hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:1a1a85aeda1eb252b69f30f490b24816b6f707c8
Branches Tags
hektor:main
...
compare: hektor:fcdb52cc42b656c785c01e5e017d2c8b7cb335fb
Branches Tags
hektor:main

9 Commits
1a1a85aeda ... fcdb52cc42

Author SHA1 Message Date
hektor
fcdb52cc42 chore: update lockfile 2026-04-21 17:14:17 +02:00
hektor
b6500b97ff refactor(stylix): extract shared stylix overrides into 'targets.nix' 2026-04-21 17:11:16 +02:00
hektor
8f756554ad refactor(stylix): do not hardcode 'dconf' font 2026-04-21 17:11:10 +02:00
hektor
583b9ea5f3 refactor(deploy): move deployment config into '<host>/meta.nix' 2026-04-21 17:11:04 +02:00
hektor
6a30a431f8 refactor: simplify 'user' options 2026-04-21 17:10:42 +02:00
hektor
38818e7508 refactor: merge '<host>/system.nix' into '<host>/meta.nix' 2026-04-21 15:51:25 +02:00
hektor
94c64e9d33 fix: remove task count limits 2026-04-21 15:51:21 +02:00
Hektor Misplon
a9854ac144 feat: alias 'kubectl' to 'k' 2026-04-21 15:51:17 +02:00
Hektor Misplon
8b109af08b fix: add 'devenv' to 'astyanax' and 'work' hosts 2026-04-21 15:51:12 +02:00
48 changed files with 180 additions and 294 deletions
Expand all files Collapse all files

12
deploy/colmena.nix
View File

@@ -8,19 +8,15 @@ let
utils = import ../utils { inherit lib; };
hostDirNames = utils.dirNames ../hosts;
mkNode = hostname: tags: {
mkNode = hostname: meta: {
imports = [ ../hosts/${hostname} ];
deployment = {
targetHost = self.nixosConfigurations.${hostname}.config.ssh.publicHostname;
targetUser = self.nixosConfigurations.${hostname}.config.ssh.username;
buildOnTarget = builtins.any (t: t != "local" && t != "arm") tags;
inherit tags;
inherit (meta.deployment) targetHost targetUser tags;
buildOnTarget = builtins.any (t: t != "local" && t != "arm") meta.deployment.tags;
};
};
nodes = lib.genAttrs hostDirNames (
hostname: mkNode hostname (utils.hostMeta ../hosts/${hostname}).deployment.tags
);
nodes = lib.genAttrs hostDirNames (hostname: mkNode hostname (utils.hostMeta ../hosts/${hostname}));
in
inputs.colmena.lib.makeHive (
{

29
dots/.local/share/task/hooks/on-add.limit.py
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
slots = get_slots()
if slots <= 0:
print(f"Cannot add task: No slots available (0/{slots}).")
print("Delete or complete a task first to earn an add slot.")
sys.exit(1)
with open(SLOTS_FILE, "w") as f:
f.write(str(slots - 1))
print(f"Task added. Slots remaining: {slots - 1}")
for line in sys.stdin:
task = json.loads(line)
print(json.dumps(task))
sys.exit(0)

34
dots/.local/share/task/hooks/on-modify.limit.py
View File

@@ -1,34 +0,0 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
data = sys.stdin.read().strip().split("\n")
if len(data) < 2:
for line in data:
if line:
print(line)
sys.exit(0)
old_task = json.loads(data[0])
new_task = json.loads(data[1])
was_pending = old_task.get("status") == "pending"
is_not_pending = new_task.get("status") in ("completed", "deleted")
if was_pending and is_not_pending:
slots = get_slots() + 1
with open(SLOTS_FILE, "w") as f:
f.write(str(slots))
print(f"Slot earned! Total slots: {slots}")
print(json.dumps(new_task))
sys.exit(0)

24
flake.lock generated
View File

@@ -121,11 +121,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1776398575,
"narHash": "sha256-WArU6WOdWxzbzGqYk4w1Mucg+bw/SCl6MoSp+/cZMio=",
"lastModified": 1776744173,
"narHash": "sha256-9pZQWypgc0H1lgyuGmLqEL5IKVdHMw/NoO/iFcoSrW0=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "05815686caf4e3678f5aeb5fd36e567886ab0d30",
"rev": "a803876f3cfc65f8858d413cef2b7d10d50a81d7",
"type": "gitlab"
},
"original": {
@@ -342,11 +342,11 @@
]
},
"locked": {
"lastModified": 1776373306,
"narHash": "sha256-iAJIzHngGZeLIkjzuuWI6VBsYJ1n89a/Esq0m8R1vjs=",
"lastModified": 1776777932,
"narHash": "sha256-0R3Yow/NzSeVGUke5tL7CCkqmss4Vmi6BbV6idHzq/8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d401492e2acd4fea42f7705a3c266cea739c9c36",
"rev": "5d5640599a0050b994330328b9fd45709c909720",
"type": "github"
},
"original": {
@@ -467,11 +467,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1776169885,
"narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
"lastModified": 1776548001,
"narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
"rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
"type": "github"
},
"original": {
@@ -665,11 +665,11 @@
]
},
"locked": {
"lastModified": 1776119890,
"narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
"lastModified": 1776771786,
"narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
"rev": "bef289e2248991f7afeb95965c82fbcd8ff72598",
"type": "github"
},
"original": {

2
flake.nix
View File

@@ -76,7 +76,7 @@
nixpkgs.lib.nixosSystem {
modules = [
./hosts/${host}
{ nixpkgs.hostPlatform = import ./hosts/${host}/system.nix; }
{ nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system; }
];
specialArgs = {
inherit

1
home/hosts/astyanax/default.nix
View File

@@ -15,6 +15,7 @@
../../modules/cloud
../../modules/comms
../../modules/desktop/niri
../../modules/devenv
../../modules/direnv
../../modules/git
../../modules/k8s/k9s.nix

8
home/hosts/work/default.nix
View File

@@ -5,9 +5,6 @@
...
}:
let
username = "hektor";
in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
@@ -21,6 +18,7 @@ in
../../modules/database
../../modules/dconf
../../modules/desktop/niri
../../modules/devenv
../../modules/direnv
../../modules/docker
../../modules/git
@@ -56,8 +54,8 @@ in
home = {
stateVersion = "25.05";
inherit username;
homeDirectory = "/home/${username}";
username = "hektor";
homeDirectory = "/home/${config.home.username}";
};
targets.genericLinux.nixGL = {

5
home/modules/dconf/default.nix
View File

@@ -3,6 +3,7 @@
let
terminal = "kitty";
browser = config.browser.primary;
font = "${config.stylix.fonts.monospace.name} ${toString config.stylix.fonts.sizes.applications}";
in
{
dconf.settings = {
@@ -40,9 +41,9 @@ in
clock-show-weekday = true;
color-scheme = "prefer-dark";
enable-hot-corners = false;
font-name = "Iosevka Term SS08 12";
font-name = font;
locate-pointer = true;
monospace-font-name = "Iosevka Term SS08 12";
monospace-font-name = font;
};
"org/gnome/desktop/wm/keybindings" = {

45
home/modules/default.nix
View File

@@ -6,25 +6,32 @@
}:
{
options.nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
options = {
host.username = lib.mkOption {
type = lib.types.str;
default = config.home.username;
};
options.wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
};
};
}

4
home/modules/k8s/default.nix
View File

@@ -18,6 +18,10 @@
enableAlias = true;
};
home.shellAliases = {
k = "kubectl";
};
imports = [
./helm.nix
./k9s.nix

22
home/modules/ssh/default.nix
View File

@@ -1,18 +1,15 @@
{
outputs,
myUtils,
lib,
pkgs,
...
}:
let
nixosConfigs = builtins.attrNames outputs.nixosConfigurations;
homeConfigs = map (n: lib.last (lib.splitString "@" n)) (
builtins.attrNames outputs.homeConfigurations
);
allHosts = lib.unique (homeConfigs ++ nixosConfigs);
hostDir = ../../hosts;
hostNames = myUtils.dirNames hostDir;
hostsWithKeys = lib.filter (
hostname: builtins.pathExists ../../hosts/${hostname}/ssh_host.pub
) allHosts;
hostname: builtins.pathExists (hostDir + "/${hostname}/ssh_host.pub")
) hostNames;
in
{
home.packages = with pkgs; [ sshfs ];
@@ -25,15 +22,14 @@ in
lib.genAttrs hostsWithKeys (
hostname:
let
hostConfig = outputs.nixosConfigurations.${hostname}.config;
inherit (hostConfig.ssh) publicHostname username;
meta = myUtils.hostMeta (hostDir + "/${hostname}");
in
{
host = hostname;
user = username;
user = meta.deployment.targetUser;
}
// lib.optionalAttrs (publicHostname != "") {
hostname = publicHostname;
// lib.optionalAttrs (meta.deployment.targetHost != "") {
hostname = meta.deployment.targetHost;
}
)
// {

17
home/modules/stylix/default.nix
View File

@@ -25,21 +25,6 @@ in
sansSerif = config.stylix.fonts.monospace;
emoji = config.stylix.fonts.monospace;
};
targets = {
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
gnome.enable = false;
gtk.enable = false;
kitty = {
variant256Colors = true;
};
nixvim.enable = false;
};
targets = import ../../../modules/stylix/targets.nix;
};
}

8
home/modules/taskwarrior/default.nix
View File

@@ -56,14 +56,6 @@ lib.optionalAttrs standalone {
".local/share/task/hooks/on-exit.sync.py" = {
source = dotsPath + "/.local/share/task/hooks/on-exit.sync.py";
};
".local/share/task/hooks/on-add.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-add.limit.py";
executable = true;
};
".local/share/task/hooks/on-modify.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-modify.limit.py";
executable = true;
};
".local/share/task/scripts/sync-and-notify.sh" = {
source = dotsPath + "/.local/share/task/scripts/sync-and-notify.sh";
executable = true;

23
hosts/andromache/default.nix
View File

@@ -51,31 +51,17 @@ in
../../modules/yubikey
];
home-manager.users.${config.host.username} = import ../../home/hosts/andromache {
inherit
inputs
config
pkgs
lib
;
};
home-manager.users.${config.host.username} = import ../../home/hosts/andromache;
ssh.username = config.host.username;
ssh.authorizedHosts = [ "astyanax" ];
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
secrets.nixSigningKey.enable = true;
tailscale.enable = true;
docker.user = config.host.username;
docker.enable = true;
hcloud = {
enable = true;
inherit (config.host) username;
};
hcloud.enable = true;
disko.devices = {
disk.data = {
@@ -107,7 +93,6 @@ in
my.yubikey = {
enable = false;
inherit (config.host) username;
keys = [
{
handle = "<KeyHandle1>";

7
hosts/andromache/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "local" ];
system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "desktop";
}

1
hosts/andromache/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

19
hosts/astyanax/default.nix
View File

@@ -47,26 +47,15 @@ in
../../modules/yubikey
];
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax {
inherit
inputs
config
pkgs
lib
;
};
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax;
ssh.username = config.host.username;
ssh.authorizedHosts = [ "andromache" ];
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
secrets.nixSigningKey.enable = true;
tailscale.enable = true;
docker.user = config.host.username;
nfc.user = config.host.username;
docker.enable = true;
nfc.enable = true;
desktop.ly.enable = true;
audio.automation.enable = true;

7
hosts/astyanax/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "local" ];
system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "laptop";
}

1
hosts/astyanax/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

2
hosts/eetion-02/default.nix
View File

@@ -12,8 +12,6 @@
];
ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"
"astyanax"

7
hosts/eetion-02/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "arm" ];
system = "aarch64-linux";
deployment = {
tags = [ "arm" ];
targetHost = "eetion-02";
targetUser = "h";
};
role = "embedded";
}

1
hosts/eetion-02/system.nix
View File

@@ -1 +0,0 @@
"aarch64-linux"

2
hosts/eetion/default.nix
View File

@@ -13,8 +13,6 @@
];
ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"
"astyanax"

7
hosts/eetion/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "arm" ];
system = "aarch64-linux";
deployment = {
tags = [ "arm" ];
targetHost = "eetion";
targetUser = "h";
};
role = "embedded";
}

1
hosts/eetion/system.nix
View File

@@ -1 +0,0 @@
"aarch64-linux"

4
hosts/hecuba/default.nix
View File

@@ -19,15 +19,13 @@
networking.hostName = config.host.name;
ssh = {
inherit (config.host) username;
publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [
"andromache"
"astyanax"
];
};
docker.user = config.host.username;
docker.enable = true;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";

7
hosts/hecuba/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "cloud" ];
system = "x86_64-linux";
deployment = {
tags = [ "cloud" ];
targetHost = "server.hektormisplon.xyz";
targetUser = "username";
};
role = "server";
}

1
hosts/hecuba/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

9
hosts/vm/default.nix
View File

@@ -1,7 +1,6 @@
{
inputs,
config,
pkgs,
...
}:
{
@@ -29,13 +28,7 @@
../../modules/x
];
home-manager.users.${config.host.username} = import ../../home/hosts/vm {
inherit inputs config pkgs;
};
ssh.username = config.host.username;
secrets.username = config.host.username;
home-manager.users.${config.host.username} = import ../../home/hosts/vm;
disko = {
devices.disk.main = {

7
hosts/vm/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "local" ];
system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "vm";
}

1
hosts/vm/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

7
images/sd-image-orange-pi-aarch64.nix
View File

@@ -12,10 +12,15 @@ let
in
{
imports = [
../modules/common/host.nix
../modules/ssh
];
ssh.username = username;
host = {
inherit username;
name = "orange-pi";
};
ssh.authorizedHosts = [
"andromache"
"astyanax"

7
images/sd-image-raspberry-pi-aarch64.nix
View File

@@ -12,10 +12,15 @@ let
in
{
imports = [
../modules/common/host.nix
../modules/ssh
];
ssh.username = username;
host = {
inherit username;
name = "raspberry-pi";
};
ssh.authorizedHosts = [
"andromache"
"astyanax"

3
modules/ai-tools/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }:
let
inherit (config.secrets) sopsDir username;
inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

3
modules/anki/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }:
let
inherit (config.secrets) sopsDir username;
inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

5
modules/common/default.nix
View File

@@ -73,6 +73,11 @@ in
myUtils
;
};
sharedModules = [
{
host.username = lib.mkDefault config.host.username;
}
];
};
};
}

24
modules/docker/default.nix
View File

@@ -2,29 +2,17 @@
let
cfg = config.docker;
inherit (config.host) username;
in
{
options.docker = {
enable = lib.mkEnableOption "docker";
rootless = lib.mkOption {
type = lib.types.bool;
default = false;
};
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkMerge [
{
warnings = lib.flatten [
(lib.optional (
cfg.rootless && cfg.user != null
) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
(lib.optional (
!cfg.rootless && cfg.user == null
) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
];
}
(lib.mkIf cfg.rootless {
virtualisation.docker = {
enable = false;
@@ -34,11 +22,9 @@ in
};
};
})
(lib.mkIf (!cfg.rootless && cfg.user != null) {
virtualisation.docker = {
enable = true;
};
users.users.${cfg.user}.extraGroups = [ "docker" ];
(lib.mkIf (cfg.enable && !cfg.rootless) {
virtualisation.docker.enable = true;
users.users.${username}.extraGroups = [ "docker" ];
})
];
}

2
modules/git/default.nix
View File

@@ -4,7 +4,7 @@
}:
let
inherit (config.secrets) username;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

11
modules/hcloud/default.nix
View File

@@ -7,25 +7,22 @@
let
cfg = config.hcloud;
inherit (config.host) username;
inherit (config.secrets) sopsDir;
in
{
options.hcloud = {
enable = lib.mkEnableOption "hcloud CLI configuration";
username = lib.mkOption {
type = lib.types.str;
description = "Username for hcloud CLI configuration";
};
};
config = lib.mkIf cfg.enable {
sops.secrets = myUtils.mkSopsSecrets sopsDir "hcloud" [ "api-token" ] {
owner = config.users.users.${cfg.username}.name;
owner = config.users.users.${username}.name;
};
sops.templates."hcloud/cli.toml" = {
owner = config.users.users.${cfg.username}.name;
path = "/home/${cfg.username}/.config/hcloud/cli.toml";
owner = config.users.users.${username}.name;
path = "/home/${username}/.config/hcloud/cli.toml";
content = ''
active_context = "server"

10
modules/nfc/default.nix
View File

@@ -2,15 +2,13 @@
let
cfg = config.nfc;
inherit (config.host) username;
in
{
options.nfc = {
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
enable = lib.mkEnableOption "NFC device access";
};
config = lib.mkIf (cfg.user != null) {
users.users.${cfg.user}.extraGroups = [ "dialout" ];
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "dialout" ];
};
}

9
modules/secrets/default.nix
View File

@@ -9,8 +9,9 @@
let
cfg = config.secrets;
inherit (config.host) username;
inherit (cfg) sopsDir;
owner = config.users.users.${cfg.username}.name;
owner = config.users.users.${username}.name;
mkSopsSecrets = myUtils.mkSopsSecrets sopsDir;
in
{
@@ -18,10 +19,6 @@ in
options = {
secrets = {
username = lib.mkOption {
type = lib.types.str;
};
sopsDir = lib.mkOption {
type = lib.types.str;
default = "${toString inputs.nix-secrets}/secrets";
@@ -43,7 +40,7 @@ in
# ```
# age-plugin-yubikey --identity > <keyfile-path>
# ```
age.keyFile = "/home/${cfg.username}/.config/sops/age/keys.txt";
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets = lib.mkMerge [
(mkSopsSecrets "email" [ "personal" "work" ] { inherit owner; })

14
modules/ssh/authorized-keys.nix
View File

@@ -1,22 +1,18 @@
{ lib, config, ... }:
let
inherit (config.host) username;
in
{
options.ssh = {
authorizedHosts = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
username = lib.mkOption {
type = lib.types.str;
default = "h";
};
publicHostname = lib.mkOption {
type = lib.types.str;
default = "";
};
};
# auto generate authorized_keys from `authorizedHosts`
config.users.users.${config.ssh.username}.openssh.authorizedKeys.keys = lib.flatten (
config.users.users.${username}.openssh.authorizedKeys.keys = lib.flatten (
map (
hostname:
let

2
modules/ssh/extract-keys.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, ... }:
let
inherit (config.ssh) username;
inherit (config.host) username;
in
{
# auto extract SSH keys

15
modules/stylix/default.nix
View File

@@ -30,20 +30,7 @@ in
home-manager.sharedModules = [
{
stylix.targets = {
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
kitty.variant256Colors = true;
gnome.enable = false;
gtk.enable = false;
nixvim.enable = false;
};
stylix.targets = import ./targets.nix;
}
];
}

14
modules/stylix/targets.nix Normal file
View File

@@ -0,0 +1,14 @@
{
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
kitty.variant256Colors = true;
gnome.enable = false;
gtk.enable = false;
nixvim.enable = false;
}

17
modules/syncthing/default.nix
View File

@@ -7,23 +7,18 @@
with lib;
let
cfg = config.my.syncthing;
inherit (config.host) username;
in
{
options.my.syncthing.username = mkOption {
type = types.str;
default = "h";
};
config = {
users.groups.${cfg.username} = { };
users.users.${cfg.username}.extraGroups = [ cfg.username ];
users.groups.${username} = { };
users.users.${username}.extraGroups = [ username ];
services.syncthing = {
enable = true;
user = cfg.username;
group = cfg.username;
configDir = "/home/${cfg.username}/.local/state/syncthing";
user = username;
group = username;
configDir = "/home/${username}/.local/state/syncthing";
openDefaultPorts = true;
};
};

3
modules/taskwarrior/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }:
let
inherit (config.secrets) sopsDir username;
inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

10
modules/yubikey/default.nix
View File

@@ -9,18 +9,14 @@ with lib;
let
cfg = config.my.yubikey;
inherit (config.host) username;
formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}";
authfileContent = username: keys: username + lib.concatMapStrings formatKey keys;
authfileContent = u: keys: u + lib.concatMapStrings formatKey keys;
in
{
options.my.yubikey = {
enable = mkEnableOption "yubiKey U2F authentication";
username = mkOption {
type = types.str;
default = "h";
};
origin = mkOption {
type = types.str;
default = "pam://yubi";
@@ -61,7 +57,7 @@ in
interactive = true;
cue = true;
inherit (cfg) origin;
authfile = pkgs.writeText "u2f-mappings" (authfileContent cfg.username cfg.keys);
authfile = pkgs.writeText "u2f-mappings" (authfileContent username cfg.keys);
};
};
services = {