hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:5f47f0bb0144647b14730e40924df29d31542fde
Branches Tags
hektor:main
..
compare: hektor:main
Branches Tags
hektor:main

24 Commits
5f47f0bb01 ... main

Author SHA1 Message Date
Hektor Misplon
c4510abf88 refactor: simplify apps.colmena 2026-02-24 15:00:45 +01:00
Hektor Misplon
0c4cdd2d1e feat: add golang module to work host 2026-02-24 14:47:27 +01:00
Hektor Misplon
c1418e1402 chore: update lockfile 2026-02-24 14:47:27 +01:00
Hektor Misplon
ab59c50520 fix: add wrapper util for home manager modules 2026-02-24 14:47:27 +01:00
Hektor Misplon
624a56e948 fix: remove pnpm bash config 2026-02-24 14:47:27 +01:00
Hektor Misplon
fb269c0265 fix: update 'work' host modules 2026-02-24 14:47:27 +01:00
Hektor Misplon
2a07ecef61 feat: add 'nodejs' module (and use on 'work' host) 2026-02-24 14:47:27 +01:00
Hektor Misplon
aa830fc795 feat: set up 'opencode' on work host 2026-02-24 14:47:27 +01:00
Hektor Misplon
227a4fe53d feat: add 'vscode' module to work host 2026-02-24 14:47:27 +01:00
Hektor Misplon
99dfe10ebf fix: add pdf support to pandoc module 2026-02-24 14:47:27 +01:00
hektor
c002741419 fix: remove default packages 2026-02-23 19:35:24 +01:00
hektor
448b3e5ef0 feat: set up 'tlp' for laptop mode on 'astyanax' 2026-02-23 18:15:19 +01:00
hektor
fafadf4034 feat: add notifier plugin to opencode 2026-02-23 18:11:29 +01:00
hektor
a5845fb847 fix :resolve 'andromache' syntax error 2026-02-23 18:11:24 +01:00
Hektor Misplon
757d5e5c81 feat: set up 'storage' module 2026-02-22 16:43:15 +01:00
Hektor Misplon
7b13880be2 fix: resolve nix build warnings 2026-02-22 16:40:20 +01:00
Hektor Misplon
b895e85953 chore: disable syncthing module 2026-02-22 16:22:55 +01:00
Hektor Misplon
ee3b95d986 fix: remove 'nix.settings' from 'hecuba' host 2026-02-22 16:20:52 +01:00
Hektor Misplon
f5ed623d53 refactor: extract 'pandoc' module 2026-02-22 16:16:17 +01:00
Hektor Misplon
d30fa3922b docs: update readme 2026-02-22 14:37:09 +01:00
Hektor Misplon
1c20cc3326 feat: add basic 'gaming' module to 'andromache' 2026-02-22 14:08:43 +01:00
Hektor Misplon
e7a36abd8c refactor: extract 'nvidia' module 2026-02-22 14:08:43 +01:00
Hektor Misplon
635583669f refactor: add home 'allowedUnfree' option 2026-02-22 14:08:43 +01:00
Hektor Misplon
dec73a74d8 refactor: remove unused 'colmena' input 2026-02-22 14:08:43 +01:00
28 changed files with 243 additions and 141 deletions
Expand all files Collapse all files

15
README.md
View File

@@ -21,16 +21,7 @@ nix build -L '.#nixosConfigurations.vm.config.system.build.vmWithDisko'
./result/bin/disko-vm
```
## deploy using colmena
## docs
```
colmena apply
```
## SD installer images
```
nix build .#images.sd-image-orange-pi-aarch64
nix build .#images.sd-image-raspberry-pi-aarch64
```
* [deploy using colmena](./deploy/README.md)
* [SD installer images](./images/README.md)

2
deploy/colmena.nix
View File

@@ -17,7 +17,7 @@ in
inputs.colmena.lib.makeHive {
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
localSystem = "x86_64-linux";
};
nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;

7
dots/.bashrc
View File

@@ -103,13 +103,6 @@ if [[ -z "${SSH_CONNECTION}" ]]; then
fi
# }}}
# pnpm
export PNPM_HOME="/home/h/.local/share/pnpm"
case ":$PATH:" in
*":$PNPM_HOME:"*) ;;
*) export PATH="$PNPM_HOME:$PATH" ;;
esac
# pnpm end
# Codi
# Usage: codi [filetype] [filename]

30
flake.lock generated
View File

@@ -121,11 +121,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1771669320,
"narHash": "sha256-LqmgIBpjpMQKkHKCSGJkluMVFFoBdkUhJnu+Cq+jgGc=",
"lastModified": 1771732978,
"narHash": "sha256-o7gZh/eXFkEEmzwlBdIbgCJhmdlqQhOhVjudqgsIefg=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "496abb3aef244b896bf7cdd65e071cf624f16338",
"rev": "18226106e18bc40cce99d436ee741a946f1888f6",
"type": "gitlab"
},
"original": {
@@ -284,11 +284,11 @@
]
},
"locked": {
"lastModified": 1770726378,
"narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"lastModified": 1771857445,
"narHash": "sha256-NCrhxU9wq5+4jQG1fvRbyTnH8GSbH6LovreVoH2fOL4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"rev": "3d7a52f678227930ab089f5d9b384f2d50f7d534",
"type": "github"
},
"original": {
@@ -344,11 +344,11 @@
]
},
"locked": {
"lastModified": 1771683283,
"narHash": "sha256-WxAEkAbo8dP7qiyPM6VN4ZGAxfuBVlNBNPkrqkrXVEc=",
"lastModified": 1771851181,
"narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c6ed3eab64d23520bcbb858aa53fe2b533725d4a",
"rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c",
"type": "github"
},
"original": {
@@ -667,11 +667,11 @@
]
},
"locked": {
"lastModified": 1771524872,
"narHash": "sha256-eksVUcUsfS9mQx4D9DrYu88u9w70bAf+n6KmTDuIGEE=",
"lastModified": 1771735105,
"narHash": "sha256-MJuVJeszZEziquykEHh/hmgIHYxUcuoG/1aowpLiSeU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e85540ffe97322dc1fea14dd11cdc2f59d540ac7",
"rev": "d7755d820f5fa8acf7f223309c33e25d4f92e74f",
"type": "github"
},
"original": {
@@ -717,11 +717,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1771626923,
"narHash": "sha256-Mn6oeKrY+Sw6kH0jK+hp5QQH4MTcqwBRQL/ScZDNcz8=",
"lastModified": 1771787992,
"narHash": "sha256-Vg4bGwwenNYI8p3nJTl9FRyeIyrjATeZrZr+GyUSDrw=",
"owner": "danth",
"repo": "stylix",
"rev": "b09847414b50c65788936199918272377f70fb91",
"rev": "30054cca073b49b42a71289edec858f535b27fe9",
"type": "github"
},
"original": {

27
flake.nix
View File

@@ -77,8 +77,10 @@
(lib.genAttrs hostDirNames (
host:
nixpkgs.lib.nixosSystem {
system = import ./hosts/${host}/system.nix;
modules = [ ./hosts/${host} ];
modules = [
./hosts/${host}
{ nixpkgs.hostPlatform = import ./hosts/${host}/system.nix; }
];
specialArgs = {
inherit inputs outputs dotsPath;
};
@@ -86,14 +88,12 @@
))
// {
sd-image-orange-pi-aarch64 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./images/sd-image-orange-pi-aarch64.nix
{
nixpkgs.crossSystem = {
system = "aarch64-linux";
};
nixpkgs.buildPlatform = "x86_64-linux";
nixpkgs.hostPlatform = "aarch64-linux";
}
];
specialArgs = {
@@ -101,14 +101,12 @@
};
};
sd-image-raspberry-pi-aarch64 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./images/sd-image-raspberry-pi-aarch64.nix
{
nixpkgs.crossSystem = {
system = "aarch64-linux";
};
nixpkgs.buildPlatform = "x86_64-linux";
nixpkgs.hostPlatform = "aarch64-linux";
}
];
specialArgs = {
@@ -131,7 +129,8 @@
};
apps.${system}.colmena = inputs.colmena.apps.${system}.default;
colmenaHive = import ./deploy/colmena.nix {
colmena = import ./deploy/colmena.nix {
inherit
self
inputs
@@ -142,9 +141,11 @@
formatter.${system} = gitHooks.formatter;
devShells.${system} = gitHooks.devShells;
images.sd-image-orange-pi-aarch64 =
legacyPackages.${system} = {
sd-image-orange-pi-aarch64 =
self.nixosConfigurations.sd-image-orange-pi-aarch64.config.system.build.sdImage;
images.sd-image-raspberry-pi-aarch64 =
sd-image-raspberry-pi-aarch64 =
self.nixosConfigurations.sd-image-raspberry-pi-aarch64.config.system.build.sdImage;
};
};
}

5
git-hooks.nix
View File

@@ -10,7 +10,10 @@ let
pre-commit-check = git-hooks.lib.${system}.run {
inherit src;
hooks = {
nixfmt.enable = true;
nixfmt = {
enable = true;
package = pkgs.nixfmt;
};
statix.enable = true;
deadnix.enable = true;
};

2
home/hosts/andromache/default.nix
View File

@@ -23,6 +23,7 @@ in
../../modules/kitty.nix
../../modules/music
../../modules/nvim.nix
../../modules/pandoc.nix
../../modules/ssh.nix
../../modules/taskwarrior.nix
../../modules/keepassxc.nix
@@ -46,6 +47,7 @@ in
cloud.hetzner.enable = true;
comms.signal.enable = true;
github.enable = true;
pandoc.enable = true;
shell.bash = {
enable = true;

2
home/hosts/astyanax/default.nix
View File

@@ -23,6 +23,7 @@ in
../../modules/music
../../modules/nfc
../../modules/nvim.nix
../../modules/pandoc.nix
../../modules/ssh.nix
../../modules/taskwarrior.nix
../../modules/keepassxc.nix
@@ -45,6 +46,7 @@ in
comms.signal.enable = true;
github.enable = true;
nfc.proxmark3.enable = true;
pandoc.enable = true;
shell.bash = {
enable = true;

5
home/hosts/packages.nix
View File

@@ -6,17 +6,12 @@ with pkgs;
entr
feh
fzf
haskellPackages.pandoc-crossref
htop
jq
nixfmt-rfc-style
nmap
nodejs_24
nvimpager
pandoc
parallel
pass
pnpm
ripgrep
silver-searcher
sops

30
home/hosts/work/default.nix
View File

@@ -13,24 +13,29 @@ in
inputs.sops-nix.homeManagerModules.sops
../../modules
../../modules/stylix.nix
../../modules/lib.nix
../../modules/ai-tools.nix
../../modules/cloud
../../modules/comms
../../modules/desktop/niri
../../modules/dconf.nix
../../modules/direnv
../../modules/docker
../../modules/git
../../modules/go
../../modules/k8s
../../modules/k8s/k9s.nix
../../modules/keepassxc.nix
../../modules/kitty.nix
../../modules/nvim.nix
../../modules/pandoc.nix
../../modules/browser
../../modules/shell
../../modules/music
../../modules/nodejs.nix
../../modules/taskwarrior.nix
../../modules/bruno.nix
../../modules/pandoc.nix
../../modules/vscode.nix
];
sops = {
@@ -43,15 +48,30 @@ in
taskwarrior_sync_encryption_secret = { };
anki_sync_user = { };
anki_sync_key = { };
opencode_api_key = { };
};
templates."taskrc.d/sync" = {
templates = {
"taskrc.d/sync" = {
content = ''
sync.server.url=${config.sops.placeholder.taskwarrior_sync_server_url}
sync.server.client_id=${config.sops.placeholder.taskwarrior_sync_server_client_id}
sync.encryption_secret=${config.sops.placeholder.taskwarrior_sync_encryption_secret}
'';
};
"opencode/auth.json" = {
path = "${config.home.homeDirectory}/.local/share/opencode/auth.json";
content = ''
{
"zai-coding-plan": {
"type": "api",
"key": "${config.sops.placeholder.opencode_api_key}"
}
}
'';
};
};
};
nixpkgs.config.allowUnfree = true;
@@ -72,9 +92,13 @@ in
cloud.azure.enable = true;
comms.signal.enable = true;
comms.teams.enable = true;
ai-tools.claude-code.enable = true;
ai-tools = {
claude-code.enable = true;
opencode.enable = true;
};
github.enable = true;
gitlab.enable = true;
pandoc.enable = true;
shell.bash.enable = true;
starship.enable = true;

1
home/modules/ai-tools.nix
View File

@@ -82,6 +82,7 @@ in
"~/.config/sops/age/keys.txt" = "deny";
};
};
plugin = [ "@mohak34/opencode-notifier@latest" ];
};
})
];

2
home/modules/browser/firefox-base.nix
View File

@@ -26,7 +26,7 @@ in
};
extensions = {
force = true;
packages = with inputs.firefox-addons.packages.${pkgs.system}; [
packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
duckduckgo-privacy-essentials
firefox-color
istilldontcareaboutcookies

14
home/modules/bruno.nix
View File

@@ -1,19 +1,7 @@
{ config, pkgs, ... }:
let
needsNixGL = config.lib ? nixGL;
bruno =
if needsNixGL then
pkgs.bruno.overrideAttrs (old: {
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/bruno --add-flags "--no-sandbox"
'';
})
else
pkgs.bruno;
in
{
config = {
home.packages = [ (config.nixgl.wrap bruno) ];
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.bruno "--no-sandbox")) ];
};
}

3
home/modules/comms/signal.nix
View File

@@ -4,8 +4,9 @@
pkgs,
...
}:
{
config = lib.mkIf config.comms.signal.enable {
home.packages = [ (config.nixgl.wrap pkgs.signal-desktop) ];
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.signal-desktop "--no-sandbox")) ];
};
}

2
home/modules/comms/teams.nix
View File

@@ -7,6 +7,6 @@
{
config = lib.mkIf config.comms.teams.enable {
home.packages = [ (config.nixgl.wrap pkgs.teams-for-linux) ];
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.teams-for-linux "--no-sandbox")) ];
};
}

15
home/modules/default.nix
View File

@@ -6,4 +6,19 @@
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
options.wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
};
}

18
home/modules/go/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
options.go = {
enable = lib.mkEnableOption "go language";
};
config = lib.mkIf config.go.enable {
home.packages = with pkgs; [
go
gopls
];
};
}

26
home/modules/nodejs.nix Normal file
View File

@@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
...
}:
{
options.nodejs = {
enable = lib.mkEnableOption "nodejs (and related packages)";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.nodejs_24;
};
};
config = lib.mkIf config.nodejs.enable {
home.packages = with pkgs; [
config.nodejs.package
pnpm
yarn
biome
tsx
];
};
}

2
home/modules/nvim.nix
View File

@@ -3,7 +3,7 @@
{
config = {
home.packages = [
inputs.nvim.packages.${pkgs.system}.nvim
inputs.nvim.packages.${pkgs.stdenv.hostPlatform.system}.nvim
];
};
}

19
home/modules/pandoc.nix Normal file
View File

@@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
options.pandoc = {
enable = lib.mkEnableOption "pandoc";
};
config = lib.mkIf config.pandoc.enable {
home.packages = with pkgs; [
haskellPackages.pandoc-crossref
pandoc
texliveSmall
];
};
}

7
home/modules/vscode.nix Normal file
View File

@@ -0,0 +1,7 @@
{ config, pkgs, ... }:
{
config = {
home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.vscode "--disable-gpu-sandbox")) ];
};
}

7
hosts/andromache/default.nix
View File

@@ -5,6 +5,7 @@
pkgs,
...
}:
let
username = "h";
hostName = "andromache";
@@ -35,6 +36,7 @@ in
../../modules/localization
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/storage
../../modules/stylix
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker
@@ -86,7 +88,7 @@ in
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
environment.systemPackages = [
inputs.colmena.packages.${pkgs.system}.colmena
inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
];
services = {
@@ -99,8 +101,7 @@ in
enable = true;
harden = true;
};
my.syncthing.enable = true;
};
networking = {
# TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id

21
hosts/astyanax/default.nix
View File

@@ -35,10 +35,10 @@ in
../../modules/localization
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/storage
../../modules/stylix
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker
../../modules/syncthing
../../modules/nfc
];
@@ -81,7 +81,7 @@ in
};
environment.systemPackages = [
inputs.colmena.packages.${pkgs.system}.colmena
inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
(pkgs.writeShellApplication {
name = "wol-andromache";
runtimeInputs = [ pkgs.wakeonlan ];
@@ -108,7 +108,20 @@ in
enable = true;
package = pkgs.plocate;
};
};
tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
my.syncthing.enable = true;
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
CPU_MIN_PERF_ON_AC = 0;
CPU_MAX_PERF_ON_AC = 100;
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 20;
};
};
};
}

11
hosts/hecuba/default.nix
View File

@@ -83,15 +83,4 @@ in
enable = true;
harden = true;
};
nix.settings = {
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"astyanax:JY2qJkZUFSax47R3c1nq53AZ8GnLfNqz6mSnJ60cLZ4="
"andromache:XM4VLrEw63RB/3v/56OxzH/Yw+kKXKMBLKCb7UGAXzo="
];
auto-optimise-store = true;
keep-derivations = false;
keep-outputs = false;
};
}

1
hosts/vm/default.nix
View File

@@ -25,6 +25,7 @@ in
../../modules/x
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/storage
(import ../../modules/secrets {
inherit lib inputs config;
})

2
images/sd-image-raspberry-pi-aarch64.nix
View File

@@ -31,7 +31,7 @@ in
hardware.enableRedistributableFirmware = true;
hardware.pulseaudio.enable = true;
services.pulseaudio.enable = true;
networking.wireless.enable = true;

47
modules/common/default.nix
View File

@@ -1,35 +1,27 @@
let
flakePath = "/home/h/nix";
in
{
inputs,
outputs,
dotsPath,
config,
...
}:
let
inherit (inputs.nixpkgs) lib;
in
{
imports = [
inputs.home-manager.nixosModules.default
];
options.nixpkgs.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
config = {
system.stateVersion = "25.05";
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit inputs outputs dotsPath;
};
};
nix = {
optimise = {
automatic = true;
@@ -40,11 +32,14 @@ in
dates = "weekly";
options = "--delete-older-than 30d";
};
settings.experimental-features = [
"nix-command"
"flakes"
];
};
system.autoUpgrade = {
enable = true;
flake = flakePath;
flags = [
"--recreate-lock-file"
"--commit-lock-file"
@@ -55,4 +50,18 @@ in
randomizedDelaySec = "45min";
allowReboot = false;
};
nixpkgs.config.allowUnfreePredicate =
pkg: builtins.elem (lib.getName pkg) config.nixpkgs.allowedUnfree;
environment.defaultPackages = lib.mkForce [ ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit inputs outputs dotsPath;
};
};
};
}

3
modules/storage/default.nix Normal file
View File

@@ -0,0 +1,3 @@
{
services.udisks2.enable = true;
}