dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Compare commits

base: dadada:main
Branches Tags
dadada:main
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1
..
compare: dadada:update_flake_lock_action
Branches Tags
dadada:main
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1

1 commit
main ... update_fla

Author SHA1 Message Date
github-actions[bot]
484ffe399f flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3?narHash=sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A%3D' (2024-06-04)
  → 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e?narHash=sha256-BmO8d0r%2BBVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8%3D' (2024-06-16)
• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3?narHash=sha256-WZ1gdKq/9u1Ns/oXuNsDm%2BW0salonVA0VY1amw8urJ4%3D' (2024-06-10)
  → 'github:nix-community/nixos-generators/1867f28f87fcf4e817f165003aff967a5280aaab?narHash=sha256-fh0l6pLvuTrTBakFMQfK7lwpjvWd5i%2BCFyVs8TMzPNo%3D' (2024-06-27)
• Updated input 'nixos-generators/nixlib':
    'github:nix-community/nixpkgs.lib/3c62b6a12571c9a7f65ab037173ee153d539905f?narHash=sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw%3D' (2024-04-07)
  → 'github:nix-community/nixpkgs.lib/f820613f886cd1aa4bcfd1dbaa6c83c8a3dcd863?narHash=sha256-kbTUy%2B/lfjUrMfV7JkTJwxowsFhi9Tb3BdbiOcIGcsc%3D' (2024-06-23)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc?narHash=sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s%3D' (2024-06-10)
  → 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac?narHash=sha256-Lp%2Bl1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg%3D' (2024-06-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/47b604b07d1e8146d5398b42d3306fdebd343986?narHash=sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw%3D' (2024-06-11)
  → 'github:NixOS/nixpkgs/89c49874fb15f4124bf71ca5f42a04f2ee5825fd?narHash=sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4%3D' (2024-06-26)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/1cb529bffa880746a1d0ec4e0f5076876af931f1?narHash=sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k%3D' (2024-06-11)
  → 'github:numtide/treefmt-nix/065a23edceff48f948816b795ea8cc6c0dee7cdf?narHash=sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4%3D' (2024-06-24)
 2024-06-30 01:36:07 +00:00
33 changed files with 440 additions and 831 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admins.nix
View file

@ -2,7 +2,7 @@
dadada = {
shell = "zsh";
keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada <dadada@dadada.li>"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada <dadada@dadada.li>"
];
};

1
devshell.nix
View file

@ -8,6 +8,7 @@
agenix
nixpkgs-fmt
nixos-rebuild
nil
];
commands = [

128
flake.lock generated
View file

@ -47,16 +47,17 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github"
},
"original": {
@ -68,11 +69,11 @@
"flake-registry": {
"flake": false,
"locked": {
"lastModified": 1744623129,
"narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=",
"lastModified": 1717415742,
"narHash": "sha256-HKvoLGZUsBpjkxWkdtctGYj6RH0bl6vcw0OjTOqyzJk=",
"owner": "NixOS",
"repo": "flake-registry",
"rev": "1322f33d5836ae757d2e6190239252cf8402acf6",
"rev": "895a65f8d5acf848136ee8fe8e8f736f0d27df96",
"type": "github"
},
"original": {
@ -82,17 +83,35 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -129,15 +148,16 @@
]
},
"locked": {
"lastModified": 1747439237,
"narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=",
"lastModified": 1718530513,
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708",
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
@ -145,24 +165,26 @@
"homepage": {
"flake": false,
"locked": {
"lastModified": 1727338449,
"narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=",
"rev": "60398d3d728a0057b4cad49879ef637c06b28371",
"type": "tarball",
"url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371"
"lastModified": 1714328013,
"narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=",
"owner": "dadada",
"repo": "dadada.li",
"rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"
"owner": "dadada",
"repo": "dadada.li",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"lastModified": 1719103869,
"narHash": "sha256-kbTUy+/lfjUrMfV7JkTJwxowsFhi9Tb3BdbiOcIGcsc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"rev": "f820613f886cd1aa4bcfd1dbaa6c83c8a3dcd863",
"type": "github"
},
"original": {
@ -179,11 +201,11 @@
]
},
"locked": {
"lastModified": 1742568034,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"lastModified": 1719450236,
"narHash": "sha256-fh0l6pLvuTrTBakFMQfK7lwpjvWd5i+CFyVs8TMzPNo=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"rev": "1867f28f87fcf4e817f165003aff967a5280aaab",
"type": "github"
},
"original": {
@ -194,11 +216,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1747129300,
"narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
"lastModified": 1719681865,
"narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e81fd167b33121269149c57806599045fd33eeed",
"rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
"type": "github"
},
"original": {
@ -210,32 +232,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1747327360,
"narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
"lastModified": 1719426051,
"narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
"rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-small": {
"locked": {
"lastModified": 1747452614,
"narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e067fb89ac3e59f993f257c799318132f1492f01",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
@ -245,14 +251,13 @@
"agenix": "agenix",
"devshell": "devshell",
"flake-registry": "flake-registry",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"home-manager": "home-manager_2",
"homepage": "homepage",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-small": "nixpkgs-small",
"systems": "systems",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
}
},
@ -271,6 +276,21 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -278,11 +298,11 @@
]
},
"locked": {
"lastModified": 1747469671,
"narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=",
"lastModified": 1719243788,
"narHash": "sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb",
"rev": "065a23edceff48f948816b795ea8cc6c0dee7cdf",
"type": "github"
},
"original": {

7
flake.nix
View file

@ -2,19 +2,18 @@
description = "dadada's nix flake";
inputs = {
nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
home-manager = {
url = "github:nix-community/home-manager";
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
homepage = {
url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz";
url = "github:dadada/dadada.li";
flake = false;
};
agenix = {

25
home/dconf.nix
View file

@ -1,11 +1,6 @@
{ lib, pkgs, ... }:
{ lib, ... }:
with lib.hm.gvariant;
{
home.packages = [
pkgs.adwaita-icon-theme
pkgs.adwaita-qt
];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/shell" = {
favorite-apps = [
@ -18,11 +13,7 @@ with lib.hm.gvariant;
};
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = [
"system-monitor@gnome-shell-extensions.gcampax.github.com"
"switcher@landau.fi"
];
disable-user-extensions = true;
};
"org/gnome/desktop/calendar" = {
@ -41,7 +32,6 @@ with lib.hm.gvariant;
clock-show-date = true;
clock-show-seconds = false;
clock-show-weekday = true;
cursor-theme = "Adwaita";
enable-animations = true;
enable-hot-corners = false;
font-antialiasing = "grayscale";
@ -50,12 +40,11 @@ with lib.hm.gvariant;
gtk-enable-primary-paste = false;
gtk-key-theme = "Emacs";
gtk-theme = "Adwaita";
color-scheme = "prefer-light";
icon-theme = "Adwaita";
locate-pointer = false;
monospace-font-name = "JetBrains Mono 10";
show-battery-percentage = false;
#text-scaling-factor = 1.0;
text-scaling-factor = 1.0;
toolkit-accessibility = false;
};
@ -179,11 +168,11 @@ with lib.hm.gvariant;
};
"org/gnome/settings-daemon/plugins/power" = {
idle-dim = true;
power-button-action = "interactive";
idle-dim = false;
power-button-action = "hibernate";
power-saver-profile-on-low-battery = true;
sleep-inactive-ac-type = "blank";
sleep-inactive-battery-timeout = 600;
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-timeout = 3600;
sleep-inactive-battery-type = "suspend";
};

319
home/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
lib,
...
{ pkgs
, lib
, ...
}:
let
useFeatures = [
@ -10,7 +9,7 @@ let
"direnv"
"git"
"gpg"
#"gtk"
"gtk"
#"keyring"
"syncthing"
"tmux"
@ -18,26 +17,6 @@ let
"zsh"
"helix"
];
colors = {
background = "fdf6e3";
foreground = "657b83";
regular0 = "eee8d5"; # background darker
regular1 = "dc322f"; # red
regular2 = "859900"; # green
regular3 = "b58900"; # dark orange
regular4 = "268bd2"; # azure blue
regular5 = "d33682"; # hot pink
regular6 = "2aa198"; # petrol
regular7 = "073642"; # navy
bright0 = "cb4b16"; # orange
bright1 = "fdf6e3"; # foreground
bright2 = "93a1a1"; # grey
bright3 = "839496"; # slightly darker grey
bright4 = "657b83"; # even slightly darker grey
bright5 = "6c71c4"; # purple
bright6 = "586e75"; # pretty dark grey
bright7 = "002b36"; # dark navy blue
};
in
{
imports = [
@ -49,9 +28,7 @@ in
programs.gpg.settings.default-key = "99658A3EB5CD7C13";
dadada.home =
lib.attrsets.genAttrs useFeatures (useFeatures: {
enable = true;
})
lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; })
// {
session = {
enable = true;
@ -79,9 +56,7 @@ in
Restart = "always";
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Install = { WantedBy = [ "graphical-session.target" ]; };
};
programs.offlineimap.enable = false;
@ -152,288 +127,6 @@ in
Install.WantedBy = [ "multi-user.target" ];
};
programs.foot = {
enable = true;
server.enable = false;
settings = {
inherit colors;
main = {
shell = "tmux";
font = "Jetbrains Mono:size=8";
dpi-aware = false;
};
mouse.hide-when-typing = true;
csd.preferred = "none";
cursor.color = "fdf6e3 586e75";
bell = {
urgent = true;
visual = false;
};
};
};
home.file.".config/sway/config".text = with colors; ''
# Read `man 5 sway` for a complete reference.
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# Home row direction keys, like vim
set $left h
set $down j
set $up k
set $right l
# Your preferred terminal emulator
set $term foot
# Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on.
set $menu fuzzel
set $wallpaper "~/lib/pictures/wallpaper.jpg"
### Idle configuration
#
# Example configuration:
#
exec swayidle -w \
timeout 300 'swaylock -f -i $wallpaper -s fill' \
timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \
before-sleep 'swaylock -f -i $wallpaper -s fill'
#
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on when
# resumed. It will also lock your screen before your computer goes to sleep.
input * {
xkb_layout eu
xkb_model pc105+inet
xkb_options caps:escape
drag_lock enabled
drag enabled
dwt enabled
tap enabled
tap_button_map lrm
natural_scroll enabled
}
### Key bindings
#
# Basics:
#
# Start a terminal
bindsym $mod+Return exec $term
# Kill focused window
bindsym $mod+Shift+q kill
# Start your launcher
bindsym $mod+d exec $menu
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# Lock the screen
bindsym XF86Sleep exec 'swaylock -f -c ${background}'
bindsym $mod+End exec 'swaylock -f -c ${background}'
# Reload the configuration file
bindsym $mod+Shift+c reload
# Exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
# Brightness
bindsym --locked XF86MonBrightnessDown exec light -U 10
bindsym --locked XF86MonBrightnessUp exec light -A 10
# Volume
bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%'
bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%'
bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle'
#
# Moving around:
#
# Move your focus around
bindsym $mod+$left focus left
bindsym $mod+$down focus down
bindsym $mod+$up focus up
bindsym $mod+$right focus right
# Or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# Ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# Switch to workspace
bindsym $mod+1 workspace number 1
bindsym $mod+2 workspace number 2
bindsym $mod+3 workspace number 3
bindsym $mod+4 workspace number 4
bindsym $mod+5 workspace number 5
bindsym $mod+6 workspace number 6
bindsym $mod+7 workspace number 7
bindsym $mod+8 workspace number 8
bindsym $mod+9 workspace number 9
bindsym $mod+0 workspace number 10
# Move focused container to workspace
bindsym $mod+Shift+1 move container to workspace number 1
bindsym $mod+Shift+2 move container to workspace number 2
bindsym $mod+Shift+3 move container to workspace number 3
bindsym $mod+Shift+4 move container to workspace number 4
bindsym $mod+Shift+5 move container to workspace number 5
bindsym $mod+Shift+6 move container to workspace number 6
bindsym $mod+Shift+7 move container to workspace number 7
bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 10
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
#
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+b splith
bindsym $mod+v splitv
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle
# Move focus to the parent container
bindsym $mod+a focus parent
#
# Font
#
font "pango:Jetbrains Mono 8"
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# Ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# Return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
#
# Status Bar:
#
# Read `man 5 sway-bar` for more information about this section.
bar {
position bottom
# When the status_command prints a new line to stdout, swaybar updates.
# The default just shows the current date and time.
status_command ~/.config/sway/status
colors {
statusline ${foreground}
background ${background}
inactive_workspace ${background}ee ${background}ee ${foreground}ee
}
}
# Gaps between multiple tiling windows
gaps inner 10
smart_gaps on
bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3
# class border backgr. text indicator child_border
client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4}
client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0}
client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0}
client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0}
client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2}
client.background #${foreground}
include /etc/sway/config.d/*
exec sleep 5; systemctl --user restart kanshi.service
exec sleep 5; swaymsg output '*' bg $wallpaper fill
'';
home.file.".config/sway/status".source = ./status;
home.file.".config/kanshi/config".text = ''
profile Laptop {
output eDP-1 enable
}
profile Docked {
output eDP-1 disable
output "LG Electronics LG HDR 4K 0x000354D1" {
enable
scale 1.4
position 0,0
}
}
'';
#services.poweralertd.enable = true;
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;

1
home/modules/alacritty/default.nix
View file

@ -11,6 +11,7 @@ in
enable = mkEnableOption "Enable alacritty config";
};
config = mkIf cfg.enable {
fonts.fontconfig.enable = true;
home.packages = [
pkgs.jetbrains-mono
];

3
home/modules/git.nix
View file

@ -9,7 +9,6 @@ with lib; let
name = "allowed-signers";
text = ''
dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
'';
};
in
@ -34,7 +33,7 @@ in
user = {
email = "dadada@dadada.li";
name = "Tim Schubert";
signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>";
};
core = {
whitespace = {

3
home/modules/xdg.nix
View file

@ -29,7 +29,6 @@ in
config = mkIf cfg.enable {
xdg = {
enable = true;
configHome = "${config.home.homeDirectory}/.config";
mimeApps = {
enable = false;
associations.added = apps;
@ -47,7 +46,7 @@ in
home.packages = with pkgs; [
evince
firefox
xdg-utils
xdg_utils
];
};
}

7
home/modules/zsh.nix
View file

@ -26,9 +26,7 @@ in
ignoreDups = true;
ignoreSpace = true;
save = 100000;
# FIXME https://github.com/junegunn/fzf/issues/4061
#share = true;
share = false;
share = true;
};
plugins = [
];
@ -42,8 +40,9 @@ in
preexec() { echo -n -e "\033]0;$1\007" }
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"> "
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f "
RPROMPT='$(git_super_status)'
#NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh"
'';
profileExtra = ''
'';

24
home/pkgs.nix
View file

@ -14,21 +14,19 @@ with pkgs; [
bluez-tools
btop # htop
choose # alternative to cut and awk with more readable syntax
chromium
colordiff
darcs
delta # feature-rich diff viewer
dig
direnv
dstat
duf # disk usage
dune3d
dyff # diff tool for YAML
element-desktop
evince
evolution
ffmpeg
file
fuzzel
fx # themable json viewer
fzf
fzf
@ -38,6 +36,7 @@ with pkgs; [
gimp
glow
glow # render markdown
gnome.gnome-tweaks
gnumake
gnupg
gping # ping with graphs
@ -62,11 +61,13 @@ with pkgs; [
jameica
jc # convert output to json
josm
jujutsu
jq
kanshi
jq
#jupyter
kcachegrind
keepassxc
kubetail
krita
ldns
liboping # oping, ping multiple hosts at once
libreoffice
@ -79,11 +80,8 @@ with pkgs; [
mpv
mtr
mumble
nix-output-monitor
ncurses
newsflash
nixd
nixfmt-rfc-style
nfs-utils
niv
nix-index
@ -105,8 +103,9 @@ with pkgs; [
prusa-slicer
pv
pwgen
(python3.withPackages (pkgs: [pkgs.pandas pkgs.requests]))
python3
ranger
recipemd
reptyr
ripgrep
ripgrep
@ -118,7 +117,6 @@ with pkgs; [
skim # fzf in Rust
slurp
socat
solvespace
spotify
sqlite
sshfs-fuse
@ -130,17 +128,17 @@ with pkgs; [
ttyd
unzip
usbutils
vegur
virt-manager
viu # view images from the terminal
vscodium
whois
wireshark
xdg-utils
xdg_utils
xmlstarlet
xsv # cut for csv
unixtools.xxd
xxh # portable shells
yt-dlp
youtube-dl
# zotero Marked as insecure
zeal
zk

138
home/status
View file

@ -1,138 +0,0 @@
#!/usr/bin/env python3
import json
import sys
import time
import requests
import logging
import subprocess
from datetime import datetime
logger = logging.getLogger(__name__)
class Status:
def status(self):
return None
class Cat(Status):
index = 0
def status(self):
cat_width = 200
index = self.index
catwalk = "🐈🏳️‍🌈" + " " * index
self.index = (index + 1) % cat_width
return {"full_text": catwalk}
class Space(Status):
backoff = 0
c_status = None
def status(self):
backoff = self.backoff
if self.backoff == 0:
self.update()
return {"full_text": self.c_status}
def update(self):
spacestatus_url = "https://status.stratum0.org/status.json"
resp = requests.get(url=spacestatus_url)
self.backoff = (self.backoff + 1) % 120
data = resp.json()
if data["isOpen"]:
since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M")
spacestatus = f"Space is open since {since}"
else:
spacestatus = "Space is closed"
self.c_status = spacestatus
class Battery(Status):
capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r')
status_file = open('/sys/class/power_supply/BAT0/status', 'r')
def status(self):
self.status_file.seek(0)
status = self.status_file.read().rstrip()
self.capacity_file.seek(0)
capacity = self.capacity_file.read().rstrip()
battery = f"{status} {capacity}%"
return {"full_text": battery}
class Time(Status):
def status(self):
now = datetime.now()
match now.isocalendar().week % 10:
case 1:
th = "st"
case 2:
th = "nd"
case 3:
th = "rd"
case _:
th = "th"
return {"full_text": now.strftime(f"%V{th} %A %H:%M") }
class FailedUnits(Status):
def status(self):
proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True)
stdout = proc.stdout.decode('utf-8')
failed = 0
for line in stdout:
if 'failed' in line:
failed += 1
if failed == 0:
return {"full_text": f"No failed units"}
else:
return {"full_text": f"There are {failed} failed units", "color": "#ff0000"}
def print_header():
header = {
"version": 1,
"click_events": False,
}
print(json.dumps(header))
print("[")
def run(interval, widgets):
print_header()
while True:
body = []
for widget in widgets:
try:
status = widget.status()
except Exception as e:
logger.error(e)
if status:
body += status,
print(json.dumps(body), ",", flush=True)
ts = interval - (time.time() % interval)
time.sleep(ts)
if __name__ == "__main__":
logging.basicConfig(level=logging.INFO)
# Interval in seconds
interval = 1.0
widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()]
run(interval, widgets)

144
nixos/configurations.nix
View file

@ -1,73 +1,51 @@
{
self,
agenix,
home-manager,
homepage,
nixos-hardware,
nixos-generators,
nixpkgs,
nixpkgs-small,
...
{ self
, agenix
, nixpkgs
, home-manager
, homepage
, nixos-hardware
, nixos-generators
, ...
}@inputs:
let
nixosSystem =
{
nixpkgs,
system ? "x86_64-linux",
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
inherit system;
nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
}
]
++ (nixpkgs.lib.attrValues self.nixosModules)
++ [ agenix.nixosModules.age ]
++ extraModules;
};
modules = [{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
}] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules;
};
in
{
gorgon =
let
system = "x86_64-linux";
in
nixosSystem {
inherit nixpkgs system;
gorgon = nixosSystem rec {
system = "x86_64-linux";
extraModules = [
extraModules = [
{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
dadada.pkgs = self.packages.${system};
dadada.inputs = inputs // { dadada = self; };
}
nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
home-manager.nixosModules.home-manager
({ pkgs, lib, ... }:
{
nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
dadada.pkgs = self.packages.${system};
dadada.inputs = inputs // {
dadada = self;
};
}
nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
home-manager.nixosModules.home-manager
(
{ pkgs, lib, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
{ dadada.home.helix.package = pkgs.helix; }
{ manual.manpages.enable = false; }
];
home-manager.users.dadada = import ../home;
}
)
./gorgon/configuration.nix
];
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
{ dadada.home.helix.package = pkgs.helix; }
{ manual.manpages.enable = false; }
];
home-manager.users.dadada = import ../home;
})
./gorgon/configuration.nix
];
};
surgat = nixosSystem {
nixpkgs = nixpkgs-small;
system = "x86_64-linux";
extraModules = [
{
@ -79,38 +57,32 @@ in
};
agares = nixosSystem {
nixpkgs = nixpkgs-small;
extraModules = [
./agares/configuration.nix
];
};
installer =
let
nixpkgs = nixpkgs-small;
in
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-generators.nixosModules.install-iso
self.nixosModules.admin
{
isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
networking.tempAddresses = "disabled";
dadada.admin.enable = true;
documentation.enable = true;
documentation.nixos.enable = true;
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
}
];
};
installer = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-generators.nixosModules.install-iso
self.nixosModules.admin
{
isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
networking.tempAddresses = "disabled";
dadada.admin.enable = true;
documentation.enable = true;
documentation.nixos.enable = true;
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
}
];
};
ninurta = nixosSystem {
nixpkgs = nixpkgs-small;
extraModules = [
./ninurta/configuration.nix
];

117
nixos/gorgon/configuration.nix
View file

@ -34,8 +34,6 @@ in
./hardware-configuration.nix
];
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = true;
dadada.backupClient.backup2 = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
@ -43,10 +41,6 @@ in
repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
};
nixpkgs.config.android_sdk.accept_license = true;
programs.ssh.startAgent = true;
nix.extraOptions = ''
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
@ -130,27 +124,10 @@ in
];
};
hardware.printers.ensurePrinters = [{
name = "Brother_HL-L2300D";
model = "everywhere";
location = "BS";
deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D";
}];
environment.systemPackages = with pkgs; [
android-studio
chromium
ghostscript
smartmontools
dmenu
grim # screenshot functionality
slurp # screenshot functionality
#mako # notification system developed by swaywm maintainer
pulseaudio
# KDE apps
kdePackages.kmail
kdePackages.kmail-account-wizard
];
networking.firewall = {
@ -166,16 +143,7 @@ in
systemd.services.modem-manager.enable = lib.mkForce false;
systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
systemd.sleep.extraConfig = ''
HibernateDelaySec=1h
'';
services.udev.packages = [
xilinxJtag
saleaeLogic
keychron
pkgs.libsigrok
]; #noMtpUdevRules ];
services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ];
virtualisation.libvirtd.enable = true;
@ -196,44 +164,44 @@ in
"127.0.0.2" = [ "kanboard.dadada.li" ];
};
# https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
systemd.timers.wg-reresolve-dns = {
wantedBy = [ "timers.target" ];
partOf = [ "wg-reresolve-dns.service" ];
timerConfig.OnCalendar = "hourly";
};
systemd.services.wg-reresolve-dns =
let
vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
in
{
serviceConfig.Type = "oneshot";
script = ''
${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48
'';
};
#networking.wg-quick.interfaces.mullvad = {
# address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ];
# privateKeyFile = "/var/lib/wireguard/mullvad";
# peers = [
# {
# publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k=";
# allowedIPs = [ "0.0.0.0/0" "::0/0" ];
# endpoint = "193.27.14.66:51820";
# persistentKeepalive = 25;
# }
# ];
# postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main";
#};
services.gnome.gnome-keyring.enable = lib.mkForce false;
programs.gnupg.agent.enable = true;
# KDE
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true;
displayManager.sddm.wayland.enable = true;
};
services.greetd = {
enable = false;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
systemd.user.services.kanshi = {
enable = false;
description = "kanshi daemon";
environment = {
WAYLAND_DISPLAY = "wayland-1";
DISPLAY = ":0";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.kanshi}/bin/kanshi'';
};
};
# enable Sway window manager
programs.sway = {
enable = false;
wrapperFeatures.gtk = true;
};
programs.light.enable = true;
xdg.portal.wlr.enable = false;
hardware.bluetooth.enable = true;
services.xserver.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.displayManager.gdm.enable = true;
hardware.opengl = {
enable = true;
@ -243,16 +211,5 @@ in
];
};
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "schedutil";
powerUpCommands = ''
echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold
echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold
'';
};
services.tlp.enable = false;
system.stateVersion = "23.11";
}

2
nixos/modules/backup.nix
View file

@ -156,7 +156,7 @@ in
};
};
services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable {
services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}";

11
nixos/modules/gitea.nix
View file

@ -37,11 +37,6 @@ in
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
DISABLE_SSH = false;
# Use built-in SSH server
START_SSH_SERVER = true;
SSH_PORT = 22;
DOMAIN = "git.dadada.li";
};
picture = {
@ -74,12 +69,6 @@ in
vmOverCommit = true;
};
systemd.services.forgejo.serviceConfig = {
AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE";
PrivateUsers = lib.mkForce false;
};
services.nginx.virtualHosts."git.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;

2
nixos/modules/profiles/backup.nix
View file

@ -4,7 +4,7 @@ let
in
{
dadada.backupClient.bs = {
enable = lib.mkDefault false;
enable = lib.mkDefault true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};

16
nixos/modules/profiles/base.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
let
mkDefault = lib.mkDefault;
inputs = config.dadada.inputs;
@ -8,25 +8,14 @@ in
./upgrade-pg-cluster.nix
];
boot.tmp.useTmpfs = true;
boot.tmp.tmpfsSize = "50%";
i18n.defaultLocale = mkDefault "en_US.UTF-8";
console = mkDefault {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n.supportedLocales = mkDefault [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
];
time.timeZone = mkDefault "Europe/Berlin";
nix.package = pkgs.lix;
nix.settings.substituters = [ https://cache.nixos.org/ ];
nix.settings.trusted-public-keys = [
@ -60,8 +49,5 @@ in
};
programs.zsh.enable = mkDefault true;
# Avoid some bots
services.openssh.ports = [ 2222 ];
}

17
nixos/modules/profiles/cloud.nix
View file

@ -5,19 +5,11 @@ let
in
{
boot.initrd.availableKernelModules = [ "virtio-pci" ];
boot.kernelParams = [
# Wait forever for the filesystem root to show up
"rootflags=x-systemd.device-timeout=0"
# Wait forever to enter the LUKS passphrase via SSH
"rd.luks.options=timeout=0"
];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2223;
port = 22;
hostKeys = [
config.age.secrets."${initrdHostKey}".path
];
@ -35,13 +27,8 @@ in
'';
};
assertions = lib.singleton {
assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true;
message = "Refusing to store private keys in store";
};
age.secrets."${initrdHostKey}" = {
file = "${secretsPath}/initrd-${initrdHostKey}.age";
file = "${secretsPath}/${initrdHostKey}.age";
mode = "600";
path = "/etc/initrd/${initrdHostKey}";
symlink = false;

10
nixos/modules/profiles/laptop.nix
View file

@ -1,4 +1,5 @@
{ config
, pkgs
, lib
, ...
}:
@ -15,15 +16,20 @@ with lib; {
networking.domain = mkDefault "dadada.li";
services.fwupd.enable = mkDefault true;
programs.ssh.startAgent = true;
programs.ssh.enableAskPassword = true;
programs.nix-ld.enable = true;
nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs;
nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs);
nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs;
nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs;
nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json";
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
fonts.packages = mkDefault (with pkgs; [
source-code-pro
]);
users.mutableUsers = mkDefault true;
# Use the systemd-boot EFI boot loader.

3
nixos/modules/profiles/server.nix
View file

@ -20,12 +20,11 @@ with lib; {
services.journald.extraConfig = ''
SystemKeepFree = 2G
MaxRetentionSec = 100days
'';
system.autoUpgrade = {
enable = true;
flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}";
flake = "github:dadada/nix-config#${config.networking.hostName}";
allowReboot = mkDefault false;
randomizedDelaySec = "45min";
};

40
nixos/modules/sway.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
let
cfg = config.dadada.sway;
in
{
options = {
dadada.sway.enable = lib.mkEnableOption "Enable sway";
};
config = lib.mkIf cfg.enable {
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
wrapperFeatures.base = true;
extraPackages = with pkgs; [
qt5.qtwayland
swayidle
xwayland
mako
kanshi
kitty
i3status
bemenu
xss-lock
swaylock
brightnessctl
playerctl
];
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
# needs qt5.qtwayland in systemPackages
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
# Fix for some Java AWT applications (e.g. Android Studio),
# use this if they aren't displayed properly:
export _JAVA_AWT_WM_NONREPARENTING=1
'';
};
};
}

2
nixos/modules/weechat.nix
View file

@ -34,7 +34,7 @@ in
};
};
services.nginx.virtualHosts."weechat.dadada.li" = {
enableACME = true;
useACMEHost = "webchat.dadada.li";
forceSSL = true;
root = "${pkgs.nginx}/html";

3
nixos/modules/yubikey.nix
View file

@ -45,7 +45,8 @@ in
#linuxPackages.acpi_call
pam_u2f
pamtester
yubioath-flutter
yubikey-manager
yubikey-manager-qt
];
};
}

125
nixos/ninurta/configuration.nix
View file

@ -37,8 +37,6 @@ in
};
};
services.openssh.ports = [ 22 2222 ];
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = false;
@ -159,8 +157,8 @@ in
};
services.hydra = {
enable = false;
package = pkgs.hydra;
enable = true;
package = pkgs.hydra-unstable;
hydraURL = "https://hydra.dadada.li";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ ];
@ -227,28 +225,28 @@ in
SUBVOLUME = "/home";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "13";
TIMELINE_LIMIT_WEEKLY = "6";
TIMELINE_LIMIT_MONTHLY = "3";
TIMELINE_LIMIT_HOURLY = 24;
TIMELINE_LIMIT_DAILY = 13;
TIMELINE_LIMIT_WEEKLY = 6;
TIMELINE_LIMIT_MONTHLY = 3;
};
configs.var = {
SUBVOLUME = "/var";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "13";
TIMELINE_LIMIT_WEEKLY = "6";
TIMELINE_LIMIT_MONTHLY = "3";
TIMELINE_LIMIT_HOURLY = 24;
TIMELINE_LIMIT_DAILY = 13;
TIMELINE_LIMIT_WEEKLY = 6;
TIMELINE_LIMIT_MONTHLY = 3;
};
configs.storage = {
SUBVOLUME = "/mnt/storage";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "13";
TIMELINE_LIMIT_WEEKLY = "6";
TIMELINE_LIMIT_MONTHLY = "3";
TIMELINE_LIMIT_HOURLY = 24;
TIMELINE_LIMIT_DAILY = 13;
TIMELINE_LIMIT_WEEKLY = 6;
TIMELINE_LIMIT_MONTHLY = 3;
};
};
@ -273,7 +271,20 @@ in
};
"10-lan" = {
matchConfig.Name = "enp*";
bridge = [ "br0" ];
networkConfig.DHCP = "ipv4";
networkConfig.Domains = [ "bs.dadada.li" ];
networkConfig.VLAN = [ ];
networkConfig.IPv6PrivacyExtensions = false;
linkConfig.RequiredForOnline = "routable";
dhcpV4Config = {
UseDomains = true;
UseDNS = true;
UseNTP = true;
};
ipv6AcceptRAConfig = {
UseDomains = true;
UseDNS = true;
};
};
"30-wg0" = {
matchConfig.Name = "wg0";
@ -299,31 +310,8 @@ in
{ routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; }
];
};
"20-br0" = {
matchConfig.Name = "br0";
networkConfig.DHCP = "ipv4";
networkConfig.Domains = [ "bs.dadada.li" ];
networkConfig.VLAN = [ ];
networkConfig.IPv6PrivacyExtensions = false;
linkConfig.RequiredForOnline = "routable";
dhcpV4Config = {
UseDomains = true;
UseDNS = true;
UseNTP = true;
};
ipv6AcceptRAConfig = {
UseDomains = true;
UseDNS = true;
};
};
};
netdevs = {
"20-br0" = {
netdevConfig = {
Kind = "bridge";
Name = "br0";
};
};
"20-wg0" = {
netdevConfig = {
Kind = "wireguard";
@ -376,21 +364,16 @@ in
enable = true;
allowPing = true;
allowedTCPPorts = [
2222 # SSH
22 # SSH
80 # munin web
631 # Printing
];
allowedUDPPorts = [
631 # Printing
51234 # Wireguard
51235 # Wireguard
];
interfaces = {
br0.allowedTCPPorts = [
22 # SSH
80 # munin web
631 # IPP
];
br0.allowedUDPPorts = [
631 # IPP
];
uwu.allowedTCPPorts = [
softServePort
];
@ -405,6 +388,30 @@ in
networking.networkmanager.enable = false;
networking.useDHCP = false;
# Desktop things for media playback
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ];
extraGSettingsOverrides = ''
[org.gnome.desktop.screensaver]
lock-delay=uint32 30
lock-enabled=true
[org.gnome.desktop.session]
idle-delay=uint32 0
[org.gnome.settings-daemon.plugins.power]
idle-dim=false
power-button-action='interactive'
power-saver-profile-on-low-battery=false
sleep-inactive-ac-type='nothing'
sleep-inactive-battery-type='nothing'
'';
};
powerManagement = {
enable = true;
cpuFreqGovernor = "powersave";
@ -415,6 +422,15 @@ in
# Configure the disks to spin down after 10 min of inactivity.
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.udev.packages = [
(pkgs.writeTextFile {
name = "60-hdparm";
@ -428,10 +444,21 @@ in
hardware.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
firefox
spotify
mpv
smartmontools
hdparm
];
users.users."media" = {
isNormalUser = true;
description = "Media playback user";
extraGroups = [ "users" "video" ];
# allow anyone with physical access to log in
password = "media";
};
users.users."backup-keepassxc" = {
home = "/mnt/storage/backups/backup-keepassxc";
isNormalUser = true;

3
nixos/ninurta/monitoring.nix
View file

@ -19,6 +19,9 @@
[surgat]
address 10.3.3.1
[agares]
address 10.3.3.2
'';
};
services.munin-node.enable = true;

2
nixos/ninurta/printing.nix
View file

@ -32,7 +32,7 @@
drivers = [ pkgs.brlaser ];
# Remove all state at the start of the service
stateless = true;
listenAddresses = [ "192.168.101.29:631" ];
listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ];
allowFrom = [ "from 192.168.101.0/24" ];
browsing = true;
defaultShared = true;

9
nixos/surgat/configuration.nix
View file

@ -42,7 +42,7 @@ in
dadada.element.enable = true;
dadada.forgejo.enable = true;
dadada.miniflux.enable = true;
dadada.weechat.enable = false;
dadada.weechat.enable = true;
dadada.homepage.enable = true;
dadada.share.enable = true;
dadada.backupClient = {
@ -137,8 +137,11 @@ in
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.kernelParams = [
"ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp"
swapDevices = [
{
device = "/var/swapfile";
size = 4096;
}
];
services.resolved = {

27
outputs.nix
View file

@ -1,14 +1,16 @@
# Adapted from Mic92/dotfiles
{
self,
flake-utils,
nixpkgs,
agenix,
devshell,
...
}@inputs:
(flake-utils.lib.eachDefaultSystem (
system:
{ self
, flake-utils
, flake-registry
, homepage
, nixpkgs
, home-manager
, nixos-hardware
, agenix
, devshell
, ...
} @ inputs:
(flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
in
@ -31,9 +33,8 @@
packages = import ./pkgs { inherit pkgs; } // {
installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage;
};
}
))
// {
}))
// {
hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };

21
overlays.nix
View file

@ -1,2 +1,23 @@
{
kanboard = final: prev: {
kanboard = prev.kanboard.overrideAttrs (oldAttrs: {
src = prev.fetchFromGitHub {
owner = "kanboard";
repo = "kanboard";
rev = "v${oldAttrs.version}";
sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0=";
};
});
};
recipemd = final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(
python-final: python-prev: {
recipemd = python-final.callPackage ./pkgs/recipemd.nix { };
}
)
];
recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd;
};
}

58
pkgs/recipemd.nix Normal file
View file

@ -0,0 +1,58 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, pytestCheckHook
, pythonPackages
, installShellFiles
, pythonOlder
, pythonAtLeast
}:
buildPythonPackage rec {
pname = "recipemd";
version = "4.0.8";
disabled = pythonOlder "3.7" || pythonAtLeast "4";
src = fetchFromGitHub {
owner = "tstehr";
repo = "RecipeMD";
rev = "v${version}";
hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc=";
};
propagatedBuildInputs = with pythonPackages; [
dataclasses-json
yarl
CommonMark
argcomplete
pyparsing
];
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash
installShellCompletion --bash --name recipemd.bash $out/completions.bash
${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish
installShellCompletion --fish --name recipemd.fish $out/completions.fish
# The version of argcomplete in nixpkgs-stable does not have support for zsh
#${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh
#installShellCompletion --zsh --name _recipemd $out/completions.zsh
'';
checkInputs = [
pytestCheckHook
pythonPackages.pytestcov
];
doCheck = true;
meta = with lib; {
description = "Markdown recipe manager, reference implementation of RecipeMD";
homepage = "https://recipemd.org";
license = [ licenses.lgpl3Only ];
maintainers = [ maintainers.dadada ];
};
}

BIN
secrets/initrd-surgat-ssh_host_ed25519_key.age
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -21,7 +21,6 @@ in
"miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ];
"gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ];
"paperless.age".publicKeys = [ systems.gorgon dadada ];
"initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
"surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
"ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
"ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];