refactored

for 26.05
2026-03-02 03:38:24 -07:00 · 2026-03-02 03:38:24 -07:00 · 075cb86d40
commit 075cb86d40
parent e92d8e6616
34 changed files with 435 additions and 345 deletions
--- a/hosts/configuration.nix
+++ b/hosts/configuration.nix
@ -3,26 +3,15 @@
 # and in the NixOS manual (accessible by running 'nixos-help').
 {...}: {
  imports = [
-    # Include the results of the hardware scan.
    ../settings.nix
+    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./system-packages.nix
  ];
-
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
-  };
-
-  nix.settings = {
-    warn-dirty = false;
-  };
-
  # I swear I hate nix sometimes
-  nixpkgs.config.permittedInsecurePackages = [
-    "mbedtls-2.28.10"
-  ];
+  #nixpkgs.config.permittedInsecurePackages = [
+  #  "mbedtls-2.28.10"
+  #];

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/hosts/modules/aagl.nix
+++ b/hosts/modules/aagl.nix
@ -1,8 +1,8 @@
 {
  programs = {
    anime-game-launcher.enable = true;
-    anime-games-launcher.enable = true;
-    honkers-railway-launcher.enable = true;
+    #anime-games-launcher.enable = true;
+    #honkers-railway-launcher.enable = true;
    honkers-launcher.enable = true;
    # wavey-launcher.enable = true;
    sleepy-launcher.enable = true;
--- a/hosts/modules/boot.nix
+++ b/hosts/modules/boot.nix
@ -10,7 +10,8 @@
    };
    tmp.cleanOnBoot = true;
    kernelPackages = pkgs.linuxPackages_latest;
-    #kernelPackages = pkgs.linuxPackages_6_18;
+    #50 series nvidia drivers are kinda a mess; use 6.12 if there's any issues
+    #kernelPackages = pkgs.linuxPackages_6_12;
    consoleLogLevel = 3;
    initrd.verbose = false;
    kernelParams = [
@ -19,6 +20,8 @@
      "boot.shell_on_fail"
      "udev.log_priority=3"
      "rd.systemd.show_status=auto"
+      "nvidia_drm.modeset=1"
+      "nvidia_drm.fbdev=1"
    ];
    # cpu specific optimizations
    kernel.sysctl = {
@ -27,6 +30,9 @@
    };
  };

+  # been annoying as of late
+  systemd.oomd.enable = false;
+
  # some people really like putting #/bin/sh or #/bin/bash
  system.activationScripts.binbash = {
    deps = [];
--- a/hosts/modules/env.nix
+++ b/hosts/modules/env.nix
@ -10,29 +10,15 @@
    BROWSER = config.theme.Browser;
    XCURSOR_THEME = config.theme.cursorName;
    XCURSOR_SIZE = toString config.theme.cursorSize;
-    GTK_THEME = "${config.theme.gtkTheme}:${config.theme.gtkThemeMode}";
    QT_QPA_PLATFORMTHEME = config.theme.qtTheme;
    QT_STYLE_OVERRIDE = config.theme.qtOverride;
-
-    XDG_SESSION_TYPE = "wayland";
-    XDG_CURRENT_DESKTOP = "Hyprland";
-    XDG_SESSION_DESKTOP = "Hyprland";
-    GDK_BACKEND = "wayland,x11";
-    QT_QPA_PLATFORM = "wayland;xcb";
-    SDL_VIDEODRIVER = "wayland";
-    MOZ_ENABLE_WAYLAND = "1";
-    NIXOS_OZONE_WL = "1";
-
-    __GLX_VENDOR_LIBRARY_NAME = "nvidia";
-    GBM_BACKEND = "nvidia-drm";
-    LIBVA_DRIVER_NAME = "nvidia";
-
    CC = "${pkgs.gcc}/bin/gcc";
    LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib";
+    LUA_PATH = "${pkgs.luajit}/share/lua/${pkgs.luajit.luaversion}/?.lua;${pkgs.luajit}/share/lua/${pkgs.luajit.luaversion}/?/init.lua;;";
+    LUA_CPATH = "${pkgs.luajit}/lib/lua/${pkgs.luajit.luaversion}/?.so;;";
+  };

-    LUA_PATH = "${pkgs.luajit}/share/lua/5.1/?.lua;${pkgs.luajit}/share/lua/5.1/?/init.lua;;";
-    LUA_CPATH = "${pkgs.luajit}/lib/lua/5.1/?.so;;";
-
+  environment.sessionVariables = {
    PKG_CONFIG_PATH = lib.makeSearchPath "lib/pkgconfig" [
      pkgs.portaudio
      pkgs.alsa-lib
@ -50,9 +36,6 @@
      pkgs.libxkbcommon
      pkgs.glib
    ];
-
-    CUDA_HOME = pkgs.cudatoolkit;
-    CPATH = "${pkgs.cudatoolkit}/include";
  };

  environment.pathsToLink = [
--- a/hosts/modules/fonts.nix
+++ b/hosts/modules/fonts.nix
@ -21,6 +21,15 @@

    fontconfig = {
      enable = true;
+      antialias = true;
+      hinting = {
+        enable = true;
+        style = "full";
+      };
+      subpixel = {
+        rgba = "rgb";
+        lcdfilter = "default";
+      };
      defaultFonts = {
        monospace = ["0xProto Nerd Font" "Noto Sans Mono CJK JP"];
        sansSerif = ["Clear Sans" "Noto Sans CJK JP"];
--- a/hosts/modules/hyprland.nix
+++ b/hosts/modules/hyprland.nix
@ -1,43 +1,33 @@
 {pkgs, ...}: {
  services.xserver.enable = false;
+  programs.gpu-screen-recorder.enable = true;

  programs.hyprland = {
    enable = true;
    xwayland.enable = true;
  };

-  xdg.portal = {
-    enable = true;
-    extraPortals = with pkgs; [
-      xdg-desktop-portal-hyprland
-      xdg-desktop-portal-gtk
-    ];
-    config = {
-      Hyprland.default = ["hyprland" "gtk"];
-    };
-  };
-
  services.gnome.gnome-keyring.enable = true;
  security.pam.services.greetd.enableGnomeKeyring = true;
-  security.polkit.enable = true;
-
  services.accounts-daemon.enable = true;
-  systemd.user.targets.graphical-session = {
-    unitConfig = {
-      RefuseManualStart = false;
-      StopWhenUnneeded = false;
-    };
-    wantedBy = ["default.target"];
+
+  environment.variables = {
+    XDG_SESSION_TYPE = "wayland";
+    XDG_CURRENT_DESKTOP = "Hyprland";
+    XDG_SESSION_DESKTOP = "Hyprland";
+    GDK_BACKEND = "wayland,x11";
+    QT_QPA_PLATFORM = "wayland;xcb";
+    SDL_VIDEODRIVER = "wayland";
+    MOZ_ENABLE_WAYLAND = "1";
+    NIXOS_OZONE_WL = "1";
  };

  environment.systemPackages = with pkgs; [
-    (writeShellScriptBin "hyprpolkitagent" ''
-      exec ${hyprpolkitagent}/libexec/hyprpolkitagent "$@"
-    '')
+    hyprpolkitagent
    qt5.qtwayland
    qt6.qtwayland
    candy-icons
-    firefly-cursor
+    furina-cursor
    tokyonight-gtk-theme
    hyprlock
    wlogout
@ -61,5 +51,6 @@
    brightnessctl
    xwayland-satellite
    hyprshade
+    kdePackages.kdeconnect-kde
  ];
 }
--- a/hosts/modules/ld.nix
+++ b/hosts/modules/ld.nix
@ -1,5 +0,0 @@
-{
-  programs.nix-ld = {
-    enable = true;
-  };
-}
--- a/hosts/modules/misc.nix
+++ b/hosts/modules/misc.nix
@ -4,7 +4,6 @@
    unzip
    jq
    wrk
-    cachix
    gcc15
    gnumake
    cmake
@ -16,15 +15,13 @@
    automake
    libtool
    nasm
-    nix-prefetch-git
    icu
    argc
    clang
    openssl
-    pinix
    cairo
    cabextract
    xdg-utils
-    nix-search
+    cacert
  ];
 }
--- a/hosts/modules/net.nix
+++ b/hosts/modules/net.nix
@ -9,6 +9,7 @@
    httpie
    socat
    posting
+    mtr
  ];

  networking = {
@ -27,8 +28,6 @@
    };
  };

-  services.openssh.enable = true;
-
  # Disable NetworkManager-wait-online to fix boot hang
  systemd.services."NetworkManager-wait-online".enable = false;
 }
--- a/hosts/modules/nixos.nix
+++ b/hosts/modules/nixos.nix
@ -1,21 +1,26 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }: {
  nixpkgs.config.allowUnfree = true;
  programs.nix-index.enable = true;
  programs.command-not-found.enable = false;
-
  zramSwap.enable = true;
-
-  systemd.services.nix-daemon.serviceConfig.MemoryMax = "28G";
-
+  environment.systemPackages = with pkgs; [
+    cachix
+    nix-prefetch-git
+    nix-search
+    nix-your-shell
+  ];
  nix.settings = {
    auto-optimise-store = true;
-    max-jobs = 4;
-    cores = 4;
+    max-jobs = "auto";
+    cores = 0;
    experimental-features = ["nix-command" "flakes"];
+    warn-dirty = false;
+    use-xdg-base-directories = true;
    substituters =
      [
        "https://cache.nixos.org"
@ -41,4 +46,9 @@
        "ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI="
      ];
  };
+  nix.gc = {
+    automatic = true;
+    dates = "daily";
+    options = "--delete-older-than 7d";
+  };
 }
--- a/hosts/modules/npm.nix
+++ b/hosts/modules/npm.nix
@ -1,18 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  options.npm.enable = lib.mkEnableOption "npm setup";
-
-  config = lib.mkIf config.npm.enable {
-    environment.systemPackages = with pkgs; [
-      nodejs_24
-      nodePackages.npm
-      yarn
-      bun
-      nodePackages.typescript
-    ];
-  };
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    nodejs_24
+    nodePackages.npm
+    yarn
+    bun
+    nodePackages.typescript
+  ];
 }
--- a/hosts/modules/nvidia.nix
+++ b/hosts/modules/nvidia.nix
@ -11,29 +11,10 @@
    powerManagement.enable = false;
    nvidiaSettings = true;
    nvidiaPersistenced = true;
-
-    package = let
-      base = config.boot.kernelPackages.nvidiaPackages.mkDriver {
-        version = "590.48.01";
-        sha256_64bit = "sha256-ueL4BpN4FDHMh/TNKRCeEz3Oy1ClDWto1LO/LWlr1ok=";
-        openSha256 = "sha256-hECHfguzwduEfPo5pCDjWE/MjtRDhINVr4b1awFdP44=";
-        settingsSha256 = "sha256-4SfCWp3swUp+x+4cuIZ7SA5H7/NoizqgPJ6S9fm90fA=";
-        persistencedSha256 = "sha256-wsNeuw7IaY6Qc/i/AzT/4N82lPjkwfrhxidKWUtcwW8=";
-      };
-
-      cachyosPatch = pkgs.fetchpatch {
-        url = "https://raw.githubusercontent.com/CachyOS/CachyOS-PKGBUILDS/master/nvidia/nvidia-utils/kernel-6.19.patch";
-        sha256 = "sha256-YuJjSUXE6jYSuZySYGnWSNG5sfVei7vvxDcHx3K+IN4=";
-      };
-    in
-      base
-      // {
-        open = base.open.overrideAttrs (old: {
-          patches = (old.patches or []) ++ [cachyosPatch];
-        });
-      };
  };

+  hardware.nvidia-container-toolkit.enable = true;
+
  hardware.graphics = {
    enable = true;
    enable32Bit = true;
@ -50,6 +31,14 @@
    ];
  };

+  environment.variables = {
+    __GLX_VENDOR_LIBRARY_NAME = "nvidia";
+    GBM_BACKEND = "nvidia-drm";
+    LIBVA_DRIVER_NAME = "nvidia";
+    CUDA_HOME = "${pkgs.cudaPackages.cudatoolkit}";
+    CPATH = "${pkgs.cudaPackages.cudatoolkit}/include";
+  };
+
  environment.systemPackages = with pkgs; [
    mesa-demos
    vulkan-tools
--- a/hosts/modules/python.nix
+++ b/hosts/modules/python.nix
@ -1,6 +1,6 @@
 {pkgs, ...}: {
  environment.systemPackages = with pkgs; [
-    (python312.withPackages (ps:
+    (python313.withPackages (ps:
      with ps; [
        requests
        ipython
--- a/hosts/modules/rust.nix
+++ b/hosts/modules/rust.nix
@ -1,11 +1,9 @@
-{pkgs, ...}: let
-  rustToolchain = pkgs.symlinkJoin {
-    name = "rust-toolchain";
-    paths = with pkgs; [rustc cargo rustfmt clippy];
-  };
-in {
+{pkgs, ...}: {
  environment.systemPackages = with pkgs; [
-    rustToolchain
+    rustc
+    cargo
+    rustfmt
+    clippy
    rust-analyzer
    cargo-edit
    cargo-watch
--- a/hosts/modules/sops.nix
+++ b/hosts/modules/sops.nix
@ -0,0 +1,40 @@
+{
+  inputs,
+  config,
+  lib,
+  ...
+}: let
+  apiKeys = [
+    "api/openai"
+    "api/deepseek"
+    "api/anthropic"
+    "api/openrouter"
+    "api/xai"
+    "api/perplexity"
+    "api/replicate"
+    "api/brave"
+    "api/firecrawl"
+    "api/deepl"
+    "api/gelbooru_id"
+    "api/gelbooru_api"
+    "api/fireworks"
+    "cachix/token"
+  ];
+in {
+  imports = [inputs.sops-nix.nixosModules.sops];
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+
+    secrets =
+      lib.genAttrs apiKeys (_: {owner = "cobray";})
+      // {
+        "cachix/token" = {};
+        "git/credentials" = {
+          owner = "cobray";
+          mode = "0600";
+        };
+      };
+  };
+}
--- a/hosts/modules/ssh.nix
+++ b/hosts/modules/ssh.nix
@ -0,0 +1,10 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    sshfs
+  ];
+  services.openssh.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+}
--- a/hosts/modules/steam.nix
+++ b/hosts/modules/steam.nix
@ -40,12 +40,10 @@
  };
  environment.systemPackages = with pkgs; [
    lutris
-    wine-tkg
    winetricks
    mangohud
    libstrangle
    gamescope-wsi
-    ipc-bridge
    umu-launcher
  ];
 }
--- a/hosts/modules/user.nix
+++ b/hosts/modules/user.nix
@ -15,8 +15,6 @@
    enable = true;
    wheelNeedsPassword = true;
    extraConfig = ''
-      ${config.theme.user} ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/pixos-rebuild
-      ${config.theme.user} ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/pix-collect-garbage
      ${config.theme.user} ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/nix-env
    '';
  };
--- a/hosts/system-packages.nix
+++ b/hosts/system-packages.nix
@ -22,11 +22,10 @@
    ./modules/python.nix
    ./modules/npm.nix
    ./modules/tailscale.nix
-    ./modules/ld.nix
    ./modules/ollama.nix
    ./modules/cups.nix
    ./modules/rust.nix
-    ./modules/core.nix
+    ./modules/misc.nix
    ./modules/libs.nix
    ./modules/rgb.nix
    ./modules/hyprland.nix
@ -38,16 +37,7 @@
    ./modules/go.nix
    ./modules/flatpak.nix
    ./modules/aagl.nix
-    inputs.nix-gaming.nixosModules.pipewireLowLatency
+    ./modules/ssh.nix
+    ./modules/sops.nix
  ];
-  npm.enable = true;
-  services.udisks2.enable = true;
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  programs.mtr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
 }