sid/synix
1
0
Fork 0
Code Issues 6 Pull requests 1 Projects Activity Actions

enforce new flake schema. formatting.
Some checks failed
Build tests / build-hosts (pull_request) Failing after 3s
Details
Flake check / flake-check (pull_request) Failing after 13s
Details

Browse source
This commit is contained in:
sid 2026-05-31 18:50:41 +02:00
parent 4b0a90e00d
commit ecf5132cbb
121 changed files with 1606 additions and 1554 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1 +1,2 @@
# shellcheck shell=bash
use flake use flake

1
.forgejo/workflows/build-tests.yml
View file

@ -1,3 +1,4 @@
---
name: Build tests name: Build tests
on: on:

1
.forgejo/workflows/deploy-docs.yml
View file

@ -1,3 +1,4 @@
---
name: Deploy docs name: Deploy docs
on: on:

9
.forgejo/workflows/flake-check.yml
View file

@ -1,6 +1,8 @@
---
name: Flake check name: Flake check
on: [pull_request] on:
pull_request:
jobs: jobs:
flake-check: flake-check:
@ -11,5 +13,8 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Check formatting
run: nix fmt -- --check
- name: Run flake check - name: Run flake check
run: nix flake check --impure run: nix flake check --impure --all-systems

3
apps/create/create.sh
View file

@ -11,9 +11,6 @@ HOSTNAME=""
# Templates with Home Manager configurations # Templates with Home Manager configurations
HM_CONFIGS=("hyprland") HM_CONFIGS=("hyprland")
# This will get overwritten by the derivation
TEMPLATES_DIR=""
# Print usage information # Print usage information
usage() { usage() {
cat <<EOF cat <<EOF

1
apps/rebuild/rebuild.sh
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
# NixOS and standalone Home Manager rebuild script # NixOS and standalone Home Manager rebuild script
# Defaults # Defaults

1
apps/update-packages/update-packages.sh
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
SYSTEM="x86_64-linux" SYSTEM="x86_64-linux"
IGNORE_PACKAGES=( IGNORE_PACKAGES=(
"pyman" "pyman"

3
docs/getting-started/install-instructions.md
View file

@ -114,7 +114,8 @@ git clone YOUR_GIT_REPO_URL ~/.config/nixos
Home Manager is not installed by default. Enter the development shell to apply the configuration: Home Manager is not installed by default. Enter the development shell to apply the configuration:
```bash ```bash
nix-shell ~/.config/nixos/shell.nix --run 'rebuild home' nix --experimental-features "nix-command flakes" develop git+https://git.sid.ovh/sid/synix#devShells.x86_64-linux.install-hm \
--command "rebuild home"
``` ```
### 8. Reboot your System ### 8. Reboot your System

170
flake.nix
View file

@ -3,7 +3,6 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nix.url = "github:DeterminateSystems/nix-src/flake-schemas"; nix.url = "github:DeterminateSystems/nix-src/flake-schemas";
flake-schemas.url = "github:DeterminateSystems/flake-schemas"; flake-schemas.url = "github:DeterminateSystems/flake-schemas";
git-hooks.url = "github:cachix/git-hooks.nix"; git-hooks.url = "github:cachix/git-hooks.nix";
@ -29,50 +28,69 @@
... ...
}@inputs: }@inputs:
let let
supportedSystems = [ inherit (self) outputs;
systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" # For testing only. Use at your own risk. "aarch64-linux" # For testing only. Use at your own risk.
]; ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; lib = nixpkgs.lib.extend (_final: _prev: self.lib.utils or { });
nixpkgsFor = forAllSystems ( mkPkgs =
system: {
system,
config ? { },
}:
import nixpkgs { import nixpkgs {
inherit system; inherit system;
inherit config;
overlays = [ overlays = [
self.overlays.default self.overlays.modifications
self.overlays.additions
inputs.nix.overlays.default inputs.nix.overlays.default
(final: prev: { synix = self.overlays.additions final prev; })
]; ];
} };
forAllSystems =
function:
lib.genAttrs systems (
system:
function (mkPkgs {
inherit system;
})
); );
test = { mkNixosConfiguration =
system = "x86_64-linux"; system: modules:
lib = nixpkgs.lib.extend (final: prev: self.outputs.lib or { }); nixpkgs.lib.nixosSystem {
inputs = inputs // { inherit system modules;
synix = self; specialArgs = {
inherit inputs outputs lib;
};
};
mkHomeConfiguration =
system: modules:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = mkPkgs { inherit system; };
inherit modules;
extraSpecialArgs = {
inherit inputs outputs;
}; };
outputs = { };
overlays = [
self.overlays.default
self.overlays.additions
self.overlays.modifications
(final: prev: { synix = self.packages."${final.system}"; })
];
}; };
in in
{ {
inherit (inputs.flake-schemas) schemas; inherit (inputs.flake-schemas) schemas;
apps = forAllSystems ( apps = forAllSystems (
system: pkgs:
let let
pkgs = nixpkgs.legacyPackages.${system}; mkApp = name: description: {
mkApp = name: desc: {
type = "app"; type = "app";
program = pkgs.lib.getExe (pkgs.callPackage ./apps/${name} { }); program = pkgs.lib.getExe (pkgs.callPackage ./apps/${name} { });
meta.description = desc; meta.description = description;
}; };
in in
{ {
@ -86,13 +104,17 @@
); );
lib = { lib = {
utils = import ./lib/utils.nix { lib = nixpkgs.lib; }; utils = import ./lib/utils.nix { inherit (nixpkgs) lib; };
helpers = {
inherit mkPkgs;
};
}; };
packages = forAllSystems ( packages = forAllSystems (
system: pkgs:
let let
allArchs = import ./pkgs { pkgs = nixpkgs.legacyPackages.${system}; }; inherit (pkgs.stdenv.hostPlatform) system;
allArchs = import ./pkgs { inherit pkgs; };
x64only = x64only =
if system == "x86_64-linux" then if system == "x86_64-linux" then
{ {
@ -111,52 +133,21 @@
# test configs # test configs
nixosConfigurations = { nixosConfigurations = {
nixos-hyprland = nixpkgs.lib.nixosSystem { nixos-hyprland = mkNixosConfiguration "x86_64-linux" [ ./tests/build/nixos-hyprland ];
inherit (test) system; nixos-server = mkNixosConfiguration "x86_64-linux" [ ./tests/build/nixos-server ];
modules = [
./tests/build/nixos-hyprland
{ nixpkgs.overlays = test.overlays; }
];
specialArgs = {
inherit (test) inputs outputs lib;
};
};
nixos-server = nixpkgs.lib.nixosSystem {
inherit (test) system;
modules = [
./tests/build/nixos-server
{ nixpkgs.overlays = test.overlays; }
];
specialArgs = {
inherit (test) inputs outputs lib;
};
};
}; };
homeConfigurations = { homeConfigurations = {
hm-hyprland = inputs.home-manager.lib.homeManagerConfiguration { hm-hyprland = mkHomeConfiguration "x86_64-linux" [ ./tests/build/hm-hyprland ];
pkgs = import nixpkgs {
inherit (test) overlays system;
};
extraSpecialArgs = {
inherit (test) inputs outputs;
};
modules = [
./tests/build/hm-hyprland
];
};
}; };
devShells = forAllSystems ( devShells = forAllSystems (
system: pkgs:
let
pkgs = nixpkgsFor.${system};
in
{
default =
let let
inherit (pkgs.stdenv.hostPlatform) system;
inherit (self.checks.${system}.pre-commit-check) shellHook enabledPackages; inherit (self.checks.${system}.pre-commit-check) shellHook enabledPackages;
in in
pkgs.mkShell { {
default = pkgs.mkShell {
inherit shellHook; inherit shellHook;
nativeBuildInputs = [ nativeBuildInputs = [
enabledPackages enabledPackages
@ -173,47 +164,58 @@
)) ))
]); ]);
}; };
nix-config = pkgs.mkShell {
inherit shellHook;
nativeBuildInputs = [ enabledPackages ];
};
install-hm = pkgs.mkShell {
NIX_CONFIG = "extra-experimental-features = nix-command flakes";
nativeBuildInputs = [ pkgs.home-manager ];
};
} }
); );
formatter = forAllSystems ( formatter = forAllSystems (
system: pkgs:
let let
pkgs = nixpkgs.legacyPackages.${system}; inherit (pkgs.stdenv.hostPlatform) system;
config = self.checks.${system}.pre-commit-check.config; inherit (self.checks.${system}.pre-commit-check.config) package configFile;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in in
pkgs.writeShellScriptBin "pre-commit-run" script pkgs.writeShellScriptBin "pre-commit-run" "${pkgs.lib.getExe package} run --all-files --config ${configFile}"
); );
checks = forAllSystems ( checks = forAllSystems (
system: pkgs:
let let
pkgs = nixpkgs.legacyPackages.${system}; inherit (pkgs.stdenv.hostPlatform) system;
flakePkgs = self.packages.${system};
overlaidPkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.modifications ];
};
in in
{ {
pre-commit-check = inputs.git-hooks.lib.${system}.run { pre-commit-check = inputs.git-hooks.lib.${system}.run {
src = ./.; src = ./.;
hooks = { hooks = {
nixfmt.enable = true; actionlint.enable = true;
nixfmt = {
enable = true;
settings.width = 120;
};
shellcheck.enable = true;
statix.enable = true;
yamllint = {
enable = true;
excludes = [ "secrets.yaml" ];
settings.configData = "{rules: {line-length: {max: 120}}}";
}; };
}; };
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
build-overlays = pkgs.linkFarm "flake-overlays-${system}" {
kicad = overlaidPkgs.kicad;
}; };
build-additions = pkgs.linkFarm "added-packages-${system}" self.packages.${system};
build-modifications = pkgs.linkFarm "modified-packages-${system}" (
lib.filterAttrs (_: v: lib.isDerivation v) (self.overlays.modifications pkgs pkgs)
);
synapse-test = synapse-test =
let let
testPkgs = import nixpkgs { testPkgs = mkPkgs {
inherit system; inherit system;
config.permittedInsecurePackages = [ "olm-3.2.16" ]; config.permittedInsecurePackages = [ "olm-3.2.16" ];
}; };

1
mkdocs.yml
View file

@ -1,3 +1,4 @@
---
site_name: synix docs site_name: synix docs
repo_url: https://git.sid.ovh/sid/synix repo_url: https://git.sid.ovh/sid/synix
site_url: https://doc.sid.ovh/synix site_url: https://doc.sid.ovh/synix

4
modules/home/common/cdf.sh
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
# change directory with fzf # change directory with fzf
# Usage: cdf [optional_relative_path] # Usage: cdf [optional_relative_path]
# - If no argument, searches from $HOME. # - If no argument, searches from $HOME.
@ -67,7 +68,8 @@ function cdf() {
"--preview=tree -C {} | head -50" "--preview=tree -C {} | head -50"
"--preview-window=right:50%:wrap" "--preview-window=right:50%:wrap"
) )
local selected=$(find "${find_args[@]}" 2>/dev/null | fzf "${fzf_args[@]}") local selected
selected=$(find "${find_args[@]}" 2>/dev/null | fzf "${fzf_args[@]}")
if [[ -n "$selected" ]]; then if [[ -n "$selected" ]]; then
cd "$selected" || echo "Failed to cd into '$selected'" cd "$selected" || echo "Failed to cd into '$selected'"

8
modules/home/hyprland/applications/bitwarden/default.nix
View file

@ -16,7 +16,8 @@ in
imports = [ ../../../rofi-rbw ]; imports = [ ../../../rofi-rbw ];
config = mkIf (cfg.enable && app == "rofi-rbw") { config = mkIf (cfg.enable && app == "rofi-rbw") {
programs.rbw = { programs = {
rbw = {
enable = true; enable = true;
settings = { settings = {
# email = "you@example.tld"; # You have to set this in your config # email = "you@example.tld"; # You have to set this in your config
@ -25,7 +26,7 @@ in
}; };
}; };
programs.rofi-rbw = { rofi-rbw = {
enable = true; enable = true;
package = mkDefault pkgs.rofi-rbw-wayland; package = mkDefault pkgs.rofi-rbw-wayland;
settings = { settings = {
@ -36,11 +37,12 @@ in
}; };
}; };
programs.librewolf = mkIf config.programs.librewolf.enable { librewolf = mkIf config.programs.librewolf.enable {
profiles.default.extensions.packages = profiles.default.extensions.packages =
with inputs.nur.legacyPackages."${pkgs.stdenv.hostPlatform.system}".repos.rycee.firefox-addons; [ with inputs.nur.legacyPackages."${pkgs.stdenv.hostPlatform.system}".repos.rycee.firefox-addons; [
bitwarden bitwarden
]; ];
}; };
}; };
};
} }

10
modules/home/hyprland/applications/default.nix
View file

@ -22,7 +22,7 @@ let
{ {
default = mkOption { default = mkOption {
type = types.str; type = types.str;
default = default; inherit default;
description = "The default application to use for the ${default}."; description = "The default application to use for the ${default}.";
}; };
bind = mkOption { bind = mkOption {
@ -38,12 +38,8 @@ let
}; };
# generate lists of all binds and window rules and remove empty strings # generate lists of all binds and window rules and remove empty strings
binds = filter (s: s != "") ( binds = filter (s: s != "") (builtins.concatLists (map (app: app.bind or [ "" ]) (attrValues apps)));
builtins.concatLists (map (app: app.bind or [ "" ]) (attrValues apps)) windowrules = filter (s: s != "") (builtins.concatLists (map (app: app.windowrule or [ "" ]) (attrValues apps)));
);
windowrules = filter (s: s != "") (
builtins.concatLists (map (app: app.windowrule or [ "" ]) (attrValues apps))
);
inherit (lib) inherit (lib)
attrValues attrValues

4
modules/home/hyprland/applications/dunst-toggle/dunst-toggle.nix
View file

@ -5,7 +5,7 @@ let
pkill = "${pkgs.procps}/bin/pkill"; pkill = "${pkgs.procps}/bin/pkill";
signal = "${toString config.programs.waybar.settings.mainBar."custom/notifications".signal}"; signal = "${toString config.programs.waybar.settings.mainBar."custom/notifications".signal}";
in in
(pkgs.writeShellScriptBin "dunst-toggle" '' pkgs.writeShellScriptBin "dunst-toggle" ''
${dunst} set-paused toggle ${dunst} set-paused toggle
${pkill} -RTMIN+${signal} waybar ${pkill} -RTMIN+${signal} waybar
'') ''

10
modules/home/hyprland/applications/newsboat/default.nix
View file

@ -9,7 +9,7 @@ let
cfg = config.wayland.windowManager.hyprland; cfg = config.wayland.windowManager.hyprland;
app = cfg.applications.rssreader.default; app = cfg.applications.rssreader.default;
reloadTime = "${toString config.programs.newsboat.reloadTime}"; reloadTime = "${toString config.programs.newsboat.reloadTime}";
newsboat-reload = (import ./newsboat-reload.nix { inherit config pkgs; }); newsboat-reload = import ./newsboat-reload.nix { inherit config pkgs; };
inherit (lib) mkIf; inherit (lib) mkIf;
in in
@ -27,9 +27,11 @@ in
timers.newsboat-reload = { timers.newsboat-reload = {
Unit.Description = "Reload newsboat every ${reloadTime} minutes"; Unit.Description = "Reload newsboat every ${reloadTime} minutes";
Timer.OnBootSec = "10sec"; Timer = {
Timer.OnUnitActiveSec = "${reloadTime}min"; OnBootSec = "10sec";
Timer.Unit = "newsboat-reload.service"; OnUnitActiveSec = "${reloadTime}min";
Unit = "newsboat-reload.service";
};
Install.WantedBy = [ "timers.target" ]; Install.WantedBy = [ "timers.target" ];
}; };

4
modules/home/hyprland/applications/newsboat/newsboat-reload.nix
View file

@ -5,6 +5,6 @@ let
notify = "${pkgs.libnotify}/bin/notify-send"; notify = "${pkgs.libnotify}/bin/notify-send";
signal = "${toString config.programs.waybar.settings.mainBar."custom/newsboat".signal}"; signal = "${toString config.programs.waybar.settings.mainBar."custom/newsboat".signal}";
in in
(pkgs.writeShellScriptBin "newsboat-reload" '' pkgs.writeShellScriptBin "newsboat-reload" ''
${notify} -u low 'Newsboat' 'Reloading RSS feeds...' && ${newsboat} -x reload && ${notify} -u low 'Newsboat' 'RSS feeds reloaded.' && pkill -RTMIN+${signal} waybar ${notify} -u low 'Newsboat' 'Reloading RSS feeds...' && ${newsboat} -x reload && ${notify} -u low 'Newsboat' 'RSS feeds reloaded.' && pkill -RTMIN+${signal} waybar
'') ''

4
modules/home/hyprland/applications/presentation-mode-bemenu/default.nix
View file

@ -14,9 +14,7 @@ in
{ {
config = mkIf (cfg.enable && app == "presentation-mode-bemenu") { config = mkIf (cfg.enable && app == "presentation-mode-bemenu") {
home.packages = [ home.packages = [
(pkgs.writeShellScriptBin "presentation-mode-bemenu" ( (pkgs.writeShellScriptBin "presentation-mode-bemenu" (builtins.readFile ./presentation-mode-bemenu.sh))
builtins.readFile ./presentation-mode-bemenu.sh
))
]; ];
}; };
} }

3
modules/home/hyprland/applications/presentation-mode-bemenu/presentation-mode-bemenu.sh
View file

@ -1,5 +1,6 @@
#!/usr/bin/env bash
# Variables # Variables
DISPLAYS=( $(hyprctl monitors | grep -E '^Monitor' | awk '{print $2}') ) mapfile -t DISPLAYS < <(hyprctl monitors | grep -E '^Monitor' | awk '{print $2}')
EXTEND_RIGHT="Extend to right of main" EXTEND_RIGHT="Extend to right of main"
EXTEND_LEFT="Extend to left of main" EXTEND_LEFT="Extend to left of main"
MIRROR="Mirror main" MIRROR="Mirror main"

4
modules/home/hyprland/applications/screenshot/screenshot.nix
View file

@ -5,7 +5,7 @@
let let
screenshotDir = "${config.xdg.userDirs.pictures}/screenshots"; screenshotDir = "${config.xdg.userDirs.pictures}/screenshots";
in in
(pkgs.writeShellScriptBin "screenshot" '' pkgs.writeShellScriptBin "screenshot" ''
mkdir -p ${screenshotDir} mkdir -p ${screenshotDir}
${pkgs.hyprshot}/bin/hyprshot --mode $1 --output-folder ${screenshotDir} --filename screenshot_$(date +"%Y-%m-%d_%H-%M-%S").png ${pkgs.hyprshot}/bin/hyprshot --mode $1 --output-folder ${screenshotDir} --filename screenshot_$(date +"%Y-%m-%d_%H-%M-%S").png
'') ''

2
modules/home/hyprland/binds/default.nix
View file

@ -27,7 +27,7 @@ in
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
settings = { settings = {
bind = binds; bind = binds;
bindm = (import ./mouse.nix); bindm = import ./mouse.nix;
}; };
}; };
}; };

8
modules/home/hyprland/cursor.nix
View file

@ -9,18 +9,20 @@ let
inherit (lib) mkForce; inherit (lib) mkForce;
in in
{ {
home.pointerCursor = { home = {
pointerCursor = {
name = mkForce "Bibata-Original-Ice"; name = mkForce "Bibata-Original-Ice";
size = mkForce 24; size = mkForce 24;
package = mkForce pkgs.bibata-cursors; package = mkForce pkgs.bibata-cursors;
}; };
home.packages = [ pkgs.hyprcursor ]; packages = [ pkgs.hyprcursor ];
home.sessionVariables = { sessionVariables = {
HYPRCURSOR_THEME = config.home.pointerCursor.name; HYPRCURSOR_THEME = config.home.pointerCursor.name;
HYPRCURSOR_SIZE = toString config.home.pointerCursor.size; HYPRCURSOR_SIZE = toString config.home.pointerCursor.size;
}; };
};
# wayland.windowManager.hyprland.cursor.no_hardware_cursors = true; # wayland.windowManager.hyprland.cursor.no_hardware_cursors = true;
} }

18
modules/home/hyprland/default.nix
View file

@ -78,12 +78,6 @@ in
# auto discover fonts in `home.packages` # auto discover fonts in `home.packages`
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
# notifications
services.dunst = {
enable = mkDefault true;
waylandDisplay = config.home.sessionVariables.WAYLAND_DISPLAY;
};
# install some applications # install some applications
home.packages = import ./packages.nix { inherit pkgs; }; # use programs.PACKAGE or services.SERVICE when possible home.packages = import ./packages.nix { inherit pkgs; }; # use programs.PACKAGE or services.SERVICE when possible
@ -94,11 +88,19 @@ in
fi fi
''; '';
services.udiskie = { # notifications
services = {
dunst = {
enable = mkDefault true;
waylandDisplay = config.home.sessionVariables.WAYLAND_DISPLAY;
};
udiskie = {
enable = mkDefault true; enable = mkDefault true;
tray = mkDefault "never"; tray = mkDefault "never";
}; };
services.network-manager-applet.enable = mkDefault true; network-manager-applet.enable = mkDefault true;
};
}; };
} }

8
modules/home/hyprland/xdg/default.nix
View file

@ -20,8 +20,10 @@ in
enable = mkDefault true; enable = mkDefault true;
createDirectories = mkDefault true; createDirectories = mkDefault true;
}; };
portal.enable = mkDefault true; portal = {
portal.extraPortals = [ portal ]; enable = mkDefault true;
portal.configPackages = [ portal ]; extraPortals = [ portal ];
configPackages = [ portal ];
};
}; };
} }

6
modules/home/librewolf/search/default.nix
View file

@ -19,13 +19,13 @@ let
in in
{ {
urls = [ { template = engine.url; } ]; urls = [ { template = engine.url; } ];
icon = engine.icon; inherit (engine) icon;
updateInterval = if (isUrl engine.icon) then every_day else null; updateInterval = if (isUrl engine.icon) then every_day else null;
definedAliases = optional (engine ? alias) engine.alias; definedAliases = optional (engine ? alias) engine.alias;
}; };
transformedEngines = mapAttrs' (name: engine: { transformedEngines = mapAttrs' (name: engine: {
name = name; inherit name;
value = transformEngine engine; value = transformEngine engine;
}) engines; }) engines;
@ -79,7 +79,7 @@ in
profiles.default.search.engines = mapAttrs (_: name: transformedEngines.${name}) ( profiles.default.search.engines = mapAttrs (_: name: transformedEngines.${name}) (
listToAttrs ( listToAttrs (
map (name: { map (name: {
name = name; inherit name;
value = name; value = name;
}) cfg.searchEngines }) cfg.searchEngines
) )

8
modules/home/nixvim/plugins/treesitter.nix
View file

@ -16,7 +16,8 @@ in
{ {
config = { config = {
programs.nixvim = { programs.nixvim = {
plugins.treesitter = { plugins = {
treesitter = {
enable = mkDefault true; enable = mkDefault true;
nixvimInjections = mkDefault true; nixvimInjections = mkDefault true;
settings = { settings = {
@ -25,8 +26,9 @@ in
indent.enable = mkDefault true; indent.enable = mkDefault true;
}; };
}; };
plugins.treesitter-context = mkIf plugin.enable { enable = mkDefault true; }; treesitter-context = mkIf plugin.enable { enable = mkDefault true; };
plugins.treesitter-textobjects = mkIf plugin.enable { enable = mkDefault true; }; treesitter-textobjects = mkIf plugin.enable { enable = mkDefault true; };
};
}; };
# Fix for: ERROR `cc` executable not found. # Fix for: ERROR `cc` executable not found.

2
modules/home/password-manager/default.nix
View file

@ -9,7 +9,7 @@
let let
cfg = config.programs.passwordManager; cfg = config.programs.passwordManager;
passmenuScript = pkgs.writeShellScriptBin "passmenu-bemenu" (builtins.readFile ./passmenu); # TODO: override original passmenu script coming from pass itself passmenuScript = pkgs.writeShellScriptBin "passmenu-bemenu" (builtins.readFile ./passmenu); # TODO: override original passmenu script coming from pass itself
passff-host = pkgs.passff-host; inherit (pkgs) passff-host;
inherit (lib) inherit (lib)
mkDefault mkDefault

3
modules/home/stylix/default.nix
View file

@ -29,8 +29,7 @@ let
"moonfly" "moonfly"
"oxocarbon" "oxocarbon"
]; ];
schemeName = schemeName = if builtins.elem cfg.scheme needsSuffix then "${cfg.scheme}-${cfg.polarity}" else cfg.scheme;
if builtins.elem cfg.scheme needsSuffix then "${cfg.scheme}-${cfg.polarity}" else cfg.scheme;
inherit (lib) inherit (lib)
mkDefault mkDefault

1
modules/home/stylix/schemes/moonfly.yaml
View file

@ -1,3 +1,4 @@
---
system: "base16" system: "base16"
name: "Moonfly" name: "Moonfly"
description: "A dark theme inspired by the Moonfly color scheme." description: "A dark theme inspired by the Moonfly color scheme."

1
modules/home/stylix/schemes/oxocarbon.yaml
View file

@ -1,3 +1,4 @@
---
system: "base16" system: "base16"
name: "Oxocarbon" name: "Oxocarbon"
description: "A dark theme inspired by the Oxocarbon Dark color scheme." description: "A dark theme inspired by the Oxocarbon Dark color scheme."

4
modules/home/waybar/modules/newsboat.nix
View file

@ -10,13 +10,13 @@ let
let let
newsboat = "${pkgs.newsboat}/bin/newsboat"; newsboat = "${pkgs.newsboat}/bin/newsboat";
in in
(pkgs.writeShellScriptBin "newsboat-print-unread" '' pkgs.writeShellScriptBin "newsboat-print-unread" ''
UNREAD=$(${newsboat} -x print-unread | awk '{print $1}') UNREAD=$(${newsboat} -x print-unread | awk '{print $1}')
if [[ $UNREAD -gt 0 ]]; then if [[ $UNREAD -gt 0 ]]; then
printf " %i" "$UNREAD" printf " %i" "$UNREAD"
fi fi
''); '';
inherit (lib) mkDefault; inherit (lib) mkDefault;
in in

5
modules/home/waybar/modules/timer/timer.sh
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
TIMER_FILE="/tmp/timer" # file to store the current time TIMER_FILE="/tmp/timer" # file to store the current time
SIGNAL=11 # signal number to send to status bar SIGNAL=11 # signal number to send to status bar
STATUS_BAR="waybar" # Support for more status bars? STATUS_BAR="waybar" # Support for more status bars?
@ -16,7 +17,7 @@ start_timer() {
notify-send "Timer Started" "Your countdown timer has been started." notify-send "Timer Started" "Your countdown timer has been started."
trap "exit" INT TERM trap "exit" INT TERM
trap "rm -f -- '$TIMER_FILE'" EXIT trap 'rm -f -- "$TIMER_FILE"' EXIT
while [ $total_seconds -gt 0 ]; do while [ $total_seconds -gt 0 ]; do
hours=$(( total_seconds / 3600 )) hours=$(( total_seconds / 3600 ))
@ -62,7 +63,7 @@ if [ "$1" = "start" ]; then
MINUTES=${MINUTES:-0} MINUTES=${MINUTES:-0}
SECONDS=${SECONDS:-0} SECONDS=${SECONDS:-0}
start_timer $HOURS $MINUTES $SECONDS start_timer "$HOURS" "$MINUTES" "$SECONDS"
elif [ "$1" = "stop" ]; then elif [ "$1" = "stop" ]; then
notify-send "Timer Stopped" "Your countdown timer has been stopped." notify-send "Timer Stopped" "Your countdown timer has been stopped."

14
modules/nixos/bluetooth/default.nix
View file

@ -4,10 +4,16 @@ let
inherit (lib) mkDefault; inherit (lib) mkDefault;
in in
{ {
hardware.bluetooth.enable = mkDefault true; hardware = {
hardware.bluetooth.powerOnBoot = mkDefault false; bluetooth = {
hardware.bluetooth.settings.General.Enable = mkDefault "Source,Sink,Media,Socket"; enable = mkDefault true;
hardware.bluetooth.settings.General.Experimental = mkDefault true; powerOnBoot = mkDefault false;
settings.General = {
Enable = mkDefault "Source,Sink,Media,Socket";
Experimental = mkDefault true;
};
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
blueman blueman

4
modules/nixos/cifsMount/default.nix
View file

@ -84,8 +84,6 @@ in
) { } cfg.remotes; ) { } cfg.remotes;
# Ensure that all cifs-mount services are started with the graphical session # Ensure that all cifs-mount services are started with the graphical session
systemd.user.targets.graphical-session.wants = map ( systemd.user.targets.graphical-session.wants = map (remote: "cifs-mount-${remote.shareName}.service") cfg.remotes;
remote: "cifs-mount-${remote.shareName}.service"
) cfg.remotes;
}; };
} }

10
modules/nixos/common/boot.nix
View file

@ -1,20 +1,20 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
boot = {
# fix CVE-2026-31431 # fix CVE-2026-31431
boot.kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.18.22") ( kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.18.22") (lib.mkDefault pkgs.linuxPackages_6_18);
lib.mkDefault pkgs.linuxPackages_6_18
);
# fix CVE-2026-43500 # fix CVE-2026-43500
boot.extraModprobeConfig = '' extraModprobeConfig = ''
install esp4 ${pkgs.coreutils}/bin/false install esp4 ${pkgs.coreutils}/bin/false
install esp6 ${pkgs.coreutils}/bin/false install esp6 ${pkgs.coreutils}/bin/false
install rxrpc ${pkgs.coreutils}/bin/false install rxrpc ${pkgs.coreutils}/bin/false
''; '';
boot.blacklistedKernelModules = [ blacklistedKernelModules = [
"esp4" "esp4"
"esp6" "esp6"
"rxrpc" "rxrpc"
]; ];
};
} }

14
modules/nixos/common/environment.nix
View file

@ -9,7 +9,8 @@ let
inherit (lib) mkDefault optionals; inherit (lib) mkDefault optionals;
in in
{ {
environment.systemPackages = environment = {
systemPackages =
with pkgs; with pkgs;
[ [
cryptsetup cryptsetup
@ -47,7 +48,7 @@ in
pkgs.kitty.terminfo pkgs.kitty.terminfo
]; ];
environment.shellAliases = { shellAliases = {
l = "ls -lh"; l = "ls -lh";
ll = "ls -lAh"; ll = "ls -lAh";
ports = "ss -tulpn"; ports = "ss -tulpn";
@ -56,8 +57,11 @@ in
}; };
# saves one instance of nixpkgs. # saves one instance of nixpkgs.
environment.ldso32 = null; ldso32 = null;
};
boot.tmp.cleanOnBoot = mkDefault true; boot = {
boot.initrd.systemd.enable = mkDefault (!config.boot.swraid.enable && !config.boot.isContainer); tmp.cleanOnBoot = mkDefault true;
initrd.systemd.enable = mkDefault (!config.boot.swraid.enable && !config.boot.isContainer);
};
} }

9
modules/nixos/common/well-known.nix
View file

@ -2,16 +2,13 @@
# avoid TOFU MITM # avoid TOFU MITM
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
"github.com".hostNames = [ "github.com" ]; "github.com".hostNames = [ "github.com" ];
"github.com".publicKey = "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"gitlab.com".hostNames = [ "gitlab.com" ]; "gitlab.com".hostNames = [ "gitlab.com" ];
"gitlab.com".publicKey = "gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
"git.sr.ht".hostNames = [ "git.sr.ht" ]; "git.sr.ht".hostNames = [ "git.sr.ht" ];
"git.sr.ht".publicKey = "git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
}; };
# TODO: add synix # TODO: add synix
} }

8
modules/nixos/coturn/default.nix
View file

@ -42,12 +42,8 @@ in
static-auth-secret-file = mkIf cfg.sops config.sops.secrets."coturn/static-auth-secret".path; static-auth-secret-file = mkIf cfg.sops config.sops.secrets."coturn/static-auth-secret".path;
realm = mkDefault "turn.${config.networking.domain}"; realm = mkDefault "turn.${config.networking.domain}";
cert = cert = mkIf (!cfg.no-tls && cfg.sops) "${config.security.acme.certs.${cfg.realm}.directory}/full.pem";
mkIf (!cfg.no-tls && cfg.sops) pkey = mkIf (!cfg.no-tls && cfg.sops) "${config.security.acme.certs.${cfg.realm}.directory}/key.pem";
"${config.security.acme.certs.${cfg.realm}.directory}/full.pem";
pkey =
mkIf (!cfg.no-tls && cfg.sops)
"${config.security.acme.certs.${cfg.realm}.directory}/key.pem";
extraConfig = '' extraConfig = ''
# ban private IP ranges # ban private IP ranges

29
modules/nixos/device/server.nix
View file

@ -33,11 +33,13 @@ in
fonts.fontconfig.enable = mkDefault false; fonts.fontconfig.enable = mkDefault false;
xdg.autostart.enable = mkDefault false; xdg = {
xdg.icons.enable = mkDefault false; autostart.enable = mkDefault false;
xdg.menus.enable = mkDefault false; icons.enable = mkDefault false;
xdg.mime.enable = mkDefault false; menus.enable = mkDefault false;
xdg.sounds.enable = mkDefault false; mime.enable = mkDefault false;
sounds.enable = mkDefault false;
};
programs.git.package = mkDefault pkgs.gitMinimal; programs.git.package = mkDefault pkgs.gitMinimal;
@ -48,22 +50,25 @@ in
viAlias = mkDefault true; viAlias = mkDefault true;
}; };
systemd = {
# emergency mode is useless on headless machines # emergency mode is useless on headless machines
systemd.enableEmergencyMode = false; enableEmergencyMode = false;
boot.initrd.systemd.suppressedUnits = mkIf config.systemd.enableEmergencyMode [
"emergency.service"
"emergency.target"
];
systemd.sleep.extraConfig = '' sleep.extraConfig = ''
AllowSuspend=no AllowSuspend=no
AllowHibernation=no AllowHibernation=no
''; '';
# force reboots # force reboots
systemd.settings.Manager = { settings.Manager = {
RuntimeWatchdogSec = mkDefault "15s"; RuntimeWatchdogSec = mkDefault "15s";
RebootWatchdogSec = mkDefault "30s"; RebootWatchdogSec = mkDefault "30s";
KExecWatchdogSec = mkDefault "1m"; KExecWatchdogSec = mkDefault "1m";
}; };
};
boot.initrd.systemd.suppressedUnits = mkIf config.systemd.enableEmergencyMode [
"emergency.service"
"emergency.target"
];
} }

8
modules/nixos/device/vm.nix
View file

@ -4,7 +4,9 @@ let
inherit (lib) mkDefault; inherit (lib) mkDefault;
in in
{ {
services.qemuGuest.enable = mkDefault true; services = {
services.spice-vdagentd.enable = mkDefault true; qemuGuest.enable = mkDefault true;
services.spice-webdavd.enable = mkDefault true; spice-vdagentd.enable = mkDefault true;
spice-webdavd.enable = mkDefault true;
};
} }

8
modules/nixos/ftp-webserver/default.nix
View file

@ -2,9 +2,9 @@
let let
cfg = config.services.ftp-webserver; cfg = config.services.ftp-webserver;
domain = config.networking.domain; inherit (config.networking) domain;
fqdn = if (cfg.subdomain != "") then "${cfg.subdomain}.${domain}" else domain; fqdn = if (cfg.subdomain != "") then "${cfg.subdomain}.${domain}" else domain;
nginx = config.services.nginx; inherit (config.services) nginx;
inherit (lib) inherit (lib)
mkEnableOption mkEnableOption
@ -35,7 +35,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx.virtualHosts."${fqdn}" = { services.nginx.virtualHosts."${fqdn}" = {
root = cfg.root; inherit (cfg) root;
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
autoindex on; autoindex on;
@ -43,7 +43,7 @@ in
autoindex_localtime on; autoindex_localtime on;
''; '';
}; };
forceSSL = cfg.forceSSL; inherit (cfg) forceSSL;
enableACME = cfg.forceSSL; enableACME = cfg.forceSSL;
sslCertificate = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/cert.pem"; sslCertificate = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/cert.pem";
sslCertificateKey = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/key.pem"; sslCertificateKey = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/key.pem";

10
modules/nixos/headplane/default.nix
View file

@ -7,10 +7,10 @@
let let
cfg = config.services.headplane; cfg = config.services.headplane;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
headscale = config.services.headscale; inherit (config.services) headscale;
inherit (lib) inherit (lib)
mkDefault mkDefault
@ -55,7 +55,7 @@ in
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
"${fqdn}" = mkVirtualHost { "${fqdn}" = mkVirtualHost {
port = cfg.settings.server.port; inherit (cfg.settings.server) port;
ssl = cfg.reverseProxy.forceSSL; ssl = cfg.reverseProxy.forceSSL;
}; };
}; };
@ -63,7 +63,7 @@ in
sops.secrets = sops.secrets =
let let
owner = headscale.user; owner = headscale.user;
group = headscale.group; inherit (headscale) group;
mode = "0400"; mode = "0400";
in in
{ {

4
modules/nixos/headscale/default.nix
View file

@ -6,8 +6,8 @@
let let
cfg = config.services.headscale; cfg = config.services.headscale;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
acl = "headscale/acl.hujson"; acl = "headscale/acl.hujson";

22
modules/nixos/hyprland/default.nix
View file

@ -8,23 +8,9 @@ in
programs.dconf.enable = true; # fixes nixvim hm module programs.dconf.enable = true; # fixes nixvim hm module
services.flatpak.enable = true; services = {
flatpak.enable = true;
xdg.portal = { gnome.gnome-keyring.enable = true;
enable = true; udisks2.enable = mkDefault true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
config.common.default = "gtk";
}; };
services.gnome.gnome-keyring.enable = true;
security.pam.services = {
login = {
enableGnomeKeyring = true;
};
hyprlock = { };
};
services.udisks2.enable = mkDefault true;
} }

8
modules/nixos/jellyfin/default.nix
View file

@ -7,8 +7,8 @@
let let
cfg = config.services.jellyfin; cfg = config.services.jellyfin;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
inherit (lib) inherit (lib)
@ -48,9 +48,7 @@ in
]; ];
systemd.tmpfiles.rules = systemd.tmpfiles.rules =
(map ( (map (library: "d ${cfg.dataDir}/libraries/${library} 0770 ${cfg.user} ${cfg.group} -") cfg.libraries)
library: "d ${cfg.dataDir}/libraries/${library} 0770 ${cfg.user} ${cfg.group} -"
) cfg.libraries)
++ [ ++ [
"z ${cfg.dataDir} 0770 ${cfg.user} ${cfg.group} -" "z ${cfg.dataDir} 0770 ${cfg.user} ${cfg.group} -"
"Z ${cfg.dataDir}/libraries 0770 ${cfg.user} ${cfg.group} -" "Z ${cfg.dataDir}/libraries 0770 ${cfg.user} ${cfg.group} -"

4
modules/nixos/jirafeau/default.nix
View file

@ -2,8 +2,8 @@
let let
cfg = config.services.jirafeau; cfg = config.services.jirafeau;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
inherit (lib) inherit (lib)

74
modules/nixos/librechat-oci/default.nix
View file

@ -155,7 +155,7 @@ let
mkOption { mkOption {
type = types.package; type = types.package;
default = defaultImages.${name}; default = defaultImages.${name};
description = description; inherit description;
}; };
inherit (lib) inherit (lib)
@ -236,23 +236,18 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
virtualisation.podman = { virtualisation = {
podman = {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
dockerCompat = true; dockerCompat = true;
}; };
networking.firewall.interfaces = oci-containers = {
let backend = "podman";
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
virtualisation.oci-containers.backend = "podman"; containers = {
librechat-mongodb = {
virtualisation.oci-containers.containers.librechat-mongodb = {
image = with cfg.images.mongodb; "${imageName}:${imageTag}"; image = with cfg.images.mongodb; "${imageName}:${imageTag}";
imageFile = cfg.images.mongodb; imageFile = cfg.images.mongodb;
cmd = [ cmd = [
@ -269,7 +264,7 @@ in
]; ];
}; };
virtualisation.oci-containers.containers.librechat-meilisearch = { librechat-meilisearch = {
image = with cfg.images.meilisearch; "${imageName}:${imageTag}"; image = with cfg.images.meilisearch; "${imageName}:${imageTag}";
imageFile = cfg.images.meilisearch; imageFile = cfg.images.meilisearch;
environment = { environment = {
@ -287,7 +282,7 @@ in
]; ];
}; };
virtualisation.oci-containers.containers.librechat-vectordb = { librechat-vectordb = {
image = with cfg.images.vectordb; "${imageName}:${imageTag}"; image = with cfg.images.vectordb; "${imageName}:${imageTag}";
imageFile = cfg.images.vectordb; imageFile = cfg.images.vectordb;
environment = { environment = {
@ -305,7 +300,7 @@ in
]; ];
}; };
virtualisation.oci-containers.containers.librechat-rag-api = { librechat-rag-api = {
image = with cfg.images.ragApi; "${imageName}:${imageTag}"; image = with cfg.images.ragApi; "${imageName}:${imageTag}";
imageFile = cfg.images.ragApi; imageFile = cfg.images.ragApi;
environment = { environment = {
@ -321,7 +316,7 @@ in
]; ];
}; };
virtualisation.oci-containers.containers.librechat = { librechat = {
image = with cfg.images.librechat; "${imageName}:${imageTag}"; image = with cfg.images.librechat; "${imageName}:${imageTag}";
imageFile = cfg.images.librechat; imageFile = cfg.images.librechat;
environment = environment =
@ -331,10 +326,8 @@ in
MEILI_HOST = "http://meilisearch:${toString cfg.meiliPort}"; MEILI_HOST = "http://meilisearch:${toString cfg.meiliPort}";
RAG_PORT = toString cfg.ragPort; RAG_PORT = toString cfg.ragPort;
RAG_API_URL = "http://rag_api:${toString cfg.ragPort}"; RAG_API_URL = "http://rag_api:${toString cfg.ragPort}";
DOMAIN_CLIENT = DOMAIN_CLIENT = if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}";
if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}"; DOMAIN_SERVER = if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}";
DOMAIN_SERVER =
if cfg.externalUrl != null then cfg.externalUrl else "http://localhost:${toString cfg.port}";
} }
// cfg.environment; // cfg.environment;
environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile;
@ -358,8 +351,21 @@ in
"--network=librechat_default" "--network=librechat_default"
]; ];
}; };
};
};
};
systemd.services.podman-librechat-mongodb = { networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
systemd = {
services = {
podman-librechat-mongodb = {
serviceConfig.Restart = mkOverride 90 "always"; serviceConfig.Restart = mkOverride 90 "always";
after = [ after = [
"podman-network-librechat_default.service" "podman-network-librechat_default.service"
@ -373,7 +379,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-librechat-meilisearch = { podman-librechat-meilisearch = {
serviceConfig.Restart = mkOverride 90 "always"; serviceConfig.Restart = mkOverride 90 "always";
after = [ after = [
"podman-network-librechat_default.service" "podman-network-librechat_default.service"
@ -387,7 +393,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-librechat-vectordb = { podman-librechat-vectordb = {
serviceConfig.Restart = mkOverride 90 "always"; serviceConfig.Restart = mkOverride 90 "always";
after = [ after = [
"podman-network-librechat_default.service" "podman-network-librechat_default.service"
@ -401,7 +407,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-librechat-rag-api = { podman-librechat-rag-api = {
serviceConfig.Restart = mkOverride 90 "always"; serviceConfig.Restart = mkOverride 90 "always";
after = [ after = [
"podman-network-librechat_default.service" "podman-network-librechat_default.service"
@ -415,7 +421,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-librechat = { podman-librechat = {
serviceConfig.Restart = mkOverride 90 "always"; serviceConfig.Restart = mkOverride 90 "always";
after = [ after = [
"podman-network-librechat_default.service" "podman-network-librechat_default.service"
@ -439,7 +445,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-network-librechat_default = { podman-network-librechat_default = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -453,7 +459,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-volume-librechat_mongodb_data = { podman-volume-librechat_mongodb_data = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -464,7 +470,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-volume-librechat_meili_data = { podman-volume-librechat_meili_data = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -475,7 +481,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-volume-librechat_pgdata = { podman-volume-librechat_pgdata = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -486,7 +492,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-volume-librechat_images = { podman-volume-librechat_images = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -497,7 +503,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-volume-librechat_uploads = { podman-volume-librechat_uploads = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -508,7 +514,7 @@ in
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
systemd.services.podman-volume-librechat_logs = { podman-volume-librechat_logs = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -518,10 +524,12 @@ in
partOf = [ "podman-compose-librechat-root.target" ]; partOf = [ "podman-compose-librechat-root.target" ];
wantedBy = [ "podman-compose-librechat-root.target" ]; wantedBy = [ "podman-compose-librechat-root.target" ];
}; };
};
systemd.targets.podman-compose-librechat-root = { targets.podman-compose-librechat-root = {
unitConfig.Description = "Root target generated by compose2nix."; unitConfig.Description = "Root target generated by compose2nix.";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
}; };
};
} }

4
modules/nixos/mailserver/default.nix
View file

@ -8,7 +8,7 @@
let let
cfg = config.mailserver; cfg = config.mailserver;
domain = config.networking.domain; inherit (config.networking) domain;
fqdn = "${cfg.subdomain}.${domain}"; fqdn = "${cfg.subdomain}.${domain}";
inherit (lib) inherit (lib)
@ -74,7 +74,7 @@ in
nameValuePair "${user}@${domain}" { nameValuePair "${user}@${domain}" {
name = "${user}@${domain}"; name = "${user}@${domain}";
aliases = map (alias: "${alias}@${domain}") (accConf.aliases or [ ]); aliases = map (alias: "${alias}@${domain}") (accConf.aliases or [ ]);
sendOnly = accConf.sendOnly; inherit (accConf) sendOnly;
quota = mkDefault "5G"; quota = mkDefault "5G";
hashedPasswordFile = config.sops.secrets."mailserver/accounts/${user}".path; hashedPasswordFile = config.sops.secrets."mailserver/accounts/${user}".path;
} }

24
modules/nixos/matrix-synapse/bridges.nix
View file

@ -23,7 +23,7 @@ let
services."mautrix-${name}" = { services."mautrix-${name}" = {
enable = true; enable = true;
package = cfg.bridges.${name}.package; inherit (cfg.bridges.${name}) package;
environmentFile = mkIf cfg.sops config.sops.templates."mautrix-${name}/env-file".path; environmentFile = mkIf cfg.sops config.sops.templates."mautrix-${name}/env-file".path;
settings = { settings = {
bridge = { bridge = {
@ -71,33 +71,29 @@ let
mode = "0400"; mode = "0400";
in in
{ {
secrets."mautrix-${name}/encryption-pickle-key" = { secrets = {
"mautrix-${name}/encryption-pickle-key" = {
inherit owner group mode; inherit owner group mode;
}; };
secrets."mautrix-${name}/provisioning-shared-secret" = { "mautrix-${name}/provisioning-shared-secret" = {
inherit owner group mode; inherit owner group mode;
}; };
secrets."mautrix-${name}/public-media-signing-key" = { "mautrix-${name}/public-media-signing-key" = {
inherit owner group mode; inherit owner group mode;
}; };
secrets."mautrix-${name}/direct-media-server-key" = { "mautrix-${name}/direct-media-server-key" = {
inherit owner group mode; inherit owner group mode;
}; };
};
templates."mautrix-${name}/env-file" = { templates."mautrix-${name}/env-file" = {
inherit owner group mode; inherit owner group mode;
content = '' content = ''
MAUTRIX_${toUpper name}_ENCRYPTION_PICKLE_KEY=${ MAUTRIX_${toUpper name}_ENCRYPTION_PICKLE_KEY=${config.sops.placeholder."mautrix-${name}/encryption-pickle-key"}
config.sops.placeholder."mautrix-${name}/encryption-pickle-key"
}
MAUTRIX_${toUpper name}_PROVISIONING_SHARED_SECRET=${ MAUTRIX_${toUpper name}_PROVISIONING_SHARED_SECRET=${
config.sops.placeholder."mautrix-${name}/provisioning-shared-secret" config.sops.placeholder."mautrix-${name}/provisioning-shared-secret"
} }
MAUTRIX_${toUpper name}_PUBLIC_MEDIA_SIGNING_KEY=${ MAUTRIX_${toUpper name}_PUBLIC_MEDIA_SIGNING_KEY=${config.sops.placeholder."mautrix-${name}/public-media-signing-key"}
config.sops.placeholder."mautrix-${name}/public-media-signing-key" MAUTRIX_${toUpper name}_DIRECT_MEDIA_SERVER_KEY=${config.sops.placeholder."mautrix-${name}/direct-media-server-key"}
}
MAUTRIX_${toUpper name}_DIRECT_MEDIA_SERVER_KEY=${
config.sops.placeholder."mautrix-${name}/direct-media-server-key"
}
''; '';
}; };
} }

27
modules/nixos/matrix-synapse/default.nix
View file

@ -84,7 +84,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.postgresql = { services = {
postgresql = {
enable = true; enable = true;
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -95,12 +96,10 @@ in
''; '';
}; };
services.matrix-synapse = mkMerge [ matrix-synapse = mkMerge [
{ {
settings = { settings = {
registration_shared_secret_path = registration_shared_secret_path = mkIf cfg.sops config.sops.secrets."matrix/registration-shared-secret".path;
mkIf cfg.sops
config.sops.secrets."matrix/registration-shared-secret".path;
server_name = config.networking.domain; server_name = config.networking.domain;
public_baseurl = baseUrl; public_baseurl = baseUrl;
listeners = [ listeners = [
@ -142,19 +141,17 @@ in
}) })
]; ];
environment.shellAliases = mkIf cfg.sops { nginx.virtualHosts."${cfg.settings.server_name}" = {
register_new_matrix_user = "${cfg.package}/bin/register_new_matrix_user -k $(sudo cat ${cfg.settings.registration_shared_secret_path})";
};
services.nginx.virtualHosts."${cfg.settings.server_name}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations = {
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
"= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}"; "/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
locations."/_synapse".proxyPass = "http://127.0.0.1:${toString cfg.port}"; "/_synapse".proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
}; };
sops = mkIf cfg.sops { sops = mkIf cfg.sops {

14
modules/nixos/matrix-synapse/livekit.nix
View file

@ -6,13 +6,14 @@
let let
cfg = config.services.matrix-synapse; cfg = config.services.matrix-synapse;
domain = config.networking.domain; inherit (config.networking) domain;
inherit (lib) mkIf mkDefault; inherit (lib) mkIf mkDefault;
in in
{ {
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.livekit = { services = {
livekit = {
enable = true; enable = true;
settings.port = mkDefault 7880; settings.port = mkDefault 7880;
settings.room.auto_create = mkDefault false; settings.room.auto_create = mkDefault false;
@ -20,16 +21,14 @@ in
keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path; keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path;
}; };
services.lk-jwt-service = { lk-jwt-service = {
enable = true; enable = true;
port = mkDefault 8080; port = mkDefault 8080;
livekitUrl = "wss://${domain}/livekit/sfu"; livekitUrl = "wss://${domain}/livekit/sfu";
keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path; keyFile = mkIf cfg.sops config.sops.templates."livekit/key".path;
}; };
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = domain; nginx.virtualHosts = {
services.nginx.virtualHosts = {
"${domain}".locations = { "${domain}".locations = {
"^~ /livekit/jwt/" = { "^~ /livekit/jwt/" = {
priority = 400; priority = 400;
@ -50,6 +49,9 @@ in
}; };
}; };
}; };
};
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = domain;
sops = mkIf cfg.sops { sops = mkIf cfg.sops {
secrets."livekit/key" = { }; secrets."livekit/key" = { };

6
modules/nixos/maubot/default.nix
View file

@ -76,7 +76,7 @@ in
sops = mkIf cfg.sops ( sops = mkIf cfg.sops (
let let
owner = user.name; owner = user.name;
group = user.group; inherit (user) group;
mode = "0400"; mode = "0400";
in in
{ {
@ -98,9 +98,7 @@ in
'' ''
admins: admins:
'' ''
+ concatLines ( + concatLines (map (admin: " ${admin}: ${config.sops.placeholder."maubot/admins/${admin}"}") cfg.admins)
map (admin: " ${admin}: ${config.sops.placeholder."maubot/admins/${admin}"}") cfg.admins
)
); );
}; };
} }

2
modules/nixos/mcpo/default.nix
View file

@ -96,7 +96,7 @@ in
users.users."${cfg.user}" = { users.users."${cfg.user}" = {
isSystemUser = true; isSystemUser = true;
group = cfg.group; inherit (cfg) group;
}; };
users.groups."${cfg.group}" = { }; users.groups."${cfg.group}" = { };

4
modules/nixos/miniflux/default.nix
View file

@ -6,8 +6,8 @@
let let
cfg = config.services.miniflux; cfg = config.services.miniflux;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
port = 8085; port = 8085;

5
modules/nixos/nginx/default.nix
View file

@ -50,8 +50,7 @@ in
"1.1.1.1" "1.1.1.1"
"2606:4700:4700::1111" "2606:4700:4700::1111"
]; ];
resolvers = resolvers = if config.networking.nameservers == [ ] then cloudflare else config.networking.nameservers;
if config.networking.nameservers == [ ] then cloudflare else config.networking.nameservers;
in in
map escapeIPv6 resolvers; map escapeIPv6 resolvers;
@ -60,7 +59,7 @@ in
virtualHosts = { virtualHosts = {
"${config.networking.domain}" = mkDefault { "${config.networking.domain}" = mkDefault {
enableACME = cfg.forceSSL; enableACME = cfg.forceSSL;
forceSSL = cfg.forceSSL; inherit (cfg) forceSSL;
}; };
}; };
}; };

4
modules/nixos/normalUsers/default.nix
View file

@ -21,7 +21,7 @@ in
types.submodule { types.submodule {
options = { options = {
extraGroups = mkOption { extraGroups = mkOption {
type = (types.listOf types.str); type = types.listOf types.str;
default = [ ]; default = [ ];
description = "Extra groups for the user"; description = "Extra groups for the user";
example = [ "wheel" ]; example = [ "wheel" ];
@ -37,7 +37,7 @@ in
description = "Initial password for the user"; description = "Initial password for the user";
}; };
sshKeyFiles = mkOption { sshKeyFiles = mkOption {
type = (types.listOf types.path); type = types.listOf types.path;
default = [ ]; default = [ ];
description = "SSH key files for the user"; description = "SSH key files for the user";
example = [ "/path/to/id_rsa.pub" ]; example = [ "/path/to/id_rsa.pub" ];

9
modules/nixos/nostr-relay/default.nix
View file

@ -2,8 +2,8 @@
let let
cfg = config.services.nostr-relay; cfg = config.services.nostr-relay;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
inherit (lib) inherit (lib)
@ -48,9 +48,8 @@ in
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
"${fqdn}" = { "${fqdn}" = {
enableACME = cfg.reverseProxy.forceSSL; enableACME = cfg.reverseProxy.forceSSL;
forceSSL = cfg.reverseProxy.forceSSL; inherit (cfg.reverseProxy) forceSSL;
locations."/".proxyPass = locations."/".proxyPass = "http://127.0.0.1:${toString config.services.nostr-rs-relay.settings.network.port}";
"http://127.0.0.1:${toString config.services.nostr-rs-relay.settings.network.port}";
}; };
}; };
}; };

24
modules/nixos/nvidia/default.nix
View file

@ -9,20 +9,26 @@ let
inherit (lib) mkDefault; inherit (lib) mkDefault;
in in
{ {
boot.blacklistedKernelModules = [ "nouveau" ]; boot = {
boot.extraModulePackages = [ config.hardware.nvidia.package ]; blacklistedKernelModules = [ "nouveau" ];
boot.initrd.kernelModules = [ "nvidia" ]; extraModulePackages = [ config.hardware.nvidia.package ];
initrd.kernelModules = [ "nvidia" ];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nvtopPackages.nvidia nvtopPackages.nvidia
]; ];
hardware.enableRedistributableFirmware = true; hardware = {
hardware.graphics.enable = true; enableRedistributableFirmware = true;
hardware.nvidia.modesetting.enable = true; graphics.enable = true;
hardware.nvidia.nvidiaSettings = true; nvidia = {
hardware.nvidia.open = false; modesetting.enable = true;
hardware.nvidia.package = mkDefault config.boot.kernelPackages.nvidiaPackages.latest; nvidiaSettings = true;
open = false;
package = mkDefault config.boot.kernelPackages.nvidiaPackages.latest;
};
};
nixpkgs.config.cudaSupport = true; nixpkgs.config.cudaSupport = true;

6
modules/nixos/ollama/default.nix
View file

@ -2,8 +2,8 @@
let let
cfg = config.services.ollama; cfg = config.services.ollama;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
inherit (lib) inherit (lib)
@ -31,7 +31,7 @@ in
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
"${fqdn}" = mkVirtualHost { "${fqdn}" = mkVirtualHost {
port = cfg.port; inherit (cfg) port;
ssl = cfg.reverseProxy.forceSSL; ssl = cfg.reverseProxy.forceSSL;
recommendedProxySettings = mkForce false; recommendedProxySettings = mkForce false;
extraConfig = '' extraConfig = ''

35
modules/nixos/open-webui-oci/default.nix
View file

@ -83,23 +83,17 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
virtualisation.podman = { virtualisation = {
podman = {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
dockerCompat = true; dockerCompat = true;
}; };
networking.firewall.interfaces = oci-containers = {
let backend = "podman";
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
virtualisation.oci-containers.backend = "podman"; containers."open-webui" = {
virtualisation.oci-containers.containers."open-webui" = {
image = with cfg.image; imageName + ":" + imageTag; image = with cfg.image; imageName + ":" + imageTag;
imageFile = cfg.image; imageFile = cfg.image;
environment = environment =
@ -125,7 +119,19 @@ in
"--network=host" "--network=host"
]; ];
}; };
systemd.services."podman-open-webui" = { };
};
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
systemd = {
services."podman-open-webui" = {
serviceConfig = { serviceConfig = {
Restart = mkOverride 90 "always"; Restart = mkOverride 90 "always";
}; };
@ -143,7 +149,7 @@ in
]; ];
}; };
systemd.services."podman-volume-open-webui_open-webui" = { services."podman-volume-open-webui_open-webui" = {
path = [ pkgs.podman ]; path = [ pkgs.podman ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -156,11 +162,12 @@ in
wantedBy = [ "podman-compose-open-webui-root.target" ]; wantedBy = [ "podman-compose-open-webui-root.target" ];
}; };
systemd.targets."podman-compose-open-webui-root" = { targets."podman-compose-open-webui-root" = {
unitConfig = { unitConfig = {
Description = "Root target generated by compose2nix."; Description = "Root target generated by compose2nix.";
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
}; };
};
} }

16
modules/nixos/print-server/default.nix
View file

@ -7,8 +7,8 @@
let let
cfg = config.services.print-server; cfg = config.services.print-server;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
port = 631; port = 631;
@ -36,7 +36,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.printing = { services = {
printing = {
enable = true; enable = true;
listenAddresses = [ "*:${builtins.toString port}" ]; listenAddresses = [ "*:${builtins.toString port}" ];
webInterface = true; webInterface = true;
@ -46,7 +47,7 @@ in
Address @LOCAL Address @LOCAL
''; '';
clientConf = ""; clientConf = "";
openFirewall = cfg.openFirewall; inherit (cfg) openFirewall;
drivers = with pkgs; [ drivers = with pkgs; [
brlaser brlaser
brgenml1lpr brgenml1lpr
@ -67,17 +68,18 @@ in
}; };
# autodiscovery of network printers # autodiscovery of network printers
services.avahi = { avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
openFirewall = cfg.openFirewall; inherit (cfg) openFirewall;
}; };
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
${fqdn} = mkVirtualHost { ${fqdn} = mkVirtualHost {
inherit port; inherit port;
ssl = cfg.reverseProxy.forceSSL; ssl = cfg.reverseProxy.forceSSL;
}; };
}; };
}; };
};
} }

6
modules/nixos/radicale/default.nix
View file

@ -7,8 +7,8 @@
let let
cfg = config.services.radicale; cfg = config.services.radicale;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
port = 5232; port = 5232;
@ -63,7 +63,7 @@ in
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
"${fqdn}" = { "${fqdn}" = {
forceSSL = cfg.reverseProxy.forceSSL; inherit (cfg.reverseProxy) forceSSL;
enableACME = cfg.reverseProxy.forceSSL; enableACME = cfg.reverseProxy.forceSSL;
locations = { locations = {
"/" = { "/" = {

6
modules/nixos/rss-bridge/default.nix
View file

@ -2,8 +2,8 @@
let let
cfg = config.services.rss-bridge; cfg = config.services.rss-bridge;
domain = config.networking.domain; inherit (config.networking) domain;
subdomain = cfg.reverseProxy.subdomain; inherit (cfg.reverseProxy) subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
inherit (lib) inherit (lib)
@ -33,7 +33,7 @@ in
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
"${fqdn}" = { "${fqdn}" = {
enableACME = cfg.reverseProxy.forceSSL; enableACME = cfg.reverseProxy.forceSSL;
forceSSL = cfg.reverseProxy.forceSSL; inherit (cfg.reverseProxy) forceSSL;
}; };
}; };
}; };

6
modules/nixos/tailscale/default.nix
View file

@ -56,8 +56,7 @@ in
config = config =
let let
defaultTailnets = filterAttrs (_: t: t.default) cfg.tailnets; defaultTailnets = filterAttrs (_: t: t.default) cfg.tailnets;
defaultTailnet = defaultTailnet = if defaultTailnets == { } then null else builtins.head (builtins.attrValues defaultTailnets);
if defaultTailnets == { } then null else builtins.head (builtins.attrValues defaultTailnets);
entries = mapAttrsToList (name: tcfg: '' entries = mapAttrsToList (name: tcfg: ''
TAILNETS["${name}"]="${tcfg.loginServer}|${if tcfg.enableSSH then "true" else "false"}|${ TAILNETS["${name}"]="${tcfg.loginServer}|${if tcfg.enableSSH then "true" else "false"}|${
@ -111,8 +110,7 @@ in
mkIf cfg.enable { mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = assertion = (builtins.length (builtins.attrValues (filterAttrs (_: t: t.default) cfg.tailnets))) <= 1;
(builtins.length (builtins.attrValues (filterAttrs (_: t: t.default) cfg.tailnets))) <= 1;
message = "services.tailscale.tailnets: Only one tailnet can be set as default."; message = "services.tailscale.tailnets: Only one tailnet can be set as default.";
} }
{ {

8
modules/nixos/virtualisation/default.nix
View file

@ -58,8 +58,9 @@ in
enable = mkDefault true; enable = mkDefault true;
onBoot = mkDefault "ignore"; onBoot = mkDefault "ignore";
onShutdown = mkDefault "shutdown"; onShutdown = mkDefault "shutdown";
qemu.runAsRoot = mkDefault false; qemu = {
qemu.verbatimConfig = '' runAsRoot = mkDefault false;
verbatimConfig = ''
clear_emulation_capabilities = ${boolToZeroOne cfg.libvirtd.clearEmulationCapabilities} clear_emulation_capabilities = ${boolToZeroOne cfg.libvirtd.clearEmulationCapabilities}
'' ''
+ optionalString (cfg.libvirtd.deviceACL != [ ]) '' + optionalString (cfg.libvirtd.deviceACL != [ ]) ''
@ -67,7 +68,8 @@ in
${aclString} ${aclString}
] ]
''; '';
qemu.swtpm.enable = mkDefault true; # TPM 2.0 swtpm.enable = mkDefault true; # TPM 2.0
};
}; };
spiceUSBRedirection.enable = mkDefault true; spiceUSBRedirection.enable = mkDefault true;
}; };

1
modules/nixos/virtualisation/iommu-groups.sh
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
shopt -s nullglob shopt -s nullglob
for d in /sys/kernel/iommu_groups/*/devices/*; do for d in /sys/kernel/iommu_groups/*/devices/*; do
n=${d#*/iommu_groups/*}; n=${n%%/*} n=${d#*/iommu_groups/*}; n=${n%%/*}

6
modules/nixos/virtualisation/kvmfr.nix
View file

@ -78,8 +78,7 @@ let
}; };
}; };
deviceType = ( deviceType = types.submodule (
types.submodule (
{ config, options, ... }: { config, options, ... }:
{ {
options = { options = {
@ -105,7 +104,6 @@ let
size = mkIf (config.resolution != null) (sizeFromResolution config.resolution); size = mkIf (config.resolution != null) (sizeFromResolution config.resolution);
}; };
} }
)
); );
inherit (lib) inherit (lib)
@ -144,7 +142,7 @@ in
''; '';
"modprobe.d/kvmfr.conf".text = '' "modprobe.d/kvmfr.conf".text = ''
options kvmfr static_size_mb=${concatStringsSep "," (map (size: toString size) deviceSizes)} options kvmfr static_size_mb=${concatStringsSep "," (map toString deviceSizes)}
''; '';
"apparmor.d/local/abstractions/libvirt-qemu" = mkIf config.security.apparmor.enable { "apparmor.d/local/abstractions/libvirt-qemu" = mkIf config.security.apparmor.enable {

4
modules/nixos/webPage/default.nix
View file

@ -2,7 +2,7 @@
let let
cfg = config.services.webPage; cfg = config.services.webPage;
domain = config.networking.domain; inherit (config.networking) domain;
fqdn = if (cfg.subdomain != "") then "${cfg.subdomain}.${domain}" else domain; fqdn = if (cfg.subdomain != "") then "${cfg.subdomain}.${domain}" else domain;
nginxUser = config.services.nginx.user; nginxUser = config.services.nginx.user;
@ -41,7 +41,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx.virtualHosts."${fqdn}" = { services.nginx.virtualHosts."${fqdn}" = {
enableACME = cfg.forceSSL; enableACME = cfg.forceSSL;
forceSSL = cfg.forceSSL; inherit (cfg) forceSSL;
root = cfg.webRoot; root = cfg.webRoot;
locations."/".index = "index.html"; locations."/".index = "index.html";
sslCertificate = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/cert.pem"; sslCertificate = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/cert.pem";

95
modules/nixos/windows-oci/default.nix
View file

@ -81,9 +81,53 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = [ "d ${cfg.volume} 0755 root podman -" ]; systemd = {
tmpfiles.rules = [ "d ${cfg.volume} 0755 root podman -" ];
virtualisation.podman = { services = {
"podman-windows" = {
serviceConfig = {
Restart = mkOverride 90 "always";
};
after = [
"podman-network-windows_default.service"
];
requires = [
"podman-network-windows_default.service"
];
partOf = [
"podman-compose-windows-root.target"
];
wantedBy = [
"podman-compose-windows-root.target"
];
};
"podman-network-windows_default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f windows_default";
};
script = ''
podman network inspect windows_default || podman network create windows_default
'';
partOf = [ "podman-compose-windows-root.target" ];
wantedBy = [ "podman-compose-windows-root.target" ];
};
};
targets."podman-compose-windows-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
virtualisation = {
podman = {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
dockerCompat = true; dockerCompat = true;
@ -92,12 +136,9 @@ in
}; };
}; };
# https://github.com/NixOS/nixpkgs/issues/226365 oci-containers = {
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; backend = "podman";
containers."windows" = {
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers."windows" = {
image = "dockurr/windows"; image = "dockurr/windows";
environment = with cfg.settings; { environment = with cfg.settings; {
"VERSION" = version; "VERSION" = version;
@ -106,7 +147,6 @@ in
"DISK_SIZE" = diskSize; "DISK_SIZE" = diskSize;
"USERNAME" = username; "USERNAME" = username;
"PASSWORD" = password; "PASSWORD" = password;
"LANGUAGE" = language;
"REGION" = region; "REGION" = region;
"KEYBOARD" = keyboard; "KEYBOARD" = keyboard;
}; };
@ -128,43 +168,10 @@ in
"--network=windows_default" "--network=windows_default"
]; ];
}; };
systemd.services."podman-windows" = {
serviceConfig = {
Restart = mkOverride 90 "always";
}; };
after = [
"podman-network-windows_default.service"
];
requires = [
"podman-network-windows_default.service"
];
partOf = [
"podman-compose-windows-root.target"
];
wantedBy = [
"podman-compose-windows-root.target"
];
}; };
systemd.services."podman-network-windows_default" = { # https://github.com/NixOS/nixpkgs/issues/226365
path = [ pkgs.podman ]; networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f windows_default";
};
script = ''
podman network inspect windows_default || podman network create windows_default
'';
partOf = [ "podman-compose-windows-root.target" ];
wantedBy = [ "podman-compose-windows-root.target" ];
};
systemd.targets."podman-compose-windows-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}; };
} }

36
modules/shared/common/nix.nix
View file

@ -14,10 +14,11 @@ let
; ;
in in
{ {
nix.package = mkDefault pkgs.nix; nix = {
package = mkDefault pkgs.nix;
# for `nix run synix#foo`, `nix build synix#bar`, etc # for `nix run synix#foo`, `nix build synix#bar`, etc
nix.registry = { registry = {
synix = { synix = {
from = { from = {
id = "synix"; id = "synix";
@ -32,13 +33,14 @@ in
}; };
}; };
nix.settings.warn-dirty = mkDefault false; settings = {
warn-dirty = mkDefault false;
# fallback quickly if substituters are not available. # fallback quickly if substituters are not available.
nix.settings.connect-timeout = mkDefault 5; connect-timeout = mkDefault 5;
nix.settings.fallback = true; fallback = true;
nix.settings.experimental-features = [ experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
] ]
@ -46,42 +48,44 @@ in
config.nix.package != null && versionOlder (versions.majorMinor config.nix.package.version) "2.22" config.nix.package != null && versionOlder (versions.majorMinor config.nix.package.version) "2.22"
) "repl-flake"; ) "repl-flake";
nix.settings.log-lines = mkDefault 25; log-lines = mkDefault 25;
# avoid disk full issues # avoid disk full issues
nix.settings.max-free = mkDefault (3000 * 1024 * 1024); max-free = mkDefault (3000 * 1024 * 1024);
nix.settings.min-free = mkDefault (512 * 1024 * 1024); min-free = mkDefault (512 * 1024 * 1024);
# avoid copying unnecessary stuff over SSH # avoid copying unnecessary stuff over SSH
nix.settings.builders-use-substitutes = true; builders-use-substitutes = true;
# workaround for https://github.com/NixOS/nix/issues/9574 # workaround for https://github.com/NixOS/nix/issues/9574
nix.settings.nix-path = config.nix.nixPath; nix-path = config.nix.nixPath;
nix.settings.download-buffer-size = 524288000; # 500 MiB download-buffer-size = 524288000; # 500 MiB
# add all wheel users to the trusted-users group # add all wheel users to the trusted-users group
nix.settings.trusted-users = [ trusted-users = [
"@wheel" "@wheel"
]; ];
# binary caches # binary caches
nix.settings.substituters = [ substituters = [
"https://cache.nixos.org" "https://cache.nixos.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.garnix.io" "https://cache.garnix.io"
"https://numtide.cachix.org" "https://numtide.cachix.org"
]; ];
nix.settings.trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
]; ];
};
nix.gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
};
} }

12
overlays/default.nix
View file

@ -9,11 +9,15 @@
modifications = final: prev: { modifications = final: prev: {
# https://github.com/NixOS/nixpkgs/issues/335003#issuecomment-2755803376 # https://github.com/NixOS/nixpkgs/issues/335003#issuecomment-2755803376
kicad = ( kicad = prev.kicad.override {
prev.kicad.override {
stable = true; stable = true;
} };
);
python312Packages = prev.python312Packages // {
arxiv = prev.python312Packages.arxiv.overridePythonAttrs (old: {
pythonRemoveDeps = (old.pythonRemoveDeps or [ ]) ++ [ "requests" ];
});
};
# bemenu is not a valid selector in v1.5.1 # bemenu is not a valid selector in v1.5.1
rofi-rbw-wayland = prev.rofi-rbw-wayland.overrideAttrs (oldAttrs: { rofi-rbw-wayland = prev.rofi-rbw-wayland.overrideAttrs (oldAttrs: {

14
pkgs/arxiv-mcp-server/default.nix
View file

@ -1,10 +1,13 @@
{ {
lib, lib,
python3, python312,
fetchPypi, fetchPypi,
}: }:
python3.pkgs.buildPythonApplication rec { let
python = python312;
in
python.pkgs.buildPythonApplication rec {
pname = "arxiv-mcp-server"; pname = "arxiv-mcp-server";
version = "0.5.0"; version = "0.5.0";
pyproject = true; pyproject = true;
@ -16,10 +19,10 @@ python3.pkgs.buildPythonApplication rec {
}; };
build-system = [ build-system = [
python3.pkgs.hatchling python.pkgs.hatchling
]; ];
dependencies = with python3.pkgs; [ dependencies = with python.pkgs; [
aiofiles aiofiles
aiohttp aiohttp
anyio anyio
@ -36,7 +39,7 @@ python3.pkgs.buildPythonApplication rec {
uvicorn uvicorn
]; ];
optional-dependencies = with python3.pkgs; { optional-dependencies = with python.pkgs; {
test = [ test = [
aioresponses aioresponses
pytest pytest
@ -48,6 +51,7 @@ python3.pkgs.buildPythonApplication rec {
pythonRemoveDeps = [ pythonRemoveDeps = [
"black" "black"
"mcp"
]; ];
pythonImportsCheck = [ pythonImportsCheck = [

4
pkgs/baibot/default.nix
View file

@ -20,9 +20,11 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-Fr1CvFocb/VAYQGykXXZ6CCfvC31bKB/tr1aoA4oIME="; hash = "sha256-Fr1CvFocb/VAYQGykXXZ6CCfvC31bKB/tr1aoA4oIME=";
}; };
useFetchCargoVendor = true;
cargoHash = "sha256-CNEkge585bzUUPMHCSJ1CAH5wx3Wttq9I3A3oqfBzis="; cargoHash = "sha256-CNEkge585bzUUPMHCSJ1CAH5wx3Wttq9I3A3oqfBzis=";
cargoBuildFlags = "--ignore-rust-version";
cargoTestFlags = "--ignore-rust-version";
nativeBuildInputs = [ nativeBuildInputs = [
pkg-config pkg-config
]; ];

4
pkgs/fetcher-mcp/default.nix
View file

@ -12,9 +12,7 @@
let let
revision = "1161"; revision = "1161";
chromium-headless-shell = chromium-headless-shell = playwright-driver.passthru.components."chromium-headless-shell".overrideAttrs (old: {
playwright-driver.passthru.components."chromium-headless-shell".overrideAttrs
(old: {
inherit revision; inherit revision;
}); });

1
pkgs/pass2bw/pass2bw.sh
View file

@ -1,3 +1,4 @@
#!/usr/bin/env bash
if [ "$#" -ne 2 ]; then if [ "$#" -ne 2 ]; then
echo "Usage: $0 <pass_storepath> <output_csv>" echo "Usage: $0 <pass_storepath> <output_csv>"
exit 1 exit 1

5
templates/container/.gitignore vendored Normal file
View file

@ -0,0 +1,5 @@
.direnv/
.envrc
.pre-commit-config.yaml
result
target

64
templates/container/flake.nix
View file

@ -2,10 +2,10 @@
description = "Container NixOS configurations"; description = "Container NixOS configurations";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs"; synix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
@ -17,42 +17,62 @@
let let
inherit (self) outputs; inherit (self) outputs;
system = "x86_64-linux"; systems = [
"x86_64-linux"
];
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { });
inherit (lib.helpers) mkPkgs;
forAllSystems =
function:
lib.genAttrs systems (
system:
function (mkPkgs {
inherit system;
})
);
mkNixosConfiguration =
system: modules:
nixpkgs.lib.nixosSystem {
inherit system modules;
specialArgs = {
inherit inputs outputs lib;
};
};
in in
{ {
packages = packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; });
let
pkgs = nixpkgs.legacyPackages.${system};
in
import ./pkgs { inherit pkgs; };
overlays = import ./overlays { inherit (self) inputs; }; overlays = import ./overlays { inherit (self) inputs; };
devShells = devShells = forAllSystems (pkgs: {
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = pkgs.mkShell { default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
nixos-container nixos-container
tmux tmux
]; ];
}; };
}; });
nixosModules = import ./modules; nixosModules = import ./modules;
nixosConfigurations = { nixosConfigurations = {
container = nixpkgs.lib.nixosSystem { container = mkNixosConfiguration "x86_64-linux" [ ./config ];
inherit system;
modules = [ ./config ];
specialArgs = {
inherit inputs outputs lib;
};
};
}; };
checks = forAllSystems (
pkgs:
let
inherit (pkgs.stdenv.hostPlatform) system;
in
{
inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications;
}
);
inherit (inputs.synix) formatter;
}; };
} }

1
templates/dev/c-hello/.envrc
View file

@ -1 +1,2 @@
# shellcheck shell=bash
use flake use flake

7
templates/dev/c-hello/.github/workflows/c-nix.yml vendored
View file

@ -1,10 +1,7 @@
---
name: C Nix Pipeline name: C Nix Pipeline
on: on: # yamllint disable-line
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs: jobs:
build-and-test: build-and-test:

1
templates/dev/c-hello/build.sh
View file

@ -1,2 +1,3 @@
#!/usr/bin/env bash
make clean make clean
bear --output build/compile_commands.json -- make all bear --output build/compile_commands.json -- make all

2
templates/dev/c-hello/flake.nix
View file

@ -81,7 +81,7 @@
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config; inherit (self.checks.${system}.pre-commit-check) config;
inherit (config) package configFile; inherit (config) package configFile;
script = '' script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile} ${pkgs.lib.getExe package} run --all-files --config ${configFile}

1
templates/dev/esp-blink/.envrc
View file

@ -1 +1,2 @@
# shellcheck shell=bash
use flake use flake

4
templates/dev/esp-blink/flake.nix
View file

@ -56,7 +56,7 @@
pkgs = nixpkgsFor.${system}; pkgs = nixpkgsFor.${system};
in in
{ {
default = esp.devShells."${system}".default; inherit (esp.devShells."${system}") default;
} }
); );
@ -64,7 +64,7 @@
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config; inherit (self.checks.${system}.pre-commit-check) config;
inherit (config) package configFile; inherit (config) package configFile;
script = '' script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile} ${pkgs.lib.getExe package} run --all-files --config ${configFile}

1
templates/dev/esp-blink/main/idf_component.yml
View file

@ -1,2 +1,3 @@
---
dependencies: dependencies:
espressif/led_strip: "^3.0.0" espressif/led_strip: "^3.0.0"

1
templates/dev/flask-hello/.envrc
View file

@ -1 +1,2 @@
# shellcheck shell=bash
use flake use flake

7
templates/dev/flask-hello/.github/workflows/python-nix.yml vendored
View file

@ -1,10 +1,7 @@
---
name: Python Nix Pipeline name: Python Nix Pipeline
on: on: # yamllint disable-line
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs: jobs:
build-and-test: build-and-test:

2
templates/dev/flask-hello/flake.nix
View file

@ -54,7 +54,7 @@
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config; inherit (self.checks.${system}.pre-commit-check) config;
inherit (config) package configFile; inherit (config) package configFile;
script = '' script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile} ${pkgs.lib.getExe package} run --all-files --config ${configFile}

4
templates/dev/flask-hello/nix/module.nix
View file

@ -8,7 +8,7 @@
let let
cfg = config.services.flask_hello; cfg = config.services.flask_hello;
domain = config.networking.domain; inherit (config.networking) domain;
fqdn = if (cfg.nginx.subdomain != "") then "${cfg.nginx.subdomain}.${domain}" else domain; fqdn = if (cfg.nginx.subdomain != "") then "${cfg.nginx.subdomain}.${domain}" else domain;
python-with-packages = pkgs.python3.withPackages ( python-with-packages = pkgs.python3.withPackages (
@ -109,7 +109,7 @@ in
users.users."${cfg.user}" = { users.users."${cfg.user}" = {
home = "/var/lib/${cfg.user}"; home = "/var/lib/${cfg.user}";
isSystemUser = true; isSystemUser = true;
group = cfg.group; inherit (cfg) group;
}; };
users.groups."${cfg.group}" = { }; users.groups."${cfg.group}" = { };

7
templates/dev/py-hello/.github/workflows/python-nix.yml vendored
View file

@ -1,10 +1,7 @@
---
name: Python Nix Pipeline name: Python Nix Pipeline
on: on: # yamllint disable-line
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs: jobs:
build-and-test: build-and-test:

2
templates/dev/py-hello/flake.nix
View file

@ -105,7 +105,7 @@
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config; inherit (self.checks.${system}.pre-commit-check) config;
inherit (config) package configFile; inherit (config) package configFile;
script = '' script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile} ${pkgs.lib.getExe package} run --all-files --config ${configFile}

7
templates/dev/rs-hello/.github/workflows/rust-nix.yml vendored
View file

@ -1,10 +1,7 @@
---
name: Rust Nix Pipeline name: Rust Nix Pipeline
on: on: # yamllint disable-line
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs: jobs:
build-and-test: build-and-test:

2
templates/dev/rs-hello/flake.nix
View file

@ -76,7 +76,7 @@
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config; inherit (self.checks.${system}.pre-commit-check) config;
inherit (config) package configFile; inherit (config) package configFile;
script = '' script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile} ${pkgs.lib.getExe package} run --all-files --config ${configFile}

1
templates/dev/stm32-blink/.envrc
View file

@ -1 +1,2 @@
# shellcheck shell=bash
use flake use flake

1
templates/microvm/.envrc
View file

@ -1 +1,2 @@
# shellcheck shell=bash
use flake use flake

67
templates/microvm/flake.nix
View file

@ -2,13 +2,13 @@
description = "MicroVM NixOS configurations"; description = "MicroVM NixOS configurations";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
microvm.url = "github:microvm-nix/microvm.nix"; microvm.url = "github:microvm-nix/microvm.nix";
microvm.inputs.nixpkgs.follows = "nixpkgs"; microvm.inputs.nixpkgs.follows = "nixpkgs";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs"; synix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
@ -20,20 +20,22 @@
let let
inherit (self) outputs; inherit (self) outputs;
supportedSystems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux"
]; ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { });
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); inherit (lib.helpers) mkPkgs;
mkApp = program: description: { forAllSystems =
type = "app"; function:
inherit program; lib.genAttrs systems (
meta.description = description; system:
}; function (mkPkgs {
inherit system;
})
);
mkNixosConfiguration = mkNixosConfiguration =
system: modules: system: modules:
@ -43,13 +45,20 @@
inherit inputs outputs lib; inherit inputs outputs lib;
}; };
}; };
mkApp = program: description: {
type = "app";
inherit program;
meta.description = description;
};
in in
{ {
apps = forAllSystems ( apps = forAllSystems (
system: pkgs:
let let
microvm = self.nixosConfigurations."microvm-${system}".config.microvm; inherit (pkgs.stdenv.hostPlatform) system;
inherit (nixpkgs.lib) getExe; inherit (self.nixosConfigurations."microvm-${system}".config) microvm;
inherit (pkgs.lib) getExe;
in in
{ {
rebuild = mkApp (getExe microvm.deploy.rebuild) "Rebuild the VM."; rebuild = mkApp (getExe microvm.deploy.rebuild) "Rebuild the VM.";
@ -57,22 +66,11 @@
} }
); );
packages = forAllSystems ( packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; });
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
import ./pkgs { inherit pkgs; }
);
overlays = import ./overlays { inherit (self) inputs; }; overlays = import ./overlays { inherit (self) inputs; };
devShells = forAllSystems ( devShells = forAllSystems (pkgs: {
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = pkgs.mkShell { default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
tmux tmux
@ -83,8 +81,7 @@
# export SSH_ASKPASS="pass <SUDO_BUILD_HOST_PASSWORD>" # export SSH_ASKPASS="pass <SUDO_BUILD_HOST_PASSWORD>"
# export SSH_ASKPASS_REQUIRE="force" # export SSH_ASKPASS_REQUIRE="force"
# ''; # '';
} });
);
nixosModules = import ./modules; nixosModules = import ./modules;
@ -92,5 +89,17 @@
microvm-x86_64-linux = mkNixosConfiguration "x86_64-linux" [ ./config ]; microvm-x86_64-linux = mkNixosConfiguration "x86_64-linux" [ ./config ];
microvm-aarch64-linux = mkNixosConfiguration "aarch64-linux" [ ./config ]; microvm-aarch64-linux = mkNixosConfiguration "aarch64-linux" [ ./config ];
}; };
checks = forAllSystems (
pkgs:
let
inherit (pkgs.stdenv.hostPlatform) system;
in
{
inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications;
}
);
inherit (inputs.synix) formatter;
}; };
} }

5
templates/nix-configs/hetzner-amd/.gitignore vendored Normal file
View file

@ -0,0 +1,5 @@
.direnv/
.envrc
.pre-commit-config.yaml
result
target

60
templates/nix-configs/hetzner-amd/flake.nix
View file

@ -5,10 +5,7 @@
nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs"; synix.inputs.nixpkgs.follows = "nixpkgs";
git-hooks.url = "github:cachix/git-hooks.nix";
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
@ -20,14 +17,22 @@
let let
inherit (self) outputs; inherit (self) outputs;
supportedSystems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux"
]; ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { });
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); inherit (lib.helpers) mkPkgs;
forAllSystems =
function:
lib.genAttrs systems (
system:
function (mkPkgs {
inherit system;
})
);
mkNixosConfiguration = mkNixosConfiguration =
system: modules: system: modules:
@ -39,7 +44,7 @@
}; };
in in
{ {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; });
overlays = import ./overlays { inherit inputs; }; overlays = import ./overlays { inherit inputs; };
@ -49,41 +54,26 @@
HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ];
}; };
formatter = forAllSystems ( devShells = forAllSystems (
system: pkgs:
let let
pkgs = nixpkgs.legacyPackages.${system}; inherit (pkgs.stdenv.hostPlatform) system;
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in in
pkgs.writeShellScriptBin "pre-commit-run" script {
default = inputs.synix.devShells.${system}.nix-config;
}
); );
checks = forAllSystems ( checks = forAllSystems (
system: pkgs:
let let
pkgs = nixpkgs.legacyPackages.${system}; inherit (pkgs.stdenv.hostPlatform) system;
flakePkgs = self.packages.${system};
overlaidPkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.modifications ];
};
in in
{ {
pre-commit-check = inputs.git-hooks.lib.${system}.run { inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications;
src = ./.;
hooks = {
nixfmt.enable = true;
};
};
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
build-overlays = pkgs.linkFarm "flake-overlays-${system}" {
# package = overlaidPkgs.package;
};
} }
); );
inherit (inputs.synix) formatter;
}; };
} }

10
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/hardware.nix
View file

@ -11,7 +11,8 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot = {
initrd.availableKernelModules = [
"ahci" "ahci"
"nvme" "nvme"
"sd_mod" "sd_mod"
@ -22,9 +23,10 @@
"virtio_scsi" "virtio_scsi"
"xhci_pci" "xhci_pci"
]; ];
boot.initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
boot.kernelModules = [ ]; kernelModules = [ ];
boot.extraModulePackages = [ ]; extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/ROOT"; device = "/dev/disk/by-label/ROOT";

5
templates/nix-configs/hyprland/.gitignore vendored Normal file
View file

@ -0,0 +1,5 @@
.direnv/
.envrc
.pre-commit-config.yaml
result
target

103
templates/nix-configs/hyprland/flake.nix
View file

@ -5,7 +5,7 @@
nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs"; synix.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
@ -18,29 +18,33 @@
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
stylix.inputs.nixpkgs.follows = "nixpkgs"; stylix.inputs.nixpkgs.follows = "nixpkgs";
git-hooks.url = "github:cachix/git-hooks.nix";
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
{ {
self, self,
nixpkgs, nixpkgs,
home-manager,
... ...
}@inputs: }@inputs:
let let
inherit (self) outputs; inherit (self) outputs;
supportedSystems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux"
]; ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; lib = nixpkgs.lib.extend (_final: _prev: inputs.synix.lib or { });
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); inherit (lib.helpers) mkPkgs;
forAllSystems =
function:
lib.genAttrs systems (
system:
function (mkPkgs {
inherit system;
})
);
mkNixosConfiguration = mkNixosConfiguration =
system: modules: system: modules:
@ -50,76 +54,53 @@
inherit inputs outputs lib; inherit inputs outputs lib;
}; };
}; };
in
{
devShells = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = import ./shell.nix { inherit pkgs; };
}
);
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); mkHomeConfiguration =
system: modules:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = mkPkgs { inherit system; };
modules = [ ./users/USERNAME/home ] ++ modules;
extraSpecialArgs = {
inherit inputs outputs;
};
};
in
{
packages = forAllSystems (pkgs: import ./pkgs { inherit pkgs; });
overlays = import ./overlays { inherit inputs; }; overlays = import ./overlays { inherit inputs; };
nixosModules = import ./modules/nixos; nixosModules = import ./modules/nixos;
homeModules = import ./modules/home;
devShells = forAllSystems (
pkgs:
let
inherit (pkgs.stdenv.hostPlatform) system;
in
{
default = inputs.synix.devShells.${system}.nix-config;
}
);
nixosConfigurations = { nixosConfigurations = {
HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ]; HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ];
}; };
homeConfigurations = { homeConfigurations = {
"USERNAME@HOSTNAME" = home-manager.lib.homeManagerConfiguration { "USERNAME@HOSTNAME" = mkHomeConfiguration "x86_64-linux" [ ./users/USERNAME/home/hosts/HOSTNAME ];
pkgs = nixpkgs.legacyPackages.x86_64-linux; # FIXME: Set architecture
extraSpecialArgs = {
inherit inputs outputs;
}; };
modules = [
./users/USERNAME/home
./users/USERNAME/home/hosts/HOSTNAME
];
};
};
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems ( checks = forAllSystems (
system: pkgs:
let let
pkgs = nixpkgs.legacyPackages.${system}; inherit (pkgs.stdenv.hostPlatform) system;
flakePkgs = self.packages.${system};
overlaidPkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.modifications ];
};
in in
{ {
pre-commit-check = inputs.git-hooks.lib.${system}.run { inherit (inputs.synix.checks.${system}) pre-commit-check build-additions build-modifications;
src = ./.;
hooks = {
nixfmt.enable = true;
};
};
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
build-overlays = pkgs.linkFarm "flake-overlays-${system}" {
# package = overlaidPkgs.package;
};
} }
); );
inherit (inputs.synix) formatter;
}; };
} }

10
templates/nix-configs/hyprland/hosts/HOSTNAME/hardware.nix
View file

@ -11,7 +11,8 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot = {
initrd.availableKernelModules = [
"ahci" "ahci"
"nvme" "nvme"
"sd_mod" "sd_mod"
@ -22,9 +23,10 @@
"virtio_scsi" "virtio_scsi"
"xhci_pci" "xhci_pci"
]; ];
boot.initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
boot.kernelModules = [ ]; kernelModules = [ ];
boot.extraModulePackages = [ ]; extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/ROOT"; device = "/dev/disk/by-label/ROOT";

Some files were not shown because too many files have changed in this diff Show more