rhelmot
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rhelmot:main
Branches Tags
rhelmot:main
rhelmot:nixbsd-demo
..
compare: rhelmot:nixbsd-demo
Branches Tags
rhelmot:main
rhelmot:nixbsd-demo

9 Commits
main ... nixbsd-dem

Author SHA1 Message Date
Audrey 79f6995431 bump 2026-03-06 14:08:25 -07:00
Audrey 32301ed3d6 augh 2026-03-06 00:13:14 -07:00
Audrey bc4205d3ee oh there we go 2026-03-06 05:47:42 +00:00
Audrey 9fb72416ca almost there 2026-03-05 22:29:29 -07:00
Audrey 7cf36bd2b5 rg good 2026-03-03 16:29:36 -07:00
Audrey 4a2f311176 more chrysanthemum 2026-03-01 21:12:54 -07:00
Audrey 32f224b494 oops 2026-02-25 05:12:58 -07:00
Audrey 52c8c73d9d what 2026-02-25 05:09:19 -07:00
Audrey ac0a851962 chrysanthemum attempt 2026-02-24 09:16:33 -07:00
50 changed files with 1164 additions and 1604 deletions
Show Stats Expand all files Collapse all files

49
modules/base-native.nix → configuration-cross.nix
View File

@ -1,13 +1,9 @@
{ config, pkgs, lib, ... }:
{
lib,
pkgs,
...
}:
{
config = lib.mkIf (pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform) {
config = lib.mkMerge [(lib.mkIf (pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform) {
environment.systemPackages = with pkgs; [
meld
nixfmt
nixfmt-rfc-style
stdenv.cc
stdenv.cc.bintools # bins but not manpages included in stdenv.cc
];
@ -17,15 +13,15 @@
programs.neovim = {
enable = true;
# defaultEditor = true;
defaultEditor = true;
vimAlias = true;
viAlias = true;
configure = {
# lmao
customRC = ''
${builtins.readFile ../dotfiles/nvim-init.vim}
${builtins.readFile ./dotfiles/nvim-init.vim}
lua << EOF
${builtins.readFile ../dotfiles/nvim-init.lua}
${builtins.readFile ./dotfiles/nvim-init.lua}
EOF
'';
packages.myVimPackage = with pkgs.vimPlugins; {
@ -58,26 +54,23 @@
};
};
systemd.services.nvim-server = {
enable = false;
wantedBy = [ "multi-user.target" ];
description = "Neovim Server";
script = ''
export PATH="/run/current-system/sw/bin:/run/wrappers/bin:$PATH"
nvim --listen /tmp/nvim.sock --headless
}) (lib.mkIf (pkgs.stdenv.buildPlatform != pkgs.stdenv.hostPlatform) {
programs.vim = {
enable = true;
defaultEditor = true;
package = pkgs.vim.customize {
vimrcConfig.customRC = ''
set mouse=
set hlsearch
nnoremap <CR> :noh<CR><CR>
'';
serviceConfig = {
User = "audrey";
Type = "simple";
Restart = "always";
};
environment = {
LOG_CHANNEL_ID = "532689319350108160";
CHANNEL_COUNT = "4";
DELAY_SECONDS = "5";
DEBUG = "0";
};
};
programs.git.config.core.editor = "vim";
environment.systemPackages = with pkgs; [
clang
bintools
];
}) ];
};
}

104
configuration-desktop.nix Normal file
View File

@ -0,0 +1,104 @@
{
lib,
pkgs,
...
}:
{
#networking.networkmanager.enable = true;
fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
services = {
xserver.enable = true;
printing = {
enable = true;
drivers = with pkgs; [ cnijfilter2 ];
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
pipewire = {
enable = true;
pulse.enable = true;
};
libinput.enable = true;
#blueman.enable = true;
};
audrey-sway = {
enable = true;
};
programs.ydotool.enable = true;
users.users.audrey.extraGroups = [ "ydotool" ];
virtualisation.docker = {
enable = true;
storageDriver = "zfs";
logDriver = "journald";
daemon.settings = {
insecure-registries = [ "docker.shell.phish" "registry.finals.2025.nautilus.institute:5000" ];
};
};
programs = {
chromium.enable = true;
firefox.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
wireshark.enable = true;
wireshark.package = pkgs.wireshark;
foot.enable = true;
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-livesplit-one
];
};
};
environment.sessionVariables.TERMINAL = "footclient";
environment.systemPackages = with pkgs; [
dino
discord
element-desktop
signal-desktop
slack
zotero
via
libimobiledevice
dwarfdump
ffmpeg
gimp
kdePackages.plasma-thunderbolt
];
services.usbmuxd.enable = true;
systemd.tmpfiles.settings.usersetup."/home/audrey/Downloads"."e!" = {
user = "audrey";
group = "users";
mode = "0700";
age = "1d";
};
#systemd.services.sysfs-settings = {
# description = "Set desktop sysfs tunables";
# script = ''
# # https://bugzilla.kernel.org/show_bug.cgi?id=219112
# test "$(cat /sys/module/kvm/parameters/nx_huge_pages)" = "never" && exit 0 || true
# echo "never" | tee /sys/module/kvm/parameters/nx_huge_pages
# '';
# before = [ "boot-complete.target" ];
#};
hardware.keyboard.qmk.enable = true;
services.udev.packages = [ pkgs.via ];
}

4
modules/base-nixbsd.nix → configuration-nixbsd.nix
View File

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }:
let
nixKey = "/var/lib/nix/binary-cache-key" ;
in lib.optionalAttrs (lib ? nixbsdSystem) {
# it's already default
lix.enable = false;
in {
init.services.nix-key-setup = {
description = "Generate a nix build signing key";
startType = "oneshot";

32
modules/base-nixos.nix → configuration-nixos.nix
View File

@ -3,7 +3,7 @@ let
nixKey = "/var/lib/nix/binary-cache-key";
# just using the filepath interacts poorly with typechecking under diverted stores
toStore = path: pkgs.writeText (builtins.baseNameOf path) (builtins.readFile path);
in lib.optionalAttrs (!(lib ? nixbsdSystem)) {
in {
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = lib.mkIf (pkgs.stdenv.hostPlatform.isx86) true;
@ -22,7 +22,7 @@ in lib.optionalAttrs (!(lib ? nixbsdSystem)) {
console = {
font = "Lat2-Terminus16";
#keyMap = "us";
keyMap = "us";
useXkbConfig = true; # use xkb.options in tty.
};
@ -48,7 +48,6 @@ in lib.optionalAttrs (!(lib ? nixbsdSystem)) {
];
programs = {
zoxide.enable = true;
firejail.enable = true;
virt-manager.enable = true;
nix-ld = {
@ -63,20 +62,17 @@ in lib.optionalAttrs (!(lib ? nixbsdSystem)) {
zlib
wayland
krb5
fuse
sdl3
sdl2-compat
libx11
libxcb
libxcb-image
libxcb-keysyms
libxcb-render-util
libxcb-wm
libxrandr
libxxf86vm
libxi
libxcursor
libxinerama
xorg.libX11
xorg.libxcb
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
xorg.libXrandr
xorg.libXxf86vm
xorg.libXi
xorg.libXcursor
xorg.libXinerama
];
};
};
@ -102,7 +98,7 @@ in lib.optionalAttrs (!(lib ? nixbsdSystem)) {
security.pam.u2f = {
enable = true;
settings.authfile = toStore ../keys/u2f;
settings.authfile = toStore ./dotfiles/u2f-keys;
settings.cue = true;
};

174
configuration.nix Normal file
View File

@ -0,0 +1,174 @@
{ config, lib, pkgs, ... }:
let rhelmot = config.rhelmot;
in {
options.rhelmot = {
globalPythonPackages = lib.mkOption {
type = with lib.types; listOf (functionTo (listOf package));
default = [];
description = "python packages (p: with p; [ x ]) to include in the global python environment";
};
};
imports = [ ./overlays/packages.nix ./configuration-cross.nix ];
config = {
nixpkgs.config.allowUnfree = true;
nix.settings.extra-experimental-features = "nix-command flakes pipe-operators";
nix.settings.trusted-users = [ "audrey" ];
nix.settings.max-jobs = 1;
nix.settings.cores = 0;
nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ];
nix.settings.trusted-public-keys = builtins.filter (f: f != "") <| lib.strings.splitString "\n" <| builtins.readFile ./keys/nix;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Configure keymap in X11
services.xserver.xkb.layout = "us";
services.xserver.xkb.options = "caps:escape";
users.defaultUserShell = pkgs.zsh;
# Define a user account. Don't forget to set a password with passwd.
users.users.audrey = {
uid = 1000;
description = "Audrey Dutcher";
isNormalUser = true;
extraGroups = [ "wheel" "docker" "video" "networkmanager" "libvirtd" ];
openssh.authorizedKeys.keyFiles = [ ./keys/ssh ];
};
environment.systemPackages = with pkgs; [
man-pages
man-pages-posix
gnumake
wget
#moor
ripgrep
fd
curl
#btop
file
nettools
psmisc
units
units-desktop
patchelf
gdb
#kubectl
p7zip
unzip
zip
#foremost
#binwalk
jq
socat
#nix-index
openssl
#wireguard-tools
#cached-nix-shell
tcpdump
sqlite
#cronie
editorconfig-core-c
(python3.withPackages (p: lib.concatMap (pl: pl p) rhelmot.globalPythonPackages))
];
rhelmot.globalPythonPackages = [ (p: with p; [
#virtualenvwrapper
pylint
pytest
ipdb
ipython
nclib
pyyaml
snakeviz
requests
pysocks
aiohttp
]) ];
documentation.dev.enable = true;
programs = {
kakoune = {
enable = true;
plugins = with pkgs.kakounePlugins; [
kak-fzf
smarttab-kak
];
configFiles = lib.filesystem.listFilesRecursive ./dotfiles/kakoune/config;
colorSchemes = [ ./dotfiles/kakoune/colors ];
extraPackages = with pkgs; [
kak-tree-sitter
kakoune-lsp
];
};
zsh = {
enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
vteIntegration = true;
histSize = 10000;
promptInit = builtins.readFile ./dotfiles/zsh-prompt.sh;
shellInit = builtins.readFile ./dotfiles/zsh-init.sh;
shellAliases = {
ls = null;
ll = null;
l = null;
grep = "grep --color=auto";
egrep = "egrep --color=auto";
objdump = "objdump -M intel";
gits = "git status";
pag = "ps aux | grep -v grep | grep -i";
hd = "hexdump -C";
hdc = "hexdump -ve '\"\\\x\" 1/1 \"%02x\"'";
nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb";
mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt";
};
};
tmux = {
enable = true;
extraConfig = builtins.readFile ./dotfiles/tmux.conf;
};
direnv.enable = true;
htop.enable = true;
git = {
enable = true;
#lfs.enable = true;
config = {
user.email = "audrey@rhelmot.io";
user.name = "Audrey Dutcher";
init.defaultBranch = "main";
blame.markUnblamableLines = true;
credential.helper = "store";
url."ssh://git@".insteadOf = "git://";
};
};
#bat = {
# enable = true;
# extraPackages = with pkgs.bat-extras; [
# batdiff
# batman
# prettybat
# ];
# settings = {
# italic-text = "always";
# wrap = "never";
# style = "plain";
# };
#};
};
environment.etc."zshrc.local".source = ./dotfiles/zsh-final.sh;
#environment.variables.PAGER = "moor";
environment.etc.zinputrc.text = lib.mkForce (builtins.readFile ./dotfiles/zsh-input.sh);
environment.etc."gdb/gdbinit".source = ./dotfiles/gdb-init.gdb;
environment.etc."venv-default.txt".source = ./dotfiles/venv-default.txt;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
};
}

50
default.nix
View File

@ -1,50 +0,0 @@
{
inputs ? import ./nix/tamal {},
nixpkgs ? inputs.nixpkgs,
nixbsd ? inputs.nixbsd,
bingosync ? inputs.bingosync,
blog-rhelmot-io ? inputs.blog-rhelmot-io,
}:
let
nixpkgsLib = import "${nixpkgs}/lib";
nixbsdLib = import "${nixbsd}/lib";
mkSystem = name: let
basicConf = import ./sites/${name}/hardware-configuration.nix { pkgs = null; config = null; options = null; lib = { mkDefault = x: x; }; modulesPath = null; };
platform = basicConf.nixpkgs.hostPlatform;
systemTypes = {
linux = import "${nixpkgs}/nixos/lib/eval-config.nix";
freebsd = nixbsdLib.nixbsdSystem;
};
systemName = builtins.elemAt (nixpkgsLib.strings.splitString "-" platform) 1;
evaluated = systemTypes.${systemName} {
system = null;
modules = [
./sites/${name}/configuration.nix
(import "${bingosync}/module.nix")
{
nixpkgs.buildPlatform = builtins.currentSystem;
_module.args.extraInputs = {
inherit blog-rhelmot-io;
};
}
] ++ (builtins.attrValues modules);
};
result = evaluated // {
system = evaluated.config.system.build.toplevel;
deploy = evaluated.config.rhelmot.deployScript;
};
in result;
sites = let
sitesFiles = builtins.readDir ./sites;
sitesNames = builtins.filter (name: builtins.pathExists ./sites/${name}/configuration.nix) (builtins.attrNames sitesFiles);
toSitesList = name: { inherit name; value = mkSystem name; };
sitesList = builtins.map toSitesList sitesNames;
in builtins.listToAttrs sitesList;
modules = let
modulesFiles = builtins.attrNames (builtins.readDir ./modules);
toModulesList = filename: { name = nixpkgsLib.strings.removeSuffix ".nix" filename; value = ./modules/${filename}; };
modulesList = builtins.map toModulesList modulesFiles;
in builtins.listToAttrs modulesList;
in {
inherit modules sites;
}

43
deploy.nix Normal file
View File

@ -0,0 +1,43 @@
{
flakeInputs,
platform,
site,
}:
let
pkgs = flakeInputs.nixpkgs.legacyPackages.${platform};
lib = pkgs.lib;
mkDeploy = { site, targetPkg, profileName, extraCommands ? "" }: pkgs.substituteAll {
name = "deploy-${profileName}";
dir = "bin";
src = builtins.toFile "deploy-template" ''
#!@runtimeShell@
set -ex
nix-copy-closure --to @site@ @targetPkg@
ssh @site@ sudo nix-env --set -p /nix/var/nix/profiles/@profileName@ @targetPkg@
@extraCommands@
'';
env = {
inherit site targetPkg profileName extraCommands;
inherit (pkgs) runtimeShell;
};
isExecutable = true;
passthru.site = site;
};
deployments = builtins.map mkDeploy [
{
profileName = "blog-rhelmot-io";
site = "sunflower";
targetPkg = flakeInputs."blog-rhelmot-io".packages.${platform}.blog;
}
];
filteredDeployments = builtins.filter (deployment: deployment.site == site) deployments;
filteredDeploymentsAttrs = builtins.listToAttrs (builtins.map (value: { name = value.profileName; inherit value; }) filteredDeployments);
targetSystem = flakeInputs.self.packages.${platform}.${site}.system;
deployAll = pkgs.writeShellScriptBin "deploy-all-${site}" (''
set -ex
# TODO take advantage of the nixos-rebuild infrastructure
nix-copy-closure --to ${site} ${targetSystem}
ssh ${site} 'sudo nix-env --set -p /nix/var/nix/profiles/system ${targetSystem} && sudo ${targetSystem}/bin/switch-to-configuration switch'
set +e
'' + lib.concatStringsSep "\n" filteredDeployments);
in deployAll // filteredDeploymentsAttrs

1
dotfiles/kakoune/config/20-bindings.kak
View File

@ -9,7 +9,6 @@ map global normal <a-s-j> '<a-j>'
map -docstring "Reset all selections" global normal '<ret>' '<a-:>:nohl<ret>;,'
map -docstring "error listing" global goto e '<a-;> le'
map -docstring "error listing" global goto d '<a-;> ld'
map global normal '<a-v>' %{
:tree-sitter-nav '"parent"'<ret>

12
dotfiles/kakoune/config/30-fzf.kak
View File

@ -8,11 +8,6 @@ set-option global fzf_grep_command 'rg'
set-option global fzf_grep_preview_command 'bat'
set-option global fzf_window_map 'ctrl-n'
#require-module 'wayland'
require-module 'kitty'
#set-option global termcmd "kitty --single-instance sh -c"
set-option global kitty_window_type 'os-window'
map -docstring "filename search (current dir)" global goto n '<a-;>:filename-search<ret>'
map -docstring "filename search (file dir)" global goto N '<a-;>:filename-search buffile-dir<ret>'
map -docstring "full-text search (current dir)" global goto f '<a-;> fg'
@ -31,15 +26,10 @@ define-command -docstring "terminal but floating" terminal-floating -params .. %
set-option global fzf_terminal_command 'terminal-floating'
define-command sway-terminal-floating -params .. %{
nop %sh{ sway fullscreen disable }
set-option local termcmd "kitty --single-instance --os-window-title=fzf.kak.picker sh -c"
set-option local termcmd "footclient --title=fzf.kak.picker sh -c"
wayland-terminal-window %arg{@}
}
define-command kitty-terminal-floating -params .. %{
nop %sh{ sway fullscreen disable }
kitty-terminal-window --os-window-class=fzf.kak.picker --cwd current %arg{@}
}
define-command -override -hidden -docstring "wrapper command to create new terminal" \
fzf-window -params .. %{ evaluate-commands %sh{
if [ -n "${kak_client_env_TMUX:-}" ]; then

4
dotfiles/kakoune/config/40-lsp.kak
View File

@ -19,8 +19,8 @@ map global object a '<a-semicolon>lsp-object<ret>' -docstring 'LSP any symbol'
map global object <a-a> '<a-semicolon>lsp-object<ret>' -docstring 'LSP any symbol'
map global object f '<a-semicolon>lsp-object Function Method<ret>' -docstring 'LSP function or method'
map global object t '<a-semicolon>lsp-object Class Interface Struct<ret>' -docstring 'LSP class interface or struct'
map global object d '<a-semicolon>lsp-diagnostic-object error<ret>' -docstring 'LSP errors'
map global object D '<a-semicolon>lsp-diagnostic-object error warning<ret>' -docstring 'LSP errors and warnings'
map global object d '<a-semicolon>lsp-diagnostic-object --include-warnings<ret>' -docstring 'LSP errors and warnings'
map global object D '<a-semicolon>lsp-diagnostic-object<ret>' -docstring 'LSP errors'
hook -group lsp-diagnostic-autohover global NormalIdle .* %{
lsp-check-auto-hover %{ try lsp-hover-if-error }

BIN
dotfiles/rtfs.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 77 KiB

1
dotfiles/ssh-config
View File

@ -1 +0,0 @@

79
dotfiles/sway/config
View File

@ -8,8 +8,12 @@
## Environment sync with uwsm and restart daemons
#
exec_always 'UWSM_FINALIZE_VARNAMES="${UWSM_FINALIZE_VARNAMES}${UWSM_FINALIZE_VARNAMES:+ }PAM_KWALLET5_LOGIN" uwsm finalize && systemctl --user restart graphical-environment.target'
#exec_always 'UWSM_FINALIZE_VARNAMES="${UWSM_FINALIZE_VARNAMES}${UWSM_FINALIZE_VARNAMES:+ }PAM_KWALLET5_LOGIN" uwsm finalize'
exec_always '/etc/sway/generate_palette >~/.cache/sway_palette.json'
exec waybar
exec swaync
exec foot --server
exec kanshi
#
## Variables
@ -21,10 +25,8 @@ set $left h
set $down j
set $up k
set $right l
set $term kitty --single-instance
set $browser firefox
set $prelaunch uwsm app --
set $menu fuzzel "--launch-prefix=$prelaunch"
set $term footclient
set $menu fuzzel
set $swaylock swaylock -c 1a1b26
#
@ -32,7 +34,7 @@ set $swaylock swaylock -c 1a1b26
#
# Support legacy X11 apps
xwayland enable
#xwayland enable
# Move containers to scratchpad when they try to minimize
scratchpad_minimize enable
# Move the mouse to a container when it focuses
@ -80,9 +82,7 @@ bindsym $mod+Return exec $menu
### Command Palette
bindsym $mod+Ctrl+Return exec /etc/sway/palette
### Terminal
bindsym $mod+t exec $prelaunch $term
### Browser
bindsym $mod+Shift+t exec $prelaunch $browser
bindsym $mod+t exec $term
#
## Special keys
@ -110,8 +110,8 @@ bindsym Print exec "FILEPATH=$(xdg-user-dir PICTURES)/Screenshots/$(date +'%Y-%m
bindsym Alt+tab exec /etc/sway/sws next
bindsym Alt+Shift+tab exec /etc/sway/sws prev
# bindsym $mod+tab exec "swayr next-window all-workspaces"
# bindsym $mod+Shift+tab exec "swayr prev-window all-workspaces"
bindsym $mod+tab exec "swayr next-window all-workspaces"
bindsym $mod+Shift+tab exec "swayr prev-window all-workspaces"
### Open notification tray
bindsym $mod+n exec swaync-client -t -sw
@ -136,31 +136,17 @@ bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut.
#
### Focus window left
bindsym $mod+$left exec sway-overfocus split-lt float-lt output-ls
# bindsym $mod+$left focus left
bindsym $mod+$left focus left
### Focus window down
bindsym $mod+$down exec sway-overfocus split-dt float-dt output-ds
# bindsym $mod+$down focus down
bindsym $mod+$down focus down
### Focus window up
bindsym $mod+$up exec sway-overfocus split-ut float-ut output-us
# bindsym $mod+$up focus up
bindsym $mod+$up focus up
### Focus window right
bindsym $mod+$right exec sway-overfocus split-rt float-rt output-rs
# bindsym $mod+$right focus right
bindsym $mod+Left exec sway-overfocus split-lt float-lt output-ls
# bindsym $mod+Left focus left
bindsym $mod+Down exec sway-overfocus split-dt float-dt output-ds
# bindsym $mod+Down focus down
bindsym $mod+Up exec sway-overfocus split-ut float-ut output-us
# bindsym $mod+Up focus up
bindsym $mod+Right exec sway-overfocus split-rt float-rt output-rs
# bindsym $mod+Right focus right
### Focus next tab
bindsym $mod+Tab exec sway-overfocus group-rw group-dw
### Focus previous tab
bindsym $mod+Shift+Tab exec sway-overfocus group-lw group-uw
bindsym $mod+$right focus right
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift
### Move focused window left
@ -176,6 +162,20 @@ bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# Move the focused window across entire workspaces
### Move focused window to workspace left
bindsym $mod+Ctrl+$left move to workspace left
### Move focused window to workspace down
bindsym $mod+Ctrl+$down move to workspace down
### Move focused window to workspace up
bindsym $mod+Ctrl+$up move to workspace up
### Move focused window to workspace right
bindsym $mod+Ctrl+$right move to workspace right
bindsym $mod+Ctrl+Left move to workspace left
bindsym $mod+Ctrl+Down move to workspace down
bindsym $mod+Ctrl+Up move to workspace up
bindsym $mod+Ctrl+Right move to workspace right
# Move entire workspace to different output
### Move focused workspace to monitor left
bindsym $mod+Shift+Ctrl+$left move workspace to output left
@ -303,20 +303,15 @@ mode "resize" {
#
# TokyoNight theme
font "pango:sans 10"
# Property Name Border BG Text Indicator Child-border
client.focused #0a0b16 #2f343f #4477ff #4477ff #4477ff
client.focused_inactive #102020 #2f343f #d8dee8 #2f343f #2f343f
client.focused_tab_title #102020 #2f343f #4477ff
client.unfocused #04050c #2f343f #d8dee8 #2f343f #2f343f
client.focused_inactive #2f343f #2f343f #d8dee8 #2f343f #2f343f
client.unfocused #2f343f #2f343f #d8dee8 #2f343f #2f343f
client.urgent #ff80c0 #2f343f #d8dee8 #2f343f #2f343f
client.placeholder #2f343f #2f343f #d8dee8 #2f343f #2f343f
default_border pixel 1
gaps inner 5
smart_borders on
smart_gaps on
for_window [title="."] title_format "%title <i>(%app_id)</i>"
# fx
blur enable
@ -328,7 +323,7 @@ shadow_blur_radius 8
# Automation
#
for_window [app_id="^fzf.kak.picker$"] {
for_window [title="^fzf.kak.picker$"] {
floating enable
resize set width 90ppt height 90ppt
move position center

0
keys/u2f → dotfiles/u2f-keys
View File

4
dotfiles/waybar/config.jsonc
View File

@ -10,7 +10,7 @@
"custom/launcher": {
"format": "",
"tooltip-format": "",
"on-click": "fuzzel --launch-prefix=\"uwsm app --\" --no-exit-on-keyboard-focus-loss",
"on-click": "fuzzel --no-exit-on-keyboard-focus-loss",
},
"systemd-failed-units": {
"format": "󱗗",
@ -24,8 +24,6 @@
"class<firefox>": "<span letter_spacing='10040'>󰈹</span>",
"class<discord>": "<span letter_spacing='10240' size='9pt'></span>",
"class<footclient>": "<span letter_spacing='10240'></span>",
"class<foot>": "<span letter_spacing='10240'></span>",
"class<kitty>": "<span letter_spacing='10240'></span>",
"class<Zotero>": "<span letter_spacing='10240'>󱉟</span>",
"class<Element>": "<span letter_spacing='10480'>󰭹</span>",
"class<im.dino.Dino>": "<span letter_spacing='10480'>󰭹</span>",

41
dotfiles/zsh-init.sh
View File

@ -7,6 +7,8 @@ unsetopt beep nomatch
# Aliases
#
#eval "$(batman --export-env)"
# standard functions
function nixos-edit() {
@ -14,31 +16,7 @@ function nixos-edit() {
}
function nixos-apply() {
flags=("--sudo" "--use-substitutes")
host="$HOST"
action="switch"
while [[ "$#" != 0 ]]; do
case "$1" in
--host)
host="$2"
shift
shift
;;
--boot)
action="boot"
shift
;;
*)
flags+=("$1")
shift
;;
esac
done
flags+=("--file" "$HOME/nixos-config" "--attr" "sites.$host")
if [[ "$host" != "$HOST" ]]; then
flags+=("--target-host" "$host")
fi
nixos-rebuild "$action" "${flags[@]}"
sudo nixos-rebuild switch --flake ~/nixos-config#$HOST "$@"
}
lsflags=()
@ -46,10 +24,6 @@ if ls --group-directories-first &>/dev/null; then
lsflags+=("--group-directories-first")
fi
if [[ "$TERM" == "xterm-kitty" ]]; then
alias ssh="kitten ssh"
fi
alias ls="ls ${lsflags[@]} --color=auto";
alias ll="ls -lh";
alias lh="ll -ab";
@ -71,7 +45,7 @@ function rmida () {
rm -f *.idb *.i64 *.id0 *.id1 *.id2 *.id3 *.nam *.til
}
function rustc() { $(/bin/which rustc) "$@" && echo "Good girl."; }
function rustc() { $(/bin/which rustc) "$@" && echo "Good girl." }
function scale () {
INP=$1
@ -130,7 +104,7 @@ function preexec-osc-title() {
}
autoload -Uz add-zsh-hook
add-zsh-hook -Uz precmd chpwd-osc7-pwd
add-zsh-hook -Uz chpwd chpwd-osc7-pwd
add-zsh-hook -Uz precmd precmd-osc133-marker
add-zsh-hook -Uz precmd precmd-osc-title
add-zsh-hook -Uz preexec preexec-osc133-marker
@ -163,11 +137,6 @@ export SHELL=$(which zsh)
export npm_config_prefix=~/.local
export HISTSIZE=100000
export SAVEHIST=100000
export CARGO_TARGET_DIR=~/.cache/cargo/obj
export TEMP=/tmp
export TMP=/tmp
export TEMPDIR=/tmp
export TMPDIR=/tmp
# site vars, functions, and aliases
if [ -e ~/.site_aliases.sh ]; then

6
dotfiles/zsh-prompt.sh
View File

@ -2,7 +2,6 @@
NOCOLOR=""
PURPLE=""
RED=""
YELLOW=""
GREEN=""
BOLDYELLOW=""
@ -29,12 +28,11 @@ function update-prompt-color {
[ "$MODE" = "main" ] && INDICATOR='+' || INDICATOR=' '
PS1="%{$COLOR%}[$INDICATOR] %~%# %{$NOCOLOR%}"
[[ -n "$VIRTUAL_ENV" && ! "${VIRTUAL_ENV##*/}" = "default" ]] && VENV_STRING="%{$GREEN%}(${VIRTUAL_ENV##*/})" || VENV_STRING=
[[ -n "$ZMX_SESSION" ]] && ZMX_STRING="%{$RED%}($ZMX_SESSION)" || ZMX_STRING=
[ -n "$VIRTUAL_ENV" -a ! "${VIRTUAL_ENV##*/}" = "default" ] && VENV_STRING="%{$GREEN%}(${VIRTUAL_ENV##*/})" || VENV_STRING=
USER_STRING="%{$PURPLE%}%n@%m"
TIME_STRING="%{$PURPLE%}[%{$YELLOW%}%D{%r}%{$PURPLE%}]"
RPS1="$VENV_STRING$ZMX_STRING $USER_STRING $TIME_STRING%{$NOCOLOR%}"
RPS1="$VENV_STRING $USER_STRING $TIME_STRING%{$NOCOLOR%}"
zle && zle reset-prompt
}

312
flake.lock Normal file
View File

@ -0,0 +1,312 @@
{
"nodes": {
"bingosync": {
"locked": {
"lastModified": 1769710902,
"narHash": "sha256-cNkfwDSPOew7CPnkEBfVxZl8tMZDAhD7MQP5AKSCEKE=",
"owner": "rhelmot",
"repo": "bingosync",
"rev": "7fd458dfb54ff88bc1744223bd6b6f3576bd85da",
"type": "github"
},
"original": {
"owner": "rhelmot",
"repo": "bingosync",
"type": "github"
}
},
"blog-rhelmot-io": {
"inputs": {
"coricamu": "coricamu",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759863336,
"narHash": "sha256-H8NRd03xQVKVunTYsd95pMzZS5nfYTDUw6R78dJESrs=",
"ref": "refs/heads/main",
"rev": "bc6337d8f649f5afdc281b64fad2891bb2067a51",
"revCount": 11,
"type": "git",
"url": "https://git.lain.faith/rhelmot/blog.rhelmot.io"
},
"original": {
"type": "git",
"url": "https://git.lain.faith/rhelmot/blog.rhelmot.io"
}
},
"coricamu": {
"inputs": {
"nixpkgs": [
"blog-rhelmot-io",
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1759863318,
"narHash": "sha256-6yXyEllmvAFgSg4KzFqJ3bx6K1+ZBsqOOdX08F29k08=",
"owner": "rhelmot",
"repo": "coricamu",
"rev": "f109bad2add146f3001805a8600b198473b3c9c2",
"type": "github"
},
"original": {
"owner": "rhelmot",
"repo": "coricamu",
"type": "github"
}
},
"cppnix": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": [
"nixbsd",
"nixpkgs"
],
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1772745693,
"narHash": "sha256-4d0xSh/Vy2xI5jqCKmw/Yuo18uAUtnqvBrllNcmXvqU=",
"owner": "rhelmot",
"repo": "nix",
"rev": "38517c6967041d60e469383bc4ce3c0b4adf00ae",
"type": "github"
},
"original": {
"owner": "rhelmot",
"ref": "freebsd-safe",
"repo": "nix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixbsd",
"cppnix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"git-hooks-nix": {
"inputs": {
"flake-compat": [
"nixbsd",
"cppnix"
],
"gitignore": [
"nixbsd",
"cppnix"
],
"nixpkgs": [
"nixbsd",
"cppnix",
"nixpkgs"
],
"nixpkgs-stable": [
"nixbsd",
"cppnix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1734279981,
"narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"mini-tmpfiles": {
"inputs": {
"nixpkgs": [
"nixbsd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742754557,
"narHash": "sha256-nGxgiNhA94eSl8jcQwCboJ5Ed132z8yrFdOoT+rf8bE=",
"owner": "nixos-bsd",
"repo": "mini-tmpfiles",
"rev": "534ee577692c7092fdcd035f89bc29b663c6f9ca",
"type": "github"
},
"original": {
"owner": "nixos-bsd",
"repo": "mini-tmpfiles",
"type": "github"
}
},
"nixbsd": {
"inputs": {
"cppnix": "cppnix",
"flake-compat": "flake-compat_2",
"mini-tmpfiles": "mini-tmpfiles",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772769953,
"narHash": "sha256-3NRnNY5L8dm3bc12nr3wk4sMOWbvO1m5s7/wWXXwx2Q=",
"owner": "nixos-bsd",
"repo": "nixbsd",
"rev": "87787927615d57969df3faf3cdeeb1bf1f3e1576",
"type": "github"
},
"original": {
"owner": "nixos-bsd",
"ref": "nixbsd-demo",
"repo": "nixbsd",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1772828289,
"narHash": "sha256-rNKF1bFtrV+1Lable7vVxw53W0EM0qCOXW+TfL6wwQs=",
"owner": "rhelmot",
"repo": "nixpkgs",
"rev": "c6b65605b4caf622440e7287e0394a789def6729",
"type": "github"
},
"original": {
"owner": "rhelmot",
"ref": "freebsd-graphical-wip",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-23-11": {
"locked": {
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"root": {
"inputs": {
"bingosync": "bingosync",
"blog-rhelmot-io": "blog-rhelmot-io",
"nixbsd": "nixbsd",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

67
flake.nix Normal file
View File

@ -0,0 +1,67 @@
{
inputs = {
nixpkgs.url = "github:rhelmot/nixpkgs/freebsd-graphical-wip";
#nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixbsd.url = "github:nixos-bsd/nixbsd/nixbsd-demo";
nixbsd.inputs.nixpkgs.follows = "nixpkgs";
bingosync.url = "github:rhelmot/bingosync";
blog-rhelmot-io.url = "git+https://git.lain.faith/rhelmot/blog.rhelmot.io";
blog-rhelmot-io.inputs.nixpkgs.follows = "nixpkgs";
#nixos-defcon.url = "path:/home/audrey/nixos-defcon";
#nixos-defcon.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, nixbsd, bingosync, ... }@flakeInputs: let
sitesFiles = builtins.readDir ./sites;
sitesNames = builtins.filter (name: builtins.pathExists ./sites/${name}/configuration.nix) (builtins.attrNames sitesFiles);
systemTypes = {
nixos = nixpkgs.lib.nixosSystem;
nixbsd = nixbsd.lib.nixbsdSystem;
};
systemName = name: builtins.replaceStrings ["\n"] [""] (builtins.readFile ./sites/${name}/system);
nixosConfigurations = platform: builtins.listToAttrs (builtins.map (name: {
inherit name;
value = let evaluated = systemTypes.${systemName name} {
modules = [
./configuration.nix
./configuration-${systemName name}.nix
./sites/${name}/configuration.nix
{ nixpkgs.buildPlatform = platform; }
self.modules.audrey-sway
#self.modules.mobile-timezone
self.modules.kakoune
self.modules.zfs-module
#self.modules.syncthing-cluster
#{
# services.syncthing-cluster.deviceIds = ./keys/syncthing;
# services.syncthing-cluster.coordinator = "hydrangea";
#}
#bingosync.nixosModules.default
#nixos-defcon.nixosModules.pkgsOverlay
#nixos-defcon.nixosModules.tulip
#nixos-defcon.nixosModules.noscope
];
specialArgs = {
inherit nixpkgs;
#pkgs-unstable = nixpkgs-unstable.legacyPackages.${platform};
};
}; in {
inherit (evaluated) config options;
system = evaluated.config.system.build.toplevel;
deploy = import ./deploy.nix { inherit flakeInputs platform; site = name; };
};
}) sitesNames);
in {
packages = let
buildPlatforms = [ "x86_64-linux" "aarch64-linux" "x86_64-freebsd" "aarch64-freebsd" ];
toPackagesList = platform: { name = platform; value = let base = nixosConfigurations platform; in base // { nixosConfigurations = base; }; };
packagesList = builtins.map toPackagesList buildPlatforms;
in builtins.listToAttrs packagesList;
modules = let
modulesFiles = builtins.attrNames (builtins.readDir ./modules);
toModulesList = filename: { name = nixpkgs.lib.strings.removeSuffix ".nix" filename; value = ./modules/${filename}; };
modulesList = builtins.map toModulesList modulesFiles;
in builtins.listToAttrs modulesList;
};
}

2
keys/nix
View File

@ -1,2 +1,2 @@
clove:UVUGJicEY/PmVWqi4dlqmsNIglGFAsJzgLLsgVrMKsM=
clove:WbMoKN9/WvTS/tCNa2+75MImjZuqX8X094i5vT0dKTU=
daisy:HU3mg1KY/sGYVZk243dgJRDLKHASRmu8/IXeGI/sdE8=

1
keys/syncthing/clove
View File

@ -1 +0,0 @@
WB3OPFM-5S7CLM4-PN7JIWE-H66YCFD-7UKW7PE-7KM4CMT-WPQ5BK5-ZFPMQAM

317
modules/audrey-sway.nix
View File

@ -12,7 +12,7 @@ in
options.audrey-sway = {
enable = lib.mkEnableOption "Audrey's sway desktop for girls";
background = lib.mkOption {
type = lib.types.path;
type = lib.types.pathInStore;
default = ../dotfiles/smotsgamed.jpg;
description = "Background image file";
};
@ -39,94 +39,72 @@ in
default = [];
description = "Extra entries to add to the command palette";
};
extraSwayArgs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = "Extra command line arguments with which to launch sway";
};
blankTimeout = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = 300;
description = "After how long in seconds idle should the system blank its screens";
};
lockTimeout = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = 360;
description = "After how long in seconds idle should the system lock the desktop";
};
suspendTimeout = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = 600;
description = "After how long in seconds idle should the system suspend";
};
};
config = lib.mkIf cfg.enable {
programs.regreet.enable = true;
services.greetd.settings = {
default_session.command = "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe config.programs.sway.package} -c /etc/sway/greeter-config ${builtins.toString cfg.extraSwayArgs}";
};
programs.regreet.settings = {
background.fit = "Fill";
GTK.application_prefer_dark_theme = true;
};
#programs.regreet.enable = true;
#services.greetd.settings = {
# default_session.command = "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe config.programs.sway.package} -c /etc/sway/greeter-config";
#};
#programs.regreet.settings = {
# background.fit = "Fill";
# GTK.application_prefer_dark_theme = true;
#};
environment.etc."sway/config".source = lib.mkForce ../dotfiles/sway/config;
environment.etc."sway/sws".source = ../dotfiles/sway/sws.sh;
environment.etc."sway/generate_palette".source = ../dotfiles/sway/generate_palette.sh;
environment.etc."sway/palette".source = ../dotfiles/sway/palette.sh;
environment.etc."sway/bg".source = cfg.background;
environment.etc."sway/greeter-config".source = lib.mkForce (pkgs.writeText "sway-greeter-config" ''
exec "${lib.getExe config.programs.regreet.package}; swaymsg exit"
output * scale 2
input type:keyboard {
xkb_options "caps:escape"
}
input type:touchpad {
dwt enabled
dwtp enabled
tap enabled
tap_button_map lrm
natural_scroll enabled
}
#environment.etc."sway/greeter-config".source = lib.mkForce (pkgs.writeText "sway-greeter-config" ''
# exec "${lib.getExe config.programs.regreet.package}; swaymsg exit"
# output * scale 2
# input type:keyboard {
# xkb_options "caps:escape"
# }
# input type:touchpad {
# dwt enabled
# dwtp enabled
# tap enabled
# tap_button_map lrm
# natural_scroll enabled
# }
# Brightness
bindsym --locked XF86MonBrightnessDown exec light -U 10
bindsym --locked XF86MonBrightnessUp exec light -A 10
# # Brightness
# bindsym --locked XF86MonBrightnessDown exec light -U 10
# bindsym --locked XF86MonBrightnessUp exec light -A 10
blur enable
corner_radius 8
shadows enable
shadow_blur_radius 8
'');
# blur enable
# corner_radius 8
# shadows enable
# shadow_blur_radius 8
#'');
environment.etc."xdg/waybar".source = ../dotfiles/waybar;
environment.etc."xdg/swayr".source = ../dotfiles/swayr;
environment.etc."xdg/fuzzel".source = ../dotfiles/fuzzel;
environment.etc."xdg/foot".source = ../dotfiles/foot;
environment.etc."xdg/xdg-desktop-portal-wlr/config".source = ../dotfiles/xdg-desktop-portal-wlr;
programs.uwsm = {
enable = true;
waylandCompositors.sway = {
prettyName = "Sway";
binPath = "/run/current-system/sw/bin/sway";
extraArgs = cfg.extraSwayArgs;
};
};
#programs.uwsm = {
# enable = true;
# waylandCompositors.sway = {
# prettyName = "Sway";
# binPath = "/run/current-system/sw/bin/sway";
# };
#};
programs.sway = {
enable = true;
package = pkgs.swayfx;
wrapperFeatures.gtk = true;
xwayland.enable = true;
#xwayland.enable = true;
extraPackages = with pkgs; [
swaylock
swaynotificationcenter
swayr
sway-overfocus
pavucontrol
pulseaudio
#swayr
#pavucontrol
#pulseaudio
libnotify
wdisplays
playerctl
#playerctl
grim
slurp
swayidle
@ -137,10 +115,11 @@ in
fuzzel
gsettings-desktop-schemas
glib
kdePackages.kwallet
networkmanagerapplet
kanshi
#kdePackages.kwallet
#networkmanagerapplet
adwaita-icon-theme
reversal-icon-theme
#reversal-icon-theme
whitesur-icon-theme
xdg-user-dirs
];
@ -153,116 +132,114 @@ in
};
environment.pathsToLink = [ "/share/gsettings-schemas" ];
#environment.sessionVariables.XDG_DATA_DIRS = [ "/run/current-system/sw/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}" ];
#programs.light.enable = true;
security.pam.services.swaylock = {};
security.pam.loginLimits = [
{ domain = "@users"; item = "rtprio"; type = "-"; value = 1; }
];
security.pam.services = {
greetd.kwallet = {
enable = true;
package = pkgs.kdePackages.kwallet-pam;
forceRun = true;
#greetd.kwallet = {
# enable = true;
# package = pkgs.kdePackages.kwallet-pam;
# forceRun = true;
#};
#greetd.rules.session.kwallet.settings.auto_start = true;
};
greetd.rules.session.kwallet.settings.auto_start = true;
};
security.polkit.enable = true;
security.polkit.enable = lib.mkForce false;
programs.xwayland.enable = false;
programs.dconf.enable = true;
services.power-profiles-daemon.enable = true;
systemd.user.targets.graphical-environment = { };
systemd.user.services.kanshi = {
description = "Monitor hotswap daemon";
serviceConfig = {
Type = "simple";
ExecStart = lib.getExe pkgs.kanshi;
};
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
};
systemd.user.services.swayidle = {
description = "Idle lock + sleep manager";
serviceConfig = {
Type = "simple";
ExecStart = ''
${lib.getExe pkgs.swayidle} -w \
${lib.optionalString (cfg.blankTimeout != null) ''
timeout ${builtins.toString cfg.blankTimeout} 'swaymsg "output * power off"' \
resume 'swaymsg "output * power on"' \
''} ${lib.optionalString (cfg.lockTimeout != null) ''
timeout ${builtins.toString cfg.lockTimeout} '${swaylockCmd} -f' \
before-sleep '${swaylockCmd} -f' \
''} ${lib.optionalString (cfg.suspendTimeout != null) ''
timeout ${builtins.toString cfg.suspendTimeout} 'systemctl suspend' \
''}
'';
};
path = [ "/run/current-system/sw" ];
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
};
systemd.user.services.waybar = {
description = "Desktop status bar";
serviceConfig = {
Type = "simple";
ExecStart = lib.getExe pkgs.waybar;
};
path = [ "/run/current-system/sw" ];
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
};
systemd.user.services.networkmanagerapplet = {
description = "Networkmanager applet";
serviceConfig = {
Type = "simple";
ExecStart = lib.getExe pkgs.networkmanagerapplet;
};
path = [ "/run/current-system/sw" ];
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
};
systemd.user.services.pasystray = {
description = "Pulseaudio system tray icon";
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getExe pkgs.pasystray} --notify source --notify sink -m 100";
};
path = [ "/run/current-system/sw" ];
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
};
systemd.user.services.kdeconnect-indicator = {
description = "KDE connect indicator";
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getBin pkgs.kdePackages.kdeconnect-kde}/bin/kdeconnect-indicator";
};
path = [ "/run/current-system/sw" ];
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
};
systemd.user.services.swayr = {
description = "Sway MRU window switcher";
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getBin pkgs.swayr}/bin/swayrd";
};
path = [ "/run/current-system/sw" ];
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
};
systemd.user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
partOf = [ "graphical-environment.target" ];
wantedBy = [ "graphical-environment.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
systemd.packages = [ pkgs.foot ];
systemd.user.sockets.foot-server.wantedBy = [ "graphical-environment.target" ];
#services.power-profiles-daemon.enable = true;
#systemd.user.targets.graphical-environment = { };
#systemd.user.services.kanshi = {
# description = "Monitor hotswap daemon";
# serviceConfig = {
# Type = "simple";
# ExecStart = lib.getExe pkgs.kanshi;
# };
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
#};
#systemd.user.services.swayidle = {
# description = "Idle lock + sleep manager";
# serviceConfig = {
# Type = "simple";
# ExecStart = ''
# ${lib.getExe pkgs.swayidle} -w \
# timeout 300 'swaymsg "output * power off"' \
# resume 'swaymsg "output * power on"' \
# timeout 360 '${swaylockCmd} -f' \
# timeout 600 'systemctl suspend' \
# before-sleep '${swaylockCmd} -f'
# '';
# };
# path = [ "/run/current-system/sw" ];
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
#};
#systemd.user.services.waybar = {
# description = "Desktop status bar";
# serviceConfig = {
# Type = "simple";
# ExecStart = lib.getExe pkgs.waybar;
# };
# path = [ "/run/current-system/sw" ];
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
#};
#systemd.user.services.networkmanagerapplet = {
# description = "Networkmanager applet";
# serviceConfig = {
# Type = "simple";
# ExecStart = lib.getExe pkgs.networkmanagerapplet;
# };
# path = [ "/run/current-system/sw" ];
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
#};
#systemd.user.services.pasystray = {
# description = "Pulseaudio system tray icon";
# serviceConfig = {
# Type = "simple";
# ExecStart = "${lib.getExe pkgs.pasystray} --notify source --notify sink -m 100";
# };
# path = [ "/run/current-system/sw" ];
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
#};
#systemd.user.services.kdeconnect-indicator = {
# description = "KDE connect indicator";
# serviceConfig = {
# Type = "simple";
# ExecStart = "${lib.getBin pkgs.kdePackages.kdeconnect-kde}/bin/kdeconnect-indicator";
# };
# path = [ "/run/current-system/sw" ];
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
#};
#systemd.user.services.swayr = {
# description = "Sway MRU window switcher";
# serviceConfig = {
# Type = "simple";
# ExecStart = "${lib.getBin pkgs.swayr}/bin/swayrd";
# };
# path = [ "/run/current-system/sw" ];
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
#};
#systemd.user.services.polkit-gnome-authentication-agent-1 = {
# description = "polkit-gnome-authentication-agent-1";
# partOf = [ "graphical-environment.target" ];
# wantedBy = [ "graphical-environment.target" ];
# serviceConfig = {
# Type = "simple";
# ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
# Restart = "on-failure";
# RestartSec = 1;
# TimeoutStopSec = 10;
# };
#};
#systemd.packages = [ pkgs.foot ];
#systemd.user.sockets.foot-server.wantedBy = [ "graphical-environment.target" ];
audrey-sway.extraPaletteEntries = [
{ name = "Command Palette"; }

25
modules/base-cross.nix
View File

@ -1,25 +0,0 @@
{
lib,
pkgs,
...
}:
{
config = lib.mkIf (pkgs.stdenv.buildPlatform != pkgs.stdenv.hostPlatform) {
programs.vim = {
enable = true;
defaultEditor = true;
package = pkgs.vim.customize {
vimrcConfig.customRC = ''
set mouse=
set hlsearch
nnoremap <CR> :noh<CR><CR>
'';
};
};
programs.git.config.core.editor = "vim";
environment.systemPackages = with pkgs; [
clang
bintools
];
};
}

149
modules/base-desktop.nix
View File

@ -1,149 +0,0 @@
{
lib,
pkgs,
config,
...
}:
{
config = lib.mkIf config.rhelmot.isDesktop {
networking.networkmanager = {
enable = true;
plugins = with pkgs; [
networkmanager-openvpn
networkmanager-iodine
networkmanager-ssh
];
};
fonts.packages = with pkgs; [
nerd-fonts.fira-code
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
];
services = {
xserver.enable = true;
printing = {
enable = true;
drivers = with pkgs; [ cnijfilter2 ];
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
pipewire = {
enable = true;
pulse.enable = true;
};
libinput.enable = true;
blueman.enable = true;
};
audrey-sway = {
enable = true;
};
programs.ydotool.enable = true;
users.users.audrey.extraGroups = [ "ydotool" ];
virtualisation.docker = {
enable = true;
storageDriver = "zfs";
logDriver = "journald";
daemon.settings = {
insecure-registries = [ "docker.shell.phish" "registry.finals.2025.nautilus.institute:5000" ];
};
};
programs = {
chromium.enable = true;
firefox = {
enable = true;
nativeMessagingHosts.packages = [
pkgs.fx-cast-bridge
];
preferences = {
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
};
thunderbird.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
wireshark.enable = true;
wireshark.package = pkgs.wireshark;
foot.enable = true;
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-livesplit-one
];
};
thunar.enable = true;
};
environment.sessionVariables.TERMINAL = "kitty --single-instance";
environment.systemPackages = with pkgs; [
kitty
dino
# discord
legcord
element-desktop
signal-desktop
slack
zotero
via
libimobiledevice
gnome-disk-utility
ffmpeg
gimp
feh
vlc
mpv
zathura
losslesscut-bin
file-roller
kdePackages.plasma-thunderbolt
];
services.usbmuxd.enable = true;
systemd.tmpfiles.settings.usersetup."/home/audrey/Downloads"."e!" = {
user = "audrey";
group = "users";
mode = "0700";
age = "1d";
};
systemd.services.sysfs-settings = {
description = "Set desktop sysfs tunables";
script = ''
# https://bugzilla.kernel.org/show_bug.cgi?id=219112
test "$(cat /sys/module/kvm/parameters/nx_huge_pages)" = "never" && exit 0 || true
echo "never" | tee /sys/module/kvm/parameters/nx_huge_pages
'';
before = [ "boot-complete.target" ];
};
hardware.sane.enable = true; # scanners
hardware.keyboard.qmk.enable = true;
services.udev.packages = [ pkgs.via ];
};
options.rhelmot.isDesktop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Install a graphical desktop";
};
}

262
modules/base.nix
View File

@ -1,262 +0,0 @@
{ config, lib, pkgs, ... }:
let rhelmot = config.rhelmot;
in {
options.rhelmot = {
globalPythonPackages = lib.mkOption {
type = with lib.types; listOf (functionTo (listOf package));
default = [];
description = "python packages (p: with p; [ x ]) to include in the global python environment";
};
};
config = {
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
(import ../overlays/packages.nix)
# lix overlay
(final: prev: {
inherit (prev.lixPackageSets.latest)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena;
})
];
nixpkgs.flake.setFlakeRegistry = true;
nixpkgs.flake.setNixPath = true;
nix.package = pkgs.lixPackageSets.latest.lix;
nix.settings.extra-experimental-features = "nix-command flakes pipe-operator";
nix.settings.trusted-users = [ "audrey" ];
nix.settings.max-jobs = 1;
nix.settings.cores = 0;
nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ];
nix.settings.trusted-public-keys = builtins.filter (f: f != "") <| lib.strings.splitString "\n" <| builtins.readFile ../keys/nix;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Configure keymap in X11
services.xserver.xkb.layout = "us";
services.xserver.xkb.options = "caps:escape";
users.defaultUserShell = pkgs.zsh;
users.users.audrey = {
uid = 1000;
description = "Audrey Dutcher";
isNormalUser = true;
extraGroups = [ "wheel" "docker" "video" "networkmanager" "libvirtd" "scanner" "lp" ];
openssh.authorizedKeys.keyFiles = [ ../keys/ssh ];
};
environment.systemPackages = with pkgs; [
man-pages
man-pages-posix
gnumake
wget
moor
ripgrep
fd
curl
btop
file
nettools
psmisc
units
units-desktop
patchelf
dwarfdump
gdb
kubectl
p7zip
unzip
zip
foremost
binwalk
jq
socat
nix-index
nixtamal
nix-run
openssl
wireguard-tools
cached-nix-shell
tcpdump
sqlite
cronie
radicle-node
editorconfig-core-c
(python3.withPackages (p: lib.concatMap (pl: pl p) rhelmot.globalPythonPackages))
];
rhelmot.globalPythonPackages = [ (p: with p; [
virtualenvwrapper
pylint
pytest
ipdb
ipython
nclib
pyyaml
snakeviz
requests
pysocks
aiohttp
pudb
]) ];
documentation.dev.enable = true;
documentation.man.enable = true;
documentation.doc.enable = true;
programs = {
kakoune = {
enable = true;
defaultEditor = true;
plugins = with pkgs.kakounePlugins; [
kak-fzf
smarttab-kak
];
configFiles = lib.filesystem.listFilesRecursive ../dotfiles/kakoune/config;
colorSchemes = [ ../dotfiles/kakoune/colors ];
extraPackages = with pkgs; [
kak-tree-sitter
kakoune-lsp
];
};
zsh = {
enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
vteIntegration = true;
histSize = 10000;
promptInit = builtins.readFile ../dotfiles/zsh-prompt.sh;
shellInit = builtins.readFile ../dotfiles/zsh-init.sh;
shellAliases = {
ls = null;
ll = null;
l = null;
grep = "grep --color=auto";
egrep = "egrep --color=auto";
objdump = "objdump -M intel";
gits = "git status";
pag = "ps aux | grep -v grep | grep -i";
hd = "hexdump -C";
hdc = "hexdump -ve '\"\\\\x\" 1/1 \"%02x\"'";
nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb";
mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt";
woman = "man";
};
};
tmux = {
enable = true;
extraConfig = builtins.readFile ../dotfiles/tmux.conf;
};
ssh.extraConfig = builtins.readFile ../dotfiles/ssh-config;
direnv.enable = true;
htop.enable = true;
git = {
enable = true;
lfs.enable = true;
config = {
user.email = "audrey@rhelmot.io";
user.name = "Audrey Dutcher";
init.defaultBranch = "main";
blame.markUnblamableLines = true;
credential.helper = "store";
url."ssh://git@".insteadOf = "git://";
core.excludesFile = pkgs.writeText "gitignore" ''
.stignore
.stignore-sync
.direnv
.envrc
'';
};
};
bat = {
enable = true;
extraPackages = with pkgs.bat-extras; [
batdiff
batman
prettybat
];
settings = {
italic-text = "always";
wrap = "never";
style = "plain";
};
};
};
environment.etc."zshrc.local".source = ../dotfiles/zsh-final.sh;
#environment.variables.PAGER = "moor";
environment.etc.zinputrc.text = lib.mkForce (builtins.readFile ../dotfiles/zsh-input.sh);
environment.etc."gdb/gdbinit".source = ../dotfiles/gdb-init.gdb;
environment.etc."venv-default.txt".source = ../dotfiles/venv-default.txt;
services.openssh.enable = true;
boot.zfs.forceImportRoot = false;
services.sanoid = lib.mkIf config.boot.zfs.enabled {
enable = true;
datasets."system/home" = {
autosnap = true;
autoprune = true;
recursive = true;
processChildrenOnly = false;
yearly = 0;
monthly = 2;
daily = 7;
hourly = 24;
};
datasets."system/local/var" = {
autosnap = true;
autoprune = true;
recursive = true;
processChildrenOnly = false;
yearly = 0;
monthly = 2;
daily = 7;
hourly = 24;
};
datasets."system/local/root" = {
autosnap = true;
autoprune = true;
recursive = true;
processChildrenOnly = false;
yearly = 0;
monthly = 2;
daily = 7;
hourly = 24;
};
datasets."system/local/var/lib_docker" = {
autosnap = false;
recursive = true;
};
};
services.syncoid = lib.mkIf config.boot.zfs.enabled {
enable = true;
# offset 30min from sanoid to reduce I/O spikes and give sanoid a chance to snapshot before we
# back up
interval = "00/1:30";
service = {
serviceConfig = {
ExecCondition = "+${lib.getExe pkgs.condition-unmetered-network}";
};
};
sshKey = "/var/lib/syncoid/.ssh/id_ed25519";
commands."system" = {
source = "system";
target = "buser@home.rhelmot.io:main/backup/${config.networking.hostName}/system";
# xeni note - option w is weeeeeeeird but the only consequnce is a lack of encryption
#sendOptions = "w";
recursive = true;
extraArgs = ["--skip-parent" "--sshport" "2252"];
};
};
services.syncthing-cluster = {
deviceIds = ../keys/syncthing;
coordinator = "hydrangea";
};
};
}

60
modules/deployment.nix
View File

@ -1,60 +0,0 @@
{
pkgs,
config,
lib,
...
}:
let hostname = config.networking.hostName;
in {
options.rhelmot.deployments = lib.mkOption {
default = {};
description = "Any deployments to establish as profiles on this system";
type = lib.types.attrsOf (lib.types.submodule ({
name,
config,
...
}: {
options = {
profileName = lib.mkOption {
type = lib.types.str;
default = name;
description = "The profile name at which to find the resulting package";
};
target = lib.mkOption {
type = lib.types.pathInStore;
description = "The derivation to link into the specified profile.";
};
extraCommands = lib.mkOption {
type = lib.types.str;
default = "";
description = "Any extra commands to run when deploying this deployment";
};
deployScript = lib.mkOption {
internal = true;
};
};
config.deployScript = pkgs.replaceVarsWith rec {
name = "deploy-${config.profileName}";
dir = "bin";
src = builtins.toFile "deploy-template" ''
#!@runtimeShell@
set -ex
nix-copy-closure --to @site@ @target@
ssh @site@ sudo nix-env --set -p /nix/var/nix/profiles/@profileName@ @target@
@extraCommands@
'';
replacements = {
site = hostname;
inherit (config) target profileName extraCommands;
inherit (pkgs.buildPackages) runtimeShell;
};
isExecutable = true;
meta.mainProgram = name;
};
}));
};
options.rhelmot.deployScript = lib.mkOption {
internal = true;
};
config.rhelmot.deployScript = (pkgs.buildPackages.writeShellScriptBin "deploy" (lib.concatMapStrings (x: "${x.deployScript}\n") (builtins.attrValues config.rhelmot.deployments))) // builtins.mapAttrs (k: v: v.deployScript) config.rhelmot.deployments;
}

7
modules/kakoune.nix
View File

@ -18,12 +18,6 @@ in {
type = lib.types.package;
description = "The package that will be linked into the global environment if enabled";
default = cfg.package.override { plugins = cfg.plugins; };
internal = true;
};
defaultEditor = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to set EDITOR=kak globally";
};
extraPackages = lib.mkOption {
type = lib.types.listOf lib.types.package;
@ -81,6 +75,5 @@ in {
destination = "/share/kak/kakrc.local";
})
];
environment.variables.EDITOR = lib.mkIf cfg.defaultEditor "kak";
};
}

1
modules/syncthing-cluster/default.nix
View File

@ -49,7 +49,6 @@ in {
inherit (cfg) configDir dataDir user;
openDefaultPorts = true;
overrideDevices = true;
overrideFolders = false;
settings.devices = builtins.mapAttrs (_: value: { id = value; autoAcceptFolders = hostname == cfg.coordinator; }) otherDevices;
};
} (lib.mkIf (cfg.user != "syncthing") {

8
nix/tamal/.editorconfig
View File

@ -1,8 +0,0 @@
root = true
[*]
charset = utf-8
end_of_line = lf
indent_style = tab
insert_final_newline = true
trim_trailing_whitespace = true

2
nix/tamal/.ignore
View File

@ -1,2 +0,0 @@
darcs_context
.silo

196
nix/tamal/default.nix
View File

@ -1,196 +0,0 @@
/*
SPDX-FileCopyrightText: 20252026 toastal
SPDX-FileCopyrightText: 2026 Nixtamal contributors
SPDX-License-Identifier: ISC
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice & this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED AS IS & ISC DISCLAIMS ALL WARRANTIES WITH REGARD
TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY &
FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT,
OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
OF THIS SOFTWARE.
+
This file was generated by Nixtamal.
Do not edit as it will be overwritten.
*/
{
system ? builtins.currentSystem,
bootstrap-nixpkgs ? null,
bootstrap-nixpkgs-lock-name ? null,
}:
let lock = builtins.fromJSON (builtins.readFile ./lock.json); in
assert (lock.v == "1.1.0");
let
hash-token = {
"0" = "sha256";
"1" = "sha512";
"2" = "blake3";
};
try-fetch = input-name: fetcher:
let
try-fetch' = failed-urls: url: urls:
let result = builtins.tryEval (fetcher url); in
if result.success then
result.value
else
let failed-urls' = [ url ] ++ failed-urls; in
if builtins.length urls <= 0 then
let fus = builtins.concatStringsSep " " failed-urls'; in
throw "Input ${input-name}fetchable @ [ ${fus} ]"
else
try-fetch' failed-urls' (builtins.head urls) (builtins.tail urls);
in
try-fetch' [ ];
builtin-fetch-tarball = {input-name, name, kind, hash}:
try-fetch input-name (url:
builtins.fetchTarball ({
inherit url;
${hash-token.${builtins.toString hash.al}} = hash.vl;
}
// (if name != null then {inherit name;} else {}))
) kind.ur kind.ms;
builtin-fetch-git = {input-name, name, kind}:
let
ref =
let
type = builtins.elemAt kind.rf 0;
valu = builtins.elemAt kind.rf 1;
in
if type == 0 then # ref
valu
else if type == 1 then # branch
"refs/heads/${valu}"
else if type == 2 then # tag
"refs/tags/${valu}"
else
throw "Unsupported reference type ${builtins.toString type}.";
in
try-fetch input-name (url:
let
args = {
inherit url ref;
rev = kind.lr;
submodules = kind.sm;
lfs = kind.lf;
shallow = true;
}
// (if (name != null) then {inherit name;} else {});
args' =
if builtins.compareVersions builtins.nixVersion "2.26" < 0 then
builtins.removeAttrs args [ "lfs" ]
else
args;
in
builtins.fetchGit args'
) kind.rp kind.ms;
builtin-to-input = input-name: input:
let
name = input.sn;
hash = input.ha;
k = builtins.head input.kd;
in
if k == 1 then
builtin-fetch-tarball {
inherit name;
input-name = input-name;
kind = builtins.elemAt input.kd 1;
hash = input.ha;
}
else if k == 2 then
builtin-fetch-git {
inherit name;
input-name = input-name;
kind = builtins.elemAt input.kd 1;
}
else
throw "Unsupported input kind ${builtins.toString k}.";
nixpkgs' =
if builtins.isNull bootstrap-nixpkgs then
builtin-to-input "nixpkgs-for-nixtamal" (
if builtins.isString bootstrap-nixpkgs-lock-name then
lock.i.${bootstrap-nixpkgs-lock-name}
else
lock.i.nixpkgs-nixtamal or lock.i.nixpkgs
)
else
bootstrap-nixpkgs;
pkgs = import nixpkgs' {inherit system;};
inherit (pkgs) lib;
fetch-zip = {input-name, name, kind, hash}: pkgs.fetchzip ({
url = kind.ur;
hash = hash.vl;
}
// lib.optionalAttrs (name != null) {inherit name;}
// lib.optionalAttrs (builtins.length kind.ms > 0) {urls = kind.ms;});
fetch-git = {input-name, name, kind, hash}:
let
using-mirrors = kind ? ms && (builtins.length kind.ms) > 0;
mirror-support = pkgs.fetchgit.__functionArgs ? "mirrors";
in
lib.warnIf (using-mirrors && !mirror-support)
"Upstream pkgs.fetchgit doesnt yet support mirrors for ${input-name}"
pkgs.fetchgit ({
url = kind.rp;
rev = kind.lr;
fetchSubmodules = kind.sm;
fetchLFS = kind.lf;
deepClone = false;
hash = hash.vl;
}
// lib.optionalAttrs (name != null) {inherit name;}
// lib.optionalAttrs (using-mirrors && mirror-support) {
mirrors = kind.ms;
});
to-input = input-name: input:
let
name = input.sn;
hash = input.ha;
k = builtins.head input.kd;
raw-input =
if k == 1 then
let
kind = builtins.elemAt input.kd 1;
fetch_time = kind.ft;
in
if fetch_time == 0 then
fetch-zip {inherit input-name name kind hash;}
else if fetch_time == 1 then
builtin-fetch-tarball {inherit input-name name kind hash;}
else
throw "Unsupported fetch time ${fetch_time}."
else if k == 2 then
let
kind = builtins.elemAt input.kd 1;
fetch_time = kind.ft;
in
if fetch_time == 0 then
fetch-git {inherit input-name name kind hash;}
else if fetch_time == 1 then
builtin-fetch-git {inherit input-name name kind;}
else
throw "Unsupported fetch time ${fetch_time}."
else
throw "Unsupported input kind ${builtins.toString}.";
in
raw-input;
in
builtins.mapAttrs to-input lock.i

8
nix/tamal/lock.json
View File

@ -1,8 +0,0 @@
{"v":"1.1.0"
,"i":{
"nixpkgs":{"sn":"nixpkgs-src","kd":[1,{"ft":0,"ur":"https://github.com/NixOS/nixpkgs/archive/549bd84d6279f9852cae6225e372cc67fb91a4c1.tar.gz","ms":[]}],"ha":{"al":0,"vl":"sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU="},"fv":"549bd84d6279f9852cae6225e372cc67fb91a4c1","ps":[]}
,"bingosync":{"sn":"bingosync-src","kd":[2,{"ft":0,"rp":"https://github.com/rhelmot/bingosync","ms":[],"rf":[0,"refs/heads/main"],"dt":"2026-05-10T23:20:19-07:00","sm":false,"lf":false,"lr":"9b6f02f4ed38e095979d7758e38a6a3aa9a8e7d8"}],"ha":{"al":0,"vl":"sha256-JJ/8Lp1bcRHWMeJvuxGrKhgOEO1aMYke4UH6D+N/91k="},"fv":"9b6f02f4ed38e095979d7758e38a6a3aa9a8e7d8","ps":[]}
,"blog-rhelmot-io":{"sn":"blog-rhelmot-io-src","kd":[2,{"ft":0,"rp":"https://git.lain.faith/rhelmot/blog.rhelmot.io","ms":[],"rf":[0,"refs/heads/main"],"dt":"2026-05-10T19:42:48-07:00","sm":false,"lf":false,"lr":"824a542d99f595677e267926b2e46d373853314e"}],"ha":{"al":0,"vl":"sha256-nw8WRY4TaRhl4sRX/HMohrfKkSkcEaj13y5wIETM87Y="},"fv":"824a542d99f595677e267926b2e46d373853314e","ps":[]}
}
,"p":{}
}

28
nix/tamal/manifest.kdl
View File

@ -1,28 +0,0 @@
// ┏┓╻+╻ ╱┏┳┓┏┓┏┳┓┏┓╻
// ┃┃┃┃┗━┓╹┃╹┣┫┃┃┃┣┫┃ Read the manpage:
// ╹┗┛╹╱ ╹ ╹ ╹╹╹ ╹╹╹┗┛ $ man nixtamal-manifest
version "1.1.0"
inputs {
nixpkgs {
archive {
url "https://github.com/NixOS/nixpkgs/archive/{{fresh_value}}.tar.gz"
}
hash algorithm=SHA-256
fresh-cmd {
$ git ls-remote "https://github.com/NixOS/nixpkgs.git" --refs "refs/heads/nixos-unstable"
| cut -f1
}
}
blog-rhelmot-io {
git {
repository "https://git.lain.faith/rhelmot/blog.rhelmot.io";
ref "refs/heads/main";
}
}
bingosync {
git {
repository "https://github.com/rhelmot/bingosync";
ref "refs/heads/main";
}
}
}

15
overlays/lix.nix Normal file
View File

@ -0,0 +1,15 @@
{
pkgs,
...
}:
{
nixpkgs.overlays = [ (final: prev: {
inherit (prev.lixPackageSets.latest)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena;
}) ];
nix.package = pkgs.lixPackageSets.latest.lix;
}

34
overlays/packages.nix
View File

@ -1,4 +1,6 @@
final: prev: {
{ config, lib, pkgs, ... }:
let overlay = final: prev: {
vimPlugins = prev.vimPlugins.extend (final': prev': {
sweetie-nvim = final.callPackage ../pkgs/sweetie.nix {};
});
@ -8,29 +10,11 @@ final: prev: {
hash = "sha256-vwGHiLKSjJor4A+r599DlvSHXkDuuLSSQ4/tWFALMKU=";
})];
});
sftpgo = prev.sftpgo.overrideAttrs (prev: {
# killing and tearing and ripping and maiming
postPatch = (prev.postPatch or "") + ''
sed -E -i -e '/func preserveUserProfile/a newUser.Groups = user.Groups;' internal/common/eventmanager.go
'';
});
fx-cast-bridge = prev.fx-cast-bridge.overrideAttrs (prev: {
postConfigure = (prev.postConfigure or "") + ''
substituteInPlace node_modules/mdns/lib/resolver_sequence_tasks.js --replace-fail \
'cares.getaddrinfo(req, host, family, 0, false)' \
'cares.getaddrinfo(req, host, family, 0, 0)'
'';
});
idapro9 = final.callPackage ../pkgs/idapro9.nix {};
condition-unmetered-network = final.callPackage ../pkgs/condition-unmetered-network {};
units-desktop = final.callPackage ../pkgs/units-desktop.nix {};
idapro9 = pkgs.callPackage ../pkgs/idapro9.nix {};
condition-unmetered-network = pkgs.callPackage ../pkgs/condition-unmetered-network {};
units-desktop = pkgs.callPackage ../pkgs/units-desktop.nix {};
};
aria2 = prev.aria2.overrideAttrs (final': prev': {
patches = (prev'.patches or []) ++ [ ./patches/aria2-retry-codes.patch ];
});
nixos-render-docs = prev.nixos-render-docs.overrideAttrs (final': prev': {
patches = (prev'.patches or []) ++ [
./patches/nixos-render-docs-flush.patch
];
});
in {
nixpkgs.overlays = [ overlay ];
}

17
overlays/patches/aria2-retry-codes.patch
View File

@ -1,17 +0,0 @@
diff --git a/src/HttpSkipResponseCommand.cc b/src/HttpSkipResponseCommand.cc
index a722d774..d6f76c85 100644
--- a/src/HttpSkipResponseCommand.cc
+++ b/src/HttpSkipResponseCommand.cc
@@ -220,8 +220,12 @@ bool HttpSkipResponseCommand::processResponse()
}
throw DL_RETRY_EX2(MSG_RESOURCE_NOT_FOUND,
error_code::RESOURCE_NOT_FOUND);
+ case 429:
+ case 500:
case 502:
case 503:
+ case 520:
+ case 521:
// Only retry if pretry-wait > 0. Hammering 'busy' server is not
// a good idea.
if (getOption()->getAsInt(PREF_RETRY_WAIT) > 0) {

16
overlays/patches/nixos-render-docs-flush.patch
View File

@ -1,16 +0,0 @@
diff --git a/nixos_render_docs/options.py b/nixos_render_docs/options.py
index 9e337e6b1082..64808e5a4ba5 100644
--- a/nixos_render_docs/options.py
+++ b/nixos_render_docs/options.py
@@ -268,6 +268,11 @@ class ManpageConverter(BaseConverter[OptionsManpageRenderer]):
r'''.ad l''',
r'''.\" enable line breaks after slashes''',
r'''.cflags 4 /''',
+ r'''.\" if rendering in continuous mode (default for man-db), flush pages periodically''',
+ r'''.if \\\\n[cR] \\{\\''',
+ r'''.wh 10000v an*real-bp''',
+ r'''.pl 10000v''',
+ r'''.\\}''',
r'''.SH "NAME"''',
self._render('{file}`configuration.nix` - NixOS system configuration specification'),
r'''.SH "DESCRIPTION"''',

37
pkgs/idapro9.nix
View File

@ -22,24 +22,13 @@
openssl,
gcc,
clang,
xorg,
zlib,
curl,
gnutar,
makeDesktopItem,
makeWrapper,
runCommand,
libice,
libsm,
libx11,
libXau,
libxcb,
libxext,
libxi,
libXrender,
xcbutilimage,
xcbutilkeysyms,
xcbutilrenderutil,
xcbutilwm,
}:
let
@ -83,18 +72,18 @@ stdenv.mkDerivation (self: {
libxkbcommon
openssl.out
(if stdenv.cc.isGNU then gcc else clang).cc
libice
libsm
libx11
libXau
libxcb
libxext
libxi
libXrender
xcbutilimage
xcbutilkeysyms
xcbutilrenderutil
xcbutilwm
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXau
xorg.libxcb
xorg.libXext
xorg.libXi
xorg.libXrender
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
zlib
curl.out
pythonForIDA

52
sites/chrysanthemum/configuration.nix
View File

@ -4,22 +4,50 @@
networking.hostName = "chrysanthemum";
networking.hostId = "6bb591ac";
networking.dhcpcd.wait = "background";
networking.interfaces.wlan0.wlandev = "iwlwifi0";
services.wpa_supplicant.configFile = "/home/audrey/wpa_supplicant.conf";
system.stateVersion = "25.04";
system.stateVersion = "25.11";
environment.etc.machine-id.text = "d3d521900f0e11f0af2b9d9b219a1c36\n";
security.sudo.wheelNeedsPassword = false;
hardware.opengl.enable = true;
services.dbus.enable = true;
services.accounts-daemon.enable = true;
services.consolekit2.enable = true;
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
displayManager.defaultSession = "xfce";
desktopManager.xfce = {
enable = true;
};
exportConfiguration = true;
};
services.seatd.enable = true;
boot.extraModulePackages = [ pkgs.freebsd.wifi-firmware-kmod ];
users.users.audrey.extraGroups = [
"u2f"
"seat"
"_video"
];
# boot.kernelEnvironment."hw.psm.synaptics_support" = "1";
boot.kernelEnvironment."compat.linuxkpi.iwlwifi_disable_11ac" = "0";
boot.kernelEnvironment."compat.linuxkpi.iwlwifi_11n_disable" = "0";
freebsd.rc.conf.kld_list = "i915kms";
audrey-sway.enable = true;
environment.systemPackages = with pkgs; [
firefox
foot
dino
fzf
(libinput.override { eventGUISupport = true; })
util-linuxMinimal
];
fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
services.powerd.enable = true;
hardware.bsdfan.enable = true;
#services.accounts-daemon.enable = true;
#services.consolekit2.enable = true;
#services.xserver = {
# enable = true;
# displayManager.lightdm.enable = true;
# displayManager.defaultSession = "xfce";
# desktopManager.xfce = {
# enable = true;
# };
# exportConfiguration = true;
#};
}

25
sites/chrysanthemum/hardware-configuration.nix
View File

@ -2,31 +2,36 @@
{
fileSystems."/" =
{ device = "system/local/root";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "system/local/nix";
{ device = "system/tier1/root";
fsType = "zfs";
};
fileSystems."/var" =
{ device = "system/local/var";
{ device = "system/tier1/var";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "system/home";
{ device = "system/tier1/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "system/scratch/nix";
fsType = "zfs";
};
fileSystems."/tmp" =
{ device = "system/scratch/tmp";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/gpt/ESP";
{ device = "/dev/nda0p1";
fsType = "msdos";
};
swapDevices = [ { device = "/dev/gpt/swap"; } ];
#swapDevices = [ { device = "/dev/gpt/swap"; } ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-freebsd";
}

83
sites/clove/configuration.nix
View File

@ -1,83 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
rhelmot.isDesktop = true;
boot.initrd.supportedFilesystems = [ "zfs" ];
boot.initrd.systemd.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
# fstrim is also enabled by nixos-hardware, but only runs for /boot
networking.hostName = "clove";
networking.hostId = "e2a6d757";
time.timeZone = "America/Phoenix";
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 8081 2222 ];
networking.firewall.allowedUDPPorts = [ 1337 ];
systemd.coredump.enable = false;
system.stateVersion = "25.11";
environment.systemPackages = [
pkgs.racket
pkgs.idapro9
pkgs.qemu_kvm
(pkgs.runCommand "OVMF-fd" {} ''
mkdir -p $out/share/FV
ln -s ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd $out/share/FV/OVMF_CODE.fd
'')
pkgs.OVMF.fd
];
services.tailscale = {
enable = true;
openFirewall = true;
};
#programs.celestegame = {
# enable = true;
# withEverest = true;
# withOlympus = true;
# writableDir = "/var/lib/celeste";
#};
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"mips-linux"
"mipsel-linux"
"armv7l-linux"
];
boot.binfmt.preferStaticEmulators = true;
programs.steam.enable = true;
programs.steam.gamescopeSession.enable = true;
programs.gamescope.enable = true;
programs.gamescope.capSysNice = true;
services.pulseaudio.support32Bit = true;
hardware.graphics.enable32Bit = true;
virtualisation.libvirtd = {
enable = true;
qemu.package = pkgs.qemu_kvm;
};
security.sudo.wheelNeedsPassword = false;
audrey-sway.background = ../../dotfiles/rtfs.jpg;
services.syncthing-cluster = {
enable = true;
device = "WB3OPFM-5S7CLM4-PN7JIWE-H66YCFD-7UKW7PE-7KM4CMT-WPQ5BK5-ZFPMQAM";
user = "audrey";
configDir = "/home/audrey/.config/syncthing";
dataDir = "/home/audrey";
};
#services.xserver.videoDrivers = [ "nvidia" ];
#hardware.nvidia.open = true;
audrey-sway.extraSwayArgs = [ "--unsupported-gpu" ];
audrey-sway.suspendTimeout = null;
}

72
sites/clove/hardware-configuration.nix
View File

@ -1,72 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "clove/tier1/root";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/66C8-15C6";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/var" =
{ device = "clove/tier1/var";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "clove/tier1/home";
fsType = "zfs";
};
fileSystems."/var/lib/containers" =
{ device = "clove/tier2/containers";
fsType = "zfs";
};
fileSystems."/var/log" =
{ device = "clove/tier2/log";
fsType = "zfs";
};
fileSystems."/var/spool" =
{ device = "clove/tier2/spool";
fsType = "zfs";
};
fileSystems."/var/tmp" =
{ device = "clove/scratch/tmp";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "clove/scratch/nix";
fsType = "zfs";
};
fileSystems."/var/cache" =
{ device = "clove/scratch/cache";
fsType = "zfs";
};
swapDevices = [ {
device = "/dev/disk/by-uuid/31ae9d96-d3dc-45e4-9b36-707df8b4f6c2";
} ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
sites/clove/system
View File

@ -1 +0,0 @@
nixos

34
sites/daisy/cert.pem Normal file
View File

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUKYdQD74Iefk1CyzHvROGC83Hw6IwDQYJKoZIhvcNAQEL
BQAwezELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk5ldmFkYTESMBAGA1UEBwwJTGFz
IFZlZ2FzMRMwEQYDVQQKDApTaGVsbHBoaXNoMRUwEwYDVQQLDAxhd29vLnN5c3Rl
bXMxGzAZBgNVBAMMEmRvY2tlci5zaGVsbC5waGlzaDAeFw0yNTA4MDQxNjI5NDda
Fw0zNTA4MDIxNjI5NDdaMHsxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZOZXZhZGEx
EjAQBgNVBAcMCUxhcyBWZWdhczETMBEGA1UECgwKU2hlbGxwaGlzaDEVMBMGA1UE
CwwMYXdvby5zeXN0ZW1zMRswGQYDVQQDDBJkb2NrZXIuc2hlbGwucGhpc2gwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDyVMA3TRVo52CNfmo4KCEF1UXR
km3z2fezjsbjEOCeMTsirkFp71g4Cvj4RPCrIASq1DVXkOI6ZaU2OEfm15TcY0Q1
DG8/zvjVFTOGGNqfCyz+DUSr3qweeAijyLMygjTvK1LrCUJ1daYTdr9es1Qd29dV
Z2QxWy9+BOpz9oCs8ph+SUCVSfqn11mJ7btgSN9EU8K8f7vhm4PHpruaIJzXh6l0
tl3wLvXbG8QW1Ms95oBCxiGFKxhAOhGQYlWkODJuh9nF+K/erXv/gmC9Xth/mbL9
fRJpW+gPK79bhdSTPf9qLmanesRh7ZYxqDW/b7a1moR1u/MNqn4evm0muiz+cb/4
e6PaRQfwD21dS4FNiJRWtUgSSa0qV7UdvFXvRIev/1f6jbeP0NB6txRxfRwf7cHQ
ceWIMZgfLeGXjS1VUFnyvEL2iRgFE86YVgaYd6TIafN2tcKBb5CBJCZkkP2BBk17
NJ/S4h1H0w9u9yyfSz8kvrFf8KMGreRsZGdq776ajI1RNye+kdOQdu8UVN/W2ewu
E7vBw6NdDRuYGZ/pCULaXgdabiEYnzuwD5k9AKAeArWVDltSk8pS0gv8cI1MXt8J
TBcSEal5SPwjQNVjahghc3ASydkGN31U0roXuV8+5CjTxfzE6vVsQ2PdF9cSEVHT
kO6uIlMF7UKlytz2TwIDAQABo1MwUTAdBgNVHQ4EFgQUfMaBc83sxwCnJEeS893N
hpFQF5gwHwYDVR0jBBgwFoAUfMaBc83sxwCnJEeS893NhpFQF5gwDwYDVR0TAQH/
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATt+MoCjOJ7MlgfX/vvgrnjp9RCwY
ltjg1n2sFzObJN0FpukFYLUdLXNj7YI34qL30FRjVDbEw3Q7ciXDPafqkzu/fMDd
/QkOnkIPa7oQ1qHGTODN/a3/sDkGcf7Mf1KV2B3QovybhRjB+N35C2zDA6V4TWik
AKXfqdJJEcSaG9yv1Kp4wmHvEOI0jruK2dks+46Ulw1eGk5xOHtRElfVfvO0LwGz
8vvv+6WNoBNMw9inzwmEQALvVooWdh4cJnkUIWlSPI2n091dtU57rzvsAnPtV/sW
Xvn9ZpRxw9vyKUBkWLLQAUbdn+XDM8XXi7zRGaY8b9LKWoNA2PGltpteCYck9za0
a/F5Jt3f78d/vug/6Q0U2SiWNbqL9pzMX8gLIOuTqw6Rx6W32VY6WT418WqWjfsG
iySaMbJ+P+EpIFn57UvKV5CgdDFroBLnS1YpYNpZAJJubpJLVyMxQMhb47K5vU6s
YpsRm96kC0cZvP4J7+xpVilbzIqIHoV1foz0eRhCcS9bY+p22oLQY0EQ2joMnMnq
VvffPBaIWMkx6hoSaoQl7nhksu1UQrzomGJfOEK+jGkRbo1QI/qz38EuvlUfSayu
ONbCx7j+x++DyxvIQ9JEuu+cC76CNWjiDU0xFUhURrlS3t5AGe0+2ZBjcxWeX7jF
iwbYVRB2xqWwxek=
-----END CERTIFICATE-----

46
sites/daisy/configuration.nix
View File

@ -1,8 +1,7 @@
{ config, lib, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
rhelmot.isDesktop = true;
imports = [ ./hardware-configuration.nix ../../configuration-desktop.nix ];
boot.initrd.supportedFilesystems = [ "zfs" ];
boot.initrd.systemd.enable = true;
@ -26,15 +25,48 @@
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 8081 2222 ];
networking.firewall.allowedUDPPorts = [ 1337 ];
systemd.coredump.enable = false;
system.stateVersion = "24.11";
#services.immich.enable = true;
hardware.ipu6 = {
enable = true;
platform = "ipu6ep";
};
# not sure when this commit will reach upstream
#boot.kernelPackages = pkgs.linuxPackages_6_16.extend ( self: super: {
# ipu6-drivers = super.ipu6-drivers.overrideAttrs (
# final: previous: rec {
# src = builtins.fetchGit {
# url = "https://github.com/intel/ipu6-drivers.git";
# ref = "master";
# rev = "b4ba63df5922150ec14ef7f202b3589896e0301a";
# };
# patches = [
# "${src}/patches/0001-v6.10-IPU6-headers-used-by-PSYS.patch"
# ] ;
# }
# );
#} );
#boot.kernelPackages = pkgs.linuxPackages_latest;
# https://discourse.nixos.org/t/how-to-hide-this-dummy-video-device/40985/3
services.udev.extraRules = ''
# If the system is not a video device, we skip these rules by jumping to the end
SUBSYSTEM!="video4linux", GOTO="hide_cam_end"
#ATTR{name}=="Intel MIPI Camera", GOTO="hide_cam_end" # This line cannot be used as it would move too much stuff and then the camera would not work. Instead, we just move the dummy camera,
# I found its name with udevadm info -q all -a /dev/video0
# If this is not the dummy video, we also skip these rules.
ATTR{name}!="Dummy video device (0x0000)", GOTO="hide_cam_end"
ACTION=="add", RUN+="${pkgs.coreutils}/bin/mkdir -p /dev/not-for-user"
ACTION=="add", RUN+="${pkgs.coreutils}/bin/mv -f $env{DEVNAME} /dev/not-for-user/"
ACTION=="remove", RUN+="${pkgs.coreutils}/bin/rm -f /dev/not-for-user/$name"
ACTION=="remove", RUN+="${pkgs.coreutils}/bin/rm -f /dev/not-for-user/$env{ID_SERIAL}"
LABEL="hide_cam_end"
'';
environment.systemPackages = [
pkgs.racket
pkgs.idapro9
@ -51,6 +83,14 @@
openFirewall = true;
};
#services.coolify = {
# enable = true;
# hostname = "coolify";
#};
# networking.extraHosts = ''
# 135.181.103.93 anons.ee
# '';
#programs.celestegame = {
# enable = true;
# withEverest = true;

52
sites/daisy/key.pem Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDyVMA3TRVo52CN
fmo4KCEF1UXRkm3z2fezjsbjEOCeMTsirkFp71g4Cvj4RPCrIASq1DVXkOI6ZaU2
OEfm15TcY0Q1DG8/zvjVFTOGGNqfCyz+DUSr3qweeAijyLMygjTvK1LrCUJ1daYT
dr9es1Qd29dVZ2QxWy9+BOpz9oCs8ph+SUCVSfqn11mJ7btgSN9EU8K8f7vhm4PH
pruaIJzXh6l0tl3wLvXbG8QW1Ms95oBCxiGFKxhAOhGQYlWkODJuh9nF+K/erXv/
gmC9Xth/mbL9fRJpW+gPK79bhdSTPf9qLmanesRh7ZYxqDW/b7a1moR1u/MNqn4e
vm0muiz+cb/4e6PaRQfwD21dS4FNiJRWtUgSSa0qV7UdvFXvRIev/1f6jbeP0NB6
txRxfRwf7cHQceWIMZgfLeGXjS1VUFnyvEL2iRgFE86YVgaYd6TIafN2tcKBb5CB
JCZkkP2BBk17NJ/S4h1H0w9u9yyfSz8kvrFf8KMGreRsZGdq776ajI1RNye+kdOQ
du8UVN/W2ewuE7vBw6NdDRuYGZ/pCULaXgdabiEYnzuwD5k9AKAeArWVDltSk8pS
0gv8cI1MXt8JTBcSEal5SPwjQNVjahghc3ASydkGN31U0roXuV8+5CjTxfzE6vVs
Q2PdF9cSEVHTkO6uIlMF7UKlytz2TwIDAQABAoICACrgMug188lNUuiGCu4nr3wU
OZe0dE7WbHyxEOCBDnT+2esvcLR5HB9CVb27mOd2MU02Yb++C0Dw1hPrTlF6KET8
LUfDjPV5vc4Zw7WAtUG5nPrQRyuvqL11WHX+HzKbFhmRDUk3qLIWoE1GT+LGEOZ9
jLJ4KiKPcy41WXQuE6NGAxQpCsu/PKGwuQ9t6B7HlfVFaqmmYgwvU1giWIQTLBz4
TFOxpppF/MsJNR8jBFjN7TijTK/+qXpHq+7jbyqwpL+ouq/L6fYYtN1G6K3o155w
B9rQ486Pa9YvU9qyKaPprsTPM+uDDbcT7eSYUfYuomGsVq5sFDuBRHJVGAPnoekE
+ybrHST0MBwMqt3IUzNTfoNkO+/JKlEdAIMvmTkZERgw1yLokNUHlvoWSdiKkbpp
ZsFpsS6nLucaUg2YxKRBkUFNXIwmO9RcCrax0putRkLeW+iYDd/1HyD8xyCpBLyG
v/e0uUepx2i/T096YBNLrIj95Lqh1rdGOXmN2b98vEJhgZN0FCmmlIiMbYXYlrpQ
8+6yNjpc36fFa0Af2xtv0RwULj1pEVI2QjTJCecKk9rjYBVOM8gp6xVpjy538+Zy
yvkhKchILT4fZq8wXD8LBnFuFRjpgFQnHbN46J++y4+o0t8Kfjq+v8ttuCXLLkks
LVCUu7GAWjejxWdQ0t/xAoIBAQD8MNQ2U6BzlVmTKjLhl9HrJd1zFEDVFDRseJjs
YIfknIAtZMP12F810QQD0MMFisge8iDy+pm5K1GrauL5yKQUPExszFHLx9SyL4Ui
TtsfWwHXFRged4+HS0RAqTCYpdfsKbnAYfpJCw99H1x0E6mcz2DBKS7vlO6gqhCL
SkKwBtoXzh8IX8JpFI6blHGIZNdKF00a7iavG8ct7awHxZ5fhENnxz0QF/RCSXrG
DIWJFC/Sa+iOq5YKQ9BjrVEsm2BwSfdD7DO1mrBYFutRz99aaACXnDnRscYPQw1G
Et71wWE3qtkObMzIJhoEoS8gghRTpwW2/g8mueMpiFe61W6/AoIBAQD1/cvmSlGQ
9S6mDpbSOo8r3kbcdj/Apv7rY18Ais8kynOADqlCbS3svWSL8h6tkD1SsA1ypsrq
4n3ko5c/7IjqqRgeFE9ZNAFFTiqrbSw7W2EdH3/OtUJQUehu335Yl3mDqMu86874
iGaHMQSfCRI2Cl7xbbseoZo7r0OiBhb8ERjTl8cJfVud9nO+oS267VyremmvDgmT
c/SPiMJaFdQKy9l8c+VC89eTXnmzPeBERhmWhLdX9L4k+pjNtaSP2bc9W05pMzy4
ST1XcyRT7ab1uaI7gs0RQApPrvUQuts2XnAr+mZ4K/xlvKxBQ7vEtNrkb4UunLt2
ORZyD+AiMexxAoIBAByMfomD4AcVoiVJwqbNJANlrvMHGOvGNMUOxekEaH3VxaDd
5l0fWG/kMHsqF9m5wzvVlytKeTqAD+fC2t0B/KkZxmEOpDfYcFiXjo+6s42SJNwv
VCKm0EW1nI1hWdH9/DqM4q1Hqii4qtE0SqgNTcclpsNXISwYBQeFGQhbqL76l5fY
SqUNChoRLK+qF0wkdka56o2g5houn9awMChVE7+mXmcSI/R9cbZLUS24XymMcnl0
o8f63qpc0OtnxGezUzCC/w3eYGAvmcTvG0aQrK00VtTS56y4Xj5+DbOgEUNq19GQ
cq/yWyBRR+K8SHR6pUhvAPOdQSPWKUQbXisVXEsCggEBAPP6woZphdb5Z0gqRirD
DAedkbjNy9Ofjk0XJT3bbzJ1XfNQF06cDSW2fwhSn1zUKA5gMSZbCf3HoMfp/XTY
fMAJ8LK8wCqgavY7XhTi1jEVJBAHkvMJUnlpk9iL8LubmVkdTN3XIFPerZo+4u99
xsM0rBBXHnV2IQw7fCAyXA+sQWx0KGRgIkNdElWrdTjmfbhSVIncqWDHbHQEV4eU
CNigcNh/9o7eXR18YcaGg24T/QMOJO6m/wScTHwTQeGvNZA0hGPQ/tNlSOL4f7qC
hstHUAIobI5EbzWzOLtcKVoWdrkXxRRBxDd/13Vv4cdq/YP+nCCsMT5DxuBgoJQp
4fECggEAc0joAOCppQsqi0+MYtnz+sLnN0LkedI4Pc+BrFgZe+pa0gOuz816Xf6R
nJEuRo1DcbyOZ0/DldQdoMFd9c6kmFO2WIHJ4JsZXDRCZWFGIeakVQyepbB2J0n9
dqSL7+o3nTtYtIbVbhIwQi0FGSLNIzyKycms0rxG4Rz3B9dzk+NEdrBYdCV/eiVo
DHAnokgLTRKyINMiUreB/QUxg+4TOarXBJJPhqEQjHgVXXRhQzk4EH3EsU6wjFSo
/q0J2vQ1CJJDM0YKV4izWSCjvpd6MuMPyHBCOVqWpMy3cOwzRGTO0asaG43GK1H3
VkJw2xvYBO477ta66id4RDUBBXXzQQ==
-----END PRIVATE KEY-----

174
sites/hydrangea/configuration.nix
View File

@ -37,15 +37,10 @@
services.nginx = {
enable = true;
additionalModules = [
pkgs.nginxModules.rtmp
];
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "10g";
virtualHosts = {
"home.rhelmot.io" = {
@ -90,63 +85,8 @@
proxyWebsockets = true;
};
};
"sftpgo.home.rhelmot.io" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3006";
proxyWebsockets = true;
};
};
"jellyfin.home.rhelmot.io" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
"aria2.home.rhelmot.io" = {
enableACME = true;
forceSSL = true;
locations."/".root = "${pkgs.ariang}/share/ariang";
locations."/jsonrpc" = {
proxyPass = "http://127.0.0.1:${toString config.services.aria2.settings.rpc-listen-port}";
};
};
# "owncast.home.rhelmot.io" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:3007";
# proxyWebsockets = true;
# };
# };
"127.0.0.1:1934" = {
listen = [{ addr = "127.0.0.1"; port = 1934; ssl = false; }];
locations."/" = {
root = "/var/www/stream/";
tryFiles = "/$arg_name =404";
};
};
};
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4000;
application live {
live on;
allow publish all;
allow play all;
notify_method get;
on_publish http://127.0.0.1:1934/;
}
}
}
'';
};
services.vaultwarden = {
enable = true;
@ -188,14 +128,6 @@
settings = {
newVersionCheck.enabled = false;
server.externalDomain = "https://immich.home.rhelmot.io";
oauth = {
enabled = true;
autoLaunch = true;
buttonText = "Single Sign-On";
clientId = "immich";
clientSecret._secret = "/var/lib/immich/oidc-client-secret";
issuerUrl = "https://auth.rhelmot.io/realms/rhelmot";
};
};
};
@ -262,114 +194,12 @@
settings.gui.user = "audrey";
};
services.sftpgo = {
enable = true;
dataDir = "/var/lib/sftpgo";
extraReadWriteDirs = [
"/var/lib/jellyfin/library"
"/var/lib/aria2/Downloads"
];
settings = {
tz = "local";
httpd.bindings = [{
port = 3006;
# 1 means OIDC for the WebAdmin UI.
# 2 means OIDC for the WebClient UI.
# 4 means login form for the WebAdmin UI.
# 8 means login form for the WebClient UI.
# 16 means the admin token endpoint for REST API.
# 32 means the user token endpoint for REST API.
# 64 means admin API key login.
# 128 means user API key login.
disabled_login_methods = 1 + 8;
oidc = {
config_url = "https://auth.rhelmot.io/realms/rhelmot";
client_id = "sftpgo";
client_secret_file = "/var/lib/sftpgo/oidc-client-secret";
redirect_base_url = "https://sftpgo.home.rhelmot.io";
username_field = "preferred_username";
scopes = [
"openid"
"profile"
"email"
"sftpgo"
];
};
}];
sftpd.bindings = [{
port = 28022;
address = "0.0.0.0";
}];
sftpd.password_authentication = false;
};
};
systemd.services.sftpgo.serviceConfig.UMask = lib.mkForce "0007";
services.jellyfin = {
enable = true;
};
services.aria2 = {
enable = true;
rpcSecretFile = "/var/lib/aria2/secret";
settings = {
rpc-listen-port = 3008;
retry-wait = 15;
interface = "10.100.0.2";
};
};
systemd.services.aria2 = {
wants = [ "openvpn-nordvpn.service" ];
after = [ "openvpn-nordvpn.service" ];
};
users.users.audrey.extraGroups = [ "aria2" ];
users.users.sftpgo.extraGroups = [ "aria2" ];
users.users.jellyfin.extraGroups = [ "sftpgo" ];
services.openvpn = {
servers.nordvpn = {
config = "config /var/lib/openvpn/nordvpn.ovpn";
autoStart = true;
authUserPass = "/var/lib/openvpn/nordvpn.passwd";
};
};
services.radicle = {
enable = true;
privateKey = "/var/lib/radicle/keys/radicle";
publicKey = "/var/lib/radicle/keys/radicle.pub";
httpd = {
enable = true;
listenPort = 3009;
nginx = {
serverName = "rad.rhelmot.io";
};
};
settings = {
node = {
alias = "rad.rhelmot.io";
listen = ["0.0.0.0:8776"];
externalAddresses = ["rad.rhelmot.io:8776"];
seedingPolicy = {
default = "block";
scope = "all";
};
};
};
};
services.ddns-updater = {
enable = true;
};
# TODO
# - sftpgo
# - transfer old nextcloud files
# - move old data files to sftpgo/audrey?
# - alerting
# - jellyfin
# ON HOLD
# - dyndns
# - https://github.com/qdm12/ddns-updater/pull/1046
# - https://github.com/ddclient/ddclient/pull/852
# - hedgedoc keycloak
# - waiting for hedgedoc2 release to get oidc
}

4
sites/hydrangea/hardware-configuration.nix
View File

@ -21,10 +21,6 @@
"main/hedgedoc".mountPoint = "/var/lib/hedgedoc";
"main/immich".mountPoint = "/var/lib/immich";
"main/syncthing".mountPoint = "/var/lib/syncthing";
"main/jellyfin".mountPoint = "/var/lib/jellyfin";
"main/jellyfin/cache".mountPoint = "/var/cache/jellyfin";
"main/jellyfin/library".mountPoint = "/var/lib/jellyfin/library";
"main/radicle".mountPoint = "/var/lib/radicle";
};
fileSystems."/boot" = {

4
sites/redshank/configuration.nix
View File

@ -1,8 +1,8 @@
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, pkgs, nixpkgs, ... }:
{
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-graphical-gnome.nix"
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix"
];
networking.hostName = "redshank";

49
sites/sunflower/configuration.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, extraInputs, ... }:
{ config, lib, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
@ -102,14 +102,12 @@
"mspa"
"wiki-js"
"forgejo"
"keycloak"
];
ensureUsers = [
{ name = "bingosync"; ensureDBOwnership = true; }
{ name = "mspa"; ensureDBOwnership = true; }
{ name = "wiki-js"; ensureDBOwnership = true; }
{ name = "forgejo"; ensureDBOwnership = true; }
{ name = "keycloak"; ensureDBOwnership = true; }
];
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method optional_ident_map
@ -123,7 +121,6 @@
defaultmap bingosync bingosync
defaultmap wiki-js wiki-js
defaultmap forgejo forgejo
defaultmap keycloak keycloak
'';
};
@ -252,6 +249,8 @@
proxyPass = "http://192.168.100.11:3000";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
'';
};
};
"anons.ee" = {
@ -261,22 +260,8 @@
proxyPass = "http://192.168.100.11:3000";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
"auth.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3030";
proxyWebsockets = true;
};
};
"clash.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:2999";
proxyWebsockets = true;
extraConfig = ''
'';
};
};
};
@ -307,28 +292,4 @@
config.imports = [ ./anonsee.nix ];
};
services.nginx.logError = "stderr info";
services.keycloak = {
enable = true;
database.host = "/run/postgresql";
database.type = "postgresql";
initialAdminPassword = "bitesyouchangeme";
plugins = with pkgs.keycloak.plugins; [
junixsocket-common
junixsocket-native-common
];
settings = {
hostname = "auth.rhelmot.io";
http-host = "127.0.0.1";
http-port = 3030;
proxy-headers = "xforwarded";
http-enabled = true;
};
};
rhelmot.deployments = {
"blog-rhelmot-io" = {
target = (import extraInputs."blog-rhelmot-io" {}).site;
};
};
}