Modules/Packages: Add lmstudio

Modules/Neovim: Disable opencode diff popup tab
Home/Nixinator: Configure opencode lsps + formatters
2026-06-14 21:01:24 +02:00 · 2026-06-14 21:01:18 +02:00 · 2026-06-14 21:01:02 +02:00 · 2026-06-13 17:53:45 +02:00 · 2026-06-13 15:55:39 +02:00 · 2026-06-13 14:42:10 +02:00
13 changed files with 181 additions and 202 deletions
--- a/FastFetch.png
+++ b/FastFetch.png
--- a/NeoVim.png
+++ b/NeoVim.png
--- a/README.md
+++ b/README.md
@ -1,159 +1,43 @@
-# NixFlake
+# NixOS Configuration

-NixOS flake with [Niri](https://github.com/niri-wm/niri), [Waybar](https://github.com/Alexays/Waybar) for a lightweight desktop and [home-manager](https://github.com/nix-community/home-manager) for declarative `~/` configuration.
+Modular NixOS configuration, using [Niri](https://github.com/niri-wm/niri) and [Waybar](https://github.com/Alexays/Waybar) for a light desktop.

-## Screenshots
+![](FastFetch.png)
+![](Darwin.png)

-![Fastfetch](FastFetch.png)
+To install, run `nixos-rebuild` with the `--flake` parameter from the `NixFlake` directory: `nixos-rebuild switch --flake .#nixinator`.
+Alternatively, use `nh os switch` or `nh os boot`.

-![Neovim](NeoVim.png)
+## NixFlake/system

-![Darwin](Darwin.png)
+Contains all the system configurations.

-## Hosts
+- There is a common configuration used for all systems: `NixFlake/system/default.nix`
+- Every system has its own special configuration: `NixFlake/system/<hostname>/default.nix`
+- System modules are located in `NixFlake/system/systemmodules`
+- Hosted services are located in `NixFlake/system/services`

-| Host | Type | GPU | Features |
-|-|-|-|-|
-| `nixinator` | Desktop (x86_64) | NVIDIA | [disko](https://github.com/nix-community/disko) partitioning, [lanzaboote](https://github.com/nix-community/lanzaboote) Secure Boot, [impermanence](https://github.com/nix-community/impermanence) opt-in state, [sops-nix](https://github.com/Mic92/sops-nix) secrets |
-| `nixtop` | Laptop (x86_64) | Intel | Obsolete trash computer |
-| `servenix` | Headless (x86_64) | NVIDIA | Jellyfin, Nextcloud, Gitea, ... |
-| `thinknix` | Headless (x86_64) | - | AdGuard DNS, Nginx, ... |
-| `darwinix` | macOS (aarch64) | - | nix-darwin with home-manager |
+When creating a NixOS configuration inside the `NixFlake/flake.nix` the common configuration is imported.
+Because the hostname is propagated to the common configuration, it can import the host-specific config by itself.

-## Usage
+## NixFlake/home

-```bash
-# Enter dev shell (provides helper utilities)
-nix develop
+Contains all the home-manager configurations.

-# Rebuild system + user config together
-nh os switch
-nh os boot
+- There is a common configuration for each user: `NixFlake/home/<username>/default.nix`
+- There is a configuration for a single system of this user: `NixFlake/home/<username>/<hostname>/default.nix`
+- Home-Manager modules are located in `NixFlake/home/homemodules`

-# Or with nixos-rebuild
-sudo nixos-rebuild switch --flake .#nixinator
-```
+When creating a NixOS configuration inside the `NixFlake/flake.nix` the common configuration is imported.
+Because the hostname is propagated to the common configuration, it can import the host-specific config by itself.

-## Info
+## NixFlake/derivations

-Home-manager runs as a NixOS module (not standalone). A single `nixos-rebuild switch` rebuilds both system and user configuration together.
+Contains all the stuff I packaged.
+Each derivation is loaded into `NixFlake/derivations/default.nix`.

-### Components
+## NixFlake/overlays

-Per-host config consists of three layers:
-
-1. **Common Config**: `system/default.nix` (NixOS) / `home/christoph/default.nix` (home-manager)
-2. **Host Config**: `system/<hostname>/default.nix` (NixOS) / `home/christoph/<hostname>/default.nix` (home-manager)
-3. **Hardware**: `system/<hostname>/hardware-configuration.nix`
-
-### Modules
-
-There are two module hierarchies (NixOS and home-manager modules):
-
-```
-system/systemmodules/<name>/        home/homemodules/<name>/
- options.nix # declares options    - options.nix # declares options
- default.nix # implementation      - default.nix # implementation
-```
-
-## Files
-
-```
-NixFlake/
-├── flake.nix              # flake entrypoint: inputs, outputs, host definitions
-├── flake.lock             # flake lockfile
-├── shell.nix              # dev shell (nix develop)
-├── system/                # NixOS system configurations
-│   ├── default.nix        # global system defaults (all hosts)
-│   ├── <hostname>/        # per-host overrides + hardware-config
-│   ├── systemmodules/     # reusable system modules
-│   └── services/          # OCI container services
-├── home/                  # home-manager user configuration
-│   └── christoph/
-│       ├── default.nix    # global user defaults
-│       ├── <hostname>/    # per-host user overrides
-│       └── homemodules/   # reusable home-manager modules
-├── lib/                   # shared helpers
-├── derivations/           # custom packages
-├── overlays/              # package overrides
-├── config/                # linked dotfiles
-└── wallpapers/            # backgrounds
-```
-
-## System Modules
-
-| Module | Description |
-|--------|-------------|
-| `bootloader` | systemd-boot, lanzaboote Secure Boot signing |
-| `desktopportal` | xdg-desktop-portal backends (Niri, GTK) |
-| `docker` | Docker / podman daemon config |
-| `fonts` | System fonts and fontconfig |
-| `impermanence` | Opt-in state persistence (wipes `/` on boot) |
-| `mime` | MIME type associations |
-| `network` | systemd-networkd wired/wireless config |
-| `polkit` | Polkit rules for desktop users |
-| `sops-nix` | Secrets decryption at boot |
-
-## Home-Manager Modules
-
-### Shell & Terminal
-`fish` `terminal` `kitty` `tmux` `paths`
-
-### Editors
-`neovim` `vscode` `zed`
-
-### Desktop / WM
-`niri` `waybar` `rofi` `color` `fcitx`
-
-### Media
-`mpd` `rmpc` `cava` `beets` `jellyfin-tui`
-
-### Browsers
-`firefox` `qutebrowser`
-
-### Tools
-`git` `ssh` `bat` `btop` `fastfetch` `lazygit` `yazi` `zathura`
-
-## Services
-
-All server services run as OCI containers (podman). Each service is defined in `system/services/<name>.nix`.
-
-| Service | Purpose |
-|---------|---------|
-| `adguard` | DNS ad blocking |
-| `authelia` | SSO |
-| `fileflows` | Media processing |
-| `gitea` | Git server |
-| `immich` | Photo cloud |
-| `jellyfin` | Streaming server |
-| `kiwix` | Offline mirrors |
-| `kopia` | Docker volume backup |
-| `nextcloud` | File sync |
-| `nginx-proxy-manager` | Reverse proxy with Let's Encrypt |
-| `ntfy` | Push notification server |
-| `paperless` | Document management |
-| `portainer` | Container status monitor |
-| `teamspeak` | Voice chat server |
-| `tinymediamanager` | Media metadata management |
-
-## Overlays
-
-Package modifications live in `overlays/default.nix`.
-
-## Secrets
-
-Secrets are managed with sops-nix. Public age keys are stored in `flake.nix` under `publicKeys`. Encrypted `.yaml`/`.json` files are referenced via `sops.secrets.<name>`. Decryption happens at activation time.
-
-## Shared Helpers (`lib/`)
-
-| File | Purpose |
-|------|---------|
-| `nixos.nix` | Host config builders (NixOS + darwin) |
-| `modules.nix` | Option helpers |
-| `networking.nix` | systemd-networkd config generators |
-| `generators.nix` | Lua code generation |
-| `containers.nix` | OCI container helpers for services |
-| `color.nix` | Color utilities |
-| `rofi.nix` | Rofi menu helpers |
-
-Available to all modules as `mylib` (injected via special args).
+Contains all overlays, e.g. package version overrides.
+The `NixFlake/overlays/default.nix` imports all overlays and all derivations.
+It is then imported by the top-level `NixFlake/flake.nix`, to make everything available to the system/home configurations.
--- a/home/christoph/nixinator/default.nix
+++ b/home/christoph/nixinator/default.nix
@ -137,60 +137,10 @@
          };
          permission = {
            "*" = "ask";
-            "bash" = {
-              "*" = "ask";
-              "ls *" = "allow";
-              "find *" = "ask"; # Don't want find -exec
-              "file *" = "allow";
-              "wc *" = "allow";
-              "grep *" = "allow";
-              "rg *" = "allow";
-              "test *" = "allow";
-              "echo *" = "allow";
-              "which *" = "allow";
-              "pwd *" = "allow";
-              "dirname *" = "allow";
-              "basename *" = "allow";
-              "readlink *" = "allow";
-
-              "cat *.env" = "deny";
-              "cat *.env.*" = "deny";
-              "cat *.env.example" = "allow";
-              "printenv *" = "deny";
-              "env *" = "deny";
-
-              "nix eval *" = "allow";
-              "nix flake metadata *" = "allow";
-              "nix flake show *" = "allow";
-              "nix path-info *" = "allow";
-              "nix why-depends *" = "allow";
-              "nix derivation show *" = "allow";
-              "nix store ping *" = "allow";
-              "nix stire diff-closures *" = "allow";
-
-              "git status *" = "allow";
-              "git log *" = "allow";
-              "git diff *" = "allow";
-            };
-            "external_directory" = {
-              "/nix/store/**" = "allow";
-              "/tmp" = "allow";
-              "/tmp/*" = "allow";
-            };
-            "read" = {
-              "*" = "allow";
-              "*.env" = "deny";
-              "*.env.*" = "deny";
-              "*.env.example" = "allow";
-            };
+            "read" = "allow";
            "grep" = "allow";
            "glob" = "allow";
            "lsp" = "allow";
-            "skill" = "allow";
-            "task" = "ask";
-            "todowrite" = "allow";
-            "webfetch" = "allow";
-            "websearch" = "allow";
            "question" = "allow";
          };
          plugin = [
--- a/lib/nixos.nix
+++ b/lib/nixos.nix
@ -23,11 +23,15 @@
      substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
+        # "https://comfyui.cachix.org"
+        # "https://ai.cachix.org"
        # "https://app.cachix.org/cache/nixos-rocm"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        # "comfyui.cachix.org-1:33mf9VzoIjzVbp0zwj+fT51HG0y31ZTK3nzYZAX0rec="
+        # "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
        # "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE="
      ];
    };
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@ -12,6 +12,7 @@
    ./disks.nix

    # General services
+    ../services/comfyui.nix
    ../services/fileflows-node.nix
  ];

--- a/system/nixinator/hardware-configuration.nix
+++ b/system/nixinator/hardware-configuration.nix
@ -121,6 +121,12 @@
      fsType = "nfs";
      options = ["defaults" "rw" "noatime" "_netdev" "bg" "hard"];
    };
+
+    "/media/Box" = {
+      device = "192.168.86.20:/mnt/Seagate4TB/Box";
+      fsType = "nfs";
+      options = ["defaults" "rw" "relatime" "_netdev" "bg" "hard"];
+    };
  };

  swapDevices = [
--- a/system/servenix/default.nix
+++ b/system/servenix/default.nix
@ -24,6 +24,7 @@
    # General services
    ../services/authelia.nix
    ../services/bazarr.nix
+    ../services/box.nix
    ../services/fileflows.nix
    ../services/gitea.nix
    ../services/immich.nix
--- a/system/servenix/hardware-configuration.nix
+++ b/system/servenix/hardware-configuration.nix
@ -69,6 +69,12 @@
      fsType = "nfs";
      options = ["defaults" "rw" "relatime" "_netdev" "bg" "hard"];
    };
+
+    "/media/Box" = {
+      device = "192.168.86.20:/mnt/Seagate4TB/Box";
+      fsType = "nfs";
+      options = ["defaults" "rw" "relatime" "_netdev" "bg" "hard"];
+    };
  };

  swapDevices = [
--- a/system/services/box.nix
+++ b/system/services/box.nix
@ -0,0 +1,53 @@
+{
+  mylib,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  boxVersion = "v0.31.0";
+in {
+  virtualisation.oci-containers.containers = {
+    box = {
+      image = "stashapp/stash:${boxVersion}";
+      autoStart = true;
+
+      login = mylib.containers.mkDockerLogin config;
+
+      dependsOn = [];
+
+      ports = [
+        # "9999:9999"
+      ];
+
+      volumes = [
+        "/etc/localtime:/etc/localtime:ro"
+
+        "/media/Box:/data"
+
+        "box_config:/root/.stash"
+        "box_metadata:/metadata"
+        "box_cache:/cache"
+        "box_blobs:/blobs"
+        "box_generated:/generated"
+      ];
+
+      environment = {
+        PUID = "3000";
+        PGID = "3000";
+        TZ = "Europe/Berlin";
+
+        STASH_STASH = "/data/";
+        STASH_GENERATED = "/generated/";
+        STASH_METADATA = "/metadata/";
+        STASH_CACHE = "/cache/";
+      };
+
+      extraOptions = [
+        "--privileged"
+        "--device=nvidia.com/gpu=all"
+        "--net=behind-nginx"
+      ];
+    };
+  };
+}
--- a/system/services/comfyui.nix
+++ b/system/services/comfyui.nix
@ -0,0 +1,79 @@
+{
+  mylib,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  # comfyuiVersion = "cu128-slim-20260316";
+  # comfyuiVersion = "cu128-megapak-20260413";
+  # comfyuiVersion = "cu130-megapak-pt211-20260413";
+  # comfyuiVersion = "cu130-megapak-pt211-20260508";
+  comfyuiVersion = "cu130-megapak-pt211-20260604";
+in {
+  virtualisation.oci-containers.containers = {
+    comfyui = {
+      image = "yanwk/comfyui-boot:${comfyuiVersion}";
+      autoStart = false;
+
+      login = mylib.containers.mkDockerLogin config;
+
+      dependsOn = [];
+
+      ports = [
+        "8188:8188"
+      ];
+
+      volumes = let
+        rootDir = "/home/christoph/Games/ComfyUI";
+      in [
+        # cu128-slim / cu128-megapak
+        # "${rootDir}/storage:/root"
+        # "${rootDir}/storage-models/models:/root/ComfyUI/models"
+        # "${rootDir}/storage-models/hf-hub:/root/.cache/huggingface/hub"
+        # "${rootDir}/storage-models/torch-hub:/root/.cache/torch/hub"
+        # "${rootDir}/storage-user/input:/root/ComfyUI/input"
+        # "${rootDir}/storage-user/output:/root/ComfyUI/output"
+        # "${rootDir}/storage-user/workflows:/root/ComfyUI/user/default/workflows"
+
+        # cu130-megapak
+        "${rootDir}/storage-cache/dot-cache:/root/.cache"
+        "${rootDir}/storage-cache/dot-config:/root/.config"
+        "${rootDir}/storage-nodes/dot-local:/root/.local"
+        "${rootDir}/storage-nodes/comfy-extras:/root/ComfyUI/comfy_extras"
+        "${rootDir}/storage-nodes/custom_nodes:/root/ComfyUI/custom_nodes"
+        "${rootDir}/storage-models/models:/root/ComfyUI/models"
+        "${rootDir}/storage-models/hf-hub:/root/.cache/huggingface/hub"
+        "${rootDir}/storage-models/torch-hub:/root/.cache/torch/hub"
+        "${rootDir}/storage-user/input:/root/ComfyUI/input"
+        "${rootDir}/storage-user/output:/root/ComfyUI/output"
+        "${rootDir}/storage-user/user-profile:/root/ComfyUI/user"
+        "${rootDir}/storage-user/user-scripts:/root/user-scripts"
+      ];
+
+      environment = {
+        PUID = "1000";
+        PGID = "1000";
+        TZ = "Europe/Berlin";
+
+        # https://github.com/Comfy-Org/ComfyUI/blob/master/comfy/cli_args.py
+        CLI_ARGS = lib.concatStringsSep " " [
+          # "--cache-none" # Leads to single nodes being executed multiple times for each output connection :/
+          # "--lowvram"
+          # "--disable-smart-memory"
+          # "--disable-pinned-memory"
+          # "--disable-dynamic-vram"
+          # "--disable-xformers"
+          # "--use-sage-attention" # Crashes
+          # "--reserve-vram 1" # (1 or 2) => Assume less vram is available to mitigate OOM due to wrong vram estimation
+        ];
+      };
+
+      extraOptions = [
+        "--privileged"
+        "--device=nvidia.com/gpu=all"
+        # "--net=behind-nginx"
+      ];
+    };
+  };
+}
--- a/system/services/nextcloud.nix
+++ b/system/services/nextcloud.nix
@ -5,7 +5,7 @@
  pkgs,
  ...
 }: let
-  nextcloudVersion = "33.0.5-apache";
+  nextcloudVersion = "31.0.6-apache";
 in {
  systemd.services.nextcloud-cron = {
    enable = true;
--- a/system/systemmodules/impermanence/default.nix
+++ b/system/systemmodules/impermanence/default.nix
@ -70,6 +70,7 @@ in {
          (mkRDir "/usr/systemd-placeholder" m755)

          # TODO: Why does this use the mandb user?
+          # TODO: Why does this apparently conflict with comfyui-nix?
          # (mkDir "mandb" "/var/cache/man" m755)

          # (mkRDir "/var/cache/restic-backups-synology" m755)
@ -125,7 +126,6 @@ in {
            (mkUDir ".docker" m755)
            # (mkUDir ".gradle" m755) # Unity
            (mkUDir ".java" m755) # JetBrains
-            (mkUDir ".lmstudio" m755)
            (mkUDir ".MakeMKV" m755)
            (mkUDir ".mozilla/firefox" m755) # TODO: Remove this someday
            (mkUDir ".mozilla/native-messaging-hosts" m755)
@ -143,16 +143,12 @@ in {

            # Cache that's actually useful
            (mkUDir ".cache/claude-cli-nodejs" m755)
-            (mkUDir ".cache/elephant" m755)
            (mkUDir ".cache/fish/generated_completions" m755)
-            (mkUDir ".cache/nix" m755)
            (mkUDir ".cache/nix-index" m755)
            (mkUDir ".cache/nix-search-tv" m755)
            (mkUDir ".cache/nvim" m755)
            (mkUDir ".cache/JetBrains" m755)
            (mkUDir ".cache/keepassxc" m755)
-            (mkUDir ".cache/opencode" m755)
-            (mkUDir ".cache/uv" m755)

            # Config
            # (mkUDir ".config/.android" m755) # Unity
@ -171,7 +167,6 @@ in {
            (mkUDir ".config/JetBrains" m755)
            (mkUDir ".config/kdeconnect" m755)
            (mkUDir ".config/keepassxc" m755)
-            (mkUDir ".config/LM Studio" m755)
            (mkUDir ".config/Msty" m755)
            (mkUDir ".config/Nextcloud" m755)
            # (mkUDir ".config/niri/dms" m755)