shahab/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: flake update 04-07-2026

Browse Source
This commit is contained in:
Shahab Dogar
2026-04-07 13:56:05 +05:00
parent 044e1e415e
commit cf4842a5b6
83 changed files with 581 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/common/core/default.nix
View File

@@ -4,7 +4,8 @@
config,
lib,
...
}: {
}:
{
imports = lib.flatten [
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
@@ -50,14 +51,20 @@
auto-optimise-store = true;
warn-dirty = false;
trusted-users = ["@wheel"];
trusted-users = [ "@wheel" ];
substituters = ["https://hyprland.cachix.org" "https://nix.dogar.dev"];
trusted-substituters = ["https://hyprland.cachix.org"];
substituters = [
"https://hyprland.cachix.org"
"https://nix.dogar.dev"
];
trusted-substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
@@ -71,7 +78,7 @@
};
# ========= Sops =========
environment.systemPackages = with pkgs; [sops];
environment.systemPackages = with pkgs; [ sops ];
#
# ========== Localization ==========

5
hosts/common/disks/aamil.nix
View File

@@ -27,7 +27,10 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "filesystem";

33
hosts/common/disks/blueocean.nix
View File

@@ -6,7 +6,8 @@
swapSize,
label,
...
}: {
}:
{
disko = {
devices = {
disk = {
@@ -40,7 +41,10 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "lvm_pv";
@@ -66,15 +70,22 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "btrfs";
extraArgs = ["-L nix -f"];
extraArgs = [ "-L nix -f" ];
subvolumes = {
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
};
};
@@ -99,11 +110,19 @@
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-L" label "-f"];
extraArgs = [
"-L"
label
"-f"
];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=root" "compress=zstd" "noatime"];
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
};
};

32
hosts/common/disks/rihla.nix
View File

@@ -6,7 +6,8 @@
swapSize,
label,
...
}: {
}:
{
disko = {
devices = {
disk = {
@@ -40,7 +41,10 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "lvm_pv";
@@ -67,19 +71,35 @@
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-L" label "-f"];
extraArgs = [
"-L"
label
"-f"
];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=root" "compress=zstd" "noatime"];
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"@persist" = {
mountpoint = config.hostSpec.persist;
mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
};
};

5
hosts/common/optional/1password.nix
View File

@@ -1,9 +1,10 @@
{config, ...}: {
{ config, ... }:
{
programs = {
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [config.hostSpec.username];
polkitPolicyOwners = [ config.hostSpec.username ];
};
};
}

5
hosts/common/optional/claude-code.nix
View File

@@ -1,3 +1,4 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [claude-code];
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ claude-code ];
}

3
hosts/common/optional/dconf.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
programs.dconf.enable = true;
}

9
hosts/common/optional/docker.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
virtualisation = {
docker = {
enable = true;
@@ -11,7 +12,11 @@
};
};
containers = {registries = {search = ["docker.io"];};};
containers = {
registries = {
search = [ "docker.io" ];
};
};
libvirtd = {
enable = true;

5
hosts/common/optional/hoppscotch.nix
View File

@@ -1,3 +1,4 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [hoppscotch];
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ hoppscotch ];
}

6
hosts/common/optional/hyprland.nix
View File

@@ -2,14 +2,16 @@
inputs,
pkgs,
...
}: {
}:
{
programs = {
hyprland = {
enable = true;
xwayland.enable = true;
systemd.setPath.enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
hyprlock.enable = true;

3
hosts/common/optional/nix-ld.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
programs.nix-ld.enable = true;
}

5
hosts/common/optional/secure-boot.nix
View File

@@ -1,3 +1,4 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [sbctl];
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ sbctl ];
}

6
hosts/common/optional/services/audio.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services = {
# Enable sound with pipewire.
pulseaudio.enable = false;
@@ -12,6 +13,5 @@
};
security.rtkit.enable = true;
environment.systemPackages =
builtins.attrValues {inherit (pkgs) pavucontrol;};
environment.systemPackages = builtins.attrValues { inherit (pkgs) pavucontrol; };
}

3
hosts/common/optional/services/bluetooth.nix
View File

@@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
services.blueman.enable = true;
hardware = {
bluetooth.enable = true;

3
hosts/common/optional/services/firmware.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
services.fwupd.enable = true;
}

3
hosts/common/optional/services/greetd.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.greetd = {
enable = true;
settings = {

3
hosts/common/optional/services/k3s.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
k3s_1_35
cifs-utils

6
hosts/common/optional/services/openiscsi.nix
View File

@@ -1,6 +1,8 @@
{config, ...}: let
{ config, ... }:
let
hostName = config.hostSpec.hostName;
in {
in
{
services.openiscsi = {
enable = true;
name = "iqn.2016-04.com.open-iscsi:${hostName}";

10
hosts/common/optional/services/openssh.nix
View File

@@ -1,9 +1,11 @@
{config, ...}: let
{ config, ... }:
let
sshPort = config.hostSpec.networking.ports.tcp.ssh;
in {
in
{
services.openssh = {
enable = true;
ports = [sshPort];
ports = [ sshPort ];
settings = {
PermitRootLogin = "no";
@@ -14,5 +16,5 @@ in {
openFirewall = true;
};
networking.firewall.allowedTCPPorts = [sshPort];
networking.firewall.allowedTCPPorts = [ sshPort ];
}

3
hosts/common/optional/services/printing.nix
View File

@@ -1,4 +1,5 @@
# Reminder that CUPS cpanel defaults to localhost:631
{...}: {
{ ... }:
{
services.printing.enable = true;
}

3
hosts/common/optional/services/smart-card.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
services.pcscd.enable = true;
}

3
hosts/common/optional/services/vpn.nix
View File

@@ -1,4 +1,5 @@
{ pkgs, ...}: {
{ pkgs, ... }:
{
services.netbird.enable = true;
environment.systemPackages = with pkgs; [ netbird-ui ];

3
hosts/common/optional/slack.nix
View File

@@ -1,7 +1,8 @@
{
pkgs,
...
}: {
}:
{
environment.systemPackages = with pkgs; [
slack
];

3
hosts/common/optional/thunderbird.nix
View File

@@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
programs.thunderbird = {
enable = true;
};

5
hosts/common/optional/yubikey.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
# yubikey login / sudo
security.pam = {
u2f = {
@@ -11,5 +12,5 @@
};
};
environment.systemPackages = with pkgs; [yubikey-manager];
environment.systemPackages = with pkgs; [ yubikey-manager ];
}

3
hosts/common/optional/zoom.nix
View File

@@ -1,7 +1,8 @@
{
pkgs,
...
}: {
}:
{
environment.systemPackages = with pkgs; [
zoom-us
];

20
hosts/common/specialisations/gaming.nix
View File

@@ -3,9 +3,11 @@
config,
lib,
...
}: let
}:
let
hostSpec = config.hostSpec;
in {
in
{
specialisation.gaming.configuration = {
programs = {
steam = {
@@ -19,15 +21,19 @@ in {
};
home-manager.users."${hostSpec.username}".imports = lib.flatten [
({config, ...}:
import (lib.custom.relativeToRoot
"home/${hostSpec.username}/specialisations/gaming.nix") {
(
{ config, ... }:
import (lib.custom.relativeToRoot "home/${hostSpec.username}/specialisations/gaming.nix") {
inherit pkgs;
})
}
)
];
powerManagement.cpuFreqGovernor = "performance";
environment.systemPackages = with pkgs; [mangohud protonup-qt];
environment.systemPackages = with pkgs; [
mangohud
protonup-qt
];
};
}

36
hosts/common/users/primary/default.nix
View File

@@ -4,10 +4,12 @@
lib,
inputs,
...
}: let
}:
let
hostSpec = config.hostSpec;
pubKeys = lib.filesystem.listFilesRecursive ./keys;
in {
in
{
users = {
mutableUsers = false;
users.${hostSpec.username} = {
@@ -19,13 +21,18 @@ in {
home = hostSpec.home;
isNormalUser = true;
hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
extraGroups = ["networkmanager" "wheel" "input" "libvirtd" "docker"];
extraGroups = [
"networkmanager"
"wheel"
"input"
"libvirtd"
"docker"
];
# Read all keys in ./keys and add them to authorizedKeys.
openssh.authorizedKeys.keys =
lib.lists.forEach pubKeys (key: builtins.readFile key);
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
packages = with pkgs; [libnotify];
packages = with pkgs; [ libnotify ];
};
};
@@ -35,11 +42,18 @@ in {
hostSpec = config.hostSpec;
};
users.${hostSpec.username}.imports = lib.flatten [
({config, ...}:
import (lib.custom.relativeToRoot
"home/${hostSpec.username}/${hostSpec.hostName}.nix") {
inherit pkgs inputs config lib hostSpec;
})
(
{ config, ... }:
import (lib.custom.relativeToRoot "home/${hostSpec.username}/${hostSpec.hostName}.nix") {
inherit
pkgs
inputs
config
lib
hostSpec
;
}
)
];
};
}