evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: evan:master
Branches Tags
evan:master evan:snowfall
..
compare: evan:66a47b1338387fc684e923998063f0b4a45f0236
Branches Tags
evan:master evan:snowfall

3 Commits
master ... 66a47b1338

Author SHA1 Message Date
Evan Reichard
66a47b1338 yay 2025-01-27 20:21:43 -05:00
Evan Reichard
dbb1183018 fix 2025-01-27 10:02:49 -05:00
Evan Reichard
88431c9d5c wip2 2025-01-26 22:10:24 -05:00
250 changed files with 2534 additions and 14354 deletions
Expand all files Collapse all files

137
.agents/skills/update-package-hashes/SKILL.md
View File

@@ -1,137 +0,0 @@
---
name: update-package-hashes
description: Update a package in packages/ to a new version and refresh its hashes (src, vendorHash, npmDepsHash, cargoHash, etc.) WITHOUT compiling the package. Use when the user asks to bump, update, or upgrade a specific package under packages/. If version is provided, proceed directly. If not, look up the latest version and ask the user before proceeding.
---
# Update Package Hashes (Without Building)
If the user provides a **package name** and **target version/rev/tag**, proceed directly.
If the user provides only a **package name** (no version), look up the latest version and **ask the user** if they want to proceed before updating.
## Hard Rules — Read First
1. **Never run `nix build .#<pkg>`** or `.#packages.<system>.<pkg>`. That compiles the package. Only realise **FOD sub-attributes** (`.src`, `.goModules`, `.npmDeps`, `.cargoDeps`) — those are pure downloads, not builds.
2. **Never** use `nix-prefetch-git`, `nix-prefetch-github`, `nix-prefetch-url`, `nix hash path`, `nix hash file` (on a raw patch/tarball), `git clone` + manual hashing, `builtins.fetchGit`, or any other ad-hoc method to compute hashes. They produce hashes in formats that don't match what `fetchgit`/`fetchFromGitHub`/`fetchpatch` expect (notably: `fetchFromGitHub { leaveDotGit = true; }` is non-deterministic across machines, and `fetchpatch` normalizes patches — strips `index abc..def`, `From <sha>`, signatures — so its hash ≠ `nix hash file` of the raw `.patch`).
3. There are exactly **two** correct ways to get a hash, both listed below. If neither fits, stop and ask the user — don't improvise.
## The Only Two Methods
### Method A — `nurl` via helper script (preferred for `src` on any git forge)
Use the co-located helper script. It wraps `nurl` and works for any git URL.
```bash
./update-package-hashes.sh hash <git-url> <rev-or-tag>
```
Copy the `hash = "sha256-..."` line from the output into the package's `src` block.
### Method B — FOD mismatch trick (for everything else)
For `vendorHash`, `npmDepsHash`, `cargoHash`, `cargoLock.outputHashes.<crate>`, `fetchpatch` hashes, or any `src` using a custom fetcher (`leaveDotGit`, `postFetch`, `fetchSubmodules`, etc. — applies to `llama-cpp` and `llama-swap`), realise the **specific FOD sub-attribute** and read the `got:` line from the error.
```bash
nix build .#<name>.src --no-link 2>&1 | tee /tmp/hash.log # for src
nix build .#<name>.goModules --no-link 2>&1 | tee /tmp/hash.log # for vendorHash
nix build .#<name>.npmDeps --no-link 2>&1 | tee /tmp/hash.log # for npmDepsHash
nix build .#<name>.cargoDeps --no-link 2>&1 | tee /tmp/hash.log # for cargoHash
nix build .#<name> --no-link 2>&1 | tee /tmp/hash.log # for fetchpatch / other input FODs (see note)
grep -E '^[[:space:]]*got:' /tmp/hash.log | tail -1 | awk '{print $2}'
```
**`fetchpatch` note:** patches don't have a dedicated sub-attribute, so you must target the package itself. This is safe *only* when the patch hash is wrong (e.g. `lib.fakeHash`) — Nix realizes the patch FOD before compilation starts, so a hash mismatch aborts with `0 built (1 failed)` and zero compile work. If you accidentally fix all FODs correctly, `nix build .#<name>` will start compiling. To guard against this: always start patch hashes as `lib.fakeHash`, run the build, copy `got:`, paste, and only then re-verify with `.src` / sub-attribute builds (never re-run `.#<name>` to confirm).
**GitHub PR patches — `.patch` vs `.diff`:** When fetching a patch from a GitHub pull request, prefer the `.diff` endpoint over `.patch`.
- `https://github.com/<owner>/<repo>/pull/<N>.patch` — a `git format-patch` **mbox** containing each commit in the PR separately. `git apply` (which `fetchpatch` and the Nix `patchPhase` use) does **not** replay commit history; it applies hunks against the working tree. PRs that create a file in one commit and delete/rename it in a later commit will fail with errors like `The next patch would delete the file X, which does not exist`.
- `https://github.com/<owner>/<repo>/pull/<N>.diff` — a **squashed** unified diff of the PR's net change. Applies cleanly against any base the PR is mergeable against.
Default to `.diff`. Only fall back to `.patch` if you specifically need authorship metadata (rare for Nix patching). If a previously-working `.patch` URL suddenly fails to apply, switching to `.diff` is the first thing to try.
Always use `lib.fakeHash` (or `pkgs.lib.fakeHash` if only `pkgs` is in scope). This is the only reliable way to set a bogus hash — never write a literal `sha256-...` placeholder string. The build will fail at the FOD with `got: sha256-...` which is the correct value.
**Note:** `.src`, `.goModules`, etc. are sub-attributes of the derivation. They download but do not compile. `nix build .#<name>` (without the `.src` suffix) compiles — never do that.
### Example — Package With `src`, `npmDepsHash`, and `vendorHash`
Use the same pattern for packages that combine a custom `src` fetcher, Go dependencies, and a nested npm UI derivation. `llama-swap` is a concrete example because it uses `leaveDotGit` + `postFetch`, `vendorHash`, and a UI package exposed under `passthru.ui`.
1. Set stale hashes to `lib.fakeHash` where possible:
```nix
src.hash = lib.fakeHash;
vendorHash = lib.fakeHash;
passthru.npmDepsHash = lib.fakeHash;
```
2. Resolve the custom `src` hash first; downstream FODs depend on it:
```bash
nix build .#llama-swap.src --no-link 2>&1 | tee /tmp/llama-swap-src.log
grep -E '^[[:space:]]*got:' /tmp/llama-swap-src.log | tail -1 | awk '{print $2}'
```
Put the `got:` value into `src.hash` before resolving dependency hashes.
3. Resolve the UI npm dependency hash from the nested UI derivation:
```bash
nix build .#llama-swap.passthru.ui.npmDeps --no-link 2>&1 | tee /tmp/llama-swap-npm.log
grep -E '^[[:space:]]*got:' /tmp/llama-swap-npm.log | tail -1 | awk '{print $2}'
```
Put the `got:` value into `passthru.npmDepsHash`.
4. Resolve the Go `vendorHash`:
```bash
nix build .#llama-swap.goModules --no-link 2>&1 | tee /tmp/llama-swap-go.log
grep -E '^[[:space:]]*got:' /tmp/llama-swap-go.log | tail -1 | awk '{print $2}'
```
Put the `got:` value into `vendorHash`.
For other packages, adapt the flake attribute path to where the FOD is exposed (for example, `.#<name>.npmDeps`, `.#<name>.passthru.ui.npmDeps`, or `.#<name>.goModules`).
5. Re-run the FOD sub-attribute builds to confirm they realise successfully:
```bash
nix build .#llama-swap.src --no-link
nix build .#llama-swap.passthru.ui.npmDeps --no-link
nix build .#llama-swap.goModules --no-link
```
If a dependency FOD fails before a hash mismatch (for example, `go.mod requires go >= ...`), fix the package inputs minimally (for example, switch to the matching `buildGo126Module`) and re-run the same FOD sub-attribute. Do not build `.#llama-swap`.
## Lookup Latest Version
When the user asks to update a package but doesn't specify a version:
1. Read `packages/<name>/default.nix` to find the git URL and current version/tag.
2. Determine the tag pattern from the `tag` field (e.g. `"b${version}"` → `'b*'`, `"v${version}"` → `'v*'`).
3. Run the helper script:
```bash
./update-package-hashes.sh releases <git-url> '<pattern>'
```
Shows main HEAD + 5 newest matching tags with commit hashes.
4. **Ask the user** before proceeding (`Current: b8815 → Latest: b8914 — proceed?`).
## Flow
1. **If no version was provided**, look up the latest version (see section above) and ask the user to confirm.
2. Edit `packages/<name>/default.nix` — bump `version` / `rev` / `tag`. Check for sibling `.nix` files (e.g. `ui.nix`) that may also need bumping.
3. Get the new `src` hash with **Method A** (`nurl`). If the package uses a custom fetcher, use **Method B** on `.src` instead.
4. For each dependency hash (`vendorHash` / `npmDepsHash` / `cargoHash` / etc.), use **Method B** on the matching sub-attribute.
5. **Opaque `outputHash` FODs** (e.g. opencode's `node_modules` which runs `bun install`) — do NOT attempt locally. Leave as-is and flag for CI in the summary.
6. Show `git diff -- packages/<name>/` and list any hashes left for CI.
## Don't Touch What Didn't Change
Skip pinned sub-dependencies whose inputs didn't change — e.g. `slack-cli`'s `python-snappy` / `zstd-python` PyPI tarballs are pinned by the upstream `dfindexeddb`, not by the slack-cli rev.
## Optional Shortcut
`nix-update --flake <name> --version <v>` sometimes handles everything for simple packages. Try it first; fall back to the methods above if it fails.

206
.agents/skills/update-package-hashes/update-package-hashes.sh
View File

@@ -1,206 +0,0 @@
#!/usr/bin/env bash
#
# update-package-hashes.sh — Helper for the update-package-hashes skill.
# Co-located in .agents/skills/update-package-hashes/
#
# Usage:
# ./update-package-hashes.sh releases <git-url> [pattern]
# ./update-package-hashes.sh hash <git-url> <rev-or-tag>
# ./update-package-hashes.sh hash <git-url> <rev-or-tag> <fetcher>
# ./update-package-hashes.sh all <git-url> <rev-or-tag> [fetcher]
#
# Examples:
# ./update-package-hashes.sh releases https://github.com/ggml-org/llama.cpp
# ./update-package-hashes.sh releases https://github.com/ggml-org/llama.cpp b*
# ./update-package-hashes.sh hash https://github.com/owner/repo v1.2.3
# ./update-package-hashes.sh hash https://github.com/owner/repo abc1234 fetchFromGitLab
# ./update-package-hashes.sh all https://github.com/owner/repo v1.2.3
set -euo pipefail
usage() {
cat <<'EOF'
Usage:
$0 releases <git-url> [tag-pattern]
Show main branch HEAD + 5 most recent matching releases/tags.
$0 hash <git-url> <rev-or-tag> [fetcher]
Fetch source and print the nix fetcher expression with hash (via nurl).
$0 all <git-url> <rev-or-tag> [fetcher]
Same as hash, but also shows main HEAD + recent releases for context.
Options:
tag-pattern Glob pattern for filtering tags (e.g. 'v*', 'b*').
If omitted, all tags are shown.
fetcher Override the auto-detected fetcher:
fetchFromGitHub (default)
fetchFromGitLab
fetchFromGitLab (e.g. gitea.va.reichard.io)
fetchFromSourceHut
fetchgit (fallback for non-standard forges)
Requires: nix (for nurl), git.
EOF
exit 1
}
# ── Helpers ──────────────────────────────────────────────────────────────────
detect_fetcher() {
local url="$1"
local host
host=$(echo "$url" | sed -E 's|^https?://||' | cut -d/ -f1)
case "$host" in
*github.com)
echo "fetchFromGitHub"
;;
*gitlab.com)
echo "fetchFromGitLab"
;;
*gitea*|*gitlab.reichard*|*gitlab.va.reichard*)
echo "fetchFromGitLab"
;;
*sourcehut*)
echo "fetchFromSourceHut"
;;
*)
echo "fetchgit"
;;
esac
}
normalise_url() {
echo "${1%.git}"
}
# ── Commands ─────────────────────────────────────────────────────────────────
# Show main/master branch HEAD.
show_main_head() {
local url="$1"
local clean_url
clean_url=$(normalise_url "$url")
for branch in main master; do
local line
line=$(git ls-remote "$url" "refs/heads/$branch" 2>/dev/null | head -1)
if [[ -n "$line" ]]; then
local full_rev="${line%% *}"
echo " main: $full_rev"
echo
return
fi
done
# Fallback: try to find any branch
echo " (no main/master branch found)"
echo
}
# List recent tags/releases for a repo.
cmd_releases() {
local url="$1"
local pattern="${2:-}"
local clean_url
clean_url=$(normalise_url "$url")
echo "Recent tags for: $clean_url"
echo "────────────────────────────────────────────────────────"
echo
# Always show main HEAD first
show_main_head "$url"
# Get tags sorted by date (newest first), limited to 5
local tags
if [[ -n "$pattern" ]]; then
tags=$(git ls-remote --tags "$url" "$pattern" 2>&1 \
| grep -v '\^{}' \
| sed -E 's/^[a-f0-9]+[[:space:]]+refs\/tags\/([^\/]+)[[:space:]]*$/\1/' \
| sort -V \
| tail -5 || true)
else
tags=$(git ls-remote --tags "$url" 2>&1 \
| grep -v '\^{}' \
| sed -E 's/^[a-f0-9]+[[:space:]]+refs\/tags\/([^\/]+)[[:space:]]*$/\1/' \
| sort -V \
| tail -5 || true)
fi
if [[ -z "$tags" ]]; then
echo " (no tags found)"
return
fi
printf " %-30s %s\n" "TAG" "COMMIT"
echo " $(printf '%.0s-' {1..72})"
echo "$tags" | tac | while IFS= read -r tag_name; do
local full_rev
full_rev=$(git ls-remote "$url" "refs/tags/$tag_name" 2>/dev/null | head -1 | cut -f1)
if [[ -n "$full_rev" ]]; then
printf " %-30s %s\n" "$tag_name" "$full_rev"
else
printf " %-30s %s\n" "$tag_name" "(not found)"
fi
done
}
# Get the nix fetcher expression with hash for a specific rev/tag.
cmd_hash() {
local url="$1"
local rev="$2"
local fetcher="${3:-}"
if [[ -z "$fetcher" ]]; then
fetcher=$(detect_fetcher "$url")
fi
local clean_url
clean_url=$(normalise_url "$url")
echo "Fetching hash for: $clean_url @ $rev"
echo "Fetcher: $fetcher"
echo "────────────────────────────────────────────────────────"
echo
nix run nixpkgs#nurl -- "$url" "$rev"
}
# Get hash + recent releases for context.
cmd_all() {
local url="$1"
local rev="$2"
local fetcher="${3:-}"
cmd_releases "$url"
echo
cmd_hash "$url" "$rev" "$fetcher"
}
# ── Main ─────────────────────────────────────────────────────────────────────
if [[ $# -lt 2 ]]; then
usage
fi
case "$1" in
releases)
[[ $# -lt 2 ]] && { echo "Error: missing <git-url>" >&2; usage; }
cmd_releases "$2" "${3:-}"
;;
hash)
[[ $# -lt 3 ]] && { echo "Error: missing <git-url> <rev-or-tag>" >&2; usage; }
cmd_hash "$2" "$3" "${4:-}"
;;
all)
[[ $# -lt 3 ]] && { echo "Error: missing <git-url> <rev-or-tag>" >&2; usage; }
cmd_all "$2" "$3" "${4:-}"
;;
*)
echo "Unknown command: $1" >&2
usage
;;
esac

71
.agents/skills/update-vllm-3090-configs/SKILL.md
View File

@@ -1,71 +0,0 @@
---
name: update-vllm-3090-configs
description: Update only the qwen3.6-27b vLLM 3090 llama-swap configs from club-3090 refs; compare diffs, present a plan, and require approval before editing.
---
# Update vLLM 3090 Configs
## Scope
Use only for Qwen3.6 27B vLLM 3090 configs in `modules/nixos/services/llama-swap/`.
Do not use this skill for other models, other Qwen sizes, non-vLLM configs, or package bumps.
Local files:
- `modules/nixos/services/llama-swap/config.nix`
- `modules/nixos/services/llama-swap/setup-qwen36-vllm.sh`
Local config keys:
- `vllm-qwen3.6-27b-tools-text`
- `vllm-qwen3.6-27b-long-text`
- `vllm-qwen3.6-27b-long-vision`
## Hash Tracking
Each config entry stores an upstream commit hash comment:
`# Upstream: club-3090 <hash> (<date>) - <compose-file>`
When comparing, first extract stored hashes. If a config's hash matches
upstream HEAD, skip it (report "already synced"). Only full-diff configs
whose hash differs. Update the hash comment when edits are applied.
## Upstream References
Compare against `club-3090` master:
- `models/qwen3.6-27b/vllm/compose/single/tools-text.yml`
- `models/qwen3.6-27b/vllm/compose/single/long-text.yml`
- `models/qwen3.6-27b/vllm/compose/single/long-vision.yml`
- `scripts/setup.sh` for the current `GENESIS_PIN="${GENESIS_PIN:-...}"`
Use raw URLs or a temp clone under `_scratch/club-3090`. Prefer a temp clone when checking broad changes:
```bash
mkdir -p _scratch
git clone https://github.com/noonghunna/club-3090 _scratch/club-3090 2>/dev/null || git -C _scratch/club-3090 pull --ff-only
```
## Required Workflow
1. Fetch/update upstream refs under `_scratch/club-3090` or fetch the raw files.
2. Extract stored upstream hashes from `# Upstream: club-3090 ...` comments in config.nix. Skip any config whose hash matches upstream HEAD (report "already synced").
3. Compare upstream compose files to the remaining local llama-swap entries. Translate docker-compose semantics into the existing `docker run`/llama-swap format.
4. Compare upstream `scripts/setup.sh` Genesis pin to local `GENESIS_PIN` in `setup-qwen36-vllm.sh`.
5. Check upstream compose volumes/entrypoint for sidecar patches. If patches are added, removed, renamed, or invoked differently, update both:
- runtime mounts and `python3 /patches/...` calls in `config.nix`
- download/install logic and summary in `setup-qwen36-vllm.sh`
6. Ignore these diffs unless the user explicitly asks otherwise:
- `shm_size` / shm-related compose settings
- local timing patch `patch_timings_07351e088.py` and its mount/invocation
- model served-name differences caused by llama-swap `${MODEL_ID}`
- `HUGGING_FACE_HUB_TOKEN`; keep local CUDA device/env choices
- upstream relative paths vs local `/mnt/ssd/vLLM/...` paths
- docker-compose format vs local llama-swap/Nix format
7. Before editing, present:
- upstream files/commit checked
- meaningful diffs found
- ignored diffs
- exact planned local changes
Then wait for explicit user approval.
8. After approval, edit minimally and update the `# Upstream: club-3090 ...` hash comments. Validate:
- `bash -n modules/nixos/services/llama-swap/setup-qwen36-vllm.sh`
- `nix-instantiate --parse modules/nixos/services/llama-swap/config.nix`
9. Summarize changed files and any remaining upstream differences.

1
.envrc
View File

@@ -1 +0,0 @@
use flake

6
.gitignore vendored Executable file → Normal file
View File

@@ -1,6 +1,2 @@
.codexis
.DS_Store
_scratch
result
._*
.direnv
rke2-token

50
.sops.yaml
View File

@@ -1,50 +0,0 @@
keys:
# Global Admin
- &admin_reichard age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
# User SSH Derived
- &user_lin-va-desktop age15hdlen5dgjvdfgg2j0uzvchs5vs3xuptkhsw9xeuatcuk6uwrvcsz7hcsg
- &user_lin-va-mbp-personal age17ayje4uv2mhwehhp9jr3u9l0ds07396kt7ef40sufx89vm7cgfjq6d5d4y
- &user_lin-va-mbp-work-vm age1mar507c9mxmwalg486chs5kfh0mya38rv5w64ypfwnwlawewrpnswerpg8
- &user_lin-va-terminal age1w6avj7gd4f5frk90lsyh4e2k5am6z92hzlr0vpgrm767muyj59qsnuah62
- &user_lin-va-thinkpad age1avlhszrryt4gf4ya536jhzm7qwt9xfttm8x4sns6h9w2tahzqp8sspz9y5
- &user_mac-va-mbp-personal age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c
- &user_mac-va-mbp-work age1ped3hpugq06908ex8kgama33qckqe03rmac5pa6th87vks5d249qhshvqu
# System SSH Derived
- &system_lin-va-desktop age1mxjrvjxkn69kfn2np3wpd73g44fuhsgykw7l5ss9rx30em5jfp2scnrq32
- &system_lin-va-thinkpad age13gymlygyac9z2slecl53jp8spq7e8n4zkan86n0gmnm3nrj4muxqa5ullm
- &system_lin-va-terminal age1rfgh40p6wmaam4ttwgv9xfukgxjruskhfvm0q3ud6lvxtlqc2y8snhwjft
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_reichard
- path_regex: secrets/common/systems.yaml
key_groups:
- age:
- *admin_reichard
- *system_lin-va-desktop
- *system_lin-va-thinkpad
- *system_lin-va-terminal
- path_regex: secrets/common/llama-swap.yaml
key_groups:
- age:
- *admin_reichard
- *system_lin-va-desktop
- *user_lin-va-mbp-personal
- *user_lin-va-mbp-work-vm
- *user_lin-va-terminal
- *user_lin-va-thinkpad
- *user_mac-va-mbp-personal
- *user_mac-va-mbp-work
- path_regex: secrets/common/evanreichard.yaml
key_groups:
- age:
- *admin_reichard
- *user_lin-va-mbp-personal
- *user_lin-va-mbp-work-vm
- *user_lin-va-terminal
- *user_lin-va-thinkpad
- *user_mac-va-mbp-personal
- *user_mac-va-mbp-work

119
AGENTS.md
View File

@@ -1,119 +0,0 @@
# NixOS Configuration — Agent Guide
This is a multi-host NixOS/nix-darwin configuration managed with [Snowfall Lib](https://github.com/snowfallorg/lib). It declaratively configures NixOS (Linux), nix-darwin (macOS), and Home Manager across many machines from a single flake.
## Snowfall Lib Conventions
Snowfall Lib auto-discovers everything by directory convention — there is no manual wiring. The namespace is `reichard`, so all custom options live under `reichard.*` (e.g. `reichard.services.tailscale`, `reichard.programs.terminal.nvim`). Modules use `lib.reichard.enabled` / `lib.reichard.disabled` helpers from `lib/module/default.nix`.
**Important:** Files must be tracked by git (`git add`) for the flake to see them.
## Layout
### `flake.nix`
Entrypoint. Defines inputs (nixpkgs, home-manager, sops-nix, disko, apple-silicon, snowfall-lib, etc.) and calls `snowfall-lib.mkFlake`. All system and home modules are auto-discovered from the directory structure below.
### `systems/`
System-level NixOS and nix-darwin configurations, organized by architecture:
- `systems/aarch64-linux/` — ARM Linux hosts (e.g. Asahi MacBook, Oracle Cloud nodes, headscale)
- `systems/x86_64-linux/` — x86 Linux hosts (desktop, thinkpad, utility servers, Kubernetes nodes)
- `systems/aarch64-darwin/` — macOS hosts (work and personal MacBooks)
- `systems/aarch64-raw-efi/` — Raw EFI image builds (terminal image via nixos-generators)
- `systems/x86_64-vmware/` — VMware images (RKE2 node)
Each host is a directory with a `default.nix` that composes modules via the `reichard.*` option namespace (e.g. `reichard.services.tailscale = enabled;`). Some hosts include `hardware-configuration.nix` or firmware directories.
### `homes/`
Home Manager configurations, organized by `<arch>/<user>@<host>/default.nix`. Each home config enables per-host programs and services (e.g. Neovim, Firefox, Hyprland, git, tmux) via the `reichard.*` namespace, same as system modules.
### `modules/`
Reusable NixOS, Home Manager, and Darwin modules. This is where most of the configuration logic lives.
- **`modules/nixos/`** — NixOS system modules:
- `common/` — Packages applied to all NixOS systems
- `home/` — Home Manager integration (useGlobalPkgs, useUserPackages)
- `nix/` — Nix daemon settings, registries, binary caches, distributed builds
- `user/` — User account creation
- `security/sops/` — sops-nix secret decryption (age-based)
- `system/` — Boot, networking, NetworkManager, disko disk partitioning
- `services/` — Headscale, Tailscale, llama-swap (LLM model server), OpenSSH, RKE2, printing, Avahi, cloud-init, Sunshine, etc.
- `hardware/` — OpenGL, Asahi (Apple Silicon), battery/UPower
- `programs/graphical/wms/hyprland/` — System-level Hyprland WM setup
- `display-managers/sddm/` — SDDM display manager
- `virtualisation/` — Podman, libvirtd
- **`modules/home/`** — Home Manager modules:
- `common/` — Packages applied to all home configs (sqlite, jq, ripgrep, ncdu, jnv)
- `user/` — Home Manager user identity
- `security/sops/` — Per-user secret decryption
- `services/` — Fusuma (touchpad gestures), swww (wallpaper), SSH agent, poweralertd
- `programs/terminal/` — CLI tools: bash, tmux, btop, git, k9s, zk, aws, Neovim, opencode, claude-code, pi
- `programs/graphical/` — GUI apps: Firefox (with extensions overlay), Ghostty, Hyprland (home-level), Remmina, GIMP, Wireshark, Ghidra, Strawberry
- **`modules/darwin/`** — nix-darwin modules: user, OpenSSH, sops
### `modules/home/programs/terminal/nvim/` — Neovim Configuration
This is the full Neovim setup, frequently modified. The `default.nix` declares:
- All plugins (via nixpkgs vimPlugins + custom `buildVimPlugin` for codecompanion.nvim, none-ls-extras, llama.vim)
- LSP servers and formatters as `extraPackages`
- A generated `nix-vars.lua` that injects Nix store paths for LSP binaries
The actual Neovim Lua configuration lives in `config/lua/`:
- `init.lua` — Main loader
- `base.lua` — Core Vim settings and keymaps
- `lsp-config.lua` — LSP server setup (uses paths from `nix-vars.lua`)
- `cmp-config.lua` — nvim-cmp completion
- `llm-config.lua` — LLM integration (codecompanion, llama.vim)
- `snacks-config.lua` — Snacks.nvim dashboard/picker
- `dap-config.lua` — Debug Adapter Protocol (Go, etc.)
- `diagnostics-config.lua`, `ts-config.lua`, `lualine-config.lua`, `noice-config.lua`, `git-config.lua`, `which-key-config.lua`, etc.
When editing the Neovim config, note that **plugin declarations** happen in `default.nix` (Nix), while **plugin configuration** happens in the Lua files under `config/lua/`. LSP binary paths are bridged via the auto-generated `nix-vars.lua`.
### `packages/`
Custom package derivations, auto-discovered by Snowfall Lib and available as `pkgs.reichard.<name>`:
- `codexis/` — Go: code indexer using tree-sitter (built from gitea via `fetchgit`)
- `llama-cpp/` — LLaMA C++ inference engine
- `llama-swap/` — Go: LLM model swap proxy (with UI sub-derivation)
- `opencode/` — Go: terminal coding tool
- `pi-coding-agent/` — Node.js: coding agent CLI
- `qwen-code/` — Qwen code assistant
- `stable-diffusion-cpp/` — Stable Diffusion C++ inference
### `overlays/`
Nixpkgs overlays. Currently just `firefox-addons/` which imports the rycee Firefox addons repository.
### `secrets/`
sops-encrypted secrets (age keys). Managed via `.sops.yaml` which defines per-host and per-user key groups:
- `keys.yaml` — Master key definitions
- `common/evanreichard.yaml` — User-level secrets (shared across personal machines)
- `common/systems.yaml` — System-level secrets (e.g. builder SSH keys)
### `shells/`
Dev shell definitions. `shells/default/` provides the default `nix develop` environment for working on this repo.
### `lib/`
Shared library helpers. `lib/module/default.nix` exports `mkOpt`, `mkBoolOpt`, `enabled`, and `disabled` — used throughout all modules for consistent option declarations.
## Common Tasks
- **Adding a new system:** Create `systems/<arch>/<hostname>/default.nix` and optionally `homes/<arch>/<user>@<hostname>/default.nix`. Compose existing modules via `reichard.*` options.
- **Adding a new module:** Create `modules/{nixos,home,darwin}/<category>/<name>/default.nix` with an `enable` option under the `reichard` namespace. It will be auto-discovered.
- **Adding a new package:** Create `packages/<name>/default.nix`. Run `git add` so the flake sees it. Reference it in modules as `pkgs.reichard.<name>`.
- **Editing Neovim plugins:** Modify `modules/home/programs/terminal/nvim/default.nix` (plugin list, extraPackages, nix-vars).
- **Editing Neovim config (Lua):** Modify files under `modules/home/programs/terminal/nvim/config/lua/`.
- **Managing secrets:** Edit `.sops.yaml` for key groups, use `sops` CLI to encrypt/decrypt files in `secrets/`.
- **Building/testing:** `nix build .#packages.<arch>.<name>` for packages, `nix build .#nixosConfigurations.<host>.config.system.build.toplevel` for full system builds.
- **Bumping a package version / refreshing hashes:** Use the `update-package-hashes` skill at `.pi/skills/update-package-hashes/`.

114
README.md Executable file → Normal file
View File

@@ -1,102 +1,66 @@
# Description
# Deploy NixOS
This repository contains the configuration for multiple machines, as well as my home / IDE config (home-manager).
## Copy Config
```bash
# Install NixOS
./bootstrap.sh install --name lin-va-nix-builder
# Remote Image Build (NixOS Builder)
./bootstrap.sh image --name lin-va-rke2 --remote
# Home Manager Install
home-manager switch --flake .#evanreichard@mac-va-mbp-personal
# Update Flake
nix flake update
scp -r * root@10.10.10.10:/etc/nixos
```
## Manual
## Partition Drives
```bash
# Install NixOS
sudo nixos-rebuild switch --flake .#lin-va-mbp-personal
# Validate Disk
ls -l /dev/disk/by-id
# Install NixOS (Remote)
nix run github:nix-community/nixos-anywhere -- --flake .#lin-cloud-kube1 --target-host \<USER\>@\<IP\>
# Build Image
nix build .#vmwareConfigurations.lin-va-rke2
# Partition Disk
# WARNING: This will destroy all data on the disk(s)
sudo nix \
--experimental-features "nix-command flakes" \
run github:nix-community/disko -- \
--mode disko \
--flake /etc/nixos#lin-va-rke1
```
## Nix Darwin
## Install NixOS
```bash
# Install Nix Without Determinate
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
# Install
sudo nixos-install --flake /etc/nixos#lin-va-rke1
# Switch Nix Darwin
sudo nix run nix-darwin#darwin-rebuild -- switch --flake .#mac-va-mbp-personal
sudo darwin-rebuild switch --flake .#mac-va-mbp-personal
# Reboot
sudo reboot
```
## Clean Garbage
NOTE: This will remove previous generations
## Copy Config Back to Host
```bash
sudo nix-collect-garbage --delete-old
nix-collect-garbage --delete-old
scp -r * nixos@10.0.20.201:/etc/nixos
```
## Home Manager
## Rebuild NixOS
```bash
# Update System Channels
sudo nix-channel --add https://nixos.org/channels/nixpkgs-25.11-darwin nixpkgs
sudo nix-channel --update
# Update Home Manager
nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz home-manager
nix-channel --update
# Link Repo
ln -s /Users/evanreichard/Development/git/personal/nix/home-manager ~/.config/home-manager
# Build Home Manager
home-manager switch
sudo nixos-rebuild switch
```
### OS Update
# Install Kubernetes (RKE2)
`/etc/bashrc` may get overridden. To properly load Nix, prepend the following:
```
# Deploy First Node
sudo nixos-install --flake /etc/nixos#lin-va-rke1
# Reboot & Get Token
cat /var/lib/rancher/rke2/server/node-token
# Deploy Following Nodes
echo "<TOKEN>" > rke2-token
sudo nixos-install --flake /etc/nixos#lin-va-rke2
```
## Notes
## Kasten Port Forward
```bash
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
```
#### SOPS
1. Convert your SSH key to an age key
2. Get age public key
3. Update `.sops.yaml` with rules
4. Edit file
```bash
# Convert SSH to Age
mkdir -p ~/.config/sops/age
ssh-to-age -private-key -i $HOME/.ssh/id_ed25519 -o ~/.config/sops/age/keys.txt
# Get Public Key
age-keygen -y ~/.config/sops/age/keys.txt
ssh-to-age -private-key -i ~/.ssh/id_ed25519 | age-keygen -y
SOPS_AGE_KEY_FILE=<ADMIN_KEY> sops -d --extract '["lin-va-desktop"]["host"]' ./secrets/keys.yaml | ssh-to-age -private-key | age-keygen -y
# Edit File
# NOTE: You can specify key with - `SOPS_AGE_KEY_FILE=~/.config/sops/age/other.txt`
sops secrets/lin-va-thinkpad/evanreichard/default.yaml
kubectl port-forward -n kasten svc/gateway 8000:80
```

187
bootstrap.sh
View File

@@ -1,187 +0,0 @@
#!/bin/sh
export NIX_CONFIG="experimental-features = nix-command flakes"
function cmd_image() {
local usage="Usage: $0 image --name <image-name> [--remote]"
local name=""
local remote=false
while [[ $# -gt 0 ]]; do
case "$1" in
--name)
name="$2"
shift 2
;;
--remote)
remote=true
shift
;;
*)
echo "$usage"
exit 1
;;
esac
done
if [ -z "$name" ]; then
echo "$usage"
exit 1
fi
# Validate Config Exists
if ! nix eval --json --impure \
".#vmwareConfigurations" \
--apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then
echo "Error: NixOS Generator Config '$name' not found"
exit 1
fi
build_args=(".#vmwareConfigurations.$name")
if [ "$remote" = true ]; then
build_args+=("-j0")
fi
if ! nix build "${build_args[@]}"; then
echo "Error: Image build failed"
exit 1
fi
echo "Successfully built image: $name"
}
function cmd_install() {
local usage="Usage: $0 install --name <system-name> [--remote <user@remote-host>]"
local name=""
local remote=""
while [[ $# -gt 0 ]]; do
case "$1" in
--name)
name="$2"
shift 2
;;
--remote)
remote="$2"
shift 2
;;
*)
echo "$usage"
exit 1
;;
esac
done
if [ -z "$name" ]; then
echo "$usage"
exit 1
fi
# Validate Config Exists
if ! nix eval --json --impure \
".#nixosConfigurations" \
--apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then
echo "Error: NixOS configuration '$name' not found"
exit 1
fi
# Validate mainDiskID Exists
if ! disk_id=$(nix eval --raw --impure \
".#nixosConfigurations.$name.config.disko.devices.disk.main.device" 2>/dev/null); then
echo "Error: mainDiskID not defined for configuration '$name'"
exit 1
fi
# Remote or Local
if [ -n "$remote" ]; then
cmd_install_remote "$name" "$remote"
else
cmd_install_local "$name" "$disk_id"
fi
}
function cmd_install_local(){
local name="$1"
local disk_id="$2"
# Validate Disk Exists
if [ ! -e "$disk_id" ]; then
echo "Error: Disk $disk_id not found on system"
exit 1
fi
# Prompt Format
read -p "This will format disk $disk_id. Continue? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Operation Cancelled"
exit 1
fi
echo "Formatting disk: $disk_id"
# Format Disk
if ! sudo nix \
--experimental-features "nix-command flakes" \
run github:nix-community/disko -- \
--mode disko \
--flake "/etc/nixos#$name"; then
echo "Error: Disk formatting failed"
exit 1
fi
# Install NixOS
echo "Installing $name to disk: $disk_id"
if ! sudo nixos-install --flake "/etc/nixos#$name"; then
echo "Error: NixOS installation failed"
exit 1
fi
echo "Successfully installed $name to disk: $disk_id"
# Prompt Reboot
read -p "Reboot? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Operation Complete - Not Rebooting"
exit 0
fi
# Reboot
echo "Operation Complete - Rebooting"
sudo reboot
}
function cmd_install_remote(){
local name="$1"
local remote="$2"
# Prompt Install
read -p "This will completely wipe and install NixOS on $remote with configuration $name. Continue? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Operation Cancelled"
exit 1
fi
# Install NixOS
echo "Installing $name to remote host: $remote"
if ! nix run github:nix-community/nixos-anywhere -- --flake ".#$name" --target-host "$remote"; then
echo "Error: Remote NixOS installation failed"
exit 1
fi
echo "Successfully installed $name to remote host: $remote"
}
case "$1" in
image)
shift
cmd_image "$@"
;;
install)
shift
cmd_install "$@"
;;
*)
echo "Usage: $0 {image|install} --name <name>"
exit 1
;;
esac

535
flake.lock generated
View File

@@ -1,535 +0,0 @@
{
"nodes": {
"apple-silicon": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1778234684,
"narHash": "sha256-usIHfvSt7aXvMvRGtcbsue3rA13Z+9TW/7I3WBzLqFY=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "3d7fe422ef6162154830209b9e50bf69e150cff7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1779036909,
"narHash": "sha256-zXcwYQGCT6pzinK+1dBB2ekTVtfxGZAapb3Evdcu4fY=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "56c666e108467d87d13508936aade6d567f2a501",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"ref": "nix-darwin-26.05",
"repo": "nix-darwin",
"type": "github"
}
},
"determinate": {
"inputs": {
"determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
"determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
"determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
"nix": "nix",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1778179392,
"narHash": "sha256-W6zorvjBYbzMNvqKIqCdpDF4rq3gj50Xximl56YM9/I=",
"owner": "determinatesystems",
"repo": "determinate",
"rev": "efd54faa68be8cd777b5c28cab11e638998a0853",
"type": "github"
},
"original": {
"owner": "determinatesystems",
"repo": "determinate",
"type": "github"
}
},
"determinate-nixd-aarch64-darwin": {
"flake": false,
"locked": {
"narHash": "sha256-z4mCqKI3Qd6weuHrlfzGccJG0giym/VJhKv20ijRSs0=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.20.0/macOS"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.20.0/macOS"
}
},
"determinate-nixd-aarch64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-yW+VNepSRytzfanSssPMJPvwioCcmlZYaBX8++UFkAk=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.20.0/aarch64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.20.0/aarch64-linux"
}
},
"determinate-nixd-x86_64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-+L102C3Hhkd1GlXmRm2eLTLsZKBxEvooiQZFqQRlBf0=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.20.0/x86_64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.20.0/x86_64-linux"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1777713215,
"narHash": "sha256-8GzXDOXckDWwST8TY5DbwYFjdvQLlP7K9CLSVx6iTTo=",
"owner": "nix-community",
"repo": "disko",
"rev": "63b4e7e6cf75307c1d26ac3762b886b5b0247267",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1778385775,
"narHash": "sha256-n0MUvWA2SML/qBB4hpShQ7i+i961MX4oPtaQfYo0+uU=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "268324916742a48cd03b94fd63f2822d6b66d519",
"type": "gitlab"
},
"original": {
"dir": "pkgs/firefox-addons",
"owner": "rycee",
"repo": "nur-expressions",
"type": "gitlab"
}
},
"flake-compat": {
"locked": {
"lastModified": 1761640442,
"narHash": "sha256-AtrEP6Jmdvrqiv4x2xa5mrtaIp3OEe8uBYCDZDS+hu8=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "4a56054d8ffc173222d09dad23adf4ba946c8884",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"revCount": 377,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"git-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": [
"determinate",
"nix"
],
"nixpkgs": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"revCount": 1026,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1780361225,
"narHash": "sha256-wnV9ttf4fPWNonBIQmvlrSlNpQYgx5HgWWd007mwIFA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e28654b71096e08c019d4861ca26acb646f583d8",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-26.05",
"repo": "home-manager",
"type": "github"
}
},
"nix": {
"inputs": {
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": "nixpkgs",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1778177425,
"narHash": "sha256-oyHvP5HDRe59opmjTrq2ED9lh+R9FrHyaCGPPNfBqWM=",
"rev": "f0ccb960d3ad5bff28acd9cabf8bdef885b5d52f",
"revCount": 25858,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.20.0/019e03bc-3f83-7833-aba3-b691ef4956c7/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769813415,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1773222311,
"narHash": "sha256-BHoB/XpbqoZkVYZCfXJXfkR+GXFqwb/4zbWnOr2cRcU=",
"rev": "0590cd39f728e129122770c029970378a79d076a",
"revCount": 909248,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.909248%2Brev-0590cd39f728e129122770c029970378a79d076a/019ce32b-8ace-7339-b129-cceaa8dd10c6/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.2511"
}
},
"nixpkgs-23-11": {
"locked": {
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1777826146,
"narHash": "sha256-wQ/iN5Zp5VIa3ebBibijPnLyKhor+xEbDy4d0goa9Zs=",
"rev": "73c703c22422b8951895a960959dbbaca7296492",
"revCount": 991389,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.991389%2Brev-73c703c22422b8951895a960959dbbaca7296492/019df6c8-934b-7d40-b402-027bb5def30f/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1773628058,
"narHash": "sha256-hpXH0z3K9xv0fHaje136KY872VT2T5uwxtezlAskQgY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f8573b9c935cfaa162dd62cc9e75ae2db86f85df",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1780203844,
"narHash": "sha256-K5sT4jTpGs15ADhviMKNBH38REpPf5Q6mM1+N6cArVE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b51242d7d43689db2f3be91bd05d5b24fbb469c4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-26.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"apple-silicon": "apple-silicon",
"darwin": "darwin",
"determinate": "determinate",
"disko": "disko",
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1765361626,
"narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777944972,
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

147
flake.nix Executable file → Normal file
View File

@@ -2,83 +2,86 @@
description = "NixOS Hosts";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
disko.url = "github:nix-community/disko";
determinate.url = "github:determinatesystems/determinate";
snowfall-lib = {
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-26.05";
inputs.nixpkgs.follows = "nixpkgs";
};
apple-silicon = {
url = "github:nix-community/nixos-apple-silicon";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
darwin = {
url = "github:nix-darwin/nix-darwin/nix-darwin-26.05";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
inputs:
inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
snowfall = {
namespace = "reichard";
meta = {
title = "Reichard";
name = "reichard";
};
};
channels-config = {
allowUnfree = true;
permittedInsecurePackages = [
"intel-ocl-5.0-63503"
];
};
outputs-builder = channels: {
devShells = {
default = import ./shells/default/default.nix { pkgs = channels.nixpkgs; };
};
};
homes.modules = with inputs; [
sops-nix.homeManagerModules.sops
./modules/home/common
];
systems.modules = {
nixos = with inputs; [
outputs = { self, nixpkgs, disko }:
let
mkSystem = { systemConfig, moduleConfig }: nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
sops-nix.nixosModules.sops
./modules/nixos/common
];
darwin = with inputs; [
determinate.darwinModules.default
home-manager.darwinModules.home-manager
sops-nix.darwinModules.sops
./lib/disk-config.nix
./lib/common-system.nix
systemConfig
({ ... }: moduleConfig)
];
};
in
{
nixosConfigurations = {
# LLaMA C++ Server
lin-va-llama1 = mkSystem {
systemConfig = ./hosts/llama-server.nix;
moduleConfig = {
hostName = "lin-va-llama1";
mainDiskID = "/dev/disk/by-id/ata-MTFDDAK512MBF-1AN1ZABHA_161212233628";
};
};
# RKE2 Primary Server
lin-va-rke1 = mkSystem {
systemConfig = ./hosts/rke2.nix;
moduleConfig = {
hostName = "lin-va-rke1";
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VB0af7d668-04b70404";
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
networkConfig = {
interface = "enp0s3";
address = "10.0.20.201";
defaultGateway = "10.0.20.254";
nameservers = [ "10.0.20.254" ];
};
};
};
# RKE2 Second Server
lin-va-rke2 = mkSystem {
systemConfig = ./hosts/rke2.nix;
moduleConfig = {
hostName = "lin-va-rke2";
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d";
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424";
serverAddr = "https://10.0.20.201:9345";
networkConfig = {
interface = "enp0s3";
address = "10.0.20.202";
defaultGateway = "10.0.20.254";
nameservers = [ "10.0.20.254" ];
};
};
};
# RKE2 Third Server
lin-va-rke3 = mkSystem {
systemConfig = ./hosts/rke2.nix;
moduleConfig = {
hostName = "lin-va-rke3";
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa";
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495";
serverAddr = "https://10.0.20.201:9345";
networkConfig = {
interface = "enp0s3";
address = "10.0.20.203";
defaultGateway = "10.0.20.254";
nameservers = [ "10.0.20.254" ];
};
};
};
};
};
}

40
home-manager/README.md Normal file
View File

@@ -0,0 +1,40 @@
# Nix Home Manager Configuration
## Upgrade
```bash
# Update System Channels
sudo nix-channel --add https://nixos.org/channels/nixpkgs-24.11-darwin nixpkgs
sudo nix-channel --update
# Update Home Manager
nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager
nix-channel --update
# Link Repo
ln -s /Users/evanreichard/Development/git/personal/nix/home-manager ~/.config/home-manager
# Build Home Manager
home-manager switch
```
## Clean Garbage
NOTE: This will remove previous generations
```bash
sudo nix-collect-garbage --delete-old
nix-collect-garbage --delete-old
```
## OS Update
`/etc/bashrc` may get overridden. To properly load Nix, prepend the following:
```bash
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
```

18
home-manager/bash/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
programs.bash = {
enable = true;
shellAliases = {
grep = "grep --color";
ssh = "TERM=xterm-256color ssh";
flush_dns = "sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder";
};
profileExtra = ''
SHELL="$BASH"
PATH=~/.bin:$PATH
eval "$(thefuck --alias)"
set -o vi
bind "set show-mode-in-prompt on"
fastfetch
'';
};
}

6
home-manager/direnv/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

93
home-manager/fastfetch/config/config.jsonc Normal file
View File

@@ -0,0 +1,93 @@
{
"modules": [
{
"type": "separator",
"string": "",
"length": 35,
},
{
"type": "title",
"format": "Hardware Information",
},
{
"type": "cpu",
"key": " ",
},
{
"type": "memory",
"key": " ",
},
{
"type": "display",
"key": "󰍹 ",
},
{
"type": "separator",
},
{
"type": "title",
"format": "Software Information",
},
{
"type": "os",
"key": " ",
},
{
"type": "kernel",
"key": " ",
},
{
"type": "terminal",
"key": " ",
},
{
"type": "packages",
"key": "󰏖 ",
},
{
"type": "terminalfont",
"key": " ",
},
{
"type": "separator",
},
{
"type": "title",
"format": "Network Information",
},
{
"type": "publicip",
"key": " ",
},
{
"type": "localip",
"key": " ",
},
{
"type": "separator",
},
{
"type": "custom",
"format": " {#white} {#red} {#green} {#yellow} {#blue} {#magenta} {#cyan} {#white}\n",
},
],
"display": {
"separator": "  ",
"key": {
"width": 7,
},
"color": {
"keys": "yellow",
"title": "blue",
},
},
"settings": {
"kernelFormat": "minimal",
"memoryUnit": "gib",
"temperatureUnit": "celsius",
"publicIpTimeout": 2000,
"publicIpHost": "http://ident.me",
"diskUnit": "gib",
"showDisks": ["/"],
},
}

7
home-manager/fastfetch/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{
xdg.configFile = {
"fastfetch/config.jsonc" = {
source = ./config/config.jsonc;
};
};
}

5
modules/home/programs/graphical/ghostty/config/ghostty-melange-dark.conf → home-manager/ghostty/config/ghostty.conf
View File

@@ -1,3 +1,8 @@
command = /Users/evanreichard/.nix-profile/bin/bash --login
macos-titlebar-style = tabs
auto-update = off
font-family = "MesloLGM Nerd Font Mono"
# Melange Dark - Adapted From: https://github.com/savq/melange-nvim/blob/master/term/kitty/melange_dark.conf
palette = 0=#34302C
palette = 1=#BD8183

7
home-manager/ghostty/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{
xdg.configFile = {
"ghostty/config" = {
source = ./config/ghostty.conf;
};
};
}

0
modules/home/programs/terminal/bash/config/.gitignore → home-manager/git/config/.gitignore vendored Executable file → Normal file
View File

0
modules/home/programs/terminal/git/config/personal → home-manager/git/config/personal Executable file → Normal file
View File

2
modules/home/programs/terminal/git/config/work → home-manager/git/config/work Executable file → Normal file
View File

@@ -2,4 +2,4 @@
sshCommand = "ssh -i ~/Keys/work"
[user]
email = evan@prophetsecurity.ai
email = evan@prophet.security

40
home-manager/git/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
programs.git = {
enable = true;
userName = "Evan Reichard";
aliases = {
lg = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all -n 15";
};
includes = [
{
path = "~/.config/git/work";
condition = "gitdir:~/Development/git/work/";
}
{
path = "~/.config/git/personal";
condition = "gitdir:~/Development/git/personal/";
}
];
extraConfig = {
core = {
autocrlf = "input";
safecrlf = "true";
excludesFile = "~/.config/git/.gitignore";
};
merge = {
conflictstyle = "zdiff3";
};
push = {
autoSetupRemote = true;
};
};
};
# Copy Configuration
xdg.configFile = {
git = {
source = ./config;
recursive = true;
};
};
}

113
home-manager/home.nix Normal file
View File

@@ -0,0 +1,113 @@
{ pkgs, ... }:
let
inherit (pkgs.lib) optionals;
inherit (pkgs.stdenv) isLinux isDarwin;
in
{
imports = [
./bash
./direnv
./ghostty
./git
./htop
./fastfetch
./nvim
./powerline
./readline
];
# Home Manager Config
home.username = "evanreichard";
home.homeDirectory = "/Users/evanreichard";
home.stateVersion = "24.11";
programs.home-manager.enable = true;
# Global Packages
home.packages = with pkgs; [
(nerdfonts.override { fonts = [ "Meslo" ]; })
# ghostty - Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
android-tools
awscli2
bashInteractive
cw
fastfetch
gitAndTools.gh
google-cloud-sdk
imagemagick
kubectl
kubernetes-helm
(llama-cpp.overrideAttrs {
version = "b4539";
src = pkgs.fetchFromGitHub {
owner = "ggerganov";
repo = "llama.cpp";
tag = "b4539";
hash = "sha256-zPWx8gdai8OfoBCr2X2oJYg45ipLselYZMrL+MbQ1AY=";
leaveDotGit = true;
};
})
mosh
pre-commit
python311
ssm-session-manager-plugin
texliveSmall # Pandoc PDF Dep
thefuck
tldr
]
++ optionals isDarwin [ ]
++ optionals isLinux [ ];
# GitHub CLI
programs.gh = {
enable = true;
settings = {
git_protocol = "ssh";
};
};
# Misc Programs
programs.htop.enable = true;
programs.jq.enable = true;
programs.k9s.enable = true;
programs.pandoc.enable = true;
# Enable Flakes & Commands
nix = {
package = pkgs.nix;
extraOptions = ''experimental-features = nix-command flakes'';
};
# SQLite Configuration
home.file.".sqliterc".text = ''
.headers on
.mode column
'';
# Darwin Spotlight Indexing Hack
# home.activation = mkIf isDarwin {
# copyApplications =
# let
# apps = pkgs.buildEnv {
# name = "home-manager-applications";
# paths = config.home.packages;
# pathsToLink = "/Applications";
# };
# in
# lib.hm.dag.entryAfter [ "writeBoundary" ] ''
# baseDir="$HOME/Applications/Home Manager Apps"
# if [ -d "$baseDir" ]; then
# rm -rf "$baseDir"
# fi
# mkdir -p "$baseDir"
# for appFile in ${apps}/Applications/*; do
# target="$baseDir/$(basename "$appFile")"
# $DRY_RUN_CMD cp ''${VERBOSE_ARG:+-v} -fHRL "$appFile" "$baseDir"
# $DRY_RUN_CMD chmod ''${VERBOSE_ARG:+-v} -R +w "$target"
# done
# '';
# };
# Darwin Spotlight Indexing Hack
disabledModules = [ "targets/darwin/linkapps.nix" ];
}

51
home-manager/htop/config/htoprc Normal file
View File

@@ -0,0 +1,51 @@
# Beware! This file is rewritten by htop when settings are changed in the interface.
# The parser is also very primitive, and not human-friendly.
htop_version=3.2.1
config_reader_min_version=3
fields=0 48 17 18 38 39 2 46 47 49 1
hide_kernel_threads=1
hide_userland_threads=0
shadow_other_users=0
show_thread_names=0
show_program_path=1
highlight_base_name=0
highlight_deleted_exe=1
highlight_megabytes=1
highlight_threads=1
highlight_changes=0
highlight_changes_delay_secs=5
find_comm_in_cmdline=1
strip_exe_from_cmdline=1
show_merged_command=0
header_margin=1
screen_tabs=1
detailed_cpu_time=0
cpu_count_from_one=0
show_cpu_usage=1
show_cpu_frequency=0
update_process_names=0
account_guest_in_cpu_meter=0
color_scheme=6
enable_mouse=1
delay=15
hide_function_bar=0
header_layout=two_50_50
column_meters_0=LeftCPUs Memory Swap
column_meter_modes_0=1 1 1
column_meters_1=RightCPUs Tasks LoadAverage Uptime
column_meter_modes_1=1 2 2 2
tree_view=0
sort_key=46
tree_sort_key=0
sort_direction=-1
tree_sort_direction=1
tree_view_always_by_pid=0
all_branches_collapsed=0
screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT STATE PERCENT_CPU PERCENT_MEM TIME Command
.sort_key=PERCENT_CPU
.tree_sort_key=PID
.tree_view=0
.tree_view_always_by_pid=0
.sort_direction=-1
.tree_sort_direction=1
.all_branches_collapsed=0

5
home-manager/htop/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{
xdg.configFile."htop/htoprc" = {
source = ./config/htoprc;
};
}

8
home-manager/nvim/config/lua/aerial-config.lua Normal file
View File

@@ -0,0 +1,8 @@
require('aerial').setup({
on_attach = function(bufnr)
vim.keymap.set('n', '{', '<cmd>AerialPrev<CR>', {buffer = bufnr})
vim.keymap.set('n', '}', '<cmd>AerialNext<CR>', {buffer = bufnr})
end
})
vim.keymap.set('n', '<leader>a', '<cmd>AerialToggle!<CR>')

0
modules/home/programs/terminal/nvim/config/lua/autopairs-config.lua → home-manager/nvim/config/lua/autopairs-config.lua Executable file → Normal file
View File

66
home-manager/nvim/config/lua/base.lua Normal file
View File

@@ -0,0 +1,66 @@
-- Set Theme
-- vim.g.nord_borders = true
-- vim.g.nord_contrast = true
-- vim.cmd('colorscheme nord')
vim.cmd('colorscheme melange')
-- Set Leader
vim.keymap.set("n", "<Space>", "<Nop>", {silent = true})
vim.g.mapleader = " "
-- Set Timeout
vim.opt.timeoutlen = 250
-- Disable NetRW
vim.g.loaded_netrw = 1
vim.g.loaded_netrwPlugin = 1
-- Set Term Colors
vim.opt.termguicolors = true
-- Synchronize with system clipboard
vim.opt.clipboard = "unnamed"
-- Always show the signcolumn
vim.opt.signcolumn = "yes"
-- Set nowrap, line numbers, hightlight search
vim.opt.wrap = false
vim.opt.nu = true
vim.opt.hlsearch = true
vim.opt.shiftwidth = 2
-- Set fold settings
vim.opt.foldmethod = "indent"
vim.opt.foldnestmax = 10
vim.opt.foldlevel = 2
-- Diagnostics Mappings
local diagnostics_active = true
local toggle_diagnostics = function()
diagnostics_active = not diagnostics_active
if diagnostics_active then
vim.diagnostic.enable()
else
vim.diagnostic.disable()
end
end
local diagnostics_loclist_active = false
local toggle_diagnostics_loclist = function()
diagnostics_loclist_active = not diagnostics_loclist_active
if diagnostics_loclist_active then
vim.diagnostic.setloclist()
else
vim.cmd('lclose')
end
end
local opts = {noremap = true, silent = true}
vim.keymap.set('n', '<leader>qt', toggle_diagnostics, opts)
vim.keymap.set('n', '<leader>qN',
function() vim.diagnostic.goto_prev({float = false}) end, opts)
vim.keymap.set('n', '<leader>qn',
function() vim.diagnostic.goto_next({float = false}) end, opts)
vim.keymap.set('n', '<leader>qq', toggle_diagnostics_loclist, opts)
vim.keymap.set('n', '<leader>qe', vim.diagnostic.open_float, opts)

71
home-manager/nvim/config/lua/cmp-config.lua Normal file
View File

@@ -0,0 +1,71 @@
local cmp = require('cmp')
require("luasnip.loaders.from_vscode").lazy_load()
-- Check Tab Completion
local has_words_before = function()
local line, col = unpack(vim.api.nvim_win_get_cursor(0))
return col ~= 0 and
vim.api.nvim_buf_get_lines(0, line - 1, line, true)[1]:sub(col,
col)
:match("%s") == nil
end
cmp.setup({
snippet = {
expand = function(args) require'luasnip'.lsp_expand(args.body) end
},
mapping = cmp.mapping.preset.insert({
-- Tab Completion
["<Tab>"] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif has_words_before() then
cmp.complete()
else
fallback()
end
end, {"i", "s"}),
-- Reverse Tab Completion
["<S-Tab>"] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
else
fallback()
end
end, {"i", "s"}),
-- Misc Mappings
['<C-b>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.abort(),
['<CR>'] = cmp.mapping.confirm({select = true})
}),
-- Default Sources
sources = cmp.config.sources({
{name = 'nvim_lsp'}, {name = 'luasnip'}, {name = 'path'},
{name = 'buffer'}
})
})
-- Completion - `/` and `?`
cmp.setup.cmdline({'/', '?'}, {
mapping = cmp.mapping.preset.cmdline(),
sources = {{name = 'buffer'}}
})
-- Completion = `:`
cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({{name = 'path'}, {name = 'cmdline'}})
})
-- Autopairs
local cmp_autopairs = require('nvim-autopairs.completion.cmp')
cmp.event:on('confirm_done', cmp_autopairs.on_confirm_done())

0
modules/home/programs/terminal/nvim/config/lua/comment-config.lua → home-manager/nvim/config/lua/comment-config.lua Executable file → Normal file
View File

70
home-manager/nvim/config/lua/dap-config.lua Normal file
View File

@@ -0,0 +1,70 @@
local dap = require("dap")
local dapui = require("dapui")
local dapgo = require("dap-go")
dapui.setup({
controls = {
element = "repl",
enabled = true,
icons = {
disconnect = "",
pause = "",
play = "",
run_last = "",
step_back = "",
step_into = "",
step_out = "",
step_over = "",
terminate = ""
}
},
element_mappings = {},
expand_lines = false,
floating = {border = "single", mappings = {close = {"q", "<Esc>"}}},
force_buffers = true,
icons = {collapsed = "", current_frame = "", expanded = ""},
layouts = {
{
elements = {{id = "repl", size = 0.5}, {id = "scopes", size = 0.5}},
position = "bottom",
size = 10
}, {
elements = {
{id = "breakpoints", size = 0.5}, {id = "stacks", size = 0.5}
},
position = "left",
size = 40
}
},
mappings = {
edit = "e",
expand = {"<CR>", "<2-LeftMouse>"},
open = "o",
remove = "d",
repl = "r",
toggle = "t"
},
render = {indent = 1, max_value_lines = 100}
})
dapgo.setup()
-- Auto Open UI
dap.listeners.before.attach.dapui_config = function() dapui.open() end
dap.listeners.before.launch.dapui_config = function() dapui.open() end
-- Continue Hotkey ("c")
vim.api.nvim_create_autocmd("FileType", {
pattern = "dap-repl",
callback = function()
vim.api.nvim_buf_set_keymap(0, 'n', 'c',
"<cmd>lua require'dap'.continue()<CR>",
{noremap = true, silent = true})
end
})
-- Leader Keys
local opts = {noremap = true, silent = true}
vim.keymap.set('n', '<leader>db', dap.toggle_breakpoint, opts)
vim.keymap.set('n', '<leader>du', dapui.toggle, opts)
vim.keymap.set('n', '<leader>dc', dap.continue, opts)
vim.keymap.set('n', '<leader>dt', dapgo.debug_test, opts)

6
home-manager/nvim/config/lua/diffview-config.lua Normal file
View File

@@ -0,0 +1,6 @@
vim.keymap.set('n', '<leader>go', '<cmd>DiffviewOpen<CR>')
vim.keymap.set('n', '<leader>gO', '<cmd>DiffviewOpen origin/main...HEAD<CR>')
vim.keymap.set('n', '<leader>gh', '<cmd>DiffviewFileHistory<CR>')
vim.keymap.set('n', '<leader>gH',
'<cmd>DiffviewFileHistory --range=origin..HEAD<CR>')
vim.keymap.set('n', '<leader>gc', '<cmd>DiffviewClose<CR>')

41
home-manager/nvim/config/lua/git-ref.lua Normal file
View File

@@ -0,0 +1,41 @@
function get_git_info()
local abs_path = vim.fn.expand("%:p")
local git_root = vim.fn.systemlist(
"git -C " .. vim.fn.escape(vim.fn.fnamemodify(abs_path, ":h"), " ") .. " rev-parse --show-toplevel"
)[1]
if vim.v.shell_error ~= 0 then
return
end
local git_repo = vim.fn.system("git remote get-url origin"):match("([^/:]+/[^/.]+)%.?[^/]*$"):gsub("\n", "")
local git_branch = vim.fn.system("git rev-parse --abbrev-ref HEAD"):gsub("\n", "")
return {
file = vim.fn.fnamemodify(abs_path, ":s?" .. git_root .. "/??"),
branch = git_branch,
repo = git_repo,
}
end
vim.keymap.set("v", "<Leader>gy", function()
local git_info = get_git_info()
if git_info == nil then
vim.notify("Failed to get git info", vim.log.levels.ERROR)
return
end
local start_line = vim.fn.line("v")
local end_line = vim.fn.line(".")
local message = string.format(
"https://github.com/%s/blob/%s/%s#L%d-L%d",
git_info.repo,
git_info.branch,
git_info.file,
start_line,
end_line
)
vim.fn.setreg("+", message)
vim.notify("Copied:\n\t" .. message, vim.log.levels.INFO)
end, { noremap = true, silent = true, desc = "Copy GitHub Link" })

16
home-manager/nvim/config/lua/git-signs.lua Normal file
View File

@@ -0,0 +1,16 @@
require('gitsigns').setup {
on_attach = function(bufnr)
local gitsigns = require('gitsigns')
local function map(mode, l, r, opts)
opts = opts or {}
opts.buffer = bufnr
vim.keymap.set(mode, l, r, opts)
end
map('n', '<leader>gb', gitsigns.toggle_current_line_blame)
map('n', '<leader>gB', function()
gitsigns.blame_line {full = true}
end)
end
}

15
modules/home/programs/terminal/nvim/config/lua/init.lua → home-manager/nvim/config/lua/init.lua Executable file → Normal file
View File

@@ -1,19 +1,22 @@
require("base")
require("aerial-config")
require("autopairs-config")
require("cmp-config")
require("comment-config")
require("dap-config")
require("diagnostics-config")
require("git-config")
require("diffview-config")
require("git-ref")
require("git-signs")
require("llm")
require("leap-config")
require("llm-config")
require("lsp-config")
require("lsp-lines-config")
require("lualine-config")
require("neotree-config")
require("noice-config")
require("numb-config")
require("octo-config")
require("snacks-config")
require("silicon-config")
require("telescope-config")
require("toggleterm-config")
require("ts-config")
require("weird-chars")
require("which-key-config")

0
modules/home/programs/terminal/nvim/config/lua/leap-config.lua → home-manager/nvim/config/lua/leap-config.lua Executable file → Normal file
View File

20
home-manager/nvim/config/lua/llm.lua Normal file
View File

@@ -0,0 +1,20 @@
-- Configure LLama LLM
vim.g.llama_config = {
endpoint = "http://10.0.20.158:8080/infill",
api_key = "",
n_prefix = 256,
n_suffix = 64,
n_predict = 256,
t_max_prompt_ms = 500,
t_max_predict_ms = 500,
show_info = 2,
auto_fim = true,
max_line_suffix = 8,
max_cache_keys = 256,
ring_n_chunks = 8,
ring_chunk_size = 32,
ring_scope = 512,
ring_update_ms = 1000,
}
-- require("gen").setup({ model = "codegemma" })

237
home-manager/nvim/config/lua/lsp-config.lua Normal file
View File

@@ -0,0 +1,237 @@
------------------------------------------------------
------------------- Custom Settings ------------------
------------------------------------------------------
vim.api.nvim_create_autocmd("FileType", {
pattern = "go",
callback = function()
vim.bo.textwidth = 120
end,
})
vim.filetype.add({
extension = {
templ = "templ",
},
})
------------------------------------------------------
-------------------- Built-in LSP --------------------
------------------------------------------------------
local nix_vars = require("nix-vars")
local nvim_lsp = require("lspconfig")
local on_attach = function(client, bufnr)
local bufopts = { noremap = true, silent = true, buffer = bufnr }
if client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ async = false, timeout_ms = 2000 })
end,
})
end
vim.keymap.set("n", "K", vim.lsp.buf.hover, bufopts)
vim.keymap.set("n", "<C-k>", vim.lsp.buf.signature_help, bufopts)
vim.keymap.set("n", "<leader>lD", vim.lsp.buf.declaration, bufopts)
vim.keymap.set("n", "<leader>ld", vim.lsp.buf.definition, bufopts)
vim.keymap.set("n", "<leader>li", vim.lsp.buf.implementation, bufopts)
vim.keymap.set("n", "<leader>ln", vim.lsp.buf.rename, bufopts)
vim.keymap.set("n", "<leader>lr", vim.lsp.buf.references, bufopts)
vim.keymap.set("n", "<leader>lt", vim.lsp.buf.type_definition, bufopts)
vim.keymap.set("n", "<leader>lf", function()
vim.lsp.buf.format({ async = true, timeout_ms = 2000 })
end, bufopts)
end
local on_attach_no_formatting = function(client, bufnr)
-- Disable Formatting
client.server_capabilities.documentFormattingProvider = false
client.server_capabilities.documentRangeFormattingProvider = false
on_attach(client, bufnr)
end
local organize_go_imports = function()
local encoding = vim.lsp.util._get_offset_encoding()
local params = vim.lsp.util.make_range_params(nil, encoding)
params.context = { only = { "source.organizeImports" } }
local result = vim.lsp.buf_request_sync(0, "textDocument/codeAction", params, 3000)
for _, res in pairs(result or {}) do
for _, r in pairs(res.result or {}) do
if r.edit then
vim.lsp.util.apply_workspace_edit(r.edit, encoding)
else
vim.lsp.buf.execute_command(r.command)
end
end
end
end
-- Define LSP Flags & Capabilities
local lsp_flags = { debounce_text_changes = 150 }
local capabilities = require("cmp_nvim_lsp").default_capabilities()
-- Python LSP Configuration
nvim_lsp.pyright.setup({
on_attach = on_attach,
flags = lsp_flags,
capabilities = capabilities,
})
-- HTML LSP Configuration
nvim_lsp.html.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.vscls .. "/bin/vscode-html-language-server", "--stdio" },
})
-- JSON LSP Configuration
nvim_lsp.jsonls.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.vscls .. "/bin/vscode-html-language-server", "--stdio" },
})
-- CSS LSP Configuration
nvim_lsp.cssls.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.vscls .. "/bin/vscode-html-language-server", "--stdio" },
})
-- Typescript / Javascript LSP Configuration
nvim_lsp.ts_ls.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.tsls, "--stdio" },
})
-- Svelte LSP Configuration
nvim_lsp.svelte.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.sveltels, "--stdio" },
})
-- Lua LSP Configuration
nvim_lsp.lua_ls.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.luals },
})
-- Templ LSP Configuration
nvim_lsp.templ.setup({
on_attach = on_attach,
flags = lsp_flags,
capabilities = capabilities,
})
-- Nix LSP Configuration
nvim_lsp.nil_ls.setup({
on_attach = on_attach,
flags = lsp_flags,
capabilities = capabilities,
})
-- Go LSP Configuration
nvim_lsp.gopls.setup({
on_attach = function(client, bufnr)
on_attach(client, bufnr)
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = organize_go_imports,
})
end,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.gopls },
settings = {
gopls = {
buildFlags = { "-tags=e2e" },
},
},
})
-- Go LSP Linting
nvim_lsp.golangci_lint_ls.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.golintls },
init_options = {
command = {
"golangci-lint",
"run",
"--out-format",
"json",
"--issues-exit-code=1",
},
},
})
------------------------------------------------------
--------------------- Null-LS LSP --------------------
------------------------------------------------------
local null_ls = require("null-ls")
local eslintFiles = {
".eslintrc",
".eslintrc.js",
".eslintrc.cjs",
".eslintrc.yaml",
".eslintrc.yml",
".eslintrc.json",
"eslint.config.js",
"eslint.config.mjs",
"eslint.config.cjs",
"eslint.config.ts",
"eslint.config.mts",
"eslint.config.cts",
}
has_eslint_in_parents = function(fname)
root_file = nvim_lsp.util.insert_package_json(eslintFiles, "eslintConfig", fname)
return nvim_lsp.util.root_pattern(unpack(root_file))(fname)
end
null_ls.setup({
sources = {
-- Prettier Formatting
null_ls.builtins.formatting.prettier,
null_ls.builtins.formatting.prettier.with({ filetypes = { "template" } }),
require("none-ls.diagnostics.eslint_d").with({
condition = function(utils)
return has_eslint_in_parents(vim.fn.getcwd())
end,
}),
null_ls.builtins.completion.spell,
null_ls.builtins.formatting.nixpkgs_fmt,
null_ls.builtins.formatting.stylua,
null_ls.builtins.diagnostics.sqlfluff,
null_ls.builtins.formatting.sqlfluff,
},
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ async = false, timeout_ms = 2000 })
end,
})
end
end,
})

2
home-manager/nvim/config/lua/lsp-lines-config.lua Normal file
View File

@@ -0,0 +1,2 @@
require("lsp_lines").setup()
vim.diagnostic.config({virtual_text = false})

49
home-manager/nvim/config/lua/lualine-config.lua Normal file
View File

@@ -0,0 +1,49 @@
-- Cached variable
local cached_pr_status = ""
-- Read process output
local function read_output(err, data)
if err then return end
if not data then return end
cached_pr_status = data
end
-- Spawn process
local function execute_command()
local stdout = vim.loop.new_pipe(false)
local spawn_opts = {
detached = true,
stdio = {nil, stdout, nil},
args = {"-c", "gh pr checks | awk -F'\t' '{ print $2 }'"}
}
vim.loop.spawn("bash", spawn_opts,
function() stdout:read_start(read_output) end)
end
-- Spawn & schedule process
execute_command()
vim.fn.timer_start(300000, execute_command)
-- Return status from cache
function pr_status()
--   
--    
--
-- PENDING COLOR - #d29922
-- PASS COLOR - #3fb950
-- FAIL COLOR - #f85149
return cached_pr_status:gsub("\n", ""):gsub("fail", ""):gsub("pass",
"")
:gsub("pending", ""):gsub("skipping", ""):sub(1, -2)
end
require('lualine').setup({
options = {
theme = "gruvbox_dark"
-- theme = "nord"
-- theme = "OceanicNext",
},
sections = {lualine_c = {{pr_status}}}
})

2
home-manager/nvim/config/lua/neotree-config.lua Normal file
View File

@@ -0,0 +1,2 @@
require("neo-tree").setup({ window = { mappings = { ["<space>"] = "none" } } })
vim.keymap.set("n", "<leader>t", ":Neotree toggle<CR>", { silent = true })

26
home-manager/nvim/config/lua/noice-config.lua Normal file
View File

@@ -0,0 +1,26 @@
-- Noice Doc Scrolling
vim.keymap.set("n", "<c-f>", function()
if not require("noice.lsp").scroll(4) then return "<c-f>" end
end, {silent = true, expr = true})
vim.keymap.set("n", "<c-b>", function()
if not require("noice.lsp").scroll(-4) then return "<c-b>" end
end, {silent = true, expr = true})
-- Noice Setup
require("noice").setup({
lsp = {
override = {
["vim.lsp.util.convert_input_to_markdown_lines"] = true,
["vim.lsp.util.stylize_markdown"] = true,
["cmp.entry.get_documentation"] = false
},
signature = {enabled = false}
},
presets = {
command_palette = true, -- position the cmdline and popupmenu together
long_message_to_split = true, -- long messages will be sent to a split
inc_rename = false, -- enables an input dialog for inc-rename.nvim
lsp_doc_border = false -- add a border to hover docs and signature help
}
})

0
modules/home/programs/terminal/nvim/config/lua/numb-config.lua → home-manager/nvim/config/lua/numb-config.lua Executable file → Normal file
View File

10
home-manager/nvim/config/lua/silicon-config.lua Normal file
View File

@@ -0,0 +1,10 @@
local silicon = require('silicon')
silicon.setup({})
vim.keymap.set('v', '<Leader>ss', function() silicon.visualise_api({}) end)
vim.keymap.set('v', '<Leader>sb',
function() silicon.visualise_api({show_buf = true}) end)
vim.keymap.set('n', '<Leader>sv',
function() silicon.visualise_api({visible = true}) end)
vim.keymap.set('n', '<Leader>sb',
function() silicon.visualise_api({show_buf = true}) end)

20
home-manager/nvim/config/lua/telescope-config.lua Normal file
View File

@@ -0,0 +1,20 @@
require('telescope').setup {
extensions = {
fzf = {
fuzzy = true,
override_generic_sorter = true,
override_file_sorter = true,
case_mode = "smart_case"
}
}
}
require('telescope').load_extension('fzf')
require("telescope").load_extension("ui-select")
local builtin = require('telescope.builtin')
vim.keymap.set('n', '<leader>ff', builtin.find_files, {})
vim.keymap.set('n', '<leader>fg', builtin.live_grep, {})
vim.keymap.set('n', '<leader>fb', builtin.buffers, {})
vim.keymap.set('n', '<leader>fh', builtin.help_tags, {})
vim.keymap.set('n', '<leader>fj', builtin.jumplist, {})

20
home-manager/nvim/config/lua/toggleterm-config.lua Normal file
View File

@@ -0,0 +1,20 @@
require("toggleterm").setup({open_mapping = [[<c-\>]]})
-- Get PR status on terminal load
-- require("toggleterm").setup({
-- open_mapping = [[<c-\>]],
-- on_create = function(term)
-- vim.cmd("startinsert")
-- term:send("gh pr checks")
-- end
-- })
-- Duplicate C-w & Esc Behavior
function _G.set_terminal_keymaps()
local opts = {buffer = 0}
vim.opt.signcolumn = "no"
vim.keymap.set('t', '<esc>', [[<C-\><C-n>]], opts)
vim.keymap.set('t', '<C-w>', [[<C-\><C-n><C-w>]], opts)
end
vim.cmd('autocmd! TermOpen term://* lua set_terminal_keymaps()')

3
home-manager/nvim/config/lua/ts-config.lua Normal file
View File

@@ -0,0 +1,3 @@
require'nvim-treesitter.configs'.setup {
highlight = {enable = true, additional_vim_regex_highlighting = false}
}

47
home-manager/nvim/config/lua/which-key-config.lua Normal file
View File

@@ -0,0 +1,47 @@
local wk = require("which-key")
wk.setup({})
wk.add({
{ "<C-k>", desc = "Signature Help" },
{ "<leader>a", desc = "Aerial" },
{ "<leader>d", group = "Debug" },
{ "<leader>db", desc = "Toggle Breakpoint" },
{ "<leader>dc", desc = "Continue" },
{ "<leader>dt", desc = "Run Test" },
{ "<leader>du", desc = "Toggle UI" },
{ "<leader>f", group = "Find - Telescope" },
{ "<leader>fb", "<cmd>Telescope buffers<cr>", desc = "Find Buffer" },
{ "<leader>ff", "<cmd>Telescope find_files<cr>", desc = "Find File" },
{ "<leader>fg", "<cmd>Telescope live_grep<cr>", desc = "Live Grep" },
{ "<leader>fh", "<cmd>Telescope help_tags<cr>", desc = "Help Tags" },
{ "<leader>fj", "<cmd>Telescope jumplist<cr>", desc = "Jump List" },
{ "<leader>g", group = "DiffView" },
{ "<leader>gB", desc = "Git Blame Full" },
{ "<leader>gH", "<cmd>DiffviewFileHistory --range=origin..HEAD<cr>", desc = "Diff History - Main" },
{ "<leader>gO", "<cmd>DiffviewOpen origin/main...HEAD<cr>", desc = "Open Diff - Main" },
{ "<leader>gb", desc = "Git Blame Line" },
{ "<leader>gc", "<cmd>DiffviewClose<cr>", desc = "Close Diff" },
{ "<leader>gh", "<cmd>DiffviewFileHistory<cr>", desc = "Diff History" },
{ "<leader>go", "<cmd>DiffviewOpen<cr>", desc = "Open Diff - Current" },
{ "<leader>l", group = "LSP" },
{ "<leader>lD", desc = "Declaration" },
{ "<leader>ld", desc = "Definition" },
{ "<leader>lf", desc = "Format" },
{ "<leader>li", desc = "Implementation" },
{ "<leader>ln", desc = "Rename" },
{ "<leader>lr", desc = "References" },
{ "<leader>lt", desc = "Type Definition" },
{ "<leader>q", group = "Diagnostics" },
{ "<leader>qN", desc = "Previous Diagnostic" },
{ "<leader>qe", desc = "Open Diagnostic Float" },
{ "<leader>qn", desc = "Next Diagnostic" },
{ "<leader>qq", desc = "Toggle Diagnostic List" },
{ "<leader>qt", desc = "Toggle Inline Diagnostics" },
{ "<leader>sv", desc = "Visual Screenshot" },
{ "<leader>t", desc = "NeoTree" },
{ "K", desc = "Definition Hover" },
{ "<leader>ss", desc = "Selected Screenshot", mode = "v" },
{ "<leader>s", group = "Screenshot", mode = { "n", "v" } },
{ "<leader>sb", desc = "Buffer Screenshot", mode = { "n", "v" } },
})

197
home-manager/nvim/default.nix Normal file
View File

@@ -0,0 +1,197 @@
{ pkgs, ... }:
let
unstable = import <nixpkgs-unstable> { };
in
{
programs.neovim = {
enable = true;
viAlias = true;
vimAlias = true;
withNodeJs = true;
withPython3 = true;
plugins = with pkgs.vimPlugins; [
# ------------------
# --- Completion ---
# ------------------
cmp-buffer # Buffer Word Completion
cmp-cmdline # Command Line Completion
cmp-nvim-lsp # Main LSP
cmp-path # Path Completion
cmp_luasnip # Snippets Completion
friendly-snippets # Snippets
lsp_lines-nvim # Inline Diagnostics
luasnip # Snippets
nvim-cmp # Completions
nvim-lspconfig # LSP Config
# -------------------
# ----- Helpers -----
# -------------------
aerial-nvim # Code Outline
comment-nvim # Code Comments
diffview-nvim # Diff View
gitsigns-nvim # Git Blame
leap-nvim # Quick Movement
markdown-preview-nvim # Markdown Preview
neo-tree-nvim # File Explorer
none-ls-nvim # Formatters
numb-nvim # Peek / Jump to Lines
nvim-autopairs # Automatically Close Pairs (),[],{}
telescope-fzf-native-nvim # Faster Telescope
telescope-nvim # Fuzzy Finder
telescope-ui-select-nvim # UI
toggleterm-nvim # Terminal Helper
vim-nix # Nix Helpers
which-key-nvim # Shortcut Helper
# ------------------
# --- Theme / UI ---
# ------------------
lualine-nvim # Bottom Line
noice-nvim # UI Tweaks
# nord-nvim # Theme
melange-nvim # Theme
nvim-notify # Noice Dependency
nvim-web-devicons # Dev Icons
# ------------------
# --- Treesitter ---
# ------------------
nvim-treesitter-context
nvim-treesitter.withAllGrammars
# -------------------
# ------- DAP -------
# -------------------
nvim-dap
nvim-dap-go
nvim-dap-ui
# --------------------
# -- NONE-LS EXTRAS --
# --------------------
(
pkgs.vimUtils.buildVimPlugin {
pname = "none-ls-extras.nvim";
version = "2024-06-11";
src = pkgs.fetchFromGitHub {
owner = "nvimtools";
repo = "none-ls-extras.nvim";
rev = "336e84b9e43c0effb735b08798ffac382920053b";
sha256 = "sha256-UtU4oWSRTKdEoMz3w8Pk95sROuo3LEwxSDAm169wxwk=";
};
meta.homepage = "https://github.com/nvimtools/none-ls-extras.nvim/";
}
)
# -------------------
# ----- Silicon -----
# -------------------
(
pkgs.vimUtils.buildVimPlugin {
pname = "silicon.lua";
version = "2022-12-03";
src = pkgs.fetchFromGitHub {
owner = "mhanberg";
repo = "silicon.lua";
rev = "5ca462bee0a39b058786bc7fbeb5d16ea49f3a23";
sha256 = "0vlp645d5mmii513v72jca931miyrhkvhwb9bfzhix1199zx7vi2";
};
meta.homepage = "https://github.com/mhanberg/silicon.lua/";
}
)
# -------------------
# ------- LLM -------
# -------------------
(
pkgs.vimUtils.buildVimPlugin {
pname = "llm.nvim";
version = "2024-05-25";
src = pkgs.fetchFromGitHub {
owner = "David-Kunz";
repo = "gen.nvim";
rev = "bd19cf584b5b82123de977b44105e855e61e5f39";
sha256 = "sha256-0AEB6im8Jz5foYzmL6KEGSAYo48g1bkFpjlCSWT6JeE=";
};
meta.homepage = "https://github.com/David-Kunz/gen.nvim/";
}
)
# -------------------
# ---- LLAMA.VIM ----
# -------------------
(
pkgs.vimUtils.buildVimPlugin {
pname = "llama.vim";
version = "2025-01-23";
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.vim";
rev = "143fe910b8d47a054ed464c38d8b7c17d5354468";
sha256 = "sha256-PW0HKzhSxcZiWzpDOuy98rl/X0o2nE7tMjZjwwh0qLE=";
};
meta.homepage = "https://github.com/ggml-org/llama.vim/";
}
)
];
extraPackages = with pkgs; [
# Telescope Dependencies
fd
ripgrep
tree-sitter
# LSP Dependencies
go
golangci-lint
golangci-lint-langserver
gopls
lua-language-server
nil
nodePackages.eslint
nodePackages.svelte-language-server
nodePackages.typescript
nodePackages.typescript-language-server
nodePackages.vscode-langservers-extracted
pyright
unstable.eslint_d
# Formatters
luaformatter
nixpkgs-fmt
nodePackages.prettier
sqlfluff
stylua
# Silicon
silicon
];
extraConfig = ":luafile ~/.config/nvim/lua/init.lua";
};
xdg.configFile = {
# Copy Configuration
nvim = {
source = ./config;
recursive = true;
};
# Generate Nix Vars
"nvim/lua/nix-vars.lua".text = ''
local nix_vars = {
gopls = "${pkgs.gopls}/bin/gopls",
luals = "${pkgs.lua-language-server}/bin/lua-language-server",
sveltels = "${pkgs.nodePackages.svelte-language-server}/bin/svelteserver",
tsls = "${pkgs.nodePackages.typescript-language-server}/bin/typescript-language-server",
golintls = "${pkgs.golangci-lint-langserver}/bin/golangci-lint-langserver",
vscls = "${pkgs.nodePackages.vscode-langservers-extracted}",
}
return nix_vars
'';
};
}

16
home-manager/powerline/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
programs.powerline-go = {
enable = true;
settings = {
git-mode = "compact";
theme = "gruvbox";
};
modules = [
"host"
"cwd"
"git"
"docker"
"venv"
];
};
}

10
home-manager/readline/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{
programs.readline = {
enable = true;
extraConfig = ''
# Approximate VIM Dracula Colors
set vi-ins-mode-string \1\e[01;38;5;23;48;5;231m\2 I \1\e[38;5;231;48;5;238m\2\1\e[0m\2
set vi-cmd-mode-string \1\e[01;38;5;22;48;5;148m\2 C \1\e[38;5;148;48;5;238m\2\1\e[0m\2
'';
};
}

38
homes/aarch64-darwin/evanreichard@mac-va-mbp-personal/default.nix
View File

@@ -1,38 +0,0 @@
{ lib
, config
, namespace
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
programs = {
graphical = {
ghostty = enabled;
ghidra = enabled;
};
terminal = {
btop = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
opencode = enabled;
};
};
security = {
sops = enabled;
};
};
}

60
homes/aarch64-darwin/evanreichard@mac-va-mbp-work/default.nix
View File

@@ -1,60 +0,0 @@
{ pkgs
, lib
, config
, namespace
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
programs = {
graphical = {
ghostty = enabled;
};
terminal = {
bash = {
enable = true;
customProfile = builtins.readFile ./vm-init.sh;
customFastFetchLogo = ./prophet.txt;
};
aws = enabled;
btop = enabled;
claude-code = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
pi = enabled;
zk = enabled;
};
};
services = {
sketchybar = enabled;
open-proxy.server = enabled;
};
security = {
sops = enabled;
};
};
# Global Packages
programs.jq = enabled;
programs.pandoc = enabled;
home.packages = with pkgs; [
keycastr
reichard.slack-cli
_1password-cli
];
}

19
homes/aarch64-darwin/evanreichard@mac-va-mbp-work/prophet.txt
View File

@@ -1,19 +0,0 @@
                :+++++++=.        
                 =++++++++:       
                  -++++++++:      
                   -++++++++-     
                    :++++++++-    
          .-=======. :++++++++=   
         :********+   .++++++++=  
        -********=     .=+++++++=.
       -********-        =++++++++
      =********-          =++++++:
     =********:            -++++. 
    +********.              -+=.  
  .+*******+.                     
 .+*******+. :%#%%%%%%%%%%#%-     
:********=    +%%%%%%%%%%%%*      
********=      =%%%%%%%%%%+       
.+*****-        -%%%%%%%%=        
  +***-           ......          
   =*:                            

49
homes/aarch64-darwin/evanreichard@mac-va-mbp-work/vm-init.sh
View File

@@ -1,49 +0,0 @@
echo "
██████╗██████╗ ██████╗ ██╗ ██╗██████╗ ███████╗████████╗██████╗ ██╗██╗ ██╗███████╗
██╔════╝██╔══██╗██╔═══██╗██║ ██║██╔══██╗██╔════╝╚══██╔══╝██╔══██╗██║██║ ██╔╝██╔════╝
██║ ██████╔╝██║ ██║██║ █╗ ██║██║ ██║███████╗ ██║ ██████╔╝██║█████╔╝ █████╗
██║ ██╔══██╗██║ ██║██║███╗██║██║ ██║╚════██║ ██║ ██╔══██╗██║██╔═██╗ ██╔══╝
╚██████╗██║ ██║╚██████╔╝╚███╔███╔╝██████╔╝███████║ ██║ ██║ ██║██║██║ ██╗███████╗
╚═════╝╚═╝ ╚═╝ ╚═════╝ ╚══╝╚══╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═╝╚══════╝
EVASION SYSTEM - Because IT can't handle Nix 
"
# Start VM
utmctl=/Applications/UTM.app/Contents/MacOS/utmctl
vm="lin-va-mbp-work-vm"
if ! "$utmctl" status "$vm" | grep -q "started"; then
echo " [*] CrowdStrike Evasion VM Starting..."
"$utmctl" start "$vm"
fi
# Wait for VM & Start Tunnel
if ! pgrep -f "ssh -N -D 1080 adios-cs" > /dev/null; then
echo " [*] VM Starting..."
until nc -z -w 2 192.168.64.3 22 &> /dev/null; do
sleep 2
done
echo " [✓] VM Started"
echo " [*] VM SOCKS Proxy Starting..."
ssh -N -D 1080 adios-cs &> /dev/null &
disown
echo " [✓] VM SOCKS Proxy Started"
else
echo " [✓] VM SOCKS Proxy Already Running"
fi
# Reverse tunnel so the VM's `open`/`xdg-open` reach open-proxy serve on this host.
if ! pgrep -f "ssh -N -R 7777:127.0.0.1:7777 adios-cs" > /dev/null; then
echo " [*] VM Open Proxy Starting..."
ssh -N -R 7777:127.0.0.1:7777 adios-cs &> /dev/null &
disown
echo " [✓] VM Open Proxy Started"
else
echo " [✓] VM Open Proxy Already Running"
fi
echo -e " [*] Connecting..."
# Connect to VM
mosh --ssh="ssh -q" adios-cs -- tmux new-session -A -s main

87
homes/aarch64-linux/evanreichard@lin-va-mbp-personal/default.nix
View File

@@ -1,87 +0,0 @@
{ pkgs
, lib
, config
, namespace
, osConfig
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
services = {
ssh-agent = enabled;
fusuma = enabled;
awww = enabled;
};
security = {
sops = enabled;
};
programs = {
graphical = {
wms.hyprland = {
enable = true;
mainMod = "ALT";
monitors = [ ",highres,auto,2" ]; # Alternatively - 1.68
};
ghostty = enabled;
ghidra = enabled;
gimp = enabled;
browsers.firefox = {
enable = true;
gpuAcceleration = true;
hardwareDecoding = true;
};
};
terminal = {
btop = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
opencode = enabled;
pi = enabled;
};
};
};
home.packages = with pkgs; [
orca-slicer
reichard.tuxguitar
];
dconf = {
settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
cursor-theme = "catppuccin-macchiato-mauve-cursors";
cursor-size = 24;
};
};
};
home.pointerCursor = {
gtk.enable = true;
name = "catppuccin-macchiato-mauve-cursors";
package = pkgs.catppuccin-cursors.macchiatoMauve;
size = 24;
};
# Kubernetes Secrets
sops.secrets = lib.mkIf osConfig.${namespace}.security.sops.enable {
rke2_kubeconfig = {
path = "${config.home.homeDirectory}/.kube/lin-va-kube";
};
};
}

46
homes/aarch64-linux/evanreichard@lin-va-mbp-work-vm/default.nix
View File

@@ -1,46 +0,0 @@
{ lib
, config
, namespace
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
services = {
ssh-agent = enabled;
open-proxy.client = enabled;
};
security = {
pass-keyring = enabled;
sops = enabled;
};
programs = {
terminal = {
bash = {
enable = true;
customFastFetchLogo = ./prophet.txt;
};
conduit = enabled;
btop = enabled;
claude-code = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
pi = enabled;
tmux = enabled;
};
};
};
}

19
homes/aarch64-linux/evanreichard@lin-va-mbp-work-vm/prophet.txt
View File

@@ -1,19 +0,0 @@
                :+++++++=.        
                 =++++++++:       
                  -++++++++:      
                   -++++++++-     
                    :++++++++-    
          .-=======. :++++++++=   
         :********+   .++++++++=  
        -********=     .=+++++++=.
       -********-        =++++++++
      =********-          =++++++:
     =********:            -++++. 
    +********.              -+=.  
  .+*******+.                     
 .+*******+. :%#%%%%%%%%%%#%-     
:********=    +%%%%%%%%%%%%*      
********=      =%%%%%%%%%%+       
.+*****-        -%%%%%%%%=        
  +***-           ......          
   =*:                            

29
homes/aarch64-raw-efi/evanreichard@lin-terminal-image/default.nix
View File

@@ -1,29 +0,0 @@
{ lib
, config
, namespace
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
programs = {
terminal = {
btop = enabled;
direnv = enabled;
nvim = enabled;
tmux = enabled;
};
};
};
programs.jq = enabled;
}

32
homes/x86_64-linux/evanreichard@lin-va-desktop/default.nix
View File

@@ -1,32 +0,0 @@
{ lib
, config
, namespace
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
services = {
ssh-agent = enabled;
};
programs = {
terminal = {
bash = enabled;
btop = enabled;
direnv = enabled;
tmux = enabled;
git = enabled;
};
};
};
}

49
homes/x86_64-linux/evanreichard@lin-va-terminal/default.nix
View File

@@ -1,49 +0,0 @@
{ lib
, config
, namespace
, osConfig
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
services = {
ssh-agent = enabled;
};
security = {
sops = enabled;
};
programs = {
terminal = {
bash = enabled;
btop = enabled;
conduit = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
opencode = enabled;
pi = enabled;
tmux = enabled;
};
};
};
# Kubernetes Secrets
sops.secrets = lib.mkIf osConfig.${namespace}.security.sops.enable {
rke2_kubeconfig = {
path = "${config.home.homeDirectory}/.kube/lin-va-kube";
};
};
}

90
homes/x86_64-linux/evanreichard@lin-va-thinkpad/default.nix
View File

@@ -1,90 +0,0 @@
{ pkgs
, lib
, config
, namespace
, osConfig
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "26.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
services = {
ssh-agent = enabled;
fusuma = enabled;
awww = enabled;
poweralertd = enabled;
};
security = {
sops = enabled;
};
programs = {
graphical = {
wms.hyprland = {
enable = true;
menuMod = "ALT";
};
ghostty = enabled;
strawberry = enabled;
gimp = enabled;
wireshark = enabled;
ghidra = enabled;
remmina = enabled;
browsers.firefox = {
enable = true;
gpuAcceleration = true;
hardwareDecoding = true;
};
};
terminal = {
btop = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
pi = enabled;
scripts.plan-disk-burns = enabled;
};
};
};
dconf = {
settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
cursor-theme = "catppuccin-macchiato-mauve-cursors";
cursor-size = 24;
};
};
};
home.packages = with pkgs; [
orca-slicer
blender
];
home.pointerCursor = {
gtk.enable = true;
name = "catppuccin-macchiato-mauve-cursors";
package = pkgs.catppuccin-cursors.macchiatoMauve;
size = 24;
};
# Kubernetes Secrets
sops.secrets = lib.mkIf osConfig.${namespace}.security.sops.enable {
rke2_kubeconfig = {
path = "${config.home.homeDirectory}/.kube/lin-va-kube";
};
};
}

75
homes/x86_64-linux/evanreichard@lin-va-utility/default.nix
View File

@@ -1,75 +0,0 @@
{ pkgs
, lib
, config
, namespace
, osConfig
, ...
}:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "25.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
services = {
ssh-agent = enabled;
fusuma = enabled;
awww = enabled;
};
security = {
sops = enabled;
};
programs = {
graphical = {
wms.hyprland = enabled;
ghostty = enabled;
ghidra = enabled;
browsers.firefox = {
enable = true;
gpuAcceleration = true;
hardwareDecoding = true;
};
};
terminal = {
btop = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
};
};
};
dconf = {
settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
cursor-theme = "catppuccin-macchiato-mauve-cursors";
cursor-size = 24;
};
};
};
home.pointerCursor = {
gtk.enable = true;
name = "catppuccin-macchiato-mauve-cursors";
package = pkgs.catppuccin-cursors.macchiatoMauve;
size = 24;
};
# Kubernetes Secrets
sops.secrets = lib.mkIf osConfig.${namespace}.security.sops.enable {
rke2_kubeconfig = {
path = "${config.home.homeDirectory}/.kube/lin-va-kube";
};
};
}

149
hosts/llama-server.nix Normal file
View File

@@ -0,0 +1,149 @@
{ config, pkgs, ... }:
let
cuda-llama = (pkgs.llama-cpp.override {
cudaSupport = true;
}).overrideAttrs (oldAttrs: {
cmakeFlags = oldAttrs.cmakeFlags ++ [
"-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=1"
# Disable CPU Instructions - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
"-DLLAMA_FMA=OFF"
"-DLLAMA_AVX2=OFF"
"-DLLAMA_AVX512=OFF"
"-DGGML_FMA=OFF"
"-DGGML_AVX2=OFF"
"-DGGML_AVX512=OFF"
];
});
# Define Model Vars
modelDir = "/models";
# 7B
# modelName = "qwen2.5-coder-7b-q8_0.gguf";
# modelUrl = "https://huggingface.co/ggml-org/Qwen2.5-Coder-7B-Q8_0-GGUF/resolve/main/${modelName}?download=true";
# 3B
modelName = "qwen2.5-coder-3b-q8_0.gguf";
modelUrl = "https://huggingface.co/ggml-org/Qwen2.5-Coder-3B-Q8_0-GGUF/resolve/main/${modelName}?download=true";
modelPath = "${modelDir}/${modelName}";
in
{
# Allow Nvidia & CUDA
nixpkgs.config.allowUnfree = true;
# Enable Graphics
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = [ pkgs.cudatoolkit ];
};
# Load Nvidia Driver Module
services.xserver.videoDrivers = [ "nvidia" ];
# Nvidia Package Configuration
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
open = false;
nvidiaSettings = true;
};
# Network Configuration
networking.networkmanager.enable = true;
# Download Model
systemd.services.download-model = {
description = "Download Model";
wantedBy = [ "multi-user.target" ];
before = [ "llama-cpp.service" ];
path = [ pkgs.curl pkgs.coreutils ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "root";
Group = "root";
};
script = ''
set -euo pipefail
if [ ! -f "${modelPath}" ]; then
mkdir -p "${modelDir}"
# Add -f flag to follow redirects and -L for location
# Add --fail flag to exit with error on HTTP errors
# Add -C - to resume interrupted downloads
curl -f -L -C - \
-H "Accept: application/octet-stream" \
--retry 3 \
--retry-delay 5 \
--max-time 1800 \
"${modelUrl}" \
-o "${modelPath}.tmp" && \
mv "${modelPath}.tmp" "${modelPath}"
fi
'';
};
# Setup LLama API Service
systemd.services.llama-cpp = {
after = [ "download-model.service" ];
requires = [ "download-model.service" ];
};
# Enable LLama API
services.llama-cpp = {
enable = true;
host = "0.0.0.0";
package = cuda-llama;
model = modelPath;
port = 8080;
openFirewall = true;
# 7B
# extraFlags = [
# "-ngl"
# "99"
# "-fa"
# "-ub"
# "512"
# "-b"
# "512"
# "-dt"
# "0.1"
# "--ctx-size"
# "4096"
# "--cache-reuse"
# "256"
# ];
# 3B
extraFlags = [
"-ngl"
"99"
"-fa"
"-ub"
"1024"
"-b"
"1024"
"--ctx-size"
"0"
"--cache-reuse"
"256"
];
};
# System Packages
environment.systemPackages = with pkgs; [
htop
nvtop
tmux
vim
wget
];
}

147
hosts/rke2-ceph.nix Normal file
View File

@@ -0,0 +1,147 @@
{ config, pkgs, lib, ... }:
{
# Node Nix Config
options = {
dataDiskID = lib.mkOption {
type = lib.types.str;
description = "The device ID for the data disk";
};
serverAddr = lib.mkOption {
type = lib.types.str;
description = "The server to join";
default = "";
};
networkConfig = lib.mkOption {
type = lib.types.submodule {
options = {
interface = lib.mkOption {
type = lib.types.str;
description = "Network interface name";
example = "enp0s3";
};
address = lib.mkOption {
type = lib.types.str;
description = "Static IP address";
example = "10.0.20.200";
};
defaultGateway = lib.mkOption {
type = lib.types.str;
description = "Default gateway IP";
example = "10.0.20.254";
};
nameservers = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "List of DNS servers";
example = [ "10.0.20.254" "8.8.8.8" ];
default = [ "8.8.8.8" "8.8.4.4" ];
};
};
};
description = "Network configuration";
};
};
config = {
# ----------------------------------------
# ---------- Base Configuration ----------
# ----------------------------------------
# Ceph Requirements
boot.kernelModules = [ "rbd" ];
# Network Configuration
networking = {
hostName = config.hostName;
networkmanager.enable = false;
# Interface Configuration
inherit (config.networkConfig) defaultGateway nameservers;
interfaces.${config.networkConfig.interface}.ipv4.addresses = [{
inherit (config.networkConfig) address;
prefixLength = 24;
}];
firewall = {
enable = true;
allowedTCPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
9345 # RKE2 supervisor API
2379 # etcd Client Port
2380 # etcd Peer Port
2381 # etcd Metrics Port
10250 # kubelet metrics
9099 # Canal CNI health checks
# Ceph Ports
3300 # Ceph MON daemon
6789 # Ceph MON service
] ++ lib.range 6800 7300; # Ceph OSD range
allowedUDPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
];
};
};
# System Packages
environment.systemPackages = with pkgs; [
htop
k9s
kubectl
kubernetes-helm
nfs-utils
tmux
vim
];
# ----------------------------------------
# ---------- RKE2 Configuration ----------
# ----------------------------------------
# RKE2 Join Token
environment.etc."rancher/rke2/node-token" = lib.mkIf (config.serverAddr != "") {
source = ../rke2-token;
mode = "0600";
user = "root";
group = "root";
};
# Enable RKE2
services.rke2 = {
enable = true;
role = "server";
disable = [
# Disable - Utilizing Traefik
"rke2-ingress-nginx"
# Distable - Utilizing OpenEBS's Snapshot Controller
"rke2-snapshot-controller"
"rke2-snapshot-controller-crd"
"rke2-snapshot-validation-webhook"
];
} // lib.optionalAttrs (config.serverAddr != "") {
serverAddr = config.serverAddr;
tokenFile = "/etc/rancher/rke2/node-token";
};
# Bootstrap Kubernetes Manifests
system.activationScripts.k8s-manifests = {
deps = [ ];
text = ''
mkdir -p /var/lib/rancher/rke2/server/manifests
# Base Configs
cp ${../k8s/ceph.yaml} /var/lib/rancher/rke2/server/manifests/ceph-base.yaml
cp ${../k8s/kasten.yaml} /var/lib/rancher/rke2/server/manifests/kasten-base.yaml
'';
};
};
}

162
hosts/rke2-openebs.nix Normal file
View File

@@ -0,0 +1,162 @@
{ config, pkgs, lib, ... }:
{
# Node Nix Config
options = {
dataDiskID = lib.mkOption {
type = lib.types.str;
description = "The device ID for the data disk";
};
serverAddr = lib.mkOption {
type = lib.types.str;
description = "The server to join";
default = "";
};
networkConfig = lib.mkOption {
type = lib.types.submodule {
options = {
interface = lib.mkOption {
type = lib.types.str;
description = "Network interface name";
example = "enp0s3";
};
address = lib.mkOption {
type = lib.types.str;
description = "Static IP address";
example = "10.0.20.200";
};
defaultGateway = lib.mkOption {
type = lib.types.str;
description = "Default gateway IP";
example = "10.0.20.254";
};
nameservers = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "List of DNS servers";
example = [ "10.0.20.254" "8.8.8.8" ];
default = [ "8.8.8.8" "8.8.4.4" ];
};
};
};
description = "Network configuration";
};
};
config = {
# ----------------------------------------
# ---------- Base Configuration ----------
# ----------------------------------------
# OpenEBS Mayastor Requirements
boot.kernelModules = [ "nvme_tcp" ];
boot.kernel.sysctl = {
"vm.nr_hugepages" = 1024;
};
# Network Configuration
networking = {
hostName = config.hostName;
networkmanager.enable = false;
# Interface Configuration
inherit (config.networkConfig) defaultGateway nameservers;
interfaces.${config.networkConfig.interface}.ipv4.addresses = [{
inherit (config.networkConfig) address;
prefixLength = 24;
}];
firewall = {
enable = true;
allowedTCPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
9345 # RKE2 supervisor API
2379 # etcd Client Port
2380 # etcd Peer Port
2381 # etcd Metrics Port
10250 # kubelet metrics
9099 # Canal CNI health checks
# OpenEBS Mayastor - https://openebs.io/docs/user-guides/replicated-storage-user-guide/replicated-pv-mayastor/rs-installation#network-requirements
10124 # REST API
8420 # NVMf
4421 # NVMf
];
allowedUDPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
];
};
};
# System Packages
environment.systemPackages = with pkgs; [
htop
k9s
kubectl
kubernetes-helm
nfs-utils
vim
];
# ----------------------------------------
# ---------- RKE2 Configuration ----------
# ----------------------------------------
# RKE2 Join Token
environment.etc."rancher/rke2/node-token" = lib.mkIf (config.serverAddr != "") {
source = ../rke2-token;
mode = "0600";
user = "root";
group = "root";
};
# Enable RKE2
services.rke2 = {
enable = true;
role = "server";
disable = [
# Disable - Utilizing Traefik
"rke2-ingress-nginx"
# Distable - Utilizing OpenEBS's Snapshot Controller
"rke2-snapshot-controller"
"rke2-snapshot-controller-crd"
"rke2-snapshot-validation-webhook"
];
# OpenEBS Scheduleable
nodeLabel = [
"openebs.io/engine=mayastor"
];
} // lib.optionalAttrs (config.serverAddr != "") {
serverAddr = config.serverAddr;
tokenFile = "/etc/rancher/rke2/node-token";
};
# Bootstrap Kubernetes Manifests
system.activationScripts.k8s-manifests = {
deps = [ ];
text = ''
mkdir -p /var/lib/rancher/rke2/server/manifests
# Base Configs
cp ${../k8s/openebs.yaml} /var/lib/rancher/rke2/server/manifests/openebs-base.yaml
cp ${../k8s/kasten.yaml} /var/lib/rancher/rke2/server/manifests/kasten-base.yaml
# OpenEBS Disk Pool
cp ${pkgs.substituteAll {
src = ../k8s/openebs-disk-pool.yaml;
hostName = config.hostName;
dataDiskID = config.dataDiskID;
}} /var/lib/rancher/rke2/server/manifests/openebs-disk-pool-${config.hostName}.yaml
'';
};
};
}

185
hosts/rke2.nix Normal file
View File

@@ -0,0 +1,185 @@
{ config, pkgs, lib, ... }:
{
# Node Nix Config
options = {
dataDiskID = lib.mkOption {
type = lib.types.str;
description = "The device ID for the data disk";
};
serverAddr = lib.mkOption {
type = lib.types.str;
description = "The server to join";
default = "";
};
networkConfig = lib.mkOption {
type = lib.types.submodule {
options = {
interface = lib.mkOption {
type = lib.types.str;
description = "Network interface name";
example = "enp0s3";
};
address = lib.mkOption {
type = lib.types.str;
description = "Static IP address";
example = "10.0.20.200";
};
defaultGateway = lib.mkOption {
type = lib.types.str;
description = "Default gateway IP";
example = "10.0.20.254";
};
nameservers = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "List of DNS servers";
example = [ "10.0.20.254" "8.8.8.8" ];
default = [ "8.8.8.8" "8.8.4.4" ];
};
};
};
description = "Network configuration";
};
};
config = {
# ----------------------------------------
# ---------- Base Configuration ----------
# ----------------------------------------
# Longhorn Requirements
boot.kernelModules = [
"iscsi_tcp"
"dm_crypt"
];
# Longhorn Data Disk
disko.devices = {
disk.longhorn = {
type = "disk";
device = config.dataDiskID;
content = {
type = "gpt";
partitions = {
longhorn = {
size = "100%";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/storage/longhorn";
mountOptions = [ "defaults" "nofail" ];
extraArgs = [ "-d" "su=128k,sw=8" ];
};
};
};
};
};
};
# Network Configuration
networking = {
hostName = config.hostName;
networkmanager.enable = false;
# Interface Configuration
inherit (config.networkConfig) defaultGateway nameservers;
interfaces.${config.networkConfig.interface}.ipv4.addresses = [{
inherit (config.networkConfig) address;
prefixLength = 24;
}];
firewall = {
enable = true;
allowedTCPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
9345 # RKE2 supervisor API
2379 # etcd Client Port
2380 # etcd Peer Port
2381 # etcd Metrics Port
10250 # kubelet metrics
9099 # Canal CNI health checks
# iSCSI Port
3260
];
allowedUDPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
];
};
};
# System Packages
environment.systemPackages = with pkgs; [
htop
k9s
kubectl
kubernetes-helm
nfs-utils
openiscsi
tmux
vim
];
# ----------------------------------------
# ---------- RKE2 Configuration ----------
# ----------------------------------------
# RKE2 Join Token
environment.etc."rancher/rke2/node-token" = lib.mkIf (config.serverAddr != "") {
source = ../rke2-token;
mode = "0600";
user = "root";
group = "root";
};
# Enable RKE2
services.rke2 = {
enable = true;
role = "server";
disable = [
# Disable - Utilizing Traefik
"rke2-ingress-nginx"
# Disable - Utilizing Longhorn's Snapshot Controller
"rke2-snapshot-controller"
"rke2-snapshot-controller-crd"
"rke2-snapshot-validation-webhook"
];
} // lib.optionalAttrs (config.serverAddr != "") {
serverAddr = config.serverAddr;
tokenFile = "/etc/rancher/rke2/node-token";
};
# Enable OpeniSCSI
services.openiscsi = {
enable = true;
name = "iqn.2025-01.${config.hostName}:initiator";
};
# Bootstrap Kubernetes Manifests
system.activationScripts.k8s-manifests = {
deps = [ ];
text = ''
mkdir -p /var/lib/rancher/rke2/server/manifests
# Base Configs
cp ${../k8s/longhorn.yaml} /var/lib/rancher/rke2/server/manifests/longhorn-base.yaml
# cp ${../k8s/kasten.yaml} /var/lib/rancher/rke2/server/manifests/kasten-base.yaml
'';
};
# Add Symlinks Expected by Longhorn
system.activationScripts.add-symlinks = ''
mkdir -p /usr/bin
ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
'';
};
}

164
k8s/ceph.yaml Normal file
View File

@@ -0,0 +1,164 @@
---
# Namespace
apiVersion: v1
kind: Namespace
metadata:
labels:
name: rook-ceph
name: rook-ceph
---
# HelpChart
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: ceph
namespace: kube-system
spec:
repo: https://charts.rook.io/release
chart: rook-ceph
targetNamespace: rook-ceph
valuesContent: |-
enableDiscoveryDaemon: true
---
# CephCluster
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
name: rook-ceph
namespace: rook-ceph
spec:
dataDirHostPath: /var/lib/rook
cephVersion:
image: quay.io/ceph/ceph:v19.2
allowUnsupported: false
# HA - One monitor per node
mon:
count: 3
allowMultiplePerNode: false
# Ceph Dashboard
dashboard:
enabled: true
ssl: true
# Network Configuration
network:
provider: host
# Storage Configuration
storage:
useAllNodes: true
useAllDevices: true
config:
osdsPerDevice: "1"
replicatedSize: "3"
# Disruption Management
disruptionManagement:
managePodBudgets: true
osdMaintenanceTimeout: 30
# Resource Management
# resources:
# mgr:
# limits:
# cpu: "1000m"
# memory: "1Gi"
# requests:
# cpu: "500m"
# memory: "512Mi"
# mon:
# limits:
# cpu: "1000m"
# memory: "1Gi"
# requests:
# cpu: "500m"
# memory: "512Mi"
# osd:
# limits:
# cpu: "2000m"
# memory: "4Gi"
# requests:
# cpu: "1000m"
# memory: "2Gi"
---
# BlockPool - Single Replica
apiVersion: ceph.rook.io/v1
kind: CephBlockPool
metadata:
name: ceph-block-pool-single
namespace: rook-ceph
spec:
failureDomain: host
replicated:
size: 1
---
# BlockPool - Three Replica
apiVersion: ceph.rook.io/v1
kind: CephBlockPool
metadata:
name: ceph-block-pool-triple
namespace: rook-ceph
spec:
failureDomain: host
replicated:
size: 3
---
# StorageClass - Three Replica
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ceph-block-triple
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: rook-ceph.rbd.csi.ceph.com
parameters:
pool: ceph-block-pool-triple
clusterID: rook-ceph
imageFormat: "2"
imageFeatures: layering
# Ceph CSI driver
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
csi.storage.k8s.io/fstype: ext4
allowVolumeExpansion: true
volumeBindingMode: Immediate
reclaimPolicy: Delete
---
# StorageClass - Single Replica
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ceph-block-single
provisioner: rook-ceph.rbd.csi.ceph.com
parameters:
pool: ceph-block-pool-single
clusterID: rook-ceph
imageFormat: "2"
imageFeatures: layering
# Ceph CSI driver
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
csi.storage.k8s.io/fstype: ext4
allowVolumeExpansion: true
volumeBindingMode: Immediate
reclaimPolicy: Delete

83
k8s/kasten.yaml Normal file
View File

@@ -0,0 +1,83 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: va-unraid-backup-rw
spec:
capacity:
storage: 100Ti
accessModes:
- ReadWriteMany
storageClassName: "va-unraid-backup-rw"
persistentVolumeReclaimPolicy: "Retain"
mountOptions:
- "vers=4.2,proto=tcp,port=2049"
nfs:
server: 10.0.20.180
path: "/mnt/user/KubernetesBackup"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: va-unraid-backup-rw
namespace: kasten
spec:
accessModes:
- ReadWriteMany
storageClassName: "va-unraid-backup-rw"
resources:
requests:
storage: 100Ti
---
apiVersion: v1
kind: Namespace
metadata:
labels:
name: kasten
name: kasten
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: k10
namespace: kube-system
spec:
repo: https://charts.kasten.io/
chart: k10
targetNamespace: kasten
---
kind: Profile
apiVersion: config.kio.kasten.io/v1alpha1
metadata:
name: k10-backup-profile
namespace: kasten
spec:
locationSpec:
type: FileStore
fileStore:
claimName: va-unraid-backup-rw
credential:
secretType: ""
secret:
apiVersion: ""
kind: ""
name: ""
namespace: ""
type: Location
---
apiVersion: config.kio.kasten.io/v1alpha1
kind: TransformSet
metadata:
name: storage-class-rename
namespace: kasten
spec:
comment: Renames cstor-r1 to ceph-block-triple
transforms:
- json:
- op: replace
path: /spec/storageClassName
value: ceph-block-triple
name: StorageClassRename
subject:
name: ""
resource: persistentvolumeclaims

50
k8s/longhorn.yaml Normal file
View File

@@ -0,0 +1,50 @@
---
# Namespace
apiVersion: v1
kind: Namespace
metadata:
labels:
name: longhorn
name: longhorn
---
# HelpChart
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: longhorn
namespace: kube-system
spec:
repo: https://charts.longhorn.io
chart: longhorn
targetNamespace: longhorn
valuesContent: |-
persistence:
defaultClass: true
defaultClassReplicaCount: 3
reclaimPolicy: Delete
defaultSettings:
defaultDataPath: /storage/longhorn
defaultReplicaCount: 3
nodeDownPodDeletionPolicy: delete-both-statefulset-and-deployment-pod
guaranteedEngineManagerCPU: 0.25
guaranteedReplicaManagerCPU: 0.25
longhornManager:
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
---
# StorageClass
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn-block-triple
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "3"
staleReplicaTimeout: "2880"
fsType: "ext4"

9
k8s/openebs-disk-pool.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: "openebs.io/v1beta2"
kind: DiskPool
metadata:
name: pool-on-@hostName@
namespace: openebs
spec:
node: @hostName@
disks: ["aio://@dataDiskID@"]

52
k8s/openebs.yaml Normal file
View File

@@ -0,0 +1,52 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
name: openebs
name: openebs
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: openebs
namespace: kube-system
spec:
repo: https://openebs.github.io/openebs
chart: openebs
targetNamespace: openebs
valuesContent: |-
mayastor:
etcd:
replicaCount: 1
engines:
local:
lvm:
enabled: false
zfs:
enabled: false
replicated:
mayastor:
enabled: true
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: cstor-r1
allowVolumeExpansion: true
parameters:
protocol: nvmf
repl: "1"
provisioner: io.openebs.csi-mayastor
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: mayastor-r3
annotations:
storageclass.kubernetes.io/is-default-class: "true"
allowVolumeExpansion: true
parameters:
protocol: nvmf
repl: "3"
provisioner: io.openebs.csi-mayastor

43
lib/common-system.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, lib, ... }:
{
# Node Nix Config
options = {
hostName = lib.mkOption {
type = lib.types.str;
description = "The node hostname";
};
};
config = {
# Basic System
system.stateVersion = "24.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
networking.hostName = config.hostName;
# Boot Loader Options
boot.loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Enable SSH
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
# User Authorized Keys
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
];
hashedPassword = null;
};
};
}

43
lib/disk-config.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, lib, ... }: {
options = {
mainDiskID = lib.mkOption {
type = lib.types.str;
description = "Device path for the main disk";
example = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
};
};
config = {
disko.devices = {
disk = {
main = {
type = "disk";
device = config.mainDiskID;
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

19
lib/module/default.nix
View File

@@ -1,19 +0,0 @@
{ lib, ... }:
let
inherit (lib) mkOption types;
in
rec {
mkOpt =
type: default: description:
mkOption { inherit type default description; };
mkBoolOpt = mkOpt types.bool;
enabled = {
enable = true;
};
disabled = {
enable = false;
};
}

9
modules/darwin/default.nix
View File

@@ -1,9 +0,0 @@
{
config = {
nix.enable = false;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
};
}

35
modules/darwin/security/sops/default.nix
View File

@@ -1,35 +0,0 @@
{ config
, lib
, namespace
, ...
}:
let
inherit (lib) mkIf mkEnableOption types;
inherit (lib.${namespace}) mkOpt;
getFile = lib.snowfall.fs.get-file;
user = config.users.users.${config.${namespace}.user.name};
cfg = config.${namespace}.security.sops;
in
{
options.${namespace}.security.sops = with types; {
enable = mkEnableOption "Enable sops";
defaultSopsFile = mkOpt str "secrets/systems/${config.system.name}.yaml" "Default sops file.";
sshKeyPaths = mkOpt (listOf path) [ ] "Additional SSH key paths to use.";
};
config = mkIf cfg.enable {
sops = {
defaultSopsFile = getFile cfg.defaultSopsFile;
age = {
keyFile = "${user.home}/.config/sops/age/keys.txt";
sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths;
};
};
sops.secrets.builder_ssh_key = {
sopsFile = getFile "secrets/common/systems.yaml";
};
};
}

20
modules/darwin/services/openssh/default.nix
View File

@@ -1,20 +0,0 @@
{ config, namespace, lib, ... }:
let
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.security.sops;
in
{
options.${namespace}.services.openssh = with lib.types; {
enable = lib.mkEnableOption "OpenSSH support";
authorizedKeys = mkOpt (listOf str) [ ] "The public keys to apply.";
extraConfig = mkOpt str "" "Extra configuration to apply.";
port = mkOpt port 2222 "The port to listen on (in addition to 22).";
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
};
};
}

23
modules/darwin/user/default.nix
View File

@@ -1,23 +0,0 @@
{ config, lib, namespace, pkgs, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.user;
in
{
options.${namespace}.user = with types; {
name = mkOpt str "evanreichard" "The name to use for the user account.";
email = mkOpt str "evan@reichard.io" "The email of the user.";
fullName = mkOpt str "Evan Reichard" "The full name of the user.";
uid = mkOpt (types.nullOr types.int) 501 "The uid for the user account.";
};
config = {
users.users.${cfg.name} = {
uid = mkIf (cfg.uid != null) cfg.uid;
shell = pkgs.bashInteractive;
home = "/Users/${cfg.name}";
};
};
}

14
modules/home/common/default.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
jnv
jq
mosh
ncdu
reichard.codexis
ripgrep
sqlite-interactive
unzip
];
}

133
modules/home/programs/graphical/browsers/firefox/default.nix
View File

@@ -1,133 +0,0 @@
{ config
, lib
, pkgs
, namespace
, ...
}:
let
inherit (lib)
types
mkIf
mkMerge
optionalAttrs
;
inherit (lib.${namespace}) mkBoolOpt mkOpt;
cfg = config.${namespace}.programs.graphical.browsers.firefox;
in
{
imports = lib.snowfall.fs.get-non-default-nix-files ./.;
options.${namespace}.programs.graphical.browsers.firefox = with types; {
enable = lib.mkEnableOption "Firefox";
extraConfig = mkOpt str "" "Extra configuration for the user profile JS file.";
gpuAcceleration = mkBoolOpt false "Enable GPU acceleration.";
hardwareDecoding = mkBoolOpt false "Enable hardware video decoding.";
policies = mkOpt attrs
{
CaptivePortal = false;
DisableFirefoxStudies = true;
DisableFormHistory = true;
DisablePocket = true;
DisableTelemetry = true;
DisplayBookmarksToolbar = false;
DontCheckDefaultBrowser = true;
FirefoxHome = {
Pocket = false;
Snippets = false;
};
PasswordManagerEnabled = false;
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
GenerativeAI = {
Chatbot = false;
LinkPreviews = false;
TabGroups = false;
Locked = false;
};
ExtensionSettings = {
# Block All
# "*".installation_mode = "blocked";
# Bypass Paywalls
"magnolia@12.34" = {
install_url = "https://gitflic.ru/project/magnolia1234/bpc_uploads/blob/raw?file=bypass_paywalls_clean-latest.xpi";
installation_mode = "force_installed";
};
};
Preferences = { };
} "Policies to apply to firefox";
settings = mkOpt attrs { } "Settings to apply to the profile.";
extensions.packages = mkOpt (with lib.types; listOf package)
(with pkgs.firefox-addons; [
bitwarden
pkgs.firefox-addons."ctrl-number-to-switch-tabs"
darkreader
gruvbox-dark-theme
kagi-search
sponsorblock
ublock-origin
]) "Extensions to install";
};
config = mkIf cfg.enable {
programs.firefox = {
enable = true;
configPath = ".mozilla/firefox";
inherit (cfg) policies;
profiles = {
${config.${namespace}.user.name} = {
inherit (cfg) extraConfig;
inherit (config.${namespace}.user) name;
extensions = {
packages = cfg.extensions.packages;
force = true;
};
id = 0;
settings = mkMerge [
cfg.settings
{
"browser.aboutConfig.showWarning" = false;
"extensions.autoDisableScopes" = 0;
"extensions.activeThemeID" = "{eb8c4a94-e603-49ef-8e81-73d3c4cc04ff}";
"browser.aboutwelcome.enabled" = false;
"browser.sessionstore.warnOnQuit" = true;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.shell.checkDefaultBrowser" = false;
"general.smoothScroll.msdPhysics.enabled" = true;
"intl.accept_languages" = "en-US,en";
"ui.key.accelKey" = 91;
# "devtools.chrome.enabled" = true;
# "xpinstall.signatures.required" = false;
}
(optionalAttrs cfg.gpuAcceleration {
"dom.webgpu.enabled" = true;
"gfx.webrender.all" = true;
"layers.gpu-process.enabled" = true;
"layers.mlgpu.enabled" = true;
})
(optionalAttrs cfg.hardwareDecoding {
"media.ffmpeg.vaapi.enabled" = true;
"media.gpu-process-decoder" = true;
"media.hardware-video-decoding.enabled" = true;
})
];
# userChrome = ./chrome/userChrome.css;
};
};
};
};
}

14
modules/home/programs/graphical/ghidra/default.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.ghidra;
in
{
options.${namespace}.programs.graphical.ghidra = {
enable = mkEnableOption "Enable Ghidra";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ ghidra ];
};
}

23
modules/home/programs/graphical/ghostty/config/ghostty-catppuccin-macchiato.conf
View File

@@ -1,23 +0,0 @@
# https://github.com/catppuccin/ghostty/blob/main/themes/catppuccin-macchiato.conf
palette = 0=#494d64
palette = 1=#ed8796
palette = 2=#a6da95
palette = 3=#eed49f
palette = 4=#8aadf4
palette = 5=#f5bde6
palette = 6=#8bd5ca
palette = 7=#b8c0e0
palette = 8=#5b6078
palette = 9=#ed8796
palette = 10=#a6da95
palette = 11=#eed49f
palette = 12=#8aadf4
palette = 13=#f5bde6
palette = 14=#8bd5ca
palette = 15=#a5adcb
background = 24273a
foreground = cad3f5
cursor-color = f4dbd6
cursor-text = 24273a
selection-background = 3a3e53
selection-foreground = cad3f5

23
modules/home/programs/graphical/ghostty/config/ghostty-catppuccin-mocha.conf
View File

@@ -1,23 +0,0 @@
# https://github.com/catppuccin/ghostty/blob/main/themes/catppuccin-mocha.conf
palette = 0=#45475a
palette = 1=#f38ba8
palette = 2=#a6e3a1
palette = 3=#f9e2af
palette = 4=#89b4fa
palette = 5=#f5c2e7
palette = 6=#94e2d5
palette = 7=#bac2de
palette = 8=#585b70
palette = 9=#f38ba8
palette = 10=#a6e3a1
palette = 11=#f9e2af
palette = 12=#89b4fa
palette = 13=#f5c2e7
palette = 14=#94e2d5
palette = 15=#a6adc8
background = 1e1e2e
foreground = cdd6f4
cursor-color = f5e0dc
cursor-text = 1e1e2e
selection-background = 353749
selection-foreground = cdd6f4

58
modules/home/programs/graphical/ghostty/config/ghostty.conf
View File

@@ -1,58 +0,0 @@
command = @BASH_PATH@ --login
macos-titlebar-style = tabs
auto-update = off
font-family = "MesloLGM Nerd Font Mono"
confirm-close-surface = true
# Keybindings - Tabs & Splits
keybind = cmd+t=new_tab
keybind = cmd+w=close_surface
keybind = cmd+d=new_split:right
keybind = cmd+shift+d=new_split:down
keybind = cmd+shift+enter=toggle_split_zoom
# Keybindings - Navigation - Splits
keybind = cmd+left=goto_split:left
keybind = cmd+right=goto_split:right
keybind = cmd+up=goto_split:up
keybind = cmd+down=goto_split:down
keybind = cmd+]=goto_split:next
keybind = cmd+[=goto_split:previous
# Keybindings - Navigation - Tabs
keybind = cmd+1=goto_tab:1
keybind = cmd+2=goto_tab:2
keybind = cmd+3=goto_tab:3
keybind = cmd+4=goto_tab:4
keybind = cmd+5=goto_tab:5
keybind = cmd+6=goto_tab:6
keybind = cmd+7=goto_tab:7
keybind = cmd+8=goto_tab:8
keybind = cmd+9=goto_tab:9
keybind = performable:cmd+c=copy_to_clipboard
keybind = performable:cmd+v=paste_from_clipboard
# https://github.com/catppuccin/ghostty/blob/main/themes/catppuccin-mocha.conf
palette = 0=#45475a
palette = 1=#f38ba8
palette = 2=#a6e3a1
palette = 3=#f9e2af
palette = 4=#89b4fa
palette = 5=#f5c2e7
palette = 6=#94e2d5
palette = 7=#bac2de
palette = 8=#585b70
palette = 9=#f38ba8
palette = 10=#a6e3a1
palette = 11=#f9e2af
palette = 12=#89b4fa
palette = 13=#f5c2e7
palette = 14=#94e2d5
palette = 15=#a6adc8
background = 1e1e2e
foreground = cdd6f4
cursor-color = f5e0dc
cursor-text = 1e1e2e
selection-background = 353749
selection-foreground = cdd6f4

30
modules/home/programs/graphical/ghostty/default.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (pkgs.stdenv) isLinux;
inherit (lib) mkIf mkEnableOption optionals;
cfg = config.${namespace}.programs.graphical.ghostty;
in
{
options.${namespace}.programs.graphical.ghostty = {
enable = mkEnableOption "Ghostty";
};
config = mkIf cfg.enable {
# Enable Bash
${namespace}.programs.terminal.bash.enable = true;
# Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
home.packages = with pkgs; optionals isLinux [
ghostty
];
home.file.".config/ghostty/config".text =
let
bashPath = "${pkgs.bashInteractive}/bin/bash";
in
builtins.replaceStrings
[ "@BASH_PATH@" ]
[ bashPath ]
(builtins.readFile ./config/ghostty.conf);
};
}

24
modules/home/programs/graphical/gimp/default.nix
View File

@@ -1,24 +0,0 @@
{ pkgs
, lib
, config
, namespace
, ...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.gimp;
in
{
options.${namespace}.programs.graphical.gimp = {
enable = mkEnableOption "GIMP";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
darktable
gimp-with-plugins
gthumb
];
};
}

17
modules/home/programs/graphical/remmina/default.nix
View File

@@ -1,17 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.remmina;
in
{
options.${namespace}.programs.graphical.remmina = {
enable = mkEnableOption "Remmina";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
remmina
];
};
}

17
modules/home/programs/graphical/strawberry/default.nix
View File

@@ -1,17 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.strawberry;
in
{
options.${namespace}.programs.graphical.strawberry = {
enable = mkEnableOption "Enable Strawberry";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
strawberry
libgpod
];
};
}

17
modules/home/programs/graphical/wireshark/default.nix
View File

@@ -1,17 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.wireshark;
in
{
options.${namespace}.programs.graphical.wireshark = {
enable = mkEnableOption "Wireshark";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
wireshark
];
};
}

217
modules/home/programs/graphical/wms/hyprland/config/hyprland.lua
View File

@@ -1,217 +0,0 @@
-- Hyprland config (lua backend, Hyprland 0.55+).
-- `mainMod`, `menuMod`, and the monitor(s) are injected by Nix above this file.
-- See https://wiki.hypr.land/Configuring/Start/
local terminal = "ghostty"
local menu = "wofi --show drun"
-------------------
---- AUTOSTART ----
-------------------
hl.on("hyprland.start", function()
hl.exec_cmd("uwsm app -- waybar")
hl.exec_cmd("uwsm app -- " .. terminal)
hl.exec_cmd("uwsm app -- firefox")
end)
-----------------------
---- LOOK AND FEEL ----
-----------------------
hl.config({
general = {
gaps_in = 5,
gaps_out = 12,
border_size = 2,
col = {
active_border = { colors = { "rgba(33ccffee)", "rgba(00ff99ee)" }, angle = 45 },
inactive_border = "rgba(595959aa)",
},
resize_on_border = false,
allow_tearing = false,
layout = "dwindle",
},
decoration = {
rounding = 10,
active_opacity = 1.0,
inactive_opacity = 1.0,
shadow = {
enabled = true,
range = 4,
render_power = 3,
color = 0xee1a1a1a,
},
blur = {
enabled = true,
size = 3,
passes = 1,
vibrancy = 0.1696,
},
},
animations = {
enabled = true,
},
dwindle = {
preserve_split = true,
},
master = {
new_status = "master",
},
misc = {
force_default_wallpaper = -1,
disable_hyprland_logo = false,
},
})
----------------------
---- ANIMATIONS ------
----------------------
hl.curve("easeOutQuint", { type = "bezier", points = { { 0.23, 1 }, { 0.32, 1 } } })
hl.curve("easeInOutCubic", { type = "bezier", points = { { 0.65, 0.05 }, { 0.36, 1 } } })
hl.curve("linear", { type = "bezier", points = { { 0, 0 }, { 1, 1 } } })
hl.curve("almostLinear", { type = "bezier", points = { { 0.5, 0.5 }, { 0.75, 1 } } })
hl.curve("quick", { type = "bezier", points = { { 0.15, 0 }, { 0.1, 1 } } })
hl.animation({ leaf = "global", enabled = true, speed = 10, bezier = "default" })
hl.animation({ leaf = "border", enabled = true, speed = 5.39, bezier = "easeOutQuint" })
hl.animation({ leaf = "windows", enabled = true, speed = 4.79, bezier = "easeOutQuint" })
hl.animation({ leaf = "windowsIn", enabled = true, speed = 4.1, bezier = "easeOutQuint", style = "popin 87%" })
hl.animation({ leaf = "windowsOut", enabled = true, speed = 1.49, bezier = "linear", style = "popin 87%" })
hl.animation({ leaf = "fadeIn", enabled = true, speed = 1.73, bezier = "almostLinear" })
hl.animation({ leaf = "fadeOut", enabled = true, speed = 1.46, bezier = "almostLinear" })
hl.animation({ leaf = "fade", enabled = true, speed = 3.03, bezier = "quick" })
hl.animation({ leaf = "layers", enabled = true, speed = 3.81, bezier = "easeOutQuint" })
hl.animation({ leaf = "layersIn", enabled = true, speed = 4, bezier = "easeOutQuint", style = "fade" })
hl.animation({ leaf = "layersOut", enabled = true, speed = 1.5, bezier = "linear", style = "fade" })
hl.animation({ leaf = "fadeLayersIn", enabled = true, speed = 1.79, bezier = "almostLinear" })
hl.animation({ leaf = "fadeLayersOut", enabled = true, speed = 1.39, bezier = "almostLinear" })
hl.animation({ leaf = "workspaces", enabled = true, speed = 1.94, bezier = "almostLinear", style = "fade" })
hl.animation({ leaf = "workspacesIn", enabled = true, speed = 1.21, bezier = "almostLinear", style = "fade" })
hl.animation({ leaf = "workspacesOut", enabled = true, speed = 1.94, bezier = "almostLinear", style = "fade" })
---------------
---- INPUT ----
---------------
hl.config({
input = {
kb_layout = "us",
kb_variant = "",
kb_model = "",
kb_options = "",
kb_rules = "",
follow_mouse = 1,
sensitivity = 0.0,
touchpad = {
scroll_factor = 0.5,
disable_while_typing = true,
natural_scroll = true,
clickfinger_behavior = true,
tap_to_click = false,
},
},
})
-- 4-finger horizontal swipe to switch workspaces. The old `invert` modifier was
-- removed in the 0.51 gesture rework; flip the physical swipe direction if needed.
hl.gesture({ fingers = 4, direction = "horizontal", action = "workspace" })
-- Thinkpad Trackpoint
hl.device({ name = "tpps/2-elan-trackpoint", sensitivity = -0.3 })
---------------------
---- KEYBINDINGS ----
---------------------
-- Menu Mod Bindings (macOS Transition - Spotlight & Screenshots)
hl.bind(menuMod .. " + SPACE", hl.dsp.exec_cmd(menu))
hl.bind(menuMod .. " + SHIFT + 1", hl.dsp.exec_cmd("hyprshot -m output"))
hl.bind(menuMod .. " + SHIFT + 2", hl.dsp.exec_cmd("hyprshot -m window"))
hl.bind(menuMod .. " + SHIFT + 3", hl.dsp.exec_cmd("hyprshot -m region"))
hl.bind(menuMod .. " + Q", hl.dsp.window.close())
-- Primary Bindings
hl.bind(mainMod .. " + RETURN", hl.dsp.exec_cmd(terminal))
hl.bind(mainMod .. " + M", hl.dsp.exec_cmd("uwsm stop"))
hl.bind(mainMod .. " + V", hl.dsp.window.float({ action = "toggle" }))
hl.bind(mainMod .. " + P", hl.dsp.window.pin())
hl.bind(mainMod .. " + J", hl.dsp.layout("togglesplit"))
hl.bind(mainMod .. " + S", hl.dsp.workspace.toggle_special("magic"))
hl.bind(mainMod .. " + SHIFT + S", hl.dsp.window.move({ workspace = "special:magic" }))
-- Window Focus
hl.bind(mainMod .. " + left", hl.dsp.focus({ direction = "left" }))
hl.bind(mainMod .. " + right", hl.dsp.focus({ direction = "right" }))
hl.bind(mainMod .. " + up", hl.dsp.focus({ direction = "up" }))
hl.bind(mainMod .. " + down", hl.dsp.focus({ direction = "down" }))
-- Workspace switch + move active window to workspace (1-9, 0 -> 10)
for i = 1, 10 do
local key = i % 10
hl.bind(mainMod .. " + " .. key, hl.dsp.focus({ workspace = i }))
hl.bind(mainMod .. " + SHIFT + " .. key, hl.dsp.window.move({ workspace = i }))
end
hl.bind(mainMod .. " + SHIFT + right", hl.dsp.focus({ workspace = "+1" }))
hl.bind(mainMod .. " + SHIFT + left", hl.dsp.focus({ workspace = "-1" }))
-- Window move/resize with mouse
hl.bind(mainMod .. " + mouse:272", hl.dsp.window.drag(), { mouse = true })
hl.bind(mainMod .. " + mouse:273", hl.dsp.window.resize(), { mouse = true })
-- Multimedia & Brightness Keys
hl.bind("XF86AudioRaiseVolume", hl.dsp.exec_cmd("wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"), { locked = true, repeating = true })
hl.bind("XF86AudioLowerVolume", hl.dsp.exec_cmd("wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"), { locked = true, repeating = true })
hl.bind("XF86AudioMute", hl.dsp.exec_cmd("wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"), { locked = true, repeating = true })
hl.bind("XF86AudioMicMute", hl.dsp.exec_cmd("wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"), { locked = true, repeating = true })
hl.bind("XF86MonBrightnessUp", hl.dsp.exec_cmd("brightnessctl s 4%+"), { locked = true, repeating = true })
hl.bind("XF86MonBrightnessDown", hl.dsp.exec_cmd("brightnessctl s 5%-"), { locked = true, repeating = true })
-- macOS Keyboard Brightness
hl.bind(menuMod .. " + XF86MonBrightnessUp", hl.dsp.exec_cmd("brightnessctl -d kbd_backlight s 10%+"), { locked = true, repeating = true })
hl.bind(menuMod .. " + XF86MonBrightnessDown", hl.dsp.exec_cmd("brightnessctl -d kbd_backlight s 10%-"), { locked = true, repeating = true })
-- Player Controls
hl.bind("XF86AudioNext", hl.dsp.exec_cmd("playerctl next"), { locked = true })
hl.bind("XF86AudioPause", hl.dsp.exec_cmd("playerctl play-pause"), { locked = true })
hl.bind("XF86AudioPlay", hl.dsp.exec_cmd("playerctl play-pause"), { locked = true })
hl.bind("XF86AudioPrev", hl.dsp.exec_cmd("playerctl previous"), { locked = true })
--------------------------------
---- WINDOWS AND WORKSPACES ----
--------------------------------
hl.window_rule({
name = "suppress-maximize-events",
match = { class = ".*" },
suppress_event = "maximize",
})
hl.window_rule({
name = "fix-xwayland-drags",
match = {
class = "^$",
title = "^$",
xwayland = true,
float = true,
fullscreen = false,
pin = false,
},
no_focus = true,
})

146
modules/home/programs/graphical/wms/hyprland/config/waybar-style.css
View File

@@ -1,146 +0,0 @@
@define-color rosewater #f5e0dc;
@define-color flamingo #f2cdcd;
@define-color pink #f5c2e7;
@define-color mauve #cba6f7;
@define-color red #f38ba8;
@define-color maroon #eba0ac;
@define-color peach #fab387;
@define-color yellow #f9e2af;
@define-color green #a6e3a1;
@define-color teal #94e2d5;
@define-color sky #89dceb;
@define-color sapphire #74c7ec;
@define-color blue #89b4fa;
@define-color lavender #b4befe;
@define-color text #cdd6f4;
@define-color subtext1 #bac2de;
@define-color subtext0 #a6adc8;
@define-color overlay2 #9399b2;
@define-color overlay1 #7f849c;
@define-color overlay0 #6c7086;
@define-color surface2 #585b70;
@define-color surface1 #45475a;
@define-color surface0 #313244;
@define-color base #1e1e2e;
@define-color mantle #181825;
@define-color crust #11111b;
/* Common Styles */
* {
font-family: FantasqueSansMono Nerd Font;
font-size: 14px;
min-height: 0;
}
/* Primary Waybar */
#waybar {
background: transparent;
color: @text;
}
/* Icon Only Sizes */
#network,
#backlight,
#battery {
font-size: 18px;
}
/* Node Styles */
#workspaces,
#window,
#tray,
#cpu,
#memory,
#pulseaudio,
#network,
#backlight,
#battery,
#clock {
margin-top: 1rem;
padding: 0.2px 1rem;
background-color: @surface0;
}
#workspaces button {
color: @lavender;
border-radius: 1rem;
}
#workspaces button.active {
color: @sky;
background-color: @surface2;
}
#workspaces button:hover {
color: @sapphire;
}
#window {
background: transparent;
margin-left: 0.5rem;
margin-right: 8rem; /* Notch */
}
#memory {
color: @blue;
}
#pulseaudio {
color: @maroon;
}
#network {
color: @mauve;
}
#cpu {
color: @peach;
}
#backlight {
color: @yellow;
}
#battery {
color: @green;
}
#battery.charging {
color: @green;
}
#battery.warning:not(.charging) {
color: @red;
}
/* Left Border Radius */
#clock,
#network,
#cpu,
#tray,
#workspaces {
margin-left: 0.5rem;
border-top-left-radius: 1rem;
border-bottom-left-radius: 1rem;
}
/* Right Border Radius */
#pulseaudio,
#clock,
#tray,
#battery,
#workspaces {
margin-right: 0.5rem;
border-top-right-radius: 1rem;
border-bottom-right-radius: 1rem;
}
#workspaces {
padding: 0px;
margin-left: 1rem;
}
#clock {
color: @blue;
margin-right: 1rem;
}

127
modules/home/programs/graphical/wms/hyprland/config/wofi-style.css
View File

@@ -1,127 +0,0 @@
window {
font-family: "Hack Nerd Font";
background: transparent;
}
#outer-box {
padding: 10px;
border-radius: 8px;
background: #2e3440;
}
#scroll {
/* The Nordic gtk theme adds an outline to show scroll areas... */
outline-color: transparent;
}
#input {
color: #e5e9f0;
caret-color: #e5e9f0;
background: #3b4252;
border-top-color: #3b4252;
border-left-color: #3b4252;
border-right-color: #3b4252;
border-bottom-color: #3b4252;
box-shadow: 0 0 0 1px transparent inset;
outline-color: transparent !important;
}
#input:focus {
background: #3b4252;
border-color: #3b4252 !important;
box-shadow: 0 0 0 1px transparent inset;
border-top-color: #3b4252 !important;
border-left-color: #3b4252 !important;
border-right-color: #3b4252 !important;
border-bottom-color: #3b4252 !important;
box-shadow: none !important;
outline-color: transparent !important;
}
#input image.left {
color: #d8dee9;
}
#input:focus image.left {
color: #e5e9f0;
}
#input image.right {
color: #d8dee9;
}
#input:focus image.right {
color: #e5e9f0;
}
label {
/* We set backgrounds on the block level. */
background: transparent;
}
#scroll {
padding-top: 6px;
}
#entry {
color: #4c566a;
padding: 8px 8px;
border-radius: 4px;
background: transparent;
}
#entry:selected {
color: #eceff4;
background: #8fbcbb;
font-weight: bold;
}
expander arrow {
margin-right: 8px;
}
#entry #selected #text {
color: #eceff4;
}
expander list {
margin-top: 8px;
/* background: #8fbcbb; */
background: transparent;
padding-left: 16px;
}
expander list #entry {
transition: none;
background: transparent;
}
expander list #entry:hover,
expander list #entry:active {
/* color: #8fbcbb;
background: #e5e9f0; */
}
expander list #entry #selected {
background: #8fbcbb;
}
expander list #entry #selected label {
color: #eceff4;
font-weight: bold;
}
expander list #entry:hover,
expander list #entry:active {
background: #8fbcbb;
}
expander list #entry:hover label,
expander list #entry:active label {
color: #eceff4;
font-weight: bold;
}
expander list label {
color: #d8dee9;
}

3
modules/home/programs/graphical/wms/hyprland/config/wofi.conf
View File

@@ -1,3 +0,0 @@
stylesheet=./style.css
term=foot
insensitive=true

225
modules/home/programs/graphical/wms/hyprland/default.nix
View File

@@ -1,225 +0,0 @@
{
lib,
pkgs,
config,
namespace,
...
}:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkOpt enabled;
cfg = config.${namespace}.programs.graphical.wms.hyprland;
in
{
options.${namespace}.programs.graphical.wms.hyprland = {
enable = lib.mkEnableOption "Hyprland";
mainMod = mkOpt types.str "SUPER" "main modifier key";
menuMod = mkOpt types.str "SUPER" "menu modifier key (i.e. menuMod + space)";
monitors = mkOpt (with types; listOf str) [ ", preferred, auto, 1" ] "monitor configuration";
};
config = mkIf cfg.enable {
services.swaync = enabled;
wayland.windowManager.hyprland = {
enable = true;
# Lua Backend - Hyprland 0.55 deprecated hyprlang and home-manager 26.05 defaults configType to "lua".
configType = "lua";
extraConfig =
let
# Quote unless the value is numeric, so scale can be `2` or `"auto"`.
luaScalar = v: if builtins.match "[0-9]+(\\.[0-9]+)?" v != null then v else ''"${v}"'';
mkMonitor =
s:
let
parts = map lib.trim (lib.splitString "," s);
field = i: if builtins.length parts > i then builtins.elemAt parts i else "";
in
''hl.monitor({ output = "${field 0}", mode = "${field 1}", position = "${field 2}", scale = ${luaScalar (field 3)} })'';
in
''
local mainMod = "${cfg.mainMod}"
local menuMod = "${cfg.menuMod}"
${lib.concatMapStringsSep "\n" mkMonitor cfg.monitors}
''
+ builtins.readFile ./config/hyprland.lua;
};
programs.waybar = {
enable = true;
style = builtins.readFile ./config/waybar-style.css;
settings = [
{
layer = "top";
position = "top";
mode = "dock";
exclusive = true;
passthrough = false;
gtk-layer-shell = true;
height = 0;
modules-left = [
"hyprland/workspaces"
"hyprland/window"
];
# modules-center = [ "hyprland/window" ];
modules-right = [
"tray"
"cpu"
"memory"
"pulseaudio"
"network"
"backlight"
"battery"
"clock"
];
"hyprland/window" = {
format = "{}";
};
"wlr/workspaces" = {
on-scroll-up = "hyprctl dispatch workspace e+1";
on-scroll-down = "hyprctl dispatch workspace e-1";
all-outputs = true;
on-click = "activate";
};
battery = {
states = {
warning = 30;
critical = 15;
};
format = "{icon}";
format-charging = "󰂄";
format-plugged = "󰂄";
format-alt = "{icon}";
format-icons = [
"󰂃"
"󰁺"
"󰁻"
"󰁼"
"󰁽"
"󰁾"
"󰁾"
"󰁿"
"󰂀"
"󰂁"
"󰂂"
"󰁹"
];
};
cpu = {
interval = 10;
format = " {}%";
max-length = 10;
on-click = "";
};
memory = {
interval = 30;
format = " {}%";
format-alt = " {used:0.1f}G";
max-length = 10;
};
backlight = {
format = "{icon}";
format-icons = [
"󰋙"
"󰫃"
"󰫄"
"󰫅"
"󰫆"
"󰫇"
"󰫈"
];
on-scroll-up = "brightnessctl s 1%-";
on-scroll-down = "brightnessctl s +1%";
};
tray = {
icon-size = 13;
tooltip = false;
spacing = 10;
};
network = {
interval = 1;
format-wifi = "󰖩";
format-ethernet = "󰈀";
format-linked = "󰈁";
format-disconnected = "";
on-click-right = "${pkgs.networkmanagerapplet}/bin/nm-connection-editor";
# tooltip-format = ''
# <big>Network Details</big>
# <tt><small>Interface: {ifname}</small></tt>
# <tt><small>IP: {ipaddr}/{cidr}</small></tt>
# <tt><small>Gateway: {gwaddr}</small></tt>
# <tt><small>󰜷 {bandwidthUpBytes}\n󰜮 {bandwidthDownBytes}</small></tt>'';
tooltip-format = ''
<big>Network Details</big>
<small>
Interface: {ifname}
SSID: {essid}
IP Address: {ipaddr}/{cidr}
Gateway: {gwaddr}
󰜷 {bandwidthUpBytes} / 󰜮 {bandwidthDownBytes}
</small>'';
};
clock = {
format = " {:%Y-%m-%d %H:%M:%S}";
interval = 1;
tooltip-format = ''
<big>{:%Y %B}</big>
<tt><small>{calendar}</small></tt>'';
};
pulseaudio = {
format = "{icon} {volume}%";
tooltip = false;
format-muted = " Muted";
on-click = "pamixer -t";
on-scroll-up = "pamixer -i 5";
on-scroll-down = "pamixer -d 5";
scroll-step = 5;
format-icons = {
headphone = "";
hands-free = "";
headset = "";
phone = "";
portable = "";
car = "";
default = [
""
""
""
];
};
};
"pulseaudio#microphone" = {
format = "{format_source}";
tooltip = false;
format-source = " {volume}%";
format-source-muted = " Muted";
on-click = "pamixer --default-source -t";
on-scroll-up = "pamixer --default-source -i 5";
on-scroll-down = "pamixer --default-source -d 5";
scroll-step = 5;
};
}
];
};
home.packages = with pkgs; [
brightnessctl
hyprshot
wofi
wofi-emoji
];
xdg.configFile = {
"wofi/config".source = ./config/wofi.conf;
"wofi/style.css".source = ./config/wofi-style.css;
"uwsp/env".text = ''
export XCURSOR_SIZE=64
'';
};
};
}

19
modules/home/programs/terminal/aws/default.nix
View File

@@ -1,19 +0,0 @@
{ lib, pkgs, config, namespace, ... }:
let
inherit (lib) mkIf;
cfg = config.${namespace}.programs.terminal.aws;
in
{
options.${namespace}.programs.terminal.aws = {
enable = lib.mkEnableOption "AWS";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
aws-sso-util
awscli2
cw
ssm-session-manager-plugin
];
};
}

2
modules/home/programs/terminal/bash/config/.sqliterc
View File

@@ -1,2 +0,0 @@
.headers on
.mode column

99
modules/home/programs/terminal/bash/config/fastfetch.nix
View File

@@ -1,99 +0,0 @@
{ cfg }:
builtins.toJSON (
{
modules = [
{
type = "separator";
string = "";
length = 35;
}
{
type = "title";
format = "Hardware Information";
}
{
type = "cpu";
key = " ";
}
{
type = "memory";
key = " ";
}
{
type = "display";
key = "󰍹 ";
}
{ type = "separator"; }
{
type = "title";
format = "Software Information";
}
{
type = "os";
key = " ";
}
{
type = "kernel";
key = " ";
}
{
type = "terminal";
key = " ";
}
{
type = "packages";
key = "󰏖 ";
}
{
type = "terminalfont";
key = " ";
}
{ type = "separator"; }
{
type = "title";
format = "Network Information";
}
{
type = "publicip";
key = " ";
}
{
type = "localip";
key = " ";
}
{ type = "separator"; }
{
type = "custom";
format = " {#white} {#red} {#green} {#yellow} {#blue} {#magenta} {#cyan} {#white}\n";
}
];
display = {
separator = " ";
key.width = 7;
color = {
keys = "yellow";
title = "blue";
};
};
settings = {
kernelFormat = "minimal";
memoryUnit = "gib";
temperatureUnit = "celsius";
publicIpTimeout = 2000;
publicIpHost = "http://ident.me";
diskUnit = "gib";
showDisks = [ "/" ];
};
}
// (
if cfg.customFastFetchLogo != null then
{
logo = {
source = cfg.customFastFetchLogo;
type = "file";
};
}
else
{ }
)
)

75
modules/home/programs/terminal/bash/config/hey-intern.sh
View File

@@ -1,75 +0,0 @@
#!/usr/bin/env bash
MODEL="qwen3.6-27b-vllm-180k-cuda0"
SYSTEM_PROMPT="You are a shell command expert. Given a natural language query, generate a single shell command that accomplishes the task."
# Colors
CYAN='\033[0;36m'
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RESET='\033[0m'
hey-intern() {
local query="$*"
# Help
if [ -z "$query" ]; then
echo "Usage: hey-intern \"your query here\"" >&2
return 1
fi
# Execute LLM Request
response=$(curl -s -X POST "https://llm-api.va.reichard.io/v1/chat/completions" \
-H "Content-Type: application/json" \
-d "$(jq -n \
--arg model "$MODEL" \
--arg system "$SYSTEM_PROMPT" \
--arg user "$query" \
'{
model: $model,
temperature: 0.2,
messages: [
{role: "system", content: $system},
{role: "user", content: $user}
],
tools: [{
type: "function",
function: {
name: "generate_shell_command",
description: "Generate a shell command to answer a query",
parameters: {
type: "object",
properties: {
command: {type: "string", description: "The shell command to execute"}
},
required: ["command"]
}
}
}]
}')" | jq -r '.choices[0].message.tool_calls[0].function.arguments // empty')
# Extract Command
local command=$(echo "$response" | jq -r '.command // empty')
if [ -n "$command" ]; then
echo -e "\n ${CYAN}${command}${RESET}\n"
read -p "$(echo -e "${YELLOW}Would you like to run this command? [y/N]${RESET} ")" -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo -e "${GREEN}Running...${RESET}\n"
history -s "$command"
eval "$command"
fi
else
echo "Failed to generate a valid command from the response." >&2
echo "Raw response: $response" >&2
return 1
fi
}
# Export Script
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
hey-intern "$@"
fi

93
modules/home/programs/terminal/bash/default.nix
View File

@@ -1,93 +0,0 @@
{ pkgs
, lib
, config
, namespace
, ...
}:
let
inherit (lib.${namespace}) mkOpt;
inherit (lib) mkEnableOption mkIf optionalAttrs;
inherit (pkgs.stdenv) isLinux isDarwin;
cfg = config.${namespace}.programs.terminal.bash;
in
{
options.${namespace}.programs.terminal.bash = with lib.types; {
enable = mkEnableOption "bash";
customProfile = mkOpt str "" "custom profile";
customFastFetchLogo = mkOpt (nullOr path) null "custom fast fetch logo path";
};
config = mkIf cfg.enable {
programs.bash = {
enable = true;
shellAliases = {
grep = "grep --color";
ssh = "TERM=xterm-256color ssh";
}
// optionalAttrs isLinux {
sync-watch = "watch -d grep -e Dirty: -e Writeback: /proc/meminfo";
}
// optionalAttrs isDarwin {
mosh = "mosh --ssh=\"/usr/bin/ssh\"";
};
profileExtra = ''
export COLORTERM=truecolor
SHELL="$BASH"
PATH=~/.local/bin:$PATH
bind "set show-mode-in-prompt on"
set -o vi || true
source <(fzf --bash)
VISUAL=vim
EDITOR="$VISUAL"
if [ -z "$CLAUDE_CODE_ENTRYPOINT" ]; then
fastfetch
fi
[[ -f ~/.bash_custom ]] && . ~/.bash_custom
source ${./config/hey-intern.sh}
''
+ cfg.customProfile;
};
programs.powerline-go = {
enable = true;
settings = {
git-mode = "compact";
theme = "gruvbox";
};
modules = [
"host"
"cwd"
"git"
"docker"
"venv"
];
};
programs.readline = {
enable = true;
extraConfig = ''
# Approximate VIM Dracula Colors
set vi-ins-mode-string \1\e[01;38;5;23;48;5;231m\2 I \1\e[38;5;231;48;5;238m\2\1\e[0m\2
set vi-cmd-mode-string \1\e[01;38;5;22;48;5;148m\2 C \1\e[38;5;148;48;5;238m\2\1\e[0m\2
'';
};
programs.fzf.enable = true;
home.packages = with pkgs; [
bashInteractive
fastfetch
mosh
nerd-fonts.meslo-lg
];
home.file.".config/fastfetch/config.jsonc".text = import ./config/fastfetch.nix { inherit cfg; };
home.file.".sqliterc".text = builtins.readFile ./config/.sqliterc;
};
}

Some files were not shown because too many files have changed in this diff Show More