hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:53cd519fa375ef248d801248b51e6d5b149ecebe
Branches Tags
hektor:main
..
compare: hektor:main
Branches Tags
hektor:main

72 Commits
53cd519fa3 ... main

Author SHA1 Message Date
Hektor Misplon
c4510abf88 refactor: simplify apps.colmena 2026-02-24 15:00:45 +01:00
Hektor Misplon
0c4cdd2d1e feat: add golang module to work host 2026-02-24 14:47:27 +01:00
Hektor Misplon
c1418e1402 chore: update lockfile 2026-02-24 14:47:27 +01:00
Hektor Misplon
ab59c50520 fix: add wrapper util for home manager modules 2026-02-24 14:47:27 +01:00
Hektor Misplon
624a56e948 fix: remove pnpm bash config 2026-02-24 14:47:27 +01:00
Hektor Misplon
fb269c0265 fix: update 'work' host modules 2026-02-24 14:47:27 +01:00
Hektor Misplon
2a07ecef61 feat: add 'nodejs' module (and use on 'work' host) 2026-02-24 14:47:27 +01:00
Hektor Misplon
aa830fc795 feat: set up 'opencode' on work host 2026-02-24 14:47:27 +01:00
Hektor Misplon
227a4fe53d feat: add 'vscode' module to work host 2026-02-24 14:47:27 +01:00
Hektor Misplon
99dfe10ebf fix: add pdf support to pandoc module 2026-02-24 14:47:27 +01:00
hektor
c002741419 fix: remove default packages 2026-02-23 19:35:24 +01:00
hektor
448b3e5ef0 feat: set up 'tlp' for laptop mode on 'astyanax' 2026-02-23 18:15:19 +01:00
hektor
fafadf4034 feat: add notifier plugin to opencode 2026-02-23 18:11:29 +01:00
hektor
a5845fb847 fix :resolve 'andromache' syntax error 2026-02-23 18:11:24 +01:00
Hektor Misplon
757d5e5c81 feat: set up 'storage' module 2026-02-22 16:43:15 +01:00
Hektor Misplon
7b13880be2 fix: resolve nix build warnings 2026-02-22 16:40:20 +01:00
Hektor Misplon
b895e85953 chore: disable syncthing module 2026-02-22 16:22:55 +01:00
Hektor Misplon
ee3b95d986 fix: remove 'nix.settings' from 'hecuba' host 2026-02-22 16:20:52 +01:00
Hektor Misplon
f5ed623d53 refactor: extract 'pandoc' module 2026-02-22 16:16:17 +01:00
Hektor Misplon
d30fa3922b docs: update readme 2026-02-22 14:37:09 +01:00
Hektor Misplon
1c20cc3326 feat: add basic 'gaming' module to 'andromache' 2026-02-22 14:08:43 +01:00
Hektor Misplon
e7a36abd8c refactor: extract 'nvidia' module 2026-02-22 14:08:43 +01:00
Hektor Misplon
635583669f refactor: add home 'allowedUnfree' option 2026-02-22 14:08:43 +01:00
Hektor Misplon
dec73a74d8 refactor: remove unused 'colmena' input 2026-02-22 14:08:43 +01:00
Hektor Misplon
ac23d88ca9 fix: deny opencode access to nix secret paths 2026-02-22 13:22:19 +01:00
Hektor Misplon
85df2e7886 fix: temporarily disable 'ly' on desktop 2026-02-22 12:42:43 +01:00
Hektor Misplon
7bb0f6fca4 feat: set up openscad lsp 2026-02-22 12:34:34 +01:00
Hektor Misplon
486e273b97 fix: update 'ncspot' config 2026-02-22 12:34:05 +01:00
Hektor Misplon
e7756a2959 chore: remove redundant 'update-vim' script 2026-02-22 12:19:39 +01:00
Hektor Misplon
68fa0d8c89 chore: update lockfile 2026-02-22 12:16:35 +01:00
Hektor Misplon
b9c7c099e7 fix: enable colortheme for firefox-based browsers 2026-02-22 12:16:07 +01:00
Hektor Misplon
e62790f2c7 fix: update 'sb-pomo' script to match 'pomo' script 2026-02-22 12:11:58 +01:00
Hektor Misplon
3d36eb305e docs: update readme 2026-02-22 00:28:39 +01:00
Hektor Misplon
0952bfd827 chore: remove unused vpn module 2026-02-21 22:07:06 +01:00
Hektor Misplon
c6671fea4e fix: add 'lib' as default module 2026-02-21 22:02:57 +01:00
Hektor Misplon
55b3fde362 feat: add home manager audio module (pulsemixer) 2026-02-21 22:02:38 +01:00
hektor
18f2e4d93a fix: add 'lib' module to astyanax host 2026-02-21 17:49:01 +01:00
hektor
dbac0fd1b9 fix: color niri workspaces in waybar 2026-02-21 14:31:44 +01:00
hektor
26760d27a4 chore: update lockfile 2026-02-21 13:52:12 +01:00
hektor
eec5d54f59 chore: remove 'phone' config (skip 'nix-on-droid' for now) 2026-02-21 13:51:01 +01:00
hektor
1a0c85ec97 feat: set up 'eetion-02' raspberry pi host 2026-02-21 13:51:01 +01:00
hektor
0037ba2e54 flake.lock: Update 
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/c7794d3f46304de5234008c31b5b28a9d5709184?dir=pkgs/firefox-addons&narHash=sha256-0iGDl/ct3rW%2Bh6%2BsLq4RZaze/U/aQo2L5sLLuyjuVTk%3D' (2026-02-04)
  → 'gitlab:rycee/nur-expressions/65d59f814068d04e532cad2773d281e4951acd95?dir=pkgs/firefox-addons&narHash=sha256-%2BFHN9EthS%2BkHxnMoSDZEiGLoxwiIuij6ltK3aTmlLMA%3D' (2026-02-07)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04e5203db66417d548ae1ff188a9f591836dfaa7?narHash=sha256-R1WFtIvp38hS9x63dnijdJw1KyIiy30KGea6e6N7LHs%3D' (2026-02-05)
  → 'github:nix-community/home-manager/6cee0821577643e0b34e2c5d9a90d0b1b5cdca70?narHash=sha256-cyxgVsNfHnJ4Zn6G1EOzfTXbjTy7Ds9zMOsZaX7VZWs%3D' (2026-02-07)
• Updated input 'nvim':
    'path:./dots/.config/nvim'
  → 'path:./dots/.config/nvim'
 2026-02-21 13:51:00 +01:00
hektor
846112cd25 feat: add (but disable for now) uptime kuma module for 'hecuba' 2026-02-21 13:50:39 +01:00
hektor
6233bd0867 refactor: resolve warnings/errors in checks 2026-02-21 13:50:38 +01:00
hektor
6ba7fd28d5 fix: simplify syncthing module 2026-02-21 13:49:53 +01:00
Hektor Misplon
c75724de68 feat: set up 'stylix' 2026-02-17 20:30:32 +01:00
Hektor Misplon
04f33a92ea test: try taskwarrior hooks to track slots 2026-02-17 20:09:24 +01:00
Hektor Misplon
3cc69cf68d fix: make 'colmena' available 2026-02-17 20:09:24 +01:00
Hektor Misplon
5f5e5f8d4d test: see if this fixes auto upgrades 2026-02-17 19:53:51 +01:00
Hektor Misplon
2c5a115bf9 feat: set up 'stylix' 2026-02-17 19:51:08 +01:00
Hektor Misplon
323fbe15c8 feat: colorize 'kubectl' output 2026-02-17 18:08:21 +01:00
Hektor Misplon
f8b0f62606 chore: gitignore '.pre-commit-config.yaml' 2026-02-16 20:14:11 +01:00
Hektor Misplon
0a222ed225 feat(bluetooth): add 'mpris-proxy' service 2026-02-16 20:14:11 +01:00
Hektor Misplon
a846849a80 fix: improve 'ai-tools' module (host-specific options) 2026-02-16 17:58:51 +01:00
Hektor Misplon
092a4b47e6 chore: disable 'm_taskwarrior_d.nvim' 2026-02-16 17:58:50 +01:00
Hektor Misplon
385fcb3ee1 refactor(nixGL): extract 'nixGL' wrapper 2026-02-16 17:58:41 +01:00
Hektor Misplon
833d999027 feat: add 'bruno' module 2026-02-16 17:58:41 +01:00
Hektor Misplon
0df8cdb354 chore: remove redundant backup files after nixification 2026-02-14 16:27:21 +01:00
Hektor Misplon
23a89dab30 feat: add 'bak' script 2026-02-14 15:22:38 +01:00
Hektor Misplon
7ae0c01e8d chore: update lockfile 2026-02-14 13:18:08 +01:00
Hektor Misplon
a975d9fb6c fix: add 'ai-tools' module to 'andromache' 2026-02-14 02:02:31 +01:00
hektor
6684e2e7fe feat: set up git hooks 2026-02-07 14:25:39 +01:00
hektor
7f0726f443 fix: add ssh keys to agent for all hosts 2026-02-07 14:25:39 +01:00
hektor
cb8ac3b848 fix: resolve proxmark firmware flashing issues 2026-02-07 14:25:38 +01:00
hektor
3a1997f0c4 fix: set up ipv4 forwarding 2026-02-07 14:25:08 +01:00
hektor
a2a7c3c5a0 feat: add 'brightnessctl' to niri desktop 2026-02-07 14:25:08 +01:00
hektor
ce6940b048 flake.lock: Update 
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/4f827ff035c6ddc58d04c45abe5b777d356b926a?dir=pkgs/firefox-addons&narHash=sha256-9Sqq/hxq8ZDLRSzu%2Bedn0OfWG%2BFAPWFpwMKaJobeLec%3D' (2026-02-03)
  → 'gitlab:rycee/nur-expressions/c7794d3f46304de5234008c31b5b28a9d5709184?dir=pkgs/firefox-addons&narHash=sha256-0iGDl/ct3rW%2Bh6%2BsLq4RZaze/U/aQo2L5sLLuyjuVTk%3D' (2026-02-04)
• Updated input 'home-manager':
    'github:nix-community/home-manager/984708c34d3495a518e6ab6b8633469bbca2f77a?narHash=sha256-gj1yP3spUb1vGtaF5qPhshd2j0cg4xf51pklDsIm19Q%3D' (2026-02-01)
  → 'github:nix-community/home-manager/04e5203db66417d548ae1ff188a9f591836dfaa7?narHash=sha256-R1WFtIvp38hS9x63dnijdJw1KyIiy30KGea6e6N7LHs%3D' (2026-02-05)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/cb369ef2efd432b3cdf8622b0ffc0a97a02f3137?narHash=sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU%3D' (2026-02-02)
  → 'github:nixos/nixpkgs/00c21e4c93d963c50d4c0c89bfa84ed6e0694df2?narHash=sha256-AYqlWrX09%2BHvGs8zM6ebZ1pwUqjkfpnv8mewYwAo%2BiM%3D' (2026-02-04)
• Updated input 'nvim':
    'path:./dots/.config/nvim'
  → 'path:./dots/.config/nvim'
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f990b0a334e96d3ef9ca09d4bd92778b42fd84f9?narHash=sha256-NUVGVtYBTC96WhPh4Y3SVM7vf0o1z5W4uqRBn9v1pfo%3D' (2026-02-03)
  → 'github:Mic92/sops-nix/17eea6f3816ba6568b8c81db8a4e6ca438b30b7c?narHash=sha256-ktjWTq%2BD5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY%3D' (2026-02-03)
 2026-02-07 14:25:08 +01:00
Hektor Misplon
e21411c2f9 feat: add helm plugins declaratively 2026-02-07 14:20:28 +01:00
Hektor Misplon
dcb525cce2 feat: set up 'music' module 2026-02-07 14:20:27 +01:00
Hektor Misplon
dc630fe984 refactor: simplify keyboard module 2026-02-07 14:20:04 +01:00
Hektor Misplon
ce90493654 feat: add 'direnv' module 2026-02-07 14:20:04 +01:00
hektor
0c553e7a7d feat: add nfc module (and use it on 'astyanax') 2026-02-05 18:51:39 +01:00
122 changed files with 1602 additions and 2562 deletions
Expand all files Collapse all files

13
.editorconfig
View File

@@ -1,13 +0,0 @@
root = true
[*]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
max_line_length = 120
trim_trailing_whitespace = true
[**.{md,rst}]
indent_size = 2
max_line_length = 80

21
.github/workflows/flake-check.yaml vendored
View File

@@ -1,21 +0,0 @@
name: "Nix flake check"
on:
workflow_call:
pull_request:
push:
jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Check formatting with nixfmt
run: nix run nixpkgs#nixfmt-rfc-style --check .
- name: Lint with statix
run: nix run nixpkgs#statix check
- name: Find dead code with deadnix
run: nix run nixpkgs#deadnix
- name: Run flake check
run: nix flake check --accept-flake-config

2
.gitignore vendored
View File

@@ -8,3 +8,5 @@ result
result-*
nixos-efi-vars.fd
/.pre-commit-config.yaml

1
.mirroring-test
View File

@@ -1 +0,0 @@
test-1770296859

149
BOOKS_PAPERS_MIGRATION_PLAN.md
View File

@@ -1,149 +0,0 @@
# Migration Plan: Move books and papers to flat directory
## Current State
- **Books location:** `/data/desk/home.h.doc/books`
- **Papers location:** `/data/desk/home.h.doc/papers`
- **Current syncthing path:** `~/doc/readings``/home/h/doc/readings`
- **Zotero:** Currently active, will be kept during/after migration
- **Future Papis:** Will use same files once consolidated
## Decision Summary
- **Target path:** `/data/desk/home.h.doc/readings` (single flat directory)
- **Organization:** Completely flat (no subdirectories) - use Papis/Zotero tags for categorization
- **Zotero:** Keep active during/after migration
- **Rebuild timing:** After files are moved (safer - syncthing won't sync while moving)
---
## Implementation Steps
### Step 1: Update syncthing config (andromache)
**File:** `hosts/andromache/default.nix`
Change the syncthing folder path from:
```nix
path = "/home/h/doc/readings";
```
To:
```nix
path = "/data/desk/home.h.doc/readings";
```
### Step 2: Rebuild andromache
```bash
sudo nixos-rebuild switch --flake /home/h/nix
```
This applies the new syncthing configuration.
### Step 3: Prepare target directory
```bash
# Create the target directory (in case it doesn't exist)
mkdir -p /data/desk/home.h.doc/readings
```
### Step 4: Move files (EXECUTE THIS MANUALLY)
Choose one method:
**Method A: Move (removes original directories)**
```bash
mv /data/desk/home.h.doc/books/* /data/desk/home.h.doc/readings/
mv /data/desk/home.h.doc/papers/* /data/desk/home.h.doc/readings/
rmdir /data/desk/home.h.doc/books /data/desk/home.h.doc/papers
```
**Method B: Copy (keeps original directories as backup)**
```bash
cp -r /data/desk/home.h.doc/books/* /data/desk/home.h.doc/readings/
cp -r /data/desk/home.h.doc/papers/* /data/desk/home.h.doc/readings/
```
### Step 5: Configure Boox to sync new path
On your Boox device, update the Syncthing folder to sync:
- Path: Choose where you want the files (e.g., `/sdcard/Books/readings` or `/sdcard/Documents/readings`)
- Accept connection from andromache when prompted
---
## Post-Migration Verification
### 1. Verify syncthing on andromache
- Open http://localhost:8384
- Confirm `readings` folder points to `/data/desk/home.h.doc/readings`
- Check that files are being synced to Boox
### 2. Verify Boox receives files
- Check that files from new directory appear on Boox
- Confirm `readings` folder is active on Boox
### 3. Verify Zotero
- Ensure Zotero can still access files at new location
- Check that tags/categorization still work
- Verify PDFs open correctly from Zotero library
---
## Future Work: Papis Migration
When ready to migrate to Papis:
1. Install Papis: `nix-shell -p papis`
2. Configure Papis to use: `/data/desk/home.h.doc/readings`
3. Import from Zotero or start fresh
4. Both Zotero and Papis can coexist during transition
5. Gradually migrate to Papis, then retire Zotero
---
## Rollback Plan
If anything goes wrong:
### Option 1: Revert syncthing config
```bash
# In hosts/andromache/default.nix, change back to:
path = "/home/h/doc/readings";
# Rebuild:
sudo nixos-rebuild switch --flake /home/h/nix
```
### Option 2: Restore original directories
If Method A (move) was used:
```bash
mkdir -p /data/desk/home.h.doc/books /data/desk/home.h.doc/papers
# You'll need to manually move files back from readings/
```
If Method B (copy) was used:
```bash
# Original directories still exist as backups at:
/data/desk/home.h.doc/books
/data/desk/home.h.doc/papers
```
---
## Session Checklist
- [ ] Update syncthing config in andromache
- [ ] Rebuild andromache
- [ ] Create target directory
- [ ] Move files (choose method: move or copy)
- [ ] Configure Boox folder path
- [ ] Verify syncthing sync
- [ ] Verify Zotero access
- [ ] (Future) Install and configure Papis
---
## Notes
- **File conflicts:** If books and papers have files with the same name, the moved file will overwrite (from `books/` processed first, then `papers/`). Consider checking beforehand.
- **Zotero database:** No changes needed - Zotero tracks files by absolute path, which won't change.
- **Boox folder naming:** The Boox folder name can be anything you want (doesn't have to be "readings"). Use something descriptive for your device like "E-reader" or "Boox".

189
CI_HOOKS_SUMMARY.md
View File

@@ -1,189 +0,0 @@
# Declarative CI and Git Hooks - Summary
## What's New
### 1. GitHub Actions CI ✅
`.github/workflows/flake-check.yaml`
- Runs `nixfmt --check` on every push/PR
- Runs `nix flake check`
- Blocks merging if checks fail
### 2. Nix-Native Git Hooks ✅
`modules/git-hooks/default.nix`
- Hooks defined in `flake.nix` (pure Nix)
- Install automatically on `nixos-rebuild switch`
- Run on every git commit
## Usage
### Install Hooks (One-time per host)
```nix
# Add to hosts/<hostname>/default.nix
{
imports = [
# ... other modules
../../modules/git-hooks
];
services.git-hooks = {
enable = true;
# flake-path = /home/h/nix; # Optional, default
};
}
```
### Rebuild
```bash
sudo nixos-rebuild switch --flake .#andromache
# Output:
# 🪝 Installing git hooks...
# ✅ Done
```
### Now Hooks Work Automatically
```bash
git add .
git commit -m "changes" # Hooks run automatically
```
## Files
| File | Purpose |
|------|---------|
| `.github/workflows/flake-check.yaml` | CI pipeline |
| `modules/git-hooks/default.nix` | Auto-install module |
| `flake.nix` | Hook definitions |
| `.editorconfig` | Code style |
## Enable on Other Hosts
```nix
# hosts/<hostname>/default.nix
imports = [
# ... existing modules
../../modules/git-hooks # Add this
];
services.git-hooks.enable = true;
```
## Add More Hooks
Edit `flake.nix`:
```nix
checks.${system}.pre-commit-check.hooks = {
nixfmt-rfc-style.enable = true; # ✅ Already done
statix.enable = true; # ✅ Already done
deadnix.enable = true; # ✅ Already done
};
```
All Phase 1 hooks are now enabled!
## Testing
```bash
# 1. Rebuild to install hooks
sudo nixos-rebuild switch --flake .#andromache
# 2. Test hooks
git commit -m "test"
# 3. Test CI locally
nix run nixpkgs#nixfmt --check .
nix flake check
```
## Documentation
- `CI_HOOKS_SUMMARY.md` - This file
- `DRUPOL_INFRA_ANALYSIS.md` - Reference patterns
- `AWESOME_NIX_PLAN.md` - Future improvements
- `OPENCODE.md` - Tracking document
## Currently Enabled
| Host | Status | Config File |
|------|--------|--------------|
| andromache | ✅ Enabled | `hosts/andromache/default.nix` |
| astyanax | ✅ Enabled | `hosts/astyanax/default.nix` |
| hecuba | ✅ Enabled | `hosts/hecuba/default.nix` |
| eetion | ✅ Enabled | `hosts/eetion/default.nix` |
| vm | ✅ Enabled | `hosts/vm/default.nix` |
## Clean Slate Test (Astyanax)
```bash
# 1. Remove existing git hooks
rm -rf /home/h/nix/.git/hooks/*
ls -la /home/h/nix/.git/hooks/
# 2. Rebuild astyanax (installs hooks)
sudo nixos-rebuild switch --flake .#astyanax
# Expected output:
# 🪝 Installing git hooks...
# ✅ Done
# 3. Verify hooks were installed
ls -la /home/h/nix/.git/hooks/
# 4. Test hooks work
echo "broken { }" > /home/h/nix/test.nix
git add test.nix
git commit -m "test" # Should fail with nixfmt error
# 5. Clean up
rm /home/h/nix/test.nix
```
## Future Enhancements
### High Priority
- [x] Add statix hook (lint for antipatterns) ✅ Done
- [x] Add deadnix hook (find dead code) ✅ Done
- [x] Enable git-hooks on all hosts ✅ Done
- [ ] Add CI caching (speed up builds)
### Medium Priority
- [ ] Add automated flake.lock updates
- [ ] Add per-host CI checks
- [ ] Add nixos-rebuild tests in CI
## References
- [git-hooks.nix](https://github.com/cachix/git-hooks.nix)
- [nixfmt-rfc-style](https://github.com/NixOS/nixfmt)
- [drupol/infra analysis](DRUPOL_INFRA_ANALYSIS.md)
- [awesome-nix plan](AWESOME_NIX_PLAN.md)
- [OpenCode documentation](OPENCODE.md)
## Quick Reference
```bash
# Rebuild (installs hooks automatically)
sudo nixos-rebuild switch --flake .#<host>
# Verify hooks
ls -la /home/h/nix/.git/hooks/
# Test formatting
nixfmt .
# Check CI status
# https://github.com/hektor/nix/actions
```
## Key Points
**Fully declarative** - Hooks install on every rebuild
**No manual setup** - No `nix develop` needed
**No devShell** - Pure NixOS activation
**Reproducible** - Managed by flake.lock
**Host-aware** - Per-host configuration
**Idempotent** - Checks before installing

70
CLOUD_BACKUP_PLAN.md
View File

@@ -1,70 +0,0 @@
# Cloud Host Backup Plan
## Security Architecture
### Current Setup
- **astyanax** (local): `b2:lmd005` - single repo, all hosts mixed
- **andromache** (cloud): manual backup via script to `b2:lmd005:desktop-arch`
### Recommended Setup
#### 1. Repository Isolation
Each host gets its own restic repository in a separate subdirectory:
```
b2:lmd005:astyanax/ # restic repo for astyanax
b2:lmd005:andromache/ # restic repo for andromache
b2:lmd005:<hostname>/ # restic repo for each host
```
**Benefits:**
- Cryptographic isolation (different restic keys per repo)
- Can't accidentally prune/delete other hosts' backups
- Easier to restore/manage individual hosts
- Can use B2 lifecycle rules per subdirectory
#### 2. Credential Isolation
Each host gets its own B2 Application Key restricted to its subdirectory:
```
B2 Key for astyanax: access to `lmd005:astyanax/*`
B2 Key for andromache: access to `lmd005:andromache/*`
```
**Security benefits:**
- If host is compromised, attacker only accesses that host's backups
- Cannot delete/read other hosts' backups
- Principle of least privilege
#### 3. Cloud Host Strategy (No B2 credentials on cloud hosts)
For cloud hosts like andromache:
```
andromache (cloud) --[SFTP]--> astyanax (local) --[B2]--> b2:lmd005:andromache/
```
- **andromache**: SSH access only, no B2 credentials
- **astyanax**: Pulls backups via SFTP from andromache, pushes to B2
- **B2 credentials**: Only stored on trusted local machine (astyanax)
## Implementation Plan
### ✅ Phase 1: Update astyanax backup
- Change repository from `b2:lmd005` to `b2:lmd005:astyanax/`
- Create new restic repo
- Migrate old snapshots if needed
- Update to use host-specific B2 key (when available)
### ✅ Phase 2: Implement cloud host backups
- Use SFTP-based module to pull from andromache ✅
- Store in `b2:lmd005:andromache/`
- No B2 credentials on andromache ✅
- Daily automated backups ✅
### Phase 3: Cleanup old backups
- Clean up old `desktop-arch` snapshots
- Remove old mixed repo (once migration complete)
## Questions
1. Do you want to migrate existing astyanax snapshots to the new subdirectory, or start fresh?
2. Should astyanax have a master/admin B2 key to manage all backups, or just its own?

217
DOCKER_UPDATE_PLAN.md
View File

@@ -1,217 +0,0 @@
# Docker Container Update Automation Plan
## Current State
- Hecuba (Hetzner cloud host) runs Docker containers
- WUD (Watchtower) is already running as a docker container
- No declarative docker configuration in NixOS
- Manual container management currently
## Goals
Automate docker container updates on hecuba with proper declarative management
## Evaluation: Update Approaches
### Option 1: WUD (Watchtower)
**Pros:**
- Already deployed and working
- Simple, single-purpose tool
- Good monitoring capabilities via web UI
- Can schedule update windows
- Supports multiple strategies (always, weekly, etc.)
**Cons:**
- Not declarative
- Requires manual docker-compose or container management
- No NixOS integration
### Option 2: Watchtower (original)
**Pros:**
- More popular and battle-tested
- Simpler configuration
- Wide community support
**Cons:**
- Same as WUD - not declarative
### Option 3: NixOS Virtualisation.OCI-Containers
**Pros:**
- Fully declarative
- Reproducible builds
- Integrated with NixOS system
- Automatic rollback capability
- Can be managed via colmena
**Cons:**
- More complex setup
- Learning curve for OCI containers syntax
- Update automation still needs to be handled separately
### Option 4: NixOS + Auto-Update
**Pros:**
- Declarative containers
- Automatic system updates can trigger container updates
- Full NixOS ecosystem integration
**Cons:**
- Most complex approach
- Overkill for simple use case
## Implementation Plan
### Phase 1: Inventory Current Setup
- [ ] Document all existing docker containers on hecuba
- [ ] Document current WUD configuration
- [ ] Document update schedules and preferences
- [ ] Identify containers that should NOT auto-update
- [ ] Map container dependencies
### Phase 2: Choose Strategy
- [ ] Evaluate trade-offs between WUD vs declarative approach
- [ ] Decision: Hybrid approach (declarative + WUD) OR full NixOS
#### Option A: Hybrid (Recommended Short-term)
- Keep WUD for automation
- Add OCI containers to NixOS for declarative config
- Gradually migrate containers one by one
#### Option B: Full NixOS
- Replace WUD with declarative containers
- Use systemd timers for update schedules
- More complex but fully reproducible
### Phase 3: Implementation (Hybrid Approach)
#### Step 1: Create Docker Module
Create `modules/docker/containers.nix`:
```nix
{ config, lib, ... }:
{
virtualisation.oci-containers = {
backend = "docker";
containers = {
# Container definitions here
};
};
}
```
#### Step 2: Define Containers
- [ ] Add WUD container to declarative config
- [ ] Add other existing containers to declarative config
- [ ] Configure container restart policies
- [ ] Set up container-specific networks if needed
#### Step 3: Persistent Storage
- [ ] Document volumes for each container
- [ ] Add volume management to NixOS config
- [ ] Ensure backup processes cover container data
#### Step 4: WUD Configuration
- [ ] Add WUD config to NixOS module
- [ ] Configure watch intervals
- [ ] Set up notifications
- [ ] Configure containers to exclude from auto-update
#### Step 5: Deployment
- [ ] Test configuration locally first
- [ ] Deploy to hecuba via colmena
- [ ] Monitor container restarts
- [ ] Verify WUD still works
### Phase 4: Maintenance & Monitoring
- [ ] Set up container health checks
- [ ] Configure alerts for failed updates
- [ ] Document rollback procedure
- [ ] Schedule regular container audits
## Container Inventory Template
```
Container Name:
Purpose:
Image:
Exposed Ports:
Volumes:
Network:
Auto-Update: yes/no
Restart Policy:
Notes:
```
## Example NixOS OCI Container Definition
```nix
# modules/docker/containers.nix
{ config, lib, pkgs, ... }:
{
virtualisation.oci-containers = {
backend = "docker";
containers = {
wud = {
image = "containrrr/watchtower:latest";
ports = [ "8080:8080" ];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
WATCHTOWER_CLEANUP = "true";
WATCHTOWER_SCHEDULE = "0 2 * * *";
};
};
# Add other containers here
};
};
}
```
## Migration Strategy
1. **Document First**: Before changing anything, document current state
2. **Test Locally**: Use colmena's local deployment if possible
3. **Migrate One by One**: Move containers individually to minimize risk
4. **Monitor Closely**: Watch logs after each migration
5. **Keep Backups**: Ensure data is backed up before major changes
## WUD vs Watchtower Clarification
There are two different tools:
- **Watchtower**: Original tool, more popular
- **WUD**: Different implementation with web UI
Since you already have WUD running, we should:
1. Document its current configuration
2. Either keep it and make it declarative, OR
3. Switch to Watchtower if it better fits your needs
## Next Steps
1. **Immediate**: Document all current containers and their configs
2. **Decision**: Choose between hybrid or full NixOS approach
3. **Implementation**: Create docker containers module
4. **Testing**: Deploy to hecuba and verify
## Questions to Answer
- Which containers are currently running?
- How critical is uptime for each container?
- Any containers that should NEVER auto-update?
- Preferred update schedule (daily, weekly)?
- How should update failures be handled (retry, notify, manual)?
- Do you have backups of container data currently?
## Risk Considerations
- Auto-updates can break applications
- Need to test updates before production (maybe staging)
- Some containers have configuration changes between versions
- Data loss risk if volumes are misconfigured
- Network disruption during updates
## Monitoring Setup
Consider adding monitoring for:
- Container health status
- Update success/failure rates
- Disk space usage
- Resource consumption
- Backup verification

226
IMPLEMENTATION_PLAN.md
View File

@@ -1,226 +0,0 @@
# Implementation Plan - Nix Flake Improvements
## Overview
Consolidated plan from:
- [AWESOME_NIX_PLAN.md](AWESOME_NIX_PLAN.md) - Awesome-nix integration
- [DRUPOL_INFRA_ANALYSIS.md](DRUPOL_INFRA_ANALYSIS.md) - Reference patterns
- [OPENCODE.md](OPENCODE.md) - Tracking document
## ✅ Completed
### Code Quality
- ✅ GitHub Actions CI (`.github/workflows/flake-check.yaml`)
- ✅ Nix-native git hooks (`modules/git-hooks/default.nix`)
- ✅ nixfmt integration (runs on commit and CI)
- ✅ .editorconfig (unified code style)
### Declarative Setup
- ✅ Git hooks auto-install on `nixos-rebuild switch`
- ✅ No devShell (fully NixOS activation-based)
- ✅ Hooks enabled on andromache and astyanax
## 📋 Pending Implementation
### Phase 1: Enhanced Code Quality (Week 1)
**Priority: HIGH** ✅ Complete
| # | Task | Effort | Impact | Details | Status |
|---|-------|--------|---------|----------|--------|
| 1.1 | Add statix hook | Low | High | Lint for Nix antipatterns | ✅ Done |
| 1.2 | Add deadnix hook | Low | High | Find dead code in Nix files | ✅ Done |
| 1.3 | Enable git-hooks on all hosts | Very Low | Medium | Add to hecuba, eetion, vm | ✅ Done |
| 1.4 | Fix activation script | Low | High | Use `nix flake check` | ✅ Done |
| 1.5 | Fix module syntax errors | Low | High | Correct brace closing | ✅ Done |
| # | Task | Effort | Impact | Details | Status |
|---|-------|--------|---------|----------|--------|
| 1.1 | Add statix hook | Low | High | Lint for Nix antipatterns | ✅ Done |
| 1.2 | Add deadnix hook | Low | High | Find dead code in Nix files | ✅ Done |
| 1.3 | Enable git-hooks on all hosts | Very Low | Medium | Add to hecuba, eetion, vm | ✅ Done |
**Implementation:**
```nix
# flake.nix
checks.${system}.pre-commit-check.hooks = {
nixfmt-rfc-style.enable = true; # ✅ Already done
statix.enable = true; # Add this
deadnix.enable = true; # Add this
};
```
### Phase 2: CI/CD Enhancements (Week 2)
**Priority: HIGH**
| # | Task | Effort | Impact | Details |
|---|-------|--------|---------|
| 2.1 | Add CI caching | Medium | High | Speed up GitHub Actions builds |
| 2.2 | Add automated flake.lock updates | Medium | Medium | Weekly scheduled updates |
| 2.3 | Add per-host CI checks | Medium | Medium | Test specific NixOS configs in CI |
**2.1 CI Caching:**
```yaml
# .github/workflows/flake-check.yaml
- uses: actions/cache@v4
with:
path: /nix/store
key: ${{ runner.os }}-nix-${{ hashFiles('**') }}
```
**2.2 Automated Updates:**
```yaml
# .github/workflows/update-flake-lock.yaml
name: "Auto update flake lock"
on:
schedule:
- cron: "0 12 * * 0" # Weekly
jobs:
update:
steps:
- uses: actions/checkout@v6
- uses: cachix/install-nix-action@v31
- run: nix flake update
- uses: peter-evans/create-pull-request@v6
```
### Phase 3: Developer Experience (Week 3)
**Priority: MEDIUM**
| # | Task | Effort | Impact | Details |
|---|-------|--------|---------|
| 3.1 | Add nil/nixd LSP | Low | Medium | Autocompletion, error highlighting |
| 3.2 | Add nix-index + comma | Low | Medium | Run any binary without `nix run` |
| 3.3 | Add nh | Low | Medium | Better CLI output for nix commands |
**3.1 LSP Setup:**
```nix
# Add to nvim config or home-manager
services.lsp.servers.nil = {
enable = true;
package = pkgs.nil;
};
```
**3.2 nix-index:**
```bash
nix-index
git clone https://github.com/nix-community/nix-index
```
### Phase 4: Utility Tools (Week 4)
**Priority: LOW**
| # | Task | Effort | Impact | Details |
|---|-------|--------|---------|
| 4.1 | Add nix-tree | Very Low | Low | Browse dependency graph |
| 4.2 | Add nix-du | Very Low | Low | Visualize GC roots |
| 4.3 | Add nix-init | Low | Low | Generate packages from URLs |
| 4.4 | Add nix-update | Low | Low | Update package versions |
### Phase 5: Structural Improvements (Future)
**Priority: LOW-MEDIUM**
| # | Task | Effort | Impact | Details |
|---|-------|--------|---------|
| 5.1 | Migrate to flake-parts | Medium-High | High | Automatic module discovery |
| 5.2 | Add treefmt-nix | Medium | Medium | Unified project formatting |
| 5.3 | Add nix-direnv | Low | Medium | Auto-load dev environments |
## 📊 Implementation Status
### Code Quality
| Feature | Status | File |
|---------|--------|-------|
| CI (GitHub Actions) | ✅ Done | `.github/workflows/flake-check.yaml` |
| Git hooks (Nix-native) | ✅ Done | `modules/git-hooks/default.nix` |
| nixfmt | ✅ Done | Enabled in hooks |
| statix | ✅ Done | Phase 1.1 complete |
| deadnix | ✅ Done | Phase 1.2 complete |
| All hosts enabled | ✅ Done | Phase 1.3 complete |
| CI caching | ⏳ Pending | Phase 2.1 |
| Auto flake updates | ⏳ Pending | Phase 2.2 |
### Hosts with Git Hooks
| Host | Status | Config |
|------|--------|--------|
| andromache | ✅ Enabled | `hosts/andromache/default.nix` |
| astyanax | ✅ Enabled | `hosts/astyanax/default.nix` |
| hecuba | ✅ Enabled | `hosts/hecuba/default.nix` |
| eetion | ✅ Enabled | `hosts/eetion/default.nix` |
| vm | ✅ Enabled | `hosts/vm/default.nix` |
### Developer Tools
| Tool | Status | Phase |
|------|--------|--------|
| nil/nixd | ⏳ Pending | 3.1 |
| nix-index | ⏳ Pending | 3.2 |
| nh | ⏳ Pending | 3.3 |
| nix-tree | ⏳ Pending | 4.1 |
| nix-du | ⏳ Pending | 4.2 |
| nix-init | ⏳ Pending | 4.3 |
| nix-update | ⏳ Pending | 4.4 |
### Structure
| Feature | Status | Phase |
|---------|--------|--------|
| flake-parts | ⏳ Pending | 5.1 |
| treefmt-nix | ⏳ Pending | 5.2 |
| nix-direnv | ⏳ Pending | 5.3 |
| .editorconfig | ✅ Done | Already added |
## 🎯 Quick Wins (Day 1)
If you want immediate value, start with:
### 1. Enable git-hooks on remaining hosts (5 minutes)
```nix
# Add to hosts/hecuba/default.nix, eetion/default.nix, vm/default.nix
imports = [
# ... existing modules
../../modules/git-hooks
];
services.git-hooks.enable = true;
```
### 2. Add statix hook (10 minutes)
```nix
# Edit flake.nix
checks.${system}.pre-commit-check.hooks = {
nixfmt-rfc-style.enable = true;
statix.enable = true; # Add this
};
```
### 3. Add deadnix hook (10 minutes)
```nix
# Edit flake.nix
checks.${system}.pre-commit-check.hooks = {
nixfmt-rfc-style.enable = true;
statix.enable = true;
deadnix.enable = true; # Add this
};
```
## 📚 References
- [CI_HOOKS_SUMMARY.md](CI_HOOKS_SUMMARY.md) - Current CI/hooks setup
- [AWESOME_NIX_PLAN.md](AWESOME_NIX_PLAN.md) - Awesome-nix integration
- [DRUPOL_INFRA_ANALYSIS.md](DRUPOL_INFRA_ANALYSIS.md) - Reference patterns
- [OPENCODE.md](OPENCODE.md) - Original tracking
## 🚀 Implementation Order
**Recommended sequence:**
1. **Phase 1** (Week 1) - Enhanced code quality
2. **Phase 2** (Week 2) - CI/CD improvements
3. **Phase 3** (Week 3) - Developer experience
4. **Phase 4** (Week 4) - Utility tools
5. **Phase 5** (Future) - Structural changes
## 🔄 Updates
As items are completed, update the status in this document and check off in:
- [AWESOME_NIX_PLAN.md](AWESOME_NIX_PLAN.md)
- [OPENCODE.md](OPENCODE.md)
- [CI_HOOKS_SUMMARY.md](CI_HOOKS_SUMMARY.md)

67
OPENCODE.md
View File

@@ -1,67 +0,0 @@
# OpenCode: Future Nix Flake Improvements
This document tracks potential improvements to the Nix flake configuration.
## 📋 Status Overview
| Category | Status |
|---------|--------|
| Code Quality | 🟡 In Progress |
| CI/CD | ✅ Baseline Done |
| Developer Experience | ⏸ Not Started |
| Utilities | ⏸ Not Started |
| Structure | ⏸ Not Started |
## ✅ Completed
### CI and Git Hooks
-**GitHub Actions CI** - `.github/workflows/flake-check.yaml`
-**Nix-native git hooks** - `modules/git-hooks/default.nix`
-**Declarative hook installation** - Auto-installs on rebuild
-**nixfmt integration** - Runs on commit and CI
-**statix integration** - Lints for Nix antipatterns
-**deadnix integration** - Finds dead code
-**.editorconfig** - Unified code style
-**Git hooks on all hosts** - Enabled on andromache, astyanax, hecuba, eetion, vm
### Deduplication
-**Created `mkNixOS` helper** - Centralized system configuration
## 📋 Pending Improvements
See [IMPLEMENTATION_PLAN.md](IMPLEMENTATION_PLAN.md) for detailed implementation phases.
### Quick Reference
| Priority | Task | Phase |
|----------|-------|--------|
| HIGH | Add statix hook | 1.1 |
| HIGH | Add deadnix hook | 1.2 |
| HIGH | Enable git-hooks on all hosts | 1.3 |
| HIGH | Add CI caching | 2.1 |
| MEDIUM | Add automated flake.lock updates | 2.2 |
| MEDIUM | Add nil/nixd LSP | 3.1 |
| MEDIUM | Add nix-index + comma | 3.2 |
| MEDIUM | Add nh | 3.3 |
| LOW | Add utility tools (nix-tree, etc.) | 4.x |
| LOW | Migrate to flake-parts | 5.1 |
## 🎯 Next Steps
1. Review [IMPLEMENTATION_PLAN.md](IMPLEMENTATION_PLAN.md) for complete roadmap
2. Start with Phase 1 (Enhanced Code Quality)
3. Update this document as items are completed
## 📚 Documentation
| Document | Purpose |
|----------|---------|
| [IMPLEMENTATION_PLAN.md](IMPLEMENTATION_PLAN.md) | ✅ **Main plan** - Consolidated roadmap |
| [CI_HOOKS_SUMMARY.md](CI_HOOKS_SUMMARY.md) | Current CI/hooks setup |
| [AWESOME_NIX_PLAN.md](AWESOME_NIX_PLAN.md) | Awesome-nix integration details |
| [DRUPOL_INFRA_ANALYSIS.md](DRUPOL_INFRA_ANALYSIS.md) | Reference patterns |
## 🔗 Links
- [awesome-nix](https://github.com/nix-community/awesome-nix)
- [git-hooks.nix](https://github.com/cachix/git-hooks.nix)
- [drupol/infra](https://github.com/drupol/infra)

26
README.md
View File

@@ -1,15 +1,27 @@
# NixOS flake
## Set up virtual machine ([`disko`](https://github.com/nix-community/disko/blob/master/docs/interactive-vm.md))
## hosts
1. Build the virtual machine
### NixOS
```
nixos-rebuild switch --flake .#<hostname>
```
### home manager
```
home-manager switch --flake .#work
```
### virtual machines
```
nix build -L '.#nixosConfigurations.vm.config.system.build.vmWithDisko'
```
2. Run the virtual machine
```
./result/bin/disko-vm
```
## docs
* [deploy using colmena](./deploy/README.md)
* [SD installer images](./images/README.md)

130
SIMPLE_HOOKS.md
View File

@@ -1,130 +0,0 @@
# Git Hooks - Simple Declarative Setup
## Concept
Hooks are defined in Nix (`flake.nix`) and installed by running `nix flake check` once.
**No systemd services, no activation scripts, no complexity.**
## How It Works
### 1. Hooks Defined in Nix
`flake.nix`:
```nix
checks.${system}.pre-commit-check = git-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt.enable = true;
statix.enable = true;
deadnix.enable = true;
};
};
```
### 2. Installation
Run once on each host:
```bash
nix flake check
```
This installs the hooks and creates `.git/hooks/pre-commit`.
### 3. Automatic
- ✅ Hooks run on every `git commit`
- ✅ CI runs `nix flake check` automatically
- ✅ Hooks checked on every push/PR
## Usage
### Install Hooks (One-Time Per Host)
```bash
# From the flake directory
nix flake check
# You should see hooks installing
```
### Verify Installation
```bash
ls -la .git/hooks/
```
Should show `pre-commit` (and potentially other hooks).
### Test Hooks
```bash
# Create a file with bad formatting
echo "broken { }" > test.nix
# Try to commit (should fail)
git add test.nix
git commit -m "test"
# Clean up
rm test.nix
```
## What's Declarative
| Aspect | Status |
|---------|--------|
| Hook definitions | ✅ Yes - in `flake.nix` |
| Hook installation | ✅ Yes - via `nix flake check` |
| CI integration | ✅ Yes - via `nix flake check` in workflows |
| Local git hooks | ✅ Yes - run automatically on commit |
| No systemd services | ✅ Removed - too complex |
| No activation scripts | ✅ Removed - unnecessary |
| One-time setup | ✅ Yes - run `nix flake check` once per host |
## Files
| File | Status |
|------|--------|
| `flake.nix` | ✅ Hook definitions |
| `.github/workflows/flake-check.yaml` | ✅ CI uses `nix flake check` |
| `.editorconfig` | ✅ Code style |
| `modules/git-hooks/default.nix` | ❌ **DELETED** - Not needed |
| `hosts/*/default.nix` | ✅ **CLEANED** - Removed git-hooks |
## Next Steps
1. Test locally:
```bash
nix flake check
ls -la .git/hooks/
echo "broken { }" > test.nix
git add test.nix
git commit -m "test" # Should fail
rm test.nix
```
2. Commit changes:
```bash
git add .
git commit -m "Simplify: Git hooks via nix flake check (no systemd, no activation)"
git push
```
3. Run `nix flake check` on each host when you next rebuild
## This Is The Right Approach Because
| Issue | Overcomplicated Solution | Simple Solution |
|-------|----------------------|----------------|
| Declarative | ❌ Systemd service is separate from Nix | ✅ Hooks in `flake.nix`, install via `nix flake check` |
| Simple | ❌ Multiple layers (activation, systemd) | ✅ One command: `nix flake check` |
| Idempotent | ❌ Runs on every rebuild | ✅ Idempotent - run once per host |
| Reproducible | ❌ Depends on systemd state | ✅ Pure Nix |
## Summary
**The simplest declarative approach:**
1. Define hooks in `flake.nix` ✅ Already done
2. Run `nix flake check` once per host ✅ To do
3. That's it! Hooks work automatically ✅ Declarative
No systemd services. No activation scripts. No complexity.

2
deploy/colmena.nix
View File

@@ -17,7 +17,7 @@ in
inputs.colmena.lib.makeHive {
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
localSystem = "x86_64-linux";
};
nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;

7
dots/.bashrc
View File

@@ -103,13 +103,6 @@ if [[ -z "${SSH_CONNECTION}" ]]; then
fi
# }}}
# pnpm
export PNPM_HOME="/home/h/.local/share/pnpm"
case ":$PATH:" in
*":$PNPM_HOME:"*) ;;
*) export PATH="$PNPM_HOME:$PATH" ;;
esac
# pnpm end
# Codi
# Usage: codi [filetype] [filename]

32
dots/.bin/bak Executable file
View File

@@ -0,0 +1,32 @@
#!/usr/bin/env bash
# back up a file by copying it to a new file with a .bak extension
# reference: https://askubuntu.com/questions/962489/is-there-any-way-to-create-backup-copy-of-a-file-without-type-its-name-twice
usage() {
echo "Usage: bak [-t|--timestamp] <file to back up>"
exit 1
}
timestamp=false
while [[ $# -gt 0 ]]; do
case $1 in
-t|--timestamp)
timestamp=true
shift
;;
*)
break
;;
esac
done
[ $# -eq 1 ] || usage
if $timestamp; then
date="$(date +%Y-%m-%d_%H-%M-%S)"
cp -vpn "$1"{,."$date".bak}
else
cp -vpn "$1"{,.bak}
fi

26
dots/.bin/save-home
View File

@@ -1,26 +0,0 @@
#!/usr/bin/env bash
# Back up my $HOME folder to OneDrive using `restic`.
#
# Adds extra flags needed for using `rclone` with sharepoint WebDav I.e. add
# `--ignore-size --ignore-checksum --update` to the default `rclone.args`.
#
# Select directory in repo using -r rclone:<repo>:<directory>
#
# Runs `backup` command on $HOME and ignore what is listed in `.resticexclude`
#
# ```/etc/restic-env
# export B2_ACCOUNT_ID=
# export B2_ACCOUNT_KEY=
# ```
#
# `restic -r b2:desktop-arch init`
source /etc/restic-env
restic -r "$RESTIC_REPOSITORY:$HOSTNAME" backup \
--tag "hektor" \
--one-file-system \
--files-from="$HOME/.resticinclude" \
--exclude-file="$HOME/.resticexclude" \
--exclude-if-present=".nobackup" \
--verbose=3

2
dots/.bin/sb-pomo
View File

@@ -1,3 +1,3 @@
#!/usr/bin/env bash
[ -f "/tmp/pomo" ] && cat /tmp/pomo || echo ""
[ -f "/home/h/.local/share/pomo" ] && cat /home/h/.local/share/pomo || echo ""

5
dots/.bin/update-vim
View File

@@ -1,5 +0,0 @@
#!/usr/bin/env bash
# Tiny Vim update helper
nvim +PlugUpgrade +PlugUpdate +CocUpdate

1
dots/.config/kitty/kitty.conf
View File

@@ -163,5 +163,4 @@ map cmd+q
#: }}}
include ./themes/zenwritten_dark.conf
include ./nvim.conf

49
dots/.config/kitty/themes/zenwritten_dark.conf
View File

@@ -1,49 +0,0 @@
# This file is auto-generated by shipwright.nvim
# vim:ft=kitty
## name: zenwritten_dark
## author: Michael Chris Lopez
## license: MIT
## upstream: https://github.com/mcchrish/zenbones.nvim/raw/main/extras/kitty/zenwritten_dark.conf
## blurb: A zenbones variant with zero hue and saturation.
foreground #BBBBBB
background #191919
selection_foreground #BBBBBB
selection_background #404040
# Cursor colors
cursor #C9C9C9
cursor_text_color #191919
# URL underline color when hovering with mouse
# kitty window border colors
# OS Window titlebar colors
# Tab bar colors
active_tab_foreground #BBBBBB
active_tab_background #65435E
inactive_tab_foreground #BBBBBB
inactive_tab_background #303030
# Colors for marks (marked text in the terminal)
# The basic 16 colors
# black
color0 #191919
color8 #3D3839
# red
color1 #DE6E7C
color9 #E8838F
# green
color2 #819B69
color10 #8BAE68
# yellow
color3 #B77E64
color11 #D68C67
# blue
color4 #6099C0
color12 #61ABDA
# magenta
color5 #B279A7
color13 #CF86C1
# cyan
color6 #66A5AD
color14 #65B8C1
# white
color7 #BBBBBB
color15 #8E8E8E
# You can set the remaining 240 colors as color16 to color255.

49
dots/.config/kitty/themes/zenwritten_light.conf
View File

@@ -1,49 +0,0 @@
# This file is auto-generated by shipwright.nvim
# vim:ft=kitty
## name: zenwritten_light
## author: Michael Chris Lopez
## license: MIT
## upstream: https://github.com/mcchrish/zenbones.nvim/raw/main/extras/kitty/zenwritten_light.conf
## blurb: A zenbones variant with zero hue and saturation.
foreground #353535
background #EEEEEE
selection_foreground #353535
selection_background #D7D7D7
# Cursor colors
cursor #353535
cursor_text_color #EEEEEE
# URL underline color when hovering with mouse
# kitty window border colors
# OS Window titlebar colors
# Tab bar colors
active_tab_foreground #353535
active_tab_background #DEB9D6
inactive_tab_foreground #353535
inactive_tab_background #CFCFCF
# Colors for marks (marked text in the terminal)
# The basic 16 colors
# black
color0 #EEEEEE
color8 #C6C3C3
# red
color1 #A8334C
color9 #94253E
# green
color2 #4F6C31
color10 #3F5A22
# yellow
color3 #944927
color11 #803D1C
# blue
color4 #286486
color12 #1D5573
# magenta
color5 #88507D
color13 #7B3B70
# cyan
color6 #3B8992
color14 #2B747C
# white
color7 #353535
color15 #5C5C5C
# You can set the remaining 240 colors as color16 to color255.

29
dots/.config/ncspot/config.toml
View File

@@ -1,5 +1,6 @@
default_keybindings = false
flip_status_indicators = true
library_tabs = ["tracks", "albums", "artists", "playlists", "browse"] # remove podcasts tab
[keybindings]
"Enter" = "play"
@@ -24,11 +25,10 @@ flip_status_indicators = true
"c" = "clear"
"=" = "volup 1"
"-" = "voldown 1"
"/" = "focus search"
"Q" = "focus queue"
"L" = "focus library"
"1" = "focus queue"
"2" = "focus library"
"2" = "focus search"
"3" = "focus library"
"4" = "focus cover"
"h" = "move left 1"
"j" = "move down 1"
"k" = "move up 1"
@@ -41,26 +41,5 @@ flip_status_indicators = true
"Y" = "share selected"
"U" = "update"
[theme]
primary="#aaaaaa"
secondary="#555555"
background="1a1a1a"
title="#cccccc"
title_secondary="#aaaaaa"
playing="#ffffff"
playing_bg="1a1a1a"
playing_selected="#ffffff"
highlight="#cccccc"
highlight_bg="#333333"
error="#ffffff"
error_bg="#333333"
statusbar="#cccccc"
statusbar_bg="#1a1a1a"
statusbar_progress="#cccccc"
statusbar_progress_bg="#1a1a1a"
cmdline="#cccccc"
cmdline_bg="#1a1a1a"
search_match="#ffffff"
backend="pipe"
notify="false"

3
dots/.config/ncspot/credentials.toml
View File

@@ -1,3 +0,0 @@
username = 'hektor.misplon@gmail.com'
auth_type = 0
auth_data = 'KDEzMzc9PXRydTMpPzo='

1
dots/.config/nvim/after/plugin/lspconfig.lua
View File

@@ -85,6 +85,7 @@ local servers = {
},
},
},
openscad_ls = {},
pyright = {},
-- tsserver = {},
svelte = {

18
dots/.config/nvim/after/plugin/m_taskwarrior_d.nvim.lua
View File

@@ -1,9 +1,9 @@
require("m_taskwarrior_d").setup()
vim.api.nvim_create_autocmd({ "BufEnter", "BufWritePost" }, {
group = vim.api.nvim_create_augroup("TWTask", { clear = true }),
pattern = "*.md",
callback = function()
vim.cmd("TWSyncTasks")
end,
})
-- require("m_taskwarrior_d").setup()
--
-- vim.api.nvim_create_autocmd({ "BufEnter", "BufWritePost" }, {
-- group = vim.api.nvim_create_augroup("TWTask", { clear = true }),
-- pattern = "*.md",
-- callback = function()
-- vim.cmd("TWSyncTasks")
-- end,
-- })

29
dots/.config/nvim/flake.lock generated
View File

@@ -42,11 +42,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1769578476,
"narHash": "sha256-4+KbiBcC6hQ3sh0UbPXjy6TOfLh9yhskRlfPzyZ2FH4=",
"lastModified": 1770584904,
"narHash": "sha256-9Zaz8lbKF2W9pwXZEnbiGsicHdBoU+dHt3Wv3mCJoZ8=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "48f8be4bdafccfa19ceaaf08071a15eca36fdb1d",
"rev": "538fdde784d2909700d97a8ef307783b33a86fb1",
"type": "github"
},
"original": {
@@ -73,11 +73,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1769740369,
"narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=",
"lastModified": 1770843696,
"narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6308c3b21396534d8aaeac46179c14c439a89b8a",
"rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
"type": "github"
},
"original": {
@@ -119,22 +119,6 @@
"type": "github"
}
},
"plugins-m-taskwarrior-d-nvim": {
"flake": false,
"locked": {
"lastModified": 1767960157,
"narHash": "sha256-ov0qi4LhIlwqrBzSbTJ6APC5qjl2d/vlKWJfW5ZiDrg=",
"owner": "huantrinh1802",
"repo": "m_taskwarrior_d.nvim",
"rev": "107247387cd81823046bc2b8e71150c8edf041d3",
"type": "github"
},
"original": {
"owner": "huantrinh1802",
"repo": "m_taskwarrior_d.nvim",
"type": "github"
}
},
"plugins-mcphub-nvim": {
"flake": false,
"locked": {
@@ -206,7 +190,6 @@
"nixpkgs": "nixpkgs_2",
"plugins-beancount-nvim": "plugins-beancount-nvim",
"plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
"plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
"plugins-mcphub-nvim": "plugins-mcphub-nvim",
"plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
"plugins-shipwright-nvim": "plugins-shipwright-nvim",

13
dots/.config/nvim/flake.nix
View File

@@ -8,10 +8,10 @@
url = "github:rktjmp/shipwright.nvim";
flake = false;
};
plugins-m-taskwarrior-d-nvim = {
url = "github:huantrinh1802/m_taskwarrior_d.nvim";
flake = false;
};
# plugins-m-taskwarrior-d-nvim = {
# url = "github:huantrinh1802/m_taskwarrior_d.nvim";
# flake = false;
# };
plugins-beancount-nvim = {
url = "github:polarmutex/beancount.nvim";
flake = false;
@@ -37,7 +37,6 @@
outputs =
{
self,
nixpkgs,
nixCats,
...
@@ -50,7 +49,7 @@
mkDependencyOverlays = system: [
(utils.standardPluginOverlay inputs)
(final: prev: {
(_final: _prev: {
mcp-hub = inputs.mcp-hub.packages.${system}.default;
})
];
@@ -164,7 +163,7 @@
kitty-scrollback-nvim
fidget-nvim
rustaceanvim
pkgs.neovimPlugins.m-taskwarrior-d-nvim
# pkgs.neovimPlugins.m-taskwarrior-d-nvim
claude-code-nvim
];
};

4
dots/.config/nvim/lua/skeleton/init.lua
View File

@@ -2,10 +2,10 @@ local autocmd = vim.api.nvim_create_autocmd
autocmd("BufNewFile", {
pattern = "shell.nix",
command = "0r ~/.config/nvim/skeletons/shell.nix",
command = "0r ~/.config/nvim/skeletons/shell.nix.skeleton",
})
autocmd("BufNewFile", {
pattern = "flake.nix",
command = "0r ~/.config/nvim/skeletons/flake.nix",
command = "0r ~/.config/nvim/skeletons/flake.nix.skeleton",
})

0
dots/.config/nvim/skeletons/flake.nix → dots/.config/nvim/skeletons/flake.nix.skeleton
View File

0
dots/.config/nvim/skeletons/shell.nix → dots/.config/nvim/skeletons/shell.nix.skeleton
View File

1
dots/.config/tmux/hooks/tmux.regular.conf
View File

@@ -1 +0,0 @@
set -g status-style bg=default

2
dots/.config/tmux/hooks/tmux.ssh.conf
View File

@@ -1 +1 @@
set -g status-style bg=blue,fg=black;
set -g status-style bg=colour12,fg=colour0

22
dots/.config/tmux/themes/zenwritten_dark.tmux
View File

@@ -1,22 +0,0 @@
# This file is based on the one provided by shipwright.nvim
set -g @FG '#dddddd'
set -g @BG '#111111'
set -g status-left ' #[fg=#{@FG},bold]#{s/root//:client_key_table} '
set -g status-right '#[fg=#{@FG},bold] [#S]#[fg=#{@FG},bold] [%d/%m] #[fg=#{@FG},bold][%I:%M%p] '
set -g status-style fg='#{@FG}',bg='#{@BG}'
set -g window-status-current-style fg='#{@FG}',bg='#{@BG}',bold
set -g pane-border-style fg='#{@FG}'
set -g pane-active-border-style fg='#{@FG}'
set -g message-style fg='#{@FG}',bg='#{@FG}'
set -g display-panes-active-colour '#{@FG}'
set -g display-panes-colour '#{@FG}'
set -g clock-mode-colour '#{@FG}'
set -g mode-style fg='#{@FG}',bg='#{@FG}'

22
dots/.config/tmux/themes/zenwritten_light.tmux
View File

@@ -1,22 +0,0 @@
# This file is based on the one provided by shipwright.nvim
set -g @FG '#111111'
set -g @BG '#dddddd'
set -g status-left ' #[fg=#{@FG},bold]#{s/root//:client_key_table} '
set -g status-right '#[fg=#{@FG},bold] [#S]#[fg=#{@FG},bold] [%d/%m] #[fg=#{@FG},bold][%I:%M%p] '
set -g status-style fg='#{@FG}',bg='#{@BG}'
set -g window-status-current-style fg='#{@FG}',bg='#{@BG}',bold
set -g pane-border-style fg='#{@FG}'
set -g pane-active-border-style fg='#{@FG}'
set -g message-style fg='#{@FG}',bg='#{@FG}'
set -g display-panes-active-colour '#{@FG}'
set -g display-panes-colour '#{@FG}'
set -g clock-mode-colour '#{@FG}'
set -g mode-style fg='#{@FG}',bg='#{@FG}'

13
dots/.config/tmux/tmux.conf
View File

@@ -68,18 +68,7 @@ set -g status-left '#h '
set -g status-right '#(uptime | cut -f 4-5 -d " " | cut -f 1 -d ",") %a %l:%M:%S %p %Y-%m-%d'
%endif
# theming
%if "#{==:#{host},desktop-arch}"
set -g default-terminal "tmux-256color"
setw -g window-status-style fg=colour244,bg=default
setw -g window-status-current-style fg=colour232,bg=default,bold
set -g message-style fg=colour232,bg=default
setw -g clock-mode-colour colour235
set -g status-style bg=default
set -g pane-border-style fg=#cccccc
set -g pane-active-border-style fg=#555555
set -g message-style bg=#cccccc,fg=#000000
%endif
set -g default-terminal "tmux-256color"
set-hook -g after-new-session 'if -F "#{==:#{session_name},ssh}" "source ${XDG_CONFIG_HOME}/tmux/hooks/tmux.ssh.conf" "source ${XDG_CONFIG_HOME}/tmux/hooks/tmux.regular.conf"'

1
dots/.config/tmux/tmux.regular.conf
View File

@@ -1 +0,0 @@
set -g status-style bg=default

3
dots/.gitignore vendored
View File

@@ -84,6 +84,9 @@ dkms.conf
# Dotenv
.env
.envrc
.direnv/
.pre-commit-config.yaml
# Prevent module files from being ignored (e.g. NestJS)
!*.module*

29
dots/.local/share/task/hooks/on-add.limit.py Executable file
View File

@@ -0,0 +1,29 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
slots = get_slots()
if slots <= 0:
print(f"Cannot add task: No slots available (0/{slots}).")
print("Delete or complete a task first to earn an add slot.")
sys.exit(1)
with open(SLOTS_FILE, "w") as f:
f.write(str(slots - 1))
print(f"Task added. Slots remaining: {slots - 1}")
for line in sys.stdin:
task = json.loads(line)
print(json.dumps(task))
sys.exit(0)

34
dots/.local/share/task/hooks/on-modify.limit.py Executable file
View File

@@ -0,0 +1,34 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
data = sys.stdin.read().strip().split("\n")
if len(data) < 2:
for line in data:
if line:
print(line)
sys.exit(0)
old_task = json.loads(data[0])
new_task = json.loads(data[1])
was_pending = old_task.get("status") == "pending"
is_not_pending = new_task.get("status") in ("completed", "deleted")
if was_pending and is_not_pending:
slots = get_slots() + 1
with open(SLOTS_FILE, "w") as f:
f.write(str(slots))
print(f"Slot earned! Total slots: {slots}")
print(json.dumps(new_task))
sys.exit(0)

44
dots/.resticexclude
View File

@@ -1,44 +0,0 @@
# Restic ignore
# General
.trash
Trash
.cache
cache
Cache
CachedData
CachedExtension
CacheStorage
__pycache__
GPUCache
ShaderCache
build
.git
node_modules
venv
env
# Specifics
$HOME/.android
$HOME/.atom
$HOME/.build
$HOME/.cabal
$HOME/.cargo
$HOME/.conda
$HOME/.config/BraveSoftware/Brave-Browser/Default/Local Storage
$HOME/.config/BraveSoftware/Brave-Browser/Default/Local Extension Settings
$HOME/.config/nvm/versions
$HOME/.config/devcert
$HOME/.espressif
$HOME/.local/share/torbrowser
$HOME/.mozilla
$HOME/.nvm
$HOME/.npm
$HOME/.nuget
$HOME/.yarn
$HOME/.config/yarn
$HOME/doc/disk-images
$HOME/.stremio-server
$HOME/Games
!$HOME/Games/*/drive_c/users/h/AppData
!$HOME/Games/rhino

3
dots/.resticinclude
View File

@@ -1,3 +0,0 @@
/etc
/boot
/home

495
flake.lock generated
View File

@@ -1,5 +1,73 @@
{
"nodes": {
"base16": {
"inputs": {
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1755819240,
"narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1765809053,
"narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1760703920,
"narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "d646af9b7d14bff08824538164af99d0c521b185",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
@@ -53,11 +121,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1770177820,
"narHash": "sha256-0iGDl/ct3rW+h6+sLq4RZaze/U/aQo2L5sLLuyjuVTk=",
"lastModified": 1771732978,
"narHash": "sha256-o7gZh/eXFkEEmzwlBdIbgCJhmdlqQhOhVjudqgsIefg=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "c7794d3f46304de5234008c31b5b28a9d5709184",
"rev": "18226106e18bc40cce99d436ee741a946f1888f6",
"type": "gitlab"
},
"original": {
@@ -67,6 +135,22 @@
"type": "gitlab"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1764873433,
"narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@@ -121,6 +205,27 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
@@ -154,6 +259,22 @@
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
@@ -163,11 +284,11 @@
]
},
"locked": {
"lastModified": 1769939035,
"narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
"lastModified": 1771857445,
"narHash": "sha256-NCrhxU9wq5+4jQG1fvRbyTnH8GSbH6LovreVoH2fOL4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a8ca480175326551d6c4121498316261cbb5b260",
"rev": "3d7a52f678227930ab089f5d9b384f2d50f7d534",
"type": "github"
},
"original": {
@@ -197,6 +318,25 @@
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"host": "gitlab.gnome.org",
"lastModified": 1767737596,
"narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "ef02db02bf0ff342734d525b5767814770d85b49",
"type": "gitlab"
},
"original": {
"host": "gitlab.gnome.org",
"owner": "GNOME",
"ref": "gnome-49",
"repo": "gnome-shell",
"type": "gitlab"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -204,11 +344,11 @@
]
},
"locked": {
"lastModified": 1770263241,
"narHash": "sha256-R1WFtIvp38hS9x63dnijdJw1KyIiy30KGea6e6N7LHs=",
"lastModified": 1771851181,
"narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "04e5203db66417d548ae1ff188a9f591836dfaa7",
"rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c",
"type": "github"
},
"original": {
@@ -236,29 +376,6 @@
"type": "github"
}
},
"nix-formatter-pack": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"nmd": "nmd",
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"type": "github"
},
"original": {
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@@ -280,34 +397,6 @@
"type": "github"
}
},
"nix-on-droid": {
"inputs": {
"home-manager": [
"home-manager"
],
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
},
"locked": {
"lastModified": 1720396533,
"narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"owner": "nix-community",
"repo": "nix-on-droid",
"rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "nix-on-droid",
"type": "github"
}
},
"nix-secrets": {
"flake": false,
"locked": {
@@ -328,11 +417,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1769578476,
"narHash": "sha256-4+KbiBcC6hQ3sh0UbPXjy6TOfLh9yhskRlfPzyZ2FH4=",
"lastModified": 1770584904,
"narHash": "sha256-9Zaz8lbKF2W9pwXZEnbiGsicHdBoU+dHt3Wv3mCJoZ8=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "48f8be4bdafccfa19ceaaf08071a15eca36fdb1d",
"rev": "538fdde784d2909700d97a8ef307783b33a86fb1",
"type": "github"
},
"original": {
@@ -364,11 +453,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"lastModified": 1771423359,
"narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"rev": "740a22363033e9f1bb6270fbfb5a9574067af15b",
"type": "github"
},
"original": {
@@ -380,11 +469,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1770197578,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"lastModified": 1771369470,
"narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"rev": "0182a361324364ae3f436a63005877674cf45efb",
"type": "github"
},
"original": {
@@ -394,38 +483,6 @@
"type": "github"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743689281,
@@ -442,58 +499,29 @@
"type": "github"
}
},
"nmd": {
"flake": false,
"locked": {
"lastModified": 1666190571,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "rycee",
"repo": "nmd",
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmd",
"type": "gitlab"
}
},
"nmd_2": {
"nur": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
"flake-parts": [
"stylix",
"flake-parts"
],
"scss-reset": "scss-reset"
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
"lastModified": 1767810917,
"narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4",
"type": "github"
},
"original": {
"owner": "~rycee",
"repo": "nmd",
"type": "sourcehut"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nvim": {
@@ -505,7 +533,6 @@
],
"plugins-beancount-nvim": "plugins-beancount-nvim",
"plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
"plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
"plugins-mcphub-nvim": "plugins-mcphub-nvim",
"plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
"plugins-shipwright-nvim": "plugins-shipwright-nvim",
@@ -553,22 +580,6 @@
"type": "github"
}
},
"plugins-m-taskwarrior-d-nvim": {
"flake": false,
"locked": {
"lastModified": 1767960157,
"narHash": "sha256-ov0qi4LhIlwqrBzSbTJ6APC5qjl2d/vlKWJfW5ZiDrg=",
"owner": "huantrinh1802",
"repo": "m_taskwarrior_d.nvim",
"rev": "107247387cd81823046bc2b8e71150c8edf041d3",
"type": "github"
},
"original": {
"owner": "huantrinh1802",
"repo": "m_taskwarrior_d.nvim",
"type": "github"
}
},
"plugins-mcphub-nvim": {
"flake": false,
"locked": {
@@ -640,29 +651,13 @@
"firefox-addons": "firefox-addons",
"git-hooks": "git-hooks",
"home-manager": "home-manager",
"nix-on-droid": "nix-on-droid",
"nix-secrets": "nix-secrets",
"nixgl": "nixgl",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"sops-nix": "sops-nix"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
"sops-nix": "sops-nix",
"stylix": "stylix"
}
},
"sops-nix": {
@@ -672,11 +667,11 @@
]
},
"locked": {
"lastModified": 1770145881,
"narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=",
"lastModified": 1771735105,
"narHash": "sha256-MJuVJeszZEziquykEHh/hmgIHYxUcuoG/1aowpLiSeU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c",
"rev": "d7755d820f5fa8acf7f223309c33e25d4f92e74f",
"type": "github"
},
"original": {
@@ -701,6 +696,40 @@
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_2",
"gnome-shell": "gnome-shell",
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems_2",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1771787992,
"narHash": "sha256-Vg4bGwwenNYI8p3nJTl9FRyeIyrjATeZrZr+GyUSDrw=",
"owner": "danth",
"repo": "stylix",
"rev": "30054cca073b49b42a71289edec858f535b27fe9",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -715,6 +744,102 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1767710407,
"narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1767489635,
"narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1767488740,
"narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
}
},
"root": "root",

88
flake.nix
View File

@@ -3,6 +3,10 @@
nixpkgs = {
url = "github:nixos/nixpkgs/nixos-unstable";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
};
@@ -22,11 +26,6 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-on-droid = {
url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
nixgl = {
url = "github:nix-community/nixGL";
inputs.nixpkgs.follows = "nixpkgs";
@@ -54,7 +53,6 @@
self,
nixpkgs,
home-manager,
nix-on-droid,
nixgl,
git-hooks,
...
@@ -66,39 +64,49 @@
hostDirNames = utils.dirNames ./hosts;
system = "x86_64-linux";
dotsPath = ./dots;
pkgs = import nixpkgs { inherit system; };
gitHooks = import ./git-hooks.nix {
inherit nixpkgs git-hooks system;
src = ./.;
};
in
{
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
];
]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
nixosConfigurations =
(lib.genAttrs hostDirNames (
host:
nixpkgs.lib.nixosSystem {
system = import ./hosts/${host}/system.nix;
modules = [ ./hosts/${host} ];
modules = [
./hosts/${host}
{ nixpkgs.hostPlatform = import ./hosts/${host}/system.nix; }
];
specialArgs = {
inherit
inputs
outputs
dotsPath
self
;
inherit inputs outputs dotsPath;
};
}
))
// {
sd-image-aarch64 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
sd-image-orange-pi-aarch64 = nixpkgs.lib.nixosSystem {
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./images/sd-image-aarch64.nix
./images/sd-image-orange-pi-aarch64.nix
{
nixpkgs.crossSystem = {
system = "aarch64-linux";
};
nixpkgs.buildPlatform = "x86_64-linux";
nixpkgs.hostPlatform = "aarch64-linux";
}
];
specialArgs = {
inherit inputs outputs dotsPath;
};
};
sd-image-raspberry-pi-aarch64 = nixpkgs.lib.nixosSystem {
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./images/sd-image-raspberry-pi-aarch64.nix
{
nixpkgs.buildPlatform = "x86_64-linux";
nixpkgs.hostPlatform = "aarch64-linux";
}
];
specialArgs = {
@@ -120,36 +128,24 @@
};
};
nixOnDroidConfigurations = {
pixel = nix-on-droid.lib.nixOnDroidConfiguration {
modules = [ ./phone ];
extraSpecialArgs = {
inherit inputs outputs dotsPath;
};
pkgs = import nixpkgs {
system = "aarch64-linux";
overlays = [ nix-on-droid.overlays.default ];
};
home-manager-path = home-manager.outPath;
};
};
apps.${system}.colmena = inputs.colmena.apps.${system}.default;
colmenaHive = import ./deploy/colmena.nix {
colmena = import ./deploy/colmena.nix {
inherit
self
inputs
;
};
checks.${system}.pre-commit-check = git-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt.enable = true;
statix.enable = true;
deadnix.enable = true;
};
};
checks.${system} = gitHooks.checks;
formatter.${system} = gitHooks.formatter;
devShells.${system} = gitHooks.devShells;
images.sd-image-aarch64 = self.nixosConfigurations.sd-image-aarch64.config.system.build.sdImage;
legacyPackages.${system} = {
sd-image-orange-pi-aarch64 =
self.nixosConfigurations.sd-image-orange-pi-aarch64.config.system.build.sdImage;
sd-image-raspberry-pi-aarch64 =
self.nixosConfigurations.sd-image-raspberry-pi-aarch64.config.system.build.sdImage;
};
};
}

47
git-hooks.nix Normal file
View File

@@ -0,0 +1,47 @@
{
nixpkgs,
git-hooks,
system,
src,
}:
let
pkgs = nixpkgs.legacyPackages.${system};
pre-commit-check = git-hooks.lib.${system}.run {
inherit src;
hooks = {
nixfmt = {
enable = true;
package = pkgs.nixfmt;
};
statix.enable = true;
deadnix.enable = true;
};
};
in
{
checks = {
inherit pre-commit-check;
};
formatter =
let
inherit (pre-commit-check) config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script;
devShells = {
default =
let
inherit (pre-commit-check) shellHook enabledPackages;
in
pkgs.mkShell {
inherit shellHook;
buildInputs = enabledPackages;
};
};
}

9
home/hosts/andromache/default.nix
View File

@@ -1,6 +1,5 @@
{
lib,
inputs,
config,
pkgs,
...
@@ -11,14 +10,20 @@ let
in
{
imports = [
../../modules
../../modules/ai-tools.nix
../../modules/audio
../../modules/cloud
../../modules/comms
../../modules/desktop/niri
../../modules/direnv
../../modules/3d
../../modules/git
../../modules/k8s/k9s.nix
../../modules/kitty.nix
../../modules/music
../../modules/nvim.nix
../../modules/pandoc.nix
../../modules/ssh.nix
../../modules/taskwarrior.nix
../../modules/keepassxc.nix
@@ -37,10 +42,12 @@ in
xdg.userDirs.createDirectories = false;
xdg.userDirs.download = "${config.home.homeDirectory}/dl";
ai-tools.opencode.enable = true;
browser.primary = "librewolf";
cloud.hetzner.enable = true;
comms.signal.enable = true;
github.enable = true;
pandoc.enable = true;
shell.bash = {
enable = true;

7
home/hosts/astyanax/default.nix
View File

@@ -9,16 +9,21 @@ let
in
{
imports = [
../../modules
../../modules/ai-tools.nix
../../modules/audio
../../modules/anki.nix
../../modules/cloud
../../modules/comms
../../modules/direnv
../../modules/desktop/niri
../../modules/git
../../modules/k8s/k9s.nix
../../modules/kitty.nix
../../modules/music
../../modules/nfc
../../modules/nvim.nix
../../modules/pandoc.nix
../../modules/ssh.nix
../../modules/taskwarrior.nix
../../modules/keepassxc.nix
@@ -35,11 +40,13 @@ in
xdg.userDirs.createDirectories = false;
xdg.userDirs.download = "${config.home.homeDirectory}/dl";
ai-tools.opencode.enable = true;
browser.primary = "librewolf";
cloud.hetzner.enable = true;
comms.signal.enable = true;
github.enable = true;
nfc.proxmark3.enable = true;
pandoc.enable = true;
shell.bash = {
enable = true;

5
home/hosts/packages.nix
View File

@@ -6,17 +6,12 @@ with pkgs;
entr
feh
fzf
haskellPackages.pandoc-crossref
htop
jq
nixfmt-rfc-style
nmap
nodejs_24
nvimpager
pandoc
parallel
pass
pnpm
ripgrep
silver-searcher
sops

45
home/hosts/work/default.nix
View File

@@ -11,20 +11,31 @@ in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
../../modules
../../modules/stylix.nix
../../modules/ai-tools.nix
../../modules/cloud
../../modules/comms
../../modules/desktop/niri
../../modules/dconf.nix
../../modules/direnv
../../modules/docker
../../modules/git
../../modules/go
../../modules/k8s
../../modules/k9s.nix
../../modules/k8s/k9s.nix
../../modules/keepassxc.nix
../../modules/kitty.nix
../../modules/nvim.nix
../../modules/pandoc.nix
../../modules/browser
../../modules/shell
../../modules/music
../../modules/nodejs.nix
../../modules/taskwarrior.nix
../../modules/bruno.nix
../../modules/pandoc.nix
../../modules/vscode.nix
];
sops = {
@@ -37,14 +48,29 @@ in
taskwarrior_sync_encryption_secret = { };
anki_sync_user = { };
anki_sync_key = { };
opencode_api_key = { };
};
templates."taskrc.d/sync" = {
content = ''
sync.server.url=${config.sops.placeholder.taskwarrior_sync_server_url}
sync.server.client_id=${config.sops.placeholder.taskwarrior_sync_server_client_id}
sync.encryption_secret=${config.sops.placeholder.taskwarrior_sync_encryption_secret}
'';
templates = {
"taskrc.d/sync" = {
content = ''
sync.server.url=${config.sops.placeholder.taskwarrior_sync_server_url}
sync.server.client_id=${config.sops.placeholder.taskwarrior_sync_server_client_id}
sync.encryption_secret=${config.sops.placeholder.taskwarrior_sync_encryption_secret}
'';
};
"opencode/auth.json" = {
path = "${config.home.homeDirectory}/.local/share/opencode/auth.json";
content = ''
{
"zai-coding-plan": {
"type": "api",
"key": "${config.sops.placeholder.opencode_api_key}"
}
}
'';
};
};
};
@@ -66,8 +92,13 @@ in
cloud.azure.enable = true;
comms.signal.enable = true;
comms.teams.enable = true;
ai-tools = {
claude-code.enable = true;
opencode.enable = true;
};
github.enable = true;
gitlab.enable = true;
pandoc.enable = true;
shell.bash.enable = true;
starship.enable = true;

115
home/modules/ai-tools.nix
View File

@@ -1,40 +1,89 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools;
rtk-version = "0.18.1";
in
{
config = {
home.packages = with pkgs; [
aider-chat
(pkgs.stdenv.mkDerivation {
name = "ccline";
src = pkgs.fetchurl {
url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
};
unpackPhase = ''
tar xzf $src
'';
installPhase = ''
mkdir -p $out/bin
cp ccline $out/bin/
chmod +x $out/bin/ccline
'';
meta = with pkgs.lib; {
description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
homepage = "https://github.com/Haleclipse/CCometixLine";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
# claude-code
# (config.lib.nixGL.wrap code-cursor)
# github-copilot-cli
mcp-nixos
opencode
];
options.ai-tools = {
claude-code.enable = lib.mkEnableOption "claude code with rtk and ccline";
opencode.enable = lib.mkEnableOption "opencode";
};
config = lib.mkMerge [
(lib.mkIf cfg.claude-code.enable {
home.packages = with pkgs; [
claude-code
(pkgs.stdenv.mkDerivation {
name = "ccline";
src = pkgs.fetchurl {
url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
};
unpackPhase = ''
tar xzf $src
'';
installPhase = ''
mkdir -p $out/bin
cp ccline $out/bin/
chmod +x $out/bin/ccline
'';
meta = with pkgs.lib; {
description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
homepage = "https://github.com/Haleclipse/CCometixLine";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
(pkgs.stdenv.mkDerivation {
name = "rtk-${rtk-version}";
version = rtk-version;
src = pkgs.fetchurl {
url = "https://github.com/rtk-ai/rtk/releases/download/v${rtk-version}/rtk-x86_64-unknown-linux-gnu.tar.gz";
hash = "sha256-XoTia5K8b00OzcKYCufwx8ApkAS31DxUCpGSU0jFs2Q=";
};
unpackPhase = ''
tar xzf $src
'';
installPhase = ''
mkdir -p $out/bin
cp rtk $out/bin/
chmod +x $out/bin/rtk
'';
meta = with pkgs.lib; {
description = "RTK - AI coding tool enhancer";
homepage = "https://www.rtk-ai.app";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
mcp-nixos
];
})
(lib.mkIf cfg.opencode.enable {
home.packages = with pkgs; [
opencode
];
home.file.".config/opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
permission = {
external_directory = {
"/run/secrets/" = "deny";
"~/.config/sops/age/keys.txt" = "deny";
};
};
plugin = [ "@mohak34/opencode-notifier@latest" ];
};
})
];
}

5
home/modules/audio/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [ pulsemixer ];
}

6
home/modules/browser/firefox-base.nix
View File

@@ -1,7 +1,9 @@
{
config,
inputs,
lib,
pkgs,
...
}:
let
@@ -23,8 +25,10 @@ in
"extensions.autoDisableScopes" = 0;
};
extensions = {
packages = with inputs.firefox-addons.packages.${pkgs.system}; [
force = true;
packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
duckduckgo-privacy-essentials
firefox-color
istilldontcareaboutcookies
libredirect
keepassxc-browser

9
home/modules/browser/firefox.nix
View File

@@ -11,6 +11,13 @@
programs.firefox = {
enable = true;
}
// (import ./firefox-base.nix { inherit config inputs pkgs; });
// (import ./firefox-base.nix {
inherit
config
inputs
lib
pkgs
;
});
};
}

9
home/modules/browser/librewolf.nix
View File

@@ -13,6 +13,13 @@
programs.librewolf = {
enable = true;
}
// (import ./firefox-base.nix { inherit config inputs pkgs; });
// (import ./firefox-base.nix {
inherit
config
inputs
lib
pkgs
;
});
};
}

7
home/modules/bruno.nix Normal file
View File

@@ -0,0 +1,7 @@
{ config, pkgs, ... }:
{
config = {
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.bruno "--no-sandbox")) ];
};
}

5
home/modules/comms/signal.nix
View File

@@ -4,10 +4,9 @@
pkgs,
...
}:
{
config = lib.mkIf config.comms.signal.enable {
home.packages = with pkgs; [
(if config.lib ? nixGL then config.lib.nixGL.wrap signal-desktop else signal-desktop)
];
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.signal-desktop "--no-sandbox")) ];
};
}

4
home/modules/comms/teams.nix
View File

@@ -7,8 +7,6 @@
{
config = lib.mkIf config.comms.teams.enable {
home.packages = with pkgs; [
(if config.lib ? nixGL then config.lib.nixGL.wrap teams-for-linux else teams-for-linux)
];
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.teams-for-linux "--no-sandbox")) ];
};
}

24
home/modules/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, lib, ... }:
{
options.nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
options.wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
};
}

1
home/modules/desktop/niri/default.nix
View File

@@ -11,6 +11,7 @@
home = {
file.".config/niri/config.kdl".source = ./config.kdl;
packages = with pkgs; [
brightnessctl
wl-clipboard
wlsunset
];

7
home/modules/direnv/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
}

13
home/modules/fuzzel/default.nix
View File

@@ -3,22 +3,9 @@
enable = true;
settings = {
main = {
font = "Iosevka Term SS08";
horizontal-pad = 0;
vertical-pad = 0;
};
colors = {
background = "ccccccff";
text = "111111ff";
prompt = "ccccccff";
placeholder = "aaaaaaff";
input = "111111ff";
selection = "eeeeeeff";
selection-text = "111111ff";
selection-match = "333333ff";
counter = "111111ff";
border = "111111ff";
};
border = {
width = 2;
radius = 0;

2
home/modules/git/default.nix
View File

@@ -21,6 +21,6 @@
};
programs.gh.enable = config.github.enable;
home.packages = with pkgs; lib.optionals (config.gitlab.enable) [ glab ];
home.packages = lib.optionals config.gitlab.enable [ pkgs.glab ];
};
}

18
home/modules/go/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
options.go = {
enable = lib.mkEnableOption "go language";
};
config = lib.mkIf config.go.enable {
home.packages = with pkgs; [
go
gopls
];
};
}

11
home/modules/k8s/default.nix
View File

@@ -7,12 +7,19 @@
k3d
kubectl
kubernetes
kubernetes-helm
kustomize
minikube
opentofu
upbound
];
imports = [ ./k9s.nix ];
programs.kubecolor = {
enable = true;
enableAlias = true;
};
imports = [
./helm.nix
./k9s.nix
];
}

15
home/modules/k8s/helm.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(wrapHelm kubernetes-helm {
plugins = with kubernetes-helmPlugins; [
helm-diff
helm-git
helm-schema
helm-secrets
helm-unittest
];
})
];
}

2
home/modules/keepassxc.nix
View File

@@ -1,5 +1,3 @@
{ pkgs, ... }:
{
programs.keepassxc = {
enable = true;

25
home/modules/kitty.nix
View File

@@ -1,23 +1,22 @@
{ pkgs, config, lib, dotsPath, ... }:
{
pkgs,
config,
dotsPath,
...
}:
{
config = {
home.packages = [
(if config.lib ? nixGL
then config.lib.nixGL.wrap pkgs.kitty
else pkgs.kitty)
];
programs.bash.shellAliases = {
icat = "kitty +kitten icat";
};
home.file = {
".config/kitty/kitty.conf".source = dotsPath + "/.config/kitty/kitty.conf";
".config/kitty/nvim.conf".source = dotsPath + "/.config/kitty/nvim.conf";
".config/kitty/themes/zenwritten_light.conf".source =
dotsPath + "/.config/kitty/themes/zenwritten_light.conf";
".config/kitty/themes/zenwritten_dark.conf".source =
dotsPath + "/.config/kitty/themes/zenwritten_dark.conf";
programs.kitty = {
enable = true;
package = config.nixgl.wrap pkgs.kitty;
extraConfig = builtins.readFile (dotsPath + "/.config/kitty/kitty.conf");
};
home.file.".config/kitty/nvim.conf".source = dotsPath + "/.config/kitty/nvim.conf";
};
}

27
home/modules/music/default.nix Normal file
View File

@@ -0,0 +1,27 @@
{
dotsPath,
pkgs,
...
}:
let
spotifyWithWayland = pkgs.symlinkJoin {
name = "spotify";
paths = [ pkgs.spotify ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/spotify \
--add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland"
'';
};
in
{
home.packages = with pkgs; [
spotifyWithWayland
];
programs.ncspot = {
enable = true;
settings = builtins.fromTOML (builtins.readFile (dotsPath + "/.config/ncspot/config.toml"));
};
}

2
home/modules/nfc/proxmark3.nix
View File

@@ -15,7 +15,7 @@ in
config = lib.mkIf cfg.enable {
home.packages = [
pkgs.proxmark3
(pkgs.proxmark3.override { withGeneric = true; })
];
};
}

26
home/modules/nodejs.nix Normal file
View File

@@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
...
}:
{
options.nodejs = {
enable = lib.mkEnableOption "nodejs (and related packages)";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.nodejs_24;
};
};
config = lib.mkIf config.nodejs.enable {
home.packages = with pkgs; [
config.nodejs.package
pnpm
yarn
biome
tsx
];
};
}

2
home/modules/nvim.nix
View File

@@ -3,7 +3,7 @@
{
config = {
home.packages = [
inputs.nvim.packages.${pkgs.system}.nvim
inputs.nvim.packages.${pkgs.stdenv.hostPlatform.system}.nvim
];
};
}

19
home/modules/pandoc.nix Normal file
View File

@@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
options.pandoc = {
enable = lib.mkEnableOption "pandoc";
};
config = lib.mkIf config.pandoc.enable {
home.packages = with pkgs; [
haskellPackages.pandoc-crossref
pandoc
texliveSmall
];
};
}

1
home/modules/shell/bash.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
dotsPath,
...
}:

1
home/modules/shell/prompt.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
{

35
home/modules/ssh.nix
View File

@@ -18,20 +18,25 @@ in
enable = true;
enableDefaultConfig = false;
matchBlocks = lib.genAttrs hostsWithKeys (
hostname:
let
hostConfig = outputs.nixosConfigurations.${hostname}.config;
publicHostname = hostConfig.ssh.publicHostname;
targetUser = hostConfig.ssh.username;
in
{
host = hostname;
user = targetUser;
}
// lib.optionalAttrs (publicHostname != "") {
hostname = publicHostname;
}
);
matchBlocks =
lib.genAttrs hostsWithKeys (
hostname:
let
hostConfig = outputs.nixosConfigurations.${hostname}.config;
inherit (hostConfig.ssh) publicHostname username;
in
{
host = hostname;
user = username;
}
// lib.optionalAttrs (publicHostname != "") {
hostname = publicHostname;
}
)
// {
"*" = {
addKeysToAgent = "yes";
};
};
};
}

45
home/modules/stylix.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
inputs,
pkgs,
...
}:
let
theme = import ../../modules/stylix/theme.nix { inherit pkgs; };
in
{
imports = [ inputs.stylix.homeModules.stylix ];
stylix = {
enable = true;
inherit (theme)
polarity
base16Scheme
override
image
;
fonts = {
monospace = theme.monospaceFont;
serif = config.stylix.fonts.monospace;
sansSerif = config.stylix.fonts.monospace;
emoji = config.stylix.fonts.monospace;
};
targets = {
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
gnome.enable = false;
gtk.enable = false;
kitty = {
variant256Colors = true;
};
nixvim.enable = false;
};
};
}

8
home/modules/taskwarrior.nix
View File

@@ -39,6 +39,14 @@ in
".local/share/task/hooks/on-exit.sync.py" = {
source = dotsPath + "/.local/share/task/hooks/on-exit.sync.py";
};
".local/share/task/hooks/on-add.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-add.limit.py";
executable = true;
};
".local/share/task/hooks/on-modify.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-modify.limit.py";
executable = true;
};
".local/share/task/scripts/sync-and-notify.sh" = {
source = dotsPath + "/.local/share/task/scripts/sync-and-notify.sh";
executable = true;

20
home/modules/tmux.nix
View File

@@ -1,25 +1,19 @@
{
pkgs,
dotsPath,
...
}:
{ pkgs, dotsPath, ... }:
{
config = {
home.packages = with pkgs; [
tmux
tmuxp
reptyr
];
programs.tmux = {
enable = true;
extraConfig = builtins.readFile (dotsPath + "/.config/tmux/tmux.conf");
};
home.file = {
".config/tmux/tmux.conf".source = dotsPath + "/.config/tmux/tmux.conf";
".config/tmux/tmux.regular.conf".source = dotsPath + "/.config/tmux/tmux.regular.conf";
".config/tmux/themes/zenwritten_light.tmux".source =
dotsPath + "/.config/tmux/themes/zenwritten_light.tmux";
".config/tmux/themes/zenwritten_dark.tmux".source =
dotsPath + "/.config/tmux/themes/zenwritten_dark.tmux";
".config/tmux/hooks/tmux.ssh.conf".source = dotsPath + "/.config/tmux/hooks/tmux.ssh.conf";
".config/tmux/hooks/tmux.regular.conf".source = dotsPath + "/.config/tmux/hooks/tmux.regular.conf";
};
};
}

7
home/modules/vscode.nix Normal file
View File

@@ -0,0 +1,7 @@
{ config, pkgs, ... }:
{
config = {
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.vscode "--disable-gpu-sandbox")) ];
};
}

57
home/modules/waybar/config.jsonc
View File

@@ -1,57 +0,0 @@
[
{
"height": 16,
"spacing": 4,
"modules-left": ["niri/workspaces"],
"modules-right": [
"pulseaudio",
"memory",
"cpu",
"network",
"clock",
"battery",
],
"clock": {
"format": "W{:%V %d %b %H:%M}",
"tooltip-format": "{calendar}",
"format-alt": "{:%Y-%m-%d %H:%M:%S}",
},
"battery": {
"bat": "BAT0",
"adapter": "ADP1",
"interval": 5,
"full-at": 99,
"states": {
"good": 80,
"warning": 20,
"critical": 10,
},
"format": "{capacity}%--",
"format-charging": "{capacity}%++",
"format-plugged": "{capacity}%",
"format-alt": "{time} {power}W",
},
"pulseaudio": {
"format": "VOL {volume}%",
"format-muted": "muted",
"on-click": "pavucontrol",
},
"memory": {
"interval": 2,
"format": "RAM {percentage}%",
"format-alt": "RAM {used:0.1f}G/{total:0.1f}G",
},
"cpu": {
"interval": 2,
"format": "CPU {usage}%",
"format-alt": "CPU {avg_frequency}GHz",
},
"network": {
"interval": 5,
"format-wifi": "{ifname} {ipaddr} {essid}",
"format-ethernet": "{ifname} {ipaddr}",
"format-disconnected": "{ifname} disconnected",
"tooltip-format": "{ifname}: {ipaddr}/{cidr}",
},
},
]

66
home/modules/waybar/default.nix
View File

@@ -1,8 +1,68 @@
{
lib,
...
}:
{
programs.waybar = {
enable = true;
settings = [
{
height = 16;
spacing = 4;
modules-left = [ "niri/workspaces" ];
modules-right = [
"pulseaudio"
"memory"
"cpu"
"network"
"clock"
"battery"
];
clock = {
format = "W{:%V %d %b %H:%M}";
tooltip-format = "{calendar}";
format-alt = "{:%Y-%m-%d %H:%M:%S}";
};
battery = {
bat = "BAT0";
adapter = "ADP1";
interval = 5;
full-at = 99;
states = {
good = 80;
warning = 20;
critical = 10;
};
format = "{capacity}%--";
format-charging = "{capacity}%++";
format-plugged = "{capacity}%";
format-alt = "{time} {power}W";
};
pulseaudio = {
format = "VOL {volume}%";
format-muted = "muted";
on-click = "pavucontrol";
};
memory = {
interval = 2;
format = "RAM {percentage}%";
format-alt = "RAM {used:0.1f}G/{total:0.1f}G";
};
cpu = {
interval = 2;
format = "CPU {usage}%";
format-alt = "CPU {avg_frequency}GHz";
};
network = {
interval = 5;
format-wifi = "{ifname} {ipaddr} {essid}";
format-ethernet = "{ifname} {ipaddr}";
format-disconnected = "{ifname} disconnected";
tooltip-format = "{ifname}: {ipaddr}/{cidr}";
};
}
];
style = lib.readFile ./style.css;
};
home.file.".config/waybar/config.jsonc".source = ./config.jsonc;
home.file.".config/waybar/style.css".source = ./style.css;
}

15
home/modules/waybar/style.css
View File

@@ -1,8 +1,4 @@
* {
font-family:
Iosevka Term SS08,
monospace;
font-size: 12px;
border-radius: 0px;
}
@@ -22,21 +18,22 @@ window#waybar.hidden {
}
#workspaces button {
color: @base07;
padding: 0;
background-color: transparent;
}
#workspaces button:hover {
background: #000000;
background: @base00;
}
#workspaces button.focused,
#workspaces button.active {
background-color: #111111;
background-color: @base01;
}
#workspaces button.urgent {
background-color: #eb4d4b;
background-color: @base08;
}
#clock,
@@ -46,8 +43,8 @@ window#waybar.hidden {
#cpu,
#network {
padding: 0 4px;
color: #ffffff;
background-color: #111111;
color: @base07;
background-color: @base01;
}
#window,

124
hosts/andromache/default.nix
View File

@@ -1,12 +1,11 @@
{
lib,
inputs,
outputs,
self,
config,
pkgs,
...
}:
let
username = "h";
hostName = "andromache";
@@ -29,16 +28,20 @@ in
../../modules/desktops/niri
../../modules/backups
../../modules/bluetooth
../../modules/## modules/keyboard
../../modules/gaming
../../modules/keyboard
(import ../../modules/networking { inherit hostName; })
../../modules/users
../../modules/audio
../../modules/localization
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/storage
../../modules/stylix
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker
../../modules/syncthing
../../modules/nvidia
];
home-manager.users.${username} = import ../../home/hosts/andromache {
@@ -80,131 +83,26 @@ in
};
};
hardware = {
cpu.intel.updateMicrocode = true;
graphics.enable = true;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
hardware.cpu.intel.updateMicrocode = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
environment.systemPackages = [
inputs.colmena.packages.${pkgs.system}.colmena
inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
];
services = {
xserver = {
videoDrivers = [ "nvidia" ];
locate = {
enable = true;
package = pkgs.plocate;
};
openssh = {
enable = true;
harden = true;
};
locate = {
enable = true;
package = pkgs.plocate;
};
};
networking.hostName = hostName;
ssh.username = username;
ssh.authorizedHosts = [ "astyanax" ];
secrets.username = username;
docker.user = username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ];
disko.devices = {
disk.data = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
data = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/data";
};
};
};
};
};
};
hardware = {
cpu.intel.updateMicrocode = true;
graphics.enable = true;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
environment.systemPackages = [
inputs.colmena.packages.${pkgs.system}.colmena
];
services = {
git-hooks = {
enable = true;
};
xserver = {
videoDrivers = [ "nvidia" ];
};
openssh = {
enable = true;
harden = true;
};
locate = {
enable = true;
package = pkgs.plocate;
};
};
# my.syncthing = {
# enable = true;
# deviceNames = [
# "boox"
# "astyanax"
# ];
# folders = {
# readings = {
# path = "/home/h/doc/readings";
# id = "readings";
# devices = [
# {
# device = "boox";
# type = "receiveonly";
# }
# "astyanax"
# ];
# };
# };
# };
networking = {
# TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
hostId = "80eef97e";

1
hosts/andromache/hard.nix
View File

@@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:

29
hosts/astyanax/default.nix
View File

@@ -1,8 +1,6 @@
{
lib,
inputs,
outputs,
self,
config,
pkgs,
...
@@ -37,10 +35,11 @@ in
../../modules/localization
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
# ../../modules/vpn/wireguard.nix
../../modules/storage
../../modules/stylix
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker
../../modules/syncthing
../../modules/nfc
];
home-manager.users.${username} = import ../../home/hosts/astyanax {
@@ -59,6 +58,8 @@ in
secrets.username = username;
docker.user = username;
nfc.user = username;
desktop.ly.enable = true;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ];
@@ -80,7 +81,7 @@ in
};
environment.systemPackages = [
inputs.colmena.packages.${pkgs.system}.colmena
inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
(pkgs.writeShellApplication {
name = "wol-andromache";
runtimeInputs = [ pkgs.wakeonlan ];
@@ -98,9 +99,6 @@ in
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
services = {
git-hooks = {
enable = true;
};
fwupd.enable = true;
openssh = {
enable = true;
@@ -110,5 +108,20 @@ in
enable = true;
package = pkgs.plocate;
};
tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
CPU_MIN_PERF_ON_AC = 0;
CPU_MAX_PERF_ON_AC = 100;
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 20;
};
};
};
}

1
hosts/astyanax/hard.nix
View File

@@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:

86
hosts/eetion-02/default.nix Normal file
View File

@@ -0,0 +1,86 @@
{ pkgs, ... }:
# Raspberry Pi 3
# See <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3>
let
username = "h";
hostName = "eetion-02";
in
{
imports = [
./hard.nix
../../modules/ssh/hardened-openssh.nix
];
ssh = {
inherit username;
publicHostname = "eetion-02";
authorizedHosts = [
"andromache"
"astyanax"
];
};
boot = {
kernelParams = [
"console=ttyS1,115200n8"
];
kernel.sysctl."net.ipv4.ip_forward" = 1;
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
hardware.enableRedistributableFirmware = true;
networking = {
inherit hostName;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
};
users.users = {
root.hashedPassword = "!";
${username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
};
security.sudo.wheelNeedsPassword = false;
services = {
openssh = {
enable = true;
harden = true;
};
};
environment.systemPackages = with pkgs; [
vim
git
];
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"@wheel"
];
};
system.stateVersion = "26.05";
}

24
hosts/eetion-02/hard.nix Normal file
View File

@@ -0,0 +1,24 @@
{ lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ ];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

1
hosts/eetion-02/system.nix Normal file
View File

@@ -0,0 +1 @@
"aarch64-linux"

127
hosts/eetion/default.nix
View File

@@ -13,35 +13,34 @@ in
../../modules/ssh/hardened-openssh.nix
];
ssh.username = username;
ssh.publicHostname = "eetion";
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
ssh.username = username;
ssh.publicHostname = "eetion";
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
ssh = {
inherit username;
publicHostname = "eetion";
authorizedHosts = [
"andromache"
"astyanax"
];
};
boot.loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
networking.hostName = hostName;
networking.networkmanager.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
networking = {
inherit hostName;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users = {
root.hashedPassword = "!";
${username} = {
@@ -52,52 +51,54 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
harden = true;
services = {
openssh = {
enable = true;
harden = true;
};
paperless = {
enable = true;
passwordFile = "/etc/paperless-admin-pass";
settings = {
PAPERLESS_URL = "http://paperless.eetion";
};
};
# added (OPNSense) domain override to make this work on LAN
#
# host: eetion
# domain: <domain (e.g. lan)>
# ip address: <eetion-ip>
#
# host: paperless
# domain: eetion
# ip address: <eetion-ip>
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"eetion" = {
default = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5006";
};
};
"paperless.eetion" = {
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
};
};
};
};
};
environment.etc."paperless-admin-pass".text = "admin";
services.paperless = {
enable = true;
passwordFile = "/etc/paperless-admin-pass";
settings = {
PAPERLESS_URL = "http://paperless.eetion";
};
};
# added (OPNSense) domain override to make this work on LAN
#
# host: eetion
# domain: <domain (e.g. lan)>
# ip address: <eetion-ip>
#
# host: paperless
# domain: eetion
# ip address: <eetion-ip>
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"eetion" = {
default = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5006";
};
};
"paperless.eetion" = {
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
};
};
};
};
virtualisation = {
podman.enable = true;
oci-containers = {

10
hosts/eetion/hard.nix
View File

@@ -5,10 +5,12 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot = {
initrd.availableKernelModules = [ ];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";

71
hosts/hecuba/UPTIME_PLAN.md
View File

@@ -1,71 +0,0 @@
# Hecuba uptime server plan
## Current State
- Hecuba is a Hetzner cloud host running NixOS
- Docker is enabled for user `username`
- Firewall allows ports 80 and 443
- No existing uptime monitoring
## Goals
Monitor docker containers on hecuba with a self-hosted uptime dashboard
## Uptime Monitoring Options
### Option 1: Uptime Kuma (Recommended)
- Easy to use web dashboard
- Docker-based (fits existing setup)
- HTTP/TCP/Ping monitoring
- Status pages
- Notifications (email, Telegram, etc.)
## Implementation Plan
### Phase 1: Evaluate & Choose
- [ ] Research uptime monitoring solutions $id{11c06cf8-bea2-4858-9c7f-a293c3e8fba5}
- [ ] Decide on solution (Uptime Kuma likely best fit) $id{f87debaa-312e-424e-80e0-b624f0768774}
### Phase 2: Docker Setup
- [ ] Add uptime monitoring container to hecuba $id{7d8c5bf4-3d49-4f4c-87f1-1f34c5a4dbec}
- [ ] Configure persistent storage $id{9568b276-2885-4ae7-b5ca-5a9d7efb6a69}
- [ ] Set up reverse proxy (ports 80/443 already open) $id{c2f6ea85-f5e3-465d-95ba-62738a97da80}
- [ ] Configure SSL certificate $id{95c257e2-931b-44da-b0b1-a3e088956800}
### Phase 3: Configuration
- [ ] Add docker containers to monitor $id{4670deda-70d2-4c37-8121-2035aa7d57fb}
- [ ] Set up alert thresholds $id{da6acf90-0b62-4451-bb11-4f74c5c5dd27}
- [ ] Configure notifications (email/Telegram) $id{0b188adf-9a27-4499-9a19-b1ebd081bd21}
- [ ] Test monitoring $id{dd0df63f-5da2-4ba0-a386-45162a2bb642}
### Phase 4: Maintenance
- [ ] Add to backup routine $id{33a2c381-94cb-460e-b600-67cb503826d7}
- [ ] Document monitoring setup $id{f3bf7b85-737f-4511-8d3e-a270044abea3}
- [ ] Review and adjust alerts $id{32e46c53-dd9d-48a8-aef2-985ebaadd8da}
## Technical Details
### Storage Location
`/var/lib/uptime-kuma` or similar persistent volume
### Docker Compose Structure
```yaml
services:
uptime-kuma:
image: louislam/uptime-kuma:1
volumes:
- /var/lib/uptime-kuma:/app/data
ports:
- 3001:3001
restart: always
```
### NixOS Integration
- Consider using `virtualisation.oci-containers` for declarative setup
- Or keep docker-compose file (more flexible for updates)
## Next Steps
1. Pick uptime monitoring solution
2. Decide on deployment method (NixOS declarative vs docker-compose)
3. Implement

31
hosts/hecuba/default.nix
View File

@@ -1,8 +1,5 @@
{
lib,
inputs,
outputs,
config,
pkgs,
...
}:
@@ -20,18 +17,23 @@ in
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/docker
../../modules/uptime-kuma
];
networking.hostName = hostName;
ssh.username = username;
ssh.publicHostname = "server.hektormisplon.xyz";
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
ssh = {
inherit username;
publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [
"andromache"
"astyanax"
];
};
docker.user = username;
my.uptime-kuma.enable = false;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
@@ -81,15 +83,4 @@ in
enable = true;
harden = true;
};
nix.settings = {
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"astyanax:JY2qJkZUFSax47R3c1nq53AZ8GnLfNqz6mSnJ60cLZ4="
"andromache:XM4VLrEw63RB/3v/56OxzH/Yw+kKXKMBLKCb7UGAXzo="
];
auto-optimise-store = true;
keep-derivations = false;
keep-outputs = false;
};
}

2
hosts/hecuba/hard.nix
View File

@@ -2,9 +2,7 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:

2
hosts/vm/default.nix
View File

@@ -1,7 +1,6 @@
{
lib,
inputs,
outputs,
config,
pkgs,
...
@@ -26,6 +25,7 @@ in
../../modules/x
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/storage
(import ../../modules/secrets {
inherit lib inputs config;
})

2
hosts/vm/hard.nix
View File

@@ -2,9 +2,7 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:

15
images/README.md Normal file
View File

@@ -0,0 +1,15 @@
# building SD Images
## Raspberry Pi 3B+
```bash
nix build .#images.sd-image-raspberry-pi-aarch64
nix-shell -p zstd --run "zstdcat result/sd-image/*.img.zst | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync"
```
## Orange Pi Zero2 H616
```bash
nix build .#images.sd-image-orange-pi-aarch64
nix-shell -p zstd --run "zstdcat result/sd-image/*.img.zst | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync"
sudo dd if=~/dl/u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8
```

0
images/sd-image-aarch64.nix → images/sd-image-orange-pi-aarch64.nix
View File

73
images/sd-image-raspberry-pi-aarch64.nix Normal file
View File

@@ -0,0 +1,73 @@
# see <https://nixos.wiki/wiki/NixOS_on_ARM#Build_your_own_image_natively>
# see <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3>
# ```
# nix build .#images.sd-image-raspberry-pi-aarch64
# nix-shell -p zstd --run "zstdcat result/sd-image/*.img.zst | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync"
# ```
{ pkgs, ... }:
let
username = "h";
in
{
imports = [
../modules/ssh/hardened-openssh.nix
];
ssh.username = username;
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
boot.kernelParams = [
"console=ttyS1,115200n8"
];
boot.kernelModules = [
"bcm2835-v4l2"
];
hardware.enableRedistributableFirmware = true;
services.pulseaudio.enable = true;
networking.wireless.enable = true;
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
users.users = {
root.initialPassword = "nixos";
${username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "nixos";
};
};
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
harden = true;
};
environment.systemPackages = with pkgs; [
libraspberrypi
];
system.stateVersion = "26.05";
}

7
modules/audio/default.nix
View File

@@ -1,6 +1,9 @@
_:
{
nixpkgs.allowedUnfree = [
"spotify"
"spotify-unwrapped"
];
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;

105
modules/backups/cloud-hosts.nix
View File

@@ -1,105 +0,0 @@
{
lib,
config,
...
}:
let
cfg = config.cloud-host-backup;
in
{
options = {
cloud-host-backup = {
enable = lib.mkEnableOption "pull backups from cloud hosts via SFTP";
hosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
options = {
hostname = lib.mkOption {
type = lib.types.str;
description = "SSH hostname of the cloud host";
};
username = lib.mkOption {
type = lib.types.str;
default = config.secrets.username;
description = "SSH username for the cloud host";
};
remotePath = lib.mkOption {
type = lib.types.str;
default = "/home";
description = "Remote path to backup";
};
excludePatterns = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Exclude patterns for restic";
default = [ ];
};
};
}
);
default = { };
example = {
andromache = {
hostname = "andromache.local";
};
};
};
b2Bucket = lib.mkOption {
type = lib.types.str;
description = "B2 bucket name";
};
passwordFile = lib.mkOption {
type = lib.types.str;
default = config.sops.secrets."restic_password".path;
};
sshKeyFile = lib.mkOption {
type = lib.types.str;
default = "/home/${config.secrets.username}/.ssh/id_ed25519";
description = "SSH private key file for authentication";
};
};
};
config = lib.mkIf cfg.enable {
sops.templates = lib.mapAttrs' (
hostName: hostCfg:
lib.nameValuePair "restic/repo-cloud-${hostName}" {
content = "b2:${config.sops.placeholder."b2_bucket_name"}:${hostName}/";
}
) cfg.hosts;
services.restic.backups = lib.mapAttrs' (
hostName: hostCfg:
lib.nameValuePair "cloud-${hostName}" {
repositoryFile = config.sops.templates."restic/repo-cloud-${hostName}".path;
passwordFile = cfg.passwordFile;
paths = [ "sftp:${hostCfg.username}@${hostCfg.hostname}:${hostCfg.remotePath}" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
initialize = true;
extraBackupArgs = [
"--one-file-system"
]
++ lib.optional (hostCfg.excludePatterns != [ ]) (
builtins.concatStringsSep " " (map (p: "--exclude ${p}") hostCfg.excludePatterns)
);
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-yearly 1"
];
environmentFile = config.sops.templates."restic/b2-env".path;
extraOptions = [
"sftp.command=ssh -i ${cfg.sshKeyFile} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
];
}
) cfg.hosts;
};
}

Some files were not shown because too many files have changed in this diff Show More