shahab/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: flake update 04-07-2026

Browse Source
This commit is contained in:
Shahab Dogar
2026-04-07 13:56:05 +05:00
parent 044e1e415e
commit cf4842a5b6
83 changed files with 581 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dotfiles/npm/.npmrc
View File

@@ -1 +1 @@
; registry=https://npm.dogar.dev
registry=https://npm.dogar.dev

13
dotfiles/nvim/flake.nix
View File

@@ -10,17 +10,21 @@
};
};
outputs = {
outputs =
{
self,
nixpkgs,
flake-utils,
fenix,
}:
flake-utils.lib.eachDefaultSystem (system: let
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
fenixLib = fenix.packages.${system};
rustToolchain = fenixLib.stable.toolchain;
in {
in
{
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
lua-language-server
@@ -39,5 +43,6 @@
echo "nvim is configured with your local config"
'';
};
});
}
);
}

36
flake.lock generated
View File

@@ -55,11 +55,11 @@
]
},
"locked": {
"lastModified": 1773025010,
"narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=",
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community",
"repo": "disko",
"rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github"
},
"original": {
@@ -172,11 +172,11 @@
]
},
"locked": {
"lastModified": 1772985285,
"narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=",
"lastModified": 1775544097,
"narHash": "sha256-fwI8PbrUT4W+z+J4TAS/D69So/MLan1WZjUsYQpoSvI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85",
"rev": "2bd16b16a77d68a1e14c1b4da725a6590181a706",
"type": "github"
},
"original": {
@@ -260,11 +260,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1774354685,
"narHash": "sha256-GGo4zr9oLGtuZ73He9dlTuODAk2Qv0XOblkdlxBvh9I=",
"lastModified": 1775416789,
"narHash": "sha256-0IELkB6YXCZGqZqLdmOcTw8mki6NNhDmG47y7Qynuj8=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "bbf6718c4fc55867be0db8946918ce03d3879f64",
"rev": "aaa2fc342f002bf4acd965f1ad2ead3796347e35",
"type": "github"
},
"original": {
@@ -550,11 +550,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1772972630,
"narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
"lastModified": 1775490113,
"narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
"rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
"type": "github"
},
"original": {
@@ -597,11 +597,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"lastModified": 1775423009,
"narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"type": "github"
},
"original": {
@@ -701,11 +701,11 @@
]
},
"locked": {
"lastModified": 1772944399,
"narHash": "sha256-xTzsSd3r5HBeufSZ3fszAn0ldfKctvsYG7tT2YJg5gY=",
"lastModified": 1775365543,
"narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c8e69670b316d6788e435a3aa0bda74eb1b82cc0",
"rev": "a4ee2de76efb759fe8d4868c33dec9937897916f",
"type": "github"
},
"original": {

31
flake.nix
View File

@@ -40,7 +40,9 @@
};
};
outputs = {nixpkgs, ...} @ inputs: let
outputs =
{ nixpkgs, ... }@inputs:
let
inherit (nixpkgs) lib;
mkHost = host: {
${host} = nixpkgs.lib.nixosSystem {
@@ -48,26 +50,33 @@
inherit inputs;
# Extend lib with lib.custom
lib = nixpkgs.lib.extend (self: super: {
custom = import ./lib {inherit (nixpkgs) lib;};
});
lib = nixpkgs.lib.extend (
self: super: {
custom = import ./lib { inherit (nixpkgs) lib; };
}
);
};
modules = [./hosts/nixos/${host}];
modules = [ ./hosts/nixos/${host} ];
};
};
mkHostConfigs = hosts:
lib.foldl (acc: set: acc // set) {}
(lib.map (host: mkHost host) hosts);
mkHostConfigs = hosts: lib.foldl (acc: set: acc // set) { } (lib.map (host: mkHost host) hosts);
readHosts = folder: lib.attrNames (builtins.readDir ./hosts/${folder});
in {
in
{
nixosConfigurations = mkHostConfigs (readHosts "nixos");
devShells.x86_64-linux.default = let
devShells.x86_64-linux.default =
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
in
pkgs.mkShell {
buildInputs = with pkgs; [nil lua-language-server kubernetes-helm kubectl];
buildInputs = with pkgs; [
nil
lua-language-server
kubernetes-helm
kubectl
];
};
};
}

9
home/dogar/blueocean.nix
View File

@@ -1,4 +1,5 @@
{config, lib, ...}: {
{ config, lib, ... }:
{
imports = lib.flatten [
#
# ========== Required Configs ==========
@@ -35,9 +36,9 @@
sessionVariables = {
EDITOR = "nvim";
NIXOS_OZONE_WL = "1";
GOPROXY="https://go.dogar.dev,direct";
GOPROXY = "https://go.dogar.dev,direct";
};
file.".npmrc".source = config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc";
file.".npmrc".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc";
};
}

15
home/dogar/common/core/default.nix
View File

@@ -4,9 +4,13 @@
pkgs,
hostSpec,
...
}: {
}:
{
imports = lib.flatten [
(map lib.custom.relativeToRoot ["modules/common" "modules/home-manager"])
(map lib.custom.relativeToRoot [
"modules/common"
"modules/home-manager"
])
];
inherit hostSpec;
@@ -15,7 +19,7 @@
username = lib.mkDefault config.hostSpec.username;
homeDirectory = lib.mkDefault config.hostSpec.home;
stateVersion = lib.mkDefault "25.05";
sessionPath = ["$HOME/.local/bin"];
sessionPath = [ "$HOME/.local/bin" ];
sessionVariables = {
FLAKE = "$HOME/src/nix/nix-config";
SHELL = "zsh";
@@ -27,7 +31,10 @@
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = false;
};
};

7
home/dogar/common/optional/btop.nix
View File

@@ -1,3 +1,6 @@
{...}: {
programs.btop = {enable = true;};
{ ... }:
{
programs.btop = {
enable = true;
};
}

3
home/dogar/common/optional/firefox.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.firefox = {
enable = true;
package = pkgs.firefox.override {

5
home/dogar/common/optional/fonts.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
fonts.fontconfig.enable = true;
home.packages = with pkgs; [nerd-fonts.jetbrains-mono];
home.packages = with pkgs; [ nerd-fonts.jetbrains-mono ];
}

3
home/dogar/common/optional/ghostty.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
programs.ghostty = {
enable = true;

27
home/dogar/common/optional/git.nix
View File

@@ -3,7 +3,8 @@
pkgs,
config,
...
}: {
}:
{
programs.git = {
enable = true;
lfs.enable = true;
@@ -16,15 +17,27 @@
name = config.hostSpec.userFullName;
email = config.hostSpec.email.user;
};
gpg = {format = "ssh";};
gpg = {
format = "ssh";
};
"gpg \"ssh\"" = {
program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
};
commit = {gpgsign = true;};
user = {signingKey = "~/.ssh/id_ed25519.pub";};
pull = {rebase = true;};
init = {defaultBranch = "main";};
lfs = {locksverify = true;};
commit = {
gpgsign = true;
};
user = {
signingKey = "~/.ssh/id_ed25519.pub";
};
pull = {
rebase = true;
};
init = {
defaultBranch = "main";
};
lfs = {
locksverify = true;
};
};
};
}

3
home/dogar/common/optional/hyprland.nix
View File

@@ -3,7 +3,8 @@
lib,
pkgs,
...
}: {
}:
{
home = {
file = {
"${config.xdg.configHome}/hypr/hyprland.conf".source =

3
home/dogar/common/optional/kitty.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
programs.kitty = {
enable = true;

3
home/dogar/common/optional/misc-packages.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = with pkgs; [
awscli2
btop

6
home/dogar/common/optional/nvim.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
programs.neovim = {
enable = true;
defaultEditor = true;
@@ -8,6 +9,5 @@
# Create a symlink from ~/.config/nvim to the dotfiles directory
home.file.".config/nvim".source =
config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
}

8
home/dogar/common/optional/ssh.nix
View File

@@ -1,10 +1,12 @@
{...}: let
{ ... }:
let
onePassPath = "~/.1password/agent.sock";
in {
in
{
programs.ssh = {
enable = true;
enableDefaultConfig = false;
extraConfig = "IdentityAgent ${onePassPath}";
matchBlocks."*" = {};
matchBlocks."*" = { };
};
}

5
home/dogar/common/optional/starship.nix
View File

@@ -1 +1,4 @@
{...}: {programs.starship.enable = true;}
{ ... }:
{
programs.starship.enable = true;
}

8
home/dogar/common/optional/tmux.nix
View File

@@ -3,13 +3,13 @@
lib,
pkgs,
...
}: {
}:
{
home = {
file = {
"${config.xdg.configHome}/tmux".source =
lib.custom.relativeToRoot "dotfiles/tmux";
"${config.xdg.configHome}/tmux".source = lib.custom.relativeToRoot "dotfiles/tmux";
};
packages = with pkgs; [tmux];
packages = with pkgs; [ tmux ];
};
}

3
home/dogar/common/optional/uv.nix
View File

@@ -1,6 +1,7 @@
{
...
}: {
}:
{
programs.uv = {
enable = true;
settings = {

3
home/dogar/common/optional/zsh.nix
View File

@@ -2,7 +2,8 @@
config,
pkgs,
...
}: {
}:
{
home.packages = with pkgs; [
eza
ripgrep

3
home/shahab/aamil-1.nix
View File

@@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
imports = lib.flatten [
#
# ========== Required Configs ==========

3
home/shahab/aamil-2.nix
View File

@@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
imports = lib.flatten [
#
# ========== Required Configs ==========

3
home/shahab/aamil-3.nix
View File

@@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
imports = lib.flatten [
#
# ========== Required Configs ==========

15
home/shahab/common/core/default.nix
View File

@@ -4,9 +4,13 @@
pkgs,
hostSpec,
...
}: {
}:
{
imports = lib.flatten [
(map lib.custom.relativeToRoot ["modules/common" "modules/home-manager"])
(map lib.custom.relativeToRoot [
"modules/common"
"modules/home-manager"
])
];
inherit hostSpec;
@@ -15,7 +19,7 @@
username = lib.mkDefault config.hostSpec.username;
homeDirectory = lib.mkDefault config.hostSpec.home;
stateVersion = lib.mkDefault "25.05";
sessionPath = ["$HOME/.local/bin"];
sessionPath = [ "$HOME/.local/bin" ];
sessionVariables = {
FLAKE = "$HOME/src/nix/nix-config";
SHELL = "zsh";
@@ -27,7 +31,10 @@
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = false;
};
};

7
home/shahab/common/optional/btop.nix
View File

@@ -1,3 +1,6 @@
{...}: {
programs.btop = {enable = true;};
{ ... }:
{
programs.btop = {
enable = true;
};
}

3
home/shahab/common/optional/firefox.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.firefox = {
enable = true;
package = pkgs.firefox.override {

5
home/shahab/common/optional/fonts.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
fonts.fontconfig.enable = true;
home.packages = with pkgs; [nerd-fonts.jetbrains-mono];
home.packages = with pkgs; [ nerd-fonts.jetbrains-mono ];
}

3
home/shahab/common/optional/ghostty.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
programs.ghostty = {
enable = true;

27
home/shahab/common/optional/git.nix
View File

@@ -3,7 +3,8 @@
pkgs,
config,
...
}: {
}:
{
programs.git = {
enable = true;
lfs.enable = true;
@@ -13,15 +14,27 @@
name = config.hostSpec.userFullName;
email = config.hostSpec.email.user;
};
gpg = {format = "ssh";};
gpg = {
format = "ssh";
};
"gpg \"ssh\"" = {
program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
};
commit = {gpgsign = true;};
user = {signingKey = "~/.ssh/id_rihla.pub";};
pull = {rebase = true;};
init = {defaultBranch = "main";};
lfs = {locksverify = true;};
commit = {
gpgsign = true;
};
user = {
signingKey = "~/.ssh/id_rihla.pub";
};
pull = {
rebase = true;
};
init = {
defaultBranch = "main";
};
lfs = {
locksverify = true;
};
};
};
}

5
home/shahab/common/optional/hyprland.nix
View File

@@ -3,7 +3,8 @@
lib,
pkgs,
...
}: {
}:
{
home = {
file = {
"${config.xdg.configHome}/hypr/hyprland.conf".source =
@@ -26,5 +27,5 @@
];
};
services.swww.enable = true;
services.awww.enable = true;
}

3
home/shahab/common/optional/kitty.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
programs.kitty = {
enable = true;

3
home/shahab/common/optional/misc-packages.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = with pkgs; [
btop
discord

6
home/shahab/common/optional/nvim.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
programs.neovim = {
enable = true;
defaultEditor = true;
@@ -8,6 +9,5 @@
# Create a symlink from ~/.config/nvim to the dotfiles directory
home.file."${config.xdg.configHome}/nvim".source =
config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
}

8
home/shahab/common/optional/ssh.nix
View File

@@ -1,10 +1,12 @@
{...}: let
{ ... }:
let
onePassPath = "~/.1password/agent.sock";
in {
in
{
programs.ssh = {
enable = true;
enableDefaultConfig = false;
extraConfig = "IdentityAgent ${onePassPath}";
matchBlocks."*" = {};
matchBlocks."*" = { };
};
}

5
home/shahab/common/optional/starship.nix
View File

@@ -1 +1,4 @@
{...}: {programs.starship.enable = true;}
{ ... }:
{
programs.starship.enable = true;
}

8
home/shahab/common/optional/tmux.nix
View File

@@ -3,13 +3,13 @@
lib,
pkgs,
...
}: {
}:
{
home = {
file = {
"${config.xdg.configHome}/tmux".source =
lib.custom.relativeToRoot "dotfiles/tmux";
"${config.xdg.configHome}/tmux".source = lib.custom.relativeToRoot "dotfiles/tmux";
};
packages = with pkgs; [tmux];
packages = with pkgs; [ tmux ];
};
}

3
home/shahab/common/optional/uv.nix
View File

@@ -1,6 +1,7 @@
{
...
}: {
}:
{
programs.uv = {
enable = true;
settings = {

3
home/shahab/common/optional/zsh.nix
View File

@@ -2,7 +2,8 @@
config,
pkgs,
...
}: {
}:
{
home.packages = with pkgs; [
eza
ripgrep

9
home/shahab/rihla.nix
View File

@@ -1,4 +1,5 @@
{config, lib, ...}: {
{ config, lib, ... }:
{
imports = lib.flatten [
#
# ========== Required Configs ==========
@@ -35,9 +36,9 @@
sessionVariables = {
EDITOR = "nvim";
NIXOS_OZONE_WL = "1";
GOPROXY="https://go.dogar.dev,direct";
GOPROXY = "https://go.dogar.dev,direct";
};
file.".npmrc".source = config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc";
file.".npmrc".source =
config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc";
};
}

3
home/shahab/specialisations/gaming.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = with pkgs; [
prismlauncher
];

19
hosts/common/core/default.nix
View File

@@ -4,7 +4,8 @@
config,
lib,
...
}: {
}:
{
imports = lib.flatten [
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
@@ -50,14 +51,20 @@
auto-optimise-store = true;
warn-dirty = false;
trusted-users = ["@wheel"];
trusted-users = [ "@wheel" ];
substituters = ["https://hyprland.cachix.org" "https://nix.dogar.dev"];
trusted-substituters = ["https://hyprland.cachix.org"];
substituters = [
"https://hyprland.cachix.org"
"https://nix.dogar.dev"
];
trusted-substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
@@ -71,7 +78,7 @@
};
# ========= Sops =========
environment.systemPackages = with pkgs; [sops];
environment.systemPackages = with pkgs; [ sops ];
#
# ========== Localization ==========

5
hosts/common/disks/aamil.nix
View File

@@ -27,7 +27,10 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "filesystem";

33
hosts/common/disks/blueocean.nix
View File

@@ -6,7 +6,8 @@
swapSize,
label,
...
}: {
}:
{
disko = {
devices = {
disk = {
@@ -40,7 +41,10 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "lvm_pv";
@@ -66,15 +70,22 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "btrfs";
extraArgs = ["-L nix -f"];
extraArgs = [ "-L nix -f" ];
subvolumes = {
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
};
};
@@ -99,11 +110,19 @@
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-L" label "-f"];
extraArgs = [
"-L"
label
"-f"
];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=root" "compress=zstd" "noatime"];
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
};
};

32
hosts/common/disks/rihla.nix
View File

@@ -6,7 +6,8 @@
swapSize,
label,
...
}: {
}:
{
disko = {
devices = {
disk = {
@@ -40,7 +41,10 @@
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "lvm_pv";
@@ -67,19 +71,35 @@
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-L" label "-f"];
extraArgs = [
"-L"
label
"-f"
];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=root" "compress=zstd" "noatime"];
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"@persist" = {
mountpoint = config.hostSpec.persist;
mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
};
};

5
hosts/common/optional/1password.nix
View File

@@ -1,9 +1,10 @@
{config, ...}: {
{ config, ... }:
{
programs = {
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [config.hostSpec.username];
polkitPolicyOwners = [ config.hostSpec.username ];
};
};
}

5
hosts/common/optional/claude-code.nix
View File

@@ -1,3 +1,4 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [claude-code];
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ claude-code ];
}

3
hosts/common/optional/dconf.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
programs.dconf.enable = true;
}

9
hosts/common/optional/docker.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
virtualisation = {
docker = {
enable = true;
@@ -11,7 +12,11 @@
};
};
containers = {registries = {search = ["docker.io"];};};
containers = {
registries = {
search = [ "docker.io" ];
};
};
libvirtd = {
enable = true;

5
hosts/common/optional/hoppscotch.nix
View File

@@ -1,3 +1,4 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [hoppscotch];
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ hoppscotch ];
}

6
hosts/common/optional/hyprland.nix
View File

@@ -2,14 +2,16 @@
inputs,
pkgs,
...
}: {
}:
{
programs = {
hyprland = {
enable = true;
xwayland.enable = true;
systemd.setPath.enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
hyprlock.enable = true;

3
hosts/common/optional/nix-ld.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
programs.nix-ld.enable = true;
}

5
hosts/common/optional/secure-boot.nix
View File

@@ -1,3 +1,4 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [sbctl];
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ sbctl ];
}

6
hosts/common/optional/services/audio.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services = {
# Enable sound with pipewire.
pulseaudio.enable = false;
@@ -12,6 +13,5 @@
};
security.rtkit.enable = true;
environment.systemPackages =
builtins.attrValues {inherit (pkgs) pavucontrol;};
environment.systemPackages = builtins.attrValues { inherit (pkgs) pavucontrol; };
}

3
hosts/common/optional/services/bluetooth.nix
View File

@@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
services.blueman.enable = true;
hardware = {
bluetooth.enable = true;

3
hosts/common/optional/services/firmware.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
services.fwupd.enable = true;
}

3
hosts/common/optional/services/greetd.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.greetd = {
enable = true;
settings = {

3
hosts/common/optional/services/k3s.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
k3s_1_35
cifs-utils

6
hosts/common/optional/services/openiscsi.nix
View File

@@ -1,6 +1,8 @@
{config, ...}: let
{ config, ... }:
let
hostName = config.hostSpec.hostName;
in {
in
{
services.openiscsi = {
enable = true;
name = "iqn.2016-04.com.open-iscsi:${hostName}";

10
hosts/common/optional/services/openssh.nix
View File

@@ -1,9 +1,11 @@
{config, ...}: let
{ config, ... }:
let
sshPort = config.hostSpec.networking.ports.tcp.ssh;
in {
in
{
services.openssh = {
enable = true;
ports = [sshPort];
ports = [ sshPort ];
settings = {
PermitRootLogin = "no";
@@ -14,5 +16,5 @@ in {
openFirewall = true;
};
networking.firewall.allowedTCPPorts = [sshPort];
networking.firewall.allowedTCPPorts = [ sshPort ];
}

3
hosts/common/optional/services/printing.nix
View File

@@ -1,4 +1,5 @@
# Reminder that CUPS cpanel defaults to localhost:631
{...}: {
{ ... }:
{
services.printing.enable = true;
}

3
hosts/common/optional/services/smart-card.nix
View File

@@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
services.pcscd.enable = true;
}

3
hosts/common/optional/services/vpn.nix
View File

@@ -1,4 +1,5 @@
{ pkgs, ...}: {
{ pkgs, ... }:
{
services.netbird.enable = true;
environment.systemPackages = with pkgs; [ netbird-ui ];

3
hosts/common/optional/slack.nix
View File

@@ -1,7 +1,8 @@
{
pkgs,
...
}: {
}:
{
environment.systemPackages = with pkgs; [
slack
];

3
hosts/common/optional/thunderbird.nix
View File

@@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
programs.thunderbird = {
enable = true;
};

5
hosts/common/optional/yubikey.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
# yubikey login / sudo
security.pam = {
u2f = {
@@ -11,5 +12,5 @@
};
};
environment.systemPackages = with pkgs; [yubikey-manager];
environment.systemPackages = with pkgs; [ yubikey-manager ];
}

3
hosts/common/optional/zoom.nix
View File

@@ -1,7 +1,8 @@
{
pkgs,
...
}: {
}:
{
environment.systemPackages = with pkgs; [
zoom-us
];

20
hosts/common/specialisations/gaming.nix
View File

@@ -3,9 +3,11 @@
config,
lib,
...
}: let
}:
let
hostSpec = config.hostSpec;
in {
in
{
specialisation.gaming.configuration = {
programs = {
steam = {
@@ -19,15 +21,19 @@ in {
};
home-manager.users."${hostSpec.username}".imports = lib.flatten [
({config, ...}:
import (lib.custom.relativeToRoot
"home/${hostSpec.username}/specialisations/gaming.nix") {
(
{ config, ... }:
import (lib.custom.relativeToRoot "home/${hostSpec.username}/specialisations/gaming.nix") {
inherit pkgs;
})
}
)
];
powerManagement.cpuFreqGovernor = "performance";
environment.systemPackages = with pkgs; [mangohud protonup-qt];
environment.systemPackages = with pkgs; [
mangohud
protonup-qt
];
};
}

36
hosts/common/users/primary/default.nix
View File

@@ -4,10 +4,12 @@
lib,
inputs,
...
}: let
}:
let
hostSpec = config.hostSpec;
pubKeys = lib.filesystem.listFilesRecursive ./keys;
in {
in
{
users = {
mutableUsers = false;
users.${hostSpec.username} = {
@@ -19,13 +21,18 @@ in {
home = hostSpec.home;
isNormalUser = true;
hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
extraGroups = ["networkmanager" "wheel" "input" "libvirtd" "docker"];
extraGroups = [
"networkmanager"
"wheel"
"input"
"libvirtd"
"docker"
];
# Read all keys in ./keys and add them to authorizedKeys.
openssh.authorizedKeys.keys =
lib.lists.forEach pubKeys (key: builtins.readFile key);
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
packages = with pkgs; [libnotify];
packages = with pkgs; [ libnotify ];
};
};
@@ -35,11 +42,18 @@ in {
hostSpec = config.hostSpec;
};
users.${hostSpec.username}.imports = lib.flatten [
({config, ...}:
import (lib.custom.relativeToRoot
"home/${hostSpec.username}/${hostSpec.hostName}.nix") {
inherit pkgs inputs config lib hostSpec;
})
(
{ config, ... }:
import (lib.custom.relativeToRoot "home/${hostSpec.username}/${hostSpec.hostName}.nix") {
inherit
pkgs
inputs
config
lib
hostSpec
;
}
)
];
};
}

20
hosts/nixos/aamil-1/default.nix
View File

@@ -3,9 +3,11 @@
pkgs,
lib,
...
}: let
}:
let
hostName = "aamil-1";
in {
in
{
imports = lib.flatten [
#
# ========= Hardware =========
@@ -21,13 +23,12 @@ in {
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
(map lib.custom.relativeToRoot [ "hosts/common/core" ])
#
# ========= Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
(map (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"k3s"
"openiscsi"
"openssh"
@@ -52,7 +53,10 @@ in {
nix = {
settings = {
require-sigs = false;
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
@@ -74,11 +78,11 @@ in {
security.sudo.extraRules = [
{
users = ["shahab"];
users = [ "shahab" ];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
options = [ "NOPASSWD" ];
}
];
}

19
hosts/nixos/aamil-1/hardware-configuration.nix
View File

@@ -6,8 +6,9 @@
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
@@ -19,11 +20,17 @@
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
availableKernelModules = [
"ahci"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

20
hosts/nixos/aamil-2/default.nix
View File

@@ -3,9 +3,11 @@
pkgs,
lib,
...
}: let
}:
let
hostName = "aamil-2";
in {
in
{
imports = lib.flatten [
#
# ========= Hardware =========
@@ -21,13 +23,12 @@ in {
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
(map lib.custom.relativeToRoot [ "hosts/common/core" ])
#
# ========= Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
(map (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"k3s"
"openiscsi"
"openssh"
@@ -52,7 +53,10 @@ in {
nix = {
settings = {
require-sigs = false;
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
@@ -74,11 +78,11 @@ in {
security.sudo.extraRules = [
{
users = ["shahab"];
users = [ "shahab" ];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
options = [ "NOPASSWD" ];
}
];
}

19
hosts/nixos/aamil-2/hardware-configuration.nix
View File

@@ -6,8 +6,9 @@
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
@@ -19,11 +20,17 @@
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
availableKernelModules = [
"nvme"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

20
hosts/nixos/aamil-3/default.nix
View File

@@ -3,9 +3,11 @@
pkgs,
lib,
...
}: let
}:
let
hostName = "aamil-3";
in {
in
{
imports = lib.flatten [
#
# ========= Hardware =========
@@ -21,13 +23,12 @@ in {
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
(map lib.custom.relativeToRoot [ "hosts/common/core" ])
#
# ========= Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
(map (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"k3s"
"openiscsi"
"openssh"
@@ -52,7 +53,10 @@ in {
nix = {
settings = {
require-sigs = false;
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
@@ -74,11 +78,11 @@ in {
security.sudo.extraRules = [
{
users = ["shahab"];
users = [ "shahab" ];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
options = [ "NOPASSWD" ];
}
];
}

19
hosts/nixos/aamil-3/hardware-configuration.nix
View File

@@ -6,8 +6,9 @@
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
@@ -19,11 +20,17 @@
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
availableKernelModules = [
"nvme"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

12
hosts/nixos/blueocean/default.nix
View File

@@ -3,7 +3,8 @@
lib,
config,
...
}: {
}:
{
imports = lib.flatten [
#
# ========= Hardware =========
@@ -32,7 +33,7 @@
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
(map lib.custom.relativeToRoot [ "hosts/common/core" ])
#
# ========= Optional Configs =========
@@ -54,8 +55,7 @@
#
# ========= Optional Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
(map (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"audio"
"bluetooth"
"firmware"
@@ -74,7 +74,9 @@
hostName = "blueocean";
username = "dogar";
handle = "shadogar";
email = {user = "shahab.dogar@blueocean.ai";};
email = {
user = "shahab.dogar@blueocean.ai";
};
useYubikey = lib.mkForce true;
};

16
hosts/nixos/blueocean/hardware-configuration.nix
View File

@@ -6,8 +6,9 @@
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
@@ -20,12 +21,12 @@
"usb_storage"
"sd_mod"
];
kernelModules = [];
kernelModules = [ ];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Add other target architectures as needed
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -38,8 +39,7 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics = {
enable = true;
};

25
hosts/nixos/rihla/default.nix
View File

@@ -4,7 +4,8 @@
lib,
config,
...
}: {
}:
{
imports = lib.flatten [
#
# ========= Hardware =========
@@ -37,7 +38,7 @@
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
(map lib.custom.relativeToRoot [ "hosts/common/core" ])
#
# ========= Optional Configs =========
@@ -58,8 +59,7 @@
#
# ========= Optional Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
(map (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"audio"
"bluetooth"
"firmware"
@@ -90,7 +90,9 @@
impermanance = false;
username = "shahab";
handle = "shahab96";
email = {user = "shahab@dogar.dev";};
email = {
user = "shahab@dogar.dev";
};
};
networking = {
@@ -108,9 +110,8 @@
efi.canTouchEfiVariables = true;
};
initrd.postResumeCommands =
lib.mkIf config.hostSpec.impermanance
(lib.mkAfter ''
initrd.postResumeCommands = lib.mkIf config.hostSpec.impermanance (
lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/crypt_vg/root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
@@ -133,7 +134,8 @@
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'');
''
);
lanzaboote = {
enable = config.hostSpec.secureBoot;
@@ -143,7 +145,10 @@
security.rtkit.enable = true;
environment.systemPackages = with pkgs; [pciutils bc];
environment.systemPackages = with pkgs; [
pciutils
bc
];
system.stateVersion = "25.05";
}

13
hosts/nixos/rihla/hardware-configuration.nix
View File

@@ -5,8 +5,9 @@
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
@@ -19,12 +20,12 @@
"usb_storage"
"sd_mod"
];
kernelModules = [];
kernelModules = [ ];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Add other target architectures as needed
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

3
lib/default.nix
View File

@@ -1,3 +1,4 @@
{lib, ...}: {
{ lib, ... }:
{
relativeToRoot = lib.path.append ../.;
}

5
modules/common/default.nix
View File

@@ -1,3 +1,4 @@
{...}: {
imports = [./host-spec.nix];
{ ... }:
{
imports = [ ./host-spec.nix ];
}

5
modules/common/host-spec.nix
View File

@@ -3,7 +3,8 @@
config,
lib,
...
}: {
}:
{
options.hostSpec = {
username = lib.mkOption {
type = lib.types.str;
@@ -18,7 +19,7 @@
description = "The email of the user";
};
networking = lib.mkOption {
default = {};
default = { };
type = lib.types.attrsOf lib.types.anything;
description = "An attribute set of networking information";
};

5
modules/home-manager/default.nix
View File

@@ -1,3 +1,4 @@
{...}: {
imports = [./yubikey-touch-detector.nix];
{ ... }:
{
imports = [ ./yubikey-touch-detector.nix ];
}

33
modules/home-manager/yubikey-touch-detector.nix
View File

@@ -4,13 +4,13 @@
pkgs,
...
}:
with lib; let
with lib;
let
cfg = config.services.yubikey-touch-detector;
in {
in
{
options.services.yubikey-touch-detector = {
enable =
mkEnableOption
"a tool to detect when your YubiKey is waiting for a touch";
enable = mkEnableOption "a tool to detect when your YubiKey is waiting for a touch";
package = mkOption {
type = types.package;
@@ -21,12 +21,11 @@ in {
'';
};
socket.enable =
mkEnableOption "starting the process only when the socket is used";
socket.enable = mkEnableOption "starting the process only when the socket is used";
extraArgs = mkOption {
type = types.listOf types.str;
default = ["--libnotify"];
default = [ "--libnotify" ];
defaultText = literalExpression ''[ "--libnotify" ]'';
description = ''
Extra arguments to pass to the tool. The arguments are not escaped.
@@ -35,7 +34,7 @@ in {
};
config = mkIf cfg.enable {
home.packages = [cfg.package];
home.packages = [ cfg.package ];
# Service description licensed under ISC
# See https://github.com/maximbaz/yubikey-touch-detector/blob/c9fdff7163361d6323e2de0449026710cacbc08a/LICENSE
@@ -47,27 +46,23 @@ in {
RemoveOnStop = true;
SocketMode = "0660";
};
Install.WantedBy = ["sockets.target"];
Install.WantedBy = [ "sockets.target" ];
};
# Same license thing for the description here
systemd.user.services.yubikey-touch-detector = {
Unit = {
Description = "Detects when your YubiKey is waiting for a touch";
Requires =
optionals cfg.socket.enable ["yubikey-touch-detector.socket"];
Requires = optionals cfg.socket.enable [ "yubikey-touch-detector.socket" ];
};
Service = {
ExecStart = "${cfg.package}/bin/yubikey-touch-detector ${
concatStringsSep " " cfg.extraArgs
}";
Environment = ["PATH=${lib.makeBinPath [pkgs.gnupg]}"];
ExecStart = "${cfg.package}/bin/yubikey-touch-detector ${concatStringsSep " " cfg.extraArgs}";
Environment = [ "PATH=${lib.makeBinPath [ pkgs.gnupg ]}" ];
Restart = "on-failure";
RestartSec = "1sec";
};
Install.Also =
optionals cfg.socket.enable ["yubikey-touch-detector.socket"];
Install.WantedBy = ["default.target"];
Install.Also = optionals cfg.socket.enable [ "yubikey-touch-detector.socket" ];
Install.WantedBy = [ "default.target" ];
};
};
}