kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: kiri/lux:4b6e05212c407fcabb29ed4b39df4aaa50165749
Branches Tags
kiri/lux:main
..
compare: kiri/lux:main
Branches Tags
kiri/lux:main

22 Commits
4b6e05212c .. main

Author SHA1 Message Date
kiri 9df7bfd825 chore: remove outdated AGENTS.md 2026-06-12 15:46:06 +02:00
kiri 9f565b85db feat: remove global git ignores 2026-06-12 11:33:56 +02:00
kiri 562a65a714 feat: make escape exit menuselect in zsh 2026-06-12 11:33:36 +02:00
kiri beabcabb60 feat: add work repo to trusted codex folders 2026-06-08 10:04:02 +02:00
kiri 709e89c017 fix: nix-wrapper-modules warning 2026-06-08 10:02:36 +02:00
kiri b35c95b4c8 feat: remove uv 2026-06-08 10:02:05 +02:00
kiri 5a1f5a9894 feat: move to limine 2026-06-08 10:01:59 +02:00
kiri d6a3587a89 feat: set notifcation density to compact 2026-06-06 11:35:10 +02:00
kiri ed1c94735c chore: update inputs 2026-06-05 14:54:05 +02:00
kiri 239febf3e0 feat: move notifications to bottom right 2026-05-29 13:15:15 +02:00
kiri e7c0a084a0 chore: update inputs 2026-05-29 10:07:46 +02:00
kiri 30564171f0 chore: update inputs and devenv 2026-05-27 19:23:01 +02:00
kiri 1d591c4f4a feat: add vps-insights to orion 2026-05-07 01:52:25 +02:00
kiri b204e48509 chore: update nix-wrapper-modules call 2026-05-07 00:59:18 +02:00
kiri 86dcf5ce4b fix: transmission failing because of non-existing directory 2026-05-07 00:58:52 +02:00
kiri 8453447f90 feat: switch torrent client to transmission 2026-05-07 00:45:23 +02:00
kiri 2c2276c9b8 feat: always approve nixos mcp requests in codex 2026-05-07 00:37:15 +02:00
kiri c4146eaae0 feat: reduce number of nixpkgs revisions 2026-05-07 00:24:32 +02:00
kiri f193c02f4a feat: better zsh completion 2026-05-06 23:51:54 +02:00
kiri d84fec1a82 feat: enable bitwarden for walker 2026-05-06 22:56:34 +02:00
kiri 1458dd1ae6 feat: use sops for radicale password 2026-05-06 22:56:23 +02:00
kiri c501097e4c feat: enable khal 2026-05-06 22:11:30 +02:00
18 changed files with 826 additions and 444 deletions
Expand all files Collapse all files
AGENTS.md
-78
View File
@@ -1,78 +0,0 @@
# AGENTS.md
## Purpose
This repo uses the Dendritic Pattern with `flake-parts`.
Design and change the configuration as a composition of **features**, not as a host-first tree.
For deeper design rationale and pattern descriptions, refer to `.agents/dendritic-design-with-flake-parts.wiki`.
## Core Terms
- **Feature**: a flake-parts module under `modules/` that defines one coherent concern.
- **Aspect**: a reusable module published at `flake.modules.<module class>.<aspect name>`.
- **Module class**: the configuration context of an aspect. This repo primarily uses `nixos` and `homeManager`.
- **Feature module**: the flake-parts module that defines aspects, flake outputs, options, or shared helpers.
In this repo, `flake.nix` imports `./modules` recursively via `inputs.import-tree`. Any non-private `.nix` file under `modules/` is therefore treated as a feature module.
## Design Principles
- Work bottom-up. Define features first; assemble hosts from features.
- Keep semantic ownership local. A feature should contain the configuration for that concern across all relevant module classes.
- Name aspects semantically. The aspect name should usually match the file or directory name that defines it.
- Prefer small, composable aspects. Build larger configurations with `imports`.
- Import aspects unconditionally and only within the same module class.
- Put conditions inside module content with `lib.mkIf` or `lib.mkMerge`, never around `imports`.
- Avoid importing the same aspect multiple times along one import path.
- Keep private helper files next to the feature that uses them and prefix them with `_` so `import-tree` does not import them as feature modules.
- Put shared schemas and constructors in dedicated shared modules, not ad hoc host files.
## Repo Structure
- `modules/capabilities/`: reusable leaf capability features and most aspect definitions.
- `modules/capabilities/services/`: reusable service capabilities, especially hosted daemons and network services.
- `modules/profiles/`: bundle features that assemble capabilities into larger profiles such as `host-base` and `workstation-base`.
- `modules/hosts/<name>/default.nix`: host features that assemble NixOS aspects into `flake.modules.nixos.<name>`.
- `modules/secrets/`: secret-related features shared by hosts.
- `modules/flake-parts.nix`: flake-parts entrypoint; defines systems, formatter, and `flake.nixosConfigurations`.
- `modules/lib/`: shared schemas, constructors, and helpers exposed through `repo.helpers`, especially `mkHost` and `mkCaddyReverseProxy`.
- `modules/data.nix`: canonical shared repo data, including the single `repo.account`, machine inventory, desktop preferences, services, and theme data.
- `modules/lib/schema.nix`: shared metadata schema for `repo.*` and NixOS `meta.machine`.
## How Features Are Applied Here
- Reusable NixOS concerns are published as `flake.modules.nixos.<name>`.
- Reusable Home Manager concerns are published as `flake.modules.homeManager.<name>`.
- Hosts are aspects too. `orion`, `polaris`, and `zenith` are `nixos` aspects assembled from smaller aspects.
- `flake.nixosConfigurations` instantiates every entry in `repo.machines` with `config.repo.helpers.mkHost`.
- Hosts define machine data under `repo.machines.<name>` and host-specific NixOS composition under `flake.modules.nixos.<name>`.
- `mkHost` wires the single `repo.account` into `users.users.<name>` and `home-manager.users.<name>`.
- NixOS modules may read `config.meta.machine`; Home Manager modules should read host facts through `osConfig.meta.machine` and user facts through `config.home` or `repo.account`.
## Preferred Aspect Patterns
- **Simple Aspect**: use for one self-contained concern in one or more module classes.
- **Multi Context Aspect**: use when one concern must configure both `nixos` and `homeManager`.
- **Inheritance Aspect**: use by importing a parent aspect and extending it.
- **Conditional Aspect**: use `lib.mkMerge` plus `lib.mkIf` for conditional content.
Use **Collector Aspect** only when composition through imports or shared library helpers is insufficient.
## Change Rules
- When adding a reusable leaf feature, add or extend aspects under `modules/capabilities/` and let profiles or hosts opt into them explicitly.
- When adding a hosted service or network daemon feature, prefer `modules/capabilities/services/`.
- When adding a bundle of existing capabilities, put it under `modules/profiles/`.
- When adding a host, create `modules/hosts/<name>/default.nix` and keep host-local generated files private as `_hardware.nix`, `_disk.nix`, or similar.
- When a feature needs local data or helper code, keep it inside that feature directory and prefix non-feature files with `_` when they live under `modules/`.
- Do not place arbitrary non-feature `.nix` files under `modules/` unless they are intentionally private and excluded from recursive import.
- If a concern is shared across hosts, it belongs in a reusable feature, not inline in one host unless it is truly host-specific.
## Practical Heuristics
- If you are about to edit a host because of a reusable concern, that concern probably wants its own feature.
- If a Home Manager module needs host facts, prefer `osConfig.meta.machine`; for user facts, prefer `config.home` or `repo.account` instead of duplicating literals.
- If a concern spans system and user space, keep both aspects in one feature so the behavior stays coherent.
- If imports would need to be conditional, redesign the aspect boundary instead.
flake.lock
Generated
+430 -297
View File
@@ -45,30 +45,108 @@
]
},
"locked": {
"lastModified": 1777369708,
"narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=",
"lastModified": 1778446047,
"narHash": "sha256-oQvcadh2BCkrog+SGrG6YffKJrveYpjj3TdQJWaKhaM=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98",
"rev": "f2bc12af1a6369648aac41041ceeaa0b866599c6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "staging-2.1.0",
"repo": "bun2nix",
"type": "github"
}
},
"cachix": {
"inputs": {
"devenv": [
"devenv"
],
"flake-compat": [
"devenv",
"flake-compat"
],
"git-hooks": [
"devenv",
"git-hooks"
],
"nixpkgs": [
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1777487137,
"narHash": "sha256-TuvKVBX60mqyMT6OB5JqVEh1YIWtFMR/igLCaCdC9tw=",
"owner": "cachix",
"repo": "cachix",
"rev": "a66a440c321d35f7193472c317f42a55ccd1cb93",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "latest",
"repo": "cachix",
"type": "github"
}
},
"crate2nix": {
"flake": false,
"locked": {
"lastModified": 1772186516,
"narHash": "sha256-8s28pzmQ6TOIUzznwFibtW1CMieMUl1rYJIxoQYor58=",
"owner": "rossng",
"repo": "crate2nix",
"rev": "ba5dd398e31ee422fbe021767eb83b0650303a6e",
"type": "github"
},
"original": {
"owner": "rossng",
"repo": "crate2nix",
"rev": "ba5dd398e31ee422fbe021767eb83b0650303a6e",
"type": "github"
}
},
"devenv": {
"inputs": {
"cachix": "cachix",
"crate2nix": "crate2nix",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"ghostty": "ghostty",
"git-hooks": "git-hooks",
"nix": "nix",
"nixd": "nixd",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1780630679,
"narHash": "sha256-hhQyVAYmNKziZ0T+T4Gsk0PYmnz4vdzOzpkJAmDASKM=",
"owner": "cachix",
"repo": "devenv",
"rev": "90ed6227ab389dd4e874a69a724f25dba312b754",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1776613567,
"narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"lastModified": 1780290312,
"narHash": "sha256-eTAlX0CwgB84Ts3GaBd944A3DRXVMzgA0EqroZBISUo=",
"owner": "nix-community",
"repo": "disko",
"rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"rev": "115e5211780054d8a890b41f0b7734cafad54dfe",
"type": "github"
},
"original": {
@@ -79,7 +157,9 @@
},
"elephant": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
@@ -101,13 +181,13 @@
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
@@ -115,16 +195,16 @@
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"llm-agents",
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"type": "github"
},
"original": {
@@ -134,6 +214,27 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
@@ -151,16 +252,82 @@
"type": "github"
}
},
"home-manager": {
"ghostty": {
"flake": false,
"locked": {
"lastModified": 1779069789,
"narHash": "sha256-ojo+gso45/6CVSuqfSVnlWpQ4d0QeLgwok+v/g3yu0E=",
"owner": "ghostty-org",
"repo": "ghostty",
"rev": "4b7bf0b20e3baf9c1ba10c63f2ad1fd853faea8f",
"type": "github"
},
"original": {
"owner": "ghostty-org",
"repo": "ghostty",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"flake-compat": [
"devenv",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1777642796,
"narHash": "sha256-EHNul4TIK2coKUgiFvm2FooYQNZWrc8iX5hKQQMahXU=",
"lastModified": 1778507602,
"narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"devenv",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1780593650,
"narHash": "sha256-CHo7k65YTL3HY+WQVedDTupji+LMgNlKCdrtRHZFAK4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "94db02863273736b57b9dcb1b5c4e873705c64c0",
"rev": "447fd9ff62501dae7206dfe180ee89f8de27b7d5",
"type": "github"
},
"original": {
@@ -171,11 +338,11 @@
},
"import-tree": {
"locked": {
"lastModified": 1773693634,
"narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"lastModified": 1778781969,
"narHash": "sha256-Jjuz5CmSkur8KvLDoGa+vylEp+RkQtv4mt/qcMznpH0=",
"owner": "vic",
"repo": "import-tree",
"rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"rev": "d321337efd0f23a9eb14a42adb7b2c29313ab274",
"type": "github"
},
"original": {
@@ -188,17 +355,19 @@
"inputs": {
"blueprint": "blueprint",
"bun2nix": "bun2nix",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_4",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1777637197,
"narHash": "sha256-RSevrcyS4z2Fx4+fk2NoWCvnxG3Z8lws3uemRJ3XaWc=",
"lastModified": 1780640554,
"narHash": "sha256-dgnL2gTgRoO1D4z6wkARGCO/gimq3/UE/mVFcQcWBn8=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "7381a70995f62d5f54545539765b8d638984b43c",
"rev": "f764eba1fdd162a1f2bc923f7e7034b894a22b4a",
"type": "github"
},
"original": {
@@ -209,8 +378,8 @@
},
"lux-pkgs": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_5"
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1772315038,
@@ -230,17 +399,17 @@
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1777633931,
"narHash": "sha256-306tONvDv0lhoT7Ge42ghjxPE2ndB3wTKwwtyZS2qJE=",
"lastModified": 1780639821,
"narHash": "sha256-SOTuKPQ9HptaWKnd6pbiSOC3YyY2tXwCJ5sQwKUDldU=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "c291d31da4a27a31b08fab5a468c086888095a3f",
"rev": "f92324f4e97776e141dc8a8ce4debc6c91b64038",
"type": "github"
},
"original": {
@@ -269,11 +438,11 @@
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1777627080,
"narHash": "sha256-9xzxgWsZZRbiMDa6iSZfD1dZGlUvsHp2aawWM5LK6F8=",
"lastModified": 1780637332,
"narHash": "sha256-FeKyLRxLZu2EUnhifijZPDZRl0sVnPVHMtizAINNiN4=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "5f6f131b24826a01374d5cd87b281bd7ea181537",
"rev": "f717ae030fe56fc52522ebef69f17f3f09064ac4",
"type": "github"
},
"original": {
@@ -282,16 +451,58 @@
"type": "github"
}
},
"nix-index-database": {
"nix": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"flake-compat": [
"devenv",
"flake-compat"
],
"flake-parts": [
"devenv",
"flake-parts"
],
"git-hooks-nix": [
"devenv",
"git-hooks"
],
"nixpkgs": [
"devenv",
"nixpkgs"
],
"nixpkgs-23-11": [
"devenv"
],
"nixpkgs-regression": [
"devenv"
]
},
"locked": {
"lastModified": 1777181277,
"narHash": "sha256-yVJbd07ortDRAttDFmDV5p220aOLTHgVAx//0nW/xW8=",
"lastModified": 1779748925,
"narHash": "sha256-meIhqGC04O5VXbKSFXSQoOKp+XCq5RMnwAk1Guo0VQo=",
"owner": "cachix",
"repo": "nix",
"rev": "0bc443c8ff235c3547d09327b48aaa2ab98b15f2",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "devenv-2.34",
"repo": "nix",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1780210899,
"narHash": "sha256-4axz3OBPTKa6LIkXV8n0lc63MQU+et2CB5DGobEAi6k=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "b8eb7acee0f7604fe1bf6a5b3dcf5254369180fa",
"rev": "97df9dc0b7c924344b793a15c1e8e4522ebb854e",
"type": "github"
},
"original": {
@@ -302,14 +513,16 @@
},
"nix-wrapper-modules": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777588201,
"narHash": "sha256-LfQx5BviXSkPOQfyCauFvq6J+NON4HyENCEgZ+MF0JM=",
"lastModified": 1780519948,
"narHash": "sha256-+JiqyEa+77HfyiuJcsG5hUc3bGeEflhUG4TD+CaChzQ=",
"owner": "BirdeeHub",
"repo": "nix-wrapper-modules",
"rev": "badcc07fd80e0f2dd2432c649664e79e1848ee86",
"rev": "6d9506b09f8fbe0429153da1cebef2bd61a98848",
"type": "github"
},
"original": {
@@ -318,13 +531,42 @@
"type": "github"
}
},
"nixos-hardware": {
"nixd": {
"inputs": {
"flake-parts": [
"devenv",
"flake-parts"
],
"nixpkgs": [
"devenv",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1776983936,
"narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=",
"lastModified": 1778381404,
"narHash": "sha256-FqhdOTA8vyoIpkHhbs2cCT7h6EWM7nsLeOYJc1ifQLE=",
"owner": "nix-community",
"repo": "nixd",
"rev": "e3e45eb76663f522e196b7f0cf34cab201db7779",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixd",
"type": "github"
}
},
"nixos-hardware": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1780310866,
"narHash": "sha256-fPBRVf6A5xlACYcOI59shGrjURuvwu0lRsDoSCEXt/I=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61",
"rev": "4ed851c979641e28597a05086332d75cdc9e395f",
"type": "github"
},
"original": {
@@ -335,18 +577,21 @@
}
},
"nixpkgs": {
"inputs": {
"nixpkgs-src": "nixpkgs-src"
},
"locked": {
"lastModified": 1773628058,
"narHash": "sha256-hpXH0z3K9xv0fHaje136KY872VT2T5uwxtezlAskQgY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f8573b9c935cfaa162dd62cc9e75ae2db86f85df",
"lastModified": 1778507786,
"narHash": "sha256-HzSQCKMsMr8r55LwM1JuzIOB+8bzk0FEv6sItKvsfoY=",
"owner": "cachix",
"repo": "devenv-nixpkgs",
"rev": "8f24a228a782e24576b155d1e39f0d914b380691",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"owner": "cachix",
"ref": "rolling",
"repo": "devenv-nixpkgs",
"type": "github"
}
},
@@ -365,13 +610,30 @@
"type": "github"
}
},
"nixpkgs-stable": {
"nixpkgs-src": {
"flake": false,
"locked": {
"lastModified": 1777428379,
"narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
"lastModified": 1778274207,
"narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "755f5aa91337890c432639c60b6064bb7fe67769",
"rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1779796641,
"narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "25f538306313eae3927264466c70d7001dcea1df",
"type": "github"
},
"original": {
@@ -381,119 +643,7 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_12": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_13": {
"locked": {
"lastModified": 1775710090,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764242076,
"narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1775423009,
"narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1777425547,
"narHash": "sha256-d57AbflkNfZNoFaZDzssEq1RfPoM9dLtOGI2O+N/68Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebc08544afa77957cc348ba72dc490ec73b87f68",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1772173633,
"narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=",
@@ -509,13 +659,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_3": {
"locked": {
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"lastModified": 1780243769,
"narHash": "sha256-x5UQuRsH3MqI0U9afaXSNqzTPSeZlRLvFAav2Ux1pNw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"rev": "331800de5053fcebacf6813adb5db9c9dca22a0c",
"type": "github"
},
"original": {
@@ -525,62 +675,59 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_4": {
"locked": {
"lastModified": 1776877367,
"narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0726a0ecb6d4e08f6adced58726b95db924cef57",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1775579569,
"narHash": "sha256-/m3yyS/EnXqoPGBJYVy4jTOsirdgsEZ3JdN2gGkBr14=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dfd9566f82a6e1d55c30f861879186440614696e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1777425547,
"narHash": "sha256-fUlUlthbjH+ppUqSdGoLFM+GbtuxcDhp8V8ouXEAgow=",
"rev": "ebc08544afa77957cc348ba72dc490ec73b87f68",
"lastModified": 1767892417,
"narHash": "sha256-8bW3q88CEg2u4hSP66Vf4lpbLonHz7hqDNBMcCY7E9U=",
"rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
"type": "tarball",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre988811.ebc08544afa7/nixexprs.tar.xz"
"url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre924538.3497aa5c9457/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
"url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1780365719,
"narHash": "sha256-JX05Ms/dk0c+UoW9IqQriB53HNZFckX9Qd3EJqmcqEw=",
"rev": "ffa10e26ae11d676b2db836259889f1f571cb14f",
"type": "tarball",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.11pre1009182.ffa10e26ae11/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
"url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1780243769,
"narHash": "sha256-x5UQuRsH3MqI0U9afaXSNqzTPSeZlRLvFAav2Ux1pNw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "331800de5053fcebacf6813adb5db9c9dca22a0c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"noctalia": {
"inputs": {
"nixpkgs": "nixpkgs_10",
"nixpkgs": "nixpkgs_6",
"noctalia-qs": "noctalia-qs"
},
"locked": {
"lastModified": 1777427472,
"narHash": "sha256-kqcfLdxb+CqTroMErCScvx6YQcZYJcf6X+z5I8kBJK8=",
"lastModified": 1780371321,
"narHash": "sha256-WCaU6npdMdjZSZHe3XATNDFijmzRnsV8V+iR80e5deg=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "9f8dd48c8df5ab1f7f87ddf9842627e1e5682186",
"rev": "3aab45a2f34fd47666b05892b95054952e788de1",
"type": "github"
},
"original": {
@@ -596,14 +743,14 @@
"nixpkgs"
],
"systems": "systems_3",
"treefmt-nix": "treefmt-nix_2"
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1777380063,
"narHash": "sha256-q5mWOEICcZzr+KnjIwDHV9EXiBxOC9cnBpxZbDAViU8=",
"lastModified": 1780194487,
"narHash": "sha256-M+YtjKCTkHrkplNaKVyaxfa8hAWjRF6wFOUBAZvxQ4U=",
"owner": "noctalia-dev",
"repo": "noctalia-qs",
"rev": "8742a7a748c43bf44eb6862a8ebd3591ed71502d",
"rev": "07398e12b54f194e3a2d47c87e3fd10b8eeaa27d",
"type": "github"
},
"original": {
@@ -614,6 +761,7 @@
},
"root": {
"inputs": {
"devenv": "devenv",
"disko": "disko",
"elephant": "elephant",
"flake-parts": [
@@ -628,23 +776,45 @@
"nix-index-database": "nix-index-database",
"nix-wrapper-modules": "nix-wrapper-modules",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_5",
"noctalia": "noctalia",
"sops-nix": "sops-nix",
"vicinae-extensions": "vicinae-extensions",
"walker": "walker"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779074409,
"narHash": "sha256-6aXy8Ga41iLVM8ibddFU1O5+wYWcBGNEfZzZuL91eIc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2a77b5b1dc952f214e8102acdef1622b68515560",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_11"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777338324,
"narHash": "sha256-bc+ZZCmOTNq86/svGnw0tVpH7vJaLYvGLLKFYP08Q8E=",
"lastModified": 1780547341,
"narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8eaee5c45428b28b8c47a83e4c09dccec5f279b5",
"rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
"type": "github"
},
"original": {
@@ -699,21 +869,6 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -731,7 +886,8 @@
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"llm-agents",
"devenv",
"nixd",
"nixpkgs"
]
},
@@ -750,6 +906,27 @@
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1780220602,
"narHash": "sha256-eynAfOmbmxJnkp7YewvCEbShNnnYJ9gLLqkzsYtBPeM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "db947814a175b7ca6ded66e21383d938df01c227",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"noctalia",
@@ -771,59 +948,15 @@
"type": "github"
}
},
"vicinae": {
"inputs": {
"nixpkgs": [
"vicinae-extensions",
"nixpkgs"
],
"systems": [
"vicinae-extensions",
"systems"
]
},
"locked": {
"lastModified": 1768856963,
"narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=",
"owner": "vicinaehq",
"repo": "vicinae",
"rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27",
"type": "github"
},
"original": {
"owner": "vicinaehq",
"repo": "vicinae",
"type": "github"
}
},
"vicinae-extensions": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_12",
"systems": "systems_4",
"vicinae": "vicinae"
},
"locked": {
"lastModified": 1777597325,
"narHash": "sha256-LfqeVlMwclHJKsJu5jJoztjlaCeIasQsiv3P9+eKDNw=",
"owner": "vicinaehq",
"repo": "extensions",
"rev": "89cc49471c3e7119bfd36d68998cefe534bddab8",
"type": "github"
},
"original": {
"owner": "vicinaehq",
"repo": "extensions",
"type": "github"
}
},
"walker": {
"inputs": {
"elephant": [
"elephant"
],
"nixpkgs": "nixpkgs_13",
"systems": "systems_5"
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_4"
},
"locked": {
"lastModified": 1777789924,
@@ -859,11 +992,11 @@
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1773622265,
"narHash": "sha256-wToKwH7IgWdGLMSIWksEDs4eumR6UbbsuPQ42r0oTXQ=",
"lastModified": 1779745227,
"narHash": "sha256-yqY7RtEJGJiENzR0GwL6q69tSAy6xAAmAcLuIhLjPf8=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "a879e5e0896a326adc79c474bf457b8b99011027",
"rev": "5d1efbc9dc3ab1c10160b656e0247f3325daf0f2",
"type": "github"
},
"original": {
flake.nix
+30 -10
View File
@@ -2,26 +2,46 @@
description = "NixOS Configuration";
inputs = {
disko.url = "github:nix-community/disko";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
devenv.url = "github:cachix/devenv";
flake-parts.follows = "lux-pkgs/flake-parts";
home-manager.url = "github:nix-community/home-manager";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
import-tree.url = "github:vic/import-tree";
llm-agents.url = "github:numtide/llm-agents.nix";
llm-agents = {
url = "github:numtide/llm-agents.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
niri.url = "github:sodiboo/niri-flake";
nix-wrapper-modules.url = "github:BirdeeHub/nix-wrapper-modules";
nix-wrapper-modules = {
url = "github:BirdeeHub/nix-wrapper-modules";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixpkgs.url = "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz";
noctalia.url = "github:noctalia-dev/noctalia-shell";
sops-nix.url = "github:Mic92/sops-nix";
nix-index-database.url = "github:nix-community/nix-index-database";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
#vicinae.url = "github:vicinaehq/vicinae";
vicinae-extensions.url = "github:vicinaehq/extensions";
elephant.url = "github:abenz1267/elephant";
elephant = {
url = "github:abenz1267/elephant";
inputs.nixpkgs.follows = "nixpkgs";
};
walker = {
url = "github:abenz1267/walker";
inputs.elephant.follows = "elephant";
inputs.nixpkgs.follows = "nixpkgs";
};
lux-pkgs.url = "git+ssh://gitea@orion/kiri/lux-pkgs";
modules/capabilities/ai.nix
+5
View File
@@ -86,9 +86,14 @@ in
"five-hour-limit"
];
projects.${account.nixosConfigurationPath}.trust_level = "trusted";
projects."${config.home.homeDirectory}/work/repos/yookr_data_science".trust_level = "trusted";
sandbox_mode = "workspace-write";
personality = "pragmatic";
features.undo = true;
mcp_servers.nixos = config.programs.mcp.servers.nixos // {
enabled = true;
default_tools_approval_mode = "approve";
};
};
};
};
modules/capabilities/dev-tools.nix
+12 -15
View File
@@ -1,22 +1,27 @@
{ inputs, ... }:
{
flake.modules.homeManager.dev-tools =
{ config, pkgs, ... }:
{
home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
home.packages = with pkgs; [
devenv
httpie
bruno
usql
posting
resterm
inputs.devenv.packages.${pkgs.stdenv.hostPlatform.system}.default
];
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
# programs.direnv = {
# enable = true;
# enableZshIntegration = true;
# nix-direnv.enable = true;
# };
programs.zsh.initContent = ''
eval "$(devenv hook zsh)"
'';
programs.lazygit = {
enable = true;
@@ -27,14 +32,6 @@
programs.jq.enable = true;
programs.bun.enable = true;
programs.ripgrep.enable = true;
programs.uv.enable = true;
programs.git.ignores = [
"devenv.*"
".devenv*"
".direnv"
"pre-commit-config.yaml"
".envrc"
];
#programs.uv.enable = true;
};
}
modules/capabilities/limine.nix
+75
View File
@@ -0,0 +1,75 @@
{ config, lib, ... }:
let
palette = config.repo.theme.kanagawa.palette;
hex = lib.removePrefix "#";
terminalPalette = palette.terminal;
mkPalette = colors: lib.concatStringsSep ";" (map hex colors);
in
{
flake.modules.nixos.limine =
{ config, lib, ... }:
let
displayValues = builtins.attrValues (config.facts.machine.displays or { });
primaryDisplays = lib.filter (display: display.primary or false) displayValues;
primaryDisplay = if primaryDisplays == [ ] then null else builtins.head primaryDisplays;
interfaceResolution =
if primaryDisplay != null && primaryDisplay ? width && primaryDisplay ? height then
"${toString primaryDisplay.width}x${toString primaryDisplay.height}"
else
null;
in
{
boot.loader = {
efi.canTouchEfiVariables = true;
limine = {
enable = true;
maxGenerations = 10;
resolution = "2560x1440";
style = {
backdrop = hex palette.secondaryBackground;
graphicalTerminal = {
background = "00${hex palette.background}";
foreground = hex palette.foreground;
brightForeground = hex palette.selectionForeground;
brightBackground = hex palette.selectionBackground;
palette = mkPalette [
terminalPalette.color0
terminalPalette.color1
terminalPalette.color2
terminalPalette.color3
terminalPalette.color4
terminalPalette.color5
terminalPalette.color6
terminalPalette.color7
];
brightPalette = mkPalette [
terminalPalette.color8
terminalPalette.color9
terminalPalette.color10
terminalPalette.color11
terminalPalette.color12
terminalPalette.color13
terminalPalette.color14
terminalPalette.color15
];
font = {
scale = "2x2";
spacing = 1;
};
margin = 64;
marginGradient = 24;
};
interface = {
branding = config.networking.hostName;
brandingColor = hex palette.accents.blue;
helpHidden = false;
resolution = interfaceResolution;
};
};
};
};
};
}
modules/capabilities/neovim/default.nix
+2 -6
View File
@@ -25,13 +25,9 @@ in
};
imports = [
(inputs.nix-wrapper-modules.lib.mkInstallModule {
(inputs.nix-wrapper-modules.lib.getInstallModule {
name = "neovim";
value = inputs.nix-wrapper-modules.lib.wrapperModules.neovim;
loc = [
"home"
"packages"
];
})
];
@@ -43,7 +39,7 @@ in
# 2. Runtime Dependencies (from lspsAndRuntimeDeps)
# These are added to the PATH of the wrapper
extraPackages = with pkgs; [
runtimePkgs = with pkgs; [
# Tools
universal-ctags
ripgrep
modules/capabilities/noctalia/_noctalia-config.nix
+2 -2
View File
@@ -458,9 +458,9 @@
notifications = {
enabled = true;
enableMarkdown = false;
density = "default";
density = "compact";
monitors = [ ];
location = "top_right";
location = "bottom_right";
overlayLayer = true;
backgroundOpacity = 1;
respectExpireTimeout = false;
modules/capabilities/pim.nix
+6 -4
View File
@@ -93,6 +93,7 @@ in
flake.modules.homeManager.calendar-tasks =
{
config,
pkgs,
...
}:
let
@@ -102,8 +103,10 @@ in
programs.pimsync.enable = true;
services.pimsync.enable = true;
sops.secrets."radicale-pass" = { };
programs.khal = {
enable = false;
enable = true;
locale = {
timeformat = "%H:%M";
dateformat = "$m-$d";
@@ -139,9 +142,8 @@ in
type = "caldav";
userName = config.home.username;
passwordCommand = [
"rbw"
"get"
"Radicale"
"${pkgs.coreutils}/bin/cat"
config.sops.secrets."radicale-pass".path
];
};
modules/capabilities/qbittorrent-client.nix
-28
View File
@@ -1,28 +0,0 @@
{ config, ... }:
let
hmModules = config.flake.modules.homeManager;
in
{
flake.modules.nixos.qbittorrent-client = {
home-manager.sharedModules = [ hmModules.qbittorrent-client ];
networking.firewall = {
allowedTCPPorts = [ 43864 ];
allowedUDPPorts = [ 43864 ];
};
};
flake.modules.homeManager.qbittorrent-client =
{
lib,
pkgs,
...
}:
{
home.packages = [ pkgs.qbittorrent ];
programs.niri.settings.spawn-at-startup = lib.mkAfter [
{ command = [ "qbittorrent" ]; }
];
};
}
modules/capabilities/services/transmission.nix
+28
View File
@@ -0,0 +1,28 @@
{ config, ... }:
let
account = config.repo.account;
in
{
flake.modules.nixos.transmission =
{ config, pkgs, ... }:
{
services.transmission = {
enable = true;
package = pkgs.transmission_4;
openPeerPorts = true;
downloadDirPermissions = "775";
settings = {
download-dir = "${account.homeDirectory}/torrents";
incomplete-dir = "${account.homeDirectory}/torrents/.incomplete";
peer-port = 43864;
umask = "002";
};
};
# NOTE: Upstream bug?
systemd.services.transmission-setup.requiredBy = [ "transmission.service" ];
users.users.${account.name}.extraGroups = [ config.services.transmission.group ];
};
}
modules/capabilities/services/vps-insights.nix
+215
View File
@@ -0,0 +1,215 @@
{ ... }:
{
flake.modules.nixos.vps-insights =
{ config, pkgs, ... }:
let
localAddress = "127.0.0.1";
grafanaDataDir = config.services.grafana.dataDir;
lokiDataDir = config.services.loki.dataDir;
lokiUrl = "http://${localAddress}:3100";
prometheusUrl = "http://${localAddress}:9090";
in
{
environment = {
etc."alloy/config.alloy".text = ''
loki.relabel "journal" {
forward_to = []
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "unit"
}
rule {
source_labels = ["__journal_syslog_identifier"]
target_label = "syslog_identifier"
}
rule {
source_labels = ["__journal_priority_keyword"]
target_label = "level"
}
}
loki.source.journal "system" {
forward_to = [loki.write.local.receiver]
relabel_rules = loki.relabel.journal.rules
max_age = "24h"
labels = {
host = "${config.networking.hostName}",
}
}
loki.write "local" {
endpoint {
url = "${lokiUrl}/loki/api/v1/push"
}
}
'';
systemPackages = with pkgs; [
goaccess
lynis
];
};
services = {
# Keep local system logs available for Loki and manual inspection.
journald.extraConfig = ''
Storage=persistent
SystemMaxUse=1G
MaxRetentionSec=30day
'';
# Detect and block common attacks against SSH and Caddy.
crowdsec = {
enable = true;
hub.collections = [
"crowdsecurity/linux"
"crowdsecurity/caddy"
];
localConfig.acquisitions = [
{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog";
}
{
filenames = [ "/var/log/caddy/*.log" ];
labels.type = "caddy";
}
];
};
crowdsec-firewall-bouncer = {
enable = true;
registerBouncer.bouncerName = "${config.networking.hostName}-firewall-bouncer";
};
# Grafana defaults to 127.0.0.1:3000; add secrets and datasources only.
grafana = {
enable = true;
settings = {
analytics.reporting_enabled = false;
security = {
admin_password = "$__file{${grafanaDataDir}/admin-password}";
secret_key = "$__file{${grafanaDataDir}/secret-key}";
};
};
provision.datasources.settings = {
prune = true;
datasources = [
{
name = "Prometheus";
type = "prometheus";
uid = "prometheus";
url = prometheusUrl;
isDefault = true;
}
{
name = "Loki";
type = "loki";
uid = "loki";
url = lokiUrl;
}
];
};
};
# Store local logs in Loki and feed them from journald through Alloy.
loki = {
enable = true;
configuration = {
analytics.reporting_enabled = false;
auth_enabled = false;
server = {
http_listen_address = localAddress;
http_listen_port = 3100;
grpc_listen_address = localAddress;
grpc_listen_port = 9096;
};
common = {
path_prefix = lokiDataDir;
replication_factor = 1;
instance_interface_names = [ "lo" ];
ring = {
instance_addr = localAddress;
kvstore.store = "inmemory";
};
};
schema_config.configs = [
{
from = "2025-01-01";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
storage_config.filesystem.directory = "${lokiDataDir}/chunks";
compactor = {
working_directory = "${lokiDataDir}/compactor";
retention_enabled = true;
delete_request_store = "filesystem";
};
limits_config.retention_period = "720h";
};
};
alloy = {
enable = true;
extraFlags = [ "--server.http.listen-addr=${localAddress}:12345" ];
};
# Collect basic VPS health metrics for Grafana.
prometheus = {
enable = true;
listenAddress = localAddress;
retentionTime = "30d";
scrapeConfigs = [
{
job_name = "prometheus";
static_configs = [
{
targets = [ "${localAddress}:9090" ];
}
];
}
{
job_name = "node";
static_configs = [
{
targets = [ "${localAddress}:9100" ];
}
];
}
];
exporters.node = {
enable = true;
listenAddress = localAddress;
};
};
};
systemd.services.grafana.preStart = ''
umask 077
if [ ! -s ${grafanaDataDir}/admin-password ]; then
${pkgs.openssl}/bin/openssl rand -base64 32 > ${grafanaDataDir}/admin-password
fi
if [ ! -s ${grafanaDataDir}/secret-key ]; then
${pkgs.openssl}/bin/openssl rand -hex 32 > ${grafanaDataDir}/secret-key
fi
'';
};
}
modules/capabilities/shell.nix
+10 -1
View File
@@ -65,12 +65,21 @@
bindkey -v
export KEYTIMEOUT=1
setopt MENU_COMPLETE
zmodload zsh/complist
autoload -U history-search-end
zle -N history-beginning-search-backward-end history-search-end
zle -N history-beginning-search-forward-end history-search-end
bindkey "^[OA" history-beginning-search-backward-end
bindkey "^[OB" history-beginning-search-forward-end
if [[ -n "''${terminfo[kcbt]}" ]]; then
bindkey "''${terminfo[kcbt]}" reverse-menu-complete
bindkey -M menuselect "''${terminfo[kcbt]}" reverse-menu-complete
fi
bindkey "^[[Z" reverse-menu-complete
bindkey -M menuselect "^[[Z" reverse-menu-complete
bindkey -M menuselect "^[" send-break
zstyle ':completion:*' completer _extensions _complete _approximate
zstyle ':completion:*' use-cache on
@@ -79,7 +88,7 @@
zstyle ':completion:*' complete-options true
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
zstyle ':completion:*' keep-prefix true
zstyle ':completion:*' menu select
zstyle ':completion:*' menu yes select=1
zstyle ':completion:*' list-grouped false
zstyle ':completion:*' list-separator '''
zstyle ':completion:*' group-name '''
modules/capabilities/walker.nix
+7
View File
@@ -27,6 +27,13 @@ in
programs.walker = {
enable = true;
runAsService = true;
config.providers.prefixes = [
{
provider = "bitwarden";
prefix = "?";
}
];
};
};
modules/hosts/orion/default.nix
+1
View File
@@ -25,6 +25,7 @@ in
nixosModules.caddy
nixosModules.server-firewall
nixosModules.sudo-ssh-agent-auth
nixosModules.vps-insights
nixosModules.vaultwarden
nixosModules.radicale
nixosModules.actual
modules/hosts/polaris/default.nix
+1 -1
View File
@@ -36,7 +36,7 @@ in
{
imports = [
nixosModules.workstation-base
nixosModules.qbittorrent-client
nixosModules.transmission
nixosModules.steam
./_hardware.nix
]
modules/hosts/zenith/default.nix
+1 -1
View File
@@ -35,7 +35,7 @@ in
{
imports = [
nixosModules.workstation-base
nixosModules.qbittorrent-client
nixosModules.transmission
nixosModules.laptop-power
{
hardware.enableRedistributableFirmware = true;
modules/profiles/workstation-base.nix
+1 -1
View File
@@ -20,7 +20,7 @@ in
nixosModules.printing
nixosModules.sddm
nixosModules.sops-admin-key-file
nixosModules.systemd-boot
nixosModules.limine
nixosModules.theme
nixosModules.ai
nixosModules.hidraw-access