jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Move modules inside /nixos

Browse Source
This commit is contained in:
Jordan Holt
2025-01-19 00:04:10 +00:00
parent 404e747037
commit b00cd5c2b3
58 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
modules/nixos/databases/postgresql.nix Normal file
View File

@ -0,0 +1,40 @@
{
config,
lib,
...
}:
let
cfg = config.modules.databases.postgresql;
in {
options.modules.databases.postgresql = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.postgresql = {
enable = true;
initdbArgs = [
"--allow-group-access"
"--encoding=UTF8"
"--locale=C"
];
settings = {
log_connections = true;
log_disconnections = true;
log_destination = lib.mkForce "syslog";
};
};
services.borgmatic.settings = {
postgresql_databases = [
{
name = "all";
}
];
};
};
}

53
modules/nixos/default.nix Normal file
View File

@ -0,0 +1,53 @@
{
imports = [
./options.nix
./podman.nix
./databases/postgresql.nix
./desktop/gnome.nix
./desktop/forensics.nix
./desktop/hyprland.nix
./desktop/kde.nix
./desktop/mimeapps.nix
./desktop/apps/qbittorrent.nix
./desktop/apps/slack.nix
./desktop/apps/thunderbird.nix
./desktop/apps/zoom.nix
./desktop/browsers/brave.nix
./desktop/browsers/firefox.nix
./desktop/gaming/emulators.nix
./desktop/gaming/lutris.nix
./desktop/gaming/steam.nix
./desktop/media/graphics.nix
./desktop/media/recording.nix
./desktop/office/libreoffice.nix
./dev/cc.nix
./dev/java.nix
./dev/lua.nix
./dev/node.nix
./dev/python.nix
./dev/rust.nix
./dev/scala.nix
./dev/shell.nix
./dev/zig.nix
./editors/neovim
./editors/vscode.nix
./hardware/presonus-studio.nix
./networking/netbird.nix
./networking/tailscale.nix
./networking/wireless.nix
./security/gpg.nix
./security/pass.nix
./services/borgmatic
./services/chrony
./services/coturn
./services/gitea
./services/gitea-runner
./services/headscale
./services/mail
./services/matrix
./services/nginx
./services/photoprism
./shell/git
./shell/zsh
];
}

17
modules/nixos/desktop/apps/qbittorrent.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.apps.qbittorrent;
in {
options.modules.desktop.apps.qbittorrent = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
qbittorrent
];
};
}

17
modules/nixos/desktop/apps/slack.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.apps.slack;
in {
options.modules.desktop.apps.slack = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
slack
];
};
}

33
modules/nixos/desktop/apps/thunderbird.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, self, ... }:
let cfg = config.modules.desktop.apps.thunderbird;
in {
options.modules.desktop.apps.thunderbird = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = self.inputs.thunderbird-gnome-theme;
home.programs.thunderbird = {
enable = true;
profiles.Default = {
isDefault = true;
userChrome = ''
@import "thunderbird-gnome-theme/userChrome.css";
'';
userContent = ''
@import "thunderbird-gnome-theme/userContent.css";
'';
settings = {
## GNOME theme
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"svg.context-properties.content.enabled" = true;
};
};
};
};
}

17
modules/nixos/desktop/apps/zoom.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.apps.zoom;
in {
options.modules.desktop.apps.zoom = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
zoom-us
];
};
}

17
modules/nixos/desktop/browsers/brave.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.browsers.brave;
in {
options.modules.desktop.browsers.brave = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
brave
];
};
}

216
modules/nixos/desktop/browsers/firefox.nix Normal file
View File

@ -0,0 +1,216 @@
{ config, lib, self, ... }:
let cfg = config.modules.desktop.browsers.firefox;
in {
options.modules.desktop.browsers.firefox = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = self.inputs.firefox-gnome-theme;
home.programs.firefox = {
enable = true;
profiles.Default = {
search = {
default = "DuckDuckGo";
force = true;
};
userChrome = ''
@import "firefox-gnome-theme/userChrome.css";
'';
userContent = ''
@import "firefox-gnome-theme/userContent.css";
'';
settings = {
## GNOME theme
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.css
"browser.uidensity" = 0; # Set UI density to normal
"svg.context-properties.content.enabled" = true; # Enable SVG context-propertes
"browser.theme.dark-private-windows" = false; # Disable private window dark theme
"widget.gtk.rounded-bottom-corners.enabled" = true; # Enable rounded bottom window corners
## Preferences
"browser.ctrlTab.sortByRecentlyUsed" = true;
"browser.discovery.enabled" = false;
"browser.download.open_pdf_attachments_inline" = true;
"browser.menu.showViewImageInfo" = true;
"browser.newtabpage.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.default.sites" = "";
"browser.privatebrowsing.forceMediaMemoryCache" = true;
"browser.search.widget.inNavBar" = true;
"browser.startup.page" = 3;
"browser.startup.homepage" = "https://www.vimium.com";
"browser.toolbars.bookmarks.visibility" = "never";
"browser.uitour.enabled" = false;
"browser.urlbar.suggest.engines" = false;
"browser.urlbar.suggest.calculator" = true;
"browser.urlbar.trending.featureGate" = false;
"browser.urlbar.unitConversion.enabled" = true;
"cookiebanners.service.mode" = 1;
"cookiebanners.service.mode.privateBrowsing" = 1;
"network.IDN_show_punycode" = true;
## Performance
"browser.cache.jsbc_compression_level" = 3;
"content.notify.interval" = 100000;
"dom.enable_web_task_scheduling" = true;
"dom.security.sanitizer.enabled" = true;
"gfx.canvas.accelerated.cache-items" = 4096;
"gfx.canvas.accelerated.cache-size" = 512;
"gfx.content.skia-font-cache-size" = 20;
"gfx.webrender.all" = true;
"gfx.webrender.compositor" = true;
"gfx.webrender.enable" = true;
"image.mem.decode_bytes_at_a_time" = 32768;
"layers.acceleration.force-enabled" = true;
"layout.css.grid-template-masonry-value.enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"media.memory_cache_max_size" = 65536;
"media.cache_readahead_limit" = 7200;
"media.cache_resume_threshold" = 3600;
"network.dns.disablePrefetch" = true;
"network.dns.disablePrefetchFromHTTPS" = true;
"network.dnsCacheExpiration" = 3600;
"network.http.max-connections" = 1800;
"network.http.max-persistent-connections-per-server" = 10;
"network.http.max-urgent-start-excessive-connections-per-host" = 5;
"network.http.pacing.requests.enabled" = false;
"network.predictor.enabled" = false;
"network.prefetch-next" = false;
"network.ssl_tokens_cache_capacity" = 10240;
"pdfjs.enableScripting" = false;
"security.mixed_content.block_display_content" = true;
## Experiments
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
"app.normandy.user_id" = "";
"app.shield.optoutstudies.enabled" = false;
"browser.shopping.experience2023.active" = false;
"browser.shopping.experience2023.enabled" = false;
"extensions.screenshots.disabled" = true;
"extensions.screenshots.upload-disabled" = true;
"experiments.supported" = false;
"experiments.enabled" = false;
"experiments.manifest.uri" = "";
"network.allow-experiments" = false;
## Privacy
"dom.private-attribution.submission.enabled" = false;
# "privacy.resistFingerprinting" = true;
"privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.pbmode.enabled" = true;
"privacy.userContext.enabled" = true;
## Geo
"geo.enabled" = false;
"geo.provider.use_gpsd" = false;
"geo.wifi.uri" = "";
"browser.search.geoip.url" = "";
"browser.search.geoSpecificDefaults" = false;
"browser.search.geoSpecificDefaults.url" = "";
## Window meddling / popups
"dom.disable_window_open_feature.close" = true;
"dom.disable_window_open_feature.location" = true;
"dom.disable_window_open_feature.menubar" = true;
"dom.disable_window_open_feature.minimizable" = true;
"dom.disable_window_open_feature.personalbar" = true;
"dom.disable_window_open_feature.resizable" = true;
"dom.disable_window_open_feature.status" = true;
"dom.disable_window_open_feature.titlebar" = true;
"dom.disable_window_open_feature.toolbar" = true;
"dom.disable_window_move_resize" = true;
"browser.link.open_newwindow" = 3;
"browser.link.open_newwindow.restriction" = 0;
"dom.disable_open_during_load" = true;
"dom.popup_allowed_events" = "click dblclick";
## Workers
# "dom.serviceWorkers.enabled" = false;
"dom.push.enabled" = false;
"dom.webnotifications.enabled" = false;
"dom.webnotifications.serviceworker.enabled" = false;
"permissions.default.desktop-notification" = 2;
## DOM / JavaScript
# "dom.event.clipboardevents.enabled" = false;
"middlemouse.paste" = false;
# "dom.allow_cut_copy" = false;
"dom.disable_beforeunload" = true;
"dom.vibrator.enabled" = false;
# "javascript.options.asmjs" = false;
# "javascript.options.wasm" = false;
"dom.targetBlankNoOpener.enabled" = true;
## Hardware fingerprinting
"dom.battery.enabled" = false;
"dom.vr.enabled" = false;
"media.navigator.enabled" = false;
# "dom.webaudio.enabled" = false;
## Isolation
"privacy.firstparty.isolate" = true;
"privacy.firstparty.isolate.restrict_opener_access" = true;
## Telemetry
"beacon.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.send_pings" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.healthReport.uploadEnabled" = false;
"toolkit.coverage.opt-out" = true;
"toolkit.coverage.endpoint.base" = "";
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.coverage.opt-out" = true;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.reportingPolicy.firstRun" = false;
"toolkit.telemetry.server" = "data:,";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.updatePing.enabled" = false;
## Pocket/Hello
"loop.enabled" = false;
"loop.feedback.baseUrl" = "";
"loop.gettingStarted.url" = "";
"loop.learnMoreUrl" = "";
"loop.legal.ToS_url" = "";
"loop.legal.privacy_url" = "";
"loop.oauth.google.redirect_uri" = "";
"loop.oauth.google.scope" = "";
"loop.server" = "";
"loop.soft_start_hostname" = "";
"loop.support_url" = "";
"loop.throttled2" = false;
"loop.logDomains" = false;
"browser.pocket.enabled" = false;
"browser.pocket.api" = "";
"browser.pocket.site" = "";
"browser.pocket.oAuthConsumerKey" = "";
"browser.pocket.useLocaleList" = false;
"brwoser.pocket.enabledLocales" = "";
## Plugins
"plugin.state.flash" = 0;
"plugin.state.java" = 0;
## Misc
"browser.selfsupport.url" = "";
};
};
};
};
}

26
modules/nixos/desktop/forensics.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.forensics;
in {
options.modules.desktop.forensics = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
acquire
afflib
autopsy
fatcat
foremost
hstsparser
networkminer
sleuthkit
testdisk-qt
tracee
];
};
}

74
modules/nixos/desktop/gaming/emulators.nix Normal file
View File

@ -0,0 +1,74 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.gaming.emulators;
in {
options.modules.desktop.gaming.emulators = {
ds.enable = lib.mkOption {
default = false;
example = true;
};
gb.enable = lib.mkOption {
default = false;
example = true;
};
gba.enable = lib.mkOption {
default = false;
example = true;
};
gamecube.enable = lib.mkOption {
default = false;
example = true;
};
ps1.enable = lib.mkOption {
default = false;
example = true;
};
ps2.enable = lib.mkOption {
default = false;
example = true;
};
ps3.enable = lib.mkOption {
default = false;
example = true;
};
psp.enable = lib.mkOption {
default = false;
example = true;
};
snes.enable = lib.mkOption {
default = false;
example = true;
};
switch.enable = lib.mkOption {
default = false;
example = true;
};
wii.enable = lib.mkOption {
default = false;
example = true;
};
xbox.enable = lib.mkOption {
default = false;
example = true;
};
};
config = {
user.packages = with pkgs; [
(lib.mkIf cfg.ps1.enable duckstation)
(lib.mkIf cfg.ps2.enable unstable.pcsx2)
(lib.mkIf cfg.ps3.enable rpcs3)
(lib.mkIf cfg.psp.enable unstable.ppsspp)
(lib.mkIf cfg.ds.enable desmume)
(lib.mkIf (cfg.gba.enable ||
cfg.gb.enable ||
cfg.snes.enable)
higan)
(lib.mkIf cfg.switch.enable yuzuPackages.mainline)
(lib.mkIf (cfg.wii.enable ||
cfg.gamecube.enable)
dolphin-emu)
(lib.mkIf cfg.xbox.enable unstable.xemu)
];
};
}

29
modules/nixos/desktop/gaming/lutris.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.gaming.lutris;
in {
options.modules.desktop.gaming.lutris = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
(lutris.override {
extraPkgs = pkgs: [
winePackages.staging
wine64Packages.staging
];
})
vulkan-loader
vulkan-tools
];
hardware.graphics = {
enable = true;
enable32Bit = true;
};
};
}

17
modules/nixos/desktop/gaming/steam.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.gaming.steam;
in {
options.modules.desktop.gaming.steam = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
};
}

290
modules/nixos/desktop/gnome.nix Normal file
View File

@ -0,0 +1,290 @@
{ config, lib, pkgs, self, ... }:
let cfg = config.modules.desktop.gnome;
in {
options.modules.desktop.gnome = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
services.flatpak.enable = true;
services.fwupd.enable = true;
programs.dconf.enable = true;
dconf.settings = {
"io/github/celluloid-player/celluloid" = {
draggable-video-area-enable = true;
};
"org/gnome/Console" = {
font-scale = 1.4;
use-system-font = false;
custom-font = "ComicShannsMono Nerd Font 10";
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
cursor-theme = "Adwaita";
enable-hot-corners = false;
font-name = "Cantarell 11";
gtk-theme = "adw-gtk3-dark";
icon-theme = "MoreWaita";
monospace-font-name = "UbuntuMono Nerd Font 11";
toolbar-style = "both-horiz";
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
};
"org/gnome/desktop/sound" = {
theme-name = "freedesktop";
};
"org/gnome/desktop/search-providers" = {
disabled = [ "org.gnome.Epiphany.desktop" ];
};
"org/gnome/desktop/wm/keybindings" = {
switch-group = [ "<Super>grave" ];
switch-group-backward = [ "<Shift><Super>grave" ];
};
"org/gnome/desktop/wm/preferences" = {
button-layout = "appmenu:close";
};
"org/gnome/gnome-session" = {
auto-save-session = true;
};
"org/gnome/gnome-system-monitor" = {
show-dependencies = true;
};
"org/gnome/mutter" = {
center-new-windows = true;
edge-tiling = true;
experimental-features = [ "scale-monitor-framebuffer" ];
};
"org/gnome/Ptyxis" = {
use-system-font = false;
font-name = "ComicShannsMono Nerd Font 11";
audible-bell = false;
};
"org/gnome/settings-daemon/plugins/media-keys" = {
volume-up = [
"<Shift>F12"
"XF86AudioRaiseVolume"
];
volume-down = [
"<Shift>F11"
"XF86AudioLowerVolume"
];
};
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = [
"appindicatorsupport@rgcjonas.gmail.com"
# "arcmenu@arcmenu.com"
"blur-my-shell@aunetx"
"burn-my-windows@schneegans.github.com"
"clipboard-indicator@tudmotu.com"
"CoverflowAltTab@palatis.blogspot.com"
# "dash-to-panel@jderose9.github.com"
# "desktop-cube@schneegans.github.com"
# "EasyScreenCast@iacopodeenosee.gmail.com"
"espresso@coadmunkee.github.com"
"flypie@schneegans.github.com"
# "forge@jmmaranan.com"
"gsconnect@andyholmes.github.io"
# "gSnap@micahosborne"
"hidetopbar@mathieu.bidon.ca"
"just-perfection-desktop@just-perfection"
# "mediacontrols@cliffniff.github.com"
# "mousefollowsfocus@matthes.biz"
# "pano@elhan.io"
# "paperwm@hedning:matrix.org"
"pip-on-top@rafostar.github.com"
# "search-light@icedman.github.com"
# "smart-auto-move@khimaros.com"
"space-bar@luchrioh"
# "tiling-assistant@leleat-on-github"
"tilingshell@ferrarodomenico.com"
"Vitals@CoreCoding.com"
"windowIsReady_Remover@nunofarruca@gmail.com"
# "worksets@blipk.xyz"
# "wsmatrix@martin.zurowietz.de"
];
favorite-apps = [
"firefox.desktop"
"org.gnome.Nautilus.desktop"
"org.gnome.Ptyxis.desktop"
];
};
"org/gnome/shell/extensions/blur-my-shell/panel" = {
static-blur = true;
};
"org/gnome/shell/extensions/blur-my-shell/applications" = {
blur = false;
};
"org/gnome/shell/extensions/burn-my-windows" = {
fire-close-effect = false;
glide-open-effect = true;
glide-close-effect = true;
};
"org/gnome/shell/extensions/dash-to-panel" = {
intellihide = true;
panel-positions = ''
{"0":"TOP"}
'';
trans-panel-opacity = 0.3;
trans-use-custom-opacity = true;
trans-use-dynamic-opacity = true;
};
"org/gnome/shell/extensions/espresso" = {
enable-fullscreen = true;
show-indicator = true;
show-notifications = false;
inhibit-apps = [
"com.obsproject.Studio.desktop"
];
};
"org/gnome/shell/extensions/flypie" = {
preview-on-right-side = true;
};
"org/gnome/shell/extensions/forge" = {
window-gap-size = 8;
window-gap-hidden-on-single = false;
};
"org/gnome/shell/extensions/hidetopbar" = {
mouse-sensitive = true;
mouse-sensitive-fullscreen-window = true;
enable-active-window = false;
};
"org/gnome/shell/extensions/just-perfection" = {
activities-button = false;
window-demands-attention-focus = true;
workspace-wrap-around = true;
};
"org/gnome/shell/extensions/paperwm" = {
use-default-background = true;
};
"org/gnome/shell/extensions/pip-on-top" = {
stick = true;
};
"org/gnome/shell/extensions/search-light" = {
popup-at-cursor-monitor = true;
};
"org/gnome/shell/extensions/space-bar/behavior" = {
enable-activate-workspace-shortcuts = true;
show-empty-workspaces = true;
smart-workspace-names = false;
};
"org/gnome/shell/extensions/tiling-assistant" = {
screen-top-gap = 8;
screen-right-gap = 8;
screen-bottom-gap = 8;
screen-left-gap = 8;
window-gap = 8;
};
"org/gnome/shell/extensions/tilingshell" = {
inner-gaps = 16;
outer-gaps = 8;
enable-blur-snap-assistant = true;
};
"org/gtk/settings/file-chooser" = {
show-hidden = true;
sort-directories-first = true;
};
"org/gtk/gtk4/settings/file-chooser" = {
show-hidden = true;
sort-directories-first = true;
};
};
environment.sessionVariables = {
QT_STYLE_OVERRIDE = lib.mkForce "kvantum";
QT_WAYLAND_DECORATION = lib.mkForce "adwaita";
};
home.configFile = {
"Kvantum/kvantum.kvconfig".text = lib.generators.toINI {} {
General.theme = "KvLibadwaitaDark";
};
"Kvantum/KvLibadwaita".source = "${self.inputs.kvlibadwaita}/src/KvLibadwaita";
};
user.packages = with pkgs; [
authenticator
# bottles
# bustle
celluloid
# d-spy
# drawing
# fragments
dconf-editor
ghex
# gnome-builder
gnome-decoder
gnome-firmware
gnome-frog
# gnome-obfuscate
gnome-podcasts
identity
# mission-center
mousam
newsflash
ptyxis
# schemes
shortwave
sysprof
] ++ (if config.virtualisation.podman.enable then [
pods
] else []);
environment.systemPackages = with pkgs.unstable; [
adw-gtk3
kdePackages.qtstyleplugin-kvantum
libsForQt5.qtstyleplugin-kvantum
morewaita-icon-theme
nautilus-python
qadwaitadecorations
qadwaitadecorations-qt6
## Shell extensions
gnomeExtensions.appindicator
gnomeExtensions.arcmenu
gnomeExtensions.blur-my-shell
gnomeExtensions.burn-my-windows
gnomeExtensions.clipboard-indicator
gnomeExtensions.coverflow-alt-tab
gnomeExtensions.dash-to-panel
gnomeExtensions.desktop-cube
gnomeExtensions.easyScreenCast
gnomeExtensions.espresso
gnomeExtensions.fly-pie
gnomeExtensions.forge
gnomeExtensions.gsconnect
gnomeExtensions.gsnap
gnomeExtensions.hide-top-bar
gnomeExtensions.just-perfection
gnomeExtensions.media-controls
gnomeExtensions.mouse-follows-focus
# gnomeExtensions.pano (disabled due to: https://github.com/NixOS/nixpkgs/issues/369438)
gnomeExtensions.paperwm
gnomeExtensions.pip-on-top
gnomeExtensions.search-light
gnomeExtensions.smart-auto-move
gnomeExtensions.space-bar
gnomeExtensions.tiling-assistant
gnomeExtensions.tiling-shell
gnomeExtensions.todotxt
gnomeExtensions.vitals
gnomeExtensions.window-is-ready-remover
gnomeExtensions.worksets
gnomeExtensions.workspace-matrix
];
home.services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
};
}

27
modules/nixos/desktop/hyprland.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.hyprland;
in {
options.modules.desktop.hyprland = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
programs.hyprland.enable = true;
networking.networkmanager.enable = true;
user.packages = with pkgs; [
mpv
];
environment.systemPackages = with pkgs; [
adw-gtk3
];
home.services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
};
}

37
modules/nixos/desktop/kde.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.kde;
in {
options.modules.desktop.kde = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services = {
xserver = {
enable = true;
};
desktopManager.plasma6.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
};
networking.networkmanager.enable = true;
user.packages = with pkgs; [
kmail
mpv
];
environment.systemPackages = with pkgs; [
adw-gtk3
];
home.services.gpg-agent.pinentryPackage = pkgs.pinentry-qt;
};
}

28
modules/nixos/desktop/media/graphics.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.media.graphics;
in {
options.modules.desktop.media.graphics = {
modeling.enable = lib.mkOption {
default = false;
example = true;
};
raster.enable = lib.mkOption {
default = false;
example = true;
};
vector.enable = lib.mkOption {
default = false;
example = true;
};
};
config = {
user.packages = with pkgs; [
(lib.mkIf cfg.modeling.enable blender)
(lib.mkIf cfg.raster.enable gimp)
(lib.mkIf cfg.raster.enable krita)
(lib.mkIf cfg.vector.enable inkscape)
];
};
}

28
modules/nixos/desktop/media/recording.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.media.recording;
in {
options.modules.desktop.media.recording = {
audio.enable = lib.mkOption {
default = false;
example = true;
};
video.enable = lib.mkOption {
default = false;
example = true;
};
};
config = {
user.packages = with pkgs;
(if cfg.audio.enable then [
ardour
audacity
] else []) ++
(if cfg.video.enable then [
handbrake
mkvtoolnix
obs-studio
] else []);
};
}

146
modules/nixos/desktop/mimeapps.nix Normal file
View File

@ -0,0 +1,146 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.desktop.mimeapps;
avApp = "io.github.celluloid_player.Celluloid.desktop";
imageApp = "org.gnome.eog.desktop";
in {
options.modules.desktop.mimeapps = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
xdg.mime.defaultApplications = {
# Audio/video
"audio/x-vorbis+ogg" = avApp;
"audio/3gpp" = avApp;
"audio/3gpp2" = avApp;
"audio/aac" = avApp;
"audio/ac3" = avApp;
"audio/amr" = avApp;
"audio/amr-wb" = avApp;
"audio/basic" = avApp;
"audio/dv" = avApp;
"audio/eac3" = avApp;
"audio/flac" = avApp;
"audio/m4a" = avApp;
"audio/midi" = avApp;
"audio/mp1" = avApp;
"audio/mp2" = avApp;
"audio/mp3" = avApp;
"audio/mp4" = avApp;
"audio/mpeg" = avApp;
"audio/mpegurl" = avApp;
"audio/mpg" = avApp;
"audio/ogg" = avApp;
"audio/opus" = avApp;
"audio/scpls" = avApp;
"audio/vnd.dolby.heaac.1" = avApp;
"audio/vnd.dolby.heaac.2" = avApp;
"audio/vnd.dolby.mlp" = avApp;
"audio/vnd.dts" = avApp;
"audio/vnd.dts.hd" = avApp;
"audio/vnd.rn-realaudio" = avApp;
"audio/wav" = avApp;
"audio/webm" = avApp;
"audio/x-aac" = avApp;
"audio/x-aiff" = avApp;
"audio/x-ape" = avApp;
"audio/x-flac" = avApp;
"audio/x-gsm" = avApp;
"audio/x-it" = avApp;
"audio/x-m4a" = avApp;
"audio/x-matroska" = avApp;
"audio/x-mod" = avApp;
"audio/x-mp1" = avApp;
"audio/x-mp2" = avApp;
"audio/x-mp3" = avApp;
"audio/x-mpeg" = avApp;
"audio/x-mpegurl" = avApp;
"audio/x-mpg" = avApp;
"audio/x-ms-asf" = avApp;
"audio/x-ms-wma" = avApp;
"audio/x-musepack" = avApp;
"audio/x-pn-aiff" = avApp;
"audio/x-pn-au" = avApp;
"audio/x-pn-realaudio" = avApp;
"audio/x-pn-wav" = avApp;
"audio/x-real-audio" = avApp;
"audio/x-realaudio" = avApp;
"audio/x-s3m" = avApp;
"audio/x-scpls" = avApp;
"audio/x-shorten" = avApp;
"audio/x-speex" = avApp;
"audio/x-tta" = avApp;
"audio/x-vorbis" = avApp;
"audio/x-wav" = avApp;
"audio/x-wavpack" = avApp;
"audio/x-xm" = avApp;
"video/x-ogm+ogg" = avApp;
"video/3gp" = avApp;
"video/3gpp" = avApp;
"video/3gpp2" = avApp;
"video/divx" = avApp;
"video/dv" = avApp;
"video/fli" = avApp;
"video/flv" = avApp;
"video/mp2t" = avApp;
"video/mp4" = avApp;
"video/mp4v-es" = avApp;
"video/mpeg" = avApp;
"video/mpeg-system" = avApp;
"video/msvideo" = avApp;
"video/ogg" = avApp;
"video/quicktime" = avApp;
"video/vnd.mpegurl" = avApp;
"video/vnd.rn-realvideo" = avApp;
"video/webm" = avApp;
"video/x-avi" = avApp;
"video/x-flc" = avApp;
"video/x-fli" = avApp;
"video/x-flv" = avApp;
"video/x-m4v" = avApp;
"video/x-matroska" = avApp;
"video/x-mpeg" = avApp;
"video/x-mpeg-system" = avApp;
"video/x-mpeg2" = avApp;
"video/x-ms-asf" = avApp;
"video/x-ms-wm" = avApp;
"video/x-ms-wmv" = avApp;
"video/x-ms-wmx" = avApp;
"video/x-msvideo" = avApp;
"video/x-nsv" = avApp;
"video/x-theora" = avApp;
"video/x-theora+ogg" = avApp;
# Images
"image/jpeg" = imageApp;
"image/bmp" = imageApp;
"image/gif" = imageApp;
"image/jpg" = imageApp;
"image/pjpeg" = imageApp;
"image/png" = imageApp;
"image/tiff" = imageApp;
"image/webp" = imageApp;
"image/x-bmp" = imageApp;
"image/x-gray" = imageApp;
"image/x-icb" = imageApp;
"image/x-ico" = imageApp;
"image/x-png" = imageApp;
"image/x-portable-anymap" = imageApp;
"image/x-portable-bitmap" = imageApp;
"image/x-portable-graymap" = imageApp;
"image/x-portable-pixmap" = imageApp;
"image/x-xbitmap" = imageApp;
"image/x-xpixmap" = imageApp;
"image/x-pcx" = imageApp;
"image/svg+xml" = imageApp;
"image/svg+xml-compressed" = imageApp;
"image/vnd.wap.wbmp" = imageApp;
"image/x-icns" = imageApp;
};
};
}

38
modules/nixos/desktop/office/libreoffice.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.desktop.office.libreoffice;
# libreoffice-gtk4 = pkgs.libreoffice.override {
# extraMakeWrapperArgs = [
# "--set SAL_USE_VCLPLUGIN gtk4"
# ];
# unwrapped = pkgs.libreoffice-unwrapped.overrideAttrs (oldAttrs: {
# buildInputs = oldAttrs.buildInputs ++ [
# pkgs.gtk4
# ];
# configureFlags = oldAttrs.configureFlags ++ [
# "--disable-werror"
# "--enable-gtk4"
# ];
# passthru = oldAttrs.passthru // {
# inherit (pkgs) gtk4;
# };
# });
# };
in {
options.modules.desktop.office.libreoffice = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
(if config.modules.desktop.kde.enable == true then libreoffice-qt else libreoffice)
hunspell
hunspellDicts.en-gb-large
hunspellDicts.en-us-large
];
};
}

21
modules/nixos/dev/cc.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.cc;
in {
options.modules.dev.cc = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
clang
gcc
gdb
cmake
llvmPackages.libcxx
];
};
}

17
modules/nixos/dev/java.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.java;
in {
options.modules.dev.java = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
jdk
];
};
}

17
modules/nixos/dev/lua.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.lua;
in {
options.modules.dev.lua = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
lua
];
};
}

17
modules/nixos/dev/node.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.node;
in {
options.modules.dev.node = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
nodejs_22
];
};
}

17
modules/nixos/dev/python.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.python;
in {
options.modules.dev.python = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
python310
];
};
}

20
modules/nixos/dev/rust.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.rust;
in {
options.modules.dev.rust = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
rustc
rustup
rustfmt
rust-bindgen
];
};
}

19
modules/nixos/dev/scala.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.scala;
in {
options.modules.dev.scala = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
jdk
sbt
scala
];
};
}

17
modules/nixos/dev/shell.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.shell;
in {
options.modules.dev.shell = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
shellcheck
];
};
}

17
modules/nixos/dev/zig.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.zig;
in {
options.modules.dev.zig = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
zig
];
};
}

141
modules/nixos/editors/neovim/default.nix Normal file
View File

@ -0,0 +1,141 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.editors.neovim;
in {
options.modules.editors.neovim = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.programs.nixvim.config = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
options = {
number = true;
tabstop = 2;
shiftwidth = 2;
expandtab = true;
foldlevel = 99;
splitbelow = true;
splitright = true;
undofile = true;
updatetime = 100;
list = true;
};
globals = {
mapleader = ",";
maplocalleader = ",";
};
clipboard = {
register = "unnamedplus";
providers.wl-copy.enable = true;
};
plugins.comment.enable = true;
plugins.hmts.enable = true;
plugins.lightline.enable = true;
plugins.luasnip.enable = true;
plugins.lsp = {
enable = true;
servers = {
bashls.enable = true;
ccls.enable = true;
cssls.enable = true;
eslint.enable = true;
gopls.enable = true;
html.enable = true;
lua_ls.enable = true;
pylsp.enable = true;
nixd.enable = true;
rust_analyzer = {
enable = true;
installCargo = true;
installRustc = true;
};
ts_ls.enable = true;
};
};
plugins.nvim-autopairs.enable = true;
plugins.cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
];
mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<CR>" = "cmp.mapping.confirm({ select = true })";
};
};
};
plugins.telescope = {
enable = true;
keymaps = {
"<leader>ff" = "find_files";
"<leader>fg" = "live_grep";
"<leader>b" = "buffers";
"<leader>fh" = "help_tags";
"<C-p>" = "git_files";
"<C-f>" = "live_grep";
};
};
plugins.treesitter = {
enable = true;
nixvimInjections = true;
folding = true;
settings.indent.enable = true;
};
plugins.treesitter-refactor = {
enable = true;
highlightDefinitions = {
enable = true;
clearOnCursorMove = false;
};
};
plugins.undotree.enable = true;
plugins.web-devicons.enable = true;
# plugins.gitsigns.enable = true;
# plugins.gitgutter.enable = true;
# plugins.goyo.enable = true;
# plugins.fugitive.enable = true;
# plugins.fzf-lua.enable = true;
# plugins.neo-tree.enable = true;
# plugins.none-ls.enable = true;
# plugins.nvim-tree.enable = true;
# plugins.oil.enable = true;
# plugins.project-nvim.enable = true;
# plugins.surround.enable = true;
};
env.EDITOR = "nvim";
};
}

49
modules/nixos/editors/vscode.nix Normal file
View File

@ -0,0 +1,49 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.editors.vscode;
in {
options.modules.editors.vscode = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
environment.sessionVariables.NIXOS_OZONE_WL = "1";
home.programs.vscode = {
enable = true;
extensions = with pkgs.vscode-extensions; [
asvetliakov.vscode-neovim
brettm12345.nixfmt-vscode
coolbear.systemd-unit-file
editorconfig.editorconfig
golang.go
graphql.vscode-graphql-syntax
mattn.lisp
# mkhl.direnv
ms-python.vscode-pylance
ms-vscode.cpptools
ms-vscode.hexeditor
piousdeer.adwaita-theme
# redhat.java
# sumneko.lua
];
userSettings = {
"editor.renderLineHighlight" = "none";
"extensions.experimental.affinity" = {
"asvetliakov.vscode-neovim" = 1;
};
"files.autoSave" = "off";
"window.autoDetectColorScheme" = true;
"window.commandCenter" = true;
"window.titleBarStyle" = "custom";
"workbench.iconTheme" = null;
"workbench.preferredDarkColorTheme" = "Adwaita Dark";
"workbench.preferredLightColorTheme" = "Adwaita Light";
"workbench.tree.indent" = 12;
};
};
};
}

71
modules/nixos/hardware/0001-Update-device-ID-for-PreSonus-1824c.patch Normal file
View File

@ -0,0 +1,71 @@
From daebf42bd955f6f8d971af967c675e4e339cb0b2 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sun, 12 Nov 2023 12:13:39 +0000
Subject: [PATCH] Update device ID for PreSonus 1824c
---
sound/usb/format.c | 4 ++--
sound/usb/mixer_quirks.c | 2 +-
sound/usb/mixer_s1810c.c | 2 +-
sound/usb/quirks.c | 4 ++--
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/sound/usb/format.c b/sound/usb/format.c
index ab5fed9f55b6..da50a4782414 100644
--- a/sound/usb/format.c
+++ b/sound/usb/format.c
@@ -378,8 +378,8 @@ static int parse_uac2_sample_rate_range(struct snd_usb_audio *chip,
for (rate = min; rate <= max; rate += res) {
- /* Filter out invalid rates on Presonus Studio 1810c */
- if (chip->usb_id == USB_ID(0x194f, 0x010c) &&
+ /* Filter out invalid rates on Presonus Studio 1824c */
+ if (chip->usb_id == USB_ID(0x194f, 0x010d) &&
!s1810c_valid_sample_rate(fp, rate))
goto skip_rate;
diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
index 898bc3baca7b..c3135459c38c 100644
--- a/sound/usb/mixer_quirks.c
+++ b/sound/usb/mixer_quirks.c
@@ -3445,7 +3445,7 @@ int snd_usb_mixer_apply_create_quirk(struct usb_mixer_interface *mixer)
err = snd_rme_controls_create(mixer);
break;
- case USB_ID(0x194f, 0x010c): /* Presonus Studio 1810c */
+ case USB_ID(0x194f, 0x010d): /* Presonus Studio 1824c */
err = snd_sc1810_init_mixer(mixer);
break;
case USB_ID(0x2a39, 0x3fb0): /* RME Babyface Pro FS */
diff --git a/sound/usb/mixer_s1810c.c b/sound/usb/mixer_s1810c.c
index fac4bbc6b275..5bc2e66d452c 100644
--- a/sound/usb/mixer_s1810c.c
+++ b/sound/usb/mixer_s1810c.c
@@ -552,7 +552,7 @@ int snd_sc1810_init_mixer(struct usb_mixer_interface *mixer)
return 0;
dev_info(&dev->dev,
- "Presonus Studio 1810c, device_setup: %u\n", chip->setup);
+ "Presonus Studio 1824c, device_setup: %u\n", chip->setup);
if (chip->setup == 1)
dev_info(&dev->dev, "(8out/18in @ 48kHz)\n");
else if (chip->setup == 2)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index ab2b938502eb..b86832edaaa0 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1551,8 +1551,8 @@ int snd_usb_apply_interface_quirk(struct snd_usb_audio *chip,
/* fasttrackpro usb: skip altsets incompatible with device_setup */
if (chip->usb_id == USB_ID(0x0763, 0x2012))
return fasttrackpro_skip_setting_quirk(chip, iface, altno);
- /* presonus studio 1810c: skip altsets incompatible with device_setup */
- if (chip->usb_id == USB_ID(0x194f, 0x010c))
+ /* presonus studio 1824c: skip altsets incompatible with device_setup */
+ if (chip->usb_id == USB_ID(0x194f, 0x010d))
return s1810c_skip_setting_quirk(chip, iface, altno);
--
2.42.0

88
modules/nixos/hardware/presonus-studio.nix Normal file
View File

@ -0,0 +1,88 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.hardware.presonus-studio;
snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix {
kernel = config.boot.kernelPackages.kernel;
};
patched = snd-usb-audio-module.overrideAttrs (prev: {
patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
});
upmixConfig = {
"stream.properties" = {
"channelmix.upmix" = true;
"channelmix.upmix-method" = "psd";
};
};
in {
options.modules.hardware.presonus-studio = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
boot.kernelModules = [ "snd-usb-audio" ];
boot.extraModulePackages = [
(patched)
];
# Workaround for mainline module loading instead of patched module
systemd.services.reload-snd-usb-audio = {
description = "Reload snd_usb_audio kernel module";
wantedBy = [ "sound.target" ];
serviceConfig.Type = "oneshot";
path = with pkgs; [
kmod
];
script = ''
# Only reload if device hasn't been initialised
if ! cat /proc/asound/card*/usbmixer | grep -q "Mute Main Out Switch"; then
rmmod snd_usb_audio
insmod /run/booted-system/kernel-modules/lib/modules/$(uname -r)/extra/snd-usb-audio.ko.xz
fi
'';
};
services.pipewire.extraConfig = {
pipewire = {
"10-network" = {
"context.modules" = [
{
"name" = "libpipewire-module-rtp-session";
"args" = {
"stream.props" = {
"node.name" = "rtp-source";
};
};
}
];
};
"surround" = {
"context.modules" = [
{
"name" = "libpipewire-module-loopback";
"args" = {
"node.description" = "Genelec 4.1 Surround";
"capture.props" = {
"node.name" = "Genelec_Speakers";
"media.class" = "Audio/Sink";
"audio.position" = [ "FL" "FR" "SL" "SR" "LFE" ];
};
"playback.props" = {
"node.name" = "playback.Genelec_Speakers";
"audio.position" = [ "AUX0" "AUX1" "AUX3" "AUX4" "AUX5" ];
"target.object" = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output";
"stream.dont-remix" = true;
"node.passive" = true;
};
};
}
];
};
};
pipewire-pulse."40-upmix" = upmixConfig;
client-rt."40-upmix" = upmixConfig;
};
};
}

36
modules/nixos/hardware/snd-usb-audio.nix Normal file
View File

@ -0,0 +1,36 @@
{ pkgs, lib, kernel ? pkgs.linuxPackages_latest.kernel }:
pkgs.stdenv.mkDerivation {
pname = "snd-usb-audio";
inherit (kernel) src version postPatch nativeBuildInputs;
kernel_dev = kernel.dev;
kernelVersion = kernel.modDirVersion;
modulePath = "sound/usb";
buildPhase = ''
BUILT_KERNEL=$kernel_dev/lib/modules/$kernelVersion/build
cp $BUILT_KERNEL/Module.symvers .
cp $BUILT_KERNEL/.config .
cp $kernel_dev/vmlinux .
make "-j$NIX_BUILD_CORES" modules_prepare
make "-j$NIX_BUILD_CORES" M=$modulePath modules
'';
installPhase = ''
make \
INSTALL_MOD_PATH="$out" \
XZ="xz -T$NIX_BUILD_CORES" \
M="$modulePath" \
modules_install
'';
meta = {
description = "USB Sound kernel module";
license = lib.licenses.gpl2;
};
}

70
modules/nixos/networking/netbird.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, self, ... }:
let
cfg = config.modules.networking.netbird;
hostname = config.networking.hostName;
in {
options.modules.networking.netbird = {
enable = lib.mkEnableOption "netbird";
coordinatorDomain = lib.mkOption {
type = lib.types.str;
default = "netbird.vimium.net";
};
meshDomain = lib.mkOption {
type = lib.types.str;
default = "mesh.vimium.net";
};
};
config = lib.mkIf cfg.enable {
age.secrets."passwords/services/netbird/data-store-encryption-key" = {
file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
};
services.netbird = {
enable = true;
};
services.netbird.server = {
domain = cfg.coordinatorDomain;
enable = true;
enableNginx = true;
dashboard.settings = {
AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
};
management = rec {
disableAnonymousMetrics = true;
dnsDomain = cfg.meshDomain;
oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
settings = {
DataStoreEncryptionKey = {
_secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
};
HttpConfig = {
AuthAudience = "netbird";
};
StoreConfig = { Engine = "sqlite"; };
TURNConfig = {
Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
TimeBasedCredentials = true;
};
PKCEAuthorizationFlow.ProviderConfig = {
AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
TokenEndpoint = "https://auth.vimium.com/oauth2/token";
};
};
singleAccountModeDomain = dnsDomain;
turnDomain = config.services.coturn.realm;
turnPort = config.services.coturn.listening-port;
};
};
systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
systemd.services.netbird-management.serviceConfig.RestartSec = "60";
services.nginx.virtualHosts."netbird.vimium.net" = {
enableACME = true;
forceSSL = true;
};
};
}

44
modules/nixos/networking/tailscale.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, pkgs, self, ... }:
let
cfg = config.modules.networking.tailscale;
headscale = "https://headscale.vimium.net";
hostname = config.networking.hostName;
in {
options.modules.networking.tailscale = {
enable = lib.mkOption {
default = false;
example = true;
};
restrictSSH = lib.mkOption {
default = true;
example = true;
};
};
config = lib.mkIf cfg.enable {
age.secrets."passwords/services/tailscale/${hostname}-authkey" = {
file = "${self.inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
};
environment.systemPackages = [ pkgs.tailscale ];
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."passwords/services/tailscale/${hostname}-authkey".path;
extraUpFlags = [
"--login-server"
headscale
];
};
services.openssh.openFirewall = !cfg.restrictSSH;
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
};
}

60
modules/nixos/networking/wireless.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, lib, pkgs, self, ... }:
with lib;
let cfg = config.modules.networking.wireless;
in {
options.modules.networking.wireless = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Automatically connect to known networks";
};
interfaces = mkOption {
default = [ ]; # All interfaces
example = [ "wlan0" ];
description = mdDoc "Interfaces for `wpa_supplicant` to bind to";
};
};
config = mkIf cfg.enable {
age.secrets."passwords/networks" = {
file = "${self.inputs.secrets}/passwords/networks.age";
};
networking = {
wireless = {
enable = true;
interfaces = cfg.interfaces;
secretsFile = config.age.secrets."passwords/networks".path;
networks = {
"Apollo 600 Mbps".pskRaw = "ext:PSK_APOLLO";
};
};
networkmanager.ensureProfiles.profiles = {
"Apollo" = {
connection = {
id = "Apollo 600 Mbps";
type = "wifi";
};
wifi = {
mode = "infrastructure";
ssid = "Apollo 600 Mbps";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
};
};
};
};
}

82
modules/nixos/options.nix Normal file
View File

@ -0,0 +1,82 @@
{ config, options, lib, self, ... }:
with lib;
{
options = with types; {
user = mkOption { type = attrs; default = { }; };
home = {
configFile = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_CONFIG_HOME"; };
dataFile = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_DATA_HOME"; };
file = mkOption { type = attrs; default = { }; description = "Files to place directly in $HOME"; };
packages = mkOption { type = attrs; default = { }; description = "User-level installed packages"; };
programs = mkOption { type = attrs; default = { }; description = "Programs managed directly from home-manager"; };
services = mkOption { type = attrs; default = { }; description = "Services managed directly from home-manager"; };
};
dconf.settings = mkOption { type = attrs; default = { }; description = "dconf settings to enable"; };
env = mkOption {
type = attrsOf (oneOf [ str path (listOf (either str path)) ]);
apply = mapAttrs (n: v:
if isList v then
concatMapStringsSep ":" (x: toString x) v
else
(toString v));
default = { };
description = "";
};
};
config = {
age.secrets."passwords/users/jordan".file = "${self.inputs.secrets}/passwords/users/jordan.age";
user =
let user = builtins.getEnv "USER";
name = if elem user [ "" "root" ] then "jordan" else user;
in {
inherit name;
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "lxd" ];
description = "Jordan Holt";
useDefaultShell = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
hashedPasswordFile = config.age.secrets."passwords/users/jordan".path;
home = "/home/${name}";
group = "users";
uid = 1000;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.${config.user.name} = {
home = {
file = mkAliasDefinitions options.home.file;
stateVersion = config.system.stateVersion;
};
programs = mkAliasDefinitions options.home.programs;
services = mkAliasDefinitions options.home.services;
xdg = {
enable = true;
configFile = mkAliasDefinitions options.home.configFile;
dataFile = mkAliasDefinitions options.home.dataFile;
};
dconf.settings = mkAliasDefinitions options.dconf.settings;
};
sharedModules = [
self.inputs.nixvim.homeManagerModules.nixvim
self.inputs.plasma-manager.homeManagerModules.plasma-manager
];
};
users.users.${config.user.name} = mkAliasDefinitions options.user;
environment.extraInit =
concatStringsSep "\n"
(mapAttrsToList (n: v: "export ${n}=\"${v}\"") config.env);
};
}

45
modules/nixos/podman.nix Normal file
View File

@ -0,0 +1,45 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.podman;
in {
options.modules.podman = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Enable podman on this host";
};
};
config = mkIf cfg.enable {
virtualisation = {
docker.enable = false;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [ "--all" ];
};
extraPackages = [ pkgs.zfs ];
};
containers.storage.settings.storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
oci-containers.backend = "podman";
};
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
}

22
modules/nixos/security/gpg.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.security.gpg;
in {
options.modules.security.gpg = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.programs.gpg = {
enable = true;
};
home.services.gpg-agent = {
enable = true;
enableSshSupport = true;
};
};
}

18
modules/nixos/security/pass.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.security.pass;
in {
options.modules.security.pass = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
};
}

61
modules/nixos/services/borgmatic/default.nix Normal file
View File

@ -0,0 +1,61 @@
{ config, lib, self, ... }:
let
cfg = config.modules.services.borgmatic;
hostname = config.networking.hostName;
in {
options.modules.services.borgmatic = {
enable = lib.mkOption {
default = false;
example = true;
description = lib.mdDoc "Enable backups on this host with `borgmatic`";
};
directories = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = [
"/home/jordan/Documents"
];
description = lib.mdDoc "List of directories to backup";
};
repoPath = lib.mkOption {
type = lib.types.str;
example = "ssh://example@example.repo.borgbase.com/./repo";
description = lib.mdDoc "Destination borg repository for backup";
};
};
config = lib.mkIf cfg.enable {
age.secrets."passwords/services/borg/${hostname}-passphrase" = {
file = "${self.inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
};
services.borgmatic = {
enable = true;
settings = {
source_directories = cfg.directories;
repositories = [
{ label = "borgbase"; path = cfg.repoPath; }
];
encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/${hostname}-passphrase".path}";
ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 6;
};
};
services.postgresql.ensureUsers = [
{
name = "root";
ensureClauses.superuser = true;
}
];
# Add `pg_dumpall` to unit environment
systemd.services.borgmatic.path = [ config.services.postgresql.package ];
# Without this override, `cat` is unavailable for `encryption_passcommand`
systemd.services.borgmatic.confinement.fullUnit = true;
};
}

41
modules/nixos/services/chrony/default.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.modules.services.chrony;
in {
options.modules.services.chrony = {
enable = mkOption {
default = false;
example = true;
description = "Enable chrony NTP deamon";
};
config = mkIf cfg.enable {
services.chrony = {
enable = true;
servers = [
"uk.pool.ntp.org"
"time.cloudflare.com"
];
extraConfig = ''
makestep 1.0 3
bindaddress 0.0.0.0
port 123
allow
'';
};
services.timesyncd.enable = mkForce false;
networking.firewall = {
allowedUDPPorts = [ 123 ];
allowedTCPPorts = [ 123 ];
};
};
};
}

118
modules/nixos/services/coturn/default.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, lib, self, ... }:
let
cfg = config.modules.services.coturn;
in {
options.modules.services.coturn = {
enable = lib.mkOption {
default = false;
example = true;
};
realm = lib.mkOption {
type = lib.types.str;
description = "The realm to be used by the TURN server.";
example = "turn.vimium.com";
};
matrixIntegration = lib.mkOption {
default = false;
description = "Configure the matrix-synapse module to use this TURN server.";
example = true;
};
};
config = lib.mkIf cfg.enable {
networking.firewall = let
range = with config.services.coturn; lib.singleton {
from = min-port;
to = max-port;
};
in {
allowedTCPPorts = [
3478 # TURN listener
5349 # STUN TLS
5350 # STUN TLS alt
];
allowedUDPPorts = [
3478 # TURN listener
5349 # TLS
5350 # TLS alt
];
allowedUDPPortRanges = range; # TURN peer relays
};
security.acme.certs = {
"${config.services.coturn.realm}" = {
group = "turnserver";
reloadServices = [ "coturn" ];
};
};
age.secrets = {
"passwords/services/coturn/static-auth-secret" = {
file = "${self.inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
owner = "turnserver";
group = "turnserver";
};
} // (if cfg.matrixIntegration then {
"passwords/services/coturn/matrix-turn-config.yml" = {
file = "${self.inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
owner = "matrix-synapse";
group = "matrix-synapse";
};
} else {});
services.coturn = rec {
enable = true;
realm = cfg.realm;
use-auth-secret = true;
static-auth-secret-file = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
min-port = 49000;
max-port = 50000;
no-cli = true;
no-tcp-relay = true;
extraConfig = ''
cipher-list="HIGH"
no-multicast-peers
# Ban private CIDR blocks
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
'';
};
services.matrix-synapse = lib.mkIf cfg.matrixIntegration {
settings = with config.services.coturn; {
turn_uris = [
"turn:${realm}:3478?transport=udp"
"turn:${realm}:3478?transport=tcp"
];
turn_user_lifetime = "1h";
};
extraConfigFiles = [
config.age.secrets."passwords/services/coturn/matrix-turn-config.yml".path
];
};
};
}

226
modules/nixos/services/gitea-runner/default.nix Normal file
View File

@ -0,0 +1,226 @@
{ pkgs, config, lib, self, ... }:
# Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
with lib;
let
cfg = config.modules.services.gitea-runner;
hostname = config.networking.hostName;
giteaUrl = "https://git.vimium.com";
storeDepsBins = with pkgs; [
coreutils
findutils
gnugrep
gawk
git
nix
nix-update
bash
jq
nodejs
];
storeDeps = pkgs.runCommand "store-deps" { } ''
mkdir -p $out/bin
for dir in ${toString storeDepsBins}; do
for bin in "$dir"/bin/*; do
ln -s "$bin" "$out/bin/$(basename "$bin")"
done
done
# Add SSL CA certs
mkdir -p $out/etc/ssl/certs
cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
'';
in
{
options.modules.services.gitea-runner = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Enable a runner for Gitea Actions on this host";
};
};
config = mkIf cfg.enable {
modules.podman.enable = true;
systemd.services = {
gitea-runner-nix-image = {
wantedBy = [ "multi-user.target" ];
after = [ "podman.service" ];
requires = [ "podman.service" ];
path = [ config.virtualisation.podman.package pkgs.gnutar pkgs.shadow pkgs.getent ];
script = ''
set -eux -o pipefail
mkdir -p etc/nix
# Create an unpriveleged user that we can use also without the run-as-user.sh script
touch etc/passwd etc/group
groupid=$(cut -d: -f3 < <(getent group nix-ci-user))
userid=$(cut -d: -f3 < <(getent passwd nix-ci-user))
groupadd --prefix $(pwd) --gid "$groupid" nix-ci-user
emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.'
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nix-ci-user nix-ci-user
cat <<NIX_CONFIG > etc/nix/nix.conf
accept-flake-config = true
experimental-features = nix-command flakes
NIX_CONFIG
cat <<NSSWITCH > etc/nsswitch.conf
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
NSSWITCH
# list the content as it will be imported into the container
tar -cv . | tar -tvf -
tar -cv . | podman import - gitea-runner-nix
'';
serviceConfig = {
RuntimeDirectory = "gitea-runner-nix-image";
WorkingDirectory = "/run/gitea-runner-nix-image";
Type = "oneshot";
RemainAfterExit = true;
};
};
gitea-runner-nix = {
after = [ "gitea-runner-nix-image.service" ];
requires = [ "gitea-runner-nix-image.service" ];
serviceConfig = {
# Hardening (may overlap with DynamicUser=)
# The following options are only for optimizing output of systemd-analyze
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
UMask = "0066";
ProtectProc = "invisible";
SystemCallFilter = [
"~@clock"
"~@cpu-emulation"
"~@module"
"~@mount"
"~@obsolete"
"~@raw-io"
"~@reboot"
"~@swap"
# needed by go?
#"~@resources"
"~@privileged"
"~capset"
"~setdomainname"
"~sethostname"
];
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ];
# Needs network access
PrivateNetwork = false;
# Cannot be true due to Node
MemoryDenyWriteExecute = false;
# The more restrictive "pid" option makes `nix` commands in CI emit
# "GC Warning: Couldn't read /proc/stat"
# You may want to set this to "pid" if not using `nix` commands
ProcSubset = "all";
# Coverage programs for compiled code such as `cargo-tarpaulin` disable
# ASLR (address space layout randomization) which requires the
# `personality` syscall
# You may want to set this to `true` if not using coverage tooling on
# compiled code
LockPersonality = false;
# Note that this has some interactions with the User setting; so you may
# want to consult the systemd docs if using both.
DynamicUser = true;
};
};
};
users.users.nix-ci-user = {
group = "nix-ci-user";
description = "Used for running nix-based CI jobs";
home = "/var/empty";
isSystemUser = true;
};
users.groups.nix-ci-user = { };
age.secrets."files/services/gitea-runner/${hostname}-token" = {
file = "${self.inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
group = "podman";
};
services.gitea-actions-runner.instances = {
act = {
enable = true;
url = giteaUrl;
name = "act-runner-${hostname}";
tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path;
settings = {
cache.enabled = true;
runner.capacity = 4;
};
labels = [
"debian-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
];
};
nix = {
enable = true;
url = giteaUrl;
name = "nix-runner-${hostname}";
tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path;
settings = {
cache.enabled = true;
container = {
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nix-ci-user";
network = "host";
valid_volumes = [
"/nix"
"${storeDeps}/bin"
"${storeDeps}/etc/ssl"
];
};
runner.capacity = 4;
};
labels = [
"nix:docker://gitea-runner-nix"
];
};
};
};
}

93
modules/nixos/services/gitea/default.nix Normal file
View File

@ -0,0 +1,93 @@
{ config, lib, pkgs, self, ... }:
let
cfg = config.modules.services.gitea;
in {
options.modules.services.gitea = {
enable = lib.mkEnableOption "gitea";
domain = lib.mkOption {
type = lib.types.string;
default = "git.vimium.com";
};
};
config = lib.mkIf cfg.enable {
users = {
users.git = {
isSystemUser = true;
useDefaultShell = true;
group = "git";
extraGroups = [ "gitea" ];
home = config.services.gitea.stateDir;
};
groups.git = { };
};
services.nginx = {
upstreams.gitea = {
servers = {
"unix:${config.services.gitea.settings.server.HTTP_ADDR}" = { };
};
};
virtualHosts = {
"${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://gitea";
};
};
};
systemd.tmpfiles.rules = [
"d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${self.inputs.gitea-github-theme}/theme-github.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-auto.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-dark.css"
];
services.gitea = rec {
package = pkgs.unstable.gitea;
enable = true;
user = "git";
appName = "Vimium Git";
stateDir = "/var/lib/gitea";
repositoryRoot = "${stateDir}/repositories";
database = {
type = "sqlite3";
inherit user;
path = "${stateDir}/gitea.db";
};
lfs = {
enable = true;
contentDir = "${stateDir}/lfs";
};
settings = {
server = {
DOMAIN = config.networking.domain;
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
PROTOCOL = "http+unix";
SSH_USER = "git";
SSH_DOMAIN = "${cfg.domain}";
SSH_PORT = lib.head config.services.openssh.ports;
ROOT_URL = "https://${cfg.domain}/";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log = {
ROOT_PATH = "${stateDir}/log";
"logger.router.MODE" = "";
};
ui = {
THEMES = "gitea,arc-green,github,github-auto,github-dark";
DEFAULT_THEME = "github-dark";
};
actions.ENABLED = true;
indexer = {
REPO_INDEXER_ENABLED = true;
};
packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload";
};
};
};
}

66
modules/nixos/services/headscale/default.nix Normal file
View File

@ -0,0 +1,66 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.services.headscale;
fqdn = "headscale.vimium.net";
in {
options.modules.services.headscale = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.headscale ];
services.headscale = {
enable = true;
port = 8080;
settings = {
policy.path = null;
ip_prefixes = [
"100.64.0.0/10"
];
server_url = "https://${fqdn}";
derp = {
auto_update_enable = false;
update_frequency = "24h";
};
dns = {
base_domain = "mesh.vimium.net";
extra_records = [
{
name = "grafana.mesh.vimium.net";
type = "A";
value = "100.64.0.6";
}
{
name = "home.mesh.vimium.net";
type = "A";
value = "100.64.0.7";
}
];
magic_dns = true;
nameservers.global = [
"9.9.9.9"
];
};
logtail.enabled = false;
};
};
services.nginx.virtualHosts = {
"${fqdn}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
};
};
}

74
modules/nixos/services/mail/default.nix Normal file
View File

@ -0,0 +1,74 @@
{ config, lib, self, ... }:
let
cfg = config.modules.services.mail;
domains = [
"h0lt.com"
"jdholt.com"
"jordanholt.xyz"
"vimium.co"
"vimium.com"
"vimium.co.uk"
"vimium.info"
"vimium.net"
"vimium.org"
"vimium.xyz"
];
in {
options.modules.services.mail = {
enable = lib.mkOption {
default = false;
example = true;
};
};
imports = [
self.inputs.nixos-mailserver.nixosModule
];
config = lib.mkIf cfg.enable {
services.roundcube = {
enable = true;
hostName = config.mailserver.fqdn;
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
plugins = [ "contextmenu" ];
};
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
mailserver = {
enable = true;
fqdn = "mail.vimium.com";
domains = domains;
indexDir = "/var/lib/dovecot/indices";
certificateDomains = [
"imap.vimium.com"
"smtp.vimium.com"
];
certificateScheme = "acme-nginx";
fullTextSearch.enable = true;
loginAccounts = {
"jordan@vimium.com" = {
hashedPasswordFile = config.users.users.jordan.hashedPasswordFile;
catchAll = domains;
};
};
extraVirtualAliases = {
"hostmaster@vimium.com" = "jordan@vimium.com";
"postmaster@vimium.com" = "jordan@vimium.com";
"webmaster@vimium.com" = "jordan@vimium.com";
"abuse@vimium.com" = "jordan@vimium.com";
};
};
};
}

228
modules/nixos/services/matrix/default.nix Normal file
View File

@ -0,0 +1,228 @@
{ config, lib, pkgs, self, ... }:
let
cfg = config.modules.services.matrix;
in {
options.modules.services.matrix = {
enable = lib.mkEnableOption "matrix";
element = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
bridges = {
signal = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Signal bridge.";
};
whatsapp = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable WhatsApp bridge.";
};
};
serverName = lib.mkOption {
type = lib.types.str;
default = "vimium.com";
example = "vimium.com";
};
usePostgresql = lib.mkEnableOption "postgresql";
};
config = let
matrixSubdomain = "matrix.${cfg.serverName}";
elementSubdomain = "chat.${cfg.serverName}";
matrixClientConfig = {
"m.homeserver" = {
base_url = "https://${matrixSubdomain}";
server_name = cfg.serverName;
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
matrixServerConfig."m.server" = "${matrixSubdomain}:443";
commonBridgeSettings = bridge: {
appservice = {
database = lib.mkIf cfg.usePostgresql {
type = "postgres";
uri = "postgresql:///${bridge}?host=/run/postgresql";
};
};
bridge = {
encryption = {
allow = true;
default = true;
require = true;
};
permissions = {
"${cfg.serverName}" = "user";
"@jordan:${cfg.serverName}" = "admin";
};
provisioning = {
shared_secret = "disable";
};
};
homeserver = {
address = "https://${matrixSubdomain}";
domain = cfg.serverName;
};
};
in lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
8448 # Matrix federation
];
security.acme.certs = {
"${matrixSubdomain}" = {
reloadServices = [ "matrix-synapse" ];
};
};
services.nginx.virtualHosts = {
"${matrixSubdomain}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::1]";
port = 443;
ssl = true;
}
{
addr = "[::1]";
port = 80;
}
{
addr = "[::1]";
port = 8448;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
"/_matrix" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 50M;
'';
};
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
"${cfg.serverName}" = let
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
'';
in {
locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
};
} // (if cfg.element.enable then {
"${elementSubdomain}" = {
forceSSL = true;
enableACME = true;
root = pkgs.unstable.element-web.override {
conf = {
default_server_config = matrixClientConfig;
brand = "Vimium Chat";
branding = {
auth_header_logo_url = "https://vimium.com/images/logo.svg";
auth_footer_links = [
{ "text" = "Vimium.com"; "url" = "https://vimium.com"; }
];
};
};
};
};
} else {});
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
services.matrix-synapse = {
enable = true;
enableRegistrationScript = true;
settings = {
database.name = (if cfg.usePostgresql then "psycopg2" else "sqlite3");
enable_metrics = false;
enable_registration = false;
max_upload_size = "100M";
report_stats = false;
server_name = cfg.serverName;
};
};
systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups =
(lib.optional cfg.bridges.whatsapp
config.systemd.services.mautrix-whatsapp.serviceConfig.Group);
services.postgresql = lib.mkIf cfg.usePostgresql {
ensureUsers = [
{
name = "matrix-synapse";
ensureDBOwnership = true;
}
] ++ (lib.optional cfg.bridges.signal
{
name = "mautrix-signal";
ensureDBOwnership = true;
})
++ (lib.optional cfg.bridges.whatsapp
{
name = "mautrix-whatsapp";
ensureDBOwnership = true;
});
ensureDatabases = [
"matrix-synapse"
] ++ (lib.optional cfg.bridges.signal
"mautrix-signal")
++ (lib.optional cfg.bridges.whatsapp
"mautrix-whatsapp");
};
services.mautrix-signal = lib.mkIf cfg.bridges.signal {
enable = true;
settings = commonBridgeSettings "mautrix-signal";
};
services.mautrix-whatsapp = lib.mkIf cfg.bridges.whatsapp {
enable = true;
settings = {
bridge = {
history_sync = {
backfill = true;
max_initial_conversations = -1;
message_count = 50;
request_full_sync = true;
};
mute_bridging = true;
};
} // commonBridgeSettings "mautrix-whatsapp";
};
};
}

182
modules/nixos/services/nginx/default.nix Normal file
View File

@ -0,0 +1,182 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.modules.services.nginx;
nginxErrorPages = ''
location @error_pages {
rewrite ^.*$ /''${status}.html break;
root "/var/www/html/errors";
}
'';
nginxEdgeHeaders = ''
more_set_headers 'Server: Vimium';
more_set_headers 'Access-Control-Allow-Origin: *';
add_header Expect-CT max-age=30 always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header Vimium-Responding-Instance $hostname;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff always;
'';
nginxStrictHeaders = ''
add_header X-Frame-Options SAMEORIGIN always;
add_header Permissions-Policy "fullscreen=(self), sync-xhr=(self)" always;
'';
mkRedirect = from: to: {
"${from}" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.${from}" ];
locations."/".return = "301 https://${to}$request_uri";
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
};
};
in {
options.modules.services.nginx = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
];
services.nginx = {
enable = true;
package = pkgs.openresty;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2G";
sslProtocols = "TLSv1.2 TLSv1.3";
sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
appendHttpConfig = ''
error_page 400 @error_pages;
error_page 401 @error_pages;
error_page 403 @error_pages;
error_page 404 @error_pages;
error_page 405 @error_pages;
error_page 429 @error_pages;
error_page 500 @error_pages;
error_page 501 @error_pages;
error_page 502 @error_pages;
error_page 503 @error_pages;
error_page 504 @error_pages;
client_body_buffer_size 16k;
client_header_buffer_size 8k;
'';
appendConfig = ''
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 50000;
'';
eventsConfig = ''
worker_connections 20000;
multi_accept off;
'';
proxyCachePath = {
"skycam" = {
enable = true;
keysZoneName = "skycam_cache";
maxSize = "100m";
};
};
virtualHosts = {
## Static sites
"jellyfin.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8000";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
"jdholt.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam/snapshot.jpg" = {
extraConfig = ''
set $backend "skycam.mesh.vimium.net:8080";
resolver 100.100.100.100;
proxy_pass http://$backend/snapshot;
proxy_cache skycam_cache;
proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
'';
};
locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
enableACME = true;
extraConfig = ''
${nginxErrorPages}
more_set_headers 'Server: Vimium';
'';
locations."/" = {
root = "/var/www/pki.vimium.com";
};
};
"suhailhussain.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.suhailhussain.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/" = {
root = "/var/www/suhailhussain.com";
};
};
"vimium.com" = {
default = true;
forceSSL = true;
enableACME = true;
serverAliases = [ "www.vimium.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders + ''
add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
'';
locations."/" = {
root = "/var/www/vimium.com";
};
};
}
## Redirects
// (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com")
// (mkRedirect "vimium.co" "vimium.com")
// (mkRedirect "vimium.co.uk" "vimium.com")
// (mkRedirect "vimium.info" "vimium.com")
// (mkRedirect "vimium.net" "vimium.com")
// (mkRedirect "vimium.org" "vimium.com")
// (mkRedirect "vimium.xyz" "vimium.com");
};
};
}

57
modules/nixos/services/photoprism/default.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, lib, pkgs, self, ... }:
with lib;
let cfg = config.modules.services.photoprism;
in {
options.modules.services.photoprism = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
services.nginx = {
virtualHosts = {
"gallery.vimium.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.photoprism.port}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
};
};
age.secrets."passwords/services/photoprism/admin" = {
file = "${self.inputs.secrets}/passwords/services/photoprism/admin.age";
};
services.photoprism = {
enable = true;
address = "localhost";
passwordFile = config.age.secrets."passwords/services/photoprism/admin".path;
originalsPath = "${config.services.photoprism.storagePath}/originals";
settings = {
PHOTOPRISM_APP_NAME = "Vimium Gallery";
PHOTOPRISM_SITE_AUTHOR = "Vimium";
PHOTOPRISM_SITE_TITLE = "Vimium Gallery";
PHOTOPRISM_SITE_CAPTION = "Vimium Gallery";
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_SPONSOR = "true";
};
};
};
}

39
modules/nixos/shell/git/default.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.shell.git;
in {
options.modules.shell.git = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.programs.git = {
enable = true;
aliases = {
amend = "commit --amend";
lg = "log --color --graph --abbrev-commit --";
ls = "ls-files";
unadd = "reset HEAD";
undo-commit = "reset --soft \"HEAD^\"";
};
userEmail = "jordan@vimium.com";
userName = "Jordan Holt";
signing = {
key = "B8CFFF61F1CCF520";
signByDefault = true;
};
extraConfig = {
rebase.autosquash = true;
push.default = "current";
pull.rebase = true;
};
};
home.configFile = {
"git/ignore".source = ./ignore;
};
};
}

24
modules/nixos/shell/git/ignore Normal file
View File

@ -0,0 +1,24 @@
# CMake
cmake-build-*/
# Linux trash folder
.Trash-*
# Swap
[._]*.s[a-v][a-z]
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
Sessionx.vim
# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~

34
modules/nixos/shell/zsh/.zshrc Normal file
View File

@ -0,0 +1,34 @@
source $ZDOTDIR/config.zsh
if [ ! -d "$ZGEN_DIR" ]; then
echo "Installing jandamm/zgenom"
git clone https://github.com/jandamm/zgenom "$ZGEN_DIR"
fi
source $ZGEN_DIR/zgenom.zsh
zgenom autoupdate
if ! zgenom saved; then
echo "Initializing zgenom"
rm -f $ZDOTDIR/*.zwc(N) \
$XDG_CACHE_HOME/zsh/*(N) \
$ZGEN_INIT.zwc
zgenom load junegunn/fzf shell
zgenom load zdharma-continuum/fast-syntax-highlighting
zgenom load zsh-users/zsh-completions src
zgenom load zsh-users/zsh-history-substring-search
zgenom load softmoth/zsh-vim-mode
zgenom save
zgenom compile $ZDOTDIR
fi
## Bootstrap interactive sessions
if [[ $TERM != dumb ]]; then
autoload -Uz compinit && compinit -u -d $ZSH_CACHE/zcompdump
source $ZDOTDIR/keybinds.zsh
source $ZDOTDIR/completion.zsh
source $ZDOTDIR/aliases.zsh
fi

25
modules/nixos/shell/zsh/aliases.zsh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/sh
# Verbose file operations
alias \
cp="cp -iv" \
mv="mv -iv" \
rm="rm -v" \
mkdir="mkdir -v"
# Colorize commands
alias \
ls="ls -h --color=auto --group-directories-first"
# Abbreviations
alias \
e="$EDITOR" \
f="$FILE" \
g="git" \
m="neomutt" \
n="$FILE" \
v="$EDITOR"
# XDG fixes
alias \
mbsync="mbsync -c $XDG_CONFIG_HOME/isync/mbsyncrc -a"

6
modules/nixos/shell/zsh/completion.zsh Normal file
View File

@ -0,0 +1,6 @@
fpath+=( $ZDOTDIR/completions )
# Don't offer history completion; we have fzf, C-r, and
# zsh-history-substring-search for that.
ZSH_AUTOSUGGEST_STRATEGY=(completion)
ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE=30

99
modules/nixos/shell/zsh/config.zsh Normal file
View File

@ -0,0 +1,99 @@
####
## zsh configuration
####
## Colors
autoload -U colors && colors
## Completion
setopt HASH_LIST_ALL
unsetopt AUTO_NAME_DIRS
autoload -Uz compinit
zstyle ':completion:*' menu select
zmodload zsh/complist
compinit
_comp_options+=(globdots) # Include hidden files
## Directories
setopt AUTO_PUSHD
setopt CDABLE_VARS
setopt PUSHD_IGNORE_DUPS
setopt PUSHD_SILENT
setopt PUSHD_TO_HOME
unsetopt AUTO_CD
## Expansion and globbing
setopt EXTENDED_GLOB
unsetopt GLOB_DOTS
unsetopt NOMATCH
## History
HISTFILE="${XDG_DATA_HOME:-${HOME}/.local/share}/zsh/history"
HISTSIZE=1000000
SAVEHIST=1000000
[[ !( -f "${HISTFILE}" ) ]] && mkdir -p $(dirname ${HISTFILE})
setopt APPEND_HISTORY
setopt BANG_HIST
setopt EXTENDED_HISTORY
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_SAVE_NO_DUPS
setopt HIST_VERIFY
setopt INC_APPEND_HISTORY_TIME
setopt SHARE_HISTORY
## I/O
setopt INTERACTIVE_COMMENTS
setopt MULTIOS
unsetopt CLOBBER
## Jobs
setopt LONG_LIST_JOBS
setopt AUTO_RESUME
unsetopt BG_NICE
unsetopt NOTIFY
unsetopt HUP
unsetopt CHECK_JOBS
## Shell emulation
setopt APPEND_CREATE
## Prompt
PS1="%B%{$fg[magenta]%}%~%{$reset_color%} $%b "
## Window title
precmd () { print -Pn "\e]0;%n@%m: %~\a" }
preexec () { print -Pn "\e]0;%n@%m: $1\a" }
## Vi mode
bindkey -v
export KEYTIMEOUT=1
## Zsh line editor
unsetopt BEEP
####
## Plugins
####
export ZGEN_AUTOLOAD_COMPINIT=0
# zsh-vim-mode
export MODE_INDICATOR=""
export MODE_CURSOR_VIINS="#b77ee0 blinking bar"
export MODE_CURSOR_REPLACE="$MODE_CURSOR_VIINS #ff3334"
export MODE_CURSOR_VICMD="#b77ee0 block"
export MODE_CURSOR_SEARCH="#e7c547 steady underline"
export MODE_CURSOR_VISUAL="$MODE_CURSOR_VICMD steady bar"
export MODE_CURSOR_VLINE="$MODE_CURSOR_VISUAL #54ced6"
# fzf
if (( $+commands[fd] )); then
export FZF_DEFAULT_OPTS="--reverse --ansi"
export FZF_DEFAULT_COMMAND="fd ."
export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND"
export FZF_ALT_C_COMMAND="fd -t d . $HOME"
fi

53
modules/nixos/shell/zsh/default.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.shell.zsh;
in {
options.modules.shell.zsh = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
users.defaultUserShell = pkgs.zsh;
programs.zsh = {
enable = true;
enableCompletion = true;
enableGlobalCompInit = false;
promptInit = "";
};
user.packages = with pkgs; [
fd
unstable.fzf
jq
nix-zsh-completions
nnn
ripgrep
zsh
];
env = {
ZDOTDIR = "$XDG_CONFIG_HOME/zsh";
ZSH_CACHE = "$XDG_CACHE_HOME/zsh";
ZGEN_DIR = "$XDG_DATA_HOME/zgenom";
};
home.configFile = {
"zsh/.zshrc".source = ./.zshrc;
"zsh/aliases.zsh".source = ./aliases.zsh;
"zsh/completion.zsh".source = ./completion.zsh;
"zsh/config.zsh".source = ./config.zsh;
"zsh/keybinds.zsh".source = ./keybinds.zsh;
};
system.userActivationScripts.cleanupZgen = ''
rm -rf $ZDOTDIR/.*.zwc
rm -f $ZDOTDIR/.zcompdump
rm -rf $ZSH_CACHE
rm -fv $ZGEN_DIR/init.zsh{,.zwc}
'';
};
}

12
modules/nixos/shell/zsh/keybinds.zsh Normal file
View File

@ -0,0 +1,12 @@
####
## Keybindings
####
stty stop undef
bindkey -s '^f' 'cd "$(dirname "$(fzf)")"\n'
bindkey -M vicmd 'k' history-substring-search-up
bindkey -M vicmd 'j' history-substring-search-down
if (( $+commands[fzf] )); then
bindkey '^R' fzf-history-widget
fi