commit a1777bb274d679e48bf31ef71cfea234136a1956 · diogo.lol/dotfiles

+10

.luarc.json

··· 1 + { 2 + "$schema": "https://raw.githubusercontent.com/LuaLS/vscode-lua/refs/heads/master/setting/schema.json", 3 + "runtime.version": "LuaJIT", 4 + "diagnostics.globals": [ 5 + "vim" 6 + ], 7 + "workspace": { 8 + "checkThirdParty": false 9 + } 10 + }

+13

.sops.yaml

··· 1 + keys: 2 + - &diogo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIyMCwBcRVn8QdhGrI/2PWY6g9cIFEGphXBG2T3FHg5 3 + 4 + creation_rules: 5 + - path_regex: ^secrets/diogo\.yaml$ 6 + key_groups: 7 + - age: 8 + - *diogo 9 + 10 + - path_regex: ^secrets/services/[^/]+\.yaml$ 11 + key_groups: 12 + - age: 13 + - *diogo

+19

LICENSE

··· 1 + zlib License 2 + 3 + (C) 2025 Diogo <hi@luvsick.gg> 4 + 5 + This software is provided 'as-is', without any express or implied 6 + warranty. In no event will the authors be held liable for any damages 7 + arising from the use of this software. 8 + 9 + Permission is granted to anyone to use this software for any purpose, 10 + including commercial applications, and to alter it and redistribute it 11 + freely, subject to the following restrictions: 12 + 13 + 1. The origin of this software must not be misrepresented; you must not 14 + claim that you wrote the original software. If you use this software 15 + in a product, an acknowledgment in the product documentation would be 16 + appreciated but is not required. 17 + 2. Altered source versions must be plainly marked as such, and must not be 18 + misrepresented as being the original software. 19 + 3. This notice may not be removed or altered from any source distribution.

+18

README.md

··· 1 + # diogo's dotfiles 2 + 3 + > ❄️ diogo's cosy lil setup powered by nix 4 + 5 + > [!WARNING] 6 + > This is _highly_ opinionated and tailored for diogo's own needs. I wouldn't recommend using this as-is on your machine unless you love debugging at 3 AM. Proceed with caution _(and maybe a backup)_. 7 + 8 + This is where I keep all diogo's config, secrets, and sanity. It's heavily inspired by [isabelroses/dotfiles](https://github.com/isabelroses/dotfiles) _(go follow her, she's a legend)_, but with diogo's own chaotic energy sprinkled on top. 9 + 10 + ## What's inside? 11 + 12 + * **Nix flakes** for diogo's servers and machines (macOS + NixOS) 13 + * **Home Manager** for all diogo's user-level stuff 14 + * **Catppuccin** everywhere because pastel aesthetics > everything 15 + * **Yabai** for tiling diogo's Mac 16 + * **Neovim** set up with LSP, treesitter, and all the plugins I can't live without 17 + * **Secrets** with SOPS and age _(shhh, don't peek)_ 18 + * **Justfile** for easy rebuilds and deployments

+200

flake.lock

··· 1 + { 2 + "nodes": { 3 + "brew-src": { 4 + "flake": false, 5 + "locked": { 6 + "lastModified": 1753461463, 7 + "narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=", 8 + "owner": "Homebrew", 9 + "repo": "brew", 10 + "rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f", 11 + "type": "github" 12 + }, 13 + "original": { 14 + "owner": "Homebrew", 15 + "ref": "4.5.13", 16 + "repo": "brew", 17 + "type": "github" 18 + } 19 + }, 20 + "catppuccin": { 21 + "inputs": { 22 + "nixpkgs": [ 23 + "nixpkgs" 24 + ] 25 + }, 26 + "locked": { 27 + "lastModified": 1756028045, 28 + "narHash": "sha256-j6ehEdta7YnXtk42cdYQEElCKfnbe24yfeHJwszgyes=", 29 + "owner": "catppuccin", 30 + "repo": "nix", 31 + "rev": "ad015344f592b6ebb82de853b747dd577926ec77", 32 + "type": "github" 33 + }, 34 + "original": { 35 + "owner": "catppuccin", 36 + "repo": "nix", 37 + "type": "github" 38 + } 39 + }, 40 + "darwin": { 41 + "inputs": { 42 + "nixpkgs": [ 43 + "nixpkgs" 44 + ] 45 + }, 46 + "locked": { 47 + "lastModified": 1755825449, 48 + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", 49 + "owner": "nix-darwin", 50 + "repo": "nix-darwin", 51 + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", 52 + "type": "github" 53 + }, 54 + "original": { 55 + "owner": "nix-darwin", 56 + "repo": "nix-darwin", 57 + "type": "github" 58 + } 59 + }, 60 + "easy-hosts": { 61 + "locked": { 62 + "lastModified": 1755470564, 63 + "narHash": "sha256-KB1ZryVDoQcbIsItOf4WtxkHhh3ppj+XwMpSnt/2QHc=", 64 + "owner": "tgirlcloud", 65 + "repo": "easy-hosts", 66 + "rev": "d0422bc7b3db26268982aa15d07e60370e76ee1d", 67 + "type": "github" 68 + }, 69 + "original": { 70 + "owner": "tgirlcloud", 71 + "repo": "easy-hosts", 72 + "type": "github" 73 + } 74 + }, 75 + "flake-parts": { 76 + "inputs": { 77 + "nixpkgs-lib": [ 78 + "nixpkgs" 79 + ] 80 + }, 81 + "locked": { 82 + "lastModified": 1754487366, 83 + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", 84 + "owner": "hercules-ci", 85 + "repo": "flake-parts", 86 + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", 87 + "type": "github" 88 + }, 89 + "original": { 90 + "owner": "hercules-ci", 91 + "repo": "flake-parts", 92 + "type": "github" 93 + } 94 + }, 95 + "home-manager": { 96 + "inputs": { 97 + "nixpkgs": [ 98 + "nixpkgs" 99 + ] 100 + }, 101 + "locked": { 102 + "lastModified": 1756022458, 103 + "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", 104 + "owner": "nix-community", 105 + "repo": "home-manager", 106 + "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", 107 + "type": "github" 108 + }, 109 + "original": { 110 + "owner": "nix-community", 111 + "repo": "home-manager", 112 + "type": "github" 113 + } 114 + }, 115 + "homebrew": { 116 + "inputs": { 117 + "brew-src": "brew-src" 118 + }, 119 + "locked": { 120 + "lastModified": 1754250993, 121 + "narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=", 122 + "owner": "zhaofengli", 123 + "repo": "nix-homebrew", 124 + "rev": "314d057294e79bc2596972126b84c6f9f144499a", 125 + "type": "github" 126 + }, 127 + "original": { 128 + "owner": "zhaofengli", 129 + "repo": "nix-homebrew", 130 + "type": "github" 131 + } 132 + }, 133 + "nixpkgs": { 134 + "locked": { 135 + "lastModified": 1756125398, 136 + "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", 137 + "owner": "nixos", 138 + "repo": "nixpkgs", 139 + "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", 140 + "type": "github" 141 + }, 142 + "original": { 143 + "owner": "nixos", 144 + "ref": "nixos-unstable", 145 + "repo": "nixpkgs", 146 + "type": "github" 147 + } 148 + }, 149 + "root": { 150 + "inputs": { 151 + "catppuccin": "catppuccin", 152 + "darwin": "darwin", 153 + "easy-hosts": "easy-hosts", 154 + "flake-parts": "flake-parts", 155 + "home-manager": "home-manager", 156 + "homebrew": "homebrew", 157 + "nixpkgs": "nixpkgs", 158 + "sops": "sops", 159 + "systems": "systems" 160 + } 161 + }, 162 + "sops": { 163 + "inputs": { 164 + "nixpkgs": [ 165 + "nixpkgs" 166 + ] 167 + }, 168 + "locked": { 169 + "lastModified": 1754988908, 170 + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", 171 + "owner": "Mic92", 172 + "repo": "sops-nix", 173 + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", 174 + "type": "github" 175 + }, 176 + "original": { 177 + "owner": "Mic92", 178 + "repo": "sops-nix", 179 + "type": "github" 180 + } 181 + }, 182 + "systems": { 183 + "locked": { 184 + "lastModified": 1681028828, 185 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 186 + "owner": "nix-systems", 187 + "repo": "default", 188 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 189 + "type": "github" 190 + }, 191 + "original": { 192 + "owner": "nix-systems", 193 + "repo": "default", 194 + "type": "github" 195 + } 196 + } 197 + }, 198 + "root": "root", 199 + "version": 7 200 + }

+68

flake.nix

··· 1 + { 2 + description = "diogo's dotfiles"; 3 + 4 + inputs = { 5 + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; 6 + 7 + darwin = { 8 + type = "github"; 9 + owner = "nix-darwin"; 10 + repo = "nix-darwin"; 11 + inputs.nixpkgs.follows = "nixpkgs"; 12 + }; 13 + 14 + home-manager = { 15 + type = "github"; 16 + owner = "nix-community"; 17 + repo = "home-manager"; 18 + inputs.nixpkgs.follows = "nixpkgs"; 19 + }; 20 + 21 + catppuccin = { 22 + type = "github"; 23 + owner = "catppuccin"; 24 + repo = "nix"; 25 + inputs.nixpkgs.follows = "nixpkgs"; 26 + }; 27 + 28 + homebrew = { 29 + type = "github"; 30 + owner = "zhaofengli"; 31 + repo = "nix-homebrew"; 32 + }; 33 + 34 + flake-parts = { 35 + type = "github"; 36 + owner = "hercules-ci"; 37 + repo = "flake-parts"; 38 + inputs.nixpkgs-lib.follows = "nixpkgs"; 39 + }; 40 + 41 + easy-hosts = { 42 + type = "github"; 43 + owner = "tgirlcloud"; 44 + repo = "easy-hosts"; 45 + }; 46 + 47 + systems = { 48 + type = "github"; 49 + owner = "nix-systems"; 50 + repo = "default"; 51 + }; 52 + 53 + sops = { 54 + type = "github"; 55 + owner = "Mic92"; 56 + repo = "sops-nix"; 57 + inputs.nixpkgs.follows = "nixpkgs"; 58 + }; 59 + }; 60 + 61 + outputs = 62 + inputs: 63 + inputs.flake-parts.lib.mkFlake { inherit inputs; } { 64 + imports = [ 65 + ./flake 66 + ]; 67 + }; 68 + }

+12

flake/args.nix

··· 1 + { inputs, ... }: 2 + { 3 + systems = import inputs.systems; 4 + 5 + perSystem = 6 + { system, ... }: 7 + { 8 + _module.args.pkgs = import inputs.nixpkgs { 9 + inherit system; 10 + }; 11 + }; 12 + }

+8

flake/default.nix

··· 1 + { 2 + imports = [ 3 + ../hosts 4 + ./args.nix 5 + ./formatter.nix 6 + ./lib 7 + ]; 8 + }

+43

flake/formatter.nix

··· 1 + { 2 + perSystem = 3 + { pkgs, config, ... }: 4 + { 5 + formatter = pkgs.treefmt.withConfig { 6 + runtimeInputs = with pkgs; [ 7 + nixfmt 8 + shfmt 9 + stylua 10 + ]; 11 + 12 + settings = { 13 + on-unmatched = "info"; 14 + tree-root-file = "flake.nix"; 15 + 16 + formatter = { 17 + nixfmt = { 18 + command = "nixfmt"; 19 + includes = [ "*.nix" ]; 20 + }; 21 + 22 + shfmt = { 23 + command = "shfmt"; 24 + options = [ 25 + "-s" 26 + "-w" 27 + "-i" 28 + "2" 29 + ]; 30 + includes = [ 31 + "*.sh" 32 + ]; 33 + }; 34 + 35 + stylua = { 36 + command = "stylua"; 37 + includes = [ "*.lua" ]; 38 + }; 39 + }; 40 + }; 41 + }; 42 + }; 43 + }

+12

flake/lib/default.nix

··· 1 + # original: https://github.com/isabelroses/dotfiles/blob/main/modules/flake/lib/default.nix 2 + { lib, ... }: 3 + let 4 + sysLib = lib.fixedPoints.makeExtensible (final: { 5 + services = import ./services.nix { inherit lib; }; 6 + 7 + inherit (final.services) mkServiceOption; 8 + }); 9 + in 10 + { 11 + flake.lib = sysLib; 12 + }

+41

flake/lib/services.nix

··· 1 + # original: https://github.com/isabelroses/dotfiles/blob/main/modules/flake/lib/services.nix 2 + { lib, ... }: 3 + let 4 + inherit (lib.types) str; 5 + inherit (lib.options) mkOption mkEnableOption; 6 + 7 + mkServiceOption = 8 + name: 9 + { 10 + port ? 0, 11 + host ? "127.0.0.1", 12 + domain ? "", 13 + extraConfig ? { }, 14 + }: 15 + { 16 + enable = mkEnableOption "Enable the ${name} service"; 17 + 18 + host = mkOption { 19 + type = str; 20 + default = host; 21 + description = "Host where the ${name} service will run on"; 22 + }; 23 + 24 + port = mkOption { 25 + type = lib.types.port; 26 + default = port; 27 + description = "Port where the ${name} service will run on"; 28 + }; 29 + 30 + domain = mkOption { 31 + type = str; 32 + default = domain; 33 + defaultText = "networking.domain"; 34 + description = "Domain for the ${name} service"; 35 + }; 36 + } 37 + // extraConfig; 38 + in 39 + { 40 + inherit mkServiceOption; 41 + }

+31

home/default.nix

··· 1 + { 2 + lib, 3 + config, 4 + self, 5 + self', 6 + inputs, 7 + inputs', 8 + ... 9 + }: 10 + { 11 + home-manager = { 12 + useUserPackages = true; 13 + useGlobalPkgs = true; 14 + backupFileExtension = "bak"; 15 + 16 + extraSpecialArgs = { 17 + inherit 18 + self 19 + self' 20 + inputs 21 + inputs' 22 + ; 23 + }; 24 + 25 + users = lib.genAttrs config.sys.users (name: { 26 + imports = [ ./${name} ]; 27 + }); 28 + 29 + sharedModules = [ (self + /modules/home/default.nix) ]; 30 + }; 31 + }

+11

home/diogo/catppuccin.nix

··· 1 + { inputs, ... }: 2 + { 3 + imports = [ inputs.catppuccin.homeModules.catppuccin ]; 4 + 5 + catppuccin = { 6 + enable = true; 7 + flavor = "frappe"; 8 + accent = "pink"; 9 + nvim.enable = false; 10 + }; 11 + }

+10

home/diogo/default.nix

··· 1 + { 2 + home.file.".hushlogin".text = ""; 3 + 4 + imports = [ 5 + ./packages 6 + ./catppuccin.nix 7 + ./yabai.nix 8 + ./system 9 + ]; 10 + }

+10

home/diogo/packages/btop.nix

··· 1 + { 2 + programs.btop = { 3 + enable = true; 4 + settings = { 5 + vim_keys = true; 6 + graph_symbol = "braille"; 7 + theme_background = false; 8 + }; 9 + }; 10 + }

+32

home/diogo/packages/default.nix

··· 1 + { pkgs, ... }: 2 + { 3 + imports = [ 4 + ./git.nix 5 + ./hyfetch 6 + ./zsh.nix 7 + ./ohmyposh 8 + ./btop.nix 9 + ./ssh.nix 10 + ./fzf.nix 11 + ./gpg.nix 12 + ./neovim 13 + ./tmux.nix 14 + ./kitty 15 + ./firefox.nix 16 + ]; 17 + 18 + sys.packages = { 19 + inherit (pkgs) 20 + nodejs 21 + just 22 + glow 23 + bun 24 + charm-freeze 25 + age 26 + sops 27 + go 28 + rustc 29 + cargo 30 + ; 31 + }; 32 + }

+106

home/diogo/packages/firefox.nix

··· 1 + { 2 + pkgs, 3 + lib, 4 + ... 5 + }: 6 + let 7 + policies = { 8 + policies = { 9 + AppAutoUpdate = false; 10 + DisableAppUpdate = true; 11 + ManualAppUpdateOnly = true; 12 + DisableFirefoxStudies = true; 13 + DisablePocket = true; 14 + DisableTelemetry = true; 15 + DontCheckDefaultBrowser = true; 16 + OfferToSaveLogins = false; 17 + NoDefaultBookmarks = true; 18 + Cookies = { 19 + Allow = [ 20 + "https://bdiogo.app" 21 + "https://github.com" 22 + "https://steamcommunity.com" 23 + "https://steampowered.com" 24 + "https://1password.com" 25 + "https://1password.eu" 26 + "https://google.com" 27 + "https://youtube.com" 28 + "https://proton.me" 29 + "https://cloudflare.com" 30 + "https://twitch.tv" 31 + "https://apple.com" 32 + "https://icloud.com" 33 + "https://instagram.com" 34 + "https://porkbun.com" 35 + "https://ovh.com" 36 + "https://ovh.pt" 37 + "https://ovhcloud.com" 38 + "https://amazon.es" 39 + "https://hetzner.com" 40 + "https://mistral.ai" 41 + "https://codeberg.org" 42 + "https://revolut.com" 43 + "https://bunny.net" 44 + "https://tangled.sh" 45 + "https://kagi.com" 46 + ]; 47 + }; 48 + SanitizeOnShutdown = { 49 + Cache = true; 50 + Cookies = true; 51 + FormData = true; 52 + }; 53 + DisableFirefoxAccounts = true; 54 + DNSOverHTTPS = { 55 + Enabled = true; 56 + ProviderURL = "https://base.dns.mullvad.net/dns-query"; 57 + Fallback = true; 58 + Locked = true; 59 + }; 60 + EnableTrackingProtection = { 61 + Value = true; 62 + Locked = true; 63 + Cryptomining = true; 64 + Fingerprinting = true; 65 + EmailTracking = true; 66 + }; 67 + HttpsOnlyMode = "force_enabled"; 68 + SkipTermsOfUse = true; 69 + Extensions = { 70 + Install = [ 71 + "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" 72 + "https://addons.mozilla.org/firefox/downloads/latest/betterttv/latest.xpi" 73 + "https://addons.mozilla.org/firefox/downloads/latest/catppuccin-web-file-icons/latest.xpi" 74 + "https://addons.mozilla.org/firefox/downloads/latest/clearurls/latest.xpi" 75 + "https://addons.mozilla.org/firefox/downloads/latest/refined-github-/latest.xpi" 76 + "https://addons.mozilla.org/firefox/downloads/latest/return-youtube-dislikes/latest.xpi" 77 + "https://addons.mozilla.org/firefox/downloads/latest/sponsorblock/latest.xpi" 78 + "https://addons.mozilla.org/firefox/downloads/latest/steam-database/latest.xpi" 79 + "https://addons.mozilla.org/firefox/downloads/latest/styl-us/latest.xpi" 80 + "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" 81 + ]; 82 + }; 83 + SearchEngines = { 84 + Add = [ 85 + { 86 + Name = "Kagi"; 87 + IconURL = "https://kagi.com/favicon.ico"; 88 + URLTemplate = "https://kagi.com/search?q={searchTerms}"; 89 + Alias = "kagi"; 90 + SuggestURLTemplate = "https://kagi.com/api/autosuggest?q={searchTerms}"; 91 + } 92 + ]; 93 + Default = "Kagi"; 94 + }; 95 + }; 96 + }; 97 + in 98 + 99 + { 100 + home.activation.installFirefoxPolicies = lib.mkIf (pkgs.stdenv.hostPlatform.isDarwin) ( 101 + lib.hm.dag.entryAfter [ "writeBoundary" ] '' 102 + mkdir -p "/Applications/Twilight.app/Contents/Resources/distribution" 103 + echo '${builtins.toJSON policies}' > "/Applications/Twilight.app/Contents/Resources/distribution/policies.json" 104 + '' 105 + ); 106 + }

+15

home/diogo/packages/fzf.nix

··· 1 + { 2 + programs.fzf = { 3 + enable = true; 4 + 5 + enableZshIntegration = true; 6 + 7 + defaultOptions = [ 8 + "--height=40%" 9 + "--layout=reverse" 10 + "--border" 11 + "--preview-window=right:60%" 12 + "--preview 'bat --color=always --style=numbers --line-range=:500 {}'" 13 + ]; 14 + }; 15 + }

+87

home/diogo/packages/git.nix

··· 1 + { pkgs, config, ... }: 2 + { 3 + programs.git = { 4 + package = pkgs.gitMinimal; 5 + enable = true; 6 + userName = "Diogo"; 7 + userEmail = "hi@luvsick.gg"; 8 + 9 + signing = { 10 + key = "25E38D1809236776"; 11 + format = "openpgp"; 12 + signByDefault = true; 13 + }; 14 + 15 + ignores = [ 16 + ".DS_Store" 17 + "*~" 18 + "*.swp" 19 + "*.bak" 20 + "*.tmp" 21 + "*.log" 22 + ".idea" 23 + "changes.txt" 24 + "*freeze.png" 25 + ".crush" 26 + "**/.terraform/*" 27 + "*.tfvars" 28 + "*.tfvars.json" 29 + "*.tfstate" 30 + "*.tfstate.*" 31 + ".env*" 32 + ]; 33 + 34 + attributes = [ 35 + "* text=auto" 36 + "*.sh text eol=lf" 37 + "tsconfig.json linguist-language=JSON-with-Comments" 38 + "*.lock text -diff" 39 + ]; 40 + 41 + aliases = { 42 + s = "status -s"; 43 + undo = "reset --soft HEAD^"; 44 + cleanup = '' 45 + git fetch upstream; \ 46 + git checkout main; \ 47 + git pull upstream main; \ 48 + git push origin main; \ 49 + git branch -r --merged | grep -v main | grep origin | sed 's/origin\\///' | gxargs -r -n 1 git push --delete origin; \ 50 + git branch --merged | grep -v main | gxargs -r -n 1 git branch -d; \ 51 + git branch -vv | grep ': gone]'| grep -v '\\*' | awk '{ print $1; }' | gxargs -r git branch -D; \ 52 + git fetch --all --prune; \ 53 + git prune; \ 54 + git gc --aggressive; 55 + ''; 56 + wopsy = "commit -a --amend --no-edit"; 57 + }; 58 + 59 + lfs.enable = true; 60 + 61 + delta = { 62 + enable = true; 63 + options = { 64 + line-numbers = true; 65 + hyperlinks = true; 66 + side-by-side = true; 67 + }; 68 + }; 69 + 70 + extraConfig = { 71 + init.defaultBranch = "main"; 72 + }; 73 + }; 74 + 75 + programs.lazygit = { 76 + enable = config.programs.git.enable && config.sys.profiles.graphical.enable; 77 + settings = { 78 + confirmOnQuit = false; 79 + git = { 80 + paging = { 81 + colorArg = "always"; 82 + pager = "delta --paging=never"; 83 + }; 84 + }; 85 + }; 86 + }; 87 + }

+14

home/diogo/packages/gpg.nix

··· 1 + { pkgs, ... }: 2 + { 3 + sys.packages = { inherit (pkgs) pinentry-curses; }; 4 + services.gpg-agent = { 5 + enable = true; 6 + pinentry.package = pkgs.pinentry-curses; 7 + enableSshSupport = false; 8 + defaultCacheTtl = 600; 9 + maxCacheTtl = 3600; 10 + enableZshIntegration = true; 11 + }; 12 + 13 + programs.gpg.enable = true; 14 + }

+28

home/diogo/packages/hyfetch/default.nix

··· 1 + { 2 + programs.hyfetch = { 3 + enable = true; 4 + settings = { 5 + preset = "lesbian"; 6 + mode = "rgb"; 7 + light_dark = "dark"; 8 + lightness = 0.7; 9 + 10 + color_align = { 11 + mode = "horizontal"; 12 + custom_colors = [ ]; 13 + fore_back = null; 14 + }; 15 + 16 + backend = "fastfetch"; 17 + args = null; 18 + distro = null; 19 + pride_month_shown = [ ]; 20 + pride_month_disable = false; 21 + }; 22 + }; 23 + 24 + programs.fastfetch = { 25 + enable = true; 26 + settings = builtins.fromJSON (builtins.readFile ./fasfetch.jsonc); 27 + }; 28 + }

+106

home/diogo/packages/hyfetch/fasfetch.jsonc

··· 1 + { 2 + "$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json", 3 + "display": { 4 + "separator": "", 5 + "constants": [ 6 + "\u001b[90m│ │\u001b[60D\u001b[39m" 7 + ] 8 + }, 9 + "modules": [ 10 + { 11 + "type": "custom", 12 + "key": "{#90}╭ Keys ───────╮", 13 + "format": "{#90}╭ Values ────────────────────────────────────────────────────╮" 14 + }, 15 + { 16 + "type": "title", 17 + "key": "{#90}│ {#92}User {#90}│", 18 + "format": "{$1}{user-name} {#2}[{home-dir}]" 19 + }, 20 + { 21 + "type": "title", 22 + "key": "{#90}│ {#93}Hostname {#90}│", 23 + "format": "{$1}{host-name}" 24 + }, 25 + { 26 + "type": "os", 27 + "key": "{#90}│ {#93}OS {#90}│", 28 + "format": "{$1}{?pretty-name}{pretty-name}{?}{/pretty-name}{name}{/} {codename} {#2}[v{version}] [{arch}]" 29 + }, 30 + { 31 + "type": "kernel", 32 + "key": "{#90}│ {#93}Kernel {#90}│", 33 + "format": "{$1}{sysname} {#2}[v{release}]" 34 + }, 35 + { 36 + "type": "packages", 37 + "key": "{#90}│ {#93}Packages {#90}│", 38 + "format": "{$1}{brew} {#2}[brew]" 39 + }, 40 + { 41 + "type": "uptime", 42 + "key": "{#90}│ {#93}Uptime {#90}│", 43 + "format": "{$1}{?days}{days}d + {?}{hours}h {minutes}m {seconds}s" 44 + }, 45 + { 46 + "type": "cpu", 47 + "key": "{#90}│ {#91}CPU {#90}│", 48 + "showPeCoreCount": true, 49 + "temp": true, 50 + "format": "{$1}{name} {#2}[C:{core-types}] [{freq-max}]" 51 + }, 52 + { 53 + "type": "memory", 54 + "key": "{#90}│ {#91}Memory {#90}│", 55 + "format": "{$1}{used} / {total} ({percentage})" 56 + }, 57 + { 58 + "type": "disk", 59 + "key": "{#90}│ {#91}Disk {#90}│", 60 + "format": "{$1}{size-used} / {size-total} ({size-percentage})" 61 + }, 62 + { 63 + "type": "shell", 64 + "key": "{#90}│ {#95}Shell {#90}│", 65 + "format": "{$1}{pretty-name} {#2}[v{version}] [PID:{pid}]" 66 + }, 67 + { 68 + "type": "localip", 69 + "key": "{#90}│ {#94}Local IPv4 {#90}│", 70 + "showPrefixLen": true, 71 + "showIpv4": true, 72 + "showIpv6": false, 73 + "showMtu": true, 74 + "format": "{$1}{ipv4} {#2}[{ifname}]" 75 + }, 76 + { 77 + "type": "publicip", 78 + "key": "{#90}│ {#94}Public IPv4 {#90}│", 79 + "ipv6": false, 80 + "format": "{$1}{ip} {#2}[{location}]" 81 + }, 82 + { 83 + "type": "custom", 84 + "key": "{#90}╰─────────────╯", 85 + "format": "{#90}╰────────────────────────────────────────────────────────────╯" 86 + }, 87 + "break", 88 + { 89 + "type": "custom", 90 + "key": " ", 91 + "format": "{#90}╭ Colors ───────────────────────────────────────────────────────────────────╮" 92 + }, 93 + { 94 + "type": "custom", 95 + "format": "{#90}│ {#40} {#41} {#42} {#43} {#44} {#45} {#46} {#47} {#} {#90}│" 96 + }, 97 + { 98 + "type": "custom", 99 + "format": "{#90}│ {#100} {#101} {#102} {#103} {#104} {#105} {#106} {#107} {#} {#90}│" 100 + }, 101 + { 102 + "type": "custom", 103 + "format": "{#90}╰───────────────────────────────────────────────────────────────────────────╯" 104 + } 105 + ] 106 + }

+3

home/diogo/packages/kitty/default.nix

··· 1 + { 2 + xdg.configFile."kitty/kitty.conf".source = ./kitty.conf; 3 + }

+51

home/diogo/packages/kitty/kitty.conf

··· 1 + # vim:fileencoding=utf-8:foldmethod=marker 2 + 3 + enable_audio_bell no 4 + copy_on_select yes 5 + 6 + window_border_width 1.0 7 + window_margin_width 0.0 8 + single_window_margin_width 0.0 9 + window_padding_width 10 12 10 + 11 + background_opacity 0.95 12 + background_blur 20 13 + 14 + macos_option_as_alt left 15 + macos_quit_when_last_window_closed yes 16 + hide_window_decorations titlebar-only 17 + 18 + tab_bar_min_tabs 1 19 + tab_bar_edge top 20 + tab_bar_style powerline 21 + tab_powerline_style round 22 + tab_title_template {title}{' :{}:'.format(num_windows) if num_windows > 1 else ''} 23 + 24 + adjust_line_height 105% 25 + font_family Maple Mono 26 + 27 + font_size 18 28 + mouse_hide_wait 3.0 29 + kitty_mod cmd 30 + 31 + map kitty_mod+r load_config_file 32 + 33 + map kitty_mod+n new_os_window_with_cwd 34 + map kitty_mod+t new_tab_with_cwd 35 + map kitty_mod+shift+. move_tab_forward 36 + map kitty_mod+shift+, move_tab_backward 37 + 38 + map kitty_mod+1 goto_tab 1 39 + map kitty_mod+2 goto_tab 2 40 + map kitty_mod+3 goto_tab 3 41 + map kitty_mod+4 goto_tab 4 42 + map kitty_mod+5 goto_tab 5 43 + map kitty_mod+6 goto_tab 6 44 + map kitty_mod+7 goto_tab 7 45 + map kitty_mod+8 goto_tab 8 46 + map kitty_mod+9 goto_tab 9 47 + 48 + # BEGIN_KITTY_THEME 49 + # Catppuccin-Frappe 50 + include current-theme.conf 51 + # END_KITTY_THEME

+38

home/diogo/packages/neovim/.vimrc

··· 1 + let mapleader = " " 2 + 3 + set hlsearch 4 + set incsearch 5 + set ignorecase 6 + set smartcase 7 + 8 + set number 9 + set relativenumber 10 + set linebreak 11 + 12 + set noswapfile 13 + set nobackup 14 + set undodir=~/.vim/undodir 15 + set undofile 16 + 17 + set so=4 18 + 19 + set expandtab 20 + set tabstop=2 softtabstop=2 21 + set shiftwidth=2 22 + 23 + set hidden 24 + set noerrorbells 25 + set mouse="a" 26 + 27 + syntax on 28 + filetype plugin indent on 29 + set updatetime=500 30 + 31 + set spell 32 + set spelllang=en_gb 33 + 34 + inoremap <Esc> <Esc> 35 + 36 + nnoremap <leader>w :w<CR> 37 + nnoremap <leader>q :q<CR> 38 + nnoremap <leader>Q :q!<CR>

+55

home/diogo/packages/neovim/default.nix

··· 1 + { pkgs, ... }: 2 + { 3 + programs.neovim = { 4 + enable = true; 5 + defaultEditor = true; 6 + viAlias = true; 7 + vimAlias = true; 8 + withNodeJs = true; 9 + plugins = with pkgs.vimPlugins; [ 10 + catppuccin-nvim 11 + nvim-cmp 12 + cmp-buffer 13 + cmp-nvim-lsp 14 + cmp-path 15 + conform-nvim 16 + cord-nvim 17 + gitsigns-nvim 18 + lualine-nvim 19 + mini-nvim 20 + nvim-lspconfig 21 + nvim-navic 22 + nvim-tree-lua 23 + plenary-nvim 24 + telescope-file-browser-nvim 25 + telescope-fzf-native-nvim 26 + telescope-nvim 27 + which-key-nvim 28 + nvim-treesitter.withAllGrammars 29 + ]; 30 + extraPackages = with pkgs; [ 31 + nil 32 + vtsls 33 + vue-language-server 34 + docker-language-server 35 + docker-compose-language-service 36 + yaml-language-server 37 + bash-language-server 38 + lua-language-server 39 + astro-language-server 40 + tailwindcss-language-server 41 + emmet-language-server 42 + terraform-ls 43 + gopls 44 + ]; 45 + 46 + extraLuaConfig = '' 47 + ${builtins.readFile ./init.lua} 48 + vim.cmd("colorscheme catppuccin") 49 + ''; 50 + }; 51 + 52 + home.file = { 53 + ".vimrc".text = builtins.readFile ./.vimrc; 54 + }; 55 + }

+495

home/diogo/packages/neovim/init.lua

··· 1 + vim.cmd("source ~/.vimrc") 2 + 3 + local cmp = require("cmp") 4 + 5 + cmp.setup({ 6 + mapping = { 7 + ["<C-n>"] = cmp.mapping.select_next_item({ behavior = cmp.SelectBehavior.Select }), 8 + ["<C-p>"] = cmp.mapping.select_prev_item({ behavior = cmp.SelectBehavior.Select }), 9 + 10 + ["<Tab>"] = cmp.mapping(function(fallback) 11 + if cmp.visible() then 12 + cmp.confirm({ select = true }) 13 + else 14 + fallback() 15 + end 16 + end, { "i", "s" }), 17 + }, 18 + 19 + sources = cmp.config.sources({ 20 + { 21 + name = "nvim_lsp", 22 + ---@param entry cmp.Entry 23 + ---@param ctx cmp.Context 24 + entry_filter = function(entry, ctx) 25 + if ctx.filetype ~= "vue" then 26 + return true 27 + end 28 + 29 + local cursor_before_line = ctx.cursor_before_line 30 + if cursor_before_line:sub(-1) == "@" then 31 + return entry.completion_item.label:match("^@") 32 + elseif cursor_before_line:sub(-1) == ":" then 33 + return entry.completion_item.label:match("^:") 34 + and not entry.completion_item.label:match("^:on%-") 35 + else 36 + return true 37 + end 38 + end, 39 + }, 40 + { name = "buffer" }, 41 + { name = "path" }, 42 + }), 43 + 44 + formatting = { 45 + format = function(entry, item) 46 + item.menu = ({ 47 + nvim_lsp = "[LSP]", 48 + buffer = "[Buffer]", 49 + path = "[Path]", 50 + })[entry.source.name] 51 + return item 52 + end, 53 + }, 54 + }) 55 + 56 + cmp.event:on("menu_closed", function() 57 + local bufnr = vim.api.nvim_get_current_buf() 58 + vim.b[bufnr]._vue_ts_cached_is_in_start_tag = nil 59 + end) 60 + 61 + require("conform").setup({ 62 + formatters_by_ft = { 63 + lua = { "stylua" }, 64 + vue = { "prettierd", "prettier", stop_after_first = true }, 65 + typescript = { "prettierd", "prettier", stop_after_first = true }, 66 + javascript = { "prettierd", "prettier", stop_after_first = true }, 67 + javascriptreact = { "prettierd", "prettier", stop_after_first = true }, 68 + css = { "prettierd", "prettier", stop_after_first = true }, 69 + }, 70 + format_on_save = { 71 + timeout_ms = 500, 72 + lsp_format = "fallback", 73 + }, 74 + }) 75 + 76 + vim.keymap.set({ "n", "v" }, "<leader>f", function() 77 + require("conform").format({ timeout_ms = 500, lsp_format = "fallback" }) 78 + end, { desc = "Format buffer or selection" }) 79 + 80 + require("cord").setup({ 81 + editor = { 82 + tooltip = "Neovim", 83 + icon = "https://raw.githubusercontent.com/IogaMaster/neovim/main/.github/assets/nixvim-dark.webp", 84 + }, 85 + display = { 86 + theme = "catppuccin", 87 + flavor = "accent", 88 + }, 89 + text = { 90 + file_browser = true, 91 + workspace = "Working on ${workspace}", 92 + }, 93 + variables = true, 94 + }) 95 + 96 + require("gitsigns").setup({ 97 + current_line_blame = true, 98 + current_line_blame_opts = { 99 + virt_text = true, 100 + virt_text_pos = "eol", 101 + delay = 100, 102 + ignore_whitespace = false, 103 + }, 104 + current_line_blame_formatter = "<author>, <author_time:%d-%m-%Y> - <summary>", 105 + }) 106 + 107 + local navic = require("nvim-navic") 108 + 109 + navic.setup({ 110 + separator = " › ", 111 + highlight = true, 112 + }) 113 + 114 + vim.api.nvim_create_autocmd("LspAttach", { 115 + callback = function(event) 116 + local client = vim.lsp.get_client_by_id(event.data.client_id) 117 + if client.server_capabilities.documentSymbolProvider then 118 + navic.attach(client, event.buf) 119 + end 120 + vim.lsp.inlay_hint.enable(true, { bufnr = event.buf }) 121 + end, 122 + }) 123 + 124 + local servers = { 125 + lua_ls = { 126 + settings = { 127 + Lua = { 128 + runtime = { 129 + version = "LuaJIT", 130 + }, 131 + diagnostics = { 132 + globals = { "vim" }, 133 + }, 134 + hint = { enable = true }, 135 + }, 136 + }, 137 + }, 138 + 139 + yamlls = { 140 + settings = { 141 + yaml = { 142 + completion = true, 143 + validate = true, 144 + suggest = { 145 + parentSkeletonSelectedFirst = true, 146 + }, 147 + schemas = { 148 + ["https://www.schemastore.org/github-workflow.json"] = ".github/workflows/*", 149 + ["https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json"] = "docker-compose*.{yml,yaml}", 150 + }, 151 + }, 152 + redhat = { 153 + telemetry = { 154 + enable = false, 155 + }, 156 + }, 157 + }, 158 + }, 159 + 160 + jsonls = { 161 + settings = { 162 + json = { 163 + validate = { enable = true }, 164 + schemas = { 165 + { 166 + fileMatch = { "package.json" }, 167 + url = "https://www.schemastore.org/package.json", 168 + }, 169 + { 170 + fileMatch = { "tsconfig*.json" }, 171 + url = "https://www.schemastore.org/tsconfig.json", 172 + }, 173 + }, 174 + }, 175 + }, 176 + }, 177 + 178 + vtsls = { 179 + settings = { 180 + vtsls = { 181 + tsserver = { 182 + globalPlugins = { 183 + { 184 + name = "@vue/typescript-plugin", 185 + location = "~/.bun/bin/vue-language-server", 186 + languages = { "vue" }, 187 + configNamespace = "typescript", 188 + }, 189 + }, 190 + }, 191 + }, 192 + }, 193 + filetypes = { "typescript", "javascript", "vue" }, 194 + }, 195 + 196 + vue_ls = {}, 197 + 198 + nil_ls = { 199 + cmd = { "nil" }, 200 + settings = { 201 + ["nil"] = { 202 + diagnostics = { 203 + bindingEndHintMinLines = 2, 204 + }, 205 + nix = { maxMemoryMB = nil }, 206 + }, 207 + }, 208 + }, 209 + 210 + just = {}, 211 + 212 + dockerls = {}, 213 + 214 + astro = {}, 215 + 216 + emmet_language_server = { 217 + filetypes = { 218 + "vue", 219 + "astro", 220 + "css", 221 + "html", 222 + "javascript", 223 + "javascriptreact", 224 + "typescriptreact", 225 + }, 226 + }, 227 + 228 + tailwindcss = { 229 + filetypes = { 230 + "vue", 231 + "astro", 232 + "javascriptreact", 233 + "typescriptreact", 234 + "html", 235 + "css", 236 + }, 237 + }, 238 + 239 + terraformls = {}, 240 + 241 + gopls = {}, 242 + 243 + sourcekit = { 244 + cmd = { "/Library/Developer/CommandLineTools/usr/bin/sourcekit-lsp" }, 245 + filetypes = { "swift" }, 246 + }, 247 + } 248 + 249 + vim.diagnostic.config({ 250 + virtual_text = true, 251 + signs = true, 252 + underline = true, 253 + update_in_insert = false, 254 + float = { 255 + focusable = false, 256 + style = "minimal", 257 + border = "rounded", 258 + source = "if_many", 259 + header = "", 260 + prefix = "", 261 + }, 262 + }) 263 + 264 + for server, config in pairs(servers) do 265 + vim.lsp.config(server, config) 266 + vim.lsp.enable(server) 267 + end 268 + 269 + vim.lsp.handlers["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, { 270 + border = "rounded", 271 + max_width = 80, 272 + }) 273 + 274 + vim.keymap.set("n", "<leader>rn", vim.lsp.buf.rename, { desc = "Rename symbol" }) 275 + vim.keymap.set( 276 + "n", 277 + "K", 278 + vim.lsp.buf.hover, 279 + { noremap = true, silent = true, desc = "LSP Hover Documentation" } 280 + ) 281 + 282 + require("lualine").setup({ 283 + options = { 284 + icons_enabled = false, 285 + theme = "auto", 286 + globalstatus = true, 287 + component_separators = "", 288 + section_separators = "", 289 + always_divide_middle = true, 290 + ignore_focus = { "NvimTree" }, 291 + disabled_filetypes = { 292 + statusline = { "NvimTree" }, 293 + winbar = { "NvimTree" }, 294 + }, 295 + }, 296 + sections = { 297 + lualine_a = { "mode" }, 298 + lualine_b = { 299 + { "branch" }, 300 + "diff", 301 + }, 302 + lualine_c = { { "filename", path = 1, shorting_target = 40 } }, 303 + lualine_x = { "diagnostics" }, 304 + lualine_y = { "progress" }, 305 + lualine_z = { "location" }, 306 + }, 307 + inactive_sections = { 308 + lualine_a = {}, 309 + lualine_b = {}, 310 + lualine_c = {}, 311 + lualine_x = {}, 312 + lualine_y = {}, 313 + lualine_z = {}, 314 + }, 315 + tabline = {}, 316 + winbar = { 317 + lualine_c = { 318 + { 319 + "navic", 320 + cond = function() 321 + return require("nvim-navic").is_available() 322 + end, 323 + }, 324 + }, 325 + }, 326 + inactive_winbar = {}, 327 + extensions = {}, 328 + }) 329 + vim.opt.showmode = false 330 + vim.o.cmdheight = 0 331 + vim.o.laststatus = 3 332 + 333 + require("mini.pairs").setup() 334 + 335 + require("mini.notify").setup({ 336 + window = { 337 + winblend = 0, 338 + lsp_progress = { 339 + enable = true, 340 + }, 341 + }, 342 + }) 343 + 344 + vim.notify = require("mini.notify").make_notify() 345 + vim.api.nvim_create_autocmd("BufWritePost", { 346 + callback = function(args) 347 + local ft = vim.bo[args.buf].filetype 348 + if ft == "" or vim.bo[args.buf].buftype ~= "" then 349 + return 350 + end 351 + 352 + local fn = vim.fn.fnamemodify(args.file, ":t") 353 + vim.notify("Saved " .. fn, vim.log.levels.INFO, { title = "File Written" }) 354 + end, 355 + }) 356 + 357 + require("mini.move").setup({ 358 + mappings = { 359 + left = "<M-h>", 360 + right = "<M-l>", 361 + down = "<M-j>", 362 + up = "<M-k>", 363 + line_left = "<M-h>", 364 + line_right = "<M-l>", 365 + line_down = "<M-j>", 366 + line_up = "<M-k>", 367 + }, 368 + options = { 369 + reindent_linewise = true, 370 + }, 371 + }) 372 + 373 + require("mini.comment").setup({ 374 + options = { 375 + custom_commentstring = nil, 376 + ignore_blank_line = false, 377 + start_of_line = false, 378 + pad_comment_parts = true, 379 + }, 380 + mappings = { 381 + comment = "gc", 382 + comment_line = "gcc", 383 + }, 384 + }) 385 + 386 + require("mini.surround").setup({ 387 + mappings = { 388 + add = "S", -- Add surrounding in Normal and Visual modes 389 + delete = "ds", -- Delete surrounding 390 + find = "sf", -- Find surrounding (to the right) 391 + find_left = "sF", -- Find surrounding (to the left) 392 + highlight = "sh", -- Highlight surrounding 393 + replace = "cs", -- Replace surrounding 394 + }, 395 + }) 396 + 397 + require("telescope").setup({ 398 + defaults = { 399 + file_ignore_patterns = { "bun.lock" }, 400 + }, 401 + extensions = { 402 + fzf = { 403 + fuzzy = true, 404 + override_generic_sorter = true, 405 + override_file_sorter = true, 406 + case_mode = "smart_case", 407 + }, 408 + }, 409 + }) 410 + 411 + require("telescope").load_extension("fzf") 412 + require("telescope").load_extension("file_browser") 413 + 414 + local opts = { noremap = true, silent = true } 415 + vim.api.nvim_set_keymap( 416 + "n", 417 + "<leader>ff", 418 + "<cmd>lua require('telescope.builtin').find_files()<CR>", 419 + opts 420 + ) 421 + vim.api.nvim_set_keymap( 422 + "n", 423 + "<leader>fg", 424 + "<cmd>lua require('telescope.builtin').live_grep()<CR>", 425 + opts 426 + ) 427 + vim.api.nvim_set_keymap( 428 + "n", 429 + "<leader>fl", 430 + "<cmd>lua require('telescope.builtin').current_buffer_fuzzy_find()<CR>", 431 + opts 432 + ) 433 + vim.api.nvim_set_keymap( 434 + "n", 435 + "<leader>fr", 436 + "<cmd>lua require('telescope.builtin').lsp_references()<CR>", 437 + opts 438 + ) 439 + vim.api.nvim_set_keymap( 440 + "n", 441 + "<leader>fd", 442 + "<cmd>lua require('telescope.builtin').lsp_definitions()<CR>", 443 + opts 444 + ) 445 + vim.api.nvim_set_keymap( 446 + "n", 447 + "<leader>ft", 448 + "<cmd>lua require('telescope.builtin').lsp_type_definitions()<CR>", 449 + opts 450 + ) 451 + vim.api.nvim_set_keymap("n", "<leader>fi", "<cmd>Telescope lsp_implementations<CR>", opts) 452 + vim.api.nvim_set_keymap("n", "<C-j>", "<cmd>Telescope lsp_document_symbols<CR>", opts) 453 + 454 + vim.g.loaded_netrw = 1 455 + vim.g.loaded_netrwPlugin = 1 456 + 457 + require("nvim-tree").setup({ 458 + renderer = { 459 + icons = { 460 + show = { 461 + file = false, 462 + folder = false, 463 + folder_arrow = true, 464 + git = false, 465 + modified = true, 466 + }, 467 + }, 468 + }, 469 + view = { 470 + width = 30, 471 + side = "right", 472 + }, 473 + disable_netrw = true, 474 + hijack_netrw = true, 475 + update_focused_file = { enable = true }, 476 + filters = { dotfiles = false }, 477 + git = { enable = false }, 478 + }) 479 + 480 + vim.keymap.set("n", "<C-b>", ":NvimTreeToggle<CR>", { desc = "Toggle file explorer" }) 481 + vim.keymap.set("n", "<leader>e", ":NvimTreeFocus<CR>", { desc = "Focus file explorer" }) 482 + 483 + require("nvim-treesitter.configs").setup({ 484 + highlight = { enable = true, additional_vim_regex_highlighting = true }, 485 + indent = { enable = true }, 486 + }) 487 + 488 + vim.keymap.set("n", "<leader>?", function() 489 + require("which-key").show({ global = false }) 490 + end, { desc = "Buffer Local Keymaps (which-key)" }) 491 + 492 + require("catppuccin").setup({ 493 + flavour = "frappe", 494 + transparent_background = true, 495 + })

+93

home/diogo/packages/ohmyposh/config.json

··· 1 + { 2 + "$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/ohmyposh/main/themes/schema.json", 3 + "secondary_prompt": { 4 + "template": "~~> ", 5 + "foreground": "magenta", 6 + "background": "transparent" 7 + }, 8 + "transient_prompt": { 9 + "template": "~> ", 10 + "background": "transparent", 11 + "foreground_templates": [ 12 + "{{if gt .Code 0}}red{{end}}", 13 + "{{if eq .Code 0}}magenta{{end}}" 14 + ] 15 + }, 16 + "upgrade": { 17 + "source": "cdn", 18 + "interval": "168h", 19 + "auto": false, 20 + "notice": false 21 + }, 22 + "blocks": [ 23 + { 24 + "type": "prompt", 25 + "alignment": "left", 26 + "segments": [ 27 + { 28 + "properties": { 29 + "cache_duration": "none", 30 + "style": "full" 31 + }, 32 + "template": "{{ .Path }} ", 33 + "foreground": "blue", 34 + "background": "transparent", 35 + "type": "path", 36 + "style": "plain" 37 + }, 38 + { 39 + "properties": { 40 + "branch_icon": "", 41 + "cache_duration": "none", 42 + "commit_icon": "@", 43 + "fetch_status": true 44 + }, 45 + "template": "{{ .HEAD }}{{ if or (.Working.Changed) (.Staging.Changed) }}*{{ end }} <cyan>{{ if gt .Behind 0 }}\u21e3{{ end }}{{ if gt .Ahead 0 }}\u21e1{{ end }}</>", 46 + "foreground": "p:grey", 47 + "background": "transparent", 48 + "type": "git", 49 + "style": "plain" 50 + } 51 + ], 52 + "newline": true 53 + }, 54 + { 55 + "type": "rprompt", 56 + "overflow": "hidden", 57 + "segments": [ 58 + { 59 + "properties": { 60 + "cache_duration": "none", 61 + "threshold": 5000 62 + }, 63 + "template": "{{ .FormattedMs }}", 64 + "foreground": "yellow", 65 + "background": "transparent", 66 + "type": "executiontime", 67 + "style": "plain" 68 + } 69 + ] 70 + }, 71 + { 72 + "type": "prompt", 73 + "alignment": "left", 74 + "segments": [ 75 + { 76 + "properties": { 77 + "cache_duration": "none" 78 + }, 79 + "template": "~>", 80 + "background": "transparent", 81 + "type": "text", 82 + "style": "plain", 83 + "foreground_templates": [ 84 + "{{if gt .Code 0}}red{{end}}", 85 + "{{if eq .Code 0}}magenta{{end}}" 86 + ] 87 + } 88 + ] 89 + } 90 + ], 91 + "version": 3, 92 + "final_space": true 93 + }

+7

home/diogo/packages/ohmyposh/default.nix

··· 1 + { 2 + programs.ohmyposh = { 3 + enable = true; 4 + enableZshIntegration = true; 5 + settings = builtins.fromJSON (builtins.readFile ./config.json); 6 + }; 7 + }

+20

home/diogo/packages/ssh.nix

··· 1 + { lib, config, ... }: 2 + { 3 + programs.ssh = { 4 + enable = true; 5 + hashKnownHosts = true; 6 + compression = true; 7 + 8 + matchBlocks = { 9 + "github.com" = { 10 + user = "git"; 11 + hostname = "github.com"; 12 + }; 13 + }; 14 + 15 + extraConfig = lib.mkIf config.sys.profiles.graphical.enable '' 16 + Host * 17 + IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" 18 + ''; 19 + }; 20 + }

+48

home/diogo/packages/tmux.nix

··· 1 + { pkgs, ... }: 2 + { 3 + programs.tmux = { 4 + enable = true; 5 + plugins = with pkgs.tmuxPlugins; [ 6 + catppuccin 7 + ]; 8 + extraConfig = '' 9 + set -g mouse on 10 + set -s escape-time 0 11 + set -g default-terminal "tmux-256color" 12 + set -sa terminal-overrides ",xterm*:Tc" 13 + 14 + unbind C-b 15 + set -g prefix C-a 16 + bind C-a send-prefix 17 + 18 + bind r source-file ~/.tmux.conf \; display-message "tmux config reloaded!" 19 + 20 + bind -n C-k send-keys C-l 21 + 22 + bind -r h select-pane -L 23 + bind -r j select-pane -D 24 + bind -r k select-pane -U 25 + bind -r l select-pane -R 26 + bind v split-window -h 27 + bind n split-window -v 28 + bind x kill-pane 29 + 30 + bind w new-window -c "#{pane_current_path}" 31 + bind n next-window 32 + bind p previous-window 33 + 34 + set -g @catppuccin_flavor 'frappe' 35 + set -g @catppuccin_window_status_style "basic" 36 + set -g @catppuccin_window_number "#I" 37 + set -g @catppuccin_window_text " #{pane_current_command}" 38 + set -g @catppuccin_window_current_number "#[bold]#I" 39 + set -g @catppuccin_window_current_text " #{pane_current_command}" 40 + 41 + set -g status-right-length 100 42 + set -g status-left-length 100 43 + set -g status-style "bg=default" 44 + set -g status-left "" 45 + set -g status-right "" 46 + ''; 47 + }; 48 + }

+72

home/diogo/packages/zsh.nix

··· 1 + { pkgs, ... }: 2 + { 3 + programs.zsh = { 4 + enable = true; 5 + enableCompletion = true; 6 + autosuggestion.enable = true; 7 + syntaxHighlighting.enable = true; 8 + 9 + initContent = '' 10 + source <(fzf --zsh) 11 + echo -e "\e[35m" 12 + /bin/cat <<'EOF' 13 + ╱|、 14 + (˚ˎ。7 15 + |、˜〵 16 + じしˍ,)ノ 17 + EOF 18 + echo -e "\e[0m" 19 + ''; 20 + 21 + envExtra = '' 22 + ${ 23 + if pkgs.stdenv.hostPlatform.isDarwin then 24 + ''export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock'' 25 + else 26 + '''' 27 + } 28 + ''; 29 + 30 + shellAliases = { 31 + cat = "bat"; 32 + cd = "z"; 33 + cp = "cp -iv"; 34 + mv = "mv -iv"; 35 + rm = "rm -rfv"; 36 + mkdir = "mkdir -pv"; 37 + p = "cd ~/Developer/"; 38 + dl = "cd ~/Downloads/"; 39 + f = "open -a Finder"; 40 + ls = "eza"; 41 + g = "git"; 42 + lg = "lazygit"; 43 + grep = "rg"; 44 + find = "fd"; 45 + }; 46 + }; 47 + 48 + programs.zoxide = { 49 + enable = true; 50 + enableZshIntegration = true; 51 + }; 52 + 53 + programs.bat.enable = true; 54 + 55 + programs.eza = { 56 + enable = true; 57 + git = true; 58 + }; 59 + 60 + programs.fd.enable = true; 61 + 62 + programs.ripgrep = { 63 + enable = true; 64 + 65 + arguments = [ 66 + "--max-columns=150" 67 + "--max-columns-preview" 68 + "--glob=!.git/*" 69 + "--smart-case" 70 + ]; 71 + }; 72 + }

+5

home/diogo/system/default.nix

··· 1 + { 2 + imports = [ 3 + ./secrets.nix 4 + ]; 5 + }

+5

home/diogo/system/secrets.nix

··· 1 + { 2 + sops.secrets = { 3 + gpg = { }; 4 + }; 5 + }

+62

home/diogo/yabai.nix

··· 1 + { pkgs, lib, ... }: 2 + { 3 + home.file.".yabairc" = lib.mkIf pkgs.stdenv.hostPlatform.isDarwin { 4 + text = '' 5 + #!/usr/bin/env sh 6 + 7 + # globals 8 + yabai -m config mouse_follows_focus on 9 + yabai -m config split_ratio 0.50 10 + 11 + # space 12 + yabai -m config layout bsp 13 + yabai -m config top_padding 8 14 + yabai -m config bottom_padding 8 15 + yabai -m config left_padding 8 16 + yabai -m config right_padding 8 17 + yabai -m config window_gap 8 18 + yabai -m config external_bar main:0:0 19 + 20 + # space 1: web 21 + yabai -m space 1 --label web 22 + yabai -m rule --add app="Twilight" space=web 23 + yabai -m rule --add app="Safari" space=web 24 + 25 + # space 2: dev 26 + yabai -m space 2 --label dev 27 + yabai -m rule --add app="kitty" space=dev 28 + yabai -m rule --add app="Xcode" space=dev 29 + 30 + # space 3: misc 31 + yabai -m space 3 --label misc --layout stack 32 + yabai -m rule --add app="Notes" space=misc 33 + yabai -m rule --add app="Sketch Beta" space=misc 34 + yabai -m rule --add app="Steam" space=misc 35 + yabai -m rule --add app="Reminders" space=misc 36 + 37 + # space 4: display 2 38 + yabai -m space 4 --label stack --layout stack 39 + yabai -m rule --add app="Vesktop" space=stack 40 + yabai -m rule --add app="Signal" space=stack 41 + yabai -m rule --add app="Messages" space=stack 42 + yabai -m rule --add app="Mail" space=stack 43 + yabai -m rule --add app="WhatsApp" space=stack 44 + yabai -m rule --add app="Podcasts" space=stack 45 + yabai -m rule --add app="Music" space=stack 46 + yabai -m rule --add app="Thunderbird" space=stack 47 + 48 + # don't manage 49 + yabai -m rule --add label="System Settings" app="^System Settings$" manage=off 50 + yabai -m rule --add label="About This Mac" app="^System Information$" title="About This Mac" manage=off 51 + yabai -m rule --add label="Software Update" title="Software Update" manage=off 52 + yabai -m rule --add label="Safari" app="^Safari$" title="^(General|(Tab|Website|Profile|Extension|Feature Flag)s|AutoFill|Se(arch|curity)|Privacy|Advanced|Developer)$" manage=off 53 + yabai -m rule --add label="Finder" app="^Finder$" manage=off 54 + yabai -m rule --add label="App Store" app="^App Store$" manage=off 55 + yabai -m rule --add label="Activity Monitor" app="^Activity Monitor$" manage=off 56 + yabai -m rule --add label="Calculator" app="^Calculator$" manage=off 57 + yabai -m rule --add label="Dictionary" app="^Dictionary$" manage=off 58 + yabai -m rule --add label="1Password" app="^1Password$" manage=off 59 + yabai -m rule --add label="FaceTime" app="^FaceTime$" manage=off 60 + ''; 61 + }; 62 + }

+7

hosts/bunni/default.nix

··· 1 + { 2 + sys.profiles.graphical.enable = true; 3 + 4 + system.primaryUser = "diogo"; 5 + 6 + security.pam.services.sudo_local.touchIdAuth = true; 7 + }

+17

hosts/default.nix

··· 1 + { self, inputs, ... }: 2 + { 3 + imports = [ inputs.easy-hosts.flakeModule ]; 4 + 5 + config.easy-hosts = { 6 + perClass = class: { 7 + modules = [ "${self}/modules/${class}" ]; 8 + }; 9 + 10 + hosts = { 11 + bunni = { 12 + arch = "aarch64"; 13 + class = "darwin"; 14 + }; 15 + }; 16 + }; 17 + }

+44

justfile

··· 1 + flake_var := env_var_or_default("FLAKE", "") 2 + flake := if flake_var =~ '^\.*$' { justfile_directory() } else { flake_var } 3 + rebuild := if os() == "macos" { "sudo darwin-rebuild" } else { "nixos-rebuild" } 4 + system-args := if os() != "macos" { "--sudo --no-reexec" } else { "" } 5 + 6 + [private] 7 + default: 8 + @just --list --unsorted 9 + 10 + [group('rebuild')] 11 + [private] 12 + builder goal *args: 13 + {{ rebuild }} {{ goal }} \ 14 + --flake {{ flake }} \ 15 + {{ system-args }} \ 16 + {{ args }} 17 + 18 + [group('rebuild')] 19 + switch *args: (builder "switch" args) 20 + 21 + [group('rebuild')] 22 + [macos] 23 + provision host: 24 + sudo nix run nix-darwin/master -- switch --flake {{ flake }}#{{ host }} 25 + 26 + [group('rebuild')] 27 + deploy host *args: (builder "switch" "--build-host " + host "--target-host " + host "--use-substitutes " + args) 28 + 29 + [group('utils')] 30 + clean: 31 + nix-collect-garbage --delete-older-than 3d 32 + nix store optimise 33 + 34 + [group('utils')] 35 + rotate: 36 + /usr/bin/find secrets/ -name "*.yaml" | xargs -I {} sops rotate -i {} 37 + /usr/bin/find secrets/ -name "*.yaml" | xargs -I {} sops updatekeys -y {} 38 + 39 + [group('utils')] 40 + update: 41 + nix flake update \ 42 + --commit-lock-file \ 43 + --commit-lockfile-summary "flake: update inputs" \ 44 + --flake {{ flake }}

+83

modules/darwin/brew.nix

··· 1 + { 2 + pkgs, 3 + inputs, 4 + config, 5 + ... 6 + }: 7 + { 8 + imports = [ 9 + inputs.homebrew.darwinModules.nix-homebrew 10 + ./environment.nix 11 + ]; 12 + 13 + config = { 14 + nix-homebrew = { 15 + enable = true; 16 + taps = { 17 + "homebrew/homebrew-core" = pkgs.fetchFromGitHub { 18 + owner = "homebrew"; 19 + repo = "homebrew-core"; 20 + rev = "481ae0c7e1591b8d6bc8e30a715daadbb41e281b"; 21 + hash = "sha256-Z63K/AeNJP709Vh0Wwq1TtJUwuK5zFUMqbFEzE4qfjE="; 22 + }; 23 + "homebrew/homebrew-cask" = pkgs.fetchFromGitHub { 24 + owner = "homebrew"; 25 + repo = "homebrew-cask"; 26 + rev = "886976b4942c7695a0a16a1b1241b776f20bf13c"; 27 + hash = "sha256-AQ2k926S5OaT9RkLVZ2aoRfyoZM2/66aV5KP5rCzgyQ="; 28 + }; 29 + "koekeishiya/homebrew-formulae" = pkgs.fetchFromGitHub { 30 + owner = "koekeishiya"; 31 + repo = "homebrew-formulae"; 32 + rev = "f5711b9c70e104bffc79e3525e2ed0dc335bdbba"; 33 + hash = "sha256-e7NybFVmFDHHy8m+cJPnDugGKzfYkMvh/3c+O7jMM2Y="; 34 + }; 35 + }; 36 + mutableTaps = false; 37 + user = "diogo"; 38 + autoMigrate = true; 39 + }; 40 + 41 + homebrew = { 42 + enable = true; 43 + 44 + global.autoUpdate = true; 45 + 46 + onActivation = { 47 + upgrade = true; 48 + cleanup = "zap"; 49 + }; 50 + 51 + taps = builtins.attrNames config.nix-homebrew.taps; 52 + 53 + masApps = { 54 + "Pages" = 409201541; 55 + "TestFlight" = 899247664; 56 + "WhatsApp" = 310633997; 57 + }; 58 + 59 + brews = [ 60 + "colima" 61 + "docker" 62 + "docker-compose" 63 + "mas" 64 + "koekeishiya/formulae/yabai" 65 + "koekeishiya/formulae/skhd" 66 + ]; 67 + 68 + casks = [ 69 + "1password" 70 + "1password-cli" 71 + "aldente" 72 + "font-maple-mono" 73 + "kitty" 74 + "signal" 75 + "steam" 76 + "vesktop" 77 + "raycast" 78 + "zen@twilight" 79 + "mullvad-vpn" 80 + ]; 81 + }; 82 + }; 83 + }

+17

modules/darwin/default.nix

··· 1 + { inputs, ... }: 2 + { 3 + _class = "darwin"; 4 + 5 + system.defaults.CustomUserPreferences."com.apple.AdLib".allowApplePersonalizedAdvertising = false; 6 + 7 + imports = [ 8 + ../shared 9 + inputs.home-manager.darwinModules.home-manager 10 + ./preferences.nix 11 + ./network.nix 12 + ./keyboard.nix 13 + ./brew.nix 14 + ]; 15 + 16 + system.stateVersion = 6; 17 + }

+9

modules/darwin/environment.nix

··· 1 + { config, ... }: 2 + { 3 + environment.variables = { 4 + HOMEBREW_NO_ANALYTICS = "1"; 5 + HOMEBREW_NO_INSECURE_REDIRECT = "1"; 6 + HOMEBREW_NO_ENV_HINTS = "0"; 7 + systemPath = [ config.homebrew.brewPrefix ]; 8 + }; 9 + }

+14

modules/darwin/keyboard.nix

··· 1 + { 2 + system = { 3 + keyboard = { 4 + enableKeyMapping = true; 5 + remapCapsLockToEscape = true; 6 + }; 7 + 8 + defaults.NSGlobalDomain = { 9 + ApplePressAndHoldEnabled = false; 10 + KeyRepeat = 1; 11 + InitialKeyRepeat = 13; 12 + }; 13 + }; 14 + }

+20

modules/darwin/network.nix

··· 1 + { 2 + networking = { 3 + applicationFirewall = { 4 + enable = true; 5 + blockAllIncoming = false; 6 + allowSignedApp = false; 7 + allowSigned = true; 8 + enableStealthMode = true; 9 + }; 10 + knownNetworkServices = [ 11 + "Wi-Fi" 12 + ]; 13 + dns = [ 14 + "1.1.1.1" 15 + "1.0.0.1" 16 + "2606:4700:4700::1111" 17 + "2606:4700:4700::1001" 18 + ]; 19 + }; 20 + }

+65

modules/darwin/preferences.nix

··· 1 + { 2 + system.defaults = { 3 + dock = { 4 + autohide = true; 5 + tilesize = 35; 6 + orientation = "left"; 7 + show-recents = false; 8 + minimize-to-application = true; 9 + mru-spaces = false; 10 + }; 11 + 12 + NSGlobalDomain = { 13 + AppleShowScrollBars = "WhenScrolling"; 14 + AppleShowAllExtensions = true; 15 + AppleShowAllFiles = true; 16 + NSAutomaticQuoteSubstitutionEnabled = false; 17 + NSAutomaticDashSubstitutionEnabled = false; 18 + NSAutomaticSpellingCorrectionEnabled = false; 19 + NSAutomaticCapitalizationEnabled = false; 20 + }; 21 + 22 + WindowManager = { 23 + EnableStandardClickToShowDesktop = false; 24 + }; 25 + 26 + screensaver = { 27 + askForPassword = true; 28 + askForPasswordDelay = 0; 29 + }; 30 + 31 + finder = { 32 + ShowPathbar = true; 33 + FXEnableExtensionChangeWarning = false; 34 + AppleShowAllExtensions = true; 35 + AppleShowAllFiles = true; 36 + }; 37 + 38 + CustomUserPreferences."com.apple.finder" = { 39 + ShowExternalHardDrivesOnDesktop = true; 40 + ShowHardDrivesOnDesktop = true; 41 + ShowMountedServersOnDesktop = true; 42 + ShowRemovableMediaOnDesktop = true; 43 + _FXSortFoldersFirst = true; 44 + FXDefaultSearchScope = "SCcf"; 45 + WarnOnEmptyTrash = false; 46 + }; 47 + 48 + loginwindow = { 49 + GuestEnabled = false; 50 + SHOWFULLNAME = false; 51 + }; 52 + }; 53 + 54 + system.activationScripts.postActivate.text = '' 55 + #!/usr/bin/env bash 56 + set -e 57 + 58 + sudo chflags nohidden /Volumes 59 + chflags nohidden "$HOME/Library" 60 + sudo dscacheutil -flushcache 61 + sudo killall -HUP mDNSResponder 62 + 63 + killall Dock Finder SystemUIServer WindowManager || true 64 + ''; 65 + }

+11

modules/home/default.nix

··· 1 + { 2 + _class = "homeManager"; 3 + 4 + imports = [ 5 + ../shared/packages.nix 6 + ../shared/profiles.nix 7 + ./home.nix 8 + ./profiles.nix 9 + ./secrets.nix 10 + ]; 11 + }

+5

modules/home/home.nix

··· 1 + { 2 + home.stateVersion = "25.05"; 3 + 4 + programs.home-manager.enable = true; 5 + }

+12

modules/home/profiles.nix

··· 1 + { osConfig, ... }: 2 + let 3 + cfg = osConfig.sys.profiles; 4 + in 5 + { 6 + sys.profiles = { 7 + inherit (cfg) 8 + graphical 9 + headless 10 + ; 11 + }; 12 + }

+17

modules/home/secrets.nix

··· 1 + { 2 + self, 3 + name, 4 + config, 5 + inputs, 6 + ... 7 + }: 8 + { 9 + imports = [ inputs.sops.homeManagerModules.sops ]; 10 + 11 + config = { 12 + sops = { 13 + defaultSopsFile = "${self}/secrets/${name}.yaml"; 14 + age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; 15 + }; 16 + }; 17 + }

+28

modules/nixos/default.nix

··· 1 + { inputs, ... }: 2 + { 3 + _class = "nixos"; 4 + 5 + imports = [ 6 + ../shared 7 + inputs.home-manager.nixosModules.home-manager 8 + ./headless.nix 9 + ./networking 10 + ./sudo.nix 11 + ./secrets.nix 12 + ./services 13 + ./users 14 + ]; 15 + 16 + nix = { 17 + gc.dates = "Mon *-*-* 04:00"; 18 + 19 + optimise = { 20 + automatic = true; 21 + dates = [ "04:30" ]; 22 + }; 23 + 24 + settings = { 25 + build-dir = "/var/tmp"; 26 + }; 27 + }; 28 + }

+10

modules/nixos/headless.nix

··· 1 + { lib, config, ... }: 2 + { 3 + config = lib.mkIf config.sys.profiles.headless.enable { 4 + environment.variables.BROWSER = "echo"; 5 + 6 + systemd = { 7 + enableEmergencyMode = false; 8 + }; 9 + }; 10 + }

+14

modules/nixos/networking/default.nix

··· 1 + { config, ... }: 2 + { 3 + imports = [ 4 + ./fail2ban.nix 5 + ./firewall.nix 6 + ./openssh.nix 7 + ]; 8 + 9 + networking = { 10 + hostId = builtins.substring 0 8 (builtins.hashString "md5" config.networking.hostName); 11 + 12 + networkmanager.enable = true; 13 + }; 14 + }

+19

modules/nixos/networking/fail2ban.nix

··· 1 + { 2 + services.fail2ban = { 3 + enable = true; 4 + banaction = "iptables-multiport[blocktype=DROP]"; 5 + maxretry = 3; 6 + ignoreIP = [ 7 + "127.0.0.0/8" 8 + "10.0.0.0/8" 9 + "192.168.0.0/16" 10 + ]; 11 + 12 + bantime-increment = { 13 + enable = true; 14 + rndtime = "12m"; 15 + multipliers = "4 8 16 32 64 128 256 512 1024 2048"; 16 + maxtime = "192h"; 17 + }; 18 + }; 19 + }

+20

modules/nixos/networking/firewall.nix

··· 1 + { pkgs, config, ... }: 2 + { 3 + config = { 4 + networking.firewall = { 5 + enable = true; 6 + package = pkgs.iptables; 7 + 8 + allowedTCPPorts = [ 9 + 80 10 + 443 11 + ]; 12 + allowedUDPPorts = [ ]; 13 + 14 + allowedTCPPortRanges = [ ]; 15 + allowedUDPPortRanges = [ ]; 16 + 17 + allowPing = config.sys.profiles.headless.enable; 18 + }; 19 + }; 20 + }

+19

modules/nixos/networking/openssh.nix

··· 1 + { 2 + services.openssh = { 3 + enable = true; 4 + 5 + settings = { 6 + PasswordAuthentication = false; 7 + KbdInteractiveAuthentication = false; 8 + PermitRootLogin = "no"; 9 + AuthenticationMethods = "publickey"; 10 + PubkeyAuthentication = "yes"; 11 + 12 + ClientAliveCountMax = 5; 13 + ClientAliveInterval = 60; 14 + }; 15 + 16 + openFirewall = true; 17 + ports = [ 22 ]; 18 + }; 19 + }

+11

modules/nixos/secrets.nix

··· 1 + { inputs, ... }: 2 + { 3 + imports = [ inputs.sops.nixosModules.sops ]; 4 + 5 + sops = { 6 + age = { 7 + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; 8 + }; 9 + gnupg.sshKeyPaths = [ ]; 10 + }; 11 + }

+40

modules/nixos/services/asf.nix

··· 1 + { 2 + self, 3 + lib, 4 + config, 5 + ... 6 + }: 7 + let 8 + inherit (lib) mkIf; 9 + inherit (self.lib) mkServiceOption; 10 + in 11 + { 12 + options.sys.services.asf = mkServiceOption "asf" { }; 13 + 14 + config = mkIf config.sys.services.asf.enable { 15 + sops.secrets.asf = { 16 + sopsFile = "${self}/secrets/services/asf.yaml"; 17 + owner = "archisteamfarm"; 18 + group = "archisteamfarm"; 19 + }; 20 + 21 + services.archisteamfarm = { 22 + enable = true; 23 + web-ui.enable = true; 24 + settings = { 25 + SteamOwnerID = 76561198950840617; 26 + OptimizationMode = 1; 27 + }; 28 + ipcSettings = { 29 + Kestrel = { 30 + Endpoints = { 31 + HTTP = { 32 + Url = "http://*:1242"; 33 + }; 34 + }; 35 + }; 36 + }; 37 + ipcPasswordFile = config.sops.secrets.asf.path; 38 + }; 39 + }; 40 + }

+43

modules/nixos/services/caddy.nix

··· 1 + { 2 + self, 3 + lib, 4 + config, 5 + ... 6 + }: 7 + let 8 + inherit (lib) mkIf; 9 + inherit (self.lib) mkServiceOption; 10 + 11 + cfg = config.sys.services.caddy; 12 + in 13 + { 14 + options = { 15 + sys.services.caddy = mkServiceOption "caddy" { 16 + domain = "luvsick.gg"; 17 + }; 18 + }; 19 + 20 + config = mkIf cfg.enable { 21 + sops.secrets.bunny = { 22 + sopsFile = "${self}/secrets/services/bunny.yaml"; 23 + owner = "caddy"; 24 + group = "caddy"; 25 + }; 26 + 27 + networking = { inherit (cfg) domain; }; 28 + 29 + security.acme = { 30 + acceptTerms = true; 31 + defaults.email = "contact@luvsick.gg"; 32 + certs.${cfg.domain} = { 33 + extraDomainNames = [ "*.${cfg.domain}" ]; 34 + dnsProvider = "bunny"; 35 + credentialsFile = config.sops.secrets.bunny.path; 36 + }; 37 + }; 38 + 39 + users.users.caddy.extraGroups = [ "acme" ]; 40 + 41 + services.caddy.enable = true; 42 + }; 43 + }

+9

modules/nixos/services/default.nix

··· 1 + { 2 + imports = [ 3 + ./docker.nix 4 + ./caddy.nix 5 + ./pds.nix 6 + ./uptime-kuma.nix 7 + ./asf.nix 8 + ]; 9 + }

+17

modules/nixos/services/docker.nix

··· 1 + { 2 + lib, 3 + self, 4 + config, 5 + ... 6 + }: 7 + let 8 + inherit (lib) mkIf; 9 + inherit (self.lib) mkServiceOption; 10 + in 11 + { 12 + options.sys.services.docker = mkServiceOption "docker" { }; 13 + 14 + config = mkIf config.sys.services.docker.enable { 15 + virtualisation.docker.enable = true; 16 + }; 17 + }

+44

modules/nixos/services/pds.nix

··· 1 + { 2 + self, 3 + lib, 4 + config, 5 + ... 6 + }: 7 + let 8 + inherit (lib) mkIf; 9 + inherit (self.lib) mkServiceOption; 10 + 11 + cfg = config.sys.services.pds; 12 + in 13 + { 14 + options.sys.services.pds = mkServiceOption "pds" { 15 + domain = "at.${config.sys.services.caddy.domain}"; 16 + port = 3601; 17 + }; 18 + 19 + config = mkIf cfg.enable { 20 + sops.secrets.pds.sopsFile = "${self}/secrets/services/pds.yaml"; 21 + 22 + services = { 23 + pds = { 24 + enable = true; 25 + pdsadmin.enable = true; 26 + 27 + environmentFiles = [ 28 + config.sops.secrets.pds.path 29 + ]; 30 + 31 + settings = { 32 + PDS_PORT = cfg.port; 33 + PDS_HOSTNAME = cfg.domain; 34 + }; 35 + }; 36 + 37 + caddy.virtualHosts.${cfg.domain} = { 38 + extraConfig = '' 39 + reverse_proxy localhost:${toString cfg.port} 40 + ''; 41 + }; 42 + }; 43 + }; 44 + }

+37

modules/nixos/services/uptime-kuma.nix

··· 1 + { 2 + lib, 3 + self, 4 + config, 5 + ... 6 + }: 7 + let 8 + inherit (lib) mkIf; 9 + inherit (self.lib) mkServiceOption; 10 + 11 + cfg = config.sys.services.uptime-kuma; 12 + in 13 + { 14 + options.sys.services.uptime-kuma = mkServiceOption "uptime-kuma" { 15 + domain = "status.${config.sys.services.caddy.domain}"; 16 + port = 3060; 17 + }; 18 + 19 + config = mkIf cfg.enable { 20 + services = { 21 + uptime-kuma = { 22 + enable = true; 23 + 24 + settings = { 25 + HOST = "127.0.0.1"; 26 + PORT = toString cfg.port; 27 + }; 28 + }; 29 + 30 + caddy.virtualHosts.${cfg.domain} = { 31 + extraConfig = '' 32 + reverse_proxy localhost:${toString cfg.port} 33 + ''; 34 + }; 35 + }; 36 + }; 37 + }

+10

modules/nixos/sudo.nix

··· 1 + { lib, ... }: 2 + { 3 + security = { 4 + sudo = { 5 + enable = true; 6 + wheelNeedsPassword = lib.mkDefault false; 7 + execWheelOnly = true; 8 + }; 9 + }; 10 + }

+5

modules/nixos/users/default.nix

··· 1 + { 2 + imports = [ 3 + ./diogo.nix 4 + ]; 5 + }

+13

modules/nixos/users/diogo.nix

··· 1 + { 2 + lib, 3 + config, 4 + ... 5 + }: 6 + let 7 + inherit (lib) elem mkIf; 8 + in 9 + { 10 + config = mkIf (elem "diogo" config.sys.users) { 11 + users.users.diogo.hashedPassword = "$y$j9T$gr3AsFOgHR3fthkAWtX.g0$WpG6J.l2tTLq5Uzf03PvAtElO0CqakFXMtQT0pwS09/"; 12 + }; 13 + }

+9

modules/shared/default.nix

··· 1 + { 2 + imports = [ 3 + ./packages.nix 4 + ./profiles.nix 5 + ../../home 6 + ./nix.nix 7 + ./users 8 + ]; 9 + }

+9

modules/shared/nix.nix

··· 1 + { 2 + nix.settings = { 3 + experimental-features = [ 4 + "nix-command" 5 + "flakes" 6 + ]; 7 + }; 8 + nixpkgs.config.allowUnfree = true; 9 + }

+25

modules/shared/packages.nix

··· 1 + { 2 + lib, 3 + config, 4 + _class, 5 + ... 6 + }: 7 + { 8 + options.sys.packages = lib.mkOption { 9 + type = lib.types.attrsOf lib.types.package; 10 + default = { }; 11 + description = '' 12 + List of packages to install. 13 + ''; 14 + }; 15 + 16 + config = lib.mergeAttrsList [ 17 + (lib.optionalAttrs (_class == "nixos" || _class == "darwin") { 18 + environment.systemPackages = builtins.attrValues config.sys.packages; 19 + }) 20 + 21 + (lib.optionalAttrs (_class == "homeManager") { 22 + home.packages = builtins.attrValues config.sys.packages; 23 + }) 24 + ]; 25 + }

+10

modules/shared/profiles.nix

··· 1 + { lib, ... }: 2 + let 3 + inherit (lib) mkEnableOption; 4 + in 5 + { 6 + options.sys.profiles = { 7 + graphical.enable = mkEnableOption "Graphical Interface"; 8 + headless.enable = mkEnableOption "Headless"; 9 + }; 10 + }

+7

modules/shared/users/default.nix

··· 1 + { 2 + imports = [ 3 + ./mkuser.nix 4 + ./options.nix 5 + ./diogo.nix 6 + ]; 7 + }

+15

modules/shared/users/diogo.nix

··· 1 + { 2 + lib, 3 + config, 4 + ... 5 + }: 6 + let 7 + inherit (lib) elem mkIf; 8 + in 9 + { 10 + config = mkIf (elem "diogo" config.sys.users) { 11 + users.users.diogo.openssh.authorizedKeys.keys = [ 12 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIyMCwBcRVn8QdhGrI/2PWY6g9cIFEGphXBG2T3FHg5" 13 + ]; 14 + }; 15 + }

+31

modules/shared/users/mkuser.nix

··· 1 + { 2 + lib, 3 + _class, 4 + config, 5 + ... 6 + }: 7 + let 8 + inherit (lib) 9 + mkDefault 10 + mergeAttrsList 11 + optionalAttrs 12 + genAttrs 13 + ; 14 + in 15 + { 16 + users.users = genAttrs config.sys.users ( 17 + name: 18 + mergeAttrsList [ 19 + (optionalAttrs (_class == "darwin") { 20 + home = "/Users/${name}"; 21 + }) 22 + 23 + (optionalAttrs (_class == "nixos") { 24 + home = "/home/${name}"; 25 + uid = mkDefault 1000; 26 + isNormalUser = true; 27 + extraGroups = [ "wheel" ] ++ (if config.sys.services.docker.enable then [ "docker" ] else [ ]); 28 + }) 29 + ] 30 + ); 31 + }

+22

modules/shared/users/options.nix

··· 1 + { lib, config, ... }: 2 + let 3 + inherit (lib) mkOption optional; 4 + inherit (lib.types) listOf str; 5 + in 6 + { 7 + options.sys.users = mkOption { 8 + type = listOf str; 9 + default = [ "diogo" ]; 10 + description = '' 11 + A list of users that the host will have. 12 + ''; 13 + }; 14 + 15 + config = { 16 + warnings = optional (config.sys.users == [ ]) '' 17 + You have not configured any users. 18 + 19 + Please set {option}`config.sys.users` in your host configuration. 20 + ''; 21 + }; 22 + }

+17

secrets/diogo.yaml

··· 1 + gpg: ENC[AES256_GCM,data:7AMdem14A8txMoQwk6UDKpc7Encx/3HlCKkfJPUNxlePsVjtOamzRb2Z7ZUyVmgNaRTIgbFUKP3FLEoiVGAFaoGE/GhbpD210ZS/RSgiXno8IfldyCk0gZFCDHxbnLmVnHPMPkpZSapfxAaRLgW2+u85pXs1T8lrvb3sup0riOqLsQXzEHE3VkNGfHgmdPXUECvimCzdB88bQ9gOPgcaC2QOI2g8N85LB1jyGZwBZfOU75v/7jmclOG14aEOZi9nbIi8rNveyAuFDy15v4TEHj69cmT63uW4vuJfXQq/obYlluDVGVlFFbc86OpgaBZpWPdrpdivU4Cjyprt66X7NUIFjEpMLA+pGZag5oLbA3zIH/Nuw+LopzVDy0lft3/FhuiM2wdi0q28YLdZCscy2chthRbI3/seR1AVX8jqUxosV/QcB1tbMXsJwOo/0uBk+uK5mxlNi1nh2x55ctcg654wkFJQCNoHv7tw0FQiNHTwJwCB933w3gkEgpZgXpcI5mDHHVeYr31sVJMMyn6ZqrM/9UFFjGAJJzgZnB1yh1c9kQi8nVuvoLECoZXVfabqOYBy45ghMHzp6I5bqlgdL1p7GB4LqouD5c52jgjtIajHugDU3fwgfClqaHQOAt6n5I9Se3wlBmnyPnr3E7yvp0cQW0XQ9hUZYqB7NLVKySHZK0cy49skAFxY0sC4GcK1/PfIOZDQykaLKeXhptXcP2dDATjCBwJOTMe9Vkn41dJBLiruDBg7oqgdoEooDHBSy1W57abPeU/VSgyxBaPipsqU5TI5TqREX3xllv8W1kr97K/BcUPwS0IUCnR1giBxvhxmstT477tvcboGD1niktZZrlQUCzTLjCCI1STeKNVab0y5BaPW3LmwTU10oxHB75nWQfdJ6dD64ZZVf7U8e+bavAFaGf76+fTj/JSOSVEGz7bYWbCnUtsCLpEn/u+2TEhClqbJIC14hN6XTvyuXlsNDxDuYAZB+r2NLVzAIF/hu8EaEsTsHmhybIW8dNDOr+b57yFOsIVYmN/3jaQm9XspER/vMZfqDjcaHXttAaZOz3U+NJxfjtoVgcnaQOx34+2877alPjCFMgLhBHzS70zNkhKfbOOqKU23U1QpjbazhuxvzZ7kEEvWx6eq+JyyWqHLixYYdXzzXz3Qyf45QE7Gq+bWgCVILIcd/PvRhbfkwlamgirhw/6MM52n5l+peWwDxstAL0lPOmBbnlf5yu80g8RE/6ez18qPhMY6bWfxcluvL+Rlk/kKzIb5ib14mfasS0+Nh/qXplGdci5F7bNMuEqNcJFMzuE66DY+D78WRf21GNg3T8V8tl2VAJ8fWL1nkKD1dLcGkmXKEMWM4V74zLpi4Ws0bLm0TYyj9wrJATqXVRTFxf1/ub5ExBLVYyoTXqU6L0YJok1eKdKoto0n8ZC5lbnJPVodjqR2a1YXva0glyl73ePdQiy8d3NFFYvbkUjPcQ0VhNs2AvYwyGSAgt1OjVYY1jzxymYQghb+nm+d2NylSruVJZaJa/EV0lv+8xQW13PcTh6Ty40GKPM19wTQXZH2vDXCHHHSHiOx5G2psaaFDw4dMYTZZKZyhvZazf+aDXEpxiOyHbPp2NKKItyxvb5Ce7BXzNvi1fj3yXog1J+QuVkgqHfpo0k4SMbB64cM5g/sZPk847+UIGPzwuAXiqyvmFnp8aaw9ux+KeiAvjf2DH2oc4SzqlgvXKQ3ObyrbFmoJyHdAgOvOF1tLzmAe5BC7eXZ8NVBUeKFEvWmU0N8vlbASejY020CBbvCtlwZkvCQ9kS1HhhWtPiajjB36Xm4nM9fHULd4u18R1u3lEA2bSd3r4YwOZ6XF0M3FJ0ejxyJmr4imkgMVx/NxNT/4IMriwr37zuUWbDKte5u0l/VUiwc1yb2F+IwlDhN8G2Va24oK1w3PMVZOPMmsMSlb9wAt1ZlaiWPExEiiHaaUsEYVXWoIBfqaQu3dExSYK/q9/eQ7SrPwbIwm0LdGsly4TsOqtmktn6HcHu37q7qVwjCxezjrDetbOwOHSaFCXnjyyu2CvK1oG9XLdEUOYw04JG1CtF9eLo6Ha/+t/rxHDxmHwTMOFOZ835bz8hmPv8iR31spkrEp+KUGmEph4I7cBFAqv1qgtBL9/Uw3SwLHdTZLcvIkAyBXw3vtcm8vyoslLgt0TV9fcEwLAOJAEqPRu5JlwlwJ+aKD3middxGcZaHeLS5Q23t6i0SksYa1COEMHrlfbL/rXdNq3JtP1bXvh9KNRkneuTThQCh6cGa7upvkuI2wUHKkfiS3nW0xh0ReKX/1OeIwC0wmJjxwdQhiE/SfEmq0yuNBGvdktPAfJ2+VKapaFrm3n3mw4oUoLb5SVn1exUK1cAytVfd8hRBoKuvRACiDuhiEvqDqLj7WOQgXkaPXILNchRO5w/c40LiOy6nRTeDRH7vYztXgkJltK9arfdINm73pdq4Qqo7gaC6fAow+s6X7Bcdcd19r8nryS3j2kYfWytbnGPfrmeMJF9cjS7yME7/MhTVvd16MAbQmj/oH4d23nMd7+jRAcXce2U/zSL35i1ibxrUUFZa8CelnbfnwR38BCNtLc0geE+lTNdEDEtJ/Fk39JLVxc68cTxloTzkPjBM/+bbi+Qi415aygHkkCrlPpGPzhBrhhKqHGOOlxvPLXSkEswZgz3bNHCIsUJxNJIrwIqsW9RuPex4JQlvR7pHL2aJKsQSaLHwmL7qWfJJQceAT1oitEjv0rf3MoZzzfYV2ebaGZpvWZpY4A/Yqi5QIRe9/96K5ZUD0D+87v6SvVB+fEzbWUjVW3Jw6cxP0X5JqowvSW9zAR1Ls0mCZvpWKpWfAvmfHGtcetGNIR/ZYro/n3QyzK6ZiUkOJKZgZVFDM5FcSTl3A2W8sCy4iFaZsrfgYN7TGMsZJA3OP454hocarnqnYZJRCGlIbcU+Uc7h+fVMumB1crDSztHAF+j7hHo9pYqPOEkWhLpOcqDwpgiBZX3ltatS2LJRAyfr3f+GPHWSoTNVVCWvIkYGoya2f36Mms7sMtEfhF0DqG11+f6/mXo8NjqaC1PZsvhwq0LQy41eCrWXtnrpQxSw5ylfyEXMSzHd6JLQfOZ88Be5sH6FwacNX2VMRXmD15tnd6iLapWx/BQP2+xEWBOKtvRBFi7ajXVIFnHMO1+xvSK8NlopKMxjV4uQtkcFpASgEXTlftixxqc0+rw4HxhOc7Ob4sUJyustYb6jQs/WBRrnkhg1+vjoIooD614On2UU8Q7o8yZOllqc+uh4ufoH9Hg9y9Q5A8DziNMmF7FQ7jzJ8OLblPraWlKPAaQq+cwlK6KOFl/WxJHpIEkFnb1+kil/KjSPV/tE/cwlvwGKBMhoq+ZWU3iMA9Qk+rAzZJTsyL1jnnezyWnNU5qemkAcpnTGa2zR7N31zNKICNGvUHQFlMOKdTm2+PrDqbAJarVNFS4lrQy9iF0LhA/fCAAB4bbWYQt1rRcnhxyaMeYJmZMfvDaiv6C3wq/CFkfLBc26xZLHOdk2KuxsMOIYm6JIVU7epoaPouEvv3Pxc4X8tQiaFlFhQSh/TWgmNHJDncpPw9lbF6H3CzI6nvECPW+bGk6b6fJHs/KTtMlZB7c+gT1ytow1NmkuAe33lcKe1kg+rMCXTbjQv6nw2qFcXUvSx+ItObS+Dlzmb7dbPcf3wHperEJca99dMjo4cRZSEm0hEAY6Sjk94clBGayULPAaoBfyerBzjUzqTsjWAU/kX/ah4W8/1ZycFxAhDSXz4lglOOKL9yjjsoik2URKW5CgOgYBTHzexRpLFt1PLXeQTNKO728ekxMzIf3hC7PN9cMs85ja2seGdk3ndA1qyNfvGuI5Fyd5NQEIJQ1XhYkIiVpSPk4LdVRioJZinJREeShBCtLyy0yaxjk4nOCZkv8H5+xUw+XUhCHTPOzwnQvqiAL1T0pLfUmYOqNUD2CsDMpWQAQO0i2CwdvX6Os4IFJlkFLh6755OxKmY+Z8+FkTyOEqV2Air0kebUv4PZgPTtdiS8AjGxlJ0OFwgmJU757d7mvjQO0bmLfWuqQEmqHE2Q/yqC2hxHaoQp+8P0LXO5huPaQfDCnImP8E8kCS8J0HynPoNEt8uWNGW8sSnM21LXnyNzvdnW4U3Ff6V46KxMbrkY9NBrKRS5mk6YHTZTi6diZD3e/3tI3uT6Ax/F+tSpKbNX6tgWXctPUkagSNsHfd5joFwos44gyjwl9ucB5vCydMoNfQcbzLAda6WyzzxGlKXZ9+66eT3VKUeKE7/nTzDIPekFRLG2X65OaA5bgXcoPiBNieRl5Gk3IRsF0fvMiKIMJfFRR6tQG96qs/ocJgHRI+xQ71EOxpfbQSUvafras98V4Tfv0zaOUD84S2FxkWLNsIylLNt1SAqB9cQt0bhJWM6tU78HVZ8be0Op6QZynxbheovPDfy1LIkLWhjlo4KMcXsQu2Z1IQ92DzVgGh0Ak7D8XwM6GUi7zX8ryMgjobu0f3uthIiyz8OC3kZPMZd7J1ouAwfKObWgcQNFI8q/V2iKRB6pveA0d0nTgxKcSxr3G+M4sUJGzQ11yQOwv8SWmHTeMaqx8kRkTh6z3SFuzTN+vyfOs0oOXI6rDgzZdKXgaqcD13fYDbFqTIKEBYXiWKnLvHOCfGxm/ooCl3rfMCGBt72WXY/JP+ce7NtqBb+mKY0NVKoaN6kHLAepKwZLRzgBvsmbEBeLWhrb6rPGNy4mNSP+wx+zgPIB+j9VIUFjDfXw/Vzkjlewg7QTMasVL8Uqh1woG79IZRcUO1uvR+9LYCd8yGpby0kXomexDg3IX+qy7bPh96yW1o5ryEG4oTDcGF9BO3LrwyGry74GzpndB+CbwbDyO/wwgamjxtNcfC72+DkSy/OIP+TMjRJA/uzynJ35GoDjkuUCtEmCQcQ/UGSOvx5dt/b/en9TglWYlzWdTSq0g5vt8EVhs0wCqlLEUPrIy+UU5jvkQ+Wsjf62OkBbnCLZUpHUNZpPk90wNAhViorz75dhK0arXk1x3P59RILwXfsXVnJVETsCai9ufXavGEDldSZiV5VYyqhmN7l8LEaqphLVYRRA9FdYOX7vR5Tvtwxy2PmfFAxwoaLDRZri5MF39Bg3lWeZaMhj8yM/Ft8i5LYZ/81tF0yFNXJzisXElh84XSgcm9LwqfpqfUe7LER5ykN68n6+hARS+CZQEw2qNR3Pjyg/phmlqqgbP5gRNoNTTw0Y8w6hvKeuKCbzN3fWNnKtinNB4RDhgKfbh2ayrRJD/OqHj429SIJAfJ4WwICFMvlDuWLtXCbBv/Zwm85gvHHkuG64BEuxHOxMTa8HL6g2GuN8AKiJpw+gCb+xo2uV7rv8eu28RmihEPqS8awKgWChjydYElJ/MzUhDhu3IyRsJ4b8OijqxIasbFVVzJ22l4fgYtg12MWrcuY0oEzMz4NfNxnRxynjfI0J/pv0Cx5nzyeXAM/tuoBZSTsHP2vQDvQiaOEEHX49JmAVepP7Vh1rwRLWbP49lMoYYbKATv3kLF/onH7aopxlccXjpjxOfQXYGSemuRdLkb7YXXfe3Dsun+CZC00lHuxUM7gbSg58sEvC+i8TAU413jHQRxB9jcY9Q/vYwTQ0OBXRUVcppmJWCgZrkTdEiu9CWk/loOy5rqHDziYk10UxQ4353WFXr300Mxj8E617a8+YI2Twc/IEOUDvaFRKCwvc4i8Lr4F5d9iHDG444QuB/ow0o4n9RkYdGdJ5XMseaDDHeqHaxLUBi2JGmb2Quk2ZrwTYlAcrbIBXZ9QEgQOdpdW019eY4rhTflV8N6EuEjIZkIE8kFVs3suH84k1gsy2B+3YRBTkC+7xDx67Mrh6yJ+UHb0zCnemwXTNcTf3Woq613Bm9PTwmaVNOxrgayMtF80vfNDYBsNi94pamdqcMkLFdsvrS3dPfaR08EiwJLykpLJucnVnlMvA2C4dOA43KaXzvHF1etvU00O5IRiyAeRf3PG35s9/4aBxqfA9jJ+AyY1ErdsMEExLQV37bZ+wdeYwgphrc3+bY0b9/KjmcnRWzEzJ7IcwM48m9Sqd181dJSfsBegTsw7BCzHjPVCU+TApPvRgUVdI/EKsh4zV62CVA2zwvaXZ1EFJ3al+Cg3372BqEd0SsI1sQGvPTAqupvFLjxMJTnffK6MioKpuaKEr5COxLiX43mvFFUFCNHfdJGNp77LzUV0FbL+7XATWwumUmVigbQ2eSDizdgzdJz8oyz+SKUL+QMcl41CGCt/F3Af/n0gYf5LKqYEdmRXTPRrb6riNrSR54sSXTco/UwASguEiAYVS8u2+6TPg0W0raxbW57USbqSVIlX1+vRPSmYBvL3NQWwXerNEOXSwBTQNxVS96I+ChgMWiZYrISlVL0VleSpi7e2xY0Wu08+ee/UUCl2m7ACUNkLuk3rkeeAcIJrATFLUk8ZZHZyaho33NWrVxJtkMZq4jyHQ7hNHSd47KDjJMxfKKQgAIDBn+KdlQT+E3ndWOKU+0nFw/WtKUTGdDqyAsfNpT11kEFnkdFHPOmkHq7W38cpzJOELyA4lvQEfYgPFKz/AGJSIrmMoQNsKIqlcm8nt3gBAp/ontRFwpKGwkDVCQrXFVtanJ6tIPKfBcGLbcKjYZmxpFJFsgsj4gdhe8PIVb6dzUjWw9xZZ3+UDuqyaEZOUSrlxBHE2vFTuVPa0QSeWftgS6qCyMNv7pb+JhVmgzR3TaRcAZoMFaOIUhMOyjdIaM6cOA1IDTKaURNqgOLzrMMZKh+7CPNeaVjV0vAE+EoKYIlZZH3mQEyrrvknYaqyJeUTOvExgAPpa9bXHCXgfVkVwwXmtSoVz1ZrOKJx8NqNmBbYCt1qB5Mjx193MGUpnDRFebIYjbNOxfUl+ezJBahl03Mg3bV1/eissSkcwwHk9mrdSITwyGtwJkSuxaxiTCWKzeBicOa6LNTFZa7c5q5WFxYfdzW79tcfKimbgBuSW8MikEdRp+hxeWQ2LCQeV91epRkc/vQ+BEmAEJA5JgazZaedcUVNDjkh3ZxoNbOLpEfAsGuaSxiCJw+mr0+yMdTBBNoOR4xSmXo6ImN0YCMvbkwzxm2X8QpyWu9geQPFPnUBxGvFKvGvtweUrsXhVXczaGPjTNHdHUAqPIjMAbimOTUG9tAS5eCK0jETfWKopGfy4jYOcPhdY4sHE1o9Bs/Rv4TKZT68UnVPYvLH2SghlE6Eqc+FGqmk8bPrbPYU5xhtIhyMP5Mg1k8Bmlbc5Uwf64HKRZkNzJVTyFjmGT4YNlFCLW6TXRPL/K/wiD6cYtso4If8o/7a/xQzulAHiGwbdmlK9fv4pMA+sUAJFwAeJx+9+nDO3BJwc51poBnAozInazxoghZffI+S/nEf+r+GBXTOHQP+RdA647ZQ4kLf+Fzzqf0SNHOaCuZo5Nyw2a3FAwiVPqY+IUPpeR6xdNKNp4jA3oHzRQfxoG7mgweA/ZdEH2jKLkpWhZ+rAcMNhGEzbbKc3qoiyHUNyzyC+kE9ySt3rWkvt2v1U6Uc4MeWEdrzhY6+/GBvzbd4fp0v8aBuMP58rHrKQeXLOm0ZRXLQH0/Cy9OmtzwC15dGjzrrzzoGxEkWW9a4FOJncY6RN/qPft9Ezr7xH5Rjrse/tY0ZY1MxbH7Fd4SrvzMO3HvF10drPG0Wb0zfmTUzKYcxip042IjRLh8CYCEZ65Psgivkpit0ggIEXnB1s6Ms5NkkZN8PGhoiNJ+MZZlPLq0AKGJwINoeFywPEyyB0fkp14jgh/m7teUBYbfp76sEcAL0ocCmu4WX/s0vcyZ+3j+E5fsPWmh0Jy/XOzZE58ORbd6r+Tzh4glPojEFTYTHMpe+HdYFCSRAUlIrAJhzzb1+M9HmdxxXn930O9j/TsPax9zj+ZcLjZIhf0pHBMO8Q9O4jWjAS1adblas5SidfEyIgnqlEtKUSZG0TgFMSjWA5rNfqwsITCFAG/O4L49L1tE000gm0BbvNEhZNQF7JFAw6KGWVyKEgsa0sVVwk+yvE+ULPhDUdtsmrdXoWAXD2Yv3vgLShc1P/9jb5p0tpct7HZdAcPDVw/CYJ+HHo+1mT0gqLcxW0j540YkhzoN64joXry6J++PULbpmSE6CGxt10BErSpfXY+D3IC/TPFSmFjTWjNkiLJY6J+WPuXuDMptl+bezDG3SfqLzPnXY4WvUvMhuhfOkAdQcUvaXK+ct2MIDUDWnT9wiLlcQVuoy51wwkNLIXHvA9Inor0LmNyGd6Mx+caSuxxCl4ZXyUr3cb8khMKkufr4qpqZ2lpNYrM+o+hOQscZcNHeZxBUA8Ho2AV6D/hvtHvH8OFR8ExaQrzoNhYMTfbdm/OA7zNgRyVps1/krU88yOv0qhSsmu3YtCjSnYUuDtvMGoknyG1HxqxW/PSArkaslVXwQ5q5XQ3H9SGbz4VEIe4tlnwmdWp0/ZnNvOBS6zT4CsA0avF5o7KA8ByxNnc9GN7wtKGzBWEZjOEH0fptarH8iBd11tctEpsc69cctZ5i3WeGKjXI/wZRKT7mEKfuWrOeqPsZDmvGmch86/eQ1JaVFMSA7WRPbkaVSFwtPjOMww5qNS9dwfJnBjlmJ+p7EOqj/ZJjUwJNuD7/5rB3zAeUNLF6L/CT+5Kb0CMjvYLjgps7UMQJJw7UnQtLnovkRO4o1SlzXQqW6TC8FJdLlXGxnogF3Babhsv7Ygv3RsRerUCAF6UwnlUNvnwjV4a86ynhF0Jv69N5eYwcL38N90dM2YPmgdST5bUqqcEY8EYO158O3nT1xmmbFf8+2badj1AVYArvVFWM8hE7yTsCWkf81wn2G2vP1t5IU5Lq4Ep8qLPsboA1ytRtQta0xV2XA1XH/S2cVX06jZ6UwLytsCScD6kWON1WvtMY62gJ4u5OYbOwTJ4tNBdw6TBnILLkgheI8Pe3,iv:EwN/vByl1/4k45Z4iVw3HS/gRK/vuGpCH+6A+HaBF1Q=,tag:AGwB3i1oXIFzcRKd1G2yxQ==,type:str] 2 + sops: 3 + age: 4 + - recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIyMCwBcRVn8QdhGrI/2PWY6g9cIFEGphXBG2T3FHg5 5 + enc: | 6 + -----BEGIN AGE ENCRYPTED FILE----- 7 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEJMSnhoUSA5L0xT 8 + TUFvcnVwZ2pza0M4Z0F3ckJ2dGEvb3I3RzhPR0VudlIvWVp0Um44Cko3OE00Yk5Y 9 + V2xMd3ZFTEFTYjNxUzBpS2dVenpxeFBaa2VMQy9Td0hMc0kKLS0tIGJTRi9CU3lK 10 + WXJhOE1SSDg1ZWlyWjRPWUZFVm0vMVE0YWZ5NXpPZXRNd1EK8DsMx4HuB/EeQwcC 11 + dKpELsnACvJlWWo7fPqKMAnsHRuX/ChM/Hf4CHgAnpWeiETyaG6Vzi2knULXAdD3 12 + OPVUXA== 13 + -----END AGE ENCRYPTED FILE----- 14 + lastmodified: "2025-08-26T08:52:01Z" 15 + mac: ENC[AES256_GCM,data:NIiF1slPgO3+tjWQK6ci1bKEZmn6wUmsz43F4eE7oiZZkrn6UW3pgyjd0cVU7agb5PEpimiDH+nZwPaoQw7SHkCi71b5kCD8rZyVTyWoi9i+NxcoIcdhuEgxOhQ5lw7o86cCpsZ5BgtEFTzGqNJBzjBZbZKCILuo6MDIBK7IvQk=,iv:dRbfIJlGH0lxON5avsuYu9hBrTFn1Efu6NlEoJ8rwrA=,tag:3jiRZi+IIxahQvH96xoEJQ==,type:str] 16 + unencrypted_suffix: _unencrypted 17 + version: 3.10.2

+17

secrets/services/asf.yaml

··· 1 + asf: ENC[AES256_GCM,data:65843Q3s6WWcv6q6Z6ryojmPCeLDub8HEqn0RJX9XWqkqdmkO1/Rtq+oT8fFAZy0/lc4oIbk/5ft0mLxQJ7DKA==,iv:N3zfi4iV82Xznl0FuVzM7vCQdp6syeyaAZfXA7969Wg=,tag:cueS/kxkAmPDtlePHC7JWA==,type:str] 2 + sops: 3 + age: 4 + - recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIyMCwBcRVn8QdhGrI/2PWY6g9cIFEGphXBG2T3FHg5 5 + enc: | 6 + -----BEGIN AGE ENCRYPTED FILE----- 7 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEJMSnhoUSBUUjZE 8 + ZWVCbEU5WlhQYkZEa2ZNYWVsSmMyT0wvdEdNTU1ZVS83UlhMUURRCmtETHVYRWQx 9 + d0FyMVdyY3dqTktqcVErTDdSZEh6MzN1THBEbldOeTBLU00KLS0tIFZtckMzdmoz 10 + MXc0TVFlYzU3Zy9EaEcrOC9RdzdCanhiTDd3VHEwNHZ5UEkKDrRtuIVJXQ4+N8oy 11 + cz63UxK/msCiFU/hu8GhfovRlPjJMH4iEvFNtCTocBf5uCi77t8rwuHMKjBTEvoU 12 + p2ylsQ== 13 + -----END AGE ENCRYPTED FILE----- 14 + lastmodified: "2025-08-26T08:52:01Z" 15 + mac: ENC[AES256_GCM,data:vC9MuXBI28dMUmmg33I/YHPziy+m0upein4q0eRXeGizz6E4kkqIWgutcvIEF70/PwUuOarpEVau+GaiohtlKEp/fgZ/zPSurH2uEfs38pr6Tz8i9+Qk2PRyaj9dKoq3Z2sYaypbEM/hrzVMI1UBDK3BwhEHo2HmhQ9OCGDHiZ8=,iv:6vC7is0UxkCsjGdiATZcXQUh285RoRgC9qMSq7ay8A8=,tag:1sGvrfXkoN2ODarApy9bSQ==,type:str] 16 + unencrypted_suffix: _unencrypted 17 + version: 3.10.2

+17

secrets/services/bunny.yaml

··· 1 + bunny: ENC[AES256_GCM,data:ee4gAeyA4zq1TW0S+T4Hz9dTZiqnhcZQh42G8LMUxCpjSGDH2QqzTDAWAzMdFfFwgF/36XHdaixOafhCoeiqFTu2oL6noS5/R0j8vOYalE7xhU8IoBto,iv:73ucxxxiu7zB/adK4iH0cycYWTrmFqtdES7VPtlqHU8=,tag:PUduCuscQjrRtKVkM6shpg==,type:str] 2 + sops: 3 + age: 4 + - recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIyMCwBcRVn8QdhGrI/2PWY6g9cIFEGphXBG2T3FHg5 5 + enc: | 6 + -----BEGIN AGE ENCRYPTED FILE----- 7 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEJMSnhoUSBwWHlq 8 + VVcwVE9VS2ViUEVRRnZXSXRIeVQ3cFU3T09scTNqblFzR0RnMXowCmFPN3hScHlU 9 + aEhmU0ZKZ1NFR3U2d3RXZHdHTHdwK05WZ0FTVmRDanBKVDAKLS0tIGViYkFYSkE3 10 + V3VLYUNYMmN5Nkp3dnhCTU5nTnpxSkIvZGRGYmZjazJyZnMKs7UVJqeC2r048Lbd 11 + Gey4FsU/GERldCqWmANhEpDNV0IGsm6TjUr7ikp+0jiwHSXcmDz9eYWKImvLAi8Y 12 + beRxQw== 13 + -----END AGE ENCRYPTED FILE----- 14 + lastmodified: "2025-08-26T08:52:01Z" 15 + mac: ENC[AES256_GCM,data:uJH3PzY+Bg/hT0yicSDg10fiKOURuMOQgNAsYuD7gngPpnTlL1ZSczSrz/d6ikTk2aUF8o0F/Afuz39q0GbUzQoLHTyczHcOB+4nlmR6lrxH7xmm8nCisvYV3rJ4ehCNvItQTN7caTRCjBnFe4JcWWSisDMk0XqDpcvU0KjQ9Og=,iv:hTtNF6cPIOip0YZ4XNCgfxMBu0kAAoG7WKA3rFBTmVs=,tag:zWva+3ekRkH2E/X6nt3bMg==,type:str] 16 + unencrypted_suffix: _unencrypted 17 + version: 3.10.2

+17

secrets/services/pds.yaml

··· 1 + pds: ENC[AES256_GCM,data:od5MdF6MiM3bJwTcZmoTYPGgQ2YAXdERsgcWsAl0jNUoz962Vq1NEfHq2w1TaGtxSsg718w64ESVnW8DEMe3wDsaa52PiyQOM/B6tRzvKKN1SDo7CEW41+9PsUZProv4D4ylG2dGZu747pfjKDouqf1xH0tJw/S8gz/XihPnyNykG4C7PW+PSf4rQsgyvHApAESrkfFtbwNhLywNLZ7vNQHR3l3ayEoN08m41QdlGg6/rnqhzXmeliE8ullB8F85Qom0TNijiFrqhbW8Jc6RlmEJzzORJRkIcPaYUaVCfXpqF8c9Aob5H6/kFOSiPuZZo6P8OXBe2Ao50218oGEUEXMYcsXQDI5FNO0+biYSQX1xLjiRoqTDq9SKWWp+8k/k85xn97lQlfoU/yRZhImszkeqgiOX0jhdGhKcnPFiiD6ZlTww1S8TWq2g5Il7w/OjgKeG31SX/UX4Mn0n22ya3Hb6qk2e+Gt7iYoRSNhd/DzJPuuanzBle9GDaiayGyTDQ8fmPKoAfSryfA6yx+2euu0gWIOUCdaIPqQJjXX7mVEOt7p5+gM8sZL55PitAgSwepKuX6WUV1C4wEFlH2+wr8c5c1jfGV/9iI8=,iv:Z4RRxJl4x4mdJDPgeL3YtOLzM8t6OI6/gPtiMruPN0A=,tag:20nwp+VEpSm/7yrNtz7wZg==,type:str] 2 + sops: 3 + age: 4 + - recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIyMCwBcRVn8QdhGrI/2PWY6g9cIFEGphXBG2T3FHg5 5 + enc: | 6 + -----BEGIN AGE ENCRYPTED FILE----- 7 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEJMSnhoUSA0VGs3 8 + NU1XMzZiNDhzZE9oMnJaaWRRYnU0WVpPVzBIN29YeFFPTkJKMmxjCkpQWHdvMS9n 9 + aXVjNS92VmZDYytHVGJ4QUJjOFhTM3JtYTJpdEFrd1hiYVkKLS0tIGdpYXVSdm0z 10 + V0d2ZlVHVkFtS09WSjUxYkgxWHRVYlJNaWZJOURIeUREdTAKCmCncIgABxQtuoyN 11 + ZBTQn+NW9wHKSubQs+fT7NUGEAiUkvmAMj4j3Oop3V3Gif+23B2xlhsInlmM2b+l 12 + bI1N0w== 13 + -----END AGE ENCRYPTED FILE----- 14 + lastmodified: "2025-08-26T08:52:01Z" 15 + mac: ENC[AES256_GCM,data:svaaOALW3tsAEkVHYirrPbZBza8iL6pkJWva5lriIcuKoC7brKYJKXsX9xmQud0q3hINoKfOwpzmp0GijWwa9v9z1jniuw3U1qpHwl9FVPE1fuhUMrojO4EtAUZSvx+9+U+ej0G0/fxLdg1GvZuA+swXk3a0yUBSRd6riDOIbac=,iv:G9EZMItUt2YgXNLxUeR46rHWCz6zn92k5H6o4SRYm+U=,tag:RloRMfTKwkkfZJqnp3MkhA==,type:str] 16 + unencrypted_suffix: _unencrypted 17 + version: 3.10.2

+9

stylua.toml

··· 1 + indent_type = "Spaces" 2 + indent_width = 2 3 + column_width = 100 4 + line_endings = "Unix" 5 + quote_style = "AutoPreferDouble" 6 + call_parentheses = "Always" 7 + 8 + [sort_requires] 9 + enabled = true