dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Compare commits

base: dadada:main
Branches Tags
dadada:main
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1
..
compare: dadada:dependabot/github_actions/cachix/install-nix-action-27
Branches Tags
dadada:main
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1

1 commit
main ... dependabot

Author SHA1 Message Date
dependabot[bot]
c341cbe07f
build(deps): bump cachix/install-nix-action from 26 to 27 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 26 to 27.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v26...V27)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-20 01:00:22 +00:00
39 changed files with 511 additions and 909 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/nix-flake-check.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v26
- uses: cachix/install-nix-action@V27
with:
nix_path: nixpkgs=channel:nixos-stable
extra_nix_config: |

2
admins.nix
View file

@ -2,7 +2,7 @@
dadada = {
shell = "zsh";
keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada <dadada@dadada.li>"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada <dadada@dadada.li>"
];
};

1
devshell.nix
View file

@ -8,6 +8,7 @@
agenix
nixpkgs-fmt
nixos-rebuild
nil
];
commands = [

128
flake.lock generated
View file

@ -47,16 +47,17 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
@ -68,11 +69,11 @@
"flake-registry": {
"flake": false,
"locked": {
"lastModified": 1744623129,
"narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=",
"lastModified": 1705308826,
"narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=",
"owner": "NixOS",
"repo": "flake-registry",
"rev": "1322f33d5836ae757d2e6190239252cf8402acf6",
"rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd",
"type": "github"
},
"original": {
@ -82,17 +83,35 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -129,15 +148,16 @@
]
},
"locked": {
"lastModified": 1747439237,
"narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=",
"lastModified": 1715381426,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
@ -145,24 +165,26 @@
"homepage": {
"flake": false,
"locked": {
"lastModified": 1727338449,
"narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=",
"rev": "60398d3d728a0057b4cad49879ef637c06b28371",
"type": "tarball",
"url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371"
"lastModified": 1714328013,
"narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=",
"owner": "dadada",
"repo": "dadada.li",
"rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"
"owner": "dadada",
"repo": "dadada.li",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"lastModified": 1712450863,
"narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"rev": "3c62b6a12571c9a7f65ab037173ee153d539905f",
"type": "github"
},
"original": {
@ -179,11 +201,11 @@
]
},
"locked": {
"lastModified": 1742568034,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"lastModified": 1713783234,
"narHash": "sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE+9ytRWxsA5aWtmyI=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"rev": "722b512eb7e6915882f39fff0e4c9dd44f42b77e",
"type": "github"
},
"original": {
@ -194,11 +216,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1747129300,
"narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
"lastModified": 1715881357,
"narHash": "sha256-hOveC1aYL4tInMYw4gBxwctYqLrlqrkppW82752ZhOA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e81fd167b33121269149c57806599045fd33eeed",
"rev": "d68be3e5e21d829ebce080d96747508fc27ea4e3",
"type": "github"
},
"original": {
@ -210,32 +232,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1747327360,
"narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
"lastModified": 1715668745,
"narHash": "sha256-xp62OkRkbUDNUc6VSqH02jB0FbOS+MsfMb7wL1RJOfA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
"rev": "9ddcaffecdf098822d944d4147dd8da30b4e6843",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-small": {
"locked": {
"lastModified": 1747452614,
"narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e067fb89ac3e59f993f257c799318132f1492f01",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
@ -245,14 +251,13 @@
"agenix": "agenix",
"devshell": "devshell",
"flake-registry": "flake-registry",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"home-manager": "home-manager_2",
"homepage": "homepage",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-small": "nixpkgs-small",
"systems": "systems",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
}
},
@ -271,6 +276,21 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -278,11 +298,11 @@
]
},
"locked": {
"lastModified": 1747469671,
"narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=",
"lastModified": 1714058656,
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb",
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github"
},
"original": {

7
flake.nix
View file

@ -2,19 +2,18 @@
description = "dadada's nix flake";
inputs = {
nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
home-manager = {
url = "github:nix-community/home-manager";
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
homepage = {
url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz";
url = "github:dadada/dadada.li";
flake = false;
};
agenix = {

27
home/dconf.nix
View file

@ -1,11 +1,6 @@
{ lib, pkgs, ... }:
{ lib, ... }:
with lib.hm.gvariant;
{
home.packages = [
pkgs.adwaita-icon-theme
pkgs.adwaita-qt
];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/shell" = {
favorite-apps = [
@ -18,11 +13,7 @@ with lib.hm.gvariant;
};
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = [
"system-monitor@gnome-shell-extensions.gcampax.github.com"
"switcher@landau.fi"
];
disable-user-extensions = true;
};
"org/gnome/desktop/calendar" = {
@ -41,21 +32,19 @@ with lib.hm.gvariant;
clock-show-date = true;
clock-show-seconds = false;
clock-show-weekday = true;
cursor-theme = "Adwaita";
enable-animations = true;
enable-hot-corners = false;
font-antialiasing = "grayscale";
font-hinting = "slight";
font-name = "Cantarell 10";
font-name = "Cantarell";
gtk-enable-primary-paste = false;
gtk-key-theme = "Emacs";
gtk-theme = "Adwaita";
color-scheme = "prefer-light";
icon-theme = "Adwaita";
locate-pointer = false;
monospace-font-name = "JetBrains Mono 10";
show-battery-percentage = false;
#text-scaling-factor = 1.0;
text-scaling-factor = 1.0;
toolkit-accessibility = false;
};
@ -179,11 +168,11 @@ with lib.hm.gvariant;
};
"org/gnome/settings-daemon/plugins/power" = {
idle-dim = true;
power-button-action = "interactive";
idle-dim = false;
power-button-action = "hibernate";
power-saver-profile-on-low-battery = true;
sleep-inactive-ac-type = "blank";
sleep-inactive-battery-timeout = 600;
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-timeout = 3600;
sleep-inactive-battery-type = "suspend";
};

337
home/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
lib,
...
{ pkgs
, lib
, ...
}:
let
useFeatures = [
@ -10,34 +9,14 @@ let
"direnv"
"git"
"gpg"
#"gtk"
#"keyring"
"gtk"
"keyring"
"syncthing"
"tmux"
"xdg"
"zsh"
"helix"
];
colors = {
background = "fdf6e3";
foreground = "657b83";
regular0 = "eee8d5"; # background darker
regular1 = "dc322f"; # red
regular2 = "859900"; # green
regular3 = "b58900"; # dark orange
regular4 = "268bd2"; # azure blue
regular5 = "d33682"; # hot pink
regular6 = "2aa198"; # petrol
regular7 = "073642"; # navy
bright0 = "cb4b16"; # orange
bright1 = "fdf6e3"; # foreground
bright2 = "93a1a1"; # grey
bright3 = "839496"; # slightly darker grey
bright4 = "657b83"; # even slightly darker grey
bright5 = "6c71c4"; # purple
bright6 = "586e75"; # pretty dark grey
bright7 = "002b36"; # dark navy blue
};
in
{
imports = [
@ -49,9 +28,7 @@ in
programs.gpg.settings.default-key = "99658A3EB5CD7C13";
dadada.home =
lib.attrsets.genAttrs useFeatures (useFeatures: {
enable = true;
})
lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; })
// {
session = {
enable = true;
@ -79,9 +56,7 @@ in
Restart = "always";
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
};
programs.offlineimap.enable = false;
@ -136,304 +111,6 @@ in
Install.WantedBy = [ "multi-user.target" ];
};
systemd.user.timers."backup-keepassxc-ninurta" = {
Unit.Description = "Backup password DB to ninurta";
Timer = {
OnBootSec = "15min";
OnUnitActiveSec = "1d";
};
Install.WantedBy = [ "timers.target" ];
};
systemd.user.services."backup-keepassxc-ninurta" = {
Unit.Description = "Backup password DB to ninurta";
Unit.Type = "oneshot";
Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/storage/backups/backup-keepassxc/Personal.kdbx";
Install.WantedBy = [ "multi-user.target" ];
};
programs.foot = {
enable = true;
server.enable = false;
settings = {
inherit colors;
main = {
shell = "tmux";
font = "Jetbrains Mono:size=8";
dpi-aware = false;
};
mouse.hide-when-typing = true;
csd.preferred = "none";
cursor.color = "fdf6e3 586e75";
bell = {
urgent = true;
visual = false;
};
};
};
home.file.".config/sway/config".text = with colors; ''
# Read `man 5 sway` for a complete reference.
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# Home row direction keys, like vim
set $left h
set $down j
set $up k
set $right l
# Your preferred terminal emulator
set $term foot
# Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on.
set $menu fuzzel
set $wallpaper "~/lib/pictures/wallpaper.jpg"
### Idle configuration
#
# Example configuration:
#
exec swayidle -w \
timeout 300 'swaylock -f -i $wallpaper -s fill' \
timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \
before-sleep 'swaylock -f -i $wallpaper -s fill'
#
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on when
# resumed. It will also lock your screen before your computer goes to sleep.
input * {
xkb_layout eu
xkb_model pc105+inet
xkb_options caps:escape
drag_lock enabled
drag enabled
dwt enabled
tap enabled
tap_button_map lrm
natural_scroll enabled
}
### Key bindings
#
# Basics:
#
# Start a terminal
bindsym $mod+Return exec $term
# Kill focused window
bindsym $mod+Shift+q kill
# Start your launcher
bindsym $mod+d exec $menu
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# Lock the screen
bindsym XF86Sleep exec 'swaylock -f -c ${background}'
bindsym $mod+End exec 'swaylock -f -c ${background}'
# Reload the configuration file
bindsym $mod+Shift+c reload
# Exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
# Brightness
bindsym --locked XF86MonBrightnessDown exec light -U 10
bindsym --locked XF86MonBrightnessUp exec light -A 10
# Volume
bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%'
bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%'
bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle'
#
# Moving around:
#
# Move your focus around
bindsym $mod+$left focus left
bindsym $mod+$down focus down
bindsym $mod+$up focus up
bindsym $mod+$right focus right
# Or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# Ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# Switch to workspace
bindsym $mod+1 workspace number 1
bindsym $mod+2 workspace number 2
bindsym $mod+3 workspace number 3
bindsym $mod+4 workspace number 4
bindsym $mod+5 workspace number 5
bindsym $mod+6 workspace number 6
bindsym $mod+7 workspace number 7
bindsym $mod+8 workspace number 8
bindsym $mod+9 workspace number 9
bindsym $mod+0 workspace number 10
# Move focused container to workspace
bindsym $mod+Shift+1 move container to workspace number 1
bindsym $mod+Shift+2 move container to workspace number 2
bindsym $mod+Shift+3 move container to workspace number 3
bindsym $mod+Shift+4 move container to workspace number 4
bindsym $mod+Shift+5 move container to workspace number 5
bindsym $mod+Shift+6 move container to workspace number 6
bindsym $mod+Shift+7 move container to workspace number 7
bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 10
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
#
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+b splith
bindsym $mod+v splitv
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle
# Move focus to the parent container
bindsym $mod+a focus parent
#
# Font
#
font "pango:Jetbrains Mono 8"
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# Ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# Return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
#
# Status Bar:
#
# Read `man 5 sway-bar` for more information about this section.
bar {
position bottom
# When the status_command prints a new line to stdout, swaybar updates.
# The default just shows the current date and time.
status_command ~/.config/sway/status
colors {
statusline ${foreground}
background ${background}
inactive_workspace ${background}ee ${background}ee ${foreground}ee
}
}
# Gaps between multiple tiling windows
gaps inner 10
smart_gaps on
bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3
# class border backgr. text indicator child_border
client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4}
client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0}
client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0}
client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0}
client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2}
client.background #${foreground}
include /etc/sway/config.d/*
exec sleep 5; systemctl --user restart kanshi.service
exec sleep 5; swaymsg output '*' bg $wallpaper fill
'';
home.file.".config/sway/status".source = ./status;
home.file.".config/kanshi/config".text = ''
profile Laptop {
output eDP-1 enable
}
profile Docked {
output eDP-1 disable
output "LG Electronics LG HDR 4K 0x000354D1" {
enable
scale 1.4
position 0,0
}
}
'';
#services.poweralertd.enable = true;
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;

1
home/modules/alacritty/default.nix
View file

@ -11,6 +11,7 @@ in
enable = mkEnableOption "Enable alacritty config";
};
config = mkIf cfg.enable {
fonts.fontconfig.enable = true;
home.packages = [
pkgs.jetbrains-mono
];

4
home/modules/git.nix
View file

@ -9,7 +9,6 @@ with lib; let
name = "allowed-signers";
text = ''
dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
'';
};
in
@ -28,13 +27,12 @@ in
gpg = {
format = "ssh";
ssh.allowedSignersFile = "${allowedSigners}";
ssh.program = "ssh-keygen";
};
tag.gpgSign = true;
user = {
email = "dadada@dadada.li";
name = "Tim Schubert";
signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>";
};
core = {
whitespace = {

1
home/modules/gpg.nix
View file

@ -27,6 +27,7 @@ in
enable = true;
defaultCacheTtl = 1800;
enableSshSupport = false;
pinentryFlavor = "gnome3";
};
};
}

2
home/modules/helix/config/languages.toml
View file

@ -1,5 +1,5 @@
[language-server.rust-analyzer]
config = { rust-analyzer = { checkOnSave = { command = "clippy" }, procMacro.enable = true } }
config = { rust-analyzer = { checkOnSave = { command = "clippy" } } }
[language-server.nixd]
command = "nixd"

5
home/modules/xdg.nix
View file

@ -29,25 +29,24 @@ in
config = mkIf cfg.enable {
xdg = {
enable = true;
configHome = "${config.home.homeDirectory}/.config";
mimeApps = {
enable = false;
associations.added = apps;
defaultApplications = apps;
};
userDirs = {
desktop = "\$HOME/.desktop";
download = "\$HOME/tmp";
music = "\$HOME/lib/music";
videos = "\$HOME/lib/videos";
pictures = "\$HOME/lib/pictures";
documents = "\$HOME/lib";
desktop = "$HOME/tmp";
};
};
home.packages = with pkgs; [
evince
firefox
xdg-utils
xdg_utils
];
};
}

9
home/modules/zsh.nix
View file

@ -14,9 +14,9 @@ in
programs.fzf.enableZshIntegration = true;
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
enableVteIntegration = true;
autosuggestion.enable = true;
autocd = true;
sessionVariables = {
EDITOR = "hx";
@ -26,9 +26,7 @@ in
ignoreDups = true;
ignoreSpace = true;
save = 100000;
# FIXME https://github.com/junegunn/fzf/issues/4061
#share = true;
share = false;
share = true;
};
plugins = [
];
@ -42,8 +40,9 @@ in
preexec() { echo -n -e "\033]0;$1\007" }
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"> "
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f "
RPROMPT='$(git_super_status)'
#NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh"
'';
profileExtra = ''
'';

30
home/pkgs.nix
View file

@ -14,21 +14,19 @@ with pkgs; [
bluez-tools
btop # htop
choose # alternative to cut and awk with more readable syntax
chromium
colordiff
darcs
delta # feature-rich diff viewer
dig
direnv
dstat
duf # disk usage
dune3d
dyff # diff tool for YAML
element-desktop
evince
evolution
ffmpeg
file
fuzzel
fx # themable json viewer
fzf
fzf
@ -38,6 +36,7 @@ with pkgs; [
gimp
glow
glow # render markdown
gnome.gnome-tweaks
gnumake
gnupg
gping # ping with graphs
@ -62,11 +61,13 @@ with pkgs; [
jameica
jc # convert output to json
josm
jujutsu
jq
kanshi
jq
#jupyter
kcachegrind
keepassxc
kubetail
krita
ldns
liboping # oping, ping multiple hosts at once
libreoffice
@ -79,11 +80,8 @@ with pkgs; [
mpv
mtr
mumble
nix-output-monitor
ncurses
newsflash
nixd
nixfmt-rfc-style
nfs-utils
niv
nix-index
@ -100,25 +98,28 @@ with pkgs; [
pass
pavucontrol
picocom
pinentry-gnome
playerctl
procs # ps in rust
prusa-slicer
pv
pwgen
(python3.withPackages (pkgs: [pkgs.pandas pkgs.requests]))
python3
python38Packages.dateutil
python38Packages.managesieve
ranger
recipemd
reptyr
ripgrep
ripgrep
rustup
saleae-logic-2
sd # search and displace like sed but with better syntax
sieveshell
signal-desktop
silver-searcher
skim # fzf in Rust
slurp
socat
solvespace
spotify
sqlite
sshfs-fuse
@ -130,17 +131,16 @@ with pkgs; [
ttyd
unzip
usbutils
vegur
virt-manager
viu # view images from the terminal
vscodium
whois
wireshark
xdg-utils
xdg_utils
xmlstarlet
unixtools.xxd
xsv # cut for csv
xxh # portable shells
yt-dlp
youtube-dl
# zotero Marked as insecure
zeal
zk

138
home/status
View file

@ -1,138 +0,0 @@
#!/usr/bin/env python3
import json
import sys
import time
import requests
import logging
import subprocess
from datetime import datetime
logger = logging.getLogger(__name__)
class Status:
def status(self):
return None
class Cat(Status):
index = 0
def status(self):
cat_width = 200
index = self.index
catwalk = "🐈🏳️‍🌈" + " " * index
self.index = (index + 1) % cat_width
return {"full_text": catwalk}
class Space(Status):
backoff = 0
c_status = None
def status(self):
backoff = self.backoff
if self.backoff == 0:
self.update()
return {"full_text": self.c_status}
def update(self):
spacestatus_url = "https://status.stratum0.org/status.json"
resp = requests.get(url=spacestatus_url)
self.backoff = (self.backoff + 1) % 120
data = resp.json()
if data["isOpen"]:
since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M")
spacestatus = f"Space is open since {since}"
else:
spacestatus = "Space is closed"
self.c_status = spacestatus
class Battery(Status):
capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r')
status_file = open('/sys/class/power_supply/BAT0/status', 'r')
def status(self):
self.status_file.seek(0)
status = self.status_file.read().rstrip()
self.capacity_file.seek(0)
capacity = self.capacity_file.read().rstrip()
battery = f"{status} {capacity}%"
return {"full_text": battery}
class Time(Status):
def status(self):
now = datetime.now()
match now.isocalendar().week % 10:
case 1:
th = "st"
case 2:
th = "nd"
case 3:
th = "rd"
case _:
th = "th"
return {"full_text": now.strftime(f"%V{th} %A %H:%M") }
class FailedUnits(Status):
def status(self):
proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True)
stdout = proc.stdout.decode('utf-8')
failed = 0
for line in stdout:
if 'failed' in line:
failed += 1
if failed == 0:
return {"full_text": f"No failed units"}
else:
return {"full_text": f"There are {failed} failed units", "color": "#ff0000"}
def print_header():
header = {
"version": 1,
"click_events": False,
}
print(json.dumps(header))
print("[")
def run(interval, widgets):
print_header()
while True:
body = []
for widget in widgets:
try:
status = widget.status()
except Exception as e:
logger.error(e)
if status:
body += status,
print(json.dumps(body), ",", flush=True)
ts = interval - (time.time() % interval)
time.sleep(ts)
if __name__ == "__main__":
logging.basicConfig(level=logging.INFO)
# Interval in seconds
interval = 1.0
widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()]
run(interval, widgets)

62
nixos/configurations.nix
View file

@ -1,57 +1,37 @@
{
self,
agenix,
home-manager,
homepage,
nixos-hardware,
nixos-generators,
nixpkgs,
nixpkgs-small,
...
{ self
, agenix
, nixpkgs
, home-manager
, homepage
, nixos-hardware
, nixos-generators
, ...
}@inputs:
let
nixosSystem =
{
nixpkgs,
system ? "x86_64-linux",
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
{
modules = [{
# Add flakes to registry and nix path.
dadada.inputs = inputs // { dadada = self; };
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
}
]
++ (nixpkgs.lib.attrValues self.nixosModules)
++ [ agenix.nixosModules.age ]
++ extraModules;
}] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules;
};
in
{
gorgon =
let
gorgon = nixosSystem rec {
system = "x86_64-linux";
in
nixosSystem {
inherit nixpkgs system;
extraModules = [
{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
dadada.pkgs = self.packages.${system};
dadada.inputs = inputs // {
dadada = self;
};
}
nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
home-manager.nixosModules.home-manager
(
{ pkgs, lib, ... }:
({ pkgs, lib, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
@ -60,14 +40,12 @@ in
{ manual.manpages.enable = false; }
];
home-manager.users.dadada = import ../home;
}
)
})
./gorgon/configuration.nix
];
};
surgat = nixosSystem {
nixpkgs = nixpkgs-small;
system = "x86_64-linux";
extraModules = [
{
@ -79,17 +57,12 @@ in
};
agares = nixosSystem {
nixpkgs = nixpkgs-small;
extraModules = [
./agares/configuration.nix
];
};
installer =
let
nixpkgs = nixpkgs-small;
in
nixpkgs.lib.nixosSystem {
installer = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-generators.nixosModules.install-iso
@ -110,7 +83,6 @@ in
};
ninurta = nixosSystem {
nixpkgs = nixpkgs-small;
extraModules = [
./ninurta/configuration.nix
];

113
nixos/gorgon/configuration.nix
View file

@ -34,8 +34,6 @@ in
./hardware-configuration.nix
];
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = true;
dadada.backupClient.backup2 = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
@ -43,10 +41,6 @@ in
repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
};
nixpkgs.config.android_sdk.accept_license = true;
programs.ssh.startAgent = true;
nix.extraOptions = ''
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
@ -56,7 +50,6 @@ in
boot = {
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
kernelParams = [ "resume=/dev/disk/by-label/swap" ];
initrd = {
systemd.enable = true;
@ -130,27 +123,10 @@ in
];
};
hardware.printers.ensurePrinters = [{
name = "Brother_HL-L2300D";
model = "everywhere";
location = "BS";
deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D";
}];
environment.systemPackages = with pkgs; [
android-studio
chromium
ghostscript
smartmontools
dmenu
grim # screenshot functionality
slurp # screenshot functionality
#mako # notification system developed by swaywm maintainer
pulseaudio
# KDE apps
kdePackages.kmail
kdePackages.kmail-account-wizard
];
networking.firewall = {
@ -166,16 +142,7 @@ in
systemd.services.modem-manager.enable = lib.mkForce false;
systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
systemd.sleep.extraConfig = ''
HibernateDelaySec=1h
'';
services.udev.packages = [
xilinxJtag
saleaeLogic
keychron
pkgs.libsigrok
]; #noMtpUdevRules ];
services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ];
virtualisation.libvirtd.enable = true;
@ -196,44 +163,37 @@ in
"127.0.0.2" = [ "kanboard.dadada.li" ];
};
services.gnome.gnome-keyring.enable = lib.mkForce false;
programs.gnupg.agent.enable = true;
# https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
systemd.timers.wg-reresolve-dns = {
wantedBy = [ "timers.target" ];
partOf = [ "wg-reresolve-dns.service" ];
timerConfig.OnCalendar = "hourly";
};
# KDE
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true;
displayManager.sddm.wayland.enable = true;
systemd.services.wg-reresolve-dns =
let
vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
in
{
serviceConfig.Type = "oneshot";
script = ''
${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48
'';
};
services.greetd = {
enable = false;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
systemd.user.services.kanshi = {
enable = false;
description = "kanshi daemon";
environment = {
WAYLAND_DISPLAY = "wayland-1";
DISPLAY = ":0";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.kanshi}/bin/kanshi'';
};
};
# enable Sway window manager
programs.sway = {
enable = false;
wrapperFeatures.gtk = true;
};
programs.light.enable = true;
xdg.portal.wlr.enable = false;
hardware.bluetooth.enable = true;
#networking.wg-quick.interfaces.mullvad = {
# address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ];
# privateKeyFile = "/var/lib/wireguard/mullvad";
# peers = [
# {
# publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k=";
# allowedIPs = [ "0.0.0.0/0" "::0/0" ];
# endpoint = "193.27.14.66:51820";
# persistentKeepalive = 25;
# }
# ];
# postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main";
#};
hardware.opengl = {
enable = true;
@ -243,16 +203,5 @@ in
];
};
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "schedutil";
powerUpCommands = ''
echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold
echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold
'';
};
services.tlp.enable = false;
system.stateVersion = "23.11";
}

2
nixos/modules/backup.nix
View file

@ -156,7 +156,7 @@ in
};
};
services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable {
services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}";

3
nixos/modules/ddns.nix
View file

@ -42,8 +42,7 @@ with lib; let
curl_url=$(url "$user" "$password" ${domain})
${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} || true
${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"}
${pkgs.curl}/bin/curl -6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"}
'';
}));
};

30
nixos/modules/default.nix
View file

@ -1,8 +1,22 @@
{ lib, ... }:
with lib; let
modules' = dir: filterAttrs (name: type: (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))))
(builtins.readDir dir);
modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}")))
(modules' dir);
in
(modules ./.)
{
admin = import ./admin.nix;
backup = import ./backup.nix;
borgServer = import ./borg-server.nix;
ddns = import ./ddns.nix;
element = import ./element.nix;
fileShare = import ./fileShare.nix;
gitea = import ./gitea.nix;
headphones = import ./headphones.nix;
homepage = import ./homepage.nix;
miniflux = import ./miniflux.nix;
inputs = import ./inputs.nix;
nixpkgs = import ./nixpkgs.nix;
packages = import ./packages.nix;
secrets = import ./secrets.nix;
share = import ./share.nix;
steam = import ./steam.nix;
sway = import ./sway.nix;
vpnServer = import ./vpnServer.nix;
weechat = import ./weechat.nix;
yubikey = import ./yubikey.nix;
}

44
nixos/modules/gitea.nix
View file

@ -4,27 +4,21 @@
, ...
}:
let
cfg = config.dadada.forgejo;
cfg = config.dadada.gitea;
in
{
options.dadada.forgejo = {
enable = lib.mkEnableOption "Enable forgejo";
options.dadada.gitea = {
enable = lib.mkEnableOption "Enable gitea";
};
config = lib.mkIf cfg.enable {
services.forgejo = {
services.gitea = {
enable = true;
user = "gitea";
group = "gitea";
stateDir = "/var/lib/gitea";
appName = "dadada Gitea";
database = {
type = "postgres";
name = "gitea";
user = "gitea";
};
settings = {
DEFAULT.APP_NAME = "dadada forgejo";
service = {
DISABLE_REGISTRATION = true;
};
@ -37,11 +31,6 @@ in
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
DISABLE_SSH = false;
# Use built-in SSH server
START_SSH_SERVER = true;
SSH_PORT = 22;
DOMAIN = "git.dadada.li";
};
picture = {
@ -61,41 +50,26 @@ in
cache = {
ENABLE = true;
ADAPTER = "redis";
HOST = "network=unix,addr=${config.services.redis.servers.forgejo.unixSocket},db=0,pool_size=100,idle_timeout=180";
HOST = "network=unix,addr=${config.services.redis.servers.gitea.unixSocket},db=0,pool_size=100,idle_timeout=180";
};
};
};
services.redis = {
servers.forgejo = {
servers.gitea = {
enable = true;
user = config.services.forgejo.user;
user = config.services.gitea.user;
};
vmOverCommit = true;
};
systemd.services.forgejo.serviceConfig = {
AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE";
PrivateUsers = lib.mkForce false;
};
services.nginx.virtualHosts."git.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://unix:/run/forgejo/forgejo.sock:/;
proxy_pass http://unix:/run/gitea/gitea.sock:/;
'';
};
users.users.gitea = {
home = "/var/lib/gitea";
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
};
users.groups.gitea = { };
};
}

2
nixos/modules/profiles/backup.nix
View file

@ -4,7 +4,7 @@ let
in
{
dadada.backupClient.bs = {
enable = lib.mkDefault false;
enable = lib.mkDefault true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};

32
nixos/modules/profiles/base.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
let
mkDefault = lib.mkDefault;
inputs = config.dadada.inputs;
@ -8,24 +8,17 @@ in
./upgrade-pg-cluster.nix
];
boot.tmp.useTmpfs = true;
boot.tmp.tmpfsSize = "50%";
i18n.defaultLocale = mkDefault "en_US.UTF-8";
console = mkDefault {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n.supportedLocales = mkDefault [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
];
time.timeZone = mkDefault "Europe/Berlin";
nix.package = pkgs.lix;
nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs;
nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs;
nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json";
nix.settings.substituters = [ https://cache.nixos.org/ ];
@ -48,6 +41,18 @@ in
experimental-features = nix-command flakes
'';
programs.zsh = mkDefault {
enable = true;
autosuggestions.enable = true;
enableCompletion = true;
histSize = 100000;
vteIntegration = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "pattern" "root" "line" ];
};
};
networking.networkmanager.dns = mkDefault "systemd-resolved";
networking.hosts = {
@ -58,10 +63,5 @@ in
enable = mkDefault true;
fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ];
};
programs.zsh.enable = mkDefault true;
# Avoid some bots
services.openssh.ports = [ 2222 ];
}

17
nixos/modules/profiles/cloud.nix
View file

@ -5,19 +5,11 @@ let
in
{
boot.initrd.availableKernelModules = [ "virtio-pci" ];
boot.kernelParams = [
# Wait forever for the filesystem root to show up
"rootflags=x-systemd.device-timeout=0"
# Wait forever to enter the LUKS passphrase via SSH
"rd.luks.options=timeout=0"
];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2223;
port = 22;
hostKeys = [
config.age.secrets."${initrdHostKey}".path
];
@ -35,13 +27,8 @@ in
'';
};
assertions = lib.singleton {
assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true;
message = "Refusing to store private keys in store";
};
age.secrets."${initrdHostKey}" = {
file = "${secretsPath}/initrd-${initrdHostKey}.age";
file = "${secretsPath}/${initrdHostKey}.age";
mode = "600";
path = "/etc/initrd/${initrdHostKey}";
symlink = false;

16
nixos/modules/profiles/laptop.nix
View file

@ -1,9 +1,9 @@
{ config
, pkgs
, lib
, ...
}:
let
inputs = config.dadada.inputs;
secretsPath = config.dadada.secrets.path;
in
with lib; {
@ -15,15 +15,15 @@ with lib; {
networking.domain = mkDefault "dadada.li";
services.fwupd.enable = mkDefault true;
programs.ssh.startAgent = true;
programs.ssh.enableAskPassword = true;
programs.nix-ld.enable = true;
nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs;
nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs);
nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json";
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
fonts.packages = mkDefault (with pkgs; [
source-code-pro
]);
users.mutableUsers = mkDefault true;
# Use the systemd-boot EFI boot loader.
@ -37,6 +37,10 @@ with lib; {
networking.networkmanager.enable = mkDefault true;
networking.firewall.enable = mkDefault true;
services.xserver.enable = mkDefault true;
services.xserver.displayManager.gdm.enable = mkDefault true;
services.xserver.desktopManager.gnome.enable = mkDefault true;
xdg.mime.enable = mkDefault true;
security.rtkit.enable = true;

5
nixos/modules/profiles/server.nix
View file

@ -16,16 +16,13 @@ with lib; {
documentation.enable = mkDefault false;
documentation.nixos.enable = mkDefault false;
services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { });
services.journald.extraConfig = ''
SystemKeepFree = 2G
MaxRetentionSec = 100days
'';
system.autoUpgrade = {
enable = true;
flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}";
flake = "github:dadada/nix-config#${config.networking.hostName}";
allowReboot = mkDefault false;
randomizedDelaySec = "45min";
};

40
nixos/modules/sway.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
let
cfg = config.dadada.sway;
in
{
options = {
dadada.sway.enable = lib.mkEnableOption "Enable sway";
};
config = lib.mkIf cfg.enable {
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
wrapperFeatures.base = true;
extraPackages = with pkgs; [
qt5.qtwayland
swayidle
xwayland
mako
kanshi
kitty
i3status
bemenu
xss-lock
swaylock
brightnessctl
playerctl
];
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
# needs qt5.qtwayland in systemPackages
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
# Fix for some Java AWT applications (e.g. Android Studio),
# use this if they aren't displayed properly:
export _JAVA_AWT_WM_NONREPARENTING=1
'';
};
};
}

2
nixos/modules/weechat.nix
View file

@ -34,7 +34,7 @@ in
};
};
services.nginx.virtualHosts."weechat.dadada.li" = {
enableACME = true;
useACMEHost = "webchat.dadada.li";
forceSSL = true;
root = "${pkgs.nginx}/html";

3
nixos/modules/yubikey.nix
View file

@ -45,7 +45,8 @@ in
#linuxPackages.acpi_call
pam_u2f
pamtester
yubioath-flutter
yubikey-manager
yubikey-manager-qt
];
};
}

17
nixos/modules/zsh.nix Normal file
View file

@ -0,0 +1,17 @@
{ config
, pkgs
, lib
, ...
}: {
programs.zsh = {
enable = true;
autosuggestions.enable = true;
enableCompletion = true;
histSize = 100000;
vteIntegration = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "pattern" "root" "line" ];
};
};
}

129
nixos/ninurta/configuration.nix
View file

@ -37,8 +37,6 @@ in
};
};
services.openssh.ports = [ 22 2222 ];
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = false;
@ -159,8 +157,8 @@ in
};
services.hydra = {
enable = false;
package = pkgs.hydra;
enable = true;
package = pkgs.hydra-unstable;
hydraURL = "https://hydra.dadada.li";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ ];
@ -227,28 +225,28 @@ in
SUBVOLUME = "/home";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "13";
TIMELINE_LIMIT_WEEKLY = "6";
TIMELINE_LIMIT_MONTHLY = "3";
TIMELINE_LIMIT_HOURLY = 24;
TIMELINE_LIMIT_DAILY = 13;
TIMELINE_LIMIT_WEEKLY = 6;
TIMELINE_LIMIT_MONTHLY = 3;
};
configs.var = {
SUBVOLUME = "/var";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "13";
TIMELINE_LIMIT_WEEKLY = "6";
TIMELINE_LIMIT_MONTHLY = "3";
TIMELINE_LIMIT_HOURLY = 24;
TIMELINE_LIMIT_DAILY = 13;
TIMELINE_LIMIT_WEEKLY = 6;
TIMELINE_LIMIT_MONTHLY = 3;
};
configs.storage = {
SUBVOLUME = "/mnt/storage";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "13";
TIMELINE_LIMIT_WEEKLY = "6";
TIMELINE_LIMIT_MONTHLY = "3";
TIMELINE_LIMIT_HOURLY = 24;
TIMELINE_LIMIT_DAILY = 13;
TIMELINE_LIMIT_WEEKLY = 6;
TIMELINE_LIMIT_MONTHLY = 3;
};
};
@ -273,7 +271,20 @@ in
};
"10-lan" = {
matchConfig.Name = "enp*";
bridge = [ "br0" ];
networkConfig.DHCP = "ipv4";
networkConfig.Domains = [ "bs.dadada.li" ];
networkConfig.VLAN = [ ];
networkConfig.IPv6PrivacyExtensions = false;
linkConfig.RequiredForOnline = "routable";
dhcpV4Config = {
UseDomains = true;
UseDNS = true;
UseNTP = true;
};
ipv6AcceptRAConfig = {
UseDomains = true;
UseDNS = true;
};
};
"30-wg0" = {
matchConfig.Name = "wg0";
@ -299,31 +310,8 @@ in
{ routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; }
];
};
"20-br0" = {
matchConfig.Name = "br0";
networkConfig.DHCP = "ipv4";
networkConfig.Domains = [ "bs.dadada.li" ];
networkConfig.VLAN = [ ];
networkConfig.IPv6PrivacyExtensions = false;
linkConfig.RequiredForOnline = "routable";
dhcpV4Config = {
UseDomains = true;
UseDNS = true;
UseNTP = true;
};
ipv6AcceptRAConfig = {
UseDomains = true;
UseDNS = true;
};
};
};
netdevs = {
"20-br0" = {
netdevConfig = {
Kind = "bridge";
Name = "br0";
};
};
"20-wg0" = {
netdevConfig = {
Kind = "wireguard";
@ -376,21 +364,16 @@ in
enable = true;
allowPing = true;
allowedTCPPorts = [
2222 # SSH
22 # SSH
80 # munin web
631 # Printing
];
allowedUDPPorts = [
631 # Printing
51234 # Wireguard
51235 # Wireguard
];
interfaces = {
br0.allowedTCPPorts = [
22 # SSH
80 # munin web
631 # IPP
];
br0.allowedUDPPorts = [
631 # IPP
];
uwu.allowedTCPPorts = [
softServePort
];
@ -405,6 +388,30 @@ in
networking.networkmanager.enable = false;
networking.useDHCP = false;
# Desktop things for media playback
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ];
extraGSettingsOverrides = ''
[org.gnome.desktop.screensaver]
lock-delay=uint32 30
lock-enabled=true
[org.gnome.desktop.session]
idle-delay=uint32 0
[org.gnome.settings-daemon.plugins.power]
idle-dim=false
power-button-action='interactive'
power-saver-profile-on-low-battery=false
sleep-inactive-ac-type='nothing'
sleep-inactive-battery-type='nothing'
'';
};
powerManagement = {
enable = true;
cpuFreqGovernor = "powersave";
@ -415,6 +422,15 @@ in
# Configure the disks to spin down after 10 min of inactivity.
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.udev.packages = [
(pkgs.writeTextFile {
name = "60-hdparm";
@ -428,18 +444,19 @@ in
hardware.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
firefox
spotify
mpv
smartmontools
hdparm
];
users.users."backup-keepassxc" = {
home = "/mnt/storage/backups/backup-keepassxc";
users.users."media" = {
isNormalUser = true;
description = "Backup KeepassXC database";
extraGroups = [ ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIirODQlcTJ8e9OcFuMlYlGekrUMtDpD5HhbTmuQ+jDW KeepassXC DB backup <dadada@dadada.li>"
];
description = "Media playback user";
extraGroups = [ "users" "video" ];
# allow anyone with physical access to log in
password = "media";
};
virtualisation.libvirtd.enable = true;

3
nixos/ninurta/monitoring.nix
View file

@ -19,6 +19,9 @@
[surgat]
address 10.3.3.1
[agares]
address 10.3.3.2
'';
};
services.munin-node.enable = true;

4
nixos/ninurta/printing.nix
View file

@ -19,7 +19,7 @@
services.avahi = {
enable = true;
nssmdns4 = true;
nssmdns = true;
openFirewall = true;
publish = {
enable = true;
@ -32,7 +32,7 @@
drivers = [ pkgs.brlaser ];
# Remove all state at the start of the service
stateless = true;
listenAddresses = [ "192.168.101.29:631" ];
listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ];
allowFrom = [ "from 192.168.101.0/24" ];
browsing = true;
defaultShared = true;

11
nixos/surgat/configuration.nix
View file

@ -40,9 +40,9 @@ in
};
dadada.element.enable = true;
dadada.forgejo.enable = true;
dadada.gitea.enable = true;
dadada.miniflux.enable = true;
dadada.weechat.enable = false;
dadada.weechat.enable = true;
dadada.homepage.enable = true;
dadada.share.enable = true;
dadada.backupClient = {
@ -137,8 +137,11 @@ in
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.kernelParams = [
"ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp"
swapDevices = [
{
device = "/var/swapfile";
size = 4096;
}
];
services.resolved = {

25
outputs.nix
View file

@ -1,14 +1,16 @@
# Adapted from Mic92/dotfiles
{
self,
flake-utils,
nixpkgs,
agenix,
devshell,
...
{ self
, flake-utils
, flake-registry
, homepage
, nixpkgs
, home-manager
, nixos-hardware
, agenix
, devshell
, ...
} @ inputs:
(flake-utils.lib.eachDefaultSystem (
system:
(flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
in
@ -31,15 +33,14 @@
packages = import ./pkgs { inherit pkgs; } // {
installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage;
};
}
))
}))
// {
hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
nixosConfigurations = import ./nixos/configurations.nix inputs;
nixosModules = import ./nixos/modules { lib = nixpkgs.lib; };
nixosModules = import ./nixos/modules;
overlays = import ./overlays.nix;

21
overlays.nix
View file

@ -1,2 +1,23 @@
{
kanboard = final: prev: {
kanboard = prev.kanboard.overrideAttrs (oldAttrs: {
src = prev.fetchFromGitHub {
owner = "kanboard";
repo = "kanboard";
rev = "v${oldAttrs.version}";
sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0=";
};
});
};
recipemd = final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(
python-final: python-prev: {
recipemd = python-final.callPackage ./pkgs/recipemd.nix { };
}
)
];
recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd;
};
}

58
pkgs/recipemd.nix Normal file
View file

@ -0,0 +1,58 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, pytestCheckHook
, pythonPackages
, installShellFiles
, pythonOlder
, pythonAtLeast
}:
buildPythonPackage rec {
pname = "recipemd";
version = "4.0.8";
disabled = pythonOlder "3.7" || pythonAtLeast "4";
src = fetchFromGitHub {
owner = "tstehr";
repo = "RecipeMD";
rev = "v${version}";
hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc=";
};
propagatedBuildInputs = with pythonPackages; [
dataclasses-json
yarl
CommonMark
argcomplete
pyparsing
];
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash
installShellCompletion --bash --name recipemd.bash $out/completions.bash
${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish
installShellCompletion --fish --name recipemd.fish $out/completions.fish
# The version of argcomplete in nixpkgs-stable does not have support for zsh
#${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh
#installShellCompletion --zsh --name _recipemd $out/completions.zsh
'';
checkInputs = [
pytestCheckHook
pythonPackages.pytestcov
];
doCheck = true;
meta = with lib; {
description = "Markdown recipe manager, reference implementation of RecipeMD";
homepage = "https://recipemd.org";
license = [ licenses.lgpl3Only ];
maintainers = [ maintainers.dadada ];
};
}

BIN
secrets/initrd-surgat-ssh_host_ed25519_key.age
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -21,7 +21,6 @@ in
"miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ];
"gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ];
"paperless.age".publicKeys = [ systems.gorgon dadada ];
"initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
"surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
"ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
"ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];