m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re/nixos-config:4684c5dc3e15d696426bd9a597f4ba8d59521a9e
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua
..
compare: m3tam3re/nixos-config:__dolt_remote_info__
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua

1 Commits
4684c5dc3e .. __dolt_remote_info__

Author SHA1 Message Date
m3tam3re 52e070120a dolt remote info 2026-06-13 08:18:23 +02:00
205 changed files with 7 additions and 10011 deletions
Expand all files Collapse all files
.gitattributes
-3
View File
@@ -1,3 +0,0 @@
# Use bd merge for beads JSONL files
.beads/issues.jsonl merge=beads
.gitignore
-42
View File
@@ -1,42 +0,0 @@
# Sisyphus work session data
.sisyphus/
# Editor files
*~
.*.swp
.*.swo
.*.swx
# Build artifacts
result
result-*
.direnv/
# IDE
.vscode/
.idea/
*.iml
# OS
.DS_Store
Thumbs.db
# Opencode rules
.opencode-rules
opencode.json
# Taskplane runtime artifacts (machine-specific, do not commit)
.pi/batch-state.json
.pi/batch-history.json
.pi/lane-state-*
.pi/merge-result-*
.pi/merge-request-*
.pi/worker-conversation-*
.pi/orch-logs/
.pi/orch-abort-signal
.pi/settings.json
.worktrees/
.taskplane-tasks/
# Pi project-local packages (if using pi install -l)
.pi/npm/
.pi-lens/cache/jscpd.json
Vendored
-7
View File
@@ -1,7 +0,0 @@
{
"success": true,
"clones": [],
"duplicatedLines": 0,
"totalLines": 0,
"percentage": 0
}
.pi-lens/cache/jscpd.meta.json
Vendored
-3
View File
@@ -1,3 +0,0 @@
{
"timestamp": "2026-04-13T17:20:59.675Z"
}
.pi-lens/cache/knip.json
Vendored
-9
View File
@@ -1,9 +0,0 @@
{
"success": false,
"issues": [],
"unusedExports": [],
"unusedFiles": [],
"unusedDeps": [],
"unlistedDeps": [],
"summary": "Failed to parse output"
}
.pi-lens/cache/knip.meta.json
Vendored
-3
View File
@@ -1,3 +0,0 @@
{
"timestamp": "2026-04-13T17:21:02.639Z"
}
.pi-lens/cache/session-start-guidance.json
Vendored
-1
View File
@@ -1 +0,0 @@
null
.pi-lens/cache/session-start-guidance.meta.json
Vendored
-3
View File
@@ -1,3 +0,0 @@
{
"timestamp": "2026-04-13T17:10:08.137Z"
}
.pi-lens/cache/todo-baseline.json
Vendored
-3
View File
@@ -1,3 +0,0 @@
{
"items": []
}
.pi-lens/cache/todo-baseline.meta.json
Vendored
-3
View File
@@ -1,3 +0,0 @@
{
"timestamp": "2026-04-13T17:09:05.936Z"
}
.pi-lens/turn-state.json
-6
View File
@@ -1,6 +0,0 @@
{
"files": {},
"turnCycles": 0,
"maxCycles": 3,
"lastUpdated": "2026-04-13T17:21:02.639Z"
}
AGENTS.md
-157
View File
@@ -1,157 +0,0 @@
# NIXOS CONFIGURATION KNOWLEDGE BASE
**Generated:** 2025-12-31 16:13:40 UTC
**Commit:** ebc8291
**Branch:** HEAD
## OVERVIEW
Personal NixOS configuration managing 6 hosts (4 servers, 2 desktops) using flakes, agenix secrets, and feature-based home-manager setup.
## STRUCTURE
```
./
├── flake.nix # Main entry: host definitions, inputs, outputs
├── secrets.nix # Agenix public key mappings
├── hosts/
│ ├── common/ # Shared: base config, users, extraServices, ports
│ ├── m3-atlas/ # Server: 20+ containerized services with Traefik
│ ├── m3-helios/ # Server: AdGuard, internal routing
│ ├── m3-ares/ # Desktop: NVIDIA GPU, Btrfs
│ ├── m3-kratos/ # Desktop: AMD GPU, ZFS
│ └── m3-aether/ # Cloud VM
├── home/
│ ├── common/ # Home-manager base config
│ ├── features/ # Modular feature toggles (cli, desktop, coding)
│ └── m3tam3re/ # Per-host user configs
├── modules/ # Custom NixOS/home-manager modules
├── overlays/ # Package overlays (stable, locked, pinned, master)
├── pkgs/ # Custom package definitions
└── secrets/ # Agenix encrypted .age files (19 secrets)
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add new host | `flake.nix` + `hosts/<name>/` | Copy template from m3-atlas (server) or m3-ares (desktop) |
| Add service to m3-atlas | `hosts/m3-atlas/services/` | See containers/ for Podman + Traefik pattern |
| Configure desktop features | `home/features/desktop/` | Feature toggles with mkEnableOption |
| Add CLI tool | `home/features/cli/` | Fish + Nushell integration expected |
| Manage secrets | `secrets.nix` + `agenix -e` | SSH keys defined in secrets.nix |
| Define ports | `hosts/common/ports.nix` | Centralized port registry |
| Add user | `hosts/common/users/` | Shared across all hosts |
| Custom packages | `pkgs/default.nix` | Exposed via flake outputs |
## CONVENTIONS
### Secrets (agenix)
- **Create**: `agenix -e secrets/<name>.age` after adding keys to `secrets.nix`
- **Reference**: `config.age.secrets.<name>.path` in service configs
- **Pattern**: Service env files use `environmentFiles = [config.age.secrets.<service>-env.path]`
### Service Organization
- **Native services**: `hosts/<host>/services/<service>.nix`
- **Containers**: `hosts/<host>/services/containers/<service>.nix`
- **Traefik integration**: All m3-atlas services include dynamic config for SSL + routing
- **Networking**: Containers use dedicated `web` network (10.89.0.0/24) with static IPs
### Port Management
- **Registry**: All ports defined in `hosts/common/ports.nix`
- **Access**: `config.m3ta.ports.get "service-name"`
- **Convention**: Internal services use 3000-3020 range
### Home-Manager Features
- **Enable**: `features.<category>.<feature>.enable = true` in user config
- **Categories**: `cli`, `desktop`, `coding`
- **Pattern**: Features are opt-in modules with default.nix aggregators
### Multiple nixpkgs Inputs
- **stable**: 25.11 release
- **locked/pinned**: Specific commits for compatibility
- **master**: Bleeding edge
- **m3ta-nixpkgs**: Custom local overlay at `path:/home/m3tam3re/p/nix/nixpkgs`
## COMMANDS
```bash
# Build/deploy specific host
sudo nixos-rebuild switch --flake .#m3-ares
# Build/deploy current host
sudo nixos-rebuild switch --flake .#$(uname -n)
# Home-manager update
home-manager --flake . switch
# Update all flake inputs
nix flake update
# Add/edit secret
agenix -e secrets/<name>.age
# Infrastructure shell (OpenTofu)
nix develop .#infraShell
# Check configuration (no activation)
nixos-rebuild dry-build --flake .#<hostname>
```
## TRAEFIK PATTERNS (m3-atlas only)
### SSL Termination
- **Provider**: Godaddy DNS challenge
- **Cert storage**: `/var/lib/traefik/acme.json`
- **Config**: `hosts/m3-atlas/services/traefik.nix`
### Service Integration Template
```nix
services.traefik.dynamicConfigOptions.http = {
services.<name>.loadBalancer.servers = [{ url = "http://127.0.0.1:<port>"; }];
routers.<name> = {
rule = "Host(`<subdomain>.m3ta.dev`)";
service = "<name>";
tls.certResolver = "godaddy";
};
};
```
### Container Pattern
- **Network**: `--network=web --ip=10.89.0.<sequential>`
- **Ports**: Bind localhost only (`127.0.0.1:<external>:<internal>`)
- **Database access**: `--add-host=mysql:10.89.0.1` (gateway IP)
## HOST ROLES
| Host | Type | Hardware | Purpose |
|------|------|----------|---------|
| m3-atlas | Server | x86_64, disko | 20+ services, Traefik hub, PostgreSQL, MySQL |
| m3-helios | Server | x86_64, disko | AdGuard DNS, internal routing |
| m3-ares | Desktop | NVIDIA, Btrfs | Personal workstation, n8n, PostgreSQL |
| m3-kratos | Desktop | AMD, ZFS | Workstation, mem0, PostgreSQL |
| m3-aether | Cloud | QEMU | General purpose VM |
| m3-daedalus | Laptop | home-only | Portable (no full NixOS config) |
## ANTI-PATTERNS (THIS PROJECT)
- **DON'T** add secrets to `secrets/` without updating `secrets.nix` public keys
- **DON'T** hardcode ports - use `config.m3ta.ports.get` or add to registry
- **DON'T** create containers outside the `web` network on m3-atlas
- **DON'T** skip Traefik config for public-facing services on m3-atlas
- **DON'T** bypass extraServices flags - use `hosts/common/extraServices/` pattern
- **DON'T** commit unencrypted secrets or test with real credentials
## UNIQUE TO THIS CONFIG
- **Custom m3ta-nixpkgs**: Local overlay for unreleased/patched packages
- **extraServices abstraction**: Boolean flags to toggle Podman, Ollama, virtualisation per host
- **Mythological naming**: All hosts named after Greek mythology
- **Dual domain strategy**: New services on `m3ta.dev`, legacy redirects from `m3tam3re.com`
- **Per-host nixpkgs versions**: Different hosts can use different nixpkgs commits via specialArgs
- **Container IP registry**: Static IP assignments in 10.89.0.0/24 subnet for predictable networking
## NOTES
- m3-atlas is the service hub - most complex configuration
- Secrets require host SSH keys defined in `secrets.nix` before `agenix -e` works
- Fish and Nushell both configured - choose per-user with shell aliases
- Color scheme (Dracula) applied via nix-colors across all visual tools
- See subdirectory AGENTS.md for deep dives on containers, desktop features, CLI tools
DOLT_REMOTE.md
+7
View File
@@ -0,0 +1,7 @@
This repository is being used as a Dolt remote.
ref=refs/dolt/data
head=b30121458bb0b75b61e483e49b5084835b3777d8
timestamp=2026-06-13T06:18:23Z
flake.lock
Generated
-1184
View File
File diff suppressed because it is too large Load Diff
flake.nix
-226
View File
@@ -1,226 +0,0 @@
{
description = ''
For questions just DM me on X: https://twitter.com/@m3tam3re
There is also some NIXOS content on my YT channel: https://www.youtube.com/@m3tam3re
One of the best ways to learn NIXOS is to read other peoples configurations. I have personally learned a lot from Gabriel Fontes configs:
https://github.com/Misterio77/nix-starter-configs
https://github.com/Misterio77/nix-config
Please also check out the starter configs mentioned above.
'';
inputs = {
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-45570c2.url = "github:nixos/nixpkgs/45570c299dc2b63c8c574c4cd77f0b92f7e2766e";
nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
# m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
llm-agents.url = "github:numtide/llm-agents.nix";
#
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {url = "github:nix-community/nixos-generators";};
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
nix-colors.url = "github:misterio77/nix-colors";
agents = {
# url = "path:/home/m3tam3re/p/AI/AGENTS";
url = "git+https://code.m3ta.dev/m3tam3re/AGENTS";
};
## Skills
skills-basecamp = {
url = "github:basecamp/basecamp-cli";
flake = false;
};
skills-anthropic = {
url = "github:anthropics/skills";
flake = false;
};
skills-kestra = {
url = "github:kestra-io/agent-skills";
flake = false;
};
skills-vercel = {
url = "github:vercel-labs/skills";
flake = false;
};
hermes-agent.url = "github:NousResearch/hermes-agent";
};
outputs = {
self,
agenix,
home-manager,
nixpkgs,
m3ta-nixpkgs,
nur,
agents,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
"aarch64-darwin"
"x86_64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
allOverlays = import ./overlays {inherit inputs outputs;};
in {
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = builtins.removeAttrs allOverlays ["mkLlmAgentsOverlay"];
lib.mkLlmAgentsOverlay = allOverlays.mkLlmAgentsOverlay;
homeManagerModules = import ./modules/home-manager;
nixosConfigurations = {
m3-ares = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-ares";
};
modules = [
./hosts/m3-ares
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
inputs.hermes-agent.nixosModules.default
];
};
m3-atlas = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
};
modules = [
./hosts/m3-atlas
inputs.disko.nixosModules.disko
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
];
};
m3-kratos = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-kratos";
};
modules = [
./hosts/m3-kratos
agenix.nixosModules.default
nur.modules.nixos.default
m3ta-nixpkgs.nixosModules.default
inputs.hermes-agent.nixosModules.default
];
};
m3-helios = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
};
modules = [
./hosts/m3-helios
inputs.disko.nixosModules.disko
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
];
};
m3-hermes = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
};
modules = [
./hosts/m3-hermes
inputs.disko.nixosModules.disko
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
inputs.hermes-agent.nixosModules.default
];
};
};
homeConfigurations = {
"m3tam3re@m3-daedalus" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-daedalus";
};
modules = [./home/m3tam3re/m3-daedalus.nix];
};
};
devShells = forAllSystems (system: let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow unfree packages in devShell
};
m3taLib = m3ta-nixpkgs.lib.x86_64-linux;
rules = m3taLib.opencode-rules.mkOpencodeRules {
inherit agents;
languages = ["nix"];
};
in {
default = pkgs.mkShell {
buildInputs = with pkgs; [
alejandra
nixd
openssh
agenix.packages.${system}.default
];
inherit (rules) instructions;
shellHook = ''
${rules.shellHook}
echo "======================================"
echo "🧑🚀 Nix Development Shell with Opencode Rules"
echo "======================================"
echo ""
echo "Active rules:"
echo " - Nix language conventions"
echo " - Coding-style best practices"
echo " - Naming conventions"
echo " - Documentation standards"
echo " - Testing guidelines"
echo " - Git workflow patterns"
echo " - Project structure guidelines"
echo ""
echo "Generated files:"
echo " - .opencode-rules/ (symlink to AGENTS repo)"
echo " - opencode.json (configuration file)"
echo ""
echo "Useful commands:"
echo " - cat opencode.json View rules configuration"
echo " - ls .opencode-rules/ Browse available rules"
echo " - nix develop Re-enter this shell"
echo ""
echo "Remember to add to .gitignore:"
echo " .opencode-rules"
echo " opencode.json"
echo "======================================"
'';
};
});
};
}
home/common/default.nix
-56
View File
@@ -1,56 +0,0 @@
{
inputs,
lib,
outputs,
pkgs,
system,
...
}: {
imports = [
inputs.nix-colors.homeManagerModules.default
inputs.m3ta-nixpkgs.homeManagerModules.default
]; #imports = builtins.attrValues outputs.homeManagerModules;
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
#outputs.overlays.additions
#outputs.overlays.modifications
outputs.overlays.temp-packages
outputs.overlays.stable-packages
outputs.overlays.locked-packages
outputs.overlays.pinned-packages
outputs.overlays.master-packages
inputs.nur.overlays.default
inputs.m3ta-nixpkgs.overlays.default
inputs.m3ta-nixpkgs.overlays.modifications
(outputs.lib.mkLlmAgentsOverlay system)
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
# Workaround for https://github.com/nix-community/home-manager/issues/2942
allowUnfreePredicate = _: true;
};
};
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = ["nix-command" "flakes"];
warn-dirty = false;
};
};
colorScheme = inputs.nix-colors.colorSchemes.dracula;
}
home/features/cli/AGENTS.md
-65
View File
@@ -1,65 +0,0 @@
# CLI FEATURES (home-manager)
**Shell and terminal tooling with Fish + Nushell dual configuration**
## OVERVIEW
8 CLI modules with integrated tooling across Fish and Nushell shells.
## STRUCTURE
```
cli/
├── default.nix # Imports + shared tools (bat, eza, direnv)
├── fish.nix # Fish shell + aliases
├── fzf.nix # Fuzzy finder
├── nitch.nix # System info tool
├── nushell.nix # Nushell + aliases
├── secrets.nix # Password-store integration
├── starship.nix # Shell prompt
└── zellij.nix # Terminal multiplexer
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add CLI tool | default.nix home.packages | Check if shell integration needed |
| Shell aliases | fish.nix or nushell.nix | Kept in sync between shells |
| Prompt config | starship.nix | Uses nerd-fonts symbols |
| Secret access | secrets.nix | Agenix integration |
## CONVENTIONS
### Shell Integration Pattern
Tools with shell hooks enabled in both Fish and Nushell:
- **carapace**: Completions
- **zoxide**: Smart cd
- **eza**: ls replacement
- **direnv**: Directory environments
- **fzf**: Fuzzy finding
### NixOS Rebuild Aliases (both shells)
```
nr/nrs - nixos-rebuild [switch]
snr/snrs - sudo nixos-rebuild [switch]
hms - home-manager switch
```
### Bat Theme
Custom `universal` theme generated from nix-colors palette in default.nix (lines 34-157).
### Secrets Integration
Fish/Nushell source `$HOME/.secrets` if `secrets.enable = true` (CLI secrets feature).
## ANTI-PATTERNS
- **DON'T** add aliases to only one shell - keep Fish/Nushell in sync
- **DON'T** use `programs.bash` - Nushell is default shell
- **DON'T** bypass carapace for completions - integrated by default
## NOTES
- zellij-ps custom package for project session management
- Default shell set to Nushell in hosts/common/default.nix
- Bat theme dynamically generated (no external theme files)
- lf file manager uses bat for previews
- Agenix CLI (agenix-cli) included for secret management
home/features/cli/default.nix
-230
View File
@@ -1,230 +0,0 @@
{
config,
pkgs,
videoDrivers,
...
}: {
imports = [
./fish.nix
./fzf.nix
./nitch.nix
./nushell.nix
./secrets.nix
./starship.nix
./television.nix
./zellij.nix
];
programs.carapace = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
enableBashIntegration = true;
};
programs.zoxide = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
};
programs.bat = {
enable = true;
config = {theme = "universal";};
themes = {
universal = {
src = pkgs.writeText "universal.tmTheme" ''
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>name</key>
<string>Universal (nix-colors)</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#${config.colorScheme.palette.base00}</string>
<key>foreground</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>caret</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>selection</key>
<string>#${config.colorScheme.palette.base02}</string>
<key>selectionForeground</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>lineHighlight</key>
<string>#${config.colorScheme.palette.base01}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base03}</string>
<key>fontStyle</key>
<string>italic</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String</string>
<key>scope</key>
<string>string</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0A}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number</string>
<key>scope</key>
<string>constant.numeric</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0E}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword</string>
<key>scope</key>
<string>keyword</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base08}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function</string>
<key>scope</key>
<string>entity.name.function</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0B}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Type</string>
<key>scope</key>
<string>entity.name.type, storage.type</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0D}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable</string>
<key>scope</key>
<string>variable</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base05}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Constant</string>
<key>scope</key>
<string>constant</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0E}</string>
</dict>
</dict>
</array>
</dict>
</plist>
'';
};
};
};
programs.direnv = {
enable = true;
enableNushellIntegration = true;
nix-direnv.enable = true;
};
programs.eza = {
enable = true;
enableFishIntegration = true;
enableBashIntegration = true;
extraOptions = ["-l" "--icons" "--git" "-a"];
};
programs.lf = {
enable = true;
settings = {
preview = true;
drawbox = true;
hidden = true;
icons = true;
theme = "Dracula";
previewer = "bat";
};
};
cli.zellij-ps = {
enable = true;
projectFolders = ["/home/m3tam3re/p"];
};
home.packages = with pkgs; [
basecamp
comma
coreutils
devenv
fabric-ai
fd
gcc
go
htop
httpie
hyprpaper-random
jq
just
lazygit
llm
lf
nix-index
nix-update
libnotify
nushellPlugins.skim
progress
ripgrep
rocmPackages.rocm-smi
rocmPackages.rocminfo
rocmPackages.rocm-runtime
sqlite
sqlite-vec
tldr
pomodoro-timer
trash-cli
unimatrix
unzip
vulkan-tools
wttrbar
wireguard-tools
yazi
zellij-ps
zip
];
}
home/features/cli/fish.nix
-116
View File
@@ -1,116 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fish;
in {
options.features.cli.fish.enable = mkEnableOption "enable fish shell";
config = mkIf cfg.enable {
programs.fish = {
enable = true;
interactiveShellInit = ''
# Fish colors using universal nix-colors palette
# Text colors
set -g fish_color_normal ${config.colorScheme.palette.base05} # text
set -g fish_color_param ${config.colorScheme.palette.base05} # text
set -g fish_color_comment ${config.colorScheme.palette.base03} # muted
set -g fish_color_autosuggestion ${config.colorScheme.palette.base03} # muted
# Command colors
set -g fish_color_command ${config.colorScheme.palette.base0D} # accent6 (blue)
set -g fish_color_quote ${config.colorScheme.palette.base0A} # accent3 (yellow)
set -g fish_color_redirection ${config.colorScheme.palette.base0E} # accent7 (purple)
set -g fish_color_end ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_error ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_operator ${config.colorScheme.palette.base0C} # accent5 (cyan)
set -g fish_color_escape ${config.colorScheme.palette.base09} # accent2 (orange)
# Path colors
set -g fish_color_cwd ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_cwd_root ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_valid_path --underline
# Interactive colors
set -g fish_color_match ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_selection --background=${config.colorScheme.palette.base02} # overlay
set -g fish_color_search_match --background=${config.colorScheme.palette.base02} # overlay
set -g fish_color_history_current --bold
set -g fish_color_user ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_host ${config.colorScheme.palette.base0D} # accent6 (blue)
set -g fish_color_cancel -r
# Pager colors
set -g fish_pager_color_completion normal
set -g fish_pager_color_description ${config.colorScheme.palette.base03} # muted
set -g fish_pager_color_prefix ${config.colorScheme.palette.base0E} # accent7 (purple)
set -g fish_pager_color_progress ${config.colorScheme.palette.base0B} # accent4 (green)
'';
loginShellInit = ''
set -x NIX_PATH nixpkgs=channel:nixos-unstable
set -x NIX_LOG info
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
set -x TERMINAL ghostty
set -x EDITOR nvim
set -x VISUAL zed
set -x XDG_DATA_HOME $HOME/.local/share
set -x FZF_CTRL_R_OPTS "
--preview='bat --color=always -n {}'
--preview-window up:3:hidden:wrap
--bind 'ctrl-/:toggle-preview'
--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'
--color header:bold
--header 'Press CTRL-Y to copy command into clipboard'"
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
set -x FLAKE $HOME/p/nixos/nixos-config
source /run/agenix/${config.home.username}-secrets
if test (tty) = "/dev/tty1"
exec uwsm start -F /run/current-system/sw/bin/Hyprland
end
if test (tty) = "/dev/tty2"
exec gamescope -O HDMI-A-1 -W 1920 -H 1080 --adaptive-sync --hdr-enabled --rt --steam -- steam -pipewire-dmabuf -tenfoot
end
'';
shellAbbrs = {
".." = "cd ..";
"..." = "cd ../..";
b = "yazi";
ls = "eza";
l = "eza -l --icons --git -a";
lt = "eza --tree --level=2 --long --icons --git";
grep = "rg";
ps = "procs";
just = "just --unstable";
node = "bun";
npx = "bunx";
fs = "du -ah . | sort -hr | head -n 10";
n = "nix";
nd = "nix develop -c $SHELL";
ns = "nix shell";
nsn = "nix shell nixpkgs#";
nb = "nix build";
nbn = "nix build nixpkgs#";
nf = "nix flake";
nr = "sudo nixos-rebuild --flake .";
nrs = "sudo nixos-rebuild switch --flake .#(uname -n)";
snr = "sudo nixos-rebuild --flake .";
snrs = "sudo nixos-rebuild --flake . switch";
hm = "home-manager --flake .";
hms = "home-manager --flake . switch";
hmr = "cd ~/projects/nix-configurations; nix flake lock --update-input dotfiles; home-manager --flake .#(whoami)@(hostname) switch";
tsu = "sudo tailscale up";
tsd = "sudo tailscale down";
vi = "nvim";
vim = "nvim";
};
};
};
}
home/features/cli/fzf.nix
-40
View File
@@ -1,40 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fzf;
in {
options.features.cli.fzf.enable = mkEnableOption "enable fuzzy finder";
config = mkIf cfg.enable {
programs.fzf = {
enable = true;
enableFishIntegration = true;
colors = {
"fg" = "#${config.colorScheme.palette.base05}";
"bg" = "#${config.colorScheme.palette.base00}";
"hl" = "#${config.colorScheme.palette.base0E}";
"fg+" = "#${config.colorScheme.palette.base05}";
"bg+" = "#${config.colorScheme.palette.base02}";
"hl+" = "#${config.colorScheme.palette.base0E}";
"info" = "#${config.colorScheme.palette.base09}";
"prompt" = "#${config.colorScheme.palette.base0B}";
"pointer" = "#${config.colorScheme.palette.base08}";
"marker" = "#${config.colorScheme.palette.base08}";
"spinner" = "#${config.colorScheme.palette.base09}";
"header" = "#${config.colorScheme.palette.base03}";
};
defaultOptions = [
"--preview='bat --color=always -n {}'"
"--bind 'ctrl-/:toggle-preview'"
"--header 'Press CTRL-Y to copy command into clipboard'"
"--bind 'ctrl-/:toggle-preview'"
"--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'"
];
defaultCommand = "fd --type f --exclude .git --follow --hidden";
changeDirWidgetCommand = "fd --type d --exclude .git --follow --hidden";
};
};
}
home/features/cli/nitch.nix
-15
View File
@@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.nitch;
in {
options.features.cli.nitch.enable = mkEnableOption "enable nitch";
config = mkIf cfg.enable {
home.packages = with pkgs; [nitch];
};
}
home/features/cli/nushell.nix
-91
View File
@@ -1,91 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.nushell;
in {
options.features.cli.nushell.enable = mkEnableOption "enable nushell";
config = mkIf cfg.enable {
programs.nushell = {
enable = true;
envFile.text = ''
$env.config.show_banner = false
$env.NIX_PATH = "nixpkgs=channel:nixos-unstable"
$env.NIX_LOG = "iunfo"
$env.WEBKIT_DISABLE_COMPOSITING_MODE = "1"
$env.TERMINAL = "ghostty"
$env.EDITOR = "nvim"
$env.VISUAL = "zeditor"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.FZF_DEFAULT_OPTS = "--preview='bat --color=always -n {}' --bind 'ctrl-/:toggle-preview' --header 'Press CTRL-Y to copy command into clipboard' --bind 'ctrl-/:toggle-preview' --bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort' --color bg:#282a36,bg+:#44475a,fg:#f8f8f2,fg+:#f8f8f2,header:#6272a4,hl:#bd93f9,hl+:#bd93f9,info:#ffb86c,marker:#ff79c6,pointer:#ff79c6,prompt:#50fa7b,spinner:#ffb86c"
$env.XDG_DATA_HOME = $"($env.HOME)/.local/share"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"
$env.PATH = ($env.PATH | split row (char esep) | append $"($env.HOME)/.cache/.bun/bin" | append $"($env.HOME)/.npm-global/bin" | uniq)
$env.NPM_CONFIG_PREFIX = $"($env.HOME)/.npm-global"
$env.FLAKE = $"($env.HOME)/p/NIX/nixos-config"
# Load kestractl-env from agenix
if ("/run/agenix/kestractl-env" | path exists) {
open /run/agenix/kestractl-env
| lines
| where {($in | str trim | str length) > 0}
| parse "{key}={value}"
| update value {str trim -c '"'}
| transpose -r -d
| load-env
}
'';
# if (tty) == "/dev/tty1" {
# exec uwsm start -S -F /run/current-system/sw/bin/Hyprland
# }
# if (tty) == "/dev/tty2" {
# exec gamescope -O HDMI-A-1 -W 1920 -H 1080 --adaptive-sync --hdr-enabled --rt --steam -- steam -pipewire-dmabuf -tenfoot
# }
configFile.text = ''
# Aliases
alias .. = cd ..
alias ... = cd ...
alias h = cd $env.HOME
alias b = yazi
alias lt = eza --tree --level=2 --long --icons --git
alias grep = rg
alias just = just --unstable
alias node = bun
alias npx = bunx
alias n = nix
alias nd = nix develop -c $nu.current-shell
alias ns = nix shell
alias nsn = nix shell nixpkgs#
alias nb = nix build
alias nbn = nix build nixpkgs#
alias nf = nix flake
alias nr = sudo nixos-rebuild --flake .
alias nrs = sudo nixos-rebuild switch --flake .#(sys host | get hostname)
alias snr = sudo nixos-rebuild --flake .
alias snrs = sudo nixos-rebuild --flake . switch
alias hm = home-manager --flake .
alias hms = home-manager --flake . switch
alias hmr = do { cd ~/projects/nix-configurations; nix flake lock --update-input dotfiles; home-manager --flake .#(whoami)@(hostname) switch }
alias tsu = sudo tailscale up
alias tsd = sudo tailscale down
alias vi = nvim
alias vim = nvim
if (which tv | is-not-empty) {
mkdir ($nu.data-dir | path join "vendor/autoload")
tv init nu | save -f ($nu.data-dir | path join "vendor/autoload/tv.nu")
}
'';
};
};
}
home/features/cli/secrets.nix
-22
View File
@@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.secrets;
in {
options.features.cli.secrets.enable = mkEnableOption "enable secrets";
config = mkIf cfg.enable {
programs.password-store = {
enable = true;
package =
pkgs.pass-wayland.withExtensions
(exts: [exts.pass-otp exts.pass-import]);
settings = {PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store";};
};
home.packages = with pkgs; [pinentry-gnome3];
};
}
home/features/cli/starship.nix
-68
View File
@@ -1,68 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.starship;
in {
options.features.cli.starship.enable = mkEnableOption "enable starship prompt";
config = mkIf cfg.enable {
programs.starship = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
settings = {
format = "$all$character";
palette = "universal";
palettes.universal = {
background = "#${config.colorScheme.palette.base00}";
surface = "#${config.colorScheme.palette.base01}";
muted = "#${config.colorScheme.palette.base03}";
text = "#${config.colorScheme.palette.base05}";
bright = "#${config.colorScheme.palette.base07}";
accent1 = "#${config.colorScheme.palette.base08}";
accent2 = "#${config.colorScheme.palette.base09}";
accent3 = "#${config.colorScheme.palette.base0A}";
accent4 = "#${config.colorScheme.palette.base0B}";
accent5 = "#${config.colorScheme.palette.base0C}";
accent6 = "#${config.colorScheme.palette.base0D}";
accent7 = "#${config.colorScheme.palette.base0E}";
};
character = {
success_symbol = "[](accent7)";
error_symbol = "[](accent1)";
};
directory = {
style = "accent6";
truncation_length = 3;
truncate_to_repo = false;
};
git_branch = {
style = "accent7";
};
git_status = {
style = "accent5";
};
cmd_duration = {
style = "accent3";
};
hostname = {
style = "accent4";
};
username = {
style_user = "accent2";
};
};
};
};
}
home/features/cli/television.nix
-64
View File
@@ -1,64 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.television;
in {
options.features.cli.television.enable = mkEnableOption "enable nitch";
config = mkIf cfg.enable {
programs.television = {
enable = true;
channels = {
tldr = {
metadata = {
description = "Browse TLDR pages";
name = "tldr";
requirements = [
"tldr"
];
};
preview = {
command = "tldr '{}'";
};
source = {
command = "tldr --list";
};
};
git-diff = {
metadata = {
description = "A channel to select files from git diff commands";
name = "git-diff";
requirements = [
"git"
];
};
preview = {
command = "git diff HEAD --color=always -- '{}'";
};
source = {
command = "git diff --name-only HEAD";
};
};
git-log = {
metadata = {
description = "A channel to select from git log entries";
name = "git-log";
requirements = [
"git"
];
};
preview = {
command = "git show -p --stat --pretty=fuller --color=always '{0}'";
};
source = {
command = "git log --oneline --date=short --pretty=\"format:%h %s %an %cd\" \"$@\"";
output = "{split: :0}";
};
};
};
};
};
}
home/features/cli/zellij.nix
-32
View File
@@ -1,32 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.zellij;
in {
options.features.cli.zellij.enable = mkEnableOption "enable tmux";
config = mkIf cfg.enable {
programs.zellij = {
enable = true;
settings = {
theme = "universal";
themes.universal = {
bg = "#${config.colorScheme.palette.base00}";
fg = "#${config.colorScheme.palette.base05}";
black = "#${config.colorScheme.palette.base01}";
red = "#${config.colorScheme.palette.base08}";
green = "#${config.colorScheme.palette.base0B}";
yellow = "#${config.colorScheme.palette.base0A}";
blue = "#${config.colorScheme.palette.base0D}";
magenta = "#${config.colorScheme.palette.base0E}";
cyan = "#${config.colorScheme.palette.base0C}";
white = "#${config.colorScheme.palette.base07}";
orange = "#${config.colorScheme.palette.base09}";
};
};
};
};
}
home/features/coding/default.nix
-86
View File
@@ -1,86 +0,0 @@
{
config,
pkgs,
videoDrivers,
...
}: let
npmGlobalPrefix = "${config.home.homeDirectory}/.npm-global";
in {
home.file.".npmrc".text = ''
prefix=${npmGlobalPrefix}
'';
home.sessionVariables.NPM_CONFIG_PREFIX = npmGlobalPrefix;
imports = [
./opencode.nix
./pi.nix
];
programs.mcp = {
enable = true;
servers = {
DeepWiki = {
url = "https://mcp.deepwiki.com/mcp";
};
Ref = {
command = "sh";
args = ["-c" "REF_API_KEY=$(cat /run/agenix/ref-key) exec bunx ref-tools-mcp@latest"];
};
Exa = {
command = "sh";
args = ["-c" "EXA_API_KEY=$(cat /run/agenix/exa-key) exec bunx exa-mcp-server@latest tools=web_search_exa"];
};
Outline = {
url = "https://wiki.az-gruppe.com/mcp";
};
ContextMode = {
command = "sh";
args = ["-c" "exec bunx context-mode@latest"];
};
Honcho = {
command = "sh";
args = [
"-c"
''exec bunx mcp-remote@latest https://mcp.honcho.dev --header "Authorization:Bearer $(cat /run/agenix/honcho-key)" --header "X-Honcho-User-Name:m3tam3re"''
];
};
};
};
home.packages = with pkgs; [
agenix-cli
alejandra
bc
bun
devpod
#devpod-desktop
claude-code
code2prompt
gnumake
cmake
(python3.withPackages (ps:
with ps; [
pip
uv
# Scientific packages
numba
numpy
torch
srt
]))
pyrefly
nixd
nodejs
# opencode-desktop
(qmd.override {
vulkanSupport = videoDrivers == ["amdgpu"];
cudaSupport = videoDrivers == ["nvidia"];
})
openshell
openspec
pi
alejandra
sidecar
tailwindcss
tailwindcss-language-server
td
];
}
home/features/coding/opencode.nix
-126
View File
@@ -1,126 +0,0 @@
{
inputs,
lib,
...
}: {
coding.agents.opencode = {
enable = true;
agentsInput = inputs.agents;
externalSkills = [
{
src = inputs.skills-anthropic;
selectSkills = ["pdf" "docx" "frontend-design"];
}
{src = inputs.skills-vercel;}
{src = inputs.skills-basecamp;}
{src = inputs.skills-kestra;}
];
};
coding.opencode = {
enable = true;
ohMyOpencodeSettings = {
agents = {
sisyphus.model = "litellm/claude-opus-4-6";
oracle.model = "litellm/claude-sonnet-4-6";
librarian.model = "litellm/claude-sonnet-4-6";
explore.model = "litellm/claude-haiku-4-5";
multimodal-looker.model = "litellm/gpt-5.3-codex";
prometheus.model = "litellm/claude-opus-4-6";
metis.model = "litellm/claude-opus-4-6";
momus.model = "litellm/claude-opus-4-6";
atlas.model = "litellm/claude-sonnet-4-6";
};
categories = {
visual-engineering.model = "zai-coding-plan/glm-5.1";
ultrabrain.model = "litellm/claude-opus-4-6";
deep.model = "litellm/claude-sonnet-4-6";
artistry.model = "zai-coding-plan/glm-5.1";
quick.model = "litellm/claude-haiku-4-5";
unspecified-low.model = "litellm/claude-sonnet-4-6";
unspecified-high.model = "litellm/claude-opus-4-6";
writing.model = "zai-coding-plan/glm-5.1";
};
};
};
# Keep TUI settings in programs.opencode.tui to satisfy OpenCode v1.2.15+.
programs.opencode.tui.theme = "opencode";
# Override legacy default settings to avoid deprecated TUI keys in settings.
programs.opencode.settings = lib.mkForce {
plugin = ["oh-my-openagent"];
formatter = {
alejandra = {
command = ["alejandra" "-q" "-"];
extensions = [".nix"];
};
};
# AZ-Gruppe LiteLLM endpoint + available models
provider = {
litellm = {
npm = "@ai-sdk/openai-compatible";
name = "LiteLLM (AZ-Gruppe)";
options.baseURL = "https://llm.az-gruppe.com/v1";
models = {
"gpt-5.2" = {
name = "GPT-5.2";
limit = {
context = 400000;
output = 128000;
};
};
"gpt-5.3-codex" = {
name = "GPT-5.3 Codex";
limit = {
context = 400000;
output = 128000;
};
};
"claude-haiku-4-5" = {
name = "Claude Haiku 4.5";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-sonnet-4-6" = {
name = "Claude Sonnet 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-opus-4-6" = {
name = "Claude Opus 4.6";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 128000;
};
};
};
};
};
};
}
home/features/coding/pi.nix
-31
View File
@@ -1,31 +0,0 @@
{inputs, ...}: {
coding.agents.pi = {
enable = true;
agentsInput = inputs.agents;
modelOverrides = {
chiron = "zai-coding-plan/glm-5.1";
chiron-forge = "zai-coding-plan/glm-5.1";
};
settings = {
packages = [
"npm:@thesethrose/pi-zai-provider"
"npm:pi-mcp-adapter"
"npm:pi-subagents"
"npm:pi-lens"
"npm:pi-web-access"
"npm:pi-prompt-template-model"
"npm:@plannotator/pi-extension"
"npm:pi-powerline-footer"
"npm:pi-markdown-preview"
];
defaultProvider = "zai";
defaultModel = "glm-5.1";
defaultThinkingLevel = "medium";
};
# MCP servers auto-inherited from programs.mcp in default.nix
};
}
home/features/desktop/AGENTS.md
-79
View File
@@ -1,79 +0,0 @@
# DESKTOP FEATURES (home-manager)
**Wayland/Hyprland environment with color-coordinated tooling**
## OVERVIEW
12 modular desktop features with nix-colors (Dracula) integration across all components.
## STRUCTURE
```
desktop/
├── default.nix # Imports + XDG + Kitty config
├── coding.nix # Development tools (VSCode, etc.)
├── crypto.nix # Crypto wallets/tools
├── fonts.nix # Font packages
├── gaming.nix # Gaming tools/Steam
├── hyprland.nix # Hyprland WM configuration
├── media.nix # Media players/editors
├── office.nix # LibreOffice, document tools
├── rofi.nix # Application launcher
├── theme.nix # GTK/Qt theming
├── wayland.nix # Wayland utilities
└── webapps.nix # Browser-based apps
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add desktop app | Relevant feature .nix | Update home.packages |
| Configure Hyprland | hyprland.nix | Window manager settings |
| Fix colors | Check colorScheme references | Uses config.colorScheme.palette.base* |
| Add font | fonts.nix | Increases system closure size |
## CONVENTIONS
### Color Scheme Integration
All color-aware tools reference `config.colorScheme.palette.base00` through `base0F`:
- **base00-07**: Grayscale (dark to light)
- **base08**: Red/errors
- **base09**: Orange
- **base0A**: Yellow/strings
- **base0B**: Green/functions
- **base0C**: Cyan
- **base0D**: Blue/types
- **base0E**: Purple/constants
- **base0F**: Brown
Template:
```nix
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
```
### Session Variables
Set in default.nix for Wayland/Hyprland:
```nix
NIXOS_OZONE_WL = "1";
QT_QPA_PLATFORM = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
```
### XDG Defaults
- **PDF**: okular
- **Text**: nvim
- **Browser**: Zen (io.github.zen_browser.zen)
- **Archive**: file-roller
## ANTI-PATTERNS
- **DON'T** hardcode hex colors - use colorScheme palette
- **DON'T** install fonts globally - keep in user packages
- **DON'T** bypass XDG defaults - set in mimeApps
## NOTES
- Kitty terminal configured in default.nix (not separate file)
- Bibata-Modern-Ice cursor theme hardcoded
- Session path includes cargo, npm-global, bun
- Desktop features are always-enabled (no feature flags in this dir)
home/features/desktop/coding.nix
-23
View File
@@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.coding;
in {
options.features.desktop.coding.enable =
mkEnableOption "install coding related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
bruno
insomnia
];
coding.editors = {
neovim.enable = true;
zed.enable = true;
};
};
}
home/features/desktop/crypto.nix
-15
View File
@@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.crypto;
in {
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq2 monero-gui trezor-suite];
};
}
home/features/desktop/default.nix
-162
View File
@@ -1,162 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [
./coding.nix
./crypto.nix
./fonts.nix
./gaming.nix
./hyprland.nix
./media.nix
./obsidian.nix
./office.nix
./rofi.nix
./theme.nix
./wallpapers.nix
./wayland.nix
./webapps.nix
];
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
"application/md" = ["nvim.desktop"];
"application/text" = ["nvim.desktop"];
"x-scheme-handler/http" = ["io.github.zen_browser.zen"];
"x-scheme-handler/https" = ["io.github.zen_browser.zen"];
};
};
userDirs = {
enable = true;
createDirectories = true;
setSessionVariables = true;
};
};
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
NIXOS_OZONE_WL = "1";
TERMINAL = "ghostty";
QT_QPA_PLATFORM = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
XDG_SESSION_DESKTOP = "Hyprland";
};
home.sessionPath = ["\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" "$HOME/.cache/.bun/bin"];
fonts.fontconfig.enable = true;
programs.ghostty = {
enable = true;
enableFishIntegration = true;
enableBashIntegration = true;
settings = {
font-family = "Fira Code";
copy-on-select = true;
# Base colors from nix-colors
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
selection-foreground = "#${config.colorScheme.palette.base07}";
selection-background = "#${config.colorScheme.palette.base02}";
# Cursor
cursor-color = "#${config.colorScheme.palette.base05}";
# Palette (16 colors)
palette = [
"0=#${config.colorScheme.palette.base01}"
"1=#${config.colorScheme.palette.base08}"
"2=#${config.colorScheme.palette.base0B}"
"3=#${config.colorScheme.palette.base0A}"
"4=#${config.colorScheme.palette.base0D}"
"5=#${config.colorScheme.palette.base0E}"
"6=#${config.colorScheme.palette.base0C}"
"7=#${config.colorScheme.palette.base05}"
"8=#${config.colorScheme.palette.base03}"
"9=#${config.colorScheme.palette.base08}"
"10=#${config.colorScheme.palette.base0B}"
"11=#${config.colorScheme.palette.base0A}"
"12=#${config.colorScheme.palette.base0D}"
"13=#${config.colorScheme.palette.base0E}"
"14=#${config.colorScheme.palette.base0C}"
"15=#${config.colorScheme.palette.base07}"
];
};
};
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 20;
};
home.packages = with pkgs; [
appimage-run
# blueberry
bemoji
brave
# brightnessctl
# clipman
distrobox
eigent
(element-desktop.override {
commandLineArgs = "--password-store=gnome-libsecret";
})
launch-webapp
# eww
# firefox-devedition
file-roller
hyprpanel
seahorse
sushi
# glib
# google-chrome
# gsettings-desktop-schemas
# graphviz
ksnip
msty-studio
nwg-look
# opencode-desktop
# pamixer
# pavucontrol
# libsForQt5.qtstyleplugins
# stable.nyxt
# pcmanfm
rose-pine-hyprcursor
# qt5ct
# qt6.qtwayland
#rustdesk
# socat
# unrar
# unzip
# usbutils
# v4l-utils
remmina
slack
telegram-desktop
vivaldi
vivaldi-ffmpeg-codecs
vibetyper
# wl-clipboard
# wlogout
# wtype
# xdg-utils
# ydotool
# zip
];
}
home/features/desktop/fonts.nix
-24
View File
@@ -1,24 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.fonts;
in {
options.features.desktop.fonts.enable =
mkEnableOption "install additional fonts for desktop apps";
config = mkIf cfg.enable {
home.packages = with pkgs; [
fira-code
fira-code-symbols
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
font-manager
font-awesome_5
noto-fonts
];
};
}
home/features/desktop/gaming.nix
-22
View File
@@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.gaming;
in {
options.features.desktop.gaming.enable =
mkEnableOption "install gaming related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
gamescope
gamemode
goverlay
mangohud
protonplus
];
};
}
home/features/desktop/hyprland.nix
-323
View File
@@ -1,323 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
options.features.desktop.hyprland.enable =
mkEnableOption "Hyprland related stuff";
config = mkIf cfg.enable {
wayland.windowManager.hyprland = {
settings = {
xwayland = {
force_zero_scaling = true;
};
exec-once = [
"hyprpanel"
"while ! hyprpaper-random; do sleep 0.5; done"
"wl-paste --type text --watch cliphist store" # Stores only text data
"wl-paste --type image --watch cliphist store" # Stores only image data "wl-paste -p -t text --watch clipman store -P --histpath=\"~/.local/share/clipman-primary.json\""
"vibetyper"
];
env = [
"XCURSOR_SIZE,32"
"HYPRCURSOR_THEME,Bibata-Modern-Ice"
"WLR_NO_HARDWARE_CURSORS,1"
"GTK_THEME,Dracula"
"XDG_CURRENT_DESKTOP,Hyprland"
"XDG_SESSION_TYPE,wayland"
"XDG_SESSION_DESKTOP,Hyprland"
"XKB_DEFAULT_LAYOUT,de"
"NIXOS_OZONE_WL,1"
];
input = {
kb_layout = "de,us";
kb_variant = "";
kb_model = "";
kb_rules = "";
kb_options = "ctrl:nocaps";
follow_mouse = 1;
};
general = {
gaps_in = 5;
gaps_out = 5;
border_size = 1;
# Keeping the existing active border as requested
"col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg";
"col.inactive_border" = "rgba(${config.colorScheme.palette.base03}aa)";
layout = "dwindle";
};
decoration = {
shadow = {
enabled = true;
range = 60;
render_power = 3;
color = "rgba(${config.colorScheme.palette.base00}66)";
offset = "1 2";
scale = 0.97;
};
rounding = 8;
blur = {
enabled = true;
size = 3;
passes = 3;
};
active_opacity = 0.9;
inactive_opacity = 0.5;
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master = {
new_status = "master";
};
device = [
{
name = "epic-mouse-v1";
sensitivity = -0.5;
}
{
name = "zsa-technology-labs-moonlander-mark-i";
kb_layout = "us";
}
{
name = "keychron-keychron-k7";
kb_layout = "us";
}
];
windowrule = [
# Floating dialogs
"match:class file_progress, float on"
"match:class confirm, float on"
"match:class dialog, float on"
"match:class download, float on"
"match:class notification, float on"
"match:class error, float on"
"match:class splash, float on"
"match:class confirmreset, float on"
"match:title Open File, float on"
"match:title branchdialog, float on"
"match:class pavucontrol-qt, float on"
"match:class pavucontrol, float on"
"match:class class:^(espanso)$, float on"
# wlogout
"match:class wlogout, fullscreen on"
"match:title wlogout, float on"
"match:title wlogout, fullscreen on"
# mpv
"match:class mpv, float on"
"match:class mpv, idle_inhibit focus"
"match:class mpv, opacity 1.0 override"
# Media/Volume/PiP
"match:title ^(Media viewer)$, float on"
"match:title ^(Volume Control)$, float on"
"match:title ^(Picture-in-Picture)$, float on"
# Pomodoro timer
"match:title ^(floating-pomodoro)$, float on"
"match:title ^(floating-pomodoro)$, size 250 50"
"match:title ^(floating-pomodoro)$, move 12 (monitor_h-150)"
"match:title ^(floating-pomodoro)$, pin on"
# Streamlabs overlays
"match:initial_title .*streamlabs.com.*, float on"
"match:initial_title .*streamlabs.com.*, pin on"
"match:initial_title .*streamlabs.com.*, size 800 400"
"match:initial_title .*alert-box.*, move 100%-820 102"
"match:initial_title .*chat-box.*, move 100%-820 512"
"match:initial_title .*streamlabs.com.*, opacity 0.5 override"
"match:initial_title .*streamlabs.com.*, idle_inhibit focus"
"match:initial_title .*streamlabs.com.*, no_anim on"
"match:initial_title .*streamlabs.com.*, decorate off"
"match:initial_title .*streamlabs.com.*, no_shadow on"
"match:initial_title .*streamlabs.com.*, no_blur on"
# Vibetyper recording indicator
"match:class ^vibe-typer$, match:title ^Recording Indicator$, no_blur on"
"border_color rgb(ffffff), match:xwayland 1"
];
"$mainMod" = "SUPER";
"$terminal" = "ghostty";
bind = [
"$mainMod, return, exec, $terminal nu -c zellij-ps"
# "$mainMod, t, exec, warp-terminal"
"$mainMod, t, exec, $terminal -e nu -c 'nitch; exec nu'"
"$mainMod SHIFT, t, exec, launch-timer"
"$mainMod, n, exec, $terminal -e nvim"
"$mainMod, z, exec, uwsm app -- zeditor"
"$mainMod, o, exec, hyprctl dispatch setprop activewindow opaque toggle"
"$mainMod, r, exec, hyprctl dispatch focuswindow \"initialtitle:.*alert-box.*\" && hyprctl dispatch moveactive exact 4300 102 && hyprctl dispatch focuswindow \"initialtitle:.*chat-box.*\" && hyprctl dispatch moveactive exact 4300 512"
"$mainMod, b, exec, uwsm app -- thunar"
"$mainMod SHIFT, B, exec, uwsm app -- vivaldi"
"$mainMod, Escape, exec, uwsm app -- wlogout -p layer-shell"
"$mainMod, Space, togglefloating"
"$mainMod, q, killactive"
"$mainMod, M, exit"
"$mainMod, F, fullscreen"
"$mainMod SHIFT, V, togglefloating"
"$mainMod, D, exec, uwsm app -- rofi -show drun -run-command \"uwsm app -- {cmd}\""
"$mainMod, V, exec, uwsm app -- cliphist list | rofi -dmenu | cliphist decode | wl-copy"
"$mainMod, C, exec, bash -c 'FILE=/tmp/screenshot_$(date +%s).png; grim -g \"$(slurp)\" \"$FILE\" && ksnip \"$FILE\"'"
"$mainMod SHIFT, S, exec, uwsm app -- rofi -show emoji"
"$mainMod, P, exec, uwsm app -- rofi-pass"
"$mainMod SHIFT, P, pseudo"
"$mainMod, R, exec, stt-ptt start"
"$mainMod, S, exec, stt-ptt start"
"$mainMod, J, togglesplit"
"$mainMod, h, movefocus, l"
"$mainMod, l, movefocus, r"
"$mainMod, k, movefocus, u"
"$mainMod, j, movefocus, d"
"$mainMod, 1, workspace, 1"
"$mainMod, 2, workspace, 2"
"$mainMod, 3, workspace, 3"
"$mainMod, 4, workspace, 4"
"$mainMod, 5, workspace, 5"
"$mainMod, 6, workspace, 6"
"$mainMod, 7, workspace, 7"
"$mainMod, 8, workspace, 8"
"$mainMod, 9, workspace, 9"
"$mainMod, 0, workspace, 10"
"$mainMod SHIFT, 1, movetoworkspace, 1"
"$mainMod SHIFT, 2, movetoworkspace, 2"
"$mainMod SHIFT, 3, movetoworkspace, 3"
"$mainMod SHIFT, 4, movetoworkspace, 4"
"$mainMod SHIFT, 5, movetoworkspace, 5"
"$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 0, movetoworkspace, 10"
"$mainMod, mouse_down, workspace, e+1"
"$mainMod, mouse_up, workspace, e-1"
];
bindr = [
"$mainMod, R, exec, stt-ptt stop"
"$mainMod, S, exec, stt-ptt format-stop"
];
bindm = [
"$mainMod, mouse:272, movewindow"
"$mainMod, mouse:273, resizewindow"
];
};
};
services.hypridle = {
enable = true;
settings = {
general = {
before_sleep_cmd = "hyprlock";
after_sleep_cmd = "hyprctl dispatch dpms on";
inhibit_sleep = 3;
};
listener = [
{
timeout = 300; # 5 min
on-timeout = "hyprlock";
}
{
timeout = 420; # 5.5 min
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
];
};
};
services.hyprpaper.enable = true;
programs.hyprlock = {
enable = true;
settings = {
"$font" = "JetBrainsMono Nerd Font";
"$base" = "rgb(${config.colorScheme.palette.base00})";
"$text" = "rgb(${config.colorScheme.palette.base05})";
"$textAlpha" = "${config.colorScheme.palette.base05}";
"$accentAlpha" = "${config.colorScheme.palette.base0D}";
"$red" = "rgb(${config.colorScheme.palette.base08})";
"$yellow" = "rgb(${config.colorScheme.palette.base0A})";
general = {
hide_cursor = true;
};
background = {
monitor = "";
path = "${config.home.homeDirectory}/.config/hypr/wallpapers/wallhaven-lmmo8r.jpg";
blur_passes = 0;
color = "rgb(${config.colorScheme.palette.base00})";
};
label = [
{
monitor = "";
text = "$TIME";
color = "$text";
font_size = 90;
font_family = "$font";
position = "30, 0";
halign = "left";
valign = "top";
}
{
monitor = "";
text = ''cmd[update:43200000] echo "$(date +"%A, %d %B %Y")"'';
color = "$text";
font_size = 25;
font_family = "$font";
position = "30, -150";
halign = "left";
valign = "top";
}
];
input-field = [
{
monitor = "";
size = "300, 60";
outline_thickness = 4;
dots_size = 0.2;
dots_spacing = 0.2;
dots_center = true;
outer_color = "rgb(${config.colorScheme.palette.base0D})";
inner_color = "rgb(${config.colorScheme.palette.base00})";
font_color = "rgb(${config.colorScheme.palette.base05})";
fade_on_empty = false;
placeholder_text = ''<span foreground="##${config.colorScheme.palette.base05}">󰌾 Logged in as <span foreground="##${config.colorScheme.palette.base0D}">$USER</span></span>'';
hide_input = false;
check_color = "rgb(${config.colorScheme.palette.base0D})";
fail_color = "rgb(${config.colorScheme.palette.base08})";
fail_text = ''<i>$FAIL <b>($ATTEMPTS)</b></i>'';
capslock_color = "rgb(${config.colorScheme.palette.base0A})";
position = "0, -35";
halign = "center";
valign = "center";
}
];
};
};
};
}
home/features/desktop/media.nix
-55
View File
@@ -1,55 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.media;
in {
options.features.desktop.media.enable =
mkEnableOption "enable media features";
config = mkIf cfg.enable {
home.packages = with pkgs; [
# handbrake
# kdePackages.kdenlive
# makemkv
# mediainfo
amf
ffmpeg_6-full
gimp
gst_all_1.gstreamer
gst_all_1.gst-vaapi
handbrake
inkscape
kdePackages.kdenlive
libation
#makemkv
pamixer
pavucontrol
qpwgraph
v4l-utils
plexamp
# uxplay
# vlc
webcord
# yt-dlp
unimatrix
];
programs = {
mpv = {
enable = true;
bindings = {
WHEEL_UP = "seek 10";
WHEEL_DOWN = "seek -10";
};
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo+bestaudio";
};
};
};
};
}
home/features/desktop/obsidian.nix
-25
View File
@@ -1,25 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.obsidian;
in {
options.features.desktop.obsidian.enable =
mkEnableOption "enable Obsidian knowledge base";
config = mkIf cfg.enable {
programs.obsidian.enable = true;
xdg.mimeApps = {
enable = true;
associations.added = {
"text/markdown" = ["obsidian.desktop"];
};
defaultApplications = {
"text/markdown" = ["obsidian.desktop"];
};
};
};
}
home/features/desktop/office.nix
-18
View File
@@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.office;
in {
options.features.desktop.office.enable =
mkEnableOption "install office and paperwork stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
libreoffice-fresh
];
};
}
home/features/desktop/rofi.nix
-206
View File
@@ -1,206 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.features.desktop.rofi;
in {
options.features.desktop.rofi.enable = mkEnableOption "enable rofi";
config = mkIf cfg.enable {
programs.rofi = with pkgs; {
enable = true;
package = rofi.override {
plugins = [
rofi-calc
rofi-emoji
stable.rofi-file-browser
];
};
pass = {
enable = true;
package = rofi-pass-wayland;
};
terminal = "${pkgs.ghostty}/bin/ghostty";
font = "Fira Code";
extraConfig = {
show-icons = true;
disable-history = false;
modi = "drun,calc,emoji,filebrowser";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
theme = let
inherit (config.colorScheme) palette;
in
builtins.toString (pkgs.writeText "rofi-universal-theme.rasi" ''
* {
/* Universal theme colors from nix-colors */
background: #${palette.base00};
surface: #${palette.base01};
overlay: #${palette.base02};
muted: #${palette.base03};
subtle: #${palette.base04};
text: #${palette.base05};
bright-text: #${palette.base06};
highlight: #${palette.base07};
accent1: #${palette.base08};
accent2: #${palette.base09};
accent3: #${palette.base0A};
accent4: #${palette.base0B};
accent5: #${palette.base0C};
accent6: #${palette.base0D};
accent7: #${palette.base0E};
accent8: #${palette.base0F};
/* Global properties */
background-color: @background;
text-color: @text;
font: "Fira Code 12";
border: 0;
margin: 0;
padding: 0;
spacing: 0;
}
window {
background-color: @background;
border: 1px;
border-color: @accent7;
border-radius: 6px;
width: 40%;
padding: 16px;
}
inputbar {
children: [ prompt, entry ];
spacing: 12px;
padding: 8px;
border-radius: 4px;
background-color: @surface;
}
prompt {
text-color: @accent7;
background-color: transparent;
}
entry {
placeholder: "Search...";
placeholder-color: @subtle;
text-color: @text;
background-color: transparent;
cursor-color: @accent7;
}
message {
background-color: @surface;
border-radius: 4px;
padding: 8px;
margin: 8px 0;
}
textbox {
text-color: @text;
background-color: transparent;
}
listview {
background-color: transparent;
margin: 8px 0 0;
lines: 10;
columns: 1;
fixed-height: true;
scrollbar: false;
}
element {
background-color: transparent;
text-color: @text;
padding: 8px;
border-radius: 4px;
spacing: 8px;
}
element normal.normal {
background-color: transparent;
text-color: @text;
}
element selected.normal {
background-color: @accent7;
text-color: @background;
}
element alternate.normal {
background-color: transparent;
text-color: @text;
}
element-icon {
background-color: transparent;
size: 24px;
}
element-text {
background-color: transparent;
text-color: inherit;
vertical-align: 0.5;
}
mode-switcher {
spacing: 0;
background-color: @surface;
border-radius: 4px;
margin: 8px 0 0;
}
button {
padding: 8px 16px;
background-color: transparent;
text-color: @text;
border-radius: 4px;
}
button selected {
background-color: @accent7;
text-color: @background;
}
/* Scrollbar */
scrollbar {
width: 4px;
border: 0;
handle-color: @accent7;
handle-width: 4px;
padding: 0;
}
'');
};
cli.rofi-project-opener = {
enable = true;
projectDirs = {
AI = {
path = "~/p/AI";
args = "";
};
CHAT = {
path = "~/p/CHAT";
args = "--agent chiron";
};
MISC = {
path = "~/p/MISC";
args = "--agent chiron-forge";
};
NIX = {
path = "~/p/NIX";
args = "";
};
};
terminal = pkgs.ghostty;
terminalCommand = "opencode %a";
};
};
}
home/features/desktop/theme.nix
-22
View File
@@ -1,22 +0,0 @@
{
config,
pkgs,
...
}: {
qt = {
enable = true;
platformTheme.name = "gtk";
};
gtk = {
enable = true;
theme = {
name = "Dracula";
package = pkgs.dracula-theme;
};
iconTheme = {
name = "Dracula";
package = pkgs.dracula-icon-theme;
};
gtk4.theme = config.gtk.theme;
};
}
home/features/desktop/wallpapers.nix
-18
View File
@@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.wallpapers;
in {
options.features.desktop.wallpapers = mkEnableOption "Wallpapers for Hyprland";
config = mkIf cfg {
xdg.configFile."hypr/wallpapers" = {
source = ../../m3tam3re/wallpapers;
recursive = true;
};
};
}
home/features/desktop/wayland.nix
-29
View File
@@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.wayland;
in {
options.features.desktop.wayland.enable = mkEnableOption "wayland extra tools and config";
config = mkIf cfg.enable {
home.packages = with pkgs; [
grim
hyprcursor
hyprlock
hyprpaper
qt6.qtwayland
slurp
waypipe
wl-clipboard
wf-recorder
wl-mirror
wlogout
wtype
ydotool
];
};
}
home/features/desktop/webapps.nix
-55
View File
@@ -1,55 +0,0 @@
{
pkgs,
lib,
...
}: let
icons = {
teams = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/microsoft-teams.svg";
sha256 = "sha256-Pr9QS8nnXJq97r4/G3c6JXi34zxHl0ps9gcyI8cN/s8=";
};
outlook = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/microsoft-outlook.svg";
sha256 = "sha256-3u8t5QNHFZvrAegxBiGicO4PjtMWhEaQSCv7MSSfLLc=";
};
opencode = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/opencode-dark.svg";
sha256 = "1lms4f8habamvdh2qqqz9psx4py9wx23mmlkkds44pvrbq3bkj3n";
};
};
in {
xdg.desktopEntries = {
teams = {
name = "Microsoft Teams";
exec = "launch-webapp https://teams.microsoft.com";
comment = "Open Microsoft Teams as a Desktop App";
categories = ["Application" "Network" "Chat"];
terminal = false;
icon = icons.teams;
};
outlook = {
name = "Microsoft Outlook";
exec = "launch-webapp https://outlook.office.com/mail/";
comment = "Open Microsoft Outlook as a Desktop App";
categories = ["Application" "Network"];
terminal = false;
icon = icons.outlook;
};
basecamp = {
name = "Basecamp";
exec = "launch-webapp https://3.basecamp.com/5996442/";
comment = "Open Basecamp as a Desktop App";
categories = ["Application" "Network"];
terminal = false;
icon = "/home/sascha.koenig/.local/share/icons/basecamp-logo.png";
};
opencode = {
name = "Opencode";
exec = "rofi-project-opener";
comment = "Open Opencode Terminal App";
categories = ["Application" "Development"];
terminal = false;
icon = icons.opencode;
};
};
}
home/m3tam3re/home-server.nix
-121
View File
@@ -1,121 +0,0 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "26.05"; # Updated to adopt HM 26.05 defaults.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
programs.git = {
enable = true;
signing.format = null;
settings = {
user = {
name = "m3tm3re";
email = "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
# programs.zellij-ps = {
# enable = true;
# projectFolders = [
# "${config.home.homeDirectory}/p/c"
# "${config.home.homeDirectory}/p"
# "${config.home.homeDirectory}/.config"
# ];
# layout = ''
# layout {
# pane size=1 borderless=true {
# plugin location="zellij:tab-bar"
# }
# pane size="70%" command="nvim"
# pane split_direction="vertical" {
# pane
# pane command="unimatrix"
# }
# pane size=1 borderless=true {
# plugin location="zellij:status-bar"
# }
# }
# '';
# };
}
home/m3tam3re/home.nix
-262
View File
@@ -1,262 +0,0 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "26.05"; # Updated to adopt HM 26.05 defaults.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
libgtop
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
services.cliphist = {
enable = true;
allowImages = true;
};
programs.git = {
enable = true;
signing.format = null;
settings = {
user = {
name = "m3tm3re";
email = "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
programs.difftastic.enable = true;
programs.jujutsu = {
enable = true;
settings = {
user = {
email = "m@m3tam3re.com";
name = "Sascha Koenig";
};
};
};
programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"AZ-CLD-1" = {
hostname = "152.53.186.119";
user = "sascha.koenig";
port = 2022;
identityFile = "~/.ssh/sascha.koenig";
};
"AZ-PRM-1" = {
hostname = "192.168.152.76";
user = "sascha.koenig";
port = 2022;
identityFile = "~/.ssh/sascha.koenig";
};
"github.com" = {
hostname = "github.com";
user = "m3tam3re";
port = 22;
identityFile = "~/.ssh/github";
};
"nikhil" = {
hostname = "91.99.176.80";
user = "nikhilmaddirala";
identityFile = "~/.ssh/m3tam3re";
};
"code.m3ta.dev" = {
hostname = "code.m3ta.dev";
user = "m3tam3re";
identityFile = "~/.ssh/gitea";
};
"git.az-gruppe.com" = {
hostname = "git.az-gruppe.com";
port = 2022;
user = "sascha.koenig";
identityFile = "~/.ssh/sascha.koenig";
};
"lkk-nix-1" = {
hostname = "89.58.10.189";
user = "lkk-admin";
identityFile = "~/.ssh/lkk-admin";
};
"m3-r1" = {
hostname = "202.61.226.110";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-test" = {
hostname = "192.168.122.215";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-1" = {
hostname = "192.168.0.24";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-2" = {
hostname = "192.168.0.20";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"m3-deck" = {
hostname = "192.168.178.193";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-kratos-vm" = {
hostname = "192.168.122.43";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-helios" = {
hostname = "192.168.178.210";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-ares" = {
hostname = "192.168.1.30";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-atlas" = {
hostname = "152.53.85.162";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-hermes" = {
hostname = "204.168.229.93";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-zelda" = {
hostname = "95.217.189.186";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-skynet" = {
hostname = "m3-skynet";
user = "admin";
identityFile = "~/.ssh/m3tam3re";
};
"m3-prox-1" = {
hostname = "192.168.1.110";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"shp-old" = {
hostname = "95.217.3.250";
port = 2222;
user = "m3tam3re";
identityFile = "~/.ssh/self-host-playbook";
};
"shp-1" = {
hostname = "95.217.189.186";
port = 2222;
user = "m3tam3re";
identityFile = "~/.ssh/self-host-playbook";
};
};
};
# programs.zellij-ps = {
# enable = true;
# projectFolders = [
# "${config.home.homeDirectory}/p/c"
# "${config.home.homeDirectory}/p"
# "${config.home.homeDirectory}/.config"
# ];
# layout = ''
# layout {
# pane size=1 borderless=true {
# plugin location="zellij:tab-bar"
# }
# pane size="70%" command="nvim"
# pane split_direction="vertical" {
# pane
# pane command="unimatrix"
# }
# pane size=1 borderless=true {
# plugin location="zellij:status-bar"
# }
# }
# '';
# };
}
home/m3tam3re/m3-aether.nix
-17
View File
@@ -1,17 +0,0 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}
home/m3tam3re/m3-ares.nix
-98
View File
@@ -1,98 +0,0 @@
{
config,
lib,
...
}:
with lib; {
imports = [
../common
./home.nix
../features/cli
../features/coding
../features/desktop
];
config = mkMerge [
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
fish.enable = true;
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
television.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
obsidian.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
wallpapers = true;
};
};
}
(mkIf config.features.desktop.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
exec-once = ["tuxedo-backlight"];
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,1920x1080@120,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1,"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, fullscreen on"
"match:class ^steam_app_\\d+$, workspace 5"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/m3-atlas.nix
-19
View File
@@ -1,19 +0,0 @@
{
imports = [
../common
../features/cli
../features/coding/opencode.nix
./home-server.nix
];
coding.editors.neovim.enable = true;
features = {
cli = {
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
zellij.enable = true;
};
};
}
home/m3tam3re/m3-daedalus.nix
-101
View File
@@ -1,101 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
imports = [
../common
./home.nix
../features/cli
../features/coding
../features/desktop
#./services/librechat.nix
];
options.features.desktop.hyprland.enable =
mkEnableOption "enable Hyprland";
config = mkMerge [
# Base configuration
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
fish.enable = true;
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = false;
gaming.enable = false;
hyprland.enable = false;
media.enable = true;
office.enable = false;
rofi.enable = true;
fonts.enable = true;
wayland.enable = false;
};
};
}
(mkIf cfg.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,preferred,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, fullscreen on"
"match:class ^steam_app_\\d+$, workspace 5"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/m3-helios.nix
-17
View File
@@ -1,17 +0,0 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}
home/m3tam3re/m3-hermes.nix
-17
View File
@@ -1,17 +0,0 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}
home/m3tam3re/m3-kratos.nix
-96
View File
@@ -1,96 +0,0 @@
{
config,
lib,
...
}:
with lib; {
imports = [
../common
./home.nix
../features/cli
../features/coding
../features/desktop
];
config = mkMerge [
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
television.enable = true;
};
desktop = {
crypto.enable = true;
coding.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
obsidian.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
wallpapers = true;
};
};
}
(mkIf config.features.desktop.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"DP-1,2560x1440@144,0x0,1"
"DP-2,2560x1440@144,2560x0,1"
];
workspace = [
"1, monitor:DP-1, default:true"
"2, monitor:DP-1"
"3, monitor:DP-1"
"4, monitor:DP-2"
"5, monitor:DP-2"
"6, monitor:DP-2"
"7, monitor:DP-2"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/wallpapers/wallhaven-28kdom_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.3 MiB

home/m3tam3re/wallpapers/wallhaven-8o8y5o_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.4 MiB

home/m3tam3re/wallpapers/wallhaven-k72v6q_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.7 MiB

home/m3tam3re/wallpapers/wallhaven-l3o7j2_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.5 MiB

home/m3tam3re/wallpapers/wallhaven-lmmo8r.jpg
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.3 MiB

hosts/common/AGENTS.md
-76
View File
@@ -1,76 +0,0 @@
# COMMON HOST CONFIGURATION
**Shared base configuration and abstractions for all hosts**
## OVERVIEW
Common imports, overlays, and custom patterns (extraServices, ports) used across 6 hosts.
## STRUCTURE
```
common/
├── default.nix # Base imports, overlays, nix settings
├── ports.nix # Centralized port registry
├── extraServices/ # Optional service modules
│ ├── default.nix
│ ├── flatpak.nix
│ ├── ollama.nix
│ ├── podman.nix
│ └── virtualisation.nix
└── users/
├── default.nix
└── m3tam3re.nix # Primary user definition
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add port definition | ports.nix | Use config.m3ta.ports.get |
| Enable optional service | Host config extraServices | Boolean flags |
| Modify overlays | default.nix lines 27-36 | 5 overlay sources |
| Add new user | users/ | Shared across all hosts |
## CONVENTIONS
### Port Registry Pattern
```nix
# Define in ports.nix
definitions = {
myservice = 3099;
};
# Access in host config
config.m3ta.ports.get "myservice" # Returns 3099
```
### extraServices Abstraction
Host configs enable via boolean:
```nix
extraServices = {
podman.enable = true; # Container runtime
ollama.enable = true; # LLM inference
flatpak.enable = false; # Flatpak apps
virtualisation.enable = true; # QEMU/KVM
};
```
### Overlay Precedence (bottom overrides top)
1. stable-packages (nixpkgs-stable)
2. locked-packages (nixpkgs-locked)
3. pinned-packages (nixpkgs-45570c2, nixpkgs-9e58ed7)
4. master-packages (nixpkgs-master)
5. m3ta-nixpkgs (local custom overlay)
## ANTI-PATTERNS
- **DON'T** add host-specific logic to common/ - belongs in hosts/<name>/
- **DON'T** bypass port registry - hardcoded ports break consistency
- **DON'T** modify user shell globally - set per-user if needed
## NOTES
- Nix GC runs weekly, keeps 30 days
- Trusted users: root, m3tam3re
- Default shell: Nushell (set line 77)
- Home-manager integrated at common level, not per-host
- TODO on line 69: ports should only return actually used ports
hosts/common/default.nix
-88
View File
@@ -1,88 +0,0 @@
# Common configuration for all hosts
{
config,
pkgs,
lib,
inputs,
outputs,
system,
...
}: {
imports = [
./extraServices
./ports.nix
./users
inputs.home-manager.nixosModules.home-manager
];
environment.pathsToLink = ["/share/xdg-desktop-portal" "/share/applications"];
home-manager = {
useUserPackages = true;
extraSpecialArgs = {
inherit inputs outputs system;
videoDrivers = config.services.xserver.videoDrivers or [];
};
};
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
#outputs.overlays.additions
#outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.locked-packages
outputs.overlays.pinned-packages
outputs.overlays.master-packages
inputs.m3ta-nixpkgs.overlays.default
inputs.m3ta-nixpkgs.overlays.modifications
(outputs.lib.mkLlmAgentsOverlay system)
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
nix = {
settings = {
experimental-features = "nix-command flakes";
cores = 2;
max-jobs = 8;
trusted-users = [
"root"
"m3tam3re"
]; # Set users that are allowed to use the flake command
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
optimise.automatic = true;
registry =
(lib.mapAttrs (_: flake: {inherit flake;}))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = ["/etc/nix/path"];
};
users.defaultUserShell = pkgs.nushell;
# Compatibility shim: the hermes-agent nixos module references the legacy
# agenix activation script name "setupSecrets" (renamed to "agenixInstall"
# in current agenix). This empty passthrough satisfies the dependency so
# any host importing hermes-agent.nixosModules.default can build.
# Remove once upstream fixes: github:NousResearch/hermes-agent nix/nixosModules.nix:564
system.activationScripts.setupSecrets = lib.stringAfter [ "agenixInstall" ] "";
}
hosts/common/extraServices/default.nix
-8
View File
@@ -1,8 +0,0 @@
{
imports = [
./flatpak.nix
./podman.nix
./ollama.nix
./virtualisation.nix
];
}
hosts/common/extraServices/flatpak.nix
-23
View File
@@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.flatpak;
in {
options.extraServices.flatpak.enable = mkEnableOption "enable flatpak";
config = mkIf cfg.enable {
services.flatpak.enable = true;
xdg.portal = {
# xdg desktop intergration (required for flatpak)
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
};
}
hosts/common/extraServices/ollama.nix
-33
View File
@@ -1,33 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.ollama;
in {
options.extraServices.ollama.enable = mkEnableOption "enable ollama";
config = mkIf cfg.enable {
services.ollama = {
enable = true;
package =
if config.services.xserver.videoDrivers == ["amdgpu"]
then pkgs.ollama-rocm
else if config.services.xserver.videoDrivers == ["nvidia"]
then pkgs.ollama-cuda
else pkgs.ollama-cpu;
host = "[::]";
openFirewall = true;
environmentVariables = {
OLLAMA_ORIGINS = "https://msty.studio";
OLLAMA_HOST = "0.0.0.0";
};
};
nixpkgs.config = {
rocmSupport = config.services.xserver.videoDrivers == ["amdgpu"];
cudaSupport = config.services.xserver.videoDrivers == ["nvidia"];
};
};
}
hosts/common/extraServices/podman.nix
-33
View File
@@ -1,33 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.podman;
in {
options.extraServices.podman.enable = mkEnableOption "enable podman";
config = mkIf cfg.enable {
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [
"--filter=until=24h"
"--filter=label!=important"
];
};
defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
podman-compose
];
};
}
hosts/common/extraServices/virtualisation.nix
-29
View File
@@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.virtualisation;
in {
options.extraServices.virtualisation.enable = mkEnableOption "enable virtualisation";
config = mkIf cfg.enable {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
};
};
};
programs.virt-manager.enable = true;
systemd.services.virt-secret-init-encryption.enable = false;
environment = {
systemPackages = [pkgs.qemu];
};
};
}
hosts/common/ports.nix
-75
View File
@@ -1,75 +0,0 @@
{config, ...}: {
m3ta.ports = {
enable = true;
definitions = {
# System services
ssh = 22;
# Web & proxy services
traefik = 80;
traefik-ssl = 443;
# Databases
postgres = 5432;
mysql = 3306;
redis = 6379;
# VPN & networking
wireguard = 51820;
tailscale = 41641;
headscale = 3009;
netbird-stun = 3478;
netbird-proxy = 8443;
netbird-metrics = 9090;
netbird-health = 9000;
# Containers & web apps
gitea = 3030;
baserow = 3001;
ghost = 3002;
wastebin = 3003;
littlelink = 3004;
searx = 3005;
restreamer = 3006;
paperless = 3012;
vaultwarden = 3013;
slash = 3010;
slash-nemoti = 3016;
kestra = 3018;
outline = 3019;
authentik = 3023;
conduit = 3024;
# Home automation
homarr = 7575;
# DNS
adguardhome = 53;
};
hostOverrides = {
# Host-specific overrides
m3-ares = {
# Any custom port overrides for m3-ares
};
m3-atlas = {
# Any custom port overrides for m3-atlas
};
m3-helios = {
# Any custom port overrides for m3-helios
};
m3-kratos = {
# Any custom port overrides for m3-kratos
};
};
};
environment.etc."info/all-ports.json" = {
text = builtins.toJSON {
hostname = config.networking.hostName;
ports = config.m3ta.ports.all; # TODO should only return actually used ports
};
};
}
hosts/common/users/default.nix
-3
View File
@@ -1,3 +0,0 @@
{
imports = [./m3tam3re.nix];
}
hosts/common/users/m3tam3re.nix
-33
View File
@@ -1,33 +0,0 @@
{
config,
pkgs,
inputs,
...
}: {
users.users.m3tam3re = {
#initialHashedPassword = "$y$j9T$IoChbWGYRh.rKfmm0G86X0$bYgsWqDRkvX.EBzJTX.Z0RsTlwspADpvEF3QErNyCMC";
password = "12345";
isNormalUser = true;
description = "m3tam3re";
extraGroups = [
"wheel"
"networkmanager"
"libvirtd"
"flatpak"
"audio"
"video"
"plugdev"
"input"
"kvm"
"qemu-libvirtd"
"adbusers"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZcjCKl0DRuOUOMXbM0GKY5JjvmyFpVZ/tRlTKWu/zp razr"
];
packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default];
};
home-manager.users.m3tam3re =
import ../../../home/m3tam3re/${config.networking.hostName}.nix;
}
hosts/m3-aether/configuration.nix
-111
View File
@@ -1,111 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-helios"; # Define your hostname.
networking.hostId = "3ebf1cd3";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.fstrim = {
enable = true; # For SSD/thin-provisioned storage
interval = "weekly";
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-aether/default.nix
-50
View File
@@ -1,50 +0,0 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}
hosts/m3-aether/disko-config.nix
-39
View File
@@ -1,39 +0,0 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}
hosts/m3-aether/hardware-configuration.nix
-24
View File
@@ -1,24 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
hosts/m3-aether/programs.nix
-14
View File
@@ -1,14 +0,0 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-aether/secrets.nix
-15
View File
@@ -1,15 +0,0 @@
{
age = {
secrets = {
traefik = {
file = ../../secrets/traefik.age;
mode = "770";
owner = "traefik";
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-aether/services/cloud-init.nix
-7
View File
@@ -1,7 +0,0 @@
{
services.cloud-init = {
enable = true;
ext4.enable = true;
network.enable = true;
};
}
hosts/m3-aether/services/default.nix
-5
View File
@@ -1,5 +0,0 @@
{
imports = [
./cloud-init.nix
];
}
hosts/m3-ares/configuration.nix
-133
View File
@@ -1,133 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
specialisation = {
"NVIDIA".configuration = {
system.nixos.tags = ["NVIDIA"];
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia-container-toolkit.enable = true;
};
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.initrd.services.lvm.enable = false;
# boot.kernelModules = [];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_msrs=1
'';
boot.blacklistedKernelModules = ["nova_core"];
# CRITICAL FIX #4: Kernel parameters to prevent nouveau from loading early
networking.hostName = "m3-ares"; # Define your hostname.
# warp-terminal update fix
# networking.extraHosts = ''
# 127.0.0.1 releases.warp.dev
# 127.0.0.1 app.warp.dev
# '';
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# displayManager.gdm.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
};
services.fstrim.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-ares/default.nix
-51
View File
@@ -1,51 +0,0 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./hardware.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = true;
};
}
hosts/m3-ares/hardware-configuration.nix
-73
View File
@@ -1,73 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "ahci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.supportedFilesystems = ["nfs"];
fileSystems."/" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4811-EA6E";
fsType = "vfat";
};
fileSystems."/opt" = {
device = "/dev/disk/by-uuid/3574df3a-2a90-4b54-9c21-128f1d01ff8f";
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
};
fileSystems."/mnt/skynet-bkg" = {
device = "192.168.1.100:/volume3/bkg";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
fileSystems."/mnt/skynet" = {
device = "192.168.1.100:/volume3/m3-skynet";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp46s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}
hosts/m3-ares/hardware.nix
-58
View File
@@ -1,58 +0,0 @@
{
config,
pkgs,
inputs,
...
}: {
# Workaround for tuxedo-drivers module bug in unstable (nixpkgs#480391)
# The unstable module has a type error - use stable module until fix propagates
# disabledModules = [ "hardware/tuxedo-drivers.nix" ];
# imports =
# [ "${inputs.nixpkgs-stable}/nixos/modules/hardware/tuxedo-drivers.nix" ];
hardware.nvidia = {
prime = {
offload.enable = false;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
modesetting.enable = true;
powerManagement.finegrained = false;
powerManagement.enable = true;
open = false;
dynamicBoost.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.production;
};
hardware.tuxedo-drivers.enable = true;
hardware.bluetooth.enable = true;
hardware.keyboard.zsa.enable = true;
hardware.graphics.enable = true;
services.hardware.bolt.enable = true;
services.auto-cpufreq.enable = true;
services.tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 75;
STOP_CHARGE_THRESH_BAT0 = 80;
};
};
environment.systemPackages = with pkgs; [tuxedo-backlight];
security.sudo.extraRules = [
{
users = ["@wheel"];
commands = [
{
command = "/run/current-system/sw/bin/set-backlight";
options = ["NOPASSWD"];
}
];
}
];
}
hosts/m3-ares/programs.nix
-45
View File
@@ -1,45 +0,0 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession = {
enable = true;
args = [
"-W 1920"
"-H 1080"
];
};
};
programs.gamescope = {
enable = true;
capSysNice = true;
};
programs.fish.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs; [thunar-archive-plugin thunar-volman];
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
settings = {default-cache-ttl = 10800;};
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-ares/secrets.nix
-59
View File
@@ -1,59 +0,0 @@
{
age = {
secrets = {
anytype-key = {
file = ../../secrets/anytype-key-ares.age;
owner = "m3tam3re";
};
wg-DE = {
file = ../../secrets/wg-DE.age;
path = "/etc/wireguard/DE.conf";
};
wg-NL = {
file = ../../secrets/wg-NL.age;
path = "/etc/wireguard/NL.conf";
};
wg-NO = {
file = ../../secrets/wg-NO.age;
path = "/etc/wireguard/NO.conf";
};
wg-US = {
file = ../../secrets/wg-US.age;
path = "/etc/wireguard/US.conf";
};
wg-BR = {
file = ../../secrets/wg-BR.age;
path = "/etc/wireguard/BR.conf";
};
ref-key = {
file = ../../secrets/ref-key.age;
owner = "m3tam3re";
};
exa-key = {
file = ../../secrets/exa-key.age;
owner = "m3tam3re";
};
outline-key = {
file = ../../secrets/outline-key.age;
owner = "m3tam3re";
};
basecamp-client-id = {
file = ../../secrets/basecamp-client-id.age;
owner = "m3tam3re";
};
basecamp-client-secret = {
file = ../../secrets/basecamp-client-secret.age;
owner = "m3tam3re";
};
tailscale-key.file = ../../secrets/tailscale-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
hermes-env = {
file = ../../secrets/hermes-env.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-ares/services/containers/default.nix
-4
View File
@@ -1,4 +0,0 @@
{
imports = [
];
}
hosts/m3-ares/services/default.nix
-53
View File
@@ -1,53 +0,0 @@
{pkgs, ...}: {
imports = [
./containers
./hermes-agent.nix
./netbird.nix
#./n8n.nix
./mem0.nix
./postgres.nix
./restic.nix
./sound.nix
./udev.nix
./wireguard.nix
];
# console.useXkbConfig = true;
# services.xserver.xkb = {
# layout = "de,us";
# options = "ctrl:nocaps";
# };
# optional, falls du auch die TTY-Konsole deutsch willst:
services = {
hypridle.enable = true;
espanso = {
enable = true;
package = pkgs.espanso-wayland;
};
printing.enable = true;
gvfs.enable = true;
trezord.enable = true;
gnome.gnome-keyring.enable = true;
qdrant.enable = true;
# qdrant = {
# enable = true;
# settings = {
# service = {
# host = "0.0.0.0";
# };
# };
# };
upower.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
addresses = true;
workstation = true;
userServices = true;
};
};
displayManager.gdm.enable = true;
};
}
hosts/m3-ares/services/hermes-agent.nix
-184
View File
@@ -1,184 +0,0 @@
{config, ...}: let
# Default ElevenLabs voice: Bella (German-capable female)
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
in {
services.hermes-agent = {
enable = true;
addToSystemPackages = true;
# Secrets via agenix
environmentFiles = [config.age.secrets."hermes-env".path];
# Non-secret environment variables
environment = {
GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
};
settings = {
# ── Model ──────────────────────────────────────────────────────────
model = {
default = "glm-5.1";
provider = "zai";
};
credential_pool_strategies = {
zai = "fill_first";
};
toolsets = ["all"];
# ── Agent ──────────────────────────────────────────────────────────
agent = {
max_turns = 90;
gateway_timeout = 1800;
tool_use_enforcement = "auto";
};
# ── Terminal ───────────────────────────────────────────────────────
terminal = {
backend = "ssh";
modal_mode = "auto";
cwd = ".";
timeout = 180;
persistent_shell = true;
};
# ── Browser ────────────────────────────────────────────────────────
browser = {
inactivity_timeout = 120;
command_timeout = 30;
cloud_provider = "local";
};
# ── Checkpoints / Compression ──────────────────────────────────────
checkpoints = {
enabled = true;
max_snapshots = 50;
};
file_read_max_chars = 100000;
compression = {
enabled = true;
threshold = 0.5;
target_ratio = 0.2;
protect_last_n = 20;
};
# ── Display ────────────────────────────────────────────────────────
display = {
compact = false;
personality = "kawaii";
resume_display = "full";
busy_input_mode = "interrupt";
inline_diffs = true;
skin = "default";
tool_progress = "all";
};
# ── TTS / STT / Voice ──────────────────────────────────────────────
tts = {
provider = "elevenlabs";
elevenlabs = {
voice_id = elevenlabsVoiceId;
model_id = "eleven_multilingual_v2";
};
};
stt = {
enabled = true;
provider = "local";
local = {model = "base";};
};
voice = {
record_key = "ctrl+b";
max_recording_seconds = 120;
silence_threshold = 200;
silence_duration = 3.0;
};
# ── Memory ─────────────────────────────────────────────────────────
memory = {
memory_enabled = true;
user_profile_enabled = true;
memory_char_limit = 2200;
user_char_limit = 1375;
};
# ── Delegation ─────────────────────────────────────────────────────
delegation = {
max_iterations = 50;
};
# ── Discord ────────────────────────────────────────────────────────
discord = {
require_mention = true;
auto_thread = true;
reactions = true;
};
# ── Approvals / Security ───────────────────────────────────────────
approvals = {
mode = "manual";
timeout = 60;
};
security = {
redact_secrets = true;
tirith_enabled = true;
tirith_fail_open = true;
};
# ── Cron / Session ─────────────────────────────────────────────────
cron = {wrap_response = true;};
session_reset = {
mode = "both";
idle_minutes = 1440;
at_hour = 4;
};
# ── Web ────────────────────────────────────────────────────────────
web = {backend = "exa";};
# ── Platform Toolsets ──────────────────────────────────────────────
platform_toolsets = {
cli = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
telegram = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
};
};
};
}
hosts/m3-ares/services/mem0.nix
-23
View File
@@ -1,23 +0,0 @@
{
m3ta.mem0 = {
enable = true;
port = 8000;
host = "127.0.0.1";
# LLM Configuration
llm = {
provider = "openai";
apiKeyFile = "/var/lib/mem0/openai-api-key-1"; # Use agenix or sops-nix
};
# Vector Storage Configuration
vectorStore = {
provider = "qdrant"; # or "chroma", "pinecone", etc.
config = {
host = "localhost";
port = 6333;
collection_name = "mem0_alice";
};
};
};
}
hosts/m3-ares/services/n8n.nix
-11
View File
@@ -1,11 +0,0 @@
{
services.n8n = {
enable = true;
openFirewall = true;
};
systemd.services.n8n = {
environment = {
N8N_SECURE_COOKIE = "false";
};
};
}
hosts/m3-ares/services/netbird.nix
-29
View File
@@ -1,29 +0,0 @@
{pkgs, ...}: {
services.netbird.enable = true;
environment.systemPackages = with pkgs; [netbird-ui];
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}
hosts/m3-ares/services/postgres.nix
-25
View File
@@ -1,25 +0,0 @@
{
pkgs,
...
}: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
extensions = with pkgs.postgresql17Packages; [
pgvector
];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.88.0.0/16 trust
host all all 19.89.0.0/16 trust
'';
initialScript = pkgs.writeText "initialScript.sql" ''
CREATE USER n8n WITH PASSWORD 'n8n';
CREATE DATABASE n8n;
GRANT ALL PRIVILEGES ON DATABASE n8n TO n8n;
'';
};
}
hosts/m3-ares/services/restic.nix
-25
View File
@@ -1,25 +0,0 @@
{
services.restic.backups = {
skynet = {
repository = "/mnt/skynet-bkg/m3-nix";
passwordFile = "/etc/nixos/restic-pass";
initialize = true;
paths = ["/home/m3tam3re"];
exclude = [
"/home/m3tam3re/.cache"
"/home/m3tam3re/Bilder/"
"/home/m3tam3re/Videos/"
"/home/m3tam3re/Downloads"
"/home/m3tam3re/Library"
"/home/m3tam3re/Projekte"
"/home/m3tam3re/Sync"
"/home/m3tam3re/.local/share/Trash"
];
timerConfig = {
OnCalendar = "09:30";
RandomizedDelaySec = "2h";
Persistent = true;
};
};
};
}
hosts/m3-ares/services/sound.nix
-11
View File
@@ -1,11 +0,0 @@
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = false;
wireplumber.enable = true;
};
}
hosts/m3-ares/services/udev.nix
-10
View File
@@ -1,10 +0,0 @@
{pkgs, ...}: {
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE="0666"
SUBSYSTEM=="leds", KERNEL=="rgb:kbd_backlight*", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/leds/%k/multi_intensity"
KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
KERNEL=="event*", SUBSYSTEM=="input", MODE="0660", GROUP="input" '';
environment.systemPackages = with pkgs; [
zsa-udev-rules
];
}
hosts/m3-ares/services/wireguard.nix
-25
View File
@@ -1,25 +0,0 @@
{config, ...}: {
networking.wg-quick.interfaces = {
DE = {
configFile = config.age.secrets.wg-DE.path;
autostart = false;
};
NL = {
configFile = config.age.secrets.wg-NL.path;
autostart = false;
};
NO = {
configFile = config.age.secrets.wg-NO.path;
autostart = false;
};
US = {
configFile = config.age.secrets.wg-US.path;
autostart = false;
};
BR = {
configFile = config.age.secrets.wg-BR.path;
autostart = false;
};
};
services.resolved.enable = true;
}
hosts/m3-atlas/configuration.nix
-116
View File
@@ -1,116 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-atlas"; # CHANGE ME.
networking.hostId = "15b60253"; # CHANGE ME
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
neovim
git
ghostty.terminfo
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
};
# [[Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-atlas/default.nix
-50
View File
@@ -1,50 +0,0 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = false;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}
hosts/m3-atlas/disko-config.nix
-39
View File
@@ -1,39 +0,0 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/vda"; # CHANGE ME
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}
hosts/m3-atlas/hardware-configuration.nix
-31
View File
@@ -1,31 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
fileSystems."/var/storage" = {
device = "46.38.248.210:/voln723044a1";
fsType = "nfs";
};
}
hosts/m3-atlas/programs.nix
-14
View File
@@ -1,14 +0,0 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-atlas/secrets.nix
-71
View File
@@ -1,71 +0,0 @@
{
age = {
secrets = {
baserow-env = {file = ../../secrets/baserow-env.age;};
ghost-env = {file = ../../secrets/ghost-env.age;};
kestra-config = {
file = ../../secrets/kestra-config.age;
mode = "644";
};
kestra-env = {file = ../../secrets/kestra-env.age;};
littlelink-m3tam3re = {file = ../../secrets/littlelink-m3tam3re.age;};
minio-root-cred = {file = ../../secrets/minio-root-cred.age;};
n8n-env = {file = ../../secrets/n8n-env.age;};
netbird-auth-secret = {
file = ../../secrets/netbird-auth-secret.age;
};
netbird-db-password = {
file = ../../secrets/netbird-db-password.age;
};
netbird-encryption-key = {
file = ../../secrets/netbird-encryption-key.age;
};
netbird-dashboard-env = {
file = ../../secrets/netbird-dashboard-env.age;
};
netbird-server-env = {
file = ../../secrets/netbird-server-env.age;
};
netbird-proxy-env = {
file = ../../secrets/netbird-proxy-env.age;
};
paperless-key = {file = ../../secrets/paperless-key.age;};
restreamer-env = {file = ../../secrets/restreamer-env.age;};
searx = {file = ../../secrets/searx.age;};
tailscale-key = {file = ../../secrets/tailscale-key.age;};
traefik = {
file = ../../secrets/traefik.age;
owner = "traefik";
};
vaultwarden-env = {file = ../../secrets/vaultwarden-env.age;};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
gitea-runner-token = {
file = ../../secrets/gitea-runner-token.age;
mode = "600";
owner = "gitea-runner";
group = "gitea-runner";
};
ref-key = {
file = ../../secrets/ref-key.age;
owner = "m3tam3re";
};
exa-key = {
file = ../../secrets/exa-key.age;
owner = "m3tam3re";
};
basecamp-client-id = {
file = ../../secrets/basecamp-client-id.age;
owner = "m3tam3re";
};
basecamp-client-secret = {
file = ../../secrets/basecamp-client-secret.age;
owner = "m3tam3re";
};
authentik-env = {file = ../../secrets/authentik-env.age;};
conduit-env = {file = ../../secrets/conduit-env.age;};
};
};
}
hosts/m3-atlas/services/conduit.nix
-48
View File
@@ -1,48 +0,0 @@
{config, ...}: {
services.matrix-conduit = {
enable = true;
settings.global = {
server_name = "m3ta.dev";
address = "127.0.0.1";
port = config.m3ta.ports.get "conduit";
max_request_size = 20000000;
allow_registration = false;
allow_encryption = true;
allow_federation = true;
trusted_servers = ["matrix.org"];
database_backend = "rocksdb";
};
secretFile = config.age.secrets.conduit-env.path;
};
# Traefik configuration for Conduit
services.traefik.dynamicConfigOptions.http = {
services.conduit.loadBalancer.servers = [
{
url = "http://localhost:${toString (config.m3ta.ports.get "conduit")}/";
}
];
routers.conduit = {
rule = "Host(`matrix.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "conduit";
entrypoints = "websecure";
};
# Federation endpoint on base domain
routers.conduit-federation = {
rule = "Host(`m3ta.dev`) && PathPrefix(`/_matrix`)";
tls = {
certResolver = "godaddy";
};
service = "conduit";
entrypoints = "websecure";
};
};
# Open federation port
networking.firewall.allowedTCPPorts = [8448];
}

Some files were not shown because too many files have changed in this diff Show More