+15 -12

capabilities/autoupdate.nix

··· 1 1 { config, lib, pkgs, ... }: 2 2 { 3 3 - system.autoUpgrade = { 4 4 - enable = true; 5 5 - flake = "git+https://tangled.sh/@hotsocket.fyi/nix"; 6 6 - flags = [ 7 7 - "--update-input" "nixpkgs" 8 8 - "--update-input" "nixpkgs-unstabe" 9 9 - "--update-input" "home-manager" 10 10 - "--no-write-lock-file" 11 11 - "-L" 12 12 - ]; 13 13 - dates = "daily"; 14 14 - }; 3 3 + system.autoUpgrade = { 4 4 + enable = true; 5 5 + flake = "git+https://tangled.sh/@hotsocket.fyi/nix"; 6 6 + flags = [ 7 7 + "--update-input" "nixpkgs" 8 8 + "--update-input" "nixpkgs-unstabe" 9 9 + "--update-input" "home-manager" 10 10 + "--no-write-lock-file" 11 11 + "-L" 12 12 + ]; 13 13 + dates = "daily"; 14 14 + # wait for internet 15 15 + fixedRandomDelay = true; 16 16 + randomizedDelaySec = "5min"; 17 17 + }; 15 18 }

+7

common/config-darwin.nix

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + { 3 3 + system.stateVersion = 6; 4 4 + 5 5 + # Touch ID in Sudo? Hooray! 6 6 + security.pam.services.sudo_local.touchIdAuth = true; 7 7 + }

+30

common/config-linux.nix

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + { 3 3 + imports = [ ./options.nix ]; 4 4 + # just a default. automatic-timezoned on workstations. 5 5 + time.timeZone = lib.mkDefault "America/Chicago"; 6 6 + # It's ASCII, but better! 7 7 + i18n.defaultLocale = "en_US.UTF-8"; 8 8 + # capital cities was on to something here 9 9 + environment.memoryAllocator.provider = "graphene-hardened"; 10 10 + # dripped-out nano 11 11 + programs = { 12 12 + nano = { 13 13 + enable = true; 14 14 + nanorc = '' 15 15 + set autoindent 16 16 + set boldtext 17 17 + set constantshow 18 18 + set smarthome 19 19 + set softwrap 20 20 + set tabsize 2 21 21 + set titlecolor blue 22 22 + set statuscolor green 23 23 + set keycolor red 24 24 + set numbercolor blue 25 25 + ''; 26 26 + }; 27 27 + }; 28 28 + 29 29 + system.stateVersion = "25.05"; 30 30 + }

+2 -32

common/config.nix

··· 1 1 { config, lib, pkgs, ... }: 2 2 - let 3 3 - scriptsPkg = pkgs.callPackage ./scripts.nix {}; 4 4 - in { 5 5 - imports = [ ./options.nix ]; 6 6 - environment.systemPackages = [scriptsPkg]; 7 7 - # just a default. automatic-timezoned on workstations. 8 8 - time.timeZone = lib.mkDefault "America/Chicago"; 9 9 - # It's ASCII, but better! 10 10 - i18n.defaultLocale = "en_US.UTF-8"; 11 11 - # capital cities was on to something here 12 12 - environment.memoryAllocator.provider = "graphene-hardened"; 13 13 - # dripped-out nano 14 14 - programs = { 15 15 - nano = { 16 16 - enable = true; 17 17 - nanorc = '' 18 18 - set autoindent 19 19 - set boldtext 20 20 - set constantshow 21 21 - set smarthome 22 22 - set softwrap 23 23 - set tabsize 2 24 24 - set titlecolor blue 25 25 - set statuscolor green 26 26 - set keycolor red 27 27 - set numbercolor blue 28 28 - ''; 29 29 - }; 30 30 - }; 31 31 - 2 2 + { 32 3 nix.settings.experimental-features = [ "nix-command" "flakes" ]; 33 33 - system.stateVersion = "25.05"; 34 34 - } 4 4 + }

+5 -1

common/default.nix

··· 1 1 - { ... }:{ imports = [ ./options.nix ./config.nix ]; } 1 1 + { lib, system, ... }: { 2 2 + imports = [ ./options.nix ./config.nix ] 3 3 + ++ (lib.optionals (lib.hasInfix "linux" system) [ ./config-linux.nix ]) 4 4 + ++ (lib.optionals (lib.hasInfix "darwin" system) [ ./config-darwin.nix ]); 5 5 + }

-8

common/scripts.nix

··· 1 1 - { pkgs ? import <nixpkgs> {}, lib ? pkgs.lib, stdenv ? pkgs.stdenv, ... }: 2 2 - with pkgs; 3 3 - stdenv.mkDerivation { 4 4 - name = "common-scripts"; 5 5 - buildInputs = [ 6 6 - (writeScriptBin "nix-tmpl" builtins.readFile ../scripts/nix-tmpl.sh) 7 7 - ]; 8 8 - }

+26 -38

flake.lock

··· 1 1 { 2 2 "nodes": { 3 3 - "disko": { 4 4 - "inputs": { 5 5 - "nixpkgs": "nixpkgs" 6 6 - }, 7 7 - "locked": { 8 8 - "lastModified": 1755519972, 9 9 - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", 10 10 - "owner": "nix-community", 11 11 - "repo": "disko", 12 12 - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", 13 13 - "type": "github" 14 14 - }, 15 15 - "original": { 16 16 - "id": "disko", 17 17 - "type": "indirect" 18 18 - } 19 19 - }, 20 3 "home-manager": { 21 4 "inputs": { 22 5 "nixpkgs": [ ··· 38 21 "type": "github" 39 22 } 40 23 }, 41 41 - "nixpkgs": { 24 24 + "nix-darwin": { 25 25 + "inputs": { 26 26 + "nixpkgs": [ 27 27 + "nixpkgs" 28 28 + ] 29 29 + }, 42 30 "locked": { 43 43 - "lastModified": 1755736253, 44 44 - "narHash": "sha256-jlIQRypNhB1PcB1BE+expE4xZeJxzoAGr1iUbHQta8s=", 45 45 - "owner": "NixOS", 46 46 - "repo": "nixpkgs", 47 47 - "rev": "596312aae91421d6923f18cecce934a7d3bfd6b8", 31 31 + "lastModified": 1749744770, 32 32 + "narHash": "sha256-MEM9XXHgBF/Cyv1RES1t6gqAX7/tvayBC1r/KPyK1ls=", 33 33 + "owner": "nix-darwin", 34 34 + "repo": "nix-darwin", 35 35 + "rev": "536f951efb1ccda9b968e3c9dee39fbeb6d3fdeb", 48 36 "type": "github" 49 37 }, 50 38 "original": { 51 51 - "owner": "NixOS", 52 52 - "ref": "nixpkgs-unstable", 53 53 - "repo": "nixpkgs", 39 39 + "owner": "nix-darwin", 40 40 + "ref": "nix-darwin-25.05", 41 41 + "repo": "nix-darwin", 54 42 "type": "github" 55 43 } 56 44 }, 57 57 - "nixpkgs-unstable": { 45 45 + "nixpkgs": { 58 46 "locked": { 59 59 - "lastModified": 1755706679, 60 60 - "narHash": "sha256-WJ6eaSiN6xtz3vyH2bTYLQ3+ct0W8ai/BkYaq1n1jP8=", 47 47 + "lastModified": 1755593991, 48 48 + "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", 61 49 "owner": "NixOS", 62 50 "repo": "nixpkgs", 63 63 - "rev": "c3fc1fe6d8765d99c8614c6f82d611dc56b9ae37", 51 51 + "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", 64 52 "type": "github" 65 53 }, 66 54 "original": { 67 55 "owner": "NixOS", 68 68 - "ref": "nixpkgs-unstable", 56 56 + "ref": "nixos-25.05", 69 57 "repo": "nixpkgs", 70 58 "type": "github" 71 59 } 72 60 }, 73 73 - "nixpkgs_2": { 61 61 + "nixpkgs-unstable": { 74 62 "locked": { 75 75 - "lastModified": 1755593991, 76 76 - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", 63 63 + "lastModified": 1755706679, 64 64 + "narHash": "sha256-WJ6eaSiN6xtz3vyH2bTYLQ3+ct0W8ai/BkYaq1n1jP8=", 77 65 "owner": "NixOS", 78 66 "repo": "nixpkgs", 79 79 - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", 67 67 + "rev": "c3fc1fe6d8765d99c8614c6f82d611dc56b9ae37", 80 68 "type": "github" 81 69 }, 82 70 "original": { 83 71 "owner": "NixOS", 84 84 - "ref": "nixos-25.05", 72 72 + "ref": "nixpkgs-unstable", 85 73 "repo": "nixpkgs", 86 74 "type": "github" 87 75 } 88 76 }, 89 77 "root": { 90 78 "inputs": { 91 91 - "disko": "disko", 92 79 "home-manager": "home-manager", 93 93 - "nixpkgs": "nixpkgs_2", 80 80 + "nix-darwin": "nix-darwin", 81 81 + "nixpkgs": "nixpkgs", 94 82 "nixpkgs-unstable": "nixpkgs-unstable" 95 83 } 96 84 }

+28 -12

flake.nix

··· 6 6 url = "github:nix-community/home-manager/release-25.05"; 7 7 inputs.nixpkgs.follows = "nixpkgs"; 8 8 }; 9 9 - }; 10 10 - outputs = { nixpkgs, nixpkgs-unstable, home-manager, disko, ... }@inputs: 11 11 - let 12 12 - pkgs-unstable = import nixpkgs-unstable { 13 13 - system = "x86_64-linux"; 9 9 + nix-darwin = { 10 10 + url = "github:nix-darwin/nix-darwin/nix-darwin-25.05"; 11 11 + inputs.nixpkgs.follows = "nixpkgs"; 14 12 }; 15 15 - in { 13 13 + }; 14 14 + # The idea behind having a bunch of modules listed out like this is so I can layer different things 15 15 + # on top of each other in a pretty way, as well as give an immediate idea of what a system will look 16 16 + # like before even beginning to install it. 17 17 + outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, nix-darwin, ... }@inputs: { 16 18 # not-quite-fucked-up thinkpad 17 17 - nixosConfigurations.yaoi = nixpkgs.lib.nixosSystem { 18 18 - specialArgs = { inherit inputs pkgs-unstable; }; 19 19 + nixosConfigurations."yaoi" = nixpkgs.lib.nixosSystem (rec { 19 20 system = "x86_64-linux"; 21 21 + specialArgs = { inherit inputs; pkgs-unstable = import nixpkgs-unstable { inherit system; }; }; 20 22 modules = [ 21 23 home-manager.nixosModules.home-manager 22 24 ./common ··· 29 31 ./nonfree/_allow.nix 30 32 ./nonfree/steam.nix 31 33 ]; 32 32 - }; 34 34 + }); 35 35 + 33 36 # corebooted chromebook 34 34 - nixosConfigurations.yuri = nixpkgs.lib.nixosSystem { 35 35 - specialArgs = { inherit inputs pkgs-unstable; }; 37 37 + nixosConfigurations."yuri" = nixpkgs.lib.nixosSystem (rec { 36 38 system = "x86_64-linux"; 39 39 + specialArgs = { inherit inputs; pkgs-unstable = import nixpkgs-unstable { inherit system; }; }; 37 40 modules = [ 38 41 home-manager.nixosModules.home-manager 39 42 ./common ··· 43 46 ./hosts/yuri.nix 44 47 ./users/hotsocket.nix 45 48 ]; 46 46 - }; 49 49 + }); 50 50 + 51 51 + # MacBook Pro 52 52 + darwinConfigurations."bara" = nix-darwin.lib.darwinSystem (rec { 53 53 + system = "aarch64-darwin"; 54 54 + specialArgs = { inherit inputs system; pkgs-unstable = import nixpkgs-unstable { inherit system; }; }; 55 55 + modules = [ 56 56 + home-manager.darwinModules.home-manager 57 57 + ./common 58 58 + ./workstation.nix 59 59 + ./hosts/bara.nix 60 60 + ./users/hotsocket.nix 61 61 + ]; 62 62 + }); 47 63 }; 48 64 }

+4

hosts/bara.nix

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + { 3 3 + networking.hostName = "bara"; 4 4 + }

+1 -1

hosts/yuri.nix

··· 20 20 device = "/dev/disk/by-uuid/40147b28-9f94-4031-9cf0-11426cd33eff"; 21 21 fsType = "btrfs"; 22 22 }; 23 23 - fileSystems."/boot" = { 23 23 + fileSystems."/boot" = { 24 24 device = "/dev/disk/by-uuid/D21C-DE3A"; 25 25 fsType = "vfat"; 26 26 };

-30

scripts/nix-tmpl.sh

··· 1 1 - #!/usr/bin/env sh 2 2 - # handy script to grab templates for code projects 3 3 - 4 4 - TEMPLATES_REPO="https://github.com/NixOS/templates" 5 5 - CACHE_DIR="$HOME/.cache" 6 6 - CLONE_DIR="$CACHE_DIR/nix-tmpl" 7 7 - 8 8 - ARG_TEMPLATE_NAME="$1" 9 9 - TEMPLATE_DIR="$CLONE_DIR/$ARG_TEMPLATE_NAME" 10 10 - 11 11 - if [ -z "$ARG_TEMPLATE_NAME" ]; then 12 12 - echo "$0: no template specified" 13 13 - exit -1 14 14 - fi 15 15 - 16 16 - if [ ! -d "$CLONE_DIR" ]; then 17 17 - mkdir -p "$CACHE_DIR" 18 18 - git clone "$TEMPLATES_REPO" "$CLONE_DIR" 19 19 - fi 20 20 - 21 21 - pushd "$CLONE_DIR" > /dev/null 22 22 - git pull 23 23 - 24 24 - if [ ! -d "$TEMPLATE_DIR" ]; then 25 25 - echo "$0: template not found" 26 26 - exit -2 27 27 - fi 28 28 - popd > /dev/null 29 29 - 30 30 - cp -R "$TEMPLATE_DIR/." .

+28 -14

users/hotsocket.nix

··· 1 1 - { config, lib, pkgs, pkgs-unstable, ... }: 1 1 + { config, lib, pkgs, pkgs-unstable, system, ... }: 2 2 { 3 3 - users.users.hotsocket = { 4 4 - description = "ur mom"; 5 5 - isNormalUser = true; 6 6 - hashedPassword = "$y$j9T$zLozDIuafBb/SmDkuApXn/$fx4sfleiFwu5qK/yw3kD9EzmuCZWuv4lt3C9sf8oLH5"; 7 7 - extraGroups = [ "wheel" ]; 8 8 - }; 3 3 + programs.fish.enable = true; 4 4 + users.users.hotsocket = lib.mkMerge [ 5 5 + { 6 6 + shell = pkgs.fish; 7 7 + } 8 8 + (lib.mkIf (lib.hasInfix "linux" system) { 9 9 + description = "ur mom"; 10 10 + isNormalUser = true; 11 11 + hashedPassword = "$y$j9T$zLozDIuafBb/SmDkuApXn/$fx4sfleiFwu5qK/yw3kD9EzmuCZWuv4lt3C9sf8oLH5"; 12 12 + extraGroups = [ "wheel" ]; 13 13 + } 14 14 + )]; 9 15 # i love home-manager :) 10 16 home-manager.users.hotsocket = if config.isWorkstation then { 11 17 home = { 12 18 stateVersion = "25.05"; 13 19 username = "hotsocket"; 14 14 - homeDirectory = "/home/hotsocket"; 15 15 - packages = ((with pkgs; [ 20 20 + homeDirectory = lib.mkForce (if (lib.hasInfix "darwin" system) then "/Users/hotsocket" else "/home/hotsocket"); 21 21 + packages = (with pkgs; [ # Shared packages. 22 22 + git 23 23 + direnv 24 24 + ]) ++ (with pkgs-unstable; [ # Shared unstable packages. 25 25 + # in case of multiplayer. that's the entire reason for me having unstable. 26 26 + luanti-client 27 27 + ]) ++ (lib.optionals (lib.hasInfix "linux" system) (with pkgs; [ # Linux-specific packages. 16 28 jetbrains.idea-community-bin 17 29 brave 18 30 vscodium 19 19 - git 20 31 playerctl 21 32 rescrobbled 22 33 p7zip 23 23 - ]) ++ (with pkgs-unstable; [ 24 24 - # in case of multiplayer. that's the reason for me having unstable. 25 25 - luanti-client 34 34 + gimp3-with-plugins 35 35 + ])) ++ (lib.optionals (lib.hasInfix "darwin" system) (with pkgs; [ # Darwin-specific packages. At some point. 26 36 ])); 27 37 file = { 28 38 ".config/VSCodium/product.json".text = builtins.readFile ../files/product.json; ··· 47 57 }; 48 58 }; 49 59 }; 60 60 + direnv = { 61 61 + enable = true; 62 62 + enableFishIntegration = true; 63 63 + }; 50 64 }; 51 65 services = { 52 52 - kdeconnect.enable = true; 66 66 + kdeconnect.enable = lib.mkIf (lib.hasInfix "linux" system) true; 53 67 }; 54 68 } else null; 55 69 }

+49

workstation-linux.nix

··· 1 1 + # linux-specific configuration for workstations. 2 2 + { config, lib, pkgs, pkgs-unstable, ... }: 3 3 + { 4 4 + imports = [ ./nonfree/_allow.nix ./nonfree/hplip.nix ]; # because i have hp bullshit 5 5 + services = { 6 6 + # workstations have a tendency to move one way or another 7 7 + automatic-timezoned.enable = true; 8 8 + 9 9 + # hardware support 10 10 + udev.packages = [ pkgs.yubikey-personalization ]; 11 11 + fwupd.enable = true; 12 12 + 13 13 + # software support 14 14 + flatpak.enable = true; 15 15 + 16 16 + # kde is comfy /shrug (praying tde shows up) 17 17 + displayManager.sddm.enable = true; 18 18 + desktopManager.plasma6.enable = true; 19 19 + # in this house, we suck off red hat. 20 20 + xserver.enable = false; 21 21 + displayManager.sddm.wayland.enable = true; 22 22 + 23 23 + # audio! yay! my tunes! 24 24 + pipewire = { 25 25 + enable = true; 26 26 + pulse.enable = true; # enables pulseaudio emulation 27 27 + }; 28 28 + 29 29 + # fucking hp oh my god 30 30 + printing = { 31 31 + enable = true; 32 32 + }; 33 33 + avahi = { 34 34 + enable = true; 35 35 + nssmdns4 = true; 36 36 + openFirewall = true; 37 37 + }; 38 38 + }; 39 39 + boot.loader = { 40 40 + grub.device = "nodev"; 41 41 + systemd-boot.enable = true; 42 42 + efi.canTouchEfiVariables = true; 43 43 + }; 44 44 + networking.networkmanager.enable = true; 45 45 + swapDevices = [{ 46 46 + device = "/var/lib/swapfile"; 47 47 + size = 8*1024; # 8 GB 48 48 + }]; 49 49 + }

+3 -53

workstation.nix

··· 1 1 # common configuration for workstation.nixes. 2 2 # (joke for 65-wide terminals ^) 3 3 - { config, lib, pkgs, pkgs-unstable, ... }: 3 3 + { config, lib, pkgs, pkgs-unstable, system, ... }: 4 4 { 5 5 isWorkstation = true; 6 6 - imports = [ ./nonfree/_allow.nix ./nonfree/hplip.nix ]; # because i have hp bullshit 7 7 - services = { 8 8 - # workstations have a tendency to move one way or another 9 9 - automatic-timezoned.enable = true; 10 10 - 11 11 - 12 12 - 13 13 - # hardware support 14 14 - udev.packages = [ pkgs.yubikey-personalization ]; 15 15 - fwupd.enable = true; 16 16 - 17 17 - 18 6 19 19 - # software support 20 20 - flatpak.enable = true; 21 21 - 22 22 - # kde is comfy /shrug (praying tde shows up) 23 23 - displayManager.sddm.enable = true; 24 24 - desktopManager.plasma6.enable = true; 25 25 - # in this house, we suck off red hat. 26 26 - xserver.enable = false; 27 27 - displayManager.sddm.wayland.enable = true; 28 28 - 29 29 - # audio! yay! my tunes! 30 30 - pipewire = { 31 31 - enable = true; 32 32 - pulse.enable = true; # enables pulseaudio emulation 33 33 - }; 34 34 - 35 35 - # fucking hp oh my god 36 36 - printing = { 37 37 - enable = true; 38 38 - }; 39 39 - avahi = { 40 40 - enable = true; 41 41 - nssmdns4 = true; 42 42 - openFirewall = true; 43 43 - }; 44 44 - }; 45 45 - 46 46 - # for better or worse, my workstations use efi. 47 47 - boot.loader = { 48 48 - grub.device = "nodev"; 49 49 - systemd-boot.enable = true; 50 50 - efi.canTouchEfiVariables = true; 51 51 - }; 52 52 - 53 53 - # i have a vague idea of something cool involving this 54 7 networking.domain = "workstations.hotsocket.fyi"; 55 55 - networking.networkmanager.enable = true; 56 8 57 9 home-manager = { 58 10 extraSpecialArgs = { ··· 61 13 useGlobalPkgs = true; 62 14 useUserPackages = true; 63 15 }; 64 64 - swapDevices = [{ 65 65 - device = "/var/lib/swapfile"; 66 66 - size = 8*1024; # 8 GB 67 67 - }]; 16 16 + 17 17 + imports = lib.optionals (lib.hasInfix "linux" system) [ ./workstation-linux.nix ]; 68 18 }