shahab/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shahab:3a66870244270f313ba245a390c91f1ce95ad124
Branches Tags
shahab:main
...
compare: shahab:main
Branches Tags
shahab:main

16 Commits
3a66870244 ... main

Author SHA1 Message Date
Shahab Dogar
1ad2c6ea8e chore: flake update 12-2025 2025-12-04 17:17:02 +05:00
Shahab Dogar
0aabbf26c6 feat: add netbird vpn 2025-12-04 16:10:07 +05:00
Shahab Dogar
99693f7e69 feat: configure npm to use npm.dogar.dev 2025-11-29 12:46:36 +05:00
Shahab Dogar
45c7c99911 feat: configure uv to use pip.dogar.dev for pypi cache 2025-11-17 10:31:19 +05:00
Shahab Dogar
afdcce8b76 fix: uninstall protonvpn-gui as it fails its own tests 2025-11-16 05:03:00 +05:00
Shahab Dogar
02e35e70f0 chore: flake update 11-15-2025 2025-11-16 05:02:39 +05:00
Shahab Dogar
d0a3c434bb chore: formatter 2025-11-15 13:26:17 +05:00
Shahab Dogar
03b72ee856 feat: enable docker multiplatform builds 2025-11-02 08:29:11 +05:00
Shahab Dogar
5524baa28d feat: add yq and jq to misc home packages 2025-10-15 12:40:12 +05:00
Shahab Dogar
8f8b370e47 fix: update hyprland config, remove amdvlk 2025-10-04 10:23:03 +05:00
Shahab Dogar
77050a34c6 chore: monthly flake update 2025-10-04 10:09:58 +05:00
Shahab Dogar
307b866cc6 chore: run formatter 2025-09-27 22:27:55 +05:00
Shahab Dogar
23ddc84bfc feat: make all hyprland config files symlinks 2025-09-27 22:27:50 +05:00
Shahab Dogar
63a06ca3ec feat: only keep the previous 5 generations bootable 2025-09-27 12:39:07 +05:00
Shahab Dogar
ca47e15309 chore: switch to kitty for terminal 2025-09-13 12:53:56 +05:00
Shahab Dogar
c923c80cbf sec: harden ssh config 2025-09-04 20:21:18 +05:00
66 changed files with 1022 additions and 418 deletions
Expand all files Collapse all files

7
dotfiles/hypr/hyprland.conf
View File

@@ -25,7 +25,7 @@ monitor=,preferred,auto,auto
# See https://wiki.hyprland.org/Configuring/Keywords/ # See https://wiki.hyprland.org/Configuring/Keywords/
# Set programs that you use # Set programs that you use
$terminal = ghostty $terminal = kitty
$fileManager = dolphin $fileManager = dolphin
$menu = wofi --show drun $menu = wofi --show drun
@@ -186,11 +186,6 @@ input {
} }
} }
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures {
workspace_swipe = false
}
# Example per-device config # Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more # See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
device { device {

1
dotfiles/npm/.npmrc Normal file
View File

@@ -0,0 +1 @@
; registry=https://npm.dogar.dev

13
dotfiles/nvim/flake.nix
View File

@@ -10,14 +10,17 @@
}; };
}; };
outputs = { self, nixpkgs, flake-utils, fenix }: outputs = {
flake-utils.lib.eachDefaultSystem (system: self,
let nixpkgs,
flake-utils,
fenix,
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
fenixLib = fenix.packages.${system}; fenixLib = fenix.packages.${system};
rustToolchain = fenixLib.stable.toolchain; rustToolchain = fenixLib.stable.toolchain;
in in {
{
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
lua-language-server lua-language-server

264
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755946532, "lastModified": 1764370710,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=", "narHash": "sha256-7iZklFmziy6Vn5ZFy9mvTSuFopp3kJNuPxL5QAvtmFQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada", "rev": "561ae7fbe1ca15dfd908262ec815bf21a13eef63",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -55,11 +55,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756733629, "lastModified": 1764627417,
"narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -71,11 +71,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1761588595,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -172,11 +172,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756903364, "lastModified": 1764839789,
"narHash": "sha256-vZh/YH2D7oDFek10r0TbGn3qJrqGv69sSP+oF8PFDqQ=", "narHash": "sha256-QCgaXEj8036JlfyVM2e5fgKIxoF7IgGRcAi8LkehKvo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6159629d05a0e92bb7fb7211e74106ae1d552401", "rev": "d441981b200305ebb8e2e2921395f51d207fded6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -230,11 +230,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755678602, "lastModified": 1763733840,
"narHash": "sha256-uEC5O/NIUNs1zmc1aH1+G3GRACbODjk2iS0ET5hXtuk=", "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "157cc52065a104fc3b8fa542ae648b992421d1c7", "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -248,8 +248,8 @@
"aquamarine": "aquamarine", "aquamarine": "aquamarine",
"hyprcursor": "hyprcursor", "hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics", "hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols", "hyprland-protocols": "hyprland-protocols",
"hyprland-qtutils": "hyprland-qtutils",
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
@@ -259,11 +259,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1756811803, "lastModified": 1764801806,
"narHash": "sha256-03zmDvAU+VLPWHv5uxfGVR6bs/SnCYeZ8hbedK/Eb/M=", "narHash": "sha256-AlEo8j1V9S20PJd23DXqR/tjwtUjxMcn87Euei9zFeA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "127aab815908ecbd3db4d23f127d2e96b79855f9", "rev": "9b1891e4765e2c5b84c8c61725e3973ca9940e05",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -272,6 +272,52 @@
"type": "github" "type": "github"
} }
}, },
"hyprland-guiutils": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1764616927,
"narHash": "sha256-wRT0MKkpPo11ijSX3KeMN+EQWnpSeUlRtyF3pFLtlRU=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "25cedbfdc5b3ea391d8307c9a5bea315e5df3c52",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": { "hyprland-protocols": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -284,11 +330,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749046714, "lastModified": 1759610243,
"narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -297,74 +343,6 @@
"type": "github" "type": "github"
} }
}, },
"hyprland-qt-support": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprland-qtutils",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"hyprland-qtutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-qtutils",
"systems"
]
},
"locked": {
"lastModified": 1749154592,
"narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=",
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"type": "github"
}
},
"hyprland-qtutils": {
"inputs": {
"hyprland-qt-support": "hyprland-qt-support",
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-qtutils",
"hyprlang",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1753819801,
"narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"type": "github"
}
},
"hyprlang": { "hyprlang": {
"inputs": { "inputs": {
"hyprutils": [ "hyprutils": [
@@ -381,11 +359,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753622892, "lastModified": 1764612430,
"narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=", "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809", "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -394,6 +372,58 @@
"type": "github" "type": "github"
} }
}, },
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprland-guiutils",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1764592794,
"narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": { "hyprutils": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -406,11 +436,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756117388, "lastModified": 1764637132,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=", "narHash": "sha256-vSyiKCzSY48kA3v39GFu6qgRfigjKCU/9k1KTK475gg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0", "rev": "2f2413801beee37303913fc3c964bbe92252a963",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -431,11 +461,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755184602, "lastModified": 1763640274,
"narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=", "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d", "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -490,11 +520,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1756750488, "lastModified": 1764440730,
"narHash": "sha256-e4ZAu2sjOtGpvbdS5zo+Va5FUUkAnizl4wb0/JlIL2I=", "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "47eb4856cfd01eaeaa7bb5944a0f27db8fb9b94a", "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -505,11 +535,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1756266583, "lastModified": 1764517877,
"narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=", "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2", "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -537,11 +567,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1756787288, "lastModified": 1764667669,
"narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "rev": "418468ac9527e799809c900eda37cbff999199b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -561,11 +591,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755960406, "lastModified": 1763988335,
"narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -641,11 +671,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754988908, "lastModified": 1764483358,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -697,11 +727,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755354946, "lastModified": 1761431178,
"narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=", "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0", "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
"type": "github" "type": "github"
}, },
"original": { "original": {

16
flake.nix
View File

@@ -40,8 +40,7 @@
}; };
}; };
outputs = { nixpkgs, ... }@inputs: outputs = {nixpkgs, ...} @ inputs: let
let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
mkHost = host: { mkHost = host: {
${host} = nixpkgs.lib.nixosSystem { ${host} = nixpkgs.lib.nixosSystem {
@@ -50,24 +49,25 @@
# Extend lib with lib.custom # Extend lib with lib.custom
lib = nixpkgs.lib.extend (self: super: { lib = nixpkgs.lib.extend (self: super: {
custom = import ./lib { inherit (nixpkgs) lib; }; custom = import ./lib {inherit (nixpkgs) lib;};
}); });
}; };
modules = [ ./hosts/nixos/${host} ]; modules = [./hosts/nixos/${host}];
}; };
}; };
mkHostConfigs = hosts: mkHostConfigs = hosts:
lib.foldl (acc: set: acc // set) { } lib.foldl (acc: set: acc // set) {}
(lib.map (host: mkHost host) hosts); (lib.map (host: mkHost host) hosts);
readHosts = folder: lib.attrNames (builtins.readDir ./hosts/${folder}); readHosts = folder: lib.attrNames (builtins.readDir ./hosts/${folder});
in { in {
nixosConfigurations = mkHostConfigs (readHosts "nixos"); nixosConfigurations = mkHostConfigs (readHosts "nixos");
devShell.x86_64-linux = let devShells.x86_64-linux.default = let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
in pkgs.mkShell { in
buildInputs = with pkgs; [ nil lua-language-server ]; pkgs.mkShell {
buildInputs = with pkgs; [nil lua-language-server kubernetes-helm kubectl];
}; };
}; };
} }

27
home/shahab/aamil-1.nix Normal file
View File

@@ -0,0 +1,27 @@
{lib, ...}: {
imports = lib.flatten [
#
# ========== Required Configs ==========
#
./common/core
#
# ========== Host-specific Optional Configs ==========
#
(map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
"btop"
"nvim"
"starship"
"tmux"
"zsh"
])
];
home = {
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
stateVersion = "25.05";
sessionVariables = {
EDITOR = "nvim";
};
};
}

27
home/shahab/aamil-2.nix Normal file
View File

@@ -0,0 +1,27 @@
{lib, ...}: {
imports = lib.flatten [
#
# ========== Required Configs ==========
#
./common/core
#
# ========== Host-specific Optional Configs ==========
#
(map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
"btop"
"nvim"
"starship"
"tmux"
"zsh"
])
];
home = {
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
stateVersion = "25.05";
sessionVariables = {
EDITOR = "nvim";
};
};
}

27
home/shahab/aamil-3.nix Normal file
View File

@@ -0,0 +1,27 @@
{lib, ...}: {
imports = lib.flatten [
#
# ========== Required Configs ==========
#
./common/core
#
# ========== Host-specific Optional Configs ==========
#
(map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
"btop"
"nvim"
"starship"
"tmux"
"zsh"
])
];
home = {
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
stateVersion = "25.05";
sessionVariables = {
EDITOR = "nvim";
};
};
}

45
home/shahab/common/core/default.nix
View File

@@ -1,11 +1,12 @@
{ config, lib, pkgs, hostSpec, ... }: { {
config,
lib,
pkgs,
hostSpec,
...
}: {
imports = lib.flatten [ imports = lib.flatten [
(map lib.custom.relativeToRoot [ "modules/common" "modules/home-manager" ]) (map lib.custom.relativeToRoot ["modules/common" "modules/home-manager"])
./ghostty.nix
./direnv.nix
./git.nix
./fonts.nix
]; ];
inherit hostSpec; inherit hostSpec;
@@ -14,7 +15,7 @@
username = lib.mkDefault config.hostSpec.username; username = lib.mkDefault config.hostSpec.username;
homeDirectory = lib.mkDefault config.hostSpec.home; homeDirectory = lib.mkDefault config.hostSpec.home;
stateVersion = lib.mkDefault "25.05"; stateVersion = lib.mkDefault "25.05";
sessionPath = [ "$HOME/.local/bin" ]; sessionPath = ["$HOME/.local/bin"];
sessionVariables = { sessionVariables = {
FLAKE = "$HOME/src/nix/nix-config"; FLAKE = "$HOME/src/nix/nix-config";
SHELL = "zsh"; SHELL = "zsh";
@@ -23,36 +24,10 @@
}; };
}; };
home.packages = with pkgs; [
nh
btop
eza
ripgrep
rm-improved
dust
zoxide
xcp
unzip
tmux
gcc
zig
gparted
gnupg
dig
bash
kdePackages.dolphin
font-awesome
tree
wl-clipboard-rs
brightnessctl
age
nerd-fonts.jetbrains-mono
];
nix = { nix = {
package = lib.mkDefault pkgs.nix; package = lib.mkDefault pkgs.nix;
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = ["nix-command" "flakes"];
warn-dirty = false; warn-dirty = false;
}; };
}; };

4
home/shahab/common/core/fonts.nix
View File

@@ -1,4 +0,0 @@
{ pkgs, ... }: {
fonts.fontconfig.enable = true;
home.packages = with pkgs; [ nerd-fonts.jetbrains-mono ];
}

21
home/shahab/common/core/git.nix
View File

@@ -1,21 +0,0 @@
{ lib, pkgs, config, ... }: {
programs.git = {
package = pkgs.gitAndTools.gitFull;
enable = true;
userName = config.hostSpec.userFullName;
userEmail = config.hostSpec.email.user;
lfs.enable = true;
extraConfig = {
gpg = { format = "ssh"; };
"gpg \"ssh\"" = {
program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
};
commit = { gpgsign = true; };
user = { signingKey = "~/.ssh/id_rihla.pub"; };
pull = { rebase = true; };
init = { defaultBranch = "main"; };
lfs = { locksverify = true; };
};
};
}

6
home/shahab/common/optional/btop.nix
View File

@@ -1,5 +1,3 @@
{ ... }: {...}: {
programs.btop = {enable = true;};
{
programs.btop = { enable = true; };
} }

0
home/shahab/common/core/direnv.nix → home/shahab/common/optional/direnv.nix
View File

2
home/shahab/common/optional/firefox.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { {pkgs, ...}: {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox.override { package = pkgs.firefox.override {

4
home/shahab/common/optional/fonts.nix Normal file
View File

@@ -0,0 +1,4 @@
{pkgs, ...}: {
fonts.fontconfig.enable = true;
home.packages = with pkgs; [nerd-fonts.jetbrains-mono];
}

7
home/shahab/common/core/ghostty.nix → home/shahab/common/optional/ghostty.nix
View File

@@ -1,9 +1,4 @@
{ {config, ...}: {
config,
...
}:
{
programs.ghostty = { programs.ghostty = {
enable = true; enable = true;

27
home/shahab/common/optional/git.nix Normal file
View File

@@ -0,0 +1,27 @@
{
lib,
pkgs,
config,
...
}: {
programs.git = {
enable = true;
lfs.enable = true;
settings = {
user = {
name = config.hostSpec.userFullName;
email = config.hostSpec.email.user;
};
gpg = {format = "ssh";};
"gpg \"ssh\"" = {
program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
};
commit = {gpgsign = true;};
user = {signingKey = "~/.ssh/id_rihla.pub";};
pull = {rebase = true;};
init = {defaultBranch = "main";};
lfs = {locksverify = true;};
};
};
}

21
home/shahab/common/optional/hyprland.nix
View File

@@ -1,16 +1,23 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
home = { home = {
file = { file = {
"${config.xdg.configHome}/hypr".source = "${config.xdg.configHome}/hypr/hyprland.conf".source =
lib.custom.relativeToRoot "dotfiles/hypr"; config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprland.conf"}";
"${config.xdg.configHome}/hypr/hypridle.conf".source =
config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hypridle.conf"}";
"${config.xdg.configHome}/hypr/hyprlock.conf".source =
config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprlock.conf"}";
"${config.xdg.configHome}/waybar".source = "${config.xdg.configHome}/waybar".source =
lib.custom.relativeToRoot "dotfiles/waybar"; config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/waybar"}";
"${config.xdg.configHome}/wofi".source = "${config.xdg.configHome}/wofi".source =
lib.custom.relativeToRoot "dotfiles/wofi"; config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/wofi"}";
"${config.xdg.configHome}/mako".source = "${config.xdg.configHome}/mako".source =
lib.custom.relativeToRoot "dotfiles/mako"; config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/mako"}";
}; };
packages = with pkgs; [ packages = with pkgs; [

14
home/shahab/common/optional/kitty.nix Normal file
View File

@@ -0,0 +1,14 @@
{config, ...}: {
programs.kitty = {
enable = true;
shellIntegration.enableZshIntegration = true;
settings = {
font = config.hostSpec.font;
shell = "tmux";
font-size = 16.0;
active_border_color = "#44ffff";
single_window_margin_width = 0;
};
};
}

25
home/shahab/common/optional/misc-packages.nix
View File

@@ -1,18 +1,35 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
btop
zoxide
unzip
tmux
gcc
zig
gparted
gnupg
dig
bash
kdePackages.dolphin
font-awesome
tree
wl-clipboard-rs
brightnessctl
age
nerd-fonts.jetbrains-mono
lazygit lazygit
gh gh
dbeaver-bin dbeaver-bin
cloudflare-warp cloudflare-warp
protonmail-desktop protonmail-desktop
protonvpn-gui rpi-imager
kubectl kubectl
k9s k9s
postgresql_17 postgresql_17
kitty kitty
waybar waybar
obsidian obsidian
yq
jq
]; ];
} }

7
home/shahab/common/optional/nvim.nix
View File

@@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
programs.neovim = { programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
@@ -9,6 +7,7 @@
}; };
# Create a symlink from ~/.config/nvim to the dotfiles directory # Create a symlink from ~/.config/nvim to the dotfiles directory
home.file.".config/nvim".source = config.lib.file.mkOutOfStoreSymlink home.file.".config/nvim".source =
config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/git/nix-config/dotfiles/nvim"; "${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
} }

4
home/shahab/common/optional/ssh.nix
View File

@@ -1,5 +1,5 @@
{ ... }: {...}: let
let onePassPath = "~/.1password/agent.sock"; onePassPath = "~/.1password/agent.sock";
in { in {
programs.ssh = { programs.ssh = {
enable = true; enable = true;

2
home/shahab/common/optional/starship.nix
View File

@@ -1 +1 @@
{ ... }: { programs.starship.enable = true; } {...}: {programs.starship.enable = true;}

9
home/shahab/common/optional/tmux.nix
View File

@@ -1,12 +1,15 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
home = { home = {
file = { file = {
"${config.xdg.configHome}/tmux".source = "${config.xdg.configHome}/tmux".source =
lib.custom.relativeToRoot "dotfiles/tmux"; lib.custom.relativeToRoot "dotfiles/tmux";
}; };
packages = with pkgs; [ tmux ]; packages = with pkgs; [tmux];
}; };
} }

10
home/shahab/common/optional/uv.nix Normal file
View File

@@ -0,0 +1,10 @@
{
...
}: {
programs.uv = {
enable = true;
settings = {
pip.index-url = "https://pip.dogar.dev";
};
};
}

16
home/shahab/common/optional/zsh.nix
View File

@@ -1,4 +1,18 @@
{ config, ... }: { {
config,
pkgs,
...
}: {
home.packages = with pkgs; [
eza
ripgrep
rm-improved
dust
xcp
nh
zoxide
];
programs.zsh = { programs.zsh = {
enable = true; enable = true;
enableCompletion = true; enableCompletion = true;

10
home/shahab/rihla.nix
View File

@@ -1,4 +1,4 @@
{ lib, ... }: { {config, lib, ...}: {
imports = lib.flatten [ imports = lib.flatten [
# #
# ========== Required Configs ========== # ========== Required Configs ==========
@@ -10,13 +10,19 @@
# #
(map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [ (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
"btop" "btop"
"direnv"
"firefox" "firefox"
"fonts"
"ghostty"
"git"
"hyprland" "hyprland"
"kitty"
"misc-packages" "misc-packages"
"nvim" "nvim"
"ssh" "ssh"
"starship" "starship"
"tmux" "tmux"
"uv"
"zsh" "zsh"
]) ])
]; ];
@@ -30,5 +36,7 @@
EDITOR = "nvim"; EDITOR = "nvim";
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";
}; };
file.".npmrc".source = config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc";
}; };
} }

8
home/shahab/specialisations/gaming.nix
View File

@@ -1,12 +1,6 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
discord discord
protonmail-desktop
protonvpn-gui
kitty
waybar
prismlauncher prismlauncher
]; ];
} }

19
hosts/common/core/default.nix
View File

@@ -1,6 +1,10 @@
{ pkgs, inputs, config, lib, ... }:
{ {
pkgs,
inputs,
config,
lib,
...
}: {
imports = lib.flatten [ imports = lib.flatten [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
@@ -14,9 +18,8 @@
hostSpec = { hostSpec = {
username = "shahab"; username = "shahab";
handle = "shahab96"; handle = "shahab96";
email = { user = "shahab@dogar.dev"; }; email = {user = "shahab@dogar.dev";};
userFullName = "Shahab Dogar"; userFullName = "Shahab Dogar";
domain = "rihla";
networking.ports.tcp.ssh = 22; networking.ports.tcp.ssh = 22;
}; };
@@ -50,13 +53,13 @@
auto-optimise-store = true; auto-optimise-store = true;
warn-dirty = false; warn-dirty = false;
trusted-users = [ "@wheel" ]; trusted-users = ["@wheel"];
substituters = [ "https://hyprland.cachix.org" ]; substituters = ["https://hyprland.cachix.org" "https://nix.dogar.dev"];
trusted-public-keys = [ trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
]; ];
experimental-features = [ "nix-command" "flakes" ]; experimental-features = ["nix-command" "flakes"];
}; };
}; };
@@ -70,7 +73,7 @@
}; };
# ========= Sops ========= # ========= Sops =========
environment.systemPackages = with pkgs; [ sops ]; environment.systemPackages = with pkgs; [sops];
# #
# ========== Localization ========== # ========== Localization ==========

44
hosts/common/disks/aamil.nix Normal file
View File

@@ -0,0 +1,44 @@
{
disko.devices = {
disk = {
vdb = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "128M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
content = {
name = "crypted";
type = "luks";
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
};
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

22
hosts/common/disks/rihla.nix
View File

@@ -1,6 +1,12 @@
{ lib, config, device, withSwap, swapSize, label, ... }:
{ {
lib,
config,
device,
withSwap,
swapSize,
label,
...
}: {
disko = { disko = {
devices = { devices = {
disk = { disk = {
@@ -34,8 +40,7 @@
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
settings = { settings = {
allowDiscards = true; allowDiscards = true;
crypttabExtraOpts = crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
[ "fido2-device=auto" "token-timeout=10" ];
}; };
content = { content = {
type = "lvm_pv"; type = "lvm_pv";
@@ -62,20 +67,19 @@
size = "100%"; size = "100%";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [ "-L" label "-f" ]; extraArgs = ["-L" label "-f"];
subvolumes = { subvolumes = {
"@root" = { "@root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "subvol=root" "compress=zstd" "noatime" ]; mountOptions = ["subvol=root" "compress=zstd" "noatime"];
}; };
"@persist" = { "@persist" = {
mountpoint = config.hostSpec.persist; mountpoint = config.hostSpec.persist;
mountOptions = mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
[ "subvol=persist" "compress=zstd" "noatime" ];
}; };
"@nix" = { "@nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ]; mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
}; };
}; };
}; };

6
hosts/common/optional/1password.nix
View File

@@ -1,11 +1,9 @@
{ config, ... }: {config, ...}: {
{
programs = { programs = {
_1password.enable = true; _1password.enable = true;
_1password-gui = { _1password-gui = {
enable = true; enable = true;
polkitPolicyOwners = [ config.hostSpec.username ]; polkitPolicyOwners = [config.hostSpec.username];
}; };
}; };
} }

6
hosts/common/optional/claude-code.nix
View File

@@ -1,5 +1,3 @@
{ pkgs, ... }: {pkgs, ...}: {
environment.systemPackages = with pkgs; [claude-code];
{
environment.systemPackages = with pkgs; [ claude-code ];
} }

4
hosts/common/optional/dconf.nix
View File

@@ -1,5 +1,3 @@
{ ... }: {...}: {
{
programs.dconf.enable = true; programs.dconf.enable = true;
} }

25
hosts/common/optional/docker.nix
View File

@@ -1,27 +1,22 @@
{ pkgs, ... }: { {pkgs, ...}: {
virtualisation = { virtualisation = {
podman = { docker = {
enable = true; enable = true;
dockerSocket.enable = true; daemon = {
dockerCompat = true; settings = {
features = {
autoPrune = { containerd-snapshotter = true;
enable = true; };
dates = "weekly"; };
}; };
}; };
containers = { registries = { search = [ "docker.io" ]; }; }; containers = {registries = {search = ["docker.io"];};};
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu = { qemu = {
swtpm.enable = true; swtpm.enable = true;
ovmf = {
enable = true;
packages = with pkgs; [ OVMFFull.fd ];
};
}; };
}; };
@@ -34,7 +29,7 @@
spice spice
spice-gtk spice-gtk
spice-protocol spice-protocol
win-virtio virtio-win
win-spice win-spice
]; ];
} }

6
hosts/common/optional/hoppscotch.nix
View File

@@ -1,5 +1,3 @@
{ pkgs, ... }: {pkgs, ...}: {
environment.systemPackages = with pkgs; [hoppscotch];
{
environment.systemPackages = with pkgs; [ hoppscotch ];
} }

6
hosts/common/optional/hyprland.nix
View File

@@ -1,6 +1,8 @@
{ inputs, pkgs, ... }:
{ {
inputs,
pkgs,
...
}: {
programs.hyprland = { programs.hyprland = {
enable = true; enable = true;
package = package =

4
hosts/common/optional/nix-ld.nix
View File

@@ -1,5 +1,3 @@
{ ... }: {...}: {
{
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
} }

6
hosts/common/optional/secure-boot.nix
View File

@@ -1,5 +1,3 @@
{ pkgs, ... }: {pkgs, ...}: {
environment.systemPackages = with pkgs; [sbctl];
{
environment.systemPackages = with pkgs; [ sbctl ];
} }

6
hosts/common/optional/services/audio.nix
View File

@@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
services = { services = {
# Enable sound with pipewire. # Enable sound with pipewire.
pulseaudio.enable = false; pulseaudio.enable = false;
@@ -15,5 +13,5 @@
security.rtkit.enable = true; security.rtkit.enable = true;
environment.systemPackages = environment.systemPackages =
builtins.attrValues { inherit (pkgs) pavucontrol; }; builtins.attrValues {inherit (pkgs) pavucontrol;};
} }

4
hosts/common/optional/services/bluetooth.nix
View File

@@ -1,6 +1,4 @@
{ ... }: {...}: {
{
services.blueman.enable = true; services.blueman.enable = true;
hardware = { hardware = {
bluetooth.enable = true; bluetooth.enable = true;

4
hosts/common/optional/services/firmware.nix
View File

@@ -1,5 +1,3 @@
{ ... }: {...}: {
{
services.fwupd.enable = true; services.fwupd.enable = true;
} }

7
hosts/common/optional/services/greetd.nix
View File

@@ -1,12 +1,9 @@
{ pkgs, ... }: {pkgs, ...}: {
{
services.greetd = { services.greetd = {
enable = true; enable = true;
settings = { settings = {
default_session = { default_session = {
command = command = "${pkgs.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
"${pkgs.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
user = "greeter"; user = "greeter";
}; };
}; };

15
hosts/common/optional/services/k3s.nix Normal file
View File

@@ -0,0 +1,15 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
k3s
cifs-utils
nfs-utils
];
services.k3s = {
enable = true;
role = "agent";
# Add this before running
token = "";
serverAddr = "https://rashid:6443";
};
}

8
hosts/common/optional/services/openiscsi.nix Normal file
View File

@@ -0,0 +1,8 @@
{config, ...}: let
hostName = config.hostSpec.hostName;
in {
services.openiscsi = {
enable = true;
name = "iqn.2016-04.com.open-iscsi:${hostName}";
};
}

16
hosts/common/optional/services/openssh.nix
View File

@@ -1,10 +1,18 @@
{ config, ... }: {config, ...}: let
let sshPort = config.hostSpec.networking.ports.tcp.ssh; sshPort = config.hostSpec.networking.ports.tcp.ssh;
in { in {
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ sshPort ]; ports = [sshPort];
settings = {
PermitRootLogin = "no";
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
}; };
networking.firewall.allowedTCPPorts = [ sshPort ]; openFirewall = true;
};
networking.firewall.allowedTCPPorts = [sshPort];
} }

4
hosts/common/optional/services/printing.nix
View File

@@ -1,6 +1,4 @@
# Reminder that CUPS cpanel defaults to localhost:631 # Reminder that CUPS cpanel defaults to localhost:631
{ ... }: {...}: {
{
services.printing.enable = true; services.printing.enable = true;
} }

4
hosts/common/optional/services/smart-card.nix
View File

@@ -1,5 +1,3 @@
{ ... }: {...}: {
{
services.pcscd.enable = true; services.pcscd.enable = true;
} }

5
hosts/common/optional/services/vpn.nix Normal file
View File

@@ -0,0 +1,5 @@
{ pkgs, ...}: {
services.netbird.enable = true;
environment.systemPackages = with pkgs; [ netbird-ui ];
}

6
hosts/common/optional/yubikey.nix
View File

@@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
# yubikey login / sudo # yubikey login / sudo
security.pam = { security.pam = {
u2f = { u2f = {
@@ -13,5 +11,5 @@
}; };
}; };
environment.systemPackages = with pkgs; [ yubikey-manager ]; environment.systemPackages = with pkgs; [yubikey-manager];
} }

12
hosts/common/specialisations/gaming.nix
View File

@@ -1,5 +1,9 @@
{ pkgs, config, lib, ... }: {
let pkgs,
config,
lib,
...
}: let
hostSpec = config.hostSpec; hostSpec = config.hostSpec;
in { in {
specialisation.gaming.configuration = { specialisation.gaming.configuration = {
@@ -15,7 +19,7 @@ in {
}; };
home-manager.users."${hostSpec.username}".imports = lib.flatten [ home-manager.users."${hostSpec.username}".imports = lib.flatten [
({ config, ... }: ({config, ...}:
import (lib.custom.relativeToRoot import (lib.custom.relativeToRoot
"home/${hostSpec.username}/specialisations/gaming.nix") { "home/${hostSpec.username}/specialisations/gaming.nix") {
inherit pkgs; inherit pkgs;
@@ -24,6 +28,6 @@ in {
powerManagement.cpuFreqGovernor = "performance"; powerManagement.cpuFreqGovernor = "performance";
environment.systemPackages = with pkgs; [ mangohud protonup-qt ]; environment.systemPackages = with pkgs; [mangohud protonup-qt];
}; };
} }

18
hosts/common/users/primary/default.nix
View File

@@ -1,5 +1,10 @@
{ pkgs, config, lib, inputs, ... }: {
let pkgs,
config,
lib,
inputs,
...
}: let
hostSpec = config.hostSpec; hostSpec = config.hostSpec;
pubKeys = lib.filesystem.listFilesRecursive ./keys; pubKeys = lib.filesystem.listFilesRecursive ./keys;
in { in {
@@ -13,15 +18,14 @@ in {
shell = pkgs.zsh; shell = pkgs.zsh;
home = hostSpec.home; home = hostSpec.home;
isNormalUser = true; isNormalUser = true;
hashedPassword = hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
"$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4"; extraGroups = ["networkmanager" "wheel" "input" "libvirtd" "docker"];
extraGroups = [ "networkmanager" "wheel" "input" "libvirtd" ];
# Read all keys in ./keys and add them to authorizedKeys. # Read all keys in ./keys and add them to authorizedKeys.
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
lib.lists.forEach pubKeys (key: builtins.readFile key); lib.lists.forEach pubKeys (key: builtins.readFile key);
packages = with pkgs; [ libnotify ]; packages = with pkgs; [libnotify];
}; };
}; };
@@ -31,7 +35,7 @@ in {
hostSpec = config.hostSpec; hostSpec = config.hostSpec;
}; };
users.${hostSpec.username}.imports = lib.flatten [ users.${hostSpec.username}.imports = lib.flatten [
({ config, ... }: ({config, ...}:
import (lib.custom.relativeToRoot import (lib.custom.relativeToRoot
"home/${hostSpec.username}/${hostSpec.hostName}.nix") { "home/${hostSpec.username}/${hostSpec.hostName}.nix") {
inherit pkgs inputs config lib hostSpec; inherit pkgs inputs config lib hostSpec;

92
hosts/nixos/aamil-1/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
inputs,
pkgs,
lib,
...
}: let
hostName = "aamil-1";
in {
imports = lib.flatten [
#
# ========= Hardware =========
#
./hardware-configuration.nix
#
# ========= Disk Layout =========
#
inputs.disko.nixosModules.disko
(lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
#
# ========= Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"k3s"
"openiscsi"
"openssh"
])
];
#
# ========= Host specification =========
#
hostSpec = {
hostName = hostName;
};
networking = {
hostName = hostName;
networkmanager.enable = true;
enableIPv6 = false;
firewall.enable = false;
};
nix = {
settings = {
require-sigs = false;
experimental-features = ["nix-command" "flakes"];
};
};
# Set your time zone.
time.timeZone = "Asia/Karachi";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Fixes for longhorn
systemd.tmpfiles.rules = [
"L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
];
virtualisation.docker.logDriver = "json-file";
security.sudo.extraRules = [
{
users = ["shahab"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
environment.systemPackages = with pkgs; [
neovim
git
];
system.stateVersion = "25.05";
}

31
hosts/nixos/aamil-1/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
loader = {
# Use the systemd-boot EFI boot loader.
systemd-boot = {
enable = true;
configurationLimit = 1;
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

92
hosts/nixos/aamil-2/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
inputs,
pkgs,
lib,
...
}: let
hostName = "aamil-2";
in {
imports = lib.flatten [
#
# ========= Hardware =========
#
./hardware-configuration.nix
#
# ========= Disk Layout =========
#
inputs.disko.nixosModules.disko
(lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
#
# ========= Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"k3s"
"openiscsi"
"openssh"
])
];
#
# ========= Host specification =========
#
hostSpec = {
hostName = hostName;
};
networking = {
hostName = hostName;
networkmanager.enable = true;
enableIPv6 = false;
firewall.enable = false;
};
nix = {
settings = {
require-sigs = false;
experimental-features = ["nix-command" "flakes"];
};
};
# Set your time zone.
time.timeZone = "Asia/Karachi";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Fixes for longhorn
systemd.tmpfiles.rules = [
"L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
];
virtualisation.docker.logDriver = "json-file";
security.sudo.extraRules = [
{
users = ["shahab"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
environment.systemPackages = with pkgs; [
neovim
git
];
system.stateVersion = "25.05";
}

31
hosts/nixos/aamil-2/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
loader = {
# Use the systemd-boot EFI boot loader.
systemd-boot = {
enable = true;
configurationLimit = config.hostSpec.bootHistoryLimit;
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

92
hosts/nixos/aamil-3/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
inputs,
pkgs,
lib,
...
}: let
hostName = "aamil-3";
in {
imports = lib.flatten [
#
# ========= Hardware =========
#
./hardware-configuration.nix
#
# ========= Disk Layout =========
#
inputs.disko.nixosModules.disko
(lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
#
# ========= Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"k3s"
"openiscsi"
"openssh"
])
];
#
# ========= Host specification =========
#
hostSpec = {
hostName = hostName;
};
networking = {
hostName = hostName;
networkmanager.enable = true;
enableIPv6 = false;
firewall.enable = false;
};
nix = {
settings = {
require-sigs = false;
experimental-features = ["nix-command" "flakes"];
};
};
# Set your time zone.
time.timeZone = "Asia/Karachi";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# Fixes for longhorn
systemd.tmpfiles.rules = [
"L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
];
virtualisation.docker.logDriver = "json-file";
security.sudo.extraRules = [
{
users = ["shahab"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
environment.systemPackages = with pkgs; [
neovim
git
];
system.stateVersion = "25.05";
}

31
hosts/nixos/aamil-3/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
loader = {
# Use the systemd-boot EFI boot loader.
systemd-boot = {
enable = true;
configurationLimit = config.hostSpec.bootHistoryLimit;
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

21
hosts/nixos/rihla/default.nix
View File

@@ -1,6 +1,10 @@
{ inputs, pkgs, lib, config, ... }:
{ {
inputs,
pkgs,
lib,
config,
...
}: {
imports = lib.flatten [ imports = lib.flatten [
# #
# ========= Hardware ========= # ========= Hardware =========
@@ -33,7 +37,7 @@
# #
# ========= Required Configs ========= # ========= Required Configs =========
# #
(map lib.custom.relativeToRoot [ "hosts/common/core" ]) (map lib.custom.relativeToRoot ["hosts/common/core"])
# #
# ========= Optional Configs ========= # ========= Optional Configs =========
@@ -62,6 +66,7 @@
"openssh" "openssh"
"printing" "printing"
"smart-card" "smart-card"
"vpn"
]) ])
# #
@@ -92,11 +97,15 @@
boot = { boot = {
loader = { loader = {
# Set this to true on first install. This must be false for secure boot. # Set this to true on first install. This must be false for secure boot.
systemd-boot.enable = lib.mkForce (!config.hostSpec.secureBoot); systemd-boot = {
enable = lib.mkForce (!config.hostSpec.secureBoot);
configurationLimit = config.hostSpec.bootHistoryLimit;
};
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
initrd.postResumeCommands = lib.mkIf config.hostSpec.impermanance initrd.postResumeCommands =
lib.mkIf config.hostSpec.impermanance
(lib.mkAfter '' (lib.mkAfter ''
mkdir /btrfs_tmp mkdir /btrfs_tmp
mount /dev/crypt_vg/root /btrfs_tmp mount /dev/crypt_vg/root /btrfs_tmp
@@ -130,7 +139,7 @@
security.rtkit.enable = true; security.rtkit.enable = true;
environment.systemPackages = with pkgs; [ pciutils bc ]; environment.systemPackages = with pkgs; [pciutils bc];
system.stateVersion = "25.05"; system.stateVersion = "25.05";
} }

17
hosts/nixos/rihla/hardware-configuration.nix
View File

@@ -1,8 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ pkgs, config, lib, modulesPath, ... }: { {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = { boot = {
initrd = { initrd = {
@@ -15,11 +20,12 @@
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
]; ];
kernelModules = [ ]; kernelModules = [];
}; };
kernelModules = [ "kvm-amd" ]; kernelModules = ["kvm-amd"];
extraModulePackages = [ ]; extraModulePackages = [];
binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed
}; };
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -36,7 +42,6 @@
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics = { graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ amdvlk ];
}; };
}; };
} }

4
lib/default.nix
View File

@@ -1,5 +1,3 @@
{ lib, ... }: {lib, ...}: {
{
relativeToRoot = lib.path.append ../.; relativeToRoot = lib.path.append ../.;
} }

6
modules/common/default.nix
View File

@@ -1,5 +1,3 @@
{ ... }: {...}: {
imports = [./host-spec.nix];
{
imports = [ ./host-spec.nix ];
} }

16
modules/common/host-spec.nix
View File

@@ -1,5 +1,9 @@
# Specifications For Differentiating Hosts # Specifications For Differentiating Hosts
{ config, lib, ... }: { {
config,
lib,
...
}: {
options.hostSpec = { options.hostSpec = {
username = lib.mkOption { username = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@@ -14,7 +18,7 @@
description = "The email of the user"; description = "The email of the user";
}; };
networking = lib.mkOption { networking = lib.mkOption {
default = { }; default = {};
type = lib.types.attrsOf lib.types.anything; type = lib.types.attrsOf lib.types.anything;
description = "An attribute set of networking information"; description = "An attribute set of networking information";
}; };
@@ -40,6 +44,11 @@
description = "Whether or not secure boot has been enabled"; description = "Whether or not secure boot has been enabled";
default = false; default = false;
}; };
bootHistoryLimit = lib.mkOption {
type = lib.types.int;
description = "How many generations to keep bootable in history";
default = 3;
};
impermanance = lib.mkOption { impermanance = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
description = "Whether or not to enable impermenance"; description = "Whether or not to enable impermenance";
@@ -63,8 +72,7 @@
scaling = lib.mkOption { scaling = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "1"; default = "1";
description = description = "Used to indicate what scaling to use. Floating point number";
"Used to indicate what scaling to use. Floating point number";
}; };
font = lib.mkOption { font = lib.mkOption {
type = lib.types.str; type = lib.types.str;

6
modules/home-manager/default.nix
View File

@@ -1,5 +1,3 @@
{ ... }: {...}: {
imports = [./yubikey-touch-detector.nix];
{
imports = [ ./yubikey-touch-detector.nix ];
} }

33
modules/home-manager/yubikey-touch-detector.nix
View File

@@ -1,11 +1,15 @@
{ config, lib, pkgs, ... }: {
config,
with lib; lib,
pkgs,
let cfg = config.services.yubikey-touch-detector; ...
}:
with lib; let
cfg = config.services.yubikey-touch-detector;
in { in {
options.services.yubikey-touch-detector = { options.services.yubikey-touch-detector = {
enable = mkEnableOption enable =
mkEnableOption
"a tool to detect when your YubiKey is waiting for a touch"; "a tool to detect when your YubiKey is waiting for a touch";
package = mkOption { package = mkOption {
@@ -22,7 +26,7 @@ in {
extraArgs = mkOption { extraArgs = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ "--libnotify" ]; default = ["--libnotify"];
defaultText = literalExpression ''[ "--libnotify" ]''; defaultText = literalExpression ''[ "--libnotify" ]'';
description = '' description = ''
Extra arguments to pass to the tool. The arguments are not escaped. Extra arguments to pass to the tool. The arguments are not escaped.
@@ -31,20 +35,19 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = [ cfg.package ]; home.packages = [cfg.package];
# Service description licensed under ISC # Service description licensed under ISC
# See https://github.com/maximbaz/yubikey-touch-detector/blob/c9fdff7163361d6323e2de0449026710cacbc08a/LICENSE # See https://github.com/maximbaz/yubikey-touch-detector/blob/c9fdff7163361d6323e2de0449026710cacbc08a/LICENSE
# Author: Maxim Baz # Author: Maxim Baz
systemd.user.sockets.yubikey-touch-detector = mkIf cfg.socket.enable { systemd.user.sockets.yubikey-touch-detector = mkIf cfg.socket.enable {
Unit.Description = Unit.Description = "Unix socket activation for YubiKey touch detector service";
"Unix socket activation for YubiKey touch detector service";
Socket = { Socket = {
ListenFIFO = "%t/yubikey-touch-detector.sock"; ListenFIFO = "%t/yubikey-touch-detector.sock";
RemoveOnStop = true; RemoveOnStop = true;
SocketMode = "0660"; SocketMode = "0660";
}; };
Install.WantedBy = [ "sockets.target" ]; Install.WantedBy = ["sockets.target"];
}; };
# Same license thing for the description here # Same license thing for the description here
@@ -52,19 +55,19 @@ in {
Unit = { Unit = {
Description = "Detects when your YubiKey is waiting for a touch"; Description = "Detects when your YubiKey is waiting for a touch";
Requires = Requires =
optionals cfg.socket.enable [ "yubikey-touch-detector.socket" ]; optionals cfg.socket.enable ["yubikey-touch-detector.socket"];
}; };
Service = { Service = {
ExecStart = "${cfg.package}/bin/yubikey-touch-detector ${ ExecStart = "${cfg.package}/bin/yubikey-touch-detector ${
concatStringsSep " " cfg.extraArgs concatStringsSep " " cfg.extraArgs
}"; }";
Environment = [ "PATH=${lib.makeBinPath [ pkgs.gnupg ]}" ]; Environment = ["PATH=${lib.makeBinPath [pkgs.gnupg]}"];
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "1sec"; RestartSec = "1sec";
}; };
Install.Also = Install.Also =
optionals cfg.socket.enable [ "yubikey-touch-detector.socket" ]; optionals cfg.socket.enable ["yubikey-touch-detector.socket"];
Install.WantedBy = [ "default.target" ]; Install.WantedBy = ["default.target"];
}; };
}; };
} }

1
secret.key Normal file
View File

@@ -0,0 +1 @@
kernel-hacker!