chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

started migration to snowfall

Browse source
This commit is contained in:
Chris Kruining 2025-07-23 10:03:10 +02:00
parent e293e87124
commit c8f6c4d818
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
100 changed files with 49 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/home/desktop/applications/communication.nix
View file

@ -1,19 +0,0 @@
{ options, config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf mkForce mkMerge;
inherit (lib.attrsets) attrValues;
cfg = config.modules.${user}.desktop.applications.communication;
in
{
options.modules.${user}.desktop.applications.communication = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Enable office suite (only-office)";
};
config = mkIf cfg.enable
{
home-manager.users.${user}.home.packages = with pkgs; [vesktop teamspeak_client signal-desktop];
};
}

53
modules/home/desktop/applications/email.nix
View file

@ -1,53 +0,0 @@
{ options, config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf mkForce mkMerge;
inherit (lib.attrsets) attrValues;
cfg = config.modules.${user}.desktop.applications.email;
in
{
options.modules.${user}.desktop.applications.email = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Enable email client (thunderbird)";
};
config = mkIf cfg.enable
{
programs.thunderbird = {
enable = true;
};
home-manager.users.${user} = {
home.packages = attrValues {
inherit (pkgs) thunderbird;
};
accounts.email.accounts = {
kruining = {
primary = true;
address = "chris@kruinin.eu";
realName = "Chris Kruining";
imap = {
host = "imap.kruining.eu";
port = 993;
};
thunderbird = {
enable = true;
profiles = [ "chris" ];
};
};
cgames = {
primary = false;
address = "chris@cgames.nl";
realName = "Chris P Bacon";
imap = {
host = "imap.cgames.nl";
port = 993;
};
};
};
};
};
}

28
modules/home/desktop/applications/office.nix
View file

@ -1,28 +0,0 @@
{ options, config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf mkForce mkMerge;
inherit (lib.attrsets) attrValues;
cfg = config.modules.${user}.desktop.applications.office;
in
{
options.modules.${user}.desktop.applications.office = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Enable office suite (only-office)";
};
config = mkIf cfg.enable
{
home-manager.users.${user}.home.packages = attrValues {
inherit (pkgs) onlyoffice-bin;
};
# nixpkgs.config.allowUnfreePredicate = pkg:
# builtins.elem (lib.getName pkg) [ "corefonts" ];
fonts.packages = with pkgs; [
corefonts
];
};
}

21
modules/home/desktop/applications/passwords.nix
View file

@ -1,21 +0,0 @@
{ options, config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf mkForce mkMerge;
inherit (lib.attrsets) attrValues;
cfg = config.modules.${user}.desktop.applications.passwords;
in
{
options.modules.${user}.desktop.applications.passwords = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Enable password manager (bitwarden)";
};
config = mkIf cfg.enable
{
home-manager.users.${user}.home.packages = attrValues {
inherit (pkgs) bitwarden-desktop;
};
};
}

36
modules/home/desktop/applications/recording.nix
View file

@ -1,36 +0,0 @@
{ options, config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf mkForce mkMerge;
inherit (lib.attrsets) attrValues;
cfg = config.modules.${user}.desktop.applications.recording;
in
{
options.modules.${user}.desktop.applications.recording = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Enable recording software (OBS Studio)";
};
config = mkIf cfg.enable
{
boot = {
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
};
security.polkit.enable = true;
home-manager.users.${user}.home.packages = with pkgs; [
obs-studio
obs-studio-plugins.wlrobs
obs-studio-plugins.obs-backgroundremoval
obs-studio-plugins.obs-pipewire-audio-capture
];
};
}

55
modules/home/desktop/applications/steam.nix
View file

@ -1,55 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib) mkEnableOption mkIf mkForce mkMerge;
cfg = config.modules.${user}.desktop.applications.steam;
desktop = config.modules.${user}.desktop;
in
{
options.modules.${user}.desktop.applications.steam = {
enable = mkEnableOption "Enable steam, the game/software store";
hardware.enable = mkEnableOption "Support for steam hardware";
};
config = mkIf cfg.enable (mkMerge [
{
programs.steam = {
enable = true;
package = pkgs.steam-small.override {
extraEnv = {
DXVK_HUD = "compiler";
MANGOHUD = true;
};
};
};
hardware.steam-hardware.enable = mkForce cfg.hardware.enable;
# https://github.com/FeralInteractive/gamemode
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {};
};
}
(mkIf (desktop.type == "wayland") {
# https://github.com/ValveSoftware/gamescope
programs.gamescope = {
enable = true;
capSysNice = true;
env = {
DXVK_HDR = "1";
ENABLE_GAMESCOPE_WSI = "1";
WINE_FULLSCREEN_FSR = "1";
WLR_RENDERER = "vulkan";
};
args = ["--hdr-enabled"];
};
programs.steam.gamescopeSession = {
enable = true;
args = ["--immediate-flips"];
};
})
]);
}

17
modules/home/desktop/applications/studio.nix
View file

@ -1,17 +0,0 @@
{ pkgs, config, lib, user, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.modules.${user}.desktop.applications.studio;
in
{
options.modules.${user}.desktop.applications.studio = {
enable = mkEnableOption "Enable Bricklink Studio";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
my.studio
];
};
}

82
modules/home/desktop/browsers/chrome.nix
View file

@ -1,82 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf;
inherit (builtins) fetchurl;
cfg = config.modules.${user}.desktop.browsers.chrome;
in {
options.modules.${user}.desktop.browsers.chrome = {
enable = mkEnableOption "Enable Chrome";
};
config = mkIf cfg.enable {
home-manager.users.${user}.home.packages = [
pkgs.chromium
# (pkgs.ungoogled-chromium.override {
# commandLineArgs = [
# "--enable-features=AcceleratedVideoEncoder"
# "--ignore-gpu-blocklist"
# "--enable-zero-copy"
# "--ozone-platform-hint=auto"
# "--password-store=basic"
# ];
# })
];
programs.chromium = {
enable = true;
enablePlasmaBrowserIntegration = true;
extensions = let
# create_extension_for = browserVersion: { id, sha256, version }: {
# inherit id;
# crxPath = fetchurl {
# url = "https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=${browserVersion}&x=id%3D${id}%26installsource%3Dondemand%26uc";
# name = "${id}.crx";
# inherit sha256;
# };
# inherit version;
# };
# create_extension = create_extension_for (lib.versions.major pkgs.ungoogled-chromium.version);
in [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # UBlock origin
"mnjggcdmjocbbbhaepdhchncahnbgone" # Sponsor block
"eimadpbcbfnmbkopoojfekhnkhdbieeh" # Dark reader
"nngceckbapebfimnlniiiahkandclblb" # Bitwarden
# (create_extension {
# id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; # UBlock origin
# sha256 = "sha256:1lnk0k8zy0w33cxpv93q1am0d7ds2na64zshvbwdnbjq8x4sw5p6";
# version = "1.63.2";
# })
# (create_extension {
# id = "mnjggcdmjocbbbhaepdhchncahnbgone"; # Sponsor block
# sha265 = "";
# version = "";
# })
# (create_extension {
# id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; # Dark reader
# sha265 = "";
# version = "";
# })
# (create_extension {
# id = "nngceckbapebfimnlniiiahkandclblb"; # Bitwarden
# sha265 = "";
# version = "";
# })
];
defaultSearchProviderEnabled = true;
defaultSearchProviderSearchURL = "https://duckduckgo.com?q={searchTerms}";
extraOpts = {
"ExtensionManifestV2Availability" = 2;
"BrowserSignin" = 0;
"SyncDisabled" = true;
"PasswordManagerEnabled" = false;
"SpellcheckEnabled" = true;
"SpellcheckLanguage" = [
"nl-NL"
"en-GB"
];
};
};
};
}

27
modules/home/desktop/browsers/default.nix
View file

@ -1,27 +0,0 @@
{
options,
config,
lib,
pkgs,
user,
...
}: let
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.desktop.browsers;
in {
options.modules.${user}.desktop.browsers = let
inherit (lib.options) mkOption;
inherit (lib.types) nullOr str;
in {
default = mkOption {
type = nullOr str;
default = null;
description = "Default system browser";
example = "firefox";
};
};
config = mkIf (cfg.default != null) {
home-manager.users.${user}.home.sessionVariables.BROWSER = cfg.default;
};
}

233
modules/home/desktop/browsers/firefox.nix
View file

@ -1,233 +0,0 @@
{ inputs, options, config, lib, pkgs, user, ... }:
let
inherit (builtins) toJSON;
inherit (lib.attrsets) attrValues mapAttrsToList;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.strings) concatStrings;
cfg = config.modules.${user}.desktop.browsers.firefox;
usr = config.users.users.${user};
in {
options.modules.${user}.desktop.browsers.firefox = let
inherit (lib.options) mkEnableOption;
inherit (lib.types) attrsOf oneOf bool int lines str;
inherit (lib.my) mkOpt mkOpt';
in {
enable = mkEnableOption "Gecko-based libre browser";
privacy.enable = mkEnableOption "Privacy Focused Firefox fork";
profileName = mkOpt str usr.name;
settings = mkOpt' (attrsOf (oneOf [bool int str])) {} ''
Firefox preferences set in <filename>user.js</filename>
'';
extraConfig = mkOpt' lines "" ''
Extra lines to add to <filename>user.js</filename>
'';
userChrome = mkOpt' lines "" "CSS Styles for Firefox's interface";
userContent = mkOpt' lines "" "Global CSS Styles for websites";
};
config = mkMerge [
(mkIf (config.modules.${user}.desktop.type == "wayland") {
environment.variables.MOZ_ENABLE_WAYLAND = "1";
})
(mkIf cfg.enable {
modules.${user}.desktop.browsers.firefox.settings = {
# TAB cycle URL's, not buttons..
"browser.toolbars.keyboard_navigation" = false;
# Disable annoying translation pop-up!
"browser.translations.automaticallyPopup" = false;
# Enables dark-themed flash before page-load:
"ui.systemUsesDarkTheme" = "1";
# Developer tools -> uses dark theme
"devtools.theme" = "dark";
# FIXME: IM-Wheel -> Manual scroll speed ctrl bcs == buggy...
"mousewheel.min_line_scroll_amount" = 35;
# Enables ETP = decent security -> firefox containers = redundent
"browser.contentblocking.category" = "strict";
"privacy.donottrackheader.enabled" = true;
"privacy.donottrackheader.value" = 1;
"privacy.purge_trackers.enabled" = true;
# Syncs Firefox toolbar settings across machines
# WARNING: May not work across OS'es
"services.sync.prefs.sync.browser.uiCustomization.state" = true;
# Enables userContent.css and userChrome.css for our theme modules
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
# Stop creating ~/Downloads!
"browser.download.dir" = "${usr.home}/downloads";
# Disables built-in password manager -> use external PM!
"signon.rememberSignons" = false;
# Firefox, DO NOT CHECK if you are the default browser..
"browser.shell.checkDefaultBrowser" = false;
# Disables "New Tab Page" feature
"browser.newtabpage.enabled" = false;
# Disables Activity Stream
"browser.newtabpage.activity-stream.enabled" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
# Disables new tab tile ads & preload
"browser.newtabpage.enhanced" = false;
"browser.newtabpage.introShown" = true;
"browser.newtab.preload" = false;
"browser.newtabpage.directory.ping" = "";
"browser.newtabpage.directory.source" = "data:text/plain,{}";
# Reduces search engine noise in the urlbar's completion window
# PS: Shortcuts and suggestions still work
"browser.urlbar.suggest.searches" = false;
"browser.urlbar.shortcuts.bookmarks" = false;
"browser.urlbar.shortcuts.history" = false;
"browser.urlbar.shortcuts.tabs" = false;
"browser.urlbar.showSearchSuggestionsFirst" = false;
"browser.urlbar.speculativeConnect.enabled" = false;
# Prevents search terms from being sent to ISP
"browser.urlbar.dnsResolveSingleWordsAfterSearch" = 0;
# Disables sponsored search results
"browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
"browser.urlbar.suggest.quicksuggest.sponsored" = false;
# Shows whole URL in address bar
"browser.urlbar.trimURLs" = false;
# Disables non-useful funcionality of certain features
"browser.disableResetPrompt" = true;
"browser.onboarding.enabled" = false;
"browser.aboutConfig.showWarning" = false;
"media.videocontrols.picture-in-picture.video-toggle.enabled" = false;
"extensions.pocket.enabled" = false;
"extensions.shield-recipe-client.enabled" = false;
"reader.parse-on-load.enabled" = false;
# Allow seperate search-engine usage in private mode!
"browser.search.separatePrivateDefault.ui.enabled" = true;
# Security-oriented defaults:
"security.family_safety.mode" = 0;
# https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
"security.pki.sha1_enforcement_level" = 1;
# https://github.com/tlswg/tls13-spec/issues/1001
"security.tls.enable_0rtt_data" = false;
# Uses Mozilla geolocation service instead of Google if given permission
"geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"geo.provider.use_gpsd" = false;
# https://support.mozilla.org/en-US/kb/extension-recommendations
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr" = false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" =
false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" =
false;
"extensions.htmlaboutaddons.recommendations.enabled" = false;
"extensions.htmlaboutaddons.discover.enabled" = false;
"extensions.getAddons.showPane" = false; # Uses Google Analytics
"browser.discovery.enabled" = false;
# Reduces File IO / SSD abuse, 15 seconds -> 30 minutes
"browser.sessionstore.interval" = "1800000";
# Disables battery API
"dom.battery.enabled" = false;
# Disable cross-site ad-view tracking
"dom.private-attribution.submission.enabled" = false;
# Disables "beacon" asynchronous HTTP transfers (used for analytics)
"beacon.enabled" = false;
# Disables pinging URIs specified in HTML <a> ping= attributes
"browser.send_pings" = false;
# Disables gamepad API to prevent USB device enumeration
"dom.gamepad.enabled" = false;
# Prevents guessing domain names on invalid entry in URL-bar
"browser.fixup.alternate.enabled" = false;
# Disables telemetry settings
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.server" = "data:,";
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.coverage.opt-out" = true;
"toolkit.coverage.opt-out" = true;
"toolkit.coverage.endpoint.base" = "";
"experiments.supported" = false;
"experiments.enabled" = false;
"experiments.manifest.uri" = "";
"browser.ping-centre.telemetry" = false;
# https://mozilla.github.io/normandy/
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
"app.shield.optoutstudies.enabled" = false;
# Disables health reports (basically more telemetry)
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
# Disables crash reports
"breakpad.reportURL" = "";
"browser.tabs.crashReporting.sendReport" = false;
# Prevents the submission of backlogged reports
"browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
# Disable automatic Form autofill
"browser.formfill.enable" = false;
"extensions.formautofill.addresses.enabled" = false;
"extensions.formautofill.available" = "off";
"extensions.formautofill.creditCards.available" = false;
"extensions.formautofill.creditCards.enabled" = false;
"extensions.formautofill.heuristics.enabled" = false;
};
# Use a stable profile name so we can target it in themes
home-manager.users.${user}.home = {
packages = let
inherit (pkgs) makeDesktopItem;
inherit (inputs.firefox.packages.${pkgs.system}) firefox-nightly-bin;
in [
firefox-nightly-bin
(makeDesktopItem {
name = "firefox-nightly-private";
desktopName = "Firefox Nightly (Private)";
genericName = "Launch a private Firefox Nightly instance";
icon = "firefox-nightly";
exec = "${lib.getExe firefox-nightly-bin} --private-window";
categories = ["Network" "WebBrowser"];
})
];
file = let
cfgPath = ".mozilla/firefox";
in {
firefox-profiles = {
target = "${cfgPath}/profiles.ini";
text = ''
[Profile0]
Name=default
IsRelative=1
Path=${cfg.profileName}.default
Default=1
[General]
StartWithLastProfile=1
Version=2
'';
};
user-js = mkIf (cfg.settings != {} || cfg.extraConfig != "") {
target = "${cfgPath}/${cfg.profileName}.default/user.js";
text = ''
${concatStrings (mapAttrsToList (name: value: ''
user_pref("${name}", ${toJSON value});
'')
cfg.settings)}
${cfg.extraConfig}
'';
};
user-chrome = mkIf (cfg.userChrome != "") {
target = "${cfgPath}/${cfg.profileName}.default/chrome/userChrome.css";
text = cfg.userChrome;
};
user-content = mkIf (cfg.userContent != "") {
target = "${cfgPath}/${cfg.profileName}.default/chrome/userContent.css";
text = cfg.userContent;
};
};
};
})
(mkIf cfg.privacy.enable {
home-manager.users.${user}.home.packages = attrValues {
inherit (pkgs) librewolf;
};
})
];
}

17
modules/home/desktop/browsers/ladybird.nix
View file

@ -1,17 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.desktop.browsers.ladybird;
in {
options.modules.${user}.desktop.browsers.ladybird = {
enable = mkEnableOption "Enable Ladybird";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
ladybird
];
};
}

43
modules/home/desktop/browsers/zen.nix
View file

@ -1,43 +0,0 @@
{ inputs, options, config, lib, pkgs, user, ... }:
let
inherit (builtins) toJSON;
inherit (lib.attrsets) attrValues mapAttrsToList;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.strings) concatStrings;
cfg = config.modules.${user}.desktop.browsers.zen;
in {
options.modules.${user}.desktop.browsers.zen = let
inherit (lib.options) mkEnableOption;
inherit (lib.types) attrsOf oneOf bool int lines str;
inherit (lib.my) mkOpt mkOpt';
in {
enable = mkEnableOption "Gecko-based libre browser";
privacy.enable = mkEnableOption "Privacy Focused Firefox fork";
profileName = mkOpt str config.user.name;
settings = mkOpt' (attrsOf (oneOf [bool int str])) {} ''
Firefox preferences set in <filename>user.js</filename>
'';
extraConfig = mkOpt' lines "" ''
Extra lines to add to <filename>user.js</filename>
'';
userChrome = mkOpt' lines "" "CSS Styles for Firefox's interface";
userContent = mkOpt' lines "" "Global CSS Styles for websites";
};
config = mkMerge [
(mkIf (config.modules.${user}.desktop.type == "wayland") {
environment.variables.MOZ_ENABLE_WAYLAND = "1";
})
(mkIf cfg.enable {
home-manager.users.${user}.home.packages = let
inherit (pkgs) makeDesktopItem;
inherit (inputs.zen.packages.${pkgs.system}.specific) zen;
in [
zen
];
})
];
}

10
modules/home/desktop/default.nix
View file

@ -1,10 +0,0 @@
{ lib, user, ... }:
let
inherit (lib.types) either str;
inherit (lib.my) mkOpt;
in
{
options.modules.${user}.desktop = {
type = mkOpt (either str null) "wayland";
};
}

39
modules/home/desktop/editors/default.nix
View file

@ -1,39 +0,0 @@
{
config,
options,
lib,
pkgs,
user,
...
}: let
inherit (lib.attrsets) attrValues;
inherit (lib.modules) mkIf mkMerge;
cfg = config.modules.${user}.desktop.editors;
in {
options.modules.${user}.desktop.editors = let
inherit (lib.options) mkOption;
inherit (lib.types) nullOr enum;
in {
default = mkOption {
type = nullOr (enum [ "nano" "nvim" "zed" "kate" "vscodium" ]);
default = "nano";
description = "Default editor for text manipulation";
example = "nvim";
};
};
config = mkMerge [
(mkIf (cfg.default != null) {
home-manager.users.${user}.home.sessionVariables = {
EDITOR = cfg.default;
};
})
(mkIf (cfg.default == "nvim") {
home-manager.users.${user}.home.packages = attrValues {
inherit (pkgs) imagemagick editorconfig-core-c sqlite deno pandoc nuspell;
inherit (pkgs.hunspellDicts) nl_NL en_GB-ise;
};
})
];
}

18
modules/home/desktop/editors/kate.nix
View file

@ -1,18 +0,0 @@
{ config, options, lib, pkgs, user, ... }:
let
inherit (lib.meta) getExe;
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.desktop.editors.kate;
in
{
options.modules.${user}.desktop.editors.kate = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "kate";
};
config = mkIf cfg.enable {
home-manager.users.${user}.programs.kate.enable = true;
};
}

33
modules/home/desktop/editors/nano.nix
View file

@ -1,33 +0,0 @@
{ config, options, lib, pkgs, user, ... }:
let
inherit (lib.meta) getExe;
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.desktop.editors.nano;
in
{
options.modules.${user}.desktop.editors.nano = let
inherit (lib.options) mkEnableOption;
in { enable = mkEnableOption "nano"; };
config = mkIf cfg.enable {
home-manager.users.${user}.home.packages = with pkgs; [
nano
];
programs.nano = {
enable = true;
syntaxHighlight = true;
nanorc = ''
set autoindent
set jumpyscrolling
set linenumbers
set mouse
set saveonexit
set smarthome
set tabstospaces
set tabsize 2
'';
};
};
}

38
modules/home/desktop/editors/nvim.nix
View file

@ -1,38 +0,0 @@
{ config, lib, user, ... }:
let
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.desktop.editors.nvim;
in
{
options.modules.${user}.desktop.editors.nvim = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "neo-vim (nixvim)";
};
config = mkIf cfg.enable {
modules.desktop.editors.nvim.enable = true;
programs.nvf = {
enable = true;
settings = {
vim = {
statusline.lualine.enable = true;
telescope.enable = true;
autocomplete.nvim-cmp.enable = true;
lsp.enable = true;
languages = {
enableTreesitter = true;
nix.enable = true;
ts.enable = true;
rust.enable = true;
};
};
};
};
};
}

18
modules/home/desktop/editors/vscodium.nix
View file

@ -1,18 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.attrsets) attrValues;
cfg = config.modules.${user}.desktop.editors.vscodium;
in
{
options.modules.${user}.desktop.editors.vscodium = let
inherit (lib.options) mkEnableOption;
in { enable = mkEnableOption "vscodium"; };
config = mkIf cfg.enable {
home-manager.users.${user}.home.packages = attrValues {
inherit (pkgs) vscodium;
};
};
}

75
modules/home/desktop/editors/zed.nix
View file

@ -1,75 +0,0 @@
{ config, lib, pkgs, user, ... }: let
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.desktop.editors.zed;
in {
options.modules.${user}.desktop.editors.zed = let
inherit (lib.options) mkEnableOption;
in {enable = mkEnableOption "zed";};
config = mkIf cfg.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [
zed-editor nixd nil alejandra
];
programs.zed-editor = {
enable = true;
extensions = ["nix" "toml" "html"];
userSettings = {
assistant.enabled = false;
vim_mode = false;
load_direnv = "shell_hook";
base_keymap = "JetBrains";
format_on_save = "on";
bindings = {
"ctrl+s" = "workspace::SaveAll";
};
tabs = {
file_icons = true;
git_status = true;
};
project_panel.auto_reveal_entries = false;
"experimental.theme_overrides" = {
border = "#ffffff07";
};
hour_format = "hour24";
auto_update = false;
lsp = {
nixd = {};
nil = {
initialization_options = {
nix = {
flake = {
autoArchive = true;
};
};
formatting = {
command = ["alejandra" "--quiet" "--"];
};
};
binary = {
path_lookup = true;
};
};
};
languages = {
"Nix" = {
language_servers = ["nixd" "nil"];
format_on_save = "on";
};
};
};
};
};
};
}

20
modules/home/desktop/games/default.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, user, ... }: let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.${user}.desktop.games;
in
{
options.modules.${user}.desktop.games = {
enable = mkEnableOption "enable proton GE";
};
config = mkIf cfg.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ protonup ];
home.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
};
};
};
}

23
modules/home/desktop/games/minecraft.nix
View file

@ -1,23 +0,0 @@
{ options, config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf mkForce mkMerge;
inherit (lib.attrsets) attrValues;
cfg = config.modules.${user}.desktop.games.minecraft;
in
{
options.modules.${user}.desktop.games.minecraft = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "minecraft (Modrinth)";
};
config = mkIf cfg.enable {
# environment.systemPackages = [
# pkgs.minecract
# ];
home-manager.users.${user}.home.packages = attrValues {
inherit (pkgs) prismlauncher;
};
};
}

286
modules/home/desktop/plasma.nix
View file

@ -1,286 +0,0 @@
{ inputs, config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.desktop.plasma;
in
{
options.modules.${user}.desktop.plasma = let
inherit (lib.options) mkEnableOption mkOption;
in {
enable = mkEnableOption "plasma 6";
autoLogin = mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Enable plasma's auto login feature.";
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs.kdePackages; [
kcoreaddons
];
environment.plasma6.excludePackages = with pkgs.kdePackages; [ konsole kate ghostwriter oxygen ];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = {
xserver.enable = true;
desktopManager.plasma6.enable = true;
displayManager = {
defaultSession = "plasma";
sddm = {
enable = true;
wayland.enable = true;
};
autoLogin = mkIf cfg.autoLogin {
enable = true;
inherit user;
};
};
};
# should enable theme integration with gtk apps (i.e. firefox, thunderbird)
programs.dconf.enable = true;
home-manager = {
sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
];
users.${user}.programs.plasma = {
enable = true;
immutableByDefault = true;
windows.allowWindowsToRememberPositions = true;
session = {
general.askForConfirmationOnLogout = false;
sessionRestore.restoreOpenApplicationsOnLogin = "onLastLogout";
};
workspace = {
clickItemTo = "select";
colorScheme = "EverforestDark";
wallpaper = config.stylix.image;
};
spectacle.shortcuts = {
captureRectangularRegion = "Meta+Shift+S";
};
kwin = {
edgeBarrier = 0;
cornerBarrier = false;
effects = {
translucency.enable = true;
blur = {
enable = true;
strength = 5;
noiseStrength = 5;
};
snapHelper.enable = true;
};
};
panels = [
# Windows-like panel at the bottom
{
location = "bottom";
floating = true;
lengthMode = "fill";
height = 42;
hiding = "none";
screen = "all";
widgets = [
{
panelSpacer = {
expanding = true;
};
}
{
kickoff = {
applicationsDisplayMode = "list";
compactDisplayStyle = false;
favoritesDisplayMode = "grid";
sortAlphabetically = true;
showButtonsFor = {
custom = [
"shutdown"
"reboot"
"logout"
"lock-screen"
];
};
showActionButtonCaptions = true;
};
}
# {
# appMenu = {
# compactView = false;
# };
# }
{
iconTasks = {
appearance = {
fill = false;
highlightWindows = true;
iconSpacing = "medium";
indicateAudioStreams = true;
rows = {
multirowView = "never";
maximum = null;
};
showTooltips = true;
};
behavior = {
grouping = {
clickAction = "showPresentWindowsEffect";
method = "byProgramName";
};
minimizeActiveTaskOnClick = true;
newTasksAppearOn = "right";
showTasks = {
onlyInCurrentActivity = true;
onlyInCurrentDesktop = true;
onlyMinimized = false;
onlyInCurrentScreen = false;
};
sortingMethod = "manually";
unhideOnAttentionNeeded = true;
wheel = {
ignoreMinimizedTasks = true;
switchBetweenTasks = true;
};
};
launchers = [
"preferred://filemanager"
"preferred://browser"
"preferred://terminalemulator"
"preferred://email"
"applications:zededitor.desktop"
"applications:vesktop.desktop"
"applications:steam.desktop"
];
};
}
{
panelSpacer = {
expanding = true;
};
}
{
systemTray = {
icons = {
scaleToFit = true;
spacing = "small";
};
items = {
hidden = [
"org.kde.plasma.brightness"
];
};
pin = false;
};
}
{
digitalClock = {
date = {
enable = true;
format = "shortDate";
position = "belowTime";
};
time = {
format = "24h";
showSeconds = "onlyInTooltip";
};
};
}
];
}
];
powerdevil = {
AC = {
powerButtonAction = "shutDown";
whenLaptopLidClosed = "doNothing";
autoSuspend.action = "nothing";
dimDisplay.enable = false;
turnOffDisplay = {
idleTimeout = "never";
};
};
battery = {
powerButtonAction = "shutDown";
whenLaptopLidClosed = "doNothing";
autoSuspend.action = "nothing";
dimDisplay.enable = false;
turnOffDisplay = {
idleTimeout = "never";
};
};
lowBattery = {
powerButtonAction = "shutDown";
whenLaptopLidClosed = "doNothing";
autoSuspend.action = "nothing";
dimDisplay.enable = false;
turnOffDisplay = {
idleTimeout = "never";
};
};
};
kscreenlocker = {
autoLock = false;
lockOnResume = false;
lockOnStartup = false;
appearance = {
alwaysShowClock = true;
showMediaControls = true;
};
};
configFile = {
baloofilerc = {
};
kdeglobals = {
General = {
# enable font antialiasing
XftAntialias = true;
XftHintStyle = "hintslight";
XftSubPixel = "rgb";
};
};
kwalletrc = {
Wallet.Enabled = false;
};
plasmarc = {
General = {
RaiseMaximumVolume = true;
VolumeStep = 2;
};
};
kcminputrc = {
Keyboard.NumLock.value = 0;
};
};
};
};
};
}

50
modules/home/desktop/terminal/alacritty.nix
View file

@ -1,50 +0,0 @@
{
config,
lib,
pkgs,
user,
...
}: let
inherit (lib.meta) getExe;
inherit (lib.modules) mkIf mkMerge;
in {
options.modules.${user}.desktop.terminal.alacritty = let
inherit (lib.options) mkEnableOption;
in { enable = mkEnableOption "OpenGL terminal emulator"; };
config = mkIf config.modules.${user}.desktop.terminal.alacritty.enable {
modules.${user}.shell.toolset.tmux.enable = true;
home-manager.users.${user}.programs.alacritty = {
enable = true;
settings = mkMerge [
{
env = {
TERM = "xterm-256color";
WINIT_X11_SCALE_FACTOR = "1.0";
};
window.dynamic_title = true;
scrolling = {
history = 5000;
multiplier = 3;
};
selection = {
semantic_escape_chars = '',`|:"' ()[]{}<>'';
save_to_clipboard = false;
};
general.live_config_reload = true;
terminal.shell = {
program = "${getExe pkgs.zsh}";
args = ["-l" "-c" "tmux new || tmux"];
};
}
];
};
};
}

24
modules/home/desktop/terminal/default.nix
View file

@ -1,24 +0,0 @@
{ config, options, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkDefault mkIf mkMerge;
cfg = config.modules.${user}.desktop.terminal;
in {
options.modules.${user}.desktop.terminal = let
inherit (lib.options) mkOption;
inherit (lib.types) str;
in {
default = mkOption {
type = str;
default = "alacrity";
description = "Default terminal";
example = "alacrity";
};
};
config = mkMerge [
{
home-manager.users.${user}.home.sessionVariables.TERMINAL = cfg.default;
}
];
}

35
modules/home/desktop/terminal/ghostty.nix
View file

@ -1,35 +0,0 @@
{
config,
options,
lib,
pkgs,
user,
...
}: let
inherit (builtins) toString;
inherit (lib.meta) getExe;
inherit (lib.modules) mkIf mkMerge;
in {
options.modules.${user}.desktop.terminal.ghostty = let
inherit (lib.options) mkEnableOption;
in { enable = mkEnableOption "ghostty"; };
config = mkIf config.modules.${user}.desktop.terminal.ghostty.enable {
environment.systemPackages = [
pkgs.ghostty
];
modules.${user}.shell.toolset.tmux.enable = true;
home-manager.users.${user}.programs.ghostty = {
enable = true;
settings = {
background-blur-radius = 20;
theme = "dark:stylix,light:stylix";
window-theme = (config.modules.${user}.themes.polarity or "dark");
background-opacity = 0.8;
minimum-contrast = 1.1;
};
};
};
}

16
modules/home/develop/default.nix
View file

@ -1,16 +0,0 @@
{ config, lib, user, ... }:
let
inherit (lib.modules) mkIf;
in
{
options.modules.${user}.develop = let
inherit (lib.options) mkEnableOption;
in
{
xdg.enable = mkEnableOption "XDG-related conf" // { default = true; };
};
config = mkIf config.modules.${user}.develop.xdg.enable {
};
}

18
modules/home/develop/dotnet.nix
View file

@ -1,18 +0,0 @@
{ inputs, config, options, lib, pkgs, user, ... }:
let
inherit (lib.attrsets) attrValues;
inherit (lib.modules) mkIf mkMerge;
in
{
options.modules.${user}.develop.dotnet = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption ".NET developmnt";
};
config = mkIf config.modules.${user}.develop.dotnet.enable {
home-manager.users.${user}.home.packages = attrValues {
inherit (pkgs) dotnet-sdk_8;
};
};
}

28
modules/home/develop/js.nix
View file

@ -1,28 +0,0 @@
{ inputs, config, options, lib, pkgs, user, ... }:
let
inherit (lib.attrsets) attrValues;
inherit (lib.modules) mkIf mkMerge;
in
{
options.modules.${user}.develop.js = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "JS developmnt";
};
config = mkMerge [
(mkIf config.modules.${user}.develop.js.enable {
home-manager.users.${user}.home.packages = with pkgs; [
bun
nodejs
nodePackages_latest.typescript-language-server
];
})
(mkIf config.modules.${user}.develop.xdg.enable {
# home = {
# };
})
];
}

36
modules/home/develop/rust.nix
View file

@ -1,36 +0,0 @@
{ inputs, config, options, lib, pkgs, user, ... }:
let
inherit (lib.attrsets) attrValues;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.meta) getExe;
in
{
options.modules.${user}.develop.rust = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Rust developmnt";
};
config = mkMerge [
# (mkIf config.modules.${user}.develop.rust.enable {
# # nixpkgs.overlays = [inputs.rust.overlays.default];
#
# home-manager.users.${user}.home.packages = attrValues {
# # rust-package = pkgs.rust-bin.stable.latest.default;
# # inherit (pkgs) rust-analyzer rust-script;
# };
#
# environment.shellAliases = {
# rs = "rustc";
# ca = "cargo";
# };
# })
#
# (mkIf config.module.${user}s.develop.xdg.enable {
# home-manager.users.${user}.home = {
# sessionVariables.CARGO_HOME = "$XDG_DATA_HOME/cargo";
# sessionPath = ["$CARGO_HOME/bin"];
# };
# })
];
}

71
modules/home/shell/default.nix
View file

@ -1,71 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.attrsets) attrValues;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.types) nullOr enum;
cfg = config.modules.${user}.shell;
in
{
options.modules.${user}.shell = {
default = mkOption {
type = nullOr (enum ["fish" "zsh" "bash"]);
default = null;
description = "Default system shell";
};
corePkgs.enable = mkEnableOption "core shell packages";
};
config = mkMerge [
(mkIf (cfg.default != null) {
users.defaultUserShell = pkgs."${cfg.default}";
# modules.${user}.shell.toolset.gnupg.enable = true;
})
(mkIf cfg.corePkgs.enable {
modules.${user}.shell.toolset = {
bat.enable = true;
btop.enable = true;
eza.enable = true;
fzf.enable = true;
git.enable = true;
starship.enable = true;
tmux.enable = true;
yazi.enable = true;
zoxide.enable = true;
};
home-manager.users.${user} = {
home.packages = attrValues {
inherit (pkgs) any-nix-shell pwgen yt-dlp ripdrag;
inherit (pkgs) fd;
rgFull = pkgs.ripgrep.override {withPCRE2 = true;};
};
home.shellAliases = {
# ls = "eza -a";
# cat = "bat -pp";
# y = "yazi";
# zed = "zeditor .";
};
programs = {
direnv = {
enable = true;
config.global = {
load_dotenv = true;
strict_env = true;
hide_env_diff = true;
};
nix-direnv.enable = true;
config.whitelist.prefix = ["/home"];
};
};
};
})
];
}

22
modules/home/shell/toolset/bat.nix
View file

@ -1,22 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.${user}.shell.toolset.bat;
in
{
options.modules.${user}.shell.toolset.bat = {
enable = mkEnableOption "cat replacement";
};
config = mkIf cfg.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ bat ];
programs.bat = {
enable = true;
};
};
};
}

95
modules/home/shell/toolset/btop.nix
View file

@ -1,95 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib) mkIf mkEnableOption;
inherit (lib.strings) concatStringsSep;
cfg = config.modules.${user}.shell.toolset.btop;
in
{
options.modules.${user}.shell.toolset.btop = {
enable = mkEnableOption "system-monitor";
};
config = mkIf cfg.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ btop ];
programs.btop = {
enable = true;
settings = {
force_tty = false;
vim_keys = true; # Directional keys: "h,j,k,l,g,G"
update_ms = 1500; # ms (s^{-3})
temp_scale = "celsius";
base_10_sizes = false;
show_cpu_freq = true;
clock_format = "%H:%M";
background_update = true;
disks_filter = "exclude=/boot";
rounded_corners = true;
theme_background = false;
truecolor = true;
presets = concatStringsSep "," [
"cpu:1:default"
"proc:0:default cpu:0:default"
"mem:0:default"
"net:0:default cpu:0:block"
"net:0:tty"
];
graph_symbol = "braille";
graph_symbol_cpu = "default";
graph_symbol_mem = "default";
graph_symbol_net = "default";
graph_symbol_proc = "default";
shown_boxes = "proc cpu mem net";
proc_sorting = "cpu lazy";
proc_reversed = false;
proc_tree = false;
proc_colors = true;
proc_gradient = true;
proc_per_core = true;
proc_mem_bytes = true;
proc_info_smaps = false;
proc_left = false;
cpu_graph_upper = "total";
cpu_graph_lower = "total";
cpu_single_graph = false;
cpu_bottom = false;
show_uptime = true;
check_temp = true;
cpu_sensor = "Auto";
show_coretemp = true;
cpu_core_map = "";
custom_cpu_name = "";
mem_graphs = true;
mem_below_net = false;
show_swap = true;
swap_disk = true;
show_disks = true;
only_physical = true;
use_fstab = false; # Enable -> disables `only_physical`
disk_free_priv = false;
show_io_stat = true;
io_mode = false;
io_graph_combined = false;
io_graph_speeds = "";
net_download = 100;
net_upload = 100;
net_auto = true;
net_sync = false;
net_iface = "br0";
show_battery = true;
selected_battery = "Auto";
log_level = "DEBUG";
};
};
};
};
}

29
modules/home/shell/toolset/eza.nix
View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.${user}.shell.toolset.eza;
in
{
options.modules.${user}.shell.toolset.eza = {
enable = mkEnableOption "system-monitor";
};
config = mkIf cfg.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ eza ];
programs.eza = {
enable = true;
icons = "auto";
git = true;
extraOptions = [
"--hyperlink"
"--across"
"--group-directories-first"
];
};
};
};
}

37
modules/home/shell/toolset/fzf.nix
View file

@ -1,37 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib) mkIf mkEnableOption;
defShell = config.modules.${user}.shell.default;
in
{
options.modules.${user}.shell.toolset.fzf = {
enable = mkEnableOption "TUI Fuzzy Finder.";
};
config = mkIf config.modules.${user}.shell.toolset.fzf.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ fzf ];
programs.fzf = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = defShell == "zsh";
enableFishIntegration = defShell == "fish";
tmux.enableShellIntegration = true;
tmux.shellIntegrationOptions = ["-d 40%"];
defaultCommand = "fd --type f";
defaultOptions = ["--height 40%" "--border"];
changeDirWidgetCommand = "fd --type d";
changeDirWidgetOptions = ["--preview 'tree -C {} | head -200'"];
fileWidgetCommand = "fd --type f";
fileWidgetOptions = ["--preview 'head {}'"];
historyWidgetOptions = ["--sort" "--exact"];
};
};
};
}

112
modules/home/shell/toolset/git.nix
View file

@ -1,112 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf;
in
{
options.modules.${user}.shell.toolset.git = {
enable = mkEnableOption "version-control system";
};
config = mkIf config.modules.${user}.shell.toolset.git.enable {
environment.sessionVariables.GITHUB_TOKEN = "$(cat /run/agenix/tokenGH)";
home-manager.users.${user} = {
home.packages = with pkgs; [ lazygit lazyjj jujutsu ];
programs = {
zsh.initContent = ''
# -------===[ Helpful Git Fn's ]===------- #
gitignore() {
curl -s -o .gitignore https://gitignore.io/api/$1
}
'';
fish.functions = {
gitignore = "curl -sL https://www.gitignore.io/api/$argv";
};
git = {
enable = true;
package = pkgs.gitFull;
difftastic = {
enable = true;
background = "dark";
color = "always";
display = "inline";
};
ignores = [
# General:
"*.bloop"
"*.bsp"
"*.metals"
"*.metals.sbt"
"*metals.sbt"
"*.direnv"
"*.envrc"
"*hie.yaml"
"*.mill-version"
"*.jvmopts"
# OS-related:
".DS_Store?"
".DS_Store"
".CFUserTextEncoding"
".Trash"
".Xauthority"
"thumbs.db"
"Thumbs.db"
"Icon?"
# Compiled residues:
"*.class"
"*.exe"
"*.o"
"*.pyc"
"*.elc"
];
extraConfig = {
init.defaultBranch = "main";
core = {
editor = "nvim";
whitespace = "trailing-space,space-before-tab";
};
credential.helper = "${pkgs.gitFull}/bin/git-credential-libsecret";
user = {
name = config.modules.${user}.user.full_name;
email = config.modules.${user}.user.email;
signingKey = "~/.ssh/id_rsa.pub";
};
gpg.format = "ssh";
commit.gpgSign = true;
tag.gpgSign = true;
push = {
autoSetupRemote = true;
default = "current";
gpgSign = "if-asked";
autoSquash = true;
};
pull.rebase = true;
filter = {
required = true;
smudge = "git-lfs smudge -- %f";
process = "git-lfs filter-process";
clean = "git-lfs clean -- %f";
};
url = {
"https://github.com/".insteadOf = "gh:";
"git@github.com:".insteadOf = "ssh+gh:";
};
};
};
};
};
};
}

38
modules/home/shell/toolset/gnupg.nix
View file

@ -1,38 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.shell.toolset.gnupg;
in
{
options.modules.${user}.shell.toolset.gnupg = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "cryptographic suite";
};
config = mkIf cfg.enable {
user.package = with pkgs; [ gnupg ];
environment.variables.GNUPGHOME = "$XDG_CONFIG_HOME/gnupg";
home-manager.users.${user}.programs.gnupg = {
enable = true;
agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
settings = let
cacheTTL = 86400;
in {
default-cache-ttl = cacheTTL;
default-cache-ttl-ssh = cacheTTL;
max-cache-ttl = cacheTTL;
max-cache-ttl-ssh = cacheTTL;
};
};
};
};
}

101
modules/home/shell/toolset/starship.nix
View file

@ -1,101 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
in
{
options.modules.${user}.shell.toolset.starship = {
enable = mkEnableOption "fancy pansy shell prompt";
};
config = mkIf config.modules.${user}.shell.toolset.starship.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ starship ];
programs.starship = {
enable = true;
settings = {
format = "[](bold green) $username@$hostname$nix_shell: $directory$cmd_duration$git_branch$git_commit$git_state$git_status$line_break[](green bold)$character";
username = {
format = "[$user]($style)";
show_always = true;
};
hostname = {
ssh_only = false;
ssh_symbol = "🌐 ";
format = "[$hostname](bold red)";
trim_at = ".local";
disabled = false;
};
nix_shell = {
symbol = " ";
format = "[$symbol$name]($style) ";
style = "magenta bold";
};
git_branch = {
only_attached = true;
format = "[$symbol$branch]($style) ";
symbol = " ";
style = "yellow bold";
};
git_commit = {
tag_disabled = false;
};
git_state = {
style = "magenta bold";
};
git_status = {
format = "[$all_status $ahead_behind]($style) ";
style = "bold green";
conflicted = "🏳";
up_to_date = "";
untracked = " ";
ahead = "\${count}";
diverged = "\${ahead_count}\${behind_count}";
behind = "\${count}";
stashed = " ";
modified = " ";
staged = "[++\($count\)](green)";
renamed = " ";
deleted = " ";
};
directory = {
read_only = " 󰌾";
};
cmd_duration = {
format = "[$duration]($style) ";
style = "blue";
};
os = {
format = "[$symbol](bold white)";
disabled = false;
symbols = {
Windows = " ";
Arch = "󰣇";
Ubuntu = "";
Macos = "󰀵";
Manjaro = " ";
Nobara = " ";
Unknown = "󰠥";
};
};
fill = {
symbol = " ";
};
};
};
};
};
}

107
modules/home/shell/toolset/tmux.nix
View file

@ -1,107 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
in
{
options.modules.${user}.shell.toolset.tmux = let
inherit (lib.options) mkEnableOption;
in { enable = mkEnableOption "terminal multiplexer"; };
config = mkIf config.modules.${user}.shell.toolset.tmux.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ tmux ];
programs.tmux = {
enable = true;
secureSocket = true;
keyMode = "vi";
prefix = "C-a";
terminal = "tmux-256color";
baseIndex = 1;
clock24 = true;
disableConfirmationPrompt = true;
escapeTime = 0;
aggressiveResize = false;
resizeAmount = 2;
reverseSplit = false;
historyLimit = 5000;
newSession = true;
plugins = let
inherit (pkgs.tmuxPlugins) resurrect continuum;
in [
{
plugin = resurrect;
extraConfig = "set -g @resurrect-strategy-nvim 'session'";
}
{
plugin = continuum;
extraConfig = ''
set -g @continuum-restore 'on'
set -g @continuum-save-interval '60' # minutes
'';
}
];
extraConfig = ''
# -------===[ Color Correction ]===------- #
set-option -ga terminal-overrides ",*256col*:Tc"
set-option -ga terminal-overrides '*:Ss=\E[%p1%d q:Se=\E[ q'
set-environment -g COLORTERM "truecolor"
# -------===[ General-Configurations ]===------- #
set-option -g renumber-windows on
set-window-option -g automatic-rename on
set-window-option -g word-separators ' @"=()[]'
set-option -g mouse on
set-option -s focus-events on
set-option -g renumber-windows on
set-option -g allow-rename off
# -------===[ Activity/Sound ]===------- #
set-option -g bell-action none
set-option -g visual-bell off
set-option -g visual-silence off
set-option -g visual-activity off
set-window-option -g monitor-activity off
# -------===[ Status-Bar ]===------- #
set-option -g status on
set-option -g status-interval 1
set-option -g status-style bg=default,bold,italics
set-option -g status-position top
set-option -g status-justify left
set-option -g status-left-length "40"
set-option -g status-right-length "80"
# -------===[ Keybindings ]===------- #
bind-key c clock-mode
# Window Control(s):
bind-key q kill-session
bind-key Q kill-server
bind-key t new-window -c '#{pane_current_path}'
# Buffers:
bind-key b list-buffers
bind-key p paste-buffer
bind-key P choose-buffer
# Split bindings:
bind-key - split-window -v -c '#{pane_current_path}'
bind-key / split-window -h -c '#{pane_current_path}'
# Copy/Paste bindings:
bind-key -T copy-mode-vi v send-keys -X begin-selection -N "Start visual mode for selection"
bind-key -T copy-mode-vi y send-keys -X copy-selection -N "Yank text into buffer"
bind-key -T copy-mode-vi r send-keys -X rectangle-toggle -N "Yank region into buffer"
'';
};
};
};
}

22
modules/home/shell/toolset/yazi.nix
View file

@ -1,22 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.${user}.shell.toolset.yazi;
in
{
options.modules.${user}.shell.toolset.yazi = {
enable = mkEnableOption "cli file browser";
};
config = mkIf cfg.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ yazi ];
programs.yazi = {
enable = true;
};
};
};
}

23
modules/home/shell/toolset/zellij.nix
View file

@ -1,23 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
in
{
options.modules.${user}.shell.toolset.zellij = {
enable = mkEnableOption "terminal multiplexer";
};
config = mkIf config.modules.${user}.shell.toolset.zellij.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ zellij ];
programs.zellij = {
enable = true;
attachExistingSession = true;
settings = {};
};
};
};
}

22
modules/home/shell/toolset/zoxide.nix
View file

@ -1,22 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.${user}.shell.toolset.zoxide;
in
{
options.modules.${user}.shell.toolset.zoxide = {
enable = mkEnableOption "cd replacement";
};
config = mkIf cfg.enable {
home-manager.users.${user} = {
home.packages = with pkgs; [ zoxide ];
programs.zoxide = {
enable = true;
};
};
};
}

104
modules/home/shell/zsh.nix
View file

@ -1,104 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib.modules) mkIf;
cfg = config.modules.${user}.shell;
in
{
config = mkIf (cfg.default == "zsh") {
modules.shell.zsh.enable = true;
modules.${user}.shell = {
corePkgs.enable = true;
};
# Enable completion for sys-packages:
environment.pathsToLink = ["/share/zsh"];
home-manager.users.${user} = {
# xdg.configFile."zsh-abbreviations" = {
# target = "zsh/abbreviations";
# text = let
# abbrevs = {
# ls = "eza -al";
# };
# in ''
# ${concatStrings (mapAttrsToList
# (k: v: "abbr ${k}=${escapeNixString v}")
# abbrevs
# )}
# '';
# };
programs = {
starship.enableZshIntegration = true;
yazi.enableZshIntegration = true;
zellij.enableZshIntegration = true;
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
history = {
size = 10000;
path = "$XDG_CONFIG_HOME/zsh/history";
};
oh-my-zsh = {
enable = true;
plugins = ["git" "docker-compose" "zoxide"];
};
plugins = let
mkZshPlugin = {
pkg,
file ? "${pkg.pname}.plugin.zsh",
}: {
name = pkg.pname;
src = pkg.src;
inherit file;
};
in
with pkgs; [
(mkZshPlugin {pkg = zsh-abbr;})
(mkZshPlugin {pkg = zsh-autopair;})
(mkZshPlugin {pkg = zsh-you-should-use;})
(mkZshPlugin {
pkg = zsh-nix-shell;
file = "nix-shell.plugin.zsh";
})
{
name = "zsh-autosuggestion";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-autosuggestions";
rev = "v0.7.0";
sha256 = "1g3pij5qn2j7v7jjac2a63lxd97mcsgw6xq6k5p7835q9fjiid98";
};
}
{
name = "zsh-completions";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-completions";
rev = "0.34.0";
sha256 = "0jjgvzj3v31yibjmq50s80s3sqi4d91yin45pvn3fpnihcrinam9";
};
}
{
name = "zsh-syntax-highlighting";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-syntax-highlighting";
rev = "0.7.0";
sha256 = "0s1z3whzwli5452h2yzjzzj27pf1hd45g223yv0v6hgrip9f853r";
};
}
];
};
};
};
};
}

BIN
modules/home/themes/catppuccin-latte.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 11 KiB

36
modules/home/themes/default.nix
View file

@ -1,36 +0,0 @@
{ config, lib, pkgs, user, ... }:
let
inherit (lib) mkIf mkDefault;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.types) nullOr enum;
cfg = config.modules.${user}.themes;
in {
options.modules.${user}.themes = {
enable = mkEnableOption "Theming (Stylix)";
theme = mkOption {
type = nullOr (enum [ "everforest" "catppuccin-latte" "chalk" ]);
default = "everforest";
description = "The theme to set the system to";
example = "everforest";
};
polarity = mkOption {
type = nullOr (enum [ "dark" "light" ]);
default = "dark";
description = "determine if system is in dark or light mode";
};
};
config = mkIf (cfg.enable) {
modules.theming.enable = true;
stylix = {
base16Scheme = "${pkgs.base16-schemes}/share/themes/${cfg.theme}.yaml";
image = ./${cfg.theme}.jpg;
polarity = cfg.polarity;
targets.qt.platform = mkDefault "kde6";
};
};
}

BIN
modules/home/themes/everforest.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 183 KiB

48
modules/home/user.nix
View file

@ -1,48 +0,0 @@
{ options, config, lib, pkgs, user, ... }:
let
inherit (lib.attrsets) attrValues;
inherit (lib.modules) mkIf mkMerge;
cfg = config.modules.${user}.user;
in
{
options.modules.${user}.user = let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.types) nullOr enum;
in with lib.types; {
full_name = mkOption {
type = nullOr str;
default = null;
example = "John Doe";
description = "Full name of the user, this is used as the kde plasma display name for example";
};
email = mkOption {
type = nullOr str;
default = null;
example = "name@domain.tld";
description = "user's email address";
};
is_trusted = mkOption {
type = bool;
default = false;
example = true;
description = "this is used to grant sudo priviledges for the user";
};
groups = mkOption {
type = listOf str;
default = [];
example = [ "some" "group" "names" ];
description = "groups to add the user to";
};
};
config = mkIf (user != "root") {
users.users.${user} = {
description = (cfg.full_name or user);
extraGroups = cfg.groups ++ (if cfg.is_trusted then [ "wheel" ] else []);
};
};
}

32
modules/home/xgd.nix
View file

@ -1,32 +0,0 @@
{ config, user, ... }:
{
home-manager.users.${user}.xdg.enable = true;
environment = {
sessionVariables = {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_BIN_HOME = "$HOME/.local/bin";
};
variables = {
__GL_SHADER_DISK_CACHE_PATH = "$XDG_CACHE_HOME/nv";
ASPELL_CONF = ''
per-conf $XDG_CONFIG_HOME/aspell/aspell.conf;
personal $XDG_CONFIG_HOME/aspell/en_US.pws;
repl $XDG_CONFIG_HOME/aspell/en.prepl;
'';
CUDA_CACHE_PATH = "$XDG_CACHE_HOME/nv";
HISTFILE = "$XDG_DATA_HOME/bash/history";
INPUTRC = "$XDG_CONFIG_HOME/readline/inputrc";
LESSHISTFILE = "$XDG_CACHE_HOME/lesshst";
WGETRC = "$XDG_CONFIG_HOME/wgetrc";
};
extraInit = ''
export XAUTHORITY=/tmp/Xauthority
[ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY"
'';
};
}

23
modules/system/authentication/himmelblau.nix
View file

@ -1,23 +0,0 @@
{ inputs, lib, config, ... }: let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.authentication.himmelblau;
in
{
imports = [ inputs.himmelblau.nixosModules.himmelblau ];
options.modules.authentication.himmelblau = {
enable = mkEnableOption "enable azure entra ID authentication";
};
config = mkIf cfg.enable {
services.himmelblau = {
enable = true;
settings = {
domains = [];
pam_allow_groups = [];
local_groups = [];
};
};
};
}

48
modules/system/boot.nix
View file

@ -1,48 +0,0 @@
{ config, options, lib, pkgs, ... }:
let
inherit (lib) mkMerge mkIf mkEnableOption mkDefault mkForce;
cfg = config.modules.boot;
in
{
options.modules.boot =
{
silentBoot = mkEnableOption "Enable silent boot";
animatedBoot = mkEnableOption "Enable boot animation";
};
config = mkMerge [
({
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
timeout = mkDefault 0;
};
time.timeZone = "Europe/Amsterdam";
})
(mkIf (cfg.silentBoot == true) {
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelParams = [ "quiet" "splash" "boot.shell_on_fail" "udev.log_priority=3" "rd.systemd.show_status=auto" ];
loader.timeout = mkDefault 0;
};
})
(mkIf (cfg.animatedBoot == true) {
boot.plymouth = {
enable = true;
theme = mkForce "pixels";
themePackages = with pkgs; [
(adi1090x-plymouth-themes.override {
selected_themes = [ "pixels" ];
})
];
};
})
];
}

144
modules/system/common/qbittorrent.nix
View file

@ -1,144 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.qbittorrent;
UID = 888;
GID = 888;
in
{
options.services.qbittorrent = {
enable = mkEnableOption (lib.mdDoc "qBittorrent headless");
dataDir = mkOption {
type = types.path;
default = "/var/lib/qbittorrent";
description = lib.mdDoc ''
The directory where qBittorrent stores its data files.
'';
};
user = mkOption {
type = types.str;
default = "qbittorrent";
description = lib.mdDoc ''
User account under which qBittorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "qbittorrent";
description = lib.mdDoc ''
Group under which qBittorrent runs.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = lib.mdDoc ''
qBittorrent web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Open services.qBittorrent.port to the outside network.
'';
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = lib.mdDoc ''
The qbittorrent package to use.
'';
};
};
config = mkIf cfg.enable (let
configFile = pkgs.writeText "qBittorrent.conf" ''
[BitTorrent]
Session\Port=53271
Session\SSL\Port=45846
Session\QueueingSystemEnabled=false
Session\MaxUploads=-1
Session\MaxUploadsPerTorrent=-1
[Meta]
MigrationVersion=8
[Network]
Cookies=@Invalid()
[Preferences]
WebUI\Port=5000
WebUI\Username=admin
WebUI\Password_PBKDF2="@ByteArray(Clgb2+ZyS3PDRVqtYpj0Ow==:kjN301CJife6g5ou8N2mk6ydQWPQIGgrTAWg5ByWCqAv0jDLphR/IaVQ1tu9KtA+il1udi48xSXZ3AUpjK/fRw==)"
[RSS]
AutoDownloader\DownloadRepacks=true
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
'';
in {
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
systemd.tmpfiles.rules = [
# https://www.mankier.com/5/tmpfiles.d
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.dataDir}/__config' 0700 ${cfg.user} ${cfg.group} - -"
"L+ '${cfg.dataDir}/__config/qBittorrent.conf' - - - - ${configFile}"
];
systemd.services.qbittorrent = {
description = "qBittorrent-nox service";
documentation = [ "man:qbittorrent-nox(1)" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStartPre = let
preStartScript = pkgs.writeScript "qbittorrent-run-prestart" ''
#!${pkgs.bash}/bin/bash
# Create data directory if it doesn't exist
if ! test -d "$QBT_PROFILE"; then
echo "Creating initial qBittorrent data directory in: $QBT_PROFILE"
install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE"
fi
'';
in
"!${preStartScript}";
ExecStart = "${cfg.package}/bin/qbittorrent-nox";
};
environment = {
QBT_PROFILE = cfg.dataDir;
QBT_WEBUI_PORT = toString cfg.port;
};
};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
group = cfg.group;
uid = UID;
};
};
users.groups = mkIf (cfg.group == "qbittorrent") {
qbittorrent = { gid = GID; };
};
});
}

22
modules/system/desktop/editors/nvim.nix
View file

@ -1,22 +0,0 @@
{ inputs, config, options, lib, pkgs, ... }:
let
inherit (lib.meta) getExe;
inherit (lib.modules) mkIf;
cfg = options.modules.desktop.editors.nvim;
in
{
imports = [
inputs.nvf.nixosModules.default
];
options.modules.desktop.editors.nvim = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "neo-vim (nixvim)";
};
config = mkIf cfg.enable {
};
}

34
modules/system/desktop/gaming.nix
View file

@ -1,34 +0,0 @@
{ inputs, lib, config, ... }: let
inherit (lib) mkEnableOption mkIf;
cfg = config.modules.desktop.gaming;
in
{
imports = [ inputs.jovian.nixosModules.default ];
options.modules.desktop.gaming = {
enable = mkEnableOption "enable steamdeck like desktop";
};
config = mkIf cfg.enable {
services.desktopManager.plasma6.enable = true;
jovian = {
# devices = {
# steamdeck = {
# enable = true;
# enableGyroDsuService = true;
# autoUpdate = true;
# };
# };
steam = {
enable = true;
autoStart = true;
user = "chris";
updater.splash = "steamos";
desktopSession = "plasma";
};
steamos.useSteamOSConfig = true;
};
};
}

8
modules/system/desktop/wine.nix
View file

@ -1,8 +0,0 @@
{ inputs, lib, pkgs, ... }:
{
# imports = [ inputs.erosanix.nixosModules.someModule ];
config = {
};
}

40
modules/system/graphics.nix
View file

@ -1,40 +0,0 @@
{ ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
powerManagement = {
enable = true;
finegrained = false;
};
# package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
# package = let
# rcu_patch = pkgs.fetchpatch {
# url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
# hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
# };
# in config.boot.kernelPackages.nvidiaPackages.mkDriver {
# version = "550.40.07";
# sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0=";
# sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4=";
# openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I=";
# settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs=";
# persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870=";
# patches = [ rcu_patch ];
# };
};
};
}

31
modules/system/networking/default.nix
View file

@ -1,31 +0,0 @@
{ config, options, lib, pkgs, ... }: let
inherit (lib.modules) mkDefault;
inherit (lib.options) mkOption;
cfg = config.modules.networking;
in {
options.modules.networking = {
wifi.backend = mkOption {
type = with lib.types; enum [ "wpa_supplicant" "iwd" ];
default = "wpa_supplicant";
example = "wpa_supplicant";
description = "set the backend used for wifi wpa_supplicant by default";
};
};
config = {
systemd.services.NetworkManager-wait-online.enable = false;
networking = {
enableIPv6 = true;
useDHCP = mkDefault true;
firewall.enable = true;
networkmanager = {
enable = mkDefault true;
wifi.backend = mkDefault config.modules.networking.wifi.backend;
};
};
};
}

22
modules/system/networking/nfs.nix
View file

@ -1,22 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.modules.networking.nfs;
in
{
options.modules.networking.nfs = {
enable = mkEnableOption "Enable NFS";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 2049 ];
services.nfs.server = {
enable = true;
exports = ''
/var/media manwe(rw,fsid=0,no_subtree_check)
'';
};
};
}

71
modules/system/networking/samba.nix
View file

@ -1,71 +0,0 @@
{ pkgs, config, lib, ... }:
let
inherit (builtins) getEnv;
inherit (lib.modules) mkIf mkMerge;
in
{
options.modules.networking.samba = let
inherit (lib.options) mkEnableOption;
in {
sharing.enable = mkEnableOption "Samba: enable NixOs -> external file-transfer";
receicing.enable = mkEnableOption "Samba: enable external -> NixOs file-transfer";
};
config = mkMerge [
(mkIf config.modules.networking.samba.sharing.enable {
users = {
groups.samba-guest = {};
users.samba-guest = {
isSystemUser = true;
description = "Residence of our Samba guest users";
group = "samba-guest";
home = "/var/empty";
createHome = false;
shell = pkgs.shadow;
};
};
user.extraGroups = [ "samba-guest" ];
networking.firewall = {
allowPing = true;
allowedTCPPorts = [ 5327 ];
allowedUDPPorts = [ 3702 ];
};
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
openFirewall = true;
extraConfig = ''
server string = ${config.networking.hostName}
netbios name = ${config.networking.hostName}
workgroup = WORKGROUP
security = user
create mask 0664
force create mode 0664
directory mask 0775
force directory mode 0775
follow symlink = yes
hosts allow = 192.168.1.0/24 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
Public = {
path = (getEnv "HOME") + "/Public";
browseable = "yes";
"read only" = "yes";
"guest ok" = "yes";
"forse user" = "${config.user.name}";
"force group" = "samba-guest";
"write list" = "${config.user.name}";
};
};
};
})
];
}

28
modules/system/networking/ssh.nix
View file

@ -1,28 +0,0 @@
{ config, lib, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.networking.ssh;
in
{
options.modules.networking.ssh = {
enable = mkEnableOption "enable ssh";
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
openFirewall = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "chris" "root" ];
UseDns = true;
UsePAM = true;
PermitRootLogin = "prohibit-password";
PermitEmptyPasswords = "no";
};
};
};
}

27
modules/system/options.nix
View file

@ -1,27 +0,0 @@
{ config, lib, ... }:
let
inherit (lib.types) attrs;
inherit (lib.my) mkOpt;
in
{
options = {
user = mkOpt attrs {};
};
config = {
environment.variables = {
NIXPKGS_ALLOW_UNFREE = "1";
};
nix.settings = let
inherit (lib) elem attrNames filterAttrs;
users = (attrNames (filterAttrs (name: user: elem "wheel" (user.extraGroups or [])) config.users.users));# ++ [ "root" ];
in
{
trusted-users = users;
allowed-users = users;
experimental-features = [ "nix-command" "flakes" ];
};
};
}

77
modules/system/security.nix
View file

@ -1,77 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
environment.systemPackages = with pkgs; [
bitwarden
sops
];
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/";
};
security = {
sudo.execWheelOnly = true;
acme.acceptTerms = true;
polkit.enable = true;
pam = {
u2f = {
enable = true;
settings.cue = true;
};
};
};
networking.firewall.enable = true;
programs.gnupg.agent.enable = true;
boot = {
loader.systemd-boot = {
editor = false;
configurationLimit = 50;
};
kernelModules = [ "tcp_bbr" ];
kernel.sysctl = {
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're on a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# Enable TCP Fast Open for incoming and outgoing connections
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
};
}

225
modules/system/services/auth/authelia.nix
View file

@ -1,225 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkEnableOption;
user = "authelia-testing";
cfg = config.modules.services.auth.authelia;
in
{
options.modules.services.auth.authelia = {
enable = mkEnableOption "Authelia";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
authelia
];
services.authelia.instances.testing = {
enable = true;
secrets = {
storageEncryptionKeyFile = "/etc/authelia/testing/storageEncryptionKeyFile";
jwtSecretFile = "/etc/authelia/testing/jwtSecretFile";
sessionSecretFile = "/etc/authelia/testing/sessionSecrets";
};
settings = {
theme = "auto";
server = {
address = "tcp://127.0.0.1:9091";
};
# administration = {
# enable = true;
# enable_ui = true;
# address = "tcp://127.0.0.1:9092";
# users = [ "chris" ];
# groups = [ "admin" ];
# };
log = {
level = "info";
format = "json";
};
authentication_backend.file.path = "/etc/authelia/testing/users_database.yml";
access_control = {
default_policy = "deny";
rules = [
{
domain = ["auth.kruining.eu"];
policy = "bypass";
}
{
domain = ["*.kruining.eu"];
policy = "one_factor";
}
];
};
session = {
name = "authelia_testing_session";
expiration = "12h";
inactivity = "45m";
remember_me = "1m";
# redis.host = "/run/redis-authelia-testing/redis.sock";
cookies = [
{
domain = "kruining.eu";
authelia_url = "https://auth.kruining.eu";
default_redirection_url = "https://media.kruining.eu";
name = "authelia_session";
}
];
};
regulation = {
max_retries = 300;
find_time = "5m";
ban_time = "15m";
};
storage = {
local.path = "/var/lib/authelia-testing/db.sqlite3";
};
notifier = {
disable_startup_check = false;
filesystem.filename = "/var/lib/authelia-testing/notifications.txt";
};
identity_providers.oidc = {
jwks = [
{
# Authelia wants at least one private RSA key (why not just allow ecdsa is beyond me)
key = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrkJ2iCcGbZwr9\ntWGiQLzL1OV7WoC8OpRIvtVusyJ6YQGkcB9F3PV+wjzBCojIibjMpWci6vq7sZQp\nnttRsXIBRxyhUoWcg1X8zR2ebFPMqPkfQEYhCPxts/5iaVwESt+77RAeaoJu6Va4\n6ugCHUsujMDGNhXNHWNn1euXT/jnTID8zT2eff8XYItK/vAJgv9ZbDDcamZFqNAK\nWBLGQZGO5GGCDtp99yFlGgG8zhaYpqw/eC/DhRr/O0N0PkQBRsD0mJ5aWCeVIVKB\nP/W35L23XFlgupOcWpZ4Bf7ivjxfakBHq/yYcvq60a9LjwLW+QXyvdvWe7jdV+Bp\nON9VlJ1PAgMBAAECggEANT8o7UWB5S1R5/QHXUgiUFC++E3abpDvvLQdocHPDZRV\n4ic6TYCKYND/8hnG4hZ8WGdtXxT2xJIUneZDw1MDQwpDBH6MIUtRwKgYbTbJu1cm\nGmDkYxRa4+FdLkXs3Rgv4C9vNUFxQeMBm1qsrxtQXh4pJlta4NIiK/Pkro2Pfplp\nyKb5E7HhusHiLqezcPhErYnYQmLPtmInqfQnBAsGehiY6ZL3TMIGTo1FDrIEhu9q\nz31WaK8NuNd/bUqiEdFIVtNt3cSOfqCrtC20LwTIYiv/tDz0ahFOCA42vHSdkz35\nnO1dEkP2YCimTHbw9KwHmzkYL6Q2jd89L8/oCe2dYQKBgQDRz2pvfJjdb4FXLRH/\n/iEsDseRu2z2fg7SBNMloTV/dQGpvBgsEZDWlJw7NyIm2rlZ0kkae9QfLECJeT6A\nZuXnOuUDNUBE5/nj2DBC34gHotpErcJBTlKmr/KfILnh1uDVwLizYNQ6KZ6s3EK8\nSvLXNbEDrJ3HkQbs6OPtZsEVawKBgQDRVcCf+8wxdK1AF474F1E9zAvN8i5+6xIW\nb+YUDuueCzJf8h3wU9Chf/ItEtknw1CHQFNOmLodtQJgGzGDG0R6xmQnfUQIsky1\nO3HDs4xlCggfq9AWm+RKr5r3T34CiJfA4ZUq6i2FKNkdQREArJWcC4cjRItZvGj6\nKJ5ZRDBsrQKBgCnD9lYXIX8DEWY/LJQfDI9uqb+S5c/zrBOWrkmRW8rxidE2BkHP\nhVuR3b/T69J8O+VrfO3utH04G+jB3/VDhoSPLsOCuDZ/TzlR8dl+EeAjRPvi8wZ5\nBu7zm4KdyyLv2XXzlVDv949UdafHeOluqgS5RXGLzSTK8+v5OFYr3EfdAoGAJIP4\n3e9mZxobPprdbZljqov1Yy9jvO/0b8WFNOqFX0REvUfWwR1dv046SHKJPs5rNaya\n25L4pEX27BzSPjR7dY812U2YmIvBpbuA1Mp1Kwrc7+lgmxEGeaC4P3u2V2rMTfEL\nvDitSBUgCmJXPO7eCiJYqGZEiJq9FSYQuTGT4OECgYEAjR+dtmZkcszRo77XdXDo\nRFMlx47R5Xk4R2+faYneCkNJ/MqZdeQ3CxcfQFQHpNJb+1kacXusRDvlm2/777fj\nCOLxaxY6akOEG6dkgmWHzzm9JpmZ63g0I9k+C3zbyQnFyNRQmNW2gGCVwekRmAz+\n/a98+6ip2LRkTQYhZ064rfc=\n-----END PRIVATE KEY-----";
}
];
clients = [
{
client_id = "jellyfin";
client_name = "Jellyfin";
# af0WDhM6DILapBO.8Puu8IR1tyXLPqQNUoROgx4A8JWVIxRno4IhvXCMaN1zveuJzw1yw2h3
client_secret = "$pbkdf2-sha512$310000$9C/krTomC0MUJ2QosHwEKA$43H4gm6yaz.fU5eZsN/KxPDuL/S4jPjaNOcAKyU/uz7IVNDSQo71XQ3sqKZITZ/FLYTN5kxTlVUhEMB9Orlh1g";
token_endpoint_auth_method = "client_secret_post";
public = false;
require_pkce = true;
pkce_challenge_method = "S256";
authorization_policy = "one_factor";
userinfo_signed_response_alg = "none";
consent_mode = "implicit";
scopes = [ "openid" "profile" "groups" ];
redirect_uris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/authelia" ];
}
{
client_id = "streamarr";
client_name = "Streamarr";
# ZPuiW2gpVV6MGXIJFk5P3EeSW8V_ICgqduF.hJVCKkrnVmRqIQXRk0o~HSA8ZdCf8joA4m_F
client_secret = "$pbkdf2-sha512$310000$CzZjvJT75bz5z7MjwxsEtg$JtOiIgaY5/HcLLxJgyX4zvsQV9jIoow0e4JdlFsk/LWRDOJ0kc.PzstlYfw7QERTXtJILoWsDqPzmvpneK5Leg";
public = false;
require_pkce = true;
pkce_challenge_method = "S256";
token_endpoint_auth_method = "client_secret_post";
authorization_policy = "one_factor";
userinfo_signed_response_alg = "none";
consent_mode = "implicit";
scopes = [ "offline_access" "openid" "email" "picture" "profile" "groups" ];
redirect_uris = [ "http://localhost:3000/api/auth/oauth2/callback/authelia" ];
}
];
};
};
};
systemd = {
tmpfiles.rules = [
"d /var/lib/authelia-testing 400 ${user} ${user} -"
];
};
# These should not be set from nix but through other means to not leak the secret!
# This is purely for testing purposes!
environment.etc = {
"authelia/testing/storageEncryptionKeyFile" = {
mode = "0400";
user = user;
text = "you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this";
};
"authelia/testing/jwtSecretFile" = {
mode = "0400";
user = user;
text = "a_very_important_secret";
};
"authelia/testing/sessionSecrets" = {
mode = "0400";
user = user;
text = "some_session_secrets";
};
"authelia/testing/users_database.yml" = {
mode = "0400";
user = user;
text = ''
users:
chris:
disabled: false
displayname: Chris Kruining
password: $argon2id$v=19$m=65536,t=3,p=4$xl+ILZXFedOXb0Vb/Pao0Q$jfTun8xPYLQNcsjZCcyCeXMzxHAQWOtR7+4BJ+VS6n4
email: 'chris@kruining.eu'
picture: 'https://avatars.githubusercontent.com/u/5786905?v=4'
groups:
- jellyfin-admins
- jellyfin-users
- admin
- dev
jacqueline:
disabled: false
displayname: Jacqueline Bevers
password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18
groups:
- jellyfin-users
martijn:
disabled: false
displayname: Martijn Kruining
password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18
groups:
- jellyfin-users
andrea:
disabled: false
displayname: Andrea Kruining
password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18
groups:
- jellyfin-users
'';
};
};
services.caddy = {
enable = true;
virtualHosts = {
"auth.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:9091
'';
};
extraConfig = ''
(auth) {
forward_auth http://127.0.0.1:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
}
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}

86
modules/system/services/auth/zitadel.nix
View file

@ -1,86 +0,0 @@
{ config, options, lib, pkgs, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.modules.services.auth.zitadel;
db_name = "zitadel";
db_user = "zitadel";
in
{
options.modules.services.auth.zitadel = {
enable = mkEnableOption "Zitadel";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
zitadel
];
services = {
zitadel = {
enable = true;
openFirewall = true;
masterKeyFile = config.sops.secrets."zitadel/masterKey".path;
tlsMode = "external";
settings = {
Port = 9092;
Database = {
Host = "/run/postgresql";
# Zitadel will report error if port is not set
Port = 5432;
Database = db_name;
User.Username = db_user;
};
};
steps = {
TestInstance = {
InstanceName = "Zitadel test";
Org = {
Name = "Kruining.eu";
Human = {
UserName = "admin";
Password = "kaas";
};
};
};
};
};
postgresql = {
enable = true;
ensureDatabases = [ db_name ];
ensureUsers = [
{
name = db_user;
ensureDBOwnership = true;
}
];
};
caddy = {
enable = true;
virtualHosts = {
"auth-z.kruining.eu".extraConfig = ''
reverse_proxy h2c://127.0.0.1:9092
'';
};
# extraConfig = ''
# (auth) {
# forward_auth h2c://127.0.0.1:9092 {
# uri /api/authz/forward-auth
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
# }
# }
# '';
};
};
# Secrets
sops.secrets."zitadel/masterKey" = {
owner = "zitadel";
group = "zitadel";
restartUnits = [ "zitadel.service" ];
};
};
}

4
modules/system/services/default.nix
View file

@ -1,4 +0,0 @@
{ ... }:
{
options.modules.services = {};
}

168
modules/system/services/games/minecraft.nix
View file

@ -1,168 +0,0 @@
{ inputs, config, lib, pkgs, ... }:
let
inherit (lib.modules) mkIf;
in
{
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
];
options.modules.services.games.minecraft = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Minecraft";
};
config = mkIf config.modules.services.games.minecraft.enable {
user.users."minecraft" = {
isSystemUser = true;
group = "minecraft";
};
services = {
minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
user = "minecraft";
dataDir = "/var/lib/minecraft";
managementSystem = {
tmux.enable = false;
systemd-socket.enable = true;
};
servers = let
whitelist = {
ChrisPBacon = "e6128495-075b-44a9-87f6-8d844d5ea0e4";
satanjr616 = "1718f9d5-df1d-4aac-b10c-3229a0f1e8b2";
Ono95 = "010e7652-6d5d-4f9e-af89-438c8fe694ca";
JackLeLumber = "41910a94-8c8e-4528-a8ca-a2d7043f069d";
DarkyLink = "6faddb7f-12a9-4aac-bc08-dd6db892a380";
Archonite86 = "b5ab594d-de1c-4453-ba32-9107452be51b";
NotACultist86 = "44ac3f7c-0e18-4234-bb04-11a0652cdaeb";
};
ops = [
{
uuid = "e6128495-075b-44a9-87f6-8d844d5ea0e4";
name = "ChrisPBacon";
level = 4;
bypassesPlayerLimit = false;
}
{
uuid = "6faddb7f-12a9-4aac-bc08-dd6db892a380";
name = "DarkyLink";
level = 4;
bypassesPlayerLimit = false;
}
];
jvmOpts = "-Xms2048M -Xmx2048M -XX:+UseG1GC";
in {
vanilla = {
enable = true;
autoStart = true;
restart = "always";
inherit whitelist;
inherit jvmOpts;
package = pkgs.fabricServers.fabric-1_21_4.override { loaderVersion = "0.16.10"; };
serverProperties = {
gamemode = "survival";
difficulty = 3;
motd = "Chris' vanilla server";
white-list = true;
simulation-distance = 10;
server-port = 25501;
level-name = "world";
allow-flight = true;
enable-command-block = true;
enforce-whitelist = true;
spawn-protection = 0;
};
files."ops.json" = {
value = ops;
};
symlinks = let
inherit (builtins) attrValues;
inherit (pkgs) linkFarmFromDrvs fetchurl;
in {
mods = linkFarmFromDrvs "mods" (attrValues {
FabricApi = fetchurl { url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/ZNwYCTsk/fabric-api-0.118.0%2B1.21.4.jar"; sha512 = "1e0d31b6663dc2c7be648f3a5a9cf7b698b9a0fd0f7ae16d1d3f32d943d7c5205ff63a4f81b0c4e94a8997482cce026b7ca486e99d9ce35ac069aeb29b02a30d"; };
Terralith = fetchurl { url = "https://cdn.modrinth.com/data/8oi3bsk5/versions/MuJMtPGQ/Terralith_1.21.x_v2.5.8.jar"; sha512 = "f862ed5435ce4c11a97d2ea5c40eee9f817c908f3223b5fd3e3fff0562a55111d7429dc73a2f1ca0b1af7b1ff6fa0470ed6efebb5de13336c40bb70fb357dd60"; };
# DistantHorizons = fetchurl { url = "https://cdn.modrinth.com/data/uCdwusMi/versions/jptcCdp2/DistantHorizons-2.2.1-a-1.20.4-forge-fabric.jar"; sha512 = "47368d91099d0b5f364339a69f4e425f8fb1e3a7c3250a8b649da76135e68a22f1a76b191c87e15a5cdc0a1d36bc57f2fa825490d96711d09d96807be97d575d"; };
});
};
};
tekxit = let
inherit (pkgs) fetchzip;
src = fetchzip {
url = "https://tekxit.b-cdn.net/downloads/tekxit4/12.0.0Tekxit4Server.zip";
hash = "sha256-4NqeMGOpji/gMH8XX8RemkBAOB9ID/i1S3/xXgD23to=";
stripRoot = true;
};
in {
enable = true;
autoStart = true;
restart = "no";
inherit whitelist;
inherit jvmOpts;
package = pkgs.fabricServers.fabric-1_19_2.override { loaderVersion = "0.16.9"; };
serverProperties = {
gamemode = "survival";
difficulty = 3;
motd = "Chris' vanilla server";
white-list = true;
simulation-distance = 10;
server-port = 25502;
level-name = "world";
allow-flight = true;
enable-command-block = true;
enforce-whitelist = true;
spawn-protection = 0;
};
files = let
inherit (builtins) readDir;
inherit (lib) concatMapAttrs;
readDirRec = src: dir: fn:
concatMapAttrs (name: type: if type == "directory"
then (readDirRec src "${dir}/${name}" fn)
else { "${dir}/${name}" = (fn "${dir}/${name}"); }
) (readDir "${src}/${dir}");
copyDir = dir: readDirRec src dir (x: "${src}/${x}");
in {
"ops.json" = {
value = ops;
};
}
// (copyDir "config");
symlinks = let
inherit (builtins) attrNames readDir map;
inherit (pkgs) linkFarm fetchzip;
linkFarmFromDir = name: dir: linkFarm name (map (x: { name = x; path = "${src}/${dir}/${x}"; }) (attrNames (readDir "${src}/${dir}")));
in {
Deftu = linkFarmFromDir "tekxit-deftu" "Deftu";
TKXAddons = linkFarmFromDir "tekxit-TKXAddons" "TKXAddons";
mods = linkFarmFromDir "tekxit-mods" "mods";
scripts = linkFarmFromDir "tekxit-scripts" "scripts";
};
};
};
};
};
};
}

25
modules/system/services/games/palworld.nix
View file

@ -1,25 +0,0 @@
{ config, options, lib, pkgs, ... }:
let
inherit (lib.modules) mkIf;
in
{
options.modules.services.games.palworld = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Palworld";
};
config = mkIf config.modules.services.games.palworld.enable {
# kaas = (pkgs.mkSteamServer rec {
# name = "Palworld";
# src = pkgs.fetchSteam {
# inherit name;
# appId = "2394010";
# hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
# };
#
# sartCmd = "PalServer.sh";
# hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
# });
};
}

167
modules/system/services/media.nix
View file

@ -1,167 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf;
user = "media";
group = "media";
directory = "/var/media";
in
{
options.modules.services.media = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Media tools";
};
imports = let
extras = fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
};
in [
"${extras}/nextcloud-extras.nix"
];
config = mkIf config.modules.services.media.enable {
environment.systemPackages = with pkgs; [
podman-tui
jellyfin
jellyfin-web
jellyfin-ffmpeg
jellyseerr
mediainfo
id3v2
yt-dlp
];
# need to permit these outdated packages until servarr finally upgrades at some point...
permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
];
users = {
users.${user} = {
isSystemUser = true;
group = group;
};
groups.${group} = {};
};
systemd.tmpfiles.rules = [
"d '${directory}/series' 0700 ${user} ${group} - -"
"d '${directory}/movies' 0700 ${user} ${group} - -"
"d '${directory}/music' 0700 ${user} ${group} - -"
"d '${directory}/qbittorrent' 0700 ${user} ${group} - -"
"d '${directory}/sabnzbd' 0700 ${user} ${group} - -"
"d '${directory}/reiverr/config' 0700 ${user} ${group} - -"
"d '${directory}/downloads/incomplete' 0700 ${user} ${group} - -"
"d '${directory}/downloads/done' 0700 ${user} ${group} - -"
];
services = let
serviceConf = {
enable = true;
openFirewall = true;
user = user;
group = group;
};
in {
jellyfin = serviceConf;
radarr = serviceConf;
sonarr = serviceConf;
bazarr = serviceConf;
lidarr = serviceConf;
lanraragi = {
enable = true;
port = 6969;
};
jellyseerr = {
enable = true;
openFirewall = true;
};
prowlarr = {
enable = true;
openFirewall = true;
};
qbittorrent = {
enable = true;
openFirewall = true;
dataDir = "${directory}/qbittorrent";
port = 5000;
user = user;
group = group;
};
sabnzbd = {
enable = true;
openFirewall = true;
configFile = "${directory}/sabnzbd/config.ini";
user = user;
group = group;
};
caddy = {
enable = true;
virtualHosts = {
"media.kruining.eu".extraConfig = ''
import auth
reverse_proxy http://127.0.0.1:9494
'';
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:8096
'';
# "series.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:8989
# '';
# "movies.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:7878
# '';
# "indexer.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:9696
# '';
# "torrents.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:5000
# '';
# "usenet.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:8080
# '';
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 6969 ];
modules.virtualisation.podman.enable = true;
virtualisation = {
oci-containers = {
backend = "podman";
containers = {
flaresolverr = {
image = "flaresolverr/flaresolverr";
autoStart = true;
ports = [ "127.0.0.1:8191:8191" ];
};
reiverr = {
image = "ghcr.io/aleksilassila/reiverr:v2.2.0";
autoStart = true;
ports = [ "127.0.0.1:9494:9494" ];
volumes = [ "${directory}/reiverr/config:/config" ];
};
};
};
};
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
};
}

79
modules/system/services/nextcloud.nix
View file

@ -1,79 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf;
user = "nextcloud";
group = "nextcloud";
in
{
options.modules.services.nextcloud = {
enable = mkEnableOption "Nextcloud";
};
config = mkIf config.modules.services.nextcloud.enable {
users = {
users.${user} = {
isSystemUser = true;
group = group;
};
groups.${group} = {};
};
home-manager.users.${user}.home = {
stateVersion = config.system.stateVersion;
file.".netrc".text = ''
login root
password KaasIsAwesome!
'';
};
services.nextcloud = {
enable = true;
webserver = "caddy";
package = pkgs.nextcloud31;
hostName = "localhost";
config = {
adminpassFile = "/var/lib/nextcloud/admin-pass";
dbtype = "sqlite";
};
};
# systemd.user = {
# services.nextcloud-autosync = {
# Unit = {
# Description = "Automatic nextcloud sync";
# After = "network-online.target";
# };
# WantedBy = [ "multi-user.target" ];
# Service = {
# Type = "simple";
# ExecStart = "${pkgs.nextcloud-client}/bin/nextcloudcmd -h -n --path /var/media/music https://cloud.kruining.eu";
# TimeoutStopSec = "180";
# KillMode = "process";
# KillSignal = "SIGINT";
# };
# };
# timers.nextcloud-autosync = {
# Unit.Description = "Automatic nextcloud sync";
# Timer.OnBootSec = "5min";
# Timer.OnUnitActiveSec = "60min";
# Install.WantedBy = [ "multi-user.target" "timers.target" ];
# };
# startServices = true;
# };
services.caddy = {
enable = true;
virtualHosts."cloud.kruining.eu".extraConfig = ''
php_fastcgi unix//run/phpfpm/nextcloud.sock {
env front_controller_active true
}
'';
};
};
}

29
modules/system/services/security.nix
View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf;
cfg = config.modules.services.security;
in
{
options.modules.services.security = {
enable = mkEnableOption "Security service(s): Vaultwarden";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
vaultwarden
vaultwarden-postgresql
];
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
config = {
SIGNUPS_ALLOWED = false;
DOMAIN = "https://passwords.kruining.eu";
};
};
};
}

11
modules/system/shell/default.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
let
inherit (lib.modules) mkIf;
cfg = config.modules.shell;
in
{
options.modules.shell = {};
config = mkIf cfg.enable {};
}

15
modules/system/shell/zsh.nix
View file

@ -1,15 +0,0 @@
{ config, lib, ... }: let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf;
cfg = config.modules.shell.zsh;
in
{
options.modules.shell.zsh = {
enable = mkEnableOption "enable ZSH";
};
config = mkIf cfg.enable {
programs.zsh.enable = true;
};
}

36
modules/system/system/audio.nix
View file

@ -1,36 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib.attrsets) attrValues;
inherit (lib.modules) mkIf;
cfg = config.modules.system.audio;
in
{
options.modules.system.audio = let
inherit (lib.options) mkEnableOption;
in
{
enable = mkEnableOption "modern audio support";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
# easyeffects
sof-firmware
];
security.rtkit.enable = true;
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;
wireplumber.enable = true;
pulse.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
};
}

30
modules/system/system/bluetooth.nix
View file

@ -1,30 +0,0 @@
{ config, lib, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.system.bluetooth;
in
{
options.modules.system.bluetooth = {
enable = mkEnableOption "enable bluetooth";
};
config = mkIf cfg.enable {
hardware = {
bluetooth = {
enable = true;
powerOnBoot = true;
};
};
services.pipewire.wireplumber.extraConfig.bluetoothEnhancements = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ];
};
};
};
}

49
modules/system/theming.nix
View file

@ -1,49 +0,0 @@
{ inputs, config, lib, pkgs, ... }:
let
inherit (lib) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.theming;
in
{
imports = [
inputs.stylix.nixosModules.stylix
];
options.modules.theming = {
enable = mkEnableOption "enable theming";
};
config = mkIf cfg.enable {
stylix = {
enable = true;
autoEnable = true;
# base16Scheme = "${pkgs.base16-schemes}/share/themes/${cfg.theme}.yaml";
# image = ./${cfg.theme}.jpg;
# polarity = cfg.polarity;
fonts = {
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
monospace = {
package = pkgs.nerd-fonts.jetbrains-mono;
name = "JetBrainsMono Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
};
}

7
modules/system/virtualisation/default.nix
View file

@ -1,7 +0,0 @@
{ config, options, lib, pkgs, ... }:
let
inherit (lib) mkIf mkEnableOption;
in
{
options.modules.virtualisation = {};
}

26
modules/system/virtualisation/podman.nix
View file

@ -1,26 +0,0 @@
{ config, options, lib, pkgs, ... }:
let
inherit (lib.modules) mkIf;
cfg = config.modules.virtualisation.podman;
in
{
options.modules.virtualisation.podman = let
inherit (lib.options) mkEnableOption;
in
{
enable = mkEnableOption "enable podman";
};
config = mkIf config.modules.virtualisation.podman.enable {
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
};
}

35
modules/system/zsa_voyager.nix
View file

@ -1,35 +0,0 @@
{ config, pkgs, options, ... }:
{
environment.systemPackages = with pkgs; [
keymapp
];
hardware.keyboard.zsa.enable = true;
services.udev.extraRules = ''
# Rules for Oryx web flashing and live training
KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
# Legacy rules for live training over webusb (Not needed for firmware v21+)
# Rule for all ZSA keyboards
SUBSYSTEM=="usb", ATTR{idVendor}=="3297", GROUP="plugdev"
# Rule for the Moonlander
SUBSYSTEM=="usb", ATTR{idVendor}=="3297", ATTR{idProduct}=="1969", GROUP="plugdev"
# Rule for the Ergodox EZ
SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="1307", GROUP="plugdev"
# Rule for the Planck EZ
SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="6060", GROUP="plugdev"
# Wally Flashing rules for the Ergodox EZ
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
# Keymapp / Wally Flashing rules for the Moonlander and Planck EZ
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
# Keymapp Flashing rules for the Voyager
SUBSYSTEMS=="usb", ATTRS{idVendor}=="3297", MODE:="0666", SYMLINK+="ignition_dfu"
'';
}