imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: imxyy1soope1:quickshell
Branches Tags
imxyy1soope1:master imxyy1soope1:quickshell
..
compare: imxyy1soope1:master
Branches Tags
imxyy1soope1:master imxyy1soope1:quickshell

215 Commits
quickshell ... master

Author SHA1 Message Date
imxyy_soope_
3313dfc89b feat(nvim): biome 2026-01-10 21:35:19 +08:00
imxyy_soope_
29734f85ba fix: remove noctalia-shell entry from spawn-at-startup 2026-01-10 10:17:07 +08:00
imxyy_soope_
afe06213de chore(nvim): update lazy-lock.json 2026-01-09 23:54:34 +08:00
imxyy_soope_
69d6588c30 feat: add splayer 2026-01-09 23:54:23 +08:00
imxyy_soope_
aee0fb44d5 feat(server): use xanmod_stable and zfs_unstable 2026-01-09 15:49:33 +08:00
imxyy_soope_
602f599823 chore: update flake.lock 
* updated noctalia-shell to v3.8.2
* removed television fish integration workaround
* removed `~/.config/fish/fish_variables` entry in my.persist.homeFiles
  since [fish v4.3.0](https://github.com/fish-shell/fish-shell/releases/tag/4.3.0)
  no longer sets universal variables by default
 2026-01-09 15:07:37 +08:00
imxyy_soope_
df0a21913e feat: tidy shell config 2026-01-03 10:09:43 +08:00
imxyy_soope_
a56e9bdaf2 chore(nvim): update lazy-lock.json 2026-01-01 17:41:40 +08:00
imxyy_soope_
e574a70020 feat(nvim): enable inlay hints for rust-analyzer 2026-01-01 15:39:04 +08:00
imxyy_soope_
c6a3fde1bd feat(nix): warn-dirty = false 2026-01-01 11:37:41 +08:00
imxyy_soope_
b3cd3fe209 feat(nvim): tidy old config; track lazy-lock.json 2025-12-31 22:06:51 +08:00
imxyy_soope_
ad2aca84f0 chore: tidy Justfile 2025-12-31 22:04:21 +08:00
imxyy_soope_
a07bcd9bab chore: update flake.lock; update noctalia-shell 2025-12-31 22:03:53 +08:00
imxyy_soope_
7eb32cfabc feat: impure symlink 2025-12-28 11:07:50 +08:00
imxyy_soope_
f9308dda9e refactor: config/hosts => hosts 2025-12-28 09:22:15 +08:00
imxyy_soope_
99aea69128 chore(server): remove unnecessary pkgs.stable usage 2025-12-27 16:46:59 +08:00
imxyy_soope_
d0cffe4f1c refactor: keys & emails 2025-12-27 16:46:24 +08:00
imxyy_soope_
b8597104b3 fmt: tidy 2025-12-27 16:28:39 +08:00
imxyy_soope_
3bd682e800 fix: television fish integration 2025-12-27 16:28:23 +08:00
imxyy_soope_
296f250eba feat(nixd): suppress sema-primop-overridden 2025-12-27 16:28:00 +08:00
imxyy_soope_
4ab322f08d refactor: pkgs 2025-12-27 16:27:30 +08:00
imxyy_soope_
e112f5f21d chore: update flake.lock; update noctalia-shell 2025-12-27 16:25:42 +08:00
imxyy_soope_
5bfd7bf857 chore(flake.nix): treefmt.inputs.nixpkgs.follows = "nixpkgs" 2025-12-21 15:29:41 +08:00
imxyy_soope_
7a8e7ca9d7 feat(pkgs): jj-starship 2025-12-21 15:29:32 +08:00
imxyy_soope_
91c539ad99 feat(tmux): set terminal-features 2025-12-21 12:58:36 +08:00
imxyy_soope_
4c63836d35 fix(fish): async starship 2025-12-21 12:27:14 +08:00
imxyy_soope_
a2eaa6f72d chore: fmt 2025-12-21 11:03:54 +08:00
imxyy_soope_
c9edeca311 feat(fish): persist fish_variables 2025-12-21 10:58:42 +08:00
imxyy_soope_
6482506cc3 fix(nvim): nixd nixpkgs 2025-12-21 10:58:24 +08:00
imxyy_soope_
7f250e19ef fix: build 2025-12-21 10:51:54 +08:00
imxyy_soope_
5feb543129 fix: stylix warning 2025-12-20 23:21:46 +08:00
imxyy_soope_
454ad5885d feat: massive refactor 2025-12-20 23:05:28 +08:00
imxyy_soope_
f4c1b313ce fix(server): nixpkgs config; migrate to new frp module 2025-12-20 20:45:33 +08:00
imxyy_soope_
4509f9edf5 feat(niri): update config 2025-12-20 20:10:46 +08:00
imxyy_soope_
bc197eb3ca refactor: massive refactor using flake-parts; use typos-cli and 
keep-sorted
 2025-12-20 18:12:03 +08:00
imxyy_soope_
d5f027f586 feat: upgrade noctalia-shell 2025-12-19 23:41:19 +08:00
imxyy_soope_
3d6620a308 chore: update flake.lock 2025-12-19 19:27:34 +08:00
imxyy_soope_
3196ebd920 feat(niri): update config 2025-12-19 19:27:34 +08:00
imxyy_soope_
9c920b2cdf feat(server): sshwifty 2025-12-16 18:26:17 +08:00
imxyy_soope_
7b705fad80 chore: remove redundant default.nix 2025-12-14 13:58:21 +08:00
imxyy_soope_
f3f00c14ad chore: update secrets 2025-12-14 10:43:32 +08:00
imxyy_soope_
9ae37ea439 feat(fish): some changes 2025-12-14 10:43:17 +08:00
imxyy_soope_
99103ff9d2 feat(niri): change column width 2025-12-14 10:42:58 +08:00
imxyy_soope_
4c74679f85 build: add offline 2025-12-14 10:40:44 +08:00
imxyy_soope_
90b85963cd feat(sops-nix): use restartUnits 2025-12-14 10:40:11 +08:00
imxyy_soope_
010789965a chore: fmt 2025-12-13 17:00:21 +08:00
imxyy_soope_
5988a98a09 feat: upgrade noctalia-shell 2025-12-13 16:59:08 +08:00
imxyy_soope_
814511c939 feat(server): coding.langs.js.enable = true 2025-12-12 22:32:33 +08:00
imxyy_soope_
b96a93b1bf fix: sudoedit -> doasedit 2025-12-12 22:32:14 +08:00
imxyy_soope_
b92ada78e5 feat(server): rsshub 2025-12-12 22:31:51 +08:00
imxyy_soope_
eb5ca52004 feat: drop config/hosts/${host}/default.nix 2025-12-12 22:31:27 +08:00
imxyy_soope_
7952d72048 feat: add my-templates 2025-12-12 22:30:48 +08:00
imxyy_soope_
cb5c3eff2e feat: drop chaotic-nyx; drop proton-ge-custom; linux-cachyos -> linux-xanmod 
R.I.P. chaotic-nyx 😢
 2025-12-12 19:59:50 +08:00
imxyy_soope_
17c5344666 build: Makefile 2025-12-07 16:34:31 +08:00
imxyy_soope_
8d7a4aed01 feat(direnv): configure 2025-12-07 12:46:43 +08:00
imxyy_soope_
475837cd66 feat: use angrr (gc roots cleaner) 2025-12-07 12:45:49 +08:00
imxyy_soope_
4f043b6ad1 chore: update secrets 2025-12-07 12:07:39 +08:00
imxyy_soope_
5d3fc65be5 feat: set fish as user shell 2025-12-07 12:06:57 +08:00
imxyy_soope_
3a82f9b652 feat(noctalia): enable OSD for all available events 2025-12-07 10:55:12 +08:00
imxyy_soope_
cbdf26d69f feat: update nixpkgs-stable to 25.11 2025-12-07 00:17:32 +08:00
imxyy_soope_
80792c399c feat(ayugram): use latest 2025-12-07 00:16:26 +08:00
imxyy_soope_
b1546b5ee8 feat: upgrade noctalia-shell 2025-12-06 13:19:23 +08:00
imxyy_soope_
52261371c0 feat(fish): yank to system clipboard 2025-12-06 02:40:42 +08:00
imxyy_soope_
ab6dadd113 feat(shell): migrate to fish 2025-12-05 23:52:56 +08:00
imxyy_soope_
837f865b4f feat: systemd-boot.configurationLimit = 10 2025-12-05 19:06:58 +08:00
imxyy_soope_
e3b5a1d6c3 chore: update flake.lock 2025-12-05 19:06:36 +08:00
imxyy_soope_
d161fd3e87 feat(nix): set download-buffer-size to 512MiB 2025-11-30 10:41:50 +08:00
imxyy_soope_
2118c69dd8 feat(server/coder): use services.coder 2025-11-29 15:18:03 +08:00
imxyy_soope_
c7cf3336a0 chore(imxyy-nix): use DP-1 and DP-2 2025-11-29 15:16:28 +08:00
imxyy_soope_
15ac780c9d feat(langs/c): use clang 2025-11-29 15:16:14 +08:00
imxyy_soope_
3cb98cfeb0 chore: update flake.lock 2025-11-29 15:09:09 +08:00
imxyy_soope_
4ae4f3bb2b feat(nvim): typst; tidy language specific configurations 2025-11-23 14:49:31 +08:00
imxyy_soope_
9273df1ab8 fmt(.editorconfig): insert_final_newline = true 2025-11-22 22:56:50 +08:00
imxyy_soope_
374a3ef071 feat(btreset): python -> bash 2025-11-22 22:48:48 +08:00
imxyy_soope_
0983d5b058 chore: update secrets 2025-11-22 22:20:06 +08:00
imxyy_soope_
e8f025b9c5 chore: drop open-webui 2025-11-22 17:50:24 +08:00
imxyy_soope_
4144c14868 chore: fmt 2025-11-22 17:35:42 +08:00
imxyy_soope_
1417822aa6 feat: add garnix cache 2025-11-22 17:35:24 +08:00
imxyy_soope_
3ea322dd0f chore: update flake.lock 2025-11-22 17:35:10 +08:00
imxyy_soope_
86c85676ea chore: update secrets 2025-11-16 14:23:58 +08:00
imxyy_soope_
b302abb724 feat(distrobox): add nvim 2025-11-15 19:49:28 +08:00
imxyy_soope_
4817576834 chore: fmt 2025-11-15 19:49:13 +08:00
imxyy_soope_
0683ced027 feat: upgrade noctalia-shell 2025-11-15 19:48:55 +08:00
imxyy_soope_
cec8f7897a chore: update secrets 2025-11-15 19:48:22 +08:00
imxyy_soope_
78a062432f chore: update secrets 2025-11-15 19:47:47 +08:00
imxyy_soope_
4f77ac9385 chore: drop mpd 2025-11-15 15:43:43 +08:00
imxyy_soope_
73e490f523 feat: upgrade go-musicfox 2025-11-15 15:42:54 +08:00
imxyy_soope_
12c381da5f fmt: trailing LF 2025-11-15 15:08:20 +08:00
imxyy_soope_
23a24820c5 chore: update secrets 2025-11-15 14:55:38 +08:00
imxyy_soope_
d6e0b0ef96 feat(server/nextcloud): upgrade to 32 2025-11-15 14:55:38 +08:00
imxyy_soope_
ef913abe9e feat: secure frp server address 2025-11-15 14:55:38 +08:00
imxyy_soope_
4d0cd7b1e7 chore: update flake.lock; use treefmt 2025-11-15 14:54:08 +08:00
imxyy_soope_
9482ba860f feat(imxyy-nix): use distrobox 2025-11-08 23:53:50 +08:00
imxyy_soope_
44aca8ce69 feat(noctalia): update settings 2025-11-02 15:42:10 +08:00
imxyy_soope_
792aaa20d5 fmt: LF at end of file 2025-11-02 15:41:15 +08:00
imxyy_soope_
959956409d chore: update flake.lock; prepare for 25.11 migration 2025-11-01 21:05:31 +08:00
imxyy_soope_
41969ab2e0 feat(noctalia): mm月dd日 -> mm/dd 2025-10-26 13:52:24 +08:00
imxyy_soope_
e228fdc222 feat(style/gtk): use Adwaita Sans 2025-10-26 13:51:45 +08:00
imxyy_soope_
6bc50deb6a refactor: font config 2025-10-26 13:44:36 +08:00
imxyy_soope_
090677e101 feat(server): disable media related cli 2025-10-19 16:20:55 +08:00
imxyy_soope_
8ae8e6f9b1 feat(server/nextcloud): drop nginx.recommendedHeaders 2025-10-19 16:20:15 +08:00
imxyy_soope_
3acd90bbdd feat: update README.md 2025-10-18 22:16:59 +08:00
imxyy_soope_
e9204bb2f5 feat(desktop): migrate to noctalia-shell, drop unused softwares 2025-10-18 22:16:33 +08:00
imxyy_soope_
362d610f1d refactor(browser): set default browser 2025-10-18 22:15:39 +08:00
imxyy_soope_
5a671c3ece feat(nvim): nvim-colorizer 2025-10-18 12:57:59 +08:00
imxyy_soope_
f2111f7771 feat(noctalia): customize color theme 2025-10-18 12:57:07 +08:00
imxyy_soope_
c71710867f feat(niri): use noctalia shell 2025-10-18 10:17:49 +08:00
imxyy_soope_
465eb3c608 refactor(flake.nix): use nested flake input 2025-10-18 01:08:43 +08:00
imxyy_soope_
9696d4f343 chore: update flake.lock 2025-10-18 01:04:48 +08:00
imxyy_soope_
4218dbeb80 feat(langs/js): use pnpm 2025-10-17 19:52:40 +08:00
imxyy_soope_
c167e3ac64 feat(cli): use fastfetch 2025-10-07 11:49:15 +08:00
imxyy_soope_
f07598688f chore(nvim): tidy 2025-10-04 14:55:23 +08:00
imxyy_soope_
e696472c5b feat(nvim): glance.nvim 2025-10-04 14:54:36 +08:00
imxyy_soope_
dcfd134a4e feat(nvim): close nvim-tree when its the only window left 2025-10-04 14:53:46 +08:00
imxyy_soope_
77d0a1c449 feat: add .lazy.lua to setup lazydev.nvim 2025-10-04 13:03:34 +08:00
imxyy_soope_
7b1044214f feat: add .editorconfig 2025-10-04 13:03:24 +08:00
imxyy_soope_
faba8a05e6 refactor: my.home -> my.hm for disambiguilty (e.g. my.home.home) 2025-10-03 22:17:36 +08:00
imxyy_soope_
1eaee50e82 feat(nvim): enable exrc; drop unused file 2025-10-02 16:45:19 +08:00
imxyy_soope_
763c55b68e chore: update secrets 2025-10-02 16:42:41 +08:00
imxyy_soope_
95fc23da50 feat(server/minio): drop caddy reverse proxy 2025-10-02 16:42:10 +08:00
imxyy_soope_
a6006d362d chore(server): drop headscale 2025-10-02 16:40:51 +08:00
imxyy_soope_
57cc21a1cd feat(server/tuwunel): suppress_when_active 2025-10-02 16:40:24 +08:00
imxyy_soope_
e78a3af90c feat(server): HF-plant 2025-10-02 16:28:07 +08:00
imxyy_soope_
3652579508 chore: update flake.lock 2025-10-01 14:54:49 +08:00
imxyy_soope_
1036d4ce0b feat: evince -> papers 2025-09-21 13:08:03 +08:00
imxyy_soope_
354525129e chore: update flake.lock 2025-09-21 13:07:50 +08:00
imxyy_soope_
7e9875ac38 fix: remove non-existent xmcl 2025-09-20 14:19:15 +08:00
imxyy_soope_
a9089d81b1 fix(efl): tuwunel delegation 2025-09-20 14:16:05 +08:00
imxyy_soope_
d61cd261e0 chore: update secrets 2025-09-14 11:11:46 +08:00
imxyy_soope_
3f206e08c2 feat: init efl 😋 2025-09-14 11:11:27 +08:00
imxyy_soope_
2677ed4594 fix(server/dns): loop 2025-09-14 11:10:11 +08:00
imxyy_soope_
905274fe73 chore: update flake.lock 2025-09-14 11:09:26 +08:00
imxyy_soope_
23b30d3a84 chore: update flake.lock 2025-09-05 19:40:00 +08:00
imxyy_soope_
5bead3c20f chore: update secrets 2025-08-29 19:55:53 +08:00
imxyy_soope_
dd2f880a3b feat: mautirx-telegram 2025-08-29 19:55:31 +08:00
imxyy_soope_
1869ae86f1 refactor: custom packages 2025-08-29 13:01:46 +08:00
imxyy_soope_
b7d6cd3dbf fix(waybar): incorrect mode config (dropping it has not effect) 2025-08-29 13:01:46 +08:00
imxyy_soope_
900b66796b feat(niri): customize insert hint 2025-08-29 13:01:46 +08:00
imxyy_soope_
44a479d6b4 fix(hmcl): wrap hmcl to fix config file persistence 2025-08-29 13:01:46 +08:00
imxyy_soope_
b5dca35878 feat(server): drop unused web services 2025-08-29 13:01:46 +08:00
imxyy_soope_
a1fa09008b feat(imxyy-nix): persist waydroid 2025-08-29 12:56:20 +08:00
imxyy_soope_
375c9b59b9 feat(imxyy-nix): persist claude code 2025-08-29 12:55:58 +08:00
imxyy_soope_
90f0b4aa63 fix(nvim): rust-analyzer config 
It has been broken for thousands of years.
 2025-08-26 21:52:08 +08:00
imxyy_soope_
fba506e06d feat(imxyy-nix/keyd): use side button to replace right button 
my mouse 😭
 2025-08-24 21:50:28 +08:00
imxyy_soope_
8b303fb0f0 feat(niri): prevent waybar black corners 
ref: 05337ce855
 2025-08-24 21:50:28 +08:00
imxyy_soope_
49bbfe094a feat(niri): use gnome polkit agent 2025-08-24 21:50:28 +08:00
imxyy_soope_
3c5c96d623 chore: update flake.lock; drop NUR 2025-08-24 21:50:28 +08:00
imxyy_soope_
5a5fb9a426 feat: use nautilus instead of nemo 2025-08-24 21:50:28 +08:00
imxyy_soope_
82ba9038ed feat(gtk/theme): use Adwaita 2025-08-24 21:50:28 +08:00
imxyy_soope_
d22d597cf1 feat(nix): disable auto store optimisation to speed up input fetching 2025-08-24 21:50:28 +08:00
imxyy_soope_
c61b1e8961 feat(nvim): prevent accidental <S-up> and <S-down> 2025-08-24 21:50:28 +08:00
imxyy_soope_
475acb7fd1 feat: waydroid 2025-08-24 21:50:28 +08:00
imxyy_soope_
3ef2f7da09 feat: fractal 2025-08-24 21:50:28 +08:00
imxyy_soope_
fbc5a9ee8e feat(tuwunel): turn server 2025-08-17 00:35:00 +08:00
imxyy_soope_
f46ad8a2f3 feat: revive minecraft server 😋 2025-08-17 00:02:32 +08:00
imxyy_soope_
c14a3682ff fix(tuwunel): delegation 2025-08-17 00:02:01 +08:00
imxyy_soope_
f4a0e2a862 fix: nextcloud mount 2025-08-16 23:13:23 +08:00
imxyy_soope_
df589d6797 feat: update go-musicfox 2025-08-16 23:13:01 +08:00
imxyy_soope_
1da80c49db fix(fcitx5/overlay): qq 2025-08-15 20:12:42 +08:00
imxyy_soope_
8080d174ae chore: update flake.lock 2025-08-15 16:52:24 +08:00
imxyy_soope_
0d39e2869b feat(wine): disable by default 2025-08-15 16:51:48 +08:00
imxyy_soope_
953952f345 feat: disable minecraft server 😭 2025-08-15 16:51:23 +08:00
imxyy_soope_
1f60272f14 feat: matrix-tuwunel 😋 2025-08-15 16:50:49 +08:00
imxyy_soope_
e5474ffd29 feat(niri): maximize by default 2025-08-14 22:18:04 +08:00
imxyy_soope_
dec6db7e8e feat: element-desktop 2025-08-14 21:19:47 +08:00
imxyy_soope_
a966a7e81f feat(x16): moonlight 2025-08-14 21:19:34 +08:00
imxyy_soope_
67b27c4079 chore: update flake.lock 2025-08-13 09:19:53 +08:00
imxyy_soope_
e958163479 feat(nvim): move language servers to each language's .nix file 2025-08-13 09:18:49 +08:00
imxyy_soope_
90cd4bdd84 feat(sddm): use cattpuccin 2025-08-12 12:50:46 +08:00
imxyy_soope_
e1e3e96626 feat(niri): brightnessctl 2025-08-12 09:03:19 +08:00
imxyy_soope_
16f11262ff feat(imxyy-nix-x16): persist gemini and claude 2025-08-12 09:02:50 +08:00
imxyy_soope_
a2b63259ed feat(imxyy-nix-x16): power management 2025-08-12 09:02:03 +08:00
imxyy_soope_
ab539b82ca fix(fcitx5/overlay): drop unecessary phases 2025-08-09 20:18:27 +08:00
imxyy_soope_
05c2bc3627 fix(waybar): icon 2025-08-07 11:14:57 +08:00
imxyy_soope_
464a162703 feat: rework fcitx5 overlay, avoid rebuild 2025-08-04 20:46:41 +08:00
imxyy_soope_
8385671c4f chore: drop unused packages 2025-08-04 20:45:39 +08:00
imxyy_soope_
433e26edaa feat: unfollow nixpkgs for niri, use binary cache; update flake.lock 2025-08-04 20:44:10 +08:00
imxyy_soope_
c28d386c29 feat: persist gemini 2025-08-04 10:24:02 +08:00
imxyy_soope_
a149d2a3df feat(cli): comma 2025-08-02 21:02:00 +08:00
imxyy_soope_
ea02f5b023 chore: drop unused custom packages 2025-08-02 20:29:46 +08:00
imxyy_soope_
bf904ec38a feat(fcitx5): update overlay 2025-08-02 18:25:02 +08:00
imxyy_soope_
c419ac3a30 fix(nix): github token 2025-08-02 18:06:22 +08:00
imxyy_soope_
244844242f feat(langs): java 2025-08-02 18:05:56 +08:00
imxyy_soope_
f730d8d118 fix(zsh): use xdg.configHome in zdotdir 2025-08-02 18:05:09 +08:00
imxyy_soope_
590343e5eb feat: update flake.lock; update sops-nix to use ssh key 2025-08-02 18:04:22 +08:00
imxyy_soope_
5da17890cb feat(langs/rust): add ~/.cargo/bin to PATH 2025-07-30 22:34:51 +08:00
imxyy_soope_
52692a4a47 feat(fcitx5): update overlay 2025-07-30 22:28:40 +08:00
imxyy_soope_
f2cb379100 feat: prefer sjtug mirror over sjtu mirror due to stability 2025-07-30 22:28:23 +08:00
imxyy_soope_
e6a2690baa feat: tidy 2025-07-27 22:11:59 +08:00
imxyy_soope_
f642f9c9cc fix(server): qemu & virtio 2025-07-27 21:46:55 +08:00
imxyy_soope_
7d08e1f5ef feat(audio): move to pipewire 2025-07-27 21:45:50 +08:00
imxyy_soope_
3cb73506f1 chore: drop cava 2025-07-27 21:36:15 +08:00
imxyy_soope_
4be7cd0c0f feat(btreset): use usbutils/usbreset 2025-07-27 20:51:58 +08:00
imxyy_soope_
2d038b2ae2 feat(niri): disable auto scroll 2025-07-27 20:47:51 +08:00
imxyy_soope_
dd8afc8954 refactor: overlay 2025-07-26 12:34:11 +08:00
imxyy_soope_
e69600cc77 chore: update flake.lock 2025-07-26 12:33:07 +08:00
imxyy_soope_
17ef457181 chore: drop unused softwares 2025-07-26 12:22:06 +08:00
imxyy_soope_
a39b966a91 refactor: fcitx5 overlay 2025-07-26 12:19:59 +08:00
imxyy_soope_
a0b044dbc9 feat(starship): speedup jj prompt 2025-07-24 21:48:43 +08:00
imxyy_soope_
94764e7a5a feat: television (fuzzy finder) 2025-07-22 21:28:47 +08:00
imxyy_soope_
fef786d317 feat(nix): github token 2025-07-22 21:28:27 +08:00
imxyy_soope_
8ca0a6cc0f refactor: sops-nix 2025-07-22 21:21:41 +08:00
imxyy_soope_
3263d72b59 feat(server): memos 2025-07-22 17:07:47 +08:00
imxyy_soope_
1c7e5b9f05 feat(jj): set conflict-marker-style 2025-07-22 16:43:25 +08:00
imxyy_soope_
1da34bf704 fix(headscale): RestartSec conflict 2025-07-22 16:43:25 +08:00
imxyy_soope_
88107f9fe7 feat(server): authorize imxyy-nix-x16 2025-07-22 16:43:25 +08:00
imxyy_soope_
5d1f622782 fix: immich 2025-07-22 16:42:43 +08:00
imxyy_soope_
0ed99176ad chore: update flake.lock 2025-07-22 15:51:48 +08:00
imxyy_soope_
4dddb0e803 chore(nvim): drop outdated config 2025-07-22 15:17:31 +08:00
imxyy_soope_
4353f9da34 feat: qtct 2025-07-22 12:36:00 +08:00
imxyy_soope_
66e772ce62 fix: imxyy-nix-x16 2025-07-18 23:57:21 +08:00
imxyy_soope_
422259838b fix(imxyy-nix-server): NAS 2025-07-13 13:35:01 +08:00
imxyy_soope_
390e75ce8e feat(imxyy-nix-x16/niri): scale 2025-07-13 13:34:44 +08:00
imxyy_soope_
a3b627359b fix: systemd service restart 2025-07-13 13:31:48 +08:00
imxyy_soope_
be75d12e9c chore(niri): update flake.lock 2025-07-13 13:17:18 +08:00
328 changed files with 4983 additions and 20991 deletions
Expand all files Collapse all files

13
.editorconfig Normal file
View File

@@ -0,0 +1,13 @@
root = true
[*]
indent_style = space
end_of_line = lf
charset = utf-8
insert_final_newline = true
[*.{nix,lua,yaml,css}]
indent_size = 2
[Makefile]
indent_size = 4

1
.envrc Normal file
View File

@@ -0,0 +1 @@
export IMPURE_ROOT=$(pwd)

40
.lazy.lua Normal file
View File

@@ -0,0 +1,40 @@
vim.lsp.config("nixd", {
settings = {
nixd = {
options = {
nixos = {
expr = '(builtins.getFlake ("git+file://" + toString ./.)).nixosConfigurations.'
.. vim.uv.os_gethostname()
.. ".options",
},
},
diagnostic = {
suppress = {
"sema-primop-overridden",
},
},
},
},
})
return {
{
"folke/lazydev.nvim",
ft = "lua",
opts = {
library = {
{ path = "${3rd}/luv/library", words = { "vim%.uv" } },
},
},
},
{
"hrsh7th/nvim-cmp",
opts = function(_, opts)
opts.sources = opts.sources or {}
table.insert(opts.sources, {
name = "lazydev",
group_index = 0,
})
end,
},
}

10
.sops.yaml
View File

@@ -1,13 +1,11 @@
keys: keys:
- &imxyy-nix age1jf5pg2x6ta8amj40xdy0stvcvrdlkwc2nrwtmkpymu0qclk0eg5qmm9kns - &imxyy-nix ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
- &imxyy-nix-server age1hpgg6psejh4y6jcdd34wxuml75fnweqpe0kh8376yqsctsfn9qxs037kk6 - &imxyy-nix-server ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
- &imxyy-nix-x16 age1r0fv0tagxupfacv0aaxk5ss7sqvswv6kq8tk3x46ndqrj6f5afvqegahxq - &imxyy-nix-x16 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
- &imxyy-cloudwin age1tp7th3rrv3x0l6jl76n0hjqjp223w2y586pkgr0hcjwdm254jd5shkj6a8
creation_rules: creation_rules:
- path_regex: secrets/.*\.(yaml|toml|json|env|dae|txt|conf)$ - path_regex: secrets/.*\..*
key_groups: key_groups:
- age: - age:
- *imxyy-nix - *imxyy-nix
- *imxyy-nix-server - *imxyy-nix-server
- *imxyy-nix-x16 - *imxyy-nix-x16
- *imxyy-cloudwin

51
Justfile Normal file
View File

@@ -0,0 +1,51 @@
set export
IMPURE_ROOT := `pwd`
all: fmt switch
@switch:
echo "Rebuilding NixOS..."
nh os switch . --impure
@switch-offline:
echo "Rebuilding NixOS without net..."
nh os switch . --impure --no-net
alias offline := switch-offline
@boot:
echo "Rebuilding NixOS..."
nh os boot . --impure
@test:
echo "Rebuilding NixOS..."
nh os test . --impure
@vm:
echo "Building NixOS VM..."
nh os build-vm . --impure
@update:
echo "Updating flakes..."
nix flake update
@repl:
nixos-rebuild repl --flake .
@cleandry:
echo "Listing all generations older than 15 days..."
sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --dry-run --older-than 15d
nix profile wipe-history --profile ~/.local/state/nix/profiles/home-manager --dry-run --older-than 15d
@clean:
echo "Removing all generations older than 15 days..."
sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 15d
nix profile wipe-history --profile ~/.local/state/nix/profiles/home-manager --older-than 15d
@gc:
nix store gc --debug
@fmt:
echo "Formatting files..."
nix fmt

49
Makefile
View File

@@ -1,49 +0,0 @@
all: fmt switch
switch:
@echo "Rebuilding NixOS..."
@nh os switch .
boot:
@echo "Rebuilding NixOS..."
@nh os boot .
test:
@echo "Rebuilding NixOS..."
@nh os test .
vm:
@echo "Building NixOS VM..."
@nh os build-vm .
update:
@echo "Updating flakes..."
@nix flake update
history:
@nix profile history --profile /nix/var/nix/profiles/system
replpkgs:
@nix repl -f flake:nixpkgs
repl:
@nh os repl .
cleandry:
@echo "Listing all generations older than 15 days..."
@sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --dry-run --older-than 15d
@nix profile wipe-history --profile ~/.local/state/nix/profiles/home-manager --dry-run --older-than 15d
clean:
@echo "Removing all generations older than 15 days..."
@sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 15d
@nix profile wipe-history --profile ~/.local/state/nix/profiles/home-manager --older-than 15d
gc:
@nix store gc --debug
fmt:
@echo "Formatting nix files..."
@nix fmt
.PHONY: os home news update history repl clean gc fmt

37
README.md
View File

@@ -10,7 +10,7 @@ Currently, this repository contains the nix code that builds:
2. NixOS home server 2. NixOS home server
3. NixOS WSL 3. NixOS WSL
See [./config/hosts](./config/hosts) for details of each host. See [./hosts](./hosts) for details of each host.
## Why NixOS & Flakes? ## Why NixOS & Flakes?
@@ -22,30 +22,25 @@ forever. If someone else shares their configuration, anyone else can just use it
As for Flakes, refer to As for Flakes, refer to
[Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes) [Introduction to Flakes - NixOS & Nix Flakes Book](https://nixos-and-flakes.thiscute.world/nixos-with-flakes/introduction-to-flakes)
## Components This configuration uses [flake-parts](https://flake.parts/) for better flake organization and modularity,
enabling declarative host definitions and cleaner separation of concerns.
| | NixOS(Wayland) |
| ----------------------------- | :------------------------------------------------------ |
| **Window Manager** | Niri |
| **Terminal Emulator** | Alacritty & Kitty & Foot & Ghostty |
| **Bar** | Waybar |
| **Application Launcher** | wofi |
| **Notification Daemon** | SwayNotificationCenter |
| **Input method framework** | Fcitx5 |
| **Shell** | Zsh |
| **Netease Cloudmusic Player** | go-musicfox |
| **Media Player** | mpv |
| **Text Editor** | Neovim |
| **Fonts** | Noto Sans CJK & Jetbrains Mono & Nerd Font |
| **Filesystem** | btrfs subvolumes, clean '/' every boot for impermanence |
And more...
## Folder Structure ## Folder Structure
- `modules/` - custom NixOS modules - `modules/` - custom NixOS modules
- `config/base.nix` - generic configs - `modules/core/` - core system modules (nix, persistence, time, user, xdg)
- `config/hosts/<name>/` - hosts-specific configs - `modules/cli/` - command-line tools and utilities
- `modules/coding/` - development environments and editors
- `modules/desktop/` - desktop applications and window managers
- `modules/virt/` - virtualization configurations
- `profiles/` - system configuration profiles
- `profiles/base.nix` - base configuration for all hosts
- `profiles/desktop.nix` - desktop environment configuration
- `profiles/server.nix` - server-specific configuration
- `profiles/wsl.nix` - WSL-specific configuration
- `hosts/<name>/` - host-specific configs
- `flake/` - flake-parts modules
- `flake/hosts.nix` - declarative host definitions
- `lib/` - custom nix library - `lib/` - custom nix library
- `pkgs/` - custom packages - `pkgs/` - custom packages
- `overlays/` - nixpkgs overlays - `overlays/` - nixpkgs overlays

BIN
assets/avatar.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

0
assets/wallpapers/wallpaper.png → assets/wallpaper.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 25 KiB

38
config/base.nix
View File

@@ -1,38 +0,0 @@
{ config, hostname, ... }:
{
# I prefer this to the default issue text
# ported from ArchLinux IIRC
environment.etc.issue.text = "\\e{lightcyan}\\S\\e{reset} Login (\\l)\n\n";
networking.hostName = hostname;
# don't change this unless you know what you are doing!
# for further information, see wiki.nixos.org
system.stateVersion = "24.11";
# disable this since we already have machine-id persisted
systemd.services."systemd-machine-id-commit".enable = !config.my.persist.enable;
my = {
home = {
# nicely reload system units when changing configs
systemd.user.startServices = "sd-switch";
home.stateVersion = "24.11";
};
xdg.enable = true;
persist = {
nixosDirs = [
"/root"
"/var"
"/etc/ssh"
];
nixosFiles = [
"/etc/machine-id"
];
homeDirs = [
{
directory = ".ssh";
mode = "0700";
}
];
};
};
}

16
config/hosts/imxyy-nix-server/ai.nix
View File

@@ -1,16 +0,0 @@
{ pkgs, ... }:
{
services.open-webui = {
enable = true;
host = "127.0.0.1";
port = 8089;
package = pkgs.stable.open-webui;
};
services.caddy.virtualHosts."ai.imxyy.top" = {
extraConfig = ''
reverse_proxy :8089 {
header_up X-Real-IP {remote_host}
}
'';
};
}

38
config/hosts/imxyy-nix-server/code.nix
View File

@@ -1,38 +0,0 @@
{ config, ... }:
{
services.postgresql.ensureUsers = [
{
name = "coder";
ensureDBOwnership = true;
}
];
services.postgresql.ensureDatabases = [ "coder" ];
virtualisation.oci-containers = {
containers = {
coder = {
image = "ghcr.io/coder/coder:latest";
environment = {
CODER_ACCESS_URL = "https://coder.imxyy.top";
CODER_HTTP_ADDRESS = "0.0.0.0:8086";
CODER_PG_CONNECTION_URL = "postgresql://coder:coderdatabase@127.0.0.1/coder?sslmode=disable";
};
extraOptions = [
"--network=host"
"--group-add=${toString config.users.groups.podman.gid}"
];
volumes = [
"/var/lib/coder:/home/coder/.config"
"/var/run/docker.sock:/var/run/docker.sock"
];
ports = [ "8086:8086" ];
};
};
};
services.caddy.virtualHosts."coder.imxyy.top" = {
extraConfig = ''
reverse_proxy :8086 {
header_up X-Real-IP {remote_host}
}
'';
};
}

27
config/hosts/imxyy-nix-server/default.nix
View File

@@ -1,27 +0,0 @@
{
imports = [
./nixos.nix
./hardware.nix
./home.nix
./virt.nix
./docker.nix
./minecraft.nix
./samba.nix
./net.nix
./caddy.nix
./nextcloud.nix
./mail.nix
./gitea.nix
./vault.nix
./homepage.nix
./code.nix
./yesplaymusic.nix
./ai.nix
./grafana.nix
./note.nix
./matrix.nix
./minio.nix
./build.nix
./immich.nix
];
}

18
config/hosts/imxyy-nix-server/homepage.nix
View File

@@ -1,18 +0,0 @@
{
virtualisation.oci-containers = {
containers = {
sun-panel = {
image = "hslr/sun-panel:latest";
volumes = [
"/var/lib/sun-panel:/app/conf"
];
ports = [ "8085:3002" ];
};
};
};
services.caddy.virtualHosts."home.imxyy.top" = {
extraConfig = ''
reverse_proxy :8085
'';
};
}

46
config/hosts/imxyy-nix-server/matrix.nix
View File

@@ -1,46 +0,0 @@
{
services.matrix-synapse = {
enable = true;
settings = {
server_name = "matrix.imxyy.top";
public_baseurl = "https://matrix.imxyy.top";
listeners = [
{
port = 8094;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
turn_uris = [ "turns:vkvm.imxyy.top:5349" ];
turn_shared_secret = "ac779a48c03bb451839569d295a29aa6ab8c264277bec2df9c9c7f5e22936288";
turn_user_lifetime = "1h";
database_type = "psycopg2";
database_args.database = "matrix-synapse";
};
extraConfigFiles = [
"/var/lib/matrix-synapse/secret"
];
};
services.caddy.virtualHosts."matrix.imxyy.top" = {
extraConfig = ''
reverse_proxy :8094
handle_path /_matrix {
reverse_proxy :8094
}
handle_path /_synapse/client {
reverse_proxy :8094
}
'';
};
}

592
config/hosts/imxyy-nix-server/net.nix
View File

@@ -1,592 +0,0 @@
{
config,
lib,
pkgs,
username,
sopsRoot,
...
}:
{
boot.kernelParams = [
"biosdevname=0"
"net.ifnames=0"
];
networking = {
useDHCP = lib.mkForce false;
dhcpcd = {
wait = "background";
IPv6rs = true;
extraConfig = ''
interface mac0
noipv4
'';
};
interfaces = {
eth0.wakeOnLan.enable = true;
eth1.wakeOnLan.enable = true;
mac0 = {
useDHCP = true;
ipv4.addresses = [
{
address = "192.168.3.2";
prefixLength = 24;
}
];
};
};
macvlans."mac0" = {
interface = "eth0";
mode = "bridge";
};
defaultGateway = {
address = "192.168.3.1";
interface = "mac0";
};
nameservers = [
"192.168.3.2"
];
firewall.enable = false;
nftables = {
enable = true;
flushRuleset = true;
ruleset = ''
table inet firewall {
set LANv4 {
type ipv4_addr
flags interval
elements = { 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
}
set LANv6 {
type ipv6_addr
flags interval
elements = { fd00::/8, fe80::/10 }
}
set tcp_ports {
type inet_service
flags interval
elements = {
http,
https,
2222,
25565
}
}
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip daddr @LANv4 accept
ip6 daddr @LANv6 accept
}
chain output {
type filter hook output priority 100; policy accept;
ip daddr @LANv4 accept
ip6 daddr @LANv6 accept
}
chain input {
type filter hook input priority 0; policy drop;
iif lo accept
ct state invalid drop
ct state established,related accept
ip protocol { icmp, igmp } accept
ip saddr @LANv4 accept
ip6 saddr @LANv6 accept
tcp dport 2222 ct state new limit rate 15/minute counter accept
tcp dport @tcp_ports counter accept
}
chain forward {
type filter hook forward priority 0; policy accept;
}
chain nat {
type nat hook postrouting priority 0; policy accept;
ip saddr 192.168.3.0/24 masquerade
}
}
'';
};
};
services.openssh = {
enable = true;
settings = {
# PermitRootLogin = "yes";
PermitRootLogin = "prohibit-password";
PasswordAuthentication = true;
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin"
];
users.users.${username}.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin"
];
sops.secrets.dae-imxyy-nix-server = {
sopsFile = sopsRoot + /dae-imxyy-nix-server.dae;
format = "binary";
};
services.dae = {
enable = true;
configFile = config.sops.secrets.dae-imxyy-nix-server.path;
};
systemd.services.dae.after = [ "sops-nix.service" ];
sops.secrets.mihomo = {
sopsFile = sopsRoot + /mihomo.yaml;
format = "yaml";
key = "";
};
systemd.services.mihomo.after = [ "sops-nix.service" ];
services.mihomo = {
enable = true;
configFile = config.sops.secrets.mihomo.path;
webui = pkgs.metacubexd;
};
sops.secrets.frp-env = {
sopsFile = sopsRoot + /frp.env;
format = "dotenv";
};
systemd.services.frp.serviceConfig.EnvironmentFile = [
config.sops.secrets.frp-env.path
];
services.frp = {
enable = true;
role = "client";
settings = {
serverAddr = "hk.vkvm.imxyy.top";
serverPort = 7000;
auth.token = "{{ .Envs.FRP_AUTH_TOKEN }}";
proxies = [
{
name = "nextcloud-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "nextcloud.imxyy.top" ];
}
{
name = "nextcloud-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "nextcloud.imxyy.top" ];
}
{
name = "oidc-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "oidc.imxyy.top" ];
}
{
name = "oidc-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "oidc.imxyy.top" ];
}
{
name = "headscale-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "headscale.imxyy.top" ];
}
{
name = "headscale-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "headscale.imxyy.top" ];
}
{
name = "mail-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "mail.imxyy.top" ];
}
{
name = "mail-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "mail.imxyy.top" ];
}
{
name = "gitea-ssh";
type = "tcp";
localIP = "127.0.0.1";
localPort = 2222;
remotePort = 2222;
}
{
name = "gitea-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "git.imxyy.top" ];
}
{
name = "gitea-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "git.imxyy.top" ];
}
{
name = "vault-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "vault.imxyy.top" ];
}
{
name = "vault-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "vault.imxyy.top" ];
}
{
name = "home-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "home.imxyy.top" ];
}
{
name = "home-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "home.imxyy.top" ];
}
{
name = "coder-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "coder.imxyy.top" ];
}
{
name = "coder-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "coder.imxyy.top" ];
}
{
name = "music-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "music.imxyy.top" ];
}
{
name = "music-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "music.imxyy.top" ];
}
{
name = "ai-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "ai.imxyy.top" ];
}
{
name = "ai-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "ai.imxyy.top" ];
}
{
name = "grafana-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "grafana.imxyy.top" ];
}
{
name = "grafana-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "grafana.imxyy.top" ];
}
{
name = "note-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "note.imxyy.top" ];
}
{
name = "note-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "note.imxyy.top" ];
}
{
name = "siyuan-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "sy.imxyy.top" ];
}
{
name = "siyuan-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "sy.imxyy.top" ];
}
{
name = "matrix-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "matrix.imxyy.top" ];
}
{
name = "matrix-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "matrix.imxyy.top" ];
}
{
name = "immich-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "immich.imxyy.top" ];
}
{
name = "immich-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "immich.imxyy.top" ];
}
{
name = "minecraft";
type = "tcp";
localIP = "127.0.0.1";
localPort = 25565;
remotePort = 25565;
}
];
};
};
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
extraSetFlags = [ "--accept-dns=false" ];
};
services.headscale = {
enable = true;
address = "0.0.0.0";
port = 8080;
settings = {
logtail.enabled = false;
server_url = "https://headscale.imxyy.top";
dns.magic_dns = false;
dns.override_local_dns = false;
ip_prefixes = "100.64.0.0/10";
oidc = {
only_start_if_oidc_is_available = true;
issuer = "https://oidc.imxyy.top";
client_id = "https://headscale.imxyy.top";
allowed_domains = [
"imxyy.top"
"*.imxyy.top"
];
client_secret = "";
expiry = 0;
extra_params.domain_hint = "imxyy.top";
};
};
};
systemd.services."headscale" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m";
RestartSec = lib.mkOverride 500 "100ms";
RestartSteps = lib.mkOverride 500 9;
};
after = [
"podman-obligator.service"
];
requires = [
"podman-obligator.service"
];
};
sops.secrets.et-imxyy-nix-server = {
sopsFile = sopsRoot + /et-imxyy-nix-server.toml;
format = "binary";
};
environment.systemPackages = [ pkgs.easytier ];
systemd.services."easytier" = {
enable = true;
script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server.path}";
serviceConfig = {
Restart = lib.mkOverride 500 "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m";
RestartSec = lib.mkOverride 500 "100ms";
RestartSteps = lib.mkOverride 500 9;
User = "root";
};
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"sops-nix.service"
];
};
virtualisation.oci-containers = {
containers = {
obligator = {
image = "anderspitman/obligator:latest";
volumes = [
"/var/lib/obligator:/data"
"/var/lib/obligator:/api"
];
ports = [ "8081:1616" ];
cmd = [
"-storage-dir"
"/data"
"-api-socket-dir"
"/api"
"-root-uri"
"https://oidc.imxyy.top"
"-port"
"1616"
];
};
};
};
services.caddy.virtualHosts."headscale.imxyy.top" = {
extraConfig = ''
reverse_proxy :8080 {
header_up X-Real-IP {remote_host}
}
'';
};
services.caddy.virtualHosts."oidc.imxyy.top" = {
extraConfig = ''
reverse_proxy :8081 {
header_up X-Real-IP {remote_host}
}
'';
};
systemd.services.ddns-go =
let
ddns-go = pkgs.buildGoModule rec {
pname = "ddns-go";
version = "6.6.7";
src = pkgs.fetchFromGitHub {
owner = "jeessy2";
repo = "ddns-go";
rev = "v${version}";
hash = "sha256-Ejoe6e9GFhHxQ9oIBDgDRQW9Xx1XZK+qSAXiRXLdn+c=";
};
meta.mainProgram = "ddns-go";
vendorHash = "sha256-XZii7gV3DmTunYyGYzt5xXhv/VpTPIoYKbW4LnmlAgs=";
doCheck = false;
};
in
{
description = "Go Dynamic DNS";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe ddns-go} -l :9876 -f 10 -cacheTimes 180 -c /var/lib/ddns-go/config.yaml";
Restart = "always";
RestartSec = 120;
};
path = [
pkgs.bash
];
};
services.dnsmasq =
let
subDomains = [
"home"
"nextcloud"
"mail"
"git"
"vault"
"coder"
"headscale"
"grafana"
"matrix"
"note"
"oidc"
"mc"
"music"
"ai"
"sy"
"minio"
];
in
{
enable = true;
resolveLocalQueries = false;
settings = {
server = [
"120.53.53.53"
"223.5.5.5"
];
address = map (sub: "/${sub}.imxyy.top/192.168.3.2") subDomains ++ [
"/imxyy-nix-server/192.168.3.2"
"/imxyy-cloudwin/192.168.3.4"
"/printer.home/192.168.3.53"
];
cache-size = 0;
};
};
}

33
config/hosts/imxyy-nix-server/nixos.nix
View File

@@ -1,33 +0,0 @@
{
lib,
config,
username,
sopsRoot,
...
}:
{
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
grub.enable = false;
timeout = 0;
};
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/cache/nix";
serviceConfig.CacheDirectory = "nix";
};
environment.variables.NIX_REMOTE = "daemon";
sops.secrets.imxyy-nix-server-hashed-password = {
sopsFile = sopsRoot + /imxyy-nix-server-hashed-password.txt;
format = "binary";
neededForUsers = true;
};
users.users.${username}.hashedPasswordFile =
lib.mkForce config.sops.secrets.imxyy-nix-server-hashed-password.path;
users.users.root.hashedPasswordFile = lib.mkForce config.sops.secrets.imxyy-nix-server-hashed-password.path;
}

61
config/hosts/imxyy-nix-server/note.nix
View File

@@ -1,61 +0,0 @@
{
config,
sopsRoot,
...
}:
{
sops.secrets = {
flatnote-env = {
sopsFile = sopsRoot + /flatnote.env;
format = "dotenv";
};
siyuan-env = {
sopsFile = sopsRoot + /siyuan.env;
format = "dotenv";
};
};
virtualisation.oci-containers = {
containers = {
flatnotes = {
image = "dullage/flatnotes:latest";
volumes = [
"/mnt/nas/flatnotes/data:/data"
];
environmentFiles = [
"${config.sops.secrets.flatnote-env.path}"
];
ports = [ "8093:8080" ];
};
siyuan = {
image = "apkdv/siyuan-unlock:v3.1.30";
volumes = [
"/mnt/nas/siyuan/workspace:/workspace"
"/mnt/nas/siyuan:/home/siyuan"
];
cmd = [
"--workspace=/workspace"
];
environment = {
PUID = "0";
PGID = "0";
};
environmentFiles = [
"${config.sops.secrets.siyuan-env.path}"
];
ports = [ "8095:6806" ];
};
};
};
services.caddy.virtualHosts = {
"note.imxyy.top" = {
extraConfig = ''
reverse_proxy :8093
'';
};
"sy.imxyy.top" = {
extraConfig = ''
reverse_proxy :8095
'';
};
};
}

23
config/hosts/imxyy-nix-server/yesplaymusic.nix
View File

@@ -1,23 +0,0 @@
{
virtualisation.oci-containers.containers."YesPlayMusic" = {
image = "git.imxyy.top/imxyy1soope1/yesplaymusic:latest";
environment = {
"NODE_TLS_REJECT_UNAUTHORIZED" = "0";
};
volumes = [
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8088:80/tcp"
];
log-driver = "journald";
};
services.caddy.virtualHosts."music.imxyy.top" = {
extraConfig = ''
reverse_proxy :8088 {
header_up X-Real-IP {remote_host}
}
'';
};
}

6
config/hosts/imxyy-nix-wsl/default.nix
View File

@@ -1,6 +0,0 @@
{
imports = [
./nixos.nix
./home.nix
];
}

14
config/hosts/imxyy-nix-wsl/home.nix
View File

@@ -1,14 +0,0 @@
{ lib, username, ... }:
{
my.home.programs.zsh.shellAliases = {
localproxy_on = "export http_proxy=http://192.168.128.1:7890 https_proxy=http://192.168.128.1:7890 all_proxy=socks://192.168.128.1:7890";
};
my = {
sops.sshKeyPath = "/home/${username}/.ssh/id_ed25519";
coding.all.enable = true;
coding.editor.vscode.enable = lib.mkForce false;
cli.misc.enable = true;
xdg.enable = true;
cli.media.all.enable = true;
};
}

8
config/hosts/imxyy-nix-x16/default.nix
View File

@@ -1,8 +0,0 @@
{
imports = [
./nixos.nix
./hardware.nix
./home.nix
./net.nix
];
}

59
config/hosts/imxyy-nix-x16/net.nix
View File

@@ -1,59 +0,0 @@
{
config,
lib,
pkgs,
sopsRoot,
...
}:
{
boot.kernelParams = [
"biosdevname=0"
"net.ifnames=0"
];
networking.networkmanager.enable = true;
sops.secrets.dae-imxyy-nix-x16 = {
sopsFile = sopsRoot + /dae-imxyy-nix-x16.dae;
format = "binary";
};
services.dae = {
enable = true;
configFile = config.sops.secrets.dae-imxyy-nix-x16.path;
};
systemd.services.dae.after = [ "sops-nix.service" ];
sops.secrets.mihomo = {
sopsFile = sopsRoot + /mihomo.yaml;
format = "yaml";
key = "";
};
systemd.services.mihomo.after = [ "sops-nix.service" ];
services.mihomo = {
enable = true;
configFile = config.sops.secrets.mihomo.path;
webui = pkgs.metacubexd;
};
sops.secrets.et-imxyy-nix-x16 = {
sopsFile = sopsRoot + /et-imxyy-nix-x16.toml;
format = "binary";
};
environment.systemPackages = with pkgs; [
easytier
];
systemd.services."easytier" = {
enable = true;
script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-x16.path}";
serviceConfig = {
Restart = lib.mkOverride 500 "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m";
RestartSec = lib.mkOverride 500 "100ms";
RestartSteps = lib.mkOverride 500 9;
User = "root";
};
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"sops-nix.service"
];
};
}

175
config/hosts/imxyy-nix-x16/nixos.nix
View File

@@ -1,175 +0,0 @@
{
lib,
pkgs,
config,
username,
sopsRoot,
...
}:
{
security.pam.loginLimits = [
{
domain = "*";
type = "soft";
item = "nofile";
value = "524288";
}
];
boot.kernelParams = [
"usbcore.autosuspend=-1" # Avoid usb autosuspend (for usb bluetooth adapter)
];
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
grub.enable = false;
timeout = 0;
};
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/cache/nix";
serviceConfig.CacheDirectory = "nix";
};
environment.variables.NIX_REMOTE = "daemon";
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = false;
alsa.support32Bit = false;
pulse.enable = false;
audio.enable = false;
};
services.pulseaudio = {
enable = true;
support32Bit = true;
package = pkgs.pulseaudioFull;
extraConfig = ''
load-module module-switch-on-connect
unload-module module-suspend-on-idle
'';
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
Disable = "HeadSet";
MultiProfile = "multiple";
};
};
};
users.extraUsers.${username}.extraGroups = [ "audio" ];
fonts = {
enableDefaultPackages = false;
fontDir.enable = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
jetbrains-mono
nerd-fonts.symbols-only
];
fontconfig.defaultFonts = {
serif = [
"Noto Serif CJK SC"
"Noto Serif"
"Symbols Nerd Font"
];
sansSerif = [
"Noto Sans CJK SC"
"Noto Sans"
"Symbols Nerd Font"
];
monospace = [
"JetBrains Mono"
"Noto Sans Mono CJK SC"
"Symbols Nerd Font Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
services.printing.enable = true;
services.keyd = {
enable = true;
keyboards.default.settings = {
main = {
capslock = "overload(control, esc)";
home = "end";
};
shift = {
home = "home";
};
control = {
delete = "print";
};
};
};
services.gvfs.enable = true;
services.openssh = {
enable = true;
settings = {
# Forbid root login through SSH.
PermitRootLogin = null;
PasswordAuthentication = true;
};
};
environment.systemPackages = [
pkgs.rclone
];
sops.secrets.imxyy-nix-rclone = {
sopsFile = sopsRoot + /imxyy-nix-rclone.conf;
format = "binary";
};
fileSystems = {
"/home/${username}/Nextcloud" = {
device = "Nextcloud:";
fsType = "rclone";
options = [
"nodev"
"nofail"
"allow_other"
"args2env"
"config=${config.sops.secrets.imxyy-nix-rclone.path}"
"uid=1000"
"gid=100"
"rw"
"no-check-certificate"
"vfs-cache-mode=full"
];
};
"/home/${username}/NAS" = {
device = "//10.0.0.1/share";
fsType = "cifs";
options = [
"username=nas"
"password=nasshare"
"x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
"nodev"
"nofail"
"uid=1000"
"gid=100"
"vers=3"
"rw"
];
};
};
my.persist.nixosDirs = [ "/etc/NetworkManager/system-connections" ];
}

9
config/hosts/imxyy-nix/default.nix
View File

@@ -1,9 +0,0 @@
{
imports = [
./nixos.nix
./hardware.nix
./home.nix
./virt.nix
./net.nix
];
}

264
config/hosts/imxyy-nix/nixos.nix
View File

@@ -1,264 +0,0 @@
{
lib,
pkgs,
config,
username,
sopsRoot,
...
}:
let
btreset = pkgs.writeScriptBin "btreset" ''
#!${lib.getExe pkgs.python3}
import subprocess
import os
import sys
SYM = "BT"
def action(line: str) -> bool:
if line.find(SYM) == -1:
return False
temp = line.split(" ")
bus = temp[1]
device = temp[3][:-1]
subprocess.run(["${lib.getExe usbreset}", f"/dev/bus/usb/{bus}/{device}"])
return True
if __name__ == "__main__":
if os.path.exists("/tmp/.btreseted") and len(sys.argv) == 1 and "-f" not in sys.argv[1:]:
exit(0)
res_byte = subprocess.check_output("/run/current-system/sw/bin/lsusb")
res = res_byte.decode()
lst = res.split("\n")
if any(tuple(map(action, lst))):
with open("/tmp/.btreseted", "w"):
...
'';
usbreset = pkgs.writeCBin "usbreset" ''
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <linux/usbdevice_fs.h>
int main(int argc, char **argv)
{
const char *filename;
int fd;
int rc;
if (argc != 2) {
fprintf(stderr, "Usage: usbreset device-filename\n");
return 1;
}
filename = argv[1];
fd = open(filename, O_WRONLY);
if (fd < 0) {
perror("Error opening output file");
return 1;
}
printf("Resetting USB device %s\n", filename);
rc = ioctl(fd, USBDEVFS_RESET, 0);
if (rc < 0) {
perror("Error in ioctl");
return 1;
}
printf("Reset successful\n");
close(fd);
return 0;
}
'';
in
{
security.pam.loginLimits = [
{
domain = "*";
type = "soft";
item = "nofile";
value = "524288";
}
];
systemd.services.btreset = {
script = lib.getExe btreset;
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
};
boot.kernelParams = [
"usbcore.autosuspend=-1" # Avoid usb autosuspend (for usb bluetooth adapter)
"fsck.mode=skip"
];
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
grub.enable = false;
timeout = 0;
};
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/cache/nix";
serviceConfig.CacheDirectory = "nix";
};
environment.variables.NIX_REMOTE = "daemon";
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = false;
alsa.support32Bit = false;
pulse.enable = false;
audio.enable = false;
};
services.pulseaudio = {
enable = true;
support32Bit = true;
package = pkgs.pulseaudioFull;
extraConfig = ''
load-module module-switch-on-connect
unload-module module-suspend-on-idle
'';
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
Disable = "HeadSet";
MultiProfile = "multiple";
};
};
};
users.extraUsers.${username}.extraGroups = [ "audio" ];
fonts = {
enableDefaultPackages = false;
fontDir.enable = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
jetbrains-mono
nerd-fonts.symbols-only
];
fontconfig.defaultFonts = {
serif = [
"Noto Serif CJK SC"
"Noto Serif"
"Symbols Nerd Font"
];
sansSerif = [
"Noto Sans CJK SC"
"Noto Sans"
"Symbols Nerd Font"
];
monospace = [
"JetBrains Mono"
"Noto Sans Mono CJK SC"
"Symbols Nerd Font Mono"
];
emoji = [ "Noto Color Emoji" ];
};
};
services.printing.enable = true;
services.keyd = {
enable = true;
keyboards.default.settings = {
main = {
capslock = "overload(control, esc)";
home = "end";
};
shift = {
home = "home";
};
control = {
delete = "print";
};
};
};
services.gvfs.enable = true;
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
users.users.${username}.extraGroups = [ "wireshark" ];
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
applications.apps = [
{
name = "Desktop";
image-path = "desktop.png";
}
];
};
services.openssh = {
enable = true;
settings = {
# Forbid root login through SSH.
PermitRootLogin = null;
PasswordAuthentication = true;
};
};
environment.systemPackages = [
pkgs.rclone
btreset
];
sops.secrets.imxyy-nix-rclone = {
sopsFile = sopsRoot + /imxyy-nix-rclone.conf;
format = "binary";
};
fileSystems = {
"/home/${username}/Nextcloud" = {
device = "Nextcloud:";
fsType = "rclone";
options = [
"nodev"
"nofail"
"allow_other"
"args2env"
"config=${config.sops.secrets.imxyy-nix-rclone.path}"
"uid=1000"
"gid=100"
"rw"
"no-check-certificate"
"vfs-cache-mode=full"
];
};
"/home/${username}/NAS" = {
device = "//192.168.3.2/share";
fsType = "cifs";
options = [
"username=nas"
"password=nasshare"
"x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
"nodev"
"nofail"
"uid=1000"
"gid=100"
"vers=3"
"rw"
];
};
};
}

632
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

300
flake.nix
View File

@@ -3,213 +3,141 @@
inputs = { inputs = {
# Nixpkgs # Nixpkgs
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/release-25.05"; nixpkgs-stable.url = "github:nixos/nixpkgs/release-25.11";
nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-master.url = "github:nixos/nixpkgs/master";
# nixpkgs.follows = "nixpkgs-stable"; # nixpkgs.follows = "nixpkgs-stable";
nixpkgs.follows = "nixpkgs-unstable"; nixpkgs.follows = "nixpkgs-unstable";
# nixpkgs.follows = "nixpkgs-master"; # nixpkgs.follows = "nixpkgs-master";
# Nyxpkgs
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
# SOPS
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
# Home manager # Home manager
home-manager.url = "github:nix-community/home-manager/master"; home-manager = {
home-manager.inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
# Impermanence };
impermanence.url = "github:nix-community/impermanence";
# NUR
nur.url = "github:nix-community/NUR";
# Niri
niri.url = "github:sodiboo/niri-flake";
niri.inputs.nixpkgs.follows = "nixpkgs";
niri.inputs.nixpkgs-stable.follows = "nixpkgs-stable";
quickshell.url = "git+https://git.outfoxxed.me/outfoxxed/quickshell";
quickshell.inputs.nixpkgs.follows = "nixpkgs";
darkly.url = "github:Bali10050/Darkly";
darkly.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix";
stylix.inputs.nixpkgs.follows = "nixpkgs";
# go-musicfox
go-musicfox.url = "github:imxyy1soope1/go-musicfox/master";
go-musicfox.inputs.nixpkgs.follows = "nixpkgs";
# NixOS-WSL # NixOS-WSL
nixos-wsl.url = "github:nix-community/NixOS-WSL"; nixos-wsl = {
nixos-wsl.inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix.url = "github:nix-community/fenix"; # Flake organization tools
fenix.inputs.nixpkgs.follows = "nixpkgs"; # keep-sorted start block=yes
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
haumea = {
url = "github:nix-community/haumea/v0.2.2";
inputs.nixpkgs.follows = "nixpkgs";
};
infuse = {
url = "git+https://codeberg.org/amjoseph/infuse.nix";
flake = false;
};
# keep-sorted end
zen.url = "github:0xc000022070/zen-browser-flake"; # Useful modules
# keep-sorted start block=yes
catppuccin = {
url = "github:catppuccin/nix";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
# TODO: sops-nix: remove pr patch once merged
# https://github.com/Mic92/sops-nix/pull/779
sops-nix = {
url = "github:Mic92/sops-nix/pull/779/merge";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
};
# keep-sorted end
# Useful software
# keep-sorted start block=yes
angrr = {
url = "github:linyinfeng/angrr";
inputs.nixpkgs.follows = "nixpkgs";
};
darkly = {
url = "github:Bali10050/Darkly";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
};
go-musicfox = {
url = "github:imxyy1soope1/go-musicfox";
inputs.nixpkgs.follows = "nixpkgs";
};
niri.url = "github:sodiboo/niri-flake";
noctalia = {
url = "github:noctalia-dev/noctalia-shell/v3.8.2";
inputs.nixpkgs.follows = "nixpkgs";
};
zen.inputs.nixpkgs.follows = "nixpkgs"; zen.inputs.nixpkgs.follows = "nixpkgs";
zen.url = "github:0xc000022070/zen-browser-flake";
# keep-sorted end
infuse.url = "git+https://codeberg.org/amjoseph/infuse.nix"; # Misc
infuse.flake = false; treefmt = {
url = "github:numtide/treefmt-nix";
haumea.url = "github:nix-community/haumea/v0.2.2"; inputs.nixpkgs.follows = "nixpkgs";
haumea.inputs.nixpkgs.follows = "nixpkgs"; };
plant = {
url = "git+ssh://git@git.imxyy.top:2222/imxyy1soope1/HF-plant.git?rev=08dc0b3889797eb3618c7475c3c367ec0e5fdf40";
flake = false;
};
my-templates.url = "git+https://git.imxyy.top/imxyy1soope1/flake-templates";
}; };
outputs = outputs =
{ {
self, flake-parts,
nixpkgs,
... ...
}@inputs: }@inputs:
let flake-parts.lib.mkFlake
inherit (self) outputs; {
vars = import ./vars.nix; inherit inputs;
forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed; specialArgs.lib = import ./lib {
forAllHosts = inherit (inputs.nixpkgs) lib;
mkSystem: inherit inputs;
nixpkgs.lib.attrsets.mergeAttrsList ( };
builtins.map (hostname: { }
${hostname} = mkSystem hostname; {
}) (builtins.attrNames (builtins.readDir ./config/hosts)) systems = [ "x86_64-linux" ];
);
lib = (import ./lib/stdlib-extended.nix nixpkgs.lib).extend ( imports = [
final: prev: { ./flake/hosts.nix
inherit (inputs.home-manager.lib) hm; ./flake/pkgs.nix
inherit infuse; ./treefmt.nix
haumea = inputs.haumea.lib; ./overlays
} ];
);
infuse = (import inputs.infuse { inherit (nixpkgs) lib; }).v1.infuse;
in
{
packages = forAllSystems (
system:
lib.haumea.load {
src = ./pkgs;
loader = [
{
matches = str: builtins.match ".*\\.nix" str != null;
loader = _: path: nixpkgs.legacyPackages.${system}.callPackage path { };
}
];
transformer = lib.haumea.transformers.liftDefault;
}
);
# workaround for "treefmt warning" nixosHosts = {
formatter = forAllSystems ( imxyy-nix = {
system: profiles = [ "desktop" ];
let
pkgs = nixpkgs.legacyPackages.${system};
in
pkgs.writeShellApplication {
name = "nixfmt-wrapper";
runtimeInputs = with pkgs; [
fd
nixfmt-rfc-style
];
text = ''
fd "$@" -t f -e nix -x nixfmt '{}'
'';
}
);
overlays = import ./overlays {
inherit inputs lib;
};
nixosConfigurations = forAllHosts (
hostname:
let
overlays = builtins.attrValues self.overlays ++ [
inputs.go-musicfox.overlays.default
inputs.niri.overlays.niri
inputs.fenix.overlays.default
(final: prev: {
darkly-qt5 = inputs.darkly.packages.${final.system}.darkly-qt5;
darkly-qt6 = inputs.darkly.packages.${final.system}.darkly-qt6;
})
(final: prev: {
quickshell = inputs.quickshell.packages.${final.system}.default.override {
withJemalloc = true;
withQtSvg = true;
withWayland = true;
withPipewire = true;
withPam = false;
withX11 = false;
withHyprland = false;
};
})
(final: prev: {
inherit lib;
})
];
home = {
home-manager = {
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.impermanence.nixosModules.home-manager.impermanence
inputs.stylix.homeModules.stylix
inputs.zen.homeModules.beta
# workaround for annoying stylix
(
{ lib, ... }:
{
nixpkgs.overlays = lib.mkForce null;
}
)
];
useGlobalPkgs = true;
};
}; };
pkgsConf.nixpkgs = {
inherit overlays; imxyy-nix-server = {
config.allowUnfree = true; profiles = [ "server" ];
flake.setNixPath = false;
}; };
in
lib.nixosSystem { imxyy-nix-wsl = {
specialArgs = { profiles = [ "wsl" ];
inherit modules = [
inputs inputs.nixos-wsl.nixosModules.default
outputs
hostname
;
sopsRoot = ./secrets;
flake = ./.;
} // vars;
modules =
(lib.umport {
paths = [ ./modules ];
exclude = [
./modules/virt/types
./modules/desktop/wm/niri/waybar
];
recursive = true;
})
++ [
(lib.mkAliasOptionModule [ "my" "home" ] [ "home-manager" "users" vars.username ])
./config/base.nix
./config/hosts/${hostname}
inputs.chaotic.nixosModules.default
inputs.sops-nix.nixosModules.sops
inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.default
inputs.niri.nixosModules.niri
home
pkgsConf
]; ];
} };
);
}; imxyy-nix-x16 = {
profiles = [ "desktop" ];
};
};
};
} }

139
flake/hosts.nix Normal file
View File

@@ -0,0 +1,139 @@
{
self,
lib,
inputs,
withSystem,
config,
pkgsParams,
...
}:
let
vars = import ../vars.nix;
pkgsModule = {
nixpkgs = pkgsParams;
};
hmModule = {
home-manager = {
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
inputs.noctalia.homeModules.default
inputs.zen.homeModules.beta
{
stylix.overlays.enable = lib.mkForce false;
}
];
useGlobalPkgs = true;
};
};
in
{
options.nixosHosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
system = lib.mkOption {
type = lib.types.str;
default = "x86_64-linux";
description = "System architecture";
};
profiles = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of profile names (e.g., 'desktop', 'server', 'wsl')";
};
modules = lib.mkOption {
type = lib.types.listOf lib.types.deferredModule;
default = (
lib.umport {
paths = [ ../hosts/${name} ];
extraExcludePredicate = path: lib.hasInfix "/_" (toString path);
recursive = true;
}
);
description = "Additional NixOS modules specific to this host";
};
extraSpecialArgs = lib.mkOption {
type = lib.types.attrs;
default = { };
description = "Extra special arguments to pass to modules";
};
};
}
)
);
default = { };
description = "Declarative host definitions";
};
config = {
# Generate nixosConfigurations from declarative host definitions
flake.nixosConfigurations = lib.mapAttrs (
hostname: hostConfig:
withSystem hostConfig.system (
{ ... }:
lib.nixosSystem {
inherit (hostConfig) system;
specialArgs = {
inherit
inputs
self
hostname
;
assets =
with lib.haumea;
load {
src = ../assets;
loader = [ (matchers.always loaders.path) ];
};
secrets =
with lib.haumea;
load {
src = ../secrets;
loader = [ (matchers.always loaders.path) ];
};
}
// vars
// hostConfig.extraSpecialArgs;
modules =
# Automatically import all feature modules
(lib.umport {
paths = [ ../modules ];
extraExcludePredicate = path: lib.hasInfix "/_" (toString path);
recursive = true;
})
++ [
# Base profile (always included)
../profiles/base.nix
]
# Add requested profiles
++ (map (profile: ../profiles/${profile}.nix) hostConfig.profiles)
# Add host-specific modules
++ hostConfig.modules
++ [
(lib.mkAliasOptionModule [ "my" "hm" ] [ "home-manager" "users" vars.username ])
# Upstream modules
inputs.sops-nix.nixosModules.sops
inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.default
inputs.niri.nixosModules.niri
inputs.catppuccin.nixosModules.catppuccin
inputs.angrr.nixosModules.angrr
# pkgs and home-manager configuration
pkgsModule
hmModule
];
}
)
) config.nixosHosts;
};
}

55
flake/pkgs.nix Normal file
View File

@@ -0,0 +1,55 @@
{
inputs,
lib,
config,
pkgsParams,
...
}:
{
_module.args = {
pkgsParams = {
overlays = builtins.attrValues config.flake.overlays ++ [
inputs.go-musicfox.overlays.default
inputs.niri.overlays.niri
inputs.fenix.overlays.default
inputs.angrr.overlays.default
(final: prev: {
darkly-qt5 = inputs.darkly.packages.${final.stdenv.hostPlatform.system}.darkly-qt5;
darkly-qt6 = inputs.darkly.packages.${final.stdenv.hostPlatform.system}.darkly-qt6;
noctalia-shell = inputs.noctalia.packages.${final.stdenv.hostPlatform.system}.default;
})
];
config.allowUnfree = true;
flake.setNixPath = false;
};
};
perSystem =
{
system,
pkgs,
...
}:
{
_module.args.pkgs = import inputs.nixpkgs (pkgsParams // { inherit system; });
legacyPackages = pkgs;
packages = lib.genAttrs (builtins.attrNames (config.flake.overlays.additions pkgs pkgs)) (
pkg: pkgs.${pkg}
);
};
flake.overlays.additions =
final: prev:
with lib.haumea;
load {
src = ../pkgs;
loader = [
{
matches = str: builtins.match ".*\\.nix" str != null;
loader = _: path: final.callPackage path { };
}
];
transformer = transformers.liftDefault;
};
}

21
config/hosts/imxyy-nix-server/build.nix → hosts/imxyy-nix-server/build.nix
View File

@@ -1,13 +1,15 @@
{ {
config,
lib, lib,
config,
pkgs, pkgs,
sopsRoot, secrets,
hosts,
... ...
}: }:
{ {
sops.secrets.et-imxyy-nix-server-nixremote = { sops.secrets.et-imxyy-nix-server-nixremote = {
sopsFile = sopsRoot + /et-imxyy-nix-server-nixremote.toml; sopsFile = secrets.et-imxyy-nix-server-nixremote;
restartUnits = [ "easytier-nixremote.service" ];
format = "binary"; format = "binary";
}; };
environment.systemPackages = [ pkgs.easytier ]; environment.systemPackages = [ pkgs.easytier ];
@@ -15,10 +17,8 @@
enable = true; enable = true;
script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server-nixremote.path}"; script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server-nixremote.path}";
serviceConfig = { serviceConfig = {
Restart = lib.mkOverride 500 "always"; Restart = "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m"; RestartSec = 30;
RestartSec = lib.mkOverride 500 "100ms";
RestartSteps = lib.mkOverride 500 9;
User = "root"; User = "root";
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@@ -32,12 +32,7 @@
isSystemUser = true; isSystemUser = true;
description = "nix remote build user"; description = "nix remote build user";
group = "nixremote"; group = "nixremote";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = (lib.mapAttrsToList (host: key: "${key} ${host}") hosts) ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix"
]; ];
}; };

0
config/hosts/imxyy-nix-server/caddy.nix → hosts/imxyy-nix-server/caddy.nix
View File

15
hosts/imxyy-nix-server/code.nix Normal file
View File

@@ -0,0 +1,15 @@
{
services.coder = {
enable = true;
accessUrl = "https://coder.imxyy.top";
listenAddress = "127.0.0.1:8086";
};
users.users.coder.extraGroups = [ "podman" ];
services.caddy.virtualHosts."coder.imxyy.top" = {
extraConfig = ''
reverse_proxy :8086 {
header_up X-Real-IP {remote_host}
}
'';
};
}

5
config/hosts/imxyy-nix-server/docker.nix → hosts/imxyy-nix-server/docker.nix
View File

@@ -5,5 +5,10 @@
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
dockerSocket.enable = true; dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
# avoid collision with dnsmasq
virtualisation.containers = {
containersConf.settings.network.dns_bind_port = 5353;
}; };
} }

55
hosts/imxyy-nix-server/efl.nix Normal file
View File

@@ -0,0 +1,55 @@
{ config, secrets, ... }:
{
sops.secrets.efl-tuwunel-env = {
sopsFile = secrets.efl-tuwunel;
restartUnits = [ "podman-tuwunel.service" ];
format = "dotenv";
};
virtualisation.oci-containers.containers = {
tuwunel = {
image = "jevolk/tuwunel:latest";
volumes = [
"tuwunel_db:/var/lib/tuwunel"
];
ports = [ "6167:6167" ];
networks = [ "podman" ];
environment = {
TUWUNEL_SERVER_NAME = "mtx.eflx.top";
TUWUNEL_PORT = "6167";
TUWUNEL_ADDRESS = "0.0.0.0";
TUWUNEL_WELL_KNOWN__SERVER = "mtx.eflx.top:443";
TUWUNEL_WELL_KNOWN__CLIENT = "https://mtx.eflx.top";
};
environmentFiles = [
config.sops.secrets.efl-tuwunel-env.path
];
};
mautrix-telegram = {
image = "dock.mau.dev/mautrix/telegram:latest";
ports = [ "8099:8099" ];
networks = [ "podman" ];
extraOptions = [ "--ip=10.88.0.254" ];
volumes = [ "/var/lib/efl-mautrix-telegram:/data" ];
};
send = {
image = "lanol/filecodebox:latest";
ports = [ "12345:12345" ];
volumes = [ "/var/lib/send:/app/data:rw" ];
};
};
services.caddy.virtualHosts."mtx.eflx.top" = {
extraConfig = ''
reverse_proxy :6167 {
header_up X-Real-IP {remote_host}
}
'';
};
services.caddy.virtualHosts."send.eflx.top" = {
extraConfig = ''
reverse_proxy :12345 {
header_up X-Real-IP {remote_host}
}
'';
};
}

0
config/hosts/imxyy-nix-server/gitea.nix → hosts/imxyy-nix-server/gitea.nix
View File

2
config/hosts/imxyy-nix-server/grafana.nix → hosts/imxyy-nix-server/grafana.nix
View File

@@ -1,4 +1,3 @@
{ pkgs, ... }:
{ {
services.grafana = { services.grafana = {
enable = true; enable = true;
@@ -12,7 +11,6 @@
}; };
services.prometheus = { services.prometheus = {
enable = true; enable = true;
package = pkgs.stable.prometheus;
port = 8091; port = 8091;
exporters = { exporters = {
node = { node = {

9
config/hosts/imxyy-nix-server/hardware.nix → hosts/imxyy-nix-server/hardware.nix
View File

@@ -18,15 +18,18 @@ in
]; ];
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod_stable;
services.scx.enable = true; services.scx = {
enable = true;
scheduler = "scx_rusty";
};
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.zfs = { boot.zfs = {
package = pkgs.zfs_unstable;
extraPools = [ "data" ]; extraPools = [ "data" ];
forceImportRoot = false; forceImportRoot = false;
package = pkgs.zfs_cachyos;
}; };
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
services.btrfs.autoScrub.enable = true; services.btrfs.autoScrub.enable = true;

5
config/hosts/imxyy-nix-server/home.nix → hosts/imxyy-nix-server/home.nix
View File

@@ -1,11 +1,14 @@
{ ... }: { lib, ... }:
{ {
my = { my = {
cli.all.enable = true; cli.all.enable = true;
cli.media.all.enable = lib.mkForce false;
coding.editor.neovim.enable = true; coding.editor.neovim.enable = true;
coding.misc.enable = true; coding.misc.enable = true;
coding.langs.lua.enable = true; coding.langs.lua.enable = true;
coding.langs.rust.enable = true; coding.langs.rust.enable = true;
coding.langs.js.enable = true;
fonts.enable = lib.mkForce false;
persist = { persist = {
enable = true; enable = true;
homeDirs = [ homeDirs = [

14
hosts/imxyy-nix-server/homepage.nix Normal file
View File

@@ -0,0 +1,14 @@
{
virtualisation.oci-containers.containers.sun-panel = {
image = "hslr/sun-panel:latest";
volumes = [
"/var/lib/sun-panel:/app/conf"
];
ports = [ "8085:3002" ];
};
services.caddy.virtualHosts."home.imxyy.top" = {
extraConfig = ''
reverse_proxy :8085
'';
};
}

4
config/hosts/imxyy-nix-server/immich.nix → hosts/imxyy-nix-server/immich.nix
View File

@@ -1,5 +1,9 @@
{ ... }: { ... }:
{ {
users.users.immich = {
home = "/mnt/nas/immich";
createHome = true;
};
services.immich = { services.immich = {
enable = true; enable = true;
host = "127.0.0.1"; host = "127.0.0.1";

0
config/hosts/imxyy-nix-server/mail.nix → hosts/imxyy-nix-server/mail.nix
View File

107
hosts/imxyy-nix-server/matrix.nix Normal file
View File

@@ -0,0 +1,107 @@
{
config,
secrets,
...
}:
{
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
sops.secrets.tuwunel-reg-token = {
sopsFile = secrets.tuwunel-reg-token;
restartUnits = [ "tuwunel.service" ];
format = "binary";
owner = config.services.matrix-tuwunel.user;
group = config.services.matrix-tuwunel.group;
};
sops.secrets.tuwunel-turn-secret = {
sopsFile = secrets.tuwunel-turn-secret;
restartUnits = [ "tuwunel.service" ];
format = "binary";
owner = config.services.matrix-tuwunel.user;
group = config.services.matrix-tuwunel.group;
};
services.matrix-tuwunel = {
enable = true;
settings.global = {
address = [ "127.0.0.1" ];
port = [ 8094 ];
server_name = "imxyy.top";
well_known = {
server = "matrix.imxyy.top:443";
client = "https://matrix.imxyy.top";
};
allow_registration = true;
registration_token_file = config.sops.secrets.tuwunel-reg-token.path;
suppress_push_when_active = true;
turn_uris = [
"turn:hk.vkvm.imxyy.top?transport=udp"
"turn:hk.vkvm.imxyy.top?transport=tcp"
];
turn_secret_file = config.sops.secrets.tuwunel-turn-secret.path;
new_user_displayname_suffix = "";
};
};
services.caddy.virtualHosts."imxyy.top" = {
extraConfig = ''
handle /.well-known/matrix/server {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.server": "matrix.imxyy.top:443"}` 200
}
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top/"}}` 200
}
'';
};
services.caddy.virtualHosts."matrix.imxyy.top" = {
extraConfig = ''
reverse_proxy :8094
'';
};
sops.secrets.mautrix-telegram = {
sopsFile = secrets.mautrix-telegram;
restartUnits = [ "mautrix-telegram.service" ];
format = "dotenv";
owner = "mautrix-telegram";
group = "mautrix-telegram";
};
services.mautrix-telegram = {
enable = true;
environmentFile = config.sops.secrets.mautrix-telegram.path;
settings = {
homeserver = {
address = "http://127.0.0.1:8094";
domain = "imxyy.top";
};
appservice = {
address = "http://127.0.0.1:8098";
hostname = "127.0.0.1";
port = "8098";
bot_username = "telegrambot";
};
bridge = {
username_template = "telegram_{userid}";
alias_template = "telegram_{groupname}";
displayname_template = "{displayname} (Telegram)";
permissions = {
"@imxyy_soope_:imxyy.top" = "admin";
};
};
telegram = {
# borrowed from https://github.com/telegramdesktop/tdesktop/blob/9bdc19e2fd4d497c8f403891848383a88faadc25/snap/snapcraft.yaml#L134-L135
api_id = "611335";
api_hash = "d524b414d21f4d37f08684c1df41ac9c";
};
};
};
}

3
config/hosts/imxyy-nix-server/minecraft.nix → hosts/imxyy-nix-server/minecraft.nix
View File

@@ -8,9 +8,10 @@
WorkingDirectory = "/opt/minecraft/fabric1.20.6"; WorkingDirectory = "/opt/minecraft/fabric1.20.6";
ExecStart = "${lib.getExe' pkgs.openjdk21 "java"} -Xms1G -Xmx5G -jar fabric-server-mc.1.20.6-loader.0.15.11-launcher.1.0.1.jar"; ExecStart = "${lib.getExe' pkgs.openjdk21 "java"} -Xms1G -Xmx5G -jar fabric-server-mc.1.20.6-loader.0.15.11-launcher.1.0.1.jar";
Restart = "always"; Restart = "always";
RestartSec = "10s"; RestartSec = 120;
}; };
}; };
my.persist = { my.persist = {
nixosDirs = [ nixosDirs = [
"/opt/minecraft" "/opt/minecraft"

12
config/hosts/imxyy-nix-server/minio.nix → hosts/imxyy-nix-server/minio.nix
View File

@@ -1,7 +1,8 @@
{ config, sopsRoot, ... }: { config, secrets, ... }:
{ {
sops.secrets.minio-env = { sops.secrets.minio-env = {
sopsFile = sopsRoot + /minio.env; sopsFile = secrets.minio;
restartUnits = [ "minio.service" ];
format = "dotenv"; format = "dotenv";
}; };
services.minio = { services.minio = {
@@ -16,11 +17,4 @@
]; ];
rootCredentialsFile = config.sops.secrets.minio-env.path; rootCredentialsFile = config.sops.secrets.minio-env.path;
}; };
services.caddy.virtualHosts."minio.imxyy.top" = {
extraConfig = ''
handle_path /* {
reverse_proxy :9000
}
'';
};
} }

527
hosts/imxyy-nix-server/net.nix Normal file
View File

@@ -0,0 +1,527 @@
{
config,
lib,
pkgs,
username,
hosts,
secrets,
...
}:
{
boot.kernelParams = [
"biosdevname=0"
"net.ifnames=0"
];
networking = {
useDHCP = lib.mkForce false;
dhcpcd = {
wait = "background";
IPv6rs = true;
extraConfig = ''
interface mac0
noipv4
'';
};
interfaces = {
eth0.wakeOnLan.enable = true;
eth1.wakeOnLan.enable = true;
mac0 = {
useDHCP = true;
ipv4.addresses = [
{
address = "192.168.3.2";
prefixLength = 24;
}
];
};
};
macvlans."mac0" = {
interface = "eth0";
mode = "bridge";
};
defaultGateway = {
address = "192.168.3.1";
interface = "mac0";
};
nameservers = [
"192.168.3.2"
];
firewall.enable = false;
nftables = {
enable = true;
flushRuleset = true;
ruleset = ''
table inet firewall {
set LANv4 {
type ipv4_addr
flags interval
elements = { 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
}
set LANv6 {
type ipv6_addr
flags interval
elements = { fd00::/8, fe80::/10 }
}
set tcp_ports {
type inet_service
flags interval
elements = {
http,
https,
2222,
25565
}
}
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip daddr @LANv4 accept
ip6 daddr @LANv6 accept
}
chain output {
type filter hook output priority 100; policy accept;
ip daddr @LANv4 accept
ip6 daddr @LANv6 accept
}
chain input {
type filter hook input priority 0; policy drop;
iif lo accept
ct state invalid drop
ct state established,related accept
ip protocol { icmp, igmp } accept
ip saddr @LANv4 accept
ip6 saddr @LANv6 accept
tcp dport 2222 ct state new limit rate 15/minute counter accept
tcp dport @tcp_ports counter accept
}
chain forward {
type filter hook forward priority 0; policy accept;
}
chain nat {
type nat hook postrouting priority 0; policy accept;
ip saddr 192.168.3.0/24 masquerade
}
}
'';
};
};
services.openssh = {
enable = true;
settings = {
# PermitRootLogin = "yes";
PermitRootLogin = "prohibit-password";
PasswordAuthentication = true;
};
};
users.users.root.openssh.authorizedKeys.keys = lib.mapAttrsToList (
host: key: "${key} ${host}"
) hosts;
users.users.${username}.openssh.authorizedKeys.keys = lib.mapAttrsToList (
host: key: "${key} ${host}"
) hosts;
sops.secrets.dae-imxyy-nix-server = {
sopsFile = secrets.dae-imxyy-nix-server;
restartUnits = [ "dae.service" ];
format = "binary";
};
services.dae = {
enable = true;
configFile = config.sops.secrets.dae-imxyy-nix-server.path;
};
systemd.services.dae = {
after = [ "sops-nix.service" ];
serviceConfig.MemoryMax = "1G";
};
sops.secrets.mihomo = {
sopsFile = secrets.mihomo;
restartUnits = [ "mihomo.service" ];
format = "yaml";
key = "";
};
systemd.services.mihomo.after = [ "sops-nix.service" ];
services.mihomo = {
enable = true;
configFile = config.sops.secrets.mihomo.path;
webui = pkgs.metacubexd;
};
sops.secrets.frp-env = {
sopsFile = secrets.frp;
restartUnits = [ "frp.service" ];
format = "dotenv";
};
systemd.services.frp.serviceConfig.EnvironmentFile = [
config.sops.secrets.frp-env.path
];
services.frp = {
instances."" = {
enable = true;
role = "client";
settings = {
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}";
serverPort = 7000;
auth.token = "{{ .Envs.FRP_AUTH_TOKEN }}";
proxies = [
{
name = "nextcloud-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "nextcloud.imxyy.top" ];
}
{
name = "nextcloud-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "nextcloud.imxyy.top" ];
}
{
name = "oidc-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "oidc.imxyy.top" ];
}
{
name = "oidc-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "oidc.imxyy.top" ];
}
{
name = "mail-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "mail.imxyy.top" ];
}
{
name = "mail-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "mail.imxyy.top" ];
}
{
name = "gitea-ssh";
type = "tcp";
localIP = "127.0.0.1";
localPort = 2222;
remotePort = 2222;
}
{
name = "gitea-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "git.imxyy.top" ];
}
{
name = "gitea-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "git.imxyy.top" ];
}
{
name = "vault-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "vault.imxyy.top" ];
}
{
name = "vault-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "vault.imxyy.top" ];
}
{
name = "home-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "home.imxyy.top" ];
}
{
name = "home-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "home.imxyy.top" ];
}
{
name = "coder-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "coder.imxyy.top" ];
}
{
name = "coder-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "coder.imxyy.top" ];
}
{
name = "grafana-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "grafana.imxyy.top" ];
}
{
name = "grafana-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "grafana.imxyy.top" ];
}
{
name = "siyuan-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "sy.imxyy.top" ];
}
{
name = "siyuan-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "sy.imxyy.top" ];
}
{
name = "matrix-root-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "imxyy.top" ];
}
{
name = "matrix-root-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "imxyy.top" ];
}
{
name = "matrix-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "matrix.imxyy.top" ];
}
{
name = "matrix-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "matrix.imxyy.top" ];
}
{
name = "immich-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "immich.imxyy.top" ];
}
{
name = "immich-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "immich.imxyy.top" ];
}
{
name = "memo-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "memo.imxyy.top" ];
}
{
name = "memo-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "memo.imxyy.top" ];
}
{
name = "efl-matrix-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "mtx.eflx.top" ];
}
{
name = "efl-matrix-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "mtx.eflx.top" ];
}
{
name = "efl-send-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "send.eflx.top" ];
}
{
name = "efl-send-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "send.eflx.top" ];
}
];
};
};
};
sops.secrets.et-imxyy-nix-server = {
sopsFile = secrets.et-imxyy-nix-server;
restartUnits = [ "easytier.service" ];
format = "binary";
};
environment.systemPackages = [ pkgs.easytier ];
systemd.services."easytier" = {
enable = true;
script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server.path}";
serviceConfig = {
Restart = "always";
RestartSec = 30;
User = "root";
};
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"sops-nix.service"
];
};
virtualisation.oci-containers.containers.obligator = {
image = "anderspitman/obligator:latest";
volumes = [
"/var/lib/obligator:/data"
"/var/lib/obligator:/api"
];
ports = [ "8081:1616" ];
cmd = [
"-storage-dir"
"/data"
"-api-socket-dir"
"/api"
"-root-uri"
"https://oidc.imxyy.top"
"-port"
"1616"
];
};
services.caddy.virtualHosts."oidc.imxyy.top" = {
extraConfig = ''
reverse_proxy :8081 {
header_up X-Real-IP {remote_host}
}
'';
};
systemd.services.ddns-go =
let
version = "6.6.7";
ddns-go = pkgs.buildGoModule {
inherit version;
pname = "ddns-go";
src = pkgs.fetchFromGitHub {
owner = "jeessy2";
repo = "ddns-go";
rev = "v${version}";
hash = "sha256-Ejoe6e9GFhHxQ9oIBDgDRQW9Xx1XZK+qSAXiRXLdn+c=";
};
meta.mainProgram = "ddns-go";
vendorHash = "sha256-XZii7gV3DmTunYyGYzt5xXhv/VpTPIoYKbW4LnmlAgs=";
doCheck = false;
};
in
{
description = "Go Dynamic DNS";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe ddns-go} -l :9876 -f 10 -cacheTimes 180 -c /var/lib/ddns-go/config.yaml";
Restart = "always";
RestartSec = 120;
};
path = [
pkgs.bash
];
};
services.dnsmasq =
let
subDomains = [
"home"
"nextcloud"
"mail"
"git"
"vault"
"coder"
"grafana"
"matrix"
"note"
"oidc"
"mc"
"music"
"sy"
"immich"
];
in
{
enable = true;
resolveLocalQueries = false;
settings = {
no-resolv = true;
server = [ "192.168.3.1" ];
address = map (sub: "/${sub}.imxyy.top/192.168.3.2") subDomains ++ [
"/imxyy-nix-server/192.168.3.2"
"/imxyy-cloudwin/192.168.3.4"
"/printer.home/192.168.3.53"
];
cache-size = 0;
log-queries = "extra";
};
};
}

31
config/hosts/imxyy-nix-server/nextcloud.nix → hosts/imxyy-nix-server/nextcloud.nix
View File

@@ -17,9 +17,9 @@ in
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud31; package = pkgs.nextcloud32;
extraApps = { extraApps = {
inherit (pkgs.nextcloud31.packages.apps) inherit (pkgs.nextcloud32.packages.apps)
bookmarks bookmarks
previewgenerator previewgenerator
spreed spreed
@@ -31,20 +31,26 @@ in
hostName = nextcloud; hostName = nextcloud;
home = "/mnt/nas/nextcloud"; home = "/mnt/nas/nextcloud";
https = true; https = true;
nginx.recommendedHttpHeaders = true;
caching.redis = true; caching.redis = true;
configureRedis = true; configureRedis = true;
database.createLocally = true; database.createLocally = true;
notify_push.enable = true;
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
adminpassFile = toString (pkgs.writeText "nextcloud-pass" "admin12345!"); adminpassFile = toString (pkgs.writeText "nextcloud-pass" "admin12345!");
adminuser = "admin"; adminuser = "admin";
}; };
settings.trusted_domains = [ settings = {
hostname trusted_domains = [
"192.168.3.2" hostname
"10.0.0.1" "192.168.3.2"
]; "10.0.0.1"
];
trusted_proxies = [
"127.0.0.1"
"192.168.3.0/24"
];
};
phpExtraExtensions = phpExtraExtensions =
all: with all; [ all: with all; [
pdlib pdlib
@@ -53,7 +59,7 @@ in
phpOptions = { phpOptions = {
"opcache.enable" = 1; "opcache.enable" = 1;
"opcache.enable_cli" = 1; "opcache.enable_cli" = 1;
"opcache.interned_strings_buffer" = 8; "opcache.interned_strings_buffer" = 23;
"opcache.max_accelerated_files" = 10000; "opcache.max_accelerated_files" = 10000;
"opcache.memory_consumption" = 128; "opcache.memory_consumption" = 128;
"opcache.save_comments" = 1; "opcache.save_comments" = 1;
@@ -94,9 +100,12 @@ in
*/ */
services.caddy.virtualHosts."nextcloud.imxyy.top" = { services.caddy.virtualHosts."nextcloud.imxyy.top" = {
extraConfig = '' extraConfig = ''
reverse_proxy :8084 { reverse_proxy http://127.0.0.1:8084 {
header_up X-Real-IP {remote_host} trusted_proxies 192.168.3.0/24
} }
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
''; '';
}; };

0
config/hosts/imxyy-nix-server/nginx.nix → hosts/imxyy-nix-server/nginx.nix
View File

17
hosts/imxyy-nix-server/nixos.nix Normal file
View File

@@ -0,0 +1,17 @@
{
lib,
config,
username,
secrets,
...
}:
{
sops.secrets.imxyy-nix-server-hashed-password = {
sopsFile = secrets.imxyy-nix-server-hashed-password;
format = "binary";
neededForUsers = true;
};
users.users.${username}.hashedPasswordFile =
lib.mkForce config.sops.secrets.imxyy-nix-server-hashed-password.path;
users.users.root.hashedPasswordFile = lib.mkForce config.sops.secrets.imxyy-nix-server-hashed-password.path;
}

51
hosts/imxyy-nix-server/note.nix Normal file
View File

@@ -0,0 +1,51 @@
{
config,
secrets,
...
}:
{
sops.secrets.siyuan-env = {
sopsFile = secrets.siyuan;
restartUnits = [ "siyuan.service" ];
format = "dotenv";
};
virtualisation.oci-containers.containers = {
siyuan = {
image = "apkdv/siyuan-unlock:v3.1.30";
volumes = [
"/mnt/nas/siyuan/workspace:/workspace"
"/mnt/nas/siyuan:/home/siyuan"
];
cmd = [
"--workspace=/workspace"
];
environment = {
PUID = "0";
PGID = "0";
};
environmentFiles = [
"${config.sops.secrets.siyuan-env.path}"
];
ports = [ "8095:6806" ];
};
memos = {
image = "neosmemo/memos:stable";
volumes = [
"/mnt/nas/memos:/var/opt/memos"
];
ports = [ "8097:5230" ];
};
};
services.caddy.virtualHosts = {
"sy.imxyy.top" = {
extraConfig = ''
reverse_proxy :8095
'';
};
"memo.imxyy.top" = {
extraConfig = ''
reverse_proxy :8097
'';
};
};
}

74
hosts/imxyy-nix-server/plant.nix Normal file
View File

@@ -0,0 +1,74 @@
{
inputs,
pkgs,
lib,
...
}:
let
app = pkgs.buildNpmPackage (finalAttrs: {
pname = "HF-plant";
version = "unstable-2025-09-21";
src = inputs.plant;
buildPhase = ''
runHook preBuild
npm run build
npm run build:proxy
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir $out
mv dist $out
cp .env proxy-server-bundled.js $out
runHook postInstall
'';
npmDepsHash = "sha256-ret4BtjrEt8L1nlvJmFiejAKmbz89Z7NSiKs+qlB51w=";
});
in
{
systemd.services.HF-plant-proxy = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pkgs.bash} -c 'source ${app}/.env; export FEISHU_APP_ID FEISHU_APP_SECRET AMAP_JSCODE; ${lib.getExe pkgs.nodejs} ${app}/proxy-server-bundled.js'";
Restart = "always";
RestartSec = 120;
};
};
services.caddy.virtualHosts."plant.imxyy.top" = {
extraConfig = ''
handle /api/* {
reverse_proxy localhost:3001
}
handle /* {
root * ${app}/dist
try_files {path} /index.html
file_server
}
'';
};
services.frp.instances."".settings.proxies = [
{
name = "plant-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "plant.imxyy.top" ];
}
{
name = "plant-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "plant.imxyy.top" ];
}
];
}

55
hosts/imxyy-nix-server/rss.nix Normal file
View File

@@ -0,0 +1,55 @@
{ config, secrets, ... }:
let
redisUrl = config.services.redis.servers.rsshub.unixSocket;
in
{
sops.secrets.rsshub-env = {
sopsFile = secrets.rsshub;
restartUnits = [ "podman-rsshub.service" ];
format = "dotenv";
};
users.users.rsshub = {
home = "/var/empty";
group = "rsshub";
isSystemUser = true;
};
users.groups.rsshub.members = [ "rsshub" ];
services.redis.servers.rsshub = {
enable = true;
user = "rsshub";
};
virtualisation.oci-containers.containers.rsshub = {
image = "diygod/rsshub";
volumes = [
"${redisUrl}:${redisUrl}"
];
ports = [ "8100:1200" ];
networks = [ "podman" ];
environment = {
CACHE_TYPE = "redis";
REDIS_URL = "${redisUrl}";
};
environmentFiles = [ config.sops.secrets.rsshub-env.path ];
};
services.caddy.virtualHosts."rss.imxyy.top" = {
extraConfig = ''
reverse_proxy :8100
'';
};
services.frp.instances."".settings.proxies = [
{
name = "rsshub-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "rss.imxyy.top" ];
}
{
name = "rsshub-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "rss.imxyy.top" ];
}
];
}

2
config/hosts/imxyy-nix-server/samba.nix → hosts/imxyy-nix-server/samba.nix
View File

@@ -9,7 +9,7 @@
}; };
share = { share = {
path = "/mnt/nas/share"; path = "/mnt/nas/share";
browseable = "yes"; browsable = "yes";
"read only" = "no"; "read only" = "no";
"guest ok" = "no"; "guest ok" = "no";
"create mask" = "0664"; "create mask" = "0664";

49
hosts/imxyy-nix-server/sshwifty.nix Normal file
View File

@@ -0,0 +1,49 @@
{ config, secrets, ... }:
{
sops.secrets.sshwifty = {
sopsFile = secrets.sshwifty;
format = "binary";
};
services.sshwifty = {
enable = true;
sharedKeyFile = config.sops.secrets.sshwifty.path;
settings = {
Servers = [
{
ListenInterface = "0.0.0.0";
ListenPort = 8101;
InitialTimeout = 10;
ReadTimeout = 120;
WriteTimeout = 120;
HeartbeatTimeout = 10;
ReadDelay = 10;
WriteDelay = 10;
TLSCertificateFile = "";
TLSCertificateKeyFile = "";
ServerMessage = "";
}
];
};
};
services.caddy.virtualHosts."ssh.imxyy.top" = {
extraConfig = ''
reverse_proxy :8101
'';
};
services.frp.instances."".settings.proxies = [
{
name = "sshwifty-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "ssh.imxyy.top" ];
}
{
name = "sshwifty-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "ssh.imxyy.top" ];
}
];
}

5
config/hosts/imxyy-nix-server/vault.nix → hosts/imxyy-nix-server/vault.nix
View File

@@ -1,7 +1,8 @@
{ config, sopsRoot, ... }: { config, secrets, ... }:
{ {
sops.secrets.vaultwarden-env = { sops.secrets.vaultwarden-env = {
sopsFile = sopsRoot + /vaultwarden.env; sopsFile = secrets.vaultwarden;
restartUnits = [ "vaultwarden.service" ];
format = "dotenv"; format = "dotenv";
}; };
services.postgresql.ensureUsers = [ services.postgresql.ensureUsers = [

2
config/hosts/imxyy-nix-server/virt.nix → hosts/imxyy-nix-server/virt.nix
View File

@@ -13,7 +13,7 @@ let
in in
{ {
boot = { boot = {
initrd.kernelModules = [ initrd.kernelModules = lib.mkBefore [
"vfio_pci" "vfio_pci"
"vfio" "vfio"
"vfio_iommu_type1" "vfio_iommu_type1"

19
hosts/imxyy-nix-wsl/home.nix Normal file
View File

@@ -0,0 +1,19 @@
{ lib, username, ... }:
{
my.hm = {
programs.zsh.shellAliases = {
localproxy_on = "export http_proxy=http://192.168.128.1:7890 https_proxy=http://192.168.128.1:7890 all_proxy=socks://192.168.128.1:7890";
};
programs.fish.shellAliases = {
localproxy_on = "export http_proxy=http://192.168.128.1:7890 https_proxy=http://192.168.128.1:7890 all_proxy=socks://192.168.128.1:7890";
};
};
my = {
sops.sshKeyFile = "/home/${username}/.ssh/id_ed25519";
coding.all.enable = true;
coding.editor.vscode.enable = lib.mkForce false;
cli.misc.enable = true;
xdg.enable = true;
cli.media.all.enable = true;
};
}

0
config/hosts/imxyy-nix-wsl/nixos.nix → hosts/imxyy-nix-wsl/nixos.nix
View File

8
config/hosts/imxyy-nix-x16/hardware.nix → hosts/imxyy-nix-x16/hardware.nix
View File

@@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
username,
... ...
}: }:
let let
@@ -22,7 +21,7 @@ in
verbose = false; verbose = false;
}; };
kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod_latest;
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
@@ -30,7 +29,10 @@ in
"fs.file-max" = 9223372036854775807; "fs.file-max" = 9223372036854775807;
}; };
}; };
services.scx.enable = true; services.scx = {
enable = true;
scheduler = "scx_rusty";
};
fileSystems."/" = { fileSystems."/" = {
device = btrfs; device = btrfs;

67
config/hosts/imxyy-nix-x16/home.nix → hosts/imxyy-nix-x16/home.nix
View File

@@ -1,43 +1,53 @@
{ {
config, config,
lib,
pkgs, pkgs,
username, username,
... ...
}: }:
{ {
my.home = { my.hm = {
home.packages = with pkgs; [ home.packages = with pkgs; [
localsend localsend
rclone
wpsoffice-cn wpsoffice-cn
wps-office-fonts wps-office-fonts
ttf-wps-fonts ttf-wps-fonts
evince papers
anki anki
ayugram-desktop ayugram-desktop
telegram-desktop
signal-desktop signal-desktop
discord element-desktop
fractal
qq qq
wechat wechat
gnome-clocks gnome-clocks
wineWowPackages.waylandFull
pavucontrol
pamixer
]; ];
programs.zsh = { programs.zsh = {
sessionVariables = { sessionVariables = {
PATH = "/home/${username}/bin:$PATH"; PATH = "/home/${username}/bin:$PATH";
}; };
}; };
programs.fish.interactiveShellInit = ''
set -gp PATH $HOME/bin
'';
programs.niri.settings = {
environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.25";
outputs = {
eDP-1 = {
enable = true;
mode = {
width = 1920;
height = 1200;
refresh = 60.002;
};
scale = 1.25;
};
};
};
}; };
my = { my = {
@@ -45,8 +55,7 @@
cli.all.enable = true; cli.all.enable = true;
coding.all.enable = true; coding.all.enable = true;
desktop.all.enable = true; desktop.all.enable = true;
virt.moonlight.enable = true;
desktop.browser.librewolf.enable = lib.mkForce false;
i18n.fcitx5.enable = true; i18n.fcitx5.enable = true;
@@ -54,14 +63,14 @@
enable = true; enable = true;
defaultApplications = defaultApplications =
let let
browser = [ "zen-beta.desktop" ]; browser = [ config.my.desktop.browser.default.desktop ];
editor = [ "codium.desktop" ]; editor = [ "codium.desktop" ];
imageviewer = [ "org.gnome.Shotwell-Viewer.desktop" ]; imageviewer = [ "org.gnome.Shotwell-Viewer.desktop" ];
in in
{ {
"inode/directory" = [ "nemo.desktop" ]; "inode/directory" = [ "org.gnome.Nautilus.desktop" ];
"application/pdf" = [ "org.gnome.Evince.desktop" ]; "application/pdf" = [ "org.gnome.Papers.desktop" ];
"text/*" = editor; "text/*" = editor;
"application/json" = editor; "application/json" = editor;
@@ -92,15 +101,6 @@
"image/png" = imageviewer; "image/png" = imageviewer;
"image/webp" = imageviewer; "image/webp" = imageviewer;
}; };
extraBookmarks =
let
homedir = config.my.home.home.homeDirectory;
in
[
"file://${homedir}/NAS NAS"
"file://${homedir}/NAS/imxyy_soope_ NAS imxyy_soope_"
"file://${homedir}/NAS/imxyy_soope_/OS NAS OS"
];
}; };
persist = { persist = {
enable = true; enable = true;
@@ -118,23 +118,26 @@
".local/state" ".local/state"
".local/share/Anki2" ".local/share/Anki2"
".local/share/shotwell" ".local/share/shotwell"
".local/share/cheat.sh"
".local/share/Kingsoft" ".local/share/Kingsoft"
".local/share/AyuGramDesktop" ".local/share/AyuGramDesktop"
".local/share/TelegramDesktop" ".local/share/fractal"
".config/Signal" ".config/Signal"
".config/discord" ".config/Element"
".config/QQ" ".config/QQ"
".xwechat" ".xwechat"
".config/Kingsoft" ".config/Kingsoft"
".config/dconf" ".config/dconf"
".config/gh"
".config/pulse"
".config/pip" ".config/pip"
".config/libreoffice"
".config/sunshine" ".config/sunshine"
".gemini"
".claude"
".claude-code-router"
];
homeFiles = [
".claude.json"
]; ];
}; };
}; };

101
hosts/imxyy-nix-x16/net.nix Normal file
View File

@@ -0,0 +1,101 @@
{
config,
pkgs,
secrets,
...
}:
{
boot.kernelParams = [
"biosdevname=0"
"net.ifnames=0"
];
my.persist.nixosDirs = [ "/etc/NetworkManager/system-connections" ];
networking = {
networkmanager.enable = true;
firewall.enable = false;
nftables = {
enable = true;
flushRuleset = true;
ruleset = ''
table inet firewall {
set LANv4 {
type ipv4_addr
flags interval
elements = { 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
}
set LANv6 {
type ipv6_addr
flags interval
elements = { fd00::/8, fe80::/10 }
}
chain output {
type filter hook output priority 100; policy accept;
}
chain input {
type filter hook input priority 0; policy drop;
iif lo accept
ct state invalid drop
ct state established,related accept
ip saddr @LANv4 accept
ip6 saddr @LANv6 accept
}
chain forward {
type filter hook forward priority 0; policy drop;
}
}
'';
};
};
sops.secrets.dae-imxyy-nix-x16 = {
sopsFile = secrets.dae-imxyy-nix-x16;
restartUnits = [ "dae.service" ];
format = "binary";
};
services.dae = {
enable = true;
configFile = config.sops.secrets.dae-imxyy-nix-x16.path;
};
systemd.services.dae.after = [ "sops-nix.service" ];
sops.secrets.mihomo = {
sopsFile = secrets.mihomo;
restartUnits = [ "mihomo.service" ];
format = "yaml";
key = "";
};
systemd.services.mihomo.after = [ "sops-nix.service" ];
services.mihomo = {
enable = true;
configFile = config.sops.secrets.mihomo.path;
webui = pkgs.metacubexd;
};
sops.secrets.et-imxyy-nix-x16 = {
sopsFile = secrets.et-imxyy-nix-x16;
restartUnits = [ "easytier.service" ];
format = "binary";
};
environment.systemPackages = with pkgs; [
easytier
];
systemd.services."easytier" = {
enable = true;
script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-x16.path}";
serviceConfig = {
Restart = "always";
RestartSec = 30;
User = "root";
};
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"sops-nix.service"
];
};
}

67
hosts/imxyy-nix-x16/nixos.nix Normal file
View File

@@ -0,0 +1,67 @@
{
pkgs,
config,
username,
secrets,
...
}:
{
boot.kernelParams = [
"usbcore.autosuspend=-1" # Avoid usb autosuspend (for usb bluetooth adapter)
];
services.upower.enable = true;
services.power-profiles-daemon.enable = true;
services.keyd = {
enable = true;
keyboards.default.settings = {
main = {
capslock = "overload(control, esc)";
home = "end";
};
shift = {
home = "home";
};
control = {
delete = "print";
};
};
};
services.openssh = {
enable = true;
settings = {
# Forbid root login through SSH.
PermitRootLogin = null;
PasswordAuthentication = true;
};
};
environment.systemPackages = [
pkgs.rclone
];
sops.secrets.imxyy-nix-rclone = {
sopsFile = secrets.imxyy-nix-rclone;
format = "binary";
};
fileSystems = {
"/home/${username}/Nextcloud" = {
device = "Nextcloud:";
fsType = "rclone";
options = [
"nodev"
"nofail"
"allow_other"
"args2env"
"config=${config.sops.secrets.imxyy-nix-rclone.path}"
"uid=1000"
"gid=100"
"rw"
"no-check-certificate"
"vfs-cache-mode=full"
];
};
};
}

7
config/hosts/imxyy-nix/hardware.nix → hosts/imxyy-nix/hardware.nix
View File

@@ -23,7 +23,7 @@ in
verbose = false; verbose = false;
}; };
kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod_latest;
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
@@ -36,7 +36,10 @@ in
"resume_offset=6444127" "resume_offset=6444127"
]; ];
}; };
services.scx.enable = true; services.scx = {
enable = true;
scheduler = "scx_rusty";
};
fileSystems."/" = { fileSystems."/" = {
device = btrfs; device = btrfs;

73
config/hosts/imxyy-nix/home.nix → hosts/imxyy-nix/home.nix
View File

@@ -1,59 +1,57 @@
{ {
config, config,
lib,
pkgs, pkgs,
username, username,
... ...
}: }:
{ {
my.home = { my.hm = {
home.packages = with pkgs; [ home.packages = with pkgs; [
localsend localsend
rclone
wpsoffice-cn wpsoffice-cn
wps-office-fonts wps-office-fonts
ttf-wps-fonts ttf-wps-fonts
evince papers
anki anki
ayugram-desktop ayugram-desktop
telegram-desktop
signal-desktop signal-desktop
discord element-desktop
fractal
qq qq
wechat wechat
gnome-clocks gnome-clocks
wineWowPackages.waylandFull
pavucontrol
pamixer
]; ];
programs.zsh = { programs.zsh = {
shellAliases = { shellAliases = {
cageterm = "cage -m DP-2 -s -- alacritty -o font.size=20"; cageterm = "cage -m DP-1 -s -- alacritty -o font.size=20";
cagefoot = "cage -m DP-2 -s -- foot --font=monospace:size=20"; cagefoot = "cage -m DP-1 -s -- foot --font=monospace:size=20";
cagekitty = "cage -m DP-2 -s -- kitty -o font_size=20"; cagekitty = "cage -m DP-1 -s -- kitty -o font_size=20";
}; };
sessionVariables = { sessionVariables = {
no_proxy = "192.168.3.0/24"; no_proxy = "192.168.3.0/24";
PATH = "/home/${username}/bin:$PATH"; PATH = "/home/${username}/bin:$PATH";
}; };
profileExtra = '' };
if [ `tty` = "/dev/tty6" ]; then programs.fish = {
clear shellAliases = {
fi cageterm = "cage -m DP-1 -s -- alacritty -o font.size=20";
cagefoot = "cage -m DP-1 -s -- foot --font=monospace:size=20";
cagekitty = "cage -m DP-1 -s -- kitty -o font_size=20";
};
interactiveShellInit = ''
set -g no_proxy "192.168.3.0/24"
set -gp PATH $HOME/bin
''; '';
}; };
programs.niri.settings = { programs.niri.settings = {
environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.25"; environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.25";
outputs = { outputs = {
DP-2 = { DP-1 = {
enable = true; enable = true;
mode = { mode = {
width = 2560; width = 2560;
@@ -66,7 +64,7 @@
y = 0; y = 0;
}; };
}; };
DP-3 = { DP-2 = {
enable = true; enable = true;
mode = { mode = {
width = 2560; width = 2560;
@@ -91,22 +89,20 @@
coding.all.enable = true; coding.all.enable = true;
desktop.all.enable = true; desktop.all.enable = true;
desktop.browser.librewolf.enable = lib.mkForce false;
i18n.fcitx5.enable = true; i18n.fcitx5.enable = true;
xdg = { xdg = {
enable = true; enable = true;
defaultApplications = defaultApplications =
let let
browser = [ "zen-beta.desktop" ]; browser = [ config.my.desktop.browser.default.desktop ];
editor = [ "codium.desktop" ]; editor = [ "codium.desktop" ];
imageviewer = [ "org.gnome.Shotwell-Viewer.desktop" ]; imageviewer = [ "org.gnome.Shotwell-Viewer.desktop" ];
in in
{ {
"inode/directory" = [ "nemo.desktop" ]; "inode/directory" = [ "org.gnome.Nautilus.desktop" ];
"application/pdf" = [ "org.gnome.Evince.desktop" ]; "application/pdf" = [ "org.gnome.Papers.desktop" ];
"text/*" = editor; "text/*" = editor;
"application/json" = editor; "application/json" = editor;
@@ -137,16 +133,6 @@
"image/png" = imageviewer; "image/png" = imageviewer;
"image/webp" = imageviewer; "image/webp" = imageviewer;
}; };
extraBookmarks =
let
homedir = config.my.home.home.homeDirectory;
in
[
"file://${homedir}/Documents/%E7%8F%AD%E7%BA%A7%E4%BA%8B%E5%8A%A1 "
"file://${homedir}/NAS NAS"
"file://${homedir}/NAS/imxyy_soope_ NAS imxyy_soope_"
"file://${homedir}/NAS/imxyy_soope_/OS NAS OS"
];
}; };
persist = { persist = {
enable = true; enable = true;
@@ -162,23 +148,26 @@
".local/state" ".local/state"
".local/share/Anki2" ".local/share/Anki2"
".local/share/shotwell" ".local/share/shotwell"
".local/share/cheat.sh"
".local/share/Kingsoft" ".local/share/Kingsoft"
".local/share/AyuGramDesktop" ".local/share/AyuGramDesktop"
".local/share/TelegramDesktop" ".local/share/fractal"
".config/Signal" ".config/Signal"
".config/discord" ".config/Element"
".config/QQ" ".config/QQ"
".xwechat" ".xwechat"
".config/Kingsoft" ".config/Kingsoft"
".config/dconf" ".config/dconf"
".config/gh"
".config/pulse"
".config/pip" ".config/pip"
".config/libreoffice"
".config/sunshine" ".config/sunshine"
".gemini"
".claude"
".claude-code-router"
];
homeFiles = [
".claude.json"
]; ];
}; };
}; };

22
config/hosts/imxyy-nix/net.nix → hosts/imxyy-nix/net.nix
View File

@@ -2,8 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
sopsRoot, secrets,
username,
... ...
}: }:
{ {
@@ -70,6 +69,7 @@
chain input { chain input {
type filter hook input priority 0; policy drop; type filter hook input priority 0; policy drop;
iif lo accept iif lo accept
iifname waydroid0 accept
ct state invalid drop ct state invalid drop
ct state established,related accept ct state established,related accept
@@ -79,6 +79,9 @@
chain forward { chain forward {
type filter hook forward priority 0; policy drop; type filter hook forward priority 0; policy drop;
iifname waydroid0 accept
oifname waydroid0 accept
} }
} }
''; '';
@@ -86,7 +89,8 @@
}; };
sops.secrets.dae-imxyy-nix = { sops.secrets.dae-imxyy-nix = {
sopsFile = sopsRoot + /dae-imxyy-nix.dae; sopsFile = secrets.dae-imxyy-nix;
restartUnits = [ "dae.service" ];
format = "binary"; format = "binary";
}; };
services.dae = { services.dae = {
@@ -95,7 +99,8 @@
}; };
systemd.services.dae.after = [ "sops-nix.service" ]; systemd.services.dae.after = [ "sops-nix.service" ];
sops.secrets.mihomo = { sops.secrets.mihomo = {
sopsFile = sopsRoot + /mihomo.yaml; sopsFile = secrets.mihomo;
restartUnits = [ "mihomo.service" ];
format = "yaml"; format = "yaml";
key = ""; key = "";
}; };
@@ -107,7 +112,8 @@
}; };
sops.secrets.et-imxyy-nix = { sops.secrets.et-imxyy-nix = {
sopsFile = sopsRoot + /et-imxyy-nix.toml; sopsFile = secrets.et-imxyy-nix;
restartUnits = [ "easytier.service" ];
format = "binary"; format = "binary";
}; };
environment.systemPackages = [ pkgs.easytier ]; environment.systemPackages = [ pkgs.easytier ];
@@ -115,10 +121,8 @@
enable = true; enable = true;
script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix.path}"; script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix.path}";
serviceConfig = { serviceConfig = {
Restart = lib.mkOverride 500 "always"; Restart = "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m"; RestartSec = 30;
RestartSec = lib.mkOverride 500 "100ms";
RestartSteps = lib.mkOverride 500 9;
User = "root"; User = "root";
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

130
hosts/imxyy-nix/nixos.nix Normal file
View File

@@ -0,0 +1,130 @@
{
lib,
pkgs,
config,
username,
secrets,
...
}:
let
btreset = pkgs.writeShellScriptBin "btreset" ''
LOCKFILE="/tmp/.btreseted"
SYM="BT"
if [ -f "$LOCKFILE" ] && [ "$1" != "-f" ]; then
exit 0
fi
${lib.getExe' pkgs.usbutils "lsusb"} | grep "$SYM" | while read -r line; do
bus=$(echo "$line" | awk '{print $2}')
dev=$(echo "$line" | awk '{print $4}' | tr -d ':')
${lib.getExe' pkgs.usbutils "usbreset"} "$bus/$dev"
touch "$LOCKFILE"
done
'';
in
{
systemd.services.btreset = {
script = lib.getExe btreset;
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
};
boot.kernelParams = [
"usbcore.autosuspend=-1" # Avoid usb autosuspend (for usb bluetooth adapter)
"fsck.mode=skip"
];
services.keyd = {
enable = true;
keyboards = {
default.settings = {
main = {
capslock = "overload(control, esc)";
home = "end";
};
shift = {
home = "home";
};
control = {
delete = "print";
};
};
kone-pro-owl-eye = {
ids = [ "1e7d:2dcd" ];
settings.main.mouse2 = "rightmouse";
};
};
};
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
users.users.${username}.extraGroups = [ "wireshark" ];
virtualisation.waydroid.enable = true;
my.persist.homeDirs = [ ".local/share/waydroid" ];
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
applications.apps = [
{
name = "Desktop";
image-path = "desktop.png";
}
];
};
services.openssh = {
enable = true;
settings = {
# Forbid root login through SSH.
PermitRootLogin = null;
PasswordAuthentication = true;
};
};
environment.systemPackages = [
pkgs.rclone
btreset
];
sops.secrets.imxyy-nix-rclone = {
sopsFile = secrets.imxyy-nix-rclone;
format = "binary";
};
fileSystems = {
"/home/${username}/Nextcloud" = {
device = "Nextcloud:";
fsType = "rclone";
options = [
"nodev"
"nofail"
"allow_other"
"args2env"
"config=${config.sops.secrets.imxyy-nix-rclone.path}"
"uid=1000"
"gid=100"
"rw"
"no-check-certificate"
"vfs-cache-mode=full"
];
};
"/home/${username}/NAS" = {
device = "//192.168.3.2/share";
fsType = "cifs";
options = [
"username=nas"
"password=nasshare"
"x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
"nodev"
"nofail"
"uid=1000"
"gid=100"
"vers=3"
"rw"
];
};
};
}

36
hosts/imxyy-nix/podman.nix Normal file
View File

@@ -0,0 +1,36 @@
{
lib,
pkgs,
username,
...
}:
{
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.${username}.extraGroups = [ "podman" ];
environment.systemPackages = [ pkgs.distrobox ];
my.hm.programs.distrobox = {
enable = true;
settings = {
container_image_default = "docker.io/archlinux:latest";
};
containers = {
archlinux = {
image = "archlinux:latest";
additional_packages = "nvim";
};
};
};
my.hm.programs.zsh.initContent = lib.mkBefore ''
if [ -n "''${CONTAINER_ID+1}" ]; then
export ZSH_DISABLE_COMPFIX=true
fi
'';
my.persist.homeDirs = [
".config/containers"
".local/share/containers"
];
}

0
config/hosts/imxyy-nix/virt.nix → hosts/imxyy-nix/virt.nix
View File

111
lib/default.nix
View File

@@ -1,102 +1,9 @@
{ lib }: { lib, inputs }:
lib.extend (
{ self: super: {
makeSwitch = inherit (inputs.home-manager.lib) hm;
{ umport = import ./umport.nix { lib = self; };
default ? false, haumea = inputs.haumea.lib;
config, infuse = (import inputs.infuse { inherit lib; }).v1.infuse;
optionPath, }
optionName, )
config',
}:
let
cfg = lib.getAttrFromPath optionPath config.my;
in
{
options.my = lib.setAttrByPath (optionPath) {
enable = (lib.mkEnableOption optionName) // {
inherit default;
};
};
config = lib.mkIf cfg.enable config';
};
makeHomePackageConfig =
{
config,
pkgs,
packageName,
packagePath,
optionPath,
extraConfig ? { },
}:
lib.my.makeSwitch {
inherit config optionPath;
optionName = packageName;
config' = lib.mkMerge [
{
my.home.home.packages = [ (lib.getAttrFromPath packagePath pkgs) ];
}
extraConfig
];
};
makeHomeProgramConfig =
{
config,
programName,
optionPath,
extraConfig ? { },
}:
lib.my.makeSwitch {
inherit config optionPath;
optionName = programName;
config' = lib.mkMerge [
{
my.home.programs = lib.setAttrByPath [ programName "enable" ] true;
}
extraConfig
];
};
makeNixosPackageConfig =
{
config,
pkgs,
packageName,
packagePath,
optionPath,
extraConfig ? { },
}:
lib.my.makeSwitch {
inherit config optionPath;
optionName = packageName;
config' = lib.mkMerge [
{
environment.systemPackages = [ (lib.getAttrFromPath packagePath pkgs) ];
}
extraConfig
];
};
makeNixosProgramConfig =
{
config,
programName,
optionPath,
extraConfig ? { },
}:
lib.my.makeSwitch {
inherit config optionPath;
optionName = programName;
config' = lib.mkMerge [
{
programs = lib.setAttrByPath [ programName "enable" ] true;
}
extraConfig
];
};
}

14
lib/stdlib-extended.nix
View File

@@ -1,14 +0,0 @@
# Just a convenience function that returns the given Nixpkgs standard
# library extended with the imxyy library.
stdlib:
let
mkMyLib = import ./.;
in
stdlib.extend (
self: super: {
my = mkMyLib { lib = self; };
umport = import ./umport.nix { lib = self; };
}
)

33
lib/umport.nix
View File

@@ -13,6 +13,7 @@ let
paths ? [ ], paths ? [ ],
include ? [ ], include ? [ ],
exclude ? [ ], exclude ? [ ],
extraExcludePredicate ? _: true,
recursive ? true, recursive ? true,
}: }:
with lib; with lib;
@@ -22,26 +23,22 @@ let
excludedDirs = filter (path: pathIsDirectory path) exclude; excludedDirs = filter (path: pathIsDirectory path) exclude;
isExcluded = isExcluded =
path: path:
if elem path excludedFiles then (elem path excludedFiles)
true || ((filter (excludedDir: lib.path.hasPrefix excludedDir path) excludedDirs) != [ ])
else || extraExcludePredicate path;
(filter (excludedDir: lib.path.hasPrefix excludedDir path) excludedDirs) != [ ];
in in
unique ( unique (
(filter (filter (file: pathIsRegularFile file && hasSuffix ".nix" (toString file) && !isExcluded file) (
(file: pathIsRegularFile file && hasSuffix ".nix" (builtins.toString file) && !isExcluded file) concatMap (
( path:
concatMap ( if recursive then
_path: toList path
if recursive then else
toList _path mapAttrsToList (
else name: type: path + (if type == "directory" then "/${name}/default.nix" else "/${name}")
mapAttrsToList ( ) (builtins.readDir path)
name: type: _path + (if type == "directory" then "/${name}/default.nix" else "/${name}") ) (unique (if path == null then paths else [ path ] ++ paths))
) (builtins.readDir _path) ))
) (unique (if path == null then paths else [ path ] ++ paths))
)
)
++ (if recursive then concatMap (path: toList path) (unique include) else unique include) ++ (if recursive then concatMap (path: toList path) (unique include) else unique include)
); );
in in

29
modules/audio.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
username,
...
}:
let
cfg = config.my.audio;
in
{
options.my.audio = {
enable = lib.mkEnableOption "default audio settings";
};
config = lib.mkIf cfg.enable {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
audio.enable = true;
};
users.extraUsers.${username}.extraGroups = [ "audio" ];
my.persist.homeDirs = [ ".local/state/wireplumber" ];
my.hm.home.packages = [ pkgs.pwvucontrol ];
};
}

23
modules/bluetooth.nix Normal file
View File

@@ -0,0 +1,23 @@
{ config, lib, ... }:
let
cfg = config.my.bluetooth;
in
{
options.my.bluetooth = {
enable = lib.mkEnableOption "default bluetooth settings";
};
config = lib.mkIf cfg.enable {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
Disable = "HeadSet";
MultiProfile = "multiple";
};
};
};
};
}

17
modules/cli/all.nix
View File

@@ -1,12 +1,13 @@
{ config, lib, ... }: { config, lib, ... }:
lib.my.makeSwitch { let
inherit config; cfg = config.my.cli.all;
optionName = "all command line tools"; in
optionPath = [ {
"cli" options.my.cli.all = {
"all" enable = lib.mkEnableOption "all command line tools";
]; };
config' = {
config = lib.mkIf cfg.enable {
my.cli = { my.cli = {
media.all.enable = true; media.all.enable = true;
misc.enable = true; misc.enable = true;

20
modules/cli/media/all.nix
View File

@@ -1,17 +1,15 @@
{ config, lib, ... }: { config, lib, ... }:
lib.my.makeSwitch { let
inherit config; cfg = config.my.cli.media.all;
optionName = "all command line media tools"; in
optionPath = [ {
"cli" options.my.cli.media.all = {
"media" enable = lib.mkEnableOption "all command line media tools";
"all" };
];
config' = { config = lib.mkIf cfg.enable {
my.cli.media = { my.cli.media = {
cava.enable = true;
go-musicfox.enable = true; go-musicfox.enable = true;
mpd.enable = true;
ffmpeg.enable = true; ffmpeg.enable = true;
}; };
}; };

167
modules/cli/media/cava/config/config
View File

@@ -1,167 +0,0 @@
## Configuration file for CAVA. Default values are commented out. Use either ';' or '#' for commenting.
[general]
# Smoothing mode. Can be 'normal', 'scientific' or 'waves'.
mode = normal
# Accepts only non-negative values.
framerate = 60
# 'autosens' will attempt to decrease sensitivity if the bars peak. 1 = on, 0 = off
# 'overshoot' allows bars to overshoot (in % of terminal height) without initiating autosens.
; autosens = 1
; overshoot = 20
# Manual sensitivity in %. Autosens must be turned off for this to take effect.
# 200 means double height. Accepts only non-negative values.
; sensitivity = 100
# The number of bars (0-200). 0 sets it to auto (fill up console).
# Bars' width and space between bars in number of characters.
bars = 0
bar_width = 5
bar_spacing = 1
# Lower and higher cutoff frequencies for lowest and highest bars
# the bandwidth of the visualizer.
# Note: there is a minimum total bandwidth of 43Mhz x number of bars.
# Cava will automatically increase the higher cutoff if a too low band is specified.
; lower_cutoff_freq = 50
; higher_cutoff_freq = 10000
[input]
# Audio capturing method. Possible methods are: 'pulse', 'alsa' or 'fifo'.
# Defaults to 'pulse', 'alsa' or 'fifo', in that order, dependent on what support cava was built with.
#
# All input methods uses the same config variable 'source'
# to define where it should get the audio.
#
# For pulseaudio 'source' will be the source. Default: 'auto', which uses the monitor source of the default sink
# (all pulseaudio sinks(outputs) have 'monitor' sources(inputs) associated with them).
#
# For alsa 'source' will be the capture device.
# For fifo 'source' will be the path to fifo-file.
method = pulse
source = auto
; method = alsa
; source = hw:Loopback,1
; method = fifo
; source = /tmp/mpd.fifo
[output]
# Ouput method. Can be 'ncurses', 'noncurses' or 'raw'.
# 'noncurses' is for systems that does not suport ncurses.
# 'raw' is a 16 bit data stream of the bar heights that can be used to send to other applications.
# 'raw' defaults to 200 bars, which can be adjusted in the 'bars' option above.
method = ncurses
# Visual styles. Can be 'stereo' or 'mono'.
# 'stereo' mirrors both channels with low frequencies in center.
# 'mono' averages both channels and outputs left to right lowest to highest frequencies.
style = mono
# Raw output target. A fifo will be created if target does not exist.
; raw_target = /dev/stdout
# Raw data format. Can be 'binary' or 'ascii'.
; data_format = binary
# Binary bit format, can be '8bit' (0-255) or '16bit' (0-65530).
; bit_format = 16bit
# Ascii max value. In 'ascii' mode range will run from 0 to value specified here
; ascii_max_range = 1000
# Ascii delimiters. In ascii format each bar and frame is separated by a delimiters.
# Use decimal value in ascii table (i.e. 59 = ';' and 10 = '\n' (line feed)).
; bar_delimiter = 59
; frame_delimiter = 10
# [color]
# # Colors can be one of seven predefined: black, blue, cyan, green, magenta, red, white, yellow.
# # Or defined by hex code '#xxxxxx' (hex code must be within ''). User defined colors requires a
# # terminal that can change color definitions such as Gnome-terminal or rxvt.
# ; background = black
# ; foreground = cyan
# # Gradient mode, only hex defined colors are supported, background must also be defined in hex
# # or remain commented out. 1 = on, 0 = off. Warning: for certain terminal emulators cava will
# # not able to restore color definitions on exit, simply restart your terminal to restore colors.
# gradient = 1
# gradient_color_1 = '#0099ff'
# gradient_color_2 = '#ff3399'
[smoothing]
# Multiplier for the integral smoothing calculations. Takes values from 0-0.99.
# Higher values means smoother, but less precise. Set to 0 to disable.
; integral = 0.7
# Disables or enables the so-called "Monstercat smoothing". Set to 0 to disable.
; monstercat = 1
; waves = 1
# Set gravity multiplier for "drop off". Higher values means bars will drop faster.
# Accepts only non-negative values. 0.5 means half gravity, 2 means double. Set to 0 to disable "drop off".
; gravity = 2
# In bar height, bars that would have been lower that this will not be drawn.
; ignore = 0
[eq]
# This one is tricky. You can have as much keys as you want.
# Remember to uncomment more then one key! More keys = more precision.
# Look at readme.md on github for further explanations and examples.
#; 1 = 1 # bass
#; 2 = 1
#; 3 = 1 # midtone
#; 4 = 1
#; 5 = 1 # treble
1=1
2=1
3=2
4=1
5=1
[color]
#background = '#191724'
gradient = 1
gradient_count = 6
gradient_color_1 = '#31748f'
gradient_color_2 = '#9ccfd8'
gradient_color_3 = '#c4a7e7'
gradient_color_4 = '#ebbcba'
gradient_color_5 = '#f6c177'
gradient_color_6 = '#eb6f92'
[color]
gradient = 1
gradient_color_1 = '#94e2d5'
gradient_color_2 = '#89dceb'
gradient_color_3 = '#74c7ec'
gradient_color_4 = '#89b4fa'
gradient_color_5 = '#cba6f7'
gradient_color_6 = '#f5c2e7'
gradient_color_7 = '#eba0ac'
gradient_color_8 = '#f38ba8'

167
modules/cli/media/cava/config/config-applet
View File

@@ -1,167 +0,0 @@
## Configuration file for CAVA. Default values are commented out. Use either ';' or '#' for commenting.
[general]
# Smoothing mode. Can be 'normal', 'scientific' or 'waves'.
mode = normal
# Accepts only non-negative values.
framerate = 60
# 'autosens' will attempt to decrease sensitivity if the bars peak. 1 = on, 0 = off
# 'overshoot' allows bars to overshoot (in % of terminal height) without initiating autosens.
; autosens = 1
; overshoot = 20
# Manual sensitivity in %. Autosens must be turned off for this to take effect.
# 200 means double height. Accepts only non-negative values.
; sensitivity = 100
# The number of bars (0-200). 0 sets it to auto (fill up console).
# Bars' width and space between bars in number of characters.
bars = 0
bar_width = 2
bar_spacing = 1
# Lower and higher cutoff frequencies for lowest and highest bars
# the bandwidth of the visualizer.
# Note: there is a minimum total bandwidth of 43Mhz x number of bars.
# Cava will automatically increase the higher cutoff if a too low band is specified.
; lower_cutoff_freq = 50
; higher_cutoff_freq = 10000
[input]
# Audio capturing method. Possible methods are: 'pulse', 'alsa' or 'fifo'.
# Defaults to 'pulse', 'alsa' or 'fifo', in that order, dependent on what support cava was built with.
#
# All input methods uses the same config variable 'source'
# to define where it should get the audio.
#
# For pulseaudio 'source' will be the source. Default: 'auto', which uses the monitor source of the default sink
# (all pulseaudio sinks(outputs) have 'monitor' sources(inputs) associated with them).
#
# For alsa 'source' will be the capture device.
# For fifo 'source' will be the path to fifo-file.
method = pulse
source = auto
; method = alsa
; source = hw:Loopback,1
; method = fifo
; source = /tmp/mpd.fifo
[output]
# Ouput method. Can be 'ncurses', 'noncurses' or 'raw'.
# 'noncurses' is for systems that does not suport ncurses.
# 'raw' is a 16 bit data stream of the bar heights that can be used to send to other applications.
# 'raw' defaults to 200 bars, which can be adjusted in the 'bars' option above.
method = ncurses
# Visual styles. Can be 'stereo' or 'mono'.
# 'stereo' mirrors both channels with low frequencies in center.
# 'mono' averages both channels and outputs left to right lowest to highest frequencies.
style = mono
# Raw output target. A fifo will be created if target does not exist.
; raw_target = /dev/stdout
# Raw data format. Can be 'binary' or 'ascii'.
; data_format = binary
# Binary bit format, can be '8bit' (0-255) or '16bit' (0-65530).
; bit_format = 16bit
# Ascii max value. In 'ascii' mode range will run from 0 to value specified here
; ascii_max_range = 1000
# Ascii delimiters. In ascii format each bar and frame is separated by a delimiters.
# Use decimal value in ascii table (i.e. 59 = ';' and 10 = '\n' (line feed)).
; bar_delimiter = 59
; frame_delimiter = 10
# [color]
# # Colors can be one of seven predefined: black, blue, cyan, green, magenta, red, white, yellow.
# # Or defined by hex code '#xxxxxx' (hex code must be within ''). User defined colors requires a
# # terminal that can change color definitions such as Gnome-terminal or rxvt.
# ; background = black
# ; foreground = cyan
# # Gradient mode, only hex defined colors are supported, background must also be defined in hex
# # or remain commented out. 1 = on, 0 = off. Warning: for certain terminal emulators cava will
# # not able to restore color definitions on exit, simply restart your terminal to restore colors.
# gradient = 1
# gradient_color_1 = '#0099ff'
# gradient_color_2 = '#ff3399'
[smoothing]
# Multiplier for the integral smoothing calculations. Takes values from 0-0.99.
# Higher values means smoother, but less precise. Set to 0 to disable.
; integral = 0.7
# Disables or enables the so-called "Monstercat smoothing". Set to 0 to disable.
; monstercat = 1
; waves = 1
# Set gravity multiplier for "drop off". Higher values means bars will drop faster.
# Accepts only non-negative values. 0.5 means half gravity, 2 means double. Set to 0 to disable "drop off".
; gravity = 1
# In bar height, bars that would have been lower that this will not be drawn.
; ignore = 0
[eq]
# This one is tricky. You can have as much keys as you want.
# Remember to uncomment more then one key! More keys = more precision.
# Look at readme.md on github for further explanations and examples.
#; 1 = 1 # bass
#; 2 = 1
#; 3 = 1 # midtone
#; 4 = 1
#; 5 = 1 # treble
1=1
2=1
3=2
4=1
5=1
[color]
#background = '#191724'
gradient = 1
gradient_count = 6
gradient_color_1 = '#31748f'
gradient_color_2 = '#9ccfd8'
gradient_color_3 = '#c4a7e7'
gradient_color_4 = '#ebbcba'
gradient_color_5 = '#f6c177'
gradient_color_6 = '#eb6f92'
[color]
gradient = 1
gradient_color_1 = '#94e2d5'
gradient_color_2 = '#89dceb'
gradient_color_3 = '#74c7ec'
gradient_color_4 = '#89b4fa'
gradient_color_5 = '#cba6f7'
gradient_color_6 = '#f5c2e7'
gradient_color_7 = '#eba0ac'
gradient_color_8 = '#f38ba8'

79
modules/cli/media/cava/config/shaders/bar_spectrum.frag
View File

@@ -1,79 +0,0 @@
#version 330
in vec2 fragCoord;
out vec4 fragColor;
// bar values. defaults to left channels first (low to high), then right (high to low).
uniform float bars[512];
uniform int bars_count; // number of bars (left + right) (configurable)
uniform int bar_width; // bar width (configurable), not used here
uniform int bar_spacing; // space bewteen bars (configurable)
uniform vec3 u_resolution; // window resolution
//colors, configurable in cava config file (r,g,b) (0.0 - 1.0)
uniform vec3 bg_color; // background color
uniform vec3 fg_color; // foreground color
uniform int gradient_count;
uniform vec3 gradient_colors[8]; // gradient colors
vec3 normalize_C(float y,vec3 col_1, vec3 col_2, float y_min, float y_max)
{
//create color based on fraction of this color and next color
float yr = (y - y_min) / (y_max - y_min);
return col_1 * (1.0 - yr) + col_2 * yr;
}
void main()
{
// find which bar to use based on where we are on the x axis
float x = u_resolution.x * fragCoord.x;
int bar = int(bars_count * fragCoord.x);
//calculate a bar size
float bar_size = u_resolution.x / bars_count;
//the y coordinate and bar values are the same
float y = bars[bar];
// make sure there is a thin line at bottom
if (y * u_resolution.y < 1.0)
{
y = 1.0 / u_resolution.y;
}
//draw the bar up to current height
if (y > fragCoord.y)
{
//make some space between bars basen on settings
if (x > (bar + 1) * (bar_size) - bar_spacing)
{
fragColor = vec4(bg_color,1.0);
}
else
{
if (gradient_count == 0)
{
fragColor = vec4(fg_color,1.0);
}
else
{
//find which color in the configured gradient we are at
int color = int((gradient_count - 1) * fragCoord.y);
//find where on y this and next color is supposed to be
float y_min = color / (gradient_count - 1.0);
float y_max = (color + 1.0) / (gradient_count - 1.0);
//make color
fragColor = vec4(normalize_C(fragCoord.y, gradient_colors[color], gradient_colors[color + 1], y_min, y_max), 1.0);
}
}
}
else
{
fragColor = vec4(bg_color,1.0);
}
}

38
modules/cli/media/cava/config/shaders/normalized_bars.frag
View File

@@ -1,38 +0,0 @@
#version 330
in vec2 fragCoord;
out vec4 fragColor;
// bar values. defaults to left channels first (low to high), then right (high to low).
uniform float bars[512];
uniform int bars_count; // number of bars (left + right) (configurable)
uniform vec3 u_resolution; // window resolution, not used here
//colors, configurable in cava config file
uniform vec3 bg_color; // background color(r,g,b) (0.0 - 1.0), not used here
uniform vec3 fg_color; // foreground color, not used here
float normalize_C(float x, float x_min, float x_max, float r_min, float r_max )
{
float xr;
xr = (r_max-r_min) * (x - x_min) / (x_max - x_min) + r_min;
return xr;
}
void main()
{
// find which bar to use based on where we are on the x axis
int bar = int(bars_count * fragCoord.x);
// create a normal along the y axis based on the bar height
float x = normalize_C(fragCoord.y, 1.0, 0.0, 0.0, bars[bar]);
// set color
fragColor.r=fg_color.x*x;
fragColor.g=fg_color.y*x;
fragColor.b=fg_color.z*x;
fragColor.a=1.0;
}

34
modules/cli/media/cava/config/shaders/northern_lights.frag
View File

@@ -1,34 +0,0 @@
#version 330
in vec2 fragCoord;
out vec4 fragColor;
// bar values. defaults to left channels first (low to high), then right (high to low).
uniform float bars[512];
uniform int bars_count; // number of bars (left + right) (configurable)
uniform vec3 u_resolution; // window resolution, not used here
//colors, configurable in cava config file
uniform vec3 bg_color; // background color(r,g,b) (0.0 - 1.0), not used here
uniform vec3 fg_color; // foreground color, not used here
void main()
{
// find which bar to use based on where we are on the x axis
int bar = int(bars_count * fragCoord.x);
float bar_y = 1.0 - abs((fragCoord.y - 0.5)) * 2.0;
float y = (bars[bar]) * bar_y;
float bar_x = (fragCoord.x - float(bar) / float(bars_count)) * bars_count;
float bar_r = 1.0 - abs((bar_x - 0.5)) * 2;
bar_r = bar_r * bar_r * 2;
// set color
fragColor.r = fg_color.x * y * bar_r;
fragColor.g = fg_color.y * y * bar_r;
fragColor.b = fg_color.z * y * bar_r;
}

14
modules/cli/media/cava/config/shaders/pass_through.vert
View File

@@ -1,14 +0,0 @@
#version 330
// Input vertex data, different for all executions of this shader.
layout(location = 0) in vec3 vertexPosition_modelspace;
// Output data ; will be interpolated for each fragment.
out vec2 fragCoord;
void main()
{
gl_Position = vec4(vertexPosition_modelspace,1);
fragCoord = (vertexPosition_modelspace.xy+vec2(1,1))/2.0;
}

22
modules/cli/media/cava/default.nix
View File

@@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
lib.my.makeHomePackageConfig {
inherit config pkgs;
packageName = "cava";
packagePath = [ "cava" ];
optionPath = [
"cli"
"media"
"cava"
];
extraConfig = {
my.home.xdg.configFile."cava" = {
source = ./config;
recursive = true;
};
};
}

20
modules/cli/media/ffmpeg.nix
View File

@@ -4,13 +4,15 @@
pkgs, pkgs,
... ...
}: }:
lib.my.makeHomePackageConfig { let
inherit config pkgs; cfg = config.my.cli.media.ffmpeg;
packageName = "ffmpeg"; in
packagePath = [ "ffmpeg" ]; {
optionPath = [ options.my.cli.media.ffmpeg = {
"cli" enable = lib.mkEnableOption "ffmpeg";
"media" };
"ffmpeg"
]; config = lib.mkIf cfg.enable {
my.hm.home.packages = [ pkgs.ffmpeg ];
};
} }

40
modules/cli/media/go-musicfox.nix Normal file
View File

@@ -0,0 +1,40 @@
{
config,
lib,
pkgs,
secrets,
...
}:
let
cfg = config.my.cli.media.go-musicfox;
in
{
options.my.cli.media.go-musicfox = {
enable = lib.mkEnableOption "go-musicfox";
};
config = lib.mkIf cfg.enable {
my = {
hm = {
home.packages = with pkgs; [
playerctl
go-musicfox
];
sops.secrets.go-musicfox = {
sopsFile = secrets.go-musicfox;
format = "binary";
path = "${config.my.hm.xdg.configHome}/go-musicfox/config.toml";
};
};
desktop.media.mpv.enable = lib.mkForce true;
persist.homeDirs = [
".local/share/go-musicfox/db"
];
persist.homeFiles = [
".local/share/go-musicfox/cookie"
];
};
};
}

35
modules/cli/media/go-musicfox/default.nix
View File

@@ -1,35 +0,0 @@
{
config,
lib,
pkgs,
...
}:
lib.my.makeSwitch {
inherit config;
optionName = "go-musicfox";
optionPath = [
"cli"
"media"
"go-musicfox"
];
config' = {
my = {
home = {
home.packages = with pkgs; [
playerctl
go-musicfox
];
xdg.configFile."go-musicfox/go-musicfox.ini".source = ./go-musicfox.ini;
};
cli.media.mpd.enable = true;
persist.homeDirs = [
".config/go-musicfox/db"
];
persist.homeFiles = [
".config/go-musicfox/cookie"
];
};
};
}

97
modules/cli/media/go-musicfox/go-musicfox.ini
View File

@@ -1,97 +0,0 @@
# 启动页配置
[startup]
# 是否显示启动页
show=false
# 启动页进度条是否有回弹效果
progressOutBounce=true
# 启动页时长
loadingSeconds=2
# 启动页欢迎语
welcome=musicfox
# 启动时自动签到
signin=false
# 进度条配置
[progress]
# 进度条已加载字符
fullChar=#
# 进度条未加载字符
emptyChar=
# 主页面配置
[main]
# 是否显示标题
showTitle=true
# 加载中提示
loadingText=[加载中...]
# 歌曲音质可选项standard, exhigh, lossless, hires, jyeffect(高清环绕声), sky(沉浸环绕声), jymaster(超清母带) 进行音质判断
songLevel=hires
# 主题颜色
# 随机
# primaryColor=random
# 经典网易云音乐红
#primaryColor="#ea403f"
primaryColor="#6186D9"
# 是否显示歌词
showLyric=true
# 歌词偏移 ms
lyricOffset=0
# 显示歌词翻译
showLyricTrans=true
# 是否显示通知信息
showNotify=false
# 开启pprof, --pprof时会开启
pprofPort=9876
# altScreen显示模式
altScreen=true
# 双列显示,开启务必使用等宽字体
doubleColumn=true
# 下载目录,默认为$HOME/.go-musicfox/download
downloadDir=/home/imxyy/Music/go-musicfox
# 缓存目录,默认为${MUSICFOX_ROOT}/cache
cacheDir=/home/imxyy/Music/go-musicfox/.cache
# 缓存大小以MB为单位0为不使用缓存-1为不限制默认为0
cacheLimit=-1
# 是否显示歌单下所有歌曲默认不开启仅获取歌单前1000首开启后可能会占用更多内存大量歌曲数据和带宽会同时发送多个请求获取歌单下歌曲数据
showAllSongsOfPlaylist=false
# 动态显示menu行数
dynamicMenuRows=true
enableMouseEvent = false
[autoplay]
# 是否开启自动播放,默认不开启
autoPlay=true
# 自动播放歌单dailyReco,like,no保持上次退出时的设置无视offset,name:歌单名默认dailyReco
autoPlayList="no"
# 播放偏移0为第一首-1为最后一首默认为0
offset=0
# 播放模式listLoop, order, singleLoop, random, intelligent心动, last上次退出时的模式,default默认为last
playMode=singleLoop
[player]
# 播放引擎 beep / mpd(需要安装配置mpd) / osx(Mac才可用)
# 不填Mac默认使用osx其他系统默认使用beep推荐的配置
engine=mpd
# beep使用的mp3解码器可选go-mp3, minimp3 (minimp3更少的CPU占用但是稳定性不如go-mp3)
#beepMp3Decoder=go-mp3
# mpd配置
mpdBin=mpd
# !!!注意!!! 一定要在配置文件中设置pid_file否则在退出时不会kill掉mpd进程
mpdConfigFile=/home/imxyy/.config/mpd/mpd.conf
mpdNetwork=tcp
mpdAddr=127.0.0.1:6600
[unm]
# UNM开关
switch=true
# UNM源: kuwo,kugou,migu,qq
sources=kuwo,kugou
# UNM搜索其他平台限制 0-3
searchLimit=0
# 解除会员限制
enableLocalVip=true
# 解除音质限制
unlockSoundEffects=true
# QQ音乐cookie文件
qqCookieFile=

28
modules/cli/media/mpd/default.nix
View File

@@ -1,28 +0,0 @@
{
config,
lib,
pkgs,
...
}:
lib.my.makeSwitch {
inherit config;
optionName = "mpd";
optionPath = [
"cli"
"media"
"mpd"
];
config' = {
my.home = {
home.packages = with pkgs.stable; [
mpd
mpc-cli
];
services.mpris-proxy.enable = true;
xdg.configFile."mpd/mpd.conf".source = ./mpd.conf;
};
my.persist.homeFiles = [
".config/mpd/mpd.db"
];
};
}

30
modules/cli/media/mpd/mpd.conf
View File

@@ -1,30 +0,0 @@
bind_to_address "127.0.0.1"
port "6600"
music_directory "/home/imxyy/Music/go-musicfox/.cache"
pid_file "/home/imxyy/.config/mpd/mpd.pid"
db_file "/home/imxyy/.config/mpd/mpd.db"
input {
plugin "file"
enabled "yes"
}
input {
plugin "curl"
enabled "yes"
}
decoder {
plugin "ffmpeg"
enabled "yes"
}
audio_output {
type "pipewire"
name "pipewire"
}
audio_output {
type "pulse"
name "pulseaudio"
}

175
modules/cli/misc.nix
View File

@@ -2,24 +2,24 @@
config, config,
lib, lib,
pkgs, pkgs,
username,
userfullname,
useremail,
... ...
}: }:
lib.my.makeSwitch { let
inherit config; cfg = config.my.cli.misc;
default = true; in
optionName = "misc command line tools"; {
optionPath = [ options.my.cli.misc = {
"cli" enable = lib.mkOption {
"misc" type = lib.types.bool;
]; default = true;
config' = { description = "Enable misc command line tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
wget wget
git
file file
gnused gnused
@@ -46,21 +46,33 @@ lib.my.makeSwitch {
programs.dconf.enable = true; programs.dconf.enable = true;
my.home = { my.persist.homeDirs = [
".local/share/zoxide"
".config/television/cable"
];
my.hm = {
home.packages = with pkgs; [ home.packages = with pkgs; [
lsd # keep-sorted start
fd
neofetch
fzf
bat
ripgrep
aria2 aria2
bat
comma
fastfetch
fd
fzf
keep-sorted
lsd
neofetch
ripgrep
socat socat
typos
# keep-sorted end
]; ];
programs.tmux = { programs.tmux = {
enable = true; enable = true;
extraConfig = "set-option -g mouse on"; extraConfig = ''
set-option -g mouse on
set-option -a terminal-features ",xterm-256color:RGB,focus,clipboard,usstyle"
'';
plugins = [ plugins = [
(pkgs.tmuxPlugins.mkTmuxPlugin { (pkgs.tmuxPlugins.mkTmuxPlugin {
pluginName = "tokyo-night-tmux"; pluginName = "tokyo-night-tmux";
@@ -80,6 +92,125 @@ lib.my.makeSwitch {
enableAutoUpdates = true; enableAutoUpdates = true;
settings.updates.auto_update = true; settings.updates.auto_update = true;
}; };
programs.television = {
enable = true;
enableZshIntegration = true;
enableFishIntegration = true;
};
programs.zoxide = {
enable = true;
enableZshIntegration = true;
enableFishIntegration = true;
};
xdg.configFile."fastfetch/config.jsonc".text = ''
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"display": {
"separator": " "
},
"modules": [
// Title
{
"type": "title",
"format": "{user-name-colored}{#}@{host-name-colored}"
},
{
"type": "custom",
"format": "---------------"
},
// System Information
{
"type": "custom",
"format": "{#}System Information"
},
{
"type": "os",
"key": "{#keys}󰍹 OS"
},
{
"type": "kernel",
"key": "{#keys}󰒋 Kernel"
},
{
"type": "uptime",
"key": "{#keys}󰅐 Uptime"
},
{
"type": "packages",
"key": "{#keys}󰏖 Packages",
"format": "{all}"
},
{
"type": "custom",
"format": ""
},
// Desktop Environment
{
"type": "custom",
"format": "{#}Desktop Environment"
},
{
"type": "de",
"key": "{#keys}󰧨 DE"
},
{
"type": "wm",
"key": "{#keys}󱂬 WM"
},
{
"type": "wmtheme",
"key": "{#keys}󰉼 Theme"
},
{
"type": "display",
"key": "{#keys}󰹑 Resolution"
},
{
"type": "shell",
"key": "{#keys}󰞷 Shell"
},
{
"type": "terminalfont",
"key": "{#keys}󰛖 Font"
},
{
"type": "custom",
"format": ""
},
// Hardware Information
{
"type": "custom",
"format": "{#}Hardware Information"
},
{
"type": "cpu",
"key": "{#keys}󰻠 CPU"
},
{
"type": "gpu",
"key": "{#keys}󰢮 GPU"
},
{
"type": "memory",
"key": "{#keys}󰍛 Memory"
},
{
"type": "disk",
"key": "{#keys}󰋊 Disk (/)",
"folders": "/"
},
{
"type": "custom",
"format": ""
},
// Colors
{
"type": "colors",
"symbol": "circle"
},
]
}
'';
}; };
}; };
} }

18
modules/cli/monitor/all.nix
View File

@@ -1,13 +1,13 @@
{ config, lib, ... }: { config, lib, ... }:
lib.my.makeSwitch { let
inherit config; cfg = config.my.cli.monitor.all;
optionName = "all command line monitor tools"; in
optionPath = [ {
"cli" options.my.cli.monitor.all = {
"monitor" enable = lib.mkEnableOption "all command line monitor tools";
"all" };
];
config' = { config = lib.mkIf cfg.enable {
my.cli.monitor = { my.cli.monitor = {
btop.enable = true; btop.enable = true;
}; };

2
modules/cli/monitor/btop/config/themes/nord.theme
View File

@@ -18,7 +18,7 @@ theme[main_fg]="#D8DEE9"
# Title color for boxes # Title color for boxes
theme[title]="#8FBCBB" theme[title]="#8FBCBB"
# Higlight color for keyboard shortcuts # Highlight color for keyboard shortcuts
theme[hi_fg]="#5E81AC" theme[hi_fg]="#5E81AC"
# Background color of selected item in processes box # Background color of selected item in processes box

22
modules/cli/monitor/btop/default.nix
View File

@@ -4,17 +4,17 @@
pkgs, pkgs,
... ...
}: }:
lib.my.makeHomePackageConfig { let
inherit config pkgs; cfg = config.my.cli.monitor.btop;
packageName = "btop"; in
packagePath = [ "btop" ]; {
optionPath = [ options.my.cli.monitor.btop = {
"cli" enable = lib.mkEnableOption "btop";
"monitor" };
"btop"
]; config = lib.mkIf cfg.enable {
extraConfig = { my.hm.home.packages = [ pkgs.btop ];
my.home.xdg.configFile."btop" = { my.hm.xdg.configFile."btop" = {
source = ./config; source = ./config;
recursive = true; recursive = true;
}; };

20
modules/cli/shell/all.nix
View File

@@ -1,15 +1,17 @@
{ config, lib, ... }: { config, lib, ... }:
lib.my.makeSwitch { let
inherit config; cfg = config.my.cli.shell.all;
optionName = "all shells"; in
optionPath = [ {
"cli" options.my.cli.shell.all = {
"shell" enable = lib.mkEnableOption "all shells";
"all" };
];
config' = { config = lib.mkIf cfg.enable {
my.cli.shell = { my.cli.shell = {
zsh.enable = true; zsh.enable = true;
fish.enable = true;
starship.enable = true;
}; };
}; };
} }

34
modules/cli/shell/defaultShell.nix Normal file
View File

@@ -0,0 +1,34 @@
{
lib,
config,
username,
...
}:
let
cfg = config.my.cli.shell;
in
{
options.my.cli.shell.default = lib.mkOption {
type = lib.types.enum [
"fish"
"zsh"
];
default = "fish";
};
config = lib.mkMerge [
(lib.mkIf (cfg.default == "fish") {
my.cli.shell.fish.enable = true;
users.users.${username} = {
shell = config.my.hm.programs.fish.package;
# do not need `programs.fish.enable = true` since fish is managed by home-manager
ignoreShellProgramCheck = true;
};
})
(lib.mkIf (cfg.default == "zsh") {
my.cli.shell.zsh.enable = true;
users.users.${username}.shell = config.my.hm.programs.zsh.package;
})
];
}

108
modules/cli/shell/fish.nix Normal file
View File

@@ -0,0 +1,108 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.cli.shell.fish;
in
{
options.my.cli.shell.fish = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable default fish settings";
};
};
config = lib.mkIf cfg.enable {
my.persist = {
homeDirs = [
".local/share/fish"
];
};
my.hm = {
xdg.configFile."fish/themes/tokyonight_storm.theme".source = builtins.fetchurl {
url = "https://raw.githubusercontent.com/folke/tokyonight.nvim/refs/tags/v4.14.1/extras/fish_themes/tokyonight_storm.theme";
sha256 = "02n1w5x65683c8mlwg1rav06iqm3xk90zq45qmygpm7pzyn8dqh1";
};
programs.starship.enableFishIntegration = false;
programs.fish = {
enable = true;
plugins = [
{
name = "extract";
src = pkgs.fetchFromGitHub {
owner = "hexclover";
repo = "fish-extract-ng";
tag = "v0.1";
hash = "sha256-yef5NX4HdZ3ab/2AzNrvvhi0CbeTvXYKZmyH76gIpyk=";
};
}
];
shellAliases = {
la = "lsd -lah";
ls = "lsd";
svim = "doasedit";
nf = "fastfetch";
};
interactiveShellInit = lib.mkBefore ''
fish_vi_key_bindings
fish_config theme choose tokyonight_storm
${lib.optionalString config.my.cli.shell.starship.enable "source ${./starship.fish}"}
'';
functions = {
fish_greeting = "";
yank_to_clipboard = {
description = "Insert latest killring entry into the system clipboard";
body = ''printf "%s" "$fish_killring[1]" | fish_clipboard_copy'';
};
fish_user_key_bindings = ''
# make vi mode yanks copy to clipboard
bind yy kill-whole-line yank_to_clipboard yank
bind Y kill-whole-line yank_to_clipboard yank
bind y,\$ kill-line yank_to_clipboard yank
bind y,\^ backward-kill-line yank_to_clipboard yank
bind y,0 backward-kill-line yank_to_clipboard yank
bind y,w kill-word yank_to_clipboard yank
bind y,W kill-bigword yank_to_clipboard yank
bind y,i,w forward-single-char forward-single-char backward-word kill-word yank_to_clipboard yank
bind y,i,W forward-single-char forward-single-char backward-bigword kill-bigword yank_to_clipboard yank
bind y,a,w forward-single-char forward-single-char backward-word kill-word yank_to_clipboard yank
bind y,a,W forward-single-char forward-single-char backward-bigword kill-bigword yank_to_clipboard yank
bind y,e kill-word yank_to_clipboard yank
bind y,E kill-bigword yank_to_clipboard yank
bind y,b backward-kill-word yank_to_clipboard yank
bind y,B backward-kill-bigword yank_to_clipboard yank
bind y,g,e backward-kill-word yank_to_clipboard yank
bind y,g,E backward-kill-bigword yank_to_clipboard yank
bind y,f begin-selection forward-jump kill-selection yank_to_clipboard yank end-selection
bind y,t begin-selection forward-jump-till kill-selection yank_to_clipboard yank end-selection
bind y,F begin-selection backward-jump kill-selection yank_to_clipboard yank end-selection
bind y,T begin-selection backward-jump-till kill-selection yank_to_clipboard yank end-selection
bind y,h backward-char begin-selection kill-selection yank_to_clipboard yank end-selection
bind y,l begin-selection kill-selection yank_to_clipboard yank end-selection
bind y,i,b jump-till-matching-bracket and jump-till-matching-bracket and begin-selection jump-till-matching-bracket kill-selection yank_to_clipboard yank end-selection
bind y,a,b jump-to-matching-bracket and jump-to-matching-bracket and begin-selection jump-to-matching-bracket kill-selection yank_to_clipboard yank end-selection
bind y,i backward-jump-till and repeat-jump-reverse and begin-selection repeat-jump kill-selection yank_to_clipboard yank end-selection
bind y,a backward-jump and repeat-jump-reverse and begin-selection repeat-jump kill-selection yank_to_clipboard yank end-selection
bind -M visual -m default y kill-selection yank_to_clipboard yank end-selection repaint-mode
# use system clipboard for vi mode pastes
bind -s p 'set -g fish_cursor_end_mode exclusive' forward-char 'set -g fish_cursor_end_mode inclusive' fish_clipboard_paste
bind -s P fish_clipboard_paste
'';
nix-closure-size = {
body = ''
nix path-info --recursive --size --closure-size \
--human-readable $(readlink -f $(which $program))
'';
argumentNames = [ "program" ];
};
};
};
};
};
}

143
modules/cli/shell/starship.fish Normal file
View File

@@ -0,0 +1,143 @@
# This file is modified from:
# https://github.com/tyler-stefani/starship/blob/main/conf.d/starship.fish
# The MIT License can be found here:
# https://github.com/tyler-stefani/starship/blob/main/LICENSE
status is-interactive
or exit 0
# set temp file and signal for async prompts
if test -n "$XDG_RUNTIME_DIR"
set -g starship_temp_dir "$XDG_RUNTIME_DIR"/fish-async-prompt
else
set -g starship_temp_dir /tmp/fish-async-prompt
end
mkdir -p "$starship_temp_dir"
set -g starship_temp_file "$starship_temp_dir"/"$fish_pid"_last_prompt
set -g starship_async_signal SIGUSR1
function fish_prompt
if test "$TRANSIENT" = "1"
starship_transient_prompt_func
else if test -e $starship_temp_file
cat $starship_temp_file
else
starship_transient_prompt_func
end
end
function starship_transient_prompt_func
# Clear from cursor to end of screen as `commandline -f repaint` does not do this
# See https://github.com/fish-shell/fish-shell/issues/8418
printf \e\[0J
starship module character
end
function fish_right_prompt
switch "$fish_key_bindings"
case fish_hybrid_key_bindings fish_vi_key_bindings
set STARSHIP_KEYMAP "$fish_bind_mode"
case '*'
set STARSHIP_KEYMAP insert
end
set STARSHIP_CMD_PIPESTATUS $pipestatus
set STARSHIP_CMD_STATUS $status
# Account for changes in variable name between v2.7 and v3.0
set STARSHIP_DURATION "$CMD_DURATION$cmd_duration"
set STARSHIP_JOBS (count (jobs -p))
if test "$TRANSIENT" = "1"
if type -q starship_transient_rprompt_func
starship_transient_rprompt_func
else
printf ""
end
else
starship prompt --right --terminal-width="$COLUMNS" --status=$STARSHIP_CMD_STATUS --pipestatus="$STARSHIP_CMD_PIPESTATUS" --keymap=$STARSHIP_KEYMAP --cmd-duration=$STARSHIP_DURATION --jobs=$STARSHIP_JOBS
end
end
# Disable virtualenv prompt, it breaks starship
set -g VIRTUAL_ENV_DISABLE_PROMPT 1
# Remove default mode prompt
builtin functions -e fish_mode_prompt
set -gx STARSHIP_SHELL fish
# Transience related functions
function reset-transient --on-event fish_postexec
set -g TRANSIENT 0
end
function transient_execute
if commandline --is-valid
set -g TRANSIENT 1
commandline -f repaint
else
set -g TRANSIENT 0
end
commandline -f execute
end
function transient_cancel
if string length -q -- (commandline)
set -g TRANSIENT 1
commandline -f repaint
end
commandline -f cancel-commandline
end
# --user is the default, but listed anyway to make it explicit.
function enable_transience --description 'enable transient prompt keybindings'
bind --user \r transient_execute
bind --user -M insert \r transient_execute
bind --user \cc transient_cancel
end
# Erase the transient prompt related key bindings.
# --user is the default, but listed anyway to make it explicit.
# Erasing a user binding will revert to the preset.
function disable_transience --description 'remove transient prompt keybindings'
bind --user -e \r
bind --user -M insert -e \r
bind --user -e \cc
end
# Set up the session key that will be used to store logs
# We don't use `random [min] [max]` because it is unavailable in older versions of fish shell
set -gx STARSHIP_SESSION_KEY (string sub -s1 -l16 (random)(random)(random)(random)(random)0000000000000000)
# async related functions
function write_prompt_to_temp --on-event fish_prompt
switch "$fish_key_bindings"
case fish_hybrid_key_bindings fish_vi_key_bindings
set STARSHIP_KEYMAP "$fish_bind_mode"
case '*'
set STARSHIP_KEYMAP insert
end
set STARSHIP_CMD_PIPESTATUS $pipestatus
set STARSHIP_CMD_STATUS $status
# Account for changes in variable name between v2.7 and v3.0
set STARSHIP_DURATION "$CMD_DURATION$cmd_duration"
set STARSHIP_JOBS (count (jobs -p))
# MODIFIED: '"$STARSHIP_CMD_PIPESTATUS"' -> '$STARSHIP_CMD_PIPESTATUS'
fish -c 'starship prompt \
--terminal-width='"$COLUMNS"' \
--status='$STARSHIP_CMD_STATUS' \
--pipestatus='$STARSHIP_CMD_PIPESTATUS' \
--keymap='$STARSHIP_KEYMAP' \
--cmd-duration='$STARSHIP_DURATION' \
--jobs='$STARSHIP_JOBS' > '$starship_temp_file' \
&& kill -s '"$starship_async_signal"' '"$fish_pid"'' &
disown
end
function repaint_prompt_on_signal --on-signal "$starship_async_signal"
commandline -f repaint
end
function remove_temp_prompt_on_exit --on-event fish_exit
rm -f $starship_temp_file
end

21
modules/cli/shell/starship.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, lib, ... }:
let
cfg = config.my.cli.shell.starship;
in
{
options.my.cli.shell.starship = {
enable = lib.mkEnableOption "starship prompt";
};
config = lib.mkIf cfg.enable {
my.hm = {
programs.starship = {
enable = true;
settings = lib.recursiveUpdate (with builtins; fromTOML (readFile ./starship-preset.toml)) {
add_newline = false;
nix_shell.disabled = true;
};
};
};
};
}

166
modules/cli/shell/zsh.nix
View File

@@ -4,124 +4,58 @@
pkgs, pkgs,
... ...
}: }:
lib.my.makeSwitch { let
inherit config; cfg = config.my.cli.shell.zsh;
default = true; in
optionName = "default zsh settings"; {
optionPath = [ options.my.cli.shell.zsh = {
"cli" enable = lib.mkOption {
"shell" type = lib.types.bool;
"zsh" default = true;
]; description = "Enable default zsh settings";
config' = { };
my.persist.homeDirs = [ ".local/share/zoxide" ]; };
my.home =
let
stateHome = config.my.home.xdg.stateHome;
zsh-syntax-highlighting = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-syntax-highlighting";
rev = "0.8.0";
hash = "sha256-iJdWopZwHpSyYl5/FQXEW7gl/SrKaYDEtTH9cGP7iPo=";
};
fzf-tab = pkgs.fetchFromGitHub {
owner = "Aloxaf";
repo = "fzf-tab";
rev = "v1.2.0";
hash = "sha256-q26XVS/LcyZPRqDNwKKA9exgBByE0muyuNb0Bbar2lY=";
};
in
{
home.packages = with pkgs; [
fzf
zoxide
];
programs.starship = {
enable = true;
settings = lib.recursiveUpdate (with builtins; fromTOML (readFile ./starship-preset.toml)) {
add_newline = false;
custom = {
jj = {
ignore_timeout = true;
description = "The current jj status";
when = "jj root";
symbol = " ";
command = ''
jj log --revisions @ --no-graph --ignore-working-copy --color always --limit 1 --template '
separate(" ",
change_id.shortest(4),
bookmarks,
"|",
concat(
if(conflict, "💥"),
if(divergent, "🚧"),
if(hidden, "👻"),
if(immutable, "🔒"),
),
raw_escape_sequence("\x1b[1;32m") ++ if(empty, "(empty)"),
raw_escape_sequence("\x1b[1;32m") ++ coalesce(
truncate_end(29, description.first_line(), ""),
"(no description set)",
) ++ raw_escape_sequence("\x1b[0m"),
)
'
'';
};
git_branch = {
when = true;
command = "jj root >/dev/null 2>&1 || starship module git_branch";
description = "Only show git_branch if we're not in a jj repo";
};
git_status = {
when = true;
command = "jj root >/dev/null 2>&1 || starship module git_status";
description = "Only show git_status if we're not in a jj repo";
};
};
git_state.disabled = true;
git_commit.disabled = true;
git_metrics.disabled = true;
git_branch.disabled = true;
git_status.disabled = true;
nix_shell.disabled = true;
};
};
programs.zsh = {
enable = true;
dotDir = ".config/zsh";
history = {
path = "${stateHome}/zsh_history";
ignorePatterns = [
"la"
];
};
initContent = lib.mkAfter ''
source ${fzf-tab}/fzf-tab.plugin.zsh
eval "$(zoxide init zsh)" config = lib.mkIf cfg.enable {
source ${zsh-syntax-highlighting}/zsh-syntax-highlighting.plugin.zsh my.hm = {
source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh home.packages = with pkgs; [
''; fzf
oh-my-zsh = { ];
enable = true; programs.zsh = {
theme = "gentoo"; enable = true;
plugins = [ dotDir = "${config.my.hm.xdg.configHome}/zsh";
"git" history = {
"git-extras" path = "${config.my.hm.xdg.stateHome}/zsh_history";
"extract" ignorePatterns = [
"sudo" "la"
"dotenv" ];
]; };
}; autosuggestion.enable = true;
shellAliases = { syntaxHighlighting.enable = true;
x = "extract"; plugins = [
ls = "lsd"; {
svim = "sudoedit"; name = "fzf-tab";
nf = "neofetch"; src = pkgs.zsh-fzf-tab;
tmux = "tmux -T RGB,focus,overline,mouse,clipboard,usstyle"; file = "share/fzf-tab/fzf-tab.plugin.zsh";
pastart = "pasuspender true"; }
}; ];
oh-my-zsh = {
enable = true;
theme = "gentoo";
plugins = [
"git"
"git-extras"
"extract"
"sudo"
];
};
shellAliases = {
x = "extract";
ls = "lsd";
svim = "doasedit";
nf = "fastfetch";
}; };
}; };
};
}; };
} }

18
modules/cli/vcs/all.nix
View File

@@ -1,13 +1,13 @@
{ config, lib, ... }: { config, lib, ... }:
lib.my.makeSwitch { let
inherit config; cfg = config.my.cli.vcs.all;
optionName = "all command line tools"; in
optionPath = [ {
"cli" options.my.cli.vcs.all = {
"vcs" enable = lib.mkEnableOption "all command line tools";
"all" };
];
config' = { config = lib.mkIf cfg.enable {
my.cli.vcs = { my.cli.vcs = {
git.enable = true; git.enable = true;
jj.enable = true; jj.enable = true;

50
modules/cli/vcs/git.nix
View File

@@ -4,35 +4,43 @@
pkgs, pkgs,
username, username,
userfullname, userfullname,
useremail, emails,
hosts,
... ...
}: }:
lib.my.makeHomeProgramConfig { let
inherit config; cfg = config.my.cli.vcs.git;
programName = "git"; in
optionPath = [ {
"cli" options.my.cli.vcs.git = {
"vcs" enable = lib.mkEnableOption "git";
"git" };
];
extraConfig = { config = lib.mkIf cfg.enable {
my.home = { my.hm = {
programs.git = { programs.git = {
userName = "${userfullname}"; enable = true;
userEmail = "${useremail}"; settings = {
gpg.ssh.allowedSignersFile =
hosts
|> lib.mapAttrsToList (
host: key: map (email: "${email} ${key} ${host}") (builtins.attrValues emails)
)
|> lib.flatten
|> lib.concatStringsSep "\n"
|> pkgs.writeText "allowed-signers"
|> toString;
push.autoSetupRemote = true;
user = {
name = userfullname;
email = emails.default;
};
};
signing = { signing = {
format = "ssh"; format = "ssh";
signByDefault = true; signByDefault = true;
key = "/home/${username}/.ssh/id_ed25519"; key = "/home/${username}/.ssh/id_ed25519";
}; };
extraConfig = {
push.autoSetupRemote = true;
gpg.ssh.allowedSignersFile =
(pkgs.writeText "allowed_signers" ''
imxyy1soope1@gmail.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix
imxyy@imxyy.top ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix
'').outPath;
};
}; };
programs.lazygit = { programs.lazygit = {
enable = true; enable = true;

Some files were not shown because too many files have changed in this diff Show More