Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Andromeda:master
Branches Tags
Andromeda:master Andromeda:dev Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere
..
compare: Andromeda:0647d9a8e0d54005b58b286f5caf8e944de3f7f8
Branches Tags
Andromeda:dev Andromeda:master Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere

19 Commits
master ... 0647d9a8e0

Author SHA1 Message Date
andromeda
0647d9a8e0 fix certs? 2026-01-26 21:58:55 +01:00
andromeda
8c0db96ca4 robot, also continuwuity, also zram 2026-01-26 21:40:03 +01:00
andromeda
2386fea0eb split out phoenix overlay 2026-01-25 15:44:32 +01:00
andromeda
e1c510fc64 remove npins fr 2026-01-25 11:00:30 +01:00
andromeda
e4305c15ac failed to npins, patch phoenix 2026-01-25 10:59:20 +01:00
andromeda
5c99e52e09 patch phoenix to allow user to auto enable extensions 2026-01-25 10:58:15 +01:00
andromeda
ad7e25dce3 init npins? 2026-01-22 05:38:05 +01:00
andromeda
1a62299225 update nixpkgs 2026-01-22 05:37:51 +01:00
andromeda
6e7e52aecf init npins? 2026-01-22 05:35:49 +01:00
andromeda
a0fa657600 update nixpkgs 2026-01-22 05:13:18 +01:00
andromeda
580cbd1851 init nix-on-droid 2026-01-14 22:57:40 +01:00
andromeda
6fdcd13627 adjust brightness, disable touchpad sometimes 2026-01-14 20:18:25 +01:00
andromeda
6fb816f27c reenable ipv6; reconfigure browser 2026-01-14 05:31:48 +01:00
andromeda
c0e92a4ef3 typo 2026-01-13 10:55:24 +01:00
andromeda
b754a3d53f matrix-synapse? 2026-01-13 10:48:56 +01:00
andromeda
19d45ebd05 edit TODO.md 2026-01-13 06:29:18 +01:00
andromeda
312ee02d9e fix alias traversal 2026-01-13 06:21:08 +01:00
andromeda
c377598d5c conduit setup? 2026-01-13 06:16:27 +01:00
andromeda
dcb82ed361 add README, conduit 2026-01-13 05:53:57 +01:00
21 changed files with 741 additions and 102 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,3 +1,5 @@
see TODO.md for my aspirations
## usage
### install

20
TODO.md Normal file
View File

@@ -0,0 +1,20 @@
- add other remote
- fully automate remote provisioning (remote keys)
- fix ipv6 on remotes
- modularize home manager
- add services?
- 0x0
- forgejo
- matrix homeserver
- matrix webclient
- radicale
- tor relay
- wireguard as vpn
- add home functionality
- better term emulator
- switch browser?
- chromium: much better sandboxing
- ladybird: be an early tester, contribute
- glide: sexier tridactyl implementation
- browsh: the GOAT
- get mouse out of here

336
flake.lock generated
View File

@@ -23,6 +23,27 @@
"type": "github"
}
},
"androidPkgs": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1750710155,
"narHash": "sha256-2lBEwXgclOrSsrhubSfifU91+sXqikC8qbiZ6yFeaEY=",
"owner": "tadfisher",
"repo": "android-nixpkgs",
"rev": "0846fab1f060f646e1017053077ad38dedc5207b",
"type": "github"
},
"original": {
"owner": "tadfisher",
"ref": "stable",
"repo": "android-nixpkgs",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@@ -129,6 +150,28 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"robotnix",
"androidPkgs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -198,6 +241,21 @@
"url": "https://git.lix.systems/lix-project/flake-compat.git"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1746162366,
"narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -261,6 +319,24 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@@ -385,6 +461,27 @@
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
@@ -433,6 +530,57 @@
"type": "github"
}
},
"nix-formatter-pack": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"nmd": [
"nix-on-droid",
"nmd"
],
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"type": "github"
},
"original": {
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"type": "github"
}
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager_3",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd"
},
"locked": {
"lastModified": 1765031149,
"narHash": "sha256-4ZtlnCp4blhsjGnQIxAXDAj7nCJKy7tozoBRtklmwcU=",
"owner": "nix-community",
"repo": "nix-on-droid",
"rev": "55b6449b4582a4ba3ce712543c973360a026db7d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-on-droid",
"type": "github"
}
},
"nix-zulip": {
"flake": false,
"locked": {
@@ -474,11 +622,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"type": "github"
},
"original": {
@@ -488,6 +636,38 @@
"type": "github"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764242076,
@@ -504,6 +684,76 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1750506804,
"narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4206c4cb56751df534751b058295ea61357bbbaa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nmd": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
},
"original": {
"owner": "~rycee",
"repo": "nmd",
"type": "sourcehut"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"noshell": {
"inputs": {
"nixpkgs": [
@@ -595,23 +845,24 @@
"type": "github"
}
},
"phoenix": {
"robotnix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
"androidPkgs": "androidPkgs",
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1766543224,
"narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
"owner": "celenityy",
"repo": "Phoenix",
"rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
"lastModified": 1768481330,
"narHash": "sha256-hYKnwFBPI0IyH8YbW3kqci8AS6ZtV7QSEa0E5Wt401M=",
"owner": "nix-community",
"repo": "robotnix",
"rev": "4ee0f9c86c3ae076bcbc41cbeebff054fe3d11a8",
"type": "github"
},
"original": {
"owner": "celenityy",
"repo": "Phoenix",
"owner": "nix-community",
"repo": "robotnix",
"type": "github"
}
},
@@ -621,16 +872,33 @@
"disko": "disko",
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"nix-on-droid": "nix-on-droid",
"nix-zulip": "nix-zulip",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs",
"noshell": "noshell",
"nur": "nur",
"nvf": "nvf",
"phoenix": "phoenix",
"robotnix": "robotnix",
"stylix": "stylix"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
@@ -644,7 +912,7 @@
"nixpkgs"
],
"nur": "nur_2",
"systems": "systems_3",
"systems": "systems_4",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@@ -710,6 +978,21 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
@@ -790,6 +1073,27 @@
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"robotnix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1766000401,
"narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

29
flake.nix
View File

@@ -18,6 +18,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-on-droid = {
url = "github:nix-community/nix-on-droid";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-zulip = {
url = "git+https://git.afnix.fr/nix-zulip/nix-zulip";
flake = false;
@@ -34,10 +38,7 @@
url = "github:notashelf/nvf";
inputs.nixpkgs.follows = "nixpkgs";
};
phoenix = {
url = "github:celenityy/Phoenix";
inputs.nixpkgs.follows = "nixpkgs";
};
robotnix.url = "github:nix-community/robotnix";
stylix = {
url = "github:nix-community/stylix";
inputs.nixpkgs.follows = "nixpkgs";
@@ -50,11 +51,12 @@
impermanence,
nixos-mailserver,
nixpkgs,
nix-on-droid,
nix-zulip,
noshell,
nur,
nvf,
phoenix,
robotnix,
stylix,
...
}: let
@@ -75,7 +77,6 @@
impermanence.nixosModules.impermanence
nixos-mailserver.nixosModule
noshell.nixosModules.default
phoenix.nixosModules.default
nix-zulip'.nixosModules.zulip
{
nixpkgs.overlays = [
@@ -93,6 +94,7 @@
{
home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = {inherit machine;};
home-manager.backupFileExtension = "bak";
home-manager.users =
builtins.mapAttrs
(name: value: value)
@@ -117,5 +119,20 @@
builtins.mapAttrs
(hostname: value: configurationWithHomeManager value)
machines;
robotnixConfigurations.payton = robotnix.lib.robotnixSystem ./robotnix/payton.nix;
nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs {system = "aarch64-linux";};
modules = [
./modules/nix-on-droid/nix-on-droid.nix
{
home-manager.useGlobalPkgs = true;
home-manager.users."andromeda" = {
imports = [
./modules/nix-on-droid/home.nix
];
};
}
];
};
};
}

14
machines.nix
View File

@@ -11,6 +11,7 @@
# hardware configuration
# includes `system.stateVersion`
./modules/nixos/machines/lenovo.nix
./modules/nixos/zram.nix
# boot process
# systemd-boot
@@ -20,7 +21,7 @@
./modules/nixos/laptop.nix
# vpn
./modules/nixos/openvpn-client.nix
# ./modules/nixos/openvpn-client.nix
# ly display manager
./modules/nixos/ly.nix
@@ -30,6 +31,10 @@
# apps
./modules/nixos/steam.nix
./modules/nixos/phoenix.nix
# substitutors
./substitutors.nix
];
};
"109-199-104-83" = {
@@ -69,15 +74,18 @@
# webmail.domain
./modules/nixos/roundcube.nix
# matrix homeserver
# matrix.domain
./modules/nixos/matrix-continuwuity.nix
# BROKEN
# forgejo
# git.domain
# ./modules/nixos/forgejo.nix
# BROKEN
# zulip chat client
# chat.domain
./modules/nixos/zulip.nix
# ./modules/nixos/zulip.nix
];
};
}

165
modules/nix-on-droid/home.nix Normal file
View File

@@ -0,0 +1,165 @@
{
config,
lib,
pkgs,
...
}: {
home = {
username = "andromeda";
homeDirectory = "/home/${config.home.username}";
stateVersion = "26.05";
packages = [
pkgs.brush
pkgs.dust
pkgs.fzf
pkgs.glow
pkgs.nix-output-monitor
pkgs.ranger
pkgs.rip2
pkgs.ripgrep
pkgs.tree
pkgs.zoxide
];
};
programs = {
bash = {
enable = true;
shellAliases = {
neofetch = "fastfetch";
ls = lib.mkForce "lsd";
ll = lib.mkForce "lsd -l";
l = "lsd -la";
cd = "z";
gg = "git log --oneline --abbrev-commit --all --graph --decorate --color";
md = "glow";
};
bashrcExtra = ''
PS1="\u@\h:\w$"
eval "$(zoxide init bash)"
'';
};
btop = {
enable = true;
settings = {
theme_background = false;
vim_keys = true;
rounded_corners = false;
graph_symbol = "braille";
update_ms = 150;
proc_sorting = "cpu lazy";
proc_gradient = false;
proc_left = true;
cpu_single_graph = true;
cpu_bottom = true;
clock_format = "/user@/host:/uptime@%H:%M";
background_update = true;
mem_graphs = false;
mem_below_net = true;
show_swap = false;
only_physical = true;
show_io_stat = true;
io_mode = false;
io_graph_combined = false;
};
};
fastfetch.enable = true;
git = {
enable = true;
settings = {
user = {
name = config.home.username;
email = "${config.home.username}@android";
};
init.defaultBranch = "master";
};
};
home-manager.enable = true;
lsd.enable = true;
nvf = {
enable = true;
settings.vim = {
autocomplete.nvim-cmp.enable = false;
formatter.conform-nvim = {
enable = true;
setupOpts.format_on_save = {
lsp_format = "fallback";
timeout_ms = 5000;
};
};
lsp.otter-nvim.enable = true;
git.enable = true;
keymaps = [
{
key = "<Down>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Up>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Left>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Right>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "jj";
mode = ["i"];
action = "<Esc>";
}
{
key = "kk";
mode = ["i"];
action = "<Esc>";
}
{
key = "jk";
mode = ["i"];
action = "<Esc>";
}
{
key = "kj";
mode = ["i"];
action = "<Esc>";
}
{
key = "<Esc>";
mode = ["i"];
action = "<Nop>";
}
];
languages = {
nix = {
enable = true;
format.enable = true;
lsp.enable = true;
};
haskell = {
enable = true;
lsp.enable = true;
};
};
lineNumberMode = "relative";
options = {
tabstop = 2;
shiftwidth = 2;
expandtab = true;
smarttab = true;
foldmethod = "indent";
number = true;
colorcolumn = "80";
};
statusline.lualine.enable = true;
syntaxHighlighting = true;
};
};
ssh.enable = true;
};
}

5
modules/nix-on-droid/nix-on-droid.nix Normal file
View File

@@ -0,0 +1,5 @@
{pkgs, ...}: {
environment.packages = [pkgs.git];
system.stateVersion = "26.05";
nix.settings.experimentalFeatures = ["nix-command" "flakes"];
}

8
modules/nixos/mailserver.nix
View File

@@ -37,6 +37,14 @@
forceSSL = true;
enableACME = true;
};
"matrix.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
};
"${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
};
};
};
security.acme = {

26
modules/nixos/matrix-continuwuity.nix Normal file
View File

@@ -0,0 +1,26 @@
{config, ...}: {
services = {
matrix-continuwuity = {
enable = true;
settings = {
global = {
server_name = "${config.networking.domain}";
address = ["127.0.0.1"];
port = [6167];
well_known = {
server = "matrix.${config.networking.domain}";
client = "https://matrix.${config.networking.domain}";
};
};
};
};
nginx = {
upstreams.matrix.servers."127.0.0.1:6167" = {};
virtualHosts = {
"matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix";
"${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix";
};
};
};
}

9
modules/nixos/openvpn-client.nix
View File

@@ -1,8 +1,11 @@
{lib, ...}: {
{
services.openvpn.servers = {
"173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
};
networking.enableIPv6 = lib.mkForce false;
environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
boot.kernelParams = ["ipv6.disable=1"];
# turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
# networking.enableIPv6 = lib.mkForce false;
# workaround; NetworkManager reenables ipv6 without the following
# boot.kernelParams = ["ipv6.disable=1"];
}

45
modules/nixos/phoenix.nix Normal file
View File

@@ -0,0 +1,45 @@
{
pkgs,
config,
lib,
...
}: {
options.programs.firefox.phoenix = {
enable =
lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
// {
default = true;
};
firefoxPackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["firefox"];
description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
};
};
config = let
cfg = config.programs.firefox.phoenix;
in
lib.mkIf cfg.enable {
assertions = [
{
assertion = !pkgs.stdenv.isDarwin;
message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
}
];
environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
programs.firefox.policies =
(builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
nixpkgs.overlays = [
(import ../../overlays/phoenix.nix)
(
final: prev:
builtins.listToAttrs (
map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
)
)
];
};
}

8
modules/nixos/zram.nix Normal file
View File

@@ -0,0 +1,8 @@
{
zramSwap = {
enable = true;
priority = 100;
algorithm = "zstd";
memoryPercent = 75;
};
}

21
overlays/phoenix.nix Normal file
View File

@@ -0,0 +1,21 @@
final: prev: let
phoenix-src = prev.fetchFromGitHub {
owner = "celenityy";
repo = "Phoenix";
rev = "07d9be8cbf938962f9847b0970274b885ff48792";
hash = "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE=";
};
in {
phoenix = (final.callPackage (import "${phoenix-src}/nix/package.nix")
{
}).overrideAttrs {
patches = [
../patches/0001-autoDisableScopes-unlocked.patch
];
};
withPhoenix = firefoxPackage:
firefoxPackage.override {
extraPoliciesFiles = ["${final.phoenix}/policies.json"];
extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
};
}

25
patches/0001-autoDisableScopes-unlocked.patch Normal file
View File

@@ -0,0 +1,25 @@
From 1eeab7cf3b5d41e3e10959ef2ff5298eac86c9fa Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Sun, 25 Jan 2026 10:41:03 +0100
Subject: [PATCH] autoDisableScopes unlocked
---
build/phoenix-unified.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/phoenix-unified.js b/build/phoenix-unified.js
index e183890e..fd58b176 100644
--- a/build/phoenix-unified.js
+++ b/build/phoenix-unified.js
@@ -2204,7 +2204,7 @@ pref("xpinstall.whitelist.add.NoScript.PBM", "https://noscript.net^privateBrowsi
// https://archive.is/DYjAM
// https://support.mozilla.org/kb/deploying-firefox-with-extensions
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
-pref("extensions.autoDisableScopes", 15, locked); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
+pref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
pref("extensions.enabledScopes", 5); // [HIDDEN]
pref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
pref("extensions.sideloadScopes", 0); // [HIDDEN]
--
2.52.0

1
pub-keys.nix
View File

@@ -1,6 +1,7 @@
{
age.secrets = {
andromeda-pw.file = ./secrets/andromeda-pw.age;
conduit-secretFile.file = ./secrets/conduit-secretFile.age;
"dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;

13
robotnix/payton.nix Normal file
View File

@@ -0,0 +1,13 @@
{...}: {
flavor = "lineageos";
# motorola moto x4 (payton)
device = "payton";
# latest supported version:
# check https://download.lineageos.org/devices/payton/builds
flavorVersion = "22.2";
apps.fdroid.enable = true;
microg.enable = true;
}

9
secrets/conduit-secretFile.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg x0n1JToeD7bRsDYJpv0HFzQYB9YxxiSqt+dG6elG1Eg
vspLec9Vm6fvJnlDGjzezThc1qeIYyWncBxYwsE/6rg
-> ssh-ed25519 UHxfvA nOlZo53SINXJs8tt/vdoiGjMnIW/lYZVdI8TJfAFqxE
XlxvrHDFlm8c7odfNbBw0/QeYuCj5e4VValql5JNNgg
-> ssh-ed25519 yXDKAA Rf+obXBUKxOcMqrb6rlOSfZGyjkj1PnRvHUSDToj6Tw
XV/3FmC48Wcg9r3C5soRKBwOcBgat2ueAa8pU1MUYLE
--- l/eEq13iyiddR9Rgf47Mv8JxPfjINwCnU4pd3KyxMVQ
^P%ÔϦ‚Û}ÌÝM¤Ñù&ߢهóQ¬?d^ØYú Ã~øTuÃï±oÍfž´·7¬nÙ'!'͓ㆆµ]d͇0>vÆÇŸ¸Ü.Ÿ€E]˜šÔ‡|‰>d— *wDÉ<44>¿­à<C2AD>­)cH<63>êÁ@W<>v*šWk<57>õéN¤ÎRßF I@¶ê;9=u¬Í¬°°Ï„Œ,—‘©)Ÿ>bÁÝ:O«Jð=´W

5
secrets/secrets.nix
View File

@@ -8,6 +8,11 @@ in {
"andromeda-pw.age".publicKeys = [andromeda lenovo];
"mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
# contains the following env
# CONDUIT_JWT_SECRET
# CONDUIT_TURN_SECRET
"conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
# dkim private keys
"dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];

8
substitutors.nix Normal file
View File

@@ -0,0 +1,8 @@
{
# spectrum
nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
];
}

76
users/andromeda/home.nix
View File

@@ -39,6 +39,7 @@ in {
pkgs.grim
pkgs.jmtpfs
pkgs.nix-output-monitor
pkgs.npins
pkgs.ranger
pkgs.rip2
pkgs.ripgrep
@@ -97,79 +98,18 @@ in {
cfg.enableTridactylNative = true;
};
profiles.${config.home.username} = {
extensions.packages = [
extensions = {
force = true;
packages = [
pkgs.nur.repos.rycee.firefox-addons.tridactyl
];
};
search = {
default = "repos";
privateDefault = "ddghtml";
default = "DuckDuckGo (HTML)";
privateDefault = "DuckDuckGo (HTML)";
order = [
"wiki"
"options"
"packages"
"repos"
"DuckDuckGo (HTML)"
];
engines = {
"packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
};
"options" = {
urls = [
{
template = "https://search.nixos.org/options";
params = [
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
};
"wiki" = {
urls = [
{
template = "https://wiki.nixos.org/w/index.php";
params = [
{
name = "search";
value = "{searchTerms}";
}
];
}
];
};
"repos" = {
template = "https://html.duckduckgo.com/html/";
params = [
{
name = "q";
value = "{searchTerms}+(site:*.gitlab.org OR site:github.com OR site:git.mtgmonkey.net OR site:sr.ht)";
}
];
};
};
};
settings = {
"extensions.autoDisableScopes" = 0;

10
users/andromeda/sway_config
View File

@@ -55,6 +55,12 @@ bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 0
seat * hide_cursor 100
input type:touchpad events disabled
bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
bindsym $mod+f fullscreen
bindsym $mod+Shift+space floating toggle
bindsym $mod+Shift+minus move scratchpad
@@ -64,8 +70,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+
default_border none
font pango:monospace 0.001