pluie.me / flake
All my system configs and packages in one repo
fork atom

stuff

pluie.me f979753b b7956228

verified
+256 -92
unified split
-1
modules/hjem-ctp/default.nix
··· 19 19 ./eza.nix 20 20 ./fcitx5.nix 21 21 ./fish.nix 22 - ./fuzzel.nix 23 22 ./vencord.nix 24 23 ./wleave.nix 25 24 ];
+2 -3
modules/hjem-ctp/eza.nix
··· 1 - 2 - # Catppuccin theme for Fuzzel 1 + # Catppuccin theme for Eza 3 2 { 4 3 config, 5 4 ctp-lib, ··· 8 7 ... 9 8 }: 10 9 let 11 - cfg = config.ctp.fuzzel; 10 + cfg = config.ctp.eza; 12 11 13 12 src = pkgs.fetchFromGitHub { 14 13 owner = "catppuccin";
-26
modules/hjem-ctp/fuzzel.nix
··· 1 - # Catppuccin theme for Fuzzel 2 - { 3 - config, 4 - ctp-lib, 5 - lib, 6 - pkgs, 7 - ... 8 - }: 9 - let 10 - cfg = config.ctp.fuzzel; 11 - 12 - src = pkgs.fetchFromGitHub { 13 - owner = "catppuccin"; 14 - repo = "fuzzel"; 15 - rev = "0af0e26901b60ada4b20522df739f032797b07c3"; 16 - hash = "sha256-XpItMGsYq4XvLT+7OJ9YRILfd/9RG1GMuO6J4hSGepg="; 17 - }; 18 - in 19 - { 20 - options.ctp.fuzzel = ctp-lib.mkCatppuccinOptions "Fuzzel" { withAccent = true; }; 21 - 22 - config = lib.mkIf cfg.enable { 23 - rum.programs.fuzzel.settings.main.include = 24 - "${src}/themes/catppuccin-${cfg.flavor}/${cfg.accent}.ini"; 25 - }; 26 - }
+1
modules/hjem-ext/default.nix
··· 6 6 ./programs/swaylock.nix 7 7 ./programs/swayosd.nix 8 8 ./programs/vesktop.nix 9 + ./programs/vicinae.nix 9 10 ]; 10 11 }
+4 -4
modules/hjem-ext/programs/jujutsu.nix
··· 12 12 options.ext.programs.jujutsu = { 13 13 enable = lib.mkEnableOption "Jujutsu"; 14 14 package = lib.mkPackageOption pkgs "jujutsu" { }; 15 - 16 15 settings = lib.mkOption { 17 16 type = lib.types.submodule { 18 17 freeformType = format.type; ··· 23 22 24 23 config = lib.mkIf cfg.enable { 25 24 packages = [ cfg.package ]; 26 - xdg.config.files."jj/config.toml".source = lib.mkIf (cfg.settings != { }) ( 27 - format.generate "jj-config.toml" cfg.settings 28 - ); 25 + xdg.config.files."jj/config.toml" = lib.mkIf (cfg.settings != { }) { 26 + generator = format.generate "jj-config.toml"; 27 + value = cfg.settings; 28 + }; 29 29 }; 30 30 }
+15 -9
modules/hjem-ext/programs/vesktop.nix
··· 65 65 ]) 66 66 ]; 67 67 68 - xdg.config.files = { 69 - "vesktop/settings.json".source = format.generate "vesktop-settings.json" cfg.settings; 70 - } 71 - // lib.optionalAttrs cfg.vencord.enable { 72 - "vesktop/settings/settings.json".source = 73 - format.generate "vencord-settings.json" cfg.vencord.settings; 74 - 75 - "vesktop/settings/quickCss.css".text = cfg.vencord.css; 76 - }; 68 + xdg.config.files = lib.mkMerge [ 69 + { 70 + "vesktop/settings.json" = lib.mkIf (cfg.settings != { }) { 71 + generator = format.generate "vesktop-settings.json"; 72 + value = cfg.settings; 73 + }; 74 + } 75 + (lib.mkIf cfg.vencord.enable { 76 + "vesktop/settings/settings.json" = lib.mkIf (cfg.vencord.settings != { }) { 77 + generator = format.generate "vencord-settings.json"; 78 + value = cfg.vencord.settings; 79 + }; 80 + "vesktop/settings/quickCss.css".text = lib.mkIf (cfg.vencord.css != "") cfg.vencord.css; 81 + }) 82 + ]; 77 83 }; 78 84 }
+32
modules/hjem-ext/programs/vicinae.nix
··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + let 8 + cfg = config.ext.programs.vicinae; 9 + format = pkgs.formats.json { }; 10 + in 11 + { 12 + options.ext.programs.vicinae = { 13 + enable = lib.mkEnableOption "Vicinae"; 14 + package = lib.mkPackageOption pkgs "vicinae" { }; 15 + 16 + settings = lib.mkOption { 17 + inherit (format) type; 18 + description = '' 19 + Configuration written to {file}`$XDG_CONFIG_HOME/vicinae/vicinae.json`. 20 + ''; 21 + default = { }; 22 + }; 23 + }; 24 + 25 + config = lib.mkIf cfg.enable { 26 + packages = [ cfg.package ]; 27 + xdg.config.files."vicinae/vicinae.json" = { 28 + generator = format.generate "vicinae.json"; 29 + value = cfg.settings; 30 + }; 31 + }; 32 + }
+96
modules/nixos/hysteria.nix
··· 1 + # Copied from https://github.com/NixOS/nixpkgs/pull/307601 2 + { 3 + config, 4 + lib, 5 + pkgs, 6 + utils, 7 + ... 8 + }: 9 + let 10 + cfg = config.services.hysteria; 11 + settingsFormat = pkgs.formats.json { }; 12 + in 13 + { 14 + options.services.hysteria = { 15 + enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy"; 16 + 17 + package = lib.mkPackageOption pkgs "hysteria" { }; 18 + 19 + mode = lib.mkOption { 20 + type = lib.types.enum [ 21 + "server" 22 + "client" 23 + ]; 24 + default = "server"; 25 + description = "Whether to use Hysteria as a client or a server."; 26 + }; 27 + 28 + settings = lib.mkOption { 29 + type = lib.types.submodule { freeformType = settingsFormat.type; }; 30 + default = { }; 31 + description = '' 32 + The Hysteria configuration, see https://hysteria.network/ for documentation. 33 + 34 + Options containing secret data should be set to an attribute set 35 + containing the attribute `_secret` - a string pointing to a file 36 + containing the value the option should be set to. 37 + ''; 38 + }; 39 + }; 40 + config = lib.mkIf cfg.enable { 41 + systemd.services.hysteria = { 42 + description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy."; 43 + documentation = [ "https://hysteria.network/" ]; 44 + wantedBy = [ "multi-user.target" ]; 45 + after = [ "network-online.target" ]; 46 + wants = [ "network-online.target" ]; 47 + preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/var/lib/hysteria/config.json"; 48 + serviceConfig = { 49 + ExecStart = lib.concatStringsSep " " [ 50 + (lib.getExe cfg.package) 51 + cfg.mode 52 + "--disable-update-check" 53 + "--config /var/lib/hysteria/config.json" 54 + ]; 55 + 56 + StateDirectory = "hysteria"; 57 + WorkingDirectory = "/var/lib/hysteria"; 58 + 59 + ### Hardening 60 + AmbientCapabilities = [ 61 + "CAP_NET_ADMIN" 62 + "CAP_NET_BIND_SERVICE" 63 + "CAP_NET_RAW" 64 + ]; 65 + CapabilityBoundingSet = [ 66 + "CAP_NET_ADMIN" 67 + "CAP_NET_BIND_SERVICE" 68 + "CAP_NET_RAW" 69 + ]; 70 + NoNewPrivileges = true; 71 + PrivateMounts = true; 72 + PrivateTmp = true; 73 + ProcSubset = "pid"; 74 + ProtectClock = true; 75 + ProtectControlGroups = true; 76 + ProtectHome = true; 77 + ProtectHostname = true; 78 + ProtectKernelLogs = true; 79 + ProtectKernelModules = true; 80 + ProtectKernelTunables = true; 81 + ProtectProc = "invisible"; 82 + ProtectSystem = "strict"; 83 + RestrictRealtime = true; 84 + RestrictSUIDSGID = true; 85 + RestrictNamespaces = true; 86 + SystemCallArchitectures = "native"; 87 + SystemCallFilter = "@system-service"; 88 + UMask = "0077"; 89 + 90 + # More perf 91 + CPUSchedulingPolicy = "rr"; 92 + CPUSchedulingPriority = 99; 93 + }; 94 + }; 95 + }; 96 + }
+12 -3
overlay.nix
··· 1 1 # May lord have mercy on my soul 2 - _: prev: { 2 + final: prev: { 3 3 jujutsu = prev.jujutsu.overrideAttrs { 4 4 patches = (prev.patches or [ ]) ++ [ 5 5 # HACK: I am so sick and tired of not being able to push to Nixpkgs 6 6 # because some edgy fucking idiot thought that it's a good idea to not 7 7 # specify an email address in a commit 8 - # 8 + # 9 9 # See https://github.com/NixOS/nixpkgs/pull/453871 10 - # See https://github.com/jj-vcs/jj/issues/5723 10 + # See https://github.com/jj-vcs/jj/issues/5723 11 11 (prev.fetchpatch2 { 12 12 url = "https://github.com/pluiedev/jj/commit/daa88d4dd485ed0c188023d2af8f811fd4db4a14.patch"; 13 13 hash = "sha256-F8fp+LXQwuFVVVnYHJAEaQ9dFr6z9tdCkmcKDC39mM8="; ··· 15 15 ]; 16 16 doCheck = false; 17 17 }; 18 + 19 + # TODO: Remove when nixpkgs#473189 is available in unstable 20 + vicinae = final.runCommand "vicinae-patched" { } '' 21 + mkdir -p $out 22 + cp -r ${prev.vicinae}/* $out 23 + substituteInPlace $out/share/systemd/user/vicinae.service \ 24 + --replace-fail "/bin/kill" "${final.lib.getExe' final.coreutils "kill"}" \ 25 + --replace-fail "vicinae" "$out/bin/vicinae" 26 + ''; 18 27 }
+1 -10
systems/common.nix
··· 71 71 algorithm = "zstd"; 72 72 }; 73 73 74 - system = { 75 - # thanks to @getchoo 76 - autoUpgrade = { 77 - enable = true; 78 - flake = "git+https://tangled.sh/@pluie.me/flake#${config.networking.hostName}"; 79 - flags = [ "--refresh" ]; 80 - }; 81 - 82 - configurationRevision = inputs.self.rev or inputs.self.dirtyRev or "unknown-dirty"; 83 - }; 74 + system.configurationRevision = inputs.self.rev or inputs.self.dirtyRev or "unknown-dirty"; 84 75 }
+49 -5
systems/focaccia/default.nix
··· 1 1 { 2 + lib, 3 + utils, 2 4 ... 3 5 }: 6 + let 7 + settings = { 8 + 9 + }; 10 + in 4 11 { 5 12 imports = [ 6 13 ../common.nix 7 14 ./hardware-configuration.nix 8 15 ./networking.nix 16 + ../../modules/nixos/hysteria.nix 9 17 ]; 10 18 11 - networking.hostName = "focaccia"; 12 - networking.domain = ""; 19 + networking = { 20 + hostName = "focaccia"; 21 + domain = "pluie.me"; 22 + firewall = { 23 + allowedUDPPorts = [ 53 ]; 24 + allowedTCPPorts = [ 25 + 80 26 + 443 27 + ]; 28 + }; 29 + }; 13 30 14 31 users.users.leah = { 15 32 enable = true; ··· 26 43 }; 27 44 28 45 services.openssh = { 29 - enable = true; 30 - ports = [ 42069 ]; 31 - settings.PermitRootLogin = "prohibit-password"; 46 + enable = true; 47 + ports = [ 42069 ]; 48 + settings.PermitRootLogin = "prohibit-password"; 32 49 }; 33 50 34 51 programs.mosh = { ··· 39 56 users.users.root.openssh.authorizedKeys.keys = [ 40 57 ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz'' 41 58 ]; 59 + 60 + boot.kernel.sysctl = { 61 + "net.core.rmem_max" = 16777216; 62 + "net.core.wmem_max" = 16777216; 63 + }; 64 + 65 + services.hysteria = { 66 + enable = true; 67 + settings = { 68 + listen = ":53"; 69 + acme = { 70 + domains = [ "focaccia.pluie.me" ]; 71 + email = "srv@acc.pluie.me"; 72 + }; 73 + auth = { 74 + type = "password"; 75 + password._secret = "/var/lib/hysteria/passwd"; 76 + }; 77 + masquerade = { 78 + type = "proxy"; 79 + proxy = { 80 + url = "https://news.ycombinator.com/"; 81 + rewriteHost = true; 82 + }; 83 + }; 84 + }; 85 + }; 42 86 }
+1 -1
systems/laptop.nix
··· 15 15 nix.settings.extra-platforms = [ "aarch64-linux" ]; 16 16 17 17 boot = { 18 - kernelPackages = pkgs.linuxPackages_xanmod_latest; 18 + kernelPackages = pkgs.linuxPackages_xanmod; 19 19 20 20 loader = { 21 21 limine = {
+1
users/leah/appearance.nix
··· 39 39 ]; 40 40 41 41 ext.programs.moor.settings.style = "catppuccin-${flavor}"; 42 + ext.programs.vicinae.settings.theme = "catppuccin-${flavor}"; 42 43 }; 43 44 44 45 programs.vivid = {
+18 -3
users/leah/presets/niri/config.kdl
··· 131 131 place-within-backdrop true 132 132 } 133 133 134 - // Fuzzel 134 + // Fuzzel/Vicinae 135 135 layer-rule { 136 136 match namespace="launcher" 137 + match namespace="vicinae" 137 138 baba-is-float true 139 + 138 140 shadow { 139 141 on 140 142 } ··· 154 156 } 155 157 } 156 158 159 + // Allow terminal background to be transparent 157 160 window-rule { 158 161 match app-id="com.mitchellh.ghostty" 159 - // Allow terminal background to be transparent 162 + match title=r#"^Vicinae"# 160 163 draw-border-with-background false 161 164 } 162 165 ··· 175 178 176 179 // Suggested binds for running programs: terminal, app launcher, screen locker. 177 180 Mod+T repeat=false { spawn "ghostty" "+new-window"; } 178 - Super+D repeat=false { spawn "bash" "-c" "pkill fuzzel || fuzzel"; } 181 + Super+D repeat=false { spawn "vicinae" "toggle"; } 179 182 Super+Alt+L { spawn "swaylock"; } 180 183 181 184 XF86AudioRaiseVolume allow-when-locked=true { spawn "swayosd-client" "--output-volume=raise"; } ··· 355 358 window-rule { 356 359 match at-startup=true app-id="steam" 357 360 match app-id=r#"^steam_app_"# 361 + 358 362 open-on-workspace "gaming" 359 363 } 360 364 window-rule { ··· 363 367 // Never allow notifications steal focus 364 368 open-focused false 365 369 } 370 + 371 + debug { 372 + // Some apps are very naughty with xdg-activation. 373 + // Then again, the protocol isn't really well-designed in the first place. 374 + // 375 + // Hall of Shame: 376 + // - Telegram 377 + // - Discord 378 + // - 1Password 379 + honor-xdg-activation-with-invalid-serial 380 + }
+12 -24
users/leah/presets/niri/default.nix
··· 71 71 }; 72 72 }; 73 73 74 - rum.programs.fuzzel = { 74 + ext.programs.vicinae = { 75 75 enable = true; 76 - 77 - settings.main = { 78 - font = "Sans:size=14"; 79 - use-bold = true; 80 - show-actions = true; 81 - match-counter = true; 82 - 83 - # Make Fuzzel take on-demand focus 84 - keyboard-focus = "on-demand"; 85 - 86 - lines = 8; 87 - width = 35; 88 - y-margin = 8; 89 - horizontal-pad = 20; 90 - vertical-pad = 16; 91 - inner-pad = 8; 92 - anchor = "bottom"; 93 - layer = "top"; 94 - }; 95 - 96 - settings.border = { 97 - radius = 8; 98 - width = 2; 76 + settings = { 77 + closeOnFocusLoss = false; 78 + considerPreedit = true; 79 + font.size = 12; 80 + keybinding = "default"; 81 + popToRootOnClose = true; 82 + window = { 83 + csd = true; 84 + opacity = 0.85; 85 + rounding = 16; 86 + }; 99 87 }; 100 88 }; 101 89 };
+5 -1
users/leah/presets/niri/swayosd/default.nix
··· 27 27 systemd.services.swayosd-server = { 28 28 after = [ "graphical-session.target" ]; 29 29 wantedBy = [ "graphical-session.target" ]; 30 - serviceConfig.ExecStart = lib.getExe' swayosd "swayosd-server"; 31 30 restartTriggers = [ swayosd ]; 31 + serviceConfig = { 32 + ExecStart = lib.getExe' swayosd "swayosd-server"; 33 + Restart = "always"; 34 + RestartSec = 60; 35 + }; 32 36 }; 33 37 }; 34 38 }
+1 -2
users/leah/presets/niri/waybar/default.nix
··· 5 5 let 6 6 jsonFormat = pkgs.formats.json { }; 7 7 config = import ./config.nix args; 8 - configFile = jsonFormat.generate "waybar-config.jsonc" config; 9 8 in 10 9 { 11 10 hjem.users.leah = { ··· 14 13 15 14 xdg.config.files = { 16 15 "waybar/style.css".source = ./style.css; 17 - "waybar/config.jsonc".source = configFile; 16 + "waybar/config.jsonc".source = jsonFormat.generate "waybar-config.jsonc" config; 18 17 }; 19 18 }; 20 19 }
+6
users/leah/programs/default.nix
··· 1 1 { 2 + config, 2 3 inputs, 3 4 pkgs, 4 5 lib, ··· 39 40 fractal 40 41 papers 41 42 wechat 43 + 44 + (pkgs.makeAutostartItem { 45 + name = "throne"; 46 + inherit (config.programs.throne) package; 47 + }) 42 48 43 49 # Command-line apps 44 50 just