ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.joshuabell.xyz:3032/ringofstorms/dotfiles

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-10-28 12:02:17 -05:00
commit 1761e26ff6
200 changed files with 5150 additions and 7625 deletions
Download patch file Download diff file Expand all files Collapse all files

37
hosts/h001/containers/default.nix
View file

@ -1,13 +1,9 @@
{ inputs }:
let
common = inputs.common;
in
{
...
}:
{
imports = [
common.nixosModules.containers.forgejo
./forgejo.nix
./opengist.nix
./homarr.nix
./zitadel.nix
@ -55,45 +51,14 @@ in
virtualisation.oci-containers.backend = "podman";
security.acme.acceptTerms = true;
security.acme.defaults.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"localhost" = {
locations."/" = {
proxyPass = "http://10.0.0.111";
};
};
# forgejo http traffic
"git.joshuabell.xyz" = {
locations."/" = {
proxyPass = "http://10.0.0.2:3000";
};
};
"_" = {
default = true;
locations."/" = {
return = "404"; # or 444 for drop
};
};
};
# STREAMS
# Forgejo ssh
streamConfig = ''
server {
listen 3032;
proxy_pass 10.0.0.2:3032;
}
'';
};
networking.firewall.allowedTCPPorts = [

22
hosts/h001/containers/forgejo.nix
View file

@ -65,6 +65,28 @@ let
};
in
{
services.nginx = {
virtualHosts = {
# forgejo http traffic
"git.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations."/" = {
proxyPass = "http://10.0.0.2:3000";
};
};
};
# STREAMS
# Forgejo ssh
streamConfig = ''
server {
listen 3032;
proxy_pass 10.0.0.2:3032;
}
'';
};
# Ensure users exists on host machine with same IDs as container
inherit users;

3
hosts/h001/containers/opengist.nix
View file

@ -29,6 +29,9 @@ in
'';
services.nginx.virtualHosts."gist.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations = {
"/" = {
proxyWebsockets = true;

11
hosts/h001/containers/zitadel.nix
View file

@ -13,6 +13,13 @@ let
hostAddress6 = "fc00::1";
containerAddress6 = "fc00::3";
hasSecret =
secret:
let
secrets = config.age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
binds = [
# Postgres data, must use postgres user in container and host
{
@ -31,6 +38,7 @@ let
uid = config.ids.uids.postgres;
gid = config.ids.gids.postgres;
}
] ++ lib.optionals (hasSecret "zitadel_master_key") [
# secret
{
host = config.age.secrets.zitadel_master_key.path;
@ -68,6 +76,9 @@ in
options = { };
config = {
services.nginx.virtualHosts."sso.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations = {
"/" = {
proxyWebsockets = true;

91
hosts/h001/flake.lock generated
View file

@ -67,17 +67,22 @@
"home-manager": "home-manager",
"hyprland": "hyprland",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_3",
"ragenix": "ragenix"
},
"locked": {
"path": "../../common",
"type": "path"
"lastModified": 1760816519,
"narHash": "sha256-f6xAZROOBHWrmKdmVxmVpNjg6Q7EwwBRcaQ+VmnWBeQ=",
"ref": "refs/heads/master",
"rev": "2238aaf36795a140ce099d6dad07d19b8cd1356b",
"revCount": 726,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
"original": {
"path": "../../common",
"type": "path"
},
"parent": []
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
},
"crane": {
"locked": {
@ -297,11 +302,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1759837778,
"narHash": "sha256-12GZqSrRYyhKl7NpNMUQECDi/Zyx17QZhhQ7+mBJMns=",
"lastModified": 1760813095,
"narHash": "sha256-D0AU+KKB9aGqiwDaS7er2pITjn9AS+XStzigPSoLeOQ=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "5ba2d2217b649c4ca2db7e3f383b3f6af6e70d65",
"rev": "39d62e1487052da2751ec1e36d243e3e92e24f6a",
"type": "github"
},
"original": {
@ -458,11 +463,11 @@
]
},
"locked": {
"lastModified": 1759490926,
"narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
"lastModified": 1759619523,
"narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
"rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
"type": "github"
},
"original": {
@ -500,11 +505,11 @@
},
"litellm-nixpkgs": {
"locked": {
"lastModified": 1759733170,
"narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
"lastModified": 1760524057,
"narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8913c168d1c56dc49a7718685968f38752171c3b",
"rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"type": "github"
},
"original": {
@ -532,7 +537,7 @@
},
"nixarr": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"vpnconfinement": "vpnconfinement",
"website-builder": "website-builder"
},
@ -583,6 +588,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1760524057,
"narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -598,7 +619,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1748662220,
"narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=",
@ -614,13 +635,13 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1759735786,
"narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=",
"lastModified": 1760580664,
"narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "20c4598c84a671783f741e02bf05cbfaf4907cff",
"rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389",
"type": "github"
},
"original": {
@ -630,7 +651,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1759772810,
"narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=",
@ -1527,11 +1548,11 @@
},
"oauth2-proxy-nixpkgs": {
"locked": {
"lastModified": 1759733170,
"narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
"lastModified": 1760524057,
"narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8913c168d1c56dc49a7718685968f38752171c3b",
"rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"type": "github"
},
"original": {
@ -1586,7 +1607,7 @@
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -1608,7 +1629,7 @@
"common": "common",
"litellm-nixpkgs": "litellm-nixpkgs",
"nixarr": "nixarr",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"oauth2-proxy-nixpkgs": "oauth2-proxy-nixpkgs",
"open-webui-nixpkgs": "open-webui-nixpkgs",
"ros_neovim": "ros_neovim",
@ -1617,7 +1638,7 @@
},
"ros_neovim": {
"inputs": {
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",
@ -1676,11 +1697,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1759881611,
"narHash": "sha256-OrWyZDLEafAP90pCun/6mE1F88znpJYi3rRIHQo8Wrs=",
"lastModified": 1760630879,
"narHash": "sha256-H1ZHzlSpu2dxnM69OYCB6qJVZfVIbR3hBu3LcVW2eKw=",
"ref": "refs/heads/master",
"rev": "31a6fc294d8db6fc3c89e60321e052bae8b9e96b",
"revCount": 308,
"rev": "d1172c40fd221200a1c7f924d0e43b395f3338ad",
"revCount": 310,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/nvim"
},
@ -1779,11 +1800,11 @@
},
"trilium-nixpkgs": {
"locked": {
"lastModified": 1759831965,
"narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
"lastModified": 1760524057,
"narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c9b6fb798541223bbb396d287d16f43520250518",
"rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"type": "github"
},
"original": {

6
hosts/h001/flake.nix
View file

@ -8,8 +8,8 @@
oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Use relative to get current version for testing
common.url = "path:../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
@ -43,7 +43,7 @@
./hardware-configuration.nix
./mods
./nginx.nix
(import ./containers { inherit inputs; })
./containers
(
{ config, pkgs, ... }:
{

1
hosts/h001/mods/default.nix
View file

@ -12,5 +12,6 @@
./oauth2-proxy.nix
./n8n.nix
./postgresql.nix
./openbao.nix
];
}

202
hosts/h001/mods/litellm.nix
View file

@ -36,125 +36,15 @@ in
settings = {
environment_variables = {
LITELLM_PROXY_API_KEY = "na";
LITELLM_PROXY_API_BASE = "http://100.64.0.8:9010/air_key";
};
litellm_settings = {
check_provider_endpoints = true;
drop_params = true;
};
model_list = [
# existing
{
model_name = "GPT-5";
litellm_params = {
model = "azure/gpt-5-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-5-mini";
litellm_params = {
model = "azure/gpt-5-mini-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-5-nano";
litellm_params = {
model = "azure/gpt-5-nano-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
# {
# model_name = "GPT-5-codex";
# litellm_params = {
# model = "azure/gpt-5-codex-2025-09-15";
# api_base = "http://100.64.0.8:9010/azure";
# api_version = "2025-04-01-preview";
# api_key = "na";
# };
# }
{
model_name = "GPT-4.1";
litellm_params = {
model = "azure/gpt-4.1-2025-04-14";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-4.1-mini";
litellm_params = {
model = "azure/gpt-4.1-mini-2025-04-14";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-4o";
litellm_params = {
model = "azure/gpt-4o-2024-05-13";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
# {
# model_name = "dall-e-3-3.0";
# litellm_params = {
# model = "azure/dall-e-3-3.0";
# api_base = "http://100.64.0.8:9010/azure";
# api_version = "2025-04-01-preview";
# api_key = "na";
# };
# }
# Copilot
{
model_name = "copilot-claude-sonnet-4";
litellm_params = {
model = "github_copilot/claude-sonnet-4";
extra_headers = {
"editor-version" = "vscode/1.85.1";
"Copilot-Integration-Id" = "vscode-chat";
"user-agent" = "GithubCopilot/1.155.0";
"editor-plugin-version" = "copilot/1.155.0";
};
};
}
{
model_name = "copilot-google-gemini-2.5-pro";
litellm_params = {
model = "github_copilot/gemini-2.5-pro";
extra_headers = {
"editor-version" = "vscode/1.85.1";
"Copilot-Integration-Id" = "vscode-chat";
"user-agent" = "GithubCopilot/1.155.0";
"editor-plugin-version" = "copilot/1.155.0";
};
};
}
# {
# model_name = "copilot-google-gemini-2.0-flash";
# litellm_params = {
# model = "github_copilot/gemini-2.0-flash";
# extra_headers = {
# "editor-version" = "vscode/1.85.1";
# "Copilot-Integration-Id" = "vscode-chat";
# "user-agent" = "GithubCopilot/1.155.0";
# "editor-plugin-version" = "copilot/1.155.0";
# };
# };
# }
# 宙 Proxy
# {
# { # NOTE model discovery not working yet? https://canary.discord.com/channels/1123360753068540065/1409974123987210350/1427864010241609752
# model_name = "litellm_proxy/*";
# litellm_params = {
# model = "litellm_proxy/*";
@ -162,7 +52,91 @@ in
# api_key = "os.environ/LITELLM_PROXY_API_KEY";
# };
# }
];
]
# Azure
++ (builtins.map
(m: {
model_name = "azure-${m}";
litellm_params = {
model = "azure/${m}";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
})
[
"gpt-4o-2024-05-13"
"gpt-4.1-2025-04-14"
"gpt-4.1-mini-2025-04-14"
"gpt-5-nano-2025-08-07"
"gpt-5-mini-2025-08-07"
"gpt-5-2025-08-07"
# "gpt-5-codex-2025-09-15"
]
)
# Copilot
++ (builtins.map
(m: {
model_name = "copilot-${m}";
litellm_params = {
model = "github_copilot/${m}";
extra_headers = {
editor-version = "vscode/${pkgs.vscode.version}";
editor-plugin-version = "copilot/${pkgs.vscode-extensions.github.copilot.version}";
Copilot-Integration-Id = "vscode-chat";
Copilot-Vision-Request = "true";
user-agent = "GithubCopilot/${pkgs.vscode-extensions.github.copilot.version}";
};
};
})
# List from https://github.com/settings/copilot/features enabled models
[
"claude-sonnet-4.5"
"claude-sonnet-4"
"gemini-2.5-pro"
]
)
# 宙 Proxy
++ (builtins.map
(m: {
model_name = "air-${m}";
litellm_params = {
model = "litellm_proxy/${m}";
api_base = "http://100.64.0.8:9010/air_key";
api_key = "os.environ/LITELLM_PROXY_API_KEY";
};
})
# curl -L t.net.joshuabell.xyz:9010/air_key/models | jq '.data.[].id'
[
"gpt-5-mini"
"gpt-5"
"gpt-4.1"
"gpt-4.1-mini"
"gpt-4o"
"gpt-4o-mini"
"o3-mini"
"o4-mini"
"gemini-2.5-pro"
"gemini-2.0-flash"
"gemini-2.5-flash"
"gemini-2.0-flash-lite"
"gemini-2.5-flash-lite"
"claude-opus-4.1"
"claude-opus-4"
"claude-sonnet-4"
"claude-3.7-sonnet"
"text-embedding-3-small"
"text-embedding-3-large"
"text-embedding-ada-002"
"text-embedding-large-exp-03-07"
"text-embedding-005"
"llama7b"
"medgemma-4b"
"qwen3-instruct"
"bge-small-en-v1.5"
]
);
};
};
};

3
hosts/h001/mods/n8n.nix
View file

@ -6,6 +6,9 @@
config = {
services.nginx.virtualHosts = {
"n8n.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations = {
"/" = {
proxyWebsockets = true;

35
hosts/h001/mods/nixarr.nix
View file

@ -1,7 +1,16 @@
{
config,
lib,
...
}:
let
hasSecret =
secret:
let
secrets = config.age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
in
{
config = {
nixarr = {
@ -9,7 +18,7 @@
mediaDir = "/drives/wd10/nixarr/media";
stateDir = "/var/lib/nixarr/state";
vpn = {
vpn = lib.mkIf (hasSecret "us_chi_wg") {
enable = true;
wgConf = config.age.secrets.us_chi_wg.path;
};
@ -47,30 +56,18 @@
services.nginx = {
virtualHosts = {
"jellyfin.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:8096";
};
};
"media.joshuabell.xyz" = {
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:5055";
};
};
"10.12.14.10" = {
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:8096";
};
};
"jellyfin.h001.local.joshuabell.xyz" = {
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:8096";
};
};
"media.h001.local.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:5055";

16
hosts/h001/mods/oauth2-proxy.nix
View file

@ -1,6 +1,7 @@
{
inputs,
config,
lib,
...
}:
let
@ -10,11 +11,17 @@ let
system = "x86_64-linux";
config.allowUnfree = true;
};
hasSecret =
secret:
let
secrets = config.age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
in
{
disabledModules = [ declaration ];
imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
config = {
config = lib.mkIf (hasSecret "oauth2_proxy_key_file") {
services.oauth2-proxy = {
enable = true;
httpAddress = "http://127.0.0.1:4180";
@ -45,11 +52,16 @@ in
};
services.nginx.virtualHosts."sso-proxy.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations = {
"/" = {
proxyWebsockets = true;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:4180";
extraConfig = ''
proxy_set_header X-Forwarded-Proto https;
'';
};
};
};

51
hosts/h001/mods/openbao.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}:
{
services.openbao = {
enable = true;
package = pkgs.openbao;
settings = {
ui = true;
listener.default = {
type = "tcp";
address = "127.0.0.1:8200";
tls_disable = true; # nginx will handle TLS
};
storage.file = {
path = "/var/lib/openbao";
};
# Disable mlock requirement for development
# In production, you may want to enable this
disable_mlock = true;
};
};
# Ensure the data directory exists with proper permissions
systemd.tmpfiles.rules = [
"d /var/lib/openbao 0700 openbao openbao - -"
];
# Additional systemd service hardening
systemd.services.openbao = {
serviceConfig = {
# Security hardening
NoNewPrivileges = true;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ReadWritePaths = [ "/var/lib/openbao" ];
# Resource limits
LimitNOFILE = 65536;
LimitNPROC = 4096;
};
};
}

14
hosts/h001/mods/openwebui.nix
View file

@ -1,6 +1,7 @@
{
inputs,
config,
lib,
...
}:
let
@ -10,13 +11,22 @@ let
system = "x86_64-linux";
config.allowUnfree = true;
};
hasSecret =
secret:
let
secrets = config.age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
in
{
disabledModules = [ declaration ];
imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
options = { };
config = {
config = lib.mkIf (hasSecret "openwebui_env") {
services.nginx.virtualHosts."chat.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations = {
"/" = {
proxyWebsockets = true;
@ -65,6 +75,8 @@ in
OAUTH_ADMIN_ROLES = "admin";
# OAUTH_PICTURE_CLAIM = "picture";
# OAUTH_UPDATE_PICTURE_ON_LOGIN = "True";
BYPASS_MODEL_ACCESS_CONTROL="True";
};
};
};

27
hosts/h001/mods/trilium.nix
View file

@ -1,6 +1,5 @@
{
inputs,
lib,
...
}:
let
@ -45,14 +44,38 @@ in
};
services.nginx.virtualHosts = {
"notes.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations = {
"/" = {
proxyWebsockets = true;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:9111";
};
};
};
"blog.joshuabell.xyz" = {
addSSL = true;
sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations = {
"/share" = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:9111";
extraConfig = ''
auth_request off;
'';
};
"/assets" = {
proxyPass = "http://127.0.0.1:9111";
extraConfig = ''
auth_request off;
'';
};
};
};
# TODO revisit, am I going to use the native app or web version
# this is only needed for the app that can't handle the oauth flow
"trilium_overlay" = {
serverName = "h001.net.joshuabell.xyz";
listen = [

36
hosts/h001/nginx.nix
View file

@ -1,4 +1,6 @@
{
config,
lib,
...
}:
let
@ -6,9 +8,35 @@ let
proxyWebsockets = true;
proxyPass = "http://localhost:7575";
};
hasSecret =
secret:
let
secrets = config.age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
in
{
# TODO transfer these to o001 to use same certs?
security.acme = lib.mkIf (hasSecret "linode_rw_domains") {
acceptTerms = true;
defaults.email = "admin@joshuabell.xyz";
certs."joshuabell.xyz" = {
domain = "joshuabell.xyz";
extraDomainNames = [ "*.joshuabell.xyz" ];
credentialFiles = {
LINODE_TOKEN_FILE = config.age.secrets.linode_rw_domains.path;
};
dnsProvider = "linode";
group = "nginx";
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "500m";
virtualHosts = {
"10.12.14.10" = {
@ -38,6 +66,14 @@ in
"/" = homarr;
};
};
"_" = {
rejectSSL = true;
default = true;
locations."/" = {
return = "444"; # 404 for not found or 444 for drop
};
};
};
};
}

8
hosts/h003/mods/networking.nix
View file

@ -167,13 +167,15 @@
# Note in Ad GuardHome in DNS Settings add localhost:9053 to Private reverse DNS servers and enable them
listen-address = "127.0.0.1";
port = 9053;
# NOTE these make it so my other devices don't hit the open net to stream movies
# while on the local network. Note that this is being paired with stateful settings
# in Adguardhome upstream dns servers:
# [/media.joshuabell.xyz/]127.0.0.1:9053
# [/jellyfin.joshuabell.xyz/]127.0.0.1:9053
host-record = [
"media.joshuabell.xyz,10.12.14.10"
"jellyfin.joshuabell.xyz,10.12.14.10"
];
address = [
"/h001.local.joshuabell.xyz/10.12.14.10"
];
# DHCP range and settings
dhcp-range = [

1115
hosts/linode/l001/flake.lock generated
View file

File diff suppressed because it is too large Load diff

12
hosts/linode/l001/flake.nix
View file

@ -1,9 +1,10 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
home-manager.url = "github:rycee/home-manager/release-24.11";
deploy-rs.url = "github:serokell/deploy-rs";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?rev=39edfefa5871d07c9f88ce92a55995eb347d9b09";
common.inputs.home-manager.follows = "home-manager";
};
outputs =
@ -11,7 +12,6 @@
self,
nixpkgs,
common,
ros_neovim,
deploy-rs,
...
}:
@ -40,7 +40,6 @@
lib.nixosSystem {
modules = [
common.nixosModules.default
ros_neovim.nixosModules.default
./configuration.nix
./hardware-configuration.nix
./linode.nix
@ -49,11 +48,6 @@
(
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bitwarden
vaultwarden
];
ringofstorms_common = {
systemName = configuration_name;
general = {

22
hosts/linode/l001/headscale.nix
View file

@ -1,6 +1,5 @@
{ pkgs, ... }:
{
config = {
# TODO backup /var/lib/headscale data
# TODO https://github.com/gurucomputing/headscale-ui ?
@ -17,6 +16,27 @@
dns = {
magic_dns = true;
base_domain = "net.joshuabell.xyz";
extra_records =
let
h001ARecord = name: {
type = "A";
name = "${name}.joshuabell.xyz";
value = "100.64.0.13";
};
in
[
(h001ARecord "jellyfin")
(h001ARecord "media")
(h001ARecord "notes")
(h001ARecord "chat")
(h001ARecord "sso-proxy")
(h001ARecord "n8n")
(h001ARecord "sso")
(h001ARecord "gist")
(h001ARecord "git")
(h001ARecord "blog")
];
};
};
};

41
hosts/linode/l001/nginx.nix
View file

@ -4,6 +4,7 @@
{
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
# security.acme.default.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
@ -11,29 +12,16 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# default that is put first for fallbacks
# Note that order here doesn't matter it orders alphabetically so `0` puts it first
# I had an issue tha the first SSL port 443 site would catch any https traffic instead
# of hitting my default fallback and this fixes that issue and ensure this is hit instead
"001.linodes.joshuabell.xyz" = {
default = true;
enableACME = true;
forceSSL = true;
locations."/" = {
return = "444"; # 404 for not found or 444 for drop
};
};
"172.236.111.33" = {
locations."/" = {
return = "444";
};
};
"2600:3c06::f03c:95ff:fe1c:84d3" = {
locations."/" = {
return = "444";
};
};
# "172.236.111.33" = {
# locations."/" = {
# return = "444";
# };
# };
# "2600:3c06::f03c:95ff:fe1c:84d3" = {
# locations."/" = {
# return = "444";
# };
# };
"headscale.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
@ -42,6 +30,13 @@
proxyPass = "http://localhost:8080"; # headscale
};
};
"_" = {
rejectSSL = true;
default = true;
locations."/" = {
return = "444"; # 404 for not found or 444 for drop
};
};
};
};

23
hosts/lio/configuration.nix
View file

@ -1,7 +1,10 @@
{
pkgs,
...
}:
{
system.stateVersion = "23.11";
hardware.enableAllFirmware = true;
# Connectivity
@ -11,8 +14,6 @@
# System76
hardware.system76.enableAll = true;
system.stateVersion = "23.11";
services = {
# https://discourse.nixos.org/t/very-high-fan-noises-on-nixos-using-a-system76-thelio/23875/10
# Fixes insane jet speed fan noise
@ -28,4 +29,22 @@
# };
};
};
# Also allow this key to work for root user, this will let us use this as a remote builder easier
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio"
];
# Allow emulation of aarch64-linux binaries for cross compiling
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
environment.systemPackages = with pkgs; [
lua
qdirstat
ffmpeg-full
appimage-run
nodejs_24
foot
vlc
google-chrome
];
}

763
hosts/lio/flake.lock generated
View file

File diff suppressed because it is too large Load diff

223
hosts/lio/flake.nix
View file

@ -1,11 +1,17 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
home-manager.url = "github:rycee/home-manager/release-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# Use relative to get current version for testing
common.url = "path:../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
common.url = "path:../../flakes/common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
# secrets.url = "path:../../flakes/secrets";
secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
# flatpaks.url = "path:../../flakes/flatpaks";
flatpaks.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/flatpaks";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
@ -13,34 +19,63 @@
outputs =
{
nixpkgs,
home-manager,
common,
secrets,
flatpaks,
ros_neovim,
...
}@inputs:
let
configuration_name = "lio";
system = "x86_64-linux";
primaryUser = "josh";
lib = nixpkgs.lib;
in
{
nixosConfigurations = {
"${configuration_name}" = (
lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
upkgs = import inputs.nixpkgs-unstable {
system = "x86_64-linux";
inherit system;
config.allowUnfree = true;
};
};
modules = [
common.nixosModules.default
home-manager.nixosModules.default
secrets.nixosModules.default
ros_neovim.nixosModules.default
flatpaks.nixosModules.default
common.nixosModules.essentials
common.nixosModules.git
common.nixosModules.tmux
common.nixosModules.boot_systemd
# common.nixosModules.de_sway
common.nixosModules.de_i3
common.nixosModules.hardening
common.nixosModules.jetbrains_font
common.nixosModules.nix_options
common.nixosModules.no_sleep
common.nixosModules.podman
common.nixosModules.q_flipper
common.nixosModules.tailnet
common.nixosModules.timezone_auto
common.nixosModules.tty_caps_esc
common.nixosModules.zsh
./configuration.nix
./hardware-configuration.nix
(import ./containers.nix { inherit inputs; })
# ./jails_text.nix
# ./hyprland_customizations.nix
./sway_customizations.nix
# ./sway_customizations.nix
./i3_customizations.nix
./opencode-shim.nix
(
{
config,
@ -49,131 +84,75 @@
lib,
...
}:
{
programs = {
nix-ld = {
enable = true;
libraries = with pkgs; [
icu
gmp
glibc
openssl
stdenv.cc.cc
rec {
# Home Manager
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "bak";
# add all normal users to home manager so it applies to them
users = lib.mapAttrs (name: user: {
home.stateVersion = "25.05";
programs.home-manager.enable = true;
}) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users);
sharedModules = [
# common.homeManagerModules.de_sway
common.homeManagerModules.de_i3
common.homeManagerModules.tmux
common.homeManagerModules.atuin
common.homeManagerModules.direnv
common.homeManagerModules.foot
common.homeManagerModules.git
common.homeManagerModules.kitty
common.homeManagerModules.launcher_rofi
common.homeManagerModules.postgres_cli_options
common.homeManagerModules.slicer
common.homeManagerModules.ssh
common.homeManagerModules.starship
common.homeManagerModules.zoxide
common.homeManagerModules.zsh
];
extraSpecialArgs = {
inherit inputs;
inherit upkgs;
};
};
# System configuration
networking.hostName = configuration_name;
programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${config.networking.hostName}";
nixpkgs.config.allowUnfree = true;
users.users = {
"${primaryUser}" = {
isNormalUser = true;
initialPassword = "password1";
extraGroups = [
"wheel"
"networkmanager"
"video"
"input"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio"
];
};
};
environment.shellAliases = {
"oc" =
"all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode";
"occ" = "oc -c";
};
environment.systemPackages = with pkgs; [
lua
qdirstat
ffmpeg-full
appimage-run
nodejs_24
foot
vlc
upkgs.ladybird
google-chrome
trilium-desktop
services.flatpak.packages = [
"org.signal.Signal"
"dev.vencord.Vesktop"
"md.obsidian.Obsidian"
"com.spotify.Client"
"com.bitwarden.desktop"
"org.openscad.OpenSCAD"
"org.blender.Blender"
"com.rustdesk.RustDesk"
];
# Also allow this key to work for root user, this will let us use this as a remote builder easier
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio"
];
# Allow emulation of aarch64-linux binaries for cross compiling
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
home-manager.extraSpecialArgs = {
inherit inputs;
inherit upkgs;
};
ringofstorms_common = {
systemName = configuration_name;
boot.systemd.enable = true;
secrets.enable = true;
general = {
reporting.enable = true;
disableRemoteBuildsOnLio = true;
};
desktopEnvironment.sway = {
enable = true;
waybar.enable = true;
swaync.enable = true;
};
programs = {
rustDev.enable = true;
uhkAgent.enable = true;
tailnet.enable = true;
tailnet.enableExitNode = true;
ssh.enable = true;
podman.enable = true;
virt-manager.enable = true;
flatpaks = {
enable = true;
packages = [
"org.signal.Signal"
"dev.vencord.Vesktop"
"md.obsidian.Obsidian"
"com.spotify.Client"
"com.bitwarden.desktop"
"org.openscad.OpenSCAD"
"org.blender.Blender"
"com.rustdesk.RustDesk"
];
};
};
users = {
# Users are all normal users and default password is password1
admins = [ "josh" ]; # First admin is also the primary user owning nix config
users = {
josh = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio"
];
extraGroups = [
"networkmanager"
"video"
"input"
];
shell = pkgs.zsh;
packages = with pkgs; [
sabnzbd
];
};
};
};
homeManager = {
users = {
josh = {
imports = with common.homeManagerModules; [
tmux
atuin
kitty
foot
direnv
git
nix_deprecations
obs
postgres
slicer
ssh
starship
zoxide
zsh
];
};
};
};
};
}
)
];
}
);
};

10
hosts/lio/home_manager.nix Normal file
View file

@ -0,0 +1,10 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
}

50
hosts/lio/i3_customizations.nix Normal file
View file

@ -0,0 +1,50 @@
{ pkgs, ... }:
let
assignLines = ''
workspace 1 output DP-1
workspace 2 output DP-1
workspace 3 output DP-1
workspace 4 output DP-1
workspace 5 output DP-1
workspace 6 output DP-1
workspace 7 output DP-2
workspace 8 output DP-2
workspace 9 output DP-2
workspace 10 output DP-2
'';
bg1 = ../_shared_assets/wallpapers/pixel_neon.png;
bg2 = ../_shared_assets/wallpapers/pixel_neon_v.png;
xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 97.98 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1";
xwallpaperCmd = "xwallpaper --output DP-1 --zoom ${bg1} --output DP-2 --zoom ${bg2}";
startupCmd = "sh -c 'sleep 0.2; i3-msg workspace number 7; sleep 0.2; i3-msg workspace number 1'";
i3ExtraOptions = {
startup = [
{ command = "${xrSetup}"; }
{ command = "sh -c 'sleep 1; ${xwallpaperCmd}'"; }
{ command = "${startupCmd}"; }
];
};
in
{
options = { };
config = {
home-manager.sharedModules = [
(
{ lib, pkgs, ... }:
let
inherit (lib) mkAfter;
in
{
xsession.windowManager.i3.config.startup = mkAfter (i3ExtraOptions.startup ++ [
{ command = "nm-applet"; }
{ command = "blueman-applet"; }
{ command = "xfce4-power-manager"; }
{ command = "sh -c 'xset s off -dpms; xset s noblank'"; }
]);
xsession.windowManager.i3.extraConfig = mkAfter assignLines;
home.packages = [ pkgs.xwallpaper pkgs.xorg.xrandr pkgs.xorg.xset ];
}
)
];
};
}

20
hosts/lio/opencode-shim.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
programs = {
nix-ld = {
enable = true;
libraries = with pkgs; [
icu
gmp
glibc
openssl
stdenv.cc.cc
];
};
};
environment.shellAliases = {
"oc" =
"all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode";
"occ" = "oc -c";
};
}

11
hosts/lio/sway_customizations.nix
View file

@ -74,8 +74,15 @@ in
options = { };
config = {
environment.systemPackages = [ ];
# ringofstorms_common.desktopEnvironment.sway.extraOptions = swayExtraOptions;
ringofstorms_common.desktopEnvironment.sway.extraOptions = swayExtraOptions;
home-manager.sharedModules = [
(
{ ... }:
{
wayland.windowManager.sway.config = swayExtraOptions;
}
)
];
};
}

12
hosts/oracle/o001/containers/vaultwarden.nix
View file

@ -1,5 +1,6 @@
{
config,
lib,
...
}:
let
@ -9,6 +10,13 @@ let
hostDataDir = "/var/lib/${name}";
v_port = 8222;
hasSecret =
secret:
let
secrets = config.age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
in
{
users = {
@ -26,7 +34,7 @@ in
chmod -R 750 ${hostDataDir}
'';
containers.${name} = {
containers.${name} = lib.mkIf (hasSecret "vaultwarden_env") {
ephemeral = true;
autoStart = true;
privateNetwork = false;
@ -72,7 +80,7 @@ in
};
};
services.nginx.virtualHosts."vault.joshuabell.xyz" = {
services.nginx.virtualHosts."vault.joshuabell.xyz" = lib.mkIf (hasSecret "vaultwarden_env") {
enableACME = true;
forceSSL = true;
locations = {

5
hosts/oracle/o001/flake.nix
View file

@ -19,6 +19,7 @@
}:
let
configuration_name = "o001";
system = "aarch64-linux";
lib = nixpkgs.lib;
in
{
@ -30,7 +31,7 @@
];
nodes.${configuration_name} = {
hostname = "64.181.210.7";
targetPlatform = "aarch64-linux";
targetPlatform = system;
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
@ -41,7 +42,7 @@
nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" = lib.nixosSystem {
system = "aarch64-linux";
inherit system;
modules = [
common.nixosModules.default
ros_neovim.nixosModules.default

23
hosts/oracle/o001/nginx.nix
View file

@ -179,6 +179,14 @@
proxyPass = "http://100.64.0.13";
};
};
"blog.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.64.0.13";
};
};
"sso.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
@ -199,20 +207,6 @@
'';
};
};
# "obsidiansync.joshuabell.xyz" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://100.64.0.1:5984";
# };
# extraConfig = ''
# client_max_body_size 100M;
# proxy_redirect off;
# proxy_buffering off;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# '';
# };
"jellyfin.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
@ -229,6 +223,7 @@
};
"_" = {
rejectSSL = true;
default = true;
locations."/" = {
return = "444"; # 404 for not found or 444 for drop

1
hosts/oren/configuration.nix
View file

@ -5,7 +5,6 @@
...
}:
{
system.stateVersion = "24.11"; # Did you read the comment?
environment.systemPackages = with pkgs; [
# [Laptop] Battery status
acpi

492
hosts/oren/flake.lock generated
View file

@ -5,7 +5,7 @@
"darwin": "darwin",
"home-manager": "home-manager_2",
"nixpkgs": [
"common",
"secrets",
"ragenix",
"nixpkgs"
],
@ -28,32 +28,32 @@
"aquamarine": {
"inputs": {
"hyprutils": [
"common",
"hyprland",
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"common",
"hyprland",
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1755946532,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
"lastModified": 1760101617,
"narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
"rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
"type": "github"
},
"original": {
@ -63,23 +63,18 @@
}
},
"common": {
"inputs": {
"home-manager": "home-manager",
"hyprland": "hyprland",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_3",
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1759523753,
"narHash": "sha256-5AsVQRTlf7Gv6LeRWCUbbwbmbXxyNC4am8CoA6Is71c=",
"dir": "flakes/common",
"lastModified": 1761110137,
"narHash": "sha256-lQZc5iSfm7qbKnsbVB1DJB2ADRS0YI5eSFddFrEWe0A=",
"ref": "refs/heads/master",
"rev": "82178521d17a743dbf46350406da64b691446c71",
"revCount": 681,
"rev": "1734c15addcc78662fea6c3e14db2a2489521b91",
"revCount": 735,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
"original": {
"dir": "flakes/common",
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
@ -102,7 +97,7 @@
"darwin": {
"inputs": {
"nixpkgs": [
"common",
"secrets",
"ragenix",
"agenix",
"nixpkgs"
@ -157,10 +152,30 @@
"type": "github"
}
},
"flatpaks": {
"inputs": {
"nix-flatpak": "nix-flatpak"
},
"locked": {
"dir": "flakes/flatpaks",
"lastModified": 1761110137,
"narHash": "sha256-lQZc5iSfm7qbKnsbVB1DJB2ADRS0YI5eSFddFrEWe0A=",
"ref": "refs/heads/master",
"rev": "1734c15addcc78662fea6c3e14db2a2489521b91",
"revCount": 735,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
"original": {
"dir": "flakes/flatpaks",
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"pre-commit-hooks",
"nixpkgs"
@ -202,7 +217,7 @@
"home-manager_2": {
"inputs": {
"nixpkgs": [
"common",
"secrets",
"ragenix",
"agenix",
"nixpkgs"
@ -225,17 +240,17 @@
"hyprcursor": {
"inputs": {
"hyprlang": [
"common",
"hyprland",
"hyprland",
"hyprlang"
],
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
@ -257,27 +272,27 @@
"hyprgraphics": {
"inputs": {
"hyprutils": [
"common",
"hyprland",
"hyprland",
"hyprutils"
],
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1758192433,
"narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=",
"lastModified": 1760445448,
"narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7",
"rev": "50fb9f069219f338a11cf0bcccb9e58357d67757",
"type": "github"
},
"original": {
@ -288,52 +303,43 @@
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-protocols": "hyprland-protocols",
"hyprland-qtutils": "hyprland-qtutils",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_2",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems",
"xdph": "xdph"
"hyprland": "hyprland_2"
},
"locked": {
"lastModified": 1759094452,
"narHash": "sha256-j7IOTFnQRDjX4PzYb2p6CPviAc8cDrcorzGpM8J89uM=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "f854b5bffbdd13cfe7edad0ee157d6947ff99619",
"type": "github"
"dir": "flakes/hyprland",
"lastModified": 1761110137,
"narHash": "sha256-lQZc5iSfm7qbKnsbVB1DJB2ADRS0YI5eSFddFrEWe0A=",
"ref": "refs/heads/master",
"rev": "1734c15addcc78662fea6c3e14db2a2489521b91",
"revCount": 735,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
"dir": "flakes/hyprland",
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1749046714,
"narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=",
"lastModified": 1759610243,
"narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330",
"rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
"type": "github"
},
"original": {
@ -345,19 +351,19 @@
"hyprland-qt-support": {
"inputs": {
"hyprlang": [
"common",
"hyprland",
"hyprland",
"hyprland-qtutils",
"hyprlang"
],
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"hyprland-qtutils",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"hyprland-qtutils",
"systems"
@ -381,34 +387,34 @@
"inputs": {
"hyprland-qt-support": "hyprland-qt-support",
"hyprlang": [
"common",
"hyprland",
"hyprland",
"hyprlang"
],
"hyprutils": [
"common",
"hyprland",
"hyprland",
"hyprland-qtutils",
"hyprlang",
"hyprutils"
],
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1757694755,
"narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=",
"lastModified": 1759080228,
"narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c",
"rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github"
},
"original": {
@ -417,30 +423,59 @@
"type": "github"
}
},
"hyprland_2": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-protocols": "hyprland-protocols",
"hyprland-qtutils": "hyprland-qtutils",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_2",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems",
"xdph": "xdph"
},
"locked": {
"lastModified": 1761083270,
"narHash": "sha256-9GfP5vh9C0mzdOYX0fgXk4v6lCw99V6q41RNTsDU0mc=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "892f642f58e6fcab7c69ecba79afb2d6ab461c89",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
"common",
"hyprland",
"hyprland",
"hyprutils"
],
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1756810301,
"narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
"lastModified": 1758927902,
"narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
"rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
"type": "github"
},
"original": {
@ -452,22 +487,22 @@
"hyprutils": {
"inputs": {
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1756117388,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
"lastModified": 1759619523,
"narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
"rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
"type": "github"
},
"original": {
@ -479,12 +514,12 @@
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
@ -535,29 +570,13 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1758198701,
"narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=",
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github"
},
"original": {
@ -569,21 +588,36 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1758690382,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"lastModified": 1760862643,
"narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1759772810,
"narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2b78ecc45e163d655c08c9a4cffb4a91c66d0493",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -599,37 +633,6 @@
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1759281824,
"narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5b5be50345d4113d04ba58c444348849f5585b4a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1757952092,
"narHash": "sha256-BcfTLFCU7elUJ2dwyt0iTjxsz/XLh+8ZygDcFwy6xPE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fd76dc9e7c68ac7c3941ba2af2bedcd79c5cf4ed",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim_plugin-Almo7aya/openingh.nvim": {
"flake": false,
"locked": {
@ -649,11 +652,11 @@
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": {
"flake": false,
"locked": {
"lastModified": 1757950300,
"narHash": "sha256-IQTP3jOmFNc2nphV9jdFbJXkmAN5Wj+/PIGmaZ8gP24=",
"lastModified": 1759715887,
"narHash": "sha256-9wXyswKnUenlZyO/aIy0gr1hF0IhuEJ0UOwvqjDSGjA=",
"owner": "CopilotC-Nvim",
"repo": "CopilotChat.nvim",
"rev": "87615648ff4dc852d1cf7ec099f0a7c37b1b2c87",
"rev": "92f269971c33a6e2f405da8b14f01cd109b9a3a3",
"type": "github"
},
"original": {
@ -681,11 +684,11 @@
"nvim_plugin-L3MON4D3/LuaSnip": {
"flake": false,
"locked": {
"lastModified": 1756990415,
"narHash": "sha256-5FsUVPy8pAiwBh3c+bPDMtypFEHj6qIwGQIo3hjqV4M=",
"lastModified": 1759157591,
"narHash": "sha256-sicE0/Vgc03X+Qxqlu5CM7NGd+6FE9RGx6OjZUa6Umw=",
"owner": "L3MON4D3",
"repo": "LuaSnip",
"rev": "21f74f7ba8c49f95f9d7c8293b147c2901dd2d3a",
"rev": "73813308abc2eaeff2bc0d3f2f79270c491be9d7",
"type": "github"
},
"original": {
@ -697,11 +700,11 @@
"nvim_plugin-MeanderingProgrammer/render-markdown.nvim": {
"flake": false,
"locked": {
"lastModified": 1757910669,
"narHash": "sha256-PWbFcGRbTMRhDJrj+kx73HLduMLOSrAhZTLL2YgrAjQ=",
"lastModified": 1759424904,
"narHash": "sha256-Smt9v6/XyHUdUiIPyCPQSRvWCeMMhYITSZWd9M7Jlvs=",
"owner": "MeanderingProgrammer",
"repo": "render-markdown.nvim",
"rev": "2c6cf127c577712bd29d38f6391b3045c5f0180a",
"rev": "7e6af36c846017122e07e68803bbf95f3c729ca3",
"type": "github"
},
"original": {
@ -761,11 +764,11 @@
"nvim_plugin-aznhe21/actions-preview.nvim": {
"flake": false,
"locked": {
"lastModified": 1745779150,
"narHash": "sha256-rQjwlu5gQcOvxF72lr9ugPRl0W78wCWGWPhpN1oOMbs=",
"lastModified": 1759462626,
"narHash": "sha256-YUeWBXxxeurfWBi0PjUi6izqYAvUw9DHmvsuPXm7ohw=",
"owner": "aznhe21",
"repo": "actions-preview.nvim",
"rev": "36513ad213855d497b7dd3391a24d1d75d58e36f",
"rev": "cb938c25edaac38d362555f19244a9cb85d561e8",
"type": "github"
},
"original": {
@ -777,11 +780,11 @@
"nvim_plugin-b0o/schemastore.nvim": {
"flake": false,
"locked": {
"lastModified": 1757653237,
"narHash": "sha256-94NKAVWPV2sLkGWWL9G07QxA90Ise6tNWaYyKBcS/vI=",
"lastModified": 1759454886,
"narHash": "sha256-T6mWvScsU0IsB3wFre5+TrNIbpQCA0flf7BNrGQIb+M=",
"owner": "b0o",
"repo": "schemastore.nvim",
"rev": "3146720ee3a0c6e2446eedd492fb519d16f2e467",
"rev": "8e17e50b519ba360bcfd5dfb5843ccac9be500ba",
"type": "github"
},
"original": {
@ -793,11 +796,11 @@
"nvim_plugin-catppuccin/nvim": {
"flake": false,
"locked": {
"lastModified": 1755621274,
"narHash": "sha256-o8VLMPriOh4+Ay5Ff0cWQYXjmihdr3x9131bKHHTsQE=",
"lastModified": 1759668198,
"narHash": "sha256-WmWGygttH78KajAaIvlwRW47G7UGJuPV0YIfEZkse6I=",
"owner": "catppuccin",
"repo": "nvim",
"rev": "30fa4d122d9b22ad8b2e0ab1b533c8c26c4dde86",
"rev": "e79d09fa347b367e0e7f693bfe87dba932a8cbd1",
"type": "github"
},
"original": {
@ -841,11 +844,11 @@
"nvim_plugin-folke/lazy.nvim": {
"flake": false,
"locked": {
"lastModified": 1740511197,
"narHash": "sha256-nQ8PR9DTdzg6Z2rViuVD6Pswc2VvDQwS3uMNgyDh5ls=",
"lastModified": 1759439283,
"narHash": "sha256-FjQ2rj3BvC8fh60IT0ExrBOmdDLdXFexffef6iKcPFQ=",
"owner": "folke",
"repo": "lazy.nvim",
"rev": "6c3bda4aca61a13a9c63f1c1d1b16b9d3be90d7a",
"rev": "59334064f8604ca073791c25dcc5c9698865406e",
"type": "github"
},
"original": {
@ -873,11 +876,11 @@
"nvim_plugin-folke/which-key.nvim": {
"flake": false,
"locked": {
"lastModified": 1740233407,
"narHash": "sha256-uvMcSduMr7Kd2oUmIOYzvWF4FIl6bZxIYm9FSw/3pCo=",
"lastModified": 1758639622,
"narHash": "sha256-JNkjlv6QpnuaYCAFcBPjV7IavVLzj8QEX/Zi3sbdyrU=",
"owner": "folke",
"repo": "which-key.nvim",
"rev": "370ec46f710e058c9c1646273e6b225acf47cbed",
"rev": "904308e6885bbb7b60714c80ab3daf0c071c1492",
"type": "github"
},
"original": {
@ -953,11 +956,11 @@
"nvim_plugin-j-hui/fidget.nvim": {
"flake": false,
"locked": {
"lastModified": 1755700851,
"narHash": "sha256-KRlUqUdcliKpLnEJqyA2OAWto73F6iGTbMrsiAdc24M=",
"lastModified": 1758578970,
"narHash": "sha256-ieY3zaQAydzadpPiW1/IYakVHhp+wyEOpCQntgDOObs=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "4d5858bd4c471c895060e1b9f3575f1551184dc5",
"rev": "3f5475949679953af6d78654db29b944fa826e6a",
"type": "github"
},
"original": {
@ -985,11 +988,11 @@
"nvim_plugin-lewis6991/gitsigns.nvim": {
"flake": false,
"locked": {
"lastModified": 1757668552,
"narHash": "sha256-L5WbNiFUn014hThvGfb5r858O6iLOBhOQHfVUdIlFI4=",
"lastModified": 1759324477,
"narHash": "sha256-GDK9I3SNRyZe59+GsnDC0L2KjGr150dWo4S3DUwhT7U=",
"owner": "lewis6991",
"repo": "gitsigns.nvim",
"rev": "f780609807eca1f783a36a8a31c30a48fbe150c5",
"rev": "1ee5c1fd068c81f9dd06483e639c2aa4587dc197",
"type": "github"
},
"original": {
@ -1049,11 +1052,11 @@
"nvim_plugin-mbbill/undotree": {
"flake": false,
"locked": {
"lastModified": 1756538456,
"narHash": "sha256-tudR+46nd63jY1VTCNEfZ2CofxCODXaHos0+NdFI6wU=",
"lastModified": 1759186837,
"narHash": "sha256-EWOH08KAWyoT9m45/B1d5aKQQJtd3k4orJbagVsxe08=",
"owner": "mbbill",
"repo": "undotree",
"rev": "fe9a9d0645f0f5532360b5e5f5c550d7bb4f1869",
"rev": "0f1c9816975b5d7f87d5003a19c53c6fd2ff6f7f",
"type": "github"
},
"original": {
@ -1065,11 +1068,11 @@
"nvim_plugin-mfussenegger/nvim-lint": {
"flake": false,
"locked": {
"lastModified": 1757878177,
"narHash": "sha256-8X9z0pRWx9xg9nQhhQtuOu3TunObg2CIgnlPXZtx86A=",
"lastModified": 1758714671,
"narHash": "sha256-POnQfsZAv93+0uCbKFcNgyQxn3u8nNqgnx0uTqCkCq8=",
"owner": "mfussenegger",
"repo": "nvim-lint",
"rev": "0864f81c681e15d9bdc1156fe3a17bd07db5a3ed",
"rev": "335a6044be16d7701001059cba9baa36fbeef422",
"type": "github"
},
"original": {
@ -1081,11 +1084,11 @@
"nvim_plugin-mrcjkb/rustaceanvim": {
"flake": false,
"locked": {
"lastModified": 1757809469,
"narHash": "sha256-bijgDZozBNmHW3cASmOrQlaSE80d8V3XRxi1BNmfzRI=",
"lastModified": 1759623626,
"narHash": "sha256-Cz4LDzz7v3kBS1mbxZjprogqHFghYr5xMfSN3us2Ltk=",
"owner": "mrcjkb",
"repo": "rustaceanvim",
"rev": "370b85298e5afdfd8b5d3da0c60c04e3873499a4",
"rev": "96a4f5efc7705f613ddd47fb5d1445c172acb213",
"type": "github"
},
"original": {
@ -1097,11 +1100,11 @@
"nvim_plugin-neovim/nvim-lspconfig": {
"flake": false,
"locked": {
"lastModified": 1757886255,
"narHash": "sha256-lIlFgHkesAK7fRcoEEQO84/0BpE29dBgNzBnCv/0Tf0=",
"lastModified": 1759548517,
"narHash": "sha256-K56vjTUkQ/NdA6vq5942zUknPiCUbMByiEW540dR8R0=",
"owner": "neovim",
"repo": "nvim-lspconfig",
"rev": "d9879110d0422a566fa01d732556f4d5515e1738",
"rev": "e688b486fe9291f151eae7e5c0b5a5c4ef980847",
"type": "github"
},
"original": {
@ -1113,11 +1116,11 @@
"nvim_plugin-nosduco/remote-sshfs.nvim": {
"flake": false,
"locked": {
"lastModified": 1755703322,
"narHash": "sha256-xy+50CsRd0LfRyDtNNMI8KhzvjH2nt8ogwiXf7H3fYY=",
"lastModified": 1759193354,
"narHash": "sha256-FfUxpRfqrf0r56/gi76N2ZooWnXWO0aRtaQBS7m+SvY=",
"owner": "nosduco",
"repo": "remote-sshfs.nvim",
"rev": "8b0974c0e23ef086f5598ebbb1980257171dc370",
"rev": "45502b3892774811153aeab5f7f9b0033c82005c",
"type": "github"
},
"original": {
@ -1241,11 +1244,11 @@
"nvim_plugin-nvim-tree/nvim-tree.lua": {
"flake": false,
"locked": {
"lastModified": 1757312802,
"narHash": "sha256-Km+PWXJJLl8zsBjwIGL//qT/eUEZna4yYRPsWXMXG1E=",
"lastModified": 1759222332,
"narHash": "sha256-TmQd8Xx9xw3G9PfPH+DZeSECfiUoO7XKCUSyQ4O0hMk=",
"owner": "nvim-tree",
"repo": "nvim-tree.lua",
"rev": "e179ad2f83b5955ab0af653069a493a1828c2697",
"rev": "87d096a39cb2d5d43e6771563575ff042a79f48b",
"type": "github"
},
"original": {
@ -1257,11 +1260,11 @@
"nvim_plugin-nvim-tree/nvim-web-devicons": {
"flake": false,
"locked": {
"lastModified": 1756936794,
"narHash": "sha256-2Q6ZZQj5HFXTw1YwX3ibdGOTwfbfPUBbcPOsuBUpSjc=",
"lastModified": 1759188261,
"narHash": "sha256-lVrakFrpIP9lp7sMfMb33KeMPIkcn1qBFVytJzKCfuE=",
"owner": "nvim-tree",
"repo": "nvim-web-devicons",
"rev": "6e51ca170563330e063720449c21f43e27ca0bc1",
"rev": "b8221e42cf7287c4dcde81f232f58d7b947c210d",
"type": "github"
},
"original": {
@ -1321,11 +1324,11 @@
"nvim_plugin-rmagatti/auto-session": {
"flake": false,
"locked": {
"lastModified": 1757864222,
"narHash": "sha256-FbN36vVLX3DUXwefTbi6511R6KTHqLiNHeAR0kXiarg=",
"lastModified": 1759618137,
"narHash": "sha256-+RYQi685tyV73WNXpgr/Q5p3o21dSUkQmSoif+EPBVM=",
"owner": "rmagatti",
"repo": "auto-session",
"rev": "5a269bb5bec50b8b60564aa00f6454d9e82fbe8d",
"rev": "0385a9ad378d70608c2e6e4c14b3b126ce30fc51",
"type": "github"
},
"original": {
@ -1385,11 +1388,11 @@
"nvim_plugin-stevearc/conform.nvim": {
"flake": false,
"locked": {
"lastModified": 1756334700,
"narHash": "sha256-j9TOSx2L19AHABdg9pLtmEUtPOCIUSo0qe2YUPBlZ5g=",
"lastModified": 1759554032,
"narHash": "sha256-JX+vFs+8n4PS7Xwq68MW2mjlDaLlUx6CxMqhf9ArfXQ=",
"owner": "stevearc",
"repo": "conform.nvim",
"rev": "b4aab989db276993ea5dcb78872be494ce546521",
"rev": "9d859cbfbde7a1bd1770e7c97aef30ec5a237a71",
"type": "github"
},
"original": {
@ -1497,11 +1500,11 @@
"nvim_plugin-zbirenbaum/copilot.lua": {
"flake": false,
"locked": {
"lastModified": 1757884406,
"narHash": "sha256-sXobILIsV4nnk9//PbFT4L1BsHP1xSJiuibVbGwYXJ8=",
"lastModified": 1759697885,
"narHash": "sha256-PwqJ7/FCfK4AqFgguZ2Tac5RWhehSEfI1N6ySSuTbZc=",
"owner": "zbirenbaum",
"repo": "copilot.lua",
"rev": "8aebaa3a102125fedf08c98773a0a8def92fff37",
"rev": "30b98a4c25d6152c14084020f703b6d56e1f1122",
"type": "github"
},
"original": {
@ -1515,17 +1518,17 @@
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"lastModified": 1760663237,
"narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
"type": "github"
},
"original": {
@ -1539,8 +1542,8 @@
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay"
"nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1744897914,
@ -1559,14 +1562,17 @@
"root": {
"inputs": {
"common": "common",
"nixpkgs": "nixpkgs_5",
"nixpkgs-unstable": "nixpkgs-unstable",
"ros_neovim": "ros_neovim"
"flatpaks": "flatpaks",
"home-manager": "home-manager",
"hyprland": "hyprland",
"nixpkgs": "nixpkgs_3",
"ros_neovim": "ros_neovim",
"secrets": "secrets"
}
},
"ros_neovim": {
"inputs": {
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_4",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",
@ -1622,14 +1628,14 @@
"nvim_plugin-windwp/nvim-ts-autotag": "nvim_plugin-windwp/nvim-ts-autotag",
"nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp",
"nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua",
"rust-overlay": "rust-overlay_2"
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1758041510,
"narHash": "sha256-vcK6ZwAWNfjdDFYKLVrWk+azva58AiDpm8nMfIniFWA=",
"lastModified": 1760630879,
"narHash": "sha256-H1ZHzlSpu2dxnM69OYCB6qJVZfVIbR3hBu3LcVW2eKw=",
"ref": "refs/heads/master",
"rev": "b3dbdf3f7360747987bf38bcdd9baf01b4906929",
"revCount": 304,
"rev": "d1172c40fd221200a1c7f924d0e43b395f3338ad",
"revCount": 310,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/nvim"
},
@ -1641,7 +1647,28 @@
"rust-overlay": {
"inputs": {
"nixpkgs": [
"common",
"ros_neovim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1759718104,
"narHash": "sha256-TbkLsgdnXHUXR4gOQBmhxkEE9ne+eHmX1chZHWRogy0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "edea9f33f9a03f615ad3609a40fbcefe0ec835ca",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"secrets",
"ragenix",
"nixpkgs"
]
@ -1660,25 +1687,24 @@
"type": "github"
}
},
"rust-overlay_2": {
"secrets": {
"inputs": {
"nixpkgs": [
"ros_neovim",
"nixpkgs"
]
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1757930296,
"narHash": "sha256-Z9u5VszKs8rfEvg2AsFucWEjl7wMtAln9l1b78cfBh4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "09442765a05c2ca617c20ed68d9613da92a2d96b",
"type": "github"
"dir": "flakes/secrets",
"lastModified": 1761110137,
"narHash": "sha256-lQZc5iSfm7qbKnsbVB1DJB2ADRS0YI5eSFddFrEWe0A=",
"ref": "refs/heads/master",
"rev": "1734c15addcc78662fea6c3e14db2a2489521b91",
"revCount": 735,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
"dir": "flakes/secrets",
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
},
"systems": {
@ -1729,42 +1755,42 @@
"xdph": {
"inputs": {
"hyprland-protocols": [
"common",
"hyprland",
"hyprland",
"hyprland-protocols"
],
"hyprlang": [
"common",
"hyprland",
"hyprland",
"hyprlang"
],
"hyprutils": [
"common",
"hyprland",
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"common",
"hyprland",
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"common",
"hyprland",
"hyprland",
"nixpkgs"
],
"systems": [
"common",
"hyprland",
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1755354946,
"narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=",
"lastModified": 1760713634,
"narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0",
"rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
"type": "github"
},
"original": {

207
hosts/oren/flake.nix
View file

@ -1,11 +1,17 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:rycee/home-manager/release-25.05";
# Use relative to get current version for testing
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
# Use relative to get current version for testin
# common.url = "path:../../flakes/common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
# secrets.url = "path:../../flakes/secrets";
secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
# flatpaks.url = "path:../../flakes/flatpaks";
flatpaks.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/flatpaks";
# hyprland.url = "path:../../flakes/hyprland";
hyprland.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/hyprland";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
@ -13,30 +19,123 @@
outputs =
{
nixpkgs,
nixpkgs-unstable,
home-manager,
common,
secrets,
flatpaks,
hyprland,
ros_neovim,
...
}:
let
configuration_name = "oren";
system = "x86_64-linux";
stateVersion = "25.05";
primaryUser = "josh";
lib = nixpkgs.lib;
in
{
nixosConfigurations = {
"${configuration_name}" = (
lib.nixosSystem {
inherit system;
modules = [
common.nixosModules.default
home-manager.nixosModules.default
secrets.nixosModules.default
ros_neovim.nixosModules.default
flatpaks.nixosModules.default
hyprland.nixosModules.default
common.nixosModules.essentials
common.nixosModules.git
common.nixosModules.tmux
common.nixosModules.boot_systemd
common.nixosModules.hardening
common.nixosModules.jetbrains_font
common.nixosModules.nix_options
common.nixosModules.podman
common.nixosModules.tailnet
common.nixosModules.timezone_auto
common.nixosModules.tty_caps_esc
common.nixosModules.zsh
./configuration.nix
./hardware-configuration.nix
# ./sway_customizations.nix
./hyprland_customizations.nix
(
{ config, pkgs, ... }:
{
rec {
# Home Manager
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "bak";
# add all normal users to home manager so it applies to them
users = lib.mapAttrs (name: user: {
home.stateVersion = stateVersion;
programs.home-manager.enable = true;
}) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users);
sharedModules = [
common.homeManagerModules.tmux
common.homeManagerModules.atuin
common.homeManagerModules.direnv
common.homeManagerModules.foot
common.homeManagerModules.git
common.homeManagerModules.postgres_cli_options
common.homeManagerModules.ssh
common.homeManagerModules.starship
common.homeManagerModules.zoxide
common.homeManagerModules.zsh
];
};
# System configuration
system.stateVersion = stateVersion;
networking.hostName = configuration_name;
programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${config.networking.hostName}";
nixpkgs.config.allowUnfree = true;
users.users = {
"${primaryUser}" = {
isNormalUser = true;
initialPassword = "password1";
extraGroups = [
"wheel"
"networkmanager"
"video"
"input"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMzgAe4od9K4EsvH2g7xjNU7hGoJiFJlYcvB0BoDCvn nix2oren"
];
};
};
environment.systemPackages = with pkgs; [
lua
qdirstat
ffmpeg-full
vlc
google-chrome
nodejs_24
ttyd
appimage-run
];
services.flatpak.packages = [
"org.signal.Signal"
"dev.vencord.Vesktop"
"md.obsidian.Obsidian"
"com.spotify.Client"
"com.bitwarden.desktop"
"org.openscad.OpenSCAD"
"im.riot.Riot"
"com.rustdesk.RustDesk"
];
services.devmon.enable = true;
services.gvfs.enable = true;
services.udisks2.enable = true;
@ -68,98 +167,6 @@
"ollamal" = "ollama list | tail -n +2 | awk '{print $1}' | fzf --ansi --preview 'ollama show {}'";
};
environment.systemPackages = with pkgs; [
lua
qdirstat
ffmpeg-full
appimage-run
nodejs_24
foot
ttyd
];
services.ollama = {
enable = true;
package = nixpkgs-unstable.legacyPackages.x86_64-linux.ollama;
acceleration = "rocm"; # cuda for NVIDA; rocm for amd; false/default for neither
};
ringofstorms_common = {
systemName = configuration_name;
boot.systemd.enable = true;
general = {
enableSleep = true;
reporting.enable = true;
};
secrets.enable = true;
desktopEnvironment.hyprland = {
enable = true;
waybar.enable = true;
swaync.enable = true;
};
programs = {
qFlipper.enable = true;
rustDev.enable = true;
uhkAgent.enable = true;
tailnet.enable = true;
ssh.enable = true;
podman.enable = true;
virt-manager.enable = true;
flatpaks = {
enable = true;
packages = [
"org.signal.Signal"
"dev.vencord.Vesktop"
"md.obsidian.Obsidian"
"com.spotify.Client"
"org.videolan.VLC"
"com.bitwarden.desktop"
"im.riot.Riot"
"com.rustdesk.RustDesk"
"com.google.Chrome"
];
};
};
users = {
# Users are all normal users and default password is password1
admins = [ "josh" ]; # First admin is also the primary user owning nix config
users = {
josh = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMzgAe4od9K4EsvH2g7xjNU7hGoJiFJlYcvB0BoDCvn nix2oren"
];
extraGroups = [
"networkmanager"
"video"
"input"
];
shell = pkgs.zsh;
};
};
};
homeManager = {
users = {
josh = {
imports = with common.homeManagerModules; [
zsh
ssh
starship
zoxide
tmux
atuin
kitty
foot
direnv
git
nix_deprecations
obs
postgres
];
};
};
};
};
}
)
];

52
hosts/oren/hyprland_customizations.nix
View file

@ -1,30 +1,30 @@
{ lib, pkgs, ... }:
let
hyprlandExtraOptions = {
exec-once = [
# Wait a moment for monitors/workspaces to settle, then "prime" 6 and return to 1
"sh -lc 'sleep 0.2; hyprctl dispatch workspace 1'"
];
monitor = [
"eDP-1,2560x1600@165.000Hz,0x0,1.666667,transform,0"
];
};
in
{ lib, ... }:
{
options = { };
home-manager.sharedModules = [
(
{ ... }:
{
wayland.windowManager.hyprland.settings = {
exec-once = [
# Wait a moment for monitors/workspaces to settle, then "prime" 6 and return to 1
"sh -lc 'sleep 0.2; hyprctl dispatch workspace 1'"
];
monitor = lib.mkForce [
"eDP-1,2560x1600@165.000Hz,0x0,1.666667,transform,0"
];
};
services.hyprpaper.settings = {
mode = "fill"; # Wallpaper display mode: fill, fit, stretch, center, tile
config = {
ringofstorms_common.desktopEnvironment.hyprland.extraOptions = hyprlandExtraOptions;
ringofstorms_common.desktopEnvironment.hyprland.hyprpaperSettings = {
mode = "fill"; # Wallpaper display mode: fill, fit, stretch, center, tile
preload = [
"${../_shared_assets/wallpapers/pixel_neon.png}"
];
preload = [
"${../_shared_assets/wallpapers/pixel_neon.png}"
];
wallpaper = [
"eDP-1,${../_shared_assets/wallpapers/pixel_neon.png}"
];
};
};
wallpaper = [
"eDP-1,${../_shared_assets/wallpapers/pixel_neon.png}"
];
};
}
)
];
}

139
hosts/template.josh.nix Normal file
View file

@ -0,0 +1,139 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
home-manager.url = "github:rycee/home-manager/release-25.05";
# Use relative to get current version for testing
# common.url = "path:../../flakes/common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
# secrets.url = "path:../../flakes/secrets";
secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
# flatpaks.url = "path:../../flakes/flatpaks";
flatpaks.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/flatpaks";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
outputs =
{
nixpkgs,
home-manager,
common,
secrets,
flatpaks,
ros_neovim,
...
}:
let
configuration_name = "SYSTEM_NAME";
system = "x86_64-linux";
stateVersion = "25.05";
primaryUser = "josh";
lib = nixpkgs.lib;
in
{
nixosConfigurations = {
"${configuration_name}" = (
lib.nixosSystem {
inherit system;
modules = [
home-manager.nixosModules.default
secrets.nixosModules.default
ros_neovim.nixosModules.default
flatpaks.nixosModules.default
common.nixosModules.essentials
common.nixosModules.git
common.nixosModules.tmux
common.nixosModules.boot_systemd
common.nixosModules.de_sway
common.nixosModules.hardening
common.nixosModules.jetbrains_font
common.nixosModules.nix_options
common.nixosModules.tailnet
common.nixosModules.timezone_auto
common.nixosModules.tty_caps_esc
common.nixosModules.zsh
(
{
config,
pkgs,
upkgs,
lib,
...
}:
rec {
# Home Manager
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "bak";
# add all normal users to home manager so it applies to them
users = lib.mapAttrs (name: user: {
home.stateVersion = stateVersion;
programs.home-manager.enable = true;
}) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users);
sharedModules = [
common.homeManagerModules.de_sway
common.homeManagerModules.tmux
common.homeManagerModules.atuin
common.homeManagerModules.direnv
common.homeManagerModules.foot
common.homeManagerModules.git
common.homeManagerModules.postgres_cli_options
common.homeManagerModules.ssh
common.homeManagerModules.starship
common.homeManagerModules.zoxide
common.homeManagerModules.zsh
];
};
# System configuration
system.stateVersion = stateVersion;
networking.hostName = configuration_name;
programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${config.networking.hostName}";
nixpkgs.config.allowUnfree = true;
users.users = {
"${primaryUser}" = {
isNormalUser = true;
initialPassword = "password1";
extraGroups = [
"wheel"
"networkmanager"
"video"
"input"
];
openssh.authorizedKeys.keys = [
"REPLACE"
];
};
};
environment.systemPackages = with pkgs; [
lua
qdirstat
ffmpeg-full
vlc
google-chrome
];
services.flatpak.packages = [
"org.signal.Signal"
"dev.vencord.Vesktop"
"md.obsidian.Obsidian"
"com.spotify.Client"
"com.bitwarden.desktop"
"org.openscad.OpenSCAD"
"org.blender.Blender"
"com.rustdesk.RustDesk"
];
}
)
];
}
);
};
};
}

112
hosts/template.luser.nix Normal file
View file

@ -0,0 +1,112 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
home-manager.url = "github:rycee/home-manager/release-25.05";
# Use relative to get current version for testing
# common.url = "path:../../flakes/common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
# secrets.url = "path:../../flakes/secrets";
secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
outputs =
{
nixpkgs,
home-manager,
common,
secrets,
ros_neovim,
...
}:
let
configuration_name = "SYSTEM_NAME";
system = "x86_64-linux";
stateVersion = "25.05";
primaryUser = "luser";
lib = nixpkgs.lib;
in
{
nixosConfigurations = {
"${configuration_name}" = (
lib.nixosSystem {
inherit system;
modules = [
home-manager.nixosModules.default
secrets.nixosModules.default
ros_neovim.nixosModules.default
common.nixosModules.essentials
common.nixosModules.git
common.nixosModules.tmux
common.nixosModules.boot_systemd
common.nixosModules.hardening
common.nixosModules.jetbrains_font
common.nixosModules.nix_options
common.nixosModules.tailnet
common.nixosModules.timezone_auto
common.nixosModules.tty_caps_esc
common.nixosModules.zsh
(
{
config,
pkgs,
upkgs,
lib,
...
}:
rec {
# Home Manager
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "bak";
# add all normal users to home manager so it applies to them
users = lib.mapAttrs (name: user: {
home.stateVersion = stateVersion;
programs.home-manager.enable = true;
}) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users);
sharedModules = [
common.homeManagerModules.tmux
common.homeManagerModules.atuin
common.homeManagerModules.direnv
common.homeManagerModules.git
common.homeManagerModules.postgres_cli_options
common.homeManagerModules.ssh
common.homeManagerModules.starship
common.homeManagerModules.zoxide
common.homeManagerModules.zsh
];
};
# System configuration
system.stateVersion = stateVersion;
networking.hostName = configuration_name;
programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${config.networking.hostName}";
nixpkgs.config.allowUnfree = true;
users.users = {
"${primaryUser}" = {
isNormalUser = true;
initialPassword = "password1";
extraGroups = [
"wheel"
"networkmanager"
"input"
];
openssh.authorizedKeys.keys = [
"REPLACE"
];
};
};
}
)
];
}
);
};
};
}

4
hosts/testbed/flake.nix
View file

@ -4,8 +4,8 @@
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Use relative to get current version for testing
common.url = "path:../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
disko.url = "github:nix-community/disko/latest";
disko.inputs.nixpkgs.follows = "nixpkgs";