starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-01-11 22:30:25 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: format via 'ls **/*.nix | each { |it| nixfmt $it.name }'

Browse Source
This commit is contained in:
Ryan Yin
2025-07-30 12:17:24 +08:00
parent d10b30b06b
commit 13bb77108c
219 changed files with 2103 additions and 1728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hardening/apparmor/default.nix
View File

@@ -2,7 +2,8 @@
config,
pkgs,
...
}: {
}:
{
services.dbus.apparmor = "enabled";
security.apparmor = {
enable = true;

2
hardening/bwraps/default.nix
View File

@@ -2,7 +2,7 @@
nixpkgs.overlays = [
(_: super: {
bwraps = {
wechat = super.callPackage ./wechat.nix {};
wechat = super.callPackage ./wechat.nix { };
};
})
];

99
hardening/bwraps/wechat.nix
View File

@@ -10,7 +10,8 @@
appimageTools,
fetchurl,
stdenvNoCC,
}: let
}:
let
pname = "wechat";
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/we/wechat/package.nix
sources = {
@@ -41,58 +42,58 @@
'';
};
in
appimageTools.wrapAppImage {
inherit pname version;
appimageTools.wrapAppImage {
inherit pname version;
src = appimageContents;
src = appimageContents;
extraInstallCommands = ''
mkdir -p $out/share/applications
cp ${appimageContents}/wechat.desktop $out/share/applications/
mkdir -p $out/share/pixmaps
cp ${appimageContents}/wechat.png $out/share/pixmaps/
extraInstallCommands = ''
mkdir -p $out/share/applications
cp ${appimageContents}/wechat.desktop $out/share/applications/
mkdir -p $out/share/pixmaps
cp ${appimageContents}/wechat.png $out/share/pixmaps/
substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
'';
substituteInPlace $out/share/applications/wechat.desktop --replace-fail AppRun wechat
'';
# Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
# Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
extraPreBwrapCmds = ''
XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
exit 1
fi
# Add these root paths to FHS sandbox to prevent WeChat from accessing them by default
# Adapted from https://aur.archlinux.org/cgit/aur.git/tree/wechat-universal.sh?h=wechat-universal-bwrap
extraPreBwrapCmds = ''
XDG_DOCUMENTS_DIR="''${XDG_DOCUMENTS_DIR:-$(xdg-user-dir DOCUMENTS)}"
if [[ -z "''${XDG_DOCUMENTS_DIR}" ]]; then
echo 'Error: Failed to get XDG_DOCUMENTS_DIR, refuse to continue'
exit 1
fi
WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
WECHAT_DATA_DIR="''${XDG_DOCUMENTS_DIR}/WeChat_Data"
# Using ''${WECHAT_DATA_DIR} as Wechat Data folder
WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
# Using ''${WECHAT_DATA_DIR} as Wechat Data folder
WECHAT_HOME_DIR="''${WECHAT_DATA_DIR}/home"
WECHAT_FILES_DIR="''${WECHAT_DATA_DIR}/xwechat_files"
mkdir -p "''${WECHAT_FILES_DIR}"
mkdir -p "''${WECHAT_HOME_DIR}"
ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
'';
extraBwrapArgs = [
"--tmpfs /home"
"--tmpfs /root"
# format: --bind <host-path> <sandbox-path>
"--bind \${WECHAT_HOME_DIR} \${HOME}"
"--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
"--chdir \${HOME}"
# wechat-universal only supports xcb
"--setenv QT_QPA_PLATFORM xcb"
"--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
# use fcitx as IME
"--setenv QT_IM_MODULE fcitx"
"--setenv GTK_IM_MODULE fcitx"
];
chdirToPwd = false;
unshareNet = false;
unshareIpc = true;
unsharePid = true;
unshareUts = true;
unshareCgroup = true;
privateTmp = true;
}
mkdir -p "''${WECHAT_FILES_DIR}"
mkdir -p "''${WECHAT_HOME_DIR}"
ln -snf "''${WECHAT_FILES_DIR}" "''${WECHAT_HOME_DIR}/xwechat_files"
'';
extraBwrapArgs = [
"--tmpfs /home"
"--tmpfs /root"
# format: --bind <host-path> <sandbox-path>
"--bind \${WECHAT_HOME_DIR} \${HOME}"
"--bind \${WECHAT_FILES_DIR} \${WECHAT_FILES_DIR}"
"--chdir \${HOME}"
# wechat-universal only supports xcb
"--setenv QT_QPA_PLATFORM xcb"
"--setenv QT_AUTO_SCREEN_SCALE_FACTOR 1"
# use fcitx as IME
"--setenv QT_IM_MODULE fcitx"
"--setenv GTK_IM_MODULE fcitx"
];
chdirToPwd = false;
unshareNet = false;
unshareIpc = true;
unsharePid = true;
unshareUts = true;
unshareCgroup = true;
privateTmp = true;
}

12
hardening/nixpaks/default.nix
View File

@@ -2,7 +2,8 @@
pkgs,
nixpak,
...
}: let
}:
let
callArgs = {
mkNixPak = nixpak.lib.nixpak {
inherit (pkgs) lib;
@@ -14,19 +15,20 @@
];
};
wrapper = _pkgs: path: (_pkgs.callPackage path callArgs).config.script;
in {
in
{
# Add nixpaked Apps into nixpkgs, and reference them in home-manager or other nixos modules
nixpkgs.overlays = [
(_: super: {
nixpaks = {
qq = wrapper super ./qq.nix;
qq-desktop-item = super.callPackage ./qq-desktop-item.nix {};
qq-desktop-item = super.callPackage ./qq-desktop-item.nix { };
wechat = wrapper super ./wechat.nix;
wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix {};
wechat-desktop-item = super.callPackage ./wechat-desktop-item.nix { };
firefox = wrapper super ./firefox.nix;
firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix {};
firefox-desktop-item = super.callPackage ./firefox-desktop-item.nix { };
};
})
];

4
hardening/nixpaks/firefox-desktop-item.nix
View File

@@ -1,4 +1,4 @@
{makeDesktopItem}:
{ makeDesktopItem }:
makeDesktopItem {
name = "firefox";
desktopName = "firefox";
@@ -6,6 +6,6 @@ makeDesktopItem {
terminal = false;
icon = "firefox";
type = "Application";
categories = ["Network"];
categories = [ "Network" ];
comment = "firefox boxed";
}

135
hardening/nixpaks/firefox.nix
View File

@@ -10,74 +10,79 @@
...
}:
mkNixPak {
config = {
config,
sloth,
...
}: {
app = {
package = pkgs.firefox-wayland;
binPath = "bin/firefox";
};
flatpak.appId = "org.mozilla.firefox";
config =
{
config,
sloth,
...
}:
{
app = {
package = pkgs.firefox-wayland;
binPath = "bin/firefox";
};
flatpak.appId = "org.mozilla.firefox";
imports = [
./modules/gui-base.nix
./modules/network.nix
];
# list all dbus services:
# ls -al /run/current-system/sw/share/dbus-1/services/
# ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
dbus.policies = {
"org.mozilla.firefox.*" = "own"; # firefox
"org.mozilla.firefox_beta.*" = "own"; # firefox beta
"org.mpris.MediaPlayer2.firefox.*" = "own";
"org.freedesktop.NetworkManager" = "talk";
"org.gnome.Shell.Screencast" = "talk";
# System tray icon
"org.freedesktop.Notifications" = "talk";
"org.kde.StatusNotifierWatcher" = "talk";
# File Manager
"org.freedesktop.FileManager1" = "talk";
# Uses legacy StatusNotifier implementation
"org.kde.*" = "own";
};
bubblewrap = {
# To trace all the home files QQ accesses, you can use the following nushell command:
# just trace-access firefox
# See the Justfile in the root of this repository for more information.
bind.rw = [
# given the read write permission to the following directories.
# NOTE: sloth.mkdir is used to create the directory if it does not exist!
(sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
sloth.xdgDocumentsDir
sloth.xdgDownloadDir
sloth.xdgMusicDir
sloth.xdgVideosDir
];
bind.ro = [
"/sys/bus/pci"
["${config.app.package}/lib/firefox" "/app/etc/firefox"]
# ================ for browserpass extension ===============================
"/etc/gnupg"
(sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
(sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
(sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
# Unsure
(sloth.concat' sloth.xdgConfigHome "/dconf")
imports = [
./modules/gui-base.nix
./modules/network.nix
];
sockets = {
x11 = false;
wayland = true;
pipewire = true;
# list all dbus services:
# ls -al /run/current-system/sw/share/dbus-1/services/
# ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
dbus.policies = {
"org.mozilla.firefox.*" = "own"; # firefox
"org.mozilla.firefox_beta.*" = "own"; # firefox beta
"org.mpris.MediaPlayer2.firefox.*" = "own";
"org.freedesktop.NetworkManager" = "talk";
"org.gnome.Shell.Screencast" = "talk";
# System tray icon
"org.freedesktop.Notifications" = "talk";
"org.kde.StatusNotifierWatcher" = "talk";
# File Manager
"org.freedesktop.FileManager1" = "talk";
# Uses legacy StatusNotifier implementation
"org.kde.*" = "own";
};
bubblewrap = {
# To trace all the home files QQ accesses, you can use the following nushell command:
# just trace-access firefox
# See the Justfile in the root of this repository for more information.
bind.rw = [
# given the read write permission to the following directories.
# NOTE: sloth.mkdir is used to create the directory if it does not exist!
(sloth.mkdir (sloth.concat' sloth.homeDir "/.mozilla"))
sloth.xdgDocumentsDir
sloth.xdgDownloadDir
sloth.xdgMusicDir
sloth.xdgVideosDir
];
bind.ro = [
"/sys/bus/pci"
[
"${config.app.package}/lib/firefox"
"/app/etc/firefox"
]
# ================ for browserpass extension ===============================
"/etc/gnupg"
(sloth.concat' sloth.homeDir "/.gnupg") # gpg's config
(sloth.concat' sloth.homeDir "/.local/share/password-store") # my secrets
(sloth.concat' sloth.runtimeDir "/gnupg") # for access gpg-agent socket
# Unsure
(sloth.concat' sloth.xdgConfigHome "/dconf")
];
sockets = {
x11 = false;
wayland = true;
pipewire = true;
};
};
};
};
}

28
hardening/nixpaks/modules/gui-base.nix
View File

@@ -5,12 +5,14 @@
pkgs,
sloth,
...
}: let
}:
let
envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
# cursor & icon's theme should be the same as the host's one.
cursorTheme = pkgs.bibata-cursors;
iconTheme = pkgs.papirus-icon-theme;
in {
in
{
config = {
dbus.policies = {
"${config.flatpak.appId}" = "own";
@@ -89,15 +91,19 @@ in {
];
env = {
XDG_DATA_DIRS = lib.mkForce (lib.makeSearchPath "share" [
iconTheme
cursorTheme
pkgs.shared-mime-info
]);
XCURSOR_PATH = lib.mkForce (lib.concatStringsSep ":" [
"${cursorTheme}/share/icons"
"${cursorTheme}/share/pixmaps"
]);
XDG_DATA_DIRS = lib.mkForce (
lib.makeSearchPath "share" [
iconTheme
cursorTheme
pkgs.shared-mime-info
]
);
XCURSOR_PATH = lib.mkForce (
lib.concatStringsSep ":" [
"${cursorTheme}/share/icons"
"${cursorTheme}/share/pixmaps"
]
);
};
};
};

2
hardening/nixpaks/modules/network.nix
View File

@@ -2,7 +2,7 @@
{
etc.sslCertificates.enable = true;
bubblewrap = {
bind.ro = ["/etc/resolv.conf"];
bind.ro = [ "/etc/resolv.conf" ];
network = true;
};
}

2
hardening/nixpaks/qq-desktop-item.nix
View File

@@ -12,6 +12,6 @@ makeDesktopItem {
# tree $"($p)/share/icons"
icon = "${qq}/share/icons/hicolor/512x512/apps/qq.png";
type = "Application";
categories = ["Network"];
categories = [ "Network" ];
comment = "QQ boxed";
}

95
hardening/nixpaks/qq.nix
View File

@@ -10,53 +10,60 @@
...
}:
mkNixPak {
config = {sloth, ...}: {
app = {
package = pkgs.qq.override {
# fix fcitx5 input method
commandLineArgs = lib.concatStringsSep " " ["--enable-wayland-ime"];
config =
{ sloth, ... }:
{
app = {
package = pkgs.qq.override {
# fix fcitx5 input method
commandLineArgs = lib.concatStringsSep " " [ "--enable-wayland-ime" ];
};
binPath = "bin/qq";
};
binPath = "bin/qq";
};
flatpak.appId = "com.tencent.qq";
flatpak.appId = "com.tencent.qq";
imports = [
./modules/gui-base.nix
./modules/network.nix
];
# list all dbus services:
# ls -al /run/current-system/sw/share/dbus-1/services/
# ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
dbus.policies = {
"org.gnome.Shell.Screencast" = "talk";
# System tray icon
"org.freedesktop.Notifications" = "talk";
"org.kde.StatusNotifierWatcher" = "talk";
# File Manager
"org.freedesktop.FileManager1" = "talk";
# Uses legacy StatusNotifier implementation
"org.kde.*" = "own";
};
bubblewrap = {
# To trace all the home files QQ accesses, you can use the following nushell command:
# just trace-access qq
# See the Justfile in the root of this repository for more information.
bind.rw = [
# given the read write permission to the following directories.
# NOTE: sloth.mkdir is used to create the directory if it does not exist!
(sloth.mkdir (sloth.concat [sloth.xdgConfigHome "/QQ"]))
sloth.xdgDocumentsDir
sloth.xdgDownloadDir
sloth.xdgMusicDir
sloth.xdgVideosDir
imports = [
./modules/gui-base.nix
./modules/network.nix
];
sockets = {
x11 = false;
wayland = true;
pipewire = true;
# list all dbus services:
# ls -al /run/current-system/sw/share/dbus-1/services/
# ls -al /etc/profiles/per-user/ryan/share/dbus-1/services/
dbus.policies = {
"org.gnome.Shell.Screencast" = "talk";
# System tray icon
"org.freedesktop.Notifications" = "talk";
"org.kde.StatusNotifierWatcher" = "talk";
# File Manager
"org.freedesktop.FileManager1" = "talk";
# Uses legacy StatusNotifier implementation
"org.kde.*" = "own";
};
bubblewrap = {
# To trace all the home files QQ accesses, you can use the following nushell command:
# just trace-access qq
# See the Justfile in the root of this repository for more information.
bind.rw = [
# given the read write permission to the following directories.
# NOTE: sloth.mkdir is used to create the directory if it does not exist!
(sloth.mkdir (
sloth.concat [
sloth.xdgConfigHome
"/QQ"
]
))
sloth.xdgDocumentsDir
sloth.xdgDownloadDir
sloth.xdgMusicDir
sloth.xdgVideosDir
];
sockets = {
x11 = false;
wayland = true;
pipewire = true;
};
};
};
};
}

3
hardening/profiles/default.nix
View File

@@ -1,4 +1,5 @@
{modulesPath, ...}: {
{ modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/hardened.nix")
];

5
home/base/core/core.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = with pkgs; [
# Misc
cowsay
@@ -12,7 +13,7 @@
# search for files by name, faster than find
fd
# search for files by its content, replacement of grep
(ripgrep.override {withPCRE2 = true;})
(ripgrep.override { withPCRE2 = true; })
# A fast and polyglot tool for code searching, linting, rewriting at large scale
# supported languages: only some mainstream languages currently(do not support nix/nginx/yaml/toml/...)

3
home/base/core/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
home/base/core/editors/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
home/base/core/editors/helix/default.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.helix = {
enable = true;
};

3
home/base/core/editors/neovim/default.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs = {
neovim = {
enable = true;

5
home/base/core/git.nix
View File

@@ -4,12 +4,13 @@
pkgs,
myvars,
...
}: {
}:
{
# `programs.git` will generate the config file: ~/.config/git/config
# to make git use this config file, `~/.gitconfig` should not exist!
#
# https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
rm -f ${config.home.homeDirectory}/.gitconfig
'';

3
home/base/core/npm.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
# make `npm install -g <pkg>` happey
#
# mainly used to install npm packages that updates frequently

6
home/base/core/shells/default.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: let
{ config, ... }:
let
shellAliases = {
k = "kubectl";
@@ -10,7 +11,8 @@
goBin = "${config.home.homeDirectory}/go/bin";
rustBin = "${config.home.homeDirectory}/.cargo/bin";
npmBin = "${config.home.homeDirectory}/.npm/bin";
in {
in
{
programs.bash = {
enable = true;
enableCompletion = true;

3
home/base/core/theme.nix
View File

@@ -1,4 +1,5 @@
{catppuccin, ...}: {
{ catppuccin, ... }:
{
# https://github.com/catppuccin/nix
imports = [
catppuccin.homeModules.catppuccin

3
home/base/core/yazi.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
# terminal file manager
programs.yazi = {
enable = true;

3
home/base/core/zellij/default.nix
View File

@@ -2,7 +2,8 @@ let
shellAliases = {
"zj" = "zellij";
};
in {
in
{
programs.zellij = {
enable = true;
};

3
home/base/gui/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

6
home/base/gui/dev-tools.nix
View File

@@ -1,5 +1,7 @@
{pkgs, ...}: {
home.packages = with pkgs;
{ pkgs, ... }:
{
home.packages =
with pkgs;
[
mitmproxy # http/https proxy tool
wireshark # network analyzer

5
home/base/gui/terminal/alacritty/default.nix
View File

@@ -52,10 +52,7 @@
bold_italic = {
family = "Maple Mono NF CN";
};
size =
if pkgs.stdenv.isDarwin
then 14
else 13;
size = if pkgs.stdenv.isDarwin then 14 else 13;
};
terminal = {
# Spawn a nushell in login mode via `bash`

3
home/base/gui/terminal/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
home/base/gui/terminal/foot.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.foot = {
# foot is designed only for Linux
enable = pkgs.stdenv.isLinux;

7
home/base/gui/terminal/ghostty.nix
View File

@@ -12,9 +12,10 @@
programs.ghostty = {
enable = true;
package =
if pkgs.stdenv.isDarwin
then pkgs.hello # pkgs.ghostty is currently broken on darwin
else pkgs.ghostty; # the stable version
if pkgs.stdenv.isDarwin then
pkgs.hello # pkgs.ghostty is currently broken on darwin
else
pkgs.ghostty; # the stable version
# package = ghostty.packages.${pkgs.system}.default; # the latest version
enableBashIntegration = false;
installBatSyntax = false;

7
home/base/gui/terminal/kitty.nix
View File

@@ -19,10 +19,7 @@
font = {
name = "Maple Mono NF CN";
# use different font size on macOS
size =
if pkgs.stdenv.isDarwin
then 14
else 13;
size = if pkgs.stdenv.isDarwin then 14 else 13;
};
# consistent with other terminal emulators
@@ -48,6 +45,6 @@
};
# macOS specific settings
darwinLaunchOptions = ["--start-as=maximized"];
darwinLaunchOptions = [ "--start-as=maximized" ];
};
}

3
home/base/home.nix
View File

@@ -1,4 +1,5 @@
{myvars, ...}: {
{ myvars, ... }:
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = {

12
home/base/tui/cloud/default.nix
View File

@@ -2,7 +2,8 @@
lib,
pkgs,
...
}: {
}:
{
# https://developer.hashicorp.com/terraform/cli/config/config-file
home.file.".terraformrc".source = ./terraformrc;
@@ -30,9 +31,12 @@
# digitalocean
doctl
# google cloud
(google-cloud-sdk.withExtraComponents (with google-cloud-sdk.components; [
gke-gcloud-auth-plugin
]))
(google-cloud-sdk.withExtraComponents (
with google-cloud-sdk.components;
[
gke-gcloud-auth-plugin
]
))
# cloud tools that nix do not have cache for.
terraform

3
home/base/tui/container.nix
View File

@@ -3,7 +3,8 @@
pkgs-unstable,
nur-ryan4yin,
...
}: {
}:
{
home.packages = with pkgs; [
podman-compose
dive # explore docker layers

3
home/base/tui/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
home/base/tui/dev-tools.nix
View File

@@ -2,7 +2,8 @@
pkgs,
pkgs-unstable,
...
}: {
}:
{
#############################################################
#
# Basic settings for development environment

3
home/base/tui/editors/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
home/base/tui/editors/helix/default.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.helix = {
enable = true;
package = pkgs.helix;

3
home/base/tui/editors/neovim/default.nix
View File

@@ -18,7 +18,8 @@ let
# the path to nvim directory
# to make this symlink work, we need to git clone this repo to your home directory.
configPath = "${config.home.homeDirectory}/nix-config/home/base/tui/editors/neovim/nvim";
in {
in
{
xdg.configFile."nvim".source = config.lib.file.mkOutOfStoreSymlink configPath;
# Disable catppuccin to avoid conflict with my non-nix config.
catppuccin.nvim.enable = false;

268
home/base/tui/editors/packages.nix
View File

@@ -2,153 +2,155 @@
pkgs,
pkgs-unstable,
...
}: {
home.packages = with pkgs; (
# -*- Data & Configuration Languages -*-#
[
#-- nix
nil
nixd
statix # Lints and suggestions for the nix programming language
deadnix # Find and remove unused code in .nix source files
nixfmt # Nix Code Formatter
}:
{
home.packages =
with pkgs;
(
# -*- Data & Configuration Languages -*-#
[
#-- nix
nil
nixd
statix # Lints and suggestions for the nix programming language
deadnix # Find and remove unused code in .nix source files
nixfmt # Nix Code Formatter
#-- nickel lang
nickel
#-- nickel lang
nickel
#-- json like
# terraform # install via brew on macOS
terraform-ls
jsonnet
jsonnet-language-server
taplo # TOML language server / formatter / validator
nodePackages.yaml-language-server
actionlint # GitHub Actions linter
#-- json like
# terraform # install via brew on macOS
terraform-ls
jsonnet
jsonnet-language-server
taplo # TOML language server / formatter / validator
nodePackages.yaml-language-server
actionlint # GitHub Actions linter
#-- dockerfile
hadolint # Dockerfile linter
nodePackages.dockerfile-language-server-nodejs
#-- dockerfile
hadolint # Dockerfile linter
nodePackages.dockerfile-language-server-nodejs
#-- markdown
marksman # language server for markdown
glow # markdown previewer
pandoc # document converter
pkgs-unstable.hugo # static site generator
#-- markdown
marksman # language server for markdown
glow # markdown previewer
pandoc # document converter
pkgs-unstable.hugo # static site generator
#-- sql
sqlfluff
#-- sql
sqlfluff
#-- protocol buffer
buf # linting and formatting
]
++
#-*- General Purpose Languages -*-#
[
#-- c/c++
cmake
cmake-language-server
gnumake
checkmake
# c/c++ compiler, required by nvim-treesitter!
gcc
gdb
# c/c++ tools with clang-tools, the unwrapped version won't
# add alias like `cc` and `c++`, so that it won't conflict with gcc
# llvmPackages.clang-unwrapped
clang-tools
lldb
vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
#-- protocol buffer
buf # linting and formatting
]
++
#-*- General Purpose Languages -*-#
[
#-- c/c++
cmake
cmake-language-server
gnumake
checkmake
# c/c++ compiler, required by nvim-treesitter!
gcc
gdb
# c/c++ tools with clang-tools, the unwrapped version won't
# add alias like `cc` and `c++`, so that it won't conflict with gcc
# llvmPackages.clang-unwrapped
clang-tools
lldb
vscode-extensions.vadimcn.vscode-lldb.adapter # codelldb - debugger
#-- python
pipx # Install and Run Python Applications in Isolated Environments
uv # python project package manager
pyright # python language server
(python313.withPackages (
ps:
with ps; [
ruff
black # python formatter
# debugpy
#-- python
pipx # Install and Run Python Applications in Isolated Environments
uv # python project package manager
pyright # python language server
(python313.withPackages (
ps: with ps; [
ruff
black # python formatter
# debugpy
# my commonly used python packages
jupyter
ipython
pandas
requests
pyquery
pyyaml
boto3
]
))
# my commonly used python packages
jupyter
ipython
pandas
requests
pyquery
pyyaml
boto3
]
))
#-- rust
# we'd better use the rust-overlays for rust development
pkgs-unstable.rustc
pkgs-unstable.rust-analyzer
pkgs-unstable.cargo # rust package manager
pkgs-unstable.rustfmt
pkgs-unstable.clippy # rust linter
#-- rust
# we'd better use the rust-overlays for rust development
pkgs-unstable.rustc
pkgs-unstable.rust-analyzer
pkgs-unstable.cargo # rust package manager
pkgs-unstable.rustfmt
pkgs-unstable.clippy # rust linter
#-- golang
go
gomodifytags
iferr # generate error handling code for go
impl # generate function implementation for go
gotools # contains tools like: godoc, goimports, etc.
gopls # go language server
delve # go debugger
#-- golang
go
gomodifytags
iferr # generate error handling code for go
impl # generate function implementation for go
gotools # contains tools like: godoc, goimports, etc.
gopls # go language server
delve # go debugger
# -- java
jdk17
gradle
maven
spring-boot-cli
jdt-language-server
# -- java
jdk17
gradle
maven
spring-boot-cli
jdt-language-server
#-- zig
zls
#-- zig
zls
#-- lua
stylua
lua-language-server
#-- lua
stylua
lua-language-server
#-- bash
nodePackages.bash-language-server
shellcheck
shfmt
]
#-*- Web Development -*-#
++ [
nodePackages.nodejs
nodePackages.typescript
nodePackages.typescript-language-server
# HTML/CSS/JSON/ESLint language servers extracted from vscode
nodePackages.vscode-langservers-extracted
nodePackages."@tailwindcss/language-server"
emmet-ls
]
# -*- Lisp like Languages -*-#
# ++ [
# guile
# racket-minimal
# fnlfmt # fennel
# (
# if pkgs.stdenv.isLinux && pkgs.stdenv.isx86
# then pkgs-unstable.akkuPackages.scheme-langserver
# else pkgs.emptyDirectory
# )
# ]
++ [
proselint # English prose linter
#-- bash
nodePackages.bash-language-server
shellcheck
shfmt
]
#-*- Web Development -*-#
++ [
nodePackages.nodejs
nodePackages.typescript
nodePackages.typescript-language-server
# HTML/CSS/JSON/ESLint language servers extracted from vscode
nodePackages.vscode-langservers-extracted
nodePackages."@tailwindcss/language-server"
emmet-ls
]
# -*- Lisp like Languages -*-#
# ++ [
# guile
# racket-minimal
# fnlfmt # fennel
# (
# if pkgs.stdenv.isLinux && pkgs.stdenv.isx86
# then pkgs-unstable.akkuPackages.scheme-langserver
# else pkgs.emptyDirectory
# )
# ]
++ [
proselint # English prose linter
#-- verilog / systemverilog
verible
#-- verilog / systemverilog
verible
#-- Optional Requirements:
nodePackages.prettier # common code formatter
fzf
gdu # disk usage analyzer, required by AstroNvim
(ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
]
);
#-- Optional Requirements:
nodePackages.prettier # common code formatter
fzf
gdu # disk usage analyzer, required by AstroNvim
(ripgrep.override { withPCRE2 = true; }) # recursively searches directories for a regex pattern
]
);
}

3
home/base/tui/encryption/default.nix
View File

@@ -2,7 +2,8 @@
pkgs,
pkgs-unstable,
...
}: {
}:
{
home.packages = with pkgs; [
age
sops

3
home/base/tui/gpg/default.nix
View File

@@ -2,7 +2,8 @@
config,
mysecrets,
...
}: {
}:
{
programs.gpg = {
enable = true;
homedir = "${config.home.homeDirectory}/.gnupg";

6
home/base/tui/password-store/default.nix
View File

@@ -3,9 +3,11 @@
config,
lib,
...
}: let
}:
let
passwordStoreDir = "${config.xdg.dataHome}/password-store";
in {
in
{
programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [

6
home/base/tui/shell.nix
View File

@@ -2,9 +2,11 @@
config,
pkgs-unstable,
...
}: let
}:
let
inherit (pkgs-unstable) nu_scripts;
in {
in
{
programs.nushell = {
# load the alias file for work
# the file must exist, otherwise nushell will complain about it!

3
home/base/tui/ssh.nix
View File

@@ -2,7 +2,8 @@
config,
mysecrets,
...
}: {
}:
{
home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
programs.ssh = {

6
home/base/tui/zellij/default.nix
View File

@@ -1,8 +1,10 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
shellAliases = {
"zj" = "zellij";
};
in {
in
{
programs.zellij = {
enable = true;
package = pkgs.zellij;

6
home/darwin/aerospace/default.nix
View File

@@ -1,5 +1,5 @@
{config, ...}: {
{ config, ... }:
{
home.file.".aerospace.toml".source =
config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/aerospace/aerospace.toml";
}

17
home/darwin/default.nix
View File

@@ -2,16 +2,15 @@
mylib,
myvars,
...
}: {
}:
{
home.homeDirectory = "/Users/${myvars.username}";
imports =
(mylib.scanPaths ./.)
++ [
../base/core
../base/tui
../base/gui
../base/home.nix
];
imports = (mylib.scanPaths ./.) ++ [
../base/core
../base/tui
../base/gui
../base/home.nix
];
# enable management of XDG base directories on macOS.
xdg.enable = true;

6
home/darwin/proxy/default.nix
View File

@@ -2,12 +2,12 @@
config,
pkgs,
...
}: {
}:
{
home.packages = with pkgs; [
clash-meta
];
home.file.".proxychains/proxychains.conf".source =
config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix-config/home/darwin/proxy/proxychains.conf";
}

3
home/darwin/rime-squirrel.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
# Squirrel Input Method
home.file."Library/Rime" = {
# my custom squirrel data (flypy input method)

6
home/darwin/shell.nix
View File

@@ -1,4 +1,5 @@
{lib, ...}: let
{ lib, ... }:
let
envExtra = ''
export PATH="$PATH:/opt/homebrew/bin:/usr/local/bin"
'';
@@ -20,7 +21,8 @@
true
fi
'';
in {
in
{
# Homebrew's default install location:
# /opt/homebrew for Apple Silicon
# /usr/local for macOS Intel

3
home/linux/base/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

6
home/linux/base/shell.nix
View File

@@ -2,11 +2,13 @@
config,
myvars,
...
}: let
}:
let
d = config.xdg.dataHome;
c = config.xdg.configHome;
cache = config.xdg.cacheHome;
in rec {
in
rec {
home.homeDirectory = "/home/${myvars.username}";
# environment variables that always set at login

3
home/linux/base/tools.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
# Linux Only Packages, not available on Darwin
home.packages = with pkgs; [
# misc

9
home/linux/gui/base/creative.nix
View File

@@ -6,8 +6,10 @@
nur-ryan4yin,
blender-bin,
...
}: {
home.packages = with pkgs;
}:
{
home.packages =
with pkgs;
[
# creative
# gimp # image editing, I prefer using figma in browser instead of this one
@@ -41,7 +43,8 @@
# live streaming
obs-studio = {
enable = pkgs.stdenv.isx86_64;
plugins = with pkgs.obs-studio-plugins;
plugins =
with pkgs.obs-studio-plugins;
[
# screen capture
wlrobs

3
home/linux/gui/base/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
home/linux/gui/base/dev-tools.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = with pkgs; [
android-tools
];

3
home/linux/gui/base/eye-protection.nix
View File

@@ -2,7 +2,8 @@
pkgs,
lib,
...
}: {
}:
{
# Adjust the color temperature(& brightness) of your screen according to
# your surroundings. This may help your eyes hurt less if you are
# working in front of the screen at night.

3
home/linux/gui/base/fcitx5/default.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
xdg.configFile = {
"fcitx5/profile" = {
source = ./profile;

3
home/linux/gui/base/games.nix
View File

@@ -2,7 +2,8 @@
pkgs,
nix-gaming,
...
}: {
}:
{
home.packages = with pkgs; [
# nix-gaming.packages.${pkgs.system}.osu-laser-bin
gamescope # SteamOS session compositing window manager

3
home/linux/gui/base/gtk.nix
View File

@@ -2,7 +2,8 @@
pkgs,
config,
...
}: {
}:
{
# If your themes for mouse cursor, icons or windows dont load correctly,
# try setting them with home.pointerCursor and gtk.theme,
# which enable a bunch of compatibility options that should make the themes load in all situations.

26
home/linux/gui/base/immutable-file.nix
View File

@@ -16,7 +16,8 @@
# TODO not used yet, need to test it.
#
##############################################################################################
with lib; let
with lib;
let
cfg = config.home.immutable-file;
immutableFileOpts = _: {
options = {
@@ -42,24 +43,25 @@ with lib; let
sudo cp $2 $1
sudo chattr +i $1
'';
in {
in
{
options.home.immutable-file = mkOption {
type = with types; attrsOf (submodule immutableFileOpts);
default = {};
default = { };
};
config = mkIf (cfg != {}) {
home.activation =
mapAttrs'
(name: {
config = mkIf (cfg != { }) {
home.activation = mapAttrs' (
name:
{
src,
dst,
}:
nameValuePair
"make-immutable-${name}"
(lib.hm.dag.entryAfter ["writeBoundary"] ''
nameValuePair "make-immutable-${name}" (
lib.hm.dag.entryAfter [ "writeBoundary" ] ''
${mkImmutableFile} ${dst} ${src}
''))
cfg;
''
)
) cfg;
};
}

9
home/linux/gui/base/media.nix
View File

@@ -6,7 +6,8 @@
}:
# media - control and enjoy audio/video
{
home.packages = with pkgs;
home.packages =
with pkgs;
[
# audio control
pavucontrol
@@ -22,13 +23,13 @@
nvitop
]
++ (lib.optionals pkgs.stdenv.isx86_64 [
(zoom-us.override {hyprlandXdgDesktopPortalSupport = true;})
(zoom-us.override { hyprlandXdgDesktopPortalSupport = true; })
]);
programs.mpv = {
enable = true;
defaultProfiles = ["gpu-hq"];
scripts = [pkgs.mpvScripts.mpris];
defaultProfiles = [ "gpu-hq" ];
scripts = [ pkgs.mpvScripts.mpris ];
};
services = {

3
home/linux/gui/base/misc.nix
View File

@@ -2,7 +2,8 @@
pkgs,
pkgs-unstable,
...
}: {
}:
{
home.packages = with pkgs; [
# GUI apps
# e-book viewer(.epub/.mobi/...)

15
home/linux/gui/base/note-taking.nix
View File

@@ -1,7 +1,10 @@
{pkgs, ...}: {
home.packages = with pkgs; (lib.optionals pkgs.stdenv.isx86_64 [
# https://joplinapp.org/help/
joplin # joplin-cli
joplin-desktop
]);
{ pkgs, ... }:
{
home.packages =
with pkgs;
(lib.optionals pkgs.stdenv.isx86_64 [
# https://joplinapp.org/help/
joplin # joplin-cli
joplin-desktop
]);
}

41
home/linux/gui/base/wallpaper/default.nix
View File

@@ -4,26 +4,37 @@
lib,
wallpapers,
...
}: {
}:
{
systemd.user.services.wallpaper = {
Unit = {
Description = "Wallpaper Switcher daemon";
After = ["graphical-session-pre.target" "xdg-desktop-autostart.target"];
Wants = ["graphical-session-pre.target"];
After = [
"graphical-session-pre.target"
"xdg-desktop-autostart.target"
];
Wants = [ "graphical-session-pre.target" ];
};
Install.WantedBy = ["graphical-session.target"];
Install.WantedBy = [ "graphical-session.target" ];
Service = {
ExecStart = lib.getExe (pkgs.writeShellApplication {
name = "wallpaper";
runtimeInputs = with pkgs; [procps feh swaybg python3];
text = ''
export WALLPAPERS_DIR="${wallpapers}"
export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
export WALLPAPER_WAIT_MIN=60
export WALLPAPER_WAIT_MAX=180
exec ${./wallpaper-switcher.py}
'';
});
ExecStart = lib.getExe (
pkgs.writeShellApplication {
name = "wallpaper";
runtimeInputs = with pkgs; [
procps
feh
swaybg
python3
];
text = ''
export WALLPAPERS_DIR="${wallpapers}"
export WALLPAPERS_STATE_FILEPATH="${config.xdg.stateHome}/wallpaper-switcher/switcher_state"
export WALLPAPER_WAIT_MIN=60
export WALLPAPER_WAIT_MAX=180
exec ${./wallpaper-switcher.py}
'';
}
);
RestartSec = 3;
Restart = "on-failure";
};

95
home/linux/gui/base/xdg.nix
View File

@@ -6,7 +6,8 @@
config,
pkgs,
...
}: {
}:
{
home.packages = with pkgs; [
xdg-utils # provides cli tools such as `xdg-mime` `xdg-open`
xdg-user-dirs
@@ -31,53 +32,63 @@
mimeApps = {
enable = true;
# let `xdg-open` to open the url with the correct application.
defaultApplications = let
browser = ["google-chrome.desktop" "firefox.desktop"];
editor = ["nvim.desktop" "Helix.desktop" "code.desktop" "code-insiders.desktop"];
in {
"application/json" = browser;
"application/pdf" = browser; # TODO: pdf viewer
defaultApplications =
let
browser = [
"google-chrome.desktop"
"firefox.desktop"
];
editor = [
"nvim.desktop"
"Helix.desktop"
"code.desktop"
"code-insiders.desktop"
];
in
{
"application/json" = browser;
"application/pdf" = browser; # TODO: pdf viewer
"text/html" = browser;
"text/xml" = browser;
"text/plain" = editor;
"application/xml" = browser;
"application/xhtml+xml" = browser;
"application/xhtml_xml" = browser;
"application/rdf+xml" = browser;
"application/rss+xml" = browser;
"application/x-extension-htm" = browser;
"application/x-extension-html" = browser;
"application/x-extension-shtml" = browser;
"application/x-extension-xht" = browser;
"application/x-extension-xhtml" = browser;
"application/x-wine-extension-ini" = editor;
"text/html" = browser;
"text/xml" = browser;
"text/plain" = editor;
"application/xml" = browser;
"application/xhtml+xml" = browser;
"application/xhtml_xml" = browser;
"application/rdf+xml" = browser;
"application/rss+xml" = browser;
"application/x-extension-htm" = browser;
"application/x-extension-html" = browser;
"application/x-extension-shtml" = browser;
"application/x-extension-xht" = browser;
"application/x-extension-xhtml" = browser;
"application/x-wine-extension-ini" = editor;
# define default applications for some url schemes.
"x-scheme-handler/about" = browser; # open `about:` url with `browser`
"x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser`
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
# https://github.com/microsoft/vscode/issues/146408
"x-scheme-handler/vscode" = ["code-url-handler.desktop"]; # open `vscode://` url with `code-url-handler.desktop`
"x-scheme-handler/vscode-insiders" = ["code-insiders-url-handler.desktop"]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
"x-scheme-handler/zoommtg" = ["Zoom.desktop"];
# define default applications for some url schemes.
"x-scheme-handler/about" = browser; # open `about:` url with `browser`
"x-scheme-handler/ftp" = browser; # open `ftp:` url with `browser`
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
# https://github.com/microsoft/vscode/issues/146408
"x-scheme-handler/vscode" = [ "code-url-handler.desktop" ]; # open `vscode://` url with `code-url-handler.desktop`
"x-scheme-handler/vscode-insiders" = [ "code-insiders-url-handler.desktop" ]; # open `vscode-insiders://` url with `code-insiders-url-handler.desktop`
"x-scheme-handler/zoommtg" = [ "Zoom.desktop" ];
# all other unknown schemes will be opened by this default application.
# "x-scheme-handler/unknown" = editor;
# all other unknown schemes will be opened by this default application.
# "x-scheme-handler/unknown" = editor;
"x-scheme-handler/tg" = ["org.telegram.desktop.desktop "];
"x-scheme-handler/tg" = [ "org.telegram.desktop.desktop " ];
"audio/*" = ["mpv.desktop"];
"video/*" = ["mpv.desktop"];
"image/*" = ["imv-dir.desktop"];
"image/gif" = ["imv-dir.desktop"];
"image/jpeg" = ["imv-dir.desktop"];
"image/png" = ["imv-dir.desktop"];
"image/webp" = ["imv-dir.desktop"];
"audio/*" = [ "mpv.desktop" ];
"video/*" = [ "mpv.desktop" ];
"image/*" = [ "imv-dir.desktop" ];
"image/gif" = [ "imv-dir.desktop" ];
"image/jpeg" = [ "imv-dir.desktop" ];
"image/png" = [ "imv-dir.desktop" ];
"image/webp" = [ "imv-dir.desktop" ];
"inode/directory" = ["yazi.desktop"];
};
"inode/directory" = [ "yazi.desktop" ];
};
associations.removed = {
# ......

3
home/linux/gui/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
home/linux/gui/editors/default.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = with pkgs; [
zed-editor
code-cursor

48
home/linux/gui/hyprland/default.nix
View File

@@ -4,10 +4,12 @@
lib,
anyrun,
...
} @ args:
with lib; let
}@args:
with lib;
let
cfg = config.modules.desktop.hyprland;
in {
in
{
imports = [
# anyrun.homeManagerModules.default # the module is already in hm now.
./options
@@ -16,32 +18,36 @@ in {
options.modules.desktop.hyprland = {
enable = mkEnableOption "hyprland compositor";
settings = lib.mkOption {
type = with lib.types; let
valueType =
nullOr (oneOf [
bool
int
float
str
path
(attrsOf valueType)
(listOf valueType)
])
// {
description = "Hyprland configuration value";
};
in
type =
with lib.types;
let
valueType =
nullOr (oneOf [
bool
int
float
str
path
(attrsOf valueType)
(listOf valueType)
])
// {
description = "Hyprland configuration value";
};
in
valueType;
default = {};
default = { };
};
};
config = mkIf cfg.enable (
mkMerge ([
mkMerge (
[
{
wayland.windowManager.hyprland.settings = cfg.settings;
}
]
++ (import ./values args))
++ (import ./values args)
)
);
}

3
home/linux/gui/hyprland/options/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

6
home/linux/gui/hyprland/options/nvidia.nix
View File

@@ -3,9 +3,11 @@
lib,
...
}:
with lib; let
with lib;
let
cfg = config.modules.desktop.hyprland;
in {
in
{
options.modules.desktop.hyprland = {
nvidia = mkEnableOption "whether nvidia GPU is used";
};

3
home/linux/gui/hyprland/values/anyrun.nix
View File

@@ -2,7 +2,8 @@
pkgs,
anyrun,
...
}: {
}:
{
programs.anyrun = {
enable = true;
config = {

5
home/linux/gui/hyprland/values/default.nix
View File

@@ -1,4 +1 @@
{mylib, ...} @ args:
map
(path: import path args)
(mylib.scanPaths ./.)
{ mylib, ... }@args: map (path: import path args) (mylib.scanPaths ./.)

50
home/linux/gui/hyprland/values/hyprland.nix
View File

@@ -2,19 +2,23 @@
pkgs,
config,
...
}: let
}:
let
package = pkgs.hyprland;
in {
xdg.configFile = let
mkSymlink = config.lib.file.mkOutOfStoreSymlink;
hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
in {
"mako".source = mkSymlink "${hyprPath}/mako";
"waybar".source = mkSymlink "${hyprPath}/waybar";
"wlogout".source = mkSymlink "${hyprPath}/wlogout";
"hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf";
"hypr/configs".source = mkSymlink "${hyprPath}/configs";
};
in
{
xdg.configFile =
let
mkSymlink = config.lib.file.mkOutOfStoreSymlink;
hyprPath = "${config.home.homeDirectory}/nix-config/home/linux/gui/hyprland/conf";
in
{
"mako".source = mkSymlink "${hyprPath}/mako";
"waybar".source = mkSymlink "${hyprPath}/waybar";
"wlogout".source = mkSymlink "${hyprPath}/wlogout";
"hypr/hypridle.conf".source = mkSymlink "${hyprPath}/hypridle.conf";
"hypr/configs".source = mkSymlink "${hyprPath}/configs";
};
# status bar
programs.waybar = {
@@ -46,15 +50,17 @@ in {
inherit package;
enable = true;
settings = {
source = let
configPath = "${config.home.homeDirectory}/.config/hypr/configs";
in [
"${configPath}/exec.conf"
"${configPath}/fcitx5.conf"
"${configPath}/keybindings.conf"
"${configPath}/settings.conf"
"${configPath}/windowrules.conf"
];
source =
let
configPath = "${config.home.homeDirectory}/.config/hypr/configs";
in
[
"${configPath}/exec.conf"
"${configPath}/fcitx5.conf"
"${configPath}/keybindings.conf"
"${configPath}/settings.conf"
"${configPath}/windowrules.conf"
];
env = [
"NIXOS_OZONE_WL,1" # for any ozone-based browser & electron apps to run on wayland
"MOZ_ENABLE_WAYLAND,1" # for firefox to run on wayland
@@ -71,7 +77,7 @@ in {
# gammastep/wallpaper-switcher need this to be enabled.
systemd = {
enable = true;
variables = ["--all"];
variables = [ "--all" ];
};
};

4
home/linux/gui/hyprland/values/packages.nix
View File

@@ -1,8 +1,8 @@
{
pkgs,
...
}: {
}:
{
home.packages = with pkgs; [
swaybg # the wallpaper

37
home/linux/gui/hyprland/values/wayland-apps.nix
View File

@@ -1,7 +1,8 @@
{
pkgs,
...
}: {
}:
{
home.packages = with pkgs; [
# firefox-wayland
nixpaks.firefox
@@ -31,25 +32,23 @@
vscode = {
enable = true;
package =
pkgs.vscode.override
{
isInsiders = false;
# https://wiki.archlinux.org/title/Wayland#Electron
commandLineArgs = [
"--ozone-platform-hint=auto"
"--ozone-platform=wayland"
# make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
# (only supported by chromium/chrome at this time, not electron)
"--gtk-version=4"
# make it use text-input-v1, which works for kwin 5.27 and weston
"--enable-wayland-ime"
package = pkgs.vscode.override {
isInsiders = false;
# https://wiki.archlinux.org/title/Wayland#Electron
commandLineArgs = [
"--ozone-platform-hint=auto"
"--ozone-platform=wayland"
# make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
# (only supported by chromium/chrome at this time, not electron)
"--gtk-version=4"
# make it use text-input-v1, which works for kwin 5.27 and weston
"--enable-wayland-ime"
# TODO: fix https://github.com/microsoft/vscode/issues/187436
# still not works...
"--password-store=gnome" # use gnome-keyring as password store
];
};
# TODO: fix https://github.com/microsoft/vscode/issues/187436
# still not works...
"--password-store=gnome" # use gnome-keyring as password store
];
};
};
};
}

3
home/linux/gui/hyprland/values/xdg.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
xdg.portal = {
enable = true;

5
hosts/12kingdoms-shoukei/hardware-configuration.nix
View File

@@ -24,7 +24,10 @@ in
boot.loader.efi.efiSysMountPoint = "/boot";
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = ["x86_64-linux" "riscv64-linux"];
boot.binfmt.emulatedSystems = [
"x86_64-linux"
"riscv64-linux"
];
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = lib.mkForce [
"ext4"

3
hosts/darwin-fern/default.nix
View File

@@ -6,7 +6,8 @@ _:
#############################################################
let
hostname = "fern";
in {
in
{
networking.hostName = hostname;
networking.computerName = hostname;
system.defaults.smb.NetBIOSName = hostname;

9
hosts/darwin-fern/home.nix
View File

@@ -1,5 +1,8 @@
{config, ...}: let
{ config, ... }:
let
hostName = "fern";
in {
programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
in
{
programs.ssh.matchBlocks."github.com".identityFile =
"${config.home.homeDirectory}/.ssh/${hostName}";
}

3
hosts/darwin-frieren/default.nix
View File

@@ -6,7 +6,8 @@ _:
#############################################################
let
hostname = "frieren";
in {
in
{
networking.hostName = hostname;
networking.computerName = hostname;
system.defaults.smb.NetBIOSName = hostname;

9
hosts/darwin-frieren/home.nix
View File

@@ -1,5 +1,8 @@
{config, ...}: let
{ config, ... }:
let
hostName = "frieren";
in {
programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/${hostName}";
in
{
programs.ssh.matchBlocks."github.com".identityFile =
"${config.home.homeDirectory}/.ssh/${hostName}";
}

3
hosts/idols-ai/ai/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

6
hosts/idols-ai/ai/ollama.nix
View File

@@ -2,13 +2,15 @@
pkgs,
nixpkgs-ollama,
...
}: let
}:
let
pkgs-ollama = import nixpkgs-ollama {
inherit (pkgs) system;
# To use cuda, we need to allow the installation of non-free software
config.allowUnfree = true;
};
in {
in
{
services.ollama = rec {
enable = true;
package = pkgs-ollama.ollama;

12
hosts/idols-ai/default.nix
View File

@@ -1,4 +1,4 @@
{myvars, ...}:
{ myvars, ... }:
#############################################################
#
# Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -11,7 +11,8 @@ let
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6;
ipv4WithMask = "${ipv4}/24";
ipv6WithMask = "${ipv6}/64";
in {
in
{
imports = [
./netdev-mount.nix
# Include the results of the hardware scan.
@@ -35,9 +36,12 @@ in {
systemd.network.enable = true;
systemd.network.networks."10-${iface}" = {
matchConfig.Name = [iface];
matchConfig.Name = [ iface ];
networkConfig = {
Address = [ipv4WithMask ipv6WithMask];
Address = [
ipv4WithMask
ipv6WithMask
];
DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)

3
hosts/idols-ai/game/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

6
hosts/idols-ai/game/gamemode.nix
View File

@@ -5,7 +5,8 @@
nix-gaming,
lib,
...
}: let
}:
let
programs = lib.makeBinPath [
config.programs.hyprland.package
pkgs.coreutils
@@ -25,7 +26,8 @@
hyprctl --batch 'keyword decoration:blur 1 ; keyword animations:enabled 1 ; keyword misc:vfr 1'
powerprofilesctl set power-saver
'';
in {
in
{
# Optimise Linux system performance on demand
# https://github.com/FeralInteractive/GameMode
# https://wiki.archlinux.org/title/Gamemode

7
hosts/idols-ai/game/steam.nix
View File

@@ -1,5 +1,6 @@
# https://github.com/fufexan/dotfiles/blob/483680e/system/programs/steam.nix
{pkgs, ...}: {
{ pkgs, ... }:
{
# https://wiki.archlinux.org/title/steam
# Games installed by Steam works fine on NixOS, no other configuration needed.
programs.steam = {
@@ -15,8 +16,8 @@
# fix gamescope inside steam
package = pkgs.steam.override {
extraPkgs = pkgs:
with pkgs; [
extraPkgs =
pkgs: with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama

71
hosts/idols-ai/hardware-configuration.nix
View File

@@ -7,7 +7,8 @@
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
@@ -21,16 +22,26 @@
boot.kernelPackages = pkgs.linuxPackages_latest;
# boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"]; # kvm virtualization support
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # kvm virtualization support
boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
boot.extraModulePackages = [];
boot.extraModulePackages = [ ];
# clear /tmp on boot to get a stateless /tmp directory.
boot.tmp.cleanOnBoot = true;
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"riscv64-linux"
];
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
@@ -67,7 +78,7 @@
fsType = "btrfs";
# btrfs's top-level subvolume, internally has an id 5
# we can access all other subvolumes from this subvolume.
options = ["subvolid=5"];
options = [ "subvolid=5" ];
};
# equal to `mount -t tmpfs tmpfs /`
@@ -76,26 +87,40 @@
fsType = "tmpfs";
# set mode to 755, otherwise systemd will set it to 777, which cause problems.
# relatime: Update inode access times relative to modify or change time.
options = ["relatime" "mode=755"];
options = [
"relatime"
"mode=755"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
fsType = "btrfs";
options = ["subvol=@nix" "noatime" "compress-force=zstd:1"];
options = [
"subvol=@nix"
"noatime"
"compress-force=zstd:1"
];
};
# for guix store, which use `/gnu/store` as its store directory.
fileSystems."/gnu" = {
device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
fsType = "btrfs";
options = ["subvol=@guix" "noatime" "compress-force=zstd:1"];
options = [
"subvol=@guix"
"noatime"
"compress-force=zstd:1"
];
};
fileSystems."/persistent" = {
device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
fsType = "btrfs";
options = ["subvol=@persistent" "compress-force=zstd:1"];
options = [
"subvol=@persistent"
"compress-force=zstd:1"
];
# preservation's data is required for booting.
neededForBoot = true;
};
@@ -103,30 +128,42 @@
fileSystems."/snapshots" = {
device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
fsType = "btrfs";
options = ["subvol=@snapshots" "compress-force=zstd:1"];
options = [
"subvol=@snapshots"
"compress-force=zstd:1"
];
};
fileSystems."/tmp" = {
device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
fsType = "btrfs";
options = ["subvol=@tmp" "compress-force=zstd:1"];
options = [
"subvol=@tmp"
"compress-force=zstd:1"
];
};
# mount swap subvolume in readonly mode.
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/1167076c-dee1-486c-83c1-4b1af37555cd";
fsType = "btrfs";
options = ["subvol=@swap" "ro"];
options = [
"subvol=@swap"
"ro"
];
};
# remount swapfile in read-write mode
fileSystems."/swap/swapfile" = {
# the swapfile is located in /swap subvolume, so we need to mount /swap first.
depends = ["/swap"];
depends = [ "/swap" ];
device = "/swap/swapfile";
fsType = "none";
options = ["bind" "rw"];
options = [
"bind"
"rw"
];
};
fileSystems."/boot" = {
@@ -135,7 +172,7 @@
};
swapDevices = [
{device = "/swap/swapfile";}
{ device = "/swap/swapfile"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

3
hosts/idols-ai/home.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
modules.desktop = {
hyprland = {
nvidia = true;

3
hosts/idols-ai/netdev-mount.nix
View File

@@ -2,7 +2,8 @@
config,
myvars,
...
}: {
}:
{
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
# "cifs"

5
hosts/idols-ai/nvidia.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
# ===============================================================================================
# for Nvidia GPU
# https://wiki.nixos.org/wiki/NVIDIA
@@ -10,7 +11,7 @@
# enabling it is required to make Wayland compositors function properly.
"nvidia-drm.fbdev=1"
];
services.xserver.videoDrivers = ["nvidia"]; # will install nvidia-vaapi-driver by default
services.xserver.videoDrivers = [ "nvidia" ]; # will install nvidia-vaapi-driver by default
hardware.nvidia = {
# Open-source kernel modules are preferred over and planned to steadily replace proprietary modules
open = true;

38
hosts/idols-ai/preservation.nix
View File

@@ -3,9 +3,11 @@
pkgs,
myvars,
...
}: let
}:
let
inherit (myvars) username;
in {
in
{
imports = [
preservation.nixosModules.default
];
@@ -330,27 +332,29 @@ in {
# Note that immediate parent directories of persisted files can also be
# configured with ownership and permissions from the `parent` settings if
# `configureParent = true` is set for the file.
systemd.tmpfiles.settings.preservation = let
permission = {
user = username;
group = "users";
mode = "0755";
systemd.tmpfiles.settings.preservation =
let
permission = {
user = username;
group = "users";
mode = "0755";
};
in
{
"/home/${username}/.config".d = permission;
"/home/${username}/.cache".d = permission;
"/home/${username}/.local".d = permission;
"/home/${username}/.local/share".d = permission;
"/home/${username}/.local/state".d = permission;
"/home/${username}/.local/state/nix".d = permission;
"/home/${username}/.terraform.d".d = permission;
};
in {
"/home/${username}/.config".d = permission;
"/home/${username}/.cache".d = permission;
"/home/${username}/.local".d = permission;
"/home/${username}/.local/share".d = permission;
"/home/${username}/.local/state".d = permission;
"/home/${username}/.local/state/nix".d = permission;
"/home/${username}/.terraform.d".d = permission;
};
# systemd-machine-id-commit.service would fail but it is not relevant
# in this specific setup for a persistent machine-id so we disable it
#
# see the firstboot example below for an alternative approach
systemd.suppressedSystemUnits = ["systemd-machine-id-commit.service"];
systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ];
# let the service commit the transient ID to the persistent volume
systemd.services.systemd-machine-id-commit = {

3
hosts/idols-ai/secureboot.nix
View File

@@ -3,7 +3,8 @@
lib,
lanzaboote,
...
}: {
}:
{
# How to enter setup mode - msi motherboard
## 1. enter BIOS via [Del] Key
## 2. <Advance mode> => <Settings> => <Security> => <Secure Boot>

11
hosts/idols-aquamarine/caddy.nix
View File

@@ -3,7 +3,8 @@
config,
wallpapers,
...
}: let
}:
let
hostCommonConfig = ''
encode zstd gzip
tls ${../../certs/ecc-server.crt} ${config.age.secrets."caddy-ecc-server.key".path} {
@@ -11,7 +12,8 @@
curves x25519 secp384r1 secp521r1
}
'';
in {
in
{
services.caddy = {
enable = true;
# Reload Caddy instead of restarting it when configuration file changes.
@@ -124,7 +126,10 @@ in {
# reverse_proxy http://localhost:9090
# '';
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [
80
443
];
# Create Directories
# https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html#Type

17
hosts/idols-aquamarine/default.nix
View File

@@ -17,12 +17,11 @@ let
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24";
in {
imports =
(mylib.scanPaths ./.)
++ [
disko.nixosModules.default
];
in
{
imports = (mylib.scanPaths ./.) ++ [
disko.nixosModules.default
];
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
@@ -42,7 +41,7 @@ in {
zramSwap.memoryPercent = lib.mkForce 100;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = ["kvm-amd"];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
@@ -57,9 +56,9 @@ in {
systemd.network.enable = true;
systemd.network.networks."10-${iface}" = {
matchConfig.Name = [iface];
matchConfig.Name = [ iface ];
networkConfig = {
Address = [ipv4WithMask];
Address = [ ipv4WithMask ];
DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)

30
hosts/idols-aquamarine/disko-fs.nix
View File

@@ -3,8 +3,9 @@
let
cryptKeyFile = "/etc/agenix/hdd-luks-crypt-key";
unlockDisk = "data-encrypted";
in {
fileSystems."/data/fileshare/public".depends = ["/data/fileshare"];
in
{
fileSystems."/data/fileshare/public".depends = [ "/data/fileshare" ];
# By adding this crypttab entry, the disk will be unlocked by systemd-cryptsetup@xxx.service at boot time.
# This systemd service is running after agenix, so that the keyfile is already available.
@@ -59,7 +60,7 @@ in {
];
content = {
type = "btrfs";
extraArgs = ["-f"]; # Force override existing partition
extraArgs = [ "-f" ]; # Force override existing partition
subvolumes = {
"@apps" = {
mountpoint = "/data/apps";
@@ -71,15 +72,27 @@ in {
};
"@fileshare" = {
mountpoint = "/data/fileshare";
mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
mountOptions = [
"compress-force=zstd:1"
"noatime"
"nofail"
];
};
"@backups" = {
mountpoint = "/data/backups";
mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
mountOptions = [
"compress-force=zstd:1"
"noatime"
"nofail"
];
};
"@snapshots" = {
mountpoint = "/data/apps-snapshots";
mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
mountOptions = [
"compress-force=zstd:1"
"noatime"
"nofail"
];
};
};
};
@@ -101,7 +114,10 @@ in {
subvolumes = {
"@persistent" = {
mountpoint = "/data/fileshare/public";
mountOptions = ["compress-force=zstd:1" "nofail"];
mountOptions = [
"compress-force=zstd:1"
"nofail"
];
};
};
};

3
hosts/idols-aquamarine/exporters/default.nix
View File

@@ -1,3 +1,4 @@
{mylib, ...}: {
{ mylib, ... }:
{
imports = mylib.scanPaths ./.;
}

3
hosts/idols-aquamarine/gitea.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
# https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/misc/gitea.nix
services.gitea = {
enable = true;

3
hosts/idols-aquamarine/grafana/default.nix
View File

@@ -2,7 +2,8 @@
config,
myvars,
...
}: {
}:
{
services.grafana = {
enable = true;
dataDir = "/data/apps/grafana";

8
hosts/idols-aquamarine/minio.nix
View File

@@ -1,7 +1,9 @@
{config, ...}: let
dataDir = ["/data/apps/minio/data"];
{ config, ... }:
let
dataDir = [ "/data/apps/minio/data" ];
configDir = "/data/apps/minio/config";
in {
in
{
# https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/minio.nix
services.minio = {
enable = true;

Some files were not shown because too many files have changed in this diff Show More