2026-03-09 03:53:11 +00:00
9 changed files with 273 additions and 330 deletions
--- a/README.md
+++ b/README.md
@ -25,7 +25,7 @@ sudo cp {/mnt,/mnt/persist}/etc/machine-id
 ## Erasure

 ```nix
-  boot.initrd.postResumeCommands = lib.mkAfter /* bash */ ''
+  boot.initrd.postResumeCommands = lib.mkAfter ''
    mkdir /btrfs_tmp
    mount /dev/mapper/crypted /btrfs_tmp
    if [[ -e /btrfs_tmp/root ]]; then
--- a/hosts/muvo/home.nix
+++ b/hosts/muvo/home.nix
@ -21,7 +21,6 @@ in {
  mods.desktop.development.enable = true;
  mods.desktop.productivity.enable = false;
  mods.zen.enable = true;
-  mods.theme.slideshow.enable = true;

  home.packages = with pkgs; [
    pulseaudio
@ -36,6 +35,9 @@ in {
    enable = true;
    hooks.postswitch = {
      "notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
+      "set-wallpaper" = ''
+        ${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
+      '';
    };
  };

--- a/modules/home/desktop/default.nix
+++ b/modules/home/desktop/default.nix
@ -14,7 +14,6 @@ in {
    ./productivity.nix
    ./media.nix
    ./zen.nix
-    ./theme.nix
  ];

  mods.hyprland.enable = lib.mkIf cfg.wayland.enable true;
--- a/modules/home/desktop/development.nix
+++ b/modules/home/desktop/development.nix
@ -12,9 +12,7 @@

    programs.nyxt = {
      enable = false;
-      config =
-        # lisp
-        ''
+      config = ''
        (in-package #:nyxt-user)

        (defvar *my-search-engines*
@ -75,9 +73,7 @@
        hm = "https://home-manager-options.extranix.com/?release=master&query={}";
      };

-      extraConfig =
-        # py
-        ''
+      extraConfig = ''
        host = c.content.blocking.hosts.lists.append
        host("https://www.github.developerdan.com/hosts/lists/facebook-extended.txt")

--- a/modules/home/desktop/theme.nix
+++ b/modules/home/desktop/theme.nix
@ -1,24 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: let
-  cfg = config.mods.theme.slideshow;
-in {
-  options.mods.theme.slideshow = {
-    enable = lib.mkEnableOption "enables slideshow wallpaper";
-    folder = lib.mkOption {
-      default = "%h/misc/pictures/wallpapers";
-      description = "slideshow wallpaper folder";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.random-background = lib.mkIf cfg.enable {
-      enable = true;
-      imageDirectory = cfg.folder;
-      enableXinerama = true;
-      interval = "1s";
-    };
-  };
-}
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@ -1,22 +1,14 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
+{ pkgs, lib, config, ... }:
 with lib; {
  options.mods.impermanence.enable = mkEnableOption "enables impermanence";

  config = mkIf config.mods.impermanence.enable {
    environment.persistence."/persist" = {
-      directories = ["/var/lib/nixos" "/var/lib/systemd/coredump"];
-      files = ["/var/lib/sops-nix/key.txt" "/etc/machine-id"];
+      directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" ];
+      files = [ "/var/lib/sops-nix/key.txt" "/etc/machine-id" ];
    };

-    boot.initrd.postResumeCommands =
-      lib.mkAfter # sh
-      
-      ''
+    boot.initrd.postResumeCommands = lib.mkAfter ''
      mkdir /btrfs_tmp
      mount /dev/mapper/crypted /btrfs_tmp
      if [[ -e /btrfs_tmp/root ]]; then
--- a/modules/nixos/server/grav/service.nix
+++ b/modules/nixos/server/grav/service.nix
@ -1,20 +1,10 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit
-    (lib)
-    generators
-    mapAttrs
-    mkDefault
-    mkEnableOption
-    mkIf
-    mkPackageOption
-    mkOption
-    types
-    ;
+{ config, lib, pkgs, ... }:
+
+let
+
+  inherit (lib)
+    generators mapAttrs mkDefault mkEnableOption mkIf mkPackageOption mkOption
+    types;

  cfg = config.mods.services.grav;

@ -22,9 +12,9 @@

  poolName = "grav";

-  pkgs_grav = pkgs.callPackage ./package.nix {};
+  pkgs_grav = pkgs.callPackage ./package.nix { };

-  servedRoot = pkgs.runCommand "grav-served-root" {} ''
+  servedRoot = pkgs.runCommand "grav-served-root" { } ''
    cp --reflink=auto --no-preserve=mode -r ${pkgs_grav} $out

    for p in assets images user system/config; do
@ -32,8 +22,10 @@
      ln -sf /var/lib/grav/$p $out/$p
    done
  '';
+
  # systemSettingsYaml =
  #   yamlFormat.generate "grav-settings.yaml" cfg.systemSettings;
+
 in {
  options.mods.services.grav = {
    enable = mkEnableOption "grav";
@ -78,7 +70,7 @@ in {
      default = 3000;
    };

-    phpPackage = mkPackageOption pkgs "php" {};
+    phpPackage = mkPackageOption pkgs "php" { };

    maxUploadSize = mkOption {
      type = types.str;
@ -105,10 +97,7 @@ in {
        group = "grav";

        phpPackage = cfg.phpPackage.buildEnv {
-          extensions = {
-            all,
-            enabled,
-          }:
+          extensions = { all, enabled }:
            with all; [
              apcu
              ctype
@ -126,9 +115,8 @@ in {
              zip
            ];

-          extraConfig =
-            generators.toKeyValue {
-              mkKeyValue = generators.mkKeyValueDefault {} " = ";
+          extraConfig = generators.toKeyValue {
+            mkKeyValue = generators.mkKeyValueDefault { } " = ";
          } {
            output_buffering = "0";
            short_open_tag = "Off";
@ -181,12 +169,10 @@ in {
        ${cfg.virtualHost} = {
          root = "${servedRoot}";

-          listen = [
-            {
+          listen = [{
            addr = cfg.addr;
            port = cfg.port;
-            }
-          ];
+          }];

          locations = {
            "= /robots.txt" = {
@ -216,7 +202,8 @@ in {
            };

            # deny running scripts inside core system folders
-            "~* /(system|vendor)/.*\\.(txt|xml|md|html|htm|shtml|shtm|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = {
+            "~* /(system|vendor)/.*\\.(txt|xml|md|html|htm|shtml|shtm|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" =
+              {
                priority = 300;
                extraConfig = ''
                  return 403;
@ -224,7 +211,8 @@ in {
              };

            # deny running scripts inside user folder
-            "~* /user/.*\\.(txt|md|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = {
+            "~* /user/.*\\.(txt|md|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" =
+              {
                priority = 300;
                extraConfig = ''
                  return 403;
@ -232,7 +220,8 @@ in {
              };

            # deny access to specific files in the root folder
-            "~ /(LICENSE\\.txt|composer\\.lock|composer\\.json|nginx\\.conf|web\\.config|htaccess\\.txt|\\.htaccess)" = {
+            "~ /(LICENSE\\.txt|composer\\.lock|composer\\.json|nginx\\.conf|web\\.config|htaccess\\.txt|\\.htaccess)" =
+              {
                priority = 300;
                extraConfig = ''
                  return 403;
@ -256,9 +245,7 @@ in {
            };
          };

-          extraConfig =
-            # sh
-            ''
+          extraConfig = ''
            index index.php index.html /index.php$request_uri;
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
@ -281,10 +268,8 @@ in {
      };
    };

-    systemd.tmpfiles.rules = let
-      datadir = "/var/lib/grav";
-    in
-      map (dir: "d '${dir}' 0750 grav grav - -") [
+    systemd.tmpfiles.rules = let datadir = "/var/lib/grav";
+    in map (dir: "d '${dir}' 0750 grav grav - -") [
      "/var/cache/grav"
      "${datadir}/assets"
      "${datadir}/backup"
@ -302,7 +287,7 @@ in {
    systemd.services = {
      "phpfpm-${poolName}" = mkIf (cfg.pool == "${poolName}") {
        # restartTriggers = [ servedRoot systemSettingsYaml ];
-        restartTriggers = [servedRoot];
+        restartTriggers = [ servedRoot ];

        serviceConfig = {
          ExecStartPre = pkgs.writeShellScript "grav-pre-start" ''
@ -344,6 +329,6 @@ in {
      group = "grav";
    };

-    users.groups.grav = {members = [config.services.nginx.user];};
+    users.groups.grav = { members = [ config.services.nginx.user ]; };
  };
 }
--- a/modules/nixos/server/nginx.nix
+++ b/modules/nixos/server/nginx.nix
@ -1,12 +1,9 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
+{ pkgs, lib, config, ... }:
+let
+
  cfg = config.mods.server.nginx;
-in
-  with lib; {
+
+in with lib; {
  options.mods.server.nginx = {
    enable = mkEnableOption {
      default = false;
@ -25,14 +22,14 @@ in

    ports = mkOption {
      type = types.attrsOf (types.ints.u16);
-        default = {};
+      default = { };
    };
  };

  config = mkIf cfg.enable {
    # ACME won't be able to authenticate your domain
    # if ports 80 & 443 aren't open in your firewall.
-      networking.firewall = {allowedTCPPorts = [443 80];};
+    networking.firewall = { allowedTCPPorts = [ 443 80 ]; };
    security.acme.defaults.email = "acme@muon.host";
    security.acme.acceptTerms = true;

@ -47,9 +44,7 @@ in
      # Only allow PFS-enabled ciphers with AES256
      # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";

-        appendHttpConfig =
-          # sh
-          ''
+      appendHttpConfig = ''
        # Add HSTS header with preloading to HTTPS requests.
        # Adding this header to HTTP requests is discouraged
        # map $scheme $hsts_header {
@ -101,12 +96,10 @@ in
              proxyWebsockets = true;
            };
          };
-        in
-          mapAttrs' (name: port:
-            nameValuePair "${name}.${cfg.domain}"
+      in mapAttrs' (name: port:
+        nameValuePair ("${name}.${cfg.domain}")
        # (proxy port // { default = true; })) cfg.ports;
-            (proxy port))
-          cfg.ports;
+        (proxy port)) cfg.ports;
    };
  };
-  }
+}
--- a/modules/nixos/theme/default.nix
+++ b/modules/nixos/theme/default.nix
@ -20,17 +20,18 @@ in {
  };

  config = lib.mkIf cfg.enable {
-    stylix = {
-      enable = true;
-      autoEnable = true;
-      base16Scheme = cfg.scheme;
-      image = cfg.wallpaper;
-      cursor = {
+    stylix.enable = true;
+    stylix.autoEnable = true;
+    stylix.base16Scheme = cfg.scheme;
+    stylix.image = cfg.wallpaper;
+
+    stylix.cursor = {
      name = "phinger-cursors-light";
      package = pkgs.phinger-cursors;
      size = 16;
    };
-      fonts = {
+
+    stylix.fonts = {
      monospace = {
        package = pkgs.nerd-fonts.commit-mono;
        name = "CommitMono Nerd Font";
@ -42,7 +43,6 @@ in {
      serif = config.stylix.fonts.monospace;
      sansSerif = config.stylix.fonts.monospace;
    };
-    };

    fonts.packages = with pkgs; [
      openmoji-color