summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorandromeda <andromeda@lenovo>2026-05-01 13:37:31 +0200
committerandromeda <andromeda@lenovo>2026-05-01 13:37:31 +0200
commita98b53de9991167471e840ae3c18798c8d9fc1b7 (patch)
treea171feae252b59d277e3c2790d8f1224da315ea0
new conf
Diffstat
-rw-r--r--README.md1
-rw-r--r--files/.bash_profile7
-rw-r--r--files/.bashrc49
-rw-r--r--files/.config/alacritty/alacritty.toml43
-rw-r--r--files/.config/btop/btop.conf254
-rw-r--r--files/.config/guix/channels.scm11
-rw-r--r--files/.gitconfig5
-rw-r--r--guix/home-configuration.scm40
-rw-r--r--nix/configuration.nix245
-rw-r--r--nix/home.nix220
-rw-r--r--nix/home/sway_config79
-rw-r--r--nix/npins/default.nix249
-rw-r--r--nix/npins/sources.json131
-rw-r--r--nix/patches/change-default-search-engine.patch22
-rw-r--r--nix/pub-keys.nix10
-rw-r--r--nix/secrets.nix10
-rw-r--r--nix/secrets/andromeda-pw.age7
-rw-r--r--nix/secrets/secrets.nix9
18 files changed, 1392 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e1156e5
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+this is my personal configuration. Dotfiles are in `files/`, Guix configuration in `guix/`, and Nix configuration in `nix/`. Just run `nixos-rebuild switch -I nix/configuration.nix`, copy `files/.config/guix/channels.scm` to `~/.config/guix/channels.scm` if it's a new system, then run `guix pull` and `guix home reconfigure guix/home-configuration.scm`
diff --git a/files/.bash_profile b/files/.bash_profile
new file mode 100644
index 0000000..3e60711
--- /dev/null
+++ b/files/.bash_profile
@@ -0,0 +1,7 @@
+# Set up the system, user profile, and related variables.
+# /etc/profile will be sourced by bash automatically
+# Set up the home environment profile.
+if [ -f ~/.profile ]; then source ~/.profile; fi
+
+# Honor per-interactive-shell startup file
+if [ -f ~/.bashrc ]; then source ~/.bashrc; fi
diff --git a/files/.bashrc b/files/.bashrc
new file mode 100644
index 0000000..08e016f
--- /dev/null
+++ b/files/.bashrc
@@ -0,0 +1,49 @@
+# Bash-specific initialization, including for non-login and remote
+# shells (info "(bash) Bash Startup Files").
+
+# Provide a default prompt.
+PS1='\u@\h \w${GUIX_ENVIRONMENT:+ [env]}\$ '
+
+# Export 'SHELL' to child processes. Programs such as 'screen'
+# honor it and otherwise use /bin/sh.
+export SHELL
+
+if [[ $- != *i* ]]
+then
+ # We are being invoked from a non-interactive shell. If this
+ # is an SSH session (as in "ssh host command"), source
+ # /etc/profile so we get PATH and other essential variables.
+ [[ -n "$SSH_CLIENT" ]] && source /etc/profile
+
+ # Don't do anything else, returning a successful return code.
+ return 0
+fi
+
+for i in /etc/bashrc.d/*.sh; do
+ [[ -r $i ]] && source "$i"
+done
+unset i
+
+alias cd="z"
+alias gg="git log --oneline --abbrev-commit --all --graph --decorate --color"
+alias l="lsd -la"
+alias ll="lsd -l"
+alias ls="lsd"
+alias neofetch="fastfetch"
+
+shopt -s histappend
+shopt -s extglob
+shopt -s globstar
+shopt -s checkjobs
+
+GPG_TTY="$(tty)"
+export GPG_TTY
+
+HISTFILESIZE=100000
+HISTSIZE=10000
+PS1="\u@\h:\w$"
+GUIX_PROFILE="/home/andromeda/.config/guix/current"
+. "$GUIX_PROFILE/etc/profile"
+unset GUIX_PROFILE
+
+eval "$(zoxide init bash)"
diff --git a/files/.config/alacritty/alacritty.toml b/files/.config/alacritty/alacritty.toml
new file mode 100644
index 0000000..9365fc8
--- /dev/null
+++ b/files/.config/alacritty/alacritty.toml
@@ -0,0 +1,43 @@
+[colors]
+[colors.bright]
+black = '#5a524c'
+blue = '#7daea3'
+cyan = '#89b482'
+green = '#a9b665'
+magenta = '#d3869b'
+red = '#ea6962'
+white = '#fbf1c7'
+yellow = '#d8a657'
+
+[colors.cursor]
+cursor = '#ddc7a1'
+text = '#202020'
+
+[colors.normal]
+black = '#202020'
+blue = '#7daea3'
+cyan = '#89b482'
+green = '#a9b665'
+magenta = '#d3869b'
+red = '#ea6962'
+white = '#ddc7a1'
+yellow = '#d8a657'
+
+[colors.primary]
+background = '#202020'
+bright_foreground = '#fbf1c7'
+foreground = '#ddc7a1'
+
+[colors.selection]
+background = '#504945'
+text = '#ddc7a1'
+
+[font]
+size = 10
+
+[font.normal]
+family = 'Miracode'
+style = 'Regular'
+
+[window]
+opacity = 1.0
diff --git a/files/.config/btop/btop.conf b/files/.config/btop/btop.conf
new file mode 100644
index 0000000..541bf06
--- /dev/null
+++ b/files/.config/btop/btop.conf
@@ -0,0 +1,254 @@
+#? Config file for btop v. 1.4.4
+
+#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
+#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
+color_theme = "Default"
+
+#* If the theme set background should be shown, set to False if you want terminal background transparency.
+theme_background = False
+
+#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
+truecolor = True
+
+#* Set to true to force tty mode regardless if a real tty has been detected or not.
+#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
+force_tty = False
+
+#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
+#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
+#* Use whitespace " " as separator between different presets.
+#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
+presets = "cpu:1:default,proc:0:default cpu:0:default,mem:0:default,net:0:default cpu:0:block,net:0:tty"
+
+#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
+#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
+vim_keys = False
+
+#* Rounded corners on boxes, is ignored if TTY mode is ON.
+rounded_corners = False
+
+#* Default symbols to use for graph creation, "braille", "block" or "tty".
+#* "braille" offers the highest resolution but might not be included in all fonts.
+#* "block" has half the resolution of braille but uses more common characters.
+#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
+#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
+graph_symbol = "braille"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_cpu = "default"
+
+# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
+graph_symbol_gpu = "default"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_mem = "default"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_net = "default"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_proc = "default"
+
+#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
+shown_boxes = "cpu mem net proc"
+
+#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
+update_ms = 150
+
+#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
+#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
+proc_sorting = "memory"
+
+#* Reverse sorting order, True or False.
+proc_reversed = False
+
+#* Show processes as a tree.
+proc_tree = False
+
+#* Use the cpu graph colors in the process list.
+proc_colors = True
+
+#* Use a darkening gradient in the process list.
+proc_gradient = False
+
+#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
+proc_per_core = False
+
+#* Show process memory as bytes instead of percent.
+proc_mem_bytes = True
+
+#* Show cpu graph for each process.
+proc_cpu_graphs = True
+
+#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
+proc_info_smaps = False
+
+#* Show proc box on left side of screen instead of right.
+proc_left = True
+
+#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
+proc_filter_kernel = False
+
+#* In tree-view, always accumulate child process resources in the parent process.
+proc_aggregate = False
+
+#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
+#* Select from a list of detected attributes from the options menu.
+cpu_graph_upper = "Auto"
+
+#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
+#* Select from a list of detected attributes from the options menu.
+cpu_graph_lower = "Auto"
+
+#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
+show_gpu_info = "Auto"
+
+#* Toggles if the lower CPU graph should be inverted.
+cpu_invert_lower = True
+
+#* Set to True to completely disable the lower CPU graph.
+cpu_single_graph = True
+
+#* Show cpu box at bottom of screen instead of top.
+cpu_bottom = True
+
+#* Shows the system uptime in the CPU box.
+show_uptime = True
+
+#* Show cpu temperature.
+check_temp = True
+
+#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
+cpu_sensor = "Auto"
+
+#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
+show_coretemp = True
+
+#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
+#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
+#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
+#* Example: "4:0 5:1 6:3"
+cpu_core_map = ""
+
+#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
+temp_scale = "celsius"
+
+#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
+base_10_sizes = False
+
+#* Show CPU frequency.
+show_cpu_freq = True
+
+#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
+#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
+clock_format = "/user@/host:/uptime@%H:%M"
+
+#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
+background_update = True
+
+#* Custom cpu model name, empty string to disable.
+custom_cpu_name = ""
+
+#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
+#* Only disks matching the filter will be shown. Prepend exclude= to only show disks not matching the filter. Examples: disk_filter="/boot /home/user", disks_filter="exclude=/boot /home/user"
+disks_filter = ""
+
+#* Show graphs instead of meters for memory values.
+mem_graphs = False
+
+#* Show mem box below net box instead of above.
+mem_below_net = True
+
+#* Count ZFS ARC in cached and available memory.
+zfs_arc_cached = True
+
+#* If swap memory should be shown in memory box.
+show_swap = True
+
+#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
+swap_disk = True
+
+#* If mem box should be split to also show disks info.
+show_disks = True
+
+#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
+only_physical = True
+
+#* Read disks list from /etc/fstab. This also disables only_physical.
+use_fstab = True
+
+#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
+zfs_hide_datasets = False
+
+#* Set to true to show available disk space for privileged users.
+disk_free_priv = False
+
+#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
+show_io_stat = True
+
+#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
+io_mode = False
+
+#* Set to True to show combined read/write io graphs in io mode.
+io_graph_combined = False
+
+#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
+#* Example: "/mnt/media:100 /:20 /boot:1".
+io_graph_speeds = ""
+
+#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
+net_download = 100
+
+net_upload = 100
+
+#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
+net_auto = True
+
+#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
+net_sync = True
+
+#* Starts with the Network Interface specified here.
+net_iface = ""
+
+#* "True" shows bitrates in base 10 (Kbps, Mbps). "False" shows bitrates in binary sizes (Kibps, Mibps, etc.). "Auto" uses base_10_sizes.
+base_10_bitrate = "Auto"
+
+#* Show battery stats in top right if battery is present.
+show_battery = True
+
+#* Which battery to use if multiple are present. "Auto" for auto detection.
+selected_battery = "Auto"
+
+#* Show power stats of battery next to charge indicator.
+show_battery_watts = True
+
+#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
+#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
+log_level = "WARNING"
+
+#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
+nvml_measure_pcie_speeds = True
+
+#* Measure PCIe throughput on AMD cards, may impact performance on certain cards.
+rsmi_measure_pcie_speeds = True
+
+#* Horizontally mirror the GPU graph.
+gpu_mirror_graph = True
+
+#* Custom gpu0 model name, empty string to disable.
+custom_gpu_name0 = ""
+
+#* Custom gpu1 model name, empty string to disable.
+custom_gpu_name1 = ""
+
+#* Custom gpu2 model name, empty string to disable.
+custom_gpu_name2 = ""
+
+#* Custom gpu3 model name, empty string to disable.
+custom_gpu_name3 = ""
+
+#* Custom gpu4 model name, empty string to disable.
+custom_gpu_name4 = ""
+
+#* Custom gpu5 model name, empty string to disable.
+custom_gpu_name5 = ""
diff --git a/files/.config/guix/channels.scm b/files/.config/guix/channels.scm
new file mode 100644
index 0000000..ef46dcb
--- /dev/null
+++ b/files/.config/guix/channels.scm
@@ -0,0 +1,11 @@
+(list (channel
+ (name 'guix)
+ (url "https://git.guix.gnu.org/guix.git")
+ (branch "master")
+ (commit
+ "3afea42347535c72d985c8d69e06d6d1a0720b22")
+ (introduction
+ (make-channel-introduction
+ "3afea42347535c72d985c8d69e06d6d1a0720b22"
+ (openpgp-fingerprint
+ "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA")))))
diff --git a/files/.gitconfig b/files/.gitconfig
new file mode 100644
index 0000000..d602b38
--- /dev/null
+++ b/files/.gitconfig
@@ -0,0 +1,5 @@
+[user]
+ name = andromeda
+ email = andromeda@lenovo
+[init]
+ defaultBranch = master
diff --git a/guix/home-configuration.scm b/guix/home-configuration.scm
new file mode 100644
index 0000000..f2c0c9b
--- /dev/null
+++ b/guix/home-configuration.scm
@@ -0,0 +1,40 @@
+(use-modules (gnu home)
+ (gnu packages)
+ (gnu services)
+ (guix gexp)
+ (gnu home services dotfiles)
+ (gnu home services shells))
+
+(home-environment
+ (packages
+ (map specification->package
+ (list "acpi"
+ "alacritty"
+ "brightnessctl"
+ "btop"
+ "du-dust"
+ "emacs-no-x"
+ "fzf"
+ "fastfetch"
+ "gdb"
+ "git"
+ "grim"
+ "hello"
+ "jmtpfs"
+ "lsd"
+ "nasm"
+ "pciutils"
+ "ranger"
+ "ripgrep"
+ "slurp"
+ "tokei"
+ "tree"
+ "usbutils"
+ "wget"
+ "xxd"
+ "zoxide")))
+ (services
+ (append (list (service home-dotfiles-service-type
+ (home-dotfiles-configuration
+ (directories '("../files")))))
+ %base-home-services)))
diff --git a/nix/configuration.nix b/nix/configuration.nix
new file mode 100644
index 0000000..ec160fc
--- /dev/null
+++ b/nix/configuration.nix
@@ -0,0 +1,245 @@
+{config, ...}: let
+ sources = import ./npins;
+ pkgs = import sources.nixpkgs {};
+in {
+ boot = {
+ initrd = {
+ availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
+ systemd = {
+ services.impermanent-btrfs = {
+ description = "saves old root and makes new one";
+ unitConfig.DefaultDependencies = false;
+ serviceConfig = {
+ Type = "oneshot";
+ StandardOutput = "journal+console";
+ StandardError = "journal+console";
+ };
+ requiredBy = [
+ "initrd.target"
+ ];
+ before = [
+ "sysroot.mount"
+ ];
+ requires = [
+ "initrd-root-device.target"
+ ];
+ after = [
+ "initrd-root-device.target"
+ "local-fs-pre.target"
+ ];
+ script = ''
+ mkdir /btrfs_tmp
+ mount ${config.fileSystems."/".device} /btrfs_tmp
+ if [[ -e /btrfs_tmp/root ]]; then
+ mkdir -p /btrfs_tmp/old_roots
+ timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
+ mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+ fi
+
+ delete_subvolume_recursively() {
+ IFS=$'\n'
+ for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+ delete_subvolume_recursively "/btrfs_tmp/$i"
+ done
+ btrfs subvolume delete "$1"
+ }
+
+ for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+ delete_subvolume_recursively "$i"
+ done
+
+ btrfs subvolume create /btrfs_tmp/root
+ mkdir /btrfs_tmp/root/persist
+ mkdir /btrfs_tmp/root/etc
+ mount ${config.fileSystems."/persist".device} /btrfs_tmp/root/persist -o subvol=persist
+ cp /btrfs_tmp/root/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r
+ umount /btrfs_tmp/root/persist
+ rm -r /btrfs_tmp/root/persist
+ umount /btrfs_tmp
+ '';
+ };
+ extraBin = {
+ "mkdir" = "${pkgs.coreutils}/bin/mkdir";
+ "date" = "${pkgs.coreutils}/bin/date";
+ "stat" = "${pkgs.coreutils}/bin/stat";
+ "mv" = "${pkgs.coreutils}/bin/mv";
+ "cp" = "${pkgs.coreutils}/bin/cp";
+ "rm" = "${pkgs.coreutils}/bin/rm";
+ "btrfs" = "${pkgs.btrfs-progs}/bin/btrfs";
+ };
+ };
+ };
+ kernelPackages = pkgs.linuxPackages_latest;
+ kernelModules = ["kvm-intel"];
+ loader = {
+ efi.canTouchEfiVariables = true;
+ grub = {
+ device = "nodev";
+ efiSupport = true;
+ enable = true;
+ extraEntries = ''
+ menuentry "Guix" {
+ search --set=drive1 --fs-uuid F425-55BA
+ chainloader ($drive1)//EFI/Guix/grubx64.efi
+ }
+ '';
+ };
+ };
+ tmp.cleanOnBoot = true;
+ };
+ documentation = {
+ dev.enable = true;
+ nixos.includeAllModules = true;
+ };
+ environment.persistence."/persist" = {
+ directories = [
+ "/etc/ly/custom-sessions"
+ "/etc/NetworkManager/system-connections"
+ "/etc/ssh"
+ "/gnu"
+ "/var/guix"
+ "/var/log"
+ "/var/lib/bluetooth"
+ "/var/lib/nixos"
+ "/var/lib/systemd/coredump"
+ ];
+ enable = true;
+ files = [
+ "/etc/ly/save.txt"
+ "/etc/machine-id"
+ ];
+ hideMounts = true;
+ users.andromeda = {
+ directories = [
+ ".backups"
+ ".cache/guix"
+ ".config/guix"
+ ".gnupg"
+ ".local/share/AAAAXY"
+ ".local/share/Anki2"
+ ".local/share/chat.fluffy.fluffychat"
+ ".local/share/Mindustry"
+ ".local/share/zoxide"
+ ".ssh"
+ "conf"
+ "conf_v1"
+ "Downloads"
+ "pp"
+ ];
+ files = [".bash_history"];
+ };
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7";
+ fsType = "btrfs";
+ options = ["subvol=root"];
+ };
+ "/boot" = {
+ device = "/dev/disk/by-uuid/F425-55BA";
+ fsType = "vfat";
+ options = ["fmask=0022" "dmask=0022"];
+ };
+ "/nix" = {
+ device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6";
+ fsType = "btrfs";
+ };
+ "/persist" = {
+ device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7";
+ fsType = "btrfs";
+ neededForBoot = true;
+ options = ["subvol=persist"];
+ };
+ };
+ hardware = {
+ bluetooth = {
+ enable = true;
+ powerOnBoot = false;
+ };
+ cpu.intel.updateMicrocode = true;
+ enableRedistributableFirmware = true;
+ };
+ home-manager = {
+ backupFileExtension = "bak";
+ useGlobalPkgs = true;
+ users.andromeda = import ./home.nix;
+ };
+ i18n.defaultLocale = "de_DE.UTF-8";
+ imports = [
+ "${sources.Phoenix {inherit pkgs;}}/nix/module.nix"
+ "${sources.agenix {inherit pkgs;}}/modules/age.nix"
+ "${sources.impermanence {inherit pkgs;}}/nixos.nix"
+ "${sources.home-manager {inherit pkgs;}}/nixos"
+ ./secrets.nix
+ ];
+ networking = {
+ domain = "nixos";
+ hostName = "nixos";
+ firewall.enable = true;
+ networkmanager.enable = true;
+ };
+ nixpkgs = {
+ config.allowUnfree = false;
+ flake.source = sources.nixpkgs;
+ hostPlatform = "x86_64-linux";
+ overlays = [
+ (
+ final: prev: {
+ phoenix = (final.callPackage "${sources.Phoenix {inherit pkgs;}}/nix/package.nix" {}).overrideAttrs {
+ patches = [./patches/change-default-search-engine.patch]; # default search to ddg html
+ };
+
+ withPhoenix = firefoxPackage:
+ firefoxPackage.override {
+ extraPoliciesFiles = ["${final.phoenix}/policies.json"];
+ extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
+ };
+ }
+ )
+ ];
+ };
+ nix = {
+ settings = {
+ experimental-features = ["nix-command" "flakes"];
+ substituters = ["https://cache.dataaturservice.se/spectrum/"];
+ trusted-public-keys = [
+ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+ "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
+ ];
+ trusted-users = ["@wheel"];
+ };
+ channel.enable = false;
+ };
+ programs.sway.enable = true;
+ services = {
+ blueman.enable = true;
+ displayManager = {
+ enable = true;
+ ly.enable = true;
+ };
+ guix.enable = true;
+ libinput.enable = true;
+ openssh.enable = true;
+ printing.enable = true;
+ };
+ system.stateVersion = "26.05";
+ time.timeZone = "Europe/Berlin";
+ users = {
+ mutableUsers = false;
+ users.andromeda = {
+ isNormalUser = true;
+ hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path;
+ extraGroups = [
+ "networkmanager"
+ "wheel"
+ "dialout"
+ ];
+ };
+ };
+ zramSwap = {
+ enable = true;
+ priority = 100;
+ algorithm = "zstd";
+ memoryPercent = 35;
+ };
+}
diff --git a/nix/home.nix b/nix/home.nix
new file mode 100644
index 0000000..e842e34
--- /dev/null
+++ b/nix/home.nix
@@ -0,0 +1,220 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ sources = import ./npins;
+ background-path = ".config/sway/background.png";
+ sway_config =
+ pkgs.substitute
+ {
+ src = ./home/sway_config;
+ substitutions = [
+ "--replace"
+ "@backgroundImagePath@"
+ "${config.home.homeDirectory}/${background-path}"
+ ];
+ };
+in {
+ home = {
+ file = {
+ ${background-path}.source = config.stylix.image;
+ ".profile".enable = false;
+ };
+ homeDirectory = "/home/${config.home.username}";
+ packages = [
+ pkgs.aaaaxy
+ #pkgs.acpi
+ (pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" {})
+ #pkgs.alacritty
+ pkgs.anki
+ #(import "${sources.anki-cli}/package.nix")
+ #pkgs.c3term
+ #pkgs.brightnessctl
+ #pkgs.dust
+ pkgs.fluffychat
+ #pkgs.fzf
+ #pkgs.gdb
+ pkgs.glow
+ #pkgs.grim
+ #pkgs.hexdump
+ pkgs.http-server
+ #pkgs.jmtpfs
+ pkgs.mindustry-wayland
+ #pkgs.nasm
+ pkgs.nix-output-monitor
+ pkgs.npins
+ #pkgs.pciutils
+ #pkgs.ranger
+ pkgs.rip2
+ #pkgs.ripgrep
+ #pkgs.slurp
+ #pkgs.tokei
+ #pkgs.tree
+ #pkgs.usbutils
+ #pkgs.wget
+ #pkgs.xxd
+ ];
+ stateVersion = "26.05";
+ username = "andromeda";
+ };
+ imports = [
+ (import sources.nvf).homeManagerModules.nvf
+ (import sources.stylix).homeModules.stylix
+ ];
+ programs = {
+ firefox = {
+ enable = true;
+ package = pkgs.firefox.override {
+ cfg.enableTridactylNative = true;
+ };
+ profiles.default = {
+ extensions = {
+ force = true;
+ packages = [(import sources.NUR {inherit pkgs;}).repos.rycee.firefox-addons.tridactyl];
+ };
+ settings = {
+ "extensions.autoDisableScopes" = 0;
+ "intl.accepted_languages" = "de_DE";
+ };
+ };
+ };
+ gh.enable = true;
+ gpg.enable = true;
+ home-manager.enable = true;
+ nvf = {
+ enable = true;
+ settings.vim = {
+ startPlugins = [pkgs.vimPlugins.parinfer-rust];
+ autocomplete.nvim-cmp.enable = false;
+ formatter.conform-nvim = {
+ enable = true;
+ setupOpts.format_on_save = {
+ lsp_format = "fallback";
+ timeout_ms = 5000;
+ };
+ };
+ lsp.otter-nvim.enable = true;
+ git.enable = true;
+ keymaps = [
+ {
+ key = "<Down>";
+ mode = ["i" "n" "v" "c"];
+ action = "<NOP>";
+ }
+ {
+ key = "<Up>";
+ mode = ["i" "n" "v" "c"];
+ action = "<NOP>";
+ }
+ {
+ key = "<Left>";
+ mode = ["i" "n" "v" "c"];
+ action = "<NOP>";
+ }
+ {
+ key = "<Right>";
+ mode = ["i" "n" "v" "c"];
+ action = "<NOP>";
+ }
+ {
+ key = "jj";
+ mode = ["i"];
+ action = "<Esc>";
+ }
+ {
+ key = "kk";
+ mode = ["i"];
+ action = "<Esc>";
+ }
+ {
+ key = "jk";
+ mode = ["i"];
+ action = "<Esc>";
+ }
+ {
+ key = "kj";
+ mode = ["i"];
+ action = "<Esc>";
+ }
+ {
+ key = "<Esc>";
+ mode = ["i"];
+ action = "<Nop>";
+ }
+ ];
+ languages = {
+ nix = {
+ enable = true;
+ format.enable = true;
+ lsp.enable = true;
+ };
+ haskell = {
+ enable = true;
+ lsp.enable = true;
+ };
+ rust = {
+ enable = true;
+ format.enable = true;
+ lsp.enable = true;
+ treesitter.enable = true;
+ };
+ };
+ lineNumberMode = "relative";
+ options = {
+ tabstop = 2;
+ shiftwidth = 2;
+ expandtab = true;
+ smarttab = true;
+ foldmethod = "indent";
+ number = true;
+ colorcolumn = "80";
+ };
+ statusline.lualine.enable = true;
+ syntaxHighlighting = true;
+ };
+ };
+ ssh.enable = true;
+ };
+ services.gpg-agent = {
+ enable = true;
+ pinentry.package = pkgs.pinentry-curses;
+ };
+ stylix = {
+ base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-hard.yaml";
+ enable = true;
+ fonts = {
+ emoji = {
+ name = "Noto Color Emoji";
+ package = pkgs.noto-fonts-color-emoji;
+ };
+ monospace = {
+ name = "Miracode";
+ package = pkgs.miracode;
+ };
+ serif = config.stylix.fonts.sansSerif;
+ sizes = {
+ applications = 10;
+ terminal = 10;
+ };
+ };
+ image = "${pkgs.nixos-artwork.wallpapers.gear}/share/backgrounds/nixos/nix-wallpaper-gear.png";
+ polarity = "dark";
+ cursor = {
+ name = "Hackneyed";
+ package = pkgs.hackneyed;
+ size = 16;
+ };
+ };
+ wayland.windowManager.sway.enable = true;
+ xdg = {
+ configFile = {
+ "sway/config".source = lib.mkForce sway_config;
+ };
+ portal = {
+ enable = true;
+ extraPortals = [pkgs.xdg-desktop-portal-shana];
+ };
+ };
+}
diff --git a/nix/home/sway_config b/nix/home/sway_config
new file mode 100644
index 0000000..af46e4e
--- /dev/null
+++ b/nix/home/sway_config
@@ -0,0 +1,79 @@
+set $mod Mod4
+set $left h
+set $down j
+set $up k
+set $right l
+set $term alacritty
+set $menu wmenu-run
+set $screenshot grim -g "$(slurp)"
+floating_modifier $mod normal
+
+workspace_layout stacking
+output * bg @backgroundImagePath@ fill
+
+bindsym $mod+Shift+Return exec $term
+bindsym $mod+Shift+d exec $menu
+bindsym $mod+Shift+a exec anki
+bindsym $mod+Shift+q exec firefox
+bindsym $mod+Shift+s exec $screenshot
+
+bindsym $mod+Shift+c kill
+
+bindsym $mod+Shift+r reload
+
+bindsym $mod+Shift+Alt+q exit
+
+bindsym $mod+$left focus left
+bindsym $mod+$down focus down
+bindsym $mod+$up focus up
+bindsym $mod+$right focus right
+
+bindsym $mod+Shift+$left move left
+bindsym $mod+Shift+$down move down
+bindsym $mod+Shift+$up move up
+bindsym $mod+Shift+$right move right
+
+bindsym $mod+1 workspace number 1
+bindsym $mod+2 workspace number 2
+bindsym $mod+3 workspace number 3
+bindsym $mod+4 workspace number 4
+bindsym $mod+5 workspace number 5
+bindsym $mod+6 workspace number 6
+bindsym $mod+7 workspace number 7
+bindsym $mod+8 workspace number 8
+bindsym $mod+9 workspace number 9
+bindsym $mod+0 workspace number 0
+
+bindsym $mod+Shift+1 move container to workspace number 1
+bindsym $mod+Shift+2 move container to workspace number 2
+bindsym $mod+Shift+3 move container to workspace number 3
+bindsym $mod+Shift+4 move container to workspace number 4
+bindsym $mod+Shift+5 move container to workspace number 5
+bindsym $mod+Shift+6 move container to workspace number 6
+bindsym $mod+Shift+7 move container to workspace number 7
+bindsym $mod+Shift+8 move container to workspace number 8
+bindsym $mod+Shift+9 move container to workspace number 9
+bindsym $mod+Shift+0 move container to workspace number 0
+
+seat * hide_cursor 100
+input type:touchpad events disabled
+
+bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
+bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
+
+bindsym $mod+f fullscreen
+bindsym $mod+Shift+space floating toggle
+bindsym $mod+Shift+minus move scratchpad
+bindsym $mod+minus scratchpad show
+
+bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
+bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
+bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
+bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
+bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
+bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+
+
+default_border none
+font pango:monospace 0.001
+titlebar_border_thickness 0
+titlebar_padding 0
diff --git a/nix/npins/default.nix b/nix/npins/default.nix
new file mode 100644
index 0000000..884fc8c
--- /dev/null
+++ b/nix/npins/default.nix
@@ -0,0 +1,249 @@
+/*
+ This file is provided under the MIT licence:
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+ # Backwards-compatibly make something that previously didn't take any arguments take some
+ # The function must return an attrset, and will unfortunately be eagerly evaluated
+ # Same thing, but it catches eval errors on the default argument so that one may still call it with other arguments
+ mkFunctor =
+ fn:
+ let
+ e = builtins.tryEval (fn { });
+ in
+ (if e.success then e.value else { error = fn { }; }) // { __functor = _self: fn; };
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+ range =
+ first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+ stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+ stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+ concatStrings = builtins.concatStringsSep "";
+
+ # If the environment variable NPINS_OVERRIDE_${name} is set, then use
+ # the path directly as opposed to the fetched source.
+ # (Taken from Niv for compatibility)
+ mayOverride =
+ name: path:
+ let
+ envVarName = "NPINS_OVERRIDE_${saneName}";
+ saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
+ ersatz = builtins.getEnv envVarName;
+ in
+ if ersatz == "" then
+ path
+ else
+ # this turns the string into an actual Nix path (for both absolute and
+ # relative paths)
+ builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" (
+ if builtins.substring 0 1 ersatz == "/" then
+ /. + ersatz
+ else
+ /. + builtins.getEnv "PWD" + "/${ersatz}"
+ );
+
+ mkSource =
+ name: spec:
+ {
+ pkgs ? null,
+ }:
+ assert spec ? type;
+ let
+ # Unify across builtin and pkgs fetchers.
+ # `fetchGit` requires a wrapper because of slight API differences.
+ fetchers =
+ if pkgs == null then
+ {
+ inherit (builtins) fetchTarball fetchurl;
+ # For some fucking reason, fetchGit has a different signature than the other builtin fetchers …
+ fetchGit = args: (builtins.fetchGit args).outPath;
+ }
+ else
+ {
+ fetchTarball =
+ {
+ url,
+ sha256,
+ }:
+ pkgs.fetchzip {
+ inherit url sha256;
+ extension = "tar";
+ };
+ inherit (pkgs) fetchurl;
+ fetchGit =
+ {
+ url,
+ submodules,
+ rev,
+ name,
+ narHash,
+ }:
+ pkgs.fetchgit {
+ inherit url rev name;
+ fetchSubmodules = submodules;
+ hash = narHash;
+ };
+ };
+
+ # Dispatch to the correct code path based on the type
+ path =
+ if spec.type == "Git" then
+ mkGitSource fetchers spec
+ else if spec.type == "GitRelease" then
+ mkGitSource fetchers spec
+ else if spec.type == "PyPi" then
+ mkPyPiSource fetchers spec
+ else if spec.type == "Channel" then
+ mkChannelSource fetchers spec
+ else if spec.type == "Tarball" then
+ mkTarballSource fetchers spec
+ else if spec.type == "Container" then
+ mkContainerSource pkgs spec
+ else
+ builtins.throw "Unknown source type ${spec.type}";
+ in
+ spec // { outPath = mayOverride name path; };
+
+ mkGitSource =
+ {
+ fetchTarball,
+ fetchGit,
+ ...
+ }:
+ {
+ repository,
+ revision,
+ url ? null,
+ submodules,
+ hash,
+ ...
+ }:
+ assert repository ? type;
+ # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+ # In the latter case, there we will always be an url to the tarball
+ if url != null && !submodules then
+ fetchTarball {
+ inherit url;
+ sha256 = hash;
+ }
+ else
+ let
+ url =
+ if repository.type == "Git" then
+ repository.url
+ else if repository.type == "GitHub" then
+ "https://github.com/${repository.owner}/${repository.repo}.git"
+ else if repository.type == "GitLab" then
+ "${repository.server}/${repository.repo_path}.git"
+ else if repository.type == "Forgejo" then
+ "${repository.server}/${repository.owner}/${repository.repo}.git"
+ else
+ throw "Unrecognized repository type ${repository.type}";
+ urlToName =
+ url: rev:
+ let
+ matched = builtins.match "^.*/([^/]*)(\\.git)?$" url;
+
+ short = builtins.substring 0 7 rev;
+
+ appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+ in
+ "${if matched == null then "source" else builtins.head matched}${appendShort}";
+ name = urlToName url revision;
+ in
+ fetchGit {
+ rev = revision;
+ narHash = hash;
+
+ inherit name submodules url;
+ };
+
+ mkPyPiSource =
+ { fetchurl, ... }:
+ {
+ url,
+ hash,
+ ...
+ }:
+ fetchurl {
+ inherit url;
+ sha256 = hash;
+ };
+
+ mkChannelSource =
+ { fetchTarball, ... }:
+ {
+ url,
+ hash,
+ ...
+ }:
+ fetchTarball {
+ inherit url;
+ sha256 = hash;
+ };
+
+ mkTarballSource =
+ { fetchTarball, ... }:
+ {
+ url,
+ locked_url ? url,
+ hash,
+ ...
+ }:
+ fetchTarball {
+ url = locked_url;
+ sha256 = hash;
+ };
+
+ mkContainerSource =
+ pkgs:
+ {
+ image_name,
+ image_tag,
+ image_digest,
+ ...
+ }:
+ if pkgs == null then
+ builtins.throw "container sources require passing in a Nixpkgs value: https://github.com/andir/npins/blob/master/README.md#using-the-nixpkgs-fetchers"
+ else
+ pkgs.dockerTools.pullImage {
+ imageName = image_name;
+ imageDigest = image_digest;
+ finalImageTag = image_tag;
+ };
+in
+mkFunctor (
+ {
+ input ? ./sources.json,
+ }:
+ let
+ data =
+ if builtins.isPath input then
+ # while `readFile` will throw an error anyways if the path doesn't exist,
+ # we still need to check beforehand because *our* error can be caught but not the one from the builtin
+ # *piegames sighs*
+ if builtins.pathExists input then
+ builtins.fromJSON (builtins.readFile input)
+ else
+ throw "Input path ${toString input} does not exist"
+ else if builtins.isAttrs input then
+ input
+ else
+ throw "Unsupported input type ${builtins.typeOf input}, must be a path or an attrset";
+ version = data.version;
+ in
+ if version == 7 then
+ builtins.mapAttrs (name: spec: mkFunctor (mkSource name spec)) data.pins
+ else
+ throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
+)
diff --git a/nix/npins/sources.json b/nix/npins/sources.json
new file mode 100644
index 0000000..93e4442
--- /dev/null
+++ b/nix/npins/sources.json
@@ -0,0 +1,131 @@
+{
+ "pins": {
+ "NUR": {
+ "type": "Git",
+ "repository": {
+ "type": "GitHub",
+ "owner": "nix-community",
+ "repo": "NUR"
+ },
+ "branch": "main",
+ "submodules": false,
+ "revision": "68c90674bf7614be9d0d4772a36416e8277717f6",
+ "url": "https://github.com/nix-community/NUR/archive/68c90674bf7614be9d0d4772a36416e8277717f6.tar.gz",
+ "hash": "sha256-fnqFNUir8uUsi8Qvh3216X6XaNS4NDtiZ3zxaMIkH1c="
+ },
+ "Phoenix": {
+ "type": "Git",
+ "repository": {
+ "type": "Forgejo",
+ "server": "https://codeberg.org/",
+ "owner": "celenity",
+ "repo": "Phoenix"
+ },
+ "branch": "dev",
+ "submodules": false,
+ "revision": "54aeb09d23fce79346ef1f4c9f11304cfc812934",
+ "url": "https://codeberg.org/celenity/Phoenix/archive/54aeb09d23fce79346ef1f4c9f11304cfc812934.tar.gz",
+ "hash": "sha256-izTRnoyGXelLk9lEvgeD6Lsq3DTkWBAF0kqiYQ1+998="
+ },
+ "agenix": {
+ "type": "Git",
+ "repository": {
+ "type": "GitHub",
+ "owner": "ryantm",
+ "repo": "agenix"
+ },
+ "branch": "main",
+ "submodules": false,
+ "revision": "b027ee29d959fda4b60b57566d64c98a202e0feb",
+ "url": "https://github.com/ryantm/agenix/archive/b027ee29d959fda4b60b57566d64c98a202e0feb.tar.gz",
+ "hash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I="
+ },
+ "anki-cli": {
+ "type": "Git",
+ "repository": {
+ "type": "Forgejo",
+ "server": "https://git.mtgmonkey.net/",
+ "owner": "andromeda",
+ "repo": "anki-cli"
+ },
+ "branch": "master",
+ "submodules": false,
+ "revision": "d69a1d3852b0ab96e85f7efc4ea72462e1ea187b",
+ "url": "https://git.mtgmonkey.net/andromeda/anki-cli/archive/d69a1d3852b0ab96e85f7efc4ea72462e1ea187b.tar.gz",
+ "hash": "sha256-4HVpUe+7tC41A0V+s1hCWtHMagZDm0YRGnJFxA8YDEg="
+ },
+ "c3term": {
+ "type": "Git",
+ "repository": {
+ "type": "Forgejo",
+ "server": "https://git.mtgmonkey.net/",
+ "owner": "andromeda",
+ "repo": "c3term"
+ },
+ "branch": "master",
+ "submodules": false,
+ "revision": "9a23671a55b4d8841154c18346ec3b8a9d5d3736",
+ "url": "https://git.mtgmonkey.net/andromeda/c3term/archive/9a23671a55b4d8841154c18346ec3b8a9d5d3736.tar.gz",
+ "hash": "sha256-YxWN5Rl2x+Itvd4vhDGbFA8F3x/Ze9fqoIBUdiLzKpg="
+ },
+ "home-manager": {
+ "type": "Git",
+ "repository": {
+ "type": "GitHub",
+ "owner": "nix-community",
+ "repo": "home-manager"
+ },
+ "branch": "master",
+ "submodules": false,
+ "revision": "8ec5a714dbbeb3fda00bd9758175555ebbad4d07",
+ "url": "https://github.com/nix-community/home-manager/archive/8ec5a714dbbeb3fda00bd9758175555ebbad4d07.tar.gz",
+ "hash": "sha256-HWbn7WASXsXGADiBDt6/k9U/HpGBEmoeqIOzrf+z2HE="
+ },
+ "impermanence": {
+ "type": "Git",
+ "repository": {
+ "type": "GitHub",
+ "owner": "nix-community",
+ "repo": "impermanence"
+ },
+ "branch": "master",
+ "submodules": false,
+ "revision": "7b1d382faf603b6d264f58627330f9faa5cba149",
+ "url": "https://github.com/nix-community/impermanence/archive/7b1d382faf603b6d264f58627330f9faa5cba149.tar.gz",
+ "hash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y="
+ },
+ "nixpkgs": {
+ "type": "Channel",
+ "name": "nixos-unstable",
+ "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre987561.1c3fe55ad329/nixexprs.tar.xz",
+ "hash": "sha256-e1tDUQMbFCxCnke314UpghgRqg3FJLtcXFfq/WTRLYI="
+ },
+ "nvf": {
+ "type": "Git",
+ "repository": {
+ "type": "GitHub",
+ "owner": "NotAShelf",
+ "repo": "nvf"
+ },
+ "branch": "main",
+ "submodules": false,
+ "revision": "5b4f9c63205e5b0ef180a2b0e4cc844111f96fa6",
+ "url": "https://github.com/NotAShelf/nvf/archive/5b4f9c63205e5b0ef180a2b0e4cc844111f96fa6.tar.gz",
+ "hash": "sha256-YLVqyn6LpFa+h697TmZIk0qVIbe7MxMpL8UTF4K+efA="
+ },
+ "stylix": {
+ "type": "Git",
+ "repository": {
+ "type": "GitHub",
+ "owner": "nix-community",
+ "repo": "stylix"
+ },
+ "branch": "master",
+ "submodules": false,
+ "revision": "84971726c7ef0bb3669a5443e151cc226e65c518",
+ "url": "https://github.com/nix-community/stylix/archive/84971726c7ef0bb3669a5443e151cc226e65c518.tar.gz",
+ "hash": "sha256-AFD5cf9eNqXq1brHS63xeZy2xKZMgG9J86XJ9I2eLn8="
+ }
+ },
+ "version": 7
+}
diff --git a/nix/patches/change-default-search-engine.patch b/nix/patches/change-default-search-engine.patch
new file mode 100644
index 0000000..eea0845
--- /dev/null
+++ b/nix/patches/change-default-search-engine.patch
@@ -0,0 +1,22 @@
+diff --git a/build-resources/policies/phoenix-desktop.json b/build-resources/policies/phoenix-desktop.json
+index 48efbe39..b5d2fe95 100644
+--- a/build-resources/policies/phoenix-desktop.json
++++ b/build-resources/policies/phoenix-desktop.json
+@@ -102,8 +102,8 @@
+ "URLTemplate": "https://eu.startpage.com/sp/search"
+ }
+ ],
+- "Default": "DuckDuckGo‎",
+- "DefaultPrivate": "DuckDuckGo‎",
++ "Default": "DuckDuckGo (HTML)",
++ "DefaultPrivate": "DuckDuckGo (HTML)",
+ "PreventInstalls": false,
+ "Remove": [
+ "1&1 Suche",
+@@ -170,4 +170,4 @@
+ ]
+ }
+ }
+-}
+\ No newline at end of file
++}
diff --git a/nix/pub-keys.nix b/nix/pub-keys.nix
new file mode 100644
index 0000000..8de2f7a
--- /dev/null
+++ b/nix/pub-keys.nix
@@ -0,0 +1,10 @@
+{
+ age.secrets.andromeda-pw.file = ./secrets/andromeda-pw.age;
+ pub-keys = {
+ ssh = {
+ andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
+ lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
+ _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkg4vbyGDxrAtKFK7Pecr/qDK9cUjv+kfhQMjO6M/Ft root@vmi2998419";
+ };
+ };
+}
diff --git a/nix/secrets.nix b/nix/secrets.nix
new file mode 100644
index 0000000..fd1c166
--- /dev/null
+++ b/nix/secrets.nix
@@ -0,0 +1,10 @@
+{lib, ...}: {
+ imports = [./pub-keys.nix];
+ options = {
+ pub-keys.ssh = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = {};
+ description = "set of public keys as `name = key`";
+ };
+ };
+}
diff --git a/nix/secrets/andromeda-pw.age b/nix/secrets/andromeda-pw.age
new file mode 100644
index 0000000..0c65df4
--- /dev/null
+++ b/nix/secrets/andromeda-pw.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg yzvchL+ecw88Wd2dNEUQU3mKAXeqto9YEww2awKZ/yg
+2uOU8NpVFgTrQvma4UfMcilZvMszgF9g+WUfj5448mg
+-> ssh-ed25519 UHxfvA nOOKWcp+Ldjlo1qhymb7IuSPB509Sz9bfGBR9VGpDzM
+0W5MTMkkG1Xuj2ZdE74HK3O/+zXziMQWyF/NL/bAKPQ
+--- oxkTA1FKsss5n01prQMlDe5u1/L+bTqaPpsCuGDlpp0
+tcc#\\@ ^O@jKs&ꨲS13g4>Z CRpZ| H^M vL' Yڨsjug' \ No newline at end of file
diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix
new file mode 100644
index 0000000..6dc4059
--- /dev/null
+++ b/nix/secrets/secrets.nix
@@ -0,0 +1,9 @@
+let
+ pub-keys = (import ../pub-keys.nix).pub-keys;
+ andromeda = pub-keys.ssh.andromeda;
+ lenovo = pub-keys.ssh.lenovo;
+ _109-199-104-83 = pub-keys.ssh._109-199-104-83;
+in {
+ # user passwords
+ "andromeda-pw.age".publicKeys = [andromeda lenovo];
+}
generated by cgit v1.3 (git 2.53.0) at 2026-05-06 23:48:32 +0000