toph/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

all kinds of things

Browse source
This commit is contained in:
Christopher Mühl 2026-01-04 10:52:14 +01:00
parent 41343a05c0
commit 85dde426dd
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
63 changed files with 1525 additions and 291 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

222
flake.lock generated
View file

@ -161,6 +161,26 @@
"type": "github"
}
},
"community-solid-server": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1767157894,
"narHash": "sha256-s8NPpc+JEcjFky2ct/2MznokguqM/SkLDT69vZjxo68=",
"owner": "tophcodes",
"repo": "CommunitySolidServer.nix",
"rev": "e98e80c7fee3b29c80197bee3b2732f7991ba832",
"type": "github"
},
"original": {
"owner": "tophcodes",
"ref": "main",
"repo": "CommunitySolidServer.nix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -396,6 +416,24 @@
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
@ -416,7 +454,7 @@
"type": "github"
}
},
"flake-parts_4": {
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"stylix",
@ -437,6 +475,24 @@
"type": "github"
}
},
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
@ -510,6 +566,22 @@
"type": "github"
}
},
"flatpak": {
"locked": {
"lastModified": 1739444422,
"narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177",
"type": "github"
},
"original": {
"owner": "gmodena",
"ref": "v0.6.0",
"repo": "nix-flatpak",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@ -529,7 +601,7 @@
"git-global-log": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1766486364,
@ -669,9 +741,25 @@
"type": "github"
}
},
"master": {
"locked": {
"lastModified": 1767143992,
"narHash": "sha256-c3jlq36uxltxGLuQ3KPYfxZkue/LLD0Ct3NdhBUsRyo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5830d8dfe6ae79365987d78bda3dd4152c271d8b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"musnix": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1756852730,
@ -691,22 +779,21 @@
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1764969102,
"narHash": "sha256-b9AEnfuNHbykNw/X4Vqz8uzPg/4S8ZfWE9ggkkz+KR8=",
"lastModified": 1767077227,
"narHash": "sha256-wdUitn3XbaC99X0ctfHf0q5lGQ/1ogUwzjqTD4bkrDg=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "9e59ee80bf92a02423e7ca7b301f969fe230c8d8",
"rev": "9c4cb4a2b1adf7a24064a8cf5c829f464622d520",
"type": "github"
},
"original": {
"owner": "sodiboo",
"ref": "9e59ee8",
"repo": "niri-flake",
"type": "github"
}
@ -775,6 +862,36 @@
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1764831616,
@ -856,6 +973,22 @@
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1767051569,
"narHash": "sha256-0MnuWoN+n1UYaGBIpqpPs9I9ZHW4kynits4mrnh1Pk4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "40ee5e1944bebdd128f9fbada44faefddfde29bd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1766309749,
"narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=",
@ -871,7 +1004,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1756542300,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
@ -887,7 +1020,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1764667669,
"narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
@ -903,7 +1036,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1764983851,
"narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
@ -919,9 +1052,29 @@
"type": "github"
}
},
"noctalia": {
"inputs": {
"nixpkgs": [
"unstable"
]
},
"locked": {
"lastModified": 1767337656,
"narHash": "sha256-gIS9ERV3qKx9P6kGhkfcjNVABg1BT6HqW5LLZlUptNo=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "c4f3fc4d1d5f37a51f2843a125af6b292b8f2fdc",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
]
@ -989,17 +1142,16 @@
]
},
"locked": {
"lastModified": 1766507159,
"narHash": "sha256-hrIi3T99HKRMzmMJdCD4u8Ttv0iEcfAPEt27Tg5evjU=",
"ref": "refs/heads/main",
"rev": "6bc136d983fb0995b19cc63f6304120cf4d33355",
"revCount": 31,
"dirtyRev": "60887a8ec4d6a49e95f3eed9bfe64ca5e47f907b-dirty",
"dirtyShortRev": "60887a8-dirty",
"lastModified": 1766532301,
"narHash": "sha256-U5Yisb+8bYqacQfW1I4JYf6jsquSPsJqZL+sdHcGAN4=",
"type": "git",
"url": "file:///home/christopher/workspaces/ovos-flake"
"url": "file:///home/christopher/workspaces/mine/ovos-flake"
},
"original": {
"type": "git",
"url": "file:///home/christopher/workspaces/ovos-flake"
"url": "file:///home/christopher/workspaces/mine/ovos-flake"
}
},
"plugin-loader": {
@ -1058,19 +1210,24 @@
"agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"awww": "awww",
"community-solid-server": "community-solid-server",
"darwin": "darwin_2",
"disko": "disko",
"flatpak": "flatpak",
"git-global-log": "git-global-log",
"home-manager": "home-manager_2",
"master": "master",
"musnix": "musnix",
"niri": "niri",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"noctalia": "noctalia",
"nur": "nur",
"ovos": "ovos",
"quadlet": "quadlet",
"snowfall": "snowfall",
"stylix": "stylix",
"unstable": "unstable"
"unstable": "unstable",
"waka-victoriametrics": "waka-victoriametrics"
}
},
"rust-overlay": {
@ -1123,7 +1280,7 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4",
"flake-parts": "flake-parts_5",
"gnome-shell": "gnome-shell",
"nixpkgs": [
"nixpkgs"
@ -1361,6 +1518,27 @@
"type": "github"
}
},
"waka-victoriametrics": {
"inputs": {
"flake-parts": "flake-parts_6",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1767162295,
"narHash": "sha256-gUVVL6Euk7cgLSxT1Ybl3lAdcpA7APbURDg8goz1yxU=",
"ref": "refs/heads/main",
"rev": "08d5652ba298da6eb18b505fcd8cf905504d958c",
"revCount": 7,
"type": "git",
"url": "file:///home/christopher/workspaces/mine/waka-victoriametrics"
},
"original": {
"type": "git",
"url": "file:///home/christopher/workspaces/mine/waka-victoriametrics"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {

25
flake.nix
View file

@ -5,6 +5,7 @@
# Core
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
master.url = "github:NixOS/nixpkgs/master";
# Flake framework
# flake-parts.url = "github:hercules-ci/flake-parts";
@ -49,17 +50,29 @@
affinity-nix.url = "github:mrshmllow/affinity-nix";
quadlet.url = "github:SEIAROTg/quadlet-nix";
musnix.url = "github:musnix/musnix";
niri.url = "github:sodiboo/niri-flake/9e59ee8";
niri.url = "github:sodiboo/niri-flake";
flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.6.0";
awww.url = "git+https://codeberg.org/LGFae/awww";
git-global-log.url = "github:tophcodes/git-global-log";
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
community-solid-server = {
url = "github:tophcodes/CommunitySolidServer.nix/main";
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "unstable";
};
# Custom
ovos = {
url = "git+file:///home/christopher/workspaces/ovos-flake";
url = "git+file:///home/christopher/workspaces/mine/ovos-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
waka-victoriametrics = {
url = "git+file:///home/christopher/workspaces/mine/waka-victoriametrics";
inputs.nixpkgs.follows = "nixpkgs";
};
};
@ -95,6 +108,7 @@
stylix.nixosModules.stylix
musnix.nixosModules.default
ovos.nixosModules.default
waka-victoriametrics.nixosModules.default
];
beryllium.modules = [
quadlet.nixosModules.quadlet
@ -105,6 +119,10 @@
};
homes.users = {
# TODO: For some reason this needs to be toggled for agenix to work?
# "christopher@cobalt".modules = with inputs; [
# niri.homeModules.niri
# ];
"christopher@beryllium".modules = with inputs; [
quadlet.homeManagerModules.quadlet
];
@ -121,6 +139,9 @@
niri.overlays.niri
nur.overlays.default
ovos.overlays.default
(final: prev: {
waka-victoriametrics = waka-victoriametrics.packages.${final.system}.default;
})
];
outputs-builder = channels: {

16
homes/x86_64-linux/christopher@cobalt/config/dev.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
inputs,
system,
...
}: {
{pkgs, ...}: {
home.packages = with pkgs; [
# Editors
jetbrains-toolbox # Installer for JetBrains IDEs
@ -11,7 +6,10 @@
code-cursor
vscode
rfc
atuin-desktop
rfc # TUI-based RFC reader
nix-init # Generate Nix packages from URLs
install-nothing
# Language Servers
lua-language-server
@ -21,14 +19,18 @@
nil # nix lsp
# trurl # Parsing and manipulating URLs via CLI
pandoc # Document converter
ripgrep # Grep file search
dig # DNS
onefetch # Git information tool
tokei # Like cloc
gource
zeal # Offline documentation browser
_elements.dedoc # Terminal-based documentation viewer
just # Just a command runner
claude-monitor
devenv
gitui
_elements.oryx # TUI for sniffing network traffic using eBPF
# Build tools

24
homes/x86_64-linux/christopher@cobalt/config/fonts.nix
View file

@ -1,13 +1,31 @@
{pkgs, ...}: {
home.packages = with pkgs; [
font-manager
nerd-fonts.monaspace # Patched fonts
google-fonts # Google fonts
monaspace
google-fonts
kdePackages.kcharselect
];
fonts.fontconfig.enable = true;
stylix.fonts = {
monospace = {
name = "Monaspace Neon NF";
package = pkgs.nerd-fonts.monaspace;
};
sizes = {
applications = 12;
terminal = 13;
desktop = 10;
popups = 10;
};
};
programs.kitty.settings = {
font_family = "family='MonaspiceNe Nerd Font' style='Light'";
bold_font = "family='MonaspiceNe Nerd Font' style='Bold'";
};
home.file.".local/share/fonts" = {
# This includes FontAwesome and other proprietary fonts which are licensed,
# so I have to download them from a private repository

4
homes/x86_64-linux/christopher@cobalt/config/git.nix
View file

@ -43,8 +43,8 @@
alias.force-push = "push --force-with-lease"; # Safe force pushes
fetch.writeCommitGraph = true; # Automatically write the commit graph on fetches
init.defaultBranch = "main";
core.pager = "delta";
interactive.diffFilter = "delta --color-only";
# core.pager = "delta";
# interactive.diffFilter = "delta --color-only";
delta = {
navigate = true;
dark = true;

14
homes/x86_64-linux/christopher@cobalt/config/radicle.nix Normal file
View file

@ -0,0 +1,14 @@
{pkgs, ...}: {
home.packages = with pkgs; [
radicle-tui
radicle-desktop
];
programs.radicle = {
enable = true;
settings = {
connect = ["z6MkjLnQeLFcgE2AQ3BRMYGr3npNnctcGpABZLEHpmvHdrjX@seed.toph.so:8776"];
node.alias = "toph";
};
};
}

25
homes/x86_64-linux/christopher@cobalt/default-applications.nix Normal file
View file

@ -0,0 +1,25 @@
{pkgs, ...}: {
home.packages = with pkgs; [
# Simple browsers for HTML
qutebrowser
pkgs._elements.firefox-with-context # Open URLs in different browser profiles based on context
];
xdg.mimeApps = {
enable = true;
defaultApplicationPackages = with pkgs; [
kdePackages.gwenview # image viewer
kdePackages.okular # pdf viewer
kdePackages.ark # Archives
vlc # Video player
];
# Only want to use qute for HTML files, not URLs
defaultApplications = {
"text/html" = "qutebrowser";
"x-scheme-handler/http" = "firefox-with-context";
"x-scheme/handler/https" = "firefox-with-context";
};
};
}

124
homes/x86_64-linux/christopher@cobalt/default.nix
View file

@ -1,15 +1,20 @@
{
pkgs,
config,
# inputs,
lib,
inputs,
...
} @ all: {
imports =
[
# inputs.ovos.homeManagerModules.default
./ssh.nix
./email.nix
./gpg
./niri
./stylix.nix
./default-applications.nix
./misc/launcher.nix
./misc/browser.nix
./misc/gaming.nix
@ -18,7 +23,6 @@
./misc/recording.nix
./misc/everything.nix # TODO: Determine if we really always want all these programs or they should be composable
./global/current-packages.nix
# inputs.ovos.homeManagerModules.default
]
++ (import ./config.nix all);
@ -28,6 +32,7 @@
needs = {
repoUpdatePAT = "repo-update-pat.age";
emailPassword = "email-password.age";
npmrc = {
rekeyFile = "npmrc.age";
path = "${config.home.homeDirectory}/.npmrc";
@ -37,18 +42,125 @@
elements.kitty.enable = true;
# services.ovos = {
# language = "de-de";
services = {
activitywatch = {
enable = true;
watchers = {
aw-watcher-afk.settings = {
timeout = 300;
poll_time = 2;
};
aw-watcher-window.settings = {
poll_time = 1;
exclude_title = false;
};
};
};
# ovos = {
# language = "de-de";
#
# audio = {
# enable = true;
# voice = "de_DE-thorsten-medium";
# logLevel = "DEBUG";
# };
#
# listener.enable = true; # STT input (requires microphone)
# skills.enable = true; # Intent processing
# };
};
programs.fastfetch = let
ansiLogo = pkgs.fetchFromGitHub {
owner = "4DBug";
repo = "nix-ansi";
rev = "3be6d1d";
sha256 = "sha256-QmoyLTDZu7gmkmU25FX6eNZfqqdYoqPaWGJnsSC+kg4=";
};
in {
enable = true;
settings = {
logo = {
type = "file";
source = "${ansiLogo}/nix.txt";
};
display.separator = " ";
modules = [
{
type = "title";
key = "";
}
"break"
{
type = "os";
key = "os";
format = "{2}";
}
{
type = "kernel";
key = "";
}
{
type = "packages";
key = "";
}
"break"
{
type = "wm";
key = "";
}
{
type = "terminal";
key = "";
}
{
type = "shell";
key = "";
}
"break"
{
type = "cpu";
key = "";
}
{
type = "gpu";
key = "";
}
{
type = "memory";
key = "";
}
"break"
{
type = "disk";
key = "";
# format = "{mountpoint}";
}
{
type = "swap";
key = "";
}
"break"
{
type = "monitor";
key = "";
}
{
type = "keyboard";
key = "";
}
];
};
};
home = {
extraOutputsToInstall = ["doc" "devdoc"];
@ -56,8 +168,6 @@
packages = with pkgs._elements; [
quick-zeal
spawn-term
to-s3
generate-wallpaper
];
};

89
homes/x86_64-linux/christopher@cobalt/email.nix Normal file
View file

@ -0,0 +1,89 @@
{
pkgs,
config,
...
}: let
serverConfig = {
imap.host = "europium.gutentag.games";
smtp.host = "europium.gutentag.games";
userName = "christopher";
passwordCommand = "cat ${config.age.secrets.emailPassword.path}";
};
in {
programs = {
# TODO: Move this into its own file
irssi = {
enable = true;
networks."w3c" = {
server.address = "irc.w3c.org";
nick = "tophcodes";
channels."crdt4rdf".autoJoin = true;
};
};
# Syncs my mailbox for other programs to digest more easily
mbsync.enable = true;
# CLI-based email client
aerc = {
enable = true;
# This is necessary because `accounts.email` symlinks the configuration
# for aerc to use. Since there are no secrets in it, this is safe to do,
# so we need to tell aerc to ignore the "too lax" permissions on that file
extraConfig = {
general = {
unsafe-accounts-conf = true;
};
viewer = {
# pager = ''
# '';
};
filters = ''
text/plain=less
application/pdf=tdf $AERC_FORMAT
message/delivery-status=less
message/rfc822=less
text/html=reader
text/*=bat -fP
'';
};
};
# Query emails via CLI
notmuch = {
enable = true;
hooks = {
preNew = "mbsync --all";
};
};
};
home.packages = with pkgs; [
reader
tdf
];
accounts.email = {
accounts = {
europium =
{
primary = true;
realName = "Christopher Mühl";
address = "christopher@muehl.dev";
aerc.enable = true;
notmuch.enable = true;
mbsync = {
enable = true;
create = "maildir";
};
}
// serverConfig;
};
};
}

21
homes/x86_64-linux/christopher@cobalt/misc/browser.nix
View file

@ -1,22 +1,17 @@
{pkgs, ...}: {
{...}: {
programs.firefox = {
enable = true;
profiles."default".id = 0;
profiles."work".id = 1;
profiles."prune".id = 3;
profiles = {
"default".id = 0;
"work".id = 1;
"prune".id = 3;
};
};
home.packages = [pkgs._elements.open-url];
xdg.mimeApps.enable = true;
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/http" = "open-url.desktop";
"x-scheme-handler/https" = "open-url.desktop";
};
services.psd = {
# profile-sync-daemon
enable = false;
services.psd = {
enable = true;
resyncTimer = "10m";
};
}

25
homes/x86_64-linux/christopher@cobalt/misc/creativity.nix
View file

@ -5,15 +5,26 @@
...
}: {
home.packages = with pkgs; [
# 3D printing and engineering
orca-slicer
inputs.affinity-nix.packages.${system}.v3 # adobe suite replacement
gmic # greyc's magic
# Drawing
krita
inputs.affinity-nix.packages.${system}.v3
krita-plugin-gmic
# Audio
vcv-rack
supercollider
gimp
gimpPlugins.gmic
# gimpPlugins.bimp # batch image manipulation, broken atm
# rawtherapee
vcv-rack # eurorack synth simulator
supercollider # audio programming language
];
# - the nixpkgs version crashes once logged in
# - flatpaks somehow can't be installed via HM
# - need to manually a desktop entry for the flatpak
xdg.desktopEntries.bambustudio = {
name = "Bambu Studio";
exec = "flatpak run com.bambulab.BambuStudio";
};
}

7
homes/x86_64-linux/christopher@cobalt/misc/everything.nix
View file

@ -24,14 +24,7 @@
speedcrunch # GUI calculator app
calibre # eBook Manager
# Viewers
cider-2 # Apple music player
vlc # Video player
xarchiver # Archive viewer/extractor
zathura # Document viewer
evince # Document viewer
# element-desktop
fractal # Matrix client
gomuks # Matrix client TUI
telegram-desktop

5
homes/x86_64-linux/christopher@cobalt/niri/autostart.nix
View file

@ -4,9 +4,8 @@
...
}: {
programs.niri.settings.spawn-at-startup = with lib._elements; [
{argv = ["mako"];}
{argv = ["awww-daemon"];}
{argv = ["awww" "img" "${fixture "wallpapers/cat-vibes.webp"}"];}
# {argv = ["awww-daemon"];}
# {argv = ["awww" "img" "${fixture "wallpapers/cat-vibes.webp"}"];}
{argv = ["kitty"];}
];

3
homes/x86_64-linux/christopher@cobalt/niri/default.nix
View file

@ -9,11 +9,8 @@
./keybinds.nix
./autostart.nix
./shell.nix
./notifications.nix
];
programs.niri.package = pkgs.niri;
home.packages = with pkgs; [
fuzzel
inputs.awww.packages.${pkgs.stdenv.hostPlatform.system}.awww

1
homes/x86_64-linux/christopher@cobalt/niri/keybinds.nix
View file

@ -7,6 +7,7 @@
binds = with config.lib.niri.actions; {
"Mod+space".action = spawn "fuzzel";
"Mod+e".action = spawn "dolphin";
"Mod+d".action = spawn "zeal"; # Documentation viewer
"Mod+c".action = spawn "${pkgs._elements.spawn-term}/bin/spawn-term";
"Mod+g".action = spawn "${pkgs._elements.hg-picker}/bin/hg-picker";

18
homes/x86_64-linux/christopher@cobalt/niri/notifications.nix
View file

@ -1,18 +0,0 @@
{
config,
pkgs,
...
}: {
services.mako = {
enable = true;
settings = {
max-visible = 5;
#actions = true;
# icons = true;
# default-timeout = 10000; # in ms
# border-radius = 3;
# markup = true;
};
};
}

56
homes/x86_64-linux/christopher@cobalt/niri/settings.nix
View file

@ -2,48 +2,27 @@
config,
pkgs,
...
}: let
round = tl: tr: bl: br: {
bottom-left = bl;
bottom-right = br;
top-left = tl;
top-right = tr;
};
r = 24.0;
# rounded-corners = round r r r r;
# rounded-corners-l = round r 0.0 0.0 r;
rounded-corners-r = round 0.0 r r 0.0;
in {
programs.niri = {
settings = {
}: {
programs.niri.settings = {
prefer-no-csd = true;
debug.honor-xdg-activation-with-invalid-serial = true;
layout = {
background-color = "#ac8887";
always-center-single-column = true;
background-color = "transparent";
focus-ring.enable = true;
gaps = 24;
shadow = {
enable = true;
};
gaps = 12; # 24 before
shadow.enable = true;
};
window-rules = [
{
opacity = 0.95;
clip-to-geometry = true;
geometry-corner-radius = rounded-corners-r;
}
{
matches = [{is-focused = true;}];
# opacity = 0.98;
focus-ring = {
width = 2;
overview = {
workspace-shadow.enable = false;
};
}
];
# workspaces = {
# "streaming" = { };
# };
input = {
# disable-power-key-handling = true;
@ -57,9 +36,7 @@ in {
"DP-3" = {
position.x = 3840;
position.y = -430;
transform = {
rotation = 90;
};
transform.rotation = 90;
};
"HDMI-A-1" = {
position.x = 0;
@ -69,14 +46,11 @@ in {
};
environment = {
# CLUTTER_BACKEND = "wayland";
MOZ_ENABLE_WAYLAND = "1";
# QT_QPA_PLATFORM = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
ELECTRON_OZONE_PLATFORM_HINT = "auto";
XDG_SESSION_TYPE = "wayland";
XDG_CURRENT_DESKTOP = "niri";
};
};
};
}

60
homes/x86_64-linux/christopher@cobalt/niri/shell.nix
View file

@ -1,12 +1,64 @@
{
inputs,
pkgs,
lib,
...
}: {
programs.quickshell = {
imports = [
inputs.noctalia.homeModules.default
];
programs = {
noctalia-shell = {
enable = true;
systemd = {
enable = true;
target = "graphical-session.target";
systemd.enable = true;
settings = {
general.radiusRatio = 0.5;
location = {
name = "Blankenbach, Germany";
showWeekNumberInCalendar = true;
};
bar = {
position = "left";
density = "comfortable";
floating = true;
marginHorizontal = 0.73;
marginVertical = 0.73;
widgets = {
left = [
{id = "ControlCenter";}
{id = "SystemMonitor";}
];
center = [
# {id = "MediaMini";}
{id = "Workspace";}
];
right = [
{id = "Tray";}
{id = "ScreenRecorder";}
{id = "Volume";}
{id = "NotificationHistory";}
{id = "Clock";}
];
};
};
wallpaper = {
enabled = true;
overviewEnabled = false;
directory = "/nix/elements/fixtures/wallpapers";
recursiveSearch = false;
randomEnabled = true;
};
};
};
quickshell.enable = true;
};
}

43
homes/x86_64-linux/christopher@cobalt/niri/window-rules.nix
View file

@ -15,17 +15,21 @@
rounded-left = borders radius 0.0 0.0 radius;
rounded-right = borders 0.0 radius radius 0.0;
in {
programs.niri.settings.window-rules = [
programs.niri.settings = {
layer-rules = [
{
matches = [{namespace = "^noctalia-wallpaper*";}];
place-within-backdrop = true;
}
];
window-rules = [
{
opacity = 0.95;
clip-to-geometry = true;
geometry-corner-radius = rounded-left;
}
{
matches = [
{is-focused = true;}
];
matches = [{is-focused = true;}];
focus-ring.width = 2;
}
{
@ -36,5 +40,30 @@ in {
block-out-from = "screencast";
}
];
{
matches = [{app-id = "kitty";}];
opacity = 0.97;
}
{
matches = [{title = "ld.toph.so";}];
default-column-width = {proportion = 0.75;};
open-floating = true;
opacity = 1.0;
min-width = 500;
max-width = 1000;
min-height = 500;
max-height = 800;
block-out-from = "screencast";
}
{
matches = [
{app-id = "org.zealdocs.zeal";}
{app-id = "speedcrunch";}
];
open-floating = true;
}
];
};
}

18
homes/x86_64-linux/christopher@cobalt/stylix.nix
View file

@ -1,14 +1,21 @@
{
config,
inputs,
pkgs,
...
}: {
imports = [inputs.stylix.homeModules.stylix];
home.packages = with pkgs; [
# themes firefox with wallpaper theme
pywalfox-native
];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/rose-pine-dawn.yaml";
autoEnable = true;
# TODO: Figure out a way for automatic dark-/light-mode switching
base16Scheme = "${pkgs.base16-schemes}/share/themes/rose-pine-moon.yaml";
targets.firefox.profileNames = ["default" "work" "streaming"];
@ -18,12 +25,5 @@
name = "BreezeX-RosePineDawn-Linux";
size = 32;
};
fonts.sizes = {
applications = 12;
terminal = 13;
desktop = 10;
popups = 10;
};
};
}

3
modules/common/nix.nix
View file

@ -1,10 +1,11 @@
{
self,
pkgs,
config,
...
}: {
nix = {
package = pkgs.lixPackageSets.stable.lix;
# Automatic cleanup
gc.automatic = true;
gc.dates = "weekly";

7
modules/home/common/helix/default.nix
View file

@ -9,12 +9,17 @@
editor = {
rulers = [80];
shell = ["nu" "-c"];
line-number = "relative";
bufferline = "always";
auto-save = true;
auto-format = true;
file-picker.hidden = false;
# TODO: Why does the clipboard not work?
#
#
#
# clipboard-provider.custom = {
# yank = {command = "wl-copy";};
# paste = {command = "wl-paste";};

22
modules/home/common/terminal/shell/fish.nix
View file

@ -31,7 +31,27 @@ in {
preferAbbrs = true;
shellAbbrs = {
elm = "elements";
"elm" = "elements";
# Git related
"ga" = "git add";
"gb" = "git branch";
"gst" = "git status";
"gbl" = "git blame";
"grs" = "git restore --staged";
"gcm" = "git commit -m \"%\"";
"iso-date" = "date -u +\"%Y-%m-%dT%H:%M:%SZ\"";
"jf" = "sudo journalctl -f -u";
"sys stat" = "systemctl status";
"sys up" = "systemctl start";
"sys down" = "systemctl stop";
"sys re" = "systemctl restart";
"-C" = {
position = "anywhere";
expansion = "--color";
};
};
};
}

14
modules/home/common/terminal/shell/prompt.nix
View file

@ -6,8 +6,6 @@ in {
enableNushellIntegration = config.programs.nushell.enable;
enableFishIntegration = config.programs.fish.enable;
# Original settings taken from `catppuccin_frappe`, and adjusted to my
# likings and usage.
settings = {
"$schema" = "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json";
version = 3;
@ -30,10 +28,10 @@ in {
newline = true;
segments = [
{
foreground = "p:os";
foreground = "p:blue";
style = "plain";
template = "{{ .Icon }} ";
type = "os";
template = "{{ .UserName }}@{{ .HostName }} ";
type = "session";
}
{
foreground = "p:pink";
@ -51,12 +49,6 @@ in {
};
};
}
{
foreground = "p:blue";
style = "plain";
template = "{{ .UserName }}@{{ .HostName }} ";
type = "session";
}
{
foreground = "p:lavender";
template = "{{ .HEAD }} ";

5
modules/home/gui/kitty.nix
View file

@ -19,8 +19,9 @@ in {
enable = true;
settings = {
window_padding_width = "5 10";
window_padding_width = "3 3";
paste_actions = "no-op";
# font_family = "Monaspace Neon NF";
};
actionAliases = {
@ -29,7 +30,7 @@ in {
extraConfig = ''
shell ${pkgs.fish}/bin/fish
modify_font cell_height 7px
# modify_font cell_height 7px
'';
};

1
modules/nixos/services/default.nix
View file

@ -3,5 +3,6 @@
./lnxlink.nix
./beszel.nix
./ollama.nix
./traefik.nix
];
}

135
modules/nixos/services/traefik.nix Normal file
View file

@ -0,0 +1,135 @@
{
config,
lib,
...
}: let
cfg = config.services.traefik;
routeOptions = lib.types.submodule {
options = {
rule = lib.mkOption {
type = lib.types.str;
example = "Host(`example.com`)";
description = "Traefik routing rule";
};
url = lib.mkOption {
type = lib.types.str;
example = "http://localhost:8096";
description = "Backend service URL";
};
entryPoints = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["websecure"];
description = "Entry points for this route";
};
certResolver = lib.mkOption {
type = lib.types.str;
default = "letsencrypt";
description = "Certificate resolver to use";
};
middlewares = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = "Middlewares to apply to this route";
example = ["auth" "compress"];
};
};
};
mkRouter = service: routeCfg:
{
inherit service;
rule = routeCfg.rule;
entryPoints = routeCfg.entryPoints;
tls.certResolver = routeCfg.certResolver;
}
// lib.optionalAttrs (routeCfg.middlewares != []) {
middlewares = routeCfg.middlewares;
};
mkService = name: routeCfg: {
loadBalancer.servers = [
{url = routeCfg.url;}
];
};
dynamicConfigOptions = {
http = {
routers = lib.mapAttrs mkRouter cfg.routes;
services = lib.mapAttrs mkService cfg.routes;
};
};
in {
options.services.traefik = {
postmasterEmail = lib.mkOption {
type = lib.types.str;
example = "email@example.com";
description = "The email address of the postmaster";
};
routes = lib.mkOption {
type = lib.types.attrsOf routeOptions;
default = {};
description = "Simple route definitions for Traefik";
example = lib.literalExpression ''
{
solid-pod = {
rule = "Host(`solid.my.dev`)";
url = "http://localhost:8096";
};
radicle = {
rule = "Host(`radicle.my.dev`)";
url = "http://localhost:8097";
};
}
'';
};
};
config = lib.mkIf (cfg.enable && cfg.routes != {}) {
networking.firewall.allowedTCPPorts = [80 443];
services.traefik = {
inherit dynamicConfigOptions;
staticConfigOptions = {
entryPoints = {
web = {
address = ":80";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":443";
asDefault = true;
http.tls.certResolver = "letsencrypt";
};
};
log = {
level = "DEBUG";
filePath = "${config.services.traefik.dataDir}/traefik.log";
format = "json";
};
certificatesResolvers.letsencrypt.acme = {
email = config.services.traefik.postmasterEmail;
storage = "${config.services.traefik.dataDir}/acme.json";
# dnsChallenge.provider = "cloudflare";
# TODO: Declaratively determine whether to use staging or production
# based on whether we are in testing.
# caServer = "";
httpChallenge.entryPoint = "web";
};
};
};
};
}

28
modules/nixos/wm/default.nix
View file

@ -16,11 +16,11 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
kdePackages.discover
kdePackages.kclock
kdePackages.kcharselect
kdePackages.kolourpaint
kdePackages.ksystemlog
# kdePackages.discover
# kdePackages.kclock
# kdePackages.kcharselect
# kdePackages.kolourpaint
# kdePackages.ksystemlog
wayland-utils
wl-clipboard
libsForQt5.qtstyleplugin-kvantum
@ -33,19 +33,16 @@ in {
package = pkgs.niri;
};
# niri-flake.cache.enable = false;
services.xserver = {
enable = true;
};
# TODO: Switch this to Niri!
services.desktopManager.plasma6.enable = true;
services.displayManager = {
defaultSession = "plasma";
# SDDM is broken
# gdm = {
# enable = true;
# wayland = true;
# };
defaultSession = "niri";
sddm = {
enable = true;
@ -53,11 +50,12 @@ in {
};
};
xdg.portal = {
xdg.portal = with pkgs; {
enable = true;
xdgOpenUsePortal = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
configPackages = [pkgs.xdg-desktop-portal-gtk];
extraPortals = [xdg-desktop-portal-gnome xdg-desktop-portal-gtk];
#E configPackages = [pkgs.xdg-desktop-portal-gtk];
config.common.default = "gtk";
};

9
overlays/lix/default.nix Normal file
View file

@ -0,0 +1,9 @@
{channels, ...}: final: prev: {
inherit
(prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
}

42
overlays/unstable/default.nix
View file

@ -10,46 +10,12 @@
claude-code
lutris
ollama
dokieli
nix-init
atuin-desktop
# currently doesn't build on unstable
# open-webui
;
bambu-studio = channels.unstable.bambu-studio.overrideAttrs (old: let
newVersion = "02.03.00.70";
in {
version = newVersion;
src = prev.fetchFromGitHub {
owner = "bambulab";
repo = "BambuStudio";
rev = "v${newVersion}";
hash = "sha256-2duNeSBi2WvsAUxkzTbKH+SiliNovc7LVICTzgQkrN8=";
};
nativeBuildInputs = (old.nativeBuildInputs or []) ++ [prev.cmake prev.pkg-config];
postPatch =
(old.postPatch or "")
+ ''
# Remove cereal-Links (link does not work, havent seen anything breaking from this change).
# Disclaimera; This patch is AI generated
grep -RIl "target_link_libraries" . | while read -r f; do
sed -i \
-e 's/\bcereal::cereal\b//g' \
-e 's/[[:space:]]\bcereal\b//g' \
"$f"
done
'';
postInstall =
(old.postInstall or "")
+ ''
wrapProgram $out/bin/bambu-studio --set GBM_BACKEND dri
'';
cmakeFlags =
(old.cmakeFlags or [])
++ [
"-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
inherit (channels.master) install-nothing;
}

30
packages/dedoc/default.nix Normal file
View file

@ -0,0 +1,30 @@
{
lib,
pkgs,
...
}:
pkgs.rustPlatform.buildRustPackage rec {
pname = "dedoc";
version = "0.2.9";
src = pkgs.fetchFromGitHub {
owner = "toiletbril";
repo = "dedoc";
rev = version;
hash = "sha256-B/lZ1G/C/VnSO8Rk67Lhf+hgh97nVooLAu6TxxT0VGs=";
};
postPatch = ''
substituteInPlace Cargo.toml --replace "1.92" "1.91"
'';
cargoHash = "sha256-gW7DXJVAxZTTlUD/7+UL0Hk1xeL+HDByfgnoVQRZaOI=";
meta = {
description = "Terminal based viewer for DevDocs";
homepage = "https://github.com/toiletbril/dedoc";
license = lib.licenses.gpl3Only;
maintainers = with lib.maintainers; [];
mainProgram = "dedoc";
};
}

35
packages/oxigraph/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
lib,
stdenv,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "oxigraph";
version = "0.5.3-post.1";
src = fetchurl {
url = "https://github.com/oxigraph/oxigraph/releases/download/v${version}/oxigraph_v${version}_x86_64_linux_gnu";
hash = "sha256-6yLJ8wuhGu2GoCWMji+Lt1WoDZxRmTLXVMwKb3+ByRQ=";
};
dontUnpack = true;
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp $src $out/bin/oxigraph
chmod +x $out/bin/oxigraph
runHook postInstall
'';
meta = with lib; {
description = "SPARQL graph database";
homepage = "https://github.com/oxigraph/oxigraph";
license = with licenses; [asl20 mit];
maintainers = [];
mainProgram = "oxigraph";
platforms = ["x86_64-linux"];
};
}

39
packages/scripts/firefox-with-context/default.nix Normal file
View file

@ -0,0 +1,39 @@
{pkgs, ...}: let
name = "firefox-with-context";
in
pkgs.stdenv.mkDerivation (finalAttrs: {
inherit name;
pname = name;
src = pkgs.writeShellApplication {
inherit name;
text = builtins.readFile ./firefox-with-context;
};
nativeBuildInputs = [pkgs.copyDesktopItems];
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp ${finalAttrs.src}/bin/${name} $out/bin/
runHook postInstall
'';
desktopItems = [
(pkgs.makeDesktopItem
{
inherit name;
desktopName = "Firefox with context";
noDisplay = true;
exec = "${name} %u";
comment = "Open the given URL in a browser-profile based on context";
mimeTypes = [
"x-scheme-handler/http"
"x-scheme-handler/https"
];
})
];
})

0
packages/scripts/open-url/open-url → packages/scripts/firefox-with-context/firefox-with-context
View file

2
packages/scripts/hg-picker/default.nix
View file

@ -7,7 +7,7 @@ pkgs.writeShellApplication {
REPO=$(cat "$HOME/.gh/hausgold-repos" | fuzzel -d)
if [[ -n $REPO ]]; then
open-url "$BASE_URI$REPO"
xdg-open "$BASE_URI$REPO"
fi
'';
}

19
packages/scripts/open-url/default.nix
View file

@ -1,19 +0,0 @@
{pkgs, ...}: let
name = "open-url";
bin = pkgs.writeShellApplication {
inherit name;
text = builtins.readFile ./open-url;
};
desktopItem = pkgs.makeDesktopItem {
inherit name;
desktopName = "Open URL in a Browser";
comment = "Open the given URL in a browser-profile based on context";
mimeTypes = ["x-scheme-handler/http" "x-scheme-handler/https"];
exec = "${bin}/bin/${name} %u";
};
in
pkgs.symlinkJoin {
inherit name;
paths = [bin desktopItem];
}

10
secrets/email-password.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> X25519 FxzW013H5eWjl5KNyS+pCKEluVp/UU0f8Qt+G3tWmnE
7XhoRKOcwIF1QyDHQWllmDFYctCa+wyaegJ35NmDnjA
-> piv-p256 Kmn3OQ AoXBBi1l/34c00/oQfuz6cxCm9ckXiMmr1oCa92yVRah
8HR8EKHm3SrAxTQHMQtpIi2DRKp4d/mRe4qmZLojghU
-> `D/LpQ-grease
z59Tqdo5QJAUeT008VkND/26In5rpwm93mDyoGJi4XJpAsdrknCeflIPlvhEk3oM
zQDT1wwwCu0a
--- KrJsfh/1W9balEhA0OHmuYWY5W+TKeD/AzNdlIfo49M
Ê2ɘÀ,Žq]z²0îlÜG¹üdI3Žš¤h·ƒj2ðY¿…åîå0bÚw~Úê³êùçÔd6

BIN
secrets/radicle.age Normal file
View file

Binary file not shown.

BIN
secrets/radicle.pub.age Normal file
View file

Binary file not shown.

BIN
secrets/rekeyed/alvin/4d69517f795180e7624327785e4dc2e0-radiclePrivateKey.age Normal file
View file

Binary file not shown.

BIN
secrets/rekeyed/alvin/7e5c19aa43c8da31e2b8a805c08871d4-victoriametricsPasswordFile.age Normal file
View file

Binary file not shown.

BIN
secrets/rekeyed/alvin/88cd17db4123b6ee80589c9f0b475256-radiclePublicKey.age Normal file
View file

Binary file not shown.

7
secrets/rekeyed/christopher_cobalt/a3984008ff2b9a3226656619c81e4c47-emailPassword.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Sih9FA 6cECI8dFrJxfryE9CMqvln5gtlLeiaperg5rptHx0GI
AsCg77lOWyeKsY5Rjd2OwHq8P5K1LBw3pX6rWqcP3oo
-> P-grease =j@@ @
QP4YAHktdAGUTj1arv43
--- rxF03h8ttUmPO2vx1u/Xuxys4kkGpZINwlsdVHJ1ESg
=õ0j Y¬’\-7•Ž‰QŸ ÿK¨—¨(—u¥z@:pqÑ#'ù£ÁtŽ½+gµó¸6

BIN
secrets/rekeyed/christopher_cobalt/dcb82593014313ac12faa7a33834a1aa-config.age Normal file
View file

Binary file not shown.

BIN
secrets/rekeyed/christopher_cobalt/ed09b6b5d3b63d4794137e3cbdad53c9-config.age
View file

Binary file not shown.

10
secrets/rekeyed/cobalt/744ad1a7e324b40d0805e2ef82d8fc5a-victoriametricsEnvFile.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 /u/eYA uWoNFabVJzmA1L8l124lyvnvAFgsQ9rh/Okags2UrxU
vGenkj0xh5FbxTnS91XEz2qAoILYZS5skYHaadaNIBo
-> F"k"3;+O-grease (5t/PH
zBRuwDmTbpClRyVeC77vgGo4aDE2/KxWdcJK1gXvu60DxzUfyjlF3SjKLGBx4qIp
--- VxGN6ddpUyGJNbtKpOIoo7dZ3Xy1vxX1GA5f3EXef7g
‡ÿ&`j‰•¼˜×àZ<C3A0>»å=s§ Þ¯·8ôéoz´Ò<C2B4>Óçïrˆ–ÌñÎß%*}Ù÷æÇpMuœ` …ÙoK¶«œÐÁ~
l23vË°
9qxÍ—g|žòc:2.ÓN bÕÁ°i‡‡8cdJ*z#<14>°ÊYð[7ƶÇ=¿}{ó<> <0C>g <09>Y`gûçw,*\Ûr/B<>Ü[ ƒ±ðÙ&»

BIN
secrets/ssh/config.age
View file

Binary file not shown.

BIN
secrets/victoria-password.age Normal file
View file

Binary file not shown.

BIN
secrets/victoria.env.age Normal file
View file

Binary file not shown.

52
systems/x86_64-linux/alvin/default.nix Normal file
View file

@ -0,0 +1,52 @@
{...}: {
imports = [
./hardware.nix
./traefik.nix
./radicle.nix
./static.nix
./victoria.nix
./solid.nix
./oxigraph.nix
./matrix.nix
];
elements = {
hostname = "alvin";
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzji6twM8/QdDgFGSUKNmvCm/kEfFMYWZdmgRBbs5Nc";
needs.radiclePrivateKey.rekeyFile = "radicle.age";
needs.radiclePublicKey.rekeyFile = "radicle.pub.age";
needs.victoriametricsPasswordFile.rekeyFile = "victoria-password.age";
};
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking = {
enableIPv6 = true;
firewall = {
enable = true;
allowedTCPPorts = [22 80 443];
};
domain = "contaboserver.net";
defaultGateway = "62.169.24.1";
nameservers = ["8.8.8.8" "8.8.4.4"];
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [
{
address = "62.169.31.37";
prefixLength = 21;
}
];
};
};
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+XpUv6qTqJ7NmYDz9hjvobDBJY9NN3S0TjXD0q2kt2 christopher@cobalt"];
system.stateVersion = "23.11";
}

10
systems/x86_64-linux/alvin/hardware.nix Normal file
View file

@ -0,0 +1,10 @@
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
}

36
systems/x86_64-linux/alvin/matrix.nix Normal file
View file

@ -0,0 +1,36 @@
{
inputs,
pkgs,
...
}: {
services = {
matrix-synapse = {
enable = true;
settings = {
server_name = "aleph.garden";
public_baseurl = "https://matrix.aleph.garden";
listeners = [
{
port = 8008;
type = "http";
x_forwarded = true;
tls = false;
resources = [{names = ["client" "federation"];}];
}
];
};
};
# mautrix-whatsapp.enable = true;
# mautrix-telegram.registerToSynapse = {};
# mautrix-signal.registerToSynapse = {};
# mautrix-discord.enable = true;
traefik.routes.matrix = {
rule = "Host(`matrix.aleph.garden`)";
url = "http://localhost:8008";
};
};
}

38
systems/x86_64-linux/alvin/oxigraph.nix Normal file
View file

@ -0,0 +1,38 @@
{pkgs, ...}: {
# Create dedicated user and group
users.users.oxigraph = {
isSystemUser = true;
group = "oxigraph";
description = "Oxigraph SPARQL database service user";
};
users.groups.oxigraph = {};
# Configure systemd service
systemd.services.oxigraph = {
description = "Oxigraph SPARQL database server";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${pkgs._elements.oxigraph}/bin/oxigraph serve --location /var/lib/oxigraph --bind 127.0.0.1:7878";
Restart = "on-failure";
User = "oxigraph";
Group = "oxigraph";
StateDirectory = "oxigraph";
# Security hardening
NoNewPrivileges = true;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ReadWritePaths = "/var/lib/oxigraph";
};
};
# Configure Traefik route for public access
services.traefik.routes.sparql = {
rule = "Host(`sparql.toph.so`)";
url = "http://localhost:7878";
};
}

68
systems/x86_64-linux/alvin/radicle.nix Normal file
View file

@ -0,0 +1,68 @@
{config, ...}: let
nodeAddress = "seed.toph.so";
radConfig = config.services.radicle;
followed = [
"z6Mkm1WGVW5Zr6Ubn2aJU7S26Knjum3Y3iSC39zJ8EojRkt9" # toph
];
seedRepositories = [
"rad:zBNXLtTqUu9LBZHCPFShAeXnp5Gz" # radicle-ci
"rad:z254T5p17bdFPmzfDojsdjo4HjpoZ" # radicle-infra
];
in {
services = {
radicle = {
enable = true;
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEihs1RjZ52Vcy+NJuFhiRbEp5SfwND3b3oSjD2V0HTG";
privateKeyFile = config.age.secrets.radiclePrivateKey.path;
httpd = {
enable = true;
nginx.serverName = nodeAddress;
};
# Seeding node
node = {
listenAddress = "[::0]";
openFirewall = true;
};
settings = {
preferredSeeds = [
];
node = {
alias = nodeAddress;
# externalAddresses = ["${nodeAddress}:${builtins.toString radConfig.node.listenPort}"];
follow = followed;
seeds = seedRepositories;
seedingPolicy = {
default = "allow";
scope = "all";
};
};
web = {
description = ''
Hi there! I'm toph, a passionate federated and semantic web developer.
This is my main Radicle seed node that I also use to showcase my projects.
I'll try to seed every repo that I actively use for my code that's also
hosted on Radicle.
Be sure to also check out my GitHub at https://github.com/tophcodes.
'';
pinned.repositories = [
"rad:z4VmSKKMbAqbwqsMXWvyvrxTSAZFS"
];
};
};
};
traefik.routes.radicle-seed = {
rule = "Host(`${nodeAddress}`)";
url = "http://localhost:${builtins.toString radConfig.httpd.listenPort}";
};
};
}

83
systems/x86_64-linux/alvin/solid.nix Normal file
View file

@ -0,0 +1,83 @@
{
inputs,
pkgs,
...
}: {
imports = [
inputs.community-solid-server.nixosModules.default
];
services = {
solid-server = {
enable = true;
rootFilePath = "/var/lib/solid";
baseUrl = "https://pod.toph.so";
configFile = pkgs.writeTextFile {
name = "solid.config.json";
text = ''
{
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^7.0.0/components/context.jsonld",
"import": [
"css:config/app/init/initialize-root-pod.json",
"css:config/app/main/default.json",
"css:config/app/variables/default.json",
"css:config/http/handler/default.json",
"css:config/http/middleware/default.json",
"css:config/http/notifications/all.json",
"css:config/http/server-factory/http.json",
"css:config/http/static/default.json",
"css:config/identity/access/public.json",
"css:config/identity/email/default.json",
"css:config/identity/handler/no-accounts-pods.json",
"css:config/identity/oidc/default.json",
"css:config/identity/ownership/token.json",
"css:config/identity/pod/static.json",
"css:config/ldp/authentication/dpop-bearer.json",
"css:config/ldp/authorization/webacl.json",
"css:config/ldp/handler/default.json",
"css:config/ldp/metadata-parser/default.json",
"css:config/ldp/metadata-writer/default.json",
"css:config/ldp/modes/default.json",
"css:config/storage/backend/file.json",
"css:config/storage/key-value/resource-store.json",
"css:config/storage/location/root.json",
"css:config/storage/middleware/default.json",
"css:config/util/auxiliary/acl.json",
"css:config/util/identifiers/suffix.json",
"css:config/util/index/default.json",
"css:config/util/logging/winston.json",
"css:config/util/representation-conversion/default.json",
"css:config/util/resource-locker/file.json",
"css:config/util/variables/default.json"
],
"@graph": [
{
"comment": [
"A Solid server that stores its resources on disk and uses WAC for authorization.",
"A pod will be created in the root with the email/password login defined here.",
"It is advised to immediately change this password after starting the server."
]
},
{
"@id": "urn:solid-server:default:RootPodInitializer",
"@type": "AccountInitializer",
"email": "toki@toph.so",
"password": "ssecretohno!"
}
]
}
'';
};
};
traefik.routes.solid-pod = {
rule = "Host(`pod.toph.so`)";
url = "http://localhost:3000";
};
};
systemd.tmpfiles.rules = [
"d /var/lib/solid - - - - -"
];
}

21
systems/x86_64-linux/alvin/static.nix Normal file
View file

@ -0,0 +1,21 @@
{...}: let
root = "/var/lib/sws";
in {
imports = [
./static/tophso.nix
./static/radicle-explorer.nix
];
services = {
static-web-server = {
enable = true;
listen = "[::]:89";
inherit root;
configuration = {};
};
};
systemd.tmpfiles.rules = [
"d ${root} - - - - -"
];
}

35
systems/x86_64-linux/alvin/static/radicle-explorer.nix Normal file
View file

@ -0,0 +1,35 @@
{pkgs, ...}: let
name = "radicle.toph.so";
explorer = pkgs.radicle-explorer.withConfig {
preferredSeeds = [
{
hostname = "seed.toph.so";
port = 443;
scheme = "https";
}
];
};
in {
services = {
static-web-server.configuration.advanced = {
rewrites = [
{
source = "{**}";
destination = "https://${name}/";
}
];
virtual-hosts = [
{
host = name;
root = explorer;
}
];
};
traefik.routes.radicle = {
rule = "Host(`${name}`)";
url = "http://localhost:89";
};
};
}

34
systems/x86_64-linux/alvin/static/tophso.nix Normal file
View file

@ -0,0 +1,34 @@
{pkgs, ...}: let
name = "toph.so";
tophso = pkgs.writeTextFile {
inherit name;
destination = "/index.html";
text = ''
<!DOCTYPE html>
<html>
<head>
<title>toph.so</title>
<meta charset="utf-8"/>
</head>
<body>
<a rel="me" href="https://mas.to/@padarom">Mastodon</a>
</body>
</html>
'';
};
in {
services = {
static-web-server.configuration.advanced.virtual-hosts = [
{
host = name;
root = tophso;
}
];
traefik.routes.toph = {
rule = "Host(`${name}`)";
url = "http://localhost:89";
};
};
}

32
systems/x86_64-linux/alvin/traefik.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
lib,
...
}: {
services.traefik = {
enable = true;
postmasterEmail = "hosting@muehl.dev";
# routes = {
# staticsite = {
# rule = "Host(`toph.so`)";
# url = "http://localhost:8080";
# };
# solid-pod = {
# rule = "Host(`solid.toph.so`)";
# url = "http://localhost:8096";
# };
# radicle = {
# rule = "Host(`radicle.toph.so`)";
# url = "http://localhost:8097";
# };
# forgejo = {
# rule = "Host(`git.toph.so`)";
# url = "http://localhost:3000";
# };
# };
};
}

16
systems/x86_64-linux/alvin/victoria.nix Normal file
View file

@ -0,0 +1,16 @@
{config, ...}: {
services = {
victoriametrics = {
enable = true;
retentionPeriod = "5y";
basicAuthUsername = "victoria-with-the-secrets";
basicAuthPasswordFile = config.age.secrets.victoriametricsPasswordFile.path;
};
traefik.routes.victoriametrics = {
rule = "Host(`vm.toph.so`)";
url = "http://localhost:8428";
};
};
}

2
systems/x86_64-linux/beryllium/default.nix
View file

@ -47,7 +47,7 @@
};
# Enable privileged ports for rootless pods
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = "0";
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = "53";
environment.systemPackages = with pkgs; [
helix

29
systems/x86_64-linux/cobalt/default.nix
View file

@ -5,12 +5,15 @@
pkgs,
lib,
config,
inputs,
...
}:
with lib._elements; {
imports = [
inputs.flatpak.nixosModules.nix-flatpak
./hardware.nix
./disko.nix
./metrics.nix
];
elements = {
@ -21,6 +24,8 @@ with lib._elements; {
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjqieS4GkYAa1WRYZpxjgYsj7VGZ9U+rTFCkX8M0umD";
needs.victoriametricsEnvFile.rekeyFile = "victoria.env.age";
};
};
@ -84,6 +89,13 @@ with lib._elements; {
services = {
# ovos.enable = true; # message-bus only. remainder in hm
flatpak = {
enable = true;
packages = [
"com.bambulab.BambuStudio"
"im.riot.Riot"
];
};
openssh.enable = true;
openssh.settings.PasswordAuthentication = false;
@ -106,6 +118,20 @@ with lib._elements; {
beszel-agent.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkUPOw28Cu2LMuzfmvjT/L2ToNHcADwGyGvSpJ4wH2T";
elements.ollama.enable = true;
# waka-victoriametrics = {
# enable = true;
# listenAddress = "127.0.0.1:8080";
# victoriametrics.url = "http://localhost:8428/api/v1/write";
# metrics.labels = [
# "project"
# "language"
# "editor"
# "branch"
# "category"
# "operating_system"
# ];
# };
pipewire = {
enable = lib.mkForce true;
alsa.enable = true;
@ -179,6 +205,9 @@ with lib._elements; {
xdg-desktop-portal
xdg-desktop-portal-gtk
];
# Quirky workaround for this not being set in portals for some reason
sessionVariables.MOZ_ENABLE_WAYLAND = "1";
};
users.groups.pico = {};

50
systems/x86_64-linux/cobalt/metrics.nix Normal file
View file

@ -0,0 +1,50 @@
{
inputs,
config,
pkgs,
...
}: {
services = {
telegraf = {
enable = true;
environmentFiles = [
# This defines the VICTORIAMETRICS_PASSWORD environment variable
config.age.secrets.victoriametricsEnvFile.path
];
extraConfig = {
inputs = {
http_response = [
{
urls = ["https://toph.so" "https://aleph.garden" "https://aph.gdn" "https://radicle.toph.so"];
}
];
internet_speed = [
{
interval = "60m";
}
];
};
outputs.influxdb = [
{
urls = ["https://vm.toph.so"];
database = "toph";
username = "victoria-with-the-secrets";
password = "\${VICTORIAMETRICS_PASSWORD}";
skip_database_creation = false;
exclude_retention_policy_tag = true;
content_encoding = "gzip";
}
];
};
};
# traefik.routes.solid-pod = {
# rule = "Host(`pod.toph.so`)";
# url = "http://localhost:3000";
# };
};
# systemd.tmpfiles.rules = [
# "d /var/lib/solid - - - - -"
# ];
}