mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mjallen:78280d5150b78fe00764310dd02b44530f935ea8
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland
..
compare: mjallen:main
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland

134 Commits
78280d5150 ... main

Author SHA1 Message Date
Matt Jallen
f51c362086 upd 2026-04-17 19:23:32 -05:00
mjallen18
a158d401ae filtering 2026-04-16 20:12:18 -05:00
mjallen18
95842b22f0 agh 2026-04-16 19:24:59 -05:00
mjallen18
3977227889 idk 2026-04-16 19:22:57 -05:00
mjallen18
cb8ef87229 nuc 2026-04-16 13:03:55 -05:00
mjallen18
44b3459d49 lol 2026-04-16 13:01:27 -05:00
mjallen18
c59ac2ccb6 kern 2026-04-16 12:40:03 -05:00
mjallen18
1767debfd8 upd 2026-04-16 12:38:07 -05:00
mjallen18
95f08a258e hue 2026-04-16 09:58:32 -05:00
mjallen18
c5ba5d4164 bluetooth 2026-04-15 11:39:41 -05:00
mjallen18
004eb3c29c esphome 2026-04-14 17:45:29 -05:00
mjallen18
616d357a59 cyd 2026-04-14 17:42:19 -05:00
mjallen18
d4481923a8 cyd 2026-04-14 17:38:59 -05:00
mjallen18
246f65190e cyd 2026-04-14 17:37:38 -05:00
mjallen18
b6df62a875 cyd 2026-04-14 17:31:10 -05:00
mjallen18
8d81a1d6e1 cyd 2026-04-14 17:29:22 -05:00
mjallen18
7368968fd5 cyd 2026-04-14 17:25:44 -05:00
mjallen18
9a719479bc cyd 2026-04-14 17:15:13 -05:00
mjallen18
38922cd526 cyd 2026-04-14 17:01:48 -05:00
mjallen18
26e7fffbd1 cyd 2026-04-14 16:56:12 -05:00
mjallen18
9792f86548 cyd 2026-04-14 16:54:32 -05:00
mjallen18
dd9fa58c5c cyd 2026-04-14 16:46:58 -05:00
mjallen18
db620cd22a cyd 2026-04-14 16:36:35 -05:00
mjallen18
dab3a37b0a cyd 2026-04-14 16:18:33 -05:00
mjallen18
74b1825d4d cyd 2026-04-14 16:12:54 -05:00
mjallen18
c3abeb846d ip 2026-04-13 14:22:27 -05:00
mjallen18
d676b6dc1e nuc 2026-04-13 14:11:45 -05:00
mjallen18
86fffbd512 upd 2026-04-13 13:25:52 -05:00
mjallen18
1b5f695f40 todo remove 2026-04-13 09:41:40 -05:00
mjallen18
9491c0356d grafana 2026-04-13 09:41:27 -05:00
Matt Jallen
152efb84da esp 2026-04-10 09:49:19 -05:00
Matt Jallen
26d5a8c686 esp 2026-04-10 09:48:58 -05:00
mjallen18
ee55a543fa caddy int 2026-04-09 15:01:01 -05:00
mjallen18
7cc6732a7e caddy int 2026-04-09 14:57:27 -05:00
mjallen18
b73ad049e7 darwin 2026-04-09 11:20:29 -05:00
mjallen18
5d23b3db93 .face 2026-04-09 11:03:35 -05:00
mjallen18
aa609630a1 darwin 2026-04-09 10:35:50 -05:00
mjallen18
1e1eb9886c darwin 2026-04-09 10:32:06 -05:00
Matt Jallen
9c326f5768 neb 2026-04-08 17:36:21 -05:00
Matt Jallen
e8cae7fff1 vesktop 2026-04-08 17:32:32 -05:00
Matt Jallen
88b9d5309f vesktop 2026-04-08 17:23:36 -05:00
Matt Jallen
d44d03d0b1 vesktop 2026-04-08 17:14:32 -05:00
Matt Jallen
4ac7463a1f ... 2026-04-08 16:11:17 -05:00
mjallen18
b354dc202a nas 2026-04-08 16:08:00 -05:00
mjallen18
079493b55e nas 2026-04-08 16:08:00 -05:00
mjallen18
d06a43bf06 build2 2026-04-08 15:40:48 -05:00
mjallen18
6b8395ffdb nebula 2026-04-08 15:16:25 -05:00
mjallen18
7adbafb848 attic 2026-04-08 15:13:03 -05:00
mjallen18
3af0d99f98 attic 2026-04-08 15:08:00 -05:00
Matt Jallen
025ab854f0 vesktop 2026-04-08 14:57:15 -05:00
mjallen18
5ce8433aa8 lol 2026-04-08 14:56:39 -05:00
mjallen18
2e8c2ddd3a lol 2026-04-08 13:24:09 -05:00
mjallen18
4cb746afc5 hmm 2026-04-07 22:02:54 -05:00
mjallen18
3234029ae5 hmm 2026-04-07 22:02:54 -05:00
mjallen18
928de1837b lol 2026-04-07 21:23:51 -05:00
mjallen18
70002a19e2 hmm 2026-04-07 18:39:42 -05:00
Matt Jallen
a418d03b19 clev 2026-04-06 15:48:34 -05:00
mjallen18
8aff587014 upd llama 2026-04-06 15:47:34 -05:00
Matt Jallen
909917f385 version_upgrade=incompatible 2026-04-06 13:35:07 -05:00
mjallen18
c8587da722 bcachefs 1.37.4 2026-04-06 12:10:04 -05:00
mjallen18
2ebe78981a upd 2026-04-06 09:43:12 -05:00
mjallen18
c98d48b43b upd 2026-04-06 09:08:32 -05:00
mjallen18
ff469102ea manual_inherit 2026-04-05 19:10:23 -05:00
mjallen18
a363622659 useless_parens 2026-04-05 15:10:13 -05:00
mjallen18
07b1fc3618 empty_pattern 2026-04-05 14:49:16 -05:00
mjallen18
159ad4cb83 useless_has_attr 2026-04-05 14:29:24 -05:00
mjallen18
c439495d7a repeated_keys 2026-04-05 14:15:20 -05:00
mjallen18
14477a8d85 system -> stdenv 2026-04-05 13:53:49 -05:00
mjallen18
37b0c50821 fmt 2026-04-05 13:50:18 -05:00
mjallen18
10b906a27c hmm 2026-04-05 13:48:41 -05:00
mjallen18
f111b1c725 up llama 2026-04-05 13:25:07 -05:00
mjallen18
869b48d26f govee2mqtt 2026-04-03 09:03:37 -05:00
mjallen18
ffbb820be3 maybe lol 2026-04-02 15:56:06 -05:00
mjallen18
eda929b4eb robo 2026-04-02 15:26:33 -05:00
mjallen18
8367c2c068 automation 2026-04-02 15:18:43 -05:00
mjallen18
6d0f109564 pypath 2026-04-02 15:03:05 -05:00
mjallen18
657849140f upd 2026-04-02 13:17:47 -05:00
mjallen18
13cf58de7c orca 2026-04-02 10:53:47 -05:00
mjallen18
acc683bac3 databasus 2026-04-01 18:05:40 -05:00
mjallen18
166123e8fe suggestarr and bookshelf 2026-04-01 18:05:40 -05:00
Matt Jallen
e4daf12f39 calibre 2026-04-01 14:54:20 -05:00
mjallen18
03f6b730cf kek 2026-04-01 13:21:25 -05:00
mjallen18
57fa32bf9c overrides for hass lol 2026-03-31 17:24:46 -05:00
mjallen18
c1efceef55 roborock 2026-03-31 14:23:32 -05:00
mjallen18
a125017c93 roborock 2026-03-31 14:15:54 -05:00
mjallen18
35154eb694 fix nfc 2026-03-31 14:00:04 -05:00
mjallen18
bd799661b9 fix avahi 2026-03-31 13:33:42 -05:00
mjallen18
6ca55504f0 net 2026-03-30 19:35:09 -05:00
mjallen18
0aa9a0f994 fmt 2026-03-30 19:34:40 -05:00
mjallen18
9728f49e42 fmt 2026-03-30 19:16:09 -05:00
mjallen18
c97e96f2da lol 2026-03-30 19:03:22 -05:00
mjallen18
eec051b256 cider 2026-03-30 16:27:55 -05:00
mjallen18
a88736cf6e net 2026-03-30 16:09:25 -05:00
mjallen18
8d8d49bd38 net 2026-03-30 15:38:25 -05:00
mjallen18
a673f379c7 test 2026-03-30 14:57:09 -05:00
mjallen18
2f8f5092c4 nc 2026-03-30 14:46:08 -05:00
mjallen18
47b9c1ae98 fix cloud 2026-03-30 13:34:47 -05:00
Matt Jallen
6d6618a683 rpi 2026-03-30 11:56:31 -05:00
mjallen18
62736ed77c kavita 2026-03-29 22:24:04 -05:00
mjallen18
0967e27fca hass 2026-03-28 10:41:03 -05:00
mjallen18
383013f425 stylix 2026-03-28 10:39:16 -05:00
mjallen18
23139fe492 asd 2026-03-27 18:32:24 -05:00
mjallen18
add39956f7 hass 2026-03-27 18:32:24 -05:00
mjallen18
4c1332e67a theme 2026-03-27 18:31:01 -05:00
mjallen18
5fe8c897aa unihj 2026-03-27 18:25:58 -05:00
mjallen18
8217b83798 atlauncher 2026-03-27 16:54:19 -05:00
Matt Jallen
06c1ae13df config cleanups 2026-03-27 13:29:45 -05:00
Matt Jallen
9ae5c8ab6d int test 2026-03-27 09:05:03 -05:00
mjallen18
515792132f hm 2026-03-26 20:33:16 -05:00
Matt Jallen
53489fe173 hmm 2026-03-26 20:26:31 -05:00
Matt Jallen
979344917e idk 2026-03-26 15:40:50 -05:00
Matt Jallen
f80144d22b wallpaper 2026-03-26 15:33:53 -05:00
mjallen18
8732e65f1c caffiene 2026-03-26 15:29:42 -05:00
mjallen18
f7a0460646 desktop 2026-03-26 13:52:13 -05:00
Matt Jallen
9515a5d317 wallpaper 2026-03-26 13:47:15 -05:00
Matt Jallen
c4bc1b155a what 2026-03-26 12:52:11 -05:00
mjallen18
c15f0b0f0b mbp 2026-03-26 12:51:27 -05:00
mjallen18
a060a84cf1 mbp 2026-03-26 12:16:00 -05:00
mjallen18
5fe8c08653 mbp 2026-03-26 12:09:33 -05:00
Matt Jallen
832ac9d0df what 2026-03-26 12:07:59 -05:00
mjallen18
92358d0415 mbp 2026-03-26 11:44:59 -05:00
mjallen18
aed841d32e hass 2026-03-26 11:42:19 -05:00
Matt Jallen
85ea3039f4 upd 2026-03-26 11:41:59 -05:00
Matt Jallen
5e22760799 plasma specialisation fix 2026-03-26 10:53:46 -05:00
Matt Jallen
84f600eb04 upd 2026-03-26 10:31:37 -05:00
mjallen18
6dc138bbf6 allyx plasma 2026-03-26 10:30:47 -05:00
mjallen18
23a04934fb plasma specialisation 2026-03-26 10:30:40 -05:00
Matt Jallen
0e0ec54b5e firy 2026-03-26 10:24:55 -05:00
Matt Jallen
c252a07877 upd 2026-03-26 10:15:06 -05:00
mjallen18
47d7d5b11e fix plasma: disable stylix qt target and set widgetStyle=Breeze 
Stylix's qt target sets QT_STYLE_OVERRIDE=kvantum and writes qt6ct/qt5ct
configs with style=kvantum. plasmashell/KWin crash with a fatal
'module kvantum is not installed' QML error because the kvantum Qt style
plugin is not available in the Plasma session.

- stylix: targets.qt.enable = false (stops QT_STYLE_OVERRIDE=kvantum)
- plasma: remove kvantum package, add widgetStyle=Breeze as belt-and-suspenders
 2026-03-26 09:38:38 -05:00
mjallen18
e119ffaabb xtr temp 2026-03-25 22:24:19 -05:00
mjallen18
ab81e78b60 init xrt and fflm 2026-03-25 20:46:42 -05:00
mjallen18
2013804b17 lemonade 2026-03-25 19:59:49 -05:00
mjallen18
7fcbd0bb7c plasma 2026-03-25 18:23:08 -05:00
419 changed files with 14957 additions and 6812 deletions
Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -6,9 +6,9 @@ result*
.direnv
shell.nix
.vscode
**/*/*.py
.envrc
.DS_Store
*.qcow2
keys
iso-*
iso-*
**/*/__pycache__

0
AGENTS.md Normal file → Executable file
View File

2
README.md
View File

@@ -71,7 +71,7 @@ A powerful AMD-based desktop with gaming capabilities, featuring:
### NAS
A home server with various self-hosted services:
- Media management (Jellyfin, Jellyseerr)
- Media management (Jellyfin, seerr)
- Download automation (Sonarr, Radarr, etc.)
- Document management (Paperless)
- File sharing (Samba, Nextcloud)

2
WORKAROUNDS.md Normal file → Executable file
View File

@@ -348,7 +348,7 @@ These are not workarounds but known incomplete configurations:
| `systems/x86_64-linux/jallen-nas/apps.nix` | 47 | Authentik environment secrets file not wired up |
| `modules/nixos/services/sparky-fitness/default.nix` | — | ~~DB passwords not yet moved to SOPS~~ — resolved; secrets now via `mkSopsEnvFile`; run `sops secrets/nas-secrets.yaml` to add real values for `jallen-nas/sparky-fitness/{db-password,api-encryption-key,auth-secret}` |
| `modules/nixos/services/your-spotify/default.nix` | 36 | Spotify API keys not yet moved to SOPS |
| `modules/nixos/services/booklore/default.nix` | 25 | Database password not yet a SOPS secret |
| `modules/nixos/services/booklore/default.nix` | 28 | Database password not yet a SOPS secret |
| `packages/raspberrypi/udev-rules/default.nix` | 33 | `15-i2c-modprobe.rules` disabled; `i2cprobe` script not ported |
| `modules/nixos/homeassistant/services/homeassistant/default.nix` | 214 | `roborock` integration marked broken |

15
checks/pre-commit-hooks/default.nix Normal file → Executable file
View File

@@ -28,12 +28,13 @@ pre-commit-hooks-nix.lib.${pkgs.stdenv.hostPlatform.system}.run {
enable = true;
package = pkgs.nixfmt;
};
statix = {
enable = true;
args = [
"--config"
(lib.snowfall.fs.get-file "statix.toml")
];
};
# statix disabled - too many false positives (manual_inherit warnings)
# statix = {
# enable = true;
# args = [
# "--config"
# (lib.snowfall.fs.get-file "statix.toml")
# ];
# };
};
}

0
docs/README.md Normal file → Executable file
View File

1
docs/architecture.md Normal file → Executable file
View File

@@ -56,7 +56,6 @@ This NixOS configuration repository is built using [Nix Flakes](https://nixos.wi
| `nixpkgs-stable` | `github:NixOS/nixpkgs/nixos-25.11` | Stable package set |
| `nixpkgs-otbr` | `github:mrene/nixpkgs` (fork) | OpenThread Border Router packages |
| `home-manager-unstable` | `github:nix-community/home-manager` | User environment management |
| `home-manager-stable` | `github:nix-community/home-manager/release-25.11` | Stable home-manager |
| `snowfall-lib` | `github:mjallen18/snowfall-lib` | Flake structure library (personal fork) |
| `impermanence` | `github:nix-community/impermanence` | Ephemeral root filesystem support |
| `lanzaboote` | `github:nix-community/lanzaboote/v1.0.0` | Secure Boot |

348
docs/flake-improvements.md Executable file
View File

@@ -0,0 +1,348 @@
# Flake Improvement Suggestions
A methodical review of the flake against what Snowfall Lib provides and what the codebase currently does. Suggestions are grouped by theme and ordered roughly from highest to lowest impact.
---
## 1. Flake-level: HM module registration — single source of truth via snowfall-lib fix
**Root cause discovered**: Snowfall Lib's `mkFlake` previously merged `systems.modules.home` into `homes` only for standalone `homeConfigurations`. The `homes` attrset passed to `create-systems` (which builds `nixosConfigurations`) was the raw unmerged value, so `systems.modules.home` had no effect on NixOS-integrated homes.
**Fix applied**: Patched the personal snowfall-lib fork (`github:mjallen18/snowfall-lib`) to extract the merge into a shared `homes-with-system-modules` binding and pass it to both `create-homes` (standalone) and `create-systems` (NixOS-integrated). `flake.lock` updated to the new commit.
`modules/nixos/home/default.nix` no longer needs `sharedModules``systems.modules.home` in `flake.nix` is now the single authoritative list for all contexts.
---
## 2. Flake-level: Duplicated Darwin HM module registration
**Problem**: Same issue as above for Darwin. `flake.nix:160167` registers Darwin HM modules via `systems.modules.darwin`, but none of those are actually Home Manager modules — `nix-homebrew`, `home-manager.darwinModules.home-manager`, `nix-plist-manager`, `nix-rosetta-builder`, `nix-index-database`, and `stylix.darwinModules.stylix` are all NixOS-style Darwin system modules, not HM `sharedModules`. This is the correct place for them. The `modules/darwin/home/default.nix` module handles the Darwin-side HM bridge.
**No change needed here**, but add a comment to clarify why this list stays in `flake.nix` while the `modules.home` list should move:
```nix
# Common darwin system-level modules (not HM sharedModules — those live in modules/darwin/home/)
modules.darwin = with inputs; [ ... ];
```
---
## 3. System-level: Repeated nebula lighthouse config
**Problem**: Three systems (`matt-nixos`, `allyx`, `macbook-pro-nixos`) each independently spell out the same lighthouse peer config:
```nix
# Repeated verbatim in 3 files:
lighthouses = [ "10.1.1.1" ];
staticHostMap = {
"10.1.1.1" = [ "mjallen.dev:4242" ];
};
port = 4242;
```
**Suggestion**: Add defaults to `modules/nixos/services/nebula/default.nix` options so that non-lighthouse nodes don't need to spell this out. Since this is a personal network with one lighthouse, the defaults can encode that:
```nix
# In nebula/default.nix options:
lighthouses = lib.mjallen.mkOpt (types.listOf types.str) [ "10.1.1.1" ]
"Nebula overlay IPs of lighthouse nodes";
staticHostMap = lib.mjallen.mkOpt (types.attrsOf (types.listOf types.str))
{ "10.1.1.1" = [ "mjallen.dev:4242" ]; }
"Static host map";
port = lib.mjallen.mkOpt types.port 4242 "Nebula listen port";
```
Client systems can then reduce to:
```nix
services.nebula = {
enable = true;
secretsPrefix = "matt-nixos/nebula";
secretsFile = lib.snowfall.fs.get-file "secrets/desktop-secrets.yaml";
hostSecretName = "matt-nixos";
};
```
The lighthouse (`pi5`) already overrides `isLighthouse = true` and doesn't set `lighthouses`/`staticHostMap`, so it would be unaffected.
---
## 4. System-level: `systemd-networkd-wait-online` scattered disablement
**Problem**: `systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false` appears in:
- `systems/x86_64-linux/matt-nixos/default.nix:92`
- `systems/x86_64-linux/allyx/default.nix:135`
`modules/nixos/network/default.nix` already disables `NetworkManager-wait-online` and `systemd.network.wait-online`, but not `systemd-networkd-wait-online`. These are the same underlying concern.
**Suggestion**: Add `systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;` unconditionally to `modules/nixos/network/default.nix` alongside the existing `NetworkManager-wait-online` disablement (line 89). Remove the per-system overrides.
---
## 5. System-level: `coolercontrol` and GNOME desktop environment variables
**Problem**: Two systems (`matt-nixos:91`, `allyx:82`) share identical config blocks:
```nix
programs.coolercontrol.enable = true;
environment.variables = {
GDK_SCALE = "1";
EDITOR = "${lib.getExe' pkgs.vscodium "codium"} --wait";
VISUAL = "${lib.getExe' pkgs.vscodium "codium"} --wait";
};
```
These belong to a desktop AMD gaming profile, not to the system configs themselves.
**Suggestions** (pick one or both):
- **A** — Add a `coolercontrol.enable` option to `modules/nixos/hardware/amd/default.nix` (default `false`) and wire `programs.coolercontrol.enable` inside it. Each system opts in with `hardware.amd.coolercontrol.enable = true`.
- **B** — Add `vscodium` as the default `EDITOR`/`VISUAL` to `modules/nixos/desktop/gnome/default.nix` behind a `vscodium.enable` option (default `false`). The two systems that want it set `desktop.gnome.vscodium.enable = true`.
- **C** — Create a shared `modules/nixos/desktop/common/default.nix` (or `profiles/desktop.nix`) that both GNOME and Hyprland modules consume, and put `GDK_SCALE` there.
---
## 6. System-level: `networking.networkmanager.wifi.backend = "iwd"` bypass
**Problem**: `matt-nixos:100` and `allyx:140` set `networking.networkmanager.wifi.backend = "iwd"` directly, bypassing the `${namespace}.network.iwd.enable` option that the `network` module already provides.
Looking at `modules/nixos/network/default.nix:143154`, enabling `cfg.iwd.enable` does set this value via `mkForce`, but it also forces `networkmanager.enable = mkForce false` — which is unwanted on these systems that use NetworkManager with the iwd backend.
**Root cause**: The module conflates "use iwd" (the WiFi daemon) with "disable NetworkManager" (the connection manager). These are separate concerns. NetworkManager can use iwd as its WiFi backend while still being the connection manager.
**Suggestion**: Restructure the `network` module's iwd handling:
```nix
# Instead of forcing NM off when iwd is enabled:
networking = {
wireless.iwd.enable = cfg.iwd.enable;
networkmanager = mkIf cfg.networkmanager.enable {
enable = true;
wifi.backend = mkIf cfg.iwd.enable "iwd";
# ... rest of NM config
};
};
```
Then the per-system lines become:
```nix
${namespace}.network = {
hostName = "matt-nixos";
iwd.enable = true;
networkmanager.enable = true;
};
```
---
## 7. System-level: `fileSystems."/etc".neededForBoot` not in impermanence module
**Problem**: `fileSystems."/etc".neededForBoot = true` is set manually in four system configs (`nuc-nixos`, `pi5`, `jallen-nas`, `graphical`). This is a prerequisite of impermanence (tmpfs root), not a per-system choice.
**Suggestion**: Add to `modules/nixos/impermanence/default.nix`:
```nix
config = mkIf cfg.enable {
fileSystems."/etc".neededForBoot = true;
# ... existing config
};
```
Then remove the manual setting from each system. (`macbook-pro-nixos` and `matt-nixos` may already have this in their `filesystems.nix` — verify and remove duplicates there too.)
---
## 8. System-level: `system.stateVersion` and `time.timeZone` should be module options
**Problem**: In `modules/nixos/system/default.nix`:
- Line 3: `timezone = "America/Chicago"` is hardcoded
- Line 54: `system.stateVersion = "23.11"` is hardcoded
Both are set unconditionally for every system with no way to override without using `lib.mkForce`.
**Suggestions**:
```nix
# modules/nixos/system/default.nix
{ config, lib, namespace, pkgs, system, ... }:
let
cfg = config.${namespace}.system;
in
{
options.${namespace}.system = {
timezone = lib.mkOption {
type = lib.types.str;
default = "America/Chicago";
description = "System timezone";
};
stateVersion = lib.mkOption {
type = lib.types.str;
default = "23.11";
description = "NixOS state version. Should match the version used when the system was first installed.";
};
};
config = {
time.timeZone = cfg.timezone;
system.stateVersion = cfg.stateVersion;
# ... packages
};
}
```
This maintains the current default for all systems (no change required) while allowing any system to say `${namespace}.system.stateVersion = "24.05"` cleanly.
---
## 9. Module-level: Darwin and NixOS `nix` modules share ~90% of their content
**Problem**: `modules/darwin/nix/default.nix` and `modules/nixos/nix/default.nix` differ only in:
- Darwin lacks `daemonCPUSchedPolicy`/`daemonIOSchedClass`/`daemonIOSchedPriority`
- Darwin lacks the `systemd.services.nix-gc.serviceConfig` block
- Darwin lacks `cudaSupport`/`rocmSupport` in `nixpkgs.config`
- Darwin's substituters list omits `attic.xuyh0120.win/lantian`
Everything else — substituters, trusted keys, `warn-dirty`, `experimental-features`, `trusted-users`, `builders-use-substitutes`, `connect-timeout`, `fallback`, `log-lines`, `max-free`, `min-free`, GC settings, `optimise` — is identical.
**Suggestion**: Extract a shared Nix attrset into `lib/nix-settings/default.nix` (or a plain `.nix` file imported by both):
```nix
# lib/nix-settings/default.nix
{ lib }:
{
commonSubstituters = [
"http://jallen-nas.local:9012/nas-cache"
"https://nixos-apple-silicon.cachix.org"
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
commonTrustedPublicKeys = [ ... ];
commonSettings = { warn-dirty = ...; experimental-features = ...; ... };
commonGc = { automatic = true; options = "--delete-older-than 30d"; };
}
```
Both modules import and spread this. The NixOS module adds scheduler policies and systemd GC service tweaks on top.
---
## 10. Module-level: Home SOPS configuration is inconsistent across homes
**Problem**: Three different patterns are used to configure SOPS in home configs:
1. **`${namespace}.sops.enable = true`** — uses the module at `modules/home/sops/default.nix` (macbook-pro-nixos home, jallen-nas home)
2. **Inline SOPS config** — sets `sops.*` directly (allyx home, pi5 home)
3. **Nothing** — some homes don't configure sops at all (matt-nixos home relies on system-level secrets only)
The `modules/home/sops/default.nix` module already handles the `age.keyFile` path, `defaultSopsFile`, and SSH key setup. The inline patterns duplicate this.
**Suggestion**: Migrate all homes that configure sops inline to use `${namespace}.sops.enable = true`. If the home needs a different `defaultSopsFile` (e.g. pi5 uses `secrets/pi5-secrets.yaml`), that should be a module option:
```nix
# modules/home/sops/default.nix — add option:
options.${namespace}.sops = {
enable = lib.mkEnableOption "home sops";
defaultSopsFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null; # falls back to global secrets.yaml
description = "Override the default SOPS file for this home";
};
};
```
---
## 11. Module-level: `modules/nixos/home/default.nix` — `home-manager` input key coupling
**Problem**: `systems.modules.nixos` in `flake.nix:147` explicitly includes `home-manager.nixosModules.home-manager`. However Snowfall Lib **automatically** injects the home-manager NixOS module when the `home-manager` input is present and there are home configurations (Snowfall Lib `system/default.nix` lines 265270).
**Suggestion**: Verify (by temporarily removing the explicit entry) whether `home-manager.nixosModules.home-manager` can be dropped from `systems.modules.nixos`. If Snowfall Lib handles this automatically, removing it eliminates the manual coupling.
---
## 12. System-level: `nuc-nixos` — large monolithic default.nix
**Problem**: `systems/x86_64-linux/nuc-nixos/default.nix` is over 330 lines and contains everything inline: disk config, networking, Home Assistant dashboard definitions (~170 lines of inline Nix), kernel config, user setup, and services. Every other complex system (jallen-nas) already uses a split structure with `apps.nix`, `services.nix`, `nas-defaults.nix`, etc.
**Suggestion**: Extract into separate files following the jallen-nas pattern:
```
systems/x86_64-linux/nuc-nixos/
├── default.nix # thin: imports + top-level options
├── boot.nix # disk/luks/filesystem config
├── dashboard.nix # Home Assistant dashboard card definitions
├── services.nix # postgres, redis, HA, OTBR etc.
└── sops.nix # (or reuse the shared module)
```
The dashboard in particular (currently lines ~88260) should be isolated so HA configuration changes don't require touching system-level config.
---
## 13. System-level: Verify `admin@jallen-nas` steam-rom-manager double-import
**Problem**: `homes/x86_64-linux/admin@jallen-nas/default.nix:16` explicitly imports `steam-rom-manager.homeManagerModules.default`. This same module is injected globally via `modules/nixos/home/default.nix:92` for all x86_64 systems (the ARM guard is `!isArm`, and jallen-nas is x86_64).
**Suggestion**: Remove the explicit import from `admin@jallen-nas/default.nix`. If it was added for standalone `home-manager switch` builds (without NixOS), document that reason in a comment rather than keeping a potentially conflicting double-import.
---
## 14. Flake-level: `pi5` host entry with empty modules list
**Problem**: `flake.nix:218221` defines:
```nix
pi5 = {
modules = [ ];
};
```
An empty modules list is the default behavior — this entry has no effect and can be removed. The comment `# disko is already in systems.modules.nixos above` is incorrect (disko is global for all systems, not specific to pi5). The comment itself is misleading.
**Suggestion**: Remove the `pi5` host entry from `flake.nix` entirely. If the comment is meant to remind future maintainers that disko is global, move that context to `AGENTS.md` or a comment near the global `systems.modules.nixos` list.
---
## 15. Flake-level: `home-manager-stable` input is pulled in but never used
**Problem**: `flake.nix:1013` defines `home-manager-stable` but `home-manager = home-manager-unstable` is the alias (line 21). No system or module references `home-manager-stable` directly. It adds to lock file churn and evaluation time.
**Suggestion**: Remove `home-manager-stable` unless there is a concrete plan to use it for a stable-channel system. If stable Home Manager support is desired in the future, add it back at that point.
---
## 16. Flake-level: Consider using Snowfall Lib `alias` for formatter output
**Problem**: The `outputs-builder` in `flake.nix:277280` is used only to register the `treefmt` formatter. Snowfall Lib supports an `alias` mechanism and also allows `outputs-builder` to be used, but this is the only use of `outputs-builder` in the entire flake.
**Suggestion**: This is fine as-is, but note that `outputs-builder` output can be overridden by auto-discovery. Since the formatter isn't auto-discovered, `outputs-builder` is the correct approach. No change needed — but the comment on line 279 about the mjallen-lib overlay being auto-discovered is accurate and good to keep.
---
## Summary Table
| # | Location | Type | Effort | Impact |
|---|----------|------|--------|--------|
| 1 | `flake.nix` | Deduplication | Low | High — removes confusing double-registration |
| 2 | `flake.nix` | Documentation | Low | Low |
| 3 | `nebula/default.nix` | Better defaults | Low | Medium — 3 systems simplified |
| 4 | `network/default.nix` | Consolidation | Low | Medium — remove per-system workarounds |
| 5 | `hardware/amd` + `desktop/gnome` | New options | Medium | Medium — DRY gaming desktop profile |
| 6 | `network/default.nix` | Bug fix / refactor | Medium | High — current iwd handling is incorrect |
| 7 | `impermanence/default.nix` | Consolidation | Low | Medium — remove 4 manual entries |
| 8 | `system/default.nix` | New options | Low | Medium — allows per-system overrides cleanly |
| 9 | `lib/` + `darwin/nix` + `nixos/nix` | Extraction | Medium | Medium — single source of truth for nix config |
| 10 | `homes/*/` + `modules/home/sops` | Consistency | Low | Low — consistency improvement |
| 11 | `flake.nix` | Simplification | Low | Low — possible dead entry |
| 12 | `systems/nuc-nixos/` | Refactor | Medium | High — maintainability |
| 13 | `homes/admin@jallen-nas` | Bug fix | Trivial | Low — potential double-import |
| 14 | `flake.nix` | Cleanup | Trivial | Low — dead code |
| 15 | `flake.nix` | Cleanup | Trivial | Low — reduces lock churn |
| 16 | `flake.nix` | N/A | None | No change needed |

0
docs/getting-started.md Normal file → Executable file
View File

0
docs/home-assistant/README.md Normal file → Executable file
View File

0
docs/home-assistant/automations.md Normal file → Executable file
View File

0
docs/home-assistant/fountain-automation.md Normal file → Executable file
View File

2
docs/modules/README.md Normal file → Executable file
View File

@@ -140,7 +140,7 @@ mjallen.services.jellyfin = {
Available services:
`actual`, `ai`, `appimage`, `arrs`, `attic`, `authentik`, `authentikRac`, `booklore`, `caddy`, `calibre`, `calibre-web`, `cockpit`, `code-server`, `collabora`, `coturn`, `crowdsec`, `dispatcharr`, `free-games-claimer`, `gitea`, `glance`, `glances`, `grafana`, `guacd`, `headscale`, `immich`, `jellyfin`, `jellyseerr`, `lubelogger`, `manyfold`, `matrix`, `minecraft`, `mongodb`, `nebula`, `netbootxyz`, `nextcloud`, `ntfy`, `onlyoffice`, `opencloud`, `orca`, `paperless`, `paperless-ai`, `protonmail-bridge`, `restic`, `samba`, `sparky-fitness`, `sparky-fitness-server`, `sunshine`, `tdarr`, `termix`, `tunarr`, `unmanic`, `uptime-kuma`, `wyoming`, `your-spotify`
`actual`, `ai`, `appimage`, `arrs`, `attic`, `authentik`, `authentikRac`, `booklore`, `caddy`, `calibre`, `calibre-web`, `cockpit`, `code-server`, `collabora`, `coturn`, `crowdsec`, `dispatcharr`, `free-games-claimer`, `gitea`, `glance`, `glances`, `grafana`, `guacd`, `headscale`, `immich`, `jellyfin`, `seerr`, `lubelogger`, `manyfold`, `matrix`, `minecraft`, `mongodb`, `nebula`, `netbootxyz`, `nextcloud`, `ntfy`, `onlyoffice`, `opencloud`, `orca`, `paperless`, `paperless-ai`, `protonmail-bridge`, `restic`, `samba`, `sparky-fitness`, `sparky-fitness-server`, `sunshine`, `tdarr`, `termix`, `tunarr`, `unmanic`, `uptime-kuma`, `wyoming`, `your-spotify`
#### Nebula VPN (`services/nebula/`)

0
docs/modules/homeassistant.md Normal file → Executable file
View File

90
docs/services.md Executable file
View File

@@ -0,0 +1,90 @@
# Services
All services are derived from `lib.mjallen.network` (`lib/network/default.nix`).
Domain: `mjallen.dev`
Services are grouped by host. The **URL** column is only present when a reverse proxy
is configured (i.e. `reverseProxy.enable = true`) or a well-known public URL exists.
Services without a public URL are accessible only on the LAN or internally.
---
## NAS (`jallen-nas` — `10.0.1.3`)
| Service | Enabled | Port | URL |
|---------|---------|------|-----|
| actual | No | 3333 | https://actual.mjallen.dev |
| ai (Ollama + llama.cpp + Open-WebUI) | Yes | 8127 / 11434 / various | https://chat.mjallen.dev |
| arrs (Sonarr + Radarr + SABnzbd) | Yes | 8989 / 7878 / 8280 | — |
| attic | Yes | 9012 | https://cache.mjallen.dev |
| authentik | Yes | 9000 | https://authentik.mjallen.dev |
| authentikRac | Yes | 4823 | — |
| caddy | Yes | 80 / 443 | — |
| calibre | No | 8084 | https://calibre.mjallen.dev |
| calibre-web | No | 8083 | https://calibre-web.mjallen.dev |
| cockpit | Yes | 9091 | — |
| code-server | Yes | 4444 | https://code.mjallen.dev |
| collabora | Yes | 9980 | https://office.mjallen.dev |
| coturn | Yes | 3478 | — |
| crowdsec | Yes | 8181 | — |
| dispatcharr | No | 9191 | https://dispatcharr.mjallen.dev |
| free-games-claimer | No | 6080 | — |
| gitea | Yes | 3000 / SSH 2222 | https://gitea.mjallen.dev |
| glance | Yes | 5555 | https://glance.mjallen.dev |
| glances | Yes | 61208 | https://glances.mjallen.dev |
| grafana | Yes | 9999 | https://grafana.mjallen.dev |
| grimmory | No | 6066 | https://grimmory.mjallen.dev |
| guacd | Yes | 4822 | — |
| headscale | No | 2112 | https://headscale.mjallen.dev |
| immich | Yes | 2283 | https://immich.mjallen.dev |
| jellyfin | Yes | 8096 | https://jellyfin.mjallen.dev |
| seerr | Yes | 5055 | https://seerr.mjallen.dev |
| kavita | Yes | 5000 | — |
| lemonade | No | 8001 | — |
| lubelogger | Yes | 6754 | https://lubelogger.mjallen.dev |
| manyfold | Yes | 3214 | — |
| matrix | Yes | 8448 | https://matrix.mjallen.dev |
| minecraft | No | 25565 | — |
| mongodb | No | 27017 | — |
| nebula | Yes | 4242 | — |
| netbootxyz | No | 4000 | https://netbootxyz.mjallen.dev |
| nextcloud | Yes | 9988 | https://cloud.mjallen.dev |
| ntfy | Yes | 2586 | https://ntfy.mjallen.dev |
| ocis | No | 9200 | — |
| onlyoffice | No | 9943 | — |
| opencloud | No | 9200 | — |
| orca-slicer | No | 3100 | https://orca-slicer.mjallen.dev |
| paperless | Yes | 28981 | — |
| paperless-ai | Yes | 28982 | — |
| protonmail-bridge | Yes | SMTP 1025 / IMAP 1143 | — |
| restic-server | Yes | 8008 | — |
| sparky-fitness (frontend) | Yes | 3004 | https://sparky.mjallen.dev |
| sparky-fitness-server (backend) | Yes | 3010 | — |
| sunshine | Yes | 47989 | — |
| tdarr | No | 8265 / 8266 | https://tdarr.mjallen.dev |
| termix | Yes | 7777 | https://termix.mjallen.dev |
| tunarr | Yes | 8000 | https://tunarr.mjallen.dev |
| unmanic | Yes | 8265 | https://unmanic.mjallen.dev |
| uptime-kuma | Yes | 3001 | — |
| wyoming (Whisper + Piper) | Yes | 10300 / 10200 | — |
---
## NUC (`nuc-nixos` — `10.0.1.4`)
| Service | Enabled | Port | URL |
|---------|---------|------|-----|
| home-assistant | Yes | 8123 | https://hass.mjallen.dev |
| esphome | Yes | 6052 | — |
| otbr (OpenThread Border Router) | Yes | 8880 / REST 8881 | — |
| mosquitto (MQTT) | Yes | 1883 | — |
---
## Pi5 (`pi5` — `10.0.1.2`)
| Service | Enabled | Port | URL |
|---------|---------|------|-----|
| adguard | Yes | 3000 | — |
| nebula (lighthouse) | Yes | 4242 | — |
| dns | Yes | 53 | — |

0
docs/systems/README.md Normal file → Executable file
View File

0
docs/systems/allyx.md Normal file → Executable file
View File

2
docs/systems/jallen-nas.md Normal file → Executable file
View File

@@ -54,7 +54,7 @@
| Attic | 9012 | Nix binary cache (`cache.mjallen.dev`) |
| Immich | 2283 | Photo management |
| Jellyfin | 8096 | Media server |
| Jellyseerr | 5055 | Media request manager |
| Seerr | 5055 | Media request manager |
| Nextcloud | 9988 | Cloud storage |
| Paperless | 28981 | Document management |
| Paperless AI | 28982 | AI-assisted document tagging |

0
docs/systems/macbook-pro-nixos.md Normal file → Executable file
View File

0
docs/systems/macbook-pro.md Normal file → Executable file
View File

0
docs/systems/matt-nixos.md Normal file → Executable file
View File

0
docs/systems/nuc-nixos.md Normal file → Executable file
View File

0
docs/systems/pi5.md Normal file → Executable file
View File

0
docs/troubleshooting.md Normal file → Executable file
View File

2
docs/version.schema.json Normal file → Executable file
View File

@@ -76,6 +76,7 @@
"repo": { "type": "string", "description": "GitHub repository (github fetcher)." },
"tag": { "type": "string", "description": "Git tag (github fetcher). Mutually exclusive with 'rev'." },
"rev": { "type": "string", "description": "Commit revision (github/git fetchers)." },
"branch": { "type": "string", "description": "Branch to track for HEAD-commit updates (github/git fetchers). Stored alongside 'rev' to record which branch the pinned commit came from. Has no effect on the Nix fetcher itself — only used by the version management tooling." },
"submodules": { "type": "boolean", "description": "Whether to fetch submodules (github/git fetchers)." },
"url": { "type": "string", "description": "Final URL (url fetcher). May be templated." },
@@ -157,6 +158,7 @@
"repo": { "type": "string" },
"tag": { "type": "string" },
"rev": { "type": "string" },
"branch": { "type": "string" },
"submodules": { "type": "boolean" },
"url": { "type": "string" },

363
flake.lock generated Normal file → Executable file
View File

@@ -25,7 +25,7 @@
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
"nixpkgs-stable"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
@@ -33,11 +33,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1774079362,
"narHash": "sha256-HkoEWTxU5gNigcnhIa3GXukHqC5xGmgVaLICGUKlpdo=",
"lastModified": 1776085803,
"narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "1f279763d8b4a9138c01f1021f53e09bc2c54eb9",
"rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb",
"type": "github"
},
"original": {
@@ -49,16 +49,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1772567399,
"narHash": "sha256-0Vpf1hj9C8r+rhrCgwoNazpQ+mwgjdjDhuoKCxYQFWw=",
"lastModified": 1775573258,
"narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "0dccbd4193c45c581e9fb7cd89df0c1487510f1f",
"rev": "5249546862986202b901c2afd860992ec48c6ef6",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2026.2.1",
"ref": "version/2026.2.2",
"repo": "authentik",
"type": "github"
}
@@ -134,16 +134,16 @@
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1769363988,
"narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=",
"lastModified": 1774235677,
"narHash": "sha256-0ryNYmzDAeRlrzPTAgmzGH/Cgc8iv/LBN6jWGUANvIk=",
"owner": "Homebrew",
"repo": "brew",
"rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2",
"rev": "894a3d23ac0c8aaf561b9874b528b9cb2e839201",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "5.0.12",
"ref": "5.1.1",
"repo": "brew",
"type": "github"
}
@@ -151,11 +151,11 @@
"cachyos-kernel": {
"flake": false,
"locked": {
"lastModified": 1774160598,
"narHash": "sha256-ArPoVPHpXauFDGsz7nGBiXljj7keGcp/O4Pf4ZU4/30=",
"lastModified": 1776183001,
"narHash": "sha256-lvLKB5dTqjO1S/YonS9ZyWemEjO6QXtN4D76rYEYy4s=",
"owner": "CachyOS",
"repo": "linux-cachyos",
"rev": "1caa0b77871d4537f0d629a2ce30edb2f6178d19",
"rev": "4224303b6d7a50dd1cc3ffa78864050cc9536eec",
"type": "github"
},
"original": {
@@ -167,11 +167,11 @@
"cachyos-kernel-patches": {
"flake": false,
"locked": {
"lastModified": 1774023710,
"narHash": "sha256-Oc+4K6edCv0fdvfe6UW+OpJiXYWkXRrOH9TDMNwi+J8=",
"lastModified": 1776355454,
"narHash": "sha256-b9Hc0sTxjEzDbphzS9yQqxVha/7bsPIs2cQQQvaG45E=",
"owner": "CachyOS",
"repo": "kernel-patches",
"rev": "a4e26fa95257ac09bd42930334399b0eabd5b5b1",
"rev": "b5e029226df5cc30c103651072d49a7af2878202",
"type": "github"
},
"original": {
@@ -223,11 +223,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1773000227,
"narHash": "sha256-zm3ftUQw0MPumYi91HovoGhgyZBlM4o3Zy0LhPNwzXE=",
"lastModified": 1775037210,
"narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "da529ac9e46f25ed5616fd634079a5f3c579135f",
"rev": "06648f4902343228ce2de79f291dd5a58ee12146",
"type": "github"
},
"original": {
@@ -260,11 +260,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1764873433,
"narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
"lastModified": 1775176642,
"narHash": "sha256-2veEED0Fg7Fsh81tvVDNYR6SzjqQxa7hbi18Jv4LWpM=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
"rev": "179704030c5286c729b5b0522037d1d51341022c",
"type": "github"
},
"original": {
@@ -391,11 +391,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
@@ -405,6 +405,24 @@
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"stylix",
@@ -412,11 +430,11 @@
]
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
@@ -545,20 +563,18 @@
"gnome-shell": {
"flake": false,
"locked": {
"host": "gitlab.gnome.org",
"lastModified": 1767737596,
"narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "ef02db02bf0ff342734d525b5767814770d85b49",
"type": "gitlab"
"type": "github"
},
"original": {
"host": "gitlab.gnome.org",
"owner": "GNOME",
"ref": "gnome-49",
"repo": "gnome-shell",
"type": "gitlab"
"rev": "ef02db02bf0ff342734d525b5767814770d85b49",
"type": "github"
}
},
"home-manager": {
@@ -568,11 +584,11 @@
]
},
"locked": {
"lastModified": 1774379316,
"narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=",
"lastModified": 1776454077,
"narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7",
"rev": "565e5349208fe7d0831ef959103c9bafbeac0681",
"type": "github"
},
"original": {
@@ -581,27 +597,6 @@
"type": "github"
}
},
"home-manager-stable": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1774274588,
"narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
@@ -609,11 +604,11 @@
]
},
"locked": {
"lastModified": 1774379316,
"narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=",
"lastModified": 1776454077,
"narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7",
"rev": "565e5349208fe7d0831ef959103c9bafbeac0681",
"type": "github"
},
"original": {
@@ -663,11 +658,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1774473207,
"narHash": "sha256-uzBowJgpnVUnIxItld3MUT6H9tUtKGDX6eGjFB9yFKE=",
"lastModified": 1776469040,
"narHash": "sha256-IX5UflSmiXkJnRUCNjzBl4/HMw0NMLQqsfdwA4l0kyU=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "672d1652fd7d9c32058f3e3f5b4d6ab2aba3853a",
"rev": "906ff3d493d3e9f50ceb5041fcc14bcfe3d63ff1",
"type": "github"
},
"original": {
@@ -679,11 +674,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1774474683,
"narHash": "sha256-3INbCL2xoj8j2VPSXsc6bcuc+YvlDremZg9RoEjrNcs=",
"lastModified": 1776461416,
"narHash": "sha256-AqxPJs6cy7ZwsS2ovNuLxUJM+2kgnEi4ECXitf6nb18=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "9da10921a2cb0751d8b7970cfea4c6e92c4e8f76",
"rev": "2aab2c98676928d65d72ce7fc2abd5c7f3634319",
"type": "github"
},
"original": {
@@ -719,11 +714,11 @@
]
},
"locked": {
"lastModified": 1774333446,
"narHash": "sha256-jeAUd4mfLle7Zw8F3lDdXvw2cmeP3FgVphHq2XuEKbs=",
"lastModified": 1776428236,
"narHash": "sha256-+0SyQglnT2xUiyY07155G+O7aUWISELwqtTnfURufRU=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "79b45622eff2ae0437d7a712610044bbc7b87fa2",
"rev": "eac78fc379ca47f7e21be8539c405e5fb489a857",
"type": "github"
},
"original": {
@@ -754,6 +749,27 @@
"type": "github"
}
},
"llama-cpp": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1776442631,
"narHash": "sha256-8AXOo0Yhbi3jpQFe4Ql+0HZDz/p708GdrbZVepNjITo=",
"owner": "ggml-org",
"repo": "llama.cpp",
"rev": "45cac7ca703fb9085eae62b9121fca01d20177f6",
"type": "github"
},
"original": {
"owner": "ggml-org",
"repo": "llama.cpp",
"type": "github"
}
},
"lsfg-vk": {
"inputs": {
"nixpkgs": [
@@ -805,15 +821,15 @@
"cachyos-kernel": "cachyos-kernel",
"cachyos-kernel-patches": "cachyos-kernel-patches",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1774290535,
"narHash": "sha256-dnFbucSiAjjWmPENgyIiK/ocCuYSp4sM6Sq4WCVjG+8=",
"lastModified": 1776386586,
"narHash": "sha256-eVAUaL/6n8mnmBiPpEVW1NDNVSKLWhYVfycG+P0SvWU=",
"owner": "xddxdd",
"repo": "nix-cachyos-kernel",
"rev": "c0fcdf5cab21b7e3157e84046b57407a60934415",
"rev": "c65c3faf90ae07bae101c15ef502f0bcb06c5d74",
"type": "github"
},
"original": {
@@ -850,11 +866,11 @@
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1769437432,
"narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=",
"lastModified": 1774720267,
"narHash": "sha256-YYftFe8jyfpQI649yfr0E+dqEXE2jznZNcYvy/lKV1U=",
"owner": "zhaofengli",
"repo": "nix-homebrew",
"rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5",
"rev": "a7760a3a83f7609f742861afb5732210fdc437ed",
"type": "github"
},
"original": {
@@ -870,11 +886,11 @@
]
},
"locked": {
"lastModified": 1774156144,
"narHash": "sha256-gdYe9wTPl4ignDyXUl1LlICWj41+S0GB5lG1fKP17+A=",
"lastModified": 1775970782,
"narHash": "sha256-7jt9Vpm48Yy5yAWigYpde+HxtYEpEuyzIQJF4VYehhk=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "55b588747fa3d7fc351a11831c4b874dab992862",
"rev": "bedba5989b04614fc598af9633033b95a937933f",
"type": "github"
},
"original": {
@@ -927,11 +943,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1774406959,
"narHash": "sha256-LvsvRER3uhSMPFXm3d51j1HKtNvT5uaxeU2GiGhTx2Y=",
"lastModified": 1776396489,
"narHash": "sha256-lF3GX4VvQzff/5gpu5WytHKd2GQXJDrWChmK+JNNRO4=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "8e7124f1592e7f2cc8f76ce2639255f478d58838",
"rev": "64839596bff67e8280a2fcd829a858d88530aa6f",
"type": "github"
},
"original": {
@@ -946,11 +962,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1774264319,
"narHash": "sha256-aAsO35YtqIdvBhCIKZ0a+OcC8wB0H1+mAoPKBY0jxeQ=",
"lastModified": 1776370524,
"narHash": "sha256-0Gt5qnjNkIZJdOBfu2u47zgyhYL3WmgUrguUhGSxUdk=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "9fe29a63b23005acfcd1324a9e78b6241226cdb1",
"rev": "f9f0650b45e31b3f6c3e2a0405fa198a286e2741",
"type": "github"
},
"original": {
@@ -961,11 +977,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1774465523,
"narHash": "sha256-4v7HPm63Q90nNn4fgkgKsjW1AH2Klw7XzPtHJr562nM=",
"lastModified": 1775490113,
"narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "de895be946ad1d8aafa0bb6dfc7e7e0e9e466a29",
"rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
"type": "github"
},
"original": {
@@ -1008,32 +1024,28 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}
},
"nixpkgs-otbr": {
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1766776257,
"narHash": "sha256-MG9DnzBn6TdAztaMPVhW9sjYj2bi9Jcux0F0fJ6LeO4=",
"owner": "mrene",
"repo": "nixpkgs",
"rev": "0c4c97066d555b7d27a0a56ee400130ec51f02ee",
"lastModified": 1774748309,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"type": "github"
},
"original": {
"owner": "mrene",
"ref": "openthread-border-router",
"repo": "nixpkgs",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
@@ -1055,11 +1067,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1774244481,
"narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=",
"lastModified": 1776221942,
"narHash": "sha256-FbQAeVNi7G4v3QCSThrSAAvzQTmrmyDLiHNPvTF2qFM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4590696c8693fea477850fe379a01544293ca4e2",
"rev": "1766437c5509f444c1b15331e82b8b6a9b967000",
"type": "github"
},
"original": {
@@ -1071,27 +1083,27 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1774106199,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
"lastModified": 1776447299,
"narHash": "sha256-fhkbQptSg6w3CG4TCxalK6UZkj4+Afsi+6p0PuofJ48=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
"rev": "2c1b4e855f7cded41541747173c697b53c63de9b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1773840656,
"narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
@@ -1135,11 +1147,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1774235121,
"narHash": "sha256-CzpSER+YKq4yD+RPom6Su9c/4FutF+sD4rEnls+4MyM=",
"lastModified": 1776311487,
"narHash": "sha256-9U8bL9X/0R9cZD3Uc/mN37AWvv5dB4WQqqjLRAxQfas=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1116aed2cee959f7d054a462458513ad323b710a",
"rev": "cc1e0e027707ad53dddae39d3b3e992262c7d8c7",
"type": "github"
},
"original": {
@@ -1215,16 +1227,16 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1774106199,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
"lastModified": 1776447299,
"narHash": "sha256-fhkbQptSg6w3CG4TCxalK6UZkj4+Afsi+6p0PuofJ48=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
"rev": "2c1b4e855f7cded41541747173c697b53c63de9b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
@@ -1241,11 +1253,11 @@
]
},
"locked": {
"lastModified": 1767810917,
"narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=",
"lastModified": 1775228139,
"narHash": "sha256-ebbeHmg+V7w8050bwQOuhmQHoLOEOfqKzM1KgCTexK4=",
"owner": "nix-community",
"repo": "NUR",
"rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4",
"rev": "601971b9c89e0304561977f2c28fa25e73aa7132",
"type": "github"
},
"original": {
@@ -1254,6 +1266,29 @@
"type": "github"
}
},
"plasma-manager": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1775856943,
"narHash": "sha256-b7Mp7P+q2Md5AGt4rjHfMcBykzMumFTen10ST++AuTU=",
"owner": "nix-community",
"repo": "plasma-manager",
"rev": "a524a6160e6df89f7673ba293cf7d78b559eb1a5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "plasma-manager",
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat_3",
@@ -1286,11 +1321,11 @@
]
},
"locked": {
"lastModified": 1774104215,
"narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=",
"lastModified": 1775585728,
"narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f799ae951fde0627157f40aec28dec27b22076d0",
"rev": "580633fa3fe5fc0379905986543fd7495481913d",
"type": "github"
},
"original": {
@@ -1356,13 +1391,13 @@
"darwin": "darwin",
"disko": "disko",
"home-manager": "home-manager",
"home-manager-stable": "home-manager-stable",
"home-manager-unstable": "home-manager-unstable",
"homebrew-cask": "homebrew-cask",
"homebrew-core": "homebrew-core",
"impermanence": "impermanence",
"jovian": "jovian",
"lanzaboote": "lanzaboote",
"llama-cpp": "llama-cpp",
"lsfg-vk": "lsfg-vk",
"nix-cachyos-kernel": "nix-cachyos-kernel",
"nix-homebrew": "nix-homebrew",
@@ -1373,9 +1408,9 @@
"nixos-apple-silicon": "nixos-apple-silicon",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_9",
"nixpkgs-otbr": "nixpkgs-otbr",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"plasma-manager": "plasma-manager",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix",
@@ -1435,11 +1470,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1774474975,
"narHash": "sha256-3cHaGufox1mL8KbYDGHW2ySYwmwgslHTkcDpA7hoKk8=",
"lastModified": 1774478645,
"narHash": "sha256-NeEWeisE2QLCCJg688/vaLp9/V7osVenn/EUm3JXsgg=",
"owner": "mjallen18",
"repo": "snowfall-lib",
"rev": "94056dbb28a42d49ca6bf45acb38122da42d8bfc",
"rev": "23e5a04d70389d58b7c1447924d59cfb78218215",
"type": "github"
},
"original": {
@@ -1453,11 +1488,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1774303811,
"narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=",
"lastModified": 1776119890,
"narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
"rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
"type": "github"
},
"original": {
@@ -1496,25 +1531,24 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_3",
"flake-parts": "flake-parts_4",
"gnome-shell": "gnome-shell",
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems_3",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1774124764,
"narHash": "sha256-Poz9WTjiRlqZIf197CrMMJfTifZhrZpbHFv0eU1Nhtg=",
"lastModified": 1776170745,
"narHash": "sha256-Tl1aZVP5EIlT+k0+iAKH018GLHJpLz3hhJ0LNQOWxCc=",
"owner": "nix-community",
"repo": "stylix",
"rev": "e31c79f571c5595a155f84b9d77ce53a84745494",
"rev": "e3861617645a43c9bbefde1aa6ac54dd0a44bfa9",
"type": "github"
},
"original": {
@@ -1568,23 +1602,6 @@
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
@@ -1604,11 +1621,11 @@
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1767710407,
"narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=",
"lastModified": 1772661346,
"narHash": "sha256-4eu3LqB9tPqe0Vaqxd4wkZiBbthLbpb7llcoE/p5HT0=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2",
"rev": "13b5b0c299982bb361039601e2d72587d6846294",
"type": "github"
},
"original": {
@@ -1620,11 +1637,11 @@
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1767489635,
"narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
"lastModified": 1772934010,
"narHash": "sha256-x+6+4UvaG+RBRQ6UaX+o6DjEg28u4eqhVRM9kpgJGjQ=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
"rev": "c3529673a5ab6e1b6830f618c45d9ce1bcdd829d",
"type": "github"
},
"original": {
@@ -1636,11 +1653,11 @@
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1767488740,
"narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
"lastModified": 1772909925,
"narHash": "sha256-jx/5+pgYR0noHa3hk2esin18VMbnPSvWPL5bBjfTIAU=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
"rev": "b4d3a1b3bcbd090937ef609a0a3b37237af974df",
"type": "github"
},
"original": {
@@ -1678,11 +1695,11 @@
]
},
"locked": {
"lastModified": 1773297127,
"narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {

107
flake.nix Normal file → Executable file
View File

@@ -1,17 +1,8 @@
{
inputs = rec {
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
# Fork required: openthread-border-router is not yet in nixpkgs-unstable.
# Used by modules/nixos/homeassistant/services/thread/default.nix
nixpkgs-otbr.url = "github:mrene/nixpkgs/openthread-border-router";
home-manager-stable = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
home-manager-unstable = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -52,7 +43,7 @@
authentik-nix = {
url = "github:nix-community/authentik-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
disko = {
@@ -116,6 +107,17 @@
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs";
};
llama-cpp = {
url = "github:ggml-org/llama.cpp";
inputs.nixpkgs.follows = "nixpkgs";
};
plasma-manager = {
url = "github:nix-community/plasma-manager";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
# We will handle this in the next section.
@@ -133,38 +135,59 @@
overlays = with inputs; [
nix-vscode-extensions.overlays.default
nix-cachyos-kernel.overlays.default
# writeShellApplication uses lib.toShellVar which generates unquoted
# variable assignments for simple strings (e.g. username=admin).
# shellcheck SC2209 flags this as a warning, breaking the build when
# the value matches a command name. Exclude SC2209 globally.
(_final: prev: {
writeShellApplication =
args:
prev.writeShellApplication (
args
// {
excludeShellChecks = (args.excludeShellChecks or [ ]) ++ [ "SC2209" ];
}
);
})
];
# Add a module to a specific host.
systems = {
# common modules
modules.nixos = with inputs; [
authentik-nix.nixosModules.default
disko.nixosModules.disko
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
stylix.nixosModules.stylix
];
modules = {
nixos = with inputs; [
authentik-nix.nixosModules.default
disko.nixosModules.disko
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
stylix.nixosModules.stylix
];
modules.home = with inputs; [
nix-index-database.homeModules.nix-index
steam-rom-manager.homeManagerModules.default
sops-nix.homeManagerModules.sops
stylix.homeModules.stylix
];
# External HM modules injected into ALL homes — both standalone
# homeConfigurations and homes embedded in nixosConfigurations.
# The snowfall-lib fork patches create-systems to pass systems.modules.home
# into create-home-system-modules so both paths are covered from here.
# The ARM guard for steam-rom-manager is handled by that module itself.
home = with inputs; [
nix-index-database.homeModules.nix-index
steam-rom-manager.homeManagerModules.default
sops-nix.homeManagerModules.sops
stylix.homeModules.stylix
plasma-manager.homeModules.plasma-manager
];
# common darwin modules
modules.darwin = with inputs; [
nix-homebrew.darwinModules.nix-homebrew
home-manager.darwinModules.home-manager
nix-plist-manager.darwinModules.default
nix-rosetta-builder.darwinModules.default
nix-index-database.darwinModules.nix-index
stylix.darwinModules.stylix
];
darwin = with inputs; [
nix-homebrew.darwinModules.nix-homebrew
home-manager.darwinModules.home-manager
nix-plist-manager.darwinModules.default
nix-rosetta-builder.darwinModules.default
nix-index-database.darwinModules.nix-index
stylix.darwinModules.stylix
];
};
# Host config
hosts = {
@@ -212,14 +235,6 @@
];
};
# ######################################################
# Pi5 #
# ######################################################
pi5 = {
# disko is already in systems.modules.nixos above
modules = [ ];
};
# ######################################################
# Mac #
# ######################################################
@@ -271,6 +286,10 @@
# ...
# "libsoup-2.74.3"
# "mbedtls-2.28.10"
# ecdsa is pulled in by srp → ha-icloud3 custom component.
# CVE-2024-23342 applies to timing-sensitive cryptographic use cases,
# not the SRP authentication usage here.
"python3.14-ecdsa-0.19.1"
];
};

2
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix
View File

@@ -18,7 +18,7 @@ let
iproute2mac
nebula
nixfmt
nodePackages.nodejs
nodejs_25
uv
sops
tree

74
homes/aarch64-linux/matt@macbook-pro-nixos/default.nix
View File

@@ -15,12 +15,14 @@ let
in
{
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
home = {
username = "matt";
homeDirectory = "/home/matt";
stateVersion = "23.11";
};
${namespace} = {
desktop.gnome = enabled;
desktop.plasma = lib.mkForce enabled;
programs.hyprland = {
enable = false;
primaryDisplay = "eDP-1";
@@ -78,12 +80,15 @@ in
};
programs = {
btop = enabled;
calibre = enabled;
kitty = disabled;
mako = disabled;
nwg-dock = disabled;
nwg-drawer = disabled;
nwg-panel = disabled;
opencode = enabled;
thunderbird = enabled;
vesktop = enabled;
waybar = {
enable = false;
@@ -122,6 +127,18 @@ in
wlogout = disabled;
wofi = disabled;
};
services = {
protonmail = enabled;
};
};
sops = {
secrets = {
"protonmail-password" = {
sopsFile = lib.snowfall.fs.get-file "secrets/mac-secrets.yaml";
};
};
};
home.packages =
@@ -132,14 +149,33 @@ in
]
++ (with pkgs; [
bolt-launcher
bottles
iw
iwd
orca-slicer
rpi-imager
vscodium
gnomeExtensions.notch-clock-offset
]);
# Override the shared Plasma panel to add a standalone battery widget
# (laptop-specific — not needed on desktop systems)
programs.plasma.panels = lib.mkForce [
{
location = "bottom";
floating = true;
height = 44;
widgets = [
"org.kde.plasma.kickoff"
"org.kde.plasma.icontasks"
"org.kde.plasma.marginsseparator"
{ battery = { }; }
"org.kde.plasma.systemtray"
"org.kde.plasma.digitalclock"
];
}
];
services = {
kdeconnect = {
enable = lib.mkForce true;
@@ -151,32 +187,4 @@ in
password-store = enabled;
};
dconf = {
enable = true;
settings = {
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name =
"Keyboard Backlight +";
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding =
"<Super>MonBrightnessUp";
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command =
"brightnessctl -d kbd_backlight s +10";
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name =
"Keyboard Backlight -";
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding =
"<Super>MonBrightnessDown";
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command =
"brightnessctl -d kbd_backlight s 10-";
"org/gnome/shell".enabled-extensions = [
"notch-clock-offset@christophbrill.de"
];
"org/gnome/shell/extensions/notch-clock-offset".percent = 40;
"org/gnome/settings-daemon/plugins/media-keys".custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
];
};
};
}

5
homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -11,10 +11,9 @@ in
home.username = "matt";
${namespace}.sops.enable = true;
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi5" = {
path = "/home/matt/.ssh/id_ed25519.pub";

66
homes/x86_64-linux/admin@jallen-nas/default.nix
View File

@@ -9,9 +9,11 @@ let
inherit (lib.${namespace}) enabled;
in
{
# steam-rom-manager HM module is needed for the steam-rom-manager program
# options. On NixOS hosts it's provided via sharedModules; here we add it
# explicitly so the standalone homeConfiguration build also includes it.
# steam-rom-manager is also injected globally via modules/nixos/home/default.nix
# sharedModules for x86_64 NixOS builds. This explicit import ensures it is
# also available for standalone `home-manager switch` runs (where sharedModules
# are not applied). NixOS's module system deduplicates the import when both
# paths resolve to the same derivation.
imports = [
inputs.steam-rom-manager.homeManagerModules.default
];
@@ -28,6 +30,7 @@ in
jq
]
++ (with pkgs.${namespace}; [
hueforge
moondeck-buddy
]);
};
@@ -35,40 +38,36 @@ in
${namespace} = {
sops.enable = true;
programs.opencode = enabled;
desktop.plasma = enabled;
};
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519";
mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
sops.secrets = {
"ssh-keys-public/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519";
mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys2";
mode = "0600";
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys2";
mode = "0600";
};
"ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys3";
mode = "0600";
};
"ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys3";
mode = "0600";
};
"ssh-keys-public/macbook-macos" = {
path = "/home/admin/.ssh/authorized_keys4";
mode = "0600";
};
"ssh-keys-public/macbook-macos" = {
path = "/home/admin/.ssh/authorized_keys4";
mode = "0600";
};
};
@@ -85,11 +84,14 @@ in
viAlias = true;
vimAlias = true;
defaultEditor = true;
withRuby = false;
withPython3 = true;
plugins = [
pkgs.vimPlugins.nvim-tree-lua
{
plugin = pkgs.vimPlugins.vim-startify;
config = "let g:startify_change_to_vcs_root = 0";
type = "lua";
}
];
};

31
homes/x86_64-linux/matt@allyx/default.nix
View File

@@ -10,21 +10,22 @@ in
{
home.username = "matt";
${namespace}.desktop.gnome = enabled;
${namespace} = {
desktop.gnome = enabled;
sops.enable = true;
programs = {
vesktop = enabled;
};
};
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/matt" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/matt" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
sops.secrets = {
"ssh-keys-public/matt" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/matt" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
};
@@ -53,7 +54,7 @@ in
ryujinx.enable = true; # Switch (ryubing fork)
yuzu.enable = true; # Switch (eden fork)
dolphin-emu.enable = true; # GameCube / Wii
cemu.enable = true; # Wii U
cemu.enable = false; # Wii U
melonDS.enable = true; # DS
citra.enable = true; # 3DS (azahar fork)
mgba.enable = true; # Game Boy / GBC

16
homes/x86_64-linux/matt@matt-nixos/default.nix
View File

@@ -28,9 +28,12 @@ in
enable = true;
};
desktop.gnome = enabled;
desktop.plasma = enabled;
programs = {
vesktop = enabled;
opencode = enabled;
thunderbird = enabled;
hyprland = {
enable = false;
primaryDisplay = "DP-1";
@@ -163,6 +166,7 @@ in
home.packages =
with pkgs;
[
atlauncher
bolt-launcher
clevis
compose2nix
@@ -178,7 +182,6 @@ in
piper
prismlauncher
protontricks
protonvpn-gui
runelite
smile
via
@@ -193,8 +196,17 @@ in
]);
specialisation = {
"gnome".configuration = {
${namespace} = {
desktop = {
plasma = lib.mkForce disabled;
gnome = lib.mkForce enabled;
};
};
};
"cosmic".configuration = {
${namespace} = {
desktop.plasma = lib.mkForce disabled;
programs = {
hyprland = lib.mkForce disabled;
kitty = lib.mkForce disabled;

0
lib/README.md Normal file → Executable file
View File

3
lib/default.nix Normal file → Executable file
View File

@@ -3,8 +3,9 @@
mjallen-lib = {
module = import ./module { inherit inputs; };
file = import ./file { inherit inputs; };
inherit (inputs.nixpkgs) lib;
versioning = import ./versioning {
lib = inputs.nixpkgs.lib;
inherit (inputs.nixpkgs) lib;
inherit inputs;
};
};

2
lib/file/default.nix Normal file → Executable file
View File

@@ -1,7 +1,7 @@
{ inputs, ... }@args:
let
# Get self from args or default to ../.. (the flake root)
self = if args ? self then args.self else ../..;
self = args.self or ../..;
inherit (inputs.nixpkgs.lib)
genAttrs

23
lib/module/default.nix Normal file → Executable file
View File

@@ -91,8 +91,7 @@ rec {
];
};
redis.servers.${name} = lib.mkIf cfg.redis.enable {
enable = true;
port = cfg.redis.port;
inherit (cfg.redis) enable port;
};
};
};
@@ -147,6 +146,22 @@ rec {
"Extra environment variables passed to the service";
reverseProxy = mkReverseProxyOpt name;
hostedService = {
enable =
mkOpt types.bool cfg.reverseProxy.enable
"Expose this service in Glance dashboard (auto-enabled when reverseProxy is on)";
title = mkOpt types.str name "Display title in Glance";
icon = mkOpt types.str "si:glance" "Icon identifier for Glance (e.g. si:actualbudget)";
group = mkOpt types.str "Services" "Glance group/category for this service";
url = mkOpt types.str (
if cfg.reverseProxy.enable then
"https://${cfg.reverseProxy.subdomain}.${cfg.reverseProxy.domain}"
else
"http://127.0.0.1:${toString cfg.port}"
) "Service URL for Glance (auto-derived from reverseProxy if enabled)";
basicAuth = mkOpt types.bool false "Require basic auth for this service in Glance";
};
}
// options;
};
@@ -239,7 +254,7 @@ rec {
owner ? "nix-apps",
group ? "jallen-nas",
mode ? "660",
sopsFile ? (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"),
sopsFile ? lib.snowfall.fs.get-file "secrets/nas-secrets.yaml",
}:
{
sops.secrets = mapAttrs (_key: extra: { inherit sopsFile; } // extra) secrets;
@@ -298,6 +313,8 @@ rec {
# ---------------------------------------------------------------------------
# Option creation helpers
# ---------------------------------------------------------------------------
# Option creation helpers
# ---------------------------------------------------------------------------
mkOpt =
type: default: description:

185
lib/network/default.nix Executable file
View File

@@ -0,0 +1,185 @@
# Central network topology registry.
#
# Exposed as lib.<namespace>.network.* (Snowfall Lib merges lib/ sub-directories
# automatically, so this file is reachable as lib.mjallen.network inside any
# NixOS module, home-manager module, or package that receives `lib`).
#
# Usage examples:
#
# let net = lib.mjallen.network; in
# net.hosts.nas.lan # "10.0.1.3"
# net.hosts.nas.lan4 # "10.0.1.3/24" (CIDR notation)
# net.hosts.nuc.lan # "10.0.1.4"
# net.hosts.pi5.nebula # "10.1.1.1"
# net.subnet.lan # "10.0.1.0/24"
# net.subnet.nebula # "10.1.1.0/24"
# net.ports.nas.nextcloud # 9988
# net.domain # "mjallen.dev"
#
# All attributes intentionally use plain strings / ints so they can be
# interpolated with `toString` or used directly in any context.
{
network = {
# -----------------------------------------------------------------------
# Global domain
# -----------------------------------------------------------------------
domain = "mjallen.dev";
# -----------------------------------------------------------------------
# Subnets
# -----------------------------------------------------------------------
subnet = {
lan = "10.0.1.0/24";
nebula = "10.1.1.0/24";
# Docker / container bridge used by Home Assistant
docker = "172.30.33.0/24";
};
# -----------------------------------------------------------------------
# Hosts
# Each host exposes:
# lan — bare IPv4 address (no prefix length)
# lan4 — IPv4 address with /24 CIDR suffix (for static IP config)
# nebula — Nebula overlay IP (where applicable)
# -----------------------------------------------------------------------
hosts = {
# ---- Raspberry Pi 5 (pi5) — DNS / Nebula lighthouse ----------------
pi5 = {
hostname = "pi5";
lan = "10.0.1.2";
lan4 = "10.0.1.2/24";
nebula = "10.1.1.1";
gateway = "10.0.1.1";
};
# ---- NAS (jallen-nas) — primary server -----------------------------
nas = {
hostname = "jallen-nas";
lan = "10.0.1.3";
lan4 = "10.0.1.3/24";
nebula = "10.1.1.3";
gateway = "10.0.1.1";
};
# ---- Intel NUC (nuc-nixos) — Home Assistant host -------------------
nuc = {
hostname = "nuc-nixos";
lan = "10.0.1.4";
lan4 = "10.0.1.4/24";
nebula = "10.1.1.4";
gateway = "10.0.1.1";
};
# ---- MacBook Pro (macbook-pro-nixos) — Apple Silicon laptop --------
macbook = {
hostname = "macbook-pro-nixos";
nebula = "10.1.1.8";
};
# ---- ASUS ROG Ally X (allyx) ----------------------------------------
allyx = {
hostname = "allyx";
nebula = "10.1.1.10";
};
# ---- Router / gateway / AdGuard upstream ---------------------------
router = {
hostname = "router";
lan = "10.0.1.1";
lan4 = "10.0.1.1/24";
};
};
# -----------------------------------------------------------------------
# Service ports
# Grouped by host. Every entry matches the port set in apps.nix / the
# corresponding mkModule option so there is a single source of truth.
# -----------------------------------------------------------------------
ports = {
# ---- pi5 services --------------------------------------------------
pi5 = {
adguard = 3000;
attic = 9012;
nebula = 4242;
dns = 53;
};
# ---- NAS services --------------------------------------------------
nas = {
actual = 3333;
attic = 9012;
authentik = 9000;
authentikRac = 4823;
calibre = 8084;
calibreWeb = 8083;
codeServer = 4444;
cockpit = 9091;
collabora = 9980;
coturn = 3478;
crowdsec = 8181;
dispatcharr = 9191;
elasticsearch = 9200;
gitea = 3000;
giteaSsh = 2222;
glance = 5555;
glances = 61208;
grafana = 9999;
grimmory = 6066;
guacd = 4822;
headscale = 2112;
immich = 2283;
jellyfin = 8096;
seerr = 5055;
kavita = 5000;
llamaCpp = 8127;
lubelogger = 6754;
manyfold = 3214;
mariadb = 3306;
matrix = 8448;
mongodb = 27017;
nebula = 4242;
netbootxyz = 4000;
netbootxyzWeb = 4080;
nextcloud = 9988;
ntfy = 2586;
nutUpsd = 3493;
ocis = 9200;
onlyoffice = 9943;
opencloud = 9200;
orcaSlicer = 3100;
paperless = 28981;
paperlessAi = 28982;
postgresql = 5432;
protonmailSmtp = 1025;
protonmailImap = 1143;
redisCcache = 6363;
redisManyfold = 6380;
redisOnlyoffice = 6381;
resticServer = 8008;
sabnzbd = 8280;
sonarr = 8989;
radarr = 7878;
sparkyFitnessFe = 3004;
sparkyFitnessBe = 3010;
sunshine = 47989;
tdarr = 8265;
tdarrServer = 8266;
termix = 7777;
tunarr = 8000;
unmanic = 8265;
uptimeKuma = 3001;
wyomingPiper = 10200;
wyomingWhisper = 10300;
};
# ---- NUC services --------------------------------------------------
nuc = {
homeAssistant = 8123;
mqtt = 1883;
otbr = 8880;
otbrRest = 8881;
esphome = 6052;
};
};
};
}

49
lib/nix-settings/default.nix Executable file
View File

@@ -0,0 +1,49 @@
# Shared nix daemon / nixpkgs settings used by both the NixOS and nix-darwin
# modules (modules/nixos/nix/default.nix and modules/darwin/nix/default.nix).
#
# Snowfall Lib discovers this file and merges its return value into
# lib.<namespace>.* — the nested attrset is accessed as:
# lib.${namespace}.nixSettings.commonSubstituters
# lib.${namespace}.nixSettings.commonTrustedPublicKeys
# lib.${namespace}.nixSettings.commonSettings
# lib.${namespace}.nixSettings.commonGc
{ lib, ... }:
{
nixSettings = {
commonSubstituters = [
"https://nixos-apple-silicon.cachix.org"
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
commonTrustedPublicKeys = [
"nixos-apple-silicon.cachix.org-1:8psDu5SA5dAD7qA0zMy5UT292TxeEPzIz8VVEr2Js20="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
commonSettings = {
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [
"@wheel"
"@admin"
];
builders-use-substitutes = true;
connect-timeout = lib.mkDefault 5;
fallback = true;
log-lines = lib.mkDefault 25;
max-free = lib.mkDefault (3000 * 1024 * 1024);
min-free = lib.mkDefault (512 * 1024 * 1024);
};
commonGc = {
automatic = lib.mkDefault true;
options = lib.mkDefault "--delete-older-than 30d";
};
};
}

50
lib/versioning/default.nix Normal file → Executable file
View File

@@ -9,12 +9,9 @@ let
hasAttr
getAttr
attrNames
toString
replaceStrings
;
mapAttrs = lib.mapAttrs;
recursiveUpdate = lib.recursiveUpdate;
inherit (lib) mapAttrs recursiveUpdate;
# Deep-merge attrsets (right-biased).
deepMerge = a: b: recursiveUpdate a b;
@@ -31,8 +28,8 @@ let
applyVariantOnce =
selected: variant:
let
vVars = if variant ? variables then variant.variables else { };
vSrcs = if variant ? sources then variant.sources else { };
vVars = variant.variables or { };
vSrcs = variant.sources or { };
in
{
variables = selected.variables // vVars;
@@ -47,8 +44,8 @@ let
else
let
p = variant.platforms.${system};
pVars = if p ? variables then p.variables else { };
pSrcs = if p ? sources then p.sources else { };
pVars = p.variables or { };
pSrcs = p.sources or { };
in
{
variables = selected.variables // pVars;
@@ -93,49 +90,44 @@ let
mkSrcFromRendered' =
pkgs': comp:
let
fetcher = if comp ? fetcher then comp.fetcher else "none";
fetcher = comp.fetcher or "none";
in
if fetcher == "github" then
pkgs'.fetchFromGitHub (
{
owner = comp.owner;
repo = comp.repo;
inherit (comp) owner repo hash;
# Allow tag as rev (ignore null/empty tag)
rev = if comp ? tag && comp.tag != null && comp.tag != "" then comp.tag else comp.rev;
fetchSubmodules = if comp ? submodules then comp.submodules else false;
hash = comp.hash;
fetchSubmodules = comp.submodules or false;
}
// lib.optionalAttrs (comp ? name) { name = comp.name; }
// lib.optionalAttrs (comp ? name) { inherit (comp) name; }
)
else if fetcher == "git" then
pkgs'.fetchgit {
url = comp.url;
rev = comp.rev;
fetchSubmodules = if comp ? submodules then comp.submodules else false;
hash = comp.hash;
inherit (comp) url rev hash;
fetchSubmodules = comp.submodules or false;
}
else if fetcher == "url" then
let
url = if comp ? url then comp.url else comp.urlTemplate;
url = comp.url or comp.urlTemplate;
in
if useFetchZip comp then
pkgs'.fetchzip (
{
inherit (comp) hash;
inherit url;
hash = comp.hash;
}
// lib.optionalAttrs (comp ? extra && comp.extra ? stripRoot) { stripRoot = comp.extra.stripRoot; }
// lib.optionalAttrs (comp ? extra && comp.extra ? stripRoot) { inherit (comp.extra) stripRoot; }
)
else
pkgs'.fetchurl {
inherit (comp) hash;
inherit url;
hash = comp.hash;
}
else if fetcher == "pypi" then
pkgs'.python3Packages.fetchPypi {
inherit (comp) version hash;
pname = comp.name;
version = comp.version;
hash = comp.hash;
}
else
# fetcher == "none": pass-through (e.g., linux version/hash consumed by custom logic)
@@ -155,14 +147,10 @@ rec {
selectVariant =
spec: variantName: system:
let
chosen =
if variantName != null then
variantName
else
(if spec ? defaultVariant then spec.defaultVariant else null);
chosen = if variantName != null then variantName else (spec.defaultVariant or null);
baseSelected = {
variables = if spec ? variables then spec.variables else { };
sources = if spec ? sources then spec.sources else { };
variables = spec.variables or { };
sources = spec.sources or { };
};
in
resolveVariant spec baseSelected chosen system;

8
modules/darwin/home/default.nix Normal file → Executable file
View File

@@ -38,12 +38,12 @@
};
# Make ALL external HM modules available globally
# Note: sops-nix, nix-index-database, and stylix are already injected
# globally via systems.modules.home in flake.nix; only darwin-specific
# modules that aren't in the global list should go here.
sharedModules = with inputs; [
sops-nix.homeManagerModules.sops
nix-plist-manager.homeManagerModules.default
nix-index-database.homeModules.nix-index
stylix.homeModules.stylix
# Add any other external HM modules here
# Add any other darwin-specific external HM modules here
];
users."mattjallen" = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;

46
modules/darwin/nix/default.nix Normal file → Executable file
View File

@@ -1,48 +1,20 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) nixSettings;
in
{
nix = {
settings = {
# extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
substituters = [
"http://jallen-nas.local:9012/nas-cache"
"https://nixos-apple-silicon.cachix.org"
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nas-cache:eK0eRVAt9QNwbkLIyOo9N5Z5+zi6ukI4mSlL196C7Yg="
"nixos-apple-silicon.cachix.org-1:8psDu5SA5dAD7qA0zMy5UT292TxeEPzIz8VVEr2Js20="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [
"@wheel"
"@admin"
];
builders-use-substitutes = true;
connect-timeout = lib.mkDefault 5;
fallback = true;
log-lines = lib.mkDefault 25;
max-free = lib.mkDefault (3000 * 1024 * 1024);
min-free = lib.mkDefault (512 * 1024 * 1024);
};
# Garbage collect automatically every week
gc = {
automatic = lib.mkDefault true;
options = lib.mkDefault "--delete-older-than 30d";
settings = nixSettings.commonSettings // {
substituters = nixSettings.commonSubstituters;
trusted-public-keys = nixSettings.commonTrustedPublicKeys;
};
gc = nixSettings.commonGc;
optimise.automatic = lib.mkDefault true;
};

0
modules/darwin/programs/ssh/default.nix Normal file → Executable file
View File

47
modules/home/accounts/default.nix Executable file
View File

@@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}:
{
accounts = {
email.accounts = {
gmail = {
primary = true;
realName = "Matt Jallen";
address = "matt.l.jallen@gmail.com";
userName = "matt.l.jallen@gmail.com";
passwordCommand = "${pkgs.uutils-coreutils-noprefix}/bin/cat ${
config.sops.secrets."gmail-smtp-password".path
}";
flavor = "gmail.com";
thunderbird.enable = true;
smtp = {
tls = {
enable = false;
useStartTls = true;
};
host = "smtp.gmail.com";
port = lib.mkForce 465;
};
};
protonmail = {
realName = "Matt Jallen";
address = "jalle008@protonmail.com";
userName = "jalle008@protonmail.com";
passwordCommand = "${pkgs.uutils-coreutils-noprefix}/bin/cat ${
config.sops.secrets."protonmail-password".path
}";
smtp = {
tls = {
enable = false;
useStartTls = true;
};
host = "127.0.0.1";
port = lib.mkForce 1025;
};
};
};
};
}

0
modules/home/desktop/gnome/default.nix Normal file → Executable file
View File

0
modules/home/desktop/gnome/options.nix Normal file → Executable file
View File

104
modules/home/desktop/plasma/default.nix Executable file
View File

@@ -0,0 +1,104 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.plasma;
in
{
imports = [ ./options.nix ];
config = lib.mkIf cfg.enable {
home.packages =
(with pkgs.kdePackages; [
plasma-browser-integration
kdeplasma-addons
])
++ [
# Caffeine-like tray applet: inhibits screensaver and sleep on demand
pkgs.caffeine-ng
];
programs.plasma = {
enable = true;
configFile.kded5rc = {
"Module-gtkconfig"."autoload" = false;
};
# workspace = {
# colorScheme = "BreezeDark";
# cursor = {
# theme = "breeze_cursors";
# size = 24;
# };
# iconTheme = "breeze-dark";
# theme = "breeze-dark";
# lookAndFeel = "org.kde.breezedark.desktop";
# # Explicitly set Breeze to prevent QT_STYLE_OVERRIDE=kvantum (set by
# # Stylix's qt6ct target) from being picked up by KWin/plasmashell, which
# # would cause a fatal "module kvantum is not installed" QML error and
# # leave the desktop blank.
# widgetStyle = "Breeze";
# };
# # input.mice and input.touchpads require device-specific vendorId/productId
# # identifiers — configure those per-host in the home config instead.
kscreenlocker = {
autoLock = true;
timeout = 10;
};
kwin = {
effects = {
shakeCursor.enable = false;
};
nightLight = {
enable = true;
mode = "automatic";
temperature = {
day = 6500;
night = 3500;
};
};
virtualDesktops = {
number = 4;
rows = 1;
};
};
# panels = [
# {
# location = "bottom";
# floating = true;
# height = 44;
# widgets = [
# "org.kde.plasma.kickoff"
# "org.kde.plasma.icontasks"
# "org.kde.plasma.marginsseparator"
# "org.kde.plasma.systemtray"
# "org.kde.plasma.digitalclock"
# ];
# }
# ];
shortcuts = {
kwin = {
"Switch to Desktop 1" = "Meta+1";
"Switch to Desktop 2" = "Meta+2";
"Switch to Desktop 3" = "Meta+3";
"Switch to Desktop 4" = "Meta+4";
"Window to Desktop 1" = "Meta+Shift+1";
"Window to Desktop 2" = "Meta+Shift+2";
"Window to Desktop 3" = "Meta+Shift+3";
"Window to Desktop 4" = "Meta+Shift+4";
"Toggle Overview" = "Meta+Tab";
};
};
};
};
}

7
modules/home/desktop/plasma/options.nix Executable file
View File

@@ -0,0 +1,7 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.desktop.plasma = {
enable = mkEnableOption "KDE Plasma 6 home-manager configuration via plasma-manager";
};
}

0
modules/home/gpg/default.nix Normal file → Executable file
View File

20
modules/home/home/default.nix Normal file → Executable file
View File

@@ -4,10 +4,12 @@
pkgs,
namespace,
hasDestopEnvironment ? true,
system,
...
}:
let
inherit (lib.${namespace}) enabled;
isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
# Non-login / system accounts (root, nixos installer, etc.) should not get
# desktop packages, tmux, nh, kdeconnect, nextcloud-client, etc.
# Detect them by username so individual host home files are not needed.
@@ -40,6 +42,9 @@ in
nix-prefetch-scripts
nixfmt
pciutils
proton-pass-cli
proton-vpn-cli
proton-vpn
protonup-ng
rsync
smartmontools
@@ -52,9 +57,10 @@ in
wget
]
++ (
if (hasDestopEnvironment) then
if hasDestopEnvironment then
[
boxbuddy
cider-2
stable.chromium
firefox
gamescope
@@ -64,11 +70,23 @@ in
parted
vesktop
]
++ (
if isArm then
[ ]
else
[
proton-pass
]
)
else
[ ]
)
);
file = {
".face".source = "${pkgs.${namespace}.profile-pic}/profile-pic";
};
stateVersion = lib.mkDefault "23.11";
};

24
modules/home/programs/calibre/default.nix Executable file
View File

@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
namespace,
...
}:
{
imports = [
(lib.${namespace}.mkHomeModule {
inherit config;
domain = "programs";
name = "calibre";
moduleConfig = {
programs.calibre = {
enable = true;
plugins = with pkgs.${namespace}; [
dedrm
];
};
};
})
];
}

2
modules/home/programs/code/default.nix Normal file → Executable file
View File

@@ -14,7 +14,7 @@ let
in
{
home.packages = with pkgs; [
nodePackages.nodejs
nodejs_25
uv
];

0
modules/home/programs/common/default-apps.nix Normal file → Executable file
View File

1
modules/home/programs/git/default.nix Normal file → Executable file
View File

@@ -1,4 +1,3 @@
{ ... }:
let
gitAliases = {
co = "checkout";

0
modules/home/programs/hyprland/avizo.nix Normal file → Executable file
View File

3
modules/home/programs/hyprland/default.nix Normal file → Executable file
View File

@@ -313,6 +313,7 @@ in
secondMonitor = if builtins.length names > 1 then builtins.elemAt names 1 else firstMonitor;
in
{
inherit (cfg) workspace;
"$mod" = cfg.modKey;
# Mouse
@@ -513,8 +514,6 @@ in
preserve_split = "yes";
};
workspace = cfg.workspace;
windowrule = [
"match:title file_progress, float 1"
"match:title .*[Cc]onfirm.*, float 1"

0
modules/home/programs/hyprland/options.nix Normal file → Executable file
View File

1
modules/home/programs/librewolf/default.nix Normal file → Executable file
View File

@@ -1,4 +1,3 @@
{ ... }:
{
programs.librewolf = {
enable = false;

0
modules/home/programs/nwg-dock/default.nix Normal file → Executable file
View File

0
modules/home/programs/nwg-drawer/default.nix Normal file → Executable file
View File

0
modules/home/programs/nwg-panel/default.nix Normal file → Executable file
View File

0
modules/home/programs/nwg-panel/options.nix Normal file → Executable file
View File

0
modules/home/programs/onlyoffice/default.nix Normal file → Executable file
View File

13
modules/home/programs/opencode/default.nix Normal file → Executable file
View File

@@ -7,6 +7,7 @@
}:
let
cfg = config.${namespace}.programs.opencode;
net = lib.${namespace}.network;
in
{
options.${namespace}.programs.opencode = {
@@ -19,7 +20,7 @@ in
sops.templates."hass-mcp.env" = {
mode = "0600";
content = ''
HA_URL=http://nuc-nixos.local:8123
HA_URL=http://${net.hosts.nuc.lan}:${toString net.ports.nuc.homeAssistant}
HA_TOKEN=${config.sops.placeholder."hass-mcp/token"}
'';
};
@@ -33,11 +34,11 @@ in
npm = "@ai-sdk/openai-compatible";
name = "llama-server (local)";
options = {
baseURL = "http://jallen-nas.local:8127/v1";
baseURL = "http://${net.hosts.nas.lan}:${toString net.ports.nas.llamaCpp}/v1";
};
models = {
Qwen3-Coder-Next-Q4_0 = {
name = "Qwen3 Coder (local)";
"gemma-4-26B-A4B-it-UD-Q8_K_XL" = {
name = "Gemma 4 26B-A4B (local)";
modalities = {
input = [
"image"
@@ -46,8 +47,8 @@ in
output = [ "text" ];
};
limit = {
context = 131072;
output = 32768;
context = 32768;
output = 8192;
};
};
};

5
modules/home/programs/password-store/default.nix Normal file → Executable file
View File

@@ -1,12 +1,9 @@
{ ... }:
{
# The default value of `programs.password-store.settings` has changed from `{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }` to `{ }`.
# You are currently using the legacy default (`{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }`) because `home.stateVersion` is less than "25.11".
# To silence this warning and keep legacy behavior, set:
# programs.password-store.settings = { PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; };
programs.password-store = {
settings = {
PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store";
};
settings = { };
};
}

29
modules/home/programs/thunderbird/default.nix Executable file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.programs.thunderbird;
in
{
options.${namespace}.programs.thunderbird = {
enable = lib.mkEnableOption "thunderbird";
};
config = lib.mkIf cfg.enable {
programs.thunderbird = {
enable = true;
profiles = {
mjallen = {
isDefault = true;
accountsOrder = [
"gmail"
"protonmail"
];
};
};
};
};
}

0
modules/home/programs/update-checker/default.nix Normal file → Executable file
View File

51
modules/home/programs/vencord/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.programs.vesktop;
in
{
options.${namespace}.programs.vesktop = {
enable = lib.mkEnableOption "vesktop";
};
config = lib.mkIf cfg.enable {
programs.vesktop = {
enable = true;
settings = {
appBadge = false;
arRPC = true;
checkUpdates = false;
customTitleBar = false;
disableMinSize = true;
minimizeToTray = true;
tray = true;
splashBackground = "#000000";
splashColor = "#ffffff";
splashTheming = true;
staticTitle = true;
hardwareAcceleration = true;
discordBranch = "stable";
};
vencord = {
settings = {
autoUpdate = false;
autoUpdateNotification = false;
notifyAboutUpdates = false;
useQuickCss = true;
disableMinSize = true;
plugins = {
MessageLogger = {
enabled = false;
ignoreSelf = true;
};
FakeNitro.enabled = false;
};
};
};
};
};
}

9
modules/home/programs/waybar/default.nix
View File

@@ -294,10 +294,10 @@ in
systemd.enable = true;
settings = {
mainBar = (
mainBar =
(mkMerge [
{
layer = cfg.layer;
inherit (cfg) layer;
position = "top";
mod = "dock";
exclusive = true;
@@ -342,7 +342,7 @@ in
};
network = {
interface = cfg.network.interface;
inherit (cfg.network) interface;
on-click = "nm-connection-editor";
format = "{icon}";
tooltip-format = "{ifname} via {gwaddr} 󰊗";
@@ -589,8 +589,7 @@ in
};
})
])
// cfg.extra.settings
);
// cfg.extra.settings;
}
// cfg.extraModules; # keep legacy top-level extra modules for compatibility

0
modules/home/programs/waybar/options.nix Normal file → Executable file
View File

0
modules/home/programs/waybar/scripts/audio-control.nix Normal file → Executable file
View File

0
modules/home/programs/waybar/scripts/media.nix Normal file → Executable file
View File

0
modules/home/programs/waybar/scripts/notifications.nix Normal file → Executable file
View File

0
modules/home/programs/waybar/scripts/weather.nix Normal file → Executable file
View File

0
modules/home/programs/wlogout/default.nix Normal file → Executable file
View File

1
modules/home/programs/zsh/default.nix Normal file → Executable file
View File

@@ -1,4 +1,3 @@
{ ... }:
let
defaultShellAliases = {
l = "ls -alh";

3
modules/home/services/pass/default.nix Normal file → Executable file
View File

@@ -1,6 +1,3 @@
{
...
}:
{
#services.gnome-keyring.enable = false;
#home.packages = [ pkgs.gcr ];

24
modules/home/services/protonmail-bridge/default.nix Executable file
View File

@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.services.protonmail;
in
{
options.${namespace}.services.protonmail = {
enable = lib.mkEnableOption "protonmail bridge";
};
config = lib.mkIf cfg.enable {
services.protonmail-bridge = {
enable = true;
extraPackages = with pkgs; [ pass ];
};
home.packages = with pkgs; [ protonmail-bridge-gui ];
};
}

7
modules/home/shell-aliases/default.nix Normal file → Executable file
View File

@@ -6,6 +6,7 @@
}:
let
cfg = config.${namespace}.shell-aliases;
net = lib.${namespace}.network;
in
{
options.${namespace}.shell-aliases = {
@@ -13,7 +14,7 @@ in
buildHost = lib.mkOption {
type = lib.types.str;
default = "admin@10.0.1.3";
default = "admin@${net.hosts.nas.lan}";
description = "Build host for nixos-rebuild commands";
};
@@ -50,8 +51,8 @@ in
) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos";
# NAS management
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@${net.hosts.nas.lan} --build-host admin@${net.hosts.nas.lan} --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@${net.hosts.nas.lan}";
}
// cfg.extraAliases;
};

6
modules/home/sops/default.nix Normal file → Executable file
View File

@@ -15,9 +15,9 @@ in
age.keyFile = "/home/${config.home.username}/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
# secrets = {
# "github-token" = { };
# };
secrets = {
"gmail-smtp-password" = { };
};
# templates = {
# ".env".content = ''
# GITHUB_TOKEN = "${config.sops.placeholder.github-token}"

0
modules/home/sops/options.nix Normal file → Executable file
View File

24
modules/home/stylix/default.nix Normal file → Executable file
View File

@@ -5,29 +5,6 @@
...
}:
let
# # Pull from global theme options
# themeSize = "standard"; # "standard" | "compact"
# themeAccent = "default"; # "default" | ... | "all"
# themeTweak = "normal"; # "normal" | "rimless" | "float" | "black"
# themeColor = "dark"; # "light" | "dark"
# iconThemeVariant = "default"; # "default" | ... | "all"
# iconScheme = "nord"; # "default" | "nord" | "dracula" | ...
# # GTK
# gtkTheme = "Colloid-dark-standard";
# gtkThemePkg = pkgs.colloid-gtk-theme.override {
# sizeVariants = [ themeSize ];
# colorVariants = [ themeColor ];
# themeVariants = [ themeAccent ];
# tweaks = [ themeTweak ];
# };
# # Icons
# iconTheme = "Colloid-nord-dark";
# iconThemePkg = pkgs.colloid-icon-theme.override {
# schemeVariants = [ iconScheme ];
# colorVariants = [ iconThemeVariant ];
# };
isDarwin = system == "aarch64-darwin";
in
{
@@ -101,6 +78,7 @@ in
useWallpaper = false;
};
kde.enable = false;
qt.enable = false;
firefox = {
enable = false;
profileNames = [

6
modules/home/user/default.nix Normal file → Executable file
View File

@@ -35,17 +35,17 @@ in
description = "The full name of the user.";
};
home = mkOption {
type = (types.nullOr types.str);
type = types.nullOr types.str;
default = home-directory;
description = "The user's home directory.";
};
icon = mkOption {
type = (types.nullOr types.package);
type = types.nullOr types.package;
default = null;
description = "The profile picture to use for the user. Set to a package whose output is the icon file (e.g. a derivation producing a PNG).";
};
name = mkOption {
type = (types.nullOr types.str);
type = types.nullOr types.str;
default = "matt";
description = "The user account.";
};

2
modules/nixos/boot/common/default.nix Normal file → Executable file
View File

@@ -62,7 +62,7 @@ in
bcachefs.package = lib.mkOverride 90 pkgs.${namespace}.bcachefs;
consoleLogLevel = lib.mkDefault 0;
bootspec.enable = (!isArm);
bootspec.enable = !isArm;
initrd = {
verbose = lib.mkDefault false;

2
modules/nixos/boot/lanzaboote/default.nix Normal file → Executable file
View File

@@ -32,7 +32,7 @@ in
};
};
lanzaboote = {
enable = cfg.enable;
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
console-mode = "max";

0
modules/nixos/boot/plymouth/default.nix Normal file → Executable file
View File

0
modules/nixos/boot/systemd-boot/default.nix Normal file → Executable file
View File

19
modules/nixos/desktop/cosmic/default.nix
View File

@@ -1,21 +1,20 @@
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.cosmic;
in
{
options.${namespace}.desktop.cosmic = {
enable = lib.mkEnableOption "enable cosmic settings";
};
config = lib.mkIf cfg.enable {
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
};
# TODO: COSMIC DE has an active bug that prevents it from being used.
# Re-enable once upstream fixes land:
# config = lib.mkIf config.${namespace}.desktop.cosmic.enable {
# services = {
# desktopManager.cosmic.enable = true;
# displayManager.cosmic-greeter.enable = true;
# };
# };
config = { };
}

9
modules/nixos/desktop/gnome/default.nix Normal file → Executable file
View File

@@ -6,12 +6,14 @@
...
}:
let
inherit (lib.${namespace}) enabled disabled;
inherit (lib.${namespace}) enabled disabled mkBoolOpt;
cfg = config.${namespace}.desktop.gnome;
in
{
options.${namespace}.desktop.gnome = {
enable = lib.mkEnableOption "GNOME desktop environment";
vscodium.enable = mkBoolOpt false "Set VSCodium as the default EDITOR/VISUAL";
};
config = lib.mkIf cfg.enable {
@@ -53,5 +55,10 @@ in
enable = false;
package = pkgs.gnomeExtensions.gsconnect;
};
environment.variables = lib.mkIf cfg.vscodium.enable {
EDITOR = "${lib.getExe' pkgs.vscodium "codium"} --wait";
VISUAL = "${lib.getExe' pkgs.vscodium "codium"} --wait";
};
};
}

6
modules/nixos/desktop/hyprland/options.nix Normal file → Executable file
View File

@@ -18,14 +18,16 @@ in
options.${namespace}.desktop.hyprland = {
enable = mkEnableOption "enable hyprland desktop environment";
# These options are convenience aliases that feed into mjallen.wallpaper.*
# when the hyprland wallpaper sub-module is active.
wallpaperSource = mkOpt (types.enum [
"bing"
"nasa"
]) "bing" "Source for the wallpaper (bing or nasa)";
wallpaper = mkOpt types.path "/var/lib/wallpapers/current.jpg" "Path to the wallpaper folder";
wallpaper = mkOpt types.path "/var/lib/wallpapers/current.jpg" "Path to the active wallpaper file";
wallpaperDir = mkOpt types.path "/var/lib/wallpapers" "Path to the wallpaper folder";
wallpaperDir = mkOpt types.path "/var/lib/wallpapers" "Path to the wallpaper directory";
defaultWallpaper = mkOpt types.path "${defaultWallpaper}/default.jpg" "Default wallpaper";
};

174
modules/nixos/desktop/hyprland/wallpapers/default.nix Normal file → Executable file
View File

@@ -7,176 +7,20 @@
}:
let
cfg = config.${namespace}.desktop.hyprland;
# The script to use based on the selected wallpaper source
wallpaper-command = if cfg.wallpaperSource == "nasa" then "nasa-wallpaper" else "bing-wallpaper";
# System activation script to ensure wallpaper is available early in boot
wallpaper-activation-script = ''
# Create wallpaper directory if it doesn't exist
mkdir -p ${cfg.wallpaperDir}
# Copy default wallpaper as fallback if it doesn't exist
if [ ! -f ${cfg.wallpaperDir}/fallback.jpg ]; then
cp ${cfg.defaultWallpaper} ${cfg.wallpaperDir}/fallback.jpg
fi
# If no current wallpaper exists, use the fallback
if [ ! -f ${cfg.wallpaperDir}/current.jpg ]; then
cp ${cfg.wallpaperDir}/fallback.jpg ${cfg.wallpaperDir}/current.jpg
fi
# Create symlink for Plymouth and SDDM
ln -sf ${cfg.wallpaperDir}/current.jpg /run/wallpaper.jpg
'';
bing-wallpaper = pkgs.writeScriptBin "bing-wallpaper" ''
# Directory to store wallpapers
WALLPAPER_DIR="${cfg.wallpaperDir}"
IMG_PATH="$WALLPAPER_DIR/current.jpg"
FALLBACK_PATH="$WALLPAPER_DIR/fallback.jpg"
# Ensure directory exists
mkdir -p "$WALLPAPER_DIR"
# Copy to the standard location for other services
ln -sf "$IMG_PATH" /run/wallpaper.jpg
# Try to download new wallpaper
if ${lib.getExe pkgs.curl} -s --connect-timeout 5 --max-time 10 "https://www.bing.com" > /dev/null; then
URL=$(${lib.getExe pkgs.curl} -s "https://www.bing.com/HPImageArchive.aspx?format=js&idx=0&n=1" | \
${lib.getExe pkgs.jq} -r '.images[0].url')
FULL_URL="https://www.bing.com$URL"
if ${lib.getExe pkgs.curl} -s -o "$IMG_PATH.tmp" "$FULL_URL"; then
mv "$IMG_PATH.tmp" "$IMG_PATH"
echo "Downloaded $FULL_URL to $IMG_PATH successfully"
else
echo "Failed to download Bing wallpaper, using previous or fallback"
# If current doesn't exist, use fallback
if [ ! -f "$IMG_PATH" ] && [ -f "$FALLBACK_PATH" ]; then
cp "$FALLBACK_PATH" "$IMG_PATH"
fi
fi
else
echo "Network unavailable, using previous or fallback wallpaper"
# If current doesn't exist, use fallback
if [ ! -f "$IMG_PATH" ] && [ -f "$FALLBACK_PATH" ]; then
cp "$FALLBACK_PATH" "$IMG_PATH"
fi
fi
'';
nasa-wallpaper = pkgs.writeScriptBin "nasa-wallpaper" ''
# Directory to store wallpapers
WALLPAPER_DIR="${cfg.wallpaperDir}"
IMG_PATH="$WALLPAPER_DIR/current.jpg"
FALLBACK_PATH="$WALLPAPER_DIR/fallback.jpg"
# Ensure directory exists
mkdir -p "$WALLPAPER_DIR"
# Copy to the standard location for other services
ln -sf "$IMG_PATH" /run/wallpaper.jpg
# Try to download new wallpaper
if ${lib.getExe pkgs.curl} -s --connect-timeout 5 --max-time 10 "https://api.nasa.gov" > /dev/null; then
APOD_URL="https://api.nasa.gov/planetary/apod?api_key=DEMO_KEY"
IMAGE_URL=$(${lib.getExe pkgs.curl} -s "$APOD_URL" | ${lib.getExe pkgs.jq} -r '.hdurl // .url')
if ${lib.getExe pkgs.curl} -s -o "$IMG_PATH.tmp" "$IMAGE_URL"; then
mv "$IMG_PATH.tmp" "$IMG_PATH"
echo "Downloaded $IMAGE_URL to $IMG_PATH successfully"
else
echo "Failed to download NASA wallpaper, using previous or fallback"
# If current doesn't exist, use fallback
if [ ! -f "$IMG_PATH" ] && [ -f "$FALLBACK_PATH" ]; then
cp "$FALLBACK_PATH" "$IMG_PATH"
fi
fi
else
echo "Network unavailable, using previous or fallback wallpaper"
# If current doesn't exist, use fallback
if [ ! -f "$IMG_PATH" ] && [ -f "$FALLBACK_PATH" ]; then
cp "$FALLBACK_PATH" "$IMG_PATH"
fi
fi
'';
in
{
imports = [ ../options.nix ];
# Wire the hyprland wallpaper options through to the shared wallpaper module,
# and provide the hyprctl hot-reload command so hyprpaper picks up the new image.
config = lib.mkIf cfg.enable {
environment.systemPackages = [
bing-wallpaper
nasa-wallpaper
];
# Add system activation script to ensure wallpaper is available early
system.activationScripts.wallpaper = wallpaper-activation-script;
systemd = {
services = {
preload-wallpaper = {
enable = true;
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
# before = [ "display-manager.service" ];
# requiredBy = [
# "plymouth-quit-wait.service"
# "display-manager.service"
# ];
# wantedBy = [ "display-manager.service" ];
path = [
pkgs.bash
pkgs.jq
pkgs.curl
bing-wallpaper
nasa-wallpaper
];
script = ''
${wallpaper-command}
'';
serviceConfig = {
Type = "oneshot";
TimeoutSec = "10s"; # Limit how long we wait for network
};
};
};
user = {
services = {
reload-wallpaper = {
enable = true;
path = [
pkgs.bash
pkgs.jq
pkgs.curl
pkgs.hyprland
bing-wallpaper
nasa-wallpaper
];
script = ''
${wallpaper-command}
${lib.getExe' pkgs.hyprland "hyprctl"} hyprpaper wallpaper ,${cfg.wallpaper},
'';
serviceConfig = {
Type = "oneshot";
};
};
};
# Create a timer to run the service periodically
timers = {
reload-wallpaper = {
description = "Timer for reload-wallpaper";
wantedBy = [ "timers.target" ];
# Timer configuration
timerConfig = {
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
Unit = "reload-wallpaper.service";
};
};
};
};
${namespace}.wallpaper = {
inherit (cfg) defaultWallpaper;
enable = true;
source = cfg.wallpaperSource;
path = cfg.wallpaper;
dir = cfg.wallpaperDir;
reloadCommand = "${lib.getExe' pkgs.hyprland "hyprctl"} hyprpaper wallpaper ,${cfg.wallpaper},";
};
};
}

62
modules/nixos/desktop/plasma/default.nix Executable file
View File

@@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
inherit (lib.${namespace}) mkBoolOpt mkOpt;
cfg = config.${namespace}.desktop.plasma;
in
{
options.${namespace}.desktop.plasma = {
enable = lib.mkEnableOption "KDE Plasma 6 desktop environment";
wayland.enable = mkBoolOpt true "Use the Wayland session (default) instead of X11";
wallpaper = {
enable = mkBoolOpt false "Enable automatic wallpaper management (Bing/NASA daily download)";
source = mkOpt (lib.types.enum [
"bing"
"nasa"
]) "bing" "Source for the wallpaper (bing or nasa)";
};
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
{
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = cfg.wayland.enable;
};
# Required for Bluetooth D-Bus policy (allows WirePlumber/PipeWire
# to communicate with bluetoothd on the system bus).
blueman.enable = true;
};
xdg.portal.extraPortals = [ ];
environment.systemPackages = with pkgs; [
kdePackages.kdeplasma-addons
];
}
# Wallpaper management: wire the shared wallpaper module in when requested.
# plasma-apply-wallpaperimage hot-reloads the wallpaper in the running session.
(lib.mkIf cfg.wallpaper.enable {
${namespace}.wallpaper = {
enable = true;
source = cfg.wallpaper.source;
reloadCommand = "${lib.getExe' pkgs.kdePackages.plasma-workspace "plasma-apply-wallpaperimage"} /run/wallpaper.jpg";
};
})
]
);
}

0
modules/nixos/development/default.nix Normal file → Executable file
View File

0
modules/nixos/disko/default.nix Normal file → Executable file
View File

0
modules/nixos/disko/options.nix Normal file → Executable file
View File

0
modules/nixos/fonts/default.nix Normal file → Executable file
View File

7
modules/nixos/gaming/default.nix
View File

@@ -10,7 +10,8 @@ let
hasDesktop =
config.${namespace}.desktop.gnome.enable
|| config.${namespace}.desktop.hyprland.enable
|| config.${namespace}.desktop.cosmic.enable;
|| config.${namespace}.desktop.cosmic.enable
|| config.${namespace}.desktop.plasma.enable;
in
{
imports = [ ./options.nix ];
@@ -19,7 +20,7 @@ in
assertions = [
{
assertion = hasDesktop;
message = "mjallen.gaming.enable requires a desktop environment (gnome, hyprland, or cosmic) to be enabled.";
message = "mjallen.gaming.enable requires a desktop environment (gnome, hyprland, cosmic, or plasma) to be enabled.";
}
];
# Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023
@@ -91,7 +92,7 @@ in
# Hardware configs
hardware = {
# Xbox controllers
xpadneo.enable = false;
xone.enable = true;
# Steam udev rules for remote play
steam-hardware.enable = true;

14
modules/nixos/hardware/amd/default.nix
View File

@@ -14,9 +14,13 @@ in
options.${namespace}.hardware.amd = {
enable = mkEnableOption "AMD hardware configuration";
corectrl.enable = mkBoolOpt false "Enable CoreCtrl GPU control";
corectrl.enablePolkit = mkBoolOpt false "Enable CoreCtrl polkit rules";
corectrl.polkitGroup = mkOpt types.str "wheel" "Group allowed to use CoreCtrl without password";
coolercontrol.enable = mkBoolOpt false "Enable CoolerControl fan/cooling control";
corectrl = {
enable = mkBoolOpt false "Enable CoreCtrl GPU control";
enablePolkit = mkBoolOpt false "Enable CoreCtrl polkit rules";
polkitGroup = mkOpt types.str "wheel" "Group allowed to use CoreCtrl without password";
};
lact.enable = mkBoolOpt false "Enable LACT daemon (AMD GPU control)";
};
@@ -42,10 +46,12 @@ in
};
programs.corectrl = {
enable = cfg.corectrl.enable;
inherit (cfg.corectrl) enable;
package = pkgs.corectrl;
};
programs.coolercontrol.enable = lib.mkIf cfg.coolercontrol.enable true;
environment = {
variables = {
AMD_VULKAN_ICD = "RADV";

0
modules/nixos/hardware/battery/default.nix Normal file → Executable file
View File

0
modules/nixos/hardware/btrfs/default.nix Normal file → Executable file
View File

Some files were not shown because too many files have changed in this diff Show More