not initial commit

.github/workflows/build.yml

@@ -0,0 +1,28 @@
+name: Build & Push
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        host: ["othalan", "algiz"]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v25 # v25
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: DeterminateSystems/magic-nix-cache-action@v2
+      - uses: cachix/cachix-action@v14
+        with:
+          name: daylin
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+      - name: Build
+        run: nix build '.#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel'
+      - name: Push
+        env:
+          CACHIX_ACTIVATE_TOKEN: "${{ secrets.CACHIX_ACTIVATE_TOKEN }}"
+        run: cachix push daylin ./result

.gitignore

@@ -0,0 +1,2 @@
+result*
+.task.mk

README.md

@@ -0,0 +1,3 @@
+# daylin's nixcfg
+
+

flake.lock

@@ -0,0 +1,605 @@
+{
+  "nodes": {
+    "flake-compat": {
+      "locked": {
+        "lastModified": 1688025799,
+        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
+        "owner": "nix-community",
+        "repo": "flake-compat",
+        "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nixpkgs-wayland",
+          "nix-eval-jobs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1701473968,
+        "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "freetype2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1675923892,
+        "narHash": "sha256-dOm8VKYdclTLLkqWMLv7DQI0Qyjit7S4SOCszKEkG3o=",
+        "owner": "wez",
+        "repo": "freetype2",
+        "rev": "de8b92dd7ec634e9e2b25ef534c54a3537555c11",
+        "type": "github"
+      },
+      "original": {
+        "owner": "wez",
+        "repo": "freetype2",
+        "rev": "de8b92dd7ec634e9e2b25ef534c54a3537555c11",
+        "type": "github"
+      }
+    },
+    "harfbuzz": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1677798343,
+        "narHash": "sha256-Lsd0Vrkrv67CMyV0ZveShfjUvqh/jDhI8rAK9ps+SZQ=",
+        "owner": "harfbuzz",
+        "repo": "harfbuzz",
+        "rev": "60841e26187576bff477c1a09ee2ffe544844abc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "harfbuzz",
+        "repo": "harfbuzz",
+        "rev": "60841e26187576bff477c1a09ee2ffe544844abc",
+        "type": "github"
+      }
+    },
+    "hyprland": {
+      "inputs": {
+        "hyprland-protocols": "hyprland-protocols",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems",
+        "wlroots": "wlroots",
+        "xdph": "xdph"
+      },
+      "locked": {
+        "lastModified": 1705913207,
+        "narHash": "sha256-donM5hUaCylML0xwRZtH3SBSTBfdo7Ea3hJ+eiGZ/cI=",
+        "owner": "hyprwm",
+        "repo": "Hyprland",
+        "rev": "02b4a9bdede8ab0336e2e7ac52b39cab36208bb4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "ref": "main",
+        "repo": "Hyprland",
+        "type": "github"
+      }
+    },
+    "hyprland-contrib": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1705671586,
+        "narHash": "sha256-JOwVlSgwo2nqQRcArelrx/lK9OUoUxaXUQThQw1q8oA=",
+        "owner": "hyprwm",
+        "repo": "contrib",
+        "rev": "72a67d0f58d0ed44a20341fddb2bdfa33c2a2558",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "contrib",
+        "type": "github"
+      }
+    },
+    "hyprland-protocols": {
+      "inputs": {
+        "nixpkgs": [
+          "hyprland",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1691753796,
+        "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
+        "owner": "hyprwm",
+        "repo": "hyprland-protocols",
+        "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprland-protocols",
+        "type": "github"
+      }
+    },
+    "hyprlang": {
+      "inputs": {
+        "nixpkgs": [
+          "hyprland",
+          "xdph",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1704287638,
+        "narHash": "sha256-TuRXJGwtK440AXQNl5eiqmQqY4LZ/9+z/R7xC0ie3iA=",
+        "owner": "hyprwm",
+        "repo": "hyprlang",
+        "rev": "6624f2bb66d4d27975766e81f77174adbe58ec97",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprlang",
+        "type": "github"
+      }
+    },
+    "lib-aggregate": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1705838953,
+        "narHash": "sha256-bu00HScTFCapBq6r1U5QXPO7yDZhzNkGCbGfYKOHRDM=",
+        "owner": "nix-community",
+        "repo": "lib-aggregate",
+        "rev": "aca52761b7d82325fadfec11ea78e01fff8f06e8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "lib-aggregate",
+        "type": "github"
+      }
+    },
+    "libpng": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1549245649,
+        "narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
+        "owner": "glennrp",
+        "repo": "libpng",
+        "rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
+        "type": "github"
+      },
+      "original": {
+        "owner": "glennrp",
+        "repo": "libpng",
+        "rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
+        "type": "github"
+      }
+    },
+    "nix-eval-jobs": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": "nixpkgs_4",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1705242886,
+        "narHash": "sha256-TLj334vRwFtSym3m+NnKcNCnKKPNoTC/TDZL40vmOso=",
+        "owner": "nix-community",
+        "repo": "nix-eval-jobs",
+        "rev": "6b03a93296faf174b97546fd573c8b379f523a8d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-eval-jobs",
+        "type": "github"
+      }
+    },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-wayland",
+          "nix-eval-jobs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1701208414,
+        "narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1705856552,
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1705798119,
+        "narHash": "sha256-WPVKxYMcvGW/2X16pfF1ef05EQ0Ql5XPCxqoCDlQSrY=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "a26fc04e3d43acfa1dc52065a4ce39ca7a2ec91c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixpkgs-wayland": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "lib-aggregate": "lib-aggregate",
+        "nix-eval-jobs": "nix-eval-jobs",
+        "nixpkgs": "nixpkgs_5"
+      },
+      "locked": {
+        "lastModified": 1705947648,
+        "narHash": "sha256-evBiSypfVvyHSXLfXy621h1gfeQqk5ivnySK5VvvrcA=",
+        "owner": "nix-community",
+        "repo": "nixpkgs-wayland",
+        "rev": "01875294cf54755038d15ed61e3b657fdbede781",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs-wayland",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1705856552,
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1705856552,
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1703134684,
+        "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1705856552,
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_6": {
+      "locked": {
+        "lastModified": 1705883077,
+        "narHash": "sha256-ByzHHX3KxpU1+V0erFy8jpujTufimh6KaS/Iv3AciHk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5f5210aa20e343b7e35f40c033000db0ef80d7b9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "hyprland": "hyprland",
+        "hyprland-contrib": "hyprland-contrib",
+        "nixpkgs": "nixpkgs_3",
+        "nixpkgs-wayland": "nixpkgs-wayland",
+        "wezterm": "wezterm"
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": [
+          "wezterm",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "wezterm",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1705457855,
+        "narHash": "sha256-5cCHQtP/PEHK1YNTQyZN9v8ehpLTjc723ZSKAP3Tva8=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "a854609265af0e9f48c92e497679edf8fab9e690",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-wayland",
+          "nix-eval-jobs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1702979157,
+        "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "2961375283668d867e64129c22af532de8e77734",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "wezterm": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "freetype2": "freetype2",
+        "harfbuzz": "harfbuzz",
+        "libpng": "libpng",
+        "nixpkgs": "nixpkgs_6",
+        "rust-overlay": "rust-overlay",
+        "zlib": "zlib"
+      },
+      "locked": {
+        "dir": "nix",
+        "lastModified": 1705885335,
+        "narHash": "sha256-fH/fb+Bprm0SUhb0Z4An/3CykI3CUwxjqG0u3g9clnI=",
+        "owner": "wez",
+        "repo": "wezterm",
+        "rev": "76028ca15404c049866692b06411f654d544ce2b",
+        "type": "github"
+      },
+      "original": {
+        "dir": "nix",
+        "owner": "wez",
+        "repo": "wezterm",
+        "type": "github"
+      }
+    },
+    "wlroots": {
+      "flake": false,
+      "locked": {
+        "host": "gitlab.freedesktop.org",
+        "lastModified": 1703963193,
+        "narHash": "sha256-ke8drv6PTrdQDruWbajrRJffP9A9PU6FRyjJGNZRTs4=",
+        "owner": "wlroots",
+        "repo": "wlroots",
+        "rev": "f81c3d93cd6f61b20ae784297679283438def8df",
+        "type": "gitlab"
+      },
+      "original": {
+        "host": "gitlab.freedesktop.org",
+        "owner": "wlroots",
+        "repo": "wlroots",
+        "rev": "f81c3d93cd6f61b20ae784297679283438def8df",
+        "type": "gitlab"
+      }
+    },
+    "xdph": {
+      "inputs": {
+        "hyprland-protocols": [
+          "hyprland",
+          "hyprland-protocols"
+        ],
+        "hyprlang": "hyprlang",
+        "nixpkgs": [
+          "hyprland",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1704659450,
+        "narHash": "sha256-3lyoUVtUWz1LuxbltAtkJSK2IlVXmKhxCRU2/0PYCms=",
+        "owner": "hyprwm",
+        "repo": "xdg-desktop-portal-hyprland",
+        "rev": "6a5de92769d5b7038134044053f90e7458f6a197",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "xdg-desktop-portal-hyprland",
+        "type": "github"
+      }
+    },
+    "zlib": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1484501380,
+        "narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
+        "owner": "madler",
+        "repo": "zlib",
+        "rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "madler",
+        "repo": "zlib",
+        "rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,22 @@
+{
+  description = "daylinmorgan-nixcfg";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
+    hyprland.url = "github:hyprwm/Hyprland/main";
+    hyprland-contrib.url = "github:hyprwm/contrib";
+    wezterm.url = "github:wez/wezterm?dir=nix";
+  };
+
+  outputs = inputs @ {
+    self,
+    nixpkgs,
+    ...
+  }: let
+    lib = import ./lib {inherit inputs nixpkgs;};
+  in {
+    nixosModules = builtins.listToAttrs (lib.findModules ./modules);
+    nixosConfigurations = lib.mapHosts ./hosts;
+  };
+}

hosts/algiz/README.md

@@ -0,0 +1,21 @@
+sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
+sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys
+sudo -u git chmod 600 /home/git/.ssh/authorized_keys
+
+
+Should Look like this
+```
+# SSH pubkey from git user
+ssh-rsa <Gitea Host Key>
+
+# other keys from users
+command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <user pubkey>
+```
+
+
+Nixify this step....
+cat <<"EOF" | sudo tee /usr/local/bin/gitea
+#!/bin/sh
+ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
+EOF
+sudo chmod +x /usr/local/bin/gitea

hosts/algiz/default.nix

@@ -0,0 +1,48 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = with inputs.self.nixosModules; [
+    common
+    docker
+
+    # langs
+    nim
+    python
+  ];
+
+  environment.systemPackages = with pkgs; [
+    rclone
+  ];
+  # https://francis.begyn.be/blog/nixos-restic-backups
+  # TODO: parameterize to use on algiz AND othalan ...
+  services.restic.backups.gdrive = {
+    # directories created by gitea and soft-serve aren't world readable
+    user = "root";
+    rcloneConfigFile = "/home/daylin/.config/rclone/rclone.conf";
+    repository = "rclone:g:archives/algiz";
+    passwordFile = "/home/daylin/.config/restic/algiz-pass";
+    paths = ["/home/daylin/services/git/" "/home/daylin/services/gotosocial/" "home/daylin/services/caddy"];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  users.extraUsers = {
+    daylin = {
+      shell = pkgs.zsh;
+      isNormalUser = true;
+      extraGroups = ["wheel" "docker"];
+      useDefaultShell = true;
+      initialPassword = "nix";
+    };
+    git = {
+      isNormalUser = true;
+    };
+  };
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+}

hosts/algiz/hardware-configuration.nix

@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [];
+
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/eb6cbf1e-e4a7-4312-a1af-4f78ad9cf138";
+    fsType = "btrfs";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  virtualisation.hypervGuest.enable = true;
+}

hosts/algiz/rune

@@ -0,0 +1,16 @@
+
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⢠⣾⣦⡀⠀⠀⠀⣶⣶⠀⠀⠀⢀⣴⣷⡄⠀⠀⠀
+ ⠀⠀⠀⠀⠙⢿⣷⣄⠀⠀⣿⣿⠀⠀⣠⣾⡿⠋⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠙⢿⣷⣄⣿⣿⣠⣾⡿⠋⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

hosts/algiz/system.nix

@@ -0,0 +1,47 @@
+{...}: {
+  users.motd = builtins.readFile ./rune;
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 2 * 1024;
+    }
+  ];
+
+  services.resolved.enable = true;
+
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime = "24h";
+  };
+
+  time.timeZone = "America/Chicago";
+
+  networking.hostName = "algiz";
+  # # added to make using `pip install` work in docker build
+  # networking.nameservers = [ "8.8.8.8"];
+
+  # allow tcp connections for revsere proxy
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [80 443];
+  };
+
+  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;
+
+  users.mutableUsers = false;
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+}

hosts/mannaz/default.nix

@@ -0,0 +1,43 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = with inputs.self.nixosModules; [
+    ./hardware-configuration.nix
+    ./system.nix
+    ./motd.nix
+
+    cli
+    desktop
+    dev
+    gui
+    nix
+    nix-ld
+    nvim
+    virtualization
+  ];
+
+  environment.systemPackages = with pkgs; [
+    nix-output-monitor
+
+    (vivaldi.override {
+      proprietaryCodecs = true;
+      # enableWidevine = true;
+    })
+  ];
+
+  users = {
+    defaultUserShell = pkgs.zsh;
+    extraUsers = {
+      daylin = {
+        isNormalUser = true;
+        extraGroups = ["wheel" "docker" "networkmanager"];
+        useDefaultShell = true;
+        initialPassword = "nix";
+      };
+    };
+  };
+}

hosts/mannaz/hardware-configuration.nix

@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd" "wl"];
+  boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/47108030-bad4-431a-8fe3-0063accca466";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/3CD0-E384";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/115bc13a-9b09-4790-986c-ab3b434cde69";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp37s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/mannaz/motd.nix

@@ -0,0 +1,19 @@
+{...}: {
+  users.motd = ''
+    
+    ⠀⠀⢰⣶⣦⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣶⡆⠀⠀
+    ⠀⠀⢸⣿⡿⢿⣷⣦⣄⠀⠀⠀⠀⣀⣴⣾⡿⠿⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠈⠛⠿⣿⣶⣴⣿⠿⠛⠁⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⣀⣤⣶⣿⠟⠻⢿⣷⣤⣀⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⣷⣾⡿⠟⠉⠀⠀⠀⠀⠉⠛⢿⣷⣶⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢹⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀
+    ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠸⣿⡇⠀⠀
+    ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+  '';
+}

hosts/mannaz/system.nix

@@ -0,0 +1,96 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  # Use the systemd-boot EFI boot loader.
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+
+  # boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
+
+  # this device doesn't have enough ram :/
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 24 * 1024;
+    }
+  ];
+
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+    extraPackages = with pkgs; [
+      libGL
+    ];
+    setLdLibraryPath = true;
+  };
+  # Load nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = ["nvidia"];
+
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    powerManagement.enable = false;
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of
+    # supported GPUs is at:
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
+    # Only available from driver 515.43.04+
+    # Currently alpha-quality/buggy, so false is currently the recommended setting.
+    open = false;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+
+  programs.nix-ld.enable = true;
+  services.openssh.enable = true;
+
+  networking.hostName = "mannaz";
+  # networking.wireless.enable = true;
+  # networking.networkmanager.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    7865
+    7860
+  ];
+
+  time.timeZone = "America/Chicago";
+  security.sudo.wheelNeedsPassword = false;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+}

hosts/othalan/default.nix

@@ -0,0 +1,56 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = with inputs.self.nixosModules; [
+    common
+    desktop
+    hyprland
+
+    nix-ld
+    virtualization
+
+    restic
+
+    # langs
+    misc
+    nim
+    node
+    tex
+  ];
+  services.restic.backups.gdrive = {
+    user = "daylin";
+    repository = "rclone:g:archives/othalan";
+    passwordFile = "/home/daylin/.config/restic/othalan-pass";
+    paths = ["/home/daylin/stuff/" "/home/daylin/dev/"];
+  };
+
+  environment.systemPackages = with pkgs; [
+    zk
+    rclone
+    quarto
+
+    expect
+    openconnect
+  ];
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  programs.zsh.enable = true;
+  users.users.daylin = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [
+      "wheel" # sudo
+      "video" # backlight control via light
+      "audio"
+    ];
+  };
+
+  
+}

hosts/othalan/hardware-configuration.nix

@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/00587bf0-9f7f-4d96-9b8b-cf5024157e2c";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/FF65-E2AC";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/bd64a1ba-f259-4b64-88cd-5585b9345f5a";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/othalan/rune

@@ -0,0 +1,16 @@
+
+           .+.           
+         .*@@@*.         
+       .+@@- -%@*.       
+     .+@@=     -%@*.     
+   .+@%=         -%@+.   
+   +@@-           :@@*   
+    .*@%-       :#@*:    
+      .#@%:   :#@#:      
+        :#@#-*@#:        
+          =@@@+          
+        .*@#-#@#:        
+      .*@%-   :#@#:      
+    .*@%-       :%@*.    
+   +@%-           -%@+   
+   :-               -:

hosts/othalan/system.nix

@@ -0,0 +1,66 @@
+{
+  config,
+  pkgs,
+  ...
+}
+: {
+  networking.networkmanager.enable = true;
+  programs.light.enable = true;
+  services.printing.enable = true;
+  services.fwupd.enable = true;
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+
+  # https://github.com/NixOS/nixos-hardware/blob/c478b3d56969006e015e55aaece4931f3600c1b2/lenovo/thinkpad/x1/9th-gen/default.nix
+  # https://github.com/NixOS/nixos-hardware/blob/c478b3d56969006e015e55aaece4931f3600c1b2/common/pc/ssd/default.nix
+  services.fstrim.enable = true;
+
+  # rtkit is optional but recommended
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    audio.enable = true;
+    pulse.enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    pamixer
+  ];
+
+  services.getty.greetingLine =
+    ''<<< Welcome to NixOS ${config.system.nixos.label} (\m) - \l >>>''
+    + (builtins.readFile ./rune);
+
+  # catppuccin/tty
+  boot.kernelParams = [
+    "vt.default_red=30,243,166,249,137,245,148,186,88,243,166,249,137,245,148,166"
+    "vt.default_grn=30,139,227,226,180,194,226,194,91,139,227,226,180,194,226,173"
+    "vt.default_blu=46,168,161,175,250,231,213,222,112,168,161,175,250,231,213,200"
+  ];
+
+  networking.hostName = "othalan";
+  time.timeZone = "US/Central";
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+}

lib/default.nix

@@ -0,0 +1,45 @@
+{
+  inputs,
+  nixpkgs,
+  ...
+}: let
+  inherit (builtins) concatLists attrValues mapAttrs elemAt match readDir filter;
+  inherit (nixpkgs.lib) hasSuffix nixosSystem;
+  inherit (nixpkgs.lib.filesystem) listFilesRecursive;
+in rec {
+  mkSystem = hostname:
+    nixosSystem {
+      system = "x86_64-linux";
+      modules =
+        builtins.filter
+        (path: hasSuffix ".nix" path) (listFilesRecursive (../. + "/hosts/${hostname}"));
+      specialArgs = {inherit inputs;};
+    };
+
+  mapHosts = dir:
+    mapAttrs
+    (name: _: mkSystem name)
+    (readDir dir);
+
+  # https://github.com/balsoft/nixos-config/blob/73cc2c3a8bb62a9c3980a16ae70b2e97af6e1abd/flake.nix#L109-L120
+  findModules = dir:
+    concatLists (attrValues (mapAttrs
+      (name: type:
+        if type == "regular"
+        then [
+          {
+            name = elemAt (match "(.*)\\.nix" name) 0;
+            value = dir + "/${name}";
+          }
+        ]
+        else if
+          (readDir (dir + "/${name}"))
+          ? "default.nix"
+        then [
+          {
+            inherit name;
+            value = dir + "/${name}";
+          }
+        ]
+        else findModules (dir + "/${name}")) (readDir dir)));
+}

modules/cli.nix

@@ -0,0 +1,21 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  programs.direnv.enable = true;
+  environment.systemPackages = with pkgs; [
+    chezmoi
+    zoxide
+    lsd
+    fzf
+
+    # utils
+    fd
+    bat
+    delta
+    ripgrep
+
+    btop
+  ];
+}

modules/dev.nix

@@ -0,0 +1,25 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = with inputs.self.nixosModules; [
+    git
+  ];
+  programs.zsh.enable = true;
+  environment.systemPackages = with pkgs; [
+    tmux
+    unzip
+    less
+    gnumake
+    gcc
+
+    jq
+
+    wget
+    curl
+    htop
+
+    comma
+  ];
+}

modules/docker.nix

@@ -0,0 +1,6 @@
+{pkgs, ...}: {
+  virtualisation.docker.enable = true;
+  environment.systemPackages = with pkgs; [
+    lazydocker
+  ];
+}

modules/editors/nvim.nix

@@ -0,0 +1,13 @@
+{
+  input,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    vim
+    neovim
+
+    nixd
+    tree-sitter
+  ];
+}

modules/editors/vscode.nix

@@ -0,0 +1,10 @@
+{
+  input,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    # vscode
+    vscode-fhs
+  ];
+}

modules/git.nix

@@ -0,0 +1,13 @@
+{
+  input,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    git
+    git-lfs
+
+    gh
+    lazygit
+  ];
+}

modules/gui.nix

@@ -0,0 +1,23 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    inputs.wezterm.packages.${pkgs.system}.default
+    alacritty
+
+    inkscape
+    gimp
+
+    libreoffice-qt
+    hunspell # spell check for libreoffice
+
+    (vivaldi.override {
+      commandLineArgs = [
+        "--force-dark-mode"
+      ];
+      proprietaryCodecs = true;
+    })
+  ];
+}

modules/hyprland.nix

@@ -0,0 +1,50 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  fonts.fontconfig.enable = true;
+  fonts.packages = with pkgs; [
+    (nerdfonts.override {fonts = ["FiraCode"];})
+  ];
+  security.pam.services.swaylock = {};
+  programs.hyprland.enable = true;
+  programs.hyprland.package = inputs.hyprland.packages.${pkgs.system}.default;
+  # Optional, hint electron apps to use wayland:
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  environment.systemPackages = with pkgs; [
+    swaylock
+    brightnessctl
+
+    # notifications
+    libnotify
+    dunst
+
+    # screenshots
+    inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
+    grim
+    slurp
+
+    eww-wayland
+    rofi-wayland
+    hyprpaper
+
+    catppuccin-cursors.mochaDark
+    pavucontrol
+  ];
+  nixpkgs.overlays =  [ inputs.nixpkgs-wayland.overlay ];
+  # wayland extras
+  nix.settings = {
+    # add binary caches
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+    ];
+    substituters = [
+      "https://cache.nixos.org"
+      "https://nixpkgs-wayland.cachix.org"
+      "https://hyprland.cachix.org"
+    ];
+  };
+}

modules/langs/misc.nix

@@ -0,0 +1,12 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    # language supports
+    nodejs
+    go
+    rustup
+  ];
+}

modules/langs/nim.nix

@@ -0,0 +1,19 @@
+{
+  pkgs,
+  nixpkgs,
+  ...
+}: {
+  nixpkgs.overlays = [
+    # (import ../../overlays/nim {})
+    (import ../../overlays/nimlsp {})
+    (import ../../overlays/nimble {})
+    (import ../../overlays/nim-atlas {})
+  ];
+
+  environment.systemPackages = with pkgs; [
+    nim-atlas
+    nim
+    nimble
+    nimlsp
+  ];
+}

modules/langs/node.nix

@@ -0,0 +1,6 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    nodejs
+    nodePackages.pnpm
+  ];
+}

modules/langs/python.nix

@@ -0,0 +1,17 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    # https://github.com/Mic92/nix-ld?tab=readme-ov-file#my-pythonnodejsrubyinterpreter-libraries-do-not-find-the-libraries-configured-by-nix-ld
+    (pkgs.writeShellScriptBin "python" ''
+      export LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH
+      exec ${pkgs.python3}/bin/python "$@"
+    '')
+
+    (pkgs.writeShellScriptBin "python3" ''
+      export LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH
+      exec ${pkgs.python3}/bin/python "$@"
+    '')
+
+    (python3.withPackages (ps: with ps; [pip]))
+    micromamba
+  ];
+}

modules/langs/tex.nix

@@ -0,0 +1,9 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    texlive.combined.scheme-full
+  ];
+}

modules/lock/default.nix

@@ -0,0 +1,34 @@
+{
+  input,
+  pkgs,
+  ...
+}: let
+  lock = pkgs.writeShellApplication {
+    name = "lock";
+    runtimeInputs = with pkgs; [i3lock-color figlet procps];
+    text = builtins.readFile ./lock.sh;
+  };
+in {
+  environment.systemPackages = with pkgs; [
+    xss-lock
+
+    lock
+  ];
+
+  systemd.services.i3lock = {
+    wantedBy = ["sleep.target"];
+    description = "Lock the screen using a custom lock script";
+    before = ["suspend.target"];
+    serviceConfig = {
+      User = "daylin";
+      Type = "forking";
+      Environment = "DISPLAY=:0";
+      ExecStart = "${lock}/bin/lock";
+    };
+  };
+
+  # services.logind.extraConfig = ''
+  #   IdleAction=suspend
+  #   IdleActionSec=1800
+  # '';
+}

modules/lock/lock.sh

@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+# colors
+bg_color=1e1e2ebb
+red=f38ba8ff
+teal=94e2d5ff
+rosewater=f5e0dcff
+green=a6e3a1ff
+selection=454158ff
+
+# greeter config
+font="MonoLisa Nerd Font:style=Bold"
+greeter_msg="LOCKED"
+
+ff=(
+	"big"
+	"small"
+	"lean"
+	"epic"
+	"fender"
+	"slant"
+	"lineblocks"
+	"marquee"
+	"avatar"
+	"contrast"
+	"amcrazor"
+	"kban"
+)
+
+fig_font=${ff[RANDOM % ${#ff[@]}]}
+
+make_figlet() {
+	figlet -f "$fig_font" "$greeter_msg"
+}
+
+font_size=25
+font_to_px=$((font_size * 16 / 12))
+greeter_h=$(($(make_figlet | wc -l) * font_to_px))
+greeter_w=$(($(make_figlet | wc -L) * font_to_px))
+
+# centered 
+greeter_pos="x+w/2-${greeter_w}/4:y+h/2-${greeter_h}/4"
+# left-aligned
+greeter_pos="x+50:y+h/2-${greeter_h}/4"
+
+# do the locking
+
+# suspend message display
+pkill -u "$USER" -USR1 dunst
+sleep 0.1
+
+# lock the screen
+i3lock \
+	-n \
+	--screen 1 \
+	--color $bg_color \
+	--inside-color ffffff00 \
+	--ring-color $green \
+	--ringwrong-color $red \
+	--ringver-color $teal \
+	--insidewrong-color $bg_color \
+	--insidever-color $bg_color \
+	--line-uses-ring \
+	--separator-color $selection \
+	--keyhl-color $teal \
+	--bshl-color $red \
+	--wrong-color $red \
+	--ind-pos x+w-5-r:y+h-10-r \
+	--ring-width 25 \
+	--radius 100 \
+	--verif-text "" \
+	--greeter-text "$(make_figlet)" \
+	--greeter-font "${font}" \
+	--greeter-size $font_size \
+	--greeter-color $rosewater \
+	--greeter-pos "${greeter_pos}" \
+	--greeter-align 1
+
+# resume message display
+pkill -u "$USER" -USR2 dunst

modules/nix-ld.nix

@@ -0,0 +1,63 @@
+{
+  input,
+  pkgs,
+  ...
+}: {
+  programs.nix-ld.enable = true;
+
+  # Packages that need at least something in this list:
+  # Geneious Prime
+  # https://github.com/Mic92/dotfiles/blob/cb180bdd3805b373e556a93ccb275b7f0f902a3b/nixos/modules/nix-ld.nix#L9C3-L60C5
+  programs.nix-ld.libraries = with pkgs; [
+    alsa-lib
+    at-spi2-atk
+    at-spi2-core
+    atk
+    cairo
+    cups
+    curl
+    dbus
+    expat
+    fontconfig
+    freetype
+    fuse3
+    gdk-pixbuf
+    glib
+    gtk3
+    icu
+    libGL
+    libappindicator-gtk3
+    libdrm
+    libglvnd
+    libnotify
+    libpulseaudio
+    libunwind
+    libusb1
+    libuuid
+    libxkbcommon
+    mesa
+    nspr
+    nss
+    openssl
+    pango
+    pipewire
+    stdenv.cc.cc
+    systemd
+    vulkan-loader
+    xorg.libX11
+    xorg.libXScrnSaver
+    xorg.libXcomposite
+    xorg.libXcursor
+    xorg.libXdamage
+    xorg.libXext
+    xorg.libXfixes
+    xorg.libXi
+    xorg.libXrandr
+    xorg.libXrender
+    xorg.libXtst
+    xorg.libxcb
+    xorg.libxkbfile
+    xorg.libxshmfence
+    zlib
+  ];
+}

modules/nix.nix

@@ -0,0 +1,25 @@
+{
+  input,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./styx
+  ];
+  nixpkgs.config.allowUnfree = true;
+  nix.package = pkgs.nixUnstable;
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  nix.optimise.automatic = true;
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+  environment.systemPackages = with pkgs; [
+    nix-output-monitor
+    alejandra
+  ];
+}

modules/profiles/common.nix

@@ -0,0 +1,11 @@
+{inputs, ...}: {
+  imports = with inputs.self.nixosModules; [
+    nix
+    cli
+    dev
+    nvim
+
+    # langs
+    python
+  ];
+}

modules/profiles/desktop.nix

@@ -0,0 +1,13 @@
+{
+  inputs,
+  config,
+  lib,
+  ...
+}: {
+  imports = with inputs.self.nixosModules; [
+    common
+    gui
+    vscode
+    # qtile
+  ];
+}

modules/qtile.nix

@@ -0,0 +1,49 @@
+{
+  input,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./lock
+  ];
+
+  fonts.fontconfig.enable = true;
+  fonts.packages = with pkgs; [
+    (nerdfonts.override {fonts = ["FiraCode"];})
+  ];
+
+  # Enable the X11 windowing system.
+  services.xserver = {
+    enable = true;
+    displayManager.startx.enable = true;
+    desktopManager.plasma5.enable = true;
+    windowManager.qtile.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    brightnessctl
+
+    picom
+    # xorg utils
+    xdotool
+    xclip
+
+    # xrandr friends
+    autorandr
+    arandr
+
+    # notifications
+    libnotify
+    dunst
+
+    # qtile & friends
+    # qtile
+    eww
+    feh
+    rofi
+
+    flameshot
+    catppuccin-cursors.mochaDark
+    pavucontrol
+  ];
+}

modules/restic.nix

@@ -0,0 +1,25 @@
+{...}:{
+  services.restic.backups.gdrive = {
+    extraBackupArgs = [
+      "--exclude-file /home/daylin/.config/restic/excludes.txt"
+      "--exclude-file /home/daylin/.conda/environments.txt"
+      "--verbose"
+      "--one-file-system"
+      "--tag systemd.timer"
+    ];
+    pruneOpts = [
+      "--verbose"
+      "--tag systemd.timer"
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 12"
+      "--keep-yearly 3"
+    ];
+    timerConfig = {
+      OnCalendar = "00:05";
+      Persistent = true;
+      RandomizedDelaySec = "5h";
+    };
+  };
+
+}

modules/styx/default.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    (writeScriptBin "styx" (builtins.readFile ./styx))
+  ];
+}

modules/styx/styx

@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+
+set -e
+
+# rewrite as python script?
+
+FLAKE_PATH=$HOME/nixcfg
+
+DIM="$(tput dim)"
+BOLD="$(tput bold)"
+RED="$(tput setaf 1)"
+GREEN="$(tput setaf 2)"
+YELLOW="$(tput setaf 3)"
+CYAN="$(tput setaf 4)"
+RESET="$(tput sgr0)"
+PREFIX="${CYAN}styx${RESET}"
+
+log() {
+	printf "%s | %s\n" "$PREFIX" "$*"
+}
+
+error() {
+	printf "%s | %s | %s\n" "$PREFIX" "${RED}error${RESET}" "$*"
+}
+
+help() {
+	cat <<EOF
+styx <cmd> [-h]
+  ${DIM}sister moon to nix on pluto
+  sister software to nix in this repo${RESET}
+
+  pass additional args with -- --key value
+${BOLD}commands${RESET}:
+EOF
+	printf "${GREEN}%8s${RESET} | ${YELLOW}%s${RESET}\n" \
+    fmt "format *.nix" \
+    build "build and monitor with nom" \
+    boot "evaluate flake for next boot" \
+    switch "perform nixos rebuild" \
+    store "run some store cleanup"
+	exit
+}
+
+fmt() {
+	alejandra . "$@"
+}
+
+boot() {
+	sudo nixos-rebuild boot --flake "$FLAKE_PATH" "$@"
+}
+
+switch() {
+	sudo nixos-rebuild switch --flake "$FLAKE_PATH" "$@"
+}
+
+store() {
+	nix store optimise "$@"
+}
+
+build() {
+  nom build "$FLAKE_PATH#nixosConfigurations.$(hostname).config.system.build.toplevel"
+  case "$1" in
+    switch | boot | test ) sudo ./result/bin/switch-to-configuration "$1";;
+  esac
+}
+
+if [[ $# -eq 0 ]]; then
+	log no command specified see below for help
+	help
+fi
+
+while [[ $# -gt 0 ]]; do
+	case $1 in
+	fmt | boot | switch | store | build)
+		cmd=$1
+		shift
+		;;
+	-h | --help)
+		help
+		;;
+	--)
+		# stop parsing and foward the rest of the args
+		shift
+		break
+		;;
+	-*,--*)
+		error "unknown flag: ${BOLD}$1${RESET}"
+		exit 1
+		;;
+	*)
+		error "unknown command: ${BOLD}$1${RESET}"
+		exit 1
+		;;
+	esac
+done
+
+if [[ $# -gt 0 ]]; then
+	echo "forwarding args: ${BOLD}$*${RESET}"
+fi
+
+$cmd "$@"

modules/virtualization.nix

@@ -0,0 +1,8 @@
+{
+  input,
+  pkgs,
+  ...
+}: {
+  virtualisation.virtualbox.host.enable = true;
+  users.extraGroups.vboxusers.members = ["daylin"];
+}

overlays/default.nix

@@ -0,0 +1,14 @@
+# import all nix files in the current folder,
+# and execute them with args as parameters
+# The return value is a list of all execution results,
+# which is the list of overlays
+args:
+# execute and import all overlay files in the current
+# directory with the given args
+builtins.map
+# execute and import the overlay file
+(f: (import (./. + "/${f}") args))
+# find all overlay files in the current directory
+(builtins.filter
+  (f: f != "default.nix")
+  (builtins.attrNames (builtins.readDir ./.)))

overlays/hyprland/default.nix

@@ -0,0 +1,11 @@
+{...}: (final: prev: {
+  hyprland = prev.hyprland.overrideAttrs {
+    src = prev.fetchFromGitHub {
+      version = "main-20240121";
+      owner = "hyprwm";
+      repo = "Hyprland";
+      rev = "3c964a9fdc220250a85b1c498e5b6fad9390272f";
+      hash = "sha256-oIt4bUVXRR7qnBPizcPA7fTiZl4xz9QaSdzLNukjtkw=";
+    };
+  };
+})

overlays/nim-atlas/default.nix

@@ -0,0 +1,11 @@
+{...}: (final: prev: {
+  nim-atlas = prev.nim-atlas.overrideNimAttrs {
+    version = "unstable";
+    src = prev.fetchFromGitHub {
+      owner = "nim-lang";
+      repo = "atlas";
+      rev = "cbba9fa77fa837931bf3c58e20c1f8cb15a22919";
+      hash = "sha256-TsZ8TriVuKEY9/mV6KR89eFOgYrgTqXmyv/vKu362GU=";
+    };
+  };
+})

overlays/nim/default.nix

@@ -0,0 +1,18 @@
+{...}: (final: prev: {
+  nim-unwrapped-2 = prev.nim-unwrapped-2.overrideAttrs {
+    patches =
+      (prev.patches or [])
+      ++ [
+        ./install.patch
+      ];
+    # installPhase = ''
+    #   runHook preInstall
+    #   install -Dt $out/bin bin/*
+    #   ln -sf $out/nim/bin/nim $out/bin/nim
+    #   ln -sf $out/nim/lib $out/lib
+    #   ./install.sh $out
+    #   cp -a dist tools $out/nim/
+    #   runHook postInstall
+    # '';
+  };
+})

overlays/nim/install.patch

@@ -0,0 +1,10 @@
+diff --git a/install.sh b/install.sh
+@@ -1113,6 +1113,8 @@
+   chmod 644 "$nimbleDir/doc/advopt.txt"
+   cp "doc/nimdoc.css" "$nimbleDir/doc/nimdoc.css"
+   chmod 644 "$nimbleDir/doc/nimdoc.css"
++  cp "doc/nimdoc.cls" "$nimbleDir/doc/nimdoc.cls"
++  chmod 644 "$nimbleDir/doc/nimdoc.cls"
+ cp "nim.nimble" "$nimbleDir/nim.nimble"
+ chmod 644 "$nimbleDir/nim.nimble"
+ 

overlays/nimble/default.nix

@@ -0,0 +1,15 @@
+{...}: (final: prev: {
+  nimble = prev.nimble.overrideNimAttrs {
+    version = "0.14.2-f74bf2";
+    requiredNimVersion = 2;
+    buildInputs = [prev.pkgs.openssl];
+
+    src = prev.fetchFromGitHub {
+      owner = "nim-lang";
+      repo = "nimble";
+      # more recent commit
+      rev = "f74bf2bc388f7a0154104b4bcaa093a499d3f0f7";
+      hash = "sha256-8b5yKvEl7c7wA/8cpdaN2CSvawQJzuRce6mULj3z/mI=";
+    };
+  };
+})

overlays/nimlsp/default.nix

@@ -0,0 +1,11 @@
+{...}: (final: prev: {
+  nimlsp = prev.nimlsp.overrideNimAttrs {
+    requiredNimVersion = 2;
+    nimFlags = [
+      "--threads:on"
+      ""
+      "-d:explicitSourcePath=${final.srcOnly final.pkgs.nim-unwrapped-2}"
+      "-d:tempDir=/tmp"
+    ];
+  };
+})

overlays/wezterm/default.nix

@@ -0,0 +1,11 @@
+{...}: (final: prev: {
+  wezterm = prev.wezterm.overrideAttrs {
+    src = prev.fetchFromGitHub {
+      version = "main-20240121";
+      owner = "wez";
+      repo = "wezterm";
+      rev = "b0671294d1c9225096909e12875ada25dd19a35e";
+      hash = "sha256-oIt4bUVXRR7qnBPizcPA7fTiZl4xz9QaSdzLNukjtkw=";
+    };
+  };
+})

todo.md

@@ -0,0 +1,5 @@
+# daylin's nixcfg todo's
+
+<!-- nothing! -->
+
+<!-- generated with <3 by daylinmorgan/todo -->

utils/rune.sh

@@ -0,0 +1,34 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p ascii-image-converter
+
+set -e
+declare -A IMG_SRC
+IMG_SRC=(
+	[jeran]=https://upload.wikimedia.org/wikipedia/commons/0/01/Runic_letter_jeran.png
+	[othalan]=https://upload.wikimedia.org/wikipedia/commons/1/16/Runic_letter_othalan.png
+	[algiz]=https://upload.wikimedia.org/wikipedia/commons/1/14/Runic_letter_algiz.png
+	[mannaz]=https://upload.wikimedia.org/wikipedia/commons/0/0c/Runic_letter_mannaz.png
+	[kaunan]=https://upload.wikimedia.org/wikipedia/commons/a/a3/Runic_letter_kauna.png
+)
+
+if [[ $# -eq 0 ]]; then
+	echo please provide rune name
+	echo options:
+	for i in "${!IMG_SRC[@]}"; do
+		echo $i
+	done
+	exit 1
+fi
+
+rune=$1
+color=${36:-$2}
+
+# tmp this?
+FILENAME="Runic_letter_${rune}.png"
+
+[[ -f "$FILENAME" ]] || wget -O "$FILENAME" "${IMG_SRC[$rune]}"
+
+printf "\033[1;%dm\n%s\033[0m\n\n" \
+	"$color" \
+	"$(ascii-image-converter "$FILENAME" -n -H 15 -b)" \
+	>"${rune}.txt"