc/ssh/ssh_host_ed25519_key.pub)

     

       3
       3
       -
         archaic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDuBHC0f7N0q1KRczJMoaBVdY0JFOtcpPy6WlYsoxUh";

     

       4
       4
       -
         neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR1/9o1HLnSRkXt3xxAM5So1YCCNdJpBN1leSu7giuR";

     

       5
       5
       -
         systems = [ archaic neo ];

     

       3
       3
       +
         archaic-wiro-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDuBHC0f7N0q1KRczJMoaBVdY0JFOtcpPy6WlYsoxUh";

     

       4
       4
       +
         neo-wiro-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR1/9o1HLnSRkXt3xxAM5So1YCCNdJpBN1leSu7giuR";

     

       5
       5
       +
         systems = [ archaic-wiro-laptop neo-wiro-laptop ];

     

       6
       6
        
       

     

       7
       7
       -
         weird-row = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5sThvKuIj8yfeZzUPYfxWxnjTTdNtSID2OL4czE8AL";

     

       8
       8
       -
         servers = [ weird-row ];

     

       7
       7
       +
         weird-row-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5sThvKuIj8yfeZzUPYfxWxnjTTdNtSID2OL4czE8AL";

     

       8
       8
       +
         servers = [ weird-row-server ];

     

       9
       9
        
       

     

       10
       10
        
         # Sessions specific age key (~/.ssh/id_home_manager.pub)

     

       11
       11
       -
         neo-milomoisson = "age1vz2zmduaqhaw5jrqh277pmp36plyth8rz5k9ccxeftfcl2nlhalqwvx5xz";

     

       12
       12
       -
         sessions = [ neo-milomoisson ];

     

       11
       11
       +
         neo-milo = "age1vz2zmduaqhaw5jrqh277pmp36plyth8rz5k9ccxeftfcl2nlhalqwvx5xz";

     

       12
       12
       +
         sessions = [ neo-milo ];

     

       13
       13
        
       

     

       14
       14
       -
         # User keys (~/.ssh/id_ed25519.pub)

     

       15
       15
       -
         milomoisson = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdt7atyPTOfaBIsgDYYb0DG1yid2u78abaCDji6Uxgi";

     

       14
       14
       +
         # User keys (~/.ssh/id_{ed25519,ecdsa}.pub)

     

       15
       15
       +
         milo-ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdt7atyPTOfaBIsgDYYb0DG1yid2u78abaCDji6Uxgi";

     

       16
       16
        
         wirody = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdW6ijH9oTsrswUJmQBF2LQkhjrMFkJ1LktnirPuL2S";

     

       17
       17
       -
         users = [ milomoisson wirody ];

     

       17
       17
       +
         users = [ milo-ed25519 wirody ];

     

       18
       18
        
       }

secrets/pds-env.age

This is a binary file and will not be displayed.

-24

secrets/secrets.nix

···

       1
       1
       -
       let

     

       2
       2
       -
         inherit (import ./keys.nix) servers sessions systems users;

     

       3
       3
       -
       

     

       4
       4
       -
         nixos = systems ++ users;

     

       5
       5
       -
         home-manager = sessions ++ users;

     

       6
       6
       -
         deploy = servers ++ users;

     

       7
       7
       -
       in

     

       8
       8
       -
       {

     

       9
       9
       -
         # Used in NixOS config

     

       10
       10
       -
         "backup/rclone-googledrive.age".publicKeys = nixos;

     

       11
       11
       -
         "backup/restic-key.age".publicKeys = nixos;

     

       12
       12
       -
       

     

       13
       13
       -
         # Used in Home Manager

     

       14
       14
       -
         "api-crates-io.age".publicKeys = home-manager;

     

       15
       15
       -
         "api-digital-ocean.age".publicKeys = home-manager;

     

       16
       16
       -
         "api-gitguardian.age".publicKeys = home-manager;

     

       17
       17
       -
         "api-wakatime.age".publicKeys = home-manager;

     

       18
       18
       -
       

     

       19
       19
       -
         "pds-env.age".publicKeys = deploy;

     

       20
       20
       -
       

     

       21
       21
       -
         # Not used in config but useful

     

       22
       22
       -
         "pgp-ca5e.age".publicKeys = users;

     

       23
       23
       -
         "ssh-uxgi.age".publicKeys = users;

     

       24
       24
       -
       }

+9 -2

secrets.nix

···

       1
       1
        
       let

     

       2
       2
        
         inherit (builtins) listToAttrs attrNames;

     

       3
       3
       +
       

     

       4
       4
       +
         # Map the name and value of all items of an attrset

     

       3
       5
        
         mapAttrs' =

     

       4
       6
        
           f:

     

       5
       7
        
           set:

     

       6
       8
        
           listToAttrs (map (attr: f attr set.${attr}) (attrNames set));

     

       9
       9
       +
       

     

       10
       10
       +
         keys = import ./secrets/keys.nix;

     

       11
       11
       +
       

     

       12
       12
       +
         prependAttrsName = prefix: mapAttrs' (name: value: { name = prefix + name; inherit value; });

     

       13
       13
       +
         secretsDir = path: prependAttrsName (path + "/") ((import ./${path}/default.nix) keys);

     

       7
       14
        
       in

     

       8
       15
        
       

     

       9
       9
       -
       # You can use agenix directly at repo top-level instead of having to change directory into `secrets/`

     

       10
       10
       -
       mapAttrs' (name: value: { name = ("secrets/" + name); inherit value; }) (import ./secrets/secrets.nix)

     

       16
       16
       +
       secretsDir "secrets"

     

       17
       17
       +
         // secretsDir "hosts/weird-row-server/secrets"

+1 -1

templates/blank/flake.nix

···

       1
       1
        
       {

     

       2
       2
        
         inputs = {

     

       3
       3
       -
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";

     

       3
       3
       +
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

     

       4
       4
        
         };

     

       5
       5
        
       

     

       6
       6
        
         outputs = { self, nixpkgs }:

+1 -1

templates/c/flake.nix

···

       1
       1
        
       {

     

       2
       2
        
         inputs = {

     

       3
       3
       -
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";

     

       3
       3
       +
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

     

       4
       4
        
         };

     

       5
       5
        
       

     

       6
       6
        
         outputs = { self, nixpkgs }:

+1 -1

templates/rust/flake.nix

···

       1
       1
        
       {

     

       2
       2
        
         inputs = {

     

       3
       3
       -
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";

     

       3
       3
       +
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

     

       4
       4
        
       

     

       5
       5
        
           rust-overlay.url = "github:oxalica/rust-overlay";

     

       6
       6
        
           rust-overlay.inputs.nixpkgs.follows = "nixpkgs";

+1 -1

templates/rust-pkg/flake.nix

···

       1
       1
        
       {

     

       2
       2
        
         inputs = {

     

       3
       3
       -
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";

     

       3
       3
       +
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

     

       4
       4
        
       

     

       5
       5
        
           rust-overlay.url = "github:oxalica/rust-overlay";

     

       6
       6
        
           rust-overlay.inputs.nixpkgs.follows = "nixpkgs";

Compare changes