thomas/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: thomas/nixos-config:27b14e232bae7d45f9aa363e353019a580617c1c
Branches Tags
thomas/nixos-config:main thomas/nixos-config:bot/t3code-0.0.17 thomas/nixos-config:bot/handy-0.8.2 thomas/nixos-config:bot/zen-browser-1.19.8b thomas/nixos-config:bot/helium-0.11.1.1 thomas/nixos-config:bot/helium-0.10.9.1 thomas/nixos-config:bot/t3code-0.0.15 thomas/nixos-config:bot/helium-0.10.8.1 thomas/nixos-config:bot/zen-browser-1.19.6b thomas/nixos-config:bot/zen-browser-1.19.5b thomas/nixos-config:bot/handy-0.8.1 thomas/nixos-config:bot/helium-0.10.7.1 thomas/nixos-config:bot/t3code-0.0.14 thomas/nixos-config:bot/handy-0.8.0 thomas/nixos-config:bot/helium-0.10.6.1 thomas/nixos-config:bot/handy-0.7.12 thomas/nixos-config:bot/zen-browser-1.19.3b thomas/nixos-config:bot/handy-0.7.11 thomas/nixos-config:bot/helium-0.10.5.1 thomas/nixos-config:bot/helium-0.10.2.1 thomas/nixos-config:bot/zen-browser-1.19.2b thomas/nixos-config:bot/handy-0.7.10 thomas/nixos-config:bot/handy-0.7.9
..
compare: thomas/nixos-config:bot/helium-0.11.1.1
Branches Tags
thomas/nixos-config:main thomas/nixos-config:bot/t3code-0.0.17 thomas/nixos-config:bot/handy-0.8.2 thomas/nixos-config:bot/zen-browser-1.19.8b thomas/nixos-config:bot/helium-0.11.1.1 thomas/nixos-config:bot/helium-0.10.9.1 thomas/nixos-config:bot/t3code-0.0.15 thomas/nixos-config:bot/helium-0.10.8.1 thomas/nixos-config:bot/zen-browser-1.19.6b thomas/nixos-config:bot/zen-browser-1.19.5b thomas/nixos-config:bot/handy-0.8.1 thomas/nixos-config:bot/helium-0.10.7.1 thomas/nixos-config:bot/t3code-0.0.14 thomas/nixos-config:bot/handy-0.8.0 thomas/nixos-config:bot/helium-0.10.6.1 thomas/nixos-config:bot/handy-0.7.12 thomas/nixos-config:bot/zen-browser-1.19.3b thomas/nixos-config:bot/handy-0.7.11 thomas/nixos-config:bot/helium-0.10.5.1 thomas/nixos-config:bot/helium-0.10.2.1 thomas/nixos-config:bot/zen-browser-1.19.2b thomas/nixos-config:bot/handy-0.7.10 thomas/nixos-config:bot/handy-0.7.9

55 Commits
27b14e232b .. bot/helium-0.11.1.1

Author SHA1 Message Date
gitea actions 9103ce44d8 update helium to 0.11.1.1 2026-04-13 06:00:40 +00:00
thomas 51b9d97cd1 foot
helium update / update-helium (push) Successful in 12s
Details
zen browser update / update-zen-browser (push) Successful in 9s
Details
handy update / update-handy (push) Successful in 10s
Details
t3code update / update-t3code (push) Successful in 10s
Details
2026-04-09 14:14:38 +01:00
thomas f5646aa790 bruno better 2026-04-09 14:07:05 +01:00
thomas d74ff3fb05 postman 2026-04-09 14:06:56 +01:00
thomas 5bfb471047 proggy clean 2026-04-08 11:03:48 +01:00
thomas 5e21664124 lix 2026-04-08 00:52:28 +01:00
thomas 6f4e3d6444 attempt wifi fix 2026-04-08 00:16:35 +01:00
thomas 6efa23d145 fix handy
helium update / update-helium (push) Successful in 13s
Details
zen browser update / update-zen-browser (push) Successful in 14s
Details
handy update / update-handy (push) Successful in 9s
Details
t3code update / update-t3code (push) Successful in 12s
Details
2026-04-01 14:49:46 +01:00
thomas 2ebdafd916 add localsend 2026-03-29 11:42:19 +01:00
thomas 0a625747e5 wifi fixes 2026-03-26 23:33:23 +00:00
thomas 38ee805597 start handy on startup
helium update / update-helium (push) Successful in 12s
Details
zen browser update / update-zen-browser (push) Successful in 11s
Details
handy update / update-handy (push) Successful in 9s
Details
t3code update / update-t3code (push) Successful in 11s
Details
2026-03-25 19:31:24 +00:00
thomas a6d9984871 nextcloud-client 2026-03-25 19:23:47 +00:00
thomas e0b3b8e35c update flake 2026-03-25 18:58:59 +00:00
thomas 71a7e9e349 update gsf input and remove host-specific gsfd service overrides 2026-03-25 18:57:20 +00:00
thomas 1117fe32e7 set gsfd stats path in nixos service env 2026-03-25 17:29:37 +00:00
thomas 1e226ddeb6 restore maccel declarative parameters 2026-03-25 17:29:37 +00:00
thomas 4551e5134e integrate gsf via flake input and hardware.gsf module 2026-03-25 17:29:37 +00:00
thomas ead8ff2afd stop declarative maccel parameter tuning in nixos 2026-03-25 17:29:37 +00:00
thomas e4b4fbd13a add maccel 2026-03-25 17:29:37 +00:00
thomas c176a082c8 via rules 2026-03-25 17:29:37 +00:00
thomas c14a95e58e docker 2026-03-25 17:29:37 +00:00
thomas b917372b8a add t3 code pkg 2026-03-25 17:29:37 +00:00
thomas 2568471aa6 update handy to 0.8.0 (#18) 
automated update of handy appimage version and hash

## changelog
from `0.7.12` to `0.8.0`

upstream release: https://github.com/cjpais/Handy/releases/tag/v0.8.0

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #18
 2026-03-25 13:21:07 +00:00
thomas 896247d7ba update helium to 0.10.6.1 (#17)
helium update / update-helium (push) Successful in 9s
Details
zen browser update / update-zen-browser (push) Successful in 5s
Details
handy update / update-handy (push) Successful in 9s
Details 
automated update of helium appimage version and hash

## changelog
from `0.10.5.1` to `0.10.6.1`

upstream release: https://github.com/imputnet/helium-linux/releases/tag/0.10.6.1

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #17
 2026-03-22 16:03:47 +00:00
thomas c401dde8d5 add cursor
helium update / update-helium (push) Successful in 10s
Details
zen browser update / update-zen-browser (push) Successful in 5s
Details
handy update / update-handy (push) Successful in 5s
Details
2026-03-20 10:57:49 +00:00
thomas c29451d38a fix unraid mnts 2026-03-20 10:57:49 +00:00
thomas 3f2e3d99e5 update zen browser to 1.19.3b (#14)
helium update / update-helium (push) Successful in 15s
Details
zen browser update / update-zen-browser (push) Successful in 5s
Details
handy update / update-handy (push) Successful in 6s
Details 
automated update of zen browser appimage version and hash

## changelog
from `1.19.2b` to `1.19.3b`

upstream release: https://github.com/zen-browser/desktop/releases/tag/1.19.3b

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #14
 2026-03-19 14:31:04 +00:00
thomas b419bf6cf3 update handy to 0.7.12 (#16) 
automated update of handy appimage version and hash

## changelog
from `0.7.10` to `0.7.12`

upstream release: https://github.com/cjpais/Handy/releases/tag/v0.7.12

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #16
 2026-03-19 14:30:57 +00:00
thomas 314fa8cd0e add bat to packages.nix
helium update / update-helium (push) Successful in 7s
Details
zen browser update / update-zen-browser (push) Successful in 10s
Details
handy update / update-handy (push) Successful in 11s
Details
2026-03-17 16:20:47 +00:00
thomas 0d2877a861 update helium to 0.10.5.1 (#13)
helium update / update-helium (push) Successful in 6s
Details
zen browser update / update-zen-browser (push) Successful in 8s
Details
handy update / update-handy (push) Successful in 11s
Details 
automated update of helium appimage version and hash

## changelog
from `0.10.2.1` to `0.10.5.1`

upstream release: https://github.com/imputnet/helium-linux/releases/tag/0.10.5.1

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #13
 2026-03-16 19:09:31 +00:00
thomas 12a851aa57 try and fix cedilla 2026-03-16 12:33:28 +00:00
thomas f2e785fa8f improve mounting 2026-03-16 10:42:14 +00:00
thomas 1d1afe1a43 move smb automount secrets to agenix
helium update / update-helium (push) Successful in 10s
Details
zen browser update / update-zen-browser (push) Successful in 5s
Details
handy update / update-handy (push) Successful in 5s
Details
2026-03-13 19:07:13 +00:00
thomas b1b3f324d9 add jjui 2026-03-13 17:45:54 +00:00
thomas 0656efb6aa keep release link and drop release notes in prs 2026-03-13 12:49:44 +00:00
thomas b41148f4a5 update helium to 0.10.2.1 (#12) 
automated update of helium appimage version and hash

## changelog
from `0.9.4.1` to `0.10.2.1`

upstream release: https://github.com/imputnet/helium-linux/releases/tag/0.10.2.1

Changes since last build:

### helium-linux

```
9dcfae5 update: helium 0.10.2.1 (#215)
```

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #12
 2026-03-13 12:47:57 +00:00
thomas e16829f19a update zen browser to 1.19.2b (#11) 
automated update of zen browser appimage version and hash

## changelog
from `1.19.2a` to `1.19.2b`

upstream release: https://github.com/zen-browser/desktop/releases/tag/1.19.2b

# Zen Stable Release

## Security

[Various security fixes](https://www.mozilla.org/en-US/security/advisories/mfsa2026-19/)

## New Features

- Updated to Firefox 148.0.2

## Fixes

- Fixed some RSS live folders not working with certain feeds. ([#12685](https://github.com/zen-browser/desktop/issues/12685))

- Improved performance for spaces, specially when switching between them. ([#11851](https://github.com/zen-browser/desktop/issues/11851))

- Other minor bug fixes and improvements.

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: https://gitea.unrail.xyz/thomas/nixos-config/pulls/11
 2026-03-13 12:47:17 +00:00
thomas 269276003d preserve markdown formatting in scraped changelog 2026-03-13 12:46:08 +00:00
thomas 0c3de60c20 scrape github release page for changelog 2026-03-13 12:44:06 +00:00
thomas 654827d307 harden release tag parsing for changelog fetch 2026-03-13 12:40:19 +00:00
thomas 39be66d752 test workflow 2026-03-13 12:38:18 +00:00
thomas 9f1a71b3b1 test workflow update 2026-03-13 12:33:07 +00:00
thomas 20affab949 edid 2026-03-13 12:26:43 +00:00
thomas 2f8cd172ed add ni and svelte language server 2026-03-13 12:26:43 +00:00
thomas 40adbf1bef add yazi ueberzugpp and chafa 2026-03-13 12:26:43 +00:00
thomas da9a4d1f91 add jujutsu 2026-03-13 12:26:43 +00:00
thomas ce49499e65 update zen browser to 1.19.2b (#5) 
automated update of zen browser appimage version and hash

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #5
 2026-03-13 12:24:56 +00:00
thomas 31116e200b cleanup
helium update / update-helium (push) Successful in 10s
Details
zen browser update / update-zen-browser (push) Successful in 9s
Details
handy update / update-handy (push) Successful in 6s
Details
2026-03-13 00:35:03 +00:00
thomas 7fe72e311e tmux and obs 2026-03-12 22:10:40 +00:00
thomas 51903cc47f update handy to 0.7.10 (#4)
helium update / update-helium (push) Successful in 6s
Details
zen browser update / update-zen-browser (push) Successful in 11s
Details
handy update / update-handy (push) Successful in 5s
Details 
automated update of handy appimage version and hash

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #4
 2026-03-11 16:36:29 +00:00
thomas 0e854495ff fix zen-browser audio/video codecs with ffmpeg-full 2026-03-11 16:35:46 +00:00
thomas 520177b9a5 update and add some pkgs 2026-03-11 14:56:42 +00:00
thomas effd3390c3 enable openssh 2026-03-10 11:53:13 +00:00
thomas 59c1dde695 update handy to 0.7.9 (#3) 
automated update of handy appimage version and hash

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #3
 2026-03-09 17:39:54 +00:00
thomas fc60083346 test further 2026-03-09 17:38:43 +00:00
22 changed files with 883 additions and 401 deletions
Expand all files Collapse all files
.gitea/scripts/commit-update.sh
+20
View File
@@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -euo pipefail
: "${BRANCH:?BRANCH is required}"
: "${FILE:?FILE is required}"
: "${COMMIT_MESSAGE:?COMMIT_MESSAGE is required}"
git config user.name "gitea actions"
git config user.email "actions@localhost"
git checkout -B "$BRANCH"
git add "$FILE"
if git diff --cached --quiet; then
echo "No staged changes for ${FILE}; skipping commit"
exit 0
fi
git commit -m "$COMMIT_MESSAGE"
git push --force origin "$BRANCH"
.gitea/scripts/create-gitea-pr.sh
+48
View File
@@ -0,0 +1,48 @@
#!/usr/bin/env bash
set -euo pipefail
: "${GITEA_API:?GITEA_API is required}"
: "${GITEA_TOKEN:?GITEA_TOKEN is required}"
: "${BRANCH:?BRANCH is required}"
: "${TITLE:?TITLE is required}"
: "${BODY:?BODY is required}"
owner_prefix="${HEAD_OWNER_PREFIX:-thomas}"
existing=$(curl -fsS \
-H "Authorization: token ${GITEA_TOKEN}" \
"${GITEA_API}/pulls?state=open" \
| python -c 'import json,sys,os; d=json.load(sys.stdin); b=os.environ["BRANCH"]; print(next((str(pr["number"]) for pr in d if isinstance(pr,dict) and pr.get("head",{}).get("ref")==b), ""))')
if [ -n "$existing" ]; then
echo "PR already exists: #$existing"
exit 0
fi
echo "Creating PR..."
created="false"
for head in "${BRANCH}" "${owner_prefix}:${BRANCH}"; do
echo "Trying head=${head}"
payload=$(HEAD_REF="$head" TITLE="$TITLE" BODY="$BODY" python -c 'import json,os; print(json.dumps({"title": os.environ["TITLE"], "head": os.environ["HEAD_REF"], "base": "main", "body": os.environ["BODY"]}))')
response=$(curl -sS -w '\n%{http_code}' -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"${GITEA_API}/pulls" \
-d "$payload")
body=$(printf '%s\n' "$response" | sed '$d')
code=$(printf '%s\n' "$response" | tail -n1)
echo "Create PR status: $code"
echo "$body"
if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then
created="true"
break
fi
done
if [ "$created" != "true" ]; then
echo "PR creation failed"
exit 1
fi
.gitea/scripts/update-appimage-nix.sh
+72
View File
@@ -0,0 +1,72 @@
#!/usr/bin/env bash
set -euo pipefail
: "${FILE:?FILE is required}"
: "${LATEST_RELEASE_URL:?LATEST_RELEASE_URL is required}"
: "${DOWNLOAD_URL_TEMPLATE:?DOWNLOAD_URL_TEMPLATE is required}"
if command -v python >/dev/null 2>&1; then
PYTHON_BIN=python
elif command -v python3 >/dev/null 2>&1; then
PYTHON_BIN=python3
else
echo "python is required but was not found"
exit 1
fi
version_strip_prefix="${LATEST_VERSION_STRIP_PREFIX:-v}"
release_tag_template="${RELEASE_TAG_TEMPLATE:-{version}}"
release_tag_template="${release_tag_template//$'\r'/}"
current_version=$($PYTHON_BIN - <<'PY'
import re
import os
p=os.environ["FILE"]
s=open(p).read()
m=re.search(r'version\s*=\s*"([^"]+)";', s)
print(m.group(1) if m else "")
PY
)
latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' "$LATEST_RELEASE_URL" \
| sed -E 's#.*/##')
if [ -n "$version_strip_prefix" ]; then
latest_version="${latest_version#${version_strip_prefix}}"
fi
echo "current=$current_version"
echo "latest=$latest_version"
if [ -z "$latest_version" ] || [ "$latest_version" = "$current_version" ]; then
echo "updated=false" >> "$GITHUB_OUTPUT"
exit 0
fi
download_url="${DOWNLOAD_URL_TEMPLATE//\{version\}/$latest_version}"
new_hash=$(nix store prefetch-file --json "$download_url" | "$PYTHON_BIN" -c 'import json,sys; print(json.load(sys.stdin)["hash"])')
export LATEST_VERSION="$latest_version"
export NEW_HASH="$new_hash"
"$PYTHON_BIN" - <<'PY'
import os
import re
p=os.environ["FILE"]
s=open(p).read()
s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
open(p,"w").write(s)
PY
release_tag="${release_tag_template//\{version\}/$latest_version}"
release_tag="${release_tag#\{}"
release_tag="${release_tag%\}}"
release_tag="${release_tag#\'}"
release_tag="${release_tag%\'}"
release_url="${LATEST_RELEASE_URL%/latest}/tag/${release_tag}"
echo "updated=true" >> "$GITHUB_OUTPUT"
echo "version=$latest_version" >> "$GITHUB_OUTPUT"
echo "previous_version=$current_version" >> "$GITHUB_OUTPUT"
echo "release_url=$release_url" >> "$GITHUB_OUTPUT"
.gitea/workflows/handy-update.yml
+26 -95
View File
@@ -21,66 +21,25 @@ jobs:
- name: check latest handy release and update file
id: update
env:
FILE: modules/pkgs/handy.nix
LATEST_RELEASE_URL: https://github.com/cjpais/Handy/releases/latest
DOWNLOAD_URL_TEMPLATE: https://github.com/cjpais/Handy/releases/download/v{version}/Handy_{version}_amd64.AppImage
RELEASE_TAG_TEMPLATE: v{version}
shell: bash
run: |
set -euo pipefail
FILE="modules/pkgs/handy.nix"
current_version=$(python - <<'PY'
import re
s=open('modules/pkgs/handy.nix').read()
m=re.search(r'version\s*=\s*"([^"]+)";', s)
print(m.group(1) if m else "")
PY
)
latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' \
'https://github.com/cjpais/Handy/releases/latest' \
| sed -E 's#.*/##' \
| sed 's/^v//')
echo "current=$current_version"
echo "latest=$latest_version"
if [ -z "$latest_version" ] || [ "$latest_version" = "$current_version" ]; then
echo "updated=false" >> "$GITHUB_OUTPUT"
exit 0
fi
url="https://github.com/cjpais/Handy/releases/download/v${latest_version}/Handy_${latest_version}_amd64.AppImage"
new_hash=$(nix store prefetch-file --json "$url" | python -c 'import json,sys; print(json.load(sys.stdin)["hash"])')
export LATEST_VERSION="$latest_version"
export NEW_HASH="$new_hash"
python - <<PY
import re
import os
p='modules/pkgs/handy.nix'
s=open(p).read()
s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
open(p,'w').write(s)
PY
echo "updated=true" >> "$GITHUB_OUTPUT"
echo "version=$latest_version" >> "$GITHUB_OUTPUT"
run: bash .gitea/scripts/update-appimage-nix.sh
- name: create branch and commit
if: steps.update.outputs.updated == 'true'
shell: bash
run: |
set -euo pipefail
branch="bot/handy-${{ steps.update.outputs.version }}"
version="${{ steps.update.outputs.version }}"
git config user.name "gitea actions"
git config user.email "actions@localhost"
git checkout -B "$branch"
git add modules/pkgs/handy.nix
git commit -m "update handy to ${{ steps.update.outputs.version }}"
git push --force origin "$branch"
BRANCH="bot/handy-${version}" \
FILE="modules/pkgs/handy.nix" \
COMMIT_MESSAGE="update handy to ${version}" \
bash .gitea/scripts/commit-update.sh
- name: open pull request
if: steps.update.outputs.updated == 'true'
@@ -90,50 +49,22 @@ jobs:
run: |
set -euo pipefail
api="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config"
branch="bot/handy-${{ steps.update.outputs.version }}"
version="${{ steps.update.outputs.version }}"
previous_version="${{ steps.update.outputs.previous_version }}"
release_url="${{ steps.update.outputs.release_url }}"
if [ -z "${GITEA_TOKEN:-}" ]; then
echo "GITEA_TOKEN is empty (check repo secret tea_token/TEA_TOKEN)"
exit 1
fi
pr_body=$(cat <<EOF
automated update of handy appimage version and hash
echo "Checking for existing PRs..."
existing=$(curl -fsS \
-H "Authorization: token ${GITEA_TOKEN}" \
"${api}/pulls?state=open" \
| python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if isinstance(pr,dict) and pr.get("head",{}).get("ref")==b), ""))')
## changelog
from \`${previous_version}\` to \`${version}\`
if [ -n "$existing" ]; then
echo "PR already exists: #$existing"
exit 0
fi
upstream release: ${release_url}
EOF
)
echo "Creating PR..."
created="false"
for head in "${branch}" "thomas:${branch}"; do
echo "Trying head=${head}"
payload=$(printf '{"title":"update handy to %s","head":"%s","base":"main","body":"automated update of handy appimage version and hash"}' \
"${{ steps.update.outputs.version }}" "$head")
response=$(curl -sS -w '\n%{http_code}' -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"${api}/pulls" \
-d "$payload")
body=$(printf '%s\n' "$response" | sed '$d')
code=$(printf '%s\n' "$response" | tail -n1)
echo "Create PR status: $code"
echo "$body"
if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then
created="true"
break
fi
done
if [ "$created" != "true" ]; then
echo "PR creation failed"
exit 1
fi
GITEA_API="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config" \
BRANCH="bot/handy-${version}" \
TITLE="update handy to ${version}" \
BODY="$pr_body" \
bash .gitea/scripts/create-gitea-pr.sh
.gitea/workflows/helium-update.yml
+26 -96
View File
@@ -21,67 +21,25 @@ jobs:
- name: check latest helium release and update file
id: update
env:
FILE: modules/pkgs/helium.nix
LATEST_RELEASE_URL: https://github.com/imputnet/helium-linux/releases/latest
DOWNLOAD_URL_TEMPLATE: https://github.com/imputnet/helium-linux/releases/download/{version}/helium-{version}-x86_64.AppImage
RELEASE_TAG_TEMPLATE: '{version}'
shell: bash
run: |
set -euo pipefail
FILE="modules/pkgs/helium.nix"
current_version=$(python - <<'PY'
import re
p='modules/pkgs/helium.nix'
s=open(p).read()
m=re.search(r'version\s*=\s*"([^"]+)";', s)
print(m.group(1) if m else "")
PY
)
latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' \
'https://github.com/imputnet/helium-linux/releases/latest' \
| sed -E 's#.*/##' \
| sed 's/^v//')
echo "current=$current_version"
echo "latest=$latest_version"
if [ -z "$latest_version" ] || [ "$latest_version" = "$current_version" ]; then
echo "updated=false" >> "$GITHUB_OUTPUT"
exit 0
fi
url="https://github.com/imputnet/helium-linux/releases/download/${latest_version}/helium-${latest_version}-x86_64.AppImage"
new_hash=$(nix store prefetch-file --json "$url" | python -c 'import json,sys; print(json.load(sys.stdin)["hash"])')
export LATEST_VERSION="$latest_version"
export NEW_HASH="$new_hash"
python - <<PY
import re
import os
p='modules/pkgs/helium.nix'
s=open(p).read()
s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
open(p,'w').write(s)
PY
echo "updated=true" >> "$GITHUB_OUTPUT"
echo "version=$latest_version" >> "$GITHUB_OUTPUT"
run: bash .gitea/scripts/update-appimage-nix.sh
- name: create branch and commit
if: steps.update.outputs.updated == 'true'
shell: bash
run: |
set -euo pipefail
branch="bot/helium-${{ steps.update.outputs.version }}"
version="${{ steps.update.outputs.version }}"
git config user.name "gitea actions"
git config user.email "actions@localhost"
git checkout -B "$branch"
git add modules/pkgs/helium.nix
git commit -m "update helium to ${{ steps.update.outputs.version }}"
git push --force origin "$branch"
BRANCH="bot/helium-${version}" \
FILE="modules/pkgs/helium.nix" \
COMMIT_MESSAGE="update helium to ${version}" \
bash .gitea/scripts/commit-update.sh
- name: open pull request
if: steps.update.outputs.updated == 'true'
@@ -91,50 +49,22 @@ jobs:
run: |
set -euo pipefail
api="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config"
branch="bot/helium-${{ steps.update.outputs.version }}"
version="${{ steps.update.outputs.version }}"
previous_version="${{ steps.update.outputs.previous_version }}"
release_url="${{ steps.update.outputs.release_url }}"
if [ -z "${GITEA_TOKEN:-}" ]; then
echo "GITEA_TOKEN is empty (check repo secret tea_token/TEA_TOKEN)"
exit 1
fi
pr_body=$(cat <<EOF
automated update of helium appimage version and hash
# Skip if PR for this branch already exists
existing=$(curl -fsS \
-H "Authorization: token ${GITEA_TOKEN}" \
"${api}/pulls?state=open" \
| python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if pr.get("head",{}).get("ref")==b), ""))')
## changelog
from \`${previous_version}\` to \`${version}\`
if [ -n "$existing" ]; then
echo "PR already exists: #$existing"
exit 0
fi
upstream release: ${release_url}
EOF
)
echo "Creating PR..."
created="false"
for head in "${branch}" "thomas:${branch}"; do
echo "Trying head=${head}"
payload=$(printf '{"title":"update helium to %s","head":"%s","base":"main","body":"automated update of helium appimage version and hash"}' \
"${{ steps.update.outputs.version }}" "$head")
response=$(curl -sS -w '\n%{http_code}' -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"${api}/pulls" \
-d "$payload")
body=$(printf '%s\n' "$response" | sed '$d')
code=$(printf '%s\n' "$response" | tail -n1)
echo "Create PR status: $code"
echo "$body"
if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then
created="true"
break
fi
done
if [ "$created" != "true" ]; then
echo "PR creation failed"
exit 1
fi
GITEA_API="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config" \
BRANCH="bot/helium-${version}" \
TITLE="update helium to ${version}" \
BODY="$pr_body" \
bash .gitea/scripts/create-gitea-pr.sh
.gitea/workflows/t3code-update.yml
+70
View File
@@ -0,0 +1,70 @@
name: t3code update
on:
schedule:
- cron: "50 6 * * *"
workflow_dispatch:
jobs:
update-t3code:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: install nix
uses: cachix/install-nix-action@v27
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: check latest t3code release and update file
id: update
env:
FILE: modules/pkgs/t3code.nix
LATEST_RELEASE_URL: https://github.com/pingdotgg/t3code/releases/latest
DOWNLOAD_URL_TEMPLATE: https://github.com/pingdotgg/t3code/releases/download/v{version}/T3-Code-{version}-x86_64.AppImage
RELEASE_TAG_TEMPLATE: v{version}
shell: bash
run: bash .gitea/scripts/update-appimage-nix.sh
- name: create branch and commit
if: steps.update.outputs.updated == 'true'
shell: bash
run: |
set -euo pipefail
version="${{ steps.update.outputs.version }}"
BRANCH="bot/t3code-${version}" \
FILE="modules/pkgs/t3code.nix" \
COMMIT_MESSAGE="update t3code to ${version}" \
bash .gitea/scripts/commit-update.sh
- name: open pull request
if: steps.update.outputs.updated == 'true'
env:
GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
shell: bash
run: |
set -euo pipefail
version="${{ steps.update.outputs.version }}"
previous_version="${{ steps.update.outputs.previous_version }}"
release_url="${{ steps.update.outputs.release_url }}"
pr_body=$(cat <<EOF
automated update of t3code appimage version and hash
## changelog
from \`${previous_version}\` to \`${version}\`
upstream release: ${release_url}
EOF
)
GITEA_API="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config" \
BRANCH="bot/t3code-${version}" \
TITLE="update t3code to ${version}" \
BODY="$pr_body" \
bash .gitea/scripts/create-gitea-pr.sh
.gitea/workflows/zen-browser-update.yml
+26 -94
View File
@@ -21,66 +21,25 @@ jobs:
- name: check latest zen browser release and update file
id: update
env:
FILE: modules/pkgs/zen-browser.nix
LATEST_RELEASE_URL: https://github.com/zen-browser/desktop/releases/latest
DOWNLOAD_URL_TEMPLATE: https://github.com/zen-browser/desktop/releases/download/{version}/zen-x86_64.AppImage
RELEASE_TAG_TEMPLATE: '{version}'
shell: bash
run: |
set -euo pipefail
FILE="modules/pkgs/zen-browser.nix"
current_version=$(python - <<'PY'
import re
s=open('modules/pkgs/zen-browser.nix').read()
m=re.search(r'version\s*=\s*"([^"]+)";', s)
print(m.group(1) if m else "")
PY
)
latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' \
'https://github.com/zen-browser/desktop/releases/latest' \
| sed -E 's#.*/##' \
| sed 's/^v//')
echo "current=$current_version"
echo "latest=$latest_version"
if [ -z "$latest_version" ] || [ "$latest_version" = "$current_version" ]; then
echo "updated=false" >> "$GITHUB_OUTPUT"
exit 0
fi
url="https://github.com/zen-browser/desktop/releases/download/${latest_version}/zen-x86_64.AppImage"
new_hash=$(nix store prefetch-file --json "$url" | python -c 'import json,sys; print(json.load(sys.stdin)["hash"])')
export LATEST_VERSION="$latest_version"
export NEW_HASH="$new_hash"
python - <<PY
import re
import os
p='modules/pkgs/zen-browser.nix'
s=open(p).read()
s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
open(p,'w').write(s)
PY
echo "updated=true" >> "$GITHUB_OUTPUT"
echo "version=$latest_version" >> "$GITHUB_OUTPUT"
run: bash .gitea/scripts/update-appimage-nix.sh
- name: create branch and commit
if: steps.update.outputs.updated == 'true'
shell: bash
run: |
set -euo pipefail
branch="bot/zen-browser-${{ steps.update.outputs.version }}"
version="${{ steps.update.outputs.version }}"
git config user.name "gitea actions"
git config user.email "actions@localhost"
git checkout -B "$branch"
git add modules/pkgs/zen-browser.nix
git commit -m "update zen browser to ${{ steps.update.outputs.version }}"
git push --force origin "$branch"
BRANCH="bot/zen-browser-${version}" \
FILE="modules/pkgs/zen-browser.nix" \
COMMIT_MESSAGE="update zen browser to ${version}" \
bash .gitea/scripts/commit-update.sh
- name: open pull request
if: steps.update.outputs.updated == 'true'
@@ -90,49 +49,22 @@ jobs:
run: |
set -euo pipefail
api="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config"
branch="bot/zen-browser-${{ steps.update.outputs.version }}"
version="${{ steps.update.outputs.version }}"
previous_version="${{ steps.update.outputs.previous_version }}"
release_url="${{ steps.update.outputs.release_url }}"
if [ -z "${GITEA_TOKEN:-}" ]; then
echo "GITEA_TOKEN is empty (check repo secret tea_token/TEA_TOKEN)"
exit 1
fi
pr_body=$(cat <<EOF
automated update of zen browser appimage version and hash
existing=$(curl -fsS \
-H "Authorization: token ${GITEA_TOKEN}" \
"${api}/pulls?state=open" \
| python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if isinstance(pr,dict) and pr.get("head",{}).get("ref")==b), ""))')
## changelog
from \`${previous_version}\` to \`${version}\`
if [ -n "$existing" ]; then
echo "PR already exists: #$existing"
exit 0
fi
upstream release: ${release_url}
EOF
)
echo "Creating PR..."
created="false"
for head in "${branch}" "thomas:${branch}"; do
echo "Trying head=${head}"
payload=$(printf '{"title":"update zen browser to %s","head":"%s","base":"main","body":"automated update of zen browser appimage version and hash"}' \
"${{ steps.update.outputs.version }}" "$head")
response=$(curl -sS -w '\n%{http_code}' -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"${api}/pulls" \
-d "$payload")
body=$(printf '%s\n' "$response" | sed '$d')
code=$(printf '%s\n' "$response" | tail -n1)
echo "Create PR status: $code"
echo "$body"
if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then
created="true"
break
fi
done
if [ "$created" != "true" ]; then
echo "PR creation failed"
exit 1
fi
GITEA_API="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config" \
BRANCH="bot/zen-browser-${version}" \
TITLE="update zen browser to ${version}" \
BODY="$pr_body" \
bash .gitea/scripts/create-gitea-pr.sh
README.md
+33
View File
@@ -20,3 +20,36 @@ NixOS configuration using a dendritic structure — `flake.nix` at the root, wit
```bash
sudo nixos-rebuild switch --flake .#nixos
```
## SMB share secrets (agenix)
SMB automount is configured in `modules/hosts/nixos.nix` and activates once
`secrets/smb-credentials.age` exists.
1. Edit recipients in `secrets/secrets.nix` if needed.
2. Create the encrypted secret (using the host SSH private key via sudo):
```bash
sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
```
Use this content:
```text
username=YOUR_SMB_USER
password=YOUR_SMB_PASSWORD
# optional
# domain=WORKGROUP
```
Configured shares mirror your Endeavour setup:
- `//192.168.1.102/data``/mnt/unraid-data`
- `//192.168.1.102/appdata``/mnt/unraid-appdata`
Then apply:
```bash
sudo nixos-rebuild switch --flake .#nixos
```
flake.lock
Generated
+191 -10
View File
@@ -1,5 +1,48 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -7,11 +50,11 @@
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
@@ -20,13 +63,71 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gsf": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1774464988,
"narHash": "sha256-F0pVG3ou+yN+jqQlFXMf27BCeShDuZcpoeHFSord8xk=",
"ref": "refs/heads/main",
"rev": "3bccad3870d1f7220c423f06d21ed9b91d1b90d1",
"revCount": 10,
"type": "git",
"url": "https://gitea.unrail.xyz/thomas/gotta-scroll-fast"
},
"original": {
"type": "git",
"url": "https://gitea.unrail.xyz/thomas/gotta-scroll-fast"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"import-tree": {
"locked": {
"lastModified": 1772999353,
"narHash": "sha256-dPb0WxUhFaz6wuR3B6ysqFJpsu8txKDPZvS47AT2XLI=",
"lastModified": 1773693634,
"narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"owner": "vic",
"repo": "import-tree",
"rev": "545a4df146fce44d155573e47f5a777985acf912",
"rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"type": "github"
},
"original": {
@@ -35,13 +136,60 @@
"type": "github"
}
},
"maccel": {
"locked": {
"lastModified": 1771614512,
"narHash": "sha256-KzvNWDGVpoNcR9wcIOlwxr6Nwtgt9Hicck/0fswhi7U=",
"owner": "Gnarus-G",
"repo": "maccel",
"rev": "c7c1369d4bd4f240b38365cd43bd696d06635e4d",
"type": "github"
},
"original": {
"owner": "Gnarus-G",
"repo": "maccel",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1774106199,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1775423009,
"narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"type": "github"
},
"original": {
@@ -53,9 +201,42 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"flake-parts": "flake-parts",
"gsf": "gsf",
"import-tree": "import-tree",
"nixpkgs": "nixpkgs"
"maccel": "maccel",
"nixpkgs": "nixpkgs_3"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
flake.nix
+3
View File
@@ -9,6 +9,9 @@
};
import-tree.url = "github:vic/import-tree";
agenix.url = "github:ryantm/agenix";
maccel.url = "github:Gnarus-G/maccel";
gsf.url = "git+https://gitea.unrail.xyz/thomas/gotta-scroll-fast";
};
outputs =
modules/assets/edid/g80.bin
BIN
View File
Binary file not shown.
modules/development.nix
+14 -1
View File
@@ -1,14 +1,25 @@
{inputs, ...}: {
{config, ...}: let
flakeConfig = config;
in {
flake.nixosModules.development = {pkgs, ...}: {
virtualisation.docker.enable = true;
users.users.${flakeConfig.username}.extraGroups = ["docker"];
environment.systemPackages = with pkgs; [
nodejs_24
go
nixfmt
zellij
nixd
git
jujutsu
lazygit
pnpm
ni
code-cursor-fhs
codex
# LSPs and formatters (previously via Mason)
stylua
@@ -16,7 +27,9 @@
pyright
vscode-langservers-extracted # includes css-lsp, eslint-lsp, html-lsp, json-lsp
tailwindcss-language-server
svelte-language-server
biome
typescript-go
# Treesitter CLI + C compiler for building grammars
tree-sitter
modules/fonts.nix
+10 -9
View File
@@ -1,10 +1,11 @@
{ inputs, ... }: {
flake.nixosModules.fonts = {pkgs, ...}: {
fonts.packages = with pkgs; [
nerd-fonts.iosevka-term-slab
nerd-fonts.iosevka
nerd-fonts.fira-mono
nerd-fonts.fira-code
];
};
{...}: {
flake.nixosModules.fonts = {pkgs, ...}: {
fonts.packages = with pkgs; [
nerd-fonts.iosevka-term-slab
nerd-fonts.iosevka
nerd-fonts.fira-mono
nerd-fonts.fira-code
nerd-fonts.proggy-clean-tt
];
};
}
modules/hosts/nixos.nix
+231 -71
View File
@@ -1,80 +1,240 @@
{ inputs, self, config, ... }: {
{
inputs,
self,
config,
...
}: let
flakeConfig = config;
in {
flake.nixosModules.nixos-host = {
pkgs,
lib,
config,
...
}: let
smbSecretFile = ../../secrets/smb-credentials.age;
hasSmbSecret = builtins.pathExists smbSecretFile;
flake.nixosModules.nixos-host = {pkgs, ...}: {
imports = [
../../hardware-configuration.nix
];
gsfDevice = "/dev/input/by-id/usb-Ploopy_Corporation_Ploopy_Adept_Trackball_E6626067D39C532A0000000000000000-if02-event-mouse";
in {
imports = [
inputs.agenix.nixosModules.default
inputs.maccel.nixosModules.default
inputs.gsf.nixosModules.default
../../hardware-configuration.nix
];
# Bootloader
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Bootloader
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Use latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Hostname
networking.hostName = "nixos";
# Custom EDID override for Samsung 240Hz on DP-1
# Extreme mt7921e fallback: disable PCIe ASPM globally
boot.kernelParams = [
"drm.edid_firmware=DP-1:edid/g80.bin"
"pcie_aspm=off"
];
# Networking
networking.networkmanager.enable = true;
# mt7921e stability tweaks
boot.extraModprobeConfig = ''
options mt7921e disable_aspm=Y
options mt7921e disable_clc=Y
'';
# Time zone
time.timeZone = "Europe/Lisbon";
hardware.firmware = [
(pkgs.runCommand "g80-edid-firmware" {} ''
install -Dm444 ${../assets/edid/g80.bin} $out/lib/firmware/edid/g80.bin
'')
];
# Locale
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "pt_PT.UTF-8";
LC_IDENTIFICATION = "pt_PT.UTF-8";
LC_MEASUREMENT = "pt_PT.UTF-8";
LC_MONETARY = "pt_PT.UTF-8";
LC_NAME = "pt_PT.UTF-8";
LC_NUMERIC = "pt_PT.UTF-8";
LC_PAPER = "pt_PT.UTF-8";
LC_TELEPHONE = "pt_PT.UTF-8";
LC_TIME = "pt_PT.UTF-8";
# Hostname
networking.hostName = "nixos";
# Networking
networking.networkmanager = {
enable = true;
wifi.powersave = false;
settings.device."wifi.scan-rand-mac-address" = "no";
};
# Work around mt7921e getting stuck after suspend/resume
environment.etc."systemd/system-sleep/99-mt7921e-reset" = {
text = ''
#!/bin/sh
case "$1" in
post)
${pkgs.kmod}/bin/modprobe -r mt7921e || true
${pkgs.kmod}/bin/modprobe mt7921e
;;
esac
'';
mode = "0755";
};
# LocalSend
networking.firewall = {
allowedTCPPorts = [53317];
allowedUDPPorts = [53317];
};
# WebHID/VIA access on Linux (VIA needs hidraw access)
services.udev.extraRules = ''
# General VIA rule (matches vial docs/reddit workaround)
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
# Explicit Ploopy Adept (VID:PID 5043:5c47)
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="5043", ATTRS{idProduct}=="5c47", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
# Time zone
time.timeZone = "Europe/Lisbon";
# Locale
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "pt_PT.UTF-8";
LC_IDENTIFICATION = "pt_PT.UTF-8";
LC_MEASUREMENT = "pt_PT.UTF-8";
LC_MONETARY = "pt_PT.UTF-8";
LC_NAME = "pt_PT.UTF-8";
LC_NUMERIC = "pt_PT.UTF-8";
LC_PAPER = "pt_PT.UTF-8";
LC_TELEPHONE = "pt_PT.UTF-8";
LC_TIME = "pt_PT.UTF-8";
};
# Printing
services.printing.enable = true;
# Audio
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# SSH
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
};
};
# User account
users.users.${flakeConfig.username} = {
isNormalUser = true;
description = "Thomas Gouveia Lopes";
extraGroups = ["networkmanager" "wheel"];
};
users.groups.maccel.members = [flakeConfig.username];
hardware.maccel = {
enable = true;
enableCli = true;
parameters = {
mode = "linear";
sensMultiplier = 1.0;
yxRatio = 1.0;
inputDpi = 1000.0;
angleRotation = 0.0;
acceleration = 0.3;
offset = 2.0;
outputCap = 2.0;
};
};
hardware.gsf = {
enable = true;
device = gsfDevice;
inputGroupUsers = [flakeConfig.username];
};
# Programs
# Allow unfree
nixpkgs.config.allowUnfree = true;
# Use Lix as the system Nix implementation
nix.package = pkgs.lixPackageSets.stable.lix;
# Enable flakes + restrict who can submit builds to the daemon
nix.settings = {
experimental-features = ["nix-command" "flakes"];
allowed-users = ["root" flakeConfig.username];
};
# Auto-unlock gnome-keyring on login
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services.gdm.enableGnomeKeyring = true;
security.pam.services.gdm-password.enableGnomeKeyring = true;
# State version
system.stateVersion = "25.11";
boot.supportedFilesystems = ["cifs"];
warnings = lib.optional (!hasSmbSecret) ''
SMB automount is disabled: missing ${toString smbSecretFile}.
Create it with agenix:
sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
and set:
username=...
password=...
# optional
# domain=WORKGROUP
'';
age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
age.secrets."smb-credentials" = lib.mkIf hasSmbSecret {
file = smbSecretFile;
mode = "0400";
owner = "root";
group = "root";
};
fileSystems."/mnt/unraid-data" = lib.mkIf hasSmbSecret {
device = "//192.168.1.102/data";
fsType = "cifs";
options = [
"credentials=${config.age.secrets."smb-credentials".path}"
"uid=1000"
"gid=1000"
"iocharset=utf8"
"nofail"
"x-systemd.automount"
"_netdev"
"noserverino"
"vers=3.0"
];
};
fileSystems."/mnt/unraid-appdata" = lib.mkIf hasSmbSecret {
device = "//192.168.1.102/appdata";
fsType = "cifs";
options = [
"credentials=${config.age.secrets."smb-credentials".path}"
"uid=1000"
"gid=1000"
"iocharset=utf8"
"nofail"
"x-systemd.automount"
"_netdev"
"noserverino"
"vers=3.0"
];
};
fileSystems."/mnt/endeavour" = {
device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5";
fsType = "ext4";
options = ["defaults" "noatime"];
};
};
# Printing
services.printing.enable = true;
# Audio
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# User account
users.users.${config.username} = {
isNormalUser = true;
description = "Thomas Gouveia Lopes";
extraGroups = [ "networkmanager" "wheel" ];
};
# Programs
# Allow unfree
nixpkgs.config.allowUnfree = true;
# Enable flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Auto-unlock gnome-keyring on login
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services.gdm.enableGnomeKeyring = true;
security.pam.services.gdm-password.enableGnomeKeyring = true;
# State version
system.stateVersion = "25.11";
fileSystems."/mnt/endeavour" = {
device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5";
fsType = "ext4";
options = [ "defaults" "noatime" ];
};
};
}
modules/packages.nix
+30 -5
View File
@@ -1,8 +1,4 @@
{
inputs,
self,
...
}: {
{self, ...}: {
flake.nixosModules.packages = {pkgs, ...}: {
environment.systemPackages = with pkgs; [
fd
@@ -10,8 +6,13 @@
nerdfetch
libnotify
alacritty
foot
fzf
autojump
yazi
ueberzugpp
chafa
wl-clipboard
pulseaudio
legcord
quickshell
@@ -19,7 +20,31 @@
slack
feishin
obsidian
nextcloud-client
self.packages.${pkgs.stdenv.hostPlatform.system}.handy
self.packages.${pkgs.stdenv.hostPlatform.system}.t3code
mpv
ffmpeg
tmux
obs-studio
jjui
bat
localsend
# postman
bruno
bruno-cli
];
systemd.user.services.handy = {
description = "Handy";
wantedBy = ["graphical-session.target"];
partOf = ["graphical-session.target"];
after = ["graphical-session.target"];
serviceConfig = {
ExecStart = "${self.packages.${pkgs.stdenv.hostPlatform.system}.handy}/bin/handy";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}
modules/pkgs/handy.nix
+3 -2
View File
@@ -2,11 +2,11 @@
perSystem = {pkgs, ...}: {
packages.handy = pkgs.appimageTools.wrapType2 rec {
pname = "handy";
version = "0.7.9";
version = "0.8.0";
src = pkgs.fetchurl {
url = "https://github.com/cjpais/Handy/releases/download/v${version}/Handy_${version}_amd64.AppImage";
hash = "sha256-iSibRpme8xJfumhjJ2LzkrtFwV8j9nHajMnBygBFLz4=";
hash = "sha256-PLcssfd6iMx51mglAJ7D4+67HFazwfhJMImgU9WiNDk=";
};
extraInstallCommands = let
@@ -17,6 +17,7 @@
install -m 444 -D "$desktop_file" "$out/share/applications/${pname}.desktop"
substituteInPlace "$out/share/applications/${pname}.desktop" \
--replace 'Exec=AppRun' 'Exec=${pname}' || true
sed -i -E 's|^Exec=.*$|Exec=${pname}|g' "$out/share/applications/${pname}.desktop" || true
fi
if [ -d ${contents}/usr/share/icons ]; then
modules/pkgs/helium.nix
+2 -2
View File
@@ -2,11 +2,11 @@
perSystem = { pkgs, ... }: {
packages.helium = pkgs.appimageTools.wrapType2 rec {
pname = "helium";
version = "0.9.4.1";
version = "0.11.1.1";
src = pkgs.fetchurl {
url = "https://github.com/imputnet/helium-linux/releases/download/${version}/${pname}-${version}-x86_64.AppImage";
hash = "sha256-N5gdWuxOrIudJx/4nYo4/SKSxakpTFvL4zzByv6Cnug=";
hash = "sha256-Nfi8qjj7YOujsf8nLm3Mu+oh/R642Wy/nnc0ToolpW0=";
};
extraInstallCommands = let
modules/pkgs/t3code.nix
+37
View File
@@ -0,0 +1,37 @@
{lib, ...}: {
perSystem = {pkgs, ...}: {
packages.t3code = pkgs.appimageTools.wrapType2 rec {
pname = "t3code";
version = "0.0.13";
src = pkgs.fetchurl {
url = "https://github.com/pingdotgg/t3code/releases/download/v${version}/T3-Code-${version}-x86_64.AppImage";
hash = "sha256-oHKIh+aHsbGVHEoLLjItl6AbVRwvWVlZaIWyHKiekVc=";
};
extraInstallCommands = let
contents = pkgs.appimageTools.extract {inherit pname version src;};
in ''
desktop_file=$(find ${contents} -name "*.desktop" | head -n1)
if [ -n "$desktop_file" ]; then
install -m 444 -D "$desktop_file" "$out/share/applications/${pname}.desktop"
substituteInPlace "$out/share/applications/${pname}.desktop" \
--replace 'Exec=AppRun' 'Exec=${pname}' \
--replace 'Exec=T3-Code' 'Exec=${pname}' \
--replace 'Exec=t3-code' 'Exec=${pname}' || true
fi
if [ -d ${contents}/usr/share/icons ]; then
cp -r ${contents}/usr/share/icons $out/share
fi
'';
meta = {
description = "T3 Chat Desktop";
homepage = "https://t3.codes";
license = lib.licenses.mit;
platforms = ["x86_64-linux"];
};
};
};
}
modules/pkgs/zen-browser.nix
+28 -16
View File
@@ -1,29 +1,41 @@
{ ... }: {
perSystem = { pkgs, ... }: {
packages.zen-browser = pkgs.appimageTools.wrapType2 rec {
pname = "zen-browser";
version = "1.19.1b";
{lib, ...}: {
perSystem = {pkgs, ...}: let
pname = "zen-browser";
version = "1.19.3b";
src = pkgs.fetchurl {
url = "https://github.com/zen-browser/desktop/releases/download/${version}/zen-x86_64.AppImage";
hash = "sha256-h3lza2C+SxptpcX897Uf/nM8dNILUBXScSNQZlvSIQg=";
};
src = pkgs.fetchurl {
url = "https://github.com/zen-browser/desktop/releases/download/${version}/zen-x86_64.AppImage";
hash = "sha256-p00Irv2z6brDXMx3cr0234lOZZ2a7FmJMDzN494nzMw=";
};
extraInstallCommands = let
contents = pkgs.appimageTools.extract { inherit pname version src; };
in ''
desktop_file=$(find ${contents} -name "*.desktop" | head -n1)
appimageContents = pkgs.appimageTools.extract {inherit pname version src;};
in {
packages.zen-browser = pkgs.appimageTools.wrapType2 {
inherit pname version src;
extraPkgs = pkgs: [pkgs.ffmpeg-full];
extraInstallCommands = ''
desktop_file=$(find ${appimageContents} -name "*.desktop" | head -n1)
if [ -n "$desktop_file" ]; then
install -m 444 -D "$desktop_file" "$out/share/applications/${pname}.desktop"
# The desktop file uses 'zen' as the binary name
substituteInPlace "$out/share/applications/${pname}.desktop" \
--replace 'Exec=zen' 'Exec=${pname}'
fi
if [ -d ${contents}/usr/share/icons ]; then
cp -r ${contents}/usr/share/icons $out/share
if [ -d ${appimageContents}/usr/share/icons ]; then
cp -r ${appimageContents}/usr/share/icons $out/share
fi
ln -s $out/bin/${pname} $out/bin/zen
'';
meta = {
description = "Experience tranquillity while browsing the web without people tracking you!";
homepage = "https://zen-browser.app";
license = lib.licenses.mpl20;
platforms = ["x86_64-linux"];
};
};
};
}
modules/ui.nix
+1
View File
@@ -2,6 +2,7 @@
flake.nixosModules.ui = { pkgs, lib, ... }: {
# Desktop environment
services.xserver.enable = true;
services.xserver.xkb.options = "compose:ralt,cedilla:cacute";
services.displayManager.gdm.enable = true;
services.displayManager.gdm.wayland = true;
services.desktopManager.gnome.enable = true;
secrets/secrets.nix
+7
View File
@@ -0,0 +1,7 @@
let
nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg62Co6P+CYcvINrW9IYM1D8W7A3LNlEphAqP6vCzrv root@nixos";
in {
"secrets/smb-credentials.age".publicKeys = [
nixos
];
}
secrets/smb-credentials.age
+5
View File
@@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 eoxNoQ +//j26EmOrSLqTMUaKWy4X/GZZ3XoJmKlT+ArQejODU
olSV7FU5URhIcB4JczmPhGZsaQjQCs7kTm/IISCePsk
--- r7Gpe55fXHr9lghoFvwAZZVvDVckENBxTDXW3sXEjUI
ã{„Â&ffÇj?ÛSŠÈy´|Ô™tÀܾ_3äûOÇÒåjp» ‹tS!Î,†!5iÿó©¡ÙGoê‹_?tFKˆÊ´ØÔh%up„ÁX;'•.ÿXÙðóœo=