dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Compare commits

base: dadada:main
Branches Tags
dadada:main
dadada:dev/stolas
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1
..
compare: dadada:dev/stolas
Branches Tags
dadada:main
dadada:dev/stolas
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1

No commits in common. "main" and "dev/stolas" have entirely different histories.
main ... dev/stolas

65 changed files with 2454 additions and 595 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,4 +1,5 @@
private/ private/
home.nix
*.swp *.swp
result result
*.zip *.zip

20
checks.nix Normal file
View file

@ -0,0 +1,20 @@
{
self,
flake-utils,
nixpkgs,
...
}:
(flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
formatter = self.formatter.${system};
in
{
checks = {
format = pkgs.runCommand "check-format" {
buildInputs = [ formatter ];
} "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
};
}
)).checks

1
devshell.nix
View file

@ -6,6 +6,7 @@
packages = with pkgs; [ packages = with pkgs; [
agenix agenix
nixpkgs-fmt
nixos-rebuild nixos-rebuild
]; ];

98
flake.lock generated
View file

@ -12,11 +12,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1762618334, "lastModified": 1750173260,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6", "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -69,11 +69,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1762521437, "lastModified": 1741473158,
"narHash": "sha256-RXN+lcx4DEn3ZS+LqEJSUu/HH+dwGvy0syN7hTo/Chg=", "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "07bacc9531f5f4df6657c0a02a806443685f384a", "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -89,11 +89,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1762276996, "lastModified": 1753140376,
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,11 +204,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1762661401, "lastModified": 1753470191,
"narHash": "sha256-SVmijc8t23UMwru5f/9X1Ak5bSwvYkm0OQ5SxR7hOB0=", "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c053d701d64f0727f62e0269c7940da5805bc9bc", "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -220,11 +220,11 @@
"homepage": { "homepage": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1762696280, "lastModified": 1727338449,
"narHash": "sha256-ncxcwvRNbN/WaZzi1NjV5fgtqfw/wypRtM/y1ZoJKNg=", "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=",
"rev": "d75353b55e10775649954d789d432be61ff663bf", "rev": "60398d3d728a0057b4cad49879ef637c06b28371",
"type": "tarball", "type": "tarball",
"url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/d75353b55e10775649954d789d432be61ff663bf.tar.gz?rev=d75353b55e10775649954d789d432be61ff663bf" "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -240,9 +240,7 @@
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": [ "rust-overlay": "rust-overlay"
"rust-overlay"
]
}, },
"locked": { "locked": {
"lastModified": 1737639419, "lastModified": 1737639419,
@ -297,11 +295,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1762463231, "lastModified": 1753122741,
"narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=", "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226", "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -313,11 +311,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1762596750, "lastModified": 1753429684,
"narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -327,6 +325,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-small": {
"locked": {
"lastModified": 1753505055,
"narHash": "sha256-jQKnNATDGDeuIeUf7r0yHnmirfYkYPHeF0N2Lv8rjPE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7be0239edbf0783ff959f94f9728db414be73002",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@ -370,24 +384,6 @@
"type": "github" "type": "github"
} }
}, },
"repo-rs": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1756040506,
"narHash": "sha256-jH0uNN4pqHmIssXwWsIWlgfwdDILw4iFWRB0JUmuD/A=",
"rev": "2f5b2e0d9ecf96621971a2c13d998ceba6ea7096",
"type": "tarball",
"url": "https://git.dadada.li/api/v1/repos/dadada/repo-rs/archive/2f5b2e0d9ecf96621971a2c13d998ceba6ea7096.tar.gz?rev=2f5b2e0d9ecf96621971a2c13d998ceba6ea7096"
},
"original": {
"type": "tarball",
"url": "https://git.dadada.li/dadada/repo-rs/archive/main.tar.gz"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -401,8 +397,7 @@
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"repo-rs": "repo-rs", "nixpkgs-small": "nixpkgs-small",
"rust-overlay": "rust-overlay",
"systems": "systems_2", "systems": "systems_2",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
} }
@ -410,15 +405,16 @@
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1762655942, "lastModified": 1731897198,
"narHash": "sha256-hOM12KcQNQALrhB9w6KJmV5hPpm3GA763HRe9o7JUiI=", "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "6ac961b02d4235572692241e333d0470637f5492", "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -464,11 +460,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1762410071, "lastModified": 1753439394,
"narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", "narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "97a30861b13c3731a84e09405414398fbf3e109f", "rev": "2673921c03d6e75fdf4aa93e025772608d1482cf",
"type": "github" "type": "github"
}, },
"original": { "original": {

14
flake.nix
View file

@ -2,6 +2,7 @@
description = "dadada's nix flake"; description = "dadada's nix flake";
inputs = { inputs = {
nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";
@ -17,20 +18,13 @@
}; };
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
inputs = { inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
};
}; };
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
homepage = { homepage = {
url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz";
flake = false; flake = false;
}; };
repo-rs = {
url = "https://git.dadada.li/dadada/repo-rs/archive/main.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -53,10 +47,6 @@
url = "github:numtide/treefmt-nix"; url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { ... }@args: import ./outputs.nix args; outputs = { ... }@args: import ./outputs.nix args;

209
home/dconf.nix Normal file
View file

@ -0,0 +1,209 @@
{ lib, pkgs, ... }:
with lib.hm.gvariant;
{
home.packages = [
pkgs.adwaita-icon-theme
pkgs.adwaita-qt
];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/shell" = {
favorite-apps = [
"alacritty.desktop"
"element.desktop"
"evolution.desktop"
"firefox.desktop"
"spotify.desktop"
];
};
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = [
"system-monitor@gnome-shell-extensions.gcampax.github.com"
"switcher@landau.fi"
];
};
"org/gnome/desktop/calendar" = {
show-weekdate = true;
};
"org/gnome/desktop/input-sources" = {
current = mkUint32 0;
per-window = false;
show-all-sources = true;
sources = [
(mkTuple [
"xkb"
"eu"
])
(mkTuple [
"xkb"
"de"
])
];
xkb-options = [
"lv3:ralt_switch"
"caps:escape"
];
};
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-seconds = false;
clock-show-weekday = true;
cursor-theme = "Adwaita";
enable-animations = true;
enable-hot-corners = false;
font-antialiasing = "grayscale";
font-hinting = "slight";
font-name = "Cantarell 10";
gtk-enable-primary-paste = false;
gtk-key-theme = "Emacs";
gtk-theme = "Adwaita";
color-scheme = "prefer-light";
icon-theme = "Adwaita";
locate-pointer = false;
monospace-font-name = "JetBrains Mono 10";
show-battery-percentage = false;
#text-scaling-factor = 1.0;
toolkit-accessibility = false;
};
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = false;
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "default";
natural-scroll = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
send-events = "enabled";
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/desktop/privacy" = {
disable-microphone = false;
old-files-age = mkUint32 30;
recent-files-max-age = -1;
report-technical-problems = false;
};
"org/gnome/desktop/screensaver" = {
color-shading-type = "solid";
lock-delay = mkUint32 30;
lock-enabled = true;
};
"org/gnome/desktop/session" = {
idle-delay = mkUint32 0;
};
"org/gnome/desktop/sound" = {
event-sounds = false;
theme-name = "__custom";
};
"org/gnome/evince/default" = {
continuous = true;
dual-page = false;
dual-page-odd-left = false;
enable-spellchecking = true;
fullscreen = false;
inverted-colors = false;
show-sidebar = false;
sidebar-page = "links";
sidebar-size = 132;
sizing-mode = "free";
};
"org/gnome/evolution/calendar" = {
editor-show-timezone = true;
use-24hour-format = true;
week-start-day-name = "monday";
work-day-friday = true;
work-day-monday = true;
work-day-saturday = false;
work-day-sunday = false;
work-day-thursday = true;
work-day-tuesday = true;
work-day-wednesday = true;
};
"org/gnome/evolution/mail" = {
browser-close-on-reply-policy = "always";
composer-attribution-language = "de_DE";
composer-reply-start-bottom = false;
composer-signature-in-new-only = true;
composer-spell-languages = [
"de"
"en_US"
];
composer-top-signature = false;
composer-unicode-smileys = false;
composer-visually-wrap-long-lines = true;
composer-wrap-quoted-text-in-replies = false;
forward-style = 0;
forward-style-name = "attached";
headers-collapsed = false;
image-loading-policy = "never";
junk-check-custom-header = true;
junk-check-incoming = true;
junk-empty-on-exit-days = 0;
junk-lookup-addressbook = false;
notify-remote-content = true;
prompt-check-if-default-mailer = false;
prompt-on-composer-mode-switch = true;
prompt-on-empty-subject = true;
prompt-on-expunge = true;
prompt-on-mark-all-read = false;
prompt-on-mark-as-junk = true;
prompt-on-reply-close-browser = "always";
prompt-on-unwanted-html = true;
reply-style = 0;
reply-style-name = "quoted";
search-gravatar-for-photo = false;
};
"org/gnome/evolution/plugin/prefer-plain" = {
mode = "only_plain";
show-suppressed = true;
};
"org/gnome/gnome-screenshot" = {
border-effect = "none";
delay = 0;
include-border = true;
include-pointer = false;
last-save-directory = "file:///home/dadada/lib/pictures/Screenshots";
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
center-new-windows = true;
dynamic-workspaces = true;
edge-tiling = true;
experimental-features = [ ];
focus-change-on-pointer-rest = true;
overlay-key = "Super_L";
workspaces-only-on-primary = true;
};
"org/gnome/settings-daemon/plugins/power" = {
idle-dim = true;
power-button-action = "interactive";
power-saver-profile-on-low-battery = true;
sleep-inactive-ac-type = "blank";
sleep-inactive-battery-timeout = 600;
sleep-inactive-battery-type = "suspend";
};
"org/gnome/system/location" = {
enabled = false;
};
};
}

385
home/default.nix
View file

@ -1,9 +1,24 @@
{ {
pkgs, pkgs,
lib,
... ...
}: }:
let let
colors_light = { useFeatures = [
"alacritty"
#"emacs"
"direnv"
"git"
"gpg"
#"gtk"
#"keyring"
"syncthing"
"tmux"
"xdg"
"zsh"
"helix"
];
colors = {
background = "fdf6e3"; background = "fdf6e3";
foreground = "657b83"; foreground = "657b83";
regular0 = "eee8d5"; # background darker regular0 = "eee8d5"; # background darker
@ -23,64 +38,31 @@ let
bright6 = "586e75"; # pretty dark grey bright6 = "586e75"; # pretty dark grey
bright7 = "002b36"; # dark navy blue bright7 = "002b36"; # dark navy blue
}; };
colors_dark = {
cursor = "002b36 93a1a1";
background = "002b36";
foreground = "839496";
regular0 = "073642";
regular1 = "dc322f";
regular2 = "859900";
regular3 = "b58900";
regular4 = "268bd2";
regular5 = "d33682";
regular6 = "2aa198";
regular7 = "eee8d5";
bright0 = "002b36";
bright1 = "cb4b16";
bright2 = "586e75";
bright3 = "657b83";
bright4 = "839496";
bright5 = "6c71c4";
bright6 = "93a1a1";
bright7 = "fdf6e3";
selection-foreground = "93a1a1";
selection-background = "073642";
};
in in
{ {
imports = [ imports = [
./git.nix ./dconf.nix
./helix
./tmux.nix
./xdg.nix
./zsh.nix
]; ];
home.stateVersion = "20.09"; home.stateVersion = "20.09";
home.sessionVariables = { programs.gpg.settings.default-key = "99658A3EB5CD7C13";
dadada.home =
lib.attrsets.genAttrs useFeatures (useFeatures: {
enable = true;
})
// {
session = {
enable = true;
sessionVars = {
EDITOR = "hx"; EDITOR = "hx";
PAGER = "less"; PAGER = "less";
}; MAILDIR = "\$HOME/.var/mail";
MBLAZE = "\$HOME/.config/mblaze";
programs.gpg = { NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config";
enable = true;
settings = {
default-key = "99658A3EB5CD7C13";
fixed-list-mode = true;
keyid-format = "0xlong";
verify-options = "show-uid-validity";
list-options = "show-uid-validity";
cert-digest-algo = "SHA256";
use-agent = true;
keyserver = "hkps://keys.openpgp.org";
}; };
}; };
services.gpg-agent = {
enable = true;
defaultCacheTtl = 1800;
enableSshSupport = false;
}; };
# Languagetool server for web extension # Languagetool server for web extension
@ -102,6 +84,42 @@ in
}; };
}; };
programs.offlineimap.enable = false;
xdg.configFile."offlineimap/config".text = ''
[general]
accounts = tu-bs,mailbox
[Account tu-bs]
localrepository = tu-bs-local
remoterepository = tu-bs-remote
[Repository tu-bs-local]
type = Maildir
localfolders = ~/lib/backup/y0067212@tu-bs.de
[Repository tu-bs-remote]
type = IMAP
remotehost = mail.tu-braunschweig.de
remoteuser = y0067212
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
[Account mailbox]
localrepository = mailbox-local
remoterepository = mailbox-remote
[Repository mailbox-local]
type = Maildir
localfolders = ~/lib/backup/mailbox.org
[Repository mailbox-remote]
type = IMAP
remotehost = imap.mailbox.org
remoteuser = dadada@dadada.li
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
'';
home.file.".jjconfig.toml".source = ./jjconfig.toml;
systemd.user.timers."backup-keepassxc" = { systemd.user.timers."backup-keepassxc" = {
Unit.Description = "Backup password DB"; Unit.Description = "Backup password DB";
Timer = { Timer = {
@ -138,13 +156,14 @@ in
enable = true; enable = true;
server.enable = false; server.enable = false;
settings = { settings = {
colors = colors_dark; inherit colors;
main = { main = {
shell = "tmux"; shell = "tmux";
font = "Jetbrains Mono:size=8";
dpi-aware = false; dpi-aware = false;
}; };
mouse.hide-when-typing = true; mouse.hide-when-typing = true;
csd.preferred = "server"; csd.preferred = "none";
cursor.color = "fdf6e3 586e75"; cursor.color = "fdf6e3 586e75";
bell = { bell = {
urgent = true; urgent = true;
@ -153,13 +172,267 @@ in
}; };
}; };
services.syncthing.enable = true; home.file.".config/sway/config".text = with colors; ''
# Read `man 5 sway` for a complete reference.
programs.direnv = { ### Variables
enable = true; #
enableZshIntegration = true; # Logo key. Use Mod1 for Alt.
nix-direnv.enable = true; set $mod Mod4
}; # Home row direction keys, like vim
set $left h
set $down j
set $up k
set $right l
# Your preferred terminal emulator
set $term foot
# Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on.
set $menu fuzzel
set $wallpaper "~/lib/pictures/wallpaper.jpg"
### Idle configuration
#
# Example configuration:
#
exec swayidle -w \
timeout 300 'swaylock -f -i $wallpaper -s fill' \
timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \
before-sleep 'swaylock -f -i $wallpaper -s fill'
#
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on when
# resumed. It will also lock your screen before your computer goes to sleep.
input * {
xkb_layout eu
xkb_model pc105+inet
xkb_options caps:escape
drag_lock enabled
drag enabled
dwt enabled
tap enabled
tap_button_map lrm
natural_scroll enabled
}
### Key bindings
#
# Basics:
#
# Start a terminal
bindsym $mod+Return exec $term
# Kill focused window
bindsym $mod+Shift+q kill
# Start your launcher
bindsym $mod+d exec $menu
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# Lock the screen
bindsym XF86Sleep exec 'swaylock -f -c ${background}'
bindsym $mod+End exec 'swaylock -f -c ${background}'
# Reload the configuration file
bindsym $mod+Shift+c reload
# Exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
# Brightness
bindsym --locked XF86MonBrightnessDown exec light -U 10
bindsym --locked XF86MonBrightnessUp exec light -A 10
# Volume
bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%'
bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%'
bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle'
#
# Moving around:
#
# Move your focus around
bindsym $mod+$left focus left
bindsym $mod+$down focus down
bindsym $mod+$up focus up
bindsym $mod+$right focus right
# Or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# Ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# Switch to workspace
bindsym $mod+1 workspace number 1
bindsym $mod+2 workspace number 2
bindsym $mod+3 workspace number 3
bindsym $mod+4 workspace number 4
bindsym $mod+5 workspace number 5
bindsym $mod+6 workspace number 6
bindsym $mod+7 workspace number 7
bindsym $mod+8 workspace number 8
bindsym $mod+9 workspace number 9
bindsym $mod+0 workspace number 10
# Move focused container to workspace
bindsym $mod+Shift+1 move container to workspace number 1
bindsym $mod+Shift+2 move container to workspace number 2
bindsym $mod+Shift+3 move container to workspace number 3
bindsym $mod+Shift+4 move container to workspace number 4
bindsym $mod+Shift+5 move container to workspace number 5
bindsym $mod+Shift+6 move container to workspace number 6
bindsym $mod+Shift+7 move container to workspace number 7
bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 10
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
#
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+b splith
bindsym $mod+v splitv
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle
# Move focus to the parent container
bindsym $mod+a focus parent
#
# Font
#
font "pango:Jetbrains Mono 8"
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# Ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# Return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
#
# Status Bar:
#
# Read `man 5 sway-bar` for more information about this section.
bar {
position bottom
# When the status_command prints a new line to stdout, swaybar updates.
# The default just shows the current date and time.
status_command ~/.config/sway/status
colors {
statusline ${foreground}
background ${background}
inactive_workspace ${background}ee ${background}ee ${foreground}ee
}
}
# Gaps between multiple tiling windows
gaps inner 10
smart_gaps on
bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3
# class border backgr. text indicator child_border
client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4}
client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0}
client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0}
client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0}
client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2}
client.background #${foreground}
include /etc/sway/config.d/*
exec sleep 5; systemctl --user restart kanshi.service
exec sleep 5; swaymsg output '*' bg $wallpaper fill
'';
home.file.".config/sway/status".source = ./status;
home.file.".config/kanshi/config".text = ''
profile Laptop {
output eDP-1 enable
}
profile Docked {
output eDP-1 disable
output "LG Electronics LG HDR 4K 0x000354D1" {
enable
scale 1.4
position 0,0
}
}
'';
#services.poweralertd.enable = true;
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.
programs.home-manager.enable = true; programs.home-manager.enable = true;

96
home/git.nix
View file

@ -1,96 +0,0 @@
{
lib,
pkgs,
...
}:
with lib;
let
allowedSigners = pkgs.writeTextFile {
name = "allowed-signers";
text = ''
dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
'';
};
in
{
programs.git = {
enable = true;
extraConfig = {
commit = {
gpgSign = true;
verbose = true;
};
gpg = {
format = "ssh";
ssh.allowedSignersFile = "${allowedSigners}";
ssh.program = "ssh-keygen";
};
tag.gpgSign = true;
user = {
email = "dadada@dadada.li";
name = "Tim Schubert";
signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
};
core = {
whitespace = {
tab-in-indent = true;
tabwidth = 4;
};
alias = { };
pager = "delta";
};
column.ui = "never";
checkout.defaultRemote = "origin";
delta = {
navigate = true; # use n and N to move between diff sections
side-by-side = false;
line-numbers = true;
light = false;
};
diff = {
renames = "copies";
algorithm = "histogram";
colorMoved = "default";
};
interactive.diffFilter = "delta --color-only";
merge = {
conflictstyle = "zdiff3";
keepbackup = false;
tool = "meld";
};
status = {
short = true;
branch = true;
showUntrackedFiled = "all";
};
log.date = "iso8601-local";
fetch.prune = true;
pull = {
prune = true;
ff = "only";
rebase = "interactive";
};
push = {
default = "current";
autoSetupRemote = true;
};
rebase = {
abbreviateCommands = true;
# Automatically force-update any branches that point to commits that are being rebased.
updateRefs = true;
};
rerere.enabled = true;
transfer.fsckobjects = true;
fetch.fsckobjects = true;
receive.fsckObjects = true;
branch.sort = "-committerdate";
};
};
home.packages = with pkgs; [
delta
git-lfs
meld
];
}

8
home/jjconfig.toml Normal file
View file

@ -0,0 +1,8 @@
[user]
name = "Tim Schubert"
email = "dadada@dadada.li"
[ui]
diff-editor = ["scm-diff-editor", "--dir-diff", "$left", "$right"]
diff-instructions = false
merge-editor = ["meld"]

13
home/modules.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, ... }:
with lib;
let
modules' =
dir:
filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir);
modules =
dir:
mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
modules' dir
);
in
(modules ./modules)

28
home/modules/alacritty/colors.toml Normal file
View file

@ -0,0 +1,28 @@
# Colors (Solarized Light)
# Default colors
[colors.primary]
background = '#fdf6e3'
foreground = '#586e75'
# Normal colors
[colors.normal]
black = '#073642'
red = '#dc322f'
green = '#859900'
yellow = '#b58900'
blue = '#268bd2'
magenta = '#d33682'
cyan = '#2aa198'
white = '#eee8d5'
# Bright colors
[colors.bright]
black = '#002b36'
red = '#cb4b16'
green = '#586e75'
yellow = '#657b83'
blue = '#839496'
magenta = '#6c71c4'
cyan = '#93a1a1'
white = '#fdf6e3'

49
home/modules/alacritty/default.nix Normal file
View file

@ -0,0 +1,49 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.dadada.home.alacritty;
in
{
options.dadada.home.alacritty = {
enable = mkEnableOption "Enable alacritty config";
};
config = mkIf cfg.enable {
home.packages = [
pkgs.jetbrains-mono
];
programs.alacritty = {
enable = true;
settings = {
env.TERM = "xterm-256color";
scrolling.history = 0;
font = {
size = 9;
normal = {
family = "Jetbrains Mono";
style = "Regular";
};
bold = {
family = "Jetbrains Mono";
style = "Bold";
};
italic = {
family = "Jetbrains Mono";
style = "Italic";
};
bold_italic = {
family = "Jetbrains Mono";
style = "Bold Italic";
};
};
shell.program = "tmux";
window.decorations = "none";
colors = (lib.trivial.importTOML ./colors.toml).colors;
};
};
};
}

44
home/modules/colors.nix Normal file
View file

@ -0,0 +1,44 @@
{
config,
lib,
...
}:
with lib;
{
options.dadada.home.colors = mkOption {
type = types.attrs;
description = "Color scheme";
};
config = {
dadada.home.colors = {
foreground = "#a3a3a3";
foregroundBold = "#e8e8e8";
cursor = "#e8e8e8";
cursorForeground = "#1f2022";
background = "#292b2e";
color0 = "#1f2022";
color8 = "#585858";
color7 = "#a3a3a3";
color15 = "#f8f8f8";
color1 = "#f2241f";
color9 = "#f2241f";
color2 = "#67b11d";
color10 = "#67b11d";
color3 = "#b1951d";
color11 = "#b1951d";
color4 = "#4f97d7";
color12 = "#4f97d7";
color5 = "#a31db1";
color13 = "#a31db1";
color6 = "#2d9574";
color14 = "#2d9574";
color16 = "#ffa500";
color17 = "#b03060";
color18 = "#282828";
color19 = "#444155";
color20 = "#b8b8b8";
color21 = "#e8e8e8";
};
};
}

22
home/modules/direnv.nix Normal file
View file

@ -0,0 +1,22 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.direnv;
in
{
options.dadada.home.direnv = {
enable = mkEnableOption "Enable direnv config";
};
config = mkIf cfg.enable {
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
};
}

107
home/modules/git.nix Normal file
View file

@ -0,0 +1,107 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.dadada.home.git;
allowedSigners = pkgs.writeTextFile {
name = "allowed-signers";
text = ''
dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
'';
};
in
{
options.dadada.home.git = {
enable = mkEnableOption "Enable git config";
};
config = mkIf cfg.enable {
programs.git = {
enable = true;
extraConfig = {
commit = {
gpgSign = true;
verbose = true;
};
gpg = {
format = "ssh";
ssh.allowedSignersFile = "${allowedSigners}";
ssh.program = "ssh-keygen";
};
tag.gpgSign = true;
user = {
email = "dadada@dadada.li";
name = "Tim Schubert";
signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
};
core = {
whitespace = {
tab-in-indent = true;
tabwidth = 4;
};
alias = { };
pager = "delta";
};
column.ui = "never";
checkout.defaultRemote = "origin";
delta = {
navigate = true; # use n and N to move between diff sections
side-by-side = false;
line-numbers = true;
light = true;
};
diff = {
renames = "copies";
algorithm = "histogram";
colorMoved = "default";
};
interactive.diffFilter = "delta --color-only";
merge = {
conflictstyle = "zdiff3";
keepbackup = false;
tool = "meld";
};
status = {
short = true;
branch = true;
showUntrackedFiled = "all";
};
log.date = "iso8601-local";
fetch.prune = true;
pull = {
prune = true;
ff = "only";
rebase = "interactive";
};
push = {
default = "current";
autoSetupRemote = true;
};
rebase = {
abbreviateCommands = true;
# Automatically force-update any branches that point to commits that are being rebased.
updateRefs = true;
};
rerere.enabled = true;
transfer.fsckobjects = true;
fetch.fsckobjects = true;
receive.fsckObjects = true;
branch.sort = "-committerdate";
};
};
home.packages = with pkgs; [
delta
git-branchless
git-lfs
gitAndTools.hub
gitAndTools.lab
gitAndTools.git-absorb
meld
];
};
}

34
home/modules/gpg.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.gpg;
in
{
options.dadada.home.gpg = {
enable = mkEnableOption "Enable GnuPG config";
};
config = mkIf cfg.enable {
programs.gpg = {
enable = true;
settings = {
fixed-list-mode = true;
keyid-format = "0xlong";
verify-options = "show-uid-validity";
list-options = "show-uid-validity";
cert-digest-algo = "SHA256";
use-agent = true;
keyserver = "hkps://keys.openpgp.org";
};
};
services.gpg-agent = {
enable = true;
defaultCacheTtl = 1800;
enableSshSupport = false;
};
};
}

20
home/modules/gtk.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.dadada.home.gtk;
in
{
options.dadada.home.gtk = {
enable = mkEnableOption "Enable GTK config";
};
config = mkIf cfg.enable {
gtk = {
enable = true;
};
};
}

2
home/helix/config/config.toml → home/modules/helix/config/config.toml
View file

@ -1,4 +1,4 @@
theme = "solarized_dark" theme = "solarized_light"
[editor] [editor]
line-number = "relative" line-number = "relative"

0
home/helix/config/languages.toml → home/modules/helix/config/languages.toml
View file

3
home/helix/default.nix → home/modules/helix/default.nix
View file

@ -9,6 +9,7 @@ let
in in
{ {
options.dadada.home.helix = { options.dadada.home.helix = {
enable = lib.mkEnableOption "Enable helix editor";
package = lib.mkOption { package = lib.mkOption {
type = lib.types.package; type = lib.types.package;
description = "Helix editor package to use"; description = "Helix editor package to use";
@ -16,7 +17,7 @@ in
}; };
}; };
config = { config = lib.mkIf cfg.enable {
home.file.".config/helix".source = ./config; home.file.".config/helix".source = ./config;
home.packages = [ home.packages = [
cfg.package cfg.package

20
home/modules/keyring.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.keyring;
in
{
options.dadada.home.keyring = {
enable = mkEnableOption "Enable keyring config";
};
config = mkIf cfg.enable {
services.gnome-keyring = {
enable = false;
components = [ "secrets" ];
};
};
}

27
home/modules/session.nix Normal file
View file

@ -0,0 +1,27 @@
{
config,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.session;
in
{
options.dadada.home.session = {
enable = mkEnableOption "Enable session variable management";
sessionVars = mkOption {
description = "Session variables";
type = types.attrs;
default = { };
example = ''
EDITOR = "hx";
PAGER = "less";
'';
};
};
config = mkIf cfg.enable {
home.sessionVariables = cfg.sessionVars;
systemd.user.sessionVariables = cfg.sessionVars;
};
}

19
home/modules/ssh.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.ssh;
in
{
options.dadada.home.ssh = {
enable = mkEnableOption "Enable SSH config";
};
config = mkIf cfg.enable {
programs.ssh = {
enable = true;
};
};
}

21
home/modules/syncthing.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.syncthing;
in
{
options.dadada.home.syncthing = {
enable = mkEnableOption "Enable Syncthing config";
};
config = mkIf cfg.enable {
services.syncthing = {
enable = true;
tray = false;
};
};
}

34
home/modules/tmux.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.tmux;
in
{
options.dadada.home.tmux = {
enable = mkEnableOption "Enable tmux config";
};
config = mkIf cfg.enable {
programs.tmux = {
enable = true;
terminal = "tmux-256color";
extraConfig = ''
setw -g mode-keys vi
set -g mouse on
set -g set-clipboard external
set -g set-titles on
set -g status on
set -ga terminal-overrides ',*256col*:Tc'
set-option -g status-interval 5
set-option -g automatic-rename on
set-option -g automatic-rename-format '#{b:pane_current_path}'
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
bind c new-window -c "#{pane_current_path}"
'';
};
};
}

55
home/modules/xdg.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
apps = {
"x-scheme-handler/mailto" = "evolution.desktop";
"message/rfc822" = "evolution.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/ftp" = "firefox.desktop";
"x-scheme-handler/chrome" = "firefox.desktop";
"text/html" = "firefox.desktop";
"application/x-extension-htm" = "firefox.desktop";
"application/x-extension-html" = "firefox.desktop";
"application/x-extension-shtml" = "firefox.desktop";
"application/xhtml+xml" = "firefox.desktop";
"application/x-extension-xhtml" = "firefox.desktop";
"application/x-extension-xht" = "firefox.desktop";
"application/pdf" = "evince.desktop";
};
cfg = config.dadada.home.xdg;
in
{
options.dadada.home.xdg = {
enable = mkEnableOption "Enable XDG config";
};
config = mkIf cfg.enable {
xdg = {
enable = true;
configHome = "${config.home.homeDirectory}/.config";
mimeApps = {
enable = false;
associations.added = apps;
defaultApplications = apps;
};
userDirs = {
desktop = "\$HOME/.desktop";
download = "\$HOME/tmp";
music = "\$HOME/lib/music";
videos = "\$HOME/lib/videos";
pictures = "\$HOME/lib/pictures";
documents = "\$HOME/lib";
};
};
home.packages = with pkgs; [
evince
firefox
xdg-utils
];
};
}

83
home/modules/zsh.nix Normal file
View file

@ -0,0 +1,83 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.zsh;
in
{
options.dadada.home.zsh = {
enable = mkEnableOption "Enable ZSH config";
};
config = mkIf cfg.enable {
programs.fzf.enableZshIntegration = true;
programs.zsh = {
enable = true;
enableCompletion = true;
enableVteIntegration = true;
autosuggestion.enable = true;
autocd = true;
sessionVariables = {
EDITOR = "hx";
};
history = {
extended = true;
ignoreDups = true;
ignoreSpace = true;
save = 100000;
# FIXME https://github.com/junegunn/fzf/issues/4061
#share = true;
share = false;
};
plugins = [
];
initContent = ''
source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
source ${pkgs.fzf}/share/fzf/completion.zsh
eval "$(${pkgs.h}/bin/h --setup ~/src)"
bindkey -e '^n' autosuggest-accept
preexec() { echo -n -e "\033]0;$1\007" }
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"> "
RPROMPT='$(git_super_status)'
'';
profileExtra = '''';
shellAliases = {
ga = "git add";
gc = "git commit";
gd = "git diff";
gdw = "git diff --color-words";
gf = "git fetch";
gl = "git log";
gpu = "git push";
gpul = "git pull";
grb = "git rebase";
gre = "git reflog";
gs = "git status";
gsh = "git show";
gst = "git status";
gsta = "git stash";
gstap = "git stash apply";
exa = "eza";
ls = "exa";
la = "exa -a";
ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\"";
mv = "mv -i";
cp = "cp -i";
};
};
home.packages = with pkgs; [
fzf
eza
zsh-git-prompt
tmux
];
};
}

7
home/nixpkgs-config.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs }:
{
allowUnfree = true;
allowUnfreePredicate = pkg: true;
allowBroken = false;
android_sdk.accept_license = true;
}

72
home/pkgs.nix
View file

@ -1,84 +1,152 @@
{ pkgs }: { pkgs }:
with pkgs; with pkgs;
[ [
anki
aqbanking
aria2
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
bash bash
bat # cat with syntax highlighting and git integration bat # cat with syntax highlighting and git integration
binutils binutils
bluez-tools bluez-tools
btop # htop
choose # alternative to cut and awk with more readable syntax
chromium chromium
colordiff
darcs
delta # feature-rich diff viewer delta # feature-rich diff viewer
dig dig
direnv direnv
duf # disk usage
dune3d
dyff # diff tool for YAML
element-desktop element-desktop
evince
evolution
ffmpeg ffmpeg
file file
fuzzel
fx # themable json viewer
fzf
fzf fzf
gdb gdb
gh gh
ghidra-bin
gimp gimp
glow
glow # render markdown glow # render markdown
gnumake gnumake
gnupg gnupg
halloy gping # ping with graphs
graphviz
grim
gron # make json grepable
h # Manage git repos
hexyl # hex viewer hexyl # hex viewer
htop
httpie httpie
hub
hyperfine # A command-line benchmarking tool. hyperfine # A command-line benchmarking tool.
icdiff
imagemagick
inkscape inkscape
inotify-tools inotify-tools
ioping # ping but for block devices ioping # ping but for block devices
iproute2 iproute2
iputils # tracepath iputils # tracepath
irssi irssi
jameica
jc # convert output to json
josm
jq jq
kanshi
keepassxc keepassxc
kubetail
krita krita
ldns ldns
liboping # oping, ping multiple hosts at once
libreoffice libreoffice
libvirt libvirt
lsof lsof
lynis
man-pages man-pages
mblaze
mkpasswd
mpv mpv
mtr mtr
mumble mumble
nix-output-monitor nix-output-monitor
ncurses
newsflash
nixd nixd
nixfmt-rfc-style nixfmt-rfc-style
nfs-utils nfs-utils
niv
nix-index
nmap nmap
nmon
nodePackages.prettier
map-cmd map-cmd
obs-studio obs-studio
obsidian offlineimap
openscad openscad
openssl openssl
p7zip
pandoc # document converter and templater pandoc # document converter and templater
pass pass
pavucontrol pavucontrol
picocom picocom
playerctl
procs # ps in rust
prusa-slicer prusa-slicer
pv pv
pwgen
(python3.withPackages (pkgs: [ (python3.withPackages (pkgs: [
pkgs.pandas pkgs.pandas
pkgs.requests pkgs.requests
])) ]))
ranger ranger
reptyr
ripgrep
ripgrep ripgrep
saleae-logic-2 saleae-logic-2
sd # search and displace like sed but with better syntax
sieveshell sieveshell
signal-desktop signal-desktop
silver-searcher
skim # fzf in Rust
slurp
socat socat
solvespace
spotify
sqlite sqlite
sshfs-fuse
steam
taplo taplo
tcpdump tcpdump
tdesktop
thunderbird thunderbird
tmux tmux
ttyd
unzip unzip
usbutils usbutils
vegur
virt-manager virt-manager
viu # view images from the terminal
vscodium
whois whois
wireshark wireshark
xdg-utils xdg-utils
xmlstarlet xmlstarlet
unixtools.xxd unixtools.xxd
xxh # portable shells
yt-dlp yt-dlp
# zotero Marked as insecure
zeal
zk
zsh zsh
] ]

138
home/status Executable file
View file

@ -0,0 +1,138 @@
#!/usr/bin/env python3
import json
import sys
import time
import requests
import logging
import subprocess
from datetime import datetime
logger = logging.getLogger(__name__)
class Status:
def status(self):
return None
class Cat(Status):
index = 0
def status(self):
cat_width = 200
index = self.index
catwalk = "🐈🏳️‍🌈" + " " * index
self.index = (index + 1) % cat_width
return {"full_text": catwalk}
class Space(Status):
backoff = 0
c_status = None
def status(self):
backoff = self.backoff
if self.backoff == 0:
self.update()
return {"full_text": self.c_status}
def update(self):
spacestatus_url = "https://status.stratum0.org/status.json"
resp = requests.get(url=spacestatus_url)
self.backoff = (self.backoff + 1) % 120
data = resp.json()
if data["isOpen"]:
since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M")
spacestatus = f"Space is open since {since}"
else:
spacestatus = "Space is closed"
self.c_status = spacestatus
class Battery(Status):
capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r')
status_file = open('/sys/class/power_supply/BAT0/status', 'r')
def status(self):
self.status_file.seek(0)
status = self.status_file.read().rstrip()
self.capacity_file.seek(0)
capacity = self.capacity_file.read().rstrip()
battery = f"{status} {capacity}%"
return {"full_text": battery}
class Time(Status):
def status(self):
now = datetime.now()
match now.isocalendar().week % 10:
case 1:
th = "st"
case 2:
th = "nd"
case 3:
th = "rd"
case _:
th = "th"
return {"full_text": now.strftime(f"%V{th} %A %H:%M") }
class FailedUnits(Status):
def status(self):
proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True)
stdout = proc.stdout.decode('utf-8')
failed = 0
for line in stdout:
if 'failed' in line:
failed += 1
if failed == 0:
return {"full_text": f"No failed units"}
else:
return {"full_text": f"There are {failed} failed units", "color": "#ff0000"}
def print_header():
header = {
"version": 1,
"click_events": False,
}
print(json.dumps(header))
print("[")
def run(interval, widgets):
print_header()
while True:
body = []
for widget in widgets:
try:
status = widget.status()
except Exception as e:
logger.error(e)
if status:
body += status,
print(json.dumps(body), ",", flush=True)
ts = interval - (time.time() % interval)
time.sleep(ts)
if __name__ == "__main__":
logging.basicConfig(level=logging.INFO)
# Interval in seconds
interval = 1.0
widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()]
run(interval, widgets)

23
home/tmux.nix
View file

@ -1,23 +0,0 @@
{
...
}:
{
programs.tmux = {
enable = true;
terminal = "tmux-256color";
extraConfig = ''
setw -g mode-keys vi
set -g mouse on
set -g set-clipboard external
set -g set-titles on
set -g status on
set -ga terminal-overrides ',*256col*:Tc'
set-option -g status-interval 5
set-option -g automatic-rename on
set-option -g automatic-rename-format '#{b:pane_current_path}'
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
bind c new-window -c "#{pane_current_path}"
'';
};
}

47
home/xdg.nix
View file

@ -1,47 +0,0 @@
{
config,
pkgs,
...
}:
let
apps = {
"x-scheme-handler/mailto" = "thunderbird.desktop";
"message/rfc822" = "thunderbird.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/ftp" = "firefox.desktop";
"x-scheme-handler/chrome" = "firefox.desktop";
"text/html" = "firefox.desktop";
"application/x-extension-htm" = "firefox.desktop";
"application/x-extension-html" = "firefox.desktop";
"application/x-extension-shtml" = "firefox.desktop";
"application/xhtml+xml" = "firefox.desktop";
"application/x-extension-xhtml" = "firefox.desktop";
"application/x-extension-xht" = "firefox.desktop";
"application/pdf" = "okular.desktop";
};
in
{
xdg = {
enable = true;
configHome = "${config.home.homeDirectory}/.config";
mimeApps = {
enable = false;
associations.added = apps;
defaultApplications = apps;
};
userDirs = {
desktop = "\$HOME/.desktop";
download = "\$HOME/tmp";
music = "\$HOME/lib/music";
videos = "\$HOME/lib/videos";
pictures = "\$HOME/lib/pictures";
documents = "\$HOME/lib";
};
};
home.packages = with pkgs; [
evince
firefox
xdg-utils
];
}

69
home/zsh.nix
View file

@ -1,69 +0,0 @@
{
pkgs,
...
}:
{
programs.fzf.enableZshIntegration = true;
programs.zsh = {
enable = true;
enableCompletion = true;
enableVteIntegration = true;
autosuggestion.enable = true;
autocd = true;
sessionVariables = {
EDITOR = "hx";
};
history = {
extended = true;
ignoreDups = true;
ignoreSpace = true;
save = 100000;
# FIXME https://github.com/junegunn/fzf/issues/4061
#share = true;
share = false;
};
plugins = [
];
initContent = ''
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
source ${pkgs.fzf}/share/fzf/completion.zsh
eval "$(repo setup --root ~/src)"
bindkey -e '^n' autosuggest-accept
preexec() { echo -n -e "\033]0;$1\007" }
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"> "
'';
profileExtra = '''';
shellAliases = {
ga = "git add";
gc = "git commit";
gd = "git diff";
gdw = "git diff --color-words";
gf = "git fetch";
gl = "git log";
gpu = "git push";
gpul = "git pull";
grb = "git rebase";
gre = "git reflog";
gs = "git status";
gsh = "git show";
gst = "git status";
gsta = "git stash";
gstap = "git stash apply";
exa = "eza";
ls = "exa";
la = "exa -a";
ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\"";
mv = "mv -i";
cp = "cp -i";
};
};
home.packages = with pkgs; [
fzf
eza
tmux
];
}

4
hydra-jobs.nix Normal file
View file

@ -0,0 +1,4 @@
{ self, nixpkgs, ... }:
(nixpkgs.lib.mapAttrs' (
name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel
) self.nixosConfigurations)

108
nixos/agares/configuration.nix Normal file
View file

@ -0,0 +1,108 @@
{
config,
modulesPath,
pkgs,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./ddns.nix
./dns.nix
./firewall.nix
../modules/profiles/server.nix
./network.nix
./ntp.nix
./ppp.nix
];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "btrfs";
options = [ "subvol=root" ];
};
#fileSystems."/nix/store" = {
# device = "/dev/sda1";
# fsType = "btrfs";
# options = [ "subvol=/root/nix" "noatime" ];
#};
fileSystems."/swap" = {
device = "/dev/sda1";
fsType = "btrfs";
options = [
"subvol=/root/swap"
"noatime"
];
};
#swapDevices = [{
# device = "/swap/swapfile";
# size = 32 * 1024; # 32 GByte
#}];
hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;
dadada = {
admin.enable = true;
};
services.smartd.enable = true;
networking.hostName = "agares";
networking.domain = "bs.dadada.li";
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.extraConfig = "
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial
terminal_output serial
";
boot.kernelParams = [
"console=ttyS0,115200"
"amd_iommu=on"
"iommu=pt"
];
boot.kernelModules = [
"kvm-amd"
"vfio"
"vfio_iommu_type1"
"vfio_pci"
"vfio_virqfd"
];
environment.systemPackages = with pkgs; [
curl
flashrom
dmidecode
tcpdump
];
services.munin-node = {
enable = true;
extraConfig = ''
host_name ${config.networking.hostName}
cidr_allow 10.3.3.3/32
'';
};
# Running router VM. They have to be restarted in the right order, so network comes up cleanly. Not ideal.
system.autoUpgrade.allowReboot = false;
system.stateVersion = "23.05";
}

13
nixos/agares/ddns.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, ... }:
{
dadada.ddns = {
domains = [ "vpn.dadada.li" ];
credentialsPath = config.age.secrets."ddns-credentials".path;
interface = "ppp0";
};
age.secrets."ddns-credentials" = {
file = "${config.dadada.secrets.path}/ddns-credentials.age";
mode = "400";
};
}

81
nixos/agares/dns.nix Normal file
View file

@ -0,0 +1,81 @@
{ ... }:
{
services.unbound = {
enable = true;
localControlSocketPath = "/run/unbound/unbound.ctl";
settings = {
server = {
access-control = [
"127.0.0.0/8 allow"
"127.0.0.1/32 allow_snoop"
"192.168.96.0/19 allow"
"192.168.1.0/24 allow"
"172.16.128.0/24 allow"
"::1/128 allow_snoop"
"fd42:9c3b:f96d::/48 allow"
];
interface = [
"127.0.0.1"
"192.168.1.1"
"192.168.100.1"
"192.168.101.1"
"192.168.102.1"
"192.168.103.1"
"192.168.120.1"
"::1"
"fd42:9c3b:f96d:100::1"
"fd42:9c3b:f96d:101::1"
"fd42:9c3b:f96d:102::1"
"fd42:9c3b:f96d:103::1"
"fd42:9c3b:f96d:120::1"
];
prefer-ip6 = true;
prefetch = true;
prefetch-key = true;
serve-expired = false;
aggressive-nsec = true;
hide-identity = true;
hide-version = true;
use-caps-for-id = true;
val-permissive-mode = true;
local-data = [
"\"agares.bs.dadada.li. 10800 IN A 192.168.101.1\""
"\"danjal.bs.dadada.li. 10800 IN A 192.168.100.108\""
"\"legion.bs.dadada.li. 10800 IN A 192.168.100.107\""
"\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\""
"\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\""
"\"ninurta.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\""
"\"backup1.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\""
];
local-zone = [
"\"168.192.in-addr.arpa.\" nodefault"
"\"d.f.ip6.arpa.\" nodefault"
];
};
forward-zone = [
{
name = ".";
forward-tls-upstream = "yes";
forward-addr = [
"2620:fe::fe@853#dns.quad9.net"
"2620:fe::9@853#dns.quad9.net"
"9.9.9.9@853#dns.quad9.net"
"149.112.112.112@853#dns.quad9.net"
];
}
];
stub-zone =
let
stubZone = name: addrs: {
name = "${name}";
stub-addr = addrs;
};
in
[
#(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"])
#(stubZone "d.6.9.f.b.3.c.9.2.4.d.f.ip6.arpa" ["192.168.101.220" "2a01:4f8:c010:a710::1"])
#(stubZone "168.192.in-addr.arpa" ["192.168.128.220" "2a01:4f8:c010:a710::1"])
];
};
};
}

13
nixos/agares/firewall.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
networking = {
useDHCP = false;
nat.enable = false;
firewall.enable = false;
nftables = {
enable = true;
checkRuleset = true;
ruleset = builtins.readFile ./rules.nft;
};
};
}

323
nixos/agares/network.nix Normal file
View file

@ -0,0 +1,323 @@
{ config, lib, ... }:
let
ulaPrefix = "fd42:9c3b:f96d"; # fd42:9c3b:f96d::/48
ipv4Prefix = "192.168"; # 192.168.96.0/19
domain = "bs.dadada.li";
in
{
networking.useDHCP = false;
systemd.network = {
enable = true;
links = {
"10-persistent" = {
matchConfig.OriginalName = [
"enp1s0"
"enp2s0"
]; # takes search domains from the [Network]
linkConfig.MACAddressPolicy = "persistent";
};
};
netdevs = {
# QoS concentrator
"ifb4ppp0" = {
netdevConfig = {
Kind = "ifb";
Name = "ifb4ppp0";
};
};
"20-lan" = {
netdevConfig = {
Kind = "vlan";
Name = "lan.10";
};
vlanConfig = {
Id = 10;
};
};
"20-freifunk" = {
netdevConfig = {
Kind = "vlan";
Name = "ff.11";
};
vlanConfig = {
Id = 11;
};
};
"20-roadw" = {
netdevConfig = {
Kind = "wireguard";
Name = "roadw";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path;
ListenPort = 51234;
};
wireguardPeers = [
{
wireguardPeerConfig =
let
peerAddresses = i: [
"${ipv4Prefix}.120.${i}/32"
"${ulaPrefix}:120::${i}/128"
];
in
{
PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
AllowedIPs = peerAddresses "3";
};
}
];
};
"20-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."wg-privkey-wg0".path;
ListenPort = 51235;
};
wireguardPeers = lib.singleton {
wireguardPeerConfig = {
PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
AllowedIPs = [
"10.3.3.3/32"
"fd42:9c3b:f96d:121::3/128"
"fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"
];
};
};
};
};
networks =
let
subnet = name: subnetId: {
matchConfig.Name = name;
addresses = [
{ addressConfig.Address = "${ipv4Prefix}.${subnetId}.1/24"; }
{ addressConfig.Address = "${ulaPrefix}:${subnetId}::1/64"; }
];
dhcpPrefixDelegationConfig = {
SubnetId = "auto";
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = "${ulaPrefix}:${subnetId}::/64";
}
];
dhcpServerConfig = {
DNS = "_server_address";
NTP = "_server_address";
EmitDNS = true;
EmitNTP = true;
EmitRouter = true;
PoolOffset = 100;
PoolSize = 100;
};
ipv6SendRAConfig = {
EmitDNS = true;
DNS = "_link_local";
EmitDomains = true; # takes search domains from the [Network]
};
linkConfig = {
RequiredForOnline = false;
};
networkConfig = {
Domains = domain;
EmitLLDP = "yes";
IPv6SendRA = true;
IPv6AcceptRA = false;
DHCPPrefixDelegation = true;
DHCPServer = true;
};
extraConfig = ''
[CAKE]
OverheadBytes = 38
Bandwidth = 1G
RTT = lan
'';
};
in
{
"10-mgmt" = lib.mkMerge [
(subnet "enp1s0" "100")
{
networkConfig.VLAN = [
"lan.10"
"ff.11"
];
dhcpServerStaticLeases = [
{
# legion
dhcpServerStaticLeaseConfig = {
Address = "192.168.100.107";
MACAddress = "80:CC:9C:95:4A:60";
};
}
{
# danyal
dhcpServerStaticLeaseConfig = {
Address = "192.168.100.108";
MACAddress = "c8:9e:43:a3:3d:7f";
};
}
];
}
];
"30-wg0" = {
matchConfig.Name = "wg0";
address = [
"10.3.3.2/32"
"fd42:9c3b:f96d:121::2/128"
];
DHCP = "no";
networkConfig.IPv6AcceptRA = false;
linkConfig.RequiredForOnline = false;
routes = [
{
routeConfig = {
Destination = "10.3.3.1/24";
};
}
{
routeConfig = {
Destination = "fd42:9c3b:f96d:121::1/64";
};
}
];
};
"30-lan" = subnet "lan.10" "101" // {
dhcpServerStaticLeases = [
{
# ninurta
dhcpServerStaticLeaseConfig = {
Address = "192.168.101.184";
MACAddress = "48:21:0B:3E:9C:FE";
};
}
{
# crocell
dhcpServerStaticLeaseConfig = {
Address = "192.168.101.122";
MACAddress = "9C:C9:EB:4F:3F:0E";
};
}
{
# gorgon
dhcpServerStaticLeaseConfig = {
Address = "192.168.101.205";
MACAddress = "8C:C6:81:6A:39:2F";
};
}
];
};
"30-ff" = subnet "ff.11" "102";
"30-ifb4ppp0" = {
name = "ifb4ppp0";
extraConfig = ''
[CAKE]
OverheadBytes = 65
Bandwidth = 100M
FlowIsolationMode = triple
RTT = internet
'';
linkConfig = {
RequiredForOnline = false;
};
};
"30-ppp0" = {
name = "ppp*";
linkConfig = {
RequiredForOnline = "routable";
};
networkConfig = {
KeepConfiguration = "static";
DefaultRouteOnDevice = true;
LinkLocalAddressing = "ipv6";
DHCP = "ipv6";
};
extraConfig = ''
[CAKE]
OverheadBytes = 65
Bandwidth = 40M
FlowIsolationMode = triple
NAT=true
RTT = internet
[DHCPv6]
PrefixDelegationHint= ::/56
UseAddress = false
UseDelegatedPrefix = true
WithoutRA = solicit
[DHCPPrefixDelegation]
UplinkInterface=:self
'';
ipv6SendRAConfig = {
# Let networkd know that we would very much like to use DHCPv6
# to obtain the "managed" information. Not sure why they can't
# just take that from the upstream RAs.
Managed = true;
};
};
# Talk to modem for management
"enp2s0" = {
name = "enp2s0";
linkConfig = {
RequiredForOnline = false;
};
networkConfig = {
Address = "192.168.1.254/24";
EmitLLDP = "yes";
};
};
"10-roadw" = {
matchConfig.Name = "roadw";
addresses = [
{ addressConfig.Address = "${ipv4Prefix}.120.1/24"; }
{ addressConfig.Address = "${ulaPrefix}:120::1/64"; }
];
DHCP = "no";
networkConfig.IPv6AcceptRA = false;
linkConfig.RequiredForOnline = false;
routes = [
{
routeConfig = {
Destination = "${ipv4Prefix}.120.1/24";
};
}
{
routeConfig = {
Destination = "${ulaPrefix}::120:1/64";
};
}
];
};
};
};
age.secrets."wg-privkey-vpn-dadada-li" = {
file = "${config.dadada.secrets.path}/wg-privkey-vpn-dadada-li.age";
owner = "systemd-network";
};
age.secrets."wg-privkey-wg0" = {
file = "${config.dadada.secrets.path}/agares-wg0-key.age";
owner = "systemd-network";
};
boot.kernel.sysctl = {
# Enable forwarding for interface
"net.ipv4.conf.all.forwarding" = "1";
"net.ipv6.conf.all.forwarding" = "1";
"net.ipv6.conf.all.accept_ra" = "0";
"net.ipv6.conf.all.autoconf" = "0";
# Set via systemd-networkd
#"net.ipv6.conf.${intf}.use_tempaddr" = "0";
};
powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil";
}

12
nixos/agares/ntp.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
services.chrony = {
enable = true;
extraConfig = ''
allow 192.168.1
allow 192.168.100
allow 192.168.101
allow 192.168.102
'';
};
}

68
nixos/agares/ppp.nix Normal file
View file

@ -0,0 +1,68 @@
{
pkgs,
lib,
config,
...
}:
let
secretsPath = config.dadada.secrets.path;
in
{
# PPPoE
services.pppd = {
enable = true;
peers = {
telekom = {
enable = true;
autostart = true;
config = ''
debug
plugin pppoe.so enp2s0
noauth
hide-password
call telekom-secret
linkname ppp0
persist
maxfail 0
holdoff 5
noipdefault
defaultroute
lcp-echo-interval 15
lcp-echo-failure 3
'';
};
};
};
age.secrets."etc-ppp-telekom-secret" = {
file = "${secretsPath}/etc-ppp-telekom-secret.age";
owner = "root";
mode = "700";
path = "/etc/ppp/peers/telekom-secret";
};
age.secrets."etc-ppp-pap-secrets" = {
# format: client server passphrase
file = "${secretsPath}/etc-ppp-chap-secrets.age";
owner = "root";
mode = "700";
path = "/etc/ppp/pap-secrets";
};
# Hook for QoS via Intermediate Functional Block
environment.etc."ppp/ip-up" = {
mode = "755";
text = with lib; ''
#!/usr/bin/env sh
${getBin pkgs.iproute2}/bin/tc qdisc del dev $1 ingress
${getBin pkgs.iproute2}/bin/tc qdisc add dev $1 handle ffff: ingress
${getBin pkgs.iproute2}/bin/tc filter add dev $1 parent ffff: matchall action mirred egress redirect dev ifb4ppp0
'';
};
}

136
nixos/agares/rules.nft Normal file
View file

@ -0,0 +1,136 @@
flush ruleset
define IF_MGMT = "enp1s0"
define IF_FF = "ff.11"
define IF_LAN = "lan.10"
define IF_WAN = "ppp0"
# Modem uses this for internet uplink via our WAN
define IF_MODEM = "enp2s0"
define IF_ROADW = "roadw"
table inet filter {
# Will give "no such file or directory if hardware does not support flow offloading"
# flowtable f {
# hook ingress priority 0; devices = { enp1s0, enp2s0 }; flags offload;
# }
chain input_local {
ip6 saddr != ::1/128 log prefix "Dropped IPv6 nonlocalhost packet on loopback:" drop
accept comment "Accept traffic to loopback interface"
}
chain input_icmp_untrusted {
# Allow ICMP echo
ip protocol icmp icmp type { echo-request } limit rate 1000/second burst 5 packets accept comment "Accept echo request"
# Allow some ICMPv6
icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } limit rate 1000/second burst 5 packets accept comment "Allow some ICMPv6"
}
chain input_modem {
jump input_icmp_untrusted
}
chain input_wan {
# DHCPv6 client
meta nfproto ipv6 udp sport 547 accept comment "Allow DHCPv6 client"
jump input_icmp_untrusted
udp dport 51234 accept comment "Wireguard roadwarriors"
}
chain input_lan {
counter accept comment "Accept all traffic from LAN"
}
chain input_mgmt {
counter accept comment "Accept all traffic from MGMT"
}
chain input_roadw {
counter accept comment "Accept all traffic from roadwarriors"
}
chain input_ff {
jump input_icmp_untrusted
# DHCP
meta nfproto ipv6 udp dport 547 accept comment "Allow DHCPv6 client"
# Allow DNS and DHCP from Freifunk
udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk"
}
chain input_wg0 {
tcp dport 4949 accept comment "Munin node"
}
chain input {
type filter hook input priority filter; policy drop;
ct state {established, related} counter accept comment "Accept packets from established and related connections"
ct state invalid counter drop comment "Early drop of invalid packets"
iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, wg0 : jump input_wg0 }
}
# Only works if hardware flow offloading is available
# chain offload {
# type filter hook forward priority -100; policy accept;
# ip protocol tcp flow add @f
# counter packets 0 bytes 0
# }
chain forward {
type filter hook forward priority filter; policy drop;
# Accept connections tracked by destination NAT
ct status dnat counter accept comment "Accept connections tracked by DNAT"
# TCP options
tcp flags syn tcp option maxseg size set rt mtu comment "Remove TCP maximum segment size and set a size based on route information"
# ICMPv6
icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem } limit rate 5/second counter accept comment "Forward up to five ICMP messages of allowed types per second"
meta l4proto ipv6-icmp accept comment "Forward ICMP in IPv6"
# mgmt <-> *
iifname { $IF_LAN, $IF_ROADW } oifname $IF_MGMT counter reject comment "Reject traffic from LAN and roadwarrior to MGMT"
iifname $IF_MGMT oifname { $IF_LAN, $IF_ROADW } counter reject comment "Reject traffic from MGMT to LAN and roadwarrior"
# drop (instead of reject) everything else to MGMT
# LAN, ROADW -> * (except mgmt)
iifname { $IF_LAN, $IF_ROADW } counter accept comment "Allow all traffic forwarding from LAN and roadwarrior to all interfaces, except to mgmt"
# FF -> WAN
iifname { $IF_FF } oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk and services to WAN"
# { WAN } -> { FF, LAN, RW }
iifname { $IF_WAN } oifname { $IF_FF, $IF_LAN, $IF_ROADW } ct state established,related counter accept comment "Allow established back from WAN"
}
chain output {
type filter hook output priority 100; policy accept;
}
}
table ip nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr { 192.168.96.0/19 } oifname { $IF_WAN } masquerade comment "Masquerade traffic from LANs"
}
}
table arp filter {
chain input {
type filter hook input priority filter; policy drop;
iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, modem"
}
}

156
nixos/configurations.nix
View file

@ -8,87 +8,127 @@
nixos-hardware, nixos-hardware,
nixos-generators, nixos-generators,
nixpkgs, nixpkgs,
nixpkgs-small,
... ...
}@inputs: }@inputs:
let let
# create a new instance allowing some unfree packages nixosSystem =
nixpkgsx86 = import nixpkgs {
system = "x86_64-linux";
config.allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"aspell-dict-en-science"
"brgenml1lpr"
"obsidian"
"saleae-logic-2"
"spotify"
"steam"
"steam-unwrapped"
];
};
nixosSystem = nixpkgs.lib.nixosSystem;
baseModule =
{ lib, ... }:
{ {
_module.args.inputs = inputs; nixpkgs,
imports = [ system ? "x86_64-linux",
inputs.agenix.nixosModules.age extraModules ? [ ],
inputs.disko.nixosModules.disko }:
inputs.home-manager.nixosModules.home-manager nixpkgs.lib.nixosSystem {
inherit system;
modules = [
{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
}
]
++ (nixpkgs.lib.attrValues self.nixosModules)
++ [ agenix.nixosModules.age ]
++ extraModules;
};
in
{
stolas =
let
system = "x86_64-linux";
in
nixosSystem {
inherit nixpkgs system;
extraModules = [
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
dadada.pkgs = self.packages.${system};
dadada.inputs = inputs // {
dadada = self;
};
}
nixos-hardware.nixosModules.framework-amd-ai-300-series
home-manager.nixosModules.home-manager
( (
{ pkgs, ... }: { pkgs, ... }:
{ {
dadada.homepage.package = homepage; home-manager.useGlobalPkgs = true;
dadada.pkgs = inputs.self.packages.${pkgs.system}; home-manager.useUserPackages = true;
dadada.inputs = inputs // { home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
dadada = inputs.self; { dadada.home.helix.package = pkgs.helix; }
}; ];
home-manager.users.dadada = import ../home;
} }
) )
inputs.lanzaboote.nixosModules.lanzaboote
]
++ (lib.attrValues inputs.self.nixosModules);
};
homeModule = ./modules/profiles/home.nix;
in
{
stolas = nixosSystem {
modules = [
{ nixpkgs.pkgs = nixpkgsx86; }
baseModule
nixos-hardware.nixosModules.framework-amd-ai-300-series
homeModule
./stolas ./stolas
]; ];
}; };
gorgon = nixosSystem { gorgon =
modules = [ let
{ nixpkgs.pkgs = nixpkgsx86; } system = "x86_64-linux";
baseModule in
nixosSystem {
inherit nixpkgs system;
extraModules = [
{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
dadada.pkgs = self.packages.${system};
dadada.inputs = inputs // {
dadada = self;
};
}
nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
homeModule home-manager.nixosModules.home-manager
(
{ pkgs, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
{ dadada.home.helix.package = pkgs.helix; }
{ manual.manpages.enable = false; }
];
home-manager.users.dadada = import ../home;
}
)
./gorgon/configuration.nix ./gorgon/configuration.nix
]; ];
}; };
surgat = nixosSystem { surgat = nixosSystem {
modules = [ nixpkgs = nixpkgs-small;
{ nixpkgs.pkgs = nixpkgsx86; } system = "x86_64-linux";
baseModule extraModules = [
{
dadada.homepage.package = homepage;
}
./modules/profiles/server.nix
./surgat/configuration.nix ./surgat/configuration.nix
]; ];
}; };
installer = nixosSystem { agares = nixosSystem {
nixpkgs = nixpkgs-small;
extraModules = [
./agares/configuration.nix
];
};
installer =
let
nixpkgs = nixpkgs-small;
in
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ modules = [
nixos-generators.nixosModules.install-iso nixos-generators.nixosModules.install-iso
inputs.self.nixosModules.admin self.nixosModules.admin
(
{ lib, ... }:
{ {
nixpkgs.pkgs = nixpkgs.legacyPackages."x86_64-linux"; isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
isoImage.isoName = lib.mkForce "dadada-nixos-installer.iso";
networking.tempAddresses = "disabled"; networking.tempAddresses = "disabled";
dadada.admin.enable = true; dadada.admin.enable = true;
documentation.enable = true; documentation.enable = true;
@ -99,14 +139,12 @@ in
keyMap = "us"; keyMap = "us";
}; };
} }
)
]; ];
}; };
ninurta = nixosSystem { ninurta = nixosSystem {
modules = [ nixpkgs = nixpkgs-small;
{ nixpkgs.pkgs = nixpkgsx86; } extraModules = [
baseModule
./ninurta/configuration.nix ./ninurta/configuration.nix
]; ];
}; };

7
nixos/gorgon/configuration.nix
View file

@ -52,6 +52,8 @@ in
age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = age.secrets."${config.networking.hostName}-backup-passphrase-gs".file =
"${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
nixpkgs.config.android_sdk.accept_license = true;
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
nix.extraOptions = '' nix.extraOptions = ''
@ -83,7 +85,7 @@ in
networking.hostName = "gorgon"; networking.hostName = "gorgon";
dadada = { dadada = {
steam.enable = false; steam.enable = true;
yubikey.enable = true; yubikey.enable = true;
}; };
@ -152,6 +154,7 @@ in
#]; #];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
android-studio
ghostscript ghostscript
smartmontools smartmontools
@ -261,7 +264,7 @@ in
xdg.portal.wlr.enable = false; xdg.portal.wlr.enable = false;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
hardware.graphics = { hardware.opengl = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
vaapiVdpau vaapiVdpau

2
nixos/modules/backup.nix
View file

@ -11,7 +11,7 @@ let
"/dev" "/dev"
"/efi" "/efi"
"/home/*/.cache" "/home/*/.cache"
"/home/*/.config/Element" "/home/*/.config/Riot/Cache"
"/home/iserv" "/home/iserv"
"/lost+found" "/lost+found"
"/mnt" "/mnt"

2
nixos/modules/element.nix
View file

@ -13,7 +13,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nginx.virtualHosts."element.${config.networking.domain}" = { services.nginx.virtualHosts."element.${config.networking.domain}" = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
serverAliases = [ serverAliases = [
"element.${config.networking.domain}" "element.${config.networking.domain}"

2
nixos/modules/gitea.nix
View file

@ -82,7 +82,7 @@ in
}; };
services.nginx.virtualHosts."git.${config.networking.domain}" = { services.nginx.virtualHosts."git.${config.networking.domain}" = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".extraConfig = '' locations."/".extraConfig = ''

2
nixos/modules/homepage.nix
View file

@ -19,7 +19,7 @@ with lib;
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."dadada.li" = { services.nginx.virtualHosts."dadada.li" = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
root = "${cfg.package}"; root = "${cfg.package}";
}; };

2
nixos/modules/miniflux.nix
View file

@ -21,7 +21,7 @@ in
}; };
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".extraConfig = '' locations."/".extraConfig = ''

3
nixos/modules/nixpkgs.nix Normal file
View file

@ -0,0 +1,3 @@
{
nixpkgs.config.allowUnfreePredicate = pkg: true;
}

2
nixos/modules/profiles/base.nix
View file

@ -56,7 +56,7 @@ in
networking.networkmanager.dns = mkDefault "systemd-resolved"; networking.networkmanager.dns = mkDefault "systemd-resolved";
networking.hosts = { networking.hosts = {
"fd42:9c3b:f96d:101:9c17:3dff:fee5:cd5f" = [ "backup1.dadada.li" ]; "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" = [ "backup1.dadada.li" ];
}; };
services.resolved = { services.resolved = {

4
nixos/modules/profiles/cloud.nix
View file

@ -4,10 +4,6 @@ let
initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key";
in in
{ {
imports = [
./server.nix
];
boot.initrd.availableKernelModules = [ "virtio-pci" ]; boot.initrd.availableKernelModules = [ "virtio-pci" ];
boot.kernelParams = [ boot.kernelParams = [

5
nixos/modules/profiles/home.nix
View file

@ -1,5 +0,0 @@
{ pkgs, inputs, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.users.dadada = inputs.self.hmConfigurations.dadada;
}

2
nixos/modules/share.nix
View file

@ -16,7 +16,7 @@ in
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."share.dadada.li" = { services.nginx.virtualHosts."share.dadada.li" = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
root = "/var/lib/share"; root = "/var/lib/share";

14
nixos/modules/steam.nix
View file

@ -15,14 +15,14 @@ in
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.steam.enable = true; nixpkgs.config.allowUnfree = true;
hardware.graphics = {
hardware.opengl = {
enable = true; enable = true;
extraPackages32 = with pkgs.pkgsi686Linux; [ driSupport32Bit = true;
libva extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
libvdpau-va-gl
];
}; };
services.pulseaudio.support32Bit = true;
hardware.pulseaudio.support32Bit = true;
}; };
} }

4
nixos/modules/weechat.nix
View file

@ -21,7 +21,7 @@ in
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."webchat.dadada.li" = { services.nginx.virtualHosts."webchat.dadada.li" = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
root = pkgs.glowing-bear; root = pkgs.glowing-bear;
@ -36,7 +36,7 @@ in
}; };
}; };
services.nginx.virtualHosts."weechat.dadada.li" = { services.nginx.virtualHosts."weechat.dadada.li" = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
root = "${pkgs.nginx}/html"; root = "${pkgs.nginx}/html";

2
nixos/modules/yubikey.nix
View file

@ -34,7 +34,7 @@ in
}; };
u2f = { u2f = {
control = "sufficient"; control = "sufficient";
settings.cue = true; cue = true;
}; };
}; };

45
nixos/ninurta/configuration.nix
View file

@ -14,6 +14,7 @@ let
uwuPrivKey = "pruflas-wg0-key"; uwuPrivKey = "pruflas-wg0-key";
wgHydraPrivKey = "pruflas-wg-hydra-key"; wgHydraPrivKey = "pruflas-wg-hydra-key";
uwuPresharedKey = "pruflas-wg0-preshared-key"; uwuPresharedKey = "pruflas-wg0-preshared-key";
hydraGitHubAuth = "hydra-github-authorization";
initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key";
softServePort = 23231; softServePort = 23231;
in in
@ -153,6 +154,34 @@ in
mode = "400"; mode = "400";
}; };
age.secrets.${hydraGitHubAuth} = {
file = "${secretsPath}/${hydraGitHubAuth}.age";
mode = "440";
owner = "hydra-www";
group = "hydra";
};
services.hydra = {
enable = false;
package = pkgs.hydra;
hydraURL = "https://hydra.dadada.li";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ ];
useSubstitutes = true;
port = 3000;
listenHost = "10.3.3.3";
extraConfig = ''
Include ${config.age.secrets."${hydraGitHubAuth}".path}
<githubstatus>
jobs = nix-config:main.*
inputs = nix-config
excludeBuildFromContext = 1
useShortContext = 1
</githubstatus>
'';
};
nix.buildMachines = [ nix.buildMachines = [
{ {
hostName = "localhost"; hostName = "localhost";
@ -270,10 +299,14 @@ in
linkConfig.RequiredForOnline = false; linkConfig.RequiredForOnline = false;
routes = [ routes = [
{ {
routeConfig = {
Destination = "10.3.3.1/24"; Destination = "10.3.3.1/24";
};
} }
{ {
routeConfig = {
Destination = "fd42:9c3b:f96d:121::1/64"; Destination = "fd42:9c3b:f96d:121::1/64";
};
} }
]; ];
}; };
@ -290,10 +323,14 @@ in
linkConfig.RequiredForOnline = false; linkConfig.RequiredForOnline = false;
routes = [ routes = [
{ {
routeConfig = {
Destination = "10.11.0.0/22"; Destination = "10.11.0.0/22";
};
} }
{ {
routeConfig = {
Destination = "fc00:1337:dead:beef::10.11.0.0/118"; Destination = "fc00:1337:dead:beef::10.11.0.0/118";
};
} }
]; ];
}; };
@ -333,6 +370,7 @@ in
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = {
PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY=";
AllowedIPs = [ AllowedIPs = [
"10.3.3.1/32" "10.3.3.1/32"
@ -340,14 +378,17 @@ in
]; ];
PersistentKeepalive = 25; PersistentKeepalive = 25;
Endpoint = "surgat.dadada.li:51235"; Endpoint = "surgat.dadada.li:51235";
};
} }
{ {
wireguardPeerConfig = {
PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU=";
AllowedIPs = [ AllowedIPs = [
"10.3.3.2/32" "10.3.3.2/32"
"fd42:9c3b:f96d:121::2/128" "fd42:9c3b:f96d:121::2/128"
]; ];
Endpoint = "192.168.101.1:51235"; Endpoint = "192.168.101.1:51235";
};
} }
]; ];
}; };
@ -361,6 +402,7 @@ in
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = {
PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
AllowedIPs = [ AllowedIPs = [
"10.11.0.0/22" "10.11.0.0/22"
@ -370,6 +412,7 @@ in
PersistentKeepalive = 25; PersistentKeepalive = 25;
PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path;
Endpoint = "53c70r.de:51820"; Endpoint = "53c70r.de:51820";
};
} }
]; ];
}; };
@ -429,7 +472,7 @@ in
}) })
]; ];
services.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
smartmontools smartmontools

70
nixos/stolas/default.nix
View file

@ -12,20 +12,18 @@
./paperless.nix ./paperless.nix
]; ];
nixpkgs = {
hostPlatform = "x86_64-linux";
config.allowUnfree = true;
};
boot = { boot = {
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
# Hopefully fixes suspend issues with wifi card extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a"
"resume_offset=79859524"
"zswap.enabled=1"
];
extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
# Lanzaboote currently replaces the systemd-boot module. # Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix # This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false # generated at installation time. So we force it to false
@ -45,46 +43,20 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
config.dadada.pkgs.repo-rs
# For debugging and troubleshooting Secure Boot. # For debugging and troubleshooting Secure Boot.
pkgs.sbctl pkgs.sbctl
# Framework embedded controller interface
pkgs.fw-ectool
]; ];
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
fira
fira-code
fira-code-symbols
fira-mono
font-awesome
uw-ttyp0
];
fontconfig = {
enable = true;
allowBitmaps = true;
antialias = true;
useEmbeddedBitmaps = true;
defaultFonts.monospace = [
"Ttyp0"
"Siji"
"Symbola"
];
};
};
hardware = { hardware = {
# NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features
bluetooth.enable = true; bluetooth.enable = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
enableRedistributableFirmware = true; enableAllFirmware = true;
framework.laptop13.audioEnhancement.enable = true; framework.laptop13.audioEnhancement.enable = true;
graphics = { graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
libva-vdpau-driver vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
]; ];
}; };
@ -93,6 +65,10 @@
powerManagement = { powerManagement = {
enable = true; enable = true;
cpuFreqGovernor = "schedutil"; cpuFreqGovernor = "schedutil";
# TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod?
powerUpCommands = ''
echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold
'';
}; };
networking = { networking = {
@ -109,7 +85,7 @@
}; };
nix = { nix = {
settings.max-jobs = "auto"; settings.max-jobs = lib.mkDefault 16;
}; };
dadada = { dadada = {
@ -120,14 +96,13 @@
enable = true; enable = true;
repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup";
}; };
steam.enable = true;
}; };
programs = { programs = {
adb.enable = true; adb.enable = true;
firefox = { firefox = {
enable = true; enable = true;
package = pkgs.firefox; package = pkgs.firefox-wayland;
}; };
gnupg.agent.enable = true; gnupg.agent.enable = true;
ssh.startAgent = true; ssh.startAgent = true;
@ -199,6 +174,10 @@
"dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
}; };
systemd.sleep.extraConfig = ''
HibernateDelaySec=1h
'';
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"v /var/.snapshots 0755 root root - -" "v /var/.snapshots 0755 root root - -"
"v /var/paperless/.snapshots 0755 root root - -" "v /var/paperless/.snapshots 0755 root root - -"
@ -226,7 +205,20 @@
"wireshark" "wireshark"
"paperless" "paperless"
]; ];
shell = "/run/current-system/sw/bin/zsh";
}; };
}; };
}; };
# TODO
# age.secrets = {
# paperless = {
# file = "${config.dadada.secrets.path}/paperless.age";
# mode = "700";
# owner = "paperless";
# };
# };
# Create compressing swap space in RAM
zramSwap.enable = true;
} }

2
nixos/stolas/disks.nix
View file

@ -86,7 +86,7 @@
}; };
"/swap" = { "/swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";
swap.swapfile.size = "128G"; swap.swapfile.size = "64G";
}; };
}; };
}; };

59
nixos/surgat/configuration.nix
View file

@ -27,7 +27,7 @@ in
}; };
services.nginx.virtualHosts."hydra.${config.networking.domain}" = { services.nginx.virtualHosts."hydra.${config.networking.domain}" = {
useACMEHost = "dadada.li"; enableACME = true;
forceSSL = true; forceSSL = true;
root = "${pkgs.nginx}/html"; root = "${pkgs.nginx}/html";
@ -74,10 +74,12 @@ in
"2a01:4f8:c17:1d70::/64" "2a01:4f8:c17:1d70::/64"
]; ];
routes = [ routes = [
{ Gateway = "fe80::1"; } { routeConfig.Gateway = "fe80::1"; }
{ {
routeConfig = {
Gateway = "172.31.1.1"; Gateway = "172.31.1.1";
GatewayOnLink = true; GatewayOnLink = true;
};
} }
]; ];
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
@ -93,13 +95,19 @@ in
linkConfig.RequiredForOnline = "no"; linkConfig.RequiredForOnline = "no";
routes = [ routes = [
{ {
routeConfig = {
Destination = "10.3.3.3/24"; Destination = "10.3.3.3/24";
};
} }
{ {
routeConfig = {
Destination = "fd42:9c3b:f96d:121::/64"; Destination = "fd42:9c3b:f96d:121::/64";
};
} }
{ {
routeConfig = {
Destination = "fd42:9c3b:f96d:101::/64"; Destination = "fd42:9c3b:f96d:101::/64";
};
} }
]; ];
}; };
@ -116,12 +124,14 @@ in
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = {
PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
AllowedIPs = [ AllowedIPs = [
"10.3.3.3/32" "10.3.3.3/32"
"fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:121::3/128"
"fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"
]; ];
};
} }
]; ];
}; };
@ -135,7 +145,6 @@ in
22 # SSH 22 # SSH
80 80
443 # HTTPS 443 # HTTPS
1667
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
51234 # Wireguard 51234 # Wireguard
@ -174,49 +183,5 @@ in
''; '';
}; };
services.soju = {
enable = true;
listen = [ "unix:///run/soju/irc.sock" ];
acceptProxyIP = [ "localhost" ];
};
# For owning the socket the right group
systemd.services.soju.serviceConfig.Group = "nginx";
services.nginx.streamConfig = ''
server {
listen 1667 ssl;
proxy_pass unix:/run/soju/irc.sock;
proxy_protocol on;
proxy_connect_timeout 1s;
ssl_certificate /var/lib/acme/dadada.li/fullchain.pem;
ssl_certificate_key /var/lib/acme/dadada.li/key.pem;
ssl_trusted_certificate /var/lib/acme/dadada.li/chain.pem;
}
'';
services.nginx.virtualHosts."soju.dadada.li" = {
useACMEHost = "dadada.li";
forceSSL = true;
};
users.groups.acme.members = [
"nginx"
];
security.acme.certs = {
"dadada.li" = {
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = [
"element.dadada.li"
"hydra.dadada.li"
"git.dadada.li"
"miniflux.dadada.li"
"share.dadada.li"
"soju.dadada.li"
];
};
};
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

23
outputs.nix
View file

@ -1,3 +1,4 @@
# Adapted from Mic92/dotfiles
{ {
self, self,
flake-utils, flake-utils,
@ -10,7 +11,7 @@
(flake-utils.lib.eachDefaultSystem ( (flake-utils.lib.eachDefaultSystem (
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = import nixpkgs { inherit system; };
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
in in
{ {
@ -27,21 +28,23 @@
in in
import ./devshell.nix { inherit pkgs extraModules; }; import ./devshell.nix { inherit pkgs extraModules; };
checks = {
formatting = treefmtEval.config.build.check self;
};
formatter = treefmtEval.config.build.wrapper; formatter = treefmtEval.config.build.wrapper;
packages = import ./pkgs { inherit pkgs inputs; } // { packages = import ./pkgs { inherit pkgs; } // {
installer-iso = inputs.self.nixosConfigurations.installer.config.system.build.isoImage; installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage;
}; };
} }
)) ))
// { // {
hmConfigurations = { hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
dadada = import ./home;
};
nixosConfigurations = import ./nixos/configurations.nix inputs; nixosConfigurations = import ./nixos/configurations.nix inputs;
nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; nixosModules = import ./nixos/modules { lib = nixpkgs.lib; };
overlays = import ./overlays.nix;
hydraJobs = import ./hydra-jobs.nix inputs;
checks = import ./checks.nix inputs;
} }

1
overlays.nix Normal file
View file

@ -0,0 +1 @@
{ }

3
pkgs/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, inputs }: { pkgs }:
{ {
citizen-cups = pkgs.callPackage ./citizen-cups.nix { }; citizen-cups = pkgs.callPackage ./citizen-cups.nix { };
repo-rs = pkgs.callPackage inputs.repo-rs { };
} }

10
secrets/secrets.nix
View file

@ -1,6 +1,7 @@
let let
dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) <dadada@dadada.li>"; dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) <dadada@dadada.li>";
systems = { systems = {
agares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcbuLtU9/VhFy5VAp/ZI0T+gr7kExG73hmjjvno10gP root@nixos";
gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon";
ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos";
ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos";
@ -62,16 +63,24 @@ in
dadada dadada
]; ];
"ddns-credentials.age".publicKeys = [ "ddns-credentials.age".publicKeys = [
systems.agares
systems.ninurta systems.ninurta
dadada dadada
]; ];
"etc-ppp-chap-secrets.age".publicKeys = [ "etc-ppp-chap-secrets.age".publicKeys = [
systems.agares
dadada dadada
]; ];
"etc-ppp-telekom-secret.age".publicKeys = [ "etc-ppp-telekom-secret.age".publicKeys = [
systems.agares
dadada dadada
]; ];
"wg-privkey-vpn-dadada-li.age".publicKeys = [ "wg-privkey-vpn-dadada-li.age".publicKeys = [
systems.agares
dadada
];
"agares-wg0-key.age".publicKeys = [
systems.agares
dadada dadada
]; ];
} }
@ -80,4 +89,5 @@ in
// backupSecrets "ifrit" // backupSecrets "ifrit"
// backupSecrets "pruflas" // backupSecrets "pruflas"
// backupSecrets "surgat" // backupSecrets "surgat"
// backupSecrets "agares"
// backupSecrets "stolas" // backupSecrets "stolas"