From 68cb4377b7924fac21ecb2cd66869fec5c6c864f Mon Sep 17 00:00:00 2001 From: "Lennart J. Kurzweg (Nx2)" Date: Tue, 27 May 2025 12:12:36 +0200 Subject: [PATCH] New Flake Style XPS fix --- configuration.nix | 4 +-- flake-modules/colors.json | 16 ++++----- flake.nix | 17 ++++----- home-modules/bitwarden.nix | 4 +-- home-modules/calendar.nix | 2 +- home-modules/email.nix | 4 +-- home-modules/firefox.nix | 6 ++-- home-modules/games.nix | 2 +- home-modules/ghostty.nix | 2 +- home-modules/gimp.nix | 4 +-- home-modules/git.nix | 4 +-- home-modules/hyprland.nix | 24 ++++++------- home-modules/matrix.nix | 4 +-- home-modules/nvidia.nix | 4 +-- home-modules/obs.nix | 4 +-- home-modules/office.nix | 2 +- home-modules/ollama.nix | 1 + home-modules/pnx.nix | 6 ++-- home-modules/sent.nix | 2 -- home-modules/ssh.nix | 6 ++-- home-modules/tts.nix | 3 +- home-modules/virt-manager.nix | 4 +-- home-modules/vscode.nix | 34 +++++++++--------- home-modules/wallpaper-to-colors.nix | 4 +-- home-modules/waybar.nix | 6 ++-- home.nix | 17 +++++---- sops-secrets.yaml | 10 ++---- system-modules/adb.nix | 2 +- system-modules/boot.nix | 16 ++++----- system-modules/calendar-lec.nix | 6 ++-- system-modules/calendar-lr.nix | 6 ++-- system-modules/calendar-publish.nix | 14 ++++---- system-modules/dm.nix | 4 +-- system-modules/games.nix | 4 +-- system-modules/hardware-configuration.nix | 24 ++++++------- system-modules/health_reminder.nix | 6 ++-- system-modules/hugo.nix | 6 ++-- system-modules/nvidia.nix | 8 ++--- system-modules/nx2site.nix | 16 ++++----- system-modules/nx2site/dyn_dns.nix | 9 ++--- system-modules/nx2site/gitea.nix | 14 ++++---- system-modules/nx2site/nextcloud.nix | 4 +-- system-modules/nx2site/open-web-calendar.nix | 7 ++-- system-modules/nx2site/paperless.nix | 6 ++-- system-modules/nx2site/proxy.nix | 38 ++++++++++---------- system-modules/nx2site/radicale.nix | 4 +-- system-modules/nx2site/vaultwarden.nix | 4 +-- system-modules/ollama.nix | 14 +++----- system-modules/sops.nix | 9 ++--- system-modules/syncthing.nix | 38 +++++++++----------- system-modules/virtualisation.nix | 6 ++-- system-modules/ydotool.nix | 4 +-- 52 files changed, 220 insertions(+), 245 deletions(-) diff --git a/configuration.nix b/configuration.nix index c116dfc..8069dd8 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, inputs, host, ... }: +{ pkgs, hyper, inputs, ... }: { imports = ([ inputs.sops-nix.nixosModules.sops @@ -40,7 +40,7 @@ ./system-modules/users.nix ./system-modules/virtualisation.nix ./system-modules/ydotool.nix - ]) ++ (if (host == "NxACE") then [ + ]) ++ (if (hyper.host == "NxACE") then [ ./system-modules/nx2site.nix ./system-modules/hugo.nix ./system-modules/postgres.nix diff --git a/flake-modules/colors.json b/flake-modules/colors.json index bf6fbec..a1a7862 100644 --- a/flake-modules/colors.json +++ b/flake-modules/colors.json @@ -1,13 +1,13 @@ { "base": { - "foreground": "#dddddd", - "background": "#000000" + "foreground": "#dbd2f8", + "background": "#0f062c" }, "to_alter": { - "accent": "#8888ff", - "secondary": "#4444ff", - "tertiary": "#44ff88", - "special": "#ff6666", - "weird": "#ff66ff" + "accent": "#724ce5", + "secondary": "#ff3271", + "tertiary": "#ffc932", + "special": "#bfe54b", + "weird": "#e54b8b" } -} +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 6cef2ae..5f06978 100644 --- a/flake.nix +++ b/flake.nix @@ -27,14 +27,13 @@ outputs = { self, ... }@inputs: with inputs; let system = "x86_64-linux"; - # config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; }; - config = {}; + config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; }; hyper-base = rec { inherit system; user = "nx2"; domain = "nx2.site"; - home = "/home/${user}"; # no tailing slash! + home = "/home/${user}/"; }; pkgs = import nixpkgs { inherit system config; } // { @@ -43,7 +42,7 @@ version = "25.05"; }; - nvidia-set = import ./flake-modules/nvidia.nix; + nvidia-base = import ./flake-modules/nvidia.nix; secrets = import ./git-crypt/secrets.nix; rice = import ./flake-modules/rice.nix pkgs; @@ -53,9 +52,8 @@ inherit system; modules = [ ./configuration.nix ]; specialArgs = let - nvidia = nvidia-set // nvidia-settings; - hyper = hyper-base // { inherit host; }; - in { inherit pkgs inputs hyper rice secrets nvidia; }; + hyper = hyper-base // { inherit host; nvidia = nvidia-base // nvidia-settings; }; + in { inherit pkgs inputs hyper rice secrets; }; }; make-nixos-wsl-system = host: nixpkgs.lib.nixosSystem { inherit system; @@ -91,9 +89,8 @@ inherit pkgs; modules = [ ./home.nix ]; extraSpecialArgs = let - hyper = hyper-base // { inherit host; }; - nvidia = nvidia-set // nvidia-settings; - in { inherit pkgs inputs hyper rice secrets nvidia; }; + hyper = hyper-base // { inherit host; nvidia = nvidia-base // nvidia-settings; }; + in { inherit pkgs inputs hyper rice secrets; }; }; make-shell-configuration = host: user: home-manager.lib.homeManagerConfiguration { inherit pkgs; diff --git a/home-modules/bitwarden.nix b/home-modules/bitwarden.nix index 5834d90..5bf042d 100644 --- a/home-modules/bitwarden.nix +++ b/home-modules/bitwarden.nix @@ -1,8 +1,6 @@ -{ pkgs, hyper ... }: -lib.mkIf (hyper.host != "NxACE") +{ pkgs, hyper, ... }: { home.packages = with pkgs; [ bitwarden - bitwarden-cli ]; } diff --git a/home-modules/calendar.nix b/home-modules/calendar.nix index 6a43682..946e6dd 100644 --- a/home-modules/calendar.nix +++ b/home-modules/calendar.nix @@ -102,7 +102,7 @@ in { "calendar.registry.${to_safe_name calendar.name}.name" = name; "calendar.registry.${to_safe_name calendar.name}.type" = type; "calendar.registry.${to_safe_name calendar.name}.uri" = url; - "calendar.registry.${to_safe_name calendar.name}.username" = user; + "calendar.registry.${to_safe_name calendar.name}.username" = hyper.user; "calendar.registry.${to_safe_name calendar.name}.readOnly" = read-only; }) calendars ) // { diff --git a/home-modules/email.nix b/home-modules/email.nix index 417e51b..32ca800 100644 --- a/home-modules/email.nix +++ b/home-modules/email.nix @@ -6,14 +6,14 @@ pkgs.lib.mkIf (hyper.host != "NxACE") ]; programs.thunderbird = let - inherit (lib.generators) toJSON; + inherit (pkgs.lib.generators) toJSON; extensions = toJSON {} { "addon@darkreader.org" = "71d6c69d-55f9-4c56-888c-abdcf6efd73d"; }; in { enable = true; profiles = { - "${hyepr.user}" = { + "${hyper.user}" = { isDefault = true; settings = with rice.color; { "calendar.alarms.showmissed" = false; diff --git a/home-modules/firefox.nix b/home-modules/firefox.nix index 313231a..21e76eb 100644 --- a/home-modules/firefox.nix +++ b/home-modules/firefox.nix @@ -1,4 +1,4 @@ -{ pkgs, hyper, ... }: +{ pkgs, hyper, rice, ... }: # browser.tabs.allow_transparent_browser # https://www.reddit.com/r/FirefoxCSS/comments/1dqws4b/firefox_128_will_allow_the_main_browser_content/ { @@ -9,7 +9,7 @@ file = with rice.color; let blur = builtins.toString 20; in { - ".mozilla/firefox/${user}/chrome/userChrome.css".text = /* css */ '' + ".mozilla/firefox/${hyper.user}/chrome/userChrome.css".text = /* css */ '' :root{ /* Popup panels */ --arrowpanel-background : rgba(${rice.lib.hex-to-rgb-comma-string background}, ${builtins.toString rice.transparency}) !important; @@ -95,7 +95,7 @@ } ''; - ".mozilla/firefox/${user}/chrome/userContent.css".text = /* css */ '' + ".mozilla/firefox/${hyper.user}/chrome/userContent.css".text = /* css */ '' /* Removes the white loading page */ /* url(about:newtab), url(about:home) */ @-moz-document url(about:blank) { diff --git a/home-modules/games.nix b/home-modules/games.nix index 6cdb11a..0b97d35 100644 --- a/home-modules/games.nix +++ b/home-modules/games.nix @@ -1,6 +1,6 @@ { pkgs, hyper, ... }: # lib.mkIf (host == "NxNORTH" || host == "NxACE") -pkgs.lib.mkIf (host == "NxNORTH") +pkgs.lib.mkIf (hyper.host == "NxNORTH") { home = { packages = (with pkgs.unstable; [ diff --git a/home-modules/ghostty.nix b/home-modules/ghostty.nix index c23b406..493e713 100644 --- a/home-modules/ghostty.nix +++ b/home-modules/ghostty.nix @@ -1,7 +1,7 @@ { config, rice, hyper, inputs, ... }: { home = { - packages = [ inputs.ghostty.packages.${system}.default ]; + packages = [ inputs.ghostty.packages.${hyper.system}.default ]; file."${config.xdg.configHome}/ghostty/config".text = with rice.color; /* ini */ '' font-family="${rice.font.code.name}" clipboard-read=allow diff --git a/home-modules/gimp.nix b/home-modules/gimp.nix index b9ebf9a..666c41d 100644 --- a/home-modules/gimp.nix +++ b/home-modules/gimp.nix @@ -1,6 +1,6 @@ -{ pkgs-latest, ... }: +{ pkgs, ... }: { - home.packages = with pkgs-latest; [ + home.packages = with pkgs; [ # (gimp-with-plugins.override { # plugins = with gimpPlugins; [ bimp ]; # }) diff --git a/home-modules/git.nix b/home-modules/git.nix index 2f14d6a..1e54806 100644 --- a/home-modules/git.nix +++ b/home-modules/git.nix @@ -1,4 +1,4 @@ -{ pkgs, rice, ... }: +{ pkgs, hyper, rice, ... }: { home.packages = with pkgs; [ git @@ -36,7 +36,7 @@ programs.git = { enable = true; userName = ''Lennart J. Kurzweg (Nx2)''; - userEmail = "git@nx2.site"; + userEmail = "git@${hyper.domain}"; delta = { enable = true; options = { diff --git a/home-modules/hyprland.nix b/home-modules/hyprland.nix index 9be707d..2198d7b 100644 --- a/home-modules/hyprland.nix +++ b/home-modules/hyprland.nix @@ -1,4 +1,4 @@ -{config, pkgs, pkgs-unstable, inputs, host, user, nvidia, rice, lib, ... }: +{ config, pkgs, hyper, inputs, rice, ... }: let animation-speed = "5"; transparency = builtins.toString rice.transparency; @@ -83,10 +83,10 @@ in { settings = { monitor = - if host == "NxXPS" then (with monitors.xps; [ + if hyper.host == "NxXPS" then (with monitors.xps; [ "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" "${second.name}, ${second.resolution}, ${second.position}, ${second.scale}" - ]) else (if host == "NxNORTH" then (with monitors.north; [ + ]) else (if hyper.host == "NxNORTH" then (with monitors.north; [ "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" "${left.name}, ${left.resolution}, ${left.position}, ${left.scale}" # "${right.name}, ${right.resolution}, ${right.position}, ${right.scale}" @@ -95,10 +95,10 @@ in { ])); workspace = let - d1 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); - d2 = if host == "NxXPS" then monitors.xps.second.name else (if host == "NxNORTH" then monitors.north.left.name else monitors.ace.main.name); - d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); - # d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name); + d1 = if hyper.host == "NxXPS" then monitors.xps.main.name else (if hyper.host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); + d2 = if hyper.host == "NxXPS" then monitors.xps.second.name else (if hyper.hyper.host == "NxNORTH" then monitors.north.left.name else monitors.ace.main.name); + d3 = if hyper.host == "NxXPS" then monitors.xps.main.name else (if hyper.host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); + # d3 = if hyper.host == "NxXPS" then monitors.xps.main.name else (if hyper.hyper.host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name); compact = "gapsin:0, gapsout:0, bordersize:1, rounding:false"; in [ "11, monitor:${d1}, default:true" @@ -122,7 +122,7 @@ in { "28, monitor:${d2}" "29, monitor:${d2}" "20, monitor:${d2}" - "31, monitor:${d3}, default:${let x = if host == "NxNORTH" then "true" else "false"; in x}" + "31, monitor:${d3}, default:${let x = if hyper.host == "NxNORTH" then "true" else "false"; in x}" "32, monitor:${d3}" "33, monitor:${d3}" "34, monitor:${d3}" @@ -143,7 +143,7 @@ in { # }; - env = if nvidia.enable == true then [ + env = if hyper.nvidia.enable == true then [ "LIBVA_DRIVER_NAME,nvidia" "XDG_SESSION_TYPE,wayland" "GBM_BACKEND,nvidia-drm" @@ -209,7 +209,7 @@ in { # bezier = "myBezier, 0.01, 0.9, 0.1, 1.0"; #o # bezier = "myBezier, 0.83, 0, 0.17, 1"; # io bezier = "myBezier, 0.33, 1, 0.68, 1"; - animation = let direction = if host == "NxXPS" then "slide" else "slidevert"; in [ + animation = let direction = if hyper.host == "NxXPS" then "slide" else "slidevert"; in [ "windows, 1, ${animation-speed}, myBezier, slide" "border, 1, ${animation-speed}, myBezier" "fade, 1, ${animation-speed}, myBezier" @@ -591,7 +591,7 @@ in { submap = color ${action_simple { key = "W"; cmd = ''exec,swww query | sed -n 1p | sed -E 's-.*image: (.*)-"\1"-g' | xargs change_colors_json img && notify-send 'change_colors_json img successfull' ''; }} ${action_simple { key = "M"; cmd = ''exec,change_colors_json manual && notify-send 'change_colors_json manual successfull' ''; }} - ${action_simple { key = "D"; cmd = ''exec,firefox /home/${user}/.config/color-pallete.html''; }} + ${action_simple { key = "D"; cmd = ''exec,firefox ${hyper.home}/.config/color-pallete.html''; }} bind = , Escape, execr, waybar_mode unset bind = , Escape, submap, reset submap = reset @@ -609,7 +609,7 @@ in { }; home.file = let - m = if host == "NxXPS" then monitors.xps.main.name else monitors.north.main.name; + m = if hyper.host == "NxXPS" then monitors.xps.main.name else monitors.north.main.name; in { ".config/hypr/hyprlock.conf".text = '' background { diff --git a/home-modules/matrix.nix b/home-modules/matrix.nix index 8d8408c..0968292 100644 --- a/home-modules/matrix.nix +++ b/home-modules/matrix.nix @@ -1,4 +1,4 @@ -{ pkgs, host, ... }: +{ pkgs, hyper, ... }: { home.packages = with pkgs; [ # cinny-desktop @@ -79,7 +79,7 @@ nx2site.ssl_verify = on nx2site.username = "nx2" nx2site.password = "''${sec.data.matrix_nx2site_password}" - nx2site.device_name = "Weechat@${host}" + nx2site.device_name = "Weechat@${hyper.host}" nx2site.autoreconnect_delay = 10 nx2site.sso_helper_listening_port = 0 ''; diff --git a/home-modules/nvidia.nix b/home-modules/nvidia.nix index 9539b37..fb75673 100644 --- a/home-modules/nvidia.nix +++ b/home-modules/nvidia.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, nvidia, ... }: -lib.mkIf (nvidia.enable == true) +{ pkgs, hyper, ... }: +pkgs.lib.mkIf (hyper.nvidia.enable == true) { home = { packages = with pkgs; [ diff --git a/home-modules/obs.nix b/home-modules/obs.nix index 73fea59..eea25f6 100644 --- a/home-modules/obs.nix +++ b/home-modules/obs.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, host, ... }: -lib.mkIf (host != "NxACE") +{ pkgs, hyper, ... }: +pkgs.lib.mkIf (hyper.host != "NxACE") { # home.packages = with pkgs; [ # obs-studio diff --git a/home-modules/office.nix b/home-modules/office.nix index 830f7c2..cc9b604 100644 --- a/home-modules/office.nix +++ b/home-modules/office.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, user, ... }: +{ pkgs, ... }: { home.packages = with pkgs; [ libreoffice diff --git a/home-modules/ollama.nix b/home-modules/ollama.nix index d9dc5fa..5b32507 100644 --- a/home-modules/ollama.nix +++ b/home-modules/ollama.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { home.packages = with pkgs; [ + ollama (writers.writePython3Bin "ooo" { libraries = [ pkgs.python3Packages.ollama ]; flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" ]; diff --git a/home-modules/pnx.nix b/home-modules/pnx.nix index a6533ab..ea976f5 100644 --- a/home-modules/pnx.nix +++ b/home-modules/pnx.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, host, secrets, ... }: -lib.mkIf (host != "NxACE") +{ pkgs, hyper, secrets, ... }: +pkgs.lib.mkIf (hyper.host != "NxACE") { home.packages = [ pkgs.remmina @@ -7,7 +7,7 @@ lib.mkIf (host != "NxACE") (pkgs.writeShellScriptBin "connect_to_pnx" '' pushd ~/.vpn/ - sudo openvpn --config /home/nx2/.vpn/ljk-pnx.ovpn --auth-user-pass ~/.vpn/ljk-pnx-pass.txt #gets put there by home-manager + sudo openvpn --config ${hyper.home}/.vpn/ljk-pnx.ovpn --auth-user-pass ~/.vpn/ljk-pnx-pass.txt #gets put there by home-manager popd '') diff --git a/home-modules/sent.nix b/home-modules/sent.nix index 39d355a..ec9d731 100644 --- a/home-modules/sent.nix +++ b/home-modules/sent.nix @@ -3,8 +3,6 @@ let my-sent = pkgs.sent.override { patches = [ ./sent.patch - # /home/${user}/.local/share/sent.patch - # (builtins.toFile "/home/${user}/ ]; }; in diff --git a/home-modules/ssh.nix b/home-modules/ssh.nix index 37d0c5e..f4936ed 100644 --- a/home-modules/ssh.nix +++ b/home-modules/ssh.nix @@ -5,17 +5,17 @@ file.".ssh/config".text = '' HOST nxace HostName ssh.${hyper.domain} - User nx2 + User ${hyper.user} Port 50022 HOST nxacel HostName 10.0.1.1 - User nx2 + User ${hyper.user} Port 50022 HOST nxrpil HostName 10.0.1.31 - User nx2 + User ${hyper.user} Port 22 HOST nxgit diff --git a/home-modules/tts.nix b/home-modules/tts.nix index ebd8755..a454241 100644 --- a/home-modules/tts.nix +++ b/home-modules/tts.nix @@ -1,5 +1,4 @@ -{ pkgs, lib, user, ... }: -lib.mkIf (user != "tv") +{ pkgs, ... }: { home.packages = with pkgs; [ (writeShellApplication { diff --git a/home-modules/virt-manager.nix b/home-modules/virt-manager.nix index 9e72bee..882b953 100644 --- a/home-modules/virt-manager.nix +++ b/home-modules/virt-manager.nix @@ -1,5 +1,5 @@ -{ config, pkgs, lib, host, ... }: -lib.mkIf (host == "NxNORTH") +{ pkgs, hyper, ... }: +pkgs.lib.mkIf (hyper.host == "NxNORTH") { home.packages = with pkgs; [ virt-manager diff --git a/home-modules/vscode.nix b/home-modules/vscode.nix index 6a3fa2c..abef521 100644 --- a/home-modules/vscode.nix +++ b/home-modules/vscode.nix @@ -1,6 +1,6 @@ -{ config, pkgs, lib, host, rice, ... }: +{ config, pkgs, hyper, rice, ... }: { - config = lib.mkIf (host != "NxACE") { + config = pkgs.lib.mkIf (hyper.host != "NxACE") { home.packages = [ pkgs.vscodium pkgs.nixpkgs-fmt @@ -85,20 +85,20 @@ }; }; - imports = if host != "NxACE" then [ - # Make vscode settings writable - (import - (builtins.fetchurl { - url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/mutability.nix"; - sha256 = "4b5ca670c1ac865927e98ac5bf5c131eca46cc20abf0bd0612db955bfc979de8"; - }) - { inherit config lib; }) + # imports = if hyper.host != "NxACE" then [ + # # Make vscode settings writable + # (import + # (builtins.fetchurl { + # url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/mutability.nix"; + # sha256 = "4b5ca670c1ac865927e98ac5bf5c131eca46cc20abf0bd0612db955bfc979de8"; + # }) + # { inherit config pkgs; lib = pkgs.lib; }) - (import - (builtins.fetchurl { - url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/vscode.nix"; - sha256 = "fed877fa1eefd94bc4806641cea87138df78a47af89c7818ac5e76ebacbd025f"; - }) - { inherit config lib pkgs; }) - ] else []; + # (import + # (builtins.fetchurl { + # url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/vscode.nix"; + # sha256 = "fed877fa1eefd94bc4806641cea87138df78a47af89c7818ac5e76ebacbd025f"; + # }) + # { inherit config pkgs; lib = pkgs.lib; }) + # ] else []; } diff --git a/home-modules/wallpaper-to-colors.nix b/home-modules/wallpaper-to-colors.nix index fb53f88..98744dd 100644 --- a/home-modules/wallpaper-to-colors.nix +++ b/home-modules/wallpaper-to-colors.nix @@ -1,6 +1,6 @@ -{ pkgs-unstable, ... }: +{ pkgs, ... }: { - home.packages = with pkgs-unstable; [ + home.packages = with pkgs; [ (writers.writePython3Bin "change_colors_json" { libraries = with python3Packages; [ numpy pillow scikit-learn ]; flakeIgnore = [ "E302" "E305" "E226" "E501" ]; diff --git a/home-modules/waybar.nix b/home-modules/waybar.nix index e142715..ab3b8b9 100644 --- a/home-modules/waybar.nix +++ b/home-modules/waybar.nix @@ -1,4 +1,4 @@ -{ config, pkgs, rice, domain, user, ... }: +{ pkgs, hyper, rice, ... }: let sep = " "; in { @@ -121,8 +121,8 @@ def get_ongoing_or_next_event(url, username, password): if __name__ == "__main__": password_file = "/home/nx2/.config/sops-nix/secrets/nx2site/radicale/password" # Path to password file cache_file = "/tmp/caldav_event_cache.json" # Path to cache file - url = "https://dav.${domain}/" - username = "${user}" + url = "https://dav.${hyper.domain}/" + username = "${hyper.user}" password = get_password(password_file) event_dict = load_cache(cache_file) diff --git a/home.nix b/home.nix index e089093..c1d8e30 100644 --- a/home.nix +++ b/home.nix @@ -1,4 +1,4 @@ -{ pkgs, pkgs-unstable, lib, host, user, inputs, ... }: +{ pkgs, hyper, inputs, ... }: { imports = [ ./home-modules/auto-mount.nix @@ -12,7 +12,6 @@ ./home-modules/email.nix ./home-modules/firefox.nix ./home-modules/fish.nix - # ./home-modules/foot.nix ./home-modules/games.nix ./home-modules/gestures.nix ./home-modules/ghostty.nix @@ -32,7 +31,6 @@ ./home-modules/nixd.nix ./home-modules/nvidia.nix ./home-modules/nxgs.nix - # ./home-modules/nx-gcal-event.nix ./home-modules/obs.nix ./home-modules/office.nix ./home-modules/ollama.nix @@ -61,12 +59,13 @@ ./home-modules/yazi.nix ./home-modules/zathura.nix ./home-modules/zoxide.nix - ] ++ (if (host == "NxACE") then [ + ] ++ (if (hyper.host == "NxACE") then [ ./home-modules/nx2site.nix ./home-modules/nx2site-backup.nix ] else []); - home.username = user; - home.homeDirectory = "/home/${user}"; + home.username = hyper.user; + # home.homeDirectory = hyper.home; # for some reason you cant use hyper.home here + home.homeDirectory = "/home/${hyper.user}"; home.stateVersion = pkgs.version; home.packages = with pkgs; [ bat @@ -122,14 +121,14 @@ inputs.zen-browser.packages."${system}".default - ]) ++ (if host != "NxACE" then (with pkgs; [ + ] ++ (if hyper.host != "NxACE" then [ signal-desktop obsidian zoom-us inkscape - ]) else (with pkgs-unstable; [ + ] else { - ])); + }); xdg = { enable = true; diff --git a/sops-secrets.yaml b/sops-secrets.yaml index a90532c..e76b7e4 100644 --- a/sops-secrets.yaml +++ b/sops-secrets.yaml @@ -47,10 +47,6 @@ eduroam: hsmw-vpn-secret: ENC[AES256_GCM,data:3bKxRGTQcbhRjzARSpYBW5ekQW/U/ixzNiFmO36gw0NKyDMLlbVbJBqXvi71M0GXgmo/FA==,iv:7bVDA8u9apDNXFY/vEMbz/0HywG5Pyrl5JfZrcNCr8w=,tag:xz4j7cEc5hvLwrItWjkx0Q==,type:str] postgres-pw: ENC[AES256_GCM,data:D9b7IbvLshmRuSyF9+V3WqVf/95+OhCJm0g=,iv:D4tpzEBzcCatbnQwtOGn8X0QSrXOye20rXaw8TSB7Gk=,tag:Q0B/86eDKkhu0Jnln1sUyg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e enc: | @@ -88,8 +84,8 @@ sops: SHJLR3lvdlFiRmJuU25RUHFFTmpjamMKbzycdDvQBAuOiRROTZEQSnaXoPapz73L yVS9EUP25FSx/sGqRqaCefbeaybuM1aso6LDnlomv4Bib7zjugWKSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-07T17:02:01Z" - mac: ENC[AES256_GCM,data:js375bjy8Z4ApUXbw4eIqNl5BBgeX2bwMFBCx63LNCsb56OlHyYobQGtL1CwcDGW/+hwVLJSxbEDwqzJiu5vQ/2Cp00nVwvumHrvqZi/Ka4r87uNd6psE4nMq6ROHP0kJm6STKqd6MDyuLRjfX5zrki7ZhYTWsYS90/d9SUHUj8=,iv:W3w1f7lkL3fuOWmNhLUsOTKG18+wLhWA04GjygDIUEc=,tag:AYy9O7OcsY2W4VbOzyM5oA==,type:str] + lastmodified: "2025-05-27T09:47:30Z" + mac: ENC[AES256_GCM,data:B+XFym/hSq5ntjm7N2b2026tyX8jVfUcHBIbe+UIPtVNoT9Mx95vlcBnF/6+KrsI1VIe2x1rraIt0KyVVg6g3S0LVfDZumMvgjTtGQIJsLwz0UOOnkX1CBJYpca+Ec1ojtp/7xKFxBuBTuQIPsrDWF+myqvdkYF9Gb0mjMvGbdo=,iv:WAGuWuFBVwY39SBoW5JXtZMAKmzqaQSV7rBcWYQzQ1s=,tag:rQuoAh22DgFTx7iilgT74A==,type:str] pgp: - created_at: "2024-06-09T19:44:41Z" enc: |- @@ -104,4 +100,4 @@ sops: -----END PGP MESSAGE----- fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2 diff --git a/system-modules/adb.nix b/system-modules/adb.nix index eeb06e1..39f2268 100644 --- a/system-modules/adb.nix +++ b/system-modules/adb.nix @@ -1,5 +1,5 @@ { pkgs, hyper, lib, ... }: -lib.mkIf (host != "NxACE") +lib.mkIf (hyper.host != "NxACE") { environment.systemPackages = with pkgs; [ adbfs-rootless diff --git a/system-modules/boot.nix b/system-modules/boot.nix index fd5f90c..ee76877 100644 --- a/system-modules/boot.nix +++ b/system-modules/boot.nix @@ -1,7 +1,7 @@ -{ config, pkgs, pkgs-unstable, lib, host, domain, inputs, ... }: +{ config, pkgs, hyper, inputs, ... }: let grub-theme-ascii-diana = (pkgs.fetchFromGitea { - domain = "git.${domain}"; + domain = "git.${hyper.domain}"; owner = "nx2"; repo = "grub-theme-ascii-diana"; rev = "0.5.0"; @@ -9,10 +9,10 @@ let }); in { - imports = if host == "NxNORTH" then [ + imports = if hyper.host == "NxNORTH" then [ inputs.lanzaboote.nixosModules.lanzaboote ] else []; - config = if host == "NxNORTH" then { + config = if hyper.host == "NxNORTH" then { # I have to boot with secureboot becasue of the chinese spyware called Vanguard environment.systemPackages = with pkgs; [ sbctl ]; @@ -22,7 +22,7 @@ in in { enable = true; pkiBundle = "/etc/secureboot"; - package = lib.mkForce (pkgs.writeShellApplication { + package = pkgs.lib.mkForce (pkgs.writeShellApplication { name = "lzbt"; runtimeInputs = [ inputs.lanzaboote.packages.x86_64-linux.tool @@ -74,13 +74,13 @@ in # ''; # }; }; - kernelPackages = pkgs-unstable.linuxPackages_zen; + kernelPackages = pkgs.linuxPackages_zen; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; kernelModules = [ "v4l2loopback" ]; extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1''; }; security.polkit.enable = true; - } else if host == "NxXPS" then { + } else if hyper.host == "NxXPS" then { boot = { loader = { efi.canTouchEfiVariables = true; @@ -103,7 +103,7 @@ in ''; }; }; - kernelPackages = pkgs-unstable.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_latest; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; kernelModules = [ "v4l2loopback" ]; extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS VCam" exclusive_caps=1''; diff --git a/system-modules/calendar-lec.nix b/system-modules/calendar-lec.nix index 280c13a..3e3998b 100644 --- a/system-modules/calendar-lec.nix +++ b/system-modules/calendar-lec.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, domain, ... }: +{ config, pkgs, hyper, ... }: { systemd.timers."nx_cal_lec" = { enable = true; @@ -74,7 +74,7 @@ def fetch_and_save_ical_events(ical_url, save_path): if __name__ == "__main__": # Replace with your iCal URL and target file path ICAL_URL = "https://zlypher.github.io/lol-events/cal/league-of-legends-lec.ical" - SAVE_PATH = "${config.services.nginx.virtualHosts."${domain}".root}/lec.ics" + SAVE_PATH = "${config.services.nginx.virtualHosts."${hyper.domain}".root}/lec.ics" fetch_and_save_ical_events(ICAL_URL, SAVE_PATH) ''); @@ -83,7 +83,7 @@ if __name__ == "__main__": ''; serviceConfig = { Type = "oneshot"; - User = "nx2"; + User = hyper.user; }; }; } diff --git a/system-modules/calendar-lr.nix b/system-modules/calendar-lr.nix index d9678ed..bb707b2 100644 --- a/system-modules/calendar-lr.nix +++ b/system-modules/calendar-lr.nix @@ -1,4 +1,4 @@ -{ config, pkgs, domain, ... }: +{ config, pkgs, hyper, ... }: { systemd.timers."nx_cal_lr" = { enable = true; @@ -59,7 +59,7 @@ def fetch_and_save_ical_events(ical_url, save_path): if __name__ == "__main__": # Replace with your iCal URL and target file path ICAL_URL = "https://zlypher.github.io/lol-events/cal/league-of-legends-nlc.ical" - SAVE_PATH = "${config.services.nginx.virtualHosts."${domain}".root}/lr.ics" + SAVE_PATH = "${config.services.nginx.virtualHosts."${hyper.domain}".root}/lr.ics" fetch_and_save_ical_events(ICAL_URL, SAVE_PATH) ''); @@ -68,7 +68,7 @@ if __name__ == "__main__": ''; serviceConfig = { Type = "oneshot"; - User = "nx2"; + User = hyper.user; }; }; } diff --git a/system-modules/calendar-publish.nix b/system-modules/calendar-publish.nix index 0a60d97..68c648e 100644 --- a/system-modules/calendar-publish.nix +++ b/system-modules/calendar-publish.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, ... }: +{ pkgs, hyper, ... }: let radicale-root = "/var/lib/radicale"; web-root = "/var/nginx/webroot"; @@ -115,11 +115,11 @@ def combine_ics_from_directories(directories, output_file): if __name__ == "__main__": # List of directories containing .ics files DIRECTORIES = [ - "${radicale-root}/collections/collection-root/${user}/preservation", - "${radicale-root}/collections/collection-root/${user}/effort", - "${radicale-root}/collections/collection-root/${user}/experience", - "${radicale-root}/collections/collection-root/${user}/exposure", - "${radicale-root}/collections/collection-root/${user}/engagement", + "${radicale-root}/collections/collection-root/${hyper.user}/preservation", + "${radicale-root}/collections/collection-root/${hyper.user}/effort", + "${radicale-root}/collections/collection-root/${hyper.user}/experience", + "${radicale-root}/collections/collection-root/${hyper.user}/exposure", + "${radicale-root}/collections/collection-root/${hyper.user}/engagement", ] # Path to the output .ics file @@ -132,7 +132,7 @@ if __name__ == "__main__": ''; serviceConfig = { Type = "oneshot"; - User = "nx2"; + User = hyper.user; }; }; } diff --git a/system-modules/dm.nix b/system-modules/dm.nix index 3cf01d5..ba22c88 100644 --- a/system-modules/dm.nix +++ b/system-modules/dm.nix @@ -1,11 +1,11 @@ -{ pkgs, user, ... }: +{ pkgs, hyper, ... }: { services.greetd = { enable = true; settings = rec { hyprland = { command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd Hyprland --remember-user-session --window-padding 5"; - user = user; + user = hyper.user; }; default_session = hyprland; vt = 2; diff --git a/system-modules/games.nix b/system-modules/games.nix index 2a203b6..c503521 100644 --- a/system-modules/games.nix +++ b/system-modules/games.nix @@ -1,6 +1,6 @@ -{ lib, host, ... }: +{ pkgs, hyper, ... }: # lib.mkIf (host == "NxNORTH" || host == "NxACE") -lib.mkIf (host == "NxNORTH") +pkgs.lib.mkIf (hyper.host == "NxNORTH") { programs = { steam = { diff --git a/system-modules/hardware-configuration.nix b/system-modules/hardware-configuration.nix index dfa9c5e..5159e42 100644 --- a/system-modules/hardware-configuration.nix +++ b/system-modules/hardware-configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, user, host, pkgs, modulesPath, ... }: +{ config, pkgs, hyper, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") @@ -13,10 +13,10 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems = if host != "NxACE" then { + fileSystems = if hyper.host != "NxACE" then { "/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; }; - "/home/${user}/shared" = { device = "/dev/disk/by-label/shared"; fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; }; + "/home/${hyper.user}/shared" = { device = "/dev/disk/by-label/shared"; fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; }; } else { "/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; }; @@ -29,23 +29,23 @@ { device = "/dev/disk/by-label/swap"; } ]; - networking.useDHCP = lib.mkDefault true; + networking.useDHCP = pkgs.lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + nixpkgs.hostPlatform = pkgs.lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = pkgs.lib.mkDefault config.hardware.enableRedistributableFirmware; # from nixos-hardware - services.thermald.enable = lib.mkDefault true; - boot.extraModprobeConfig = if host == "NxXPS" then '' + services.thermald.enable = pkgs.lib.mkDefault true; + boot.extraModprobeConfig = if hyper.host == "NxXPS" then '' options iwlwifi 11n_disable=8 '' else ""; - boot.initrd.kernelModules = if host == "NxXPS" then [ "i915" ] else []; + boot.initrd.kernelModules = if hyper.host == "NxXPS" then [ "i915" ] else []; - environment.variables = if host == "NxXPS" then { - VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl"); + environment.variables = if hyper.host == "NxXPS" then { + VDPAU_DRIVER = pkgs.lib.mkIf config.hardware.graphics.enable (pkgs.lib.mkDefault "va_gl"); } else {}; - hardware.graphics.extraPackages = if host == "NxXPS" then with pkgs; [ + hardware.graphics.extraPackages = if hyper.host == "NxXPS" then with pkgs; [ (if (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05") then vaapiIntel else intel-vaapi-driver) libvdpau-va-gl intel-media-driver diff --git a/system-modules/health_reminder.nix b/system-modules/health_reminder.nix index a18e43e..e7f0f17 100644 --- a/system-modules/health_reminder.nix +++ b/system-modules/health_reminder.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, host, ... }: -lib.mkIf (host != "NxACE") +{ pkgs, hyper, ... }: +pkgs.lib.mkIf (hyper.host != "NxACE") { systemd.timers."health_reminder" = { enable = true; @@ -56,7 +56,7 @@ lib.mkIf (host != "NxACE") ''; serviceConfig = { Type = "oneshot"; - User = "nx2"; + User = hyper.user; }; }; } diff --git a/system-modules/hugo.nix b/system-modules/hugo.nix index 713662a..0c1ee73 100644 --- a/system-modules/hugo.nix +++ b/system-modules/hugo.nix @@ -1,5 +1,5 @@ -{ pkgs-unstable, user, ... }: -let p = pkgs-unstable; in +{ pkgs, hyper, ... }: +let p = pkgs; in { environment.systemPackages = with p; [ hugo @@ -11,7 +11,7 @@ let p = pkgs-unstable; in "hugo".name = "hugo"; }; users = { - "${user}".extraGroups = [ "hugo" ]; + "${hyper.user}".extraGroups = [ "hugo" ]; "nginx".extraGroups = [ "hugo" ]; "hugo" = { isSystemUser = true; diff --git a/system-modules/nvidia.nix b/system-modules/nvidia.nix index e346349..6df57ec 100644 --- a/system-modules/nvidia.nix +++ b/system-modules/nvidia.nix @@ -1,5 +1,5 @@ -{ config, pkgs, lib, nvidia, ... }: -lib.mkIf nvidia.enable +{ config, pkgs, hyper, ... }: +pkgs.lib.mkIf hyper.nvidia.enable { environment.systemPackages = with pkgs; [ lshw @@ -21,7 +21,7 @@ lib.mkIf nvidia.enable hardware = { nvidia = { - prime = lib.mkIf nvidia.prime { + prime = pkgs.lib.mkIf hyper.nvidia.prime { intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; offload = { @@ -41,7 +41,7 @@ lib.mkIf nvidia.enable # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = nvidia.prime; + powerManagement.finegrained = hyper.nvidia.prime; # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). diff --git a/system-modules/nx2site.nix b/system-modules/nx2site.nix index 7022dd4..1fadf6e 100644 --- a/system-modules/nx2site.nix +++ b/system-modules/nx2site.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, domain, secrets, ... }: +{ config, pkgs, hyper, secrets, ... }: let dns-user = "cloudflare"; in { sops.secrets = { @@ -15,7 +15,7 @@ let dns-user = "cloudflare"; in isSystemUser = true; group = dns-user; }; - "${user}".extraGroups = [ dns-user ]; + "${hyper.user}".extraGroups = [ dns-user ]; }; groups."${dns-user}" = {}; }; @@ -84,13 +84,13 @@ def main(): # Perform DNS updates # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record - print(f"${domain}: {update_record(record_id="${record_id.base}", record_name="${domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}") - print(f"*.${domain}: {update_record(record_id="${record_id.sub}", record_name="*.${domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}") - print(f"ssh.${domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}") + print(f"${hyper.domain}: {update_record(record_id="${record_id.base}", record_name="${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}") + print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub}", record_name="*.${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}") + print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}") - print(f"${domain}: {update_record(record_id="${record_id.base6}", record_name="${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}") - print(f"*.${domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}") - print(f"ssh.${domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}") + print(f"${hyper.domain}: {update_record(record_id="${record_id.base6}", record_name="${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}") + print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}") + print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}") if __name__ == "__main__": main() diff --git a/system-modules/nx2site/dyn_dns.nix b/system-modules/nx2site/dyn_dns.nix index 6663a22..4b66574 100644 --- a/system-modules/nx2site/dyn_dns.nix +++ b/system-modules/nx2site/dyn_dns.nix @@ -1,4 +1,4 @@ -{ config, pkgs, domain, ... }: +{ config, pkgs, hyper, ... }: { sops.secrets = { # "nx2site/namecheap.pw" = { }; @@ -8,13 +8,14 @@ }; }; services.cloudflare-dyndns = { + pkgs = pkgs.cloudflare-dyndns; enable = true; ipv4 = true; ipv6 = config.networking.enableIPv6; domains = [ - "${domain}" - "*.${domain}" - "ssh.${domain}" + "${hyper.domain}" + "*.${hyper.domain}" + "ssh.${hyper.domain}" ]; proxied = true; apiTokenFile = config.sops.secrets."nx2site/cloudflare/global-api-key-env".path; diff --git a/system-modules/nx2site/gitea.nix b/system-modules/nx2site/gitea.nix index d6ea24e..9276ff5 100644 --- a/system-modules/nx2site/gitea.nix +++ b/system-modules/nx2site/gitea.nix @@ -1,4 +1,4 @@ -{ config, pkgs, secrets, user, domain, ... }: +{ config, pkgs, hyper, secrets, ... }: let git-user = "git"; in { sops.secrets = { @@ -7,13 +7,13 @@ let git-user = "git"; in users = { users = { - "${user}".extraGroups = [ git-user ]; + "${hyper.user}".extraGroups = [ git-user ]; "${git-user}" = { isSystemUser = true; group = git-user; useDefaultShell = true; home = config.services.gitea.stateDir; - openssh.authorizedKeys.keys = config.users.users."${user}".openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.users.users."${hyper.user}".openssh.authorizedKeys.keys; }; }; groups."${git-user}" = {}; @@ -63,12 +63,12 @@ let git-user = "git"; in START_SSH_SERVER = false; # default SSH_LISTEN_HOST = "0.0.0.0"; SSH_PORT = secrets.ssh.port; - DOMAIN = "git.${domain}"; - SSH_DOMAIN = "ssh.${domain}"; + DOMAIN = "git.${hyper.domain}"; + SSH_DOMAIN = "ssh.${hyper.domain}"; # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}"; # HTTP_PORT = 3000; # default # PROTOCOL = "http"; # default - ROOT_URL = "https://git.${domain}/"; # default + ROOT_URL = "https://git.${hyper.domain}/"; # default }; session = { COOKIE_SECURE = true; @@ -90,7 +90,7 @@ let git-user = "git"; in # hash = "sha256-Eibgoc3BJUXWdq8irgXea09fAvfKx2eQrJotp3P5DTg="; # }; theme = pkgs.fetchFromGitea { - domain = "git.${domain}"; + domain = "git.${hyper.domain}"; owner = "nx2"; repo = "Gitea-Pitch-Black"; rev = "0.1.0"; diff --git a/system-modules/nx2site/nextcloud.nix b/system-modules/nx2site/nextcloud.nix index 4f5ef82..37d067c 100644 --- a/system-modules/nx2site/nextcloud.nix +++ b/system-modules/nx2site/nextcloud.nix @@ -1,4 +1,4 @@ -{ config, domain, ... }: +{ config, hyper, ... }: { sops.secrets = { "nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; }; @@ -9,7 +9,7 @@ services = { nextcloud = { enable = true; - hostName = "nc.${domain}"; + hostName = "nc.${hyper.domain}"; https = true; configureRedis = true; config = { diff --git a/system-modules/nx2site/open-web-calendar.nix b/system-modules/nx2site/open-web-calendar.nix index 056f663..756aa7b 100644 --- a/system-modules/nx2site/open-web-calendar.nix +++ b/system-modules/nx2site/open-web-calendar.nix @@ -1,15 +1,14 @@ -{ pkgs, domain, ... }: +{ pkgs, hyper, ... }: { services = { open-web-calendar = { enable = true; - domain = "cal.${domain}"; + domain = "cal.${hyper.domain}"; package = pkgs.open-web-calendar; settings = { # PORT = 21342; }; - calendarSettings = { - }; + calendarSettings = { }; }; }; } diff --git a/system-modules/nx2site/paperless.nix b/system-modules/nx2site/paperless.nix index 45e3157..7ff6604 100644 --- a/system-modules/nx2site/paperless.nix +++ b/system-modules/nx2site/paperless.nix @@ -1,4 +1,4 @@ -{ pkgs, config, secrets, domain, user, ... }: +{ config, pkgs, hyper, secrets, ... }: let paperless-user = "paperless"; in { sops.secrets = { @@ -8,7 +8,7 @@ let paperless-user = "paperless"; in }; users.users = { - "${user}".extraGroups = [ paperless-user ]; + "${hyper.user}".extraGroups = [ paperless-user ]; "${paperless-user}".extraGroups = [ "redis-paperless" ]; }; @@ -64,7 +64,7 @@ let paperless-user = "paperless"; in # PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB. # PAPERLESS_LOGROTATE_MAX_BACKUPS= 20. # PAPERLESS_SECRET_KEY= - PAPERLESS_URL = "https://doc.${domain}"; + PAPERLESS_URL = "https://doc.${hyper.domain}"; # PAPERLESS_CSRF_TRUSTED_ORIGINS= # PAPERLESS_ALLOWED_HOSTS= # PAPERLESS_CORS_ALLOWED_HOSTS= diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix index a8e85ec..8be91bc 100644 --- a/system-modules/nx2site/proxy.nix +++ b/system-modules/nx2site/proxy.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, domain, ... }: +{ config, hyper, pkgs, ... }: { sops.secrets = { "nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; }; @@ -8,13 +8,13 @@ security.acme = { acceptTerms = true; defaults = { - email = "acme@${domain}"; + email = "acme@${hyper.domain}"; webroot = "/var/nginx/webroot"; group = "nginx"; }; certs = { - "${domain}" = { - extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" "dev" ]; + "${hyper.domain}" = { + extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [ "sync" "dev" ]; }; }; }; @@ -76,7 +76,7 @@ enableACME = true; }; in { - "${domain}" = vh // { + "${hyper.domain}" = vh // { root = "/var/nginx/webroot"; default = true; listen = dl; @@ -95,11 +95,11 @@ "/.well-known/matrix/server" = { return = "502"; }; }; }; - "matrix.${domain}" = { + "matrix.${hyper.domain}" = { listen = dl; locations = { "~.*" = { return = "502"; }; }; }; - # "pw.${domain}" = vh // { + # "pw.${hyper.domain}" = vh // { # listen = dl; # locations = let d = "pw.docker:80"; in { # "/" = { proxyPass = "http://${d}"; }; @@ -108,7 +108,7 @@ # "/notifications/hub/negotiate" = { proxyPass = "http://${d}"; }; # }; # }; - "pw.${domain}" = vh // { + "pw.${hyper.domain}" = vh // { listen = dl; locations = let d = with config.services.vaultwarden.config; "${ROCKET_ADDRESS}:${builtins.toString ROCKET_PORT}"; @@ -119,38 +119,38 @@ "/notifications/hub/negotiate" = { proxyPass = "http://${d}"; }; }; }; - "sync.${domain}" = vh // { + "sync.${hyper.domain}" = vh // { listen = dl; locations = { "/" = { proxyPass = "http://127.0.0.1:11434"; }; }; }; - # "git.${domain}" = vh // { + # "git.${hyper.domain}" = vh // { # listen = dl; # locations = { "/" = { proxyPass = "http://git.docker:3000"; }; }; # }; - "git.${domain}" = vh // { + "git.${hyper.domain}" = vh // { http2 = false; listen = dl; locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; }; }; - "doc.${domain}" = vh // { + "doc.${hyper.domain}" = vh // { listen = dl; locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; }; - "dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // { + "dav.${hyper.domain}" = lib.mkIf config.services.radicale.enable (vh // { listen = dl; locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; }); - # "nc.${domain}" = vh // { + # "nc.${hyper.domain}" = vh // { # # directly to nc # }; - "abs.${domain}" = vh // { + "abs.${hyper.domain}" = vh // { listen = dl; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}"; proxyWebsockets = true; }; }; - "dev.${domain}" = vh // { + "dev.${hyper.domain}" = vh // { listen = dl ++ [ # { addr = "0.0.0.0"; port = 8000; ssl = true; } # { addr = "[::0]"; port = 8000; ssl = true; } @@ -162,17 +162,17 @@ # }; }; # is done atomatically - # "cal.${domain}" = vh // { + # "cal.${hyper.domain}" = vh // { # listen = dl; # locations = { "/" = { # proxyPass = "http://unix:///run/open-web-calendar/socket"; # proxyWebsockets = true; # }; }; # }; - "~^(.*).${domain}$" = { + "~^(.*).${hyper.domain}$" = { listen = dl; root = "/var/nginx/webroot"; - locations = { "~.*" = { return = "301 https://${domain}/502.html"; }; }; + locations = { "~.*" = { return = "301 https://${hyper.domain}/502.html"; }; }; }; }; }; diff --git a/system-modules/nx2site/radicale.nix b/system-modules/nx2site/radicale.nix index b98635d..56861df 100644 --- a/system-modules/nx2site/radicale.nix +++ b/system-modules/nx2site/radicale.nix @@ -1,4 +1,4 @@ -{ config, domain, ... }: +{ config, hyper, ... }: { sops.secrets = { "nx2site/radicale/htpasswd" = { @@ -15,7 +15,7 @@ port = builtins.toString 5232; in [ "0.0.0.0:${port}" - "${domain}:${port}" + "${hyper.domain}:${port}" # "192.168.178.32:${port}" ]; auth = { diff --git a/system-modules/nx2site/vaultwarden.nix b/system-modules/nx2site/vaultwarden.nix index d5e5546..8917ca6 100644 --- a/system-modules/nx2site/vaultwarden.nix +++ b/system-modules/nx2site/vaultwarden.nix @@ -1,4 +1,4 @@ -{ config, pkgs, secrets, domain, ... }: +{ config, pkgs, hyper, secrets, ... }: { sops.secrets = { "nx2site/vaultwarden.env" = { @@ -27,7 +27,7 @@ SMTP_PASSWORD = "@SMTP_PASSWORD@"; LOGIN_RATELIMIT_MAX_BURST = 10; LOGIN_RATELIMIT_SECONDS = 60; - DOMAIN = "https://pw.${domain}"; + DOMAIN = "https://pw.${hyper.domain}"; INVITATION_ORG_NAME = "NxPW"; INVITATIONS_ALLOWED = true; ADMIN_TOKEN = "@ADMIN_TOKEN@"; diff --git a/system-modules/ollama.nix b/system-modules/ollama.nix index c642bc8..3c9c9c6 100644 --- a/system-modules/ollama.nix +++ b/system-modules/ollama.nix @@ -1,14 +1,10 @@ -{ pkgs, lib, host, nvidia, ... }: -let - p = if nvidia.enable then pkgs.ollama-cuda else pkgs.ollama; -in { - environment.systemPackages = [ p ]; - +{ pkgs, hyper, ... }: +{ services.ollama = { - package = p; + package = if hyper.nvidia.enable then pkgs.ollama-cuda else pkgs.ollama; enable = true; - acceleration = lib.mkIf nvidia.enable "cuda"; - host = if host == "NxACE" then "0.0.0.0" else "127.0.0.1"; + acceleration = pkgs.lib.mkIf hyper.nvidia.enable "cuda"; + host = if hyper.host == "NxACE" then "0.0.0.0" else "127.0.0.1"; port = 11434; environmentVariables = { OLLAMA_ORIGINS = "*"; diff --git a/system-modules/sops.nix b/system-modules/sops.nix index 717f9ff..f3271ac 100644 --- a/system-modules/sops.nix +++ b/system-modules/sops.nix @@ -1,4 +1,4 @@ -{ pkgs, user, ... }: +{ pkgs, ... }: { environment.systemPackages = with pkgs; [ age @@ -8,15 +8,10 @@ sops = { defaultSopsFile = ../sops-secrets.yaml; defaultSopsFormat = "yaml"; - # age = { - # sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - # generateKey = true; - # }; # gnupg = { # sshKeyPaths = []; - # home = "/home/${user}/.gnupg"; + # home = "${hyper.user}/.gnupg"; # }; - secrets.example = {}; }; } diff --git a/system-modules/syncthing.nix b/system-modules/syncthing.nix index 9c316c9..bfcadbd 100644 --- a/system-modules/syncthing.nix +++ b/system-modules/syncthing.nix @@ -1,10 +1,5 @@ -{ - config, - lib, - user, - host, - secrets, -... }: let +{ config, pkgs, hyper, secrets, ... }: +let # helper funcitons conv = _: device: with device; { "${name}" = {id = id;};}; justname = devices: (builtins.map (device: device.name)) devices; @@ -22,7 +17,7 @@ }; dirs = { - default = { name = "sync"; path = "/home/${user}/sync"; }; + default = { name = "sync"; path = "/home/${hyper.user}/sync"; }; s21u-dcim = { name = "s21u-dcim"; path = "/vault/Pictures/Lennart"; }; diane-dcim = { name = "diane-dcim"; path = "/vault/Pictures/Diane"; }; dianesd-dcim = { name = "dianesd-dcim"; path = "/vault/Pictures/Diane-SD"; }; @@ -31,34 +26,35 @@ }; in { sops.secrets = { - "syncthing/${host}/cert.pem" = { owner = user; }; - "syncthing/${host}/key.pem" = { owner = user; }; + "syncthing/${hyper.host}/cert.pem" = { owner = hyper.user; }; + "syncthing/${hyper.host}/key.pem" = { owner = hyper.user; }; }; services.syncthing = with (builtins.mapAttrs conv devices); { enable = true; - user = "${user}"; - dataDir = "/home/${user}/.local/share/syncthing"; # useless ? - configDir = "/home/${user}/.config/syncthing"; - key = config.sops.secrets."syncthing/${host}/key.pem".path; - cert = config.sops.secrets."syncthing/${host}/cert.pem".path; + user = "${hyper.user}"; + package = pkgs.syncthing; + dataDir = "/home/${hyper.user}/.local/share/syncthing"; # useless ? + configDir = "/home/${hyper.user}/.config/syncthing"; + key = config.sops.secrets."syncthing/${hyper.host}/key.pem".path; + cert = config.sops.secrets."syncthing/${hyper.host}/cert.pem".path; overrideDevices = true; overrideFolders = true; # guiAddress = "127.0.0.1:8384"; - guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384"; + guiAddress = if ( hyper.host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384"; settings = { - devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then ( + devices = with (builtins.mapAttrs conv devices); if (hyper.host == "NxXPS") then ( north // ace // s21u - ) else if (host == "NxNORTH") then ( + ) else if (hyper.host == "NxNORTH") then ( xps // ace // s21u ) else ( north // xps // s21u // diane // daniel // tessa // georg ); - folders = with dirs; if (host == "NxXPS") then { + folders = with dirs; if (hyper.host == "NxXPS") then { "${default.name}" = { path = default.path; devices = with devices; (justname [ north ace s21u ]); }; - } else if (host == "NxNORTH") then { + } else if (hyper.host == "NxNORTH") then { "${default.name}" = { path = default.path; devices = with devices; (justname [ xps ace s21u ]); @@ -91,7 +87,7 @@ in { }; gui = { theme = "black"; - user = user; + user = hyper.user; password = secrets.syncthing.gui-password; # option to use a file is till in the works... https://github.com/NixOS/nixpkgs/issues/85336 }; }; diff --git a/system-modules/virtualisation.nix b/system-modules/virtualisation.nix index 6a8e6db..9fa1b9e 100644 --- a/system-modules/virtualisation.nix +++ b/system-modules/virtualisation.nix @@ -1,12 +1,12 @@ -{ config, pkgs, lib, user, host, ... }: +{ pkgs, hyper, ... }: { - config = lib.mkIf (host == "NxNORTH") { + config = pkgs.lib.mkIf (hyper.host == "NxNORTH") { environment.systemPackages = with pkgs; [ virtiofsd ]; virtualisation.libvirtd.enable = true; programs.virt-manager.enable = true; - users.users."${user}".extraGroups = [ "libvirtd" ]; + users.users."${hyper.user}".extraGroups = [ "libvirtd" ]; }; } \ No newline at end of file diff --git a/system-modules/ydotool.nix b/system-modules/ydotool.nix index 01e4c23..98d213a 100644 --- a/system-modules/ydotool.nix +++ b/system-modules/ydotool.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, host, ... }: -lib.mkIf (host == "NxXPS") +{ pkgs, hyper, ... }: +pkgs.lib.mkIf (hyper.host == "NxXPS") { programs.ydotool.enable = true; }