kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: move from den based to flake-parts based

Browse Source
This commit is contained in:
Jelle Spreeuwenberg
2026-04-21 00:59:54 +02:00
parent d2ab961c48
commit 5bed1336c0
71 changed files with 1832 additions and 2472 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/bundles.nix
-50
View File
@@ -1,50 +0,0 @@
{ den, lux, ... }:
{
lux.bundles._.local-session = {
includes = with lux; [
nix
region-nl
sddm
niri
audio
bluetooth
clipboard
flatpak
fonts
local-apps
networking
pinentry
printing
qbittorrent-client
system-base
vicinae
xdg
theme
noctalia
];
};
lux.bundles._.local-session-user = {
includes = with lux; [
nix
niri
clipboard
local-apps
pinentry
qbittorrent-client
vicinae
xdg
theme
noctalia
];
};
lux.bundles._.development = {
includes = with lux; [
git
dev-tools
podman
gemini
];
};
}
modules/defaults.nix
-23
View File
@@ -1,23 +0,0 @@
{ den, ... }:
let
configState = "24.05";
in
{
den.default = {
includes = [
den._.define-user
den._.hostname
];
nixos.system.stateVersion = configState;
homeManager.home.stateVersion = configState;
};
den.ctx.user.includes = [ den._.mutual-provider ];
_module.args.__findFile = den.lib.__findFile;
den.ctx.hm-host.nixos.home-manager = {
useGlobalPkgs = true;
backupFileExtension = "bak";
};
}
modules/den.nix
-9
View File
@@ -1,9 +0,0 @@
{ inputs, den, ... }:
{
imports = [
inputs.den.flakeModule
(inputs.den.namespace "lux" true)
];
flake.den = den;
}
modules/features/_noctalia-config.nix
+17 -17
View File
@@ -3,7 +3,7 @@
bar = {
barType = "simple";
position = "top";
monitors = [];
monitors = [ ];
density = "default";
showOutline = false;
showCapsule = false;
@@ -69,13 +69,13 @@
];
right = [
{
blacklist = [];
blacklist = [ ];
chevronColor = "none";
colorizeIcons = false;
drawerEnabled = true;
hidePassive = false;
id = "Tray";
pinned = [];
pinned = [ ];
}
{
displayMode = "onhover";
@@ -95,7 +95,7 @@
}
];
};
screenOverrides = [];
screenOverrides = [ ];
};
general = {
avatarImage = "/home/kiri/.face";
@@ -130,7 +130,7 @@
clockStyle = "custom";
clockFormat = "hh\\nmm";
passwordChars = false;
lockScreenMonitors = [];
lockScreenMonitors = [ ];
lockScreenBlur = 0;
lockScreenTint = 0;
keybinds = {
@@ -210,7 +210,7 @@
enabled = true;
overviewEnabled = false;
directory = "/home/kiri/media/images/wallpapers";
monitorDirectories = [];
monitorDirectories = [ ];
enableMultiMonitorDirectories = false;
showHiddenFiles = false;
viewMode = "recursive";
@@ -242,7 +242,7 @@
wallhavenResolutionWidth = "";
wallhavenResolutionHeight = "";
sortOrder = "name";
favorites = [];
favorites = [ ];
};
appLauncher = {
enableClipboardHistory = true;
@@ -252,7 +252,7 @@
clipboardWatchTextCommand = "wl-paste --type text --watch cliphist store";
clipboardWatchImageCommand = "wl-paste --type image --watch cliphist store";
position = "top_center";
pinnedApps = [];
pinnedApps = [ ];
useApp2Unit = false;
sortByMostUsed = true;
terminalCommand = "kitty -e";
@@ -362,8 +362,8 @@
floatingRatio = 1;
size = 1;
onlySameOutput = true;
monitors = [];
pinnedApps = [];
monitors = [ ];
pinnedApps = [ ];
colorizeIcons = false;
showLauncherIcon = false;
launcherPosition = "end";
@@ -454,7 +454,7 @@
enabled = true;
enableMarkdown = false;
density = "default";
monitors = [];
monitors = [ ];
location = "top_right";
overlayLayer = true;
backgroundOpacity = 1;
@@ -492,14 +492,14 @@
1
2
];
monitors = [];
monitors = [ ];
};
audio = {
volumeStep = 5;
volumeOverdrive = false;
cavaFrameRate = 30;
visualizerType = "linear";
mprisBlacklist = [];
mprisBlacklist = [ ];
preferredPlayer = "";
volumeFeedback = false;
volumeFeedbackSoundFile = "";
@@ -508,7 +508,7 @@
brightnessStep = 5;
enforceMinimum = true;
enableDdcSupport = false;
backlightDeviceMappings = [];
backlightDeviceMappings = [ ];
};
colorSchemes = {
useWallpaperColors = false;
@@ -521,7 +521,7 @@
monitorForColors = "";
};
templates = {
activeTemplates = [];
activeTemplates = [ ];
enableUserTheming = false;
};
nightLight = {
@@ -559,6 +559,6 @@
enabled = false;
overviewEnabled = true;
gridSnap = false;
monitorWidgets = [];
monitorWidgets = [ ];
};
}
}
modules/features/audio.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.audio.nixos = {
flake.modules.nixos.audio = {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
modules/features/bitwarden.nix
+11 -22
View File
@@ -1,25 +1,14 @@
{ den, lib, ... }:
let
getPrimaryEmail =
user:
(lib.findFirst (email: email.primary) (throw "Missing primary email for ${user.userName}") (builtins.attrValues user.emails)).address;
in
{ ... }:
{
lux.bitwarden = den.lib.parametric {
includes = [
(
{ host, user }:
{
homeManager.programs.rbw.settings = {
email = getPrimaryEmail user;
base_url = "https://vault.${host.serviceDomain}";
};
}
)
];
homeManager = {
programs.rbw.enable = true;
flake.modules.homeManager.bitwarden =
{ pkgs, ... }:
{
programs.rbw = {
enable = true;
settings = {
base_url = "https://vault.jelles.net";
pinentry = pkgs.pinentry-gnome3;
};
};
};
};
}
modules/features/bluetooth.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.bluetooth.nixos = {
flake.modules.nixos.bluetooth = {
hardware.bluetooth.enable = true;
services.blueman.enable = true;
};
modules/features/clipboard.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.clipboard.homeManager =
flake.modules.homeManager.clipboard =
{ pkgs, ... }:
{
home.packages = [ pkgs.wl-clipboard ];
modules/features/desktop-base.nix
+35
View File
@@ -0,0 +1,35 @@
{ inputs, config, ... }:
let
nixosModules = config.flake.modules.nixos;
in
{
flake.modules.nixos.desktopBase = {
imports = [
inputs.home-manager.nixosModules.home-manager
nixosModules.nix
nixosModules.systemBase
nixosModules.standardBoot
nixosModules.regionNl
nixosModules.sddm
nixosModules.niri
nixosModules.audio
nixosModules.bluetooth
nixosModules.flatpak
nixosModules.fonts
nixosModules.networking
nixosModules.printing
nixosModules.qbittorrentClient
nixosModules.sopsHost
];
home-manager = {
useGlobalPkgs = true;
backupFileExtension = "bak";
extraSpecialArgs = { inherit inputs; };
};
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
};
}
modules/features/dev-tools.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.dev-tools.homeManager =
flake.modules.homeManager.devTools =
{ config, ... }:
{
home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
modules/features/email.nix
+90 -75
View File
@@ -1,84 +1,99 @@
{ den, lib, ... }:
{ ... }:
{
lux.email = den.lib.perUser (
{ user, ... }:
flake.modules.homeManager.email =
{ config, ... }:
let
mkEmailAccount =
_: email:
realName = "Jelle Spreeuwenberg";
mkOffice365Account =
{
address,
primary,
}:
{
enable = true;
address = email.address;
primary = email.primary;
realName = user.realName;
userName = email.address;
thunderbird =
{
enable = true;
}
// lib.optionalAttrs (email.kind == "office365") {
settings = id: {
"mail.smtpserver.smtp_${id}.authMethod" = 10;
"mail.server.server_${id}.authMethod" = 10;
};
};
}
// (
if email.kind == "mxrouting" then
{
imap = {
authentication = "plain";
host = "taylor.mxrouting.net";
port = 993;
tls.enable = true;
};
smtp = {
authentication = "plain";
host = "taylor.mxrouting.net";
port = 465;
tls.enable = true;
};
}
else
{
flavor = "outlook.office365.com";
}
);
in
{
homeManager = { ... }: {
programs.thunderbird = {
inherit address primary realName;
userName = address;
thunderbird = {
enable = true;
profiles.${user.name} = {
isDefault = true;
withExternalGnupg = true;
settings = {
# LAYOUT: Force 3-Pane Vertical View (Folders | List | Message)
"mail.ui.display.message_pane_vertical" = true;
# APPEARANCE: Enable "Cards View" (modern multi-line list)
# Note: 'cards' is the value for the new view
"mail.ui.display.thread_pane_view_type" = "cards";
# DENSITY: "Compact" is usually cleaner for tech-savvy users
"mail.uidensity" = 1; # 0=Default, 1=Compact, 2=Touch
# PRIVACY & CLEANUP
"privacy.donottrackheader.enabled" = true;
"mail.server.server2.hidden" = true; # Hide "Local Folders"
# Start page disable for faster boot
"mailnews.start_page.enabled" = false;
# Disable the "Get a new email address" feature in account manager
"mail.provider.enabled" = false;
"layout.css.devPixelsPerPx" = 0.85;
};
settings = id: {
"mail.smtpserver.smtp_${id}.authMethod" = 10;
"mail.server.server_${id}.authMethod" = 10;
};
};
accounts.email.accounts = lib.mapAttrs mkEmailAccount user.emails;
flavor = "outlook.office365.com";
};
}
);
mkMxrouteAccount =
{
address,
primary,
}:
{
enable = true;
inherit address primary realName;
userName = address;
thunderbird.enable = true;
imap = {
authentication = "plain";
host = "taylor.mxrouting.net";
port = 993;
tls.enable = true;
};
smtp = {
authentication = "plain";
host = "taylor.mxrouting.net";
port = 465;
tls.enable = true;
};
};
in
{
programs.thunderbird = {
enable = true;
profiles.${config.home.username} = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.ui.display.message_pane_vertical" = true;
"mail.ui.display.thread_pane_view_type" = "cards";
"mail.uidensity" = 1;
"privacy.donottrackheader.enabled" = true;
"mail.server.server2.hidden" = true;
"mailnews.start_page.enabled" = false;
"mail.provider.enabled" = false;
"layout.css.devPixelsPerPx" = 0.85;
};
};
};
accounts.email.accounts =
if config.home.username == "ergon" then
{
work = mkOffice365Account {
address = "jelle.spreeuwenberg@yookr.org";
primary = true;
};
}
else
{
main = mkMxrouteAccount {
address = "mail@jelles.net";
primary = true;
};
old = mkMxrouteAccount {
address = "mail@jellespreeuwenberg.nl";
primary = false;
};
uni = mkOffice365Account {
address = "j.spreeuwenberg@student.tue.nl";
primary = false;
};
work = mkOffice365Account {
address = "jelle.spreeuwenberg@yookr.org";
primary = false;
};
};
};
}
modules/features/flatpak.nix
+3 -1
View File
@@ -1,3 +1,5 @@
{
lux.flatpak.nixos.services.flatpak.enable = true;
flake.modules.nixos.flatpak = {
services.flatpak.enable = true;
};
}
modules/features/fonts.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.fonts.nixos =
flake.modules.nixos.fonts =
{ pkgs, ... }:
{
fonts = {
modules/features/gemini.nix
+8 -12
View File
@@ -1,15 +1,11 @@
{
lux.gemini = {
homeManager =
{ config, ... }:
{
home.sessionVariables.GEMINI_CONFIG_DIR = "${config.xdg.configHome}/gemini";
flake.modules.homeManager.gemini =
{ config, ... }:
{
home.sessionVariables.GEMINI_CONFIG_DIR = "${config.xdg.configHome}/gemini";
programs.gemini-cli.enable = true;
programs.opencode.enable = true;
# Needed for extensions
programs.npm.enable = true;
};
};
programs.gemini-cli.enable = true;
programs.opencode.enable = true;
programs.npm.enable = true;
};
}
modules/features/git.nix
+16 -30
View File
@@ -1,32 +1,18 @@
{ den, lib, ... }:
let
getPrimaryEmail =
user:
(lib.findFirst (email: email.primary) (throw "Missing primary email for ${user.userName}") (
builtins.attrValues user.emails
)).address;
in
{ ... }:
{
lux.git = den.lib.parametric {
includes = [
(
{ user, ... }:
{
homeManager.programs.git = {
enable = true;
signing.format = "ssh";
ignores = [
".claude/"
".codex/"
];
settings = {
user.name = user.realName;
user.email = getPrimaryEmail user;
init.defaultBranch = "main";
};
};
}
)
];
};
flake.modules.homeManager.git =
{ ... }:
{
programs.git = {
enable = true;
signing.format = "ssh";
ignores = [
".claude/"
".codex/"
];
settings = {
init.defaultBranch = "main";
};
};
};
}
modules/features/local-apps.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.local-apps.homeManager =
flake.modules.homeManager.localApps =
{ pkgs, ... }:
{
home.sessionVariables.BROWSER = "vivaldi";
modules/features/mpv.nix
+43 -45
View File
@@ -1,49 +1,47 @@
{
lux.mpv = {
homeManager =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
bindings = {
D = "cycle deband";
};
config = {
profile = "high-quality";
osc = "no";
border = "no";
vo = "gpu-next";
gpu-api = "vulkan";
hwdec = "vulkan";
demuxer-mkv-subtitle-preroll = "yes";
sub-auto = "fuzzy";
sub-gauss = 1.0;
sub-gray = "yes";
tone-mapping = "bt.2446a";
keep-open = "yes";
save-position-on-quit = "yes";
volume-max = 150;
deband = "yes";
deband-iterations = 2;
deband-threshold = 64;
deband-range = 17;
deband-grain = 12;
};
scripts = with pkgs.mpvScripts; [
modernz
thumbfast
mpris
autosub
];
flake.modules.homeManager.mpv =
{ pkgs, ... }:
{
programs.mpv = {
enable = true;
bindings = {
D = "cycle deband";
};
config = {
profile = "high-quality";
osc = "no";
border = "no";
vo = "gpu-next";
gpu-api = "vulkan";
hwdec = "vulkan";
demuxer-mkv-subtitle-preroll = "yes";
sub-auto = "fuzzy";
sub-gauss = 1.0;
sub-gray = "yes";
tone-mapping = "bt.2446a";
keep-open = "yes";
save-position-on-quit = "yes";
volume-max = 150;
deband = "yes";
deband-iterations = 2;
deband-threshold = 64;
deband-range = 17;
deband-grain = 12;
};
scripts = with pkgs.mpvScripts; [
modernz
thumbfast
mpris
autosub
];
};
};
};
}
modules/features/neovim/default.nix
+6 -9
View File
@@ -1,10 +1,11 @@
{ inputs, ... }:
{
lux.neovim.homeManager =
flake.modules.homeManager.neovim =
{
pkgs,
lib,
config,
inputs,
osConfig,
...
}:
{
@@ -13,7 +14,6 @@
VISUAL = "nvim";
};
imports = [
(inputs.nix-wrapper-modules.lib.mkInstallModule {
name = "neovim";
@@ -26,7 +26,7 @@
];
# Configure sops-nix secret
sops.secrets.gemini-api-key-neovim = {};
sops.secrets.gemini-api-key-neovim = { };
wrappers.neovim = {
enable = true;
@@ -117,13 +117,10 @@
# We put these in `settings` so they appear in require('nix-info').settings
settings = {
# Hostname/ConfigDir needed for nixd
# NOTE: Adjust these paths to match your actual denful/flake variables
nixdExtras = {
nixpkgs = "import ${pkgs.path} {}";
# Assuming you have access to the flake path in your config,
# otherwise hardcode or pass via specialArgs
nixos_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.polaris.config.networking.hostName}.options'';
home_manager_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.polaris.config.networking.hostName}.options.home-manager.users.type.getSubOptions []'';
nixos_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.${osConfig.networking.hostName}.options'';
home_manager_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.${osConfig.networking.hostName}.options.home-manager.users.type.getSubOptions []'';
};
# TODO: Put in separate theme file
modules/features/networking.nix
+5 -3
View File
@@ -1,6 +1,8 @@
{
lux.networking.nixos.networking = {
nftables.enable = true;
networkmanager.enable = true;
flake.modules.nixos.networking = {
networking = {
nftables.enable = true;
networkmanager.enable = true;
};
};
}
modules/features/niri.nix
-374
View File
@@ -1,374 +0,0 @@
{ den, inputs, lib, ... }:
let
mkOutputs =
host:
lib.mapAttrs (
_: display:
lib.optionalAttrs display.primary {
focus-at-startup = true;
}
// lib.filterAttrs (_: value: value != null) {
position = display.position;
scale = display.scale;
mode = display.mode;
}
) host.displays;
in
{
lux.niri = {
includes = [
(den.lib.perHost {
nixos =
{ pkgs, ... }:
{
imports = [ inputs.niri.nixosModules.niri ];
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
programs.niri.enable = true;
programs.niri.package = pkgs.niri-unstable;
programs.dconf.enable = true;
# Essential services for Nautilus (Trash, Networking, Disks, Search)
services.gvfs.enable = true;
services.udisks2.enable = true;
};
})
(den.lib.perUser (
{ host, ... }:
{
homeManager =
{ config, pkgs, ... }:
{
home.sessionVariables.NIXOS_OZONE_WL = "1";
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
home.packages = with pkgs; [
playerctl
nautilus
brightnessctl
xwayland-satellite
];
programs.niri = {
settings = {
outputs = mkOutputs host;
environment = {
DISPLAY = ":0";
};
spawn-at-startup = [
{ command = [ "xwayland-satellite" ]; }
{ command = [ "noctalia-shell" ]; }
{ command = [ "qbittorrent" ]; }
];
prefer-no-csd = true;
hotkey-overlay.skip-at-startup = true;
screenshot-path = "${config.xdg.userDirs.pictures}/screenshots/%Y-%m-%dT%H:%M:%S.png";
# -----------------------------------------------------------------
# Aesthetics & Visuals
# -----------------------------------------------------------------
# Fast, snappy animations
animations.slowdown = 0.6;
cursor = with config.home.pointerCursor; {
size = size;
theme = name;
hide-after-inactive-ms = 3000;
hide-when-typing = true;
};
layout = {
always-center-single-column = true;
gaps = 14;
focus-ring.enable = false;
default-column-width = {
proportion = 1. / 2.;
};
# Kanagawa-wave Colorscheme for border
border = {
enable = true;
width = 3;
active.color = "#7E9CD8"; # Crystal Blue
inactive.color = "#54546D"; # Sumi Ink 4
urgent.color = "#E82424"; # Samurai Red
};
};
window-rules = [
{
# Sleek rounded corners
geometry-corner-radius =
let
radius = 10.0;
in
{
bottom-left = radius;
bottom-right = radius;
top-left = radius;
top-right = radius;
};
clip-to-geometry = true;
}
];
# -----------------------------------------------------------------
# System & Input
# -----------------------------------------------------------------
debug = {
honor-xdg-activation-with-invalid-serial = true;
};
input = {
focus-follows-mouse.enable = true;
keyboard = {
repeat-delay = 300;
repeat-rate = 50;
xkb.options = "caps:escape";
};
mouse.accel-speed = 0.4;
};
# -----------------------------------------------------------------
# Keybinds
# -----------------------------------------------------------------
binds = {
# --- Applications & Launchers ---
"Mod+Return" = {
action.spawn = "kitty";
hotkey-overlay.title = "Terminal";
};
"Mod+B" = {
action.spawn = "vivaldi";
hotkey-overlay.title = "Browser";
};
"Mod+Space" = {
repeat = false;
action.spawn = [
"vicinae"
"toggle"
];
hotkey-overlay.title = "App Launcher";
};
# --- Media & Brightness Controls ---
"XF86AudioPlay" = {
action.spawn-sh = "playerctl play-pause";
allow-when-locked = true;
};
"XF86AudioStop" = {
action.spawn-sh = "playerctl stop";
allow-when-locked = true;
};
"XF86AudioPrev" = {
action.spawn-sh = "playerctl previous";
allow-when-locked = true;
};
"XF86AudioNext" = {
action.spawn-sh = "playerctl next";
allow-when-locked = true;
};
"XF86AudioRaiseVolume" = {
action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
allow-when-locked = true;
};
"XF86AudioLowerVolume" = {
action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
allow-when-locked = true;
};
"XF86AudioMute" = {
action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
allow-when-locked = true;
};
"XF86AudioMicMute" = {
action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
allow-when-locked = true;
};
"XF86MonBrightnessUp" = {
action.spawn-sh = "brightnessctl s 10%+";
allow-when-locked = true;
};
"XF86MonBrightnessDown" = {
action.spawn-sh = "brightnessctl s 10%-";
allow-when-locked = true;
};
# --- Screenshots ---
"Mod+S".action.screenshot = [ ];
"Mod+Ctrl+S".action.screenshot-screen = [ ];
"Mod+Alt+S".action.screenshot-window = [ ];
# --- Session & System ---
"Mod+Shift+Slash".action.show-hotkey-overlay = [ ];
"Mod+Escape" = {
action.toggle-keyboard-shortcuts-inhibit = [ ];
allow-inhibiting = false;
};
"Mod+Alt+L" = {
action.spawn-sh = "loginctl lock-session";
hotkey-overlay.title = "Lock Screen";
};
"Mod+Shift+E".action.quit = [ ];
"Ctrl+Alt+Delete".action.quit = [ ];
"Mod+Shift+P".action.power-off-monitors = [ ];
# --- Overview & Window Management ---
"Mod+O" = {
action.toggle-overview = [ ];
repeat = false;
};
"Mod+Q" = {
action.close-window = [ ];
repeat = false;
};
# Focus Movement (Vim-like + Arrows)
"Mod+H".action.focus-column-or-monitor-left = [ ];
"Mod+J".action.focus-window-down = [ ];
"Mod+K".action.focus-window-up = [ ];
"Mod+L".action.focus-column-or-monitor-right = [ ];
# Window Movement
"Mod+Ctrl+Left".action.move-column-left = [ ];
"Mod+Ctrl+Down".action.move-window-down = [ ];
"Mod+Ctrl+Up".action.move-window-up = [ ];
"Mod+Ctrl+Right".action.move-column-right = [ ];
"Mod+Ctrl+H".action.move-column-left = [ ];
"Mod+Ctrl+J".action.move-window-down = [ ];
"Mod+Ctrl+K".action.move-window-up = [ ];
"Mod+Ctrl+L".action.move-column-right = [ ];
# Column Focus & Movement
"Mod+Home".action.focus-column-first = [ ];
"Mod+End".action.focus-column-last = [ ];
"Mod+Ctrl+Home".action.move-column-to-first = [ ];
"Mod+Ctrl+End".action.move-column-to-last = [ ];
# Monitor Focus
"Mod+Shift+Left".action.focus-monitor-left = [ ];
"Mod+Shift+Down".action.focus-monitor-down = [ ];
"Mod+Shift+Up".action.focus-monitor-up = [ ];
"Mod+Shift+Right".action.focus-monitor-right = [ ];
"Mod+Shift+H".action.focus-monitor-left = [ ];
"Mod+Shift+J".action.focus-monitor-down = [ ];
"Mod+Shift+K".action.focus-monitor-up = [ ];
"Mod+Shift+L".action.focus-monitor-right = [ ];
# Monitor Movement
"Mod+Shift+Ctrl+Left".action.move-column-to-monitor-left = [ ];
"Mod+Shift+Ctrl+Down".action.move-column-to-monitor-down = [ ];
"Mod+Shift+Ctrl+Up".action.move-column-to-monitor-up = [ ];
"Mod+Shift+Ctrl+Right".action.move-column-to-monitor-right = [ ];
"Mod+Shift+Ctrl+H".action.move-column-to-monitor-left = [ ];
"Mod+Shift+Ctrl+J".action.move-column-to-monitor-down = [ ];
"Mod+Shift+Ctrl+K".action.move-column-to-monitor-up = [ ];
"Mod+Shift+Ctrl+L".action.move-column-to-monitor-right = [ ];
# Workspace Focus
"Mod+Page_Down".action.focus-workspace-down = [ ];
"Mod+Page_Up".action.focus-workspace-up = [ ];
"Mod+U".action.focus-workspace-down = [ ];
"Mod+I".action.focus-workspace-up = [ ];
# Workspace Movement (Column)
"Mod+Ctrl+Page_Down".action.move-column-to-workspace-down = [ ];
"Mod+Ctrl+Page_Up".action.move-column-to-workspace-up = [ ];
"Mod+Ctrl+U".action.move-column-to-workspace-down = [ ];
"Mod+Ctrl+I".action.move-column-to-workspace-up = [ ];
# Workspace Movement (Entire Workspace)
"Mod+Shift+Page_Down".action.move-workspace-down = [ ];
"Mod+Shift+Page_Up".action.move-workspace-up = [ ];
"Mod+Shift+U".action.move-workspace-down = [ ];
"Mod+Shift+I".action.move-workspace-up = [ ];
# --- Mouse Wheel Scrolling ---
"Mod+WheelScrollDown" = {
action.focus-workspace-down = [ ];
cooldown-ms = 150;
};
"Mod+WheelScrollUp" = {
action.focus-workspace-up = [ ];
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollDown" = {
action.move-column-to-workspace-down = [ ];
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollUp" = {
action.move-column-to-workspace-up = [ ];
cooldown-ms = 150;
};
"Mod+WheelScrollRight".action.focus-column-right = [ ];
"Mod+WheelScrollLeft".action.focus-column-left = [ ];
"Mod+Ctrl+WheelScrollRight".action.move-column-right = [ ];
"Mod+Ctrl+WheelScrollLeft".action.move-column-left = [ ];
"Mod+Shift+WheelScrollDown".action.focus-column-right = [ ];
"Mod+Shift+WheelScrollUp".action.focus-column-left = [ ];
"Mod+Ctrl+Shift+WheelScrollDown".action.move-column-right = [ ];
"Mod+Ctrl+Shift+WheelScrollUp".action.move-column-left = [ ];
# --- Workspace Indices ---
"Mod+1".action.focus-workspace = 1;
"Mod+2".action.focus-workspace = 2;
"Mod+3".action.focus-workspace = 3;
"Mod+4".action.focus-workspace = 4;
"Mod+5".action.focus-workspace = 5;
"Mod+6".action.focus-workspace = 6;
"Mod+7".action.focus-workspace = 7;
"Mod+8".action.focus-workspace = 8;
"Mod+9".action.focus-workspace = 9;
"Mod+Ctrl+1".action.move-column-to-workspace = 1;
"Mod+Ctrl+2".action.move-column-to-workspace = 2;
"Mod+Ctrl+3".action.move-column-to-workspace = 3;
"Mod+Ctrl+4".action.move-column-to-workspace = 4;
"Mod+Ctrl+5".action.move-column-to-workspace = 5;
"Mod+Ctrl+6".action.move-column-to-workspace = 6;
"Mod+Ctrl+7".action.move-column-to-workspace = 7;
"Mod+Ctrl+8".action.move-column-to-workspace = 8;
"Mod+Ctrl+9".action.move-column-to-workspace = 9;
# --- Column/Window Reshaping & Organization ---
"Mod+BracketLeft".action.consume-or-expel-window-left = [ ];
"Mod+BracketRight".action.consume-or-expel-window-right = [ ];
"Mod+Comma".action.consume-window-into-column = [ ];
"Mod+Period".action.expel-window-from-column = [ ];
"Mod+R".action.switch-preset-column-width = [ ];
"Mod+Shift+R".action.switch-preset-window-height = [ ];
"Mod+Ctrl+R".action.reset-window-height = [ ];
"Mod+F".action.maximize-column = [ ];
"Mod+Shift+F".action.fullscreen-window = [ ];
"Mod+M".action.maximize-window-to-edges = [ ];
"Mod+Ctrl+F".action.expand-column-to-available-width = [ ];
"Mod+C".action.center-column = [ ];
"Mod+Ctrl+C".action.center-visible-columns = [ ];
"Mod+Minus".action.set-column-width = "-10%";
"Mod+Equal".action.set-column-width = "+10%";
"Mod+Shift+Minus".action.set-window-height = "-10%";
"Mod+Shift+Equal".action.set-window-height = "+10%";
"Mod+V".action.toggle-window-floating = [ ];
"Mod+Shift+V".action.switch-focus-between-floating-and-tiling = [ ];
"Mod+W".action.toggle-column-tabbed-display = [ ];
};
};
};
};
}
))
];
};
}
modules/features/niri/_bindings.nix
+207
View File
@@ -0,0 +1,207 @@
{
"Mod+Return" = {
action.spawn = "kitty";
hotkey-overlay.title = "Terminal";
};
"Mod+B" = {
action.spawn = "vivaldi";
hotkey-overlay.title = "Browser";
};
"Mod+Space" = {
repeat = false;
action.spawn = [
"vicinae"
"toggle"
];
hotkey-overlay.title = "App Launcher";
};
"XF86AudioPlay" = {
action.spawn-sh = "playerctl play-pause";
allow-when-locked = true;
};
"XF86AudioStop" = {
action.spawn-sh = "playerctl stop";
allow-when-locked = true;
};
"XF86AudioPrev" = {
action.spawn-sh = "playerctl previous";
allow-when-locked = true;
};
"XF86AudioNext" = {
action.spawn-sh = "playerctl next";
allow-when-locked = true;
};
"XF86AudioRaiseVolume" = {
action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
allow-when-locked = true;
};
"XF86AudioLowerVolume" = {
action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
allow-when-locked = true;
};
"XF86AudioMute" = {
action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
allow-when-locked = true;
};
"XF86AudioMicMute" = {
action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
allow-when-locked = true;
};
"XF86MonBrightnessUp" = {
action.spawn-sh = "brightnessctl s 10%+";
allow-when-locked = true;
};
"XF86MonBrightnessDown" = {
action.spawn-sh = "brightnessctl s 10%-";
allow-when-locked = true;
};
"Mod+S".action.screenshot = [ ];
"Mod+Ctrl+S".action.screenshot-screen = [ ];
"Mod+Alt+S".action.screenshot-window = [ ];
"Mod+Shift+Slash".action.show-hotkey-overlay = [ ];
"Mod+Escape" = {
action.toggle-keyboard-shortcuts-inhibit = [ ];
allow-inhibiting = false;
};
"Mod+Alt+L" = {
action.spawn-sh = "loginctl lock-session";
hotkey-overlay.title = "Lock Screen";
};
"Mod+Shift+E".action.quit = [ ];
"Ctrl+Alt+Delete".action.quit = [ ];
"Mod+Shift+P".action.power-off-monitors = [ ];
"Mod+O" = {
action.toggle-overview = [ ];
repeat = false;
};
"Mod+Q" = {
action.close-window = [ ];
repeat = false;
};
"Mod+H".action.focus-column-or-monitor-left = [ ];
"Mod+J".action.focus-window-down = [ ];
"Mod+K".action.focus-window-up = [ ];
"Mod+L".action.focus-column-or-monitor-right = [ ];
"Mod+Ctrl+Left".action.move-column-left = [ ];
"Mod+Ctrl+Down".action.move-window-down = [ ];
"Mod+Ctrl+Up".action.move-window-up = [ ];
"Mod+Ctrl+Right".action.move-column-right = [ ];
"Mod+Ctrl+H".action.move-column-left = [ ];
"Mod+Ctrl+J".action.move-window-down = [ ];
"Mod+Ctrl+K".action.move-window-up = [ ];
"Mod+Ctrl+L".action.move-column-right = [ ];
"Mod+Home".action.focus-column-first = [ ];
"Mod+End".action.focus-column-last = [ ];
"Mod+Ctrl+Home".action.move-column-to-first = [ ];
"Mod+Ctrl+End".action.move-column-to-last = [ ];
"Mod+Shift+Left".action.focus-monitor-left = [ ];
"Mod+Shift+Down".action.focus-monitor-down = [ ];
"Mod+Shift+Up".action.focus-monitor-up = [ ];
"Mod+Shift+Right".action.focus-monitor-right = [ ];
"Mod+Shift+H".action.focus-monitor-left = [ ];
"Mod+Shift+J".action.focus-monitor-down = [ ];
"Mod+Shift+K".action.focus-monitor-up = [ ];
"Mod+Shift+L".action.focus-monitor-right = [ ];
"Mod+Shift+Ctrl+Left".action.move-column-to-monitor-left = [ ];
"Mod+Shift+Ctrl+Down".action.move-column-to-monitor-down = [ ];
"Mod+Shift+Ctrl+Up".action.move-column-to-monitor-up = [ ];
"Mod+Shift+Ctrl+Right".action.move-column-to-monitor-right = [ ];
"Mod+Shift+Ctrl+H".action.move-column-to-monitor-left = [ ];
"Mod+Shift+Ctrl+J".action.move-column-to-monitor-down = [ ];
"Mod+Shift+Ctrl+K".action.move-column-to-monitor-up = [ ];
"Mod+Shift+Ctrl+L".action.move-column-to-monitor-right = [ ];
"Mod+Page_Down".action.focus-workspace-down = [ ];
"Mod+Page_Up".action.focus-workspace-up = [ ];
"Mod+U".action.focus-workspace-down = [ ];
"Mod+I".action.focus-workspace-up = [ ];
"Mod+Ctrl+Page_Down".action.move-column-to-workspace-down = [ ];
"Mod+Ctrl+Page_Up".action.move-column-to-workspace-up = [ ];
"Mod+Ctrl+U".action.move-column-to-workspace-down = [ ];
"Mod+Ctrl+I".action.move-column-to-workspace-up = [ ];
"Mod+Shift+Page_Down".action.move-workspace-down = [ ];
"Mod+Shift+Page_Up".action.move-workspace-up = [ ];
"Mod+Shift+U".action.move-workspace-down = [ ];
"Mod+Shift+I".action.move-workspace-up = [ ];
"Mod+WheelScrollDown" = {
action.focus-workspace-down = [ ];
cooldown-ms = 150;
};
"Mod+WheelScrollUp" = {
action.focus-workspace-up = [ ];
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollDown" = {
action.move-column-to-workspace-down = [ ];
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollUp" = {
action.move-column-to-workspace-up = [ ];
cooldown-ms = 150;
};
"Mod+WheelScrollRight".action.focus-column-right = [ ];
"Mod+WheelScrollLeft".action.focus-column-left = [ ];
"Mod+Ctrl+WheelScrollRight".action.move-column-right = [ ];
"Mod+Ctrl+WheelScrollLeft".action.move-column-left = [ ];
"Mod+Shift+WheelScrollDown".action.focus-column-right = [ ];
"Mod+Shift+WheelScrollUp".action.focus-column-left = [ ];
"Mod+Ctrl+Shift+WheelScrollDown".action.move-column-right = [ ];
"Mod+Ctrl+Shift+WheelScrollUp".action.move-column-left = [ ];
"Mod+1".action.focus-workspace = 1;
"Mod+2".action.focus-workspace = 2;
"Mod+3".action.focus-workspace = 3;
"Mod+4".action.focus-workspace = 4;
"Mod+5".action.focus-workspace = 5;
"Mod+6".action.focus-workspace = 6;
"Mod+7".action.focus-workspace = 7;
"Mod+8".action.focus-workspace = 8;
"Mod+9".action.focus-workspace = 9;
"Mod+Ctrl+1".action.move-column-to-workspace = 1;
"Mod+Ctrl+2".action.move-column-to-workspace = 2;
"Mod+Ctrl+3".action.move-column-to-workspace = 3;
"Mod+Ctrl+4".action.move-column-to-workspace = 4;
"Mod+Ctrl+5".action.move-column-to-workspace = 5;
"Mod+Ctrl+6".action.move-column-to-workspace = 6;
"Mod+Ctrl+7".action.move-column-to-workspace = 7;
"Mod+Ctrl+8".action.move-column-to-workspace = 8;
"Mod+Ctrl+9".action.move-column-to-workspace = 9;
"Mod+BracketLeft".action.consume-or-expel-window-left = [ ];
"Mod+BracketRight".action.consume-or-expel-window-right = [ ];
"Mod+Comma".action.consume-window-into-column = [ ];
"Mod+Period".action.expel-window-from-column = [ ];
"Mod+R".action.switch-preset-column-width = [ ];
"Mod+Shift+R".action.switch-preset-window-height = [ ];
"Mod+Ctrl+R".action.reset-window-height = [ ];
"Mod+F".action.maximize-column = [ ];
"Mod+Shift+F".action.fullscreen-window = [ ];
"Mod+M".action.maximize-window-to-edges = [ ];
"Mod+Ctrl+F".action.expand-column-to-available-width = [ ];
"Mod+C".action.center-column = [ ];
"Mod+Ctrl+C".action.center-visible-columns = [ ];
"Mod+Minus".action.set-column-width = "-10%";
"Mod+Equal".action.set-column-width = "+10%";
"Mod+Shift+Minus".action.set-window-height = "-10%";
"Mod+Shift+Equal".action.set-window-height = "+10%";
"Mod+V".action.toggle-window-floating = [ ];
"Mod+Shift+V".action.switch-focus-between-floating-and-tiling = [ ];
"Mod+W".action.toggle-column-tabbed-display = [ ];
}
modules/features/niri/default.nix
+103
View File
@@ -0,0 +1,103 @@
{ inputs, ... }:
{
flake.modules.nixos.niri =
{ pkgs, ... }:
{
imports = [ inputs.niri.nixosModules.niri ];
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
programs.niri.enable = true;
programs.niri.package = pkgs.niri-unstable;
programs.dconf.enable = true;
services.gvfs.enable = true;
services.udisks2.enable = true;
xdg.portal.enable = true;
};
flake.modules.homeManager.niri =
{ config, pkgs, ... }:
{
home.sessionVariables.NIXOS_OZONE_WL = "1";
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
home.packages = with pkgs; [
playerctl
nautilus
brightnessctl
xwayland-satellite
];
programs.niri.settings = {
environment.DISPLAY = ":0";
spawn-at-startup = [
{ command = [ "xwayland-satellite" ]; }
{ command = [ "noctalia-shell" ]; }
{ command = [ "qbittorrent" ]; }
];
prefer-no-csd = true;
hotkey-overlay.skip-at-startup = true;
screenshot-path = "${config.xdg.userDirs.pictures}/screenshots/%Y-%m-%dT%H:%M:%S.png";
animations.slowdown = 0.6;
cursor = with config.home.pointerCursor; {
size = size;
theme = name;
hide-after-inactive-ms = 3000;
hide-when-typing = true;
};
layout = {
always-center-single-column = true;
gaps = 14;
focus-ring.enable = false;
default-column-width.proportion = 1. / 2.;
border = {
enable = true;
width = 3;
active.color = "#7E9CD8";
inactive.color = "#54546D";
urgent.color = "#E82424";
};
};
window-rules = [
{
geometry-corner-radius =
let
radius = 10.0;
in
{
bottom-left = radius;
bottom-right = radius;
top-left = radius;
top-right = radius;
};
clip-to-geometry = true;
}
];
debug.honor-xdg-activation-with-invalid-serial = true;
input = {
focus-follows-mouse.enable = true;
keyboard = {
repeat-delay = 300;
repeat-rate = 50;
xkb.options = "caps:escape";
};
mouse.accel-speed = 0.4;
};
binds = import ./_bindings.nix;
};
};
}
modules/features/nix.nix
+43 -48
View File
@@ -1,55 +1,50 @@
{ den, inputs, ... }:
{
lux.nix = {
includes = [
(den.lib.perHost {
nixos = {
nixpkgs.config.allowUnfree = true;
flake.modules.nixos.nix =
{ inputs, ... }:
{
nixpkgs.config.allowUnfree = true;
nix = {
gc.automatic = true;
optimise.automatic = true;
registry.nixpkgs.flake = inputs.nixpkgs;
channel.enable = false;
nix = {
gc.automatic = true;
optimise.automatic = true;
registry.nixpkgs.flake = inputs.nixpkgs;
channel.enable = false;
settings = {
trusted-users = [ "@wheel" ];
use-xdg-base-directories = true;
auto-optimise-store = true;
settings = {
trusted-users = [ "@wheel" ];
use-xdg-base-directories = true;
auto-optimise-store = true;
experimental-features = [
"nix-command"
"flakes"
];
};
};
};
})
];
homeManager =
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellApplication {
name = "ns";
runtimeInputs = [
pkgs.fzf
pkgs.nix-search-tv
];
text = builtins.readFile "${pkgs.nix-search-tv.src}/nixpkgs.sh";
})
];
programs.television = {
enable = true;
enableZshIntegration = false;
};
programs.nix-search-tv = {
enable = true;
enableTelevisionIntegration = true;
experimental-features = [
"nix-command"
"flakes"
];
};
};
};
};
flake.modules.homeManager.nix =
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellApplication {
name = "ns";
runtimeInputs = [
pkgs.fzf
pkgs.nix-search-tv
];
text = builtins.readFile "${pkgs.nix-search-tv.src}/nixpkgs.sh";
})
];
programs.television = {
enable = true;
enableZshIntegration = false;
};
programs.nix-search-tv = {
enable = true;
enableTelevisionIntegration = true;
};
};
}
modules/features/noctalia.nix
+7 -3
View File
@@ -1,7 +1,11 @@
{ inputs, ... }:
{
lux.noctalia.homeManager =
{ lib, pkgs, ... }:
flake.modules.homeManager.noctalia =
{
inputs,
lib,
pkgs,
...
}:
{
imports = [ inputs.noctalia.homeModules.default ];
modules/features/pim.nix
+65 -76
View File
@@ -1,86 +1,75 @@
{ den, ... }:
let
calendarAccount = den.lib.perUser (
{ host, user }:
{
flake.modules.homeManager.pim =
{
homeManager =
{ config, ... }:
let
calendarsPath = "${config.xdg.dataHome}/calendars";
in
{
programs.pimsync.enable = true;
services.pimsync.enable = true;
config,
...
}:
let
calendarsPath = "${config.xdg.dataHome}/calendars";
in
{
programs.pimsync.enable = true;
services.pimsync.enable = true;
programs.khal = {
# FIXME: Temporarily disabled because of bug in nixpkgs-unstable (27-02-26)
enable = false;
locale = {
timeformat = "%H:%M";
dateformat = "$m-$d";
};
programs.khal = {
enable = false;
locale = {
timeformat = "%H:%M";
dateformat = "$m-$d";
};
};
programs.todoman = {
enable = true;
glob = "*/*";
extraConfig = ''
date_format = "%Y-%m-%d"
time_format = "%H:%M"
default_list = "personal"
default_due = 0
default_command = "list --sort priority,due"
humanize = True
'';
};
accounts.calendar = {
basePath = calendarsPath;
accounts.radicale = {
primary = true;
primaryCollection = "personal";
local = {
type = "filesystem";
fileExt = ".ics";
};
programs.todoman = {
remote = {
url = "https://radicale.jelles.net/";
type = "caldav";
userName = config.home.username;
passwordCommand = [
"rbw"
"get"
"Radicale"
];
};
pimsync = {
enable = true;
glob = "*/*";
extraConfig = ''
date_format = "%Y-%m-%d"
time_format = "%H:%M"
default_list = "personal"
default_due = 0
default_command = "list --sort priority,due"
humanize = True
'';
extraPairDirectives = [
{
name = "collections";
params = [ "from b" ];
}
];
};
accounts.calendar = {
basePath = calendarsPath;
accounts = {
"radicale" = {
primary = true;
primaryCollection = "personal";
local = {
type = "filesystem";
fileExt = ".ics";
};
remote = {
url = "https://radicale.${host.serviceDomain}/";
type = "caldav";
userName = user.userName;
passwordCommand = [
"rbw"
"get"
"Radicale"
];
};
pimsync = {
enable = true;
extraPairDirectives = [
{
name = "collections";
params = [ "from b" ];
}
];
};
khal = {
enable = true;
type = "discover";
color = "light blue";
};
};
};
khal = {
enable = true;
type = "discover";
color = "light blue";
};
};
}
);
in
{
lux.pim = {
includes = [ calendarAccount ];
};
};
};
}
modules/features/pinentry.nix
-7
View File
@@ -1,7 +0,0 @@
{
lux.pinentry.homeManager =
{ pkgs, ... }:
{
programs.rbw.settings.pinentry = pkgs.pinentry-gnome3;
};
}
modules/features/podman.nix
+3 -5
View File
@@ -1,10 +1,8 @@
{ ... }:
{
lux.podman = {
homeManager = {
services.podman = {
enable = true;
};
flake.modules.homeManager.podman = {
services.podman = {
enable = true;
};
};
}
modules/features/printing.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.printing.nixos =
flake.modules.nixos.printing =
{ pkgs, ... }:
{
services.printing = {
modules/features/qbittorrent-client.nix
+11 -16
View File
@@ -1,19 +1,14 @@
{ den, ... }:
{
lux.qbittorrent-client = {
includes = [
(den.lib.perHost {
nixos.networking.firewall = {
allowedTCPPorts = [ 43864 ];
allowedUDPPorts = [ 43864 ];
};
})
];
homeManager =
{ pkgs, ... }:
{
home.packages = [ pkgs.qbittorrent ];
};
flake.modules.nixos.qbittorrentClient = {
networking.firewall = {
allowedTCPPorts = [ 43864 ];
allowedUDPPorts = [ 43864 ];
};
};
flake.modules.homeManager.qbittorrentClient =
{ pkgs, ... }:
{
home.packages = [ pkgs.qbittorrent ];
};
}
modules/features/region-nl.nix
+1 -1
View File
@@ -1,6 +1,6 @@
{ ... }:
{
lux.region-nl.nixos = {
flake.modules.nixos.regionNl = {
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
modules/features/sddm.nix
+11 -14
View File
@@ -1,17 +1,14 @@
{ inputs, ... }:
{
lux.sddm = {
nixos =
{ pkgs, ... }:
{
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
theme = "${pkgs.sddm-astronaut}/share/sddm/themes/sddm-astronaut-theme";
extraPackages = with pkgs; [
kdePackages.qtmultimedia
];
};
flake.modules.nixos.sddm =
{ pkgs, ... }:
{
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
theme = "${pkgs.sddm-astronaut}/share/sddm/themes/sddm-astronaut-theme";
extraPackages = with pkgs; [
kdePackages.qtmultimedia
];
};
};
};
}
modules/features/services/actual.nix
+13 -18
View File
@@ -1,22 +1,17 @@
{ den, ... }:
{
lux.services._.actual = den.lib.perHost (
{ host, ... }:
flake.modules.nixos.actual =
{ config, ... }:
{
nixos =
{ config, ... }:
{
services.actual = {
enable = true;
openFirewall = false;
settings = {
port = 3000;
hostname = "127.0.0.1";
};
};
services.caddy.virtualHosts."finance.${host.serviceDomain}".extraConfig =
"reverse_proxy :${toString config.services.actual.settings.port}";
services.actual = {
enable = true;
openFirewall = false;
settings = {
port = 3000;
hostname = "127.0.0.1";
};
}
);
};
services.caddy.virtualHosts."finance.jelles.net".extraConfig =
"reverse_proxy :${toString config.services.actual.settings.port}";
};
}
modules/features/services/caddy.nix
+3 -4
View File
@@ -1,10 +1,9 @@
{ den, ... }:
{
lux.services._.caddy = den.lib.perHost ({ host }: {
nixos.services.caddy = {
flake.modules.nixos.caddy = {
services.caddy = {
enable = true;
email = "mail@jelles.net";
openFirewall = true;
};
});
};
}
modules/features/services/deluge.nix
+14 -16
View File
@@ -1,20 +1,18 @@
{
lux.deluge = {
nixos =
{ config, ... }:
{
sops.secrets.deluge-auth-file = { };
flake.modules.nixos.delugeService =
{ ... }:
{
sops.secrets.deluge-auth-file = { };
services.deluge = {
enable = true;
# For some reason passwords never match??
declarative = false;
};
services.deluge = {
enable = true;
declarative = false;
};
homeManager =
{ pkgs, ... }:
{
home.packages = [ pkgs.deluge ];
};
};
};
flake.modules.homeManager.delugeClient =
{ pkgs, ... }:
{
home.packages = [ pkgs.deluge ];
};
}
modules/features/services/gitea.nix
+20 -28
View File
@@ -1,36 +1,28 @@
{ den, ... }:
{
lux.services._.gitea = den.lib.perHost (
{ host }:
flake.modules.nixos.gitea =
{ config, ... }:
{
nixos =
{ config, ... }:
{
services.gitea = {
enable = true;
services.gitea = {
enable = true;
settings = {
server = {
DOMAIN = "git.${host.serviceDomain}";
ROOT_URL = "https://git.${host.serviceDomain}/";
HTTP_PORT = 3001;
HTTP_ADDR = "127.0.0.1";
settings = {
server = {
DOMAIN = "git.jelles.net";
ROOT_URL = "https://git.jelles.net/";
HTTP_PORT = 3001;
HTTP_ADDR = "127.0.0.1";
START_SSH_SERVER = false;
SSH_PORT = 22;
};
service = {
DISABLE_REGISTRATION = true;
};
};
START_SSH_SERVER = false;
SSH_PORT = 22;
};
services.openssh.settings.AllowUsers = [ "gitea" ];
services.caddy.virtualHosts."git.${host.serviceDomain}".extraConfig =
"reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}";
service.DISABLE_REGISTRATION = true;
};
}
);
};
services.openssh.settings.AllowUsers = [ "gitea" ];
services.caddy.virtualHosts."git.jelles.net".extraConfig =
"reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}";
};
}
modules/features/services/openssh.nix
+26 -78
View File
@@ -1,80 +1,28 @@
{ den, lib, ... }:
let
hostConfig =
{ host }:
{
nixos =
{ config, ... }:
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
AllowUsers = lib.attrNames host.users;
};
};
users.users = lib.mapAttrs (_: user: {
openssh.authorizedKeys.keys = user.authorizedSshKeys;
}) host.users;
assertions = lib.optionals host.requiresSshRecovery (
let
missingUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sshRecoveryUsers;
usersWithoutKeys = lib.filter (
userName:
(builtins.hasAttr userName host.users) && host.users.${userName}.authorizedSshKeys == [ ]
) host.sshRecoveryUsers;
in
[
{
assertion = config.services.openssh.enable;
message = "Hosts with requiresSshRecovery must enable OpenSSH.";
}
{
assertion = config.services.openssh.settings.PasswordAuthentication == false;
message = "Hosts with requiresSshRecovery must disable SSH password authentication.";
}
{
assertion =
let
rootLogin = config.services.openssh.settings.PermitRootLogin;
in
rootLogin == false || rootLogin == "no";
message = "Hosts with requiresSshRecovery must disable SSH root login.";
}
{
assertion = host.sshRecoveryUsers != [ ];
message = "Hosts with requiresSshRecovery must declare at least one sshRecoveryUser.";
}
{
assertion = missingUsers == [ ];
message =
"All sshRecoveryUsers must exist on the host. Missing: "
+ lib.concatStringsSep ", " missingUsers;
}
{
assertion = usersWithoutKeys == [ ];
message =
"All sshRecoveryUsers must have plain authorizedSshKeys. Missing keys for: "
+ lib.concatStringsSep ", " usersWithoutKeys;
}
{
assertion = host.sopsHostSshKeyPath != null;
message = "Hosts with requiresSshRecovery must set sopsHostSshKeyPath.";
}
{
assertion = config.services.openssh.openFirewall || lib.elem 22 config.networking.firewall.allowedTCPPorts;
message = "Hosts with requiresSshRecovery must expose SSH through the firewall.";
}
]
);
};
};
in
{ ... }:
{
lux.services._.openssh = den.lib.parametric.exactly {
includes = [ hostConfig ];
};
flake.modules.nixos.openssh =
{
config,
lib,
host ? {
isServer = false;
},
...
}:
let
hostUserNames = builtins.attrNames (
lib.filterAttrs (_: user: user.isNormalUser or false) config.users.users
);
in
{
services.openssh = {
enable = true;
openFirewall = host.isServer;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
AllowUsers = hostUserNames;
};
};
};
}
modules/features/services/qbittorrent.nix
+6 -8
View File
@@ -1,13 +1,11 @@
{ ... }:
{
lux.qbittorrent = {
nixos = {
services.qbittorrent = {
enable = true;
openFirewall = true;
torrentingPort = 43864;
webuiPort = 8123;
};
flake.modules.nixos.qbittorrent = {
services.qbittorrent = {
enable = true;
openFirewall = true;
torrentingPort = 43864;
webuiPort = 8123;
};
};
}
modules/features/services/radicale.nix
+20 -26
View File
@@ -1,33 +1,27 @@
{ den, ... }:
{
lux.services._.radicale = den.lib.perHost (
{ host }:
flake.modules.nixos.radicale =
{ ... }:
{
nixos =
{ config, ... }:
{
services.radicale = {
enable = true;
settings = {
server.hosts = [ "127.0.0.1:5232" ];
services.radicale = {
enable = true;
settings = {
server.hosts = [ "127.0.0.1:5232" ];
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage.filesystem_folder = "/var/lib/radicale/collections";
};
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/users";
htpasswd_encryption = "bcrypt";
};
services.caddy.virtualHosts."radicale.${host.serviceDomain}".extraConfig = ''
reverse_proxy :5232 {
header_up X-Script-Name /
header_up X-Forwarded-For {remote}
header_up X-Remote-User {http.auth.user.id}
}'';
storage.filesystem_folder = "/var/lib/radicale/collections";
};
}
);
};
services.caddy.virtualHosts."radicale.jelles.net".extraConfig = ''
reverse_proxy :5232 {
header_up X-Script-Name /
header_up X-Forwarded-For {remote}
header_up X-Remote-User {http.auth.user.id}
}'';
};
}
modules/features/services/vaultwarden.nix
+5 -6
View File
@@ -1,20 +1,19 @@
{ den, ... }:
{
lux.services._.vaultwarden = den.lib.perHost ({ host }: {
nixos = { config, ... }: {
flake.modules.nixos.vaultwarden =
{ config, ... }:
{
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
config = {
DOMAIN = "https://vault.${host.serviceDomain}";
DOMAIN = "https://vault.jelles.net";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = 8100;
ROCKET_LOG = "critical";
};
};
services.caddy.virtualHosts."vault.${host.serviceDomain}".extraConfig =
services.caddy.virtualHosts."vault.jelles.net".extraConfig =
"reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
});
}
modules/features/shell.nix
+137 -167
View File
@@ -1,184 +1,154 @@
{ inputs, ... }:
{
lux.shell = {
homeManager =
{ lib, config, ... }:
{
home.sessionVariables = {
STARSHIP_CACHE = "${config.xdg.cacheHome}/starship";
};
flake.modules.homeManager.shell =
{ lib, config, ... }:
{
home.sessionVariables = {
STARSHIP_CACHE = "${config.xdg.cacheHome}/starship";
};
# Delete zcompdump on config switch, so that we regenerate completions
home.activation = {
clearZshCompDump = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
rm -f "${config.programs.zsh.dotDir}"/.zcompdump*
'';
};
home.activation = {
clearZshCompDump = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
rm -f "${config.programs.zsh.dotDir}"/.zcompdump*
'';
};
programs.zsh = {
programs.zsh = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh";
enableCompletion = true;
completionInit = ''
autoload -U compinit
compinit -C
ZCOMPDUMP="${config.programs.zsh.dotDir}/.zcompdump"
{
if [[ -s "$ZCOMPDUMP" && (! -s "''${ZCOMPDUMP}.zwc" || "$ZCOMPDUMP" -nt "''${ZCOMPDUMP}.zwc") ]]; then
zcompile "$ZCOMPDUMP"
fi
} &!
'';
autosuggestion.enable = true;
syntaxHighlighting = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh";
highlighters = [
"main"
"brackets"
"pattern"
"regexp"
"root"
"line"
];
};
enableCompletion = true;
completionInit = ''
autoload -U compinit
compinit -C
historySubstringSearch.enable = true;
ZCOMPDUMP="${config.programs.zsh.dotDir}/.zcompdump"
# Compile it in the background
{
if [[ -s "$ZCOMPDUMP" && (! -s "''${ZCOMPDUMP}.zwc" || "$ZCOMPDUMP" -nt "''${ZCOMPDUMP}.zwc") ]]; then
zcompile "$ZCOMPDUMP"
fi
} &!
'';
autosuggestion.enable = true;
history = {
ignoreDups = true;
save = 10000;
size = 10000;
path = "${config.xdg.dataHome}/zsh_history";
};
syntaxHighlighting = {
enable = true;
highlighters = [
"main"
"brackets"
"pattern"
"regexp"
"root"
"line"
];
profileExtra = lib.optionalString (config.home.sessionPath != [ ]) ''
export PATH="$PATH''${PATH:+:}${lib.concatStringsSep ":" config.home.sessionPath}"
'';
initContent = ''
bindkey -v
export KEYTIMEOUT=1
autoload -U history-search-end
zle -N history-beginning-search-backward-end history-search-end
zle -N history-beginning-search-forward-end history-search-end
bindkey "^[OA" history-beginning-search-backward-end
bindkey "^[OB" history-beginning-search-forward-end
zstyle ':completion:*' completer _extensions _complete _approximate
zstyle ':completion:*' use-cache on
zstyle ':completion:*' cache-path "$XDG_CACHE_HOME/zsh/.zcompcache"
zstyle ':completion:*' complete true
zstyle ':completion:*' complete-options true
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
zstyle ':completion:*' keep-prefix true
zstyle ':completion:*' menu select
zstyle ':completion:*' list-grouped false
zstyle ':completion:*' list-separator '''
zstyle ':completion:*' group-name '''
zstyle ':completion:*' verbose yes
zstyle ':completion:*:matches' group 'yes'
zstyle ':completion:*:warnings' format '%F{red}%B-- No match for: %d --%b%f'
zstyle ':completion:*:messages' format '%d'
zstyle ':completion:*:corrections' format '%B%d (errors: %e)%b'
zstyle ':completion:*:descriptions' format '[%d]'
zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
zstyle ':completion:*:*:cd:*' tag-order local-directories directory-stack path-directories
zstyle ':completion:*:*:cd:*:directory-stack' menu yes select
zstyle ':completion:*:-tilde-:*' group-order 'named-directories' 'path-directories' 'users' 'expand'
zstyle ':completion:*:*:-command-:*:*' group-order aliases builtins functions commands
zstyle ':completion:*' special-dirs true
zstyle ':completion:*' squeeze-slashes true
zstyle ':completion:*' sort false
zstyle ":completion:*:git-checkout:*" sort false
zstyle ':completion:*' file-sort modification
zstyle ':completion:*:eza' sort false
zstyle ':completion:complete:*:options' sort false
zstyle ':completion:files' sort false
'';
};
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = true;
format = lib.concatStrings [
"$nix_shell"
"$hostname"
"$directory"
"$git_branch"
"$git_state"
"$git_status"
"$line_break"
"$character"
];
directory = {
truncation_length = 99;
truncate_to_repo = false;
};
historySubstringSearch.enable = true;
history = {
ignoreDups = true;
save = 10000;
size = 10000;
path = "${config.xdg.dataHome}/zsh_history";
nix_shell = {
format = "[$symbol]($style) ";
symbol = "🐚";
style = "";
};
profileExtra = lib.optionalString (config.home.sessionPath != [ ]) ''
export PATH="$PATH''${PATH:+:}${lib.concatStringsSep ":" config.home.sessionPath}"
'';
initContent =
# bash
''
bindkey -v
export KEYTIMEOUT=1
# search history based on what's typed in the prompt
autoload -U history-search-end
zle -N history-beginning-search-backward-end history-search-end
zle -N history-beginning-search-forward-end history-search-end
bindkey "^[OA" history-beginning-search-backward-end
bindkey "^[OB" history-beginning-search-forward-end
# General completion behavior
zstyle ':completion:*' completer _extensions _complete _approximate
# Use cache
zstyle ':completion:*' use-cache on
zstyle ':completion:*' cache-path "$XDG_CACHE_HOME/zsh/.zcompcache"
# Complete the alias
zstyle ':completion:*' complete true
# Autocomplete options
zstyle ':completion:*' complete-options true
# Completion matching control
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
zstyle ':completion:*' keep-prefix true
# Group matches and describe
zstyle ':completion:*' menu select
zstyle ':completion:*' list-grouped false
zstyle ':completion:*' list-separator '''
zstyle ':completion:*' group-name '''
zstyle ':completion:*' verbose yes
zstyle ':completion:*:matches' group 'yes'
zstyle ':completion:*:warnings' format '%F{red}%B-- No match for: %d --%b%f'
zstyle ':completion:*:messages' format '%d'
zstyle ':completion:*:corrections' format '%B%d (errors: %e)%b'
zstyle ':completion:*:descriptions' format '[%d]'
# Colors
zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
# case insensitive tab completion
zstyle ':completion:*:*:cd:*' tag-order local-directories directory-stack path-directories
zstyle ':completion:*:*:cd:*:directory-stack' menu yes select
zstyle ':completion:*:-tilde-:*' group-order 'named-directories' 'path-directories' 'users' 'expand'
zstyle ':completion:*:*:-command-:*:*' group-order aliases builtins functions commands
zstyle ':completion:*' special-dirs true
zstyle ':completion:*' squeeze-slashes true
# Sort
zstyle ':completion:*' sort false
zstyle ":completion:*:git-checkout:*" sort false
zstyle ':completion:*' file-sort modification
zstyle ':completion:*:eza' sort false
zstyle ':completion:complete:*:options' sort false
zstyle ':completion:files' sort false
'';
};
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = true;
format = lib.concatStrings [
"$nix_shell"
"$hostname"
"$directory"
"$git_branch"
"$git_state"
"$git_status"
"$line_break"
"$character"
];
directory = {
truncation_length = 99;
truncate_to_repo = false;
};
nix_shell = {
format = "[$symbol]($style) ";
symbol = "🐚";
style = "";
};
git_status = {
format = "[[(*$conflicted$untracked$modified$staged$renamed$deleted)](218)($ahead_behind$stashed)]($style)";
style = "cyan";
conflicted = "";
renamed = "";
deleted = "";
stashed = "";
};
git_state = {
format = "([$state( $progress_current/$progress_total)]($style)) ";
style = "bright-black";
};
line_break = {
disabled = false;
};
git_status = {
format = "[[(*$conflicted$untracked$modified$staged$renamed$deleted)](218)($ahead_behind$stashed)]($style)";
style = "cyan";
conflicted = "";
renamed = "";
deleted = "";
stashed = "";
};
};
programs.eza = {
enable = true;
};
git_state = {
format = "([$state( $progress_current/$progress_total)]($style)) ";
style = "bright-black";
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
line_break.disabled = false;
};
};
};
programs.eza.enable = true;
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
};
}
modules/features/sops-password.nix
-14
View File
@@ -1,14 +0,0 @@
{ den, ... }:
{
lux.sops-password = den.lib.perUser (
{ user, ... }:
{
nixos =
{ config, ... }:
{
sops.secrets."hashed-password-${user.userName}".neededForUsers = true;
users.users.${user.userName}.hashedPasswordFile = config.sops.secrets."hashed-password-${user.userName}".path;
};
}
);
}
modules/features/ssh.nix
+16 -23
View File
@@ -1,27 +1,20 @@
{ den, ... }:
{
lux.ssh = {
homeManager =
{ config, ... }:
{
programs.ssh = {
enable = true;
enableDefaultConfig = false;
includes = [
config.sops.templates."ssh-config-orion".path
];
};
sops.secrets."orion-ip" = { };
sops.templates."ssh-config-orion".content = ''
Host orion
HostName ${config.sops.placeholder."orion-ip"}
ForwardAgent yes
'';
flake.modules.homeManager.sshClient =
{ config, ... }:
{
programs.ssh = {
enable = true;
enableDefaultConfig = false;
includes = [
config.sops.templates."ssh-config-orion".path
];
};
nixos.security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
};
sops.secrets."orion-ip" = { };
sops.templates."ssh-config-orion".content = ''
Host orion
HostName ${config.sops.placeholder."orion-ip"}
ForwardAgent yes
'';
};
}
modules/features/standard-boot.nix
+20
View File
@@ -0,0 +1,20 @@
{ ... }:
{
flake.modules.nixos.standardBoot =
{ pkgs, ... }:
{
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
consoleMode = "auto";
configurationLimit = 5;
};
};
tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest;
};
};
}
modules/features/steam.nix
+5 -9
View File
@@ -1,13 +1,9 @@
{ ... }:
{
lux.steam = {
nixos =
{ pkgs, ... }:
{
programs.steam = {
enable = true;
protontricks.enable = true;
};
};
flake.modules.nixos.steam = {
programs.steam = {
enable = true;
protontricks.enable = true;
};
};
}
modules/features/syncthing.nix
+36 -51
View File
@@ -1,56 +1,41 @@
{
den,
lib,
...
}:
let
meshDevices = lib.listToAttrs (
lib.concatMap (
host:
lib.mapAttrsToList (
userName: user:
let
name = "${userName}@${host.name}";
in
{
inherit name;
value = {
inherit name;
id = user.syncthingId;
};
}
) (lib.filterAttrs (_: u: u.syncthingId != null) host.users)
) (lib.attrValues den.hosts.x86_64-linux)
);
in
{
lux.syncthing = den.lib.perUser (
{ host, user }:
{
homeManager = {
services.syncthing = {
enable = true;
flake.modules.homeManager.syncthing =
{ ... }:
let
syncthingMesh = {
"kiri@orion" = {
name = "kiri@orion";
id = "NNRNQKZ-OWPHSVA-B6KKBHE-SDYLSTV-7SVHGPR-NEWLKPL-4MWNJG4-G5FHUAI";
};
overrideDevices = true;
overrideFolders = true;
settings = {
folders = {
sync = {
path = "~/sync";
label = "sync";
devices = lib.attrNames meshDevices;
};
calibre = {
path = "~/calibre";
label = "calibre";
devices = lib.attrNames meshDevices;
};
};
devices = meshDevices;
};
"kiri@polaris" = {
name = "kiri@polaris";
id = "6HBAKXB-DB3B4H2-BODCAXF-KD23H5W-6X5LGLC-ZJHZHLG-7U7YMGO-BB6IXQ3";
};
};
}
);
in
{
services.syncthing = {
enable = true;
overrideDevices = true;
overrideFolders = true;
settings = {
folders = {
sync = {
path = "~/sync";
label = "sync";
devices = builtins.attrNames syncthingMesh;
};
calibre = {
path = "~/calibre";
label = "calibre";
devices = builtins.attrNames syncthingMesh;
};
};
devices = syncthingMesh;
};
};
};
}
modules/features/system-base.nix
+1 -1
View File
@@ -1,5 +1,5 @@
{
lux.system-base.nixos = {
flake.modules.nixos.systemBase = {
users.mutableUsers = false;
services.dbus.implementation = "broker";
modules/features/terminal.nix
+62 -79
View File
@@ -1,82 +1,65 @@
{ inputs, ... }:
{
lux.terminal = {
homeManager =
{ pkgs, ... }:
{
xdg.terminal-exec = {
enable = true;
settings.default = [ "kitty.desktop" ];
};
programs.kitty = {
enable = true;
font = {
name = "JetBrains Mono";
size = 11;
};
settings = {
# Fonts
disable_ligatures = "always";
# Scrollback
scrollback_lines = 10000;
# Terminal bell
enable_audio_bell = false;
# Window layout
confirm_os_window_close = 0;
window_padding_width = 3;
# Advanced
update_check_interval = 0;
};
extraConfig = ''
## name: Kanagawa
## license: MIT
## author: Tommaso Laurenzi
## upstream: https://github.com/rebelot/kanagawa.nvim/
background #1F1F28
foreground #DCD7BA
selection_background #2D4F67
selection_foreground #C8C093
url_color #72A7BC
cursor #C8C093
# Tabs
active_tab_background #1F1F28
active_tab_foreground #C8C093
inactive_tab_background #1F1F28
inactive_tab_foreground #727169
#tab_bar_background #15161E
# normal
color0 #16161D
color1 #C34043
color2 #76946A
color3 #C0A36E
color4 #7E9CD8
color5 #957FB8
color6 #6A9589
color7 #C8C093
# bright
color8 #727169
color9 #E82424
color10 #98BB6C
color11 #E6C384
color12 #7FB4CA
color13 #938AA9
color14 #7AA89F
color15 #DCD7BA
# extended colors
color16 #FFA066
color17 #FF5D62
'';
};
flake.modules.homeManager.terminal =
{ pkgs, ... }:
{
xdg.terminal-exec = {
enable = true;
settings.default = [ "kitty.desktop" ];
};
};
programs.kitty = {
enable = true;
font = {
name = "JetBrains Mono";
size = 11;
};
settings = {
disable_ligatures = "always";
scrollback_lines = 10000;
enable_audio_bell = false;
confirm_os_window_close = 0;
window_padding_width = 3;
update_check_interval = 0;
};
extraConfig = ''
## name: Kanagawa
## license: MIT
## author: Tommaso Laurenzi
## upstream: https://github.com/rebelot/kanagawa.nvim/
background #1F1F28
foreground #DCD7BA
selection_background #2D4F67
selection_foreground #C8C093
url_color #72A7BC
cursor #C8C093
active_tab_background #1F1F28
active_tab_foreground #C8C093
inactive_tab_background #1F1F28
inactive_tab_foreground #727169
color0 #16161D
color1 #C34043
color2 #76946A
color3 #C0A36E
color4 #7E9CD8
color5 #957FB8
color6 #6A9589
color7 #C8C093
color8 #727169
color9 #E82424
color10 #98BB6C
color11 #E6C384
color12 #7FB4CA
color13 #938AA9
color14 #7AA89F
color15 #DCD7BA
color16 #FFA066
color17 #FF5D62
'';
};
};
}
modules/features/theme.nix
+42 -48
View File
@@ -1,54 +1,48 @@
{
lux.theme = {
homeManager =
{ config, pkgs, ... }:
{
home.pointerCursor = {
name = "phinger-cursors-light";
package = pkgs.phinger-cursors;
size = 24;
gtk.enable = true;
};
flake.modules.homeManager.theme =
{ config, pkgs, ... }:
let
kanagawaThemeSrc = pkgs.fetchFromGitHub {
owner = "Fausto-Korpsvart";
repo = "Kanagawa-GKT-Theme";
rev = "55ca4ba249eba21f861b9866b71ab41bb8930318";
hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E=";
};
gtk = {
enable = true;
gtk3.bookmarks = [
"sftp://orion Orion VPS"
];
theme = {
name = "Kanagawa-BL-LB";
# Package in nixpkgs is outdated
package = pkgs.kanagawa-gtk-theme.overrideAttrs (oldAttrs: {
version = "unstable-2025-10-23";
src = pkgs.fetchFromGitHub {
owner = "Fausto-Korpsvart";
repo = "Kanagawa-GKT-Theme";
rev = "55ca4ba249eba21f861b9866b71ab41bb8930318";
hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E=";
};
});
};
gtk4.theme = {
inherit (config.gtk.theme) name package;
};
iconTheme = {
name = "Kanagawa";
package = pkgs.kanagawa-icon-theme.overrideAttrs (oldAttrs: {
version = "unstable-2025-10-23";
src = pkgs.fetchFromGitHub {
owner = "Fausto-Korpsvart";
repo = "Kanagawa-GKT-Theme";
rev = "55ca4ba249eba21f861b9866b71ab41bb8930318";
hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E=";
};
});
};
};
kanagawaOverride = {
version = "unstable-2025-10-23";
src = kanagawaThemeSrc;
};
in
{
home.pointerCursor = {
name = "phinger-cursors-light";
package = pkgs.phinger-cursors;
size = 24;
gtk.enable = true;
};
qt = {
enable = true;
platformTheme.name = "gtk3";
gtk = {
enable = true;
gtk3.bookmarks = [
"sftp://orion Orion VPS"
];
theme = {
name = "Kanagawa-BL-LB";
package = pkgs.kanagawa-gtk-theme.overrideAttrs (_: kanagawaOverride);
};
gtk4.theme = {
inherit (config.gtk.theme) name package;
};
iconTheme = {
name = "Kanagawa";
package = pkgs.kanagawa-icon-theme.overrideAttrs (_: kanagawaOverride);
};
};
};
qt = {
enable = true;
platformTheme.name = "gtk3";
};
};
}
modules/features/vicinae.nix
+51 -64
View File
@@ -1,73 +1,60 @@
{ inputs, ... }:
{
lux.vicinae = {
homeManager =
{ pkgs, ... }:
{
programs.vicinae = {
enable = true;
systemd.enable = true;
flake.modules.homeManager.vicinae =
{ pkgs, inputs, ... }:
{
programs.vicinae = {
enable = true;
systemd.enable = true;
themes = {
kanagawa-wave = {
meta = {
version = 1;
name = "Kanagawa Wave";
description = "A dark theme inspired by the colors of the famous painting by Katsushika Hokusai.";
variant = "dark";
inherits = "vicinae-dark";
};
colors = {
core = {
background = "#1F1F28";
foreground = "#DCD7BA";
secondary_background = "#16161D";
border = "#2A2A37";
accent = "#7E9CD8";
};
accents = {
blue = "#7E9CD8";
green = "#98BB6C";
magenta = "#D27E99";
orange = "#FFA066";
purple = "#957FB8";
red = "#E82424";
yellow = "#E6C384";
cyan = "#7AA89F";
};
input = {
border_focus = "colors.core.accent";
};
};
};
themes.kanagawa-wave = {
meta = {
version = 1;
name = "Kanagawa Wave";
description = "A dark theme inspired by the colors of the famous painting by Katsushika Hokusai.";
variant = "dark";
inherits = "vicinae-dark";
};
settings = {
theme = {
light.name = "kanagawa-wave";
dark.name = "kanagawa-wave";
colors = {
core = {
background = "#1F1F28";
foreground = "#DCD7BA";
secondary_background = "#16161D";
border = "#2A2A37";
accent = "#7E9CD8";
};
accents = {
blue = "#7E9CD8";
green = "#98BB6C";
magenta = "#D27E99";
orange = "#FFA066";
purple = "#957FB8";
red = "#E82424";
yellow = "#E6C384";
cyan = "#7AA89F";
};
input.border_focus = "colors.core.accent";
};
extensions = with inputs.vicinae-extensions.packages.${pkgs.stdenv.hostPlatform.system}; [
agenda
#bluetooth
brotab
#dbus
fuzzy-files
github
it-tools
niri
nix
podman
process-manager
pulseaudio
simple-bookmarks
ssh
#systemd
];
};
settings.theme = {
light.name = "kanagawa-wave";
dark.name = "kanagawa-wave";
};
extensions = with inputs.vicinae-extensions.packages.${pkgs.stdenv.hostPlatform.system}; [
agenda
brotab
fuzzy-files
github
it-tools
niri
nix
podman
process-manager
pulseaudio
simple-bookmarks
ssh
];
};
};
};
}
modules/features/xdg.nix
+38 -45
View File
@@ -1,52 +1,45 @@
{
lux.xdg = {
homeManager =
{ config, pkgs, ... }:
let
homeDir = config.home.homeDirectory;
localDir = "${homeDir}/.local";
mediaDir = "${homeDir}/media";
in
{
xdg = {
flake.modules.homeManager.xdg =
{ config, pkgs, ... }:
let
homeDir = config.home.homeDirectory;
localDir = "${homeDir}/.local";
mediaDir = "${homeDir}/media";
in
{
xdg = {
enable = true;
cacheHome = "${localDir}/cache";
configHome = "${homeDir}/.config";
dataHome = "${localDir}/share";
stateHome = "${localDir}/state";
userDirs = {
enable = true;
createDirectories = true;
setSessionVariables = true;
cacheHome = "${localDir}/cache";
configHome = "${homeDir}/.config";
dataHome = "${localDir}/share";
stateHome = "${localDir}/state";
userDirs = {
enable = true;
createDirectories = true;
setSessionVariables = true;
download = "${homeDir}/downloads";
documents = "${homeDir}/documents";
# Organize into media folder
music = "${mediaDir}/music";
pictures = "${mediaDir}/images";
videos = "${mediaDir}/videos";
# Hide these
desktop = "${localDir}/desktop";
publicShare = "${localDir}/public";
templates = "${localDir}/templates";
};
mimeApps = {
enable = true;
defaultApplicationPackages = with pkgs; [
sioyek
imv
vivaldi
neovim
nautilus
];
};
download = "${homeDir}/downloads";
documents = "${homeDir}/documents";
music = "${mediaDir}/music";
pictures = "${mediaDir}/images";
videos = "${mediaDir}/videos";
desktop = "${localDir}/desktop";
publicShare = "${localDir}/public";
templates = "${localDir}/templates";
};
mimeApps = {
enable = true;
defaultApplicationPackages = with pkgs; [
sioyek
imv
vivaldi
neovim
nautilus
];
};
};
};
};
}
modules/flake-parts.nix
+36
View File
@@ -0,0 +1,36 @@
{
inputs,
config,
...
}:
let
nixosModules = config.flake.modules.nixos;
in
{
imports = [ inputs.flake-parts.flakeModules.modules ];
systems = [ "x86_64-linux" ];
flake.nixosConfigurations = {
orion = inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [ nixosModules.orion ];
};
polaris = inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [ nixosModules.polaris ];
};
zenith = inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [ nixosModules.zenith ];
};
};
perSystem =
{ pkgs, ... }:
{
formatter = pkgs.nixfmt-tree;
};
}
modules/hosts/orion/_disk.nix
+51
View File
@@ -0,0 +1,51 @@
{ inputs, lib, ... }:
{
imports = [ inputs.disko.nixosModules.disko ];
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg.pool = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
}
modules/hosts/orion/_hardware.nix
+22
View File
@@ -0,0 +1,22 @@
{ lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
modules/hosts/orion/default.nix
+65 -38
View File
@@ -1,43 +1,70 @@
{ den, lib, lux, ... }:
{
inputs,
config,
...
}:
let
lingerForUsers = den.lib.perHost (
{ host, ... }:
{
nixos.users.users = lib.mapAttrs (_: _: {
linger = true;
}) host.users;
}
);
nixosModules = config.flake.modules.nixos;
in
{
den.aspects.orion = {
includes = (with lux.services._; [
caddy
openssh
vaultwarden
radicale
actual
gitea
]) ++ [ lingerForUsers ];
nixos =
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.kitty
];
networking = {
firewall.enable = true;
firewall.allowPing = false;
nftables.enable = true;
};
# Use ssh authorization for sudo instead of password
security.pam = {
sshAgentAuth.enable = true;
services.sudo.sshAgentAuth = true;
};
flake.modules.nixos.orion =
{ pkgs, ... }:
let
host = {
isServer = true;
};
};
in
{
_module.args.host = host;
imports = [
inputs.home-manager.nixosModules.home-manager
nixosModules.sopsHost
nixosModules.caddy
nixosModules.openssh
nixosModules.vaultwarden
nixosModules.radicale
nixosModules.actual
nixosModules.gitea
nixosModules.kiri
./_hardware.nix
./_disk.nix
];
system.stateVersion = "24.05";
home-manager = {
useGlobalPkgs = true;
backupFileExtension = "bak";
extraSpecialArgs = { inherit inputs; };
};
networking.hostName = "orion";
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
users.users.kiri = {
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A"
];
};
environment.systemPackages = [
pkgs.kitty
];
networking = {
firewall.enable = true;
firewall.allowPing = false;
nftables.enable = true;
};
security.pam = {
sshAgentAuth.enable = true;
services.sudo.sshAgentAuth = true;
};
};
}
modules/hosts/orion/disk.nix
-63
View File
@@ -1,63 +0,0 @@
{ inputs, ... }:
{
den.aspects.orion = {
nixos =
{ lib, ... }:
{
imports = [ inputs.disko.nixosModules.disko ];
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
};
};
}
modules/hosts/orion/hardware.nix
-38
View File
@@ -1,38 +0,0 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/system.nix instead.
{ ... }:
{
den.aspects.orion = {
nixos =
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
};
}
modules/hosts/polaris/_hardware.nix
+44
View File
@@ -0,0 +1,44 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/bda7f8b9-2b3d-4190-8518-baa50490227e";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/26FE-CA37";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
modules/hosts/polaris/default.nix
+81 -59
View File
@@ -1,72 +1,94 @@
{ inputs, lux, ... }:
{
den.aspects.polaris = {
includes = [ lux.bundles._.local-session ];
inputs,
config,
...
}:
let
nixosModules = config.flake.modules.nixos;
homeModules = config.flake.modules.homeManager;
in
{
flake.modules.nixos.polaris =
{
config,
pkgs,
...
}:
let
host = {
isServer = false;
};
in
{
_module.args.host = host;
provides.kiri = {
includes = with lux; [
bundles._.local-session-user
imports = [
nixosModules.desktopBase
nixosModules.steam
nixosModules.kiri
nixosModules.ergon
./_hardware.nix
]
++ (with inputs.nixos-hardware.nixosModules; [
common-pc
common-pc-ssd
common-cpu-amd
common-gpu-amd
]);
system.stateVersion = "24.05";
networking.hostName = "polaris";
home-manager.users.kiri.imports = with homeModules; [
nix
bitwarden
email
pim
mpv
sops-password
steam
niri
clipboard
localApps
qbittorrentClient
vicinae
xdg
theme
noctalia
];
};
provides.ergon = {
includes = with lux; [
sops-password
];
};
nixos =
{
config,
pkgs,
...
}:
{
imports = with inputs.nixos-hardware.nixosModules; [
common-pc
common-pc-ssd
common-cpu-amd
common-gpu-amd
];
services.hardware.openrgb.enable = true;
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
consoleMode = "auto";
configurationLimit = 5;
# Convert boot entry to a more readable name.
extraInstallCommands = ''
ENTRIES="${config.boot.loader.efi.efiSysMountPoint}/loader/entries"
PROFILES="/nix/var/nix/profiles"
for file in "$ENTRIES"/nixos-generation-*.conf; do
generation=$(${pkgs.coreutils}/bin/basename "$file" | ${pkgs.gnugrep}/bin/grep -o -E '[0-9]+')
timestamp=$(${pkgs.coreutils}/bin/stat -c %y "$PROFILES/system-$generation-link" 2>/dev/null | ${pkgs.coreutils}/bin/cut -d. -f1)
if [ -z "$timestamp" ]; then
timestamp="Unknown Date"
fi
${pkgs.gnused}/bin/sed -i "s/^version .*/version Generation $generation - $timestamp/" "$file"
done
'';
};
home-manager.users.kiri.programs.niri.settings.outputs = {
"LG Electronics LG ULTRAGEAR 103NTYT8R290" = {
"focus-at-startup" = true;
position = {
x = 0;
y = 0;
};
};
tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest;
"LG Electronics LG ULTRAGEAR 103NTJJ8R332" = {
position = {
x = 2560;
y = 0;
};
};
};
};
services.hardware.openrgb.enable = true;
boot.loader.systemd-boot.extraInstallCommands = ''
ENTRIES="${config.boot.loader.efi.efiSysMountPoint}/loader/entries"
PROFILES="/nix/var/nix/profiles"
for file in "$ENTRIES"/nixos-generation-*.conf; do
generation=$(${pkgs.coreutils}/bin/basename "$file" | ${pkgs.gnugrep}/bin/grep -o -E '[0-9]+')
timestamp=$(${pkgs.coreutils}/bin/stat -c %y "$PROFILES/system-$generation-link" 2>/dev/null | ${pkgs.coreutils}/bin/cut -d. -f1)
if [ -z "$timestamp" ]; then
timestamp="Unknown Date"
fi
${pkgs.gnused}/bin/sed -i "s/^version .*/version Generation $generation - $timestamp/" "$file"
done
'';
};
}
modules/hosts/polaris/hardware.nix
-50
View File
@@ -1,50 +0,0 @@
{
den.aspects.polaris = {
nixos =
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/bda7f8b9-2b3d-4190-8518-baa50490227e";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/26FE-CA37";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
};
}
modules/hosts/zenith/_hardware.nix
+36
View File
@@ -0,0 +1,36 @@
{ lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6d8f6f33-c9d9-4e90-b496-d5b3ef5e9aeb";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8797-B47E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
modules/hosts/zenith/default.nix
+56 -36
View File
@@ -1,48 +1,68 @@
{ inputs, lux, ... }:
{
den.aspects.zenith = {
includes = [ lux.bundles._.local-session ];
inputs,
config,
...
}:
let
nixosModules = config.flake.modules.nixos;
homeModules = config.flake.modules.homeManager;
in
{
flake.modules.nixos.zenith =
{ ... }:
let
host = {
isServer = false;
};
in
{
_module.args.host = host;
provides.kiri = {
includes = with lux; [
bundles._.local-session-user
imports = [
nixosModules.desktopBase
nixosModules.kiri
nixosModules.ergon
./_hardware.nix
inputs.nixos-hardware.nixosModules.lenovo-yoga-7-14ARH7-amdgpu
];
system.stateVersion = "24.05";
networking.hostName = "zenith";
home-manager.users.kiri.imports = with homeModules; [
nix
bitwarden
email
pim
mpv
sops-password
niri
clipboard
localApps
qbittorrentClient
vicinae
xdg
theme
noctalia
];
};
provides.ergon = {
includes = with lux; [
sops-password
];
};
nixos =
{ pkgs, ... }:
{
imports = [
inputs.nixos-hardware.nixosModules.lenovo-yoga-7-14ARH7-amdgpu
];
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
consoleMode = "auto";
configurationLimit = 5;
};
home-manager.users.kiri.programs.niri.settings.outputs = {
"California Institute of Technology 0x1410 Unknown" = {
"focus-at-startup" = true;
position = {
x = 0;
y = 0;
};
scale = 1.5;
mode = {
width = 3072;
height = 1920;
refresh = 120.002;
};
tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest;
};
hardware.enableRedistributableFirmware = true;
services.fwupd.enable = true;
};
};
hardware.enableRedistributableFirmware = true;
services.fwupd.enable = true;
};
}
modules/hosts/zenith/hardware.nix
-46
View File
@@ -1,46 +0,0 @@
{
den.aspects.zenith = {
nixos =
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6d8f6f33-c9d9-4e90-b496-d5b3ef5e9aeb";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8797-B47E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
};
}
modules/infra.nix
-109
View File
@@ -1,109 +0,0 @@
let
serviceDomain = "jelles.net";
adminKeyPath = "/var/lib/sops/keys.txt";
sharedIdentity = {
realName = "Jelle Spreeuwenberg";
authorizedSshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A"
];
};
kiriAccount = sharedIdentity // {
emails = {
main = {
address = "mail@jelles.net";
primary = true;
kind = "mxrouting";
};
old = {
address = "mail@jellespreeuwenberg.nl";
kind = "mxrouting";
};
uni = {
address = "j.spreeuwenberg@student.tue.nl";
kind = "office365";
};
work = {
address = "jelle.spreeuwenberg@yookr.org";
kind = "office365";
};
};
};
ergonAccount = sharedIdentity // {
emails.work = {
address = "jelle.spreeuwenberg@yookr.org";
primary = true;
kind = "office365";
};
};
in
{
den.hosts.x86_64-linux = {
polaris = {
inherit serviceDomain;
sopsAdminKeyPath = adminKeyPath;
sopsAdminKeyUsers = [
"kiri"
"ergon"
];
displays = {
"LG Electronics LG ULTRAGEAR 103NTYT8R290" = {
primary = true;
position.x = 0;
position.y = 0;
};
"LG Electronics LG ULTRAGEAR 103NTJJ8R332" = {
position.x = 2560;
position.y = 0;
};
};
users = {
kiri = kiriAccount // {
syncthingId = "6HBAKXB-DB3B4H2-BODCAXF-KD23H5W-6X5LGLC-ZJHZHLG-7U7YMGO-BB6IXQ3";
};
ergon = ergonAccount;
};
};
zenith = {
inherit serviceDomain;
sopsAdminKeyPath = adminKeyPath;
sopsAdminKeyUsers = [
"kiri"
"ergon"
];
displays = {
"California Institute of Technology 0x1410 Unknown" = {
primary = true;
position.x = 0;
position.y = 0;
scale = 1.5;
mode = {
width = 3072;
height = 1920;
refresh = 120.002;
};
};
};
users = {
kiri = kiriAccount;
ergon = ergonAccount;
};
};
orion = {
inherit serviceDomain;
requiresSshRecovery = true;
sshRecoveryUsers = [ "kiri" ];
sopsHostSshKeyPath = "/etc/ssh/ssh_host_ed25519_key";
sopsAdminKeyPath = adminKeyPath;
sopsAdminKeyUsers = [ "kiri" ];
users.kiri = kiriAccount // {
syncthingId = "NNRNQKZ-OWPHSVA-B6KKBHE-SDYLSTV-7SVHGPR-NEWLKPL-4MWNJG4-G5FHUAI";
};
};
};
}
modules/schema.nix
-135
View File
@@ -1,135 +0,0 @@
{ lib, ... }:
{
den.schema = {
user =
{ config, ... }:
let
primaryEmailCount = builtins.length (lib.filter (email: email.primary) (builtins.attrValues config.emails));
in
{
options = {
realName = lib.mkOption {
type = lib.types.str;
};
authorizedSshKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
emails = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (
{ ... }:
{
options = {
address = lib.mkOption {
type = lib.types.str;
};
primary = lib.mkOption {
type = lib.types.bool;
default = false;
};
kind = lib.mkOption {
type = lib.types.enum [
"mxrouting"
"office365"
];
};
};
}
)
);
default = { };
};
syncthingId = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = {
assertions = [
{
assertion = primaryEmailCount == 1;
message = "Each user must define exactly one primary email.";
}
];
classes = lib.mkDefault [ "homeManager" ];
};
};
host = {
options = {
serviceDomain = lib.mkOption {
type = lib.types.str;
};
displays = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (
{ ... }:
{
options = {
position = lib.mkOption {
type = lib.types.submodule {
options = {
x = lib.mkOption { type = lib.types.int; };
y = lib.mkOption { type = lib.types.int; };
};
};
};
scale = lib.mkOption {
type = lib.types.nullOr (lib.types.oneOf [
lib.types.int
lib.types.float
]);
default = null;
};
primary = lib.mkOption {
type = lib.types.bool;
default = false;
};
mode = lib.mkOption {
type = lib.types.nullOr (
lib.types.submodule (
{ ... }:
{
options = {
width = lib.mkOption { type = lib.types.int; };
height = lib.mkOption { type = lib.types.int; };
refresh = lib.mkOption {
type = lib.types.nullOr lib.types.float;
default = null;
};
};
}
)
);
default = null;
};
};
}
)
);
default = { };
};
requiresSshRecovery = lib.mkOption {
type = lib.types.bool;
default = false;
};
sshRecoveryUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
sopsHostSshKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
sopsAdminKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
sopsAdminKeyUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
};
};
}
modules/secrets/sops.nix
+48 -75
View File
@@ -1,85 +1,58 @@
{ den, inputs, lib, ... }:
{
inputs,
...
}:
let
sopsReadersGroup = "sops-users";
sopsAdminKeyPath = "/var/lib/sops/keys.txt";
in
{
den.ctx.host.includes = [
(den.lib.perHost (
{ host, ... }:
let
missingAdminUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sopsAdminKeyUsers;
hasSharedAdminKey = host.sopsAdminKeyPath != null && host.sopsAdminKeyUsers != [ ];
adminKeyDir = if host.sopsAdminKeyPath == null then null else builtins.dirOf host.sopsAdminKeyPath;
in
{
nixos = {
imports = [ inputs.sops-nix.nixosModules.sops ];
flake.modules.nixos.sopsHost =
{
lib,
host ? {
isServer = false;
},
...
}:
let
useHostSshKey = host.isServer;
useAdminKeyFile = !host.isServer;
adminKeyDir = builtins.dirOf sopsAdminKeyPath;
in
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
defaultSopsFile = ./secrets.yaml;
age =
if host.sopsHostSshKeyPath != null then
{
sshKeyPaths = [ host.sopsHostSshKeyPath ];
}
else
{
keyFile = host.sopsAdminKeyPath;
};
sops = {
defaultSopsFile = ./secrets.yaml;
age =
lib.optionalAttrs useHostSshKey {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}
// lib.optionalAttrs useAdminKeyFile {
keyFile = sopsAdminKeyPath;
};
};
users.groups = lib.optionalAttrs hasSharedAdminKey {
${sopsReadersGroup} = { };
};
systemd.tmpfiles.rules = lib.optionals useAdminKeyFile [
"d ${adminKeyDir} 0750 root wheel -"
"z ${sopsAdminKeyPath} 0640 root wheel -"
];
};
users.users = lib.genAttrs host.sopsAdminKeyUsers (_: {
extraGroups = [ sopsReadersGroup ];
});
flake.modules.homeManager.sopsAdmin =
{
pkgs,
...
}:
{
imports = [ inputs.sops-nix.homeManagerModules.sops ];
systemd.tmpfiles.rules = lib.optionals hasSharedAdminKey [
"d ${adminKeyDir} 0750 root ${sopsReadersGroup} -"
"z ${host.sopsAdminKeyPath} 0640 root ${sopsReadersGroup} -"
];
sops = {
defaultSopsFile = ./secrets.yaml;
age.keyFile = sopsAdminKeyPath;
};
assertions = [
{
assertion = host.sopsAdminKeyUsers == [ ] || host.sopsAdminKeyPath != null;
message = "Hosts with sopsAdminKeyUsers must set sopsAdminKeyPath.";
}
{
assertion = missingAdminUsers == [ ];
message =
"All sopsAdminKeyUsers must exist on the host. Missing: "
+ lib.concatStringsSep ", " missingAdminUsers;
}
];
};
}
))
];
den.ctx.user.includes = [
(den.lib.perUser (
{ host, user, ... }:
if builtins.elem user.userName host.sopsAdminKeyUsers then
{
homeManager =
{ pkgs, ... }:
{
imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops = {
defaultSopsFile = ./secrets.yaml;
age.keyFile = host.sopsAdminKeyPath;
};
home.sessionVariables.SOPS_AGE_KEY_FILE = host.sopsAdminKeyPath;
home.packages = [ pkgs.sops ];
};
}
else
{ }
))
];
home.sessionVariables.SOPS_AGE_KEY_FILE = sopsAdminKeyPath;
home.packages = [ pkgs.sops ];
};
}
modules/users.nix
+85
View File
@@ -0,0 +1,85 @@
{ config, ... }:
let
homeModules = config.flake.modules.homeManager;
realName = "Jelle Spreeuwenberg";
accounts = {
kiri = {
homeDirectory = "/home/kiri";
gitEmail = "mail@jelles.net";
vaultEmail = "mail@jelles.net";
extraHomeImports = with homeModules; [ syncthing ];
};
ergon = {
homeDirectory = "/home/ergon";
gitEmail = "jelle.spreeuwenberg@yookr.org";
vaultEmail = "jelle.spreeuwenberg@yookr.org";
extraHomeImports = with homeModules; [ nix ];
};
};
mkUser =
{ accountName }:
{
config,
pkgs,
...
}:
let
account = accounts.${accountName};
in
{
sops.secrets."hashed-password-${accountName}".neededForUsers = true;
programs.zsh.enable = true;
users.users.${accountName} = {
name = accountName;
home = account.homeDirectory;
hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path;
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [
"wheel"
"networkmanager"
];
};
home-manager.users.${accountName} = {
home = {
username = accountName;
homeDirectory = account.homeDirectory;
stateVersion = "24.05";
};
imports =
with homeModules;
[
terminal
shell
neovim
sshClient
sopsAdmin
git
devTools
podman
gemini
]
++ account.extraHomeImports;
programs.git.settings.user = {
name = realName;
email = account.gitEmail;
};
programs.rbw.settings.email = account.vaultEmail;
};
};
in
{
flake.modules.nixos.kiri = mkUser { accountName = "kiri"; };
flake.modules.nixos.ergon = mkUser { accountName = "ergon"; };
}
modules/users/ergon.nix
-19
View File
@@ -1,19 +0,0 @@
{ den, lux, ... }:
{
den.aspects.ergon = {
includes = with lux; [
(den._.user-shell "zsh")
terminal
shell
neovim
ssh
bundles._.development
({ user, ... }: {
nixos.users.users.${user.userName}.extraGroups = [
"wheel"
"networkmanager"
];
})
];
};
}
modules/users/kiri.nix
-15
View File
@@ -1,15 +0,0 @@
{ den, lux, ... }:
{
den.aspects.kiri = {
includes = with lux; [
den._.primary-user
(den._.user-shell "zsh")
syncthing
terminal
shell
neovim
ssh
bundles._.development
];
};
}