wayne/system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Resolved kwallet and dolphin SMB issues

Browse Source
This commit is contained in:
wayne 2025-03-13 14:41:05 -07:00
parent 27a59191e7
commit 4c0f716232
35 changed files with 2509 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
configuration.nix
View File

@ -9,6 +9,7 @@
agenix,
pkgs-unstable,
pia,
ghostty,
...
}:
let
@ -35,6 +36,8 @@ in
./modules/users.nix
./modules/wm.nix
./modules/xdg.nix
# ./flakes/scribeVault.nix
];
programs.hyprland = {
@ -42,7 +45,7 @@ in
xwayland.enable = true;
# package = pkgs.hyprland;
# package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
# portalPackage = pkgs.xdg-desktop-portal-hyprland;
portalPackage = pkgs.xdg-desktop-portal-hyprland;
# portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
@ -81,8 +84,8 @@ in
# ];
virtualisation.docker = {
enable = false;
enableNvidia = true;
enable = true;
# enableNvidia = true; depreciated
rootless = {
enable = true;
setSocketVariable = true;
@ -157,6 +160,27 @@ in
enable = true;
authUserPassFile = config.age.secrets.pia.path;
};
home-assistant = {
extraPackages = python3Packages: with python3Packages; [
pip
pynvim # mopidy-tidal # Mopidy-WebSettings
virtualenv setuptools wheel
];
};
samba = {
enable = true;
openFirewall = true;
package = pkgs.samba4Full;
settings = {
global = {
security = "user";
"server min protocol" = "SMB2_10";
"client min protocol" = "SMB2_10";
"server max protocol" = "SMB3_11";
"client max protocol" = "SMB3_11";
};
};
};
};
# List packages installed in system profile. To search, run:
@ -166,34 +190,47 @@ in
flavor = "mocha";
font = "Noto Sans";
fontSize = "9";
background = "${/home/wayne/Pictures/marvin.png}";
# background = "${/home/wayne/Pictures/marvin.png}";
loginBackground = true;
# clockEnabled = true;
})
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget git sshfs
pciutils usbutils
zsh
zsh ghostty.packages.x86_64-linux.default
cryptsetup agenix.packages.x86_64-linux.default
home-manager
wpa_supplicant
lynx
nix-index nix-prefetch-scripts nix-prefetch
docker_27 docker-compose
docker_27 docker-compose compose2nix
mongodb-compass mongosh
# direnv nix-direnv
# xdg-desktop-portal-hyprland
clinfo glxinfo vulkan-tools wayland-utils wl-clipboard
kdePackages.kdeplasma-addons kdePackages.qtstyleplugin-kvantum kdePackages.full kdePackages.qtwebengine kdePackages.qtpositioning kdePackages.qtlocation
kdePackages.ark plasma5Packages.kwallet-pam kdePackages.dolphin kdePackages.kwallet kdePackages.kwalletmanager kdePackages.konsole
kdePackages.kdeplasma-addons kdePackages.qtstyleplugin-kvantum kdePackages.full kdePackages.qtwebengine
kdePackages.qtpositioning kdePackages.qtlocation kdePackages.ark kdePackages.dolphin
kdePackages.dolphin-plugins # kdePackages.kwallet kdePackages.kwalletmanager
kdePackages.konsole
kdePackages.qtwayland kdePackages.qtsvg kdePackages.kio kdePackages.kio-fuse kdePackages.kio-extras
kdePackages.kdenetwork-filesharing
kdePackages.kwallet kdePackages.kwalletmanager kdePackages.kwallet-pam
# plasma5Packages.kwallet plasma5Packages.kwalletmanager plasma5Packages.kwallet-pam
gtk2
gnome-themes-extra
evtest input-remapper dbus uwsm # keyd
egl-wayland
cudaPackages.cudatoolkit # cudaPackages.cuda-samples
cifs-utils mesa libGL udiskie
cifs-utils mesa libGL udiskie samba
glibc
libsForQt5.qtstyleplugin-kvantum
# libsForQt5.qtstyleplugin-kvantum libsForQt5.qt5.qtwayland libsForQt5.kio-extras # libsForQt5.qt5.qtgraphicaleffects
#kio-fuse
catppuccin-sddm-corners
sddm-astronaut
# steam-run
lxqt.pavucontrol-qt

8
environment.nix
View File

@ -1,4 +1,4 @@
{ config, ... }:
{ config, pkgs, ... }:
{
# Set your time zone.
time.timeZone = "America/Los_Angeles";
@ -32,6 +32,8 @@
GTK_USE_PORTAL = "1";
QT_QPA_PLATFORM = "wayland;xcb";
QT_QPA_PLATFORMTHEME = "qt6ct";
# QT_STYLE_OVERRIDE = "cleanlooks";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
QT_SCALE_FACTOR_ROUNDING_POLICY = "RoundPreferFloor";
@ -52,8 +54,8 @@
# QT_LOGGING_RULES="*.debug=true";
# Stolen from Plasma
KPACKAGE_DEP_RESOLVERS_PATH="/nix/store/219bis5qbxz1i66qgc0l8g8qr6nn7c5m-frameworkintegration-6.7.0/libexec/kf6/kpackagehandlers";
QT_PLUGIN_PATH="/home/wayne/.nix-profile/lib/qt-5.15.15/plugins:/home/wayne/.nix-profile/lib/qt-6/plugins:/nix/profile/lib/qt-5.15.15/plugins:/nix/profile/lib/qt-6/plugins:/home/wayne/.local/state/nix/profile/lib/qt-5.15.15/plugins:/home/wayne/.local/state/nix/profile/lib/qt-6/plugins:/etc/profiles/per-user/wayne/lib/qt-5.15.15/plugins:/etc/profiles/per-user/wayne/lib/qt-6/plugins:/nix/var/nix/profiles/default/lib/qt-5.15.15/plugins:/nix/var/nix/profiles/default/lib/qt-6/plugins:/run/current-system/sw/lib/qt-5.15.15/plugins:/run/current-system/sw/lib/qt-6/plugins";
# KPACKAGE_DEP_RESOLVERS_PATH="/nix/store/219bis5qbxz1i66qgc0l8g8qr6nn7c5m-frameworkintegration-6.7.0/libexec/kf6/kpackagehandlers";
# QT_PLUGIN_PATH="/home/wayne/.nix-profile/lib/qt-5.15.15/plugins:/home/wayne/.nix-profile/lib/qt-6/plugins:/nix/profile/lib/qt-5.15.15/plugins:/nix/profile/lib/qt-6/plugins:/home/wayne/.local/state/nix/profile/lib/qt-5.15.15/plugins:/home/wayne/.local/state/nix/profile/lib/qt-6/plugins:/etc/profiles/per-user/wayne/lib/qt-5.15.15/plugins:/etc/profiles/per-user/wayne/lib/qt-6/plugins:/nix/var/nix/profiles/default/lib/qt-5.15.15/plugins:/nix/var/nix/profiles/default/lib/qt-6/plugins:/run/current-system/sw/lib/qt-5.15.15/plugins:/run/current-system/sw/lib/qt-6/plugins";
};
# environment.etc = {

255
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
@ -58,11 +58,11 @@
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1731949548,
"narHash": "sha256-XIDexXM66sSh5j/x70e054BnUsviibUShW7XhbDGhYo=",
"lastModified": 1740359818,
"narHash": "sha256-Tbjclt9SnCMj+9Szk9M+xWZ6gbo14ylVT+YBvuzFadg=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "61165b1632409bd55e530f3dbdd4477f011cadc6",
"rev": "4dcc9a77d7aa19c063f0df00865ef60b7e99c8bd",
"type": "github"
},
"original": {
@ -96,11 +96,27 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -131,6 +147,24 @@
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
@ -161,6 +195,29 @@
"type": "github"
}
},
"ghostty": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"zig": "zig",
"zig2nix": "zig2nix"
},
"locked": {
"lastModified": 1741594465,
"narHash": "sha256-8a/QIgNwV8VGn8JIiACmVVEdue+U3juiMSAO1DEUTC4=",
"owner": "ghostty-org",
"repo": "ghostty",
"rev": "95daca616db5c24d7bb37fd5a3ac2f8762bb4ead",
"type": "github"
},
"original": {
"owner": "ghostty-org",
"repo": "ghostty",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -189,11 +246,11 @@
]
},
"locked": {
"lastModified": 1733482664,
"narHash": "sha256-ZD+h1fwvZs+Xvg46lzTWveAqyDe18h9m7wZnTIJfFZ4=",
"lastModified": 1739757849,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e38d3dd1d355a003cc63e8fe6ff66ef2257509ed",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"type": "github"
},
"original": {
@ -223,11 +280,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1732661062,
"narHash": "sha256-E8mk/P0wUpHXy7tDQqUzbpa9IJoN/DmA1a6iFBuXqgI=",
"lastModified": 1741303672,
"narHash": "sha256-eRKbKccBu3PK/oJpmUuLo+0v45d0SEjosE8tVsHbpeA=",
"owner": "musnix",
"repo": "musnix",
"rev": "629dcc6010365cfd268702065c2f8149ae19ea02",
"rev": "d56a15f30329f304151e4e05fa82264d127da934",
"type": "github"
},
"original": {
@ -286,13 +343,45 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"lastModified": 1738255539,
"narHash": "sha256-hP2eOqhIO/OILW+3moNWO4GtdJFYCqAe9yJZgvlCoDQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"rev": "c3511a3b53b482aa7547c9d1626fd7310c1de1c5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1738136902,
"narHash": "sha256-pUvLijVGARw4u793APze3j6mU1Zwdtz7hGkGGkD87qw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9a5db3142ce450045840cc8d832b13b8a2018e0c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1741513245,
"narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
"type": "github"
},
"original": {
@ -304,11 +393,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"lastModified": 1740695751,
"narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4",
"type": "github"
},
"original": {
@ -320,11 +409,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1733261153,
"narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=",
"lastModified": 1741600792,
"narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88",
"rev": "ebe2788eafd539477f83775ef93c3c7e244421d3",
"type": "github"
},
"original": {
@ -334,35 +423,19 @@
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1732521221,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pia": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730809692,
"narHash": "sha256-L2nzuQOK36xYcY6hQ3+waIFd0lWGlz7YTBnUCgV5Ox4=",
"lastModified": 1739700451,
"narHash": "sha256-UrUTLVTFmtLbu0/pnt3C7eS/QiMuLztAEnS2PO5ayjg=",
"owner": "Fuwn",
"repo": "pia.nix",
"rev": "445e82bd030080fb250f83805a7cc2feeea174c9",
"rev": "a8bc845dba30d35b07494fe9d1d0427632d5c313",
"type": "github"
},
"original": {
@ -378,12 +451,13 @@
"base16-vim": "base16-vim",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"ghostty": "ghostty",
"home-manager": "home-manager_2",
"legacy": "legacy",
"musnix": "musnix",
"nix-colors": "nix-colors",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-unstable": "nixpkgs-unstable_2",
"pia": "pia",
"tt-schemes": "tt-schemes",
"zen-browser": "zen-browser"
@ -434,14 +508,29 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tt-schemes": {
"flake": false,
"locked": {
"lastModified": 1731411556,
"narHash": "sha256-Tp1BpaF5qRav7O2TsSGjCfgRzhiasu4IuwROR66gz1o=",
"lastModified": 1741713929,
"narHash": "sha256-XRwEa2+sau3jsVN4QcffFu7cWoxkKVs0oqysSu3Anxc=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "61058a8d2e2bd4482b53d57a68feb56cdb991f0b",
"rev": "d4a7c5b683fb4d4150162d163889a7882625022e",
"type": "github"
},
"original": {
@ -452,21 +541,77 @@
},
"zen-browser": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732835488,
"narHash": "sha256-r1nomBVEMO4I0y3pMfqLletQxKak5xfpk9DhlO1AsuI=",
"owner": "ch4og",
"lastModified": 1741672271,
"narHash": "sha256-uwzPVIiJUus20WRMhN7xVcHNaniYPEkXjeWoM3I5rQ0=",
"owner": "youwen5",
"repo": "zen-browser-flake",
"rev": "d8fbf602685f5cf2a6475eaf20595a6dc6628891",
"rev": "f9ed87557cb28ba557a15bb313f9b81554e90e0a",
"type": "github"
},
"original": {
"owner": "ch4og",
"owner": "youwen5",
"repo": "zen-browser-flake",
"type": "github"
}
},
"zig": {
"inputs": {
"flake-compat": [
"ghostty"
],
"flake-utils": [
"ghostty",
"flake-utils"
],
"nixpkgs": [
"ghostty",
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1738239110,
"narHash": "sha256-Y5i9mQ++dyIQr+zEPNy+KIbc5wjPmfllBrag3cHZgcE=",
"owner": "mitchellh",
"repo": "zig-overlay",
"rev": "1a8fb6f3a04724519436355564b95fce5e272504",
"type": "github"
},
"original": {
"owner": "mitchellh",
"repo": "zig-overlay",
"type": "github"
}
},
"zig2nix": {
"inputs": {
"flake-utils": [
"ghostty",
"flake-utils"
],
"nixpkgs": [
"ghostty",
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1741368279,
"narHash": "sha256-WTaC8HmnIq6O71iK0g9as404BbmS+YyEP5qS85m2JBY=",
"owner": "jcollie",
"repo": "zig2nix",
"rev": "672971b5b6911de21446ad4fc76dee677922eda0",
"type": "github"
},
"original": {
"owner": "jcollie",
"ref": "672971b5b6911de21446ad4fc76dee677922eda0",
"repo": "zig2nix",
"type": "github"
}
}
},
"root": "root",

13
flake.nix
View File

@ -33,7 +33,11 @@
};
# Zen Browser
zen-browser.url = "github:ch4og/zen-browser-flake";
# zen-browser.url = "github:ch4og/zen-browser-flake";
zen-browser.url = "github:youwen5/zen-browser-flake";
zen-browser.inputs.nixpkgs.follows = "nixpkgs";
ghostty.url = "github:ghostty-org/ghostty";
# hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
# hyprland.url = "github:hyprwm/Hyprland";
@ -50,6 +54,9 @@
pia.inputs.nixpkgs.follows = "nixpkgs";
musnix.url = "github:musnix/musnix";
# compose2nix.url = "github:aksiksi/compose2nix";
# compose2nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
@ -67,6 +74,8 @@
# nix-ld,
musnix,
pia,
ghostty,
# compose2nix,
...
} @ inputs:
let
@ -106,7 +115,7 @@
nixosConfigurations = {
launchpad = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs systemSettings userSettings lib agenix pia ;};
specialArgs = {inherit inputs outputs systemSettings userSettings lib agenix pia ghostty ;};
modules = [
# kmonad.nixosModules.default
musnix.nixosModules.musnix

52
flakes/aider-chat/flake.nix Normal file
View File

@ -0,0 +1,52 @@
{
description = "Flake providing dev shell for using aider-chat in NixOS";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
};
outputs = { self, nixpkgs }:
let
supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system);
in
{
url = self.sourceInfo.url;
devShells = forAllSystems (system:
let pkgs = import nixpkgs { inherit system; };
in {
default = pkgs.mkShell {
buildInputs = with pkgs; [
(pkgs.python3.withPackages (ps: with ps; [ virtualenv pip setuptools wheel ]))
];
# set LD_LIBRARY_PATH environment variable to avoid error. see https://discourse.nixos.org/t/how-to-solve-libstdc-not-found-in-shell-nix/25458
LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.zlib}/lib";
shellHook = ''
# create virtualenv if not exist
if [ ! -d .venv ]; then
virtualenv .venv
fi
# activate virtualenv
source .venv/bin/activate
# install aider-chat into virtualenv and upgrade it
pip install --upgrade aider-chat --prefix=$PWD/.venv
# export PATH to virtualenv bins
export PATH=$PWD/.venv/bin:$PATH
export OLLAMA_API_BASE=http://127.0.0.1:11434
echo "---Development Environment Activated---"
echo
echo "[Dependencies]"
echo "(NodeJS)> $(node --version)"
echo "(SHELL)> $(echo $0)"
echo " journalctl -u ollama --no-pager "
'';
exitHook = ''
deactivate
'';
};
}
);
};
}

115
flakes/docker-compose.nix Normal file
View File

@ -0,0 +1,115 @@
# Auto-generated using compose2nix v0.3.1.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
# Enable container name DNS for non-default Podman networks.
# https://github.com/NixOS/nixpkgs/issues/226365
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."scribe-vault-app" = {
image = "node:22";
volumes = [
"/home/wayne/dev/www/v2-scribevault/frontend:/app:rw"
];
ports = [
"4173:4173/tcp"
];
cmd = [ "npm" "run" "test" ];
log-driver = "journald";
extraOptions = [
"--network-alias=app"
"--network=scribe-vault_my-network"
];
};
systemd.services."podman-scribe-vault-app" = {
serviceConfig = {
Restart = lib.mkOverride 90 "no";
};
after = [
"podman-network-scribe-vault_my-network.service"
];
requires = [
"podman-network-scribe-vault_my-network.service"
];
partOf = [
"podman-compose-scribe-vault-root.target"
];
wantedBy = [
"podman-compose-scribe-vault-root.target"
];
};
virtualisation.oci-containers.containers."scribe-vault-cypress" = {
image = "cypress/included:cypress-13.17.0-node-22.12.0-chrome-131.0.6778.139-1-ff-133.0.3-edge-131.0.2903.99-1";
environment = {
"CYPRESS_BASE_URL" = "http://app:4173";
};
volumes = [
"/home/wayne/dev/www/v2-scribevault/frontend:/app:rw"
];
dependsOn = [
"scribe-vault-app"
];
log-driver = "journald";
extraOptions = [
"--entrypoint=[\"cypress\", \"run\", \"--e2e\"]"
"--network-alias=cypress"
"--network=scribe-vault_my-network"
];
};
systemd.services."podman-scribe-vault-cypress" = {
serviceConfig = {
Restart = lib.mkOverride 90 "no";
};
after = [
"podman-network-scribe-vault_my-network.service"
];
requires = [
"podman-network-scribe-vault_my-network.service"
];
partOf = [
"podman-compose-scribe-vault-root.target"
];
wantedBy = [
"podman-compose-scribe-vault-root.target"
];
};
# Networks
systemd.services."podman-network-scribe-vault_my-network" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f scribe-vault_my-network";
};
script = ''
podman network inspect scribe-vault_my-network || podman network create scribe-vault_my-network --driver=bridge
'';
partOf = [ "podman-compose-scribe-vault-root.target" ];
wantedBy = [ "podman-compose-scribe-vault-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-scribe-vault-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

105
flakes/scribeVault.nix Normal file
View File

@ -0,0 +1,105 @@
# Auto-generated using compose2nix v0.3.1.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."scribe-vault-app" = {
image = "node:22";
volumes = [
"/home/wayne/dev/www/v2-scribevault/frontend:/app:rw"
];
ports = [
"4173:4173/tcp"
];
cmd = [ "npm" "run" "test" ];
log-driver = "journald";
extraOptions = [
"--network-alias=app"
"--network=scribe-vault_my-network"
];
};
systemd.services."docker-scribe-vault-app" = {
serviceConfig = {
Restart = lib.mkOverride 90 "no";
};
after = [
"docker-network-scribe-vault_my-network.service"
];
requires = [
"docker-network-scribe-vault_my-network.service"
];
partOf = [
"docker-compose-scribe-vault-root.target"
];
wantedBy = [
"docker-compose-scribe-vault-root.target"
];
};
virtualisation.oci-containers.containers."scribe-vault-cypress" = {
image = "cypress/included:cypress-13.17.0-node-22.12.0-chrome-131.0.6778.139-1-ff-133.0.3-edge-131.0.2903.99-1";
environment = {
"CYPRESS_BASE_URL" = "http://app:4173";
};
volumes = [
"/home/wayne/dev/www/v2-scribevault/frontend:/app:rw"
];
dependsOn = [
"scribe-vault-app"
];
log-driver = "journald";
extraOptions = [
"--entrypoint=[\"cypress\", \"run\", \"--e2e\"]"
"--network-alias=cypress"
"--network=scribe-vault_my-network"
];
};
systemd.services."docker-scribe-vault-cypress" = {
serviceConfig = {
Restart = lib.mkOverride 90 "no";
};
after = [
"docker-network-scribe-vault_my-network.service"
];
requires = [
"docker-network-scribe-vault_my-network.service"
];
partOf = [
"docker-compose-scribe-vault-root.target"
];
wantedBy = [
"docker-compose-scribe-vault-root.target"
];
};
# Networks
systemd.services."docker-network-scribe-vault_my-network" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f scribe-vault_my-network";
};
script = ''
docker network inspect scribe-vault_my-network || docker network create scribe-vault_my-network --driver=bridge
'';
partOf = [ "docker-compose-scribe-vault-root.target" ];
wantedBy = [ "docker-compose-scribe-vault-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-scribe-vault-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

23
hm/home.nix
View File

@ -59,11 +59,12 @@ let
icat="kitten icat";
s="kitten ssh";
init_0="sudo systemctl isolate emergency.target";
init_1="sudo systemctl isolate rescue.target";
init_3="sudo systemctl isolate multi-user.target";
init_5="sudo systemctl isolate graphical.target";
# init_0="sudo systemctl isolate emergency.target";
# init_1="sudo systemctl isolate rescue.target";
# init_3="sudo systemctl isolate multi-user.target";
# init_5="sudo systemctl isolate graphical.target";
stop-containers="listServices | grep container | grep active | awk '{print $1}' | xargs -n1 sudo systemctl stop";
# history="history | fzf";
};
@ -100,7 +101,7 @@ let
unstablePkgs = import (
fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
sha256 = "0z9jlamk8krq097a375qqhyj7ljzb6nlqh652rl4s00p2mf60f6r";
sha256 = "0328lh3ghdbglwd69774sx3an9ym7193xwvypa1gzbnw11a8frjq";
})
{
# config = config.nixpkgs.config;
@ -165,7 +166,7 @@ in
doublecmd filezilla
libreoffice
unstablePkgs.bottles winePackages.wayland
bottles winePackages.wayland
] ++ (import ./pkgs { inherit unstablePkgs pkgs system zen-browser; });
@ -183,6 +184,16 @@ in
bbenoist.nix
];
};
direnv = {
enable = true;
package = pkgs.direnv;
enableBashIntegration = true;
enableZshIntegration = true;
nix-direnv = {
enable = true;
package = pkgs.nix-direnv;
};
};
};
services = {

8
hm/modules/theme.nix
View File

@ -9,8 +9,9 @@
enable = true;
platformTheme.name = "gtk";
style = {
name = "gtk2";
package = pkgs.libsForQt5.breeze-qt5;
name = "qt6gtk2";
# package = pkgs.libsForQt5.breeze-qt5;
package = pkgs.kdePackages.breeze-gtk;
};
};
@ -18,7 +19,8 @@
enable = true;
theme = {
name = "Breeze-Dark";
package = pkgs.libsForQt5.breeze-gtk;
# package = pkgs.libsForQt5.breeze-gtk;
package = pkgs.kdePackages.breeze-gtk;
};
iconTheme = {
name = "nordzy-icon-theme";

2
hm/pkgs/creative-packages.nix
View File

@ -6,4 +6,6 @@ with pkgs;
blender
gimp-with-plugins
reaper yabridge yabridgectl
#libsForQt5.gwenview
kdePackages.gwenview
]

6
hm/pkgs/gramming-packages.nix
View File

@ -2,13 +2,15 @@
with pkgs;
[
# (vscode-with-extensions.override {
# vscodeExtensions = with vscode-extensions; [
# vscodeExtensions = with vscode-extensions; [
# devsense.profiler-php-vscode devsense.phptools-vscode devsense.composer-php-vscode
# ];
# mkhl.direnv
# ];
# })
# IDE's
sublime3 sublime-merge vscode # vscode.languages.web vscode.languages.python vscode.languages.nix vscode.languages.bash
typora obsidian obsidian-export # vimPlugins.obsidian-nvim
# Lunarvim Dependencies
gnumake42 nodejs_22 cargo ripgrep cmake
# direnv nix-direnv vimPlugins.direnv-vim
]

12
hm/pkgs/inet-packages.nix
View File

@ -1,14 +1,17 @@
{ pkgs, system, zen-browser, ... }:
with pkgs;
[
(python3.withPackages (ps: with ps; [
pip pynvim # mopidy-tidal # Mopidy-WebSettings
]))
# (python3.withPackages (ps: with ps; [
# Moved to services.home-assistant
# pip
# pynvim # mopidy-tidal # Mopidy-WebSettings
# virtualenv setuptools wheel
# ]))
# mopidy mopidy-tidal mopidy-musicbox-webclient gst_all_1.gstreamer gst_all_1.gst-plugins-bad
# Browsers
firefox-devedition
# firefox-devedition
w3m
ungoogled-chromium
librewolf
@ -27,4 +30,5 @@ with pkgs;
mapscii
# tidal-dl
postman
]

9
hm/pkgs/llm-packages.nix
View File

@ -2,5 +2,12 @@
with pkgs;
[
# LLM's
# lmstudio
lmstudio
# aider-chat
# (pkgs.python3.withPackages (ps: with ps; [
# virtualenv
# pip
# setuptools
# wheel
# ]))
]

13
hm/pkgs/theme-packages.nix
View File

@ -1,15 +1,18 @@
{ pkgs, unstablePkgs, ... }:
with pkgs;
[
(unstablePkgs.catppuccin-kvantum.override {
# (unstablePkgs.catppuccin-kvantum.override {
(catppuccin-kvantum.override {
accent = "blue";
variant = "macchiato";
})
qt5.qtwayland qt6.qtwayland
qt6ct
libsForQt5.qtstyleplugin-kvantum
libsForQt5.qt5ct
# qt5.qtwayland
kdePackages.qtwayland
kdePackages.qt6ct
kdePackages.qtstyleplugin-kvantum
# libsForQt5.qtstyleplugin-kvantum
# libsForQt5.qt5ct
base16-schemes base16-shell-preview
papirus-folders

5
hm/pkgs/wm-packages.nix
View File

@ -6,12 +6,13 @@ with pkgs;
[
wdisplays waybar wlogout wayland-utils wayland-protocols
hyprpaper hyprlock hypridle hyprshot hyprpicker hyprcursor
pyprland iniparser
pyprland iniparser fftw
rofi-wayland wev clipman cliphist wl-clip-persist wl-clipboard
blueman networkmanagerapplet swayosd
qalculate-qt
xorg.xrandr
dconf
polycat
adwaita-qt adwaita-qt6 gnome.adwaita-icon-theme
# adwaita-qt
adwaita-qt6 adwaita-icon-theme
]

577
modules/containers.nix
View File

@ -410,7 +410,7 @@
];
bindMounts = {
"/var/www" = {
hostPath = "/home/wayne/dev/whd/live";
hostPath = "/home/wayne/dev/www/whc/2025/dashboard";
isReadOnly = false;
};
};
@ -483,16 +483,26 @@
enable = true;
package = pkgs.nginx;
virtualHosts.localhost = {
root = "/var/www/public";
root = "/var/www";
extraConfig = ''
index index.php, index.html;
index index.html, index.php;
'';
#
locations."/".extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
add_header 'Accept' 'application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8';
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
# add_header 'Access-Control-Max-Age' 1728000;
# add_header 'Content-Type' 'text/plain charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
# add_header 'Accept' 'application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8';
index index.php index.html;
try_files $uri $uri/ /index.php;
'';
@ -558,5 +568,558 @@
system.stateVersion = "24.11";
};
};
glance = {
privateNetwork = true;
hostAddress = "192.168.12.40";
localAddress = "192.168.12.77/24";
hostBridge = "br0";
autoStart = false;
config = { config, pkgs, ... }:
{
# networking.firewall.allowedTCPPorts = [ 80 ];
networking = {
firewall.enable = false;
enableIPv6 = false;
nameservers = [ "192.168.12.25" ];
};
services.glance = {
enable = true;
package = pkgs.glance;
openFirewall = true;
settings = {
server.port = 5878;
server.host = "0.0.0.0";
pages = [
{
name = "Home";
columns = [
{
size = "small";
widgets = [
{
type = "clock";
hour-format = "12h";
timezones = [
{
timezone = "America/Los_Angeles";
# label = "Los Angeles";
}
];
}
{
type = "calendar";
}
{
type = "rss";
# limit = 10;
collapse-after = 3;
cache = "3h";
feeds = [
{
url = "http://rss.slashdot.org/Slashdot/slashdotMainatom";
title = "Slashdot";
}
{
url = "https://www.joshwcomeau.com/rss.xml";
title = "Josh Comeau";
}
];
}
{
type = "rss";
limit = 10;
collapse-after = 3;
cache = "12h";
feeds = [
{
url = "https://news.un.org/feed/subscribe/en/news/topic/human-rights/feed/rss.xml";
title = "UN Human Rights";
}
{
url = "https://news.un.org/feed/subscribe/en/news/topic/humanitarian-aid/feed/rss.xml";
title = "UN Humanitarian Aid";
}
];
}
{
type = "rss";
limit = 10;
collapse-after = 3;
cache = "12h";
feeds = [
{
url = "https://www.amnesty.org/en/feed/";
title = "Amnesty International";
}
];
}
{
type = "rss";
limit = 10;
collapse-after = 3;
cache = "12h";
feeds = [
{
url = "https://xkcd.com/atom.xml";
title = "XKCD";
}
];
}
];
}
{
size = "full";
widgets = [
{
type = "html";
source = ''
<div class="widget-content ">
<h1>This</h1>
<p>Hello, <span class="color-primary">World</span>!</p>
</div>
'';
}
{
type = "hacker-news";
}
{
type = "reddit";
subreddit = "selfhosted";
}
{
type = "rss";
limit = 10;
collapse-after = 3;
cache = "4h";
feeds = [
{
source = "https://rss.slashdot.org/Slashdot/slashdotMainatom";
title = "Slashdot";
}
];
}
];
}
{
size = "small";
widgets = [
{
type = "search";
title = "Duckduckgo Search";
search-engine = "duckduckgo";
new-tab = true;
}
{
type = "search";
title = "NixOS Search";
search-engine = "https://search.nixos.org/packages?channel=24.11&size=50&sort=relevance&type=packages&query={QUERY}";
new-tab = false;
}
{
type = "weather";
units = "imperial";
hour-format = "12h";
show-area-name = true;
location = "Los Angeles, California, United States";
}
{
type = "markets";
markets = [
{
symbol = "BTC-USD";
name = "Bitcoin";
}
{
symbol = "XLM-USD";
name = "Stellar Lumens";
}
{
symbol = "NVDA";
name = "Nvidia-";
}
];
}
{
type = "bookmarks";
groups = [
{
title = "WHD";
color = "200 50 50";
links = [
{
title = "Diaspora";
icon = "si:diaspora";
url = "https://diasporia.waynehayesdevelopment.com";
}
{
title = "Mastodon";
icon = "si:mastodon";
url = "https://mastodon.waynehayesdevelopment.com";
}
{
title = "BlueSky";
icon = "si:bluesky";
url = "https://bluesky.waynehayesdevelopment.com";
}
{
title = "Analytics";
icon = "si:matomo";
url = "https://analytics.waynehayesdevelopment.com";
}
{
title = "Cloud";
icon = "si:nextcloud";
url = "https://cloud.waynehayesdevelopment.com";
}
{
title = "Code";
icon = "si:gitea";
url = "https://code.waynehayesdevelopment.com";
}
{
title = "Wiki";
icon = "si:ubuntu";
url = "https://wiki.waynehayesdevelopment.com";
}
{
title = "WHD";
icon = "si:ubuntu";
url = "https://www.waynehayesdevelopment.com";
}
{
title = "WHC";
icon = "si:ubuntu";
url = "https://www.waynehayes.com";
}
];
}
];
}
];
}
];
}
];
};
};
system.stateVersion = "24.11";
};
};
vite = {
privateNetwork = true;
hostAddress = "192.168.12.40";
localAddress = "192.168.12.78/24";
hostBridge = "br0";
autoStart = false;
allowedDevices = [
{
modifier = "rw";
node = "/dev/net/tun";
}
];
bindMounts = {
"/home/wayne/whc/dashboard" = {
hostPath = "/home/wayne/dev/www/whc/2025/vite";
isReadOnly = false;
};
"/home/wayne/scribevault" = {
hostPath = "/home/wayne/dev/www/scribevault";
isReadOnly = false;
};
"/home/wayne/scribevault2" = {
hostPath = "/home/wayne/dev/www/v2-scribevault";
isReadOnly = false;
};
"/home/wayne/mevn-boilerplate" = {
hostPath = "/home/wayne/dev/www/mevn-boilerplate";
isReadOnly = false;
};
"/home/wayne/aider-sv" = {
hostPath = "/home/wayne/dev/www/aider-sv";
isReadOnly = false;
};
"/home/wayne/lms-aider" = {
hostPath = "/home/wayne/dev/www/lms-aider";
isReadOnly = false;
};
"/home/wayne/stock-ticker" = {
hostPath = "/home/wayne/dev/www/stock-ticker";
isReadOnly = false;
};
};
config = { config, pkgs, ... }:
{
# networking.firewall.allowedTCPPorts = [ 80 ];
networking = {
firewall = {
enable = false;
allowedTCPPorts = [ 22 80 443 1025 5173 8025 8080 27017 ];
};
enableIPv6 = false;
nameservers = [ "192.168.12.25" ];
};
nixpkgs.config.allowUnfree = true;
users = {
groups = {};
users = {
wayne = {
isNormalUser = true;
description = "Wayne Hayes";
extraGroups = [ "networkmanager" "wheel" "wayne" ];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6q75AXShVjzWerPFU3l0YXIKViNF4eyragL+RQIRwdNDMzW34GgxFhtyLsmRB2jsykf4gx76zSyJoii0K4uhS761w5oDXz9mqHnBzJutDTyltLyfgLsFKY8V2sOtSracWx4y6QrtmBR3MKV642kg5mufVEmCMVxBU9oVpIOJUSW+XNYBawaSkl5SjDMLI7flj0v9Hb2dZqjQigDM1+UHxTzcMoZnR6hAzoZpPNMGyZXtrgEotNywNdpxCqRV9T/KvKHSIVYc1umiDXc+5fyRo9v7CzvYY3MvRKWbgUfTVQRmR2kqwsGAsV5W+PEUb8qqmTjPVXusKxKlpGgYfsvIZOv0LgOvQMemga8psFIS9F4YQ1xuc092bKi1LteC+ZlabMLRMux6Wbhjci+v9wnLfTyBQc6wr3wDFJoELKyaLnI7Cn0KHn0k+BiYCCr2TjKrz9XztL490vprYtvVumNFZ3rxewGnZSn/2czaFfQgnXt+9xQGWWo9TJGE5jq1jThnsIbH3G9JIQ1WhomMq6DDRhGMX2ZKDk/M9/fk0XN5nvQyJNmbiHy5srW/VANx8R9jjsVkvX29MXeK6dzpR4ImywXggpYMeHB6moy06cJUu5WoR8aLS/rO5LbZM2j14AMQ2ZK79QfUJSdloA1/HHlmnx7YtzZOebD6BCR7xgasGRw== wayne"];
packages = with pkgs; [
sl cowsay lolcat
];
};
};
};
services.tailscale = {
enable = true;
package = pkgs.tailscale;
interfaceName = "tailscale0";
openFirewall = true;
port = 41641;
useRoutingFeatures = "client";
};
services.mailpit.instances = {
local = {
smtp = "127.0.0.1:1025";
losten = "127.0.0.1:8025";
database = "mailpit.db";
};
};
services.mongodb = {
enable = true;
package = pkgs.mongodb-ce;
user = "mongodb";
bind_ip = "0.0.0.0";
dbpath = "/var/db/mongodb";
enableAuth = false;
pidFile = "/run/mongodb.pid";
extraConfig = '''';
};
services.jenkins = {
enable = true;
};
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "wayne" ]; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
};
};
programs.neovim.enable = true;
programs.tmux = {
enable = true;
terminal = "tmux-256color";
keyMode = "vi";
shortcut = "s";
extraConfig = ''
set -ag terminal-overrides ",xterm-256color:RGB"
set -g mouse on
# Resize pane key bindings
bind -r < resize-pane -L 5
bind -r > resize-pane -R 5
bind -r + resize-pane -U 5
bind -r - resize-pane -D 5
set-option -g status-position top
'';
plugins = [
pkgs.tmuxPlugins.weather
pkgs.tmuxPlugins.tmux-fzf
pkgs.tmuxPlugins.resurrect
pkgs.tmuxPlugins.nord
];
};
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {};
histSize = 10000;
histFile = "$HOME/.zsh_history";
};
environment.systemPackages = ( with pkgs; [
vim git mailpit fzf eza jq bc
nodejs_22 nodePackages.npm nodePackages.browser-sync nodePackages.sass
yarn nodemon
mongodb-tools mongosh
python312 python312Packages.pip python312Packages.pipx python312Packages.distutils
]);
system.stateVersion = "24.11";
};
};
node = {
privateNetwork = true;
hostAddress = "192.168.12.40";
localAddress = "192.168.12.79/24";
hostBridge = "br0";
autoStart = false;
allowedDevices = [
{
modifier = "rw";
node = "/dev/net/tun";
}
];
bindMounts = {
"/home/wayne/node" = {
hostPath = "/home/wayne/dev/www/maelstrom/maelstrom";
isReadOnly = false;
};
};
config = { config, pkgs, ... }:
{
# networking.firewall.allowedTCPPorts = [ 80 ];
networking = {
firewall = {
enable = false;
allowedTCPPorts = [ 22 80 443 1025 5173 8025 8080 ];
};
enableIPv6 = false;
nameservers = [ "192.168.12.25" ];
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"python-2.7.18.8"
];
users = {
groups = {};
users = {
wayne = {
isNormalUser = true;
description = "Wayne Hayes";
extraGroups = [ "networkmanager" "wheel" "wayne" ];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6q75AXShVjzWerPFU3l0YXIKViNF4eyragL+RQIRwdNDMzW34GgxFhtyLsmRB2jsykf4gx76zSyJoii0K4uhS761w5oDXz9mqHnBzJutDTyltLyfgLsFKY8V2sOtSracWx4y6QrtmBR3MKV642kg5mufVEmCMVxBU9oVpIOJUSW+XNYBawaSkl5SjDMLI7flj0v9Hb2dZqjQigDM1+UHxTzcMoZnR6hAzoZpPNMGyZXtrgEotNywNdpxCqRV9T/KvKHSIVYc1umiDXc+5fyRo9v7CzvYY3MvRKWbgUfTVQRmR2kqwsGAsV5W+PEUb8qqmTjPVXusKxKlpGgYfsvIZOv0LgOvQMemga8psFIS9F4YQ1xuc092bKi1LteC+ZlabMLRMux6Wbhjci+v9wnLfTyBQc6wr3wDFJoELKyaLnI7Cn0KHn0k+BiYCCr2TjKrz9XztL490vprYtvVumNFZ3rxewGnZSn/2czaFfQgnXt+9xQGWWo9TJGE5jq1jThnsIbH3G9JIQ1WhomMq6DDRhGMX2ZKDk/M9/fk0XN5nvQyJNmbiHy5srW/VANx8R9jjsVkvX29MXeK6dzpR4ImywXggpYMeHB6moy06cJUu5WoR8aLS/rO5LbZM2j14AMQ2ZK79QfUJSdloA1/HHlmnx7YtzZOebD6BCR7xgasGRw== wayne"];
packages = with pkgs; [
sl cowsay lolcat
];
};
};
};
services.tailscale = {
enable = true;
package = pkgs.tailscale;
interfaceName = "tailscale0";
openFirewall = true;
port = 41641;
useRoutingFeatures = "client";
};
services.mailpit.instances = {
local = {
smtp = "127.0.0.1:1025";
losten = "127.0.0.1:8025";
database = "mailpit.db";
};
};
services.mongodb = {
enable = true;
package = pkgs.mongodb-ce;
user = "mongodb";
bind_ip = "0.0.0.0";
dbpath = "/var/db/mongodb";
enableAuth = false;
pidFile = "/run/mongodb.pid";
extraConfig = '''';
};
services.jenkins = {
enable = false;
};
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "wayne" ]; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
};
};
programs.neovim.enable = true;
programs.tmux = {
enable = true;
terminal = "tmux-256color";
keyMode = "vi";
shortcut = "s";
extraConfig = ''
set -ag terminal-overrides ",xterm-256color:RGB"
set -g mouse on
# Resize pane key bindings
bind -r < resize-pane -L 5
bind -r > resize-pane -R 5
bind -r + resize-pane -U 5
bind -r - resize-pane -D 5
set-option -g status-position top
'';
plugins = [
pkgs.tmuxPlugins.weather
pkgs.tmuxPlugins.tmux-fzf
pkgs.tmuxPlugins.resurrect
pkgs.tmuxPlugins.nord
];
};
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {};
histSize = 10000;
histFile = "$HOME/.zsh_history";
};
environment.systemPackages = ( with pkgs; [
vim git mailpit fzf eza
nodePackages.npm nodePackages.browser-sync nodePackages.sass
yarn nodemon
mongodb-tools
python312 python312Packages.pip python312Packages.pipx python312Packages.distutils
python27Full
xvfb-run xorg.xvfb
]);
system.stateVersion = "24.11";
};
};
};
}

16
modules/display.nix
View File

@ -1,17 +1,12 @@
{ pkgs, config, ... }:
{
hardware.opengl = { # Renamed hardware.graphics
hardware.graphics = { # Renamed hardware.graphics
enable = true; # Renamed
package = pkgs.mesa.drivers; # Renamed
# 32bit Support
driSupport32Bit = true; # Renamed
enable32Bit = true; # Renamed
# package32 = pkgsi686Linux.mesa.drivers;
};
# hardware.graphics = { # Only in unstable
# enable = true;
# package = pkgs.mesa.drivers;
# enable32Bit = true;
# };
hardware.nvidia = {
# Modesetting is required.
@ -43,4 +38,11 @@
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable; # 550.78
};
hardware.nvidia-container-toolkit.enable = true; # moved from docker
systemd.services.nvidia-control-devices = {
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi";
};
}

2
modules/musnix.nix
View File

@ -7,7 +7,7 @@
rtcqs.enable = true; # install the rtcqs command-line utulity, which analyzes the system and makes suggestions about what to change to make it more audio-friendly.
# soundcardPciId = ""; # lspci | grep -i audio
kernel = {
realtime = true; # Enabling this option will rebuild your kernel.
realtime = false; # Enabling this option will rebuild your kernel.
packages = pkgs.linuxPackages_rt;
};
# rtirq Options

28
modules/network.nix
View File

@ -14,6 +14,7 @@
192.168.12.40 launchpad.local
192.168.12.41 xeon.local
192.168.12.41 rover.local
192.168.12.41 legacy-node.local
192.168.12.50 wayne-s-pixel-5
192.168.12.55 fire-tablet
@ -24,14 +25,18 @@
192.168.12.80 robo.local
192.168.12.81 nas.local
192.168.12.83 homeassistant.local
192.168.12.84 tests.local
# containers
192.168.12.71 nextcloud
192.168.12.72 livebook
192.168.12.73 grocy
192.168.12.74 openoffice
192.168.12.75 laravel
192.168.12.76 nginx - PHP
192.168.12.71 nextcloud.local
192.168.12.72 livebook.local
192.168.12.73 grocy.local
192.168.12.74 openoffice.local
192.168.12.75 laravel.local
192.168.12.76 nginx.local
192.168.12.77 glance.local
192.168.12.78 vite.local
192.168.12.79 node.local
45.58.52.52 www
172.245.111.249 est
@ -59,12 +64,13 @@
firewall = {
enable = true;
# { from = 5000; to = 6000; }
allowedTCPPorts = [ 80 443 ];
allowedTCPPortRanges = [ { from = 35000; to = 36000; } { from = 8000; to = 9000; } ];
allowedTCPPorts = [ 80 443 11434 27017 ];
allowedUDPPorts = [ 137 138 ]; # Samba
allowedTCPPortRanges = [ { from = 137; to = 139; } { from = 35000; to = 36000; } { from = 8000; to = 9000; } ];
extraCommands = ''
iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
'';
trustedInterfaces = [ "br0" "tailscale0" ];
trustedInterfaces = [ "br0" "tailscale0" "docker0" ];
checkReversePath = "loose"; # Added for Tailscale
};
bridges = {
@ -75,7 +81,7 @@
# Required to access containers
nat = {
enable = true;
internalInterfaces = [ "enp4s0" "ve-+" "vb-+" ];
internalInterfaces = [ "enp4s0" "ve-+" "vb-+" "veth+" ];
externalInterface = "br0";
enableIPv6 = false;
};

37
modules/nix.nix
View File

@ -2,18 +2,35 @@
{
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
max-jobs = 12; # Adjust this to your CPU core count or slightly below
substituters = [
"https://hyprland.cachix.org"
"https://cache.nixos.org/"
];
trusted-substituters = [
"https://ai.cachix.org"
"https://hyprland.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
trusted-users = [ "root" "wayne" ];
cores = 12;
max-jobs = 4; # Adjust this to your CPU core count or slightly below
auto-optimise-store = true;
access-tokens = "nas.local/git=PAT:glpat-bfbAJxv_4tmgySBZcPSZ";
};
nixpkgs.config = {
allowUnfree = true;
cudaSupport = true;
acceptedLicenses = [ "unfree" "unfreeRedistributable" ];
acceptedLicenses = [
"unfree"
"unfreeRedistributable"
];
permittedInsecurePackages = [
"freeimage-unstable-2021-11-01"
];
};
nixpkgs.config.permittedInsecurePackages = [
"freeimage-unstable-2021-11-01"
];
nix.settings.auto-optimise-store = true;
nix.settings.access-tokens = "nas.local/git=PAT:glpat-bfbAJxv_4tmgySBZcPSZ";
}
}

6
modules/security.nix
View File

@ -48,7 +48,8 @@
login.enableKwallet = true;
login.kwallet = {
enable = true;
package = pkgs.plasma5Packages.kwallet-pam; # Comment for plasma6
package = pkgs.kdePackages.kwallet-pam;
# package = pkgs.plasma5Packages.kwallet-pam; # Comment for plasma6
};
sddm = {
enableKwallet = true;
@ -60,7 +61,8 @@
};
};
security.pam.services.wayne.kwallet.enable = true;
security.pam.services.wayne.kwallet.package = pkgs.plasma5Packages.kwallet-pam;
security.pam.services.wayne.kwallet.package = pkgs.kdePackages.kwallet-pam;
# security.pam.services.wayne.kwallet.package = pkgs.plasma5Packages.kwallet-pam;
security.rtkit.enable = true;

4
modules/wm.nix
View File

@ -26,9 +26,11 @@
wayland = {
enable = true;
};
theme = "catppuccin-mocha";
# theme = "catppuccin-mocha";
theme = "sddm-astronaut-theme";
# Sets logon screen
package = pkgs.kdePackages.sddm; # Comment for plasma6
extraPackages = [pkgs.sddm-astronaut];
};
};
}

23
notes/NIxOS-firewall.txt Normal file
View File

@ -0,0 +1,23 @@
journalctl -f
systemctl status nextcloud
systemctl list-units --all --type=service --no-pager
systemctl status phpfpm-nextcloud
systemctl status nginx
cat /nix/store/0qznn2rp2pqvld65qsw680733g8kb85r-nginx.conf
cd /nix/store/jda4ssv59707rqgjm5s2xmd7szppixi0-nextcloud-30.0.0-with-apps
ls
cat config/config.php
ls config/
occ
./occ
cat /var/lib/nextcloud/config/override.config.php
cat /var/lib/nextcloud/config/override.config.php
hostname
ifconfig
cat /var/lib/nextcloud/config/override.config.php
cat /nix/store/4426iqrvgj0b7f3c06h93xmwm6dhw86v-nextcloud-settings.json
nixos-firewall-tool show
nixos-firewall-tool open tcp 80
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
systemctl reload firewall

37
notes/filter.txt Normal file
View File

@ -0,0 +1,37 @@
*filter
# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d ::1/128 -j REJECT
# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# (optional) Allow HTTP/3 connections from anywhere.
-A INPUT -p udp --dport 443 -j ACCEPT
# Allow SSH connections
# The -dport number should be the same port number you set in sshd_config
-A INPUT -p tcp -m state --state NEW --dport 23230 -j ACCEPT
# Allow ping
-A INPUT -p icmpv6 -j ACCEPT
# Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
/etc/letsencrypt/live/mastadon.waynehayesdevelopment.com/fullchain.pem
/etc/letsencrypt/live/mastadon.waynehayesdevelopment.com/privkey.pem

21
notes/iptables.txt Normal file
View File

@ -0,0 +1,21 @@
sudo nix-shell -p iptables --run "iptables -L"
...
nixos-fw-accept tcp -- anywhere anywhere tcp dpt:ssh
nixos-fw-accept tcp -- anywhere anywhere tcp dpt:http
nixos-fw-accept tcp -- anywhere anywhere tcp dpt:https
...
sudo nixos-container root-login nextcloud
[root@nextcloud:~]# curl http://192.168.12.71
<!DOCTYPE html>
<html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" translate="no" >
...
from host
curl http://192.168.12.71:80
^C
s wayne@192.168.12.71
Permission denied, please try again.
Received disconnect from 192.168.12.71 port

2
notes/sshfs.txt Normal file
View File

@ -0,0 +1,2 @@
sshfs -o IdentityFile=/home/wayne/.ssh/id_rsa wayne@mail:/var/vmail/vmail1 /mnt/vm1 -o uid=1000 -o gid=2000
sshfs -o IdentityFile=/home/wayne/.ssh/id_rsa wayne@www:/var/www/com.waynehayesdevelopment/nextcloud /mnt/nc -o uid=1000

6
pkgs/shell/cli-collection.nix
View File

@ -53,4 +53,10 @@
enableZshIntegration = true;
enableBashIntegration = true;
};
programs.cava = {
enable = true;
package = pkgs.cava;
settings = {};
};
}

4
pkgs/shell/zsh.nix
View File

@ -31,6 +31,10 @@
plugins = [ "git" "aliases" "ansible" "common-aliases" "direnv" "zoxide" "bgnotify" "starship" "eza" "thefuck" "docker" "fzf" "rsync" "sublime" "sudo" "systemd" "tmux" ];
theme = "";
};
localVariables = {
# aider-chat
LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.zlib}/lib";
};
};
}

24
pkgs/wm/hyprland/hyprland.nix
View File

@ -65,7 +65,7 @@
"HYPRLAND_TRACE=1"
# "QT_STYLE_OVERRIDE=kvantum"
"QT_QPA_PLATFORMTHEME = qt6ct" # qt5ct no display
# "QT_QPA_PLATFORMTHEME = qt6ct" # qt5ct no display
];
input = {
@ -126,8 +126,9 @@
"$mod, F, exec, firefox"
"$mod, Z, exec, zen"
"$mod, k, exec, kitty"
"$mod+SHIFT_R, k, exec, pypr toggle term"
"ALTSHIFT, K, exec, konsole"
"$mod, G, exec, ghostty"
# "$mod+SHIFT_R, k, exec, pypr toggle term"
"$mod+Shift_R, K, exec, konsole"
"$mod, S, exec, subl"
# "CTRLSHIFT, K&B, exec, hyprctl dispatch exec keybase-gui %u"
# ",XF86Search, exec, wofi --show drun"
@ -226,7 +227,7 @@
"dbus-daemon --session --address=unix:path=$XDG_RUNTIME_DIR/bus"
"dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP"
"systemctl --user start plasma-polkit-agent"
"/nix/store/fj1n850329w79nfvqz22cm36vk4x1ypc-kwallet-pam-6.0.5/libexec/pam_kwallet_init --no-startup-id"
"/nix/store/vgj704dz4i60cj70cvq988g1c6yg33l9-kwallet-pam-6.2.5/libexec/pam_kwallet_init --no-startup-id"
"waybar &"
# "hyprpaper &"
"hypridle &"
@ -234,15 +235,16 @@
"udiskie &"
"wl-paste --type text --watch cliphist store"
"wl-paste --type image --watch cliphist store"
# "${config.home.homeDirectory}/.config/hypr/scripts/start-in-tray.sh"
"${config.home.homeDirectory}/.config/hypr/scripts/start-keybase-gui.sh"
"${config.home.homeDirectory}/.config/hypr/scripts/start-in-tray.sh &"
"${config.home.homeDirectory}/.config/hypr/scripts/start-keybase-gui.sh &"
"input-remapper-control --command autoload &"
"[workspace 4 silent] remmina -c rdp://wayne@xeon.local"
# "[workspace 4 silent] remmina -c rdp://wayne@xeon.local"
"[workspace 7 silent] sublime3"
"[workspace 9 silent] keepassxc"
"[workspace 9 silent] /home/wayne/.nix-profile/bin/nextcloud --background"
"[workspace 9 silent] /nix/store/104jb5a21d1d338zkl1f07si6brsmrk2-keybase-gui-6.2.4/bin/keybase-gui %u &"
"[workspace 9 silent] /home/wayne/.nix-profile/bin/keybase-gui %u &"
# "/nix/store/r3fdp5rlxcihmqhpcgy91sj918wnrmrc-pyprland-2.3.4/bin/pypr --debug ~/tmp/pypr.log"
];
@ -288,8 +290,8 @@
windowrule = [
"opacity 0.9 override 0.5 override 0.8 override, ^(.*)$" # set opacity to 1.0 active, 0.5 inactive and 0.8 fullscreen for kitty
"opacity 1 override 0.9 override 0.9 override, ^(zen-alpha)$" # set opacity to 1.0 active, 0.5 inactive and 0.8 fullscreen for kitty
# "opacity 0.9 override 0.5 override 0.8 override, ^(.*)$" # set opacity to 1.0 active, 0.5 inactive and 0.8 fullscreen for kitty
# "opacity 1 override 0.9 override 0.9 override, ^(zen-alpha)$" # set opacity to 1.0 active, 0.5 inactive and 0.8 fullscreen for kitty
# "opacity 1.0 override 0.5 override 0.8 override, ^(kitty)$" # set opacity to 1.0 active, 0.5 inactive and 0.8 fullscreen for kitty
"move -50% -50%, float, ^(org.keepassxc.KeePassXC)$"
"float, ^(Nextcloud)$"
@ -299,7 +301,7 @@
## "center,title:^(Save).*$"
# "center,title:^(Confirm to replace files)$"
# "center,title:^(File Operation Progress)$"
"opacity 1.0 override 1 override 1 override, ^(REAPER)$"
# "opacity 1.0 override 1 override 1 override, ^(REAPER)$"
];
windowrulev2 = [

54
pkgs/wm/waybar/default.json
View File

@ -1,23 +1,34 @@
{
"bluetooth": {
"format": " {status}",
"format-connected": " {device_alias}",
"format-connected-battery": " {device_alias} {device_battery_percentage}%",
// "format-device-preference": [ "device1", "device2" ], // preference list deciding the displayed device
"tooltip-format": "{controller_alias}\t{controller_address}\n\n{num_connections} connected",
"tooltip-format-connected": "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}",
"tooltip-format-enumerate-connected": "{device_alias}\t{device_address}",
"tooltip-format-enumerate-connected-battery": "{device_alias}\t{device_address}\t{device_battery_percentage}%"
},
"cava": {
"framerate": 30,
"autosens": 1,
"sensitivity": 100,
"bars": 14,
"lower_cutoff_freq": 50,
"higher_cutoff_freq": 10000,
"method": "pulse",
"source": "auto",
"stereo": true,
"reverse": false,
"bar_delimiter": 0,
"monstercat": false,
"waves": false,
"noise_reduction": 0.77,
"input_delay": 2,
"format-icons" : ["▁", "▂", "▃", "▄", "▅", "▆", "▇", "█" ],
"actions": {
"on-click-right": "mode"
"autosens": 1,
// "sensitivity": 100,
"bars": 7,
"lower_cutoff_freq": 50,
"higher_cutoff_freq": 10000,
"method": "pipewire",
"source": "auto",
"stereo": true,
"reverse": false,
"bar_delimiter": 0,
"monstercat": false,
"waves": false,
"noise_reduction": 0.77,
"input_delay": 2,
"format-icons" : ["▁", "▂", "▃", "▄", "▅", "▆", "▇", "█" ],
"actions": {
"on-click-right": "mode"
}
},
@ -51,6 +62,13 @@
"tooltip": false
},
"custom/pavc": {
"format": "",
"tooltip-format": "Pulse Audio Controller",
"on-click": "pavucontrol-qt",
"tooltip": false
},
"disk": {
"interval": 30,
"format": "󰋊 {percentage_used}%",
@ -114,7 +132,7 @@
"pulseaudio/slider": {
"min": 0,
"max": 100,
"orientation": "horizontal"
"orientation": "horizontal",
},
"systemd-failed-units": {

2
pkgs/wm/waybar/waybar.nix
View File

@ -19,7 +19,7 @@
include = "~/system/pkgs/wm/waybar/default.json";
modules-left = [ "custom/os_button" "hyprland/workspaces#roman" ];
modules-center = [ "hyprland/window" "wlr/taskbar" ]; # replace wlr/taskbar
modules-right = [ "pulseaudio/slider" "cpu" "temperature" "disk" "tray" "clock" "custom/exit" ];
modules-right = [ "custom/pavc" "cava" "pulseaudio/slider" "cpu" "temperature" "disk" "bluetooth" "tray" "clock" "custom/exit" ];
"custom/os_button" = {
"format" = "";

2
status Normal file
View File

@ -0,0 +1,2 @@
container@glance.service
container@vite.service

8
system.sublime-project Normal file
View File

@ -0,0 +1,8 @@
{
"folders":
[
{
"path": "."
}
]
}

1133
system.sublime-workspace Normal file
View File

File diff suppressed because it is too large Load Diff

2
systemctl Normal file
View File

@ -0,0 +1,2 @@
container@glance.service
container@vite.service