Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

probably broken

Browse Source
This commit is contained in:
Nathan
2025-12-31 12:24:43 -06:00
parent 0c1f0a4639
commit d8058560b1
158 changed files with 1198 additions and 423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
system/default.nix Normal file
View File

@@ -0,0 +1,136 @@
{ config, lib, pkgs, inputs, modulesPath, ... }: {
imports = [
./services
./packages
./programs
./users
];
options.sysconfig = with lib; {
host = mkOption {
type = with types; nullOr str;
default = null;
};
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
config = {
sops.secrets = (if config.sysconfig.remoteBuildHost then (
builtins.listToAttrs
(builtins.map
(y: {
name = "remoteBuildClientKeys/${y}";
value = {
format = "yaml";
sopsFile = ./secrets.yaml;
};
})
(builtins.partition
(z: let
cfg = if
((builtins.readDir ./configuration).${z} == "directory")
then (import ./configuration/${z} {
config = {};
inherit lib pkgs inputs modulesPath;
}).config
else null;
test = if cfg == null then false
else if !(cfg ? sysconfig) then false
else if !(cfg.sysconfig ? remoteBuildClient) then false
else cfg.sysconfig.remoteBuildClient;
in test)
(builtins.attrNames (builtins.readDir ./configuration))
).right
)
) else {}) // {
"remoteBuildKey" = lib.mkIf config.sysconfig.remoteBuildClient {};
};
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
};
distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
{
hostName = "blunkall.us";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
};
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.partition
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
).right
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
programs.ssh.extraConfig = ''
Host esotericbytes.com
HostName esotericbytes.com
Port 2222
'';
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
}

0
system/etc/default.nix Normal file
View File

6
system/packages/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
sops
];
}

157
system/profiles/container/default.nix Normal file
View File

@@ -0,0 +1,157 @@
{ config, pkgs, lib, inputs, ... }:
{
imports =
[
inputs.home-manager.nixosModules.default
];
config = {
hardware.nvidia.open = true;
boot.isContainer = true;
services = {
xserver = {
#enable = true;
videoDrivers = ["nvidia"];
};
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
};
};
pulseaudio.enable = false;
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
/*
environment.sessionVariables = {
WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1";
};
*/
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh;
nixpkgs = {
config.allowUnfree = true;
hostPlatform = "x86_64-linux";
};
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
services.displayManager.sddm.settings.AutoLogin = {
User = "nathan";
Session = "plasmawayland.desktop";
Relogin = true;
};
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 80 ];
};
system.stateVersion = "25.05"; # Did you read the comment?
users.users."nathan" = {
isNormalUser = true;
initialPassword = "7567";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
]; # Enable sudo for the user.
/*openssh.authorizedKeys.keys = [
];*/
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
/*sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan-home-manager
{
config.homeconfig = {
minimal = false;
hyprland.enable = false;
wal.enable = false;
hyprpanel.enable = false;
hyprlock.enable = false;
mpd.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
};
sysconfig = {
opts = {
novnc.enable = true;
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
kdePlasma6.enable = true;
git.enable = true;
nh.enable = true;
netbird.enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

210
system/profiles/homebox/default.nix Normal file
View File

@@ -0,0 +1,210 @@
{ config, pkgs, lib, inputs, ... }:
{
imports =
[
./hardware-configuration.nix
inputs.disko.nixosModules.default
(import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; device3 = "/dev/sda"; })
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
config = {
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_16;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
};
hardware = {
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
bluetooth.enable = true;
};
services = {
xserver = {
enable = false;
videoDrivers = ["nvidia"];
};
displayManager = {
enable = false;
defaultSession = "hyprland";
autoLogin = {
enable = true;
user = "nathan";
};
};
pulseaudio.enable = false;
hardware.openrgb = {
enable = true;
motherboard = "amd";
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
environment.sessionVariables = {
WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1";
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
nixpkgs.config.allowUnfree = true;
services.displayManager.sddm.settings.AutoLogin = {
User = "nathan";
Session = "hyprland";
Relogin = true;
};
networking = {
nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
networkmanager = {
enable = true;
dns = "none";
};
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "wlp7s0";
};
};
system.stateVersion = "23.05"; # Did you read the comment?
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};
services.getty = {
autologinUser = "nathan";
};
programs.zsh.shellInit = ''
if [ -z "''${WAYLAND_DISPLAY}" ] && [ "''${XDG_VTNR}" -eq 1 ]; then
dbus-run-session Hyprland
fi
'';
systemd.services.hyprland = {};
sysconfig = {
remoteBuildHost = true;
host = "homebox";
graphical = false;
users = {
nathan = {
extraGroups = [ "wheel" "networkmanager" ];
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
home-manager = {
enable = true;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = false;
hyprlock.enable = false;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = false;
calcurse.enable = true;
rofi.enable = false;
firefox.enable = false;
git.enable = true;
nh.enable = true;
};
services.hypridle.enable = lib.mkForce false;
home.packages = with pkgs; [
wayvnc
openrgb
];
}
];
};
};
};
services = {
sddm.enable = false;
openssh.enable = true;
pipewire.enable = true;
netbird.enable = true;
minecraft.enable = false;
};
programs = {
hyprland.enable = false;
hyprpanel.enable = false;
steam.enable = false;
};
virtualization = {
traefik.enable = true;
jellyfin.enable = true;
"esotericbytes.com".enable = true;
nextcloud.enable = true;
ntfy.enable = false;
gitea.enable = true;
n8n.enable = true;
keycloak.enable = true;
netbird.enable = true;
ollama.enable = true;
openwebui.enable = true;
homeassistant.enable = true;
wyoming = {
enable = true;
piper = false;
openwakeword = true;
faster-whisper = true;
};
rustdesk.enable = false; #broken
#pihole.enable = false; #broken
code-server.enable = false;
novnc.enable = false;
minecraft.enable = true;
sandbox.enable = false;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

145
system/profiles/homebox/disko.nix Normal file
View File

@@ -0,0 +1,145 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
device2,
device3,
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
ssd1 = {
device = device2;
type = "disk";
content = {
type = "gpt";
partitions = {
ssd1 = {
name = "ssd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "ssd1_vg";
};
};
};
};
};
hdd1 = {
device = device3;
type = "disk";
content = {
type = "gpt";
partitions = {
hdd1 = {
name = "hdd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "hdd1_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
ssd1_vg = {
type = "lvm_vg";
lvs = {
ssd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/ssd1" = {
mountOptions = [ "subvol=ssd1" "noatime" ];
mountpoint = "/ssd1";
};
};
};
};
};
};
hdd1_vg = {
type = "lvm_vg";
lvs = {
hdd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/hdd1" = {
mountOptions = [ "subvol=hdd1" "noatime" ];
mountpoint = "/hdd1";
};
};
};
};
};
};
};
};
}

39
system/profiles/homebox/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.br-de2feead48ad.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-blunkall-us.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-gitea.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-home-assnHYM.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-jellyfin.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-keycloak.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-n8n.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-netbird.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-nextcloud.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-ollama.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-traefik.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-wyoming.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
system/profiles/homebox/secrets.yaml Normal file
View File

@@ -0,0 +1,41 @@
nathan:
pass: ENC[AES256_GCM,data:HP/kF665VvIUybXmqaluJikeHWR0lvTXjA8Ry/dpbjDd3VUfiDuWFKlBkUzIZ1brAc86PV1xl4JWu2CNEz7uc3TmPuJ+GsFFOA==,iv:uPQZE7s3PvfShOaVCNRnnhXlcvA5aIiXRxi7UPbXfdU=,tag:Wg0IuCm4ljSPBmB/H2OSFA==,type:str]
authentik:
pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str]
secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
pihole:
pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str]
gitea:
dbpass: ENC[AES256_GCM,data:hVRLXACRECNSnXRn8BEP0ZFT,iv:zuIvzStek6OEu+P4Nh8Wsq9eRVt/zP8KGVXYZWjSvW0=,tag:m4t8vKNGhz8NqkDWbCRgnA==,type:str]
keycloak:
dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str]
netbird:
coturnPass: ENC[AES256_GCM,data:zB6P9RyTTKkXEOIhOyeJuF4Y,iv:8SWVfcdmMnXQJxezu3uanrlmFhR+hxXEJ3T7KA+YZqE=,tag:1H21K3kbZOuLOdN2zufWJw==,type:str]
gitlab:
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
secrets:
secret: ENC[AES256_GCM,data:3/26giCD58RErtEDxQ90KxRl3aa8oH4co2Urw21r7hHCKaoSti1VpYoBtlvHdr5j,iv:SwliwLWSFfTZoc31JSm9YKBDGKiPQE7ujkiGaZmCQUc=,tag:2KT5BpJukixvhb6tnZb6lw==,type:str]
otp: ENC[AES256_GCM,data:RWOkQVPRsrJgPVtx49hiWRMAxVOszKxaDl40XQDL+QoDuoZi03wSxHiu4Ix9X2BR,iv:uO+CTR5S4r1q7n1ycQw0hYdu8JflSrvkgLiBbCmT8mk=,tag:gqCwNOqD78lFtgxUPyUw3A==,type:str]
db: ENC[AES256_GCM,data:rF4IIp1uFSGa67LVm8fy4/qFOmZLInRcG2IAfnuZG3+xtS9Z2RXpNcTZNFBDdOaD,iv:/KYwf3ZH6w48L49rY/FmaGQOt3jGdOUTZ9vFhmLZG60=,tag:f38iYIgpgdjWF34qD1fz2w==,type:str]
jws: ENC[AES256_GCM,data:C+GVDeO319QGjq2+fBMr1LaY6/6Tuz6jWomkvFVul6ydJjmMFO3A9dYI66WWY6g2iZgYEWDKUikW1qDK5sGgU5ZAZzaqS01LUsSsPHUcMqIg/AjtcRfaEvHYODYPPSEwdISzhceDaim8yqhrNTIOHUHvOxcILvtUmsI61hNfVSnOQbqifIJDgGP7bKaf96t8+qcBvp/UBwP1qHj/m4jD83yc8Pdih+ZuPmyNdo3Ew0nbLTykYVX3XsrO1RlJ/Gp+KPfRSJzVGAnqUKr8mI+32LUpXSJ96bEGA67/blSh1dbBxSVo3K83aZYuY6vvXb+Et6qd4piZYKGCxA+waSrTkYHvSgS5vJRbCGWauXKCYFASxxqmdJ3cu+rbphbshBVA3SIPHhZxun6BWaP0qTYZyfB/YsSU4J+kYiE3UEYX9GYEAY9bsO89IYZSsTsmYke2EI4KMcjyUFstZ2WTYqCpwJ6CMAuerDEMHP6N3xCO5MVDZfE4sKKHpfSCVQg8ak7IxV+3jZvZi2tUbvZZf/tYORzPeTUSEpcC4cGwwAJd3XKUetaiuDwQVkLa13xotfL0d+Lwc6eZil0e/sureLqvQM6kpWhK7yscu2hKGOzxx/OZClry2Uyc1fL5iWWxvM8Djg+ShoAS5m3Nt0R+mcLdgaylkZvMl9gNWFO1uzlnhGnJQtekVaXCJ9f9QZt5RizJYwM9pMKhSDTZ0vd4y69iZpz3YXhKtkvYX02RIFtTiqsbyU0pXVjK0SpKsb5T+yphacGeZRwQS9QadW9dE6xQsxwwYC//swm5l6ke+DyZrcsc/J+MBHFuN71D2st+jtfywZYg/YT9EcCFOMjqEgfDq7YICgyqfqRGAdVWQy660T5Mi+gYKcHqbYXaaB3VNL2RGIu/uybih/7ynGRM2+0ro9oKJ+fEbdi1alSFFJ0IvA5lU6XHd2CSyizEC9ak+HBLkYeSqOPfItfLH82jRiUtrY5u4fIlioLQTA1aKHax6q8cIf30FCGenhjM6jMj2WpXKI16+1xK9Om9mg94YmFjM+erQh3o/fbPuMbkNaNJQwabupshBK2h3caaE0cDUnDukUFUANHz9q5LVxSkw39GTjGpovxQJiZHbSdeIC/AzFXRVA1ojhzkeuefygdP27Aa+fLjEBn2x8AcdhyP1n8lQyjy0Wnxq9hJDbVXJF93FIdcCmF/JGejgHcr3YZUMY4OFG9gzISDEdgR99fYvKM+A9Pj2JNtCQ5iKCctg5opIEKA1z4RIpRQs0KmXq3JgjWhU1LeOWaX2YzS5rCJWyhxnTJXGk4a/cMvhbLRjFOKcDNNMp8yJrXk1pth7nFOJ4Put6o67jtjbgpgnPuEdelnXEEaReCfJEo2z8zka63kYqbIvcG4W2pKwsA4tT0QctVwltRdYU8YyKuOpQJtKvVdlZL0oxOwxPioTT8fOebRBaecKhQKF4fp9UGlE/GStud6oFSbN685U2TKihvYNmfLRSWQk1Y/APyCRlhOmhFLaIzJxogdlKzpg4AEg/2SRoEZPsqyZThI8uhCIT1qG0UBiZBTjey322fsEEZtNxO5nX/JeBDOVty3sIGs1OKBTjMXSZ+nzU9AIH6dek9Bz+Fix7a90IkQUB5xtgrIYgCH34L4a0o1jWy5bzT9fl53VnbzrICcT/wdRU/GznYYjxlF2uRBKIu7s0glDmsPXCZuorqvJlr2hySgN/hJKOlrCghraUD14pRk4OfRVKULkPQ7betgaCVbsihXplodrAgJ0BdIbf3tKRC8Ghx8+mYAWNXj+PtWBydEjEirCH70SJu53gjF5mNgl2EIaHNK7jqBgXhDr2/7uH97Tl+S9ue+TDlpr067T5JAqU3fOqq+ZS4wqEvqMYRfXd/V2FjNbBpoH8UW6pMuFaM06DBI+6p9O9xBl1eP3Sy3vrBwK2pCwLbi0LdJ2apQTl/51ZXp2xaaUAAh1Fu/bM21V7ENa5sGxpSTYwdSLyPnd8usqECw9W1XDNUI2EmJnp9AelD/joNwuL6U7pydrNUCguCjxHfbd+m0vc/te53GerJlSXbjEWz53f3RjSB90AaA6sOGhi1BFiHYSAjzMdqVSj4M68r+UF3YIuEuoaOzrVrkb5st3tYD0dz+ORhxo44aKEzgohseha5fg0wcTz9orqkeP/FyoOeItG2UwNVAWWGh/lBtXh8c4ILUMolZ1m2DWiYj/pyDvODVnP96u6TvyMC0H8aolgGHn7nDMTi+mCIvNFQYeXdVrRCpWS9aQik=,iv:cxdargXx2a7pET7BjCSZ/yXL7AnxNqncyDQ7CR3E3AA=,tag:2xKXfhBjynDqlvH377lpSA==,type:str]
oidc:
id: ENC[AES256_GCM,data:b6o2cCCSXJ5bIhA47InfhqwjO5Tjr0Mls+7VT5cunFfEHkdOInxplw==,iv:txren/8jnAUvCI/k9cxN29ZkSgCuPEAo0IpyREf2E9A=,tag:BFOZrM18zUJMEACpLz7KRw==,type:str]
secret: ENC[AES256_GCM,data:4HPPbVBOeDjdL81d402Rz6Luk1DZbk8InHfO+Sx/OJIvUf/shkCRyp3hStIDC03bA8HV66GeejvWFte+vQ2b5X3Fl2GXfHQi7brMFVEYfYdR2XRdra0aOeSrHtW5uUn0MpVCRwYDb1JahIWhLyqcYyOpV91xjNiIVg8S3MHr+mo=,iv:c3Q4qPMxZJuoO5XRzUDZh5XJOtff9eiMTlOx+MDMSaE=,tag:07fIkN9YXXJMEV59QEFIag==,type:str]
nextcloud:
pass: ENC[AES256_GCM,data:U/VI/uHDT1a5O4iAHUVwsz/h,iv:W0hAXBddFKhXmDWHpCB2JhjPPTEGer7721WtIRxg4Zo=,tag:OE4wzibNaaXsbfFuk0dwTA==,type:str]
sops:
age:
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDVFhtcWkreVV6UmJkcW1P
WUluUTlOcjYzME1yVVNpVWJldXVsWG1vN3dNCmlvYURNV285anlIa3FrbXRVTERB
dXZDWHhEbFp3YWw5d2w4Y09vbUVCNHcKLS0tIEF4ZU5ZdWI5MVBtN0FOUUZDQUR4
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T05:54:41Z"
mac: ENC[AES256_GCM,data:hLxsJDB3kr00fVVlkGC7L/pP3AH+W+IZbt4zHxGb9C7bhgs1zkLdDGGW8uqitsYQP5ZqSq00raym+JGGREH0q+SepQB+yrB26yDsac6thzKV1Yr3sIMhKdzSHJiNEawUxI7pTToKG3e6XDz2S0r0i0AvAoA6abPHoPH4ihojoXE=,iv:lSKAiSdkP1FxVoeKtSYs4i3HcyouNUeBHRvAXXqiBKY=,tag:hJGw0QhvbUf9M3AXC67iFA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

106
system/profiles/iso/default.nix Normal file
View File

@@ -0,0 +1,106 @@
{ lib, pkgs, inputs, modulesPath, ... }: {
imports = with inputs; [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
home-manager.nixosModules.default
];
config = {
fonts.fontconfig.enable = lib.mkForce true;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
system.stateVersion = "25.05";
nixpkgs.hostPlatform = "x86_64-linux";
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
users.users.nixos.enable = lib.mkForce false;
services.getty.autologinUser = lib.mkForce null;
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
sysconfig = {
host = "iso";
graphical = true;
users = {
nathan = {
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
rofi.enable = true;
firefox.enable = true;
git.enable = false;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
};
};
}

142
system/profiles/jesstop/default.nix Normal file
View File

@@ -0,0 +1,142 @@
{ config, pkgs, lib, inputs, ... }:
{
imports = [
./hardware-configuration.nix
#inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig.opts = {
sddm.enable = true;
openssh.enable = false;
steam.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
git.enable = false;
nh.enable = true;
};
# Enable the X11 windowing system.
services.xserver = {
enable = true;
desktopManager.enlightenment.enable = true;
};
services.acpid.enable = true;
services.displayManager.enable = true;
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
# Enable CUPS to print documents.
services.printing.enable = true;
system.stateVersion = "23.05"; # Did you read the comment?
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

39
system/profiles/jesstop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

117
system/profiles/laptop/default.nix Normal file
View File

@@ -0,0 +1,117 @@
{ config, pkgs, lib, inputs, ... }:
{
imports = [
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_16;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig = with lib; {
remoteBuildClient = mkDefault true;
graphical = mkDefault true;
services = {
sddm.enable = mkDefault true;
openssh.enable = mkDefault false;
pipewire.enable = mkDefault true;
netbird.enable = mkDefault true;
ollama.enable = mkDefault true;
};
programs = {
steam.enable = mkDefault true;
hyprpanel.enable = mkDefault true;
hyprland.enable = mkDefault true;
};
virtualization = {
wyoming = {
enable = mkDefault false;
};
homeassistant = {
enable = mkDefault false;
};
};
};
# Enable the X11 windowing system.
services.xserver = {
enable = true;
};
services.displayManager.enable = true;
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
environment.shells = with pkgs; [ zsh bashInteractive ];
# Enable CUPS to print documents.
services.printing.enable = true;
programs.adb.enable = true;
programs.zsh.enable = true;
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

18
system/profiles/laptop/secrets.yaml Normal file
View File

@@ -0,0 +1,18 @@
nathan:
pass: ENC[AES256_GCM,data:H/duNPyclGoCF/Z90TQcqaUymowHOLRDmcfDxSubNGdmijknsCq+UH5PaWUmXGZ7uZqcpYWBcsVbYfQO/98OHH/kbwAFD/Hgkw==,iv:74M2PQqVzAgMXA8Z4RVLJKawt0Lzh94IKbn8YCTx3tY=,tag:B/xgA4mrhWEccaXQ+qvjCA==,type:str]
remoteBuildKey: ENC[AES256_GCM,data:CN7AyOCV4iYzYrwVh2Af5YB0nwR4raXfj5FbbeIZg5Bfha0sUPnLAG+oqVUyzVQA3yftFhfwPGaALOyb6VlT13pTifG+uEoyiq1dQP6dimlmk/p/6kVtg4aiETJ/61EUeQF/HTVTZ3F7akgQRsKNFQYbF2srcurPQSY0Q2gjlkkFA3A3aLoN2LrkFPJvtnNP6SJzXDFHVOTPmbc/DvF9UbMiYu0viIlfiPqeBs26lAqcOWhrYlOxKqEL2IoP3kADDncedxT42c1rCPB/2kGvKg+mXSlaIH3a0Hb8hrnjVUB0edyqYnNCurVhPF8mg2yoqrtyaxRkZKvUsa5LBZwS+iL9bYQdU/4hxT9c7wRC+ZtWkwF4l/gy8Ggc+VuB+YT9JUCJY96o8f2wKFup0BS+oiYLGJKpcOLMFrPJLEtOMrqPN/Z6+gZ9LVbhlSliIV/yUTJAa26el0w6tP9Ebs6tHiFakpkMahsBbRxmHBmqkHW5zfa5YpvD5Ii/EC+F8Vb/Efn6LkBZBwSB6K33NSOy,iv:4i0bGQe7wiDSvmygY2VNSEhuYfYIi9YY1g7qLgDTcMo=,tag:MJqOovOcZ97COsVjxZus8w==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MEIyRjR0a25UU3hnR2Zw
WXFaaXJYNWFSMmZsR1FsYVB1WlBkZWptSHhzCkRGRitnNkc3MEtjV05KRXlXT3RR
TVhnVlpUdzFiSEwxbHNOT3dyQ0dzbG8KLS0tIElMc3g4SHRxZTVnOCtVcktRb25D
Y2ZpR25VNGVoMi9ibW8wbW5rYTQ3R00Ka6/KLXSSRP9WJDV0RBHHS5nALfd/3xDu
y+QS+Ueh56kQT2zbYpYBRIPDgI3LZgwlTifQCDJ9ZPq0LGgu4XbEqQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-23T03:46:50Z"
mac: ENC[AES256_GCM,data:QJLMqnmkrgtTqqmLN9NCfV8PPm5N/F0gtGw/XlX+nnfbesGVeYubSjtHmYWmY7ha41jEvLYu8rmIXaxDepfogyOf4wzuRPLkJxO7Wu0UVdr5uZlHNrcxZh4Ex6YGgg8Lbcjs0iVCev66lWfuhuxuvPOKsGLZvoNTq0V1hLpo/Fw=,iv:VFrL0L6tC1JvWM3BOJP4Dh+q1xSMBecCtPnNcY/loAU=,tag:p5VmBaGPTxyTmm1Ha9Le3Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

121
system/profiles/live/default.nix Normal file
View File

@@ -0,0 +1,121 @@
{ pkgs, inputs, ... }: {
imports = with inputs; [
disko.nixosModules.default
(import ./disko.nix { device = "/dev/mmcblk0"; })
sops-nix.nixosModules.sops
home-manager.nixosModules.default
];
config = {
hardware.enableRedistributableFirmware = true;
hardware.enableAllHardware = true;
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."nathan/pass".neededForUsers = true;
};
sysconfig = {
#remoteBuildClient = true;
host = "live";
graphical = true;
users = {
nathan = {
extraGroups = [ "wheel" "networkmanager" ];
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
#git.enable = true;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
};
system.stateVersion = "25.05";
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

66
system/profiles/live/disko.nix Normal file
View File

@@ -0,0 +1,66 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
}

17
system/profiles/live/secrets.yaml Normal file
View File

@@ -0,0 +1,17 @@
nathan:
pass: ENC[AES256_GCM,data:0hmcbyTLbmadTAMoSeOgBmpqgtCKtfrY1EIxIUoxgo+3297+jZqcsSmhPlFKtbornezm+7uPRzaVRHyp2G0Ee6mG4FbzUfGYFg==,iv:F2aTS/BPPxTemu4vEy9H0FY0HUEBWaRFeaoMr8TJbmA=,tag:Ai90KJluCimR6OG5BtCnVQ==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUF3YWY2STgwc1pzREJP
QndUajV6WUJFZEdtOGNOQ05Ua1hGM25IbzJJCjF3Z24rc0JwMSt5bnpIVDZ0ZGJG
ZE9LdEU3bXhsMUxEL0hlMTNTc0VkR0kKLS0tIHhWOGJocS94eWJUSXdtaldJSG50
TjZCN3RneGtJa0hLNU1yTUlLMDJpcEUKNvpcKkNXeRyFsn0CRjSKNb89l1864I6A
Yzijw0c0BVfivhn2wAyq0fYuw2rT+vIJdFUHvIgxkpkZFl4n/RucOQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-31T19:51:15Z"
mac: ENC[AES256_GCM,data:L4SK7iaPX3dPJTyl2RgSuqMcoFRm8q9k64TsroV3tT1uWn0J9XRBj9KXgGj/qLloQkgmZsmtct8w2x5tYYosh5k1+056/DeTD8l/Nw5339qKJppRjg6jYNtw02ZGPSNFQdmGNQU9NOOuT8Q94sl0mphwlYhFV1Tf1r/AoSg1ja8=,iv:/qEVdxOR8CDJ2plE8Ez9ML+u+lKPmsNfV0GyXgBbQRk=,tag:EyjdJzvuHXn+0+5hOk0dVg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

145
system/profiles/pi4/default.nix Normal file
View File

@@ -0,0 +1,145 @@
{ config, pkgs, inputs, ... }: {
imports = [
./hardware-configuration.nix
inputs.disko.nixosModules.default
(import ./disko.nix { device1 = "/dev/mmcblk0"; })
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
config = {
sysconfig = {
remoteBuildClient = true;
users = {
nathan = {
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
];
extraGroups = [
"wheel"
"networkmanager"
"gpio"
"spi"
"audio"
"pulse"
"pulse-access"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
scripts.enable = false;
minimal = true;
mpd.enable = true;
git.enable = true;
nh.enable = true;
};
}
];
};
};
};
services = {
openssh.enable = true;
#pipewire.enable = true;
netbird.enable = true;
};
};
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
};
}

66
system/profiles/pi4/disko.nix Normal file
View File

@@ -0,0 +1,66 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
}

27
system/profiles/pi4/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

17
system/profiles/pi4/secrets.yaml Normal file
View File

@@ -0,0 +1,17 @@
nathan:
pass: ENC[AES256_GCM,data:O8d4PQ==,iv:CClnfFd/xUrfLBIb2ZDlBYm1GQVWwawMqePRYnRtSeE=,tag:mk++Mml+x5xT7aHiOQv25Q==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MEIyRjR0a25UU3hnR2Zw
WXFaaXJYNWFSMmZsR1FsYVB1WlBkZWptSHhzCkRGRitnNkc3MEtjV05KRXlXT3RR
TVhnVlpUdzFiSEwxbHNOT3dyQ0dzbG8KLS0tIElMc3g4SHRxZTVnOCtVcktRb25D
Y2ZpR25VNGVoMi9ibW8wbW5rYTQ3R00Ka6/KLXSSRP9WJDV0RBHHS5nALfd/3xDu
y+QS+Ueh56kQT2zbYpYBRIPDgI3LZgwlTifQCDJ9ZPq0LGgu4XbEqQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-01T23:42:11Z"
mac: ENC[AES256_GCM,data:7kHz3rhmzaieuY97ISA7RmEQnPn6E7Ta6sioPXvVBCLOmgwqhtITDXZw7be7/Da/BZr7O2rFcw6RaFiOdreLEzz9Kp8c5AzqXa5V6Mxhs0XJPFZ4Xkabzc3cBrm6QqKVi5PSUjPv6wDmZP7tvgzS/pny9SBmzlWOItSvs3Dw+5I=,iv:yNdtnJkmt3veZj6sDrbuNpBFc9UQVYaWlG6zmfdyfI4=,tag:tRwXGMHtQtXWrTzzMFFN0w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

9
system/programs/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }: {
imports = [
./hyprland
./hyprpanel
./steam
];
}

26
system/programs/hyprland/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, lib, pkgs, inputs, ... }: {
options.sysconfig.programs.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.hyprland.enable {
sysconfig.services.sddm.enable = lib.mkDefault true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.hyprland = {
enable = true;
xwayland.enable = true;
systemd.setPath.enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
};
}

30
system/programs/hyprpanel/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.hyprpanel.enable {
services = {
upower.enable = true;
gvfs.enable = true;
power-profiles-daemon.enable = true;
};
environment.systemPackages = with pkgs; [
bluez
bluez-tools
libgtop
dart-sass
wl-clipboard
gtksourceview
libsoup_3
brightnessctl
swww
hyprpicker
hyprsunset
wf-recorder
];
};
}

14
system/programs/steam/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, lib, ... }: {
options.sysconfig.programs.steam.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.steam.enable {
programs.steam = {
enable = true;
};
};
}

37
system/secrets.yaml Normal file
View File

@@ -0,0 +1,37 @@
remoteBuildClientKeys:
laptop: ENC[AES256_GCM,data:SZRAZ36nSueWVLcdvpgZpltp/aORqAObFWhgqtIrTYccoK/3F7l0J+VJzF51FASa6spbGJL2BSbzOygyal609pvJc9Hb9bIN85GMzV1P4lha62iC8dkuVLXezPU=,iv:veQJxL4QTxFg2UKm2+I3RQXyuwW2rXEV/gXIQ7nBtlY=,tag:9C9Ltzwz823yY029p9K41A==,type:str]
pi4: ENC[AES256_GCM,data:zT7V70DbBj5OIl5dTkUjvdqrxSiPcc+oFvL7R2ZAuytSQWdo9MR+WuuhN1Zeo0Ho9eGcbS+Qwr/Vs+yIYU+XaUlgawHM6aiUXoQmQE/yJFOPYUcmi0R4mxD0nkPZ0w==,iv:HQ+bxpeHZq9cezF6omZ1OMecfOw74pXzBujndhXnLPM=,tag:AM5O21nYzb4xzybOPvBwRg==,type:str]
android: ENC[AES256_GCM,data:srkEb7oAxcN5++sTWQo43C8M4JNpfeeJlcGLGUA6gp74kcES1HnIs87ZtCik121oMSYD15LZ8p/x/AV2QdGMobQFxoMQ2NEehhP66n2EoXcEos3BXqUlbphiBGMRfVK9+w==,iv:bmDbVfVSZLU+EsZh/GBBY9QVcfHZJB9gLZYeI3NYoGY=,tag:biE4/DN7z2wRyFBjK7vEnQ==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSkFZWVVMWHRTSkM3amVY
UkR5OHlDdE1ESnd3Wm5sajVodFFnWDhybVVBCnhsZ0w5bWZMOUJKR0RrT1dNTkVW
cmMrc0ZyMWhUVXRaYkF3MElsWGJTMnMKLS0tIHdScGVCUFlXMzZiSnp2OGh0RXhu
cUFTZmdBU1ViRUthWWhKeXNkKzJIdW8KYKlEW0yjxf2vS/SC8Jt3lw9/+NoAyRlZ
WrTY0SMPiIDKObXzohUTr0fKj3cghIzG9dfXJQ9FZFtDAE+ilrvS9Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRzFSWjU2RnpXcHBHVzlG
SVl5aEJRQWlqcTNwQTNCUHR6VkRVTHl5WmpRClVHdzcxeFJ4S3B3MVNpckJvNzkx
YmhZR1hDcWdNU2U1eXdzRTAzcGdCUTgKLS0tIGY0MnovTzY0eG9qVGxDQXF2dVI2
N2IvdjR1a2xUb3g5ZG9KdW14WS9wcEUK53smO1nk5+PeY6eW5DMLpspAUkGOVnxB
AvQmczyKI2SgL4TA/luHAYDPLrnAZHlHenqDPh9jtWrvKfJLv6W1vw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcG5GMDFNWitQbmdQVEV5
NFRIOWR1ODFIZEh2SUNmYlBZUUxVWlZpeDMwCnpoWS9jc1U3blREZEMvMjFvczZw
TGI4N2xoMTNSY2kxZkZGdGVrTHRNRlkKLS0tIEQ2V1cveDJrZmEwWmhqV1QweHJM
NXNhczV5Y3o3dmJ2RVk3eDBRd1FDdEkK4ELlB6suN3R3GJ6XRQCvE9mgiXUOMFs3
Yi+VfJTi3pkUQEi8MZP64Nl6IR5dXjUoPXFhBNcplmLf09JDjH4LJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-26T22:28:31Z"
mac: ENC[AES256_GCM,data:hTEenm/UO84leu7alRdWlicKKrwNlaRR7ZQzhDtOCUcXemvwe30WkSq2mdzOnSo0uMSg1HZIlna8oRUd31ENe1aWfl69PlYPxEicmN5UHykVboXydw6m0yPoAqHj+nqG/vkWsVp0JN8HvTc59mzD+1DfydhJA3m0juaa81w5GsY=,iv:HBkE78QhX1wZANpvDW7nOIOTKBdCv0/dUc1Xv5+OQmQ=,tag:6I2z8MgZxnXjqd4iikA9nQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

75
system/services/containers/authentik/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{ config, lib, inputs, ... }: {
options.sysconfig.virtualization.authentik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
imports = [
inputs.sops-nix.nixosModules.sops
];
config = lib.mkIf config.sysconfig.virtualization.authentik.enable {
sops.secrets."authentik/dbpass" = {};
networking = {
nat.internalInterfaces = [ "ve-authentik" ];
};
containers.authentik = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.35";
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."authentik/dbpass".path}"
];
bindMounts = {
"/etc/authentik" = {
hostPath = "/ssd1/Authentik";
isReadOnly = false;
};
};
config = {
networking.firewall.allowedTCPPorts = [ 9001 ];
systemd.services.secrets_setup = {
wantedBy = [ "authentik.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/authentik/dbpass
chown postgres:postgres /etc/authentik/dbpass
'';
};
services.authentik = {
enable = true;
environmentFile = "/etc/authentik/authentik.env";
settings = {
disable_startup_analytics = true;
avatars = "initials";
};
worker.listenHTTP = "0.0.0.0:9001";
};
system.stateVersion = "25.05";
};
};
};
}

41
system/services/containers/code-server/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.code-server.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.code-server.enable {
containers.code-server = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
config = {
services.code-server = {
enable = true;
#hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableUpdateCheck = true;
disableTelemetry = true;
disableGettingStartedOverride = true;
auth = "none";
host = "0.0.0.0";
};
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
};
};
};
}

25
system/services/containers/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{ ... }: {
imports = [
./gitlab
./gitea
./traefik
./nginx
./jellyfin
./pihole
./nextcloud
./ntfy
./homeassistant
./rustdesk
./netbird
./keycloak
./ollama
./openwebui
./n8n
./wyoming
./code-server
./novnc
./minecraft
./sandbox
];
}

121
system/services/containers/gitea/default.nix Normal file
View File

@@ -0,0 +1,121 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.virtualization.gitea.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.gitea.enable {
networking = {
hosts."192.168.100.20" = [ "gitea.esotericbytes.com" ];
nat.internalInterfaces = [ "ve-gitea" ];
};
sops.secrets = {
"gitea/dbpass" = {};
};
services.openssh.ports = [
2222
];
networking.firewall.allowedTCPPorts = [
22
];
containers.gitea = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
forwardPorts = [
{
containerPort = 22;
hostPort = 22;
}
];
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
];
config = {
systemd.services.secrets_setup = {
wantedBy = [ "gitea.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
chown gitea:gitea /etc/gitea/*
'';
};
services.gitea = {
enable = true;
stateDir = "/etc/gitea/data";
dump.enable = false;
appName = "Gitea";
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = {
ENABLED = true;
RUN_AT_START = true;
};
};
database = {
passwordFile = "/etc/gitea/dbpass";
type = "postgres";
};
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
networking.firewall.allowedTCPPorts = [ 22 3000 ];
system.stateVersion = "24.11";
};
};
};
}

172
system/services/containers/gitlab/default.nix Normal file
View File

@@ -0,0 +1,172 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.virtualization.gitlab.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.gitlab.enable {
sops.secrets = {
"gitlab/db_pass" = {};
"gitlab/root_pass" = {};
"gitlab/secrets/secret" = {};
"gitlab/secrets/otp" = {};
"gitlab/secrets/db" = {};
"gitlab/secrets/jws" = {};
"gitlab/oidc/id" = {};
"gitlab/oidc/secret" = {};
};
services.openssh.ports = [
2222
];
networking.firewall.allowedTCPPorts = [
22
2222
];
containers.gitlab = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.16";
forwardPorts = [
{
containerPort = 22;
hostPort = 22;
}
];
bindMounts = {
"/etc/gitlab/data" = {
hostPath = "/ssd1/Gitlab/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitlab/db_pass".path}"
"--load-credential=rootpass:${config.sops.secrets."gitlab/root_pass".path}"
"--load-credential=secret:${config.sops.secrets."gitlab/secrets/secret".path}"
"--load-credential=otp:${config.sops.secrets."gitlab/secrets/otp".path}"
"--load-credential=db:${config.sops.secrets."gitlab/secrets/db".path}"
"--load-credential=jws:${config.sops.secrets."gitlab/secrets/jws".path}"
"--load-credential=oidc_id:${config.sops.secrets."gitlab/oidc/id".path}"
"--load-credential=oidc_secret:${config.sops.secrets."gitlab/oidc/secret".path}"
];
config = {
systemd.services.secrets_setup = {
wantedBy = [ "gitlab.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
"rootpass"
"secret"
"db"
"otp"
"jws"
"oidc_id"
"oidc_secret"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitlab/dbpass
cat ''${CREDENTIALS_DIRECTORY}/rootpass > /etc/gitlab/rootpass
cat ''${CREDENTIALS_DIRECTORY}/secret > /etc/gitlab/secret
cat ''${CREDENTIALS_DIRECTORY}/db > /etc/gitlab/db
cat ''${CREDENTIALS_DIRECTORY}/otp > /etc/gitlab/otp
cat ''${CREDENTIALS_DIRECTORY}/jws > /etc/gitlab/jws
cat ''${CREDENTIALS_DIRECTORY}/oidc_id > /etc/gitlab/oidc-id
cat ''${CREDENTIALS_DIRECTORY}/oidc_secret > /etc/gitlab/oidc-secret
chown gitlab:gitlab /etc/gitlab/*
'';
};
services.gitlab = {
enable = true;
#https = true;
#port = 443;
host = "gitlab.blunkall.us";
databasePasswordFile = "/etc/gitlab/dbpass";
initialRootPasswordFile = "/etc/gitlab/rootpass";
statePath = "/etc/gitlab/data";
secrets = {
secretFile = "/etc/gitlab/secret";
otpFile = "/etc/gitlab/otp";
dbFile = "/etc/gitlab/db";
jwsFile = "/etc/gitlab/jws";
};
extraConfig = {
gitlab = {
default_project_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = [ "openid_connect" ];
sync_email_from_provider = "openid_connect";
sync_profile_from_provider = [ "openid_connect" ];
sync_profile_attributes = [ "email" ];
auto_link_saml_user = true;
auto_link_user = [ "openid_connect" ];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "Authentik SSO";
args = {
name = "openid_connect";
scope = [ "openid" "profile" "email" ];
response_type = "code";
issuer = "https://auth.blunkall.us/application/o/gitlab/";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
send_scope_to_token_endpoint = true;
pkce = true;
client_options = {
identifier = { _secret = "/etc/gitlab/oidc-id"; };
secret = { _secret = "/etc/gitlab/oidc-secret"; };
redirect_uri = "https://gitlab.blunkall.us/users/auth/openid_connect/callback";
};
};
}
];
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"gitlab.blunkall.us" = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
services.openssh.enable = true;
systemd.services.gitlab-backup.environment.BACKUP = "dump";
networking.firewall.allowedTCPPorts = [ 22 80 ];
system.stateVersion = "24.05";
};
};
};
}

52
system/services/containers/homeassistant/default.nix Normal file
View File

@@ -0,0 +1,52 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.homeassistant = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
configvol = lib.options.mkOption {
type = lib.types.str;
default = "/ssd1/Home-Assistant/data:/config";
};
};
config = lib.mkIf config.sysconfig.virtualization.homeassistant.enable {
networking = {
hosts."192.168.100.25" = [ "hass.local" ];
nat.internalInterfaces = [ "ve-home-assnHYM" ];
};
containers.home-assistant = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.25";
config = {
services.home-assistant = {
enable = true;
openFirewall = true;
extraComponents = [
"wyoming"
"ollama"
];
config = {
homeassistant.unit_system = "us_customary";
};
configWritable = true;
};
system.stateVersion = "25.05";
};
};
};
}

39
system/services/containers/jellyfin/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.jellyfin.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.jellyfin.enable {
containers.jellyfin = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.14";
bindMounts = {
"/etc/jellyfin" = {
hostPath = "/ssd1/Jellyfin";
isReadOnly = false;
};
};
config = {
services.jellyfin = {
enable = true;
dataDir = "/etc/jellyfin/data";
configDir = "/etc/jellyfin/config";
logDir = "/etc/jellyfin/log";
openFirewall = true;
};
system.stateVersion = "24.05";
};
};
};
}

81
system/services/containers/keycloak/default.nix Normal file
View File

@@ -0,0 +1,81 @@
{ config, lib, inputs, ... }: {
options.sysconfig.virtualization.keycloak.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
imports = [
inputs.sops-nix.nixosModules.sops
];
config = lib.mkIf config.sysconfig.virtualization.keycloak.enable {
sops.secrets."keycloak/dbpass" = {};
networking = {
nat.internalInterfaces = [ "ve-keycloak" ];
};
containers.keycloak = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.22";
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."keycloak/dbpass".path}"
];
bindMounts = {
"/etc/keycloak" = {
hostPath = "/ssd1/Keycloak";
isReadOnly = false;
};
};
config = {
networking.firewall.allowedTCPPorts = [ 80 ];
systemd.services.secrets_setup = {
wantedBy = [ "keycloak.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/keycloak/dbpass
chown postgres:postgres /etc/keycloak/dbpass
'';
};
services.keycloak = {
enable = true;
database.passwordFile = "/etc/keycloak/dbpass";
settings = {
hostname = "auth.esotericbytes.com";
http-enabled = true;
proxy-headers = "xforwarded";
proxy-trusted-addresses = "192.168.100.11";
};
initialAdminPassword = "7567";
};
system.stateVersion = "25.05";
};
};
};
}

109
system/services/containers/minecraft/default.nix Normal file
View File

@@ -0,0 +1,109 @@
{ config, lib, pkgs, inputs, ... }: {
options.sysconfig.virtualization.minecraft.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.minecraft.enable {
networking = {
firewall = {
allowedTCPPorts = [ 25565 ];
allowedUDPPorts = [ 25565 ];
};
nat.internalInterfaces = [ "ve-minecraft" ];
};
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
containers.minecraft = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.29";
forwardPorts = [
{
containerPort = 25565;
hostPort = 25565;
protocol = "tcp";
}
{
containerPort = 25565;
hostPort = 25565;
protocol = "udp";
}
];
config = {
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
];
environment.systemPackages = with pkgs; [ tmux ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
dataDir = "/var/lib/mcservers";
managementSystem.systemd-socket.enable = true; #temp
servers = {
vanilla = {
enable = true;
package = pkgs.fabricServers.fabric-1_21_8;
serverProperties = {
server-port = 25565;
gamemode = "survival";
difficulty = 2;
white-list = true;
motd = "Didn't see that coming huh?";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
};
modded = {
enable = false;
#package = pkgs.fabricServers.fabric-1_21_1.override { loaderVersion = "0.16.14"; };
package = pkgs.fabricServers.fabric-1_21_1;
jvmOpts = [ "-Xms8000M" "-Xmx12000M" ];
serverProperties = {
server-port = 25566;
gamemode = "survival";
white-list = true;
allow-flight = true;
motd = "Ex-plo-sion!!!";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
symlinks = {
"mods" = ./mods;
};
};
};
};
system.stateVersion = "25.05";
};
};
};
}

64
system/services/containers/n8n/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.n8n.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.n8n.enable {
networking = {
hosts."192.168.100.21" = [ "n8n.local" ];
nat.internalInterfaces = [ "ve-n8n" ];
};
containers.n8n = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.21";
config = {
nixpkgs.config.allowUnfree = true;
services.n8n = {
enable = true;
openFirewall = true;
environment = {
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
#webhookUrl = "https://n8n.blunkall.us/";
};
/*
systemd.services.n8n = {
environment = {
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
};
*/
system.stateVersion = "25.05";
};
};
};
}

246
system/services/containers/netbird/default.nix Normal file
View File

@@ -0,0 +1,246 @@
{ config, lib, inputs, ... }: {
options.sysconfig = {
services.netbird.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
virtualization.netbird = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
};
config = let
pkgs-com = import inputs.nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
services.netbird = {
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
#package = pkgs-com.netbird-ui;
};
#package = pkgs-com.netbird;
};
networking = {
firewall = lib.mkIf config.sysconfig.virtualization.netbird.enable {
allowedUDPPorts = [ 3478 ];
allowedUDPPortRanges = [{ from = 51100; to = 56100; }];
};
nat.internalInterfaces = [ "ve-netbird" ];
};
sops.secrets."netbird/coturnPass" = lib.mkIf config.sysconfig.virtualization.netbird.enable {};
containers.netbird = lib.mkIf config.sysconfig.virtualization.netbird.enable {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.23";
forwardPorts = [
{
hostPort = 3478;
containerPort = 3478;
protocol = "udp";
}
] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 51100 + y) (56100 - 51100));
extraFlags = [
"--load-credential=coturnPass:${config.sops.secrets."netbird/coturnPass".path}"
];
config = {
services.nginx.virtualHosts."vpn.esotericbytes.com" = {
listen = [
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
};
services.netbird = {
server = {
enable = true;
enableNginx = true;
domain = "vpn.esotericbytes.com";
dashboard = {
enable = true;
enableNginx = true;
settings = {
AUTH_AUTHORITY = "https://auth.esotericbytes.com/realms/General";
AUTH_CLIENT_ID = "netbird";
AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api";
AUTH_AUDIENCE = "netbird";
USE_AUTH0 = false;
NETBIRD_TOKEN_SOURCE = "accessToken";
};
package = pkgs-com.netbird-dashboard;
};
management = {
enable = true;
enableNginx = true;
disableAnonymousMetrics = true;
dnsDomain = "vpn";
turnDomain = "vpn.esotericbytes.com";
turnPort = 3478;
logLevel = "DEBUG";
oidcConfigEndpoint = "https://auth.esotericbytes.com/realms/General/.well-known/openid-configuration";
settings = {
"TURNConfig" = {
"Turns" = [
{
"Proto" = "udp";
"URI" = "turn:vpn.esotericbytes.com:3478";
"Username" = "netbird";
"Password"._secret = "/etc/netbird/coturnPass";
}
];
"Secret"._secret = "/etc/netbird/coturnPass";
};
"DataStoreEncryptionKey" = null;
"HttpConfig" = {
"Address" = "0.0.0.0:443";
"AuthIssuer" = "https://auth.esotericbytes.com/realms/General";
"AuthAudience" = "netbird";
"AuthKeysLocation" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/certs";
"AuthUserIDClaim" = "";
"CertFile" = "";
"CertKey" = "";
"IdpSignKeyRefreshEnabled" = false;
"OIDCConfigEndpoint" = "https://auth.esotericbytes.com/realms/General/.well-known/openid-configuration";
};
"DeviceAuthorizationFlow" = {
"Provider" = "none";
"ProviderConfig" = {
"Audience" = "netbird";
"AuthorizationEndpoint" = "";
"Domain" = "";
"ClientID" = "";
"ClientSecret" = "";
"TokenEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/token";
"DeviceAuthEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/auth/device";
"Scope" = "openid";
"UseIDToken" = false;
"RedirectURLs" = null;
};
};
"IdpManagerConfig" = {
"ManagerType" = "keycloak";
"ClientConfig" = {
"Issuer" = "https://auth.esotericbytes.com/realms/General";
"TokenEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/token";
"ClientID" = "netbird-backend";
"ClientSecret" = "QuqjTOAHKE6N6jJqkB1F1RGo3kqUhEdg";
"GrantType" = "client_credentials";
};
"ExtraConfig" = {
"AdminEndpoint" = "https://auth.esotericbytes.com/admin/realms/General";
};
"Auth0ClientCredentials" = null;
"AzureClientCredentials" = null;
"KeycloakClientCredentials" = null;
"ZitadelClientCredentials" = null;
};
"PKCEAuthorizationFlow" = {
"ProviderConfig" = {
"Audience" = "netbird";
"ClientID" = "netbird";
"ClientSecret" = "";
"Domain" = "";
"AuthorizationEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/auth";
"TokenEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/token";
"Scope" = "openid profile email offline_access api";
"RedirectURLs" = [
"http://localhost:53000"
];
"UseIDToken" = false;
"DisablePromptLogin" = false;
};
};
};
port = 443;
};
coturn = {
enable = true;
user = "netbird";
passwordFile = "/etc/netbird/coturnPass";
openPorts = map (x: x) (builtins.genList (y: 51100 + y) (56100 - 51100));
};
signal = {
enable = true;
enableNginx = true;
};
};
};
systemd.services.secrets_setup = {
wantedBy = [ "netbird-management.service" "coturn.service" ];
serviceConfig = {
LoadCredential = [
"coturnPass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/coturnPass > /etc/netbird/coturnPass
'';
};
networking.firewall = {
allowedTCPPorts = [ 80 ];
allowedUDPPorts = [ 3478 ];
allowedUDPPortRanges = [{ from = 51100; to = 56100; }];
};
system.stateVersion = "25.05";
};
};
};
}

81
system/services/containers/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,81 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.nextcloud.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.nextcloud.enable {
sops.secrets."nextcloud/pass" = {};
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.15";
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "/ssd1/Nextcloud/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=nextcloud-admin-pass:${config.sops.secrets."nextcloud/pass".path}"
];
config = { config, lib, pkgs, ... }: {
systemd.services.secrets_setup = {
wantedBy = [ "nextcloud-setup.service" ];
serviceConfig = {
LoadCredential = [
"nextcloud-admin-pass"
];
};
script = ''
cat $CREDENTIALS_DIRECTORY/nextcloud-admin-pass > /etc/nextcloud-admin-pass
chown nextcloud:nextcloud /etc/nextcloud-admin-pass
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."192.168.100.15".listen = [ { addr = "0.0.0.0"; port = 80; } ];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud31;
hostName = "192.168.100.15";
config = {
adminpassFile = "/etc/nextcloud-admin-pass";
adminuser = "root";
dbtype = "mysql";
};
https = true;
home = "/var/lib/nextcloud";
appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit mail contacts calendar tasks user_oidc;
inherit impersonate end_to_end_encryption notes spreed music memories phonetrack;
};
extraAppsEnable = true;
settings = {
overwriteprotocol = "https";
trusted_domains = [ "nextcloud.esotericbytes.com" ];
trusted_proxies = [ "192.168.100.11" ];
default_phone_region = "US";
};
database.createLocally = true;
};
system.stateVersion = "24.05";
};
};
};
}

48
system/services/containers/nginx/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{ config, lib, ... }: {
options.sysconfig.virtualization."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization."esotericbytes.com".enable {
containers.esotericbytes-com = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
bindMounts = {
"/var/www/data" = {
hostPath = "/ssd1/esotericbytes-com/data";
isReadOnly = false;
};
};
config = {
services.nginx = {
enable = true;
virtualHosts = {
"esotericbytes.com" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
"homebox.vpn/esotericbytes" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};
}

54
system/services/containers/novnc/default.nix Normal file
View File

@@ -0,0 +1,54 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.virtualization.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.novnc.enable {
networking = {
hosts."192.168.100.30" = [ "novnc.local" ];
firewall.interfaces."ve-novnc" = lib.mkIf config.sysconfig.virtualization.novnc.enable {
allowedTCPPorts = [ 5900 ];
allowedUDPPorts = [ 5900 ];
};
};
containers.novnc = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.30";
config = {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 192.168.100.10:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
};
};
};
}

43
system/services/containers/ntfy/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.ntfy.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.ntfy.enable {
containers.ntfy = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
config = {
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.blunkall.us";
listen-http = ":80";
behind-proxy = true;
upstream-base-url = "https://ntfy.sh";
auth-default-access = "deny-all";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};
}

89
system/services/containers/ollama/default.nix Normal file
View File

@@ -0,0 +1,89 @@
{ config, lib, inputs, ... }: {
options = {
sysconfig.virtualization.ollama.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.virtualization.ollama.enable {
containers.ollama = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.24";
bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];
config = {
services.ollama = {
enable = true;
acceleration = "cuda";
package = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama;
host = "0.0.0.0";
loadModels = [ "llama3.1:8b" ];
openFirewall = true;
};
system.stateVersion = "25.05";
};
};
};
}

33
system/services/containers/openwebui/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }: {
options = {
sysconfig.virtualization.openwebui.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.virtualization.openwebui.enable {
containers.openwebui = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.33";
config = {
services.open-webui = {
enable = true;
package = pkgs.open-webui;
openFirewall = true;
host = "0.0.0.0";
};
system.stateVersion = "25.05";
};
};
};
}

118
system/services/containers/pihole/default.nix Normal file
View File

@@ -0,0 +1,118 @@
{ config, lib, pkgs, inputs, ... }: {
options.sysconfig.virtualization.pihole.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.pihole.enable {
/* sops.secrets."pihole/pass" = {};
sops.templates."pihole.env" = {
content = ''
WEBPASSWORD=${config.sops.placeholder."pihole/pass"}
'';
path = "/ssd1/Pihole/.env";
};
*/
networking = {
nat.internalInterfaces = [ "ve-pihole" ];
nameservers = [ "192.168.100.28" ];
};
containers.pihole = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.28";
timeoutStartSec = "infinity";
config = let
pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; };
in {
/*imports = [
(import "${inputs.nixpkgs-us}/nixos/modules/services/networking/pihole-ftl.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;})
(import "${inputs.nixpkgs-us}/nixos/modules/services/web-apps/pihole-web.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;})
];*/
services = {
pihole-web = {
enable = true;
package = pkgs-us.pihole-web;
#hostName = "192.168.100.28";
ports = [ 80 ];
};
pihole-ftl = {
enable = true;
package = pkgs-us.pihole-ftl;
openFirewallDNS = true;
openFirewallWebserver = true;
lists = [
{
url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
}
];
settings = {
dns.upstreams = [ "127.0.0.1#5335" ];
files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
};
};
unbound = {
enable = true;
resolveLocalQueries = true;
settings = {
server = {
interface = [ "127.0.0.1" ];
port = 5335;
};
};
};
};
users.users."root" = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICe6Ito5m9c4Tij8zI74L8hnd/QRchEO/cc5CH94mjMC nathan@homebox"
];
};
networking = {
firewall.allowedTCPPorts = [ 22 ];
#nameservers = [ "1.1.1.1" "1.0.0.1" ];
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = lib.mkForce "yes";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
system.stateVersion = "25.05";
};
};
};
}

85
system/services/containers/rustdesk/default.nix Normal file
View File

@@ -0,0 +1,85 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.rustdesk.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.rustdesk.enable {
/*networking = {
firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
firewall.allowedUDPPorts = [ 21116 ];
};*/
containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
{
containerPort = 21119;
hostPort = 21119;
protocol = "tcp";
}
];*/
config = {
services.rustdesk-server = {
enable = true;
openFirewall = true;
relay = {
enable = true;
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
signal = {
enable = true;
#relayHosts = [ "blunkall.us" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
};
system.stateVersion = "24.05";
};
};
};
}

89
system/services/containers/sandbox/default.nix Normal file
View File

@@ -0,0 +1,89 @@
{ config, lib, inputs, ... }: {
options.sysconfig.virtualization.sandbox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
disabledModules = [
"virtualisation/nixos-containers.nix"
];
imports = [
(import "${inputs.nixpkgs-us}/nixos/modules/virtualisation/nixos-containers.nix" {
inherit config lib;
pkgs = (import inputs.nixpkgs-us {
system = "x86_64-linux";
});
})
];
config = lib.mkIf config.sysconfig.virtualization.sandbox.enable {
networking = {
nat.internalInterfaces = [ "ve-sandbox" ];
};
containers.sandbox = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true;
timeoutStartSec = "3min";
flake = "${inputs.self}";
bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];
};
};
}

243
system/services/containers/traefik/default.nix Normal file
View File

@@ -0,0 +1,243 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.traefik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.traefik.enable {
networking = {
hosts."192.168.100.11" = [ "esotericbytes.com" "*.esotericbytes.com" "traefik.local" ];
firewall.allowedTCPPorts = [ 22 80 443];
nat.internalInterfaces = [ "ve-traefik" ];
};
containers.traefik = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
forwardPorts = [
{
containerPort = 80;
hostPort = 80;
}
{
containerPort = 443;
hostPort = 443;
}
];
bindMounts = {
"/etc/traefik/data" = {
hostPath = "/ssd1/Traefik/data";
isReadOnly = false;
};
};
config = {
services.traefik = {
enable = true;
dataDir = "/etc/traefik/data";
environmentFiles = [
"/etc/traefik/data/traefik.env"
];
staticConfigOptions = {
serversTransport.insecureSkipVerify = true;
api = {
dashboard = true;
debug = true;
};
global = {
checknewversion = false;
sendanonymoususage = false;
};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":443";
asDefault = true;
http.tls = {
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [ "*.esotericbytes.com" ];
};
};
};
};
log = {
level = "DEBUG";
filePath = "/etc/traefik/data/traefik.log";
format = "json";
};
certificatesResolvers = {
cloudflare = {
acme = {
email = "nathanblunkall5@gmail.com";
storage = "/etc/traefik/data/acme.json";
keyType = "EC256";
dnsChallenge = {
provider = "cloudflare";
resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ];
};
};
};
};
};
dynamicConfigOptions = {
http = {
routers = {
homepageSecure = {
entryPoints = [ "websecure" ];
rule = "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)";
service = "homepage";
tls.certResolver = "cloudflare";
};
/*remote = {
entryPoints = [ "websecure" ];
rule = "Host(`remote.esotericbytes.com`)";
service = "novnc";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};*/
/*homeassistant = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.esotericbytes.com`)";
service = "homeassistant";
tls.certResolver = "cloudflare";
};*/
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.esotericbytes.com`)";
service = "jellyfin";
tls.certResolver = "cloudflare";
};
auth = {
entryPoints = [ "websecure" ];
rule = "Host(`auth.esotericbytes.com`)";
service = "keycloak";
tls.certResolver = "cloudflare";
};
/*gitlab = {
entryPoints = [ "websecure" ];
rule = "Host(`gitlab.esotericbytes.com`)";
service = "gitlab";
tls.certResolver = "cloudflare";
};*/
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.esotericbytes.com`)";
service = "gitea";
tls.certResolver = "cloudflare";
};
nextcloud = {
entryPoints = [ "websecure" ];
rule = "Host(`nextcloud.esotericbytes.com`)";
service = "nextcloud";
tls.certResolver = "cloudflare";
middlewares = [
"nextcloud_redirectregex"
];
};
/*traefik = {
entryPoints = [ "websecure" ];
rule = "Host(`192.168.100.11`) || Host(`homebox.vpn`)";
service = "api@internal";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};*/
/*ntfy = {
entryPoints = [ "websecure" ];
rule = "Host(`ntfy.esotericbytes.com`)";
service = "ntfy";
tls.certResolver = "cloudflare";
};*/
/*pihole = {
entryPoints = [ "localsecure" ];
rule = "Host(`pihole.esotericbytes.com`)";
service = "pihole";
tls.certResolver = "cloudflare";
};*/
netbird = {
entryPoints = [ "websecure" ];
rule = "Host(`vpn.esotericbytes.com`)";
service = "netbird";
tls.certResolver = "cloudflare";
};
/*n8n = {
entryPoints = [ "websecure" ];
rule = "Host(`n8n.esotericbytes.com`)";
service = "n8n";
tls.certResolver = "cloudflare";
};*/
};
middlewares = {
nextcloud_redirectregex.redirectregex = {
permanent = true;
regex = "https://nextcloud.esotericbytes.com/.well-known/(?:card|cal)dav";
replacement = "https://nextcloud.esotericbytes.com/remote.php/dav";
};
};
services = {
#gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ];
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ];
authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
#pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
#novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];
#ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
netbird.loadBalancer = {
passHostHeader = true;
servers = [ { url = "http://192.168.100.23:80"; } ];
};
#n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
system.stateVersion = "24.05";
};
};
};
}

131
system/services/containers/wyoming/default.nix Normal file
View File

@@ -0,0 +1,131 @@
{ config, lib, ... }: {
options.sysconfig.virtualization.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.virtualization.wyoming.enable {
containers.wyoming = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.virtualization.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.virtualization.wyoming.faster-whisper [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];
config = {
networking.firewall = {
allowedTCPPorts = [ 11431 11432 11433 11435 ];
};
services.wyoming = {
piper = lib.mkIf config.sysconfig.virtualization.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.virtualization.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.virtualization.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.virtualization.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
};
system.stateVersion = "25.05";
};
};
};
}

13
system/services/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }: {
imports = [
./ollama
./openssh
./pipewire
./containers
./minecraft
./sddm
./novnc
./kdePlasma6
];
}

40
system/services/dynamicDNS/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.services.dynamicDNS.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.dynamicDNS {
systemd.timers.dynamicDNS = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
};
systemd.services.dynamicDNS = {
name = "dynamicDNS.service";
serviceConfig = {
Type = "oneshot";
LoadCredential = [ "cloudflare-api-key" ];
};
script = '''';
};
};
}

31
system/services/kdePlasma6/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.kdePlasma6.enable {
services.desktopManager.plasma6.enable = true;
sysconfig.services.sddm.enable = lib.mkDefault true;
environment.systemPackages = with pkgs; [
kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.kcalc # Calculator
kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdePackages.kcolorchooser # A small utility to select a color
kdePackages.kolourpaint # Easy-to-use paint program
kdePackages.ksystemlog # KDE SystemLog Application
kdePackages.sddm-kcm # Configuration module for SDDM
kdiff3 # Compares and merges 2 or 3 files or directories
kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks
kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer
hardinfo2 # System information and benchmarks for Linux systems
haruna # Open source video player built with Qt/QML and libmpv
wayland-utils # Wayland utilities
wl-clipboard # Command-line copy/paste utilities for Wayland
];
};
}

70
system/services/minecraft/default.nix Normal file
View File

@@ -0,0 +1,70 @@
{ config, lib, pkgs, inputs, ... }: {
options.sysconfig.services.minecraft.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
];
config = lib.mkIf config.sysconfig.services.minecraft.enable {
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
dataDir = "/var/lib/mcservers";
#managementSystem.systemd-socket.enable = true; #temp
servers = {
bedrock = {
enable = true;
package = pkgs.fabricServers.fabric-1_21_8;
serverProperties = {
server-port = 25566;
gamemode = "survival";
difficulty = 2;
white-list = true;
motd = "Test";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
};
modded = {
enable = false;
#package = pkgs.fabricServers.fabric-1_21_1.override { loaderVersion = "0.16.14"; };
package = pkgs.fabricServers.fabric-1_21_1;
jvmOpts = [ "-Xms8000M" "-Xmx12000M" ];
serverProperties = {
server-port = 25566;
gamemode = "survival";
white-list = true;
allow-flight = true;
motd = "Ex-plo-sion!!!";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
symlinks = {
"mods" = ./mods;
};
};
};
};
};
}

30
system/services/novnc/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.services.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.novnc.enable {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
}

22
system/services/ollama/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, lib, inputs, ... }: {
options = {
sysconfig.services.ollama.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.ollama.enable {
services.ollama = {
enable = true;
acceleration = "cuda";
package = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama;
};
};
}

22
system/services/openssh/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, lib, ... }: {
options = {
sysconfig.services.openssh.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
}

51
system/services/pipewire/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }: {
options = {
sysconfig.services.pipewire.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.pipewire.enable {
# Enable sound with pipewire.
#sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
package = pkgs.pipewire;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
extraConfig.pipewire-pulse."92-low-latency" = {
context.modules = [
{
name = "libpipewire-module-protocol-pulse";
args = {
pulse.min.req = "32/48000";
pulse.default.req = "32/48000";
pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
};
};
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
wireplumber.enable = true;
};
};
}

34
system/services/sddm/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.services.sddm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.sddm.enable {
qt.enable = true;
environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ];
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
autoNumlock = true;
theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
package = lib.mkDefault pkgs.kdePackages.sddm;
extraPackages = with pkgs; [
kdePackages.qtsvg
kdePackages.qtvirtualkeyboard
kdePackages.qtmultimedia
];
};
};
}

17
system/services/wireguard/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, lib, ... }: {
options = {
sysconfig.wireguard.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.wireguard.enable {
networking.wireguard = {
enable = true;
interfaces.wg0 = {
};
};
};
}

146
system/users/default.nix Normal file
View File

@@ -0,0 +1,146 @@
{ config, lib, pkgs, inputs, ... }: {
imports = let
dir = builtins.readDir ./.;
in (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
options.sysconfig = with lib; {
sshHostKeys = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
users = let
userType = types.submodule ({ name, ... }: {
options = with lib; {
name = mkOption {
type = with types; passwdEntry str;
default = name;
};
home-manager = {
enable = mkOption {
type = with types; bool;
default = false;
};
standalone = mkOption {
type = with types; bool;
default = true;
description = "is this home-manager standalone?";
};
extraModules = mkOption {
type = with types; listOf raw;
default = [];
};
};
isSuperuser = mkOption {
type = with types; bool;
default = false;
description = "sudo?";
};
usePresets = mkOption {
type = with types; bool;
default = true;
description = "search for predefined settings?";
};
ssh = {
keys = mkOption {
type = with types; listOf str;
default = [];
description = "public keys used to login as this user";
};
hosts = mkOption {
type = with types; listOf str;
default = [];
description = "user@host's used to login as this user";
};
};
uid = mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = mkOption {
type = with types; nullOr str;
default = null;
};
extraGroups = mkOption {
type = with types; listOf str;
default = [];
};
shell = mkOption {
type = with types; package;
default = pkgs.shadow;
};
};
});
in lib.mkOption {
type = with lib.types; attrsOf userType;
default = {};
};
};
config = lib.mkIf (config.sysconfig.host != "android") {
users.users = builtins.mapAttrs (x: y: let
cfg = config.sysconfig.users.${x};
in {
name = cfg.name;
isNormalUser = true;
uid = cfg.uid;
hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
shell = cfg.shell;
extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []);
openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts));
packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ];
}) config.sysconfig.users;
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = { inherit inputs; };
useUserPackages = true;
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
users = builtins.listToAttrs (builtins.map
(x: {
name = x;
value = (lib.mkMerge ([
(if let
dir = builtins.readDir ./.;
in dir ? ${x} && dir.${x} == "directory" then
import ./${x}/home-manager
else {})
(if inputs ? ${x} then inputs.${x} else {})
] ++ config.sysconfig.users.${x}.home-manager.extraModules));
})
(builtins.filter
(y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone))
(builtins.attrNames config.sysconfig.users)
)
);
};
};
}

5
system/users/nathan/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }: {
imports = [
./system
];
}

109
system/users/nathan/home-manager/default.nix Normal file
View File

@@ -0,0 +1,109 @@
{ config, lib, pkgs, inputs, ... }: {
imports = [
./programs
./services
./packages
./dotfiles
];
options.homeconfig = with lib; {
name = mkOption {
type = with types; nullOr str;
default = null;
};
graphical = mkOption {
type = with types; bool;
default = true;
};
standalone = mkOption {
type = with types; bool;
default = false;
};
};
config = {
homeconfig = {
name = "nathan";
mpd.enable = lib.mkDefault true;
calcurse.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
minimal = lib.mkDefault false;
hyprland.enable = lib.mkDefault config.homeconfig.graphical && !config.homeconfig.standalone;
hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable;
wal.enable = lib.mkDefault config.homeconfig.graphical;
hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable;
rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable;
firefox.enable = lib.mkDefault config.homeconfig.graphical;
};
home.username = lib.mkDefault config.homeconfig.name;
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
programs.home-manager.enable = config.homeconfig.standalone;
home.stateVersion = "23.11";
home.pointerCursor = lib.mkIf config.homeconfig.graphical {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
gtk = lib.mkIf config.homeconfig.graphical {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
nix = lib.mkIf config.homeconfig.standalone {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -";
builders-use-substituters = true;
};
};
services.mpris-proxy.enable = true;
programs.ssh = {
enable = true;
matchBlocks = {
"builder" = {
hostname = "blunkall.us";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 2222;
};
"remote" = {
hostname = "blunkall.us";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 2222;
};
};
};
};
}

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/Tron.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/galaxy.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1007 KiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/kurisu.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/kurisu.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 191 KiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/llenn.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 874 KiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/megumin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/megumin1.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/megumin2.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 203 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/ngnl.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 670 KiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/orangescape.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 273 KiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/pink_fc.mp4 Normal file
View File

Binary file not shown.

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/rezero.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/sao.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/sao.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 MiB

BIN
system/users/nathan/home-manager/dotfiles/Wallpaper/sinon.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 MiB

11
system/users/nathan/home-manager/dotfiles/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, lib, ... }: {
home.file = {
".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; };
".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; };
".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; };
".config/ohmyposh" = { source = ./ohmyposh; recursive = true; };
"Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; };
};
}

106
system/users/nathan/home-manager/dotfiles/hypr/hyprlock.conf Normal file
View File

@@ -0,0 +1,106 @@
# sample hyprlock.conf
# for more configuration options, refer https://wiki.hyprland.org/Hypr-Ecosystem/hyprlock
#
# rendered text in all widgets supports pango markup (e.g. <b> or <i> tags)
# ref. https://wiki.hyprland.org/Hypr-Ecosystem/hyprlock/#general-remarks
#
# shortcuts to clear password buffer: ESC, Ctrl+U, Ctrl+Backspace
#
# you can get started by copying this config to ~/.config/hypr/hyprlock.conf
#
$font = Monospace
general {
hide_cursor = false
}
# uncomment to enable fingerprint authentication
# auth {
# fingerprint {
# enabled = true
# ready_message = Scan fingerprint to unlock
# present_message = Scanning...
# retry_delay = 250 # in milliseconds
# }
# }
animations {
enabled = true
bezier = linear, 1, 1, 0, 0
animation = fadeIn, 1, 5, linear
animation = fadeOut, 1, 5, linear
animation = inputFieldDots, 1, 2, linear
}
background {
monitor =
path = screenshot
blur_passes = 3
}
input-field {
monitor =
size = 20%, 5%
outline_thickness = 3
inner_color = rgba(0, 0, 0, 0.0) # no fill
outer_color = rgba(33ccffee) rgba(00ff99ee) 45deg
check_color = rgba(00ff99ee) rgba(ff6633ee) 120deg
fail_color = rgba(ff6633ee) rgba(ff0066ee) 40deg
font_color = rgb(143, 143, 143)
fade_on_empty = false
rounding = 15
font_family = $font
placeholder_text = Input password...
fail_text = $PAMFAIL
# uncomment to use a letter instead of a dot to indicate the typed password
# dots_text_format = *
# dots_size = 0.4
dots_spacing = 0.3
# uncomment to use an input indicator that does not show the password length (similar to swaylock's input indicator)
# hide_input = true
position = 0, -20
halign = center
valign = center
}
# TIME
label {
monitor =
text = $TIME # ref. https://wiki.hyprland.org/Hypr-Ecosystem/hyprlock/#variable-substitution
font_size = 90
font_family = $font
position = -30, 0
halign = right
valign = top
}
# DATE
label {
monitor =
text = cmd[update:60000] date +"%A, %d %B %Y" # update every 60 seconds
font_size = 25
font_family = $font
position = -30, -150
halign = right
valign = top
}
label {
monitor =
text = $LAYOUT[en,ru]
font_size = 24
onclick = hyprctl switchxkblayout all next
position = 250, -20
halign = center
valign = center
}

301
system/users/nathan/home-manager/dotfiles/hypr/main.conf Normal file
View File

@@ -0,0 +1,301 @@
#------------------------------------------------#
# _ _ _ _ #
#| | | | | | | | #
#| |___| |_ _ ____ _ _| | __ _.-.___ ___| | #
#| ___ | | | | _ \| |/ | |/ _` | _ \/ _ | #
#| | | | |_| | |_) | /| | (_| | | | | (_| | #
#|_| |_|\__, | __/|__| |_|\__,_|_| |_|\___/_| #
# |___/|_| #
# #
#------------------------------------------------#
exec-once=onSystemStart
# Some default env vars.
env = XCURSOR_SIZE,16
source = ~/.config/hypr/otf.conf
source = ~/.cache/wal/colors-hypr.conf
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
touchpad {
natural_scroll = yes
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
cursor {
no_hardware_cursors = true
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
gaps_in = 5
gaps_out = 4
border_size = 2
col.active_border = $color1 $color5 100deg
col.inactive_border = $color0
layout = master
}
decoration { # See https://wiki.hyprland.org/Configuring/Variables/ for more
rounding = 2
blur {
enabled = false
}
#drop_shadow = yes
#shadow_range = 4
#shadow_render_power = 3
#col.shadow = rgba(1a1a1aee)
}
animations {
enabled = yes
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
master {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_status = "master"
}
gestures {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = off
}
misc {
disable_hyprland_logo = false
disable_splash_rendering = true
force_default_wallpaper = 0
}
ecosystem {
no_update_news = true
no_donation_nag = true
}
# Binds
$mainMod = ALT
bind = CTRL SHIFT, H, exec, colorPrefix kitty -e 'bash -c "hyprctl binds | less"'
bind = $mainMod SHIFT, E, exec, colorPrefix kitty
bind = $mainMod, B, exec, firefox
bind = $mainMod SHIFT, B, exec, firefox --private-window
bind = $mainMod, Q, killactive,
#bind = $mainMod, R, exec, colorPrefix kitty -e _systemRebuild
#bind = $mainMod SHIFT, R, exec, colorPrefix kitty -e _homeRebuild
bind = $mainMod, F, exec, thunar
bind = $mainMod SHIFT, F, fullscreen
bind = $mainMod SHIFT, semicolon, exec, colorPrefix kitty -e lf
bind = $mainMod, Insert, exec, libreoffice
bind = $mainMod, V, togglefloating,
bind = $mainMod SHIFT, V, exec, vlc
bind = , Menu, exec, rofi -show drun
bind = $mainMod, Menu, exec, hyprpanel -q; hyprpanel
#bind = $mainMod, P, pseudo, # dwindle
#bind = $mainMod, Z, togglesplit, # dwindle
bind = $mainMod, N, layoutmsg, rollnext # master
bind = $mainMod, P, layoutmsg, rollprev # master
bind = $mainMod, M, exec, spotify
bind = $mainMod SHIFT, M, exec, firefox soundcloud.com/you/library
bind = $mainMod CTRL, M, exec, colorPrefix kitty -e ncmpcpp -s browser
bind = $mainMod, XF86AudioPlay, exec, mpc load casual
bind = , XF86AudioPlay, exec, playerctl play-pause
bind = , XF86AudioPause, exec, playerctl pause
bind = , XF86AudioNext, exec, playerctl next
bind = , XF86AudioPrev, exec, playerctl previous
bind = , XF86Launch2, exec, steam
bind = $mainMod, XF86Launch2, exec, prismlauncher
bind = , XF86Calculator, exec, geogebra
bind = $mainMod SHIFT, Print, exec, firefox localhost:631
bind = $mainMod, Return, exec, discord --enable-features=UseOzonePlatform --ozone-platform=wayland
bind = $mainMod CTRL, Return, exec, firefox https://discord.com/app
bind = , Home, exec, setWallpaper
# Move focus with mainMod + arrow keys
bind = $mainMod, W, movefocus, u
bind = $mainMod, A, movefocus, l
bind = $mainMod, S, movefocus, d
bind = $mainMod, D, movefocus, r
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
bind = $mainMod, Home, workspace, 11
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
bind = $mainMod SHIFT, Home, movetoworkspace, 11
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, right, workspace, e+1
bind = $mainMod, left, workspace, e-1
bind = $mainMod, H, exec, hyprctl keyword animation workspaces,1,6,default
bind = $mainMod, H, workspace, e-1
bind = $mainMod, J, exec, hyprctl keyword animation workspaces,1,6,default,slidevert
bind = $mainMod, J, workspace, e+1
bind = $mainMod, K, exec, hyprctl keyword animation workspaces,1,6,default,slidevert
bind = $mainMod, K, workspace, e-1
bind = $mainMod, L, exec, hyprctl keyword animation workspaces,1,6,default
bind = $mainMod, L, workspace, e+1
bind = $mainMod SHIFT, H, exec, hyprctl keyword animation workspaces,1,6,default
bind = $mainMod SHIFT, H, movetoworkspace, e-1
bind = $mainMod SHIFT, J, exec, hyprctl keyword animation workspaces,1,6,default,slidevert
bind = $mainMod SHIFT, J, movetoworkspace, e+1
bind = $mainMod SHIFT, K, exec, hyprctl keyword animation workspaces,1,6,default,slidevert
bind = $mainMod SHIFT, K, movetoworkspace, e-1
bind = $mainMod SHIFT, L, exec, hyprctl keyword animation workspaces,1,6,default
bind = $mainMod SHIFT, L, movetoworkspace, e+1
#switch network connections
bind = CTRL SHIFT, Escape, exec, nmcli device down wlo1
bind = CTRL SHIFT, 0, exec, nmcli connection up Hotspot
bind = CTRL SHIFT, 1, exec, nmcli connection up EagleNet
bind = CTRL SHIFT, 2, exec, nmcli connection up CXNK00813829
bind = CTRL SHIFT, 3, exec, nmcli connection up ATT9MhT2ql
#brightness keys
bind = , XF86MonBrightnessUp, exec, brightnessctl set +10%
bind = , XF86MonBrightnessDown, exec, brightnessctl set 10%-
#volume keys
binde = , XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_SINK@ 10%+
binde = , XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_SINK@ 10%-
bind = , XF86AudioMute, exec, wpctl set-mute @DEFAULT_SINK@ toggle
bind = $mainMod, F9, exec, pavucontrol
#screen lock key
#bind = $mainMod, F12, exec, swaylock
#logout shortcut
bind = CTRL ALT, Delete, exec, loginctl kill-session self
# Move/resize windows with mainMod + LMB/RMB and dragging
bind = $mainMod SHIFT, W, movewindow, u
bind = $mainMod SHIFT, A, movewindow, l
bind = $mainMod SHIFT, S, movewindow, d
bind = $mainMod SHIFT, D, movewindow, r
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod SHIFT, mouse:272, resizewindow
$scratchpadsize = size 60% 80%
$kitty = class:^(scratchpad-kitty)$
windowrulev2 = float, $kitty
windowrulev2 = $scratchpadsize, $kitty
windowrulev2 = workspace special silent, $kitty
$lf = class:^(scratchpad-lf)$
windowrulev2 = float, $lf
windowrulev2 = $scratchpadsize, $lf
windowrulev2 = workspace special silent, $lf
$cal = class:^(scratchpad-cal)$
windowrulev2 = float, $cal
windowrulev2 = $scratchpadsize, $cal
windowrulev2 = workspace special silent, $cal
bind = $mainMod, semicolon, exec, pypr toggle lf
bind = $mainMod, E, exec, pypr toggle kitty
bind = $mainMod, C, exec, pypr toggle calendar
bind = CTRL SHIFT, Home, exec, ssh nathan@esotericbytes.com -fL 5900:localhost:5900 sleep 10; vncviewer localhost:5900 -fullscreen
bind = CTRL SHIFT, Home, submap, clean
bind = $mainMod CTRL, Home, submap, clean
submap = clean
bind = $mainMod CTRL, Home, submap, reset
submap = reset

31
system/users/nathan/home-manager/dotfiles/hypr/pyprland.toml Normal file
View File

@@ -0,0 +1,31 @@
[pyprland]
plugins = [
"scratchpads"
]
[scratchpads.lf]
animation = "fromTop"
command = "kitty --class scratchpad-lf lf ~"
lazy = true
class = "scratchpad-lf"
margin = 100
multi = true
excludes = "*"
[scratchpads.kitty]
animation = "fromBottom"
command = "kitty --class scratchpad-kitty"
class = "scratchpad-kitty"
lazy = true
margin = 100
multi = true
excludes = "*"
[scratchpads.calendar]
animation = "fromTop"
command = "kitty --class scratchpad-cal -e calcurse"
class = "scratchpad-cal"
lazy = true
margin = 100
multi = true
excludes = "*"

65
system/users/nathan/home-manager/dotfiles/hyprpanel/config.json Normal file
View File

@@ -0,0 +1,65 @@
{
"theme.font.name": "FiraCode Nerd Font Mono",
"theme.font.label": "FiraCode Nerd Font Mono Medium",
"theme.bar.floating": true,
"bar.layouts": {
"*": {
"left": [
"dashboard",
"workspaces",
"windowtitle",
"submap",
"kbinput"
],
"middle": [
"volume",
"battery",
"hyprsunset",
"clock",
"hypridle",
"network",
"bluetooth"
],
"right": [
"ram",
"storage",
"systray",
"cava",
"notifications",
"power"
]
}
},
"theme.bar.opacity": 50,
"wallpaper.image": "/tmp/nathan/bg",
"wallpaper.enable": false,
"theme.matugen_settings.scheme_type": "content",
"theme.matugen_settings.variation": "standard_2",
"theme.matugen": true,
"bar.launcher.autoDetectIcon": true,
"bar.network.truncation_size": 10,
"bar.bluetooth.label": false,
"bar.clock.showIcon": false,
"bar.clock.format": "%A %H:%M:%S %m/%d/%C%y",
"bar.notifications.show_total": true,
"bar.notifications.hideCountWhenZero": true,
"menus.dashboard.shortcuts.left.shortcut2.command": "spotify",
"menus.dashboard.shortcuts.left.shortcut1.command": "$BROWSER",
"menus.dashboard.shortcuts.left.shortcut1.tooltip": "Browser",
"menus.dashboard.shortcuts.left.shortcut1.icon": "󰈹",
"menus.dashboard.directories.enabled": false,
"menus.dashboard.stats.enable_gpu": true,
"menus.power.lowBatteryNotification": true,
"bar.customModules.cava.leftClick": "menu:media",
"bar.customModules.cava.showIcon": false,
"bar.customModules.hypridle.label": false,
"bar.customModules.hyprsunset.label": false,
"bar.customModules.hyprsunset.temperature": "4000k",
"bar.customModules.netstat.dynamicIcon": true,
"bar.customModules.netstat.label": true,
"bar.workspaces.show_numbered": true,
"bar.workspaces.numbered_active_indicator": "highlight",
"bar.workspaces.ignored": "-\\d+",
"menus.clock.time.military": true,
"menus.clock.weather.enabled": false
}

1
system/users/nathan/home-manager/dotfiles/hyprpanel/modules.json Normal file
View File

@@ -0,0 +1 @@
{}

0
system/users/nathan/home-manager/dotfiles/hyprpanel/modules.scss Normal file
View File

120
system/users/nathan/home-manager/dotfiles/ohmyposh/ohmyposh.toml Normal file
View File

@@ -0,0 +1,120 @@
console_title_template = '{{ .Shell }} in {{ .Folder }}'
version = 3
final_space = true
[palette]
c0 = '#0B0704'
c1 = '#846550'
c10 = '#636E90'
c11 = '#6FAEAC'
c12 = '#A5ADA2'
c13 = '#F1DCB7'
c14 = '#A1E7DA'
c15 = '#c2c1c0'
c2 = '#4a526c'
c3 = '#538281'
c4 = '#7b8179'
c5 = '#b4a589'
c6 = '#78ada3'
c7 = '#958d89'
c8 = '#665b54'
c9 = '#B1876B'
[secondary_prompt]
template = '❭❭ '
background = 'transparent'
[transient_prompt]
template = '{{ if gt .Code 0 }}!❭ {{else}}❭ {{end}}'
background = 'transparent'
foreground_templates = ['{{ if gt .Code 0 }}p:c13{{end}}', '{{ if eq .Code 0 }}p:c14{{end}}']
[[blocks]]
type = 'prompt'
alignment = 'left'
newline = true
[[blocks.segments]]
trailing_diamond = ''
template = ' {{ .Icon }} '
foreground = 'p:c12'
background = 'p:c1'
type = 'os'
style = 'diamond'
[blocks.segments.properties]
cache_duration = 'none'
[[blocks.segments]]
trailing_diamond = ''
template = '{{ .UserName }}@{{ .HostName }}'
foreground = 'p:c14'
background = 'p:c2'
type = 'session'
style = 'diamond'
[blocks.segments.properties]
cache_duration = 'none'
[[blocks.segments]]
trailing_diamond = ''
template = '{{ .Path }}'
foreground = 'p:c13'
background = 'p:c4'
type = 'path'
style = 'diamond'
[blocks.segments.properties]
cache_duration = 'none'
style = 'full'
[[blocks]]
type = 'prompt'
alignment = 'right'
overflow = 'hidden'
[[blocks.segments]]
leading_diamond = ''
template = '{{ .FormattedMs }}'
foreground = 'p:c13'
background = 'p:c4'
type = 'executiontime'
style = 'diamond'
[blocks.segments.properties]
cache_duration = 'none'
[[blocks.segments]]
leading_diamond = ''
foreground = 'p:c14'
background = 'p:c2'
type = 'time'
style = 'diamond'
[blocks.segments.properties]
cache_duration = 'none'
[[blocks.segments]]
leading_diamond = ''
foreground = 'p:c12'
background = 'p:c1'
type = 'shell'
style = 'diamond'
[blocks.segments.properties]
cache_duration = 'none'
[[blocks]]
type = 'prompt'
alignment = 'left'
newline = true
[[blocks.segments]]
template = '{{ if gt .Code 0 }}!❭ {{else}}❭ {{end}}'
background = 'transparent'
type = 'text'
style = 'plain'
foreground_templates = ['{{ if gt .Code 0 }}p:c13{{end}}', '{{ if eq .Code 0 }}p:c14{{end}}']
[blocks.segments.properties]
cache_duration = 'none'

37
system/users/nathan/home-manager/dotfiles/quickshell/modules/ActiveWindow.qml Normal file
View File

@@ -0,0 +1,37 @@
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Widgets
import Quickshell.Hyprland
import Quickshell
Item {
implicitWidth: t.contentWidth + 10
implicitHeight: 30
ClippingWrapperRectangle {
radius: 5
anchors.fill: parent
Text {
id: t
verticalAlignment: Text.AlignVCenter
horizontalAlignment: Text.AlignHCenter
text: {
if(hws.toplevels.values.length > 0) {
return Hyprland.activeToplevel.title
} else {
return " Desktop"
}
}
property HyprlandWorkspace hws: Hyprland.focusedWorkspace
onHwsChanged: {
Hyprland.refreshToplevels()
Hyprland.refreshWorkspaces()
}
font.pointSize: 11
}
}
}

170
system/users/nathan/home-manager/dotfiles/quickshell/modules/Bar.qml Normal file
View File

@@ -0,0 +1,170 @@
import Quickshell // for PanelWindow
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Io
import Quickshell.Widgets
import Quickshell.Wayland
PanelWindow {
anchors {
top: true
//left: true
//right: true
//bottom: true
}
id: bar
exclusionMode: ExclusionMode.Ignore
WlrLayershell.layer: WlrLayer.Background
color: "#a0706050"
implicitHeight: 40
implicitWidth: 1900
/*RowLayout {
width: bar.width
}*/
RowLayout {
//Layout.alignment: Qt.AlignLeft | Qt.AlignVCenter
id: left
x: 0
y: parent.y + (parent.height - height) / 2
//width: center.x
spacing: 0
Launcher {
id: l
Layout.alignment: Qt.AlignLeft | Qt.AlignVCenter
Layout.preferredWidth: width
Layout.margins: 5
}
Workspaces {
id: ws
Layout.alignment: Qt.AlignLeft | Qt.AlignVCenter
Layout.margins: 5
}
/*ActiveWindow {
id: aw
Layout.margins: 5
Layout.maximumWidth: Math.min(implicitWidth, center.x - (parent.x + x + Layout.margins))
}*/
}
RowLayout {
//Layout.alignment: Qt.AlignHCenter | Qt.AlignVCenter
id: center
x: (parent.width - cl.width) / 2 + parent.x - centerLeft.width
//y: parent.y + (parent.height - height) / 2
y: parent.y + (parent.height - height) / 2
spacing: 0
RowLayout {
id: centerLeft
spacing: 0
Volume {
id: v
window: bar
popupOffset: center.x
Layout.margins: 5
}
Battery {
id: bat
window: bar
popupOffset: center.x
Layout.margins: 5
}
Hyprsunset {
id: hs
Layout.margins: 5
}
}
Clock {
id: cl
Layout.margins: 5
}
IdleInhibitor {
id: ii
Layout.margins: 5
}
Wifi {
id: wifi
window: bar
Layout.margins: 5
}
Bluetooth {
id: bt
window: bar
popupOffset: center.x + center.width
Layout.margins: 5
}
}
RowLayout {
//Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
id: right
//implicitWidth: bar.width - (spacer.x + spacer.width)
x: bar.width - implicitWidth
y: parent.y + (parent.height - height) / 2
//Layout.maximumWidth: bar.width - (center.x + center.width)
//Layout.preferredWidth: 10
spacing: 0
Media {
Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
id: media
implicitWidth: Math.min(textWidth, bar.width - (righter.width) - (center.x + center.width) - 10)
Layout.margins: 5
}
RowLayout {
id: righter
spacing: 0
Tray {
id: tray
window: bar
Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
Layout.margins: 5
popupOffset: right.x + righter.x + x
}
Notifications {
id: notif
window: bar
Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
Layout.margins: 5
}
Power {
id: power
window: bar
popupOffset: bar.width
Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
Layout.margins: 5
}
}
}
}

71
system/users/nathan/home-manager/dotfiles/quickshell/modules/Battery.qml Normal file
View File

@@ -0,0 +1,71 @@
import Quickshell // for PanelWindow
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Io
import Quickshell.Widgets
import Quickshell.Hyprland
import Quickshell.Services.UPower
ClippingWrapperRectangle {
radius: 5
width: 100; height: 30
color: "red"
Button {
id: button
text: "󰁹 " + Math.floor(UPower.displayDevice.percentage * 100) + "%"
font.pointSize: 12
implicitHeight: parent.height
//icon.color: "red"
//icon.source: "/nix/store/c4dcn4vl0v5njv4d587sazrad1xgyd9h-rose-pine-icon-theme-unstable-2022-09-01/share/icons/rose-pine/symbolic/devices/battery-symbolic.svg"
onClicked: {
menu.visible = true
grab.active = true
}
}
required property var window
required property real popupOffset
id: root
PopupWindow {
id: menu
anchor.window: window
anchor.rect.x: popupOffset
anchor.rect.y: 50
implicitWidth: 250
implicitHeight: 150
visible: false
color: "transparent"
ClippingWrapperRectangle {
radius: 5
implicitHeight: parent.height - 20
implicitWidth: parent.width
ColumnLayout {
spacing: 0
Button {
Layout.topMargin: 5
x: (parent.width - width) / 2
implicitWidth: parent.width - 10
implicitHeight: parent.height / 5 - parent.spacing
text: 'shutdown'
}
}
}
HyprlandFocusGrab {
id: grab
windows: [ menu ]
onCleared: menu.visible = false
}
}
}

141
system/users/nathan/home-manager/dotfiles/quickshell/modules/Bluetooth.qml Normal file
View File

@@ -0,0 +1,141 @@
import Quickshell // for PanelWindow
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Io
import Quickshell.Widgets
import Quickshell.Hyprland
import Quickshell.Bluetooth
ClippingWrapperRectangle {
radius: 5
implicitWidth: 30; implicitHeight: 30
Button {
id: button
text: ""
font.pointSize: 16
onClicked: {
menu.visible = true
grab.active = true
}
implicitHeight: parent.height
}
required property PanelWindow window
required property real popupOffset
id: root
PopupWindow {
id: menu
anchor.window: window
anchor.rect.x: popupOffset - width
anchor.rect.y: 50
implicitWidth: 250
implicitHeight: 150
visible: false
color: "transparent"
ClippingWrapperRectangle {
radius: 5
implicitHeight: parent.height - 20
implicitWidth: parent.width
ColumnLayout {
spacing: 0
ClippingWrapperRectangle {
radius: 5
implicitWidth: parent.width - 2 * Layout.margins
implicitHeight: 30
Layout.alignment: Qt.AlignHCenter | Qt.AlignTop
Layout.margins: 5
color: "#ff3333aa"
RowLayout {
Text {
text: 'Bluetooth'
Layout.alignment: Qt.AlignLeft | Qt.AlignVCenter
Layout.margins: 5
}
Switch {
Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
//Layout.margins: 5
checked: Bluetooth.defaultAdapter.enabled
onClicked: Bluetooth.defaultAdapter.enabled = checked
}
}
}
ScrollView {
Layout.alignment: Qt.AlignHCenter | Qt.AlignTop
Layout.margins: 5
implicitWidth: parent.width - 4 * Layout.margins
implicitHeight: menu.height / 2
id: scroll
ColumnLayout {
spacing: 0
Repeater {
id: rep
model: Bluetooth.devices.values
ClippingWrapperRectangle {
radius: 5
color: "#ff3333aa"
implicitWidth: menu.width - 3 * scroll.x
implicitHeight: 40
Layout.alignment: Qt.AlignHCenter | Qt.AlignTop
Layout.margins: 5
RowLayout {
Text {
Layout.alignment: Qt.AlignLeft | Qt.AlignVCenter
Layout.margins: 5
text: rep.model[index].name
}
Button {
Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
Layout.rightMargin: 5
text: 'Connect'
onClicked: rep.model[index].connected = !rep.model[index].connected
}
}
}
}
}
}
}
}
HyprlandFocusGrab {
id: grab
windows: [ menu ]
onCleared: menu.visible = false
}
}
}

27
system/users/nathan/home-manager/dotfiles/quickshell/modules/Clock.qml Normal file
View File

@@ -0,0 +1,27 @@
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Widgets
import Quickshell
Item {
implicitWidth: t.contentWidth + 10
implicitHeight: 30
ClippingWrapperRectangle {
radius: 5
anchors.fill: parent
Text {
id: t
verticalAlignment: Text.AlignVCenter
horizontalAlignment: Text.AlignHCenter
text: Qt.formatDateTime(clock.date, "dddd HH:mm:ss MM/dd/yyyy")
font.pointSize: 11
SystemClock {
id: clock
precision: SystemClock.Seconds
}
}
}
}

30
system/users/nathan/home-manager/dotfiles/quickshell/modules/Hyprsunset.qml Normal file
View File

@@ -0,0 +1,30 @@
import Quickshell // for PanelWindow
import QtQuick // for Text
import QtQuick.Controls
import Quickshell.Io
import Quickshell.Widgets
ClippingWrapperRectangle {
radius: 5
implicitWidth: 30; height: 30
Button {
id: button
text: "󰛨 "
font.pointSize: 16
Process {
id: idlent
running: false
command: ["hyprsunset", "-t", "4000"]
onExited: {
running = button.text == "󰛨 " ? false : true
}
}
onClicked: {
idlent.running = button.text == "󰛨 " ? true : false
button.text = button.text == "󰛨 " ? "󱩌 " : "󰛨 "
}
implicitHeight: parent.height
}
}

34
system/users/nathan/home-manager/dotfiles/quickshell/modules/IdleInhibitor.qml Normal file
View File

@@ -0,0 +1,34 @@
import Quickshell // for PanelWindow
import QtQuick // for Text
import QtQuick.Controls
import Quickshell.Io
import Quickshell.Widgets
ClippingWrapperRectangle {
property real interval: 100
id: root
radius: 5
implicitWidth: 30; height: 30
Button {
id: button
text: "󰒲 "
font.pointSize: 16
Process {
id: idlent
running: false
command: ["systemd-inhibit", "--what=idle", "sleep", root.interval.toString()]
onExited: {
running = button.text == "󰒲 " ? false : true
}
}
onClicked: {
idlent.running = button.text == "󰒲 " ? true : false
button.text = button.text == "󰒲 " ? "󰒳 " : "󰒲 "
}
implicitHeight: parent.height
}
}

22
system/users/nathan/home-manager/dotfiles/quickshell/modules/Launcher.qml Normal file
View File

@@ -0,0 +1,22 @@
import Quickshell // for PanelWindow
import QtQuick // for Text
import QtQuick.Controls
import Quickshell.Io
import Quickshell.Widgets
ClippingWrapperRectangle {
radius: 5
width: 30; height: 30
Button {
id: button
text: " "
font.pointSize: 16
Process {
id: launcher
running: false
command: ["rofi", "-show", "drun"]
}
onClicked: launcher.running = true
implicitHeight: parent.height
}
}

48
system/users/nathan/home-manager/dotfiles/quickshell/modules/Media.qml Normal file
View File

@@ -0,0 +1,48 @@
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Services.Mpris
import Quickshell.Widgets
Item {
id: media
height: 30
readonly property real textWidth: info.contentWidth + 10
ClippingWrapperRectangle {
radius: 5
anchors.fill: parent
Text {
verticalAlignment: Text.AlignVCenter
horizontalAlignment: Text.AlignHCenter
id: info
text: {
let s = ''
let players = []
Mpris.players.values.forEach((p) => {
if(p.isPlaying) players.push(p)
})
if(players[0]?.trackTitle) {
s += players[0].trackTitle
}
if(players[0]?.trackAlbum) {
s += ' - ' + players[0].trackAlbum
}
if(players[0]?.trackArtist) {
s += ' - ' + players[0].trackArtist
}
media.visible = players.length > 0
return s
}
font.pointSize: 11
}
}
}

0
system/users/nathan/home-manager/dotfiles/quickshell/modules/Notif.qml Normal file
View File

183
system/users/nathan/home-manager/dotfiles/quickshell/modules/Notifications.qml Normal file
View File

@@ -0,0 +1,183 @@
import Quickshell
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Services.Notifications
import Quickshell.Io
import Quickshell.Widgets
import Quickshell.Hyprland
Item {
width: 50
height: 30
ClippingWrapperRectangle {
id: barbutton
radius: 5
anchors.fill: parent
Button {
id: button
text: "󰂚"
//text: server.trackedNotifications.values.length == 0 ? "󰂚" : '󱅫 ' + server.trackedNotifications.values.length
//icon.source: ''
font.pointSize: 16
onClicked: {
menu.visible = true
grab.active = true
}
implicitHeight: parent.height
}
}
NotificationServer {
id: server
persistenceSupported: true
imageSupported: true
actionsSupported: true
bodyImagesSupported: true
bodySupported: true
bodyHyperlinksSupported: true
inlineReplySupported: true
actionIconsSupported: true
onNotification: (n) => {
n.tracked = true
console.log(n?.body)
button.text = '󱅫 ' + (server.trackedNotifications.values.length + 1)
}
}
required property PanelWindow window
id: root
PopupWindow {
id: menu
anchor.window: window
anchor.rect.x: window.width - width
anchor.rect.y: 50
implicitWidth: 400
implicitHeight: 1080 - anchor.rect.y
visible: false
color: "transparent"
ClippingWrapperRectangle {
radius: 5
color: "#ff706050"
implicitHeight: parent.height - 20
implicitWidth: parent.width
ColumnLayout {
id: lay
spacing: 10
ClippingWrapperRectangle {
radius: 5
Layout.margins: 5
Layout.alignment: Qt.AlignVCenter | Qt.AlignTop
implicitWidth: menu.width - 2 * Layout.margins
RowLayout {
width: parent.width
Text {
Layout.margins: 5
Layout.alignment: Qt.AlignLeft | Qt.AlignVCenter
text: 'Notifications'
}
Button {
Layout.alignment: Qt.AlignRight | Qt.AlignVCenter
Layout.margins: 5
implicitWidth: 20
implicitHeight: 20
text: 'x'
onClicked: {
while(server.trackedNotifications.values.length > 0) {
server.trackedNotifications.values[0].dismiss()
}
}
}
}
}
Repeater {
id: rep
model: server.trackedNotifications.values
ClippingWrapperRectangle {
Layout.alignment: Qt.AlignHCenter | Qt.AlignTop
Layout.margins: 5
radius: 10
implicitWidth: parent.width - 2 * Layout.margins
implicitHeight: 100
MouseArea {
anchors.fill: parent
RowLayout {
Image {
//anchors.fill: parent
source: {
let icon = rep.model[index].image
if (icon.includes("?path=")) {
const [name, path] = icon.split("?path=");
icon = Qt.resolvedUrl(`${path}/${name.slice(name.lastIndexOf("/") + 1)}`);
}
return icon
}
Layout.maximumWidth: 100
Layout.maximumHeight: 100
}
ColumnLayout {
Layout.topMargin: 10
Layout.alignment: Qt.AlignLeft | Qt.AlignTop
Text {
Layout.alignment: Qt.AlignLeft | Qt.AlignTop
text: rep.model[index].summary
Layout.leftMargin: 10
font.pointSize: 14
}
Text {
Layout.alignment: Qt.AlignLeft | Qt.AlignVCenter
text: rep.model[index].body
Layout.leftMargin: 10
font.pointSize: 12
}
}
}
acceptedButtons: Qt.LeftButton | Qt.RightButton
onClicked: mouse => {
if(mouse.button == Qt.LeftButton) {
button.text = rep.count - 1 <= 0 ? "󰂚" : '󱅫 ' + (rep.count - 1)
rep.model[index].dismiss()
//button.text = server.trackedNotifications.values.length == 0 ? "󰂚" : '󱅫 ' + server.trackedNotifications.values.length
} else if(mouse.button == Qt.RightButton) {
}
}
}
}
}
}
}
HyprlandFocusGrab {
id: grab
windows: [ menu ]
onCleared: menu.visible = false
}
}
}

96
system/users/nathan/home-manager/dotfiles/quickshell/modules/Power.qml Normal file
View File

@@ -0,0 +1,96 @@
import Quickshell
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Hyprland
import Quickshell.Io
import Quickshell.Widgets
Item {
width: 30
height: 30
id: root
required property PanelWindow window
required property real popupOffset
ClippingWrapperRectangle {
radius: 5
width: 30; height: 30
Button {
id: button
text: " "
font.pointSize: 16
onClicked: {
menu.visible = true
grab.active = true
}
implicitHeight: parent.height
}
}
PopupWindow {
id: menu
anchor.window: window
anchor.rect.x: popupOffset
anchor.rect.y: 50
implicitWidth: 150
implicitHeight: 250
visible: false
color: "transparent"
ClippingWrapperRectangle {
radius: 5
implicitHeight: parent.height - 20
implicitWidth: parent.width
ColumnLayout {
spacing: 0
Button {
Layout.topMargin: 5
x: (parent.width - width) / 2
implicitWidth: parent.width - 10
implicitHeight: parent.height / 5 - parent.spacing
text: 'shutdown'
}
Button {
x: (parent.width - width) / 2
implicitWidth: parent.width - 10
implicitHeight: parent.height / 5 - parent.spacing
text: 'reboot'
}
Button {
x: (parent.width - width) / 2
implicitWidth: parent.width - 10
implicitHeight: parent.height / 5 - parent.spacing
text: 'logout'
}
Button {
Layout.bottomMargin: 10
x: (parent.width - width) / 2
implicitWidth: parent.width - 10
implicitHeight: parent.height / 5 - parent.spacing
text: 'sleep'
}
}
}
HyprlandFocusGrab {
id: grab
windows: [ menu ]
onCleared: menu.visible = false
}
}
}

62
system/users/nathan/home-manager/dotfiles/quickshell/modules/Tray.qml Normal file
View File

@@ -0,0 +1,62 @@
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Services.SystemTray
import Quickshell.Widgets
Item {
implicitWidth: 10 + rep.count * (2 * lay.spacing + 20)
height: 30
visible: SystemTray.items.values.length != 0
id: root
required property var window
required property real popupOffset
ClippingWrapperRectangle {
radius: 5
anchors.fill: parent
RowLayout {
id: lay
spacing: 4
Repeater {
id: rep
model: SystemTray.items
ClippingWrapperRectangle {
Layout.alignment: Qt.AlignHCenter | Qt.AlignVCenter
radius: 10
implicitWidth: 20
implicitHeight: 20
MouseArea {
anchors.fill: parent
Image {
anchors.fill: parent
source: {
let icon = SystemTray.items.values[index].icon
if (icon.includes("?path=")) {
const [name, path] = icon.split("?path=");
icon = Qt.resolvedUrl(`${path}/${name.slice(name.lastIndexOf("/") + 1)}`);
}
return icon
}
}
acceptedButtons: Qt.LeftButton | Qt.RightButton
onClicked: (mouse) => {
if(mouse.button == Qt.LeftButton) {
SystemTray.items.values[index].activate()
} else if(mouse.button == Qt.RightButton) {
SystemTray.items.values[index].display(root.window, popupOffset, 40)
}
}
}
}
}
}
}
}

97
system/users/nathan/home-manager/dotfiles/quickshell/modules/Volume.qml Normal file
View File

@@ -0,0 +1,97 @@
import Quickshell // for PanelWindow
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Io
import Quickshell.Widgets
import Quickshell.Hyprland
import Quickshell.Services.Pipewire
ClippingWrapperRectangle {
radius: 5
width: 100; height: 30
Button {
id: button
text: " " + Math.floor(Pipewire.defaultAudioSink?.audio?.volume * 100) + "%"
font.pointSize: 12
implicitHeight: parent.height
PwObjectTracker {
objects: [ Pipewire.defaultAudioSink ]
}
onClicked: {
menu.visible = true
grab.active = true
}
}
required property var window
required property real popupOffset
id: root
PopupWindow {
id: menu
anchor.window: window
anchor.rect.x: popupOffset
anchor.rect.y: 50
implicitWidth: 250
implicitHeight: 150
visible: false
color: "transparent"
ClippingWrapperRectangle {
radius: 5
implicitHeight: parent.height - 20
implicitWidth: parent.width
ScrollView {
ColumnLayout {
spacing: 0
Text {
text: 'Output Devices'
}
ColumnLayout {
}
Text {
text: 'Input Devices'
}
ColumnLayout {
/*Repeater {
id: in
model: {
set = []
Pipewire.nodes.values.forEach(n => { !n.isSink && !n.isStream ? set.push(n) : return })
return set
}
Text {
text: in.model[index].nickname
}
}*/
}
}
}
}
HyprlandFocusGrab {
id: grab
windows: [ menu ]
onCleared: menu.visible = false
}
}
}

72
system/users/nathan/home-manager/dotfiles/quickshell/modules/Wifi.qml Normal file
View File

@@ -0,0 +1,72 @@
import Quickshell
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Hyprland
import Quickshell.Io
import Quickshell.Widgets
Item {
implicitWidth: 30
implicitHeight: 30
ClippingWrapperRectangle {
radius: 5
anchors.fill: parent
Button {
id: button
text: "󰤨 "
font.pointSize: 16
onClicked: {
menu.visible = true
grab.active = true
}
implicitHeight: parent.height
}
}
property var window: null
id: root
PopupWindow {
id: menu
anchor.window: window
anchor.rect.x: root.parent.x + root.parent.width - width
anchor.rect.y: 50
implicitWidth: 250
implicitHeight: 150
visible: false
color: "transparent"
ClippingWrapperRectangle {
radius: 5
implicitHeight: parent.height - 20
implicitWidth: parent.width
ColumnLayout {
spacing: 0
Button {
Layout.topMargin: 5
x: (parent.width - width) / 2
implicitWidth: parent.width - 10
implicitHeight: parent.height / 5 - parent.spacing
text: 'shutdown'
}
}
}
HyprlandFocusGrab {
id: grab
windows: [ menu ]
onCleared: menu.visible = false
}
}
}

46
system/users/nathan/home-manager/dotfiles/quickshell/modules/Workspaces.qml Normal file
View File

@@ -0,0 +1,46 @@
import QtQuick // for Text
import QtQuick.Controls
import QtQuick.Layouts
import Quickshell.Hyprland
import Quickshell.Widgets
Item {
implicitWidth: 10 + rep.count * (2 * lay.spacing + 25)
implicitHeight: 30
Component.onCompleted: Hyprland.refreshWorkspaces()
ClippingWrapperRectangle {
radius: 5
anchors.fill: parent
RowLayout {
id: lay
Repeater {
id: rep
property var ws: {
let arr = [];
Hyprland.workspaces.values.forEach((w) => { if(w.id > 0) arr.push(w) })
return arr;
}
model: ws
ClippingWrapperRectangle {
Layout.alignment: Qt.AlignHCenter | Qt.AlignVCenter
radius: 10
implicitWidth: 25
Button {
background: Rectangle {
color: Hyprland.focusedWorkspace.id == rep.model[index].id ? "#ffff00ff" : "#ff7744dd"
anchors.fill: parent
}
text: rep.model[index].id
onClicked: rep.model[index].activate()
}
}
}
}
}
}

Some files were not shown because too many files have changed in this diff Show More