hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:2248d7d781ed27de60d7d6aea21e7a2f1ee47800
Branches Tags
hektor:main
..
compare: hektor:main
Branches Tags
hektor:main

67 Commits
2248d7d781 ... main

Author SHA1 Message Date
hektor
3bcd4c3c13 chore: update lockfile 2026-05-06 19:41:05 +02:00
hektor
d975d49844 fix(nvim): allow unfree nvim plugins 2026-05-06 19:41:00 +02:00
hektor
1ead7fe7be chore: update lockfile 2026-04-30 18:33:01 +02:00
hektor
7dd2fc7e59 chore: update lockfile 2026-04-30 18:28:53 +02:00
Hektor Misplon
95ffe7b908 refactor: derive host name solely from host directory name 2026-04-30 17:20:02 +02:00
Hektor Misplon
ce02cc5538 fix(desktops): resolve xdg portal error on 'work' host 2026-04-30 15:31:07 +02:00
Hektor Misplon
0dbc007a90 feat(database): add redis to database module 2026-04-30 15:07:10 +02:00
Hektor Misplon
57e0d49278 fix(nvim): add missing dependencies 2026-04-30 15:06:51 +02:00
Hektor Misplon
ee44b26147 feat(ai): add 'ai-tools' 'skills' submodule 2026-04-29 18:37:43 +02:00
Hektor Misplon
675306ec91 refactor: modularize 'ai-tools' 2026-04-29 18:37:42 +02:00
Hektor Misplon
a829f160fb fix(gnome): don't use monospace font for 'dconf' 2026-04-29 18:37:07 +02:00
Hektor Misplon
4cfe0387e2 chore: update 'nvim' flake dependencies 2026-04-29 18:37:06 +02:00
hektor
2efccdb4de feat(hydra): add hydra-repl filetype integration 2026-04-26 19:07:55 +02:00
hektor
8aafaf7d35 chore: disable 'mcp-nixos' temporarily (failed test) 2026-04-26 19:07:55 +02:00
hektor
dce57f907a chore(ai): enable 'claude-code' on 'andromache,astyanax' hosts 2026-04-26 19:07:55 +02:00
hektor
1bda05280e refactor(desktops): give all desktop modules own subdirectory 2026-04-26 19:07:55 +02:00
hektor
d39071da06 refactor(desktops): extract 'logind' module 2026-04-26 19:07:55 +02:00
hektor
781f379aff refactor: simplify zk file completion 2026-04-26 19:07:55 +02:00
hektor
2203b48cde fix: scope markdown file name echo to zk 2026-04-26 19:07:55 +02:00
hektor
35f6f7890f chore: add 'nodejs_24' dependency to 'nvim' flake 2026-04-26 19:07:55 +02:00
hektor
83958847f4 fix: enable 'boot.tmp.useTmpfs' based on host 'highRam' flag 2026-04-26 15:00:57 +02:00
hektor
b66b0c4003 fix: resolve current zettel path issue 2026-04-26 14:40:26 +02:00
hektor
efd2771d8c fix: remove tmux hooks 2026-04-26 14:33:19 +02:00
hektor
94331531e2 chore: disable 'lutris' temporarily (failed openldap test) 2026-04-26 14:32:20 +02:00
hektor
5b1e7efcd2 chore: update lockfile 2026-04-26 14:32:20 +02:00
hektor
730dd23967 fix: centralize and nixifiy in 'zk' module 2026-04-26 14:32:20 +02:00
hektor
8f5caaed41 fix(nvim): disable neotest check phase 2026-04-21 22:24:48 +02:00
hektor
db2bbb86ba chore: update lockfile 2026-04-21 22:08:28 +02:00
hektor
72c3710a3c refactor(secrets): simplify secrets 2026-04-21 22:08:28 +02:00
hektor
b62f3c20ac refactor(backups): simplify backups module 2026-04-21 21:39:23 +02:00
hektor
dd31da5a8f fix: add home manager 'secrets' module to andromache 2026-04-21 21:39:17 +02:00
hektor
bc6d8b6305 fix: remove nodeNixpkgs from colmena 2026-04-21 21:38:55 +02:00
hektor
fce3aa45ec refactor: modularize utils 2026-04-21 21:37:31 +02:00
hektor
949917a809 feat(direnv): set up direnv using '.envrc' 2026-04-21 21:37:25 +02:00
hektor
0dd1ecef91 feat: set up tailscale on 'eetion' host 2026-04-21 21:37:17 +02:00
hektor
fcdb52cc42 chore: update lockfile 2026-04-21 17:14:17 +02:00
hektor
b6500b97ff refactor(stylix): extract shared stylix overrides into 'targets.nix' 2026-04-21 17:11:16 +02:00
hektor
8f756554ad refactor(stylix): do not hardcode 'dconf' font 2026-04-21 17:11:10 +02:00
hektor
583b9ea5f3 refactor(deploy): move deployment config into '<host>/meta.nix' 2026-04-21 17:11:04 +02:00
hektor
6a30a431f8 refactor: simplify 'user' options 2026-04-21 17:10:42 +02:00
hektor
38818e7508 refactor: merge '<host>/system.nix' into '<host>/meta.nix' 2026-04-21 15:51:25 +02:00
hektor
94c64e9d33 fix: remove task count limits 2026-04-21 15:51:21 +02:00
Hektor Misplon
a9854ac144 feat: alias 'kubectl' to 'k' 2026-04-21 15:51:17 +02:00
Hektor Misplon
8b109af08b fix: add 'devenv' to 'astyanax' and 'work' hosts 2026-04-21 15:51:12 +02:00
hektor
82dde7d749 chore: update lockfile 2026-04-17 12:47:31 +02:00
hektor
59ce48d65e fix(taskwarrior): prevent taskwarrior scroll issue 2026-04-17 12:47:26 +02:00
hektor
9b9c580a7f fix: disable xdg user dirs auto create 2026-04-17 12:47:25 +02:00
Hektor Misplon
0e27b181ad fix(browser): set 'BROWSER' environment variable based on nix config 2026-04-17 12:47:24 +02:00
Hektor Misplon
6b43660491 refactor: add wayland clipboard module 2026-04-17 12:47:22 +02:00
hektor
db5e8855d2 fix(nix-secrets): use simplified signing key setup 2026-04-17 12:47:21 +02:00
hektor
2f1f60b836 fix: update tailscale flags 2026-04-17 12:47:20 +02:00
hektor
a13a19e8e9 fix: allow unsigned builds on hecuba 2026-04-17 12:47:19 +02:00
hektor
fee4b43104 fix: add kitty term info to 'hecuba' host 2026-04-17 12:47:18 +02:00
hektor
faf3afad79 fix: update secrets approach to match 'nix-secrets' 2026-04-17 12:47:17 +02:00
hektor
db116cc4de fix: add 'yubikey' module to astyanax host 2026-04-17 12:47:16 +02:00
hektor
75ee011369 fix: enable tailscale module on 'astyanax' host 2026-04-17 12:47:15 +02:00
hektor
ae63c4737a fix(niri): do not enable gnome keyring or Nautilus when niri is enabled 2026-04-17 12:47:14 +02:00
hektor
d6bc3c0293 chore(ssh): rotate 'astyanax' to hardware-backed ssh key 2026-04-17 12:47:11 +02:00
hektor
fd3a38da62 chore(nvim): update 'nvim' packages 2026-04-17 12:47:10 +02:00
Hektor Misplon
e30ca9d8dd refactor: move nixPath into 'common' module 2026-04-17 12:47:08 +02:00
hektor
79eb5c27e9 feat: add tailscale module 2026-04-17 12:47:07 +02:00
hektor
677728c440 fix(deploy): never build ARM on target 2026-04-17 12:47:05 +02:00
hektor
483b05fc27 fix(deploy): resolve colmena issues 2026-04-17 12:47:02 +02:00
hektor
cb4709b1a6 chore(scripts): remove 'git-cb' script 2026-04-17 12:46:58 +02:00
hektor
dc650e4722 feat(eetion): pin actualbudget to 26.4.0-alpine 2026-04-05 22:18:59 +02:00
hektor
f5dd89582d fix: improve gaming module 2026-04-05 18:13:30 +02:00
hektor
585259480e feat: add 'devenv' home manager module 2026-04-05 18:13:12 +02:00
101 changed files with 1102 additions and 1009 deletions
Expand all files Collapse all files

1
.envrc Normal file
View File

@@ -0,0 +1 @@
use flake

3
.gitignore vendored
View File

@@ -9,4 +9,5 @@ result-*
nixos-efi-vars.fd
/.pre-commit-config.yaml
.direnv/
.pre-commit-config.yaml

36
deploy/colmena.nix
View File

@@ -8,29 +8,27 @@ let
utils = import ../utils { inherit lib; };
hostDirNames = utils.dirNames ../hosts;
mkNode = hostname: tags: {
mkNode = hostname: meta: {
imports = [ ../hosts/${hostname} ];
deployment = {
targetHost = self.nixosConfigurations.${hostname}.config.ssh.publicHostname;
targetUser = self.nixosConfigurations.${hostname}.config.ssh.username;
buildOnTarget = builtins.any (t: t != "local") tags;
inherit tags;
inherit (meta.deployment) targetHost targetUser tags;
buildOnTarget = builtins.any (t: t != "local" && t != "arm") meta.deployment.tags;
};
};
nodes = lib.genAttrs hostDirNames (
hostname: mkNode hostname (utils.hostMeta ../hosts/${hostname}).deployment.tags
);
nodes = lib.genAttrs hostDirNames (hostname: mkNode hostname (utils.hostMeta ../hosts/${hostname}));
in
inputs.colmena.lib.makeHive {
meta = {
nixpkgs = import inputs.nixpkgs {
localSystem = "x86_64-linux";
inputs.colmena.lib.makeHive (
{
meta = {
nixpkgs = import inputs.nixpkgs { localSystem = "x86_64-linux"; };
specialArgs = {
inherit inputs;
outputs = self;
dotsPath = ../dots;
myUtils = utils;
};
};
nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;
nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs or { }) self.nixosConfigurations;
};
inherit nodes;
}
}
// nodes
)

2
dots/.bash_aliases/all
View File

@@ -27,8 +27,6 @@ alias ipa="ip -brief address"
alias ipl="ip -brief link"
alias ipr="ip route"
alias clip="xclip -sel clip"
alias df="df -kTh"
alias fzfpac="pacman -Slq | fzf -m --preview 'pacman -Si {1}' | xargs -ro sudo pacman -S"
alias path='echo -e ${PATH//:/\\n}' # Pretty print path variables

221
dots/.bin/git-cb
View File

@@ -1,221 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
readonly ALLOWED_MAIN_BRANCHES=("main" "master" "develop")
readonly BRANCH_TYPES=(
"feat For new features"
"hotfix For urgent fixes"
"fix For fixes"
"release For preparing releases"
"chore For non-code tasks"
)
error() {
echo "Error: $1" >&2
exit 1
}
warn() {
echo "Warning: $1" >&2
}
check_dependencies() {
local missing=()
for cmd in git fzf; do
if ! command -v "$cmd" &> /dev/null; then
missing+=("$cmd")
fi
done
if [[ ${#missing[@]} -gt 0 ]]; then
error "Missing required commands: ${missing[*]}"
fi
}
check_git_repo() {
if ! git rev-parse --git-dir &> /dev/null; then
error "Not in a git repository"
fi
}
check_current_branch() {
local current_branch
current_branch=$(git branch --show-current)
local is_main_branch=false
for branch in "${ALLOWED_MAIN_BRANCHES[@]}"; do
if [[ "$current_branch" == "$branch" ]]; then
is_main_branch=true
break
fi
done
if [[ "$is_main_branch" == false ]]; then
warn "Not branching from a main branch (current: $current_branch)"
read -rp "Continue anyway? [y/N] " response
if [[ ! "$response" =~ ^[Yy]$ ]]; then
exit 0
fi
fi
}
get_user_email() {
local email
email=$(git config --get user.email 2>/dev/null)
if [[ -z "$email" ]]; then
error "Git user email not configured. Run: git config user.email 'your@email.com'"
fi
echo "$email"
}
select_branch_type() {
local selected
selected=$(printf '%s\n' "${BRANCH_TYPES[@]}" | \
fzf --prompt="Select branch type: " \
--height=40% \
--border \
--info=inline) || error "Branch type selection cancelled"
echo "${selected%% *}"
}
select_jira_ticket() {
local email=$1
if ! command -v jira &> /dev/null; then
warn "Jira CLI not found. Proceeding without ticket ID."
return 0
fi
echo "Fetching Jira tickets for $email..." >&2
local jira_data
jira_data=$(jira issue list --assignee="$email" --order-by=priority --plain --no-headers 2>/dev/null) || {
warn "Could not fetch Jira tickets. Proceeding without ticket ID."
return 0
}
if [[ -z "$jira_data" ]]; then
warn "No Jira tickets found. Proceeding without ticket ID."
return 0
fi
echo "$jira_data" >&2
echo "" >&2
local formatted_tickets
formatted_tickets=$(echo "$jira_data" | awk '{
ticket_id = $2
$1 = $2 = ""
description = $0
gsub(/^[ \t]+/, "", description)
if (length(description) > 60) {
description = substr(description, 1, 57) "..."
}
print ticket_id " - " description
}')
if [[ -z "$formatted_tickets" ]]; then
warn "No tickets to display. Proceeding without ticket ID."
return 0
fi
local selected_ticket
selected_ticket=$(echo -e "SKIP - Create branch without ticket ID\n$formatted_tickets" | \
fzf --prompt="Select Jira ticket (or skip): " \
--height=40% \
--border \
--info=inline) || error "Ticket selection cancelled"
if [[ "$selected_ticket" != "SKIP"* ]]; then
echo "${selected_ticket%% -*}"
fi
}
get_branch_description() {
local ticket_id=$1
local editor="${EDITOR:-vi}"
local tmpfile
tmpfile=$(mktemp)
trap "rm -f '$tmpfile'" EXIT
if [[ -n "$ticket_id" ]]; then
cat > "$tmpfile" << EOF
# Selected ticket: $ticket_id
# Enter your branch description below in kebab-case (e.g., my-description):
# The ticket ID will be automatically included in the branch name.
# Lines starting with # will be ignored.
EOF
else
cat > "$tmpfile" << 'EOF'
# Enter your branch description below in kebab-case (e.g., my-description):
# Lines starting with # will be ignored.
EOF
fi
"$editor" "$tmpfile" < /dev/tty > /dev/tty
local desc
desc=$(grep -v '^#' "$tmpfile" | tr -d '\n' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
echo "$desc"
}
validate_description() {
local desc=$1
if [[ -z "$desc" ]]; then
error "No description provided"
fi
if [[ ! "$desc" =~ ^[a-z0-9]+(-[a-z0-9]+)*$ ]]; then
error "Invalid branch description format.\nUse lowercase letters, numbers, and hyphens only.\nNo trailing or consecutive hyphens allowed.\nExample: my-feature-description"
fi
}
create_branch() {
local type=$1
local ticket_id=$2
local desc=$3
local branch
if [[ -n "$ticket_id" ]]; then
branch="$type/$ticket_id-$desc"
else
branch="$type/$desc"
fi
if git show-ref --verify --quiet "refs/heads/$branch"; then
error "Branch '$branch' already exists"
fi
echo ""
echo "Creating branch: $branch"
git checkout -b "$branch"
}
main() {
check_dependencies
check_git_repo
check_current_branch
local email
email=$(get_user_email)
local type
type=$(select_branch_type)
echo "About to call select_jira_ticket" >&2
local ticket_id=""
ticket_id=$(select_jira_ticket "$email")
local desc
desc=$(get_branch_description "$ticket_id")
validate_description "$desc"
create_branch "$type" "$ticket_id" "$desc"
}
main "$@"

4
dots/.bin/save-zk
View File

@@ -1,4 +0,0 @@
#!/usr/bin/env bash
cd "$ZK_PATH" || echo "No zettelkasten directory found"
git a . && git commit -m "Update" && git push

20
dots/.bin/setup-zk
View File

@@ -1,20 +0,0 @@
#!/bin/bash
if [ ! -d ~/.zk ]; then
echo "[zk] Setting up zettelkasten"
gh repo clone zk ~/.zk
else
echo "[zk] Zettelkasten already set up."
fi
read -p "Would you like open your zettelkasten? [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
if [ -x "$(command -v zk)" ]; then
zk
else
echo "Error: 'zk' command not found or not executable"
exit 1
fi
fi

35
dots/.config/nvim/after/plugin/hydra.lua Normal file
View File

@@ -0,0 +1,35 @@
local hydra_repl = "hydra-repl"
if not vim.fn.executable(hydra_repl) then
return
end
local function send(lines)
vim.system({ hydra_repl, table.concat(lines, "\n") })
end
local function get_paragraph(buf)
local start_ = vim.fn.search("^$", "bnW")
local end_ = vim.fn.search("^$", "nW") - 1
if end_ < vim.api.nvim_win_get_cursor(0)[1] then
end_ = vim.api.nvim_buf_line_count(buf)
end
return vim.api.nvim_buf_get_lines(buf, start_, end_, false)
end
local function get_selection(buf)
return vim.api.nvim_buf_get_lines(buf, vim.fn.line("'<") - 1, vim.fn.line("'>"), false)
end
vim.api.nvim_create_autocmd("FileType", {
pattern = "javascript",
callback = function(e)
if vim.fn.fnamemodify(vim.api.nvim_buf_get_name(e.buf), ":e") ~= "hydra" then
return
end
local buf = e.buf
vim.keymap.set("n", "<CR>", function() send(get_paragraph(buf)) end, { buffer = buf, desc = "hydra: send block" })
vim.keymap.set("v", "<CR>", function() send(get_selection(buf)) end, { buffer = buf, desc = "hydra: send selection" })
end,
})

21
dots/.config/nvim/after/plugin/wiki.vim.lua
View File

@@ -1,6 +1,8 @@
require("zk.utils")
vim.cmd([[
" Change local buffer to directory of current file after the plugin has loaded
autocmd VimEnter * lcd %:p:h
execute 'autocmd BufEnter' g:zk_path . '/*.md' 'silent lcd %:p:h'
" " Override wiki index mapping to also cd into the wiki
nm <leader>ww <plug>(wiki-index)
@@ -11,11 +13,16 @@ nm <leader>ww <plug>(wiki-index)
" nm <leader>s <plug>(wiki-link-follow-split)
" nm <leader>v <plug>(wiki-link-follow-vsplit)
autocmd BufEnter *.md if expand('%:t') =~ '_' | echo 'hierarchical relation' | endif
autocmd BufEnter *.md if expand('%:t') =~ '--' | echo 'relation' | endif
autocmd BufEnter *.md if expand('%:t') =~ '<>' | echo 'dichotomy' | endif
autocmd BufEnter *.md if expand('%:t') =~ 'my-' | echo 'personal file' | endif
autocmd BufEnter *.md if expand('%:t') =~ 'project_' | echo 'project file' | endif
function! ZKContextualEcho()
let l:name = expand('%:t')
if l:name =~ '_' | echo 'hierarchical relation'
elseif l:name =~ '--' | echo 'relation'
elseif l:name =~ '<>' | echo 'dichotomy'
elseif l:name =~ 'my-' | echo 'personal file'
elseif l:name =~ 'project_' | echo 'project file'
endif
endfunction
execute 'autocmd BufEnter' g:zk_path . '/*.md' 'call ZKContextualEcho()'
" Only load wiki.vim for zk directory
let g:wiki_index_name='index'
@@ -76,7 +83,7 @@ let g:wiki_templates = [
"
let g:wiki_filetypes=['md']
let g:wiki_root='~/.zk'
let g:wiki_root=g:zk_path
let g:wiki_global_load=0
let g:wiki_link_creation = {
\ 'md': {

18
dots/.config/nvim/flake.lock generated
View File

@@ -42,11 +42,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1770584904,
"narHash": "sha256-9Zaz8lbKF2W9pwXZEnbiGsicHdBoU+dHt3Wv3mCJoZ8=",
"lastModified": 1777273601,
"narHash": "sha256-xBUa8Tl9V7IXI+VmLEuDc81La/EhoSn1C3EVSnJ3cfU=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "538fdde784d2909700d97a8ef307783b33a86fb1",
"rev": "f69ea013e328841a7def7037ed59788a76be8816",
"type": "github"
},
"original": {
@@ -73,11 +73,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1770843696,
"narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
"lastModified": 1777270315,
"narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
"rev": "6368eda62c9775c38ef7f714b2555a741c20c72d",
"type": "github"
},
"original": {
@@ -106,11 +106,11 @@
"plugins-helm-ls-nvim": {
"flake": false,
"locked": {
"lastModified": 1768584652,
"narHash": "sha256-jnMc87OjURNcqsva0npYgVyUrWc5C6L7yHpNvt9eSmg=",
"lastModified": 1773934114,
"narHash": "sha256-8trqFsA7nTKSdtkiAL0Sa9bXjh5ONtAqN7XNE/B8ukM=",
"owner": "qvalentin",
"repo": "helm-ls.nvim",
"rev": "f0b9a1723890971a6d84890b50dbf5f40974ea1b",
"rev": "20df43509b02a3ce3c6b3eee254d6e2bffa9a370",
"type": "github"
},
"original": {

35
dots/.config/nvim/flake.nix
View File

@@ -45,13 +45,38 @@
inherit (nixCats) utils;
luaPath = ./.;
forEachSystem = utils.eachSystem nixpkgs.lib.platforms.all;
extra_pkg_config = { };
extra_pkg_config = {
allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"vim-sandwich"
"jupytext.nvim"
"eyeliner.nvim"
"context_filetype.vim"
"editorconfig-vim"
"unicode.vim"
"quarto-nvim"
"vim-openscad"
"lsp_lines.nvim"
"nvim-highlight-colors"
"nvim-lint"
];
};
mkDependencyOverlays = system: [
(utils.standardPluginOverlay inputs)
(_final: _prev: {
mcp-hub = inputs.mcp-hub.packages.${system}.default;
})
(_: prev: {
luajitPackages = prev.luajitPackages.overrideScope (
_: lprev: {
neotest = lprev.neotest.overrideAttrs (_: {
doCheck = false;
});
}
);
})
];
categoryDefinitions =
@@ -62,9 +87,11 @@
{
lspsAndRuntimeDeps = with pkgs; {
general = [
nodejs_24
black
clang
clang-tools
curl # → plenary-nvim, mcp-hub
delta
emmet-language-server
eslint_d
@@ -78,8 +105,8 @@
mcp-hub
nixd
nixfmt
nodePackages.prettier
nodePackages.typescript-language-server
prettier
typescript-language-server
ormolu
prettierd
rust-analyzer
@@ -88,6 +115,8 @@
stylelint
stylua
tree-sitter
tailwindcss-language-server
typescript-language-server
vscode-langservers-extracted
vtsls
yaml-language-server

1
dots/.config/nvim/lua/ftdetect.lua
View File

@@ -9,5 +9,6 @@ vim.filetype.add({
["%.env.*"] = "dotenv",
["%.pl$"] = "prolog",
[".*.containerfile.*"] = "dockerfile",
["%.hydra$"] = "javascript",
},
})

35
dots/.config/nvim/lua/zk/cmp.lua
View File

@@ -13,28 +13,31 @@ local function get_markdown_files(base)
return items
end
function source:get_keyword_pattern()
return "[%w%./%-]*"
end
function source:complete(params, callback)
local cursor_before_line = params.context.cursor_before_line
local cursor_after_line = params.context.cursor_after_line or ""
local trigger = cursor_before_line:match("%[[^%]]*%]%(([^)]*)$")
if trigger ~= nil then
local items = get_markdown_files(".")
local next_char = cursor_after_line:sub(1, 1)
for _, item in ipairs(items) do
if next_char == ")" then
item.insertText = item.label
else
item.insertText = item.label .. ")"
end
end
callback(items)
else
if not cursor_before_line:match("%[[^%]]*%]%(") then
callback({})
return
end
local items = get_markdown_files(".")
local next_char = cursor_after_line:sub(1, 1)
for _, item in ipairs(items) do
if next_char == ")" then
item.insertText = item.label
else
item.insertText = item.label .. ")"
end
end
callback(items)
end
function source:get_trigger_characters()

9
dots/.config/nvim/lua/zk/init.lua
View File

@@ -1,9 +1,10 @@
require("zk.cmp")
require("zk.utils")
vim.cmd([[
let s:zk_preview_enabled = 0
let s:live_server_job = -1
au BufEnter /home/h/.zk/*.md silent exe '!echo "%" > /home/h/.zk/current-zettel.txt'
execute 'au BufEnter' g:zk_path . '/*.md' 'silent exe "!echo %" ">" g:zk_path . "/current-zettel.txt"'
function! ToggleZKPreview()
if s:zk_preview_enabled == 1
let s:zk_preview_enabled = 0
@@ -11,10 +12,10 @@ function! ToggleZKPreview()
au! ZKPreview
else
let s:zk_preview_enabled = 1
let s:live_server_job = jobstart('live-server --watch=/home/h/.zk/current-zettel-content.html --open=current-zettel-content.html --port=8080')
let s:live_server_job = jobstart('live-server --watch=' . g:zk_path . '/current-zettel-content.html --open=current-zettel-content.html --port=8080')
augroup ZKPreview
au BufEnter /home/h/.zk/*.md silent exe '!cat "%:r.html" > /home/h/.zk/current-zettel-content.html'
au BufWritePost /home/h/.zk/*.md silent exe '!make && cat "%:r.html" > /home/h/.zk/current-zettel-content.html'
execute 'au BufEnter' g:zk_path . '/*.md' 'silent exe "!cat %:r.html" ">" g:zk_path . "/current-zettel-content.html"'
execute 'au BufWritePost' g:zk_path . '/*.md' 'silent exe "!make && cat %:r.html" ">" g:zk_path . "/current-zettel-content.html"'
augroup END
endif
endfunction

2
dots/.config/nvim/lua/zk/utils.lua Normal file
View File

@@ -0,0 +1,2 @@
vim.g.zk_path = os.getenv("ZK_PATH") or (os.getenv("HOME") .. "/.zk")
return vim.g.zk_path

1
dots/.config/tmux/hooks/tmux.ssh.conf
View File

@@ -1 +0,0 @@
set -g status-style bg=colour12,fg=colour0

2
dots/.config/tmux/tmux.conf
View File

@@ -70,8 +70,6 @@ set -g status-right '#(uptime | cut -f 4-5 -d " " | cut -f 1 -d ",") %a %l:%M:%S
set -g default-terminal "tmux-256color"
set-hook -g after-new-session 'if -F "#{==:#{session_name},ssh}" "source ${XDG_CONFIG_HOME}/tmux/hooks/tmux.ssh.conf" "source ${XDG_CONFIG_HOME}/tmux/hooks/tmux.regular.conf"'
# Vi copypaste mode
if-shell "test '\( #{$TMUX_VERSION_MAJOR} -eq 2 -a #{$TMUX_VERSION_MINOR} -ge 4 \)'" 'bind-key -Tcopy-mode-vi v send -X begin-selection; bind-key -Tcopy-mode-vi y send -X copy-selection-and-cancel'
if-shell '\( #{$TMUX_VERSION_MAJOR} -eq 2 -a #{$TMUX_VERSION_MINOR} -lt 4\) -o #{$TMUX_VERSION_MAJOR} -le 1' 'bind-key -t vi-copy v begin-selection; bind-key -t vi-copy y copy-selection'

29
dots/.local/share/task/hooks/on-add.limit.py
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
slots = get_slots()
if slots <= 0:
print(f"Cannot add task: No slots available (0/{slots}).")
print("Delete or complete a task first to earn an add slot.")
sys.exit(1)
with open(SLOTS_FILE, "w") as f:
f.write(str(slots - 1))
print(f"Task added. Slots remaining: {slots - 1}")
for line in sys.stdin:
task = json.loads(line)
print(json.dumps(task))
sys.exit(0)

34
dots/.local/share/task/hooks/on-modify.limit.py
View File

@@ -1,34 +0,0 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
data = sys.stdin.read().strip().split("\n")
if len(data) < 2:
for line in data:
if line:
print(line)
sys.exit(0)
old_task = json.loads(data[0])
new_task = json.loads(data[1])
was_pending = old_task.get("status") == "pending"
is_not_pending = new_task.get("status") in ("completed", "deleted")
if was_pending and is_not_pending:
slots = get_slots() + 1
with open(SLOTS_FILE, "w") as f:
f.write(str(slots))
print(f"Slot earned! Total slots: {slots}")
print(json.dumps(new_task))
sys.exit(0)

128
flake.lock generated
View File

@@ -38,11 +38,11 @@
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1760703920,
"narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=",
"lastModified": 1776754714,
"narHash": "sha256-E3OAK27smtATTmX45uoTSRsVD+Y+ZiVVfgM/tjpbtYg=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "d646af9b7d14bff08824538164af99d0c521b185",
"rev": "4d508123037e7851ad36ebf7d9c48b0e9e1eb581",
"type": "github"
},
"original": {
@@ -121,11 +121,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1774843378,
"narHash": "sha256-8QLbY8F7UdxeQaW0KUVgr1/YPIupe+1lGjS5joR+ZCw=",
"lastModified": 1778040175,
"narHash": "sha256-SSXJp3BMjO2LrW/VLjNdGGcjd3RFEyV4FemYA6OGrYw=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "0a31b668e3ebb599f95dc518076d709e8dddb57c",
"rev": "3bd76b0f41e65661866bddcac57ebe83aeadb581",
"type": "gitlab"
},
"original": {
@@ -138,11 +138,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1764873433,
"narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
"lastModified": 1776136500,
"narHash": "sha256-r0gN2brVWA351zwMV0Flmlcd6SGMvYqFbvC3DfKFM8Y=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
"rev": "0f8ba203d475587f477e7ae12661bd8459e225b7",
"type": "github"
},
"original": {
@@ -213,11 +213,11 @@
]
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
@@ -284,11 +284,11 @@
]
},
"locked": {
"lastModified": 1775036584,
"narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=",
"lastModified": 1776796298,
"narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735",
"rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad",
"type": "github"
},
"original": {
@@ -321,20 +321,18 @@
"gnome-shell": {
"flake": false,
"locked": {
"host": "gitlab.gnome.org",
"lastModified": 1767737596,
"narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "ef02db02bf0ff342734d525b5767814770d85b49",
"type": "gitlab"
"type": "github"
},
"original": {
"host": "gitlab.gnome.org",
"owner": "GNOME",
"ref": "gnome-49",
"repo": "gnome-shell",
"type": "gitlab"
"rev": "ef02db02bf0ff342734d525b5767814770d85b49",
"type": "github"
}
},
"home-manager": {
@@ -344,11 +342,11 @@
]
},
"locked": {
"lastModified": 1775047159,
"narHash": "sha256-UWM4VZvfKaPwA9FMu7iZha5YAE8vsEtUazk+rFxmbTY=",
"lastModified": 1778009629,
"narHash": "sha256-nUoQtf4Zq7DRYJrfv904hjrxjAlWVP6a1pNNFKx3FCg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1ce9e62690dfdd7e76bd266ccb9a887778410eb2",
"rev": "00ed86e58bb6979a7921859fd1615d19382eac5c",
"type": "github"
},
"original": {
@@ -400,10 +398,10 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1773999602,
"narHash": "sha256-Th4RuCEPHC8y1w/wrW9OSv9nAJ3/NSZ3MJ4DHhCXCKE=",
"lastModified": 1776723456,
"narHash": "sha256-GBbbm05oXYqSZ2EgxQPsNpTKl16wNhvrlUxdmv0FbSU=",
"ref": "main",
"rev": "6f4b099a0c5ad1cca97f4ba1a665faaaed367f13",
"rev": "135b681d24af6ee4508bbf7c657982d7be8743d4",
"shallow": true,
"type": "git",
"url": "ssh://git@github.com/hektor/nix-secrets"
@@ -417,11 +415,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1770584904,
"narHash": "sha256-9Zaz8lbKF2W9pwXZEnbiGsicHdBoU+dHt3Wv3mCJoZ8=",
"lastModified": 1777273601,
"narHash": "sha256-xBUa8Tl9V7IXI+VmLEuDc81La/EhoSn1C3EVSnJ3cfU=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "538fdde784d2909700d97a8ef307783b33a86fb1",
"rev": "f69ea013e328841a7def7037ed59788a76be8816",
"type": "github"
},
"original": {
@@ -453,11 +451,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1774933469,
"narHash": "sha256-OrnCQeUO2bqaWUl0lkDWyGWjKsOhtCyd7JSfTedQNUE=",
"lastModified": 1777917524,
"narHash": "sha256-k+LVe9YaO2BEPB9AaCtTtOMCeGi4dxDo6gt4Un3qoPY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "f4c4c2c0c923d7811ac2a63ccc154767e4195337",
"rev": "df7783100babf59001340a7a874ba3824e441ecb",
"type": "github"
},
"original": {
@@ -469,11 +467,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1774709303,
"narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=",
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
@@ -511,11 +509,11 @@
]
},
"locked": {
"lastModified": 1767810917,
"narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=",
"lastModified": 1777598946,
"narHash": "sha256-X239dAGaU1+gfDj8jKH8GzlqKMcxaVfXOio+uzBOkeE=",
"owner": "nix-community",
"repo": "NUR",
"rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4",
"rev": "5d55af01c0f86be583931fe99207fc56c14134b3",
"type": "github"
},
"original": {
@@ -567,11 +565,11 @@
"plugins-helm-ls-nvim": {
"flake": false,
"locked": {
"lastModified": 1768584652,
"narHash": "sha256-jnMc87OjURNcqsva0npYgVyUrWc5C6L7yHpNvt9eSmg=",
"lastModified": 1773934114,
"narHash": "sha256-8trqFsA7nTKSdtkiAL0Sa9bXjh5ONtAqN7XNE/B8ukM=",
"owner": "qvalentin",
"repo": "helm-ls.nvim",
"rev": "f0b9a1723890971a6d84890b50dbf5f40974ea1b",
"rev": "20df43509b02a3ce3c6b3eee254d6e2bffa9a370",
"type": "github"
},
"original": {
@@ -667,11 +665,11 @@
]
},
"locked": {
"lastModified": 1774910634,
"narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=",
"lastModified": 1777944972,
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301",
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github"
},
"original": {
@@ -710,18 +708,17 @@
],
"nur": "nur",
"systems": "systems_2",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1774897726,
"narHash": "sha256-k/H2/oyex6GEC6uYXYetrboFQeTmX1Ouwv/zaW7b/Z0=",
"lastModified": 1777835090,
"narHash": "sha256-VLH8zPweblCOvpnQXp4fVs7f6Q79YhXF5XFKlOrvIFk=",
"owner": "danth",
"repo": "stylix",
"rev": "9b4a5eb409ceac2dd6ad495c7988e189a418cd30",
"rev": "7989a1054b01153212dede6005abfd1576b8328c",
"type": "github"
},
"original": {
@@ -760,23 +757,6 @@
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
@@ -796,11 +776,11 @@
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1767710407,
"narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=",
"lastModified": 1777041405,
"narHash": "sha256-BAGZ7ObFV/9Z61OJZun7ifPyhkuHqNuW1QIhQ8LuzCo=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2",
"rev": "5f868b3a338b6904c47f3833b9c411be641983a8",
"type": "github"
},
"original": {
@@ -812,11 +792,11 @@
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1767489635,
"narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
"lastModified": 1777169200,
"narHash": "sha256-h7dDbIzP5hDr9v97w9PL6jdAgXawmj6krcH+959rqpU=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
"rev": "f798c2dce44ef815bb6b8f05a82135c7942d35ac",
"type": "github"
},
"original": {
@@ -828,11 +808,11 @@
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1767488740,
"narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
"lastModified": 1777463218,
"narHash": "sha256-Bhkozqtq3BKLqWTlmKm8uAptfX4aRGI8QX3eEL54Vpc=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
"rev": "5768d08ed2e7944a26a958868cdb073cb8856dae",
"type": "github"
},
"original": {

8
flake.nix
View File

@@ -70,16 +70,16 @@
};
in
{
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
nixosConfigurations =
(lib.genAttrs hostDirNames (
host:
nixpkgs.lib.nixosSystem {
modules = [
./hosts/${host}
{ nixpkgs.hostPlatform = import ./hosts/${host}/system.nix; }
{
nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system;
host.name = host;
}
];
specialArgs = {
inherit

9
home/hosts/andromache/default.nix
View File

@@ -16,6 +16,7 @@
../../modules/cloud
../../modules/comms
../../modules/desktop/niri
../../modules/devenv
../../modules/direnv
../../modules/git
../../modules/k8s/k9s.nix
@@ -24,10 +25,12 @@
../../modules/nvim
../../modules/pandoc
../../modules/photography
../../modules/secrets
../../modules/shell
../../modules/ssh
../../modules/taskwarrior
../../modules/terminal
../../modules/zk
../../modules/torrenting
];
@@ -44,7 +47,10 @@
printing.enable = true;
modeling.enable = true;
};
ai-tools.opencode.enable = true;
ai-tools = {
claude-code.enable = true;
opencode.enable = true;
};
browser.primary = "librewolf";
cloud.hetzner.enable = true;
comms.signal.enable = true;
@@ -52,6 +58,7 @@
shell.bash.aliases.lang-js = true;
shell.bash.addBinToPath = true;
torrenting.enable = true;
zk.enable = true;
programs = {
home-manager.enable = true;

13
home/hosts/astyanax/default.nix
View File

@@ -15,6 +15,7 @@
../../modules/cloud
../../modules/comms
../../modules/desktop/niri
../../modules/devenv
../../modules/direnv
../../modules/git
../../modules/k8s/k9s.nix
@@ -23,6 +24,7 @@
../../modules/nfc
../../modules/nvim
../../modules/pandoc
../../modules/secrets
../../modules/shell
../../modules/ssh
../../modules/taskwarrior
@@ -35,11 +37,16 @@
homeDirectory = "/home/${config.host.username}";
};
xdg.userDirs.createDirectories = false;
xdg.userDirs.download = "${config.home.homeDirectory}/dl";
xdg.userDirs = {
enable = false;
createDirectories = false;
};
modules."3d".printing.enable = true;
ai-tools.opencode.enable = true;
ai-tools = {
claude-code.enable = true;
opencode.enable = true;
};
browser.primary = "librewolf";
cloud.hetzner.enable = true;
comms.signal.enable = true;

23
home/hosts/work/default.nix
View File

@@ -5,9 +5,6 @@
...
}:
let
username = "hektor";
in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
@@ -21,6 +18,7 @@ in
../../modules/database
../../modules/dconf
../../modules/desktop/niri
../../modules/devenv
../../modules/direnv
../../modules/docker
../../modules/git
@@ -46,12 +44,18 @@ in
nixpkgs.config.allowUnfree = true;
xdg.systemDirs.config = [ "/etc/xdg" ];
xdg = {
systemDirs.config = [ "/etc/xdg" ];
userDirs = {
createDirectories = false;
download = "${config.home.homeDirectory}/dl";
};
};
home = {
stateVersion = "25.05";
inherit username;
homeDirectory = "/home/${username}";
username = "hektor";
homeDirectory = "/home/${config.home.username}";
};
targets.genericLinux.nixGL = {
@@ -69,8 +73,11 @@ in
tirith.enable = true;
opencode.enable = true;
};
database.mssql.enable = true;
database.postgresql.enable = true;
database = {
mssql.enable = true;
postgresql.enable = true;
redis.enable = true;
};
git.github.enable = true;
git.gitlab.enable = true;
secrets.vault.enable = true;

60
home/modules/ai-tools/claude-code.nix Normal file
View File

@@ -0,0 +1,60 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.claude-code;
rtk-version = "0.18.1";
in
{
options.ai-tools.claude-code.enable = lib.mkEnableOption "claude code with rtk and ccline";
config = lib.mkIf cfg.enable {
programs.claude-code.enable = true;
home.packages = with pkgs; [
(stdenv.mkDerivation {
name = "ccline";
src = fetchurl {
url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
};
unpackPhase = "tar xzf $src";
installPhase = ''
mkdir -p $out/bin
cp ccline $out/bin/
chmod +x $out/bin/ccline
'';
meta = {
description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
homepage = "https://github.com/Haleclipse/CCometixLine";
license = lib.licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
(stdenv.mkDerivation {
name = "rtk-${rtk-version}";
version = rtk-version;
src = fetchurl {
url = "https://github.com/rtk-ai/rtk/releases/download/v${rtk-version}/rtk-x86_64-unknown-linux-gnu.tar.gz";
hash = "sha256-XoTia5K8b00OzcKYCufwx8ApkAS31DxUCpGSU0jFs2Q=";
};
unpackPhase = "tar xzf $src";
installPhase = ''
mkdir -p $out/bin
cp rtk $out/bin/
chmod +x $out/bin/rtk
'';
meta = {
description = "RTK - AI coding tool enhancer";
homepage = "https://www.rtk-ai.app";
license = lib.licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
mcp-nixos
];
};
}

118
home/modules/ai-tools/default.nix
View File

@@ -1,116 +1,8 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools;
rtk-version = "0.18.1";
in
{
options.ai-tools = {
claude-code.enable = lib.mkEnableOption "claude code with rtk and ccline";
tirith.enable = lib.mkEnableOption "tirith shell security guard";
opencode.enable = lib.mkEnableOption "opencode";
};
config = lib.mkMerge [
(lib.mkIf cfg.claude-code.enable {
home.packages = with pkgs; [
claude-code
(pkgs.stdenv.mkDerivation {
name = "ccline";
src = pkgs.fetchurl {
url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
};
unpackPhase = ''
tar xzf $src
'';
installPhase = ''
mkdir -p $out/bin
cp ccline $out/bin/
chmod +x $out/bin/ccline
'';
meta = with pkgs.lib; {
description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
homepage = "https://github.com/Haleclipse/CCometixLine";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
(pkgs.stdenv.mkDerivation {
name = "rtk-${rtk-version}";
version = rtk-version;
src = pkgs.fetchurl {
url = "https://github.com/rtk-ai/rtk/releases/download/v${rtk-version}/rtk-x86_64-unknown-linux-gnu.tar.gz";
hash = "sha256-XoTia5K8b00OzcKYCufwx8ApkAS31DxUCpGSU0jFs2Q=";
};
unpackPhase = ''
tar xzf $src
'';
installPhase = ''
mkdir -p $out/bin
cp rtk $out/bin/
chmod +x $out/bin/rtk
'';
meta = with pkgs.lib; {
description = "RTK - AI coding tool enhancer";
homepage = "https://www.rtk-ai.app";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
mcp-nixos
];
})
(lib.mkIf cfg.tirith.enable {
home.packages = with pkgs; [
tirith
];
})
(lib.mkIf (cfg.tirith.enable && cfg.claude-code.enable) {
home.file.".claude/hooks/tirith-check.py" = {
source = ./tirith-check.py;
executable = true;
};
home.activation.tirith-claude-code = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
${pkgs.tirith}/bin/tirith setup claude-code --with-mcp --scope user --force 2>/dev/null || true
'';
})
(lib.mkIf cfg.opencode.enable {
home.packages = with pkgs; [
opencode
];
home.file.".config/opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
permission = {
external_directory = {
"/run/secrets/" = "deny";
"~/.config/sops/age/keys.txt" = "deny";
"~/.ssh/id_rsa" = "deny";
"~/.ssh/id_ed25519" = "deny";
"~/.ssh/id_ecdsa" = "deny";
"~/.ssh/id_dsa" = "deny";
"/etc/ssh/ssh_host_rsa_key" = "deny";
"/etc/ssh/ssh_host_ed25519_key" = "deny";
"/etc/ssh/ssh_host_ecdsa_key" = "deny";
"/etc/ssh/ssh_host_dsa_key" = "deny";
};
command = {
sops = "deny";
};
};
plugin = [ "@mohak34/opencode-notifier@latest" ];
};
})
imports = [
./claude-code.nix
./opencode.nix
./skills.nix
./tirith.nix
];
}

40
home/modules/ai-tools/opencode.nix Normal file
View File

@@ -0,0 +1,40 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.opencode;
in
{
options.ai-tools.opencode = {
enable = lib.mkEnableOption "opencode";
};
config = lib.mkIf cfg.enable {
home.packages = [ pkgs.opencode ];
home.file.".config/opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
permission = {
external_directory = {
"/run/secrets/" = "deny";
"~/.config/sops/age/keys.txt" = "deny";
"~/.ssh/id_rsa" = "deny";
"~/.ssh/id_ed25519" = "deny";
"~/.ssh/id_ecdsa" = "deny";
"~/.ssh/id_dsa" = "deny";
"/etc/ssh/ssh_host_rsa_key" = "deny";
"/etc/ssh/ssh_host_ed25519_key" = "deny";
"/etc/ssh/ssh_host_ecdsa_key" = "deny";
"/etc/ssh/ssh_host_dsa_key" = "deny";
};
command = {
sops = "deny";
};
};
plugin = [ "@mohak34/opencode-notifier@latest" ];
};
};
}

49
home/modules/ai-tools/skills.nix Normal file
View File

@@ -0,0 +1,49 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.claude-code;
skillType = lib.types.submodule {
options = {
owner = lib.mkOption { type = lib.types.str; };
repo = lib.mkOption { type = lib.types.str; };
rev = lib.mkOption { type = lib.types.str; };
hash = lib.mkOption { type = lib.types.str; };
skill = lib.mkOption { type = lib.types.str; };
};
};
fetchSkill =
skill:
let
src = pkgs.fetchFromGitHub {
inherit (skill)
owner
repo
rev
hash
;
};
in
{
name = ".claude/skills/${skill.skill}";
value = {
source = "${src}/${skill.skill}";
recursive = true;
};
};
in
{
options.ai-tools.claude-code.skills = lib.mkOption {
type = lib.types.listOf skillType;
default = [ ];
};
config = lib.mkIf cfg.enable {
home.file = builtins.listToAttrs (map fetchSkill cfg.skills);
};
}

30
home/modules/ai-tools/tirith.nix Normal file
View File

@@ -0,0 +1,30 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.tirith;
in
{
options.ai-tools.tirith = {
enable = lib.mkEnableOption "tirith shell security guard";
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
home.packages = [ pkgs.tirith ];
})
(lib.mkIf (cfg.enable && config.ai-tools.claude-code.enable) {
home.file.".claude/hooks/tirith-check.py" = {
source = ./tirith-check.py;
executable = true;
};
home.activation.tirith-claude-code = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
${pkgs.tirith}/bin/tirith setup claude-code --with-mcp --scope user --force 2>/dev/null || true
'';
})
];
}

16
home/modules/anki/default.nix
View File

@@ -4,13 +4,23 @@
pkgs,
myUtils,
osConfig ? null,
inputs ? null,
...
}:
let
sops = myUtils.sopsAvailability config osConfig;
standalone = osConfig == null;
in
{
lib.optionalAttrs standalone {
sops.secrets = myUtils.mkSopsSecrets "${toString inputs.nix-secrets}/secrets" null {
anki = [
"sync-user"
"sync-key"
];
};
}
// {
warnings = lib.optional (
!sops.available && config.programs.anki.enable
) "anki is enabled but sops secrets are not available. anki sync will not be configured.";
@@ -24,8 +34,8 @@ in
review-heatmap
];
profiles."User 1".sync = lib.mkIf sops.available {
usernameFile = "${sops.secrets."anki-sync-user".path}";
keyFile = "${sops.secrets."anki-sync-key".path}";
usernameFile = "${sops.secrets."anki/sync-user".path}";
keyFile = "${sops.secrets."anki/sync-key".path}";
};
};
}

4
home/modules/browser/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, ... }:
{ config, lib, ... }:
{
options.browser = {
@@ -23,6 +23,8 @@
};
};
config.home.sessionVariables.BROWSER = config.browser.primary;
imports = [
./firefox.nix
./librewolf.nix

7
home/modules/clipboard/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
wl-clipboard
];
}

8
home/modules/database/default.nix
View File

@@ -9,14 +9,18 @@
options.database = {
mssql.enable = lib.mkEnableOption "MSSQL";
postgresql.enable = lib.mkEnableOption "PostgreSQL";
redis.enable = lib.mkEnableOption "Redis";
};
config = lib.mkMerge [
(lib.mkIf config.database.mssql.enable {
home.packages = [ (config.nixgl.wrap pkgs.dbeaver-bin) ];
home.packages = with pkgs; [ (config.nixgl.wrap dbeaver-bin) ];
})
(lib.mkIf config.database.postgresql.enable {
home.packages = [ (config.nixgl.wrap pkgs.pgadmin4-desktopmode) ];
home.packages = with pkgs; [ (config.nixgl.wrap pgadmin4-desktopmode) ];
})
(lib.mkIf config.database.postgresql.enable {
home.packages = with pkgs; [ redis ];
})
];
}

5
home/modules/dconf/default.nix
View File

@@ -3,6 +3,7 @@
let
terminal = "kitty";
browser = config.browser.primary;
font = "${config.stylix.fonts.monospace.name} ${toString config.stylix.fonts.sizes.applications}";
in
{
dconf.settings = {
@@ -40,9 +41,9 @@ in
clock-show-weekday = true;
color-scheme = "prefer-dark";
enable-hot-corners = false;
font-name = "Iosevka Term SS08 12";
# font-name = font;
locate-pointer = true;
monospace-font-name = "Iosevka Term SS08 12";
monospace-font-name = font;
};
"org/gnome/desktop/wm/keybindings" = {

45
home/modules/default.nix
View File

@@ -6,25 +6,32 @@
}:
{
options.nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
options = {
host.username = lib.mkOption {
type = lib.types.str;
default = config.home.username;
};
options.wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
};
};
}

2
home/modules/desktop/niri/default.nix
View File

@@ -2,6 +2,7 @@
{
imports = [
../../clipboard
../../fuzzel
../../mako
../../shikane
@@ -12,7 +13,6 @@
file.".config/niri/config.kdl".source = ./config.kdl;
packages = with pkgs; [
brightnessctl
wl-clipboard
wlsunset
];
};

4
home/modules/devenv/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ pkgs, ... }:
{
home.packages = [ pkgs.devenv ];
}

4
home/modules/k8s/default.nix
View File

@@ -18,6 +18,10 @@
enableAlias = true;
};
home.shellAliases = {
k = "kubectl";
};
imports = [
./helm.nix
./k9s.nix

3
home/modules/secrets/default.nix
View File

@@ -6,7 +6,8 @@
imports = [ ./vault.nix ];
home.packages = with pkgs; [
sops
age
age-plugin-yubikey # TODO: only needed when using Yubikey
sops
];
}

22
home/modules/ssh/default.nix
View File

@@ -1,18 +1,15 @@
{
outputs,
myUtils,
lib,
pkgs,
...
}:
let
nixosConfigs = builtins.attrNames outputs.nixosConfigurations;
homeConfigs = map (n: lib.last (lib.splitString "@" n)) (
builtins.attrNames outputs.homeConfigurations
);
allHosts = lib.unique (homeConfigs ++ nixosConfigs);
hostDir = ../../hosts;
hostNames = myUtils.dirNames hostDir;
hostsWithKeys = lib.filter (
hostname: builtins.pathExists ../../hosts/${hostname}/ssh_host.pub
) allHosts;
hostname: builtins.pathExists (hostDir + "/${hostname}/ssh_host.pub")
) hostNames;
in
{
home.packages = with pkgs; [ sshfs ];
@@ -25,15 +22,14 @@ in
lib.genAttrs hostsWithKeys (
hostname:
let
hostConfig = outputs.nixosConfigurations.${hostname}.config;
inherit (hostConfig.ssh) publicHostname username;
meta = myUtils.hostMeta (hostDir + "/${hostname}");
in
{
host = hostname;
user = username;
user = meta.deployment.targetUser;
}
// lib.optionalAttrs (publicHostname != "") {
hostname = publicHostname;
// lib.optionalAttrs (meta.deployment.targetHost != "") {
hostname = meta.deployment.targetHost;
}
)
// {

17
home/modules/stylix/default.nix
View File

@@ -25,21 +25,6 @@ in
sansSerif = config.stylix.fonts.monospace;
emoji = config.stylix.fonts.monospace;
};
targets = {
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
gnome.enable = false;
gtk.enable = false;
kitty = {
variant256Colors = true;
};
nixvim.enable = false;
};
targets = import ../../../modules/stylix/targets.nix;
};
}

33
home/modules/taskwarrior/default.nix
View File

@@ -5,13 +5,35 @@
dotsPath,
myUtils,
osConfig ? null,
inputs ? null,
...
}:
let
sops = myUtils.sopsAvailability config osConfig;
standalone = osConfig == null;
in
{
lib.optionalAttrs standalone {
sops = {
secrets = myUtils.mkSopsSecrets "${toString inputs.nix-secrets}/secrets" null {
taskwarrior = [
"sync-server-url"
"sync-server-client-id"
"sync-encryption-secret"
];
};
templates."taskrc.d/sync" = {
content = ''
sync.server.url=${config.sops.placeholder."taskwarrior/sync-server-url"}
sync.server.client_id=${config.sops.placeholder."taskwarrior/sync-server-client-id"}
sync.encryption_secret=${config.sops.placeholder."taskwarrior/sync-encryption-secret"}
'';
};
};
}
// {
warnings =
lib.optional (!sops.available && config.programs.taskwarrior.enable)
"taskwarrior is enabled, but sops templates are not available. taskwarrior sync will not be configured.";
@@ -36,14 +58,6 @@ in
".local/share/task/hooks/on-exit.sync.py" = {
source = dotsPath + "/.local/share/task/hooks/on-exit.sync.py";
};
".local/share/task/hooks/on-add.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-add.limit.py";
executable = true;
};
".local/share/task/hooks/on-modify.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-modify.limit.py";
executable = true;
};
".local/share/task/scripts/sync-and-notify.sh" = {
source = dotsPath + "/.local/share/task/scripts/sync-and-notify.sh";
executable = true;
@@ -56,6 +70,7 @@ in
colorTheme = "dark-256";
config = {
recurrence = "off";
reserved.lines = 3; # without this I would have to scroll up 3 lines
};
extraConfig = lib.optionalString sops.available ''
include ${sops.templates."taskrc.d/sync".path}

4
home/modules/tmux/default.nix
View File

@@ -11,9 +11,5 @@
enable = true;
extraConfig = builtins.readFile (dotsPath + "/.config/tmux/tmux.conf");
};
home.file = {
".config/tmux/hooks/tmux.ssh.conf".source = dotsPath + "/.config/tmux/hooks/tmux.ssh.conf";
};
};
}

45
home/modules/zk/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.zk;
in
{
options.zk = {
enable = lib.mkEnableOption "zettelkasten";
path = lib.mkOption {
type = lib.types.str;
default = config.home.homeDirectory + "/.zk";
description = "Path to the zettelkasten directory";
};
};
config = lib.mkIf cfg.enable {
home = {
sessionVariables.ZK_PATH = cfg.path;
packages = [
(pkgs.writeShellApplication {
name = "zk";
runtimeInputs = with pkgs; [ tmux ];
text = builtins.readFile ./scripts/zk.sh;
})
(pkgs.writeShellApplication {
name = "save-zk";
runtimeInputs = with pkgs; [ git ];
text = builtins.readFile ./scripts/save-zk.sh;
})
(pkgs.writeShellApplication {
name = "setup-zk";
runtimeInputs = with pkgs; [ gh ];
text = builtins.readFile ./scripts/setup-zk.sh;
})
];
};
};
}

2
home/modules/zk/scripts/save-zk.sh Normal file
View File

@@ -0,0 +1,2 @@
cd "$ZK_PATH" || { echo "No zettelkasten directory found"; exit 1; }
git add . && git commit -m "Update" && git push

13
home/modules/zk/scripts/setup-zk.sh Normal file
View File

@@ -0,0 +1,13 @@
if [ ! -d "$ZK_PATH" ]; then
echo "[zk] Setting up zettelkasten"
gh repo clone zk "$ZK_PATH"
else
echo "[zk] Zettelkasten already set up."
fi
read -p "Would you like open your zettelkasten? [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
$EDITOR "$ZK_PATH"
fi

14
dots/.bin/zk → home/modules/zk/scripts/zk.sh Executable file → Normal file
View File

@@ -1,8 +1,6 @@
#!/usr/bin/env bash
current_zettel_path="$(cat "$ZK_PATH/current-zettel.txt")"
current_zettel_path="$ZK_PATH/$(cat "$ZK_PATH/current-zettel.txt")"
if [ "$TERM_PROGRAM" = tmux ]; then
if [ -n "${TMUX:-}" ]; then
cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
else
echo 'Not in tmux'
@@ -12,13 +10,9 @@ else
read -r -p 'Enter your choice: ' choice
case $choice in
1)
# Check if a tmux session is running with a window named zk
if tmux list-windows -F '#{window_name}' | grep -q zk; then
# Attach to the session containing the 'zk' window
session="$(tmux list-windows -F '#{window_name} #{session_name}' | grep zk | head -n 1 | awk '{ print $2 }')"
tmux attach -t "$session"
if tmux has-session -t zk 2>/dev/null; then
tmux attach -t zk
else
# Create session with a window named 'zk' and start nvim
tmux new-session -s zk -n zk -d
tmux send-keys -t zk:zk "cd $ZK_PATH && $EDITOR $current_zettel_path" Enter
tmux attach -t zk

39
hosts/andromache/default.nix
View File

@@ -23,6 +23,8 @@ in
inherit lib config;
device = "/dev/nvme1n1";
})
../../modules/ai-tools
../../modules/anki
../../modules/audio
../../modules/backups
../../modules/bluetooth
@@ -31,42 +33,34 @@ in
../../modules/firewall
../../modules/fonts
../../modules/gaming
../../modules/networking
../../modules/git
../../modules/hcloud
../../modules/keyboard
../../modules/localization
../../modules/networking
../../modules/nvidia
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/secrets
../../modules/ssh
../../modules/storage
../../modules/stylix
../../modules/syncthing
../../modules/tailscale
../../modules/taskwarrior
../../modules/users
../../modules/wol
../../modules/yubikey
../../modules/hcloud
];
home-manager.users.${config.host.username} = import ../../home/hosts/andromache {
inherit
inputs
config
pkgs
lib
;
};
home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
ssh.username = config.host.username;
ssh.authorizedHosts = [ "astyanax" ];
secrets.nixSigningKey.enable = true;
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
docker.user = config.host.username;
hcloud = {
enable = true;
inherit (config.host) username;
};
restic-backup.enable = true;
tailscale.enable = true;
docker.enable = true;
hcloud.enable = true;
disko.devices = {
disk.data = {
@@ -98,7 +92,6 @@ in
my.yubikey = {
enable = false;
inherit (config.host) username;
keys = [
{
handle = "<KeyHandle1>";

3
hosts/andromache/host.nix
View File

@@ -1,6 +1,7 @@
{
host = {
username = "h";
name = "andromache";
highRam = true;
admin = true;
};
}

7
hosts/andromache/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "local" ];
system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "desktop";
}

1
hosts/andromache/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

66
hosts/astyanax/default.nix
View File

@@ -16,48 +16,45 @@ in
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
# inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel-gen7 (not available yet?)
inputs.sops-nix.nixosModules.sops
../../modules/common
../../modules/boot/bootloader.nix
(import ../../modules/disko/zfs-encrypted-root.nix {
inherit lib config;
device = "/dev/nvme0n1";
})
../../modules/desktops/niri
../../modules/ai-tools
../../modules/anki
../../modules/audio
../../modules/backups
../../modules/bluetooth
../../modules/keyboard
../../modules/networking
../../modules/users
../../modules/localization
../../modules/desktops/niri
../../modules/docker
../../modules/firewall
../../modules/fonts
../../modules/git
../../modules/keyboard
../../modules/localization
../../modules/networking
../../modules/nfc
../../modules/secrets
../../modules/ssh
../../modules/storage
../../modules/stylix
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker
../../modules/nfc
../../modules/firewall
../../modules/tailscale
../../modules/taskwarrior
../../modules/users
../../modules/yubikey
];
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax {
inherit
inputs
config
pkgs
lib
;
};
home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
ssh.username = config.host.username;
ssh.authorizedHosts = [ "andromache" ];
secrets.nixSigningKey.enable = true;
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
docker.user = config.host.username;
nfc.user = config.host.username;
restic-backup.enable = true;
tailscale.enable = true;
docker.enable = true;
nfc.enable = true;
desktop.ly.enable = true;
audio.automation.enable = true;
@@ -100,6 +97,25 @@ in
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
my.yubikey = {
enable = true;
# inherit (config.host) username;
# keys = [
# {
# handle = "<KeyHandle1>";
# userKey = "<UserKey1>";
# coseType = "<CoseType1>";
# options = "<Options1>";
# }
# {
# handle = "<KeyHandle2>";
# userKey = "<UserKey2>";
# coseType = "<CoseType2>";
# options = "<Options2>";
# }
# ];
};
services = {
fwupd.enable = true;
locate = {

3
hosts/astyanax/host.nix
View File

@@ -1,6 +1,7 @@
{
host = {
username = "h";
name = "astyanax";
highRam = true;
admin = true;
};
}

7
hosts/astyanax/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "local" ];
system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "laptop";
}

2
hosts/astyanax/ssh_user.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzP1PjIDb1tN9nhPOK88HYDtTNk9SN9ZpEem2id49Fa h@astyanax
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJApgl/+QaAtrg0OK5ihXasdcnDwzFo6qtHbgnqGFl25AAAABHNzaDo= h@astyanax

1
hosts/astyanax/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

9
hosts/eetion-02/default.nix
View File

@@ -11,15 +11,6 @@
../../modules/ssh
];
ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"
"astyanax"
];
};
boot = {
kernelParams = [
"console=ttyS1,115200n8"

1
hosts/eetion-02/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "h";
name = "eetion-02";
};
}

7
hosts/eetion-02/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "arm" ];
system = "aarch64-linux";
deployment = {
tags = [ "arm" ];
targetHost = "eetion-02";
targetUser = "h";
};
role = "embedded";
}

1
hosts/eetion-02/system.nix
View File

@@ -1 +0,0 @@
"aarch64-linux"

18
hosts/eetion/default.nix
View File

@@ -9,17 +9,11 @@
./host.nix
../../modules/common
../../modules/ssh
../../modules/tailscale
# ../../modules/uptime-kuma
];
ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"
"astyanax"
];
};
tailscale.enable = true;
boot.loader = {
grub.enable = false;
@@ -98,7 +92,13 @@
oci-containers = {
backend = "podman";
containers.actualbudget = {
image = "docker.io/actualbudget/actual-server:latest-alpine";
image = "docker.io/actualbudget/actual-server:26.4.0-alpine";
imageFile = pkgs.dockerTools.pullImage {
imageName = "docker.io/actualbudget/actual-server";
imageDigest = "sha256:996f3a59d297ec9699cb36ce558b61ab16d79c76763a5c3158d5387f71161499";
sha256 = "sha256-81On59dSFBNeIjNJEm93b01EldYga2liiztXhjiVoj4=";
finalImageTag = "26.4.0-alpine";
};
ports = [ "5006:5006" ];
volumes = [ "/var/lib/actualbudget:/data" ];
};

1
hosts/eetion/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "h";
name = "eetion";
};
}

7
hosts/eetion/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "arm" ];
system = "aarch64-linux";
deployment = {
tags = [ "arm" ];
targetHost = "eetion";
targetUser = "h";
};
role = "embedded";
}

1
hosts/eetion/system.nix
View File

@@ -1 +0,0 @@
"aarch64-linux"

12
hosts/hecuba/default.nix
View File

@@ -18,16 +18,7 @@
];
networking.hostName = config.host.name;
ssh = {
inherit (config.host) username;
publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [
"andromache"
"astyanax"
];
};
docker.user = config.host.username;
docker.enable = true;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
@@ -67,6 +58,7 @@
environment.systemPackages = with pkgs; [
vim
git
kitty.terminfo
];
services.fail2ban = {

1
hosts/hecuba/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "username";
name = "hecuba";
};
}

7
hosts/hecuba/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "cloud" ];
system = "x86_64-linux";
deployment = {
tags = [ "cloud" ];
targetHost = "server.hektormisplon.xyz";
targetUser = "username";
};
role = "server";
}

1
hosts/hecuba/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

30
hosts/vm/default.nix
View File

@@ -1,8 +1,6 @@
{
lib,
inputs,
config,
pkgs,
...
}:
{
@@ -12,29 +10,25 @@
./host.nix
./disk.nix
../../modules/common
../../modules/boot/bootloader.nix
../../modules/keyboard
../../modules/networking
../../modules/users
../../modules/anki
../../modules/audio
../../modules/localization
../../modules/x
../../modules/boot/bootloader.nix
../../modules/fonts
../../modules/git
../../modules/keyboard
../../modules/localization
../../modules/networking
../../modules/ai-tools
../../modules/ssh
../../modules/storage
../../modules/stylix
(import ../../modules/secrets {
inherit lib inputs config;
})
../../modules/secrets
../../modules/taskwarrior
../../modules/users
../../modules/x
];
home-manager.users.${config.host.username} = import ../../home/hosts/vm {
inherit inputs config pkgs;
};
ssh.username = config.host.username;
secrets.username = config.host.username;
home-manager.users.${config.host.username} = import ../../home/hosts/vm;
disko = {
devices.disk.main = {

1
hosts/vm/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "h";
name = "vm";
};
}

7
hosts/vm/meta.nix
View File

@@ -1,4 +1,9 @@
{
deployment.tags = [ "local" ];
system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "vm";
}

1
hosts/vm/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

10
images/sd-image-orange-pi-aarch64.nix
View File

@@ -12,14 +12,14 @@ let
in
{
imports = [
../modules/common/host.nix
../modules/ssh
];
ssh.username = username;
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
host = {
inherit username;
name = "orange-pi";
};
nix.settings.experimental-features = [
"nix-command"

10
images/sd-image-raspberry-pi-aarch64.nix
View File

@@ -12,14 +12,14 @@ let
in
{
imports = [
../modules/common/host.nix
../modules/ssh
];
ssh.username = username;
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
host = {
inherit username;
name = "raspberry-pi";
};
boot.kernelParams = [
"console=ttyS1,115200n8"

25
modules/ai-tools/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{ config, ... }:
let
inherit (config.host) username;
inherit (config.secrets) owner;
in
{
config = {
nixpkgs.allowedUnfree = [ "claude-code" ];
secrets.groups.opencode = [ "api-key" ];
sops.templates."opencode/auth.json" = {
inherit owner;
path = "/home/${username}/.local/share/opencode/auth.json";
content = ''
{
"zai-coding-plan": {
"type": "api",
"key": "${config.sops.placeholder."opencode/api-key"}"
}
}
'';
};
};
}

6
modules/anki/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{
config.secrets.groups.anki = [
"sync-user"
"sync-key"
];
}

75
modules/backups/default.nix
View File

@@ -6,61 +6,48 @@
let
cfg = config.restic-backup;
inherit (config.secrets) sopsDir;
host = config.networking.hostName;
in
{
options = {
restic-backup = {
repository = lib.mkOption {
type = lib.types.str;
default = "b2:${config.sops.placeholder.b2-bucket-name}:${config.networking.hostName}";
};
options.restic-backup = {
enable = lib.mkEnableOption "restic backups";
passwordFile = lib.mkOption {
type = lib.types.str;
default = config.sops.secrets.restic-password.path;
};
passwordFile = lib.mkOption {
type = lib.types.str;
default = config.sops.secrets."restic/password".path;
};
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "/home" ];
};
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "/home" ];
};
};
config = {
sops = {
secrets = {
restic-password = {
sopsFile = "${sopsDir}/restic-password";
};
b2-bucket-name = {
sopsFile = "${sopsDir}/b2-bucket-name";
};
b2-account-id = {
sopsFile = "${sopsDir}/b2-account-id";
};
b2-account-key = {
sopsFile = "${sopsDir}/b2-account-key";
};
config = lib.mkIf cfg.enable {
secrets.groups = {
restic = [ "password" ];
backblaze-b2 = [
"bucket-name"
"account-id"
"account-key"
];
};
sops.templates = {
"restic/repo-${host}" = {
content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${host}";
};
templates = {
"restic/repo-${config.networking.hostName}" = {
content = "b2:${config.sops.placeholder.b2-bucket-name}:${config.networking.hostName}";
};
"restic/b2-env-${config.networking.hostName}" = {
content = ''
B2_ACCOUNT_ID=${config.sops.placeholder.b2-account-id}
B2_ACCOUNT_KEY=${config.sops.placeholder.b2-account-key}
'';
};
"restic/b2-env-${host}" = {
content = ''
B2_ACCOUNT_ID=${config.sops.placeholder."backblaze-b2/account-id"}
B2_ACCOUNT_KEY=${config.sops.placeholder."backblaze-b2/account-key"}
'';
};
};
services.restic.backups.home = {
repositoryFile = config.sops.templates."restic/repo-${config.networking.hostName}".path;
inherit (cfg) passwordFile;
inherit (cfg) paths;
repositoryFile = config.sops.templates."restic/repo-${host}".path;
inherit (cfg) passwordFile paths;
timerConfig = {
OnCalendar = "daily";
Persistent = true;
@@ -73,7 +60,7 @@ in
"--keep-monthly 6"
"--keep-yearly 1"
];
environmentFile = config.sops.templates."restic/b2-env-${config.networking.hostName}".path;
environmentFile = config.sops.templates."restic/b2-env-${host}".path;
};
};
}

11
modules/boot/bootloader.nix
View File

@@ -1,4 +1,11 @@
{ config, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
tmp.useTmpfs = config.host.highRam;
};
}

9
modules/common/default.nix
View File

@@ -25,6 +25,7 @@ in
system.stateVersion = lib.mkDefault "25.05";
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md
optimise = {
automatic = true;
dates = [ "05:00" ];
@@ -38,6 +39,9 @@ in
"nix-command"
"flakes"
];
settings.trusted-public-keys = [
"nix-signing-key:M6ouQRFl/bZ5QQrceQUyar6P7o8qg4wwVkxD1SSLL2k="
];
};
system.autoUpgrade = {
@@ -69,6 +73,11 @@ in
myUtils
;
};
sharedModules = [
{
host.username = lib.mkDefault config.host.username;
}
];
};
};
}

10
modules/common/host.nix
View File

@@ -19,5 +19,15 @@
type = lib.types.str;
default = "en_US.UTF-8";
};
highRam = lib.mkOption {
type = lib.types.bool;
default = false;
};
admin = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
}

0
modules/desktops/gnome.nix → modules/desktops/gnome/default.nix
View File

7
modules/desktops/logind.nix Normal file
View File

@@ -0,0 +1,7 @@
{
services.logind.settings.Login = {
HandleLidSwitch = "suspend";
IdleAction = "suspend";
IdleActionSec = 1800;
};
}

30
modules/desktops/niri/default.nix
View File

@@ -9,6 +9,8 @@ let
cfg = config.desktop;
in
{
imports = [ ../logind.nix ];
options.desktop = {
ly = {
enable = lib.mkOption {
@@ -19,7 +21,10 @@ in
};
config = {
programs.niri.enable = true;
programs.niri = {
enable = true;
useNautilus = false;
};
xdg.portal = {
enable = true;
@@ -32,14 +37,23 @@ in
];
};
services = {
dbus.enable = true;
logind.settings.Login = {
HandleLidSwitch = "suspend";
IdleAction = "suspend";
IdleActionSec = 1800;
};
# error:
# Failed assertions:
# - h profile: xdg.portal: since you installed Home Manager via its NixOS module and
# 'home-manager.useUserPackages' is enabled, you need to add
#
# environment.pathsToLink = [ `/share/applications` `/share/xdg-desktop-portal` ];
#
# to your NixOS configuration so that the portal definitions and DE
# provided configurations get linked.
environment.pathsToLink = [
"/share/applications"
"/share/xdg-desktop-portal"
];
services = {
gnome.gnome-keyring.enable = false;
dbus.enable = true;
displayManager.ly = lib.mkIf cfg.ly.enable {
enable = true;
};

24
modules/docker/default.nix
View File

@@ -2,29 +2,17 @@
let
cfg = config.docker;
inherit (config.host) username;
in
{
options.docker = {
enable = lib.mkEnableOption "docker";
rootless = lib.mkOption {
type = lib.types.bool;
default = false;
};
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkMerge [
{
warnings = lib.flatten [
(lib.optional (
cfg.rootless && cfg.user != null
) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
(lib.optional (
!cfg.rootless && cfg.user == null
) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
];
}
(lib.mkIf cfg.rootless {
virtualisation.docker = {
enable = false;
@@ -34,11 +22,9 @@ in
};
};
})
(lib.mkIf (!cfg.rootless && cfg.user != null) {
virtualisation.docker = {
enable = true;
};
users.users.${cfg.user}.extraGroups = [ "docker" ];
(lib.mkIf (cfg.enable && !cfg.rootless) {
virtualisation.docker.enable = true;
users.users.${username}.extraGroups = [ "docker" ];
})
];
}

38
modules/gaming/default.nix
View File

@@ -1,12 +1,50 @@
{
config,
lib,
pkgs,
...
}:
{
nixpkgs.allowedUnfree = [
"steam"
"steam-unwrapped"
"lutris"
];
hardware.graphics = {
enable32Bit = true;
extraPackages = with pkgs; [
dxvk
vkd3d-proton
];
};
programs.steam = {
enable = true;
remotePlay.openFirewall = false;
dedicatedServer.openFirewall = false;
};
programs.gamemode.enable = true;
environment.systemPackages = with pkgs; [
# lutris
mangohud
];
home-manager.users.${config.host.username} = {
xdg.configFile."lutris/system.yml".text = lib.generators.toJSON { } {
system.game_path = "/home/${config.host.username}/games";
};
};
security.pam.loginLimits = [
{
domain = config.host.username;
type = "hard";
item = "nofile";
value = "524288";
}
];
}

29
modules/git/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
...
}:
let
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{
config.sops.templates = {
".gitconfig.email" = {
inherit owner;
path = "/home/${username}/.gitconfig.email";
content = ''
[user]
email = ${config.sops.placeholder."email/personal"}
'';
};
".gitconfig.work.email" = {
inherit owner;
path = "/home/${username}/.gitconfig.work.email";
content = ''
[user]
email = ${config.sops.placeholder."email/work"}
'';
};
};
}

18
modules/hcloud/default.nix
View File

@@ -6,32 +6,26 @@
let
cfg = config.hcloud;
inherit (config.secrets) sopsDir;
inherit (config.host) username;
inherit (config.secrets) owner;
in
{
options.hcloud = {
enable = lib.mkEnableOption "hcloud CLI configuration";
username = lib.mkOption {
type = lib.types.str;
description = "Username for hcloud CLI configuration";
};
};
config = lib.mkIf cfg.enable {
sops.secrets.hcloud-token = {
sopsFile = "${sopsDir}/hcloud-token";
owner = config.users.users.${cfg.username}.name;
};
secrets.groups.hcloud = [ "api-token" ];
sops.templates."hcloud/cli.toml" = {
owner = config.users.users.${cfg.username}.name;
path = "/home/${cfg.username}/.config/hcloud/cli.toml";
inherit owner;
path = "/home/${username}/.config/hcloud/cli.toml";
content = ''
active_context = "server"
[[contexts]]
name = "server"
token = "${config.sops.placeholder.hcloud-token}"
token = "${config.sops.placeholder."hcloud/api-token"}"
'';
};
};

10
modules/nfc/default.nix
View File

@@ -2,15 +2,13 @@
let
cfg = config.nfc;
inherit (config.host) username;
in
{
options.nfc = {
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
enable = lib.mkEnableOption "NFC device access";
};
config = lib.mkIf (cfg.user != null) {
users.users.${cfg.user}.extraGroups = [ "dialout" ];
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "dialout" ];
};
}

114
modules/secrets/default.nix
View File

@@ -1,106 +1,78 @@
{
lib,
inputs,
pkgs,
config,
myUtils,
...
}:
let
cfg = config.secrets;
inherit (config.host) username;
inherit (cfg) sopsDir;
owner = config.users.users.${cfg.username}.name;
mkSecret = name: {
${name} = {
sopsFile = "${sopsDir}/${name}";
inherit owner;
};
};
owner = config.users.users.${username}.name;
in
{
imports = [ inputs.sops-nix.nixosModules.sops ];
options = {
secrets = {
username = lib.mkOption {
type = lib.types.str;
};
sopsDir = lib.mkOption {
type = lib.types.str;
default = "${toString inputs.nix-secrets}/secrets";
};
groups = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = { };
};
owner = lib.mkOption {
type = lib.types.unspecified;
};
nixSigningKey = {
enable = lib.mkEnableOption "nix signing key configuration";
name = lib.mkOption {
type = lib.types.str;
default = "${config.host.name}-nix-signing-key";
};
};
yubikey = {
enable = lib.mkEnableOption "set up Yubikey";
};
};
};
config = {
sops = {
age.keyFile = "/home/${cfg.username}/.config/sops/age/keys.txt";
secrets = lib.mkMerge [
(mkSecret "taskwarrior-sync-server-url")
(mkSecret "taskwarrior-sync-server-client-id")
(mkSecret "taskwarrior-sync-encryption-secret")
(mkSecret "anki-sync-user")
(mkSecret "anki-sync-key")
(mkSecret "email-personal")
(mkSecret "email-work")
(mkSecret "opencode-api-key")
(lib.mkIf cfg.nixSigningKey.enable (mkSecret cfg.nixSigningKey.name))
];
templates = {
"taskrc.d/sync" = {
inherit owner;
content = ''
sync.server.url=${config.sops.placeholder.taskwarrior-sync-server-url}
sync.server.client_id=${config.sops.placeholder.taskwarrior-sync-server-client-id}
sync.encryption_secret=${config.sops.placeholder.taskwarrior-sync-encryption-secret}
'';
};
".gitconfig.email" = {
inherit owner;
path = "/home/${cfg.username}/.gitconfig.email";
content = ''
[user]
email = ${config.sops.placeholder.email-personal}
'';
};
".gitconfig.work.email" = {
inherit owner;
path = "/home/${cfg.username}/.gitconfig.work.email";
content = ''
[user]
email = ${config.sops.placeholder.email-work}
'';
};
"opencode/auth.json" = {
inherit owner;
path = "/home/${cfg.username}/.local/share/opencode/auth.json";
content = ''
{
"zai-coding-plan": {
"type": "api",
"key": "${config.sops.placeholder.opencode-api-key}"
}
}
'';
};
secrets = {
inherit owner;
groups = {
email = [
"personal"
"work"
];
nix = lib.optional cfg.nixSigningKey.enable "signing-key";
};
};
sops = {
# for yubikey, generate as follows:
# ```
# age-plugin-yubikey --identity > <keyfile-path>
# ```
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets = myUtils.mkSopsSecrets sopsDir owner cfg.groups;
};
nix.settings.secret-key-files = lib.mkIf cfg.nixSigningKey.enable [
config.sops.secrets.${cfg.nixSigningKey.name}.path
config.sops.secrets."nix/signing-key".path
];
services = {
pcscd.enable = true; # needed for age-plugin-yubikey?
udev.packages = lib.mkIf cfg.yubikey.enable [
pkgs.yubikey-personalization
pkgs.libfido2
];
};
};
}

23
modules/ssh/authorized-keys.nix
View File

@@ -1,28 +1,29 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
inherit (config.host) username;
adminHosts = (import ../../utils { inherit lib; }).adminHosts ../../hosts;
in
{
options.ssh = {
authorizedHosts = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
username = lib.mkOption {
type = lib.types.str;
default = "h";
};
publicHostname = lib.mkOption {
type = lib.types.str;
default = "";
};
};
# auto generate authorized_keys from `authorizedHosts`
config.users.users.${config.ssh.username}.openssh.authorizedKeys.keys = lib.flatten (
config.users.users.${username}.openssh.authorizedKeys.keys = lib.flatten (
map (
hostname:
let
keyFile = ../../hosts/${hostname}/ssh_user.pub;
in
lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
) config.ssh.authorizedHosts
) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
);
}

2
modules/ssh/extract-keys.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, ... }:
let
inherit (config.ssh) username;
inherit (config.host) username;
in
{
# auto extract SSH keys

15
modules/stylix/default.nix
View File

@@ -30,20 +30,7 @@ in
home-manager.sharedModules = [
{
stylix.targets = {
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
kitty.variant256Colors = true;
gnome.enable = false;
gtk.enable = false;
nixvim.enable = false;
};
stylix.targets = import ./targets.nix;
}
];
}

14
modules/stylix/targets.nix Normal file
View File

@@ -0,0 +1,14 @@
{
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
kitty.variant256Colors = true;
gnome.enable = false;
gtk.enable = false;
nixvim.enable = false;
}

17
modules/syncthing/default.nix
View File

@@ -7,23 +7,18 @@
with lib;
let
cfg = config.my.syncthing;
inherit (config.host) username;
in
{
options.my.syncthing.username = mkOption {
type = types.str;
default = "h";
};
config = {
users.groups.${cfg.username} = { };
users.users.${cfg.username}.extraGroups = [ cfg.username ];
users.groups.${username} = { };
users.users.${username}.extraGroups = [ username ];
services.syncthing = {
enable = true;
user = cfg.username;
group = cfg.username;
configDir = "/home/${cfg.username}/.local/state/syncthing";
user = username;
group = username;
configDir = "/home/${username}/.local/state/syncthing";
openDefaultPorts = true;
};
};

19
modules/tailscale/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{
lib,
config,
...
}:
{
options.tailscale = {
enable = lib.mkEnableOption "tailscale";
};
config = lib.mkIf config.tailscale.enable {
services.tailscale = {
enable = true;
extraSetFlags = [ "--netfilter-mode=nodivert" ];
extraDaemonFlags = [ "--no-logs-no-support" ];
openFirewall = false;
};
};
}

23
modules/taskwarrior/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{ config, ... }:
let
inherit (config.secrets) owner;
in
{
config = {
secrets.groups.taskwarrior = [
"sync-server-url"
"sync-server-client-id"
"sync-encryption-secret"
];
sops.templates."taskrc.d/sync" = {
inherit owner;
content = ''
sync.server.url=${config.sops.placeholder."taskwarrior/sync-server-url"}
sync.server.client_id=${config.sops.placeholder."taskwarrior/sync-server-client-id"}
sync.encryption_secret=${config.sops.placeholder."taskwarrior/sync-encryption-secret"}
'';
};
};
}

12
modules/yubikey/default.nix
View File

@@ -9,18 +9,14 @@ with lib;
let
cfg = config.my.yubikey;
inherit (config.host) username;
formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}";
authfileContent = username: keys: username + lib.concatMapStrings formatKey keys;
authfileContent = u: keys: u + lib.concatMapStrings formatKey keys;
in
{
options.my.yubikey = {
enable = mkEnableOption "yubiKey U2F authentication";
username = mkOption {
type = types.str;
default = "h";
};
origin = mkOption {
type = types.str;
default = "pam://yubi";
@@ -61,7 +57,7 @@ in
interactive = true;
cue = true;
inherit (cfg) origin;
authfile = pkgs.writeText "u2f-mappings" (authfileContent cfg.username cfg.keys);
authfile = pkgs.writeText "u2f-mappings" (authfileContent username cfg.keys);
};
};
services = {
@@ -70,6 +66,6 @@ in
};
};
services.udev.packages = [ pkgs.yubikey-personalization ];
services.udev.packages = with pkgs; [ yubikey-personalization ];
};
}

29
utils/default.nix
View File

@@ -1,25 +1,8 @@
{ lib }:
{
dirNames =
path: builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir path));
hostMeta =
hostDir:
if builtins.pathExists (hostDir + "/meta.nix") then
import (hostDir + "/meta.nix")
else
throw "meta.nix required in ${hostDir}";
sopsAvailability =
config: osConfig:
let
hmSopsAvailable = config ? sops && config.sops ? secrets;
osSopsAvailable = osConfig != null && osConfig ? sops && osConfig.sops ? secrets;
in
{
available = hmSopsAvailable || osSopsAvailable;
secrets = if hmSopsAvailable then config.sops.secrets else osConfig.sops.secrets;
templates = if hmSopsAvailable then config.sops.templates else osConfig.sops.templates;
};
}
let
fs = import ./fs.nix { inherit lib; };
hosts = import ./hosts.nix { inherit lib; };
secrets = import ./secrets.nix { inherit lib; };
in
fs // hosts // secrets

6
utils/fs.nix Normal file
View File

@@ -0,0 +1,6 @@
{ lib }:
{
dirNames =
path: builtins.attrNames (lib.filterAttrs (_: t: t == "directory") (builtins.readDir path));
}

19
utils/hosts.nix Normal file
View File

@@ -0,0 +1,19 @@
{ lib }:
let
fs = import ./fs.nix { inherit lib; };
in
{
hostMeta =
hostDir:
if builtins.pathExists (hostDir + "/meta.nix") then
import (hostDir + "/meta.nix")
else
throw "meta.nix required in ${hostDir}";
adminHosts =
hostsPath:
builtins.filter (host: ((import (hostsPath + "/${host}/host.nix")).host.admin or false)) (
fs.dirNames hostsPath
);
}

Some files were not shown because too many files have changed in this diff Show More