m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re/nixos-config:__dolt_remote_info__
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua
..
compare: m3tam3re/nixos-config:e9f20d7ddad5cb493584222253f29cef80aa75ab
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua

227 Commits
__dolt_remote_info__ .. e9f20d7dda

Author SHA1 Message Date
m3tm3re e9f20d7dda chore: rekey secrets 2026-03-10 04:38:25 +01:00
m3tm3re 4ae2bb0f48 chore: flake update 2026-03-07 11:44:04 +01:00
m3tm3re b08be9132b feat: litellm provider for opncode 2026-03-03 20:07:25 +01:00
m3tm3re e4195230a5 chore: fix netbird ssh 2026-03-02 19:24:28 +01:00
m3tm3re 674ce6957c feat: authentik 2026-02-28 10:06:42 +01:00
m3tm3re a9022a4f55 refactor(netbird): use port registry and named IP variables 2026-02-27 16:03:12 +01:00
m3tm3re fa9747f3e9 refactor(ports): add netbird port definitions 2026-02-27 16:03:08 +01:00
m3tm3re 4920029c65 +openspec 2026-02-18 17:57:21 +01:00
m3tm3re a12958b68f chore: flake update 2026-02-18 16:28:31 +01:00
m3tm3re 2e550b91f5 feat(opencode): integrate rules into default devShell 
- Switch agents input to local path for development
- Add default devShell with Opencode rules integration
- Update .gitignore to exclude generated Opencode files
- Upgrade opencode to v1.2.6
 2026-02-17 20:11:14 +01:00
m3tm3re 1d3564f360 feat(opencode): deploy rules/ to ~/.config/opencode/rules/ via home-manager 
- Add xdg.configFile entry for opencode/rules
- Rules deployed alongside skills, commands, context, prompts

Refs: T4 of rules-system plan
 2026-02-17 18:59:43 +01:00
m3tm3re 8ead26a791 update opencode config, secrets, tailscale, and agents input 
- opencode: remove deprecated google_auth, add git_master config,
  experimental truncation, use glm-4.6v for multimodal-looker,
  upgrade categories to glm-5, remove opencode-memory plugin
- m3-atlas: add ref/exa/outline/basecamp secret declarations
- m3-kratos: enable tailscale with ssh and reset flags
- agents: switch back to remote git input
 2026-02-17 08:54:13 +01:00
m3tm3re 87baf2377f +opencode-memory 2026-02-16 19:57:16 +01:00
m3tm3re 7b9caedaa4 headscale ssh acl 2026-02-16 18:59:34 +01:00
m3tm3re 105e573c53 Switch to local m3ta-nixpkgs and enable services 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-02-15 18:16:11 +01:00
m3tm3re eda9f2a1f9 Enable mem0 and qdrant services on m3-ares 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-02-15 18:15:37 +01:00
m3tm3re f3536919f0 Update OpenCode configuration and add sqlite tools 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-02-15 18:15:00 +01:00
m3tm3re 5c0fe5abda apply updates from m3ta-nixpkgs 2026-02-11 19:59:59 +01:00
m3tm3re f80e907277 +td +sidecar 2026-02-10 20:08:32 +01:00
m3tm3re ffed020289 + Obsidian 2026-02-05 09:01:35 +01:00
m3tm3re a7ac2232ee flake update 2026-02-05 08:05:20 +01:00
m3tm3re c28c1953d0 hyprland opaque keybinding fix 2026-02-04 16:51:00 +01:00
m3tm3re f7a1591451 merge flake inputs 2026-01-26 20:53:49 +01:00
m3tm3re b6dab69d42 chore folder renaming for opencode: skill -> skills, command -> sommands 2026-01-26 20:50:39 +01:00
m3tm3re b6fa6c1bcf oh-my-opencode model structure for v3.x 2026-01-24 18:09:42 +01:00
m3tm3re 2449532b30 chore: update dependencies, add basecamp secrets, improve desktop environment 
- Update opencode to v1.1.34
- Add new opencode agents (Prometheus, Metis, Momus, Atlas) and categories
- Switch m3ta-nixpkgs back to local path
- Add basecamp client credentials for m3-ares and m3-kratos
- Set NIXOS_OZONE_WL=1 for better Wayland app support in Hyprland
- Remove redundant wrl.enable from flatpak portal config
 2026-01-23 18:14:08 +01:00
m3tm3re 39d2b5a609 chore: optimize gitea runner 2026-01-21 17:59:58 +01:00
m3tm3re 3b2d19f8a6 fix: jq + curl to gitea action runner 2026-01-20 21:17:08 +01:00
m3tm3re 4439e6d173 model changes opencode 2026-01-19 19:26:37 +01:00
m3tm3re 048244f122 fix(m3-ares): use stable tuxedo-drivers module to work around nixpkgs#480391 
The unstable tuxedo-drivers module has a type error where cfg.settings
(a set) is passed directly to lib.any which expects a list. This was
introduced in commit 15d9ec6 and fixed in a77e30e, but the fix hasn't
propagated to our nixpkgs input yet.

Workaround: disable the unstable module and import from nixpkgs-stable.
 2026-01-19 19:24:34 +01:00
m3tm3re 09e93ef6f0 flake update 2026-01-17 10:17:48 +01:00
m3tm3re dd59d2a56d fix: add nodejs to gitea runner hostPackages 
- Enables actions/checkout@v4 to work on self-hosted nixos runner
- Fixes: nixpkgs-5yn (Gitea Actions runner missing Node.js)
 2026-01-15 19:06:42 +01:00
m3tm3re f9415c05f9 Add Gitea Actions Runner and update OpenCode config 
- Add Gitea Actions Runner service on m3-atlas with nixos:host label
- Configure agenix secret for runner token
- Add Antigravity provider models to OpenCode config
- Switch m3ta-nixpkgs to local path for development
 2026-01-14 20:55:23 +01:00
m3tm3re e1de4805ce bd sync: 2026-01-13 20:51:49 2026-01-13 20:51:49 +01:00
m3tm3re f482759c2e bd sync: 2026-01-13 20:51:30 2026-01-13 20:51:30 +01:00
m3tm3re ad35d27135 opencode -> 1.1.14 2026-01-12 20:25:22 +01:00
m3tm3re 18ef6174bb opencode config changes 2026-01-11 13:13:07 +01:00
m3tm3re 9dfaccb77e feat: add wallpaper feature with 5 new wallpapers 
- Add wallpapers.nix module for wallpaper management
- Update hyprland and rofi configs
- Update m3-ares and m3-kratos user configs
- Update flake inputs
 2026-01-10 18:09:58 +01:00
m3tm3re 5e4e007b67 opencode update 2026-01-10 06:14:02 +01:00
m3tm3re 1316d3268f chore: update opencode, hyprland config, and disable qdrant 
- Remove opencode-anthropic-auth plugin from opencode config
- Add XDG environment variables for Hyprland session awareness
- Disable qdrant service on m3-ares host
 2026-01-09 18:18:45 +01:00
m3tm3re b76db4800a Agents input update 2026-01-09 14:38:02 +01:00
m3tm3re 5ff19bccbe Claude Max login fix for opencode 2026-01-09 14:36:17 +01:00
m3tm3re 5713202dc9 chore: update flake inputs and adjust configs 
- Update flake inputs (home-manager, HyprPanel, nixpkgs variants, NUR, AGENTS)
- Switch OpenCode agents to opencode/ model provider
- Remove webcord package from media config
- Fix thunar plugins namespace (xfce.* → pkgs.*)
- Upgrade m3-kratos kernel to 6.18
- Disable ADB and qdrant service on m3-kratos
- Enable qdrant overlay using stable nixpkgs
 2026-01-09 12:56:07 +01:00
m3tm3re 4b386040db fix(hyprland): update window rules to new syntax 
- Replace old windowrule format with new match: prefix syntax
- Fix property names: initialTitle → initial_title
- Fix effect names: idleinhibit → idle_inhibit, noanim → no_anim, etc.
- Replace noborder with decorate off (correct effect)
- Fix pomodoro move expression to use monitor_h variable
- Apply fixes across all host configs (m3-ares, m3-kratos, m3-daedalus)
 2026-01-09 12:30:20 +01:00
m3tm3re e7a02dc45e Opencode model setup to Opencode Zen 2026-01-09 10:28:17 +01:00
m3tm3re 9566e6cd77 + beads opencode plugin 2026-01-08 04:47:31 +01:00
m3tm3re c1f274d63a adjusted auto-enabled MCPs for opencode 2026-01-07 19:31:00 +01:00
m3tm3re 1092fc98a5 Basecamp MCP 2026-01-07 19:08:33 +01:00
m3tm3re b2fff7b104 anytype-key m3-ares 2026-01-07 04:49:43 +01:00
m3tm3re c8752086a2 Opencode permissions + agent configs 2026-01-06 08:54:17 +01:00
m3tm3re 175f971809 project-launcher changes 2026-01-06 05:54:19 +01:00
m3tm3re bb85c4b40d m3ta-nixpkgs update 2026-01-04 04:02:36 +01:00
m3tm3re 21957d895c m3ta-nixpkgs update 2026-01-04 04:01:56 +01:00
m3tm3re ffd26b3139 merge 2026-01-04 03:52:38 +01:00
m3tm3re b2cdc7db2a opencode hm config 2026-01-04 03:49:13 +01:00
m3tm3re eab4c26ca4 nodejs to bun aliases 2026-01-03 11:12:01 +01:00
m3tm3re f615f3bd6a nvidia fix m3-ares 2026-01-03 09:31:59 +01:00
m3tm3re 841d7abbe7 stt, mem0, rofi-project-opener 2026-01-02 15:12:26 +01:00
m3tm3re 6ac20b65f4 AGENTS.md: add hierarchical documentation for hosts, home, features, services 2025-12-29 18:55:52 +01:00
m3tm3re 460fc927ec +AGENTS.md for AI coding agents 2025-12-28 11:28:19 +01:00
m3tm3re 949e017b22 add bun to PATH and packages, remove opencode 2025-12-28 10:25:23 +01:00
m3tm3re 27d162f3ae flake update 2025-12-27 09:52:19 +01:00
Sascha Koenig 90a5e53510 m3-atlas to 26.05 2025-12-23 12:58:52 +01:00
Sascha Koenig 5d707efe7b re-enabled ollama 2025-12-23 09:53:46 +01:00
Sascha Koenig 2f4273c86f +fabric +opencode 2025-12-23 09:31:59 +01:00
Sascha Koenig 436928b187 flake update 2025-12-23 09:25:17 +01:00
Sascha Koenig f529c59400 flake url fix m3ta-nixpkgs 2025-12-11 07:07:18 +01:00
Sascha Koenig 0e6ea7e6a3 flake update 2025-12-11 07:04:52 +01:00
Sascha Koenig aaf82b29da flake update 2025-11-29 12:48:52 +01:00
m3tm3re d24c6b28f8 flake update 2025-10-28 16:44:52 +01:00
m3tam3re 8f4b39d277 flake update 2025-10-05 14:38:50 +02:00
m3tam3re dea4ca9377 added ports module from m3ta-nixpkgs / prep for rewrite 2025-10-05 12:24:27 +02:00
m3tam3re 6cd1fdd651 beginning of bigger restructure, m3ta-nixpkgs input 2025-10-03 19:14:37 +02:00
m3tam3re b66553888b beginning of bigger restructure, m3ta-nixpkgs input 2025-10-03 14:55:24 +02:00
m3tam3re 35becfdea4 +crush 2025-09-29 18:58:19 +02:00
m3tam3re b2ad6005bc +hyprland cfg 2025-09-15 18:11:00 +02:00
m3tam3re 150dd20d32 +gamemoderun 2025-09-14 16:58:40 +02:00
m3tam3re bab10c3273 +tuxedo backlight 2025-09-08 04:40:19 +02:00
m3tam3re d5e13e2099 gnome m3-ares 2025-09-06 21:19:11 +02:00
m3tam3re 20706ce6a3 rofi dmenu exec 2025-09-04 20:23:31 +02:00
m3tam3re e9baa42695 keybindings + rofi fix 2025-09-04 18:21:56 +02:00
m3tam3re 2e6bf051f0 keybindings + rofi fix 2025-09-04 18:15:37 +02:00
Sascha Koenig a5f544e8d3 flake update 2025-09-04 15:37:14 +02:00
m3tam3re a81aee81b1 flake update 2025-09-04 15:36:53 +02:00
m3tam3re d2c127c396 AZ ssh config 2025-09-04 15:04:11 +02:00
m3tam3re 846a88475a more nix-colors; nushell fzf fix 2025-09-02 20:18:42 +02:00
m3tam3re bbb79160ae nix-colors 2025-08-30 14:32:25 +02:00
m3tam3re cc0f4c66ce Msty Studio version number 2025-08-30 09:09:30 +02:00
m3tam3re 7c355127c7 +Msty Studio 2025-08-30 09:05:58 +02:00
m3tam3re 6ce51f5cf2 cleanup 2025-08-28 20:33:23 +02:00
m3tam3re d96e054ef3 cleanup 2025-08-28 20:31:25 +02:00
m3tam3re 7a3f368aca + webapp launcher, hyprland config changes 2025-08-28 20:28:10 +02:00
Sascha Koenig 9e44101016 hyprpaper randomizer 2025-08-24 11:57:40 +02:00
Sascha Koenig d5b06c496d minor changes 2025-08-14 11:10:59 +02:00
Sascha Koenig 669ed55dc0 minor changes 2025-08-14 10:51:24 +02:00
Sascha Koenig 578bfd527f some refactoring 2025-07-20 19:30:57 +02:00
Sascha Koenig 2715ddc617 flake update 2025-07-20 14:26:14 +02:00
Sascha Koenig eedf92819c baserow upgrade 2025-07-15 17:37:38 +02:00
Sascha Koenig 0ff5c04d23 outline config + paperless overlay 2025-07-10 19:31:32 +02:00
Sascha Koenig 55e8c6cae5 +outine, flake update 2025-07-10 06:55:08 +02:00
Sascha Koenig b54213cfbb flake update 2025-07-03 19:06:08 +02:00
Sascha Koenig a11ee7ee02 +m3-daedalus 2025-06-24 20:13:48 +02:00
Sascha Koenig 8c9860674b hyprland stream-boxes 2025-05-21 14:24:30 +02:00
Sascha Koenig e1719204e9 tailscale key rotation 2025-05-20 09:35:04 +02:00
Sascha Koenig 72ceffc61d nushell fzf 2025-05-19 21:03:09 +02:00
Sascha Koenig 22cbc7c5a2 flake update 2025-05-19 17:27:39 +02:00
Sascha Koenig 68ecbd3bf1 +builder for proxmox nixos-template 2025-05-19 12:53:05 +02:00
Sascha Koenig f85332f321 gitea fix 2025-05-18 13:03:39 +02:00
Sascha Koenig 040d03423d mesa 25.0.6 overlay for doom the dark ages 2025-05-17 15:21:21 +02:00
Sascha Koenig cf731e7309 rm wl-clipboard pin 2025-05-15 09:50:08 +02:00
Sascha Koenig e0aa2783bb postgres upgrade@m3-atlas 2025-05-13 05:32:59 +02:00
Sascha Koenig 7854d75742 flake update 2025-05-12 11:22:29 +02:00
Sascha Koenig 80cff4278d port changes for gitea 2025-05-12 10:33:27 +02:00
Sascha Koenig f33bfec02e vw conf @m3-atlas 2025-05-08 09:45:25 +02:00
Sascha Koenig 20bdd1c7b6 Paperless Service @m3-atlas 2025-05-08 08:20:16 +02:00
Sascha Koenig 7fec29f602 +vautwarden, +slash@nemoti 2025-05-08 00:15:04 +02:00
m3tam3re a3a85c3596 +Tailscale @m3-ares 2025-05-06 13:23:55 +02:00
m3tam3re 279d00ae82 Headscale and Tailscale config modules 2025-05-06 13:22:39 +02:00
m3tam3re ad87c67161 Headscale and Tailscale config modules 2025-05-05 11:44:32 +02:00
m3tam3re 53ce9740bd nushell dir_fuzzy 2025-05-05 01:58:36 +02:00
m3tam3re 881a65263d +skim functions for nushell 2025-05-04 19:00:11 +02:00
m3tam3re 32503965ab +Nushell 2025-05-04 10:53:18 +02:00
m3tam3re 3d52c0576e -fastfetch;+nitch 2025-04-30 14:47:05 +02:00
m3tam3re cc38372ee0 experimental msty-sidecar 2025-04-29 15:05:08 +02:00
m3tam3re e461fc494a flake update; msty update; +headscale config 2025-04-29 13:36:01 +02:00
m3tam3re 5a5b434efd m3ta.dev www fix for traefik 2025-04-24 16:57:30 +02:00
m3tam3re d69a9b9b38 + work-timer 2025-04-21 15:00:21 +02:00
m3tam3re b6e8a1614b traefik domain redirects 2025-04-18 15:59:06 +02:00
m3tam3re f560c59be5 +code2prompt, removed temprorary overlays 2025-04-18 10:53:05 +02:00
m3tam3re 01a2cbc808 m3-atlas: n8n - nixos, ghost update 2025-04-16 14:06:02 +02:00
m3tam3re 9b6e6a6992 flake update 2025-04-15 09:41:22 +02:00
m3tam3re 02f8b6d787 +ssh config zed for self-host-playbook 2025-04-10 19:16:46 +02:00
m3tam3re 40d6c9692a flake update 2025-04-10 11:36:42 +02:00
m3tam3re 374a17e6fc +experimental pangolin config for m3-atlas 2025-04-07 19:45:20 +02:00
m3tam3re b1e1a95a1c flake update 2025-03-28 11:32:08 +01:00
m3tam3re 74e7ee8364 lock OVMF 2025-03-28 10:00:43 +01:00
m3tam3re c32a94b82c Hyprland config change due to 0.48 update 2025-03-27 09:29:24 +01:00
m3tam3re 0e6ea2bacb n8n override fix 2025-03-26 12:24:36 +01:00
m3tam3re 8a2b5438af +vivaldi flake update 2025-03-26 11:54:49 +01:00
m3tam3re 81ee763318 flatpak fix attempt 2025-03-26 06:12:35 +01:00
m3tam3re 1c0b67c2a0 Update flake.lock 2025-03-24 13:05:41 +01:00
m3tam3re 42aa44a56b obs-browser 2025-03-24 13:05:28 +01:00
m3tam3re 466cbaf048 n8n-env, obs-plugins 2025-03-18 11:56:09 +01:00
m3tam3re b47e20afad flake update / brave fix 2025-03-18 09:32:28 +01:00
m3tam3re e93bdf20a3 restreamer setup 2025-03-15 14:23:47 +01:00
m3tam3re 779473317d +matomo 2025-03-14 17:32:08 +01:00
m3tam3re 39782b6eb9 flake update 2025-03-14 10:52:22 +01:00
m3tam3re 960ea9503d flake update 2025-03-13 11:30:48 +01:00
m3tam3re df41024693 playbook ssh config 2025-03-12 14:20:44 +01:00
m3tam3re 73fd3ef108 flake update 2025-03-10 09:37:17 +01:00
m3tam3re 221ffed715 let's try warp 2025-03-05 09:23:39 +01:00
m3tam3re 3637aee724 +warp-terminal 2025-03-04 23:27:10 +01:00
m3tam3re c0e8cfd773 msty fix licensing 2025-03-04 14:54:59 +01:00
m3tam3re ede0af92cd fix msty license persistence 2025-03-04 06:14:49 +01:00
m3tam3re f812a1de83 secrets update 2025-03-03 10:16:17 +01:00
m3tam3re eb84e24369 +MSTY 2025-03-02 16:14:43 +01:00
m3tam3re d51894816c pin to fix anytype error 2025-03-01 15:43:00 +01:00
m3tam3re c7fb70c88d neofetch to fastfetch 2025-03-01 15:01:19 +01:00
m3tam3re 2db7d8c1fd +slash 2025-02-28 15:56:53 +01:00
m3tam3re ce168609ca flake update 2025-02-28 09:55:27 +01:00
m3tam3re 842b01b647 n8n-env-fix 2025-02-24 14:57:19 +01:00
m3tam3re fa734b5c85 ghost-env-fix 2025-02-24 14:51:43 +01:00
m3tam3re a4d8d6890c +crypto 2025-02-24 09:48:13 +01:00
m3tam3re 262902c018 n8n@m3-atlas 2025-02-23 19:07:14 +01:00
m3tam3re 2ffd84eb4e ssh_config 2025-02-22 11:03:03 +01:00
m3tam3re 39e1187948 headscale + tailscale 2025-02-21 14:07:29 +01:00
m3tam3re 74d4940e27 traffic dns fix 2025-02-20 15:47:16 +01:00
m3tam3re 25b1fa76d7 flake update 2025-02-18 19:39:32 +01:00
m3tam3re b281290bef flake update 2025-02-18 19:37:50 +01:00
m3tam3re e02d76f981 +NFS 2025-02-17 06:44:42 +01:00
m3tam3re 9bcb33e58a @zed config changes 2025-02-17 06:36:50 +01:00
m3tam3re 994f7f6f74 NFS @m3-kratos 2025-02-15 14:08:39 +01:00
m3tam3re e98e224af9 merge 2025-02-14 13:53:28 +01:00
m3tam3re b2e01747e5 flake update 2025-02-14 13:44:29 +01:00
m3tam3re 75ae18b73e @n8n updatr to 1.78 2025-02-14 09:32:40 +01:00
m3tam3re 4a48ee92cb @hyprland +uwsm 2025-02-12 18:10:26 +01:00
m3tam3re e0dda1eb0a @hyprland +uwsm 2025-02-12 11:12:32 +01:00
m3tam3re bd97658bd2 steam stuff @m3-ares 2025-02-06 06:44:21 +01:00
m3tam3re 8785824cde +some python stuff 2025-02-05 13:17:58 +01:00
m3tam3re f5ca531962 +s3 @m3-atlas 2025-02-03 18:37:07 +01:00
m3tam3re 446be80ef1 +nfs mount @m3-atlas 2025-02-03 17:54:53 +01:00
m3tam3re 28ab56d302 n8n@1.77 / pnpm_9 2025-02-03 08:25:49 +01:00
m3tam3re 190fb2d6d1 flake update 2025-02-02 15:41:21 +01:00
m3tam3re e4b87c6908 rocblas workaround 2025-01-28 09:57:26 +01:00
m3tam3re 65a69df52b flake update, -n8n @m3-ares 2025-01-28 09:09:17 +01:00
m3tam3re e75166e5fc +onsomnia 2025-01-26 12:32:28 +01:00
m3tam3re c18b2d1f94 -spotify 2025-01-25 13:16:10 +01:00
m3tam3re a39436da6f m3-ares: fix early boot lvm warning 2025-01-24 14:58:44 +01:00
m3tam3re 05c614d3b1 +ollama AMD fix, ... rollback 2025-01-24 14:54:19 +01:00
m3tam3re b3c4a9b3ba -ollama AMD fix, not needed anymore 2025-01-21 10:04:14 +01:00
m3tam3re 4c0c2181ef postgres initialScript redundancy removed 2025-01-20 11:36:17 +01:00
m3tam3re 6606d63a20 postgres settings m3-kratos 2025-01-16 15:19:29 +01:00
m3tam3re 38187bc92c +m3-atlas 2025-01-15 18:19:03 +01:00
m3tam3re 4f39502228 secrets rekey 2025-01-15 09:45:56 +01:00
m3tam3re 5e128fb2bc gamecope fix m3-ares 2025-01-13 09:13:01 +01:00
m3tam3re 85515be4f0 gamecope fix m3-ares 2025-01-11 06:38:42 +01:00
m3tam3re a9453ed3a0 flake update 2025-01-09 10:04:13 +01:00
m3tam3re 61588df0b3 +gamescope 2025-01-08 14:35:09 +01:00
m3tam3re e94c5d4df8 gamecope m3-ares 2025-01-08 08:58:29 +01:00
m3tam3re 5c2ba374f9 -tuxedo drivers 2024-12-16 11:28:41 +01:00
m3tam3re 0d7efd1c33 +gamescope 2024-12-16 09:16:54 +01:00
m3tam3re 157fc4d38c +upower for m3-ares 2024-12-10 10:23:05 +01:00
m3tam3re 4c9988a7af + libgtop 2024-12-10 09:50:56 +01:00
m3tam3re 24a7fa1313 -Hyprpanel overlay 2024-12-06 11:48:19 +01:00
m3tam3re 2b6fc478ff +2505 flake update 2024-12-06 11:13:40 +01:00
m3tam3re 4789069624 +hyprcursor 2024-12-06 10:16:17 +01:00
m3tam3re 2f970debdd merge m3-ares 2024-12-06 10:14:48 +01:00
m3tam3re 12a3620712 +m3-ares 2024-12-06 07:16:50 +01:00
m3tam3re 6ff2466245 -llm-plugins 2024-11-27 11:45:16 +01:00
m3tam3re 50332e55e8 ollama rocm gpu fix 2024-11-25 14:59:34 +01:00
m3tam3re 1251081494 +tailwindcss 2024-11-22 08:54:24 +01:00
m3tam3re e16566bf09 +git alias logd 2024-11-21 13:59:31 +01:00
m3tam3re ccca2ab4ff +difftastic 2024-11-21 12:50:31 +01:00
m3tam3re 0007b10a71 +homarr config fix 2024-11-20 12:37:05 +01:00
m3tam3re 0fde93d646 +homarr 2024-11-19 18:59:45 +01:00
m3tam3re 936b6b5c9b adguard dns rewrites 2024-11-18 11:58:22 +01:00
m3tam3re 657df4e92b traefik config 2024-11-18 10:29:41 +01:00
m3tam3re 1864141a1b *basic traefik 2024-11-17 18:29:52 +01:00
m3tam3re 79df3dd5c7 +m3-helios 2024-11-16 19:58:59 +01:00
m3tam3re 431188a943 +podman socker 2024-11-14 15:13:14 +01:00
m3tam3re 0ebf64e7ee +qdrant +wireguard 2024-11-14 12:17:43 +01:00
m3tam3re ff3d1735c0 +postgres n8n@1.66.0 2024-11-13 10:51:59 +01:00
m3tam3re 8912665aa6 +aider-chat-env 2024-11-11 10:46:17 +01:00
m3tam3re 2c6c92140f pinned nixos commit change 2024-11-08 19:02:50 +01:00
m3tam3re 74f93cb0e3 +hyprpanel 2024-11-07 13:35:17 +01:00
m3tam3re 6b24828482 0711 2024-11-07 10:50:13 +01:00
m3tam3re 5c0ad5d634 here we go 2024-10-20 00:30:58 +02:00
184 changed files with 9832 additions and 7 deletions
Expand all files Collapse all files
.beads/.gitignore
+39
View File
@@ -0,0 +1,39 @@
# SQLite databases
*.db
*.db?*
*.db-journal
*.db-wal
*.db-shm
# Daemon runtime files
daemon.lock
daemon.log
daemon.pid
bd.sock
sync-state.json
last-touched
# Local version tracking (prevents upgrade notification spam after git ops)
.local_version
# Legacy database files
db.sqlite
bd.db
# Worktree redirect file (contains relative path to main repo's .beads/)
# Must not be committed as paths would be wrong in other clones
redirect
# Merge artifacts (temporary files from 3-way merge)
beads.base.jsonl
beads.base.meta.json
beads.left.jsonl
beads.left.meta.json
beads.right.jsonl
beads.right.meta.json
# NOTE: Do NOT add negation patterns (e.g., !issues.jsonl) here.
# They would override fork protection in .git/info/exclude, allowing
# contributors to accidentally commit upstream issue databases.
# The JSONL files (issues.jsonl, interactions.jsonl) and config files
# are tracked by git by default since no pattern above ignores them.
.beads/.sync.lock
View File
.beads/README.md
+81
View File
@@ -0,0 +1,81 @@
# Beads - AI-Native Issue Tracking
Welcome to Beads! This repository uses **Beads** for issue tracking - a modern, AI-native tool designed to live directly in your codebase alongside your code.
## What is Beads?
Beads is issue tracking that lives in your repo, making it perfect for AI coding agents and developers who want their issues close to their code. No web UI required - everything works through the CLI and integrates seamlessly with git.
**Learn more:** [github.com/steveyegge/beads](https://github.com/steveyegge/beads)
## Quick Start
### Essential Commands
```bash
# Create new issues
bd create "Add user authentication"
# View all issues
bd list
# View issue details
bd show <issue-id>
# Update issue status
bd update <issue-id> --status in_progress
bd update <issue-id> --status done
# Sync with git remote
bd sync
```
### Working with Issues
Issues in Beads are:
- **Git-native**: Stored in `.beads/issues.jsonl` and synced like code
- **AI-friendly**: CLI-first design works perfectly with AI coding agents
- **Branch-aware**: Issues can follow your branch workflow
- **Always in sync**: Auto-syncs with your commits
## Why Beads?
**AI-Native Design**
- Built specifically for AI-assisted development workflows
- CLI-first interface works seamlessly with AI coding agents
- No context switching to web UIs
🚀 **Developer Focused**
- Issues live in your repo, right next to your code
- Works offline, syncs when you push
- Fast, lightweight, and stays out of your way
🔧 **Git Integration**
- Automatic sync with git commits
- Branch-aware issue tracking
- Intelligent JSONL merge resolution
## Get Started with Beads
Try Beads in your own projects:
```bash
# Install Beads
curl -sSL https://raw.githubusercontent.com/steveyegge/beads/main/scripts/install.sh | bash
# Initialize in your repo
bd init
# Create your first issue
bd create "Try out Beads"
```
## Learn More
- **Documentation**: [github.com/steveyegge/beads/docs](https://github.com/steveyegge/beads/tree/main/docs)
- **Quick Start Guide**: Run `bd quickstart`
- **Examples**: [github.com/steveyegge/beads/examples](https://github.com/steveyegge/beads/tree/main/examples)
---
*Beads: Issue tracking that moves at the speed of thought*
.beads/interactions.jsonl
View File
.beads/issues.jsonl
+2
View File
@@ -0,0 +1,2 @@
{"id":"nixos-config-gx2","title":"form","status":"tombstone","priority":2,"issue_type":"task","created_at":"2026-01-11T11:49:21.688289476+01:00","created_by":"m3tam3re","updated_at":"2026-01-11T11:51:36.426124223+01:00","deleted_at":"2026-01-11T11:51:36.426124223+01:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
{"id":"nixos-config-n4l","title":"Create Gitea action for nix-update package updates","description":"Create a Gitea action to automatically update packages in this nixos-config repository using nix-update.\n\n**Context:**\n- Gitea instance is already running on m3-atlas at code.m3ta.dev (configured in hosts/m3-atlas/services/gitea.nix)\n- The repository is self-hosted on this Gitea instance\n- nix-update is already referenced in home/features/cli/default.nix\n- Currently no Gitea workflows exist (.gitea/ directory does not exist)\n\n**Goal:**\nAutomate package updates by creating a Gitea Actions workflow that:\n1. Runs nix-update periodically (e.g., weekly or on schedule)\n2. Updates package definitions in pkgs/ directory\n3. Creates pull requests with the updates\n4. Uses appropriate secrets/credentials for the Gitea instance\n\n**Requirements:**\n- Create .gitea/workflows/ directory structure\n- Define workflow file with nix-update command\n- Configure triggers (schedule, manual, or on repository events)\n- Set up proper permissions and secrets\n- Test the workflow execution\n\n**Current Repository State:**\n- pkgs/default.nix exists but is minimal (currently just a comment)\n- Multiple nixpkgs inputs are used (unstable, 25.11, locked, master)\n- Custom m3ta-nixpkgs overlay at code.m3ta.dev/m3tam3re/nixpkgs\n- Uses agenix for secrets management\n\n**Related Files:**\n- hosts/m3-atlas/services/gitea.nix (existing Gitea configuration)\n- hosts/common/ports.nix (port management)\n- home/features/cli/default.nix (nix-update reference)\n\n**Acceptance Criteria:**\n- [ ] Create .gitea/workflows directory\n- [ ] Implement nix-update workflow YAML\n- [ ] Configure appropriate triggers\n- [ ] Test workflow on the repository\n- [ ] Document setup and configuration","status":"closed","priority":2,"issue_type":"feature","owner":"p@m3ta.dev","created_at":"2026-01-13T20:39:49.838916335+01:00","created_by":"m3tm3re","updated_at":"2026-01-13T20:51:43.833041989+01:00","closed_at":"2026-01-13T20:51:43.833041989+01:00","close_reason":"Closed"}
.beads/metadata.json
+4
View File
@@ -0,0 +1,4 @@
{
"database": "beads.db",
"jsonl_export": "issues.jsonl"
}
.beads/sync_base.jsonl
+2
View File
@@ -0,0 +1,2 @@
{"id":"nixos-config-gx2","title":"form","status":"tombstone","priority":2,"issue_type":"task","created_at":"2026-01-11T11:49:21.688289476+01:00","created_by":"m3tam3re","updated_at":"2026-01-11T11:51:36.426124223+01:00","deleted_at":"2026-01-11T11:51:36.426124223+01:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
{"id":"nixos-config-n4l","title":"Create Gitea action for nix-update package updates","description":"Create a Gitea action to automatically update packages in this nixos-config repository using nix-update.\n\n**Context:**\n- Gitea instance is already running on m3-atlas at code.m3ta.dev (configured in hosts/m3-atlas/services/gitea.nix)\n- The repository is self-hosted on this Gitea instance\n- nix-update is already referenced in home/features/cli/default.nix\n- Currently no Gitea workflows exist (.gitea/ directory does not exist)\n\n**Goal:**\nAutomate package updates by creating a Gitea Actions workflow that:\n1. Runs nix-update periodically (e.g., weekly or on schedule)\n2. Updates package definitions in pkgs/ directory\n3. Creates pull requests with the updates\n4. Uses appropriate secrets/credentials for the Gitea instance\n\n**Requirements:**\n- Create .gitea/workflows/ directory structure\n- Define workflow file with nix-update command\n- Configure triggers (schedule, manual, or on repository events)\n- Set up proper permissions and secrets\n- Test the workflow execution\n\n**Current Repository State:**\n- pkgs/default.nix exists but is minimal (currently just a comment)\n- Multiple nixpkgs inputs are used (unstable, 25.11, locked, master)\n- Custom m3ta-nixpkgs overlay at code.m3ta.dev/m3tam3re/nixpkgs\n- Uses agenix for secrets management\n\n**Related Files:**\n- hosts/m3-atlas/services/gitea.nix (existing Gitea configuration)\n- hosts/common/ports.nix (port management)\n- home/features/cli/default.nix (nix-update reference)\n\n**Acceptance Criteria:**\n- [ ] Create .gitea/workflows directory\n- [ ] Implement nix-update workflow YAML\n- [ ] Configure appropriate triggers\n- [ ] Test workflow on the repository\n- [ ] Document setup and configuration","status":"closed","priority":2,"issue_type":"feature","owner":"p@m3ta.dev","created_at":"2026-01-13T20:39:49.838916335+01:00","created_by":"m3tm3re","updated_at":"2026-01-13T20:51:43.833041989+01:00","closed_at":"2026-01-13T20:51:43.833041989+01:00","close_reason":"Closed"}
.gitattributes
+3
View File
@@ -0,0 +1,3 @@
# Use bd merge for beads JSONL files
.beads/issues.jsonl merge=beads
.gitignore
+26
View File
@@ -0,0 +1,26 @@
# Sisyphus work session data
.sisyphus/
# Editor files
*~
.*.swp
.*.swo
.*.swx
# Build artifacts
result
result-*
.direnv/
# IDE
.vscode/
.idea/
*.iml
# OS
.DS_Store
Thumbs.db
# Opencode rules
.opencode-rules
opencode.json
AGENTS.md
+157
View File
@@ -0,0 +1,157 @@
# NIXOS CONFIGURATION KNOWLEDGE BASE
**Generated:** 2025-12-31 16:13:40 UTC
**Commit:** ebc8291
**Branch:** HEAD
## OVERVIEW
Personal NixOS configuration managing 6 hosts (4 servers, 2 desktops) using flakes, agenix secrets, and feature-based home-manager setup.
## STRUCTURE
```
./
├── flake.nix # Main entry: host definitions, inputs, outputs
├── secrets.nix # Agenix public key mappings
├── hosts/
│ ├── common/ # Shared: base config, users, extraServices, ports
│ ├── m3-atlas/ # Server: 20+ containerized services with Traefik
│ ├── m3-helios/ # Server: AdGuard, internal routing
│ ├── m3-ares/ # Desktop: NVIDIA GPU, Btrfs
│ ├── m3-kratos/ # Desktop: AMD GPU, ZFS
│ └── m3-aether/ # Cloud VM
├── home/
│ ├── common/ # Home-manager base config
│ ├── features/ # Modular feature toggles (cli, desktop, coding)
│ └── m3tam3re/ # Per-host user configs
├── modules/ # Custom NixOS/home-manager modules
├── overlays/ # Package overlays (stable, locked, pinned, master)
├── pkgs/ # Custom package definitions
└── secrets/ # Agenix encrypted .age files (19 secrets)
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add new host | `flake.nix` + `hosts/<name>/` | Copy template from m3-atlas (server) or m3-ares (desktop) |
| Add service to m3-atlas | `hosts/m3-atlas/services/` | See containers/ for Podman + Traefik pattern |
| Configure desktop features | `home/features/desktop/` | Feature toggles with mkEnableOption |
| Add CLI tool | `home/features/cli/` | Fish + Nushell integration expected |
| Manage secrets | `secrets.nix` + `agenix -e` | SSH keys defined in secrets.nix |
| Define ports | `hosts/common/ports.nix` | Centralized port registry |
| Add user | `hosts/common/users/` | Shared across all hosts |
| Custom packages | `pkgs/default.nix` | Exposed via flake outputs |
## CONVENTIONS
### Secrets (agenix)
- **Create**: `agenix -e secrets/<name>.age` after adding keys to `secrets.nix`
- **Reference**: `config.age.secrets.<name>.path` in service configs
- **Pattern**: Service env files use `environmentFiles = [config.age.secrets.<service>-env.path]`
### Service Organization
- **Native services**: `hosts/<host>/services/<service>.nix`
- **Containers**: `hosts/<host>/services/containers/<service>.nix`
- **Traefik integration**: All m3-atlas services include dynamic config for SSL + routing
- **Networking**: Containers use dedicated `web` network (10.89.0.0/24) with static IPs
### Port Management
- **Registry**: All ports defined in `hosts/common/ports.nix`
- **Access**: `config.m3ta.ports.get "service-name"`
- **Convention**: Internal services use 3000-3020 range
### Home-Manager Features
- **Enable**: `features.<category>.<feature>.enable = true` in user config
- **Categories**: `cli`, `desktop`, `coding`
- **Pattern**: Features are opt-in modules with default.nix aggregators
### Multiple nixpkgs Inputs
- **stable**: 25.11 release
- **locked/pinned**: Specific commits for compatibility
- **master**: Bleeding edge
- **m3ta-nixpkgs**: Custom local overlay at `path:/home/m3tam3re/p/nix/nixpkgs`
## COMMANDS
```bash
# Build/deploy specific host
sudo nixos-rebuild switch --flake .#m3-ares
# Build/deploy current host
sudo nixos-rebuild switch --flake .#$(uname -n)
# Home-manager update
home-manager --flake . switch
# Update all flake inputs
nix flake update
# Add/edit secret
agenix -e secrets/<name>.age
# Infrastructure shell (OpenTofu)
nix develop .#infraShell
# Check configuration (no activation)
nixos-rebuild dry-build --flake .#<hostname>
```
## TRAEFIK PATTERNS (m3-atlas only)
### SSL Termination
- **Provider**: Godaddy DNS challenge
- **Cert storage**: `/var/lib/traefik/acme.json`
- **Config**: `hosts/m3-atlas/services/traefik.nix`
### Service Integration Template
```nix
services.traefik.dynamicConfigOptions.http = {
services.<name>.loadBalancer.servers = [{ url = "http://127.0.0.1:<port>"; }];
routers.<name> = {
rule = "Host(`<subdomain>.m3ta.dev`)";
service = "<name>";
tls.certResolver = "godaddy";
};
};
```
### Container Pattern
- **Network**: `--network=web --ip=10.89.0.<sequential>`
- **Ports**: Bind localhost only (`127.0.0.1:<external>:<internal>`)
- **Database access**: `--add-host=mysql:10.89.0.1` (gateway IP)
## HOST ROLES
| Host | Type | Hardware | Purpose |
|------|------|----------|---------|
| m3-atlas | Server | x86_64, disko | 20+ services, Traefik hub, PostgreSQL, MySQL |
| m3-helios | Server | x86_64, disko | AdGuard DNS, internal routing |
| m3-ares | Desktop | NVIDIA, Btrfs | Personal workstation, n8n, PostgreSQL |
| m3-kratos | Desktop | AMD, ZFS | Workstation, mem0, PostgreSQL |
| m3-aether | Cloud | QEMU | General purpose VM |
| m3-daedalus | Laptop | home-only | Portable (no full NixOS config) |
## ANTI-PATTERNS (THIS PROJECT)
- **DON'T** add secrets to `secrets/` without updating `secrets.nix` public keys
- **DON'T** hardcode ports - use `config.m3ta.ports.get` or add to registry
- **DON'T** create containers outside the `web` network on m3-atlas
- **DON'T** skip Traefik config for public-facing services on m3-atlas
- **DON'T** bypass extraServices flags - use `hosts/common/extraServices/` pattern
- **DON'T** commit unencrypted secrets or test with real credentials
## UNIQUE TO THIS CONFIG
- **Custom m3ta-nixpkgs**: Local overlay for unreleased/patched packages
- **extraServices abstraction**: Boolean flags to toggle Podman, Ollama, virtualisation per host
- **Mythological naming**: All hosts named after Greek mythology
- **Dual domain strategy**: New services on `m3ta.dev`, legacy redirects from `m3tam3re.com`
- **Per-host nixpkgs versions**: Different hosts can use different nixpkgs commits via specialArgs
- **Container IP registry**: Static IP assignments in 10.89.0.0/24 subnet for predictable networking
## NOTES
- m3-atlas is the service hub - most complex configuration
- Secrets require host SSH keys defined in `secrets.nix` before `agenix -e` works
- Fish and Nushell both configured - choose per-user with shell aliases
- Color scheme (Dracula) applied via nix-colors across all visual tools
- See subdirectory AGENTS.md for deep dives on containers, desktop features, CLI tools
DOLT_REMOTE.md
-7
View File
@@ -1,7 +0,0 @@
This repository is being used as a Dolt remote.
ref=refs/dolt/data
head=b30121458bb0b75b61e483e49b5084835b3777d8
timestamp=2026-06-13T06:18:23Z
flake.lock
Generated
+878
View File
@@ -0,0 +1,878 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"agents": {
"flake": false,
"locked": {
"lastModified": 1772563257,
"narHash": "sha256-hp6Q8TVP9xZeBFgZm51ndCacmVZxucZzLtj12pzD6c0=",
"ref": "refs/heads/master",
"rev": "39ac89f388532e9a7629808037791c64cd5fc13c",
"revCount": 63,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS"
},
"original": {
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS"
}
},
"base16-schemes": {
"flake": false,
"locked": {
"lastModified": 1696158499,
"narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=",
"owner": "tinted-theming",
"repo": "base16-schemes",
"rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-schemes",
"type": "github"
}
},
"blueprint": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
]
},
"locked": {
"lastModified": 1771437256,
"narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=",
"owner": "numtide",
"repo": "blueprint",
"rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "blueprint",
"type": "github"
}
},
"bun2nix": {
"inputs": {
"flake-parts": [
"llm-agents",
"flake-parts"
],
"import-tree": "import-tree",
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
],
"treefmt-nix": [
"llm-agents",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1770895533,
"narHash": "sha256-v3QaK9ugy9bN9RXDnjw0i2OifKmz2NnKM82agtqm/UY=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "c843f477b15f51151f8c6bcc886954699440a6e1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "bun2nix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772867152,
"narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=",
"owner": "nix-community",
"repo": "disko",
"rev": "eaafb89b56e948661d618eefd4757d9ea8d77514",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772845525,
"narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"hyprpanel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1750798083,
"narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"rose-pine-hyprcursor",
"nixpkgs"
],
"systems": "systems_4"
},
"locked": {
"lastModified": 1709914708,
"narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprpanel": {
"inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1767767975,
"narHash": "sha256-yBejG3j6OLQYn87UozFAI3q9a1vH00u9xjIf2Q4V5j8=",
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"rev": "0e73df1dfedf0f6fa21ed0ae5e031b0663c8f400",
"type": "github"
},
"original": {
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"type": "github"
}
},
"import-tree": {
"locked": {
"lastModified": 1763762820,
"narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=",
"owner": "vic",
"repo": "import-tree",
"rev": "3c23749d8013ec6daa1d7255057590e9ca726646",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"llm-agents": {
"inputs": {
"blueprint": "blueprint",
"bun2nix": "bun2nix",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_3",
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772864581,
"narHash": "sha256-+AiWgqbKkjU1W/S/U7ktSoScMa4+z9APtJx+3gEDcCQ=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "856b24f862d0a19b7764f35ee9a7546309e605a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "llm-agents.nix",
"type": "github"
}
},
"m3ta-nixpkgs": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nixpkgs-master": "nixpkgs-master",
"opencode": "opencode",
"openspec": "openspec"
},
"locked": {
"lastModified": 1772876766,
"narHash": "sha256-PiikuOqrjyzTAqUbnUwIKCr9+YvKX0xTRZ4q0srkQKU=",
"ref": "refs/heads/master",
"rev": "291e3a0744d4a0192654c8afdbe3d1636c9c0890",
"revCount": 156,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
},
"original": {
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
}
},
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1707825078,
"narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=",
"owner": "misterio77",
"repo": "nix-colors",
"rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1",
"type": "github"
},
"original": {
"owner": "misterio77",
"repo": "nix-colors",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1769813415,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-45570c2": {
"locked": {
"lastModified": 1750950224,
"narHash": "sha256-vMCk6wKJVgR7H2pVrQV4/qygzTtvpnS/9jCT3cjzXVM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "45570c299dc2b63c8c574c4cd77f0b92f7e2766e",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "45570c299dc2b63c8c574c4cd77f0b92f7e2766e",
"type": "github"
}
},
"nixpkgs-9e58ed7": {
"locked": {
"lastModified": 1746823729,
"narHash": "sha256-6E3jRDNK9w1gwDsreG6ZS8Ec0Dv35DkDqKzxZATEUts=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9e58ed7ba759d81c98f033b7f5eba21ca68f53b0",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9e58ed7ba759d81c98f033b7f5eba21ca68f53b0",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1697935651,
"narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-locked": {
"locked": {
"lastModified": 1739661218,
"narHash": "sha256-hEGW0SKD0ORTEmoTuEEONxgENP5kMqe+NCtJug0U6R0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1772847790,
"narHash": "sha256-lEK3FqujT4UPgk31wI90scsZQK+I1GaLa61SOQ2Jirc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9724b991f92022aafa14b3610840f9742752227d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master_2": {
"locked": {
"lastModified": 1772874821,
"narHash": "sha256-ehnRKCc/qq0hjyi5aaE/H4RPUPfSDqjndWqAGZFesfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "10e7894b40eb0ad14d3a3184d20cc1beace1414d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1772598333,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1750776420,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772736753,
"narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "917fec990948658ef1ccd07cef2a1ef060786846",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772875192,
"narHash": "sha256-R706OBJ+nMQsVP2Dni+FaG3UDfhlE2zR4rz+YGnEi8I=",
"owner": "nix-community",
"repo": "NUR",
"rev": "2b3f4e0a0eea5a32dc78204fefba15ee83d437d3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"opencode": {
"inputs": {
"nixpkgs": [
"m3ta-nixpkgs",
"nixpkgs-master"
]
},
"locked": {
"lastModified": 1772782174,
"narHash": "sha256-FBmF7/uwZYY/qY1252Hz+XhXdE+Qp5axySAy5Jw7XUQ=",
"owner": "anomalyco",
"repo": "opencode",
"rev": "6c7d968c4423a0cd6c85099c9377a6066313fa0a",
"type": "github"
},
"original": {
"owner": "anomalyco",
"ref": "v1.2.20",
"repo": "opencode",
"type": "github"
}
},
"openspec": {
"inputs": {
"nixpkgs": [
"m3ta-nixpkgs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772182342,
"narHash": "sha256-9Q0iUyZGcDPLdgvnrBN3GumV8g9akV8TFb8bFkD1yYs=",
"owner": "Fission-AI",
"repo": "OpenSpec",
"rev": "afdca0d5dab1aa109cfd8848b2512333ccad60c3",
"type": "github"
},
"original": {
"owner": "Fission-AI",
"repo": "OpenSpec",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"agents": "agents",
"disko": "disko",
"home-manager": "home-manager_2",
"hyprpanel": "hyprpanel",
"llm-agents": "llm-agents",
"m3ta-nixpkgs": "m3ta-nixpkgs",
"nix-colors": "nix-colors",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_6",
"nixpkgs-45570c2": "nixpkgs-45570c2",
"nixpkgs-9e58ed7": "nixpkgs-9e58ed7",
"nixpkgs-locked": "nixpkgs-locked",
"nixpkgs-master": "nixpkgs-master_2",
"nixpkgs-stable": "nixpkgs-stable",
"nur": "nur",
"rose-pine-hyprcursor": "rose-pine-hyprcursor"
}
},
"rose-pine-hyprcursor": {
"inputs": {
"hyprlang": "hyprlang",
"nixpkgs": "nixpkgs_7",
"utils": "utils"
},
"locked": {
"lastModified": 1748096947,
"narHash": "sha256-ouuA8LVBXzrbYwPW2vNjh7fC9H2UBud/1tUiIM5vPvM=",
"owner": "ndom91",
"repo": "rose-pine-hyprcursor",
"rev": "4b02963d0baf0bee18725cf7c5762b3b3c1392f1",
"type": "github"
},
"original": {
"owner": "ndom91",
"repo": "rose-pine-hyprcursor",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772660329,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}
flake.nix
+194
View File
@@ -0,0 +1,194 @@
{
description = ''
For questions just DM me on X: https://twitter.com/@m3tam3re
There is also some NIXOS content on my YT channel: https://www.youtube.com/@m3tam3re
One of the best ways to learn NIXOS is to read other peoples configurations. I have personally learned a lot from Gabriel Fontes configs:
https://github.com/Misterio77/nix-starter-configs
https://github.com/Misterio77/nix-config
Please also check out the starter configs mentioned above.
'';
inputs = {
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-45570c2.url = "github:nixos/nixpkgs/45570c299dc2b63c8c574c4cd77f0b92f7e2766e";
nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
# m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
llm-agents.url = "github:numtide/llm-agents.nix";
#
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {url = "github:nix-community/nixos-generators";};
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
nix-colors.url = "github:misterio77/nix-colors";
agents = {
# url = "path:/home/m3tam3re/p/AI/AGENTS";
url = "git+https://code.m3ta.dev/m3tam3re/AGENTS";
flake = false;
};
};
outputs = {
self,
agenix,
home-manager,
nixpkgs,
m3ta-nixpkgs,
nur,
agents,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
"aarch64-darwin"
"x86_64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in {
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays {inherit inputs outputs;};
homeManagerModules = import ./modules/home-manager;
nixosConfigurations = {
m3-ares = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-ares";
};
modules = [
./hosts/m3-ares
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
];
};
m3-atlas = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
};
system = "x86_64-linux";
modules = [
./hosts/m3-atlas
inputs.disko.nixosModules.disko
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
];
};
m3-kratos = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-kratos";
};
modules = [
./hosts/m3-kratos
agenix.nixosModules.default
nur.modules.nixos.default
m3ta-nixpkgs.nixosModules.default
];
};
m3-helios = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
};
system = "x86_64-linux";
modules = [
./hosts/m3-helios
inputs.disko.nixosModules.disko
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
];
};
};
homeConfigurations = {
"m3tam3re@m3-daedalus" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-daedalus";
};
modules = [./home/m3tam3re/m3-daedalus.nix];
};
};
devShells = forAllSystems (system: let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow unfree packages in devShell
};
m3taLib = m3ta-nixpkgs.lib.x86_64-linux;
rules = m3taLib.opencode-rules.mkOpencodeRules {
inherit agents;
languages = ["nix"];
};
in {
default = pkgs.mkShell {
buildInputs = with pkgs; [
alejandra
nixd
openssh
agenix.packages.${system}.default
];
inherit (rules) instructions;
shellHook = ''
${rules.shellHook}
echo "======================================"
echo "🧑🚀 Nix Development Shell with Opencode Rules"
echo "======================================"
echo ""
echo "Active rules:"
echo " - Nix language conventions"
echo " - Coding-style best practices"
echo " - Naming conventions"
echo " - Documentation standards"
echo " - Testing guidelines"
echo " - Git workflow patterns"
echo " - Project structure guidelines"
echo ""
echo "Generated files:"
echo " - .opencode-rules/ (symlink to AGENTS repo)"
echo " - opencode.json (configuration file)"
echo ""
echo "Useful commands:"
echo " - cat opencode.json View rules configuration"
echo " - ls .opencode-rules/ Browse available rules"
echo " - nix develop Re-enter this shell"
echo ""
echo "Remember to add to .gitignore:"
echo " .opencode-rules"
echo " opencode.json"
echo "======================================"
'';
};
});
};
}
home/common/default.nix
+56
View File
@@ -0,0 +1,56 @@
{
inputs,
lib,
outputs,
pkgs,
system,
...
}: {
imports = [
inputs.nix-colors.homeManagerModules.default
inputs.m3ta-nixpkgs.homeManagerModules.default
]; #imports = builtins.attrValues outputs.homeManagerModules;
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
#outputs.overlays.additions
#outputs.overlays.modifications
outputs.overlays.temp-packages
outputs.overlays.stable-packages
outputs.overlays.locked-packages
outputs.overlays.pinned-packages
outputs.overlays.master-packages
inputs.nur.overlays.default
inputs.m3ta-nixpkgs.overlays.default
inputs.m3ta-nixpkgs.overlays.modifications
(outputs.overlays.mkLlmAgentsOverlay system)
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
# Workaround for https://github.com/nix-community/home-manager/issues/2942
allowUnfreePredicate = _: true;
};
};
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = ["nix-command" "flakes"];
warn-dirty = false;
};
};
colorScheme = inputs.nix-colors.colorSchemes.dracula;
}
home/features/cli/AGENTS.md
+65
View File
@@ -0,0 +1,65 @@
# CLI FEATURES (home-manager)
**Shell and terminal tooling with Fish + Nushell dual configuration**
## OVERVIEW
8 CLI modules with integrated tooling across Fish and Nushell shells.
## STRUCTURE
```
cli/
├── default.nix # Imports + shared tools (bat, eza, direnv)
├── fish.nix # Fish shell + aliases
├── fzf.nix # Fuzzy finder
├── nitch.nix # System info tool
├── nushell.nix # Nushell + aliases
├── secrets.nix # Password-store integration
├── starship.nix # Shell prompt
└── zellij.nix # Terminal multiplexer
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add CLI tool | default.nix home.packages | Check if shell integration needed |
| Shell aliases | fish.nix or nushell.nix | Kept in sync between shells |
| Prompt config | starship.nix | Uses nerd-fonts symbols |
| Secret access | secrets.nix | Agenix integration |
## CONVENTIONS
### Shell Integration Pattern
Tools with shell hooks enabled in both Fish and Nushell:
- **carapace**: Completions
- **zoxide**: Smart cd
- **eza**: ls replacement
- **direnv**: Directory environments
- **fzf**: Fuzzy finding
### NixOS Rebuild Aliases (both shells)
```
nr/nrs - nixos-rebuild [switch]
snr/snrs - sudo nixos-rebuild [switch]
hms - home-manager switch
```
### Bat Theme
Custom `universal` theme generated from nix-colors palette in default.nix (lines 34-157).
### Secrets Integration
Fish/Nushell source `$HOME/.secrets` if `secrets.enable = true` (CLI secrets feature).
## ANTI-PATTERNS
- **DON'T** add aliases to only one shell - keep Fish/Nushell in sync
- **DON'T** use `programs.bash` - Nushell is default shell
- **DON'T** bypass carapace for completions - integrated by default
## NOTES
- zellij-ps custom package for project session management
- Default shell set to Nushell in hosts/common/default.nix
- Bat theme dynamically generated (no external theme files)
- lf file manager uses bat for previews
- Agenix CLI (agenix-cli) included for secret management
home/features/cli/default.nix
+239
View File
@@ -0,0 +1,239 @@
{
config,
pkgs,
videoDrivers,
...
}: {
imports = [
./fish.nix
./fzf.nix
./nitch.nix
./nushell.nix
./secrets.nix
./starship.nix
./zellij.nix
];
cli.stt-ptt = {
enable = true;
whisperPackage =
if videoDrivers == ["nvidia"]
then pkgs.whisper-cpp.override {cudaSupport = true;}
else if videoDrivers == ["amdgpu"]
then pkgs.whisper-cpp-vulkan
else pkgs.whisper-cpp;
model = "ggml-large-v3-turbo";
notifyTimeout = 2000;
};
programs.carapace = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
enableBashIntegration = true;
};
programs.zoxide = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
};
programs.bat = {
enable = true;
config = {theme = "universal";};
themes = {
universal = {
src = pkgs.writeText "universal.tmTheme" ''
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>name</key>
<string>Universal (nix-colors)</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#${config.colorScheme.palette.base00}</string>
<key>foreground</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>caret</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>selection</key>
<string>#${config.colorScheme.palette.base02}</string>
<key>selectionForeground</key>
<string>#${config.colorScheme.palette.base05}</string>
<key>lineHighlight</key>
<string>#${config.colorScheme.palette.base01}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base03}</string>
<key>fontStyle</key>
<string>italic</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String</string>
<key>scope</key>
<string>string</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0A}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number</string>
<key>scope</key>
<string>constant.numeric</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0E}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword</string>
<key>scope</key>
<string>keyword</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base08}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function</string>
<key>scope</key>
<string>entity.name.function</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0B}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Type</string>
<key>scope</key>
<string>entity.name.type, storage.type</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0D}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable</string>
<key>scope</key>
<string>variable</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base05}</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Constant</string>
<key>scope</key>
<string>constant</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#${config.colorScheme.palette.base0E}</string>
</dict>
</dict>
</array>
</dict>
</plist>
'';
};
};
};
programs.direnv = {
enable = true;
enableNushellIntegration = true;
nix-direnv.enable = true;
};
programs.eza = {
enable = true;
enableFishIntegration = true;
enableBashIntegration = true;
extraOptions = ["-l" "--icons" "--git" "-a"];
};
programs.lf = {
enable = true;
settings = {
preview = true;
drawbox = true;
hidden = true;
icons = true;
theme = "Dracula";
previewer = "bat";
};
};
cli.zellij-ps = {
enable = true;
projectFolders = ["/home/m3tam3re/p"];
};
home.packages = with pkgs; [
comma
coreutils
devenv
fabric-ai
fd
gcc
go
htop
httpie
hyprpaper-random
jq
just
lazygit
llm
lf
nix-index
nix-update
libnotify
nushellPlugins.skim
progress
ripgrep
rocmPackages.rocm-smi
rocmPackages.rocminfo
rocmPackages.rocm-runtime
sqlite
sqlite-vec
tldr
pomodoro-timer
trash-cli
unimatrix
unzip
vulkan-tools
wttrbar
wireguard-tools
yazi
zellij-ps
zip
];
}
home/features/cli/fish.nix
+116
View File
@@ -0,0 +1,116 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fish;
in {
options.features.cli.fish.enable = mkEnableOption "enable fish shell";
config = mkIf cfg.enable {
programs.fish = {
enable = true;
interactiveShellInit = ''
# Fish colors using universal nix-colors palette
# Text colors
set -g fish_color_normal ${config.colorScheme.palette.base05} # text
set -g fish_color_param ${config.colorScheme.palette.base05} # text
set -g fish_color_comment ${config.colorScheme.palette.base03} # muted
set -g fish_color_autosuggestion ${config.colorScheme.palette.base03} # muted
# Command colors
set -g fish_color_command ${config.colorScheme.palette.base0D} # accent6 (blue)
set -g fish_color_quote ${config.colorScheme.palette.base0A} # accent3 (yellow)
set -g fish_color_redirection ${config.colorScheme.palette.base0E} # accent7 (purple)
set -g fish_color_end ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_error ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_operator ${config.colorScheme.palette.base0C} # accent5 (cyan)
set -g fish_color_escape ${config.colorScheme.palette.base09} # accent2 (orange)
# Path colors
set -g fish_color_cwd ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_cwd_root ${config.colorScheme.palette.base08} # accent1 (red)
set -g fish_color_valid_path --underline
# Interactive colors
set -g fish_color_match ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_selection --background=${config.colorScheme.palette.base02} # overlay
set -g fish_color_search_match --background=${config.colorScheme.palette.base02} # overlay
set -g fish_color_history_current --bold
set -g fish_color_user ${config.colorScheme.palette.base0B} # accent4 (green)
set -g fish_color_host ${config.colorScheme.palette.base0D} # accent6 (blue)
set -g fish_color_cancel -r
# Pager colors
set -g fish_pager_color_completion normal
set -g fish_pager_color_description ${config.colorScheme.palette.base03} # muted
set -g fish_pager_color_prefix ${config.colorScheme.palette.base0E} # accent7 (purple)
set -g fish_pager_color_progress ${config.colorScheme.palette.base0B} # accent4 (green)
'';
loginShellInit = ''
set -x NIX_PATH nixpkgs=channel:nixos-unstable
set -x NIX_LOG info
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
set -x TERMINAL kitty
set -x EDITOR nvim
set -x VISUAL zed
set -x XDG_DATA_HOME $HOME/.local/share
set -x FZF_CTRL_R_OPTS "
--preview='bat --color=always -n {}'
--preview-window up:3:hidden:wrap
--bind 'ctrl-/:toggle-preview'
--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'
--color header:bold
--header 'Press CTRL-Y to copy command into clipboard'"
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
set -x FLAKE $HOME/p/nixos/nixos-config
source /run/agenix/${config.home.username}-secrets
if test (tty) = "/dev/tty1"
exec uwsm start -F /run/current-system/sw/bin/Hyprland
end
if test (tty) = "/dev/tty2"
exec gamescope -O HDMI-A-1 -W 1920 -H 1080 --adaptive-sync --hdr-enabled --rt --steam -- steam -pipewire-dmabuf -tenfoot
end
'';
shellAbbrs = {
".." = "cd ..";
"..." = "cd ../..";
b = "yazi";
ls = "eza";
l = "eza -l --icons --git -a";
lt = "eza --tree --level=2 --long --icons --git";
grep = "rg";
ps = "procs";
just = "just --unstable";
node = "bun";
npx = "bunx";
fs = "du -ah . | sort -hr | head -n 10";
n = "nix";
nd = "nix develop -c $SHELL";
ns = "nix shell";
nsn = "nix shell nixpkgs#";
nb = "nix build";
nbn = "nix build nixpkgs#";
nf = "nix flake";
nr = "sudo nixos-rebuild --flake .";
nrs = "sudo nixos-rebuild switch --flake .#(uname -n)";
snr = "sudo nixos-rebuild --flake .";
snrs = "sudo nixos-rebuild --flake . switch";
hm = "home-manager --flake .";
hms = "home-manager --flake . switch";
hmr = "cd ~/projects/nix-configurations; nix flake lock --update-input dotfiles; home-manager --flake .#(whoami)@(hostname) switch";
tsu = "sudo tailscale up";
tsd = "sudo tailscale down";
vi = "nvim";
vim = "nvim";
};
};
};
}
home/features/cli/fzf.nix
+40
View File
@@ -0,0 +1,40 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fzf;
in {
options.features.cli.fzf.enable = mkEnableOption "enable fuzzy finder";
config = mkIf cfg.enable {
programs.fzf = {
enable = true;
enableFishIntegration = true;
colors = {
"fg" = "#${config.colorScheme.palette.base05}";
"bg" = "#${config.colorScheme.palette.base00}";
"hl" = "#${config.colorScheme.palette.base0E}";
"fg+" = "#${config.colorScheme.palette.base05}";
"bg+" = "#${config.colorScheme.palette.base02}";
"hl+" = "#${config.colorScheme.palette.base0E}";
"info" = "#${config.colorScheme.palette.base09}";
"prompt" = "#${config.colorScheme.palette.base0B}";
"pointer" = "#${config.colorScheme.palette.base08}";
"marker" = "#${config.colorScheme.palette.base08}";
"spinner" = "#${config.colorScheme.palette.base09}";
"header" = "#${config.colorScheme.palette.base03}";
};
defaultOptions = [
"--preview='bat --color=always -n {}'"
"--bind 'ctrl-/:toggle-preview'"
"--header 'Press CTRL-Y to copy command into clipboard'"
"--bind 'ctrl-/:toggle-preview'"
"--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'"
];
defaultCommand = "fd --type f --exclude .git --follow --hidden";
changeDirWidgetCommand = "fd --type d --exclude .git --follow --hidden";
};
};
}
home/features/cli/nitch.nix
+15
View File
@@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.nitch;
in {
options.features.cli.nitch.enable = mkEnableOption "enable nitch";
config = mkIf cfg.enable {
home.packages = with pkgs; [nitch];
};
}
home/features/cli/nushell.nix
+182
View File
@@ -0,0 +1,182 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.nushell;
in {
options.features.cli.nushell.enable = mkEnableOption "enable nushell";
config = mkIf cfg.enable {
programs.nushell = {
enable = true;
envFile.text = ''
$env.config.show_banner = false
$env.NIX_PATH = "nixpkgs=channel:nixos-unstable"
$env.NIX_LOG = "iunfo"
$env.WEBKIT_DISABLE_COMPOSITING_MODE = "1"
$env.TERMINAL = "kitty"
$env.EDITOR = "nvim"
$env.VISUAL = "zed"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.FZF_DEFAULT_OPTS = "--preview='bat --color=always --style=numbers --line-range=:500 {}' --bind 'ctrl-/:toggle-preview' --header 'Press CTRL-Y to copy to clipboard' --bind 'ctrl-y:execute-silent(echo {} | wl-copy)' --color bg:#${config.colorScheme.palette.base00},bg+:#${config.colorScheme.palette.base02},fg:#${config.colorScheme.palette.base05},fg+:#${config.colorScheme.palette.base05},header:#${config.colorScheme.palette.base03},hl:#${config.colorScheme.palette.base0E},hl+:#${config.colorScheme.palette.base0E},info:#${config.colorScheme.palette.base09},marker:#${config.colorScheme.palette.base08},pointer:#${config.colorScheme.palette.base08},prompt:#${config.colorScheme.palette.base0B},spinner:#${config.colorScheme.palette.base09}"
$env.XDG_DATA_HOME = $"($env.HOME)/.local/share"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"
$env.FLAKE = $"($env.HOME)/p/nixos/nixos-config"
$env.PATH = ($env.PATH | split row (char esep) | append "/home/m3tam3re/.cache/.bun/bin" | uniq)
source /run/agenix/${config.home.username}-secrets
'';
configFile.text = ''
# FZF integration functions for nushell
def fzf-file [] {
fd --type f --exclude .git --follow --hidden | fzf --preview 'bat --color=always --style=numbers --line-range=:500 {}' --bind 'ctrl-y:execute-silent(echo {} | wl-copy)'
}
def fzf-dir [] {
fd --type d --exclude .git --follow --hidden | fzf --preview 'ls -la {}'
}
def fzf-history [] {
history | get command | reverse | fzf --bind 'ctrl-y:execute-silent(echo {} | wl-copy)'
}
# Key bindings for FZF
$env.config = {
keybindings: [
{
name: fzf_file
modifier: control
keycode: char_t
mode: [emacs, vi_normal, vi_insert]
event: {
send: executehostcommand
cmd: "commandline edit --insert (fzf-file)"
}
}
{
name: fzf_history
modifier: control
keycode: char_r
mode: [emacs, vi_normal, vi_insert]
event: {
send: executehostcommand
cmd: "commandline edit --replace (fzf-history)"
}
}
]
}
# Aliases
alias .. = cd ..
alias ... = cd ...
alias h = cd $env.HOME
alias b = yazi
alias lt = eza --tree --level=2 --long --icons --git
alias grep = rg
alias just = just --unstable
alias node = bun
alias npx = bunx
alias n = nix
alias nd = nix develop -c $nu.current-shell
alias ns = nix shell
alias nsn = nix shell nixpkgs#
alias nb = nix build
alias nbn = nix build nixpkgs#
alias nf = nix flake
alias nr = sudo nixos-rebuild --flake .
alias nrs = sudo nixos-rebuild switch --flake .#(sys host | get hostname)
alias snr = sudo nixos-rebuild --flake .
alias snrs = sudo nixos-rebuild --flake . switch
alias hm = home-manager --flake .
alias hms = home-manager --flake . switch
alias hmr = do { cd ~/projects/nix-configurations; nix flake lock --update-input dotfiles; home-manager --flake .#(whoami)@(hostname) switch }
alias tsu = sudo tailscale up
alias tsd = sudo tailscale down
alias vi = nvim
alias vim = nvim
def history_fuzzy [] {
let selected = (
history
| reverse
| get command
| uniq
| to text
| ^fzf
)
if ($selected | is-not-empty) {
commandline edit ($selected)
} else {
null
}
}
def --env dir_fuzzy [] {
let selected = (
fd --type directory
| ^fzf
)
cd $selected
}
def find_fuzzy [] {
# Find non-hidden text files with matches for any content and select one via fuzzy search
let selected = (
^fd --type file --no-hidden -X rg -l --files-with-matches .
| lines
| to text
| ^fzf
)
if ($selected | is-not-empty) {
^$env.EDITOR $selected
}
}
$env.config = {
keybindings: [
{
name: history_fuzzy
modifier: control
keycode: char_r
mode: [emacs, vi_insert, vi_normal]
event: [
{
send: executehostcommand
cmd: "history_fuzzy"
}
]
}
{
name: dir_fuzzy
modifier: alt
keycode: char_c
mode: [emacs, vi_insert, vi_normal]
event: [
{
send: executehostcommand
cmd: "dir_fuzzy"
}
]
}
{
name: history_fuzzy
modifier: control
keycode: char_t
mode: [emacs, vi_insert, vi_normal]
event: [
{
send: executehostcommand
cmd: "find_fuzzy"
}
]
}
]
}
'';
};
};
}
home/features/cli/secrets.nix
+21
View File
@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.secrets;
in {
options.features.cli.secrets.enable = mkEnableOption "enable secrets";
config = mkIf cfg.enable {
programs.password-store = {
enable = true;
package =
pkgs.pass-wayland.withExtensions
(exts: [exts.pass-otp exts.pass-import]);
};
home.packages = with pkgs; [pinentry-gnome3];
};
}
home/features/cli/starship.nix
+68
View File
@@ -0,0 +1,68 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.starship;
in {
options.features.cli.starship.enable = mkEnableOption "enable starship prompt";
config = mkIf cfg.enable {
programs.starship = {
enable = true;
enableFishIntegration = true;
enableNushellIntegration = true;
settings = {
format = "$all$character";
palette = "universal";
palettes.universal = {
background = "#${config.colorScheme.palette.base00}";
surface = "#${config.colorScheme.palette.base01}";
muted = "#${config.colorScheme.palette.base03}";
text = "#${config.colorScheme.palette.base05}";
bright = "#${config.colorScheme.palette.base07}";
accent1 = "#${config.colorScheme.palette.base08}";
accent2 = "#${config.colorScheme.palette.base09}";
accent3 = "#${config.colorScheme.palette.base0A}";
accent4 = "#${config.colorScheme.palette.base0B}";
accent5 = "#${config.colorScheme.palette.base0C}";
accent6 = "#${config.colorScheme.palette.base0D}";
accent7 = "#${config.colorScheme.palette.base0E}";
};
character = {
success_symbol = "[](accent7)";
error_symbol = "[](accent1)";
};
directory = {
style = "accent6";
truncation_length = 3;
truncate_to_repo = false;
};
git_branch = {
style = "accent7";
};
git_status = {
style = "accent5";
};
cmd_duration = {
style = "accent3";
};
hostname = {
style = "accent4";
};
username = {
style_user = "accent2";
};
};
};
};
}
home/features/cli/zellij.nix
+32
View File
@@ -0,0 +1,32 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.zellij;
in {
options.features.cli.zellij.enable = mkEnableOption "enable tmux";
config = mkIf cfg.enable {
programs.zellij = {
enable = true;
settings = {
theme = "universal";
themes.universal = {
bg = "#${config.colorScheme.palette.base00}";
fg = "#${config.colorScheme.palette.base05}";
black = "#${config.colorScheme.palette.base01}";
red = "#${config.colorScheme.palette.base08}";
green = "#${config.colorScheme.palette.base0B}";
yellow = "#${config.colorScheme.palette.base0A}";
blue = "#${config.colorScheme.palette.base0D}";
magenta = "#${config.colorScheme.palette.base0E}";
cyan = "#${config.colorScheme.palette.base0C}";
white = "#${config.colorScheme.palette.base07}";
orange = "#${config.colorScheme.palette.base09}";
};
};
};
};
}
home/features/coding/default.nix
+39
View File
@@ -0,0 +1,39 @@
{pkgs, ...}: {
imports = [
./opencode.nix
];
home.packages = with pkgs; [
agenix-cli
alejandra
bc
bun
devpod
#devpod-desktop
code2prompt
gnumake
cmake
(python3.withPackages (ps:
with ps; [
pip
uv
# Scientific packages
numba
numpy
torch
srt
]))
pyrefly
nixd
nodejs
opencode-desktop
(qmd.override {
vulkanSupport = true;
cudaSupport = false;
})
alejandra
sidecar
tailwindcss
tailwindcss-language-server
td
];
}
home/features/coding/opencode.nix
+169
View File
@@ -0,0 +1,169 @@
{inputs, ...}: {
xdg.configFile = {
"opencode/commands" = {
source = "${inputs.agents}/commands";
recursive = true;
};
"opencode/context" = {
source = "${inputs.agents}/context";
recursive = true;
};
"opencode/prompts" = {
source = "${inputs.agents}/prompts";
recursive = true;
};
"opencode/skills" = {
source = "${inputs.agents}/skills";
recursive = true;
};
"opencode/rules" = {
source = "${inputs.agents}/rules";
recursive = true;
};
};
programs.opencode = {
enable = true;
settings = {
theme = "opencode";
plugin = ["oh-my-opencode" "opencode-antigravity-auth@beta"];
agent =
builtins.fromJSON
(builtins.readFile "${inputs.agents}/agents/agents.json");
formatter = {
alejandra = {
command = ["alejandra" "-q" "-"];
extensions = [".nix"];
};
};
mcp = {
Ref = {
type = "local";
command = [
"sh"
"-c"
"REF_API_KEY=$(cat /run/agenix/ref-key) exec bunx ref-tools-mcp@latest"
];
enabled = true;
};
Anytype = {
type = "local";
command = [
"sh"
"-c"
"OPENAPI_MCP_HEADERS=$(cat /run/agenix/anytype-key) exec bunx @anyproto/anytype-mcp"
];
enabled = false;
};
Basecamp = {
type = "local";
command = [
"/home/m3tam3re/p/AI/Basecamp-MCP-Server/venv/bin/python"
"/home/m3tam3re/p/AI/Basecamp-MCP-Server/basecamp_fastmcp.py"
];
environment = {
PYTHONPATH = "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server";
VIRTUAL_ENV = "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server/venv";
BASECAMP_ACCOUNT_ID = "5996442";
};
enabled = false;
};
Exa = {
type = "local";
command = [
"sh"
"-c"
"EXA_API_KEY=$(cat /run/agenix/exa-key) exec bunx exa-mcp-server@latest tools=web_search_exa"
];
enabled = true;
};
Outline = {
type = "local";
command = [
"sh"
"-c"
"OUTLINE_API_KEY=$(cat /run/agenix/outline-key) OUTLINE_API_URL=https://wiki.az-gruppe.com/api OUTLINE_DISABLE_DELETE=true exec uv tool run mcp-outline"
];
enabled = false;
};
};
provider = {
litellm = {
npm = "@ai-sdk/openai-compatible";
name = "LiteLLM (AZ-Gruppe)";
options.baseURL = "https://llm.az-gruppe.com/v1";
models = {
"gpt-5.2" = {
name = "GPT-5.2";
limit = {
context = 200000;
output = 16384;
};
modalities = {
input = ["text" "image"];
output = ["text"];
};
};
"claude-sonnet-4-6" = {
name = "Claude Sonnet 4.6";
limit = {
context = 200000;
output = 16000;
};
modalities = {
input = ["text" "image"];
output = ["text"];
};
};
"claude-opus-4-6" = {
name = "Claude Opus 4.6";
limit = {
context = 200000;
output = 32000;
};
modalities = {
input = ["text" "image"];
output = ["text"];
};
};
};
};
};
};
};
home.file.".config/opencode/oh-my-opencode.json".text = builtins.toJSON {
"$schema" = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json";
# google_auth removed - use opencode-antigravity-auth plugin instead (already in plugin array)
agents = {
sisyphus = {model = "zai-coding-plan/glm-5";};
oracle = {model = "zai-coding-plan/glm-5";};
librarian = {model = "zai-coding-plan/glm-5";};
explore = {model = "zai-coding-plan/glm-4.5-air";};
multimodal-looker = {model = "zai-coding-plan/glm-4.6v";};
prometheus = {model = "zai-coding-plan/glm-5";};
metis = {model = "zai-coding-plan/glm-5";};
momus = {model = "zai-coding-plan/glm-5";};
atlas = {model = "zai-coding-plan/glm-5";};
};
categories = {
visual-engineering = {model = "zai-coding-plan/glm-5";};
ultrabrain = {model = "zai-coding-plan/glm-5";};
artistry = {model = "zai-coding-plan/glm-5";};
quick = {model = "zai-coding-plan/glm-5";};
unspecified-low = {model = "zai-coding-plan/glm-5";};
unspecified-high = {model = "zai-coding-plan/glm-5";};
writing = {model = "zai-coding-plan/glm-5";};
};
disabled_mcps = ["context7" "websearch"];
disabled_hooks = ["comment-checker"];
git_master = {
commit_footer = false;
include_co_authored_by = false;
};
experimental = {
truncate_all_tool_outputs = true;
aggressive_truncation = false;
};
};
}
home/features/desktop/AGENTS.md
+79
View File
@@ -0,0 +1,79 @@
# DESKTOP FEATURES (home-manager)
**Wayland/Hyprland environment with color-coordinated tooling**
## OVERVIEW
12 modular desktop features with nix-colors (Dracula) integration across all components.
## STRUCTURE
```
desktop/
├── default.nix # Imports + XDG + Kitty config
├── coding.nix # Development tools (VSCode, etc.)
├── crypto.nix # Crypto wallets/tools
├── fonts.nix # Font packages
├── gaming.nix # Gaming tools/Steam
├── hyprland.nix # Hyprland WM configuration
├── media.nix # Media players/editors
├── office.nix # LibreOffice, document tools
├── rofi.nix # Application launcher
├── theme.nix # GTK/Qt theming
├── wayland.nix # Wayland utilities
└── webapps.nix # Browser-based apps
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add desktop app | Relevant feature .nix | Update home.packages |
| Configure Hyprland | hyprland.nix | Window manager settings |
| Fix colors | Check colorScheme references | Uses config.colorScheme.palette.base* |
| Add font | fonts.nix | Increases system closure size |
## CONVENTIONS
### Color Scheme Integration
All color-aware tools reference `config.colorScheme.palette.base00` through `base0F`:
- **base00-07**: Grayscale (dark to light)
- **base08**: Red/errors
- **base09**: Orange
- **base0A**: Yellow/strings
- **base0B**: Green/functions
- **base0C**: Cyan
- **base0D**: Blue/types
- **base0E**: Purple/constants
- **base0F**: Brown
Template:
```nix
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
```
### Session Variables
Set in default.nix for Wayland/Hyprland:
```nix
NIXOS_OZONE_WL = "1";
QT_QPA_PLATFORM = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
```
### XDG Defaults
- **PDF**: okular
- **Text**: nvim
- **Browser**: Zen (io.github.zen_browser.zen)
- **Archive**: file-roller
## ANTI-PATTERNS
- **DON'T** hardcode hex colors - use colorScheme palette
- **DON'T** install fonts globally - keep in user packages
- **DON'T** bypass XDG defaults - set in mimeApps
## NOTES
- Kitty terminal configured in default.nix (not separate file)
- Bibata-Modern-Ice cursor theme hardcoded
- Session path includes cargo, npm-global, bun
- Desktop features are always-enabled (no feature flags in this dir)
home/features/desktop/coding.nix
+23
View File
@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.coding;
in {
options.features.desktop.coding.enable =
mkEnableOption "install coding related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
bruno
insomnia
];
coding.editors = {
neovim.enable = true;
zed.enable = true;
};
};
}
home/features/desktop/crypto.nix
+15
View File
@@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.crypto;
in {
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq2 monero-gui trezor-suite];
};
}
home/features/desktop/default.nix
+177
View File
@@ -0,0 +1,177 @@
{
config,
pkgs,
...
}: {
imports = [
./coding.nix
./crypto.nix
./fonts.nix
./gaming.nix
./hyprland.nix
./media.nix
./obsidian.nix
./office.nix
./rofi.nix
./theme.nix
./wallpapers.nix
./wayland.nix
./webapps.nix
];
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
"application/md" = ["nvim.desktop"];
"application/text" = ["nvim.desktop"];
"x-scheme-handler/http" = ["io.github.zen_browser.zen"];
"x-scheme-handler/https" = ["io.github.zen_browser.zen"];
};
};
userDirs = {
enable = true;
createDirectories = true;
};
};
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
NIXOS_OZONE_WL = "1";
TERMINAL = "kitty";
QT_QPA_PLATFORM = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
XDG_SESSION_DESKTOP = "Hyprland";
};
home.sessionPath = ["\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" "$HOME/.cache/.bun/bin"];
fonts.fontconfig.enable = true;
programs.kitty = {
enable = true;
shellIntegration = {
enableFishIntegration = true;
enableBashIntegration = true;
};
font = {name = "Fira Code";};
settings = {
copy_on_select = "yes";
# Base colors
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
selection_foreground = "#${config.colorScheme.palette.base07}";
selection_background = "#${config.colorScheme.palette.base02}";
# URL color
url_color = "#${config.colorScheme.palette.base08}";
# Cursor
cursor = "#${config.colorScheme.palette.base05}";
cursor_text_color = "#${config.colorScheme.palette.base00}";
# Colors 0-15
color0 = "#${config.colorScheme.palette.base01}";
color8 = "#${config.colorScheme.palette.base03}";
color1 = "#${config.colorScheme.palette.base08}";
color9 = "#${config.colorScheme.palette.base08}";
color2 = "#${config.colorScheme.palette.base0B}";
color10 = "#${config.colorScheme.palette.base0B}";
color3 = "#${config.colorScheme.palette.base0A}";
color11 = "#${config.colorScheme.palette.base0A}";
color4 = "#${config.colorScheme.palette.base0D}";
color12 = "#${config.colorScheme.palette.base0D}";
color5 = "#${config.colorScheme.palette.base0E}";
color13 = "#${config.colorScheme.palette.base0E}";
color6 = "#${config.colorScheme.palette.base0C}";
color14 = "#${config.colorScheme.palette.base0C}";
color7 = "#${config.colorScheme.palette.base05}";
color15 = "#${config.colorScheme.palette.base07}";
# Tab colors
active_tab_foreground = "#${config.colorScheme.palette.base00}";
active_tab_background = "#${config.colorScheme.palette.base05}";
inactive_tab_foreground = "#${config.colorScheme.palette.base05}";
inactive_tab_background = "#${config.colorScheme.palette.base01}";
# Mark colors
mark1_foreground = "#${config.colorScheme.palette.base00}";
mark1_background = "#${config.colorScheme.palette.base08}";
};
};
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 20;
};
home.packages = with pkgs; [
appimage-run
# blueberry
bemoji
brave
# brightnessctl
# clipman
distrobox
launch-webapp
# eww
# firefox-devedition
file-roller
hyprpanel
seahorse
sushi
# glib
# google-chrome
# gsettings-desktop-schemas
# graphviz
ksnip
msty-studio
nwg-look
# pamixer
# pavucontrol
# libsForQt5.qtstyleplugins
# stable.nyxt
# pcmanfm
rose-pine-hyprcursor
# qt5ct
# qt6.qtwayland
#rustdesk
# socat
# unrar
# unzip
# usbutils
# v4l-utils
remmina
slack
telegram-desktop
vivaldi
vivaldi-ffmpeg-codecs
# wl-clipboard
# wlogout
# wtype
# xdg-utils
# ydotool
# zip
];
}
home/features/desktop/fonts.nix
+24
View File
@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.fonts;
in {
options.features.desktop.fonts.enable =
mkEnableOption "install additional fonts for desktop apps";
config = mkIf cfg.enable {
home.packages = with pkgs; [
fira-code
fira-code-symbols
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
font-manager
font-awesome_5
noto-fonts
];
};
}
home/features/desktop/gaming.nix
+22
View File
@@ -0,0 +1,22 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.gaming;
in {
options.features.desktop.gaming.enable =
mkEnableOption "install gaming related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
gamescope
gamemode
goverlay
mangohud
protonplus
];
};
}
home/features/desktop/hyprland.nix
+317
View File
@@ -0,0 +1,317 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
options.features.desktop.hyprland.enable =
mkEnableOption "Hyprland related stuff";
config = mkIf cfg.enable {
wayland.windowManager.hyprland = {
settings = {
xwayland = {
force_zero_scaling = true;
};
exec-once = [
"hyprpanel"
"while ! hyprpaper-random; do sleep 0.5; done"
"wl-paste --type text --watch cliphist store" # Stores only text data
"wl-paste --type image --watch cliphist store" # Stores only image data "wl-paste -p -t text --watch clipman store -P --histpath=\"~/.local/share/clipman-primary.json\""
];
env = [
"XCURSOR_SIZE,32"
"HYPRCURSOR_THEME,Bibata-Modern-Ice"
"WLR_NO_HARDWARE_CURSORS,1"
"GTK_THEME,Dracula"
"XDG_CURRENT_DESKTOP,Hyprland"
"XDG_SESSION_TYPE,wayland"
"XDG_SESSION_DESKTOP,Hyprland"
"NIXOS_OZONE_WL,1"
];
input = {
kb_layout = "de,us";
kb_variant = "";
kb_model = "";
kb_rules = "";
kb_options = "ctrl:nocaps";
follow_mouse = 1;
};
general = {
gaps_in = 5;
gaps_out = 5;
border_size = 1;
# Keeping the existing active border as requested
"col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg";
"col.inactive_border" = "rgba(${config.colorScheme.palette.base03}aa)";
layout = "dwindle";
};
decoration = {
shadow = {
enabled = true;
range = 60;
render_power = 3;
color = "rgba(${config.colorScheme.palette.base00}66)";
offset = "1 2";
scale = 0.97;
};
rounding = 8;
blur = {
enabled = true;
size = 3;
passes = 3;
};
active_opacity = 0.9;
inactive_opacity = 0.5;
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master = {
new_status = "master";
};
device = [
{
name = "epic-mouse-v1";
sensitivity = -0.5;
}
{
name = "zsa-technology-labs-moonlander-mark-i";
kb_layout = "us";
}
{
name = "keychron-keychron-k7";
kb_layout = "us";
}
];
windowrule = [
# Floating dialogs
"match:class file_progress, float on"
"match:class confirm, float on"
"match:class dialog, float on"
"match:class download, float on"
"match:class notification, float on"
"match:class error, float on"
"match:class splash, float on"
"match:class confirmreset, float on"
"match:title Open File, float on"
"match:title branchdialog, float on"
"match:class pavucontrol-qt, float on"
"match:class pavucontrol, float on"
"match:class class:^(espanso)$, float on"
# wlogout
"match:class wlogout, fullscreen on"
"match:title wlogout, float on"
"match:title wlogout, fullscreen on"
# mpv
"match:class mpv, float on"
"match:class mpv, idle_inhibit focus"
"match:class mpv, opacity 1.0 override"
# Media/Volume/PiP
"match:title ^(Media viewer)$, float on"
"match:title ^(Volume Control)$, float on"
"match:title ^(Picture-in-Picture)$, float on"
# Pomodoro timer
"match:title ^(floating-pomodoro)$, float on"
"match:title ^(floating-pomodoro)$, size 250 50"
"match:title ^(floating-pomodoro)$, move 12 (monitor_h-150)"
"match:title ^(floating-pomodoro)$, pin on"
# Streamlabs overlays
"match:initial_title .*streamlabs.com.*, float on"
"match:initial_title .*streamlabs.com.*, pin on"
"match:initial_title .*streamlabs.com.*, size 800 400"
"match:initial_title .*alert-box.*, move 100%-820 102"
"match:initial_title .*chat-box.*, move 100%-820 512"
"match:initial_title .*streamlabs.com.*, opacity 0.5 override"
"match:initial_title .*streamlabs.com.*, idle_inhibit focus"
"match:initial_title .*streamlabs.com.*, no_anim on"
"match:initial_title .*streamlabs.com.*, decorate off"
"match:initial_title .*streamlabs.com.*, no_shadow on"
"match:initial_title .*streamlabs.com.*, no_blur on"
"border_color rgb(ffffff), match:xwayland 1"
];
"$mainMod" = "SUPER";
"$terminal" = "kitty";
bind = [
"$mainMod, return, exec, $terminal nu -c zellij-ps"
# "$mainMod, t, exec, warp-terminal"
"$mainMod, t, exec, $terminal -e nu -c 'nitch; exec nu'"
"$mainMod SHIFT, t, exec, launch-timer"
"$mainMod, n, exec, $terminal -e nvim"
"$mainMod, z, exec, uwsm app -- zeditor"
"$mainMod, o, exec, hyprctl dispatch setprop activewindow opaque toggle"
"$mainMod, r, exec, hyprctl dispatch focuswindow \"initialtitle:.*alert-box.*\" && hyprctl dispatch moveactive exact 4300 102 && hyprctl dispatch focuswindow \"initialtitle:.*chat-box.*\" && hyprctl dispatch moveactive exact 4300 512"
"$mainMod, b, exec, uwsm app -- thunar"
"$mainMod SHIFT, B, exec, uwsm app -- vivaldi"
"$mainMod, Escape, exec, uwsm app -- wlogout -p layer-shell"
"$mainMod, Space, togglefloating"
"$mainMod, q, killactive"
"$mainMod, M, exit"
"$mainMod, F, fullscreen"
"$mainMod SHIFT, V, togglefloating"
"$mainMod, D, exec, uwsm app -- rofi -show drun -run-command \"uwsm app -- {cmd}\""
"$mainMod, V, exec, uwsm app -- cliphist list | rofi -dmenu | cliphist decode | wl-copy"
"$mainMod, C, exec, bash -c 'FILE=/tmp/screenshot_$(date +%s).png; grim -g \"$(slurp)\" \"$FILE\" && ksnip \"$FILE\"'"
"$mainMod SHIFT, S, exec, uwsm app -- rofi -show emoji"
"$mainMod, P, exec, uwsm app -- rofi-pass"
"$mainMod SHIFT, P, pseudo"
"$mainMod, R, exec, stt-ptt start"
"$mainMod, J, togglesplit"
"$mainMod, h, movefocus, l"
"$mainMod, l, movefocus, r"
"$mainMod, k, movefocus, u"
"$mainMod, j, movefocus, d"
"$mainMod, 1, workspace, 1"
"$mainMod, 2, workspace, 2"
"$mainMod, 3, workspace, 3"
"$mainMod, 4, workspace, 4"
"$mainMod, 5, workspace, 5"
"$mainMod, 6, workspace, 6"
"$mainMod, 7, workspace, 7"
"$mainMod, 8, workspace, 8"
"$mainMod, 9, workspace, 9"
"$mainMod, 0, workspace, 10"
"$mainMod SHIFT, 1, movetoworkspace, 1"
"$mainMod SHIFT, 2, movetoworkspace, 2"
"$mainMod SHIFT, 3, movetoworkspace, 3"
"$mainMod SHIFT, 4, movetoworkspace, 4"
"$mainMod SHIFT, 5, movetoworkspace, 5"
"$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 0, movetoworkspace, 10"
"$mainMod, mouse_down, workspace, e+1"
"$mainMod, mouse_up, workspace, e-1"
];
bindr = [
"$mainMod, R, exec, stt-ptt stop"
];
bindm = [
"$mainMod, mouse:272, movewindow"
"$mainMod, mouse:273, resizewindow"
];
};
};
services.hypridle = {
enable = true;
settings = {
general = {
before_sleep_cmd = "hyprlock";
after_sleep_cmd = "hyprctl dispatch dpms on";
inhibit_sleep = 3;
};
listener = [
{
timeout = 300; # 5 min
on-timeout = "hyprlock";
}
{
timeout = 420; # 5.5 min
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
];
};
};
services.hyprpaper.enable = true;
programs.hyprlock = {
enable = true;
settings = {
"$font" = "JetBrainsMono Nerd Font";
"$base" = "rgb(${config.colorScheme.palette.base00})";
"$text" = "rgb(${config.colorScheme.palette.base05})";
"$textAlpha" = "${config.colorScheme.palette.base05}";
"$accentAlpha" = "${config.colorScheme.palette.base0D}";
"$red" = "rgb(${config.colorScheme.palette.base08})";
"$yellow" = "rgb(${config.colorScheme.palette.base0A})";
general = {
hide_cursor = true;
};
background = {
monitor = "";
path = "${config.home.homeDirectory}/.config/hypr/wallpapers/wallhaven-lmmo8r.jpg";
blur_passes = 0;
color = "rgb(${config.colorScheme.palette.base00})";
};
label = [
{
monitor = "";
text = "$TIME";
color = "$text";
font_size = 90;
font_family = "$font";
position = "30, 0";
halign = "left";
valign = "top";
}
{
monitor = "";
text = ''cmd[update:43200000] echo "$(date +"%A, %d %B %Y")"'';
color = "$text";
font_size = 25;
font_family = "$font";
position = "30, -150";
halign = "left";
valign = "top";
}
];
input-field = [
{
monitor = "";
size = "300, 60";
outline_thickness = 4;
dots_size = 0.2;
dots_spacing = 0.2;
dots_center = true;
outer_color = "rgb(${config.colorScheme.palette.base0D})";
inner_color = "rgb(${config.colorScheme.palette.base00})";
font_color = "rgb(${config.colorScheme.palette.base05})";
fade_on_empty = false;
placeholder_text = ''<span foreground="##${config.colorScheme.palette.base05}">󰌾 Logged in as <span foreground="##${config.colorScheme.palette.base0D}">$USER</span></span>'';
hide_input = false;
check_color = "rgb(${config.colorScheme.palette.base0D})";
fail_color = "rgb(${config.colorScheme.palette.base08})";
fail_text = ''<i>$FAIL <b>($ATTEMPTS)</b></i>'';
capslock_color = "rgb(${config.colorScheme.palette.base0A})";
position = "0, -35";
halign = "center";
valign = "center";
}
];
};
};
};
}
home/features/desktop/media.nix
+56
View File
@@ -0,0 +1,56 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.media;
in {
options.features.desktop.media.enable =
mkEnableOption "enable media features";
config = mkIf cfg.enable {
home.packages = with pkgs; [
# handbrake
# kdePackages.kdenlive
# makemkv
# mediainfo
amf
blueberry
ffmpeg_6-full
gimp
gst_all_1.gstreamer
gst_all_1.gst-vaapi
handbrake
inkscape
kdePackages.kdenlive
libation
#makemkv
pamixer
pavucontrol
qpwgraph
v4l-utils
plexamp
# uxplay
# vlc
webcord
# yt-dlp
unimatrix
];
programs = {
mpv = {
enable = true;
bindings = {
WHEEL_UP = "seek 10";
WHEEL_DOWN = "seek -10";
};
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo+bestaudio";
};
};
};
};
}
home/features/desktop/obsidian.nix
+25
View File
@@ -0,0 +1,25 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.obsidian;
in {
options.features.desktop.obsidian.enable =
mkEnableOption "enable Obsidian knowledge base";
config = mkIf cfg.enable {
programs.obsidian.enable = true;
xdg.mimeApps = {
enable = true;
associations.added = {
"text/markdown" = ["obsidian.desktop"];
};
defaultApplications = {
"text/markdown" = ["obsidian.desktop"];
};
};
};
}
home/features/desktop/office.nix
+18
View File
@@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.office;
in {
options.features.desktop.office.enable =
mkEnableOption "install office and paperwork stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
libreoffice-fresh
];
};
}
home/features/desktop/rofi.nix
+206
View File
@@ -0,0 +1,206 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.features.desktop.rofi;
in {
options.features.desktop.rofi.enable = mkEnableOption "enable rofi";
config = mkIf cfg.enable {
programs.rofi = with pkgs; {
enable = true;
package = rofi.override {
plugins = [
rofi-calc
rofi-emoji
stable.rofi-file-browser
];
};
pass = {
enable = true;
package = rofi-pass-wayland;
};
terminal = "\${pkgs.kitty}/bin/kitty";
font = "Fira Code";
extraConfig = {
show-icons = true;
disable-history = false;
modi = "drun,calc,emoji,filebrowser";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
theme = let
inherit (config.colorScheme) palette;
in
builtins.toString (pkgs.writeText "rofi-universal-theme.rasi" ''
* {
/* Universal theme colors from nix-colors */
background: #${palette.base00};
surface: #${palette.base01};
overlay: #${palette.base02};
muted: #${palette.base03};
subtle: #${palette.base04};
text: #${palette.base05};
bright-text: #${palette.base06};
highlight: #${palette.base07};
accent1: #${palette.base08};
accent2: #${palette.base09};
accent3: #${palette.base0A};
accent4: #${palette.base0B};
accent5: #${palette.base0C};
accent6: #${palette.base0D};
accent7: #${palette.base0E};
accent8: #${palette.base0F};
/* Global properties */
background-color: @background;
text-color: @text;
font: "Fira Code 12";
border: 0;
margin: 0;
padding: 0;
spacing: 0;
}
window {
background-color: @background;
border: 1px;
border-color: @accent7;
border-radius: 6px;
width: 40%;
padding: 16px;
}
inputbar {
children: [ prompt, entry ];
spacing: 12px;
padding: 8px;
border-radius: 4px;
background-color: @surface;
}
prompt {
text-color: @accent7;
background-color: transparent;
}
entry {
placeholder: "Search...";
placeholder-color: @subtle;
text-color: @text;
background-color: transparent;
cursor-color: @accent7;
}
message {
background-color: @surface;
border-radius: 4px;
padding: 8px;
margin: 8px 0;
}
textbox {
text-color: @text;
background-color: transparent;
}
listview {
background-color: transparent;
margin: 8px 0 0;
lines: 10;
columns: 1;
fixed-height: true;
scrollbar: false;
}
element {
background-color: transparent;
text-color: @text;
padding: 8px;
border-radius: 4px;
spacing: 8px;
}
element normal.normal {
background-color: transparent;
text-color: @text;
}
element selected.normal {
background-color: @accent7;
text-color: @background;
}
element alternate.normal {
background-color: transparent;
text-color: @text;
}
element-icon {
background-color: transparent;
size: 24px;
}
element-text {
background-color: transparent;
text-color: inherit;
vertical-align: 0.5;
}
mode-switcher {
spacing: 0;
background-color: @surface;
border-radius: 4px;
margin: 8px 0 0;
}
button {
padding: 8px 16px;
background-color: transparent;
text-color: @text;
border-radius: 4px;
}
button selected {
background-color: @accent7;
text-color: @background;
}
/* Scrollbar */
scrollbar {
width: 4px;
border: 0;
handle-color: @accent7;
handle-width: 4px;
padding: 0;
}
'');
};
cli.rofi-project-opener = {
enable = true;
projectDirs = {
AI = {
path = "~/p/AI";
args = "";
};
CHAT = {
path = "~/p/CHAT";
args = "--agent chiron";
};
MISC = {
path = "~/p/MISC";
args = "--agent chiron-forge";
};
NIX = {
path = "~/p/NIX";
args = "";
};
};
terminal = pkgs.kitty;
terminalCommand = "opencode %a";
};
};
}
home/features/desktop/theme.nix
+20
View File
@@ -0,0 +1,20 @@
{
pkgs,
...
}: {
qt = {
enable = true;
platformTheme.name = "gtk";
};
gtk = {
enable = true;
theme = {
name = "Dracula";
package = pkgs.dracula-theme;
};
iconTheme = {
name = "Dracula";
package = pkgs.dracula-icon-theme;
};
};
}
home/features/desktop/wallpapers.nix
+18
View File
@@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.wallpapers;
in {
options.features.desktop.wallpapers = mkEnableOption "Wallpapers for Hyprland";
config = mkIf cfg {
xdg.configFile."hypr/wallpapers" = {
source = ../../m3tam3re/wallpapers;
recursive = true;
};
};
}
home/features/desktop/wayland.nix
+29
View File
@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.wayland;
in {
options.features.desktop.wayland.enable = mkEnableOption "wayland extra tools and config";
config = mkIf cfg.enable {
home.packages = with pkgs; [
grim
hyprcursor
hyprlock
hyprpaper
qt6.qtwayland
slurp
waypipe
wl-clipboard
wf-recorder
wl-mirror
wlogout
wtype
ydotool
];
};
}
home/features/desktop/webapps.nix
+55
View File
@@ -0,0 +1,55 @@
{
pkgs,
lib,
...
}: let
icons = {
teams = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/microsoft-teams.svg";
sha256 = "sha256-Pr9QS8nnXJq97r4/G3c6JXi34zxHl0ps9gcyI8cN/s8=";
};
outlook = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/microsoft-outlook.svg";
sha256 = "sha256-3u8t5QNHFZvrAegxBiGicO4PjtMWhEaQSCv7MSSfLLc=";
};
opencode = pkgs.fetchurl {
url = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/opencode-dark.svg";
sha256 = "1lms4f8habamvdh2qqqz9psx4py9wx23mmlkkds44pvrbq3bkj3n";
};
};
in {
xdg.desktopEntries = {
teams = {
name = "Microsoft Teams";
exec = "launch-webapp https://teams.microsoft.com";
comment = "Open Microsoft Teams as a Desktop App";
categories = ["Application" "Network" "Chat"];
terminal = false;
icon = icons.teams;
};
outlook = {
name = "Microsoft Outlook";
exec = "launch-webapp https://outlook.office.com/mail/";
comment = "Open Microsoft Outlook as a Desktop App";
categories = ["Application" "Network"];
terminal = false;
icon = icons.outlook;
};
basecamp = {
name = "Basecamp";
exec = "launch-webapp https://3.basecamp.com/5996442/";
comment = "Open Basecamp as a Desktop App";
categories = ["Application" "Network"];
terminal = false;
icon = "/home/sascha.koenig/.local/share/icons/basecamp-logo.png";
};
opencode = {
name = "Opencode";
exec = "rofi-project-opener";
comment = "Open Opencode Terminal App";
categories = ["Application" "Development"];
terminal = false;
icon = icons.opencode;
};
};
}
home/m3tam3re/home-server.nix
+120
View File
@@ -0,0 +1,120 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "24.11"; # Please read the comment before changing.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
programs.git = {
enable = true;
settings = {
user = {
name = "m3tm3re";
email = "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
# programs.zellij-ps = {
# enable = true;
# projectFolders = [
# "${config.home.homeDirectory}/p/c"
# "${config.home.homeDirectory}/p"
# "${config.home.homeDirectory}/.config"
# ];
# layout = ''
# layout {
# pane size=1 borderless=true {
# plugin location="zellij:tab-bar"
# }
# pane size="70%" command="nvim"
# pane split_direction="vertical" {
# pane
# pane command="unimatrix"
# }
# pane size=1 borderless=true {
# plugin location="zellij:status-bar"
# }
# }
# '';
# };
}
home/m3tam3re/home.nix
+250
View File
@@ -0,0 +1,250 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "24.11"; # Please read the comment before changing.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
libgtop
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
services.cliphist = {
enable = true;
allowImages = true;
};
programs.git = {
enable = true;
settings = {
user = {
name = "m3tm3re";
email = "p@m3ta.dev";
};
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
alias = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
};
programs.difftastic.enable = true;
programs.jujutsu = {
enable = true;
settings = {
user = {
email = "m@m3tam3re.com";
name = "Sascha Koenig";
};
};
};
programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"AZ-CLD-1" = {
hostname = "152.53.186.119";
user = "sascha.koenig";
port = 2022;
identityFile = "~/.ssh/sascha.koenig";
};
"github.com" = {
hostname = "github.com";
user = "m3tam3re";
port = 22;
identityFile = "~/.ssh/github";
};
"nikhil" = {
hostname = "91.99.176.80";
user = "nikhilmaddirala";
identityFile = "~/.ssh/m3tam3re";
};
"code.m3ta.dev" = {
hostname = "code.m3ta.dev";
user = "m3tam3re";
identityFile = "~/.ssh/gitea";
};
"git.az-gruppe.com" = {
hostname = "git.az-gruppe.com";
port = 2022;
user = "sascha.koenig";
identityFile = "~/.ssh/sascha.koenig";
};
"lkk-nix-1" = {
hostname = "89.58.10.189";
user = "lkk-admin";
identityFile = "~/.ssh/lkk-admin";
};
"m3-r1" = {
hostname = "202.61.226.110";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-test" = {
hostname = "192.168.122.215";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-1" = {
hostname = "192.168.0.24";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-2" = {
hostname = "192.168.0.20";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"m3-deck" = {
hostname = "192.168.178.193";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-kratos-vm" = {
hostname = "192.168.122.43";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-helios" = {
hostname = "192.168.178.210";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-ares" = {
hostname = "192.168.1.30";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-atlas" = {
hostname = "152.53.85.162";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-zelda" = {
hostname = "95.217.189.186";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-skynet" = {
hostname = "m3-skynet";
user = "admin";
identityFile = "~/.ssh/m3tam3re";
};
"m3-prox-1" = {
hostname = "192.168.1.110";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"shp-old" = {
hostname = "95.217.3.250";
port = 2222;
user = "m3tam3re";
identityFile = "~/.ssh/self-host-playbook";
};
"shp-1" = {
hostname = "95.217.189.186";
port = 2222;
user = "m3tam3re";
identityFile = "~/.ssh/self-host-playbook";
};
};
};
# programs.zellij-ps = {
# enable = true;
# projectFolders = [
# "${config.home.homeDirectory}/p/c"
# "${config.home.homeDirectory}/p"
# "${config.home.homeDirectory}/.config"
# ];
# layout = ''
# layout {
# pane size=1 borderless=true {
# plugin location="zellij:tab-bar"
# }
# pane size="70%" command="nvim"
# pane split_direction="vertical" {
# pane
# pane command="unimatrix"
# }
# pane size=1 borderless=true {
# plugin location="zellij:status-bar"
# }
# }
# '';
# };
}
home/m3tam3re/m3-aether.nix
+17
View File
@@ -0,0 +1,17 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}
home/m3tam3re/m3-ares.nix
+97
View File
@@ -0,0 +1,97 @@
{
config,
lib,
...
}:
with lib; {
imports = [
../common
./home.nix
../features/cli
../features/coding
../features/desktop
];
config = mkMerge [
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
fish.enable = true;
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
obsidian.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
wallpapers = true;
};
};
}
(mkIf config.features.desktop.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
exec-once = ["tuxedo-backlight"];
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,1920x1080@120,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1,"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, fullscreen on"
"match:class ^steam_app_\\d+$, workspace 5"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/m3-atlas.nix
+19
View File
@@ -0,0 +1,19 @@
{
imports = [
../common
../features/cli
../features/coding/opencode.nix
./home-server.nix
];
coding.editors.neovim.enable = true;
features = {
cli = {
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
zellij.enable = true;
};
};
}
home/m3tam3re/m3-daedalus.nix
+101
View File
@@ -0,0 +1,101 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
imports = [
../common
./home.nix
../features/cli
../features/coding
../features/desktop
#./services/librechat.nix
];
options.features.desktop.hyprland.enable =
mkEnableOption "enable Hyprland";
config = mkMerge [
# Base configuration
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
fish.enable = true;
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = false;
gaming.enable = false;
hyprland.enable = false;
media.enable = true;
office.enable = false;
rofi.enable = true;
fonts.enable = true;
wayland.enable = false;
};
};
}
(mkIf cfg.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,preferred,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, fullscreen on"
"match:class ^steam_app_\\d+$, workspace 5"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/m3-helios.nix
+17
View File
@@ -0,0 +1,17 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}
home/m3tam3re/m3-kratos.nix
+95
View File
@@ -0,0 +1,95 @@
{
config,
lib,
...
}:
with lib; {
imports = [
../common
./home.nix
../features/cli
../features/coding
../features/desktop
];
config = mkMerge [
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
crypto.enable = true;
coding.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
obsidian.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
wallpapers = true;
};
};
}
(mkIf config.features.desktop.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"DP-1,2560x1440@144,0x0,1"
"DP-2,2560x1440@144,2560x0,1"
];
workspace = [
"1, monitor:DP-1, default:true"
"2, monitor:DP-1"
"3, monitor:DP-1"
"4, monitor:DP-2"
"5, monitor:DP-2"
"6, monitor:DP-2"
"7, monitor:DP-2"
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
];
};
};
})
];
}
home/m3tam3re/wallpapers/wallhaven-28kdom_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.3 MiB

home/m3tam3re/wallpapers/wallhaven-8o8y5o_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.4 MiB

home/m3tam3re/wallpapers/wallhaven-k72v6q_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.7 MiB

home/m3tam3re/wallpapers/wallhaven-l3o7j2_2560x1440.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.5 MiB

home/m3tam3re/wallpapers/wallhaven-lmmo8r.jpg
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.3 MiB

hosts/common/AGENTS.md
+76
View File
@@ -0,0 +1,76 @@
# COMMON HOST CONFIGURATION
**Shared base configuration and abstractions for all hosts**
## OVERVIEW
Common imports, overlays, and custom patterns (extraServices, ports) used across 6 hosts.
## STRUCTURE
```
common/
├── default.nix # Base imports, overlays, nix settings
├── ports.nix # Centralized port registry
├── extraServices/ # Optional service modules
│ ├── default.nix
│ ├── flatpak.nix
│ ├── ollama.nix
│ ├── podman.nix
│ └── virtualisation.nix
└── users/
├── default.nix
└── m3tam3re.nix # Primary user definition
```
## WHERE TO LOOK
| Task | Location | Notes |
|------|----------|-------|
| Add port definition | ports.nix | Use config.m3ta.ports.get |
| Enable optional service | Host config extraServices | Boolean flags |
| Modify overlays | default.nix lines 27-36 | 5 overlay sources |
| Add new user | users/ | Shared across all hosts |
## CONVENTIONS
### Port Registry Pattern
```nix
# Define in ports.nix
definitions = {
myservice = 3099;
};
# Access in host config
config.m3ta.ports.get "myservice" # Returns 3099
```
### extraServices Abstraction
Host configs enable via boolean:
```nix
extraServices = {
podman.enable = true; # Container runtime
ollama.enable = true; # LLM inference
flatpak.enable = false; # Flatpak apps
virtualisation.enable = true; # QEMU/KVM
};
```
### Overlay Precedence (bottom overrides top)
1. stable-packages (nixpkgs-stable)
2. locked-packages (nixpkgs-locked)
3. pinned-packages (nixpkgs-45570c2, nixpkgs-9e58ed7)
4. master-packages (nixpkgs-master)
5. m3ta-nixpkgs (local custom overlay)
## ANTI-PATTERNS
- **DON'T** add host-specific logic to common/ - belongs in hosts/<name>/
- **DON'T** bypass port registry - hardcoded ports break consistency
- **DON'T** modify user shell globally - set per-user if needed
## NOTES
- Nix GC runs weekly, keeps 30 days
- Trusted users: root, m3tam3re
- Default shell: Nushell (set line 77)
- Home-manager integrated at common level, not per-host
- TODO on line 69: ports should only return actually used ports
hosts/common/default.nix
+81
View File
@@ -0,0 +1,81 @@
# Common configuration for all hosts
{
config,
pkgs,
lib,
inputs,
outputs,
system,
...
}: {
imports = [
./extraServices
./ports.nix
./users
inputs.home-manager.nixosModules.home-manager
];
environment.pathsToLink = ["/share/xdg-desktop-portal" "/share/applications"];
home-manager = {
useUserPackages = true;
extraSpecialArgs = {
inherit inputs outputs system;
videoDrivers = config.services.xserver.videoDrivers or [];
};
};
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
#outputs.overlays.additions
#outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.locked-packages
outputs.overlays.pinned-packages
outputs.overlays.master-packages
inputs.m3ta-nixpkgs.overlays.default
inputs.m3ta-nixpkgs.overlays.modifications
(outputs.overlays.mkLlmAgentsOverlay system)
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
nix = {
settings = {
experimental-features = "nix-command flakes";
cores = 2;
max-jobs = 8;
trusted-users = [
"root"
"m3tam3re"
]; # Set users that are allowed to use the flake command
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
optimise.automatic = true;
registry =
(lib.mapAttrs (_: flake: {inherit flake;}))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = ["/etc/nix/path"];
};
users.defaultUserShell = pkgs.nushell;
}
hosts/common/extraServices/default.nix
+8
View File
@@ -0,0 +1,8 @@
{
imports = [
./flatpak.nix
./podman.nix
./ollama.nix
./virtualisation.nix
];
}
hosts/common/extraServices/flatpak.nix
+23
View File
@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.flatpak;
in {
options.extraServices.flatpak.enable = mkEnableOption "enable flatpak";
config = mkIf cfg.enable {
services.flatpak.enable = true;
xdg.portal = {
# xdg desktop intergration (required for flatpak)
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
};
}
hosts/common/extraServices/ollama.nix
+33
View File
@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.ollama;
in {
options.extraServices.ollama.enable = mkEnableOption "enable ollama";
config = mkIf cfg.enable {
services.ollama = {
enable = true;
package =
if config.services.xserver.videoDrivers == ["amdgpu"]
then pkgs.ollama-rocm
else if config.services.xserver.videoDrivers == ["nvidia"]
then pkgs.ollama-cuda
else pkgs.ollama-cpu;
host = "[::]";
openFirewall = true;
environmentVariables = {
OLLAMA_ORIGINS = "https://msty.studio";
OLLAMA_HOST = "0.0.0.0";
};
};
nixpkgs.config = {
rocmSupport = config.services.xserver.videoDrivers == ["amdgpu"];
cudaSupport = config.services.xserver.videoDrivers == ["nvidia"];
};
};
}
hosts/common/extraServices/podman.nix
+33
View File
@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.podman;
in {
options.extraServices.podman.enable = mkEnableOption "enable podman";
config = mkIf cfg.enable {
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [
"--filter=until=24h"
"--filter=label!=important"
];
};
defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
podman-compose
];
};
}
hosts/common/extraServices/virtualisation.nix
+28
View File
@@ -0,0 +1,28 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.virtualisation;
in {
options.extraServices.virtualisation.enable = mkEnableOption "enable virtualisation";
config = mkIf cfg.enable {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
};
};
};
programs.virt-manager.enable = true;
environment = {
systemPackages = [pkgs.qemu];
};
};
}
hosts/common/ports.nix
+74
View File
@@ -0,0 +1,74 @@
{config, ...}: {
m3ta.ports = {
enable = true;
definitions = {
# System services
ssh = 22;
# Web & proxy services
traefik = 80;
traefik-ssl = 443;
# Databases
postgres = 5432;
mysql = 3306;
redis = 6379;
# VPN & networking
wireguard = 51820;
tailscale = 41641;
headscale = 3009;
netbird-stun = 3478;
netbird-proxy = 8443;
netbird-metrics = 9090;
netbird-health = 9000;
# Containers & web apps
gitea = 3030;
baserow = 3001;
ghost = 3002;
wastebin = 3003;
littlelink = 3004;
searx = 3005;
restreamer = 3006;
paperless = 3012;
vaultwarden = 3013;
slash = 3010;
slash-nemoti = 3016;
kestra = 3018;
outline = 3019;
authentik = 3023;
# Home automation
homarr = 7575;
# DNS
adguardhome = 53;
};
hostOverrides = {
# Host-specific overrides
m3-ares = {
# Any custom port overrides for m3-ares
};
m3-atlas = {
# Any custom port overrides for m3-atlas
};
m3-helios = {
# Any custom port overrides for m3-helios
};
m3-kratos = {
# Any custom port overrides for m3-kratos
};
};
};
environment.etc."info/all-ports.json" = {
text = builtins.toJSON {
hostname = config.networking.hostName;
ports = config.m3ta.ports.all; # TODO should only return actually used ports
};
};
}
hosts/common/users/default.nix
+3
View File
@@ -0,0 +1,3 @@
{
imports = [./m3tam3re.nix];
}
hosts/common/users/m3tam3re.nix
+33
View File
@@ -0,0 +1,33 @@
{
config,
pkgs,
inputs,
...
}: {
users.users.m3tam3re = {
#initialHashedPassword = "$y$j9T$IoChbWGYRh.rKfmm0G86X0$bYgsWqDRkvX.EBzJTX.Z0RsTlwspADpvEF3QErNyCMC";
password = "12345";
isNormalUser = true;
description = "m3tam3re";
extraGroups = [
"wheel"
"networkmanager"
"libvirtd"
"flatpak"
"audio"
"video"
"plugdev"
"input"
"kvm"
"qemu-libvirtd"
"adbusers"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZcjCKl0DRuOUOMXbM0GKY5JjvmyFpVZ/tRlTKWu/zp razr"
];
packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default];
};
home-manager.users.m3tam3re =
import ../../../home/m3tam3re/${config.networking.hostName}.nix;
}
hosts/m3-aether/configuration.nix
+111
View File
@@ -0,0 +1,111 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-helios"; # Define your hostname.
networking.hostId = "3ebf1cd3";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.fstrim = {
enable = true; # For SSD/thin-provisioned storage
interval = "weekly";
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-aether/default.nix
+50
View File
@@ -0,0 +1,50 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}
hosts/m3-aether/disko-config.nix
+39
View File
@@ -0,0 +1,39 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}
hosts/m3-aether/hardware-configuration.nix
+24
View File
@@ -0,0 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
hosts/m3-aether/programs.nix
+14
View File
@@ -0,0 +1,14 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-aether/secrets.nix
+15
View File
@@ -0,0 +1,15 @@
{
age = {
secrets = {
traefik = {
file = ../../secrets/traefik.age;
mode = "770";
owner = "traefik";
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-aether/services/cloud-init.nix
+7
View File
@@ -0,0 +1,7 @@
{
services.cloud-init = {
enable = true;
ext4.enable = true;
network.enable = true;
};
}
hosts/m3-aether/services/default.nix
+5
View File
@@ -0,0 +1,5 @@
{
imports = [
./cloud-init.nix
];
}
hosts/m3-ares/configuration.nix
+133
View File
@@ -0,0 +1,133 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
specialisation = {
"NVIDIA".configuration = {
system.nixos.tags = ["NVIDIA"];
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia-container-toolkit.enable = true;
};
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.initrd.services.lvm.enable = false;
# boot.kernelModules = [];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_msrs=1
'';
boot.blacklistedKernelModules = ["nova_core"];
# CRITICAL FIX #4: Kernel parameters to prevent nouveau from loading early
networking.hostName = "m3-ares"; # Define your hostname.
# warp-terminal update fix
# networking.extraHosts = ''
# 127.0.0.1 releases.warp.dev
# 127.0.0.1 app.warp.dev
# '';
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# displayManager.gdm.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
};
services.fstrim.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-ares/default.nix
+51
View File
@@ -0,0 +1,51 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./hardware.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = true;
podman.enable = true;
virtualisation.enable = true;
};
}
hosts/m3-ares/hardware-configuration.nix
+73
View File
@@ -0,0 +1,73 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "ahci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.supportedFilesystems = ["nfs"];
fileSystems."/" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4811-EA6E";
fsType = "vfat";
};
fileSystems."/opt" = {
device = "/dev/disk/by-uuid/3574df3a-2a90-4b54-9c21-128f1d01ff8f";
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
};
fileSystems."/mnt/skynet-bkg" = {
device = "192.168.1.100:/volume3/bkg";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
fileSystems."/mnt/skynet" = {
device = "192.168.1.100:/volume3/m3-skynet";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp46s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}
hosts/m3-ares/hardware.nix
+58
View File
@@ -0,0 +1,58 @@
{
config,
pkgs,
inputs,
...
}: {
# Workaround for tuxedo-drivers module bug in unstable (nixpkgs#480391)
# The unstable module has a type error - use stable module until fix propagates
# disabledModules = [ "hardware/tuxedo-drivers.nix" ];
# imports =
# [ "${inputs.nixpkgs-stable}/nixos/modules/hardware/tuxedo-drivers.nix" ];
hardware.nvidia = {
prime = {
offload.enable = false;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
modesetting.enable = true;
powerManagement.finegrained = false;
powerManagement.enable = true;
open = false;
dynamicBoost.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.production;
};
hardware.tuxedo-drivers.enable = true;
hardware.bluetooth.enable = true;
hardware.keyboard.zsa.enable = true;
hardware.graphics.enable = true;
services.hardware.bolt.enable = true;
services.auto-cpufreq.enable = true;
services.tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 75;
STOP_CHARGE_THRESH_BAT0 = 80;
};
};
environment.systemPackages = with pkgs; [tuxedo-backlight];
security.sudo.extraRules = [
{
users = ["@wheel"];
commands = [
{
command = "/run/current-system/sw/bin/set-backlight";
options = ["NOPASSWD"];
}
];
}
];
}
hosts/m3-ares/programs.nix
+45
View File
@@ -0,0 +1,45 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession = {
enable = true;
args = [
"-W 1920"
"-H 1080"
];
};
};
programs.gamescope = {
enable = true;
capSysNice = true;
};
programs.fish.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs; [thunar-archive-plugin thunar-volman];
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
settings = {default-cache-ttl = 10800;};
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-ares/secrets.nix
+55
View File
@@ -0,0 +1,55 @@
{
age = {
secrets = {
anytype-key = {
file = ../../secrets/anytype-key-ares.age;
owner = "m3tam3re";
};
wg-DE = {
file = ../../secrets/wg-DE.age;
path = "/etc/wireguard/DE.conf";
};
wg-NL = {
file = ../../secrets/wg-NL.age;
path = "/etc/wireguard/NL.conf";
};
wg-NO = {
file = ../../secrets/wg-NO.age;
path = "/etc/wireguard/NO.conf";
};
wg-US = {
file = ../../secrets/wg-US.age;
path = "/etc/wireguard/US.conf";
};
wg-BR = {
file = ../../secrets/wg-BR.age;
path = "/etc/wireguard/BR.conf";
};
ref-key = {
file = ../../secrets/ref-key.age;
owner = "m3tam3re";
};
exa-key = {
file = ../../secrets/exa-key.age;
owner = "m3tam3re";
};
outline-key = {
file = ../../secrets/outline-key.age;
owner = "m3tam3re";
};
basecamp-client-id = {
file = ../../secrets/basecamp-client-id.age;
owner = "m3tam3re";
};
basecamp-client-secret = {
file = ../../secrets/basecamp-client-secret.age;
owner = "m3tam3re";
};
tailscale-key.file = ../../secrets/tailscale-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-ares/services/containers/default.nix
+4
View File
@@ -0,0 +1,4 @@
{
imports = [
];
}
hosts/m3-ares/services/default.nix
+52
View File
@@ -0,0 +1,52 @@
{pkgs, ...}: {
imports = [
./containers
./netbird.nix
#./n8n.nix
./mem0.nix
./postgres.nix
./restic.nix
./sound.nix
./udev.nix
./wireguard.nix
];
# console.useXkbConfig = true;
# services.xserver.xkb = {
# layout = "de,us";
# options = "ctrl:nocaps";
# };
# optional, falls du auch die TTY-Konsole deutsch willst:
services = {
hypridle.enable = true;
espanso = {
enable = true;
package = pkgs.espanso-wayland;
};
printing.enable = true;
gvfs.enable = true;
trezord.enable = true;
gnome.gnome-keyring.enable = true;
qdrant.enable = true;
# qdrant = {
# enable = true;
# settings = {
# service = {
# host = "0.0.0.0";
# };
# };
# };
upower.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
addresses = true;
workstation = true;
userServices = true;
};
};
displayManager.gdm.enable = true;
};
}
hosts/m3-ares/services/mem0.nix
+23
View File
@@ -0,0 +1,23 @@
{
m3ta.mem0 = {
enable = true;
port = 8000;
host = "127.0.0.1";
# LLM Configuration
llm = {
provider = "openai";
apiKeyFile = "/var/lib/mem0/openai-api-key-1"; # Use agenix or sops-nix
};
# Vector Storage Configuration
vectorStore = {
provider = "qdrant"; # or "chroma", "pinecone", etc.
config = {
host = "localhost";
port = 6333;
collection_name = "mem0_alice";
};
};
};
}
hosts/m3-ares/services/n8n.nix
+11
View File
@@ -0,0 +1,11 @@
{
services.n8n = {
enable = true;
openFirewall = true;
};
systemd.services.n8n = {
environment = {
N8N_SECURE_COOKIE = "false";
};
};
}
hosts/m3-ares/services/netbird.nix
+29
View File
@@ -0,0 +1,29 @@
{pkgs, ...}: {
services.netbird.enable = true;
environment.systemPackages = with pkgs; [netbird-ui];
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}
hosts/m3-ares/services/postgres.nix
+25
View File
@@ -0,0 +1,25 @@
{
pkgs,
...
}: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
extensions = with pkgs.postgresql17Packages; [
pgvector
];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.88.0.0/16 trust
host all all 19.89.0.0/16 trust
'';
initialScript = pkgs.writeText "initialScript.sql" ''
CREATE USER n8n WITH PASSWORD 'n8n';
CREATE DATABASE n8n;
GRANT ALL PRIVILEGES ON DATABASE n8n TO n8n;
'';
};
}
hosts/m3-ares/services/restic.nix
+25
View File
@@ -0,0 +1,25 @@
{
services.restic.backups = {
skynet = {
repository = "/mnt/skynet-bkg/m3-nix";
passwordFile = "/etc/nixos/restic-pass";
initialize = true;
paths = ["/home/m3tam3re"];
exclude = [
"/home/m3tam3re/.cache"
"/home/m3tam3re/Bilder/"
"/home/m3tam3re/Videos/"
"/home/m3tam3re/Downloads"
"/home/m3tam3re/Library"
"/home/m3tam3re/Projekte"
"/home/m3tam3re/Sync"
"/home/m3tam3re/.local/share/Trash"
];
timerConfig = {
OnCalendar = "09:30";
RandomizedDelaySec = "2h";
Persistent = true;
};
};
};
}
hosts/m3-ares/services/sound.nix
+11
View File
@@ -0,0 +1,11 @@
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = false;
wireplumber.enable = true;
};
}
hosts/m3-ares/services/udev.nix
+9
View File
@@ -0,0 +1,9 @@
{pkgs, ...}: {
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE="0666"
SUBSYSTEM=="leds", KERNEL=="rgb:kbd_backlight*", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/leds/%k/multi_intensity"
'';
environment.systemPackages = with pkgs; [
zsa-udev-rules
];
}
hosts/m3-ares/services/wireguard.nix
+25
View File
@@ -0,0 +1,25 @@
{config, ...}: {
networking.wg-quick.interfaces = {
DE = {
configFile = config.age.secrets.wg-DE.path;
autostart = false;
};
NL = {
configFile = config.age.secrets.wg-NL.path;
autostart = false;
};
NO = {
configFile = config.age.secrets.wg-NO.path;
autostart = false;
};
US = {
configFile = config.age.secrets.wg-US.path;
autostart = false;
};
BR = {
configFile = config.age.secrets.wg-BR.path;
autostart = false;
};
};
services.resolved.enable = true;
}
hosts/m3-atlas/configuration.nix
+112
View File
@@ -0,0 +1,112 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-atlas"; # CHANGE ME.
networking.hostId = "15b60253"; # CHANGE ME
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
};
# [[Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-atlas/default.nix
+50
View File
@@ -0,0 +1,50 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = false;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}
hosts/m3-atlas/disko-config.nix
+39
View File
@@ -0,0 +1,39 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/vda"; # CHANGE ME
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}
hosts/m3-atlas/hardware-configuration.nix
+31
View File
@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
fileSystems."/var/storage" = {
device = "46.38.248.210:/voln723044a1";
fsType = "nfs";
};
}
hosts/m3-atlas/programs.nix
+14
View File
@@ -0,0 +1,14 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-atlas/secrets.nix
+70
View File
@@ -0,0 +1,70 @@
{
age = {
secrets = {
baserow-env = {file = ../../secrets/baserow-env.age;};
ghost-env = {file = ../../secrets/ghost-env.age;};
kestra-config = {
file = ../../secrets/kestra-config.age;
mode = "644";
};
kestra-env = {file = ../../secrets/kestra-env.age;};
littlelink-m3tam3re = {file = ../../secrets/littlelink-m3tam3re.age;};
minio-root-cred = {file = ../../secrets/minio-root-cred.age;};
n8n-env = {file = ../../secrets/n8n-env.age;};
netbird-auth-secret = {
file = ../../secrets/netbird-auth-secret.age;
};
netbird-db-password = {
file = ../../secrets/netbird-db-password.age;
};
netbird-encryption-key = {
file = ../../secrets/netbird-encryption-key.age;
};
netbird-dashboard-env = {
file = ../../secrets/netbird-dashboard-env.age;
};
netbird-server-env = {
file = ../../secrets/netbird-server-env.age;
};
netbird-proxy-env = {
file = ../../secrets/netbird-proxy-env.age;
};
paperless-key = {file = ../../secrets/paperless-key.age;};
restreamer-env = {file = ../../secrets/restreamer-env.age;};
searx = {file = ../../secrets/searx.age;};
tailscale-key = {file = ../../secrets/tailscale-key.age;};
traefik = {
file = ../../secrets/traefik.age;
owner = "traefik";
};
vaultwarden-env = {file = ../../secrets/vaultwarden-env.age;};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
gitea-runner-token = {
file = ../../secrets/gitea-runner-token.age;
mode = "600";
owner = "gitea-runner";
group = "gitea-runner";
};
ref-key = {
file = ../../secrets/ref-key.age;
owner = "m3tam3re";
};
exa-key = {
file = ../../secrets/exa-key.age;
owner = "m3tam3re";
};
basecamp-client-id = {
file = ../../secrets/basecamp-client-id.age;
owner = "m3tam3re";
};
basecamp-client-secret = {
file = ../../secrets/basecamp-client-secret.age;
owner = "m3tam3re";
};
authentik-env = {file = ../../secrets/authentik-env.age;};
};
};
}
hosts/m3-atlas/services/containers/AGENTS.md
+85
View File
@@ -0,0 +1,85 @@
# CONTAINER SERVICES (m3-atlas)
**Container orchestration with Podman + Traefik reverse proxy**
## OVERVIEW
11 containerized services on dedicated `web` network (10.89.0.0/24) with Traefik SSL termination.
## STRUCTURE
```
containers/
├── default.nix # Network setup + service imports
├── baserow.nix # 10.89.0.10 - No-code database
├── ghost.nix # 10.89.0.11 - Blog platform
├── kestra.nix # 10.89.0.12 - Workflow orchestration
├── littlelink.nix # 10.89.0.13 - Link aggregator
├── matomo.nix # 10.89.0.14 - Analytics
├── restreamer.nix # 10.89.0.15 - Video streaming
├── slash.nix # 10.89.0.16 - Link shortener
└── slash-nemoti.nix # 10.89.0.17 - Personal link shortener
```
## WHERE TO LOOK
| Task | Action | Notes |
|------|--------|-------|
| Add container | Copy existing .nix, increment IP | Must update default.nix imports |
| Fix networking | Check IP conflicts in 10.89.0.0/24 | Gateway always 10.89.0.1 |
| Debug Traefik | Check router rules in service file | Domain must match DNS |
| Access database | Use `--add-host=mysql:10.89.0.1` | Gateway IP for host services |
## CONVENTIONS
### Container Definition Template
```nix
virtualisation.oci-containers.containers.<name> = {
image = "registry/image:tag";
ports = ["127.0.0.1:<external>:<internal>"];
volumes = ["/var/lib/<service>:/data"];
environmentFiles = [config.age.secrets.<name>-env.path];
extraOptions = [
"--network=web"
"--ip=10.89.0.<sequential>"
"--add-host=mysql:10.89.0.1" # If DB needed
];
};
```
### Traefik Integration
```nix
services.traefik.dynamicConfigOptions.http = {
services.<name>.loadBalancer.servers = [{
url = "http://127.0.0.1:<port>";
}];
routers.<name> = {
rule = "Host(`<subdomain>.m3ta.dev`)";
service = "<name>";
tls.certResolver = "godaddy";
};
# Legacy redirect (if needed)
routers.<name>-old = {
rule = "Host(`<subdomain>.m3tam3re.com`)";
service = "<name>";
middlewares = ["redirect-m3ta"];
};
};
```
### IP Allocation
- **10.89.0.1**: Gateway (host)
- **10.89.0.10-17**: Assigned containers
- **10.89.0.18+**: Available for new services
## ANTI-PATTERNS
- **DON'T** expose ports publicly - bind to 127.0.0.1 only
- **DON'T** skip static IP assignment - routing breaks without it
- **DON'T** hardcode secrets - use age-encrypted env files
- **DON'T** forget to add imports to default.nix
## NOTES
- Network created via activation script in default.nix
- All services behind Traefik - no direct external access
- MySQL/PostgreSQL run on host, accessed via gateway IP
- Secrets pattern: `<service>-env.age` with environment variables
hosts/m3-atlas/services/containers/authentik.nix
+67
View File
@@ -0,0 +1,67 @@
{config, ...}: let
image = "ghcr.io/goauthentik/server:2026.2.0";
serverIp = "10.89.0.22";
workerIp = "10.89.0.23";
postgresHost = "10.89.0.1";
postgresPort = config.m3ta.ports.get "postgres";
authentikPort = config.m3ta.ports.get "authentik";
sharedEnv = {
AUTHENTIK_POSTGRESQL__HOST = postgresHost;
AUTHENTIK_POSTGRESQL__PORT = toString postgresPort;
AUTHENTIK_POSTGRESQL__USER = "authentik";
AUTHENTIK_POSTGRESQL__NAME = "authentik";
};
in {
virtualisation.oci-containers.containers = {
"authentik-server" = {
inherit image;
cmd = ["server"];
environment = sharedEnv;
environmentFiles = [config.age.secrets.authentik-env.path];
ports = ["127.0.0.1:${toString authentikPort}:9000"];
volumes = [
"authentik_media:/media"
"authentik_templates:/templates"
];
extraOptions = [
"--add-host=postgres:${postgresHost}"
"--ip=${serverIp}"
"--network=web"
];
};
"authentik-worker" = {
inherit image;
cmd = ["worker"];
user = "root";
environment = sharedEnv;
environmentFiles = [config.age.secrets.authentik-env.path];
volumes = [
"authentik_media:/media"
"authentik_certs:/certs"
"authentik_templates:/templates"
];
extraOptions = [
"--add-host=postgres:${postgresHost}"
"--ip=${workerIp}"
"--network=web"
];
};
};
services.traefik.dynamicConfigOptions.http = {
services.authentik.loadBalancer.servers = [
{url = "http://localhost:${toString authentikPort}/";}
];
routers.authentik = {
rule = "Host(`auth.m3ta.dev`)";
tls = {certResolver = "godaddy";};
service = "authentik";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/containers/baserow.nix
+35
View File
@@ -0,0 +1,35 @@
{config, ...}: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:2.0.6";
environmentFiles = [config.age.secrets.baserow-env.path];
ports = ["127.0.0.1:${toString (config.m3ta.ports.get "baserow")}:80"];
volumes = ["baserow_data:/baserow/data"];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"];
};
# Traefik configuration specific to baserow
services.traefik.dynamicConfigOptions.http = {
services.baserow.loadBalancer.servers = [
{
url = "http://localhost:${toString (config.m3ta.ports.get "baserow")}/";
}
];
routers.baserow = {
rule = "Host(`br.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "baserow";
entrypoints = "websecure";
};
routers.baserow-old = {
rule = "Host(`br.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "baserow";
entrypoints = "websecure";
middlewares = ["subdomain-redirect"];
};
};
}
hosts/m3-atlas/services/containers/default.nix
+21
View File
@@ -0,0 +1,21 @@
{lib, ...}: {
imports = [
./baserow.nix
./ghost.nix
./kestra.nix
./littlelink.nix
./matomo.nix
./netbird.nix
# ./n8n.nix
# ./pangolin.nix
./restreamer.nix
./slash.nix
./slash-nemoti.nix
./authentik.nix
];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
if ! /run/current-system/sw/bin/podman network exists web; then
/run/current-system/sw/bin/podman network create web --subnet=10.89.0.0/24 --internal
fi
'';
}
hosts/m3-atlas/services/containers/ghost.nix
+37
View File
@@ -0,0 +1,37 @@
{config, ...}: {
virtualisation.oci-containers.containers."ghost" = {
image = "docker.io/ghost:latest";
environmentFiles = [config.age.secrets.ghost-env.path];
ports = ["127.0.0.1:3002:2368"];
volumes = ["ghost_data:/var/lib/ghost/content"];
extraOptions = ["--add-host=mysql:10.89.0.1" "--ip=10.89.0.11" "--network=web"];
};
# Traefik configuration specific to ghost
services.traefik.dynamicConfigOptions.http = {
services.ghost.loadBalancer.servers = [
{
url = "http://localhost:3002/";
}
];
routers = {
ghost = {
rule = "Host(`m3ta.dev`) || Host(`www.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "ghost";
entrypoints = "websecure";
middlewares = ["strip-www"];
};
ghost-old = {
rule = "Host(`www.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "ghost";
entrypoints = "websecure";
middlewares = ["domain-redirect"];
};
};
};
}
hosts/m3-atlas/services/containers/kestra.nix
+34
View File
@@ -0,0 +1,34 @@
{ config, ... }: {
virtualisation.oci-containers.containers."kestra" = {
image = "docker.io/kestra/kestra:latest";
environmentFiles = [ config.age.secrets.kestra-env.path ];
cmd = [ "server" "standalone" "--config" "/etc/config/application.yaml"];
ports = [ "127.0.0.1:3018:8080" ];
user = "root";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${config.age.secrets.kestra-config.path}:/etc/config/application.yaml"
"kestra_data:/app/storage"
"/tmp/kestra-wd:/tmp/kestra-wd"
];
extraOptions =
[ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.18" "--network=web" ];
};
systemd.tmpfiles.rules = [
"d /tmp/kestra-wd 0750 1000 1000 - -"
];
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.kestra.loadBalancer.servers =
[{ url = "http://localhost:3018/"; }];
routers.kestra = {
rule = "Host(`k.m3ta.dev`)";
tls = { certResolver = "godaddy"; };
service = "kestra";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/containers/littlelink.nix
+25
View File
@@ -0,0 +1,25 @@
{config, ...}: {
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
image = "ghcr.io/techno-tim/littlelink-server";
environmentFiles = [config.age.secrets.littlelink-m3tam3re.path];
ports = ["127.0.0.1:3004:3000"];
extraOptions = ["--ip=10.89.0.4" "--network=web"];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.littlelink-m3tam3re.loadBalancer.servers = [
{
url = "http://localhost:3004/";
}
];
routers.littlelink-m3tam3re = {
rule = "Host(`links.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "littlelink-m3tam3re";
entrypoints = "websecure";
};
};
}

Some files were not shown because too many files have changed in this diff Show More