2024-09-08 19:22:14 -05:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
inputs,
|
|
|
|
lib,
|
|
|
|
...
|
2024-09-12 20:50:53 -05:00
|
|
|
}: {
|
|
|
|
age.secrets = let
|
|
|
|
secret = filename: {
|
|
|
|
file = "${inputs.self}/secrets/${filename}";
|
2024-10-17 00:43:24 -05:00
|
|
|
owner = config.custom.username;
|
|
|
|
group = config.custom.username;
|
2024-09-08 19:22:14 -05:00
|
|
|
};
|
2024-09-12 20:50:53 -05:00
|
|
|
in {
|
|
|
|
"common/nix/access-tokens.conf" = secret "common/nix/access-tokens.conf";
|
|
|
|
};
|
2024-09-08 19:22:14 -05:00
|
|
|
|
|
|
|
### NixOS
|
2024-09-12 20:50:53 -05:00
|
|
|
nixpkgs = let
|
|
|
|
config = {
|
|
|
|
allowUnfree = true;
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-12 20:50:53 -05:00
|
|
|
allowInsecurePredicate = pkg: let
|
|
|
|
name = lib.getName pkg;
|
|
|
|
in
|
|
|
|
# HACK: Allow all insecure electron versions
|
|
|
|
name
|
|
|
|
== "electron"
|
|
|
|
# HACK: Some Matrix clients rely on libolm, which is deprecated
|
|
|
|
# https://github.com/NixOS/nixpkgs/pull/334638
|
|
|
|
|| name == "cinny"
|
|
|
|
|| name == "cinny-unwrapped"
|
|
|
|
|| name == "fluffychat-linux"
|
|
|
|
|| name == "olm"
|
|
|
|
|| name == "openssl"; # Cisco Packet Tracer
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
inherit config;
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-12 20:50:53 -05:00
|
|
|
overlays = [
|
|
|
|
(
|
|
|
|
final: prev: let
|
|
|
|
nixpkgs = branch:
|
|
|
|
import inputs."nixpkgs-${branch}" {
|
|
|
|
inherit config;
|
|
|
|
system = prev.system;
|
|
|
|
};
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-12 20:50:53 -05:00
|
|
|
stable = nixpkgs "stable";
|
|
|
|
unstable = nixpkgs "unstable";
|
|
|
|
staging-next = nixpkgs "staging-next";
|
2024-09-14 16:08:50 -05:00
|
|
|
#// local = nixpkgs "local";
|
2024-09-12 20:50:53 -05:00
|
|
|
in {
|
|
|
|
# Overlay nixpkgs branches
|
|
|
|
#?? nixpkgs.BRANCH.PACKAGE
|
|
|
|
inherit stable unstable staging-next;
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-01 19:35:47 -05:00
|
|
|
### Packages
|
|
|
|
# TODO: Remove when GTK > 4.16 in unstable
|
|
|
|
# BUG: v5.4 is not compatible with GTK < 4.16
|
|
|
|
# https://github.com/lassekongo83/adw-gtk3/releases/tag/v5.4
|
|
|
|
adw-gtk3 = stable.adw-gtk3;
|
|
|
|
|
2024-09-15 19:15:21 -05:00
|
|
|
# BUG: Build tests often fail on unstable
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/333946
|
|
|
|
fprintd = stable.fprintd;
|
|
|
|
|
2024-10-01 19:35:47 -05:00
|
|
|
### Hypr*
|
2024-09-12 20:50:53 -05:00
|
|
|
hypridle = inputs.hypridle.packages.${prev.system}.default;
|
|
|
|
hyprland = inputs.hyprland.packages.${prev.system}.default;
|
|
|
|
hyprlock = inputs.hyprlock.packages.${prev.system}.default;
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-12 20:50:53 -05:00
|
|
|
hyprlandPlugins = {
|
|
|
|
hyprbars = inputs.hyprland-plugins.packages.${prev.system}.hyprbars;
|
|
|
|
};
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-01 19:35:47 -05:00
|
|
|
### Development
|
2024-09-14 16:08:50 -05:00
|
|
|
#// ciscoPacketTracer8 = local.ciscoPacketTracer8;
|
2024-09-12 20:50:53 -05:00
|
|
|
}
|
|
|
|
)
|
|
|
|
];
|
|
|
|
};
|
2024-09-08 19:22:14 -05:00
|
|
|
|
|
|
|
nix = {
|
|
|
|
#!! Override upstream nix
|
|
|
|
# TODO: Try lix v2.92.0
|
|
|
|
# https://git.lix.systems/lix-project/lix
|
|
|
|
#// package = pkgs.lix;
|
|
|
|
|
|
|
|
# BUG: Absolute paths are forbidden in pure mode
|
|
|
|
# https://github.com/NixOS/nix/issues/11030
|
|
|
|
#// package = pkgs.nixVersions.latest;
|
|
|
|
|
|
|
|
#// optimise.automatic = true; # Run storage optimizer periodically
|
|
|
|
|
|
|
|
# https://nix.dev/manual/nix/latest/command-ref/conf-file.html
|
|
|
|
# https://nix.dev/manual/nix/2.18/command-ref/conf-file.html for Lix
|
|
|
|
settings = {
|
|
|
|
auto-optimise-store = true; # Run optimizer during build
|
|
|
|
fallback = true; # Build from source if cache timeout reached
|
|
|
|
log-lines = 1000; # Build failure log length
|
|
|
|
min-free = 1024 * 1024 * 1024; # Trigger garbage collection at 1 GB space remaining
|
2024-09-30 16:41:18 -05:00
|
|
|
trusted-users = ["@wheel"]; # Binary caches
|
2024-09-08 19:22:14 -05:00
|
|
|
warn-dirty = false; # Git tree is usually dirty
|
2024-09-30 16:41:18 -05:00
|
|
|
|
2024-09-08 19:22:14 -05:00
|
|
|
experimental-features = [
|
|
|
|
"nix-command"
|
|
|
|
"flakes"
|
|
|
|
];
|
|
|
|
|
|
|
|
trusted-substituters = [
|
|
|
|
"https://anyrun.cachix.org"
|
|
|
|
"https://attic.kennel.juneis.dog/conduwuit"
|
|
|
|
"https://ezkea.cachix.org"
|
|
|
|
"https://hyprland.cachix.org"
|
|
|
|
"https://nix-community.cachix.org"
|
2024-09-14 16:05:34 -05:00
|
|
|
"https://walker.cachix.org"
|
2024-09-08 19:22:14 -05:00
|
|
|
];
|
|
|
|
|
|
|
|
trusted-public-keys = [
|
|
|
|
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
|
|
|
|
"conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE="
|
|
|
|
"ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI="
|
|
|
|
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
|
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
2024-09-14 16:05:34 -05:00
|
|
|
"walker.cachix.org-1:fG8q+uAaMqhsMxWjwvk0IMb4mFPFLqHjuvfwQxE4oJM="
|
2024-09-08 19:22:14 -05:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
#!! Handled by programs.nh.clean
|
|
|
|
# Garbage collection
|
|
|
|
# gc = {
|
|
|
|
# automatic = true;
|
|
|
|
# dates = "weekly";
|
|
|
|
# options = "--delete-older-than 7d"; # Delete old generations
|
|
|
|
# };
|
|
|
|
|
|
|
|
# API access tokens to increase rate limits
|
2024-09-30 16:41:18 -05:00
|
|
|
#!! Requires nix to be run as root for read access to agenix secrets
|
2024-09-08 19:22:14 -05:00
|
|
|
# https://nix.dev/manual/nix/latest/command-ref/conf-file#conf-access-tokens
|
|
|
|
# https://github.com/NixOS/nix/issues/6536#issuecomment-1254858889
|
|
|
|
# https://github.com/settings/tokens
|
|
|
|
extraOptions = "!include ${config.age.secrets."common/nix/access-tokens.conf".path}";
|
|
|
|
};
|
|
|
|
|
|
|
|
system = {
|
|
|
|
nixos.label = ""; # Partially clean up boot entries
|
|
|
|
|
|
|
|
#!! DO NOT MODIFY ###
|
|
|
|
stateVersion = "23.11";
|
|
|
|
#!! ############# ###
|
|
|
|
};
|
|
|
|
|
|
|
|
### Home Manager
|
|
|
|
# https://nix-community.github.io/home-manager/index.xhtml#sec-install-nixos-module
|
|
|
|
home-manager = {
|
|
|
|
backupFileExtension = "bak";
|
|
|
|
useGlobalPkgs = true;
|
|
|
|
useUserPackages = true;
|
|
|
|
|
|
|
|
extraSpecialArgs = {
|
|
|
|
inherit inputs;
|
|
|
|
};
|
|
|
|
|
2024-09-15 18:23:14 -05:00
|
|
|
users = {
|
|
|
|
root = {
|
|
|
|
# Inherit from user
|
|
|
|
programs.home-manager.enable = config.home-manager.users.${config.custom.username}.programs.home-manager.enable;
|
|
|
|
systemd.user.startServices = config.home-manager.users.${config.custom.username}.systemd.user.startServices;
|
|
|
|
nixpkgs.config = config.home-manager.users.${config.custom.username}.nixpkgs.config;
|
|
|
|
nix.gc = config.home-manager.users.${config.custom.username}.nix.gc;
|
|
|
|
|
|
|
|
home = {
|
|
|
|
username = "root";
|
|
|
|
homeDirectory = "/root";
|
|
|
|
stateVersion = config.home-manager.users.${config.custom.username}.home.stateVersion;
|
|
|
|
};
|
|
|
|
};
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-15 18:23:14 -05:00
|
|
|
${config.custom.username} = {
|
|
|
|
programs.home-manager.enable = true;
|
|
|
|
systemd.user.startServices = "sd-switch"; # Start/stop user services immediately
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-15 18:23:14 -05:00
|
|
|
# Inherit configuration.nix
|
|
|
|
nixpkgs.config = config.nixpkgs.config;
|
|
|
|
|
|
|
|
nix.gc = {
|
|
|
|
automatic = config.nix.gc.automatic;
|
|
|
|
frequency = config.nix.gc.dates;
|
|
|
|
options = config.nix.gc.options;
|
|
|
|
};
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-15 18:23:14 -05:00
|
|
|
home = {
|
|
|
|
username = config.custom.username;
|
|
|
|
homeDirectory = "/home/${config.custom.username}";
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-09-15 18:23:14 -05:00
|
|
|
#!! DO NOT MODIFY ###
|
|
|
|
stateVersion = "23.11";
|
|
|
|
#!! ############# ###
|
|
|
|
};
|
2024-09-08 19:22:14 -05:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|