dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Compare commits

base: dadada:main
Branches Tags
dadada:main
dadada:dev/stolas
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1
..
compare: dadada:v0.1
Branches Tags
dadada:main
dadada:dev/stolas
dadada:dependabot/github_actions/DeterminateSystems/update-flake-lock-23
dadada:update_flake_lock_action
dadada:dependabot/github_actions/DeterminateSystems/nix-installer-action-12
dadada:dependabot/github_actions/cachix/cachix-action-15
dadada:dependabot/github_actions/cachix/install-nix-action-27
dadada:v0.1

No commits in common. "main" and "v0.1" have entirely different histories.
main ... v0.1

166 changed files with 2232 additions and 5255 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.envrc
View file

@ -1,5 +0,0 @@
#!/bin/sh
watch_file devshell.nix
use flake

7
.github/dependabot.yml vendored
View file

@ -1,7 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
assignees: ["dadada"]

24
.github/workflows/nix-flake-check.yml vendored
View file

@ -1,24 +0,0 @@
name: Continuous Integration
on:
pull_request:
push:
branches: [main]
jobs:
checks:
name: "Checks"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v26
with:
nix_path: nixpkgs=channel:nixos-stable
extra_nix_config: |
experimental-features = nix-command flakes
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
system-features = nixos-test benchmark big-parallel kvm
- uses: cachix/cachix-action@v14
with:
name: dadada
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix flake check

20
.github/workflows/nix-flake-update.yml vendored
View file

@ -1,20 +0,0 @@
name: update-flake-lock
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
jobs:
lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v10
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v21
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated

1
.gitignore vendored
View file

@ -5,4 +5,3 @@ result
*.zip
*.qcow2
work.nix
.direnv/

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "nur-packages"]
path = nur-packages
url = git@github.com:dadada/nur-packages.git

21
LICENSE
View file

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2021 Tim Schubert
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

28
README.md
View file

@ -1,3 +1,29 @@
# nix configuration
Use at your own risk.
```nix
{
imports = [
./modules/profiles/gorgon.nix
./private/metis
];
}
```
```nix
{ config, pkgs, lib, ... }:
let
dadada = import (builtins.fetchGit {
url = "https://github.com/dadada/nix-config.git";
sha256 = "1a661h3ssy35yha66xnhldlwlr9safzw4h83z5mg82assgbbh9fz";
}) {};
in {
imports = [
./secrets.nix
./hardware-configuration.nix
dadada.hosts.ifrit
];
system.stateVersion = "20.03";
}
```

9
admins.nix
View file

@ -1,9 +0,0 @@
{
dadada = {
shell = "zsh";
keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada <dadada@dadada.li>"
];
};
}

18
default.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs }:
with pkgs;
rec {
lib = import ./lib { inherit pkgs; };
modules = import ./modules;
hmModules = import ./modules/home;
overlays = import ./overlays;
profiles = import ./modules/profiles;
hmProfiles = import ./modules/home/profiles;
hosts = import ./hosts;
tubslatex = callPackage ./pkgs/tubslatex {};
keys = callPackage ./pkgs/keys {};
homePage = callPackage ./pkgs/homePage {};
}

39
deploy Executable file
View file

@ -0,0 +1,39 @@
#!/usr/bin/env bash
set -e
set -o pipefail
if [ -z "$1" ]
then
echo "usage: deploy <hostname>"
exit 1
fi
git push
function hash {
archive="$(mktemp /tmp/nix-config.XXX.tar.gz)"
git archive "$1" | gzip > "$archive"
nix-prefetch-url --unpack --type sha256 "file:$archive" 2>/dev/null
rm "$archive"
}
host="${1}"
rev="$(git rev-parse HEAD)"
url="https://github.com/dadada/nix-config/archive/${rev}.tar.gz"
sha256=$(hash "$rev")
cat <<EOF | ssh "${host}".dadada.li 'sudo nix-shell -p tmux --run "cat - > /etc/nixos/deploy.nix && tmux new -d \"nixos-rebuild switch |& tee /var/log/dadada-deploy.log\""'
{ config, pkgs, lib, ... }:
let
dadada = import (builtins.fetchTarball {
url = ${url};
sha256 = "${sha256}";
}) { inherit pkgs; };
in {
imports = [
./hardware-configuration.nix
dadada.hosts."${host}"
];
}
EOF

49
devshell.nix
View file

@ -1,49 +0,0 @@
{ pkgs, extraModules, ... }:
(pkgs.devshell.mkShell {
imports = extraModules;
name = "dadada/nix-config";
packages = with pkgs; [
agenix
nixos-rebuild
];
commands = [
{
name = "switch";
help = "Switch the configuration on the current system.";
command = ''
flake=$(nix flake metadata --json ${./.} | jq -r .url)
${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake ".#" --use-remote-sudo
'';
category = "deploy";
}
{
name = "format";
help = "Format the project";
command = ''
treefmt .
'';
category = "dev";
}
{
name = "update";
help = "Update the project";
command = ''
nix flake update --commit-lock-file
'';
category = "dev";
}
{
name = "check";
help = "Run checks";
category = "dev";
command = "nix flake check";
}
];
git.hooks = {
pre-commit.text = "nix flake check";
};
})

462
flake.lock generated
View file

@ -1,462 +0,0 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753140376,
"narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
"owner": "nix-community",
"repo": "disko",
"rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-registry": {
"flake": false,
"locked": {
"lastModified": 1744623129,
"narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=",
"owner": "NixOS",
"repo": "flake-registry",
"rev": "1322f33d5836ae757d2e6190239252cf8402acf6",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-registry",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753470191,
"narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"homepage": {
"flake": false,
"locked": {
"lastModified": 1727338449,
"narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=",
"rev": "60398d3d728a0057b4cad49879ef637c06b28371",
"type": "tarball",
"url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371"
},
"original": {
"type": "tarball",
"url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751903740,
"narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1753122741,
"narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1753429684,
"narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"devshell": "devshell",
"disko": "disko",
"flake-registry": "flake-registry",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"homepage": "homepage",
"lanzaboote": "lanzaboote",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753439394,
"narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2673921c03d6e75fdf4aa93e025772608d1482cf",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

52
flake.nix
View file

@ -1,52 +0,0 @@
{
description = "dadada's nix flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
homepage = {
url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz";
flake = false;
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
devshell = {
url = "github:numtide/devshell";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-registry = {
url = "github:NixOS/flake-registry";
flake = false;
};
systems.url = "github:nix-systems/default";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { ... }@args: import ./outputs.nix args;
}

209
home/dconf.nix
View file

@ -1,209 +0,0 @@
{ lib, pkgs, ... }:
with lib.hm.gvariant;
{
home.packages = [
pkgs.adwaita-icon-theme
pkgs.adwaita-qt
];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/shell" = {
favorite-apps = [
"alacritty.desktop"
"element.desktop"
"evolution.desktop"
"firefox.desktop"
"spotify.desktop"
];
};
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = [
"system-monitor@gnome-shell-extensions.gcampax.github.com"
"switcher@landau.fi"
];
};
"org/gnome/desktop/calendar" = {
show-weekdate = true;
};
"org/gnome/desktop/input-sources" = {
current = mkUint32 0;
per-window = false;
show-all-sources = true;
sources = [
(mkTuple [
"xkb"
"eu"
])
(mkTuple [
"xkb"
"de"
])
];
xkb-options = [
"lv3:ralt_switch"
"caps:escape"
];
};
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-seconds = false;
clock-show-weekday = true;
cursor-theme = "Adwaita";
enable-animations = true;
enable-hot-corners = false;
font-antialiasing = "grayscale";
font-hinting = "slight";
font-name = "Cantarell 10";
gtk-enable-primary-paste = false;
gtk-key-theme = "Emacs";
gtk-theme = "Adwaita";
color-scheme = "prefer-light";
icon-theme = "Adwaita";
locate-pointer = false;
monospace-font-name = "JetBrains Mono 10";
show-battery-percentage = false;
#text-scaling-factor = 1.0;
toolkit-accessibility = false;
};
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = false;
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "default";
natural-scroll = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
send-events = "enabled";
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/desktop/privacy" = {
disable-microphone = false;
old-files-age = mkUint32 30;
recent-files-max-age = -1;
report-technical-problems = false;
};
"org/gnome/desktop/screensaver" = {
color-shading-type = "solid";
lock-delay = mkUint32 30;
lock-enabled = true;
};
"org/gnome/desktop/session" = {
idle-delay = mkUint32 0;
};
"org/gnome/desktop/sound" = {
event-sounds = false;
theme-name = "__custom";
};
"org/gnome/evince/default" = {
continuous = true;
dual-page = false;
dual-page-odd-left = false;
enable-spellchecking = true;
fullscreen = false;
inverted-colors = false;
show-sidebar = false;
sidebar-page = "links";
sidebar-size = 132;
sizing-mode = "free";
};
"org/gnome/evolution/calendar" = {
editor-show-timezone = true;
use-24hour-format = true;
week-start-day-name = "monday";
work-day-friday = true;
work-day-monday = true;
work-day-saturday = false;
work-day-sunday = false;
work-day-thursday = true;
work-day-tuesday = true;
work-day-wednesday = true;
};
"org/gnome/evolution/mail" = {
browser-close-on-reply-policy = "always";
composer-attribution-language = "de_DE";
composer-reply-start-bottom = false;
composer-signature-in-new-only = true;
composer-spell-languages = [
"de"
"en_US"
];
composer-top-signature = false;
composer-unicode-smileys = false;
composer-visually-wrap-long-lines = true;
composer-wrap-quoted-text-in-replies = false;
forward-style = 0;
forward-style-name = "attached";
headers-collapsed = false;
image-loading-policy = "never";
junk-check-custom-header = true;
junk-check-incoming = true;
junk-empty-on-exit-days = 0;
junk-lookup-addressbook = false;
notify-remote-content = true;
prompt-check-if-default-mailer = false;
prompt-on-composer-mode-switch = true;
prompt-on-empty-subject = true;
prompt-on-expunge = true;
prompt-on-mark-all-read = false;
prompt-on-mark-as-junk = true;
prompt-on-reply-close-browser = "always";
prompt-on-unwanted-html = true;
reply-style = 0;
reply-style-name = "quoted";
search-gravatar-for-photo = false;
};
"org/gnome/evolution/plugin/prefer-plain" = {
mode = "only_plain";
show-suppressed = true;
};
"org/gnome/gnome-screenshot" = {
border-effect = "none";
delay = 0;
include-border = true;
include-pointer = false;
last-save-directory = "file:///home/dadada/lib/pictures/Screenshots";
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
center-new-windows = true;
dynamic-workspaces = true;
edge-tiling = true;
experimental-features = [ ];
focus-change-on-pointer-rest = true;
overlay-key = "Super_L";
workspaces-only-on-primary = true;
};
"org/gnome/settings-daemon/plugins/power" = {
idle-dim = true;
power-button-action = "interactive";
power-saver-profile-on-low-battery = true;
sleep-inactive-ac-type = "blank";
sleep-inactive-battery-timeout = 600;
sleep-inactive-battery-type = "suspend";
};
"org/gnome/system/location" = {
enabled = false;
};
};
}

441
home/default.nix
View file

@ -1,441 +0,0 @@
{
pkgs,
lib,
...
}:
let
useFeatures = [
"alacritty"
#"emacs"
"direnv"
"git"
"gpg"
#"gtk"
#"keyring"
"syncthing"
"tmux"
"xdg"
"zsh"
"helix"
];
colors = {
background = "fdf6e3";
foreground = "657b83";
regular0 = "eee8d5"; # background darker
regular1 = "dc322f"; # red
regular2 = "859900"; # green
regular3 = "b58900"; # dark orange
regular4 = "268bd2"; # azure blue
regular5 = "d33682"; # hot pink
regular6 = "2aa198"; # petrol
regular7 = "073642"; # navy
bright0 = "cb4b16"; # orange
bright1 = "fdf6e3"; # foreground
bright2 = "93a1a1"; # grey
bright3 = "839496"; # slightly darker grey
bright4 = "657b83"; # even slightly darker grey
bright5 = "6c71c4"; # purple
bright6 = "586e75"; # pretty dark grey
bright7 = "002b36"; # dark navy blue
};
in
{
imports = [
./dconf.nix
];
home.stateVersion = "20.09";
programs.gpg.settings.default-key = "99658A3EB5CD7C13";
dadada.home =
lib.attrsets.genAttrs useFeatures (useFeatures: {
enable = true;
})
// {
session = {
enable = true;
sessionVars = {
EDITOR = "hx";
PAGER = "less";
MAILDIR = "\$HOME/.var/mail";
MBLAZE = "\$HOME/.config/mblaze";
NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config";
};
};
};
# Languagetool server for web extension
systemd.user.services."languagetool-http-server" = {
Unit = {
Description = "Languagetool HTTP server";
PartOf = [ "graphical-session-pre.target" ];
After = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.languagetool}/bin/languagetool-http-server org.languagetool.server.HTTPServer --allow-origin '*'";
Restart = "always";
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
programs.offlineimap.enable = false;
xdg.configFile."offlineimap/config".text = ''
[general]
accounts = tu-bs,mailbox
[Account tu-bs]
localrepository = tu-bs-local
remoterepository = tu-bs-remote
[Repository tu-bs-local]
type = Maildir
localfolders = ~/lib/backup/y0067212@tu-bs.de
[Repository tu-bs-remote]
type = IMAP
remotehost = mail.tu-braunschweig.de
remoteuser = y0067212
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
[Account mailbox]
localrepository = mailbox-local
remoterepository = mailbox-remote
[Repository mailbox-local]
type = Maildir
localfolders = ~/lib/backup/mailbox.org
[Repository mailbox-remote]
type = IMAP
remotehost = imap.mailbox.org
remoteuser = dadada@dadada.li
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
'';
home.file.".jjconfig.toml".source = ./jjconfig.toml;
systemd.user.timers."backup-keepassxc" = {
Unit.Description = "Backup password DB";
Timer = {
OnBootSec = "15min";
OnUnitActiveSec = "1d";
};
Install.WantedBy = [ "timers.target" ];
};
systemd.user.services."backup-keepassxc" = {
Unit.Description = "Backup password DB";
Unit.Type = "oneshot";
Service.ExecStart = "${pkgs.openssh}/bin/scp -P 23 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx u355513-sub4@u355513-sub4.your-storagebox.de:Personal.kdbx";
Install.WantedBy = [ "multi-user.target" ];
};
systemd.user.timers."backup-keepassxc-ninurta" = {
Unit.Description = "Backup password DB to ninurta";
Timer = {
OnBootSec = "15min";
OnUnitActiveSec = "1d";
};
Install.WantedBy = [ "timers.target" ];
};
systemd.user.services."backup-keepassxc-ninurta" = {
Unit.Description = "Backup password DB to ninurta";
Unit.Type = "oneshot";
Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/storage/backups/backup-keepassxc/Personal.kdbx";
Install.WantedBy = [ "multi-user.target" ];
};
programs.foot = {
enable = true;
server.enable = false;
settings = {
inherit colors;
main = {
shell = "tmux";
font = "Jetbrains Mono:size=8";
dpi-aware = false;
};
mouse.hide-when-typing = true;
csd.preferred = "none";
cursor.color = "fdf6e3 586e75";
bell = {
urgent = true;
visual = false;
};
};
};
home.file.".config/sway/config".text = with colors; ''
# Read `man 5 sway` for a complete reference.
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# Home row direction keys, like vim
set $left h
set $down j
set $up k
set $right l
# Your preferred terminal emulator
set $term foot
# Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on.
set $menu fuzzel
set $wallpaper "~/lib/pictures/wallpaper.jpg"
### Idle configuration
#
# Example configuration:
#
exec swayidle -w \
timeout 300 'swaylock -f -i $wallpaper -s fill' \
timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \
before-sleep 'swaylock -f -i $wallpaper -s fill'
#
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on when
# resumed. It will also lock your screen before your computer goes to sleep.
input * {
xkb_layout eu
xkb_model pc105+inet
xkb_options caps:escape
drag_lock enabled
drag enabled
dwt enabled
tap enabled
tap_button_map lrm
natural_scroll enabled
}
### Key bindings
#
# Basics:
#
# Start a terminal
bindsym $mod+Return exec $term
# Kill focused window
bindsym $mod+Shift+q kill
# Start your launcher
bindsym $mod+d exec $menu
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# Lock the screen
bindsym XF86Sleep exec 'swaylock -f -c ${background}'
bindsym $mod+End exec 'swaylock -f -c ${background}'
# Reload the configuration file
bindsym $mod+Shift+c reload
# Exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
# Brightness
bindsym --locked XF86MonBrightnessDown exec light -U 10
bindsym --locked XF86MonBrightnessUp exec light -A 10
# Volume
bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%'
bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%'
bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle'
#
# Moving around:
#
# Move your focus around
bindsym $mod+$left focus left
bindsym $mod+$down focus down
bindsym $mod+$up focus up
bindsym $mod+$right focus right
# Or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# Ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# Switch to workspace
bindsym $mod+1 workspace number 1
bindsym $mod+2 workspace number 2
bindsym $mod+3 workspace number 3
bindsym $mod+4 workspace number 4
bindsym $mod+5 workspace number 5
bindsym $mod+6 workspace number 6
bindsym $mod+7 workspace number 7
bindsym $mod+8 workspace number 8
bindsym $mod+9 workspace number 9
bindsym $mod+0 workspace number 10
# Move focused container to workspace
bindsym $mod+Shift+1 move container to workspace number 1
bindsym $mod+Shift+2 move container to workspace number 2
bindsym $mod+Shift+3 move container to workspace number 3
bindsym $mod+Shift+4 move container to workspace number 4
bindsym $mod+Shift+5 move container to workspace number 5
bindsym $mod+Shift+6 move container to workspace number 6
bindsym $mod+Shift+7 move container to workspace number 7
bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 10
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
#
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+b splith
bindsym $mod+v splitv
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle
# Move focus to the parent container
bindsym $mod+a focus parent
#
# Font
#
font "pango:Jetbrains Mono 8"
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# Ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# Return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
#
# Status Bar:
#
# Read `man 5 sway-bar` for more information about this section.
bar {
position bottom
# When the status_command prints a new line to stdout, swaybar updates.
# The default just shows the current date and time.
status_command ~/.config/sway/status
colors {
statusline ${foreground}
background ${background}
inactive_workspace ${background}ee ${background}ee ${foreground}ee
}
}
# Gaps between multiple tiling windows
gaps inner 10
smart_gaps on
bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3
# class border backgr. text indicator child_border
client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4}
client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0}
client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0}
client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0}
client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2}
client.background #${foreground}
include /etc/sway/config.d/*
exec sleep 5; systemctl --user restart kanshi.service
exec sleep 5; swaymsg output '*' bg $wallpaper fill
'';
home.file.".config/sway/status".source = ./status;
home.file.".config/kanshi/config".text = ''
profile Laptop {
output eDP-1 enable
}
profile Docked {
output eDP-1 disable
output "LG Electronics LG HDR 4K 0x000354D1" {
enable
scale 1.4
position 0,0
}
}
'';
#services.poweralertd.enable = true;
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
home.packages = import ./pkgs.nix { pkgs = pkgs; };
}

8
home/jjconfig.toml
View file

@ -1,8 +0,0 @@
[user]
name = "Tim Schubert"
email = "dadada@dadada.li"
[ui]
diff-editor = ["scm-diff-editor", "--dir-diff", "$left", "$right"]
diff-instructions = false
merge-editor = ["meld"]

13
home/modules.nix
View file

@ -1,13 +0,0 @@
{ lib, ... }:
with lib;
let
modules' =
dir:
filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir);
modules =
dir:
mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
modules' dir
);
in
(modules ./modules)

28
home/modules/alacritty/colors.toml
View file

@ -1,28 +0,0 @@
# Colors (Solarized Light)
# Default colors
[colors.primary]
background = '#fdf6e3'
foreground = '#586e75'
# Normal colors
[colors.normal]
black = '#073642'
red = '#dc322f'
green = '#859900'
yellow = '#b58900'
blue = '#268bd2'
magenta = '#d33682'
cyan = '#2aa198'
white = '#eee8d5'
# Bright colors
[colors.bright]
black = '#002b36'
red = '#cb4b16'
green = '#586e75'
yellow = '#657b83'
blue = '#839496'
magenta = '#6c71c4'
cyan = '#93a1a1'
white = '#fdf6e3'

49
home/modules/alacritty/default.nix
View file

@ -1,49 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.dadada.home.alacritty;
in
{
options.dadada.home.alacritty = {
enable = mkEnableOption "Enable alacritty config";
};
config = mkIf cfg.enable {
home.packages = [
pkgs.jetbrains-mono
];
programs.alacritty = {
enable = true;
settings = {
env.TERM = "xterm-256color";
scrolling.history = 0;
font = {
size = 9;
normal = {
family = "Jetbrains Mono";
style = "Regular";
};
bold = {
family = "Jetbrains Mono";
style = "Bold";
};
italic = {
family = "Jetbrains Mono";
style = "Italic";
};
bold_italic = {
family = "Jetbrains Mono";
style = "Bold Italic";
};
};
shell.program = "tmux";
window.decorations = "none";
colors = (lib.trivial.importTOML ./colors.toml).colors;
};
};
};
}

107
home/modules/git.nix
View file

@ -1,107 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.dadada.home.git;
allowedSigners = pkgs.writeTextFile {
name = "allowed-signers";
text = ''
dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
'';
};
in
{
options.dadada.home.git = {
enable = mkEnableOption "Enable git config";
};
config = mkIf cfg.enable {
programs.git = {
enable = true;
extraConfig = {
commit = {
gpgSign = true;
verbose = true;
};
gpg = {
format = "ssh";
ssh.allowedSignersFile = "${allowedSigners}";
ssh.program = "ssh-keygen";
};
tag.gpgSign = true;
user = {
email = "dadada@dadada.li";
name = "Tim Schubert";
signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
};
core = {
whitespace = {
tab-in-indent = true;
tabwidth = 4;
};
alias = { };
pager = "delta";
};
column.ui = "never";
checkout.defaultRemote = "origin";
delta = {
navigate = true; # use n and N to move between diff sections
side-by-side = false;
line-numbers = true;
light = true;
};
diff = {
renames = "copies";
algorithm = "histogram";
colorMoved = "default";
};
interactive.diffFilter = "delta --color-only";
merge = {
conflictstyle = "zdiff3";
keepbackup = false;
tool = "meld";
};
status = {
short = true;
branch = true;
showUntrackedFiled = "all";
};
log.date = "iso8601-local";
fetch.prune = true;
pull = {
prune = true;
ff = "only";
rebase = "interactive";
};
push = {
default = "current";
autoSetupRemote = true;
};
rebase = {
abbreviateCommands = true;
# Automatically force-update any branches that point to commits that are being rebased.
updateRefs = true;
};
rerere.enabled = true;
transfer.fsckobjects = true;
fetch.fsckobjects = true;
receive.fsckObjects = true;
branch.sort = "-committerdate";
};
};
home.packages = with pkgs; [
delta
git-branchless
git-lfs
gitAndTools.hub
gitAndTools.lab
gitAndTools.git-absorb
meld
];
};
}

20
home/modules/gtk.nix
View file

@ -1,20 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.dadada.home.gtk;
in
{
options.dadada.home.gtk = {
enable = mkEnableOption "Enable GTK config";
};
config = mkIf cfg.enable {
gtk = {
enable = true;
};
};
}

12
home/modules/helix/config/config.toml
View file

@ -1,12 +0,0 @@
theme = "solarized_light"
[editor]
line-number = "relative"
mouse = true
auto-completion = true
[editor.soft-wrap]
enable = true
[keys.normal]
C-q = [ ":reflow 80" ]

35
home/modules/helix/config/languages.toml
View file

@ -1,35 +0,0 @@
[language-server.rust-analyzer]
config = { rust-analyzer = { checkOnSave = { command = "clippy" }, procMacro.enable = true } }
[language-server.nixd]
command = "nixd"
[language-server.ltex-ls]
command = "ltex-ls"
[language-server.zk]
command = "zk"
args = ["lsp"]
[[language]]
name = "rust"
language-servers = [ {name="rust-analyzer"} ]
[[language]]
name = "latex"
language-servers = [{ name = "ltex-ls" }]
file-types = ["tex"]
scope = "source.latex"
roots = []
[[language]]
name = "nix"
file-types = ["nix"]
language-servers = [{ name = "nixd" }]
[[language]]
name = "markdown"
scope = "source.md"
injection-regex = "md|markdown"
file-types = ["md", "markdown"]
roots = [".zk"]

27
home/modules/helix/default.nix
View file

@ -1,27 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.dadada.home.helix;
in
{
options.dadada.home.helix = {
enable = lib.mkEnableOption "Enable helix editor";
package = lib.mkOption {
type = lib.types.package;
description = "Helix editor package to use";
default = pkgs.helix;
};
};
config = lib.mkIf cfg.enable {
home.file.".config/helix".source = ./config;
home.packages = [
cfg.package
#pkgs.nixd
];
};
}

34
home/modules/tmux.nix
View file

@ -1,34 +0,0 @@
{
config,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.tmux;
in
{
options.dadada.home.tmux = {
enable = mkEnableOption "Enable tmux config";
};
config = mkIf cfg.enable {
programs.tmux = {
enable = true;
terminal = "tmux-256color";
extraConfig = ''
setw -g mode-keys vi
set -g mouse on
set -g set-clipboard external
set -g set-titles on
set -g status on
set -ga terminal-overrides ',*256col*:Tc'
set-option -g status-interval 5
set-option -g automatic-rename on
set-option -g automatic-rename-format '#{b:pane_current_path}'
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
bind c new-window -c "#{pane_current_path}"
'';
};
};
}

83
home/modules/zsh.nix
View file

@ -1,83 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.home.zsh;
in
{
options.dadada.home.zsh = {
enable = mkEnableOption "Enable ZSH config";
};
config = mkIf cfg.enable {
programs.fzf.enableZshIntegration = true;
programs.zsh = {
enable = true;
enableCompletion = true;
enableVteIntegration = true;
autosuggestion.enable = true;
autocd = true;
sessionVariables = {
EDITOR = "hx";
};
history = {
extended = true;
ignoreDups = true;
ignoreSpace = true;
save = 100000;
# FIXME https://github.com/junegunn/fzf/issues/4061
#share = true;
share = false;
};
plugins = [
];
initContent = ''
source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
source ${pkgs.fzf}/share/fzf/completion.zsh
eval "$(${pkgs.h}/bin/h --setup ~/src)"
bindkey -e '^n' autosuggest-accept
preexec() { echo -n -e "\033]0;$1\007" }
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"> "
RPROMPT='$(git_super_status)'
'';
profileExtra = '''';
shellAliases = {
ga = "git add";
gc = "git commit";
gd = "git diff";
gdw = "git diff --color-words";
gf = "git fetch";
gl = "git log";
gpu = "git push";
gpul = "git pull";
grb = "git rebase";
gre = "git reflog";
gs = "git status";
gsh = "git show";
gst = "git status";
gsta = "git stash";
gstap = "git stash apply";
exa = "eza";
ls = "exa";
la = "exa -a";
ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\"";
mv = "mv -i";
cp = "cp -i";
};
};
home.packages = with pkgs; [
fzf
eza
zsh-git-prompt
tmux
];
};
}

151
home/pkgs.nix
View file

@ -1,151 +0,0 @@
{ pkgs }:
with pkgs;
[
anki
aqbanking
aria2
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
bash
bat # cat with syntax highlighting and git integration
binutils
bluez-tools
btop # htop
choose # alternative to cut and awk with more readable syntax
chromium
colordiff
darcs
delta # feature-rich diff viewer
dig
direnv
duf # disk usage
dune3d
dyff # diff tool for YAML
element-desktop
evince
evolution
ffmpeg
file
fuzzel
fx # themable json viewer
fzf
fzf
gdb
gh
ghidra-bin
gimp
glow
glow # render markdown
gnumake
gnupg
gping # ping with graphs
graphviz
grim
gron # make json grepable
h # Manage git repos
hexyl # hex viewer
htop
httpie
hub
hyperfine # A command-line benchmarking tool.
icdiff
imagemagick
inkscape
inotify-tools
ioping # ping but for block devices
iproute2
iputils # tracepath
irssi
jameica
jc # convert output to json
josm
jq
kanshi
keepassxc
kubetail
krita
ldns
liboping # oping, ping multiple hosts at once
libreoffice
libvirt
lsof
lynis
man-pages
mblaze
mkpasswd
mpv
mtr
mumble
nix-output-monitor
ncurses
newsflash
nixd
nixfmt-rfc-style
nfs-utils
niv
nix-index
nmap
nmon
nodePackages.prettier
map-cmd
obs-studio
offlineimap
openscad
openssl
p7zip
pandoc # document converter and templater
pass
pavucontrol
picocom
playerctl
procs # ps in rust
prusa-slicer
pv
pwgen
(python3.withPackages (pkgs: [
pkgs.pandas
pkgs.requests
]))
ranger
reptyr
ripgrep
ripgrep
saleae-logic-2
sd # search and displace like sed but with better syntax
sieveshell
signal-desktop
silver-searcher
skim # fzf in Rust
slurp
socat
solvespace
spotify
sqlite
sshfs-fuse
taplo
tcpdump
tdesktop
thunderbird
tmux
ttyd
unzip
usbutils
vegur
virt-manager
viu # view images from the terminal
vscodium
whois
wireshark
xdg-utils
xmlstarlet
unixtools.xxd
xxh # portable shells
yt-dlp
# zotero Marked as insecure
zeal
zk
zsh
]

138
home/status
View file

@ -1,138 +0,0 @@
#!/usr/bin/env python3
import json
import sys
import time
import requests
import logging
import subprocess
from datetime import datetime
logger = logging.getLogger(__name__)
class Status:
def status(self):
return None
class Cat(Status):
index = 0
def status(self):
cat_width = 200
index = self.index
catwalk = "🐈🏳️‍🌈" + " " * index
self.index = (index + 1) % cat_width
return {"full_text": catwalk}
class Space(Status):
backoff = 0
c_status = None
def status(self):
backoff = self.backoff
if self.backoff == 0:
self.update()
return {"full_text": self.c_status}
def update(self):
spacestatus_url = "https://status.stratum0.org/status.json"
resp = requests.get(url=spacestatus_url)
self.backoff = (self.backoff + 1) % 120
data = resp.json()
if data["isOpen"]:
since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M")
spacestatus = f"Space is open since {since}"
else:
spacestatus = "Space is closed"
self.c_status = spacestatus
class Battery(Status):
capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r')
status_file = open('/sys/class/power_supply/BAT0/status', 'r')
def status(self):
self.status_file.seek(0)
status = self.status_file.read().rstrip()
self.capacity_file.seek(0)
capacity = self.capacity_file.read().rstrip()
battery = f"{status} {capacity}%"
return {"full_text": battery}
class Time(Status):
def status(self):
now = datetime.now()
match now.isocalendar().week % 10:
case 1:
th = "st"
case 2:
th = "nd"
case 3:
th = "rd"
case _:
th = "th"
return {"full_text": now.strftime(f"%V{th} %A %H:%M") }
class FailedUnits(Status):
def status(self):
proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True)
stdout = proc.stdout.decode('utf-8')
failed = 0
for line in stdout:
if 'failed' in line:
failed += 1
if failed == 0:
return {"full_text": f"No failed units"}
else:
return {"full_text": f"There are {failed} failed units", "color": "#ff0000"}
def print_header():
header = {
"version": 1,
"click_events": False,
}
print(json.dumps(header))
print("[")
def run(interval, widgets):
print_header()
while True:
body = []
for widget in widgets:
try:
status = widget.status()
except Exception as e:
logger.error(e)
if status:
body += status,
print(json.dumps(body), ",", flush=True)
ts = interval - (time.time() % interval)
time.sleep(ts)
if __name__ == "__main__":
logging.basicConfig(level=logging.INFO)
# Interval in seconds
interval = 1.0
widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()]
run(interval, widgets)

5
hosts/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
ifrit = ./ifrit;
gorgon = ./gorgon;
surgat = ./surgat;
}

124
hosts/gorgon/default.nix Normal file
View file

@ -0,0 +1,124 @@
{ config, pkgs, lib, ... }:
let
this = import ../.. { inherit pkgs; };
nixos-hardware = buildins.fetchTarball {
url = "https://github.com/NixOS/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz";
sha256 = "1z4cr5gsyfdpcy31vqg4ikalbxmnnac6jjk1nl8mxj0h0ix7pp36";
};
in
{
imports = (lib.attrValues this.modules) ++ [
../../modules/profiles/laptop
"${nixos-hardware}/lenovo/thinkpad/t14s"
];
boot.kernelModules = [ "kvm-amd" ];
virtualisation = {
libvirtd.enable = true;
docker.enable = false;
};
networking.hostName = "gorgon";
dadada = {
admin.enable = false;
steam.enable = true;
fido2 = {
credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000";
enablePam = true;
};
luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4";
networking = {
wanInterfaces = [ "enp2s0f0" "wlp3s0" ];
enableBsShare = true;
vpnExtension = "3";
};
};
boot.kernel.sysctl = {
"vm.swappiness" = 90;
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
programs.adb.enable = true;
services.fstrim.enable = true;
# Enable CUPS to print documents.
services.printing = {
enable = true;
browsing = true;
drivers = with pkgs; [
hplip
brlaser
brgenml1lpr
brgenml1cupswrapper
];
};
hardware = {
bluetooth.enable = true;
pulseaudio = {
enable = true;
extraModules = [ pkgs.pulseaudio-modules-bt ];
extraConfig = ''
set-source-volume 1 10000
'';
package = pkgs.pulseaudioFull;
};
};
services.avahi.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
22000 # Syncthing
];
allowedUDPPorts = [
21027 # Syncthing
];
};
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome3.enable = true;
xdg.mime.enable = true;
users.users = {
dadada = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ];
shell = "/run/current-system/sw/bin/zsh";
initialHashedPassword = "nopass";
};
"tim.schubert" = {
isNormalUser = true;
extraGroups = [ "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ];
shell = "/run/current-system/sw/bin/zsh";
initialHashedPassword = "nopass";
};
};
networking.hosts = {
"fd42:dead:beef:0:5054:ff:fefb:7361" = [
"media.dadada.li"
"ifrit.dadada.li"
];
"192.168.42.103" = [
"media.dadada.li"
"ifrit.dadada.li"
];
"fd42:dead:beef::5054:ff:fe8b:58df" = [ "iot.dadada.li" ];
"fd42:dead:beef::20d:b9ff:fe4c:c9ac" = [ "agares.dadada.li" ];
"192.168.42.15" = [ "agares.dadada.li" "agares" ];
"192.168.42.11" = [ "wohnzimmerpi.dadada.li" "wohnzimmerpi" ];
"10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ];
};
}

43
hosts/gorgon/home/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, pkgs, lib, ... }:
let
this = import ../../.. { inherit pkgs; };
in
{
nixpkgs.overlays = [
this.overlays.tubslatex
];
imports = lib.attrValues this.hmModules;
dadada.home = {
vim.enable = true;
direnv.enable = true;
git.enable = true;
gpg.enable = true;
gtk.enable = true;
keyring.enable = true;
kitty.enable = true;
ssh.enable = true;
syncthing.enable = true;
tmux.enable = true;
xdg.enable = true;
zsh.enable = true;
session = {
enable = true;
sessionVars = {
EDITOR = "vim";
PAGER = "less";
MAILDIR = "\$HOME/.var/mail";
MBLAZE = "\$HOME/.config/mblaze";
NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config";
MOZ_ENABLE_WAYLAND= "1";
};
};
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
home.packages = import ./pkgs.nix { pkgs = pkgs; };
}

85
hosts/gorgon/home/pkgs.nix Normal file
View file

@ -0,0 +1,85 @@
{ pkgs }:
with pkgs; [
android-studio
anki
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aqbanking
bluez-tools
chromium
clang
clang-tools
darcs
direnv
element-desktop
evince
ffmpeg
file
firefox-bin
fractal
fzf
gimp
git-lfs
gitAndTools.hub
gnome3.gnome-tweak-tool
gnome3.nautilus
gnome3.vinagre
gnucash
gnumake
gnupg
graphviz
grim
imagemagick
inkscape
inotify-tools
irssi
jameica
jq
kcachegrind
keepassxc
#keys
kitty
ldns
libreoffice
libvirt
lsof
mblaze
mkpasswd
mpv
mumble
ncurses
nfs-utils
niv
nmap
openssl
p7zip
pass
pavucontrol
pinentry-gnome
playerctl
pwgen
python27Packages.dbus-python
python3
python38Packages.dateutil
python38Packages.managesieve
python38Packages.solo-python
signal-desktop
slurp
sqlite
sshfs-fuse
steam
tcpdump
tdesktop
tubslatex
thunderbird-bin
unzip
usbutils
virtmanager
whois
wireshark
xdg_utils
youtube-dl
]

148
hosts/ifrit/default.nix Normal file
View file

@ -0,0 +1,148 @@
{ config, pkgs, lib, ... }:
let
hostAliases = [
"ifrit.dadada.li"
"bs.vpn.dadada.li"
"media.dadada.li"
"media.local"
];
backups = "/mnt/storage/backup";
in {
imports = [
../../modules/profiles/base
];
dadada = {
admin.enable = true;
fileShare.enable = true;
vpnServer.enable = true;
vpnServer.peers = {
"metis" = {
id = "1";
key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns=";
};
"morax" = {
id = "2";
key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE=";
};
"gorgon" = {
id = "3";
key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
};
"surgat" = {
id = "4";
key = "+paiOqOITdLy3oqoI2DhOj4k8gncAcjFLkJrxJl0iBE=";
};
};
};
services.borgbackup.repos = {
"metis" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
path = "${backups}/metis";
quota = "1T";
};
"gorgon" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
path = "${backups}/gorgon";
quota = "1T";
};
"surgat" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
path = "${backups}/surgat";
quota = "100G";
};
"wohnzimmerpi" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
path = "${backups}/wohnzimmerpi";
quota = "50G";
};
};
networking.hostName = "ifrit";
networking.domain = "dadada.li";
networking.hosts = {
"127.0.0.1" = hostAliases;
"::1" = hostAliases;
};
networking.nameservers = [
"1.1.1.1"
"1.0.0.1"
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
networking.useDHCP = false;
networking.interfaces.ens3.useDHCP = true;
fileSystems."/mnt/storage" = {
device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7";
mountPoint = "/mnt/storage";
neededForBoot = false;
options = [ "nofail" ];
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
22 # SSH
80 443 # HTTP(S)
111 2049 # NFS
137 138 139 445 # SMB
];
allowedUDPPorts = [
137 138 139 445 # SMB
111 2049 # NFS
51234 # Wireguard
];
};
security.acme = {
email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
acceptTerms = true;
# certs."webchat.dadada.li" = {
# credentialsFile = "/var/lib/lego/acme-joker.env";
# dnsProvider = "joker";
# postRun = "systemctl reload nginx.service";
# };
# certs."weechat.dadada.li" = {
# credentialsFile = "/var/lib/lego/acme-joker.env";
# dnsProvider = "joker";
# postRun = "systemctl reload nginx.service";
# };
};
users.users."mist" = {
isNormalUser = true;
};
services.avahi = {
enable = false;
publish = {
enable = true;
addresses = true;
workstation = false;
};
};
}

86
hosts/surgat/default.nix Normal file
View file

@ -0,0 +1,86 @@
{ config, pkgs, lib, ... }:
let
hostName = "surgat";
this = import ../.. { inherit pkgs; };
in {
imports = [ this.profiles.base ];
networking.hostName = hostName;
services.nginx = {
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
logError = "/dev/null";
appendHttpConfig = ''
access_log off;
'';
};
dadada.admin = {
enable = true;
users = {
"dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ];
};
};
dadada.element.enable = true;
dadada.networking.vpnExtension = "4";
dadada.weechat.enable = true;
dadada.homePage.enable = true;
dadada.share.enable = true;
dadada.backupClient = {
enable = true;
bs = true;
};
networking.useDHCP = false;
networking.interfaces.ens3.useDHCP = true;
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
22 # SSH
80 443 # HTTPS
];
allowedUDPPorts = [
51234 # Wireguard
];
};
security.acme = {
email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
acceptTerms = true;
};
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.interfaces."ens3".ipv6.addresses = [ {
address = "2a01:4f8:c17:1d70::";
prefixLength = 64;
} ];
networking.defaultGateway6 = {
address = "fe80::1";
interface = "ens3";
};
#boot.initrd.network.ssh = {
# enable = true;
# port = 22;
# authorizedKeys = "${keys}/dadada.pub";
# hostKeys = [
# ];
#};
swapDevices = [
{
device = "/var/swapfile";
size = 4096;
}
];
}

5
lib/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs }:
with pkgs.lib; {
# TODO
}

57
modules/admin.nix Normal file
View file

@ -0,0 +1,57 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.admin;
in {
options.dadada.admin = {
enable = mkEnableOption "Enable admin access";
users = mkOption {
type = with types; attrsOf (listOf path);
default = [];
description = ''
List of admin users with root access to all the machine.
'';
example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]";
};
rat = mkOption {
type = types.bool;
default = false;
description = ''
Enable NAT and firewall traversal for SSH via tor hidden service
'';
};
};
config = mkIf cfg.enable {
services.sshd.enable = true;
services.openssh.passwordAuthentication = false;
security.sudo.wheelNeedsPassword = false;
users.mutableUsers = false;
users.users = mapAttrs (user: keys: (
{
extraGroups = [ "wheel" ];
isNormalUser = true;
openssh.authorizedKeys.keyFiles = keys;
})) cfg.users;
networking.firewall.allowedTCPPorts = [ 22 ];
environment.systemPackages = with pkgs; [
vim
tmux
];
services.tor.hiddenServices = {
"rat" = mkIf cfg.rat.enable {
name = "rat";
map = [ { port = 22; } ];
};
};
};
}

82
modules/backup.nix Normal file
View file

@ -0,0 +1,82 @@
{ config, pkgs, lib, ...}:
with lib;
let
backupExcludes = [
"/backup"
"/dev"
"/efi"
"/home/*/.cache"
"/home/*/.config/Riot/Cache"
"/home/iserv"
"/lost+found"
"/mnt"
"/nix"
"/proc"
"/run"
"/sys"
"/tmp"
"/var/cache"
"/var/log"
"/var/tmp"
];
cfg = config.dadada.backupClient;
in {
options.dadada.backupClient = {
enable = mkEnableOption "Enable backup client";
gs = mkEnableOption "Enable backup to GS location";
bs = mkEnableOption "Enable backup to BS location";
};
config = mkIf cfg.enable {
fileSystems = mkIf cfg.gs {
"/backup" = {
device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5";
fsType = "ext4";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
};
services.borgbackup.jobs.gs = mkIf cfg.gs {
paths = "/";
exclude = backupExcludes;
repo = "/backup/${config.networking.hostName}";
doInit = false;
encryption = {
mode = "repokey";
passCommand = "cat /var/lib/borgbackup/gs/passphrase";
};
compression = "auto,lz4";
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 2;
monthly = -1; # Keep at least one archive for each month
yearly = -1; # Keep at least one archive for each year
};
startAt = "monthly";
};
networking.hosts = mkIf cfg.bs {
"fd42:dead:beef:0:5054:ff:fefb:7361" = [
"media.dadada.li"
];
};
services.borgbackup.jobs.bs = mkIf cfg.bs{
paths = "/";
exclude = backupExcludes;
repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
doInit = true;
environment = {
BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'";
};
encryption = {
mode = "repokey";
passCommand = "cat /var/lib/borgbackup/bs/passphrase";
};
compression = "auto,lz4";
startAt = "daily";
};
};
}

14
modules/default.nix Normal file
View file

@ -0,0 +1,14 @@
{
admin = ./admin.nix;
backup = ./backup.nix;
homePage = ./homepage.nix;
element = ./element.nix;
fido2 = ./fido2.nix;
fileShare = ./fileShare.nix;
networking = ./networking.nix;
share = ./share.nix;
steam = ./steam.nix;
update = ./update.nix;
vpnServer = ./vpnServer.nix;
weechat = ./weechat.nix;
}

12
nixos/modules/element.nix → modules/element.nix
View file

@ -1,13 +1,7 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
let
cfg = config.dadada.element;
in
{
in {
options.dadada.element = {
enable = lib.mkEnableOption "Enable element webapp";
};
@ -38,4 +32,4 @@ in
};
};
};
}
}

56
modules/fido2.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, pkgs, lib, ... }:
with lib;
let
luks = config.dadada.luks;
fido2 = config.dadada.fido2;
in {
options = {
dadada.luks = {
uuid = mkOption {
type = with types; nullOr str;
description = "Device UUID";
default = null;
};
};
dadada.fido2 = {
enablePam = mkEnableOption "Enable PAM U2F";
credential = mkOption {
type = with types; nullOr str;
description = "FIDO2 credential string";
default = null;
};
};
};
config = {
boot.initrd.luks.devices = mkIf (luks.uuid != null) {
root = {
device = "/dev/disk/by-uuid/${luks.uuid}";
preLVM = true;
allowDiscards = true;
fido2 = mkIf (fido2.credential != null) {
credential = fido2.credential;
passwordLess = true;
};
};
};
boot.initrd.luks.fido2Support = mkIf (fido2.credential != null) true;
environment.systemPackages = mkIf (fido2.credential != null) (with pkgs; [
linuxPackages.acpi_call
fido2luks
python27Packages.dbus-python
python38Packages.solo-python
]);
security.pam.u2f = mkIf fido2.enablePam {
enable = true;
control = "sufficient";
cue = true;
};
};
}

28
nixos/modules/fileShare.nix → modules/fileShare.nix
View file

@ -1,16 +1,12 @@
{
config,
lib,
...
}:
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.fileShare;
sharePath = "/mnt/storage/share";
ipv6 = "fd42:dead:beef::/48";
ipv4 = "192.168.42.0/24";
in
{
allow = "192.168.42.0 fd42:dead:beef::";
in {
options.dadada.fileShare = {
enable = mkEnableOption "Enable file share server";
};
@ -22,7 +18,11 @@ in
workgroup = WORKGROUP
server string = media
netbios name = media
security = user
security = user
#use sendfile = yes
#max protocol = smb2
hosts allow = ${allow} localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
@ -30,13 +30,12 @@ in
public = {
path = sharePath;
browseable = "yes";
"read only" = "yes";
"read only" = "no";
"guest ok" = "yes";
"guest only" = "yes";
"create mask" = "0660";
"directory mask" = "2770";
"force user" = "nobody";
"force group" = "nobody";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
};
};
@ -48,3 +47,4 @@ in
};
};
}

26
home/modules/colors.nix → modules/home/colors.nix
View file

@ -1,8 +1,4 @@
{
config,
lib,
...
}:
{ config, lib, ... }:
with lib;
{
options.dadada.home.colors = mkOption {
@ -17,21 +13,21 @@ with lib;
cursor = "#e8e8e8";
cursorForeground = "#1f2022";
background = "#292b2e";
color0 = "#1f2022";
color8 = "#585858";
color7 = "#a3a3a3";
color0 = "#1f2022";
color8 = "#585858";
color7 = "#a3a3a3";
color15 = "#f8f8f8";
color1 = "#f2241f";
color9 = "#f2241f";
color2 = "#67b11d";
color1 = "#f2241f";
color9 = "#f2241f";
color2 = "#67b11d";
color10 = "#67b11d";
color3 = "#b1951d";
color3 = "#b1951d";
color11 = "#b1951d";
color4 = "#4f97d7";
color4 = "#4f97d7";
color12 = "#4f97d7";
color5 = "#a31db1";
color5 = "#a31db1";
color13 = "#a31db1";
color6 = "#2d9574";
color6 = "#2d9574";
color14 = "#2d9574";
color16 = "#ffa500";
color17 = "#b03060";

20
modules/home/default.nix Normal file
View file

@ -0,0 +1,20 @@
{
colors = ./colors.nix;
direnv = ./direnv.nix;
fish = ./fish.nix;
git = ./git.nix;
gpg = ./gpg.nix;
gtk = ./gtk.nix;
keyring = ./keyring.nix;
kitty = ./kitty;
mako = ./mako.nix;
session = ./session.nix;
ssh = ./ssh.nix;
sway = ./sway;
syncthing = ./syncthing.nix;
termite = ./termite.nix;
tmux = ./tmux.nix;
vim = ./vim;
xdg = ./xdg.nix;
zsh = ./zsh.nix;
}

9
home/modules/direnv.nix → modules/home/direnv.nix
View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.home.direnv;
@ -16,7 +11,7 @@ in
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
enableNixDirenvIntegration = true;
};
};
}

79
modules/home/fish.nix Normal file
View file

@ -0,0 +1,79 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.home.fish;
in {
options.dadada.home.fish = {
enable = mkEnableOption "Enable fish config";
};
config = mkIf cfg.enable {
programs.fish = {
enable = true;
plugins = with pkgs; [{
name = "fzf";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "fzf";
rev = "c3defd4a922e97120503b45e26efa775bc672b50";
sha256 = "1k5b0nva0mbqc9830qhbcwxsi8d9b2p4ws1fq0bw9nkf2ripyp4p";
};
}];
interactiveShellInit = ''
# fish git prompt
set __fish_git_prompt_show_informative_status 'yes'
set __fish_git_prompt_showdirtystate 'yes'
set __fish_git_prompt_showstashstate 'yes'
set __fish_git_prompt_showuntrackedfiles 'yes'
set __fish_git_prompt_showupstream 'yes'
set __fish_git_prompt_showcolorhints 'yes'
set fish_greeting
# disable path shortening
set fish_prompt_pwd_dir_length 0
set -U FZF_LEGACY_KEYBINDINGS 0
set -x TERM xterm-256color
set -U fish_user_paths ~/bin $fish_user_paths
#if status is-interactive
#and not status is-login
#and not set -q TMUX
#and string match -qr "^xterm-.*" "$TERM"
# exec tmux
#end
'';
promptInit = ''
function fish_prompt
set last_status $status
printf '%s %s:%s ' \
(set_color red
echo $last_status) \
(set_color green
hostname) \
(set_color blue
prompt_pwd)
set_color normal
end
function fish_right_prompt
printf '%s' (__fish_git_prompt)
end
'';
shellAliases = {
gst = "git status";
gco = "git commit";
glo = "git log";
gad = "git add";
ls = "exa";
ll = "exa -l";
la = "exa -la";
mv = "mv -i";
cp = "cp -i";
};
};
home.packages = [ pkgs.exa ];
};
}

13
modules/home/git.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.home.git;
in
{
options.dadada.home.git = {
enable = mkEnableOption "Enable git config";
};
config = mkIf cfg.enable {
programs.git.enable = true;
};
}

14
home/modules/gpg.nix → modules/home/gpg.nix
View file

@ -1,13 +1,8 @@
{
config,
lib,
...
}:
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.home.gpg;
in
{
in {
options.dadada.home.gpg = {
enable = mkEnableOption "Enable GnuPG config";
};
@ -29,6 +24,11 @@ in
enable = true;
defaultCacheTtl = 1800;
enableSshSupport = false;
pinentryFlavor = "gnome3";
};
programs.git.extraConfig = {
commit = { gpgSign = true; };
};
};
}

25
modules/home/gtk.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.dadada.home.gtk;
in
{
options.dadada.home.gtk = {
enable = mkEnableOption "Enable GTK config";
};
config = mkIf cfg.enable {
gtk = {
enable = true;
theme.package = pkgs.gnome3.gnome-themes-extra;
theme.name = "Adwaita-dark";
iconTheme.package = pkgs.gnome3.adwaita-icon-theme;
iconTheme.name = "Adwaita";
font.package = pkgs.cantarell-fonts;
font.name = "Cantarell";
};
qt = {
enable = true;
platformTheme = "gtk";
};
};
}

11
home/modules/keyring.nix → modules/home/keyring.nix
View file

@ -1,20 +1,15 @@
{
config,
lib,
...
}:
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.home.keyring;
in
{
in {
options.dadada.home.keyring = {
enable = mkEnableOption "Enable keyring config";
};
config = mkIf cfg.enable {
services.gnome-keyring = {
enable = false;
components = [ "secrets" ];
components = [ "pkcs11" "secrets" ];
};
};
}

42
modules/home/kitty/config Normal file
View file

@ -0,0 +1,42 @@
enable_audio_bell = false;
background #1f2022
foreground #a3a3a3
selection_background #a3a3a3
selection_foreground #1f2022
url_color #b8b8b8
cursor #a3a3a3
active_border_color #585858
inactive_border_color #282828
active_tab_background #1f2022
active_tab_foreground #a3a3a3
inactive_tab_background #282828
inactive_tab_foreground #b8b8b8
tab_bar_background #282828
# normal
color0 #1f2022
color1 #f2241f
color2 #67b11d
color3 #b1951d
color4 #4f97d7
color5 #a31db1
color6 #2d9574
color7 #a3a3a3
# bright
color8 #585858
color9 #f2241f
color10 #67b11d
color11 #b1951d
color12 #4f97d7
color13 #a31db1
color14 #2d9574
color15 #f8f8f8
# extended base16 colors
color16 #ffa500
color17 #b03060
color18 #282828
color19 #444155
color20 #b8b8b8
color21 #e8e8e8

19
modules/home/kitty/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.dadada.home.kitty;
in {
options.dadada.home.kitty = {
enable = mkEnableOption "Enable kitty config";
};
config = mkIf cfg.enable {
programs.kitty = {
enable = true;
font = {
package = pkgs.source-code-pro;
name = "Source Code Pro 8";
};
extraConfig = builtins.readFile ./config;
};
};
}

32
modules/home/mako.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, lib, pkgs, colors, ...}:
with lib;
let
cfg = config.dadada.home.mako;
in {
options.dadada.home.mako = {
enable = mkEnableOption "Enable mako config";
};
config = mkIf cfg.enable {
programs.mako = {
enable = true;
anchor = "bottom-right";
backgroundColor = colors.color8;
borderColor = colors.color0;
#defaultTimeout = -1;
font = "Source Code Pro 10";
format = ''<b>%a</b> %s\n%b'';
height = 100;
#groupBy = "app-name";
icons = false;
ignoreTimeout = false;
layer = "overlay";
margin = "0,0,0";
maxVisible = 200;
padding = "0";
progressColor = colors.color4;
sort = "+time";
textColor = colors.foreground;
width = 400;
};
};
}

20
modules/home/module-list.nix Normal file
View file

@ -0,0 +1,20 @@
[
./colors.nix
./direnv.nix
./fish.nix
./git.nix
./gpg.nix
./gtk.nix
./keyring.nix
./kitty
./mako.nix
./session.nix
./ssh.nix
./sway
./syncthing.nix
./termite.nix
./tmux.nix
./vim
./xdg.nix
./zsh.nix
]

13
home/modules/session.nix → modules/home/session.nix
View file

@ -1,21 +1,16 @@
{
config,
lib,
...
}:
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.home.session;
in
{
in {
options.dadada.home.session = {
enable = mkEnableOption "Enable session variable management";
sessionVars = mkOption {
description = "Session variables";
type = types.attrs;
default = { };
default = {};
example = ''
EDITOR = "hx";
EDITOR = "vim";
PAGER = "less";
'';
};

9
home/modules/ssh.nix → modules/home/ssh.nix
View file

@ -1,13 +1,8 @@
{
config,
lib,
...
}:
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.home.ssh;
in
{
in {
options.dadada.home.ssh = {
enable = mkEnableOption "Enable SSH config";
};

306
modules/home/sway/config Normal file
View file

@ -0,0 +1,306 @@
set $wallpaper ~/.config/nixpkgs/modules/sway/wallpaper
set $foreground #a3a3a3ff
set $background #1f2022e5
set $dark_black #1f2022ff
set $light_black #282828ff
set $dark_red #444155ff
set $light_red #585858ff
set $dark_green #b8b8b8ff
set $light_green #a3a3a3ff
set $dark_yellow #e8e8e8ff
set $light_yellow #f8f8f8ff
set $dark_blue #f2241fff
set $light_blue #ffa500ff
set $dark_magenta #b1951dff
set $light_magenta #67b11dff
set $dark_cyan #2d9574ff
set $light_cyan #4f97d7ff
set $dark_white #a31db1ff
set $light_white #b03060ff
xwayland enable
# global modifier key
set $mod Mod4
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# the font to be used for i3bar and window decorations
font pango:Source Code Pro 8
bindsym $mod+Return exec termite
bindsym $mod+Space exec bemenu-run
# switch keyboard to neo
#bindsym $mod+F1 exec neo-key
#bindsym $mod+F2 exec eu-key
# kill focused window
bindsym $mod+Shift+q kill
# toggle moving floating windows with the mouse
floating_modifier $mod
# toggle tiling / floating
bindsym $mod+Shift+f floating toggle
# resize window (you can also use the mouse for that)
mode "resize" {
# resize windows with hjkl
bindsym h resize shrink width 10 px or 10 ppt
bindsym j resize grow height 10 px or 10 ppt
bindsym k resize shrink height 10 px or 10 ppt
bindsym l resize grow width 10 px or 10 ppt
# back to normal mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
# switch to resize mode
bindsym $mod+r mode "resize"
# set border width of new window
default_border pixel 1
# keep focus within current container?
focus_wrapping no
# focus goes to window if mouse is moved onto it
focus_follows_mouse yes
# enter fullscreen mode for the focused container
bindsym $mod+o fullscreen
# default orientation of new windows
default_orientation horizontal
# split in horizontal orientation
bindsym $mod+b split h
# split in vertical orientation
bindsym $mod+shift+b split v
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+x layout toggle all
# name workspaces
set $1 1
set $2 2
set $3 3
set $4 4
set $5 5
set $6 6
set $7 7
set $8 8
set $9 9
set $10 10
# default mode
workspace_layout tabbed
# automatically jump back to previous workspace
workspace_auto_back_and_forth yes
# messaging
workspace 2 output LVDS-1
# web and doc
workspace 1 output VGA-1
# editor and IDE
workspace 3 output DP-2
# change focus
bindsym $mod+h focus left
bindsym $mod+j focus down
bindsym $mod+k focus up
bindsym $mod+l focus right
# focus latest urgent window
bindsym $mod+Shift+1 [urgent=latest] focus
# focus the parent container
bindsym $mod+Up focus parent
# focus the child container
bindsym $mod+Down focus child
# focus tiling/floating
bindsym $mod+f focus mode_toggle
# focus workspace
bindsym $mod+1 workspace number $1
bindsym $mod+2 workspace number $2
bindsym $mod+3 workspace number $3
bindsym $mod+4 workspace number $4
bindsym $mod+5 workspace number $5
bindsym $mod+6 workspace number $6
bindsym $mod+7 workspace number $7
bindsym $mod+8 workspace number $8
bindsym $mod+9 workspace number $9
bindsym $mod+0 workspace number $10
bindsym $mod+n workspace next_on_output
bindsym $mod+p workspace prev_on_output
# focus different outputs (displays)
bindsym $mod+shift+h focus output left
bindsym $mod+shift+j focus output down
bindsym $mod+shift+k focus output up
bindsym $mod+shift+l focus output right
# show the first scratchpad window
bindsym $mod+minus scratchpad show
set $mode_move "move"
bindsym $mod+m mode "$mode_move"
mode "$mode_move" {
# move focused container
bindsym h move left ;mode "default"
bindsym j move down ;mode "default"
bindsym k move up ;mode "default"
bindsym l move right;mode "default"
bindsym 1 move container to workspace number $1 ;mode "default"
bindsym 2 move container to workspace number $2 ;mode "default"
bindsym 3 move container to workspace number $3 ;mode "default"
bindsym 4 move container to workspace number $4 ;mode "default"
bindsym 5 move container to workspace number $5 ;mode "default"
bindsym 6 move container to workspace number $6 ;mode "default"
bindsym 7 move container to workspace number $7 ;mode "default"
bindsym 8 move container to workspace number $8 ;mode "default"
bindsym 9 move container to workspace number $9 ;mode "default"
bindsym 0 move container to workspace number $10 ;mode "default"
bindsym n move container to workspace next_on_output;mode "default"
bindsym p move container to workspace prev_on_output;mode "default"
# move focused workspace to output
bindsym shift+h move workspace to output left ; mode "default"
bindsym shift+j move workspace to output down ; mode "default"
bindsym shift+k move workspace to output up ; mode "default"
bindsym shift+l move workspace to output right ; mode "default"
bindsym shift+n move container to output next ; mode "default"
bindsym shift+p move container to output prev ; mode "default"
# make the currently focused window a scratchpad
bindsym minus move scratchpad; mode "default"
# Move container to the current position of the cursor
bindsym m move position mouse; mode "default"
bindsym Escape mode "default"
}
# lock the screen
bindsym $mod+equal exec ~/bin/lock-session
# control volume
bindsym --locked XF86AudioRaiseVolume exec amixer set 'Master' 5%+ && pkill -RTMIN+10 i3blocks
bindsym --locked XF86AudioLowerVolume exec amixer set 'Master' 5%- && pkill -RTMIN+10 i3blocks
bindsym --locked XF86AudioMute exec amixer set Master toggle && pkill -RTMIN+10 i3blocks
bindsym --locked --to-code XF86AudioMicMute exec --no-startup-id pactl set-source-mute 1 toggle
# control media player
bindsym --locked XF86AudioPlay exec playerctl play-pause && pkill -RTMIN+11 i3blocks
bindsym --locked XF86LaunchA exec playerctl play-pause && pkill -RTMIN+11 i3blocks
bindsym --locked XF86AudioNext exec playerctl next && pkill -RTMIN+11 i3blocks
bindsym --locked XF86Explorer exec playerctl next && pkill -RTMIN+11 i3blocks
bindsym --locked XF86AudioPrev exec playerctl previous && pkill -RTMIN+11 i3blocks
bindsym --locked XF86Search exec playerctl previous && pkill -RTMIN+11 i3blocks
# control screen brightness
bindsym --locked XF86MonBrightnessUp exec brightnessctl set -d intel_backlight +5%
bindsym --locked XF86MonBrightnessDown exec brightnessctl set -d intel_backlight 5%-
# Basic bar configuration using the Base16 variables.
bar {
id bar
status_command i3blocks
mode dock
modifier $mod
position bottom
strip_workspace_numbers yes
workspace_buttons yes
#output LVDS-1
colors {
background $background
separator $light_green
statusline $foreground
# State Border BG Text
focused_workspace $light_black $dark_cyan $background
active_workspace $light_black $dark_green $background
inactive_workspace $dark_black $background $foreground
urgent_workspace $light_black $dark_red $background
binding_mode $light_black $dark_magenta $background
}
}
#hide_edge_borders both
bindsym XF86Launch1 exec aplay ~/lib/sounds/wortwitzklingel-mono.wav
# Basic color configuration using the Base16 variables for windows and borders.
# Property Name Border BG Text Indicator Child Border
client.focused $light_black $dark_cyan $background $dark_cyan $dark_cyan
client.focused_inactive $light_black $dark_green $background $dark_green $dark_green
client.unfocused $light_black $background $foreground $dark_white $dark_white
client.urgent $light_black $dark_red $background $dark_red $dark_red
client.placeholder $light_black $dark_magenta $background $dark_magenta $dark_magenta
input * {
xkb_layout eu
xkb_model pc105+inet
xkb_options caps:escape
natural_scroll enabled
}
input 2:7:SynPS/2_Synaptics_TouchPad {
# disables the input device
events disabled
}
output VGA-1 {
background $wallpaper fill
pos 0 0
}
output DP-2 {
background $wallpaper fill
pos 1280 0
}
output LVDS-1 {
background $wallpaper fill
pos 3840 0
}
seat * {
hide_cursor 5000
}
assign [app_id="thunderbird"] workspace 1
assign [app_id="telegramdesktop"] workspace 1
assign [app_id="firefox" title="Riot.*"] workspace 1
assign [app_id="firefox" title="Instant messaging.*"] workspace 1
assign [app_id="firefox" title="Threema Web.*"] workspace 1
assign [app_id="firefox" title="chaos\.social.*"] workspace 1
assign [app_id="thunderbird" title="Write:.*"] workspace 3
assign [app_id="firefox"] workspace 2
assign [app_id="jetbrains-studio"] workspace 3
assign [app_id="org.keepassxc.KeePassXC"] workspace 10
exec xset s off
exec mako
#exec swayidle -w timeout 300 '$HOME/bin/lock-session' timeout 240 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' before-sleep '$HOME/bin/lock-session' lock '$HOME/bin/lock-session'
#exec redshift
#exec keepassxc
#exec firefox
#exec thunderbird
#exec riot-desktop

39
modules/home/sway/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, pkgs, lib, colors, ...}:
with lib;
let
cfg = config.dadada.home.sway;
in {
options.dadada.home.sway = {
enable = mkEnableOption "Enable Sway config";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
qt5.qtwayland
swayidle
xwayland
mako
kanshi
i3blocks
termite
bemenu
xss-lock
] ++ (with unstable; [
swaylock
]);
wayland.windowManager.sway = {
enable = true;
config = null;
extraConfig = (builtins.readFile ./config);
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
# needs qt5.qtwayland in systemPackages
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
# Fix for some Java AWT applications (e.g. Android Studio),
# use this if they aren't displayed properly:
export _JAVA_AWT_WM_NONREPARENTING=1
'';
};
};
}

10
home/modules/syncthing.nix → modules/home/syncthing.nix
View file

@ -1,14 +1,8 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.home.syncthing;
in
{
in {
options.dadada.home.syncthing = {
enable = mkEnableOption "Enable Syncthing config";
};

69
modules/home/termite.nix Normal file
View file

@ -0,0 +1,69 @@
{
config,
lib,
pkgs,
colors ? ../../lib/colors.nix,
...
}:
with lib;
let
cfg = config.dadada.home.termite;
in {
options.dadada.home.termite = {
enable = mkEnableOption "Enable termite config";
};
config = mkIf cfg.enable {
programs.termite = {
enable = true;
allowBold = true;
audibleBell = false;
clickableUrl = true;
dynamicTitle = true;
font = "Source Code Pro 10";
mouseAutohide = false;
scrollOnOutput = false;
scrollOnKeystroke = true;
scrollbackLines = -1;
searchWrap = true;
urgentOnBell = true;
cursorBlink = "off";
cursorShape = "block";
sizeHints = false;
scrollbar = "off";
colorsExtra = ''
foreground = ${colors.foreground}
foreground_bold = ${colors.foregroundBold}
cursor = ${colors.cursor}
cursor_foreground = ${colors.cursorForeground}
background = ${colors.background}
color0 = ${colors.background}
color8 = ${colors.color8}
color7 = ${colors.color7}
color15 = ${colors.color15}
color1 = ${colors.color1}
color9 = ${colors.color9}
color2 = ${colors.color2}
color10 = ${colors.color10}
color3 = ${colors.color3}
color11 = ${colors.color11}
color4 = ${colors.color4}
color12 = ${colors.color12}
color5 = ${colors.color5}
color13 = ${colors.color13}
color6 = ${colors.color6}
color14 = ${colors.color14}
color16 = ${colors.color16}
color17 = ${colors.color17}
color18 = ${colors.color18}
color19 = ${colors.color19}
color20 = ${colors.color20}
color21 = ${colors.color21}
'';
};
# Add font that is used in config
home.packages = [
pkgs.source-code-pro
];
};
}

21
modules/home/tmux.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.home.tmux;
in {
options.dadada.home.tmux = {
enable = mkEnableOption "Enable tmux config";
};
config = mkIf cfg.enable {
programs.tmux = {
enable = true;
terminal = "xterm-256color";
extraConfig = ''
set -g status on
set-option -g set-titles on
set-option -g automatic-rename on
set-window-option -g mode-keys vi
'';
};
};
}

37
modules/home/vim/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.home.vim;
vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {};
in
{
options.dadada.home.vim = {
enable = mkEnableOption "Enable VIM config";
};
config = mkIf cfg.enable {
programs.vim = {
enable = true;
extraConfig = builtins.readFile ./vimrc;
plugins = [
pkgs.vimPlugins.vim-nix
#pkgs.vimPlugins.kotlin-vim
pkgs.vimPlugins.ale
pkgs.vimPlugins.fzf-vim
pkgs.vimPlugins.rust-vim
pkgs.vimPlugins.base16-vim
pkgs.vimPlugins.typescript-vim
pkgs.vimPlugins.vim-airline
pkgs.vimPlugins.vim-airline-themes
pkgs.vimPlugins.vim-fish
vimPlugins.spacemacsTheme
vimPlugins.filetype
#pkgs.vimPlugins.vim-gnupg
#pkgs.vimPlugins.vim-l9
pkgs.vimPlugins.vim-ledger
#pkgs.vimPlugins.clang_complete
];
};
home.packages = [ pkgs.languagetool ];
};
}

144
modules/home/vim/vimrc Normal file
View file

@ -0,0 +1,144 @@
filetype plugin on
filetype indent on
set autoread
" :W sudo saves the file
" (useful for handling the permission-denied error)
command W w !sudo tee % > /dev/null
" no command execution from modeline
set nomodeline
" Turn on the Wild menu
set wildmenu
" Enable hidden buffers
set hidden
" Clipboard copy & paste
"set clipboard=unnamedplus
" Always show current position
set ruler
" When searching try to be smart about cases
set smartcase
" Highlight search results
set hlsearch
" Inenteremental search
set incsearch
" Don't redraw while executing macros (good performance config)
set lazyredraw
" Do not show matching brackets when text indicator is over them
" set noshowmatch
" let loaded_matchparen = 1
" No annoying sound on errors
set noerrorbells
set novisualbell
set wrap
set linebreak
set nolist " list disables linebreak
" Enable syntax highlighting
syntax enable
if (has("termguicolors"))
set termguicolors
endif
set t_Co=256
set background=dark
colorscheme spacemacs-theme
" Use tabs for indent
set smarttab
set smartindent
set autoindent
set copyindent
set preserveindent
set wildmode=longest,list,full
set wildmenu
set cursorline
set number
set relativenumber
" Transparency
"hi Normal guibg=NONE ctermbg=NONE
"set list!
"set listchars=trail:⛤,extends:⟩,precedes:⟨,nbsp:␣,conceal:…
" Map leader to do extra key combinations
let mapleader = " "
" Toggle paste mode on and off
map <leader>pp :setlocal paste!<Enter>
" Fast saving
nmap <leader>w :w!<Enter>
" Buffer switching
nmap <leader>bb :Buffers<Enter>
nmap <leader>bl :Buffers<Enter>
nmap <leader>bn :bnext<Enter>
nmap <leader>bp :bprevious<Enter>
nmap <leader>ll :Lines<Enter>
nmap <leader>mm :Marks<Enter>
nmap <leader>ww :Windows<Enter>
nmap <leader>hh :History/<Enter>
nmap <leader>rr :reg<Enter>
" finding files
nmap <leader>ff :Files<Enter>
nmap <leader>pp :FufDir<Enter>
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
"let g:syntastic_always_populate_loc_list = 1
"let g:syntastic_auto_loc_list = 1
"let g:syntastic_check_on_open = 1
"let g:syntastic_check_on_wq = 0
nmap <leader>sp :ALEFindReferences<Enter>
nmap <leader>ss :ALESymbolSearch<Enter>
nmap <leader>gd :ALEGoToDefinition<Enter>
nmap <leader>?? :ALEHover<Enter>
" Enable completion where available.
" This setting must be set before ALE is loaded.
let g:ale_completion_enabled = 1
let g:ale_fix_on_save = 1
let g:ale_warn_about_trailing_whitespace = 1
let g:ale_warn_about_trailing_lines = 1
let g:ale_completion_tsserver_autoimport = 1
let g:ale_languagetool_executable = 'languagetool-commandline'
"let g:ale_lint_on_text_changed = 'never'
" You can disable this option too
" if you don't want linters to run on opening a file
"let g:ale_lint_on_enter = 0
" Set airline theme
let g:airline_theme='base16_spacemacs'
" Load all plugins now.
" Plugins need to be added to runtimepath before helptags can be generated.
packloadall
" Load all of the helptags now, after plugins have been loaded.
" All messages and errors will be ignored.
silent! helptags ALL
set omnifunc=ale#completion#OmniFunc

30
home/modules/xdg.nix → modules/home/xdg.nix
View file

@ -1,14 +1,9 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
apps = {
"x-scheme-handler/mailto" = "evolution.desktop";
"message/rfc822" = "evolution.desktop";
"x-scheme-handler/mailto" = "userapp-Thunderbird-PB7NI0.desktop";
"message/rfc822" = "userapp-Thunderbird-PB7NI0.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/ftp" = "firefox.desktop";
@ -20,36 +15,35 @@ let
"application/xhtml+xml" = "firefox.desktop";
"application/x-extension-xhtml" = "firefox.desktop";
"application/x-extension-xht" = "firefox.desktop";
"application/pdf" = "evince.desktop";
"text/plain" = "vim.desktop";
"application/pdf" = "org.pwmt.zathura.desktop";
};
cfg = config.dadada.home.xdg;
in
{
in {
options.dadada.home.xdg = {
enable = mkEnableOption "Enable XDG config";
};
config = mkIf cfg.enable {
xdg = {
enable = true;
configHome = "${config.home.homeDirectory}/.config";
mimeApps = {
enable = false;
associations.added = apps;
defaultApplications = apps;
};
userDirs = {
desktop = "\$HOME/.desktop";
download = "\$HOME/tmp";
download ="\$HOME/tmp";
music = "\$HOME/lib/music";
videos = "\$HOME/lib/videos";
videos ="\$HOME/lib/videos";
pictures = "\$HOME/lib/pictures";
documents = "\$HOME/lib";
desktop = "$HOME/tmp";
};
};
home.packages = with pkgs; [
evince
firefox
xdg-utils
firefox-bin
xdg_utils
zathura
];
};
}

65
modules/home/zsh.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.home.zsh;
in {
options.dadada.home.zsh = {
enable = mkEnableOption "Enable ZSH config";
};
config = mkIf cfg.enable {
programs.fzf.enableZshIntegration = true;
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
autocd = true;
sessionVariables = {
EDITOR = "vim";
};
history = {
extended = true;
ignoreDups = true;
ignoreSpace = true;
save = 100000;
share = true;
};
plugins = [
];
initExtra = ''
source ~/.nix-profile/share/zsh-git-prompt/zshrc.sh
source ~/.nix-profile/share/fzf/key-bindings.zsh
source ~/.nix-profile/share/fzf/completion.zsh
preexec() { echo -n -e "\033]0;$1\007" }
PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f "
RPROMPT='$(git_super_status)'
#NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh"
if [ "$TMUX" = "" ]
then
tmux
fi
'';
profileExtra = ''
'';
shellAliases = {
gst = "git status";
gco = "git commit";
glo = "git log";
gad = "git add";
ls = "exa";
ll = "exa -l";
la = "exa -la";
mv = "mv -i";
cp = "cp -i";
};
};
home.packages = with pkgs; [
fzf
exa
zsh-git-prompt
tmux
];
};
}

18
modules/homepage.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, pkgs, lib, ... }:
let
cfg = config.dadada.homePage;
in with lib; {
options.dadada.homePage = {
enable = mkEnableOption "Enable home page";
};
config = mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."dadada.li" = {
enableACME = true;
forceSSL = true;
root = pkgs.homePage;
};
};
}

14
modules/module-list.nix Normal file
View file

@ -0,0 +1,14 @@
[
./admin.nix
./backup.nix
./element.nix
./fido2.nix
./fileShare.nix
./homepage.nix
./networking.nix
./share.nix
./steam.nix
./update.nix
./vpnServer.nix
./weechat.nix
]

80
modules/networking.nix Normal file
View file

@ -0,0 +1,80 @@
{ config, pkgs, lib, ...}:
with lib;
let
cfg = config.dadada.networking;
in {
options.dadada.networking = {
useLocalResolver = mkEnableOption "Enable local caching name server";
wanInterfaces = mkOption {
type = with types; listOf str;
description = "WAN network interfaces";
default = [];
};
vpnExtension = mkOption {
type = with types; nullOr str;
description = "Last part of VPN address";
default = null;
};
enableBsShare = mkEnableOption "Enable network share at BS location";
};
config = {
networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true;
services.unbound = mkIf cfg.useLocalResolver {
enable = true;
allowedAccess = [
"127.0.0.1/8"
"::1"
];
extraConfig = ''
tls-upstream: yes
tls-cert-bundle: "/etc/ssl/certs/ca-bundle.crt"
forward-zone:
name: .
forward-tls-upstream: yes
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
'';
};
networking.useDHCP = false;
networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i {
useDHCP = true;
}));
networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
bs = {
ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ];
listenPort = 51234;
privateKeyFile = "/var/lib/wireguard/privkey";
peers = [
{
publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs=";
allowedIPs = [ "fd42:dead:beef::/48" ];
endpoint = "bs.vpn.dadada.li:51234";
persistentKeepalive = 25;
}
];
};
};
fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare {
device = "media.dadada.li:/mnt/storage/share";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
networking.firewall = {
enable = true;
allowedUDPPorts = [
51234 # Wireguard
5353 # mDNS
];
};
};
}

26
modules/profiles/base/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
with lib;
{
nixpkgs.overlays = attrValues (import ../../../overlays);
imports = import ../../module-list.nix;
networking.domain = mkDefault "dadada.li";
dadada.admin.users = {
"dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ];
};
#dadada.autoUpgrade = mkDefault true;
environment.noXlibs = mkDefault true;
documentation.enable = mkDefault false;
documentation.nixos.enable = mkDefault false;
i18n.defaultLocale = mkDefault "en_US.UTF-8";
console = mkDefault {
font = "Lat2-Terminus16";
keyMap = "us";
};
}

4
modules/profiles/default.nix Normal file
View file

@ -0,0 +1,4 @@
{
base = ./base;
laptop = ./laptop;
}

37
modules/profiles/laptop/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, lib, ... }:
with lib;
{
imports = [
../base
];
dadada = {
networking = {
useLocalResolver = mkDefault true;
};
};
services.fwupd.enable = true;
fonts.fonts = mkDefault (with pkgs; [
source-code-pro
]);
time.timeZone = mkDefault "Europe/Berlin";
programs.zsh = mkDefault {
enable = true;
autosuggestions.enable = true;
enableCompletion = true;
histSize = 100000;
vteIntegration = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "pattern" "cursor" "root" "line" ];
};
};
environment.noXlibs = false;
documentation.enable = true;
documentation.nixos.enable = true;
}

12
nixos/modules/share.nix → modules/share.nix
View file

@ -1,14 +1,9 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.share;
in
{
in {
options.dadada.share = {
enable = mkEnableOption "Enable file share";
};
@ -32,3 +27,4 @@ in
};
};
}

21
nixos/modules/steam.nix → modules/steam.nix
View file

@ -1,22 +1,17 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.steam;
in
{
options = {
dadada.steam = {
enable = mkEnableOption "Enable Steam config";
};
in {
options.dadada.steam = {
enable = mkEnableOption "Enable Steam config";
};
config = mkIf cfg.enable {
hardware.graphics = {
nixpkgs.config.allowUnfree = true;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
};

27
modules/update.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.autoUpgrade;
in {
options.dadada.autoUpgrade = {
enable = mkEnableOption "Enable automatic upgrades";
};
config = mkIf cfg.enable {
nix = {
autoOptimiseStore = true;
useSandbox = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
system.autoUpgrade = {
enable = true;
dates = "daily";
};
};
}

47
modules/vpnServer.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, lib, ... }:
with lib;
let
cfg = config.dadada.vpnServer;
wgPeer = { name, ... }: {
options = {
name = mkOption {
internal = true;
default = name;
};
id = mkOption {
description = "VPN client id";
default = 0;
type = types.str;
};
key = mkOption {
description = "VPN client public key";
default = "";
type = types.str;
};
};
};
in {
options.dadada.vpnServer = {
enable = mkEnableOption "Enable wireguard gateway";
peers = mkOption {
description = "Set of extensions and public keys of peers";
type = with types; attrsOf (submodule wgPeer);
default = {};
};
};
config = mkIf cfg.enable {
networking.wireguard.enable = true;
networking.wireguard.interfaces."wg0" = {
allowedIPsAsRoutes = true;
privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:dead:beef:1337::0/64" ];
listenPort = 51234;
peers = map (peer: (
{
allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ];
publicKey = peer.key;
})) (attrValues cfg.peers);
};
};
}

14
nixos/modules/weechat.nix → modules/weechat.nix
View file

@ -1,14 +1,9 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.weechat;
in
{
in {
options.dadada.weechat = {
enable = mkEnableOption "Enable weechat relay";
};
@ -36,7 +31,7 @@ in
};
};
services.nginx.virtualHosts."weechat.dadada.li" = {
enableACME = true;
useACMEHost = "webchat.dadada.li";
forceSSL = true;
root = "${pkgs.nginx}/html";
@ -60,3 +55,4 @@ in
};
};
}

110
nixos/configurations.nix
View file

@ -1,110 +0,0 @@
{
self,
agenix,
disko,
home-manager,
homepage,
lanzaboote,
nixos-hardware,
nixos-generators,
nixpkgs,
...
}@inputs:
let
# create a new instance allowing some unfree packages
nixpkgsx86 = import nixpkgs {
system = "x86_64-linux";
config.allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"aspell-dict-en-science"
"brgenml1lpr"
"saleae-logic-2"
"spotify"
];
};
nixosSystem = nixpkgs.lib.nixosSystem;
baseModule =
{ lib, ... }:
{
_module.args.inputs = inputs;
imports = [
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
(
{ pkgs, ... }:
{
dadada.homepage.package = homepage;
dadada.pkgs = inputs.self.packages.${pkgs.system};
dadada.inputs = inputs // {
dadada = inputs.self;
};
}
)
inputs.lanzaboote.nixosModules.lanzaboote
]
++ (lib.attrValues inputs.self.nixosModules);
};
homeModule = ./modules/profiles/home.nix;
in
{
stolas = nixosSystem {
modules = [
{ nixpkgs.pkgs = nixpkgsx86; }
baseModule
nixos-hardware.nixosModules.framework-amd-ai-300-series
homeModule
./stolas
];
};
gorgon = nixosSystem {
modules = [
{ nixpkgs.pkgs = nixpkgsx86; }
baseModule
nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
homeModule
./gorgon/configuration.nix
];
};
surgat = nixosSystem {
modules = [
{ nixpkgs.pkgs = nixpkgsx86; }
baseModule
./surgat/configuration.nix
];
};
installer = nixosSystem {
modules = [
nixos-generators.nixosModules.install-iso
inputs.self.nixosModules.admin
(
{ lib, ... }:
{
nixpkgs.pkgs = nixpkgs.legacyPackages."x86_64-linux";
isoImage.isoName = lib.mkForce "dadada-nixos-installer.iso";
networking.tempAddresses = "disabled";
dadada.admin.enable = true;
documentation.enable = true;
documentation.nixos.enable = true;
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
}
)
];
};
ninurta = nixosSystem {
modules = [
{ nixpkgs.pkgs = nixpkgsx86; }
baseModule
./ninurta/configuration.nix
];
};
}

284
nixos/gorgon/configuration.nix
View file

@ -1,284 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
secretsPath = config.dadada.secrets.path;
xilinxJtag = pkgs.writeTextFile {
name = "xilinx-jtag";
text = ''
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/61-xilinx-jtag.rules";
};
saleaeLogic = pkgs.writeTextFile {
name = "saleae-logic";
text = ''
# Saleae Logic analyzer (USB Based)
ATTRS{idVendor}=="21a9", ATTRS{idProduct}=="1006", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/61-saleae-logic.rules";
};
keychron = pkgs.writeTextFile {
name = "keychron";
text = ''
# Saleae Logic analyzer (USB Based)
ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0280", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/61-keychron.rules";
};
in
{
imports = [
../modules/profiles/laptop.nix
./hardware-configuration.nix
];
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = true;
dadada.backupClient.backup2 = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
};
dadada.backupClient.gs = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path;
};
age.secrets."${config.networking.hostName}-backup-passphrase-gs".file =
"${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
programs.ssh.startAgent = true;
nix.extraOptions = ''
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
keep-outputs = true
keep-derivations = true
'';
boot = {
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
kernelParams = [ "resume=/dev/disk/by-label/swap" ];
initrd = {
systemd.enable = true;
luks.devices = {
root = {
device = "/dev/disk/by-uuid/3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4";
preLVM = true;
allowDiscards = true;
crypttabExtraOpts = [ "fido2-device=auto" ];
};
};
};
};
zramSwap.enable = true;
networking.hostName = "gorgon";
dadada = {
steam.enable = false;
yubikey.enable = true;
};
programs.adb.enable = true;
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
};
programs.wireshark.enable = true;
services.avahi.enable = true;
services.smartd.enable = true;
services.tor = {
enable = true;
client.enable = true;
};
services.paperless = {
enable = true;
passwordFile = config.age.secrets.paperless.path;
};
systemd.tmpfiles.rules =
let
cfg = config.services.paperless;
in
[
(
if cfg.consumptionDirIsPublic then
"d '${cfg.consumptionDir}' 777 - - - -"
else
"d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
)
];
age.secrets.paperless = {
file = "${config.dadada.secrets.path}/paperless.age";
mode = "700";
owner = "paperless";
};
# Enable CUPS to print documents.
services.printing = {
enable = true;
browsing = true;
drivers = with pkgs; [
config.dadada.pkgs.citizen-cups
hplip
brlaser
brgenml1lpr
brgenml1cupswrapper
];
};
#hardware.printers.ensurePrinters = [
# {
# name = "Brother_HL-L2300D";
# model = "everywhere";
# location = "BS";
# deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D";
# }
#];
environment.systemPackages = with pkgs; [
ghostscript
smartmontools
dmenu
grim # screenshot functionality
slurp # screenshot functionality
#mako # notification system developed by swaywm maintainer
pulseaudio
# KDE apps
kdePackages.kmail
kdePackages.kmail-account-wizard
];
networking.firewall = {
enable = true;
allowedTCPPorts = [
22000 # Syncthing
];
allowedUDPPorts = [
21027 # Syncthing
];
};
systemd.services.modem-manager.enable = lib.mkForce false;
systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
systemd.sleep.extraConfig = ''
HibernateDelaySec=1h
'';
services.udev.packages = [
xilinxJtag
saleaeLogic
keychron
pkgs.libsigrok
]; # noMtpUdevRules ];
virtualisation.libvirtd.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
users.users = {
dadada = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"libvirtd"
"adbusers"
"kvm"
"video"
"scanner"
"lp"
"docker"
"dialout"
"wireshark"
"paperless"
];
shell = "/run/current-system/sw/bin/zsh";
};
};
networking.hosts = {
"127.0.0.2" = [ "kanboard.dadada.li" ];
};
services.gnome.gnome-keyring.enable = lib.mkForce false;
programs.gnupg.agent.enable = true;
# KDE
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true;
displayManager.sddm.wayland.enable = true;
};
services.greetd = {
enable = false;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
systemd.user.services.kanshi = {
enable = false;
description = "kanshi daemon";
environment = {
WAYLAND_DISPLAY = "wayland-1";
DISPLAY = ":0";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.kanshi}/bin/kanshi'';
};
};
# enable Sway window manager
programs.sway = {
enable = false;
wrapperFeatures.gtk = true;
};
programs.light.enable = true;
xdg.portal.wlr.enable = false;
hardware.bluetooth.enable = true;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "schedutil";
powerUpCommands = ''
echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold
echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold
'';
};
services.tlp.enable = false;
system.stateVersion = "23.11";
}

53
nixos/gorgon/hardware-configuration.nix
View file

@ -1,53 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"ehci_pci"
"xhci_pci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5B90-D460";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef";
fsType = "ext4";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; }
];
nix.settings.max-jobs = lib.mkDefault 16;
}

122
nixos/modules/admin.nix
View file

@ -1,122 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.admin;
extraGroups = [
"wheel"
"libvirtd"
];
shells = {
"bash" = pkgs.bashInteractive;
"zsh" = pkgs.zsh;
"fish" = pkgs.fish;
};
shellNames = builtins.attrNames shells;
adminOpts =
{
name,
config,
...
}:
{
options = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
apply =
x:
assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in");
x;
description = ''
The keys that should be able to access the account.
'';
};
shell = mkOption {
type = types.nullOr types.str;
apply =
x:
assert (
builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"
);
x;
default = "zsh";
defaultText = literalExpression "zsh";
example = literalExpression "bash";
description = ''
One of ${builtins.toString shellNames}
'';
};
};
};
in
{
options = {
dadada.admin = {
enable = mkEnableOption "Enable admin access";
users = mkOption {
type = with types; attrsOf (submodule adminOpts);
default = import ../../admins.nix;
description = ''
Admin users with root access machine.
'';
example = literalExample "\"user1\" = { shell = pkgs.bashInteractive; keys = [ 'ssh-rsa 123456789' ]; }";
};
rat = mkOption {
type = types.bool;
default = false;
description = ''
Enable NAT and firewall traversal for SSH via tor hidden service
'';
};
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.users != [ ];
message = "Must provide at least one admin, if the admin module is enabled.";
}
];
programs.zsh.enable = mkDefault true;
services.sshd.enable = true;
services.openssh.settings.PasswordAuthentication = false;
security.sudo.wheelNeedsPassword = lib.mkDefault false;
services.openssh.openFirewall = true;
users.users = mapAttrs (user: keys: {
shell = shells."${keys.shell}";
extraGroups = lib.mkDefault extraGroups;
isNormalUser = true;
openssh.authorizedKeys.keys = keys.keys;
}) cfg.users;
nix.settings.trusted-users = builtins.attrNames cfg.users;
users.mutableUsers = mkDefault false;
environment.systemPackages = with pkgs; [
helix
tmux
];
services.tor.relay.onionServices = {
"rat" = mkIf cfg.rat.enable {
name = "rat";
map = [ { port = 22; } ];
};
};
};
}

196
nixos/modules/backup.nix
View file

@ -1,196 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
backupExcludes = [
"/backup"
"/dev"
"/efi"
"/home/*/.cache"
"/home/*/.config/Riot/Cache"
"/home/iserv"
"/lost+found"
"/mnt"
"/nix"
"/proc"
"/root"
"/run"
"/sys"
"/tmp"
"/var/cache"
"/var/lib/machines"
"/var/log"
"/var/tmp"
"/swapfile"
];
cfg = config.dadada.backupClient;
in
{
options = {
dadada.backupClient = {
gs = {
enable = mkEnableOption "Enable backup to GS location";
passphrasePath = mkOption {
type = with types; nullOr str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/gs/passphrase";
};
};
bs = {
enable = mkEnableOption "Enable backup to BS location";
passphrasePath = mkOption {
type = types.str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/bs/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = ''
Path to the SSH key that is used to transmit the backup.
'';
default = "/var/lib/borgbackup/bs/id_ed25519";
};
};
backup1 = {
enable = mkEnableOption "Enable backup to new BS location";
passphrasePath = mkOption {
type = types.str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/backup1/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = ''
Path to the SSH key that is used to transmit the backup.
'';
default = "/var/lib/borgbackup/backup1/id_ed25519";
};
};
backup2 = {
enable = mkEnableOption "Enable backup to Hetzner storage box";
passphrasePath = mkOption {
type = types.str;
description = "The path to the passphrase file.";
default = "/var/lib/borgbackup/backup2/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = "Path to the SSH key that is used to transmit the backup.";
default = "/var/lib/borgbackup/backup2/id_ed25519";
};
repo = mkOption {
type = types.str;
description = "URL to the repo inside the sub-account.";
example = "u355513-sub1@u355513-sub1.your-storagebox.de:borg";
};
};
};
};
config = {
systemd.mounts = mkIf cfg.gs.enable [
{
type = "ext4";
what = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5";
where = "/backup";
options = "nofail,noauto";
}
];
systemd.automounts = mkIf cfg.gs.enable [
{
where = "/backup";
automountConfig.TimeoutIdleSec = "600";
}
];
services.borgbackup.jobs.gs = mkIf cfg.gs.enable {
removableDevice = true;
paths = "/";
exclude = backupExcludes;
repo = "/backup/${config.networking.hostName}";
doInit = false;
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.gs.passphrasePath}";
};
compression = "auto,lz4";
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 2;
monthly = -1; # Keep at least one archive for each month
yearly = -1; # Keep at least one archive for each year
};
startAt = "monthly";
};
systemd.services."borgbackup-job-gs".enable = mkIf cfg.gs.enable true;
systemd.services."borgbackup-job-gs".wants = mkIf cfg.gs.enable [ "backup.mount" ];
systemd.timers."borgbackup-job-gs".enable = mkIf cfg.gs.enable true;
services.borgbackup.jobs.bs = mkIf cfg.bs.enable {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
doInit = false;
environment = {
BORG_RSH = "ssh -6 -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.bs.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
environment = {
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
};
services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}";
doInit = true;
environment = {
BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.backup1.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
};
services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable {
paths = "/";
exclude = backupExcludes;
repo = cfg.backup2.repo;
doInit = true;
environment = {
BORG_RSH = "ssh -6 -p23 -i ${cfg.backup2.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.backup2.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
environment = {
BORG_RELOCATED_REPO_ACCESS_IS_OK = "no";
};
};
};
}

99
nixos/modules/borg-server.nix
View file

@ -1,99 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
types
;
cfg = config.dadada.borgServer;
in
{
options = {
dadada.borgServer = {
enable = mkEnableOption "Enable Borg backup server";
path = mkOption {
type = types.path;
default = "/var/lib/backup";
example = "/mnt/storage/backup";
};
};
};
config = mkIf cfg.enable {
users.users.borg.home = cfg.path;
services.borgbackup.repos = {
"metis" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis"
];
path = "${cfg.path}/metis";
quota = "1T";
};
"gorgon" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon"
];
path = "${cfg.path}/gorgon";
quota = "1T";
};
"stolas" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINC/mVYd3o7oA0dsA58CgkqR40CSfeuU+rikleSrSXFz dadada@gorgon"
];
path = "${cfg.path}/stolas";
quota = "1T";
};
"surgat" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat"
];
path = "${cfg.path}/surgat";
quota = "50G";
};
"pruflas" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas"
];
path = "${cfg.path}/pruflas";
quota = "50G";
};
"wohnzimmerpi" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi"
];
path = "${cfg.path}/wohnzimmerpi";
quota = "50G";
};
"fginfo" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup
];
path = "${cfg.path}/fginfo";
quota = "50G";
};
"fginfo-git" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCNSecnVGNPpX2BEvP7EkkHzx46RzJ1L3eaAyIfLYRB flareflo@Dragoncave" # restore from backup
];
path = "${cfg.path}/fginfo-git";
quota = "50G";
};
};
systemd.tmpfiles.rules = [
"d ${cfg.path} 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -"
];
};
}

94
nixos/modules/ddns.nix
View file

@ -1,94 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.ddns;
ddnsConfig =
{
domains,
credentialsPath,
interface,
}:
{
systemd.timers = listToAttrs (
forEach domains (
domain:
nameValuePair "ddns-${domain}" {
wantedBy = [ "timers.target" ];
partOf = [ "ddns-${domain}.service" ];
timerConfig.OnCalendar = "hourly";
}
)
);
systemd.services = listToAttrs (
forEach domains (
domain:
nameValuePair "ddns-${domain}" {
serviceConfig = {
Type = "oneshot";
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
PrivateMounts = true;
PrivateIPC = true;
ProtectHome = true;
ProtectSystem = "strict";
ProtectKernelTunables = true;
BindReadOnlyPaths = [ credentialsPath ];
NoNewPrivileges = true;
CapabilitBoundingSet = [ ];
};
script = ''
function url() {
echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
}
IFS=':'
read -r user password < ${credentialsPath}
unset IFS
curl_url=$(url "$user" "$password" ${domain})
${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${
if interface == null then "" else "--interface ${interface}"
} || true
${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${
if interface == null then "" else "--interface ${interface}"
}
'';
}
)
);
};
in
{
options = {
dadada.ddns.domains = mkOption {
type = types.listOf types.str;
description = ''
Enables DDNS for these domains.
'';
example = ''
[ "example.com" ]
'';
default = [ ];
};
dadada.ddns.credentialsPath = mkOption {
type = types.path;
description = "Credentials file";
default = "/var/lib/ddns/credentials";
};
dadada.ddns.interface = mkOption {
type = types.nullOr types.str;
description = "Source interface to use";
default = null;
};
};
config = with cfg; ddnsConfig { inherit domains interface credentialsPath; };
}

16
nixos/modules/default.nix
View file

@ -1,16 +0,0 @@
{ lib, ... }:
with lib;
let
modules' =
dir:
filterAttrs (
name: type:
(name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))
) (builtins.readDir dir);
modules =
dir:
mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
modules' dir
);
in
(modules ./.)

102
nixos/modules/gitea.nix
View file

@ -1,102 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.dadada.forgejo;
in
{
options.dadada.forgejo = {
enable = lib.mkEnableOption "Enable forgejo";
};
config = lib.mkIf cfg.enable {
services.forgejo = {
enable = true;
user = "gitea";
group = "gitea";
stateDir = "/var/lib/gitea";
database = {
type = "postgres";
name = "gitea";
user = "gitea";
};
settings = {
DEFAULT.APP_NAME = "dadada forgejo";
service = {
DISABLE_REGISTRATION = true;
};
sessions = {
COOKIE_SECURE = true;
};
server = {
ROOT_URL = "https://git.dadada.li/";
PROTOCOL = "http+unix";
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
DISABLE_SSH = false;
# Use built-in SSH server
START_SSH_SERVER = true;
SSH_PORT = 22;
DOMAIN = "git.dadada.li";
};
picture = {
DISABLE_GRAVATAR = true;
REPOSITORY_AVATAR_FALLBACK = "random";
ENABLE_FEDERATED_AVATAR = false;
};
other = {
SHOW_FOOTER_BRANDING = false;
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
log = {
DISABLE_ROUTER_LOG = true;
LEVEL = "Error";
};
cache = {
ENABLE = true;
ADAPTER = "redis";
HOST = "network=unix,addr=${config.services.redis.servers.forgejo.unixSocket},db=0,pool_size=100,idle_timeout=180";
};
};
};
services.redis = {
servers.forgejo = {
enable = true;
user = config.services.forgejo.user;
};
vmOverCommit = true;
};
systemd.services.forgejo.serviceConfig = {
AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE";
PrivateUsers = lib.mkForce false;
};
services.nginx.virtualHosts."git.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://unix:/run/forgejo/forgejo.sock:/;
'';
};
users.users.gitea = {
home = "/var/lib/gitea";
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
};
users.groups.gitea = { };
};
}

30
nixos/modules/headphones.nix
View file

@ -1,30 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.headphones;
in
{
options = {
dadada.headphones = {
enable = mkEnableOption "Enable bluetooth headphones with more audio codecs.";
};
};
config = mkIf cfg.enable {
hardware = {
bluetooth.enable = true;
pulseaudio = {
enable = true;
extraModules = [ pkgs.pulseaudio-modules-bt ];
extraConfig = ''
set-source-volume 1 10000
'';
package = pkgs.pulseaudioFull;
};
};
};
}

27
nixos/modules/homepage.nix
View file

@ -1,27 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.dadada.homepage;
in
with lib;
{
options.dadada.homepage = {
enable = mkEnableOption "Enable home page";
package = mkOption {
type = lib.types.path;
description = "Path containing the homepage";
};
};
config = mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."dadada.li" = {
enableACME = true;
forceSSL = true;
root = "${cfg.package}";
};
};
}

20
nixos/modules/inputs.nix
View file

@ -1,20 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.dadada.inputs;
in
{
options = {
dadada.inputs = lib.mkOption {
type = lib.types.attrsOf lib.types.attrs;
description = "Flake inputs that should be available inside Nix modules";
default = { };
};
};
config = { };
}

37
nixos/modules/miniflux.nix
View file

@ -1,37 +0,0 @@
{ config, lib, ... }:
let
cfg = config.dadada.miniflux;
domain = "miniflux.${config.networking.domain}";
adminCredentialsFile = "miniflux-admin-credentials";
in
{
options.dadada.miniflux = {
enable = lib.mkEnableOption "Enable miniflux RSS aggregator";
};
config = lib.mkIf cfg.enable {
services.miniflux = {
enable = true;
config = {
CLEANUP_FREQUENCY = "48";
LISTEN_ADDR = "localhost:8080";
};
adminCredentialsFile = config.age.secrets.${adminCredentialsFile}.path;
};
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:8080/;
'';
};
age.secrets.${adminCredentialsFile} = {
file = "${config.dadada.secrets.path}/${adminCredentialsFile}.age";
mode = "0600";
};
};
}

10
nixos/modules/packages.nix
View file

@ -1,10 +0,0 @@
{ config, lib, ... }:
{
options = {
dadada.pkgs = lib.mkOption {
type = lib.types.attrsOf lib.types.package;
description = "Additional packages that are not sourced from nixpkgs";
default = { };
};
};
}

28
nixos/modules/profiles/backup.nix
View file

@ -1,28 +0,0 @@
{ config, lib, ... }:
let
secretsPath = config.dadada.secrets.path;
in
{
dadada.backupClient.bs = {
enable = lib.mkDefault false;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
dadada.backupClient.backup1 = {
enable = lib.mkDefault true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
dadada.backupClient.backup2 = {
enable = lib.mkDefault false;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
age.secrets."${config.networking.hostName}-backup-passphrase".file =
"${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
age.secrets."${config.networking.hostName}-backup-ssh-key".file =
"${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
}

74
nixos/modules/profiles/base.nix
View file

@ -1,74 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
mkDefault = lib.mkDefault;
inputs = config.dadada.inputs;
in
{
imports = [
./upgrade-pg-cluster.nix
];
boot.tmp.useTmpfs = lib.mkDefault true;
boot.tmp.tmpfsSize = lib.mkDefault "50%";
i18n.defaultLocale = mkDefault "en_US.UTF-8";
console = mkDefault {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n.supportedLocales = mkDefault [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
];
time.timeZone = mkDefault "Europe/Berlin";
nix.package = pkgs.lix;
nix.settings.substituters = [ "https://cache.nixos.org/" ];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
];
nix.settings.require-sigs = true;
nix.settings.auto-optimise-store = true;
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 3d";
};
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
networking.networkmanager.dns = mkDefault "systemd-resolved";
networking.hosts = {
"fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" = [ "backup1.dadada.li" ];
};
services.resolved = {
enable = mkDefault true;
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"2620:fe::fe:11#dns11.quad9.net"
];
};
programs.zsh.enable = mkDefault true;
# Avoid some bots
services.openssh.ports = [ 2222 ];
}

54
nixos/modules/profiles/cloud.nix
View file

@ -1,54 +0,0 @@
{ config, lib, ... }:
let
secretsPath = config.dadada.secrets.path;
initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key";
in
{
imports = [
./server.nix
];
boot.initrd.availableKernelModules = [ "virtio-pci" ];
boot.kernelParams = [
# Wait forever for the filesystem root to show up
"rootflags=x-systemd.device-timeout=0"
# Wait forever to enter the LUKS passphrase via SSH
"rd.luks.options=timeout=0"
];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2223;
hostKeys = [
config.age.secrets."${initrdHostKey}".path
];
authorizedKeys =
with lib;
concatLists (
mapAttrsToList (
name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
) config.users.users
);
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
assertions = lib.singleton {
assertion =
(config.boot.initrd.network.ssh.hostKeys != [ ])
-> config.boot.loader.supportsInitrdSecrets == true;
message = "Refusing to store private keys in store";
};
age.secrets."${initrdHostKey}" = {
file = "${secretsPath}/initrd-${initrdHostKey}.age";
mode = "600";
path = "/etc/initrd/${initrdHostKey}";
symlink = false;
};
}

7
nixos/modules/profiles/home.nix
View file

@ -1,7 +0,0 @@
{ pkgs, inputs, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules;
home-manager.users.dadada = inputs.self.hmConfigurations.dadada;
}

52
nixos/modules/profiles/laptop.nix
View file

@ -1,52 +0,0 @@
{
config,
lib,
...
}:
let
inputs = config.dadada.inputs;
in
with lib;
{
imports = [
./backup.nix
./base.nix
];
networking.domain = mkDefault "dadada.li";
services.fwupd.enable = mkDefault true;
programs.ssh.enableAskPassword = true;
programs.nix-ld.enable = true;
nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs;
nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs);
nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json";
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
users.mutableUsers = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = mkDefault true;
boot.loader.efi.canTouchEfiVariables = mkDefault true;
services.fstrim.enable = mkDefault true;
services.avahi.enable = mkDefault true;
networking.networkmanager.enable = mkDefault true;
networking.firewall.enable = mkDefault true;
xdg.mime.enable = mkDefault true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.pulseaudio.enable = false;
security.sudo.wheelNeedsPassword = true;
}

42
nixos/modules/profiles/server.nix
View file

@ -1,42 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
imports = [
./backup.nix
./base.nix
];
networking.domain = mkDefault "dadada.li";
networking.tempAddresses = "disabled";
dadada.admin.enable = true;
documentation.enable = mkDefault false;
documentation.nixos.enable = mkDefault false;
services.btrfs.autoScrub.enable = mkDefault (
(filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }
);
services.journald.extraConfig = ''
SystemKeepFree = 2G
MaxRetentionSec = 100days
'';
system.autoUpgrade = {
enable = true;
flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}";
allowReboot = mkDefault false;
randomizedDelaySec = "45min";
};
security.acme = {
defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
acceptTerms = true;
};
}

37
nixos/modules/profiles/upgrade-pg-cluster.nix
View file

@ -1,37 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = lib.mkIf config.services.postgresql.enable [
(
let
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_15.withPackages (pp: [ ]);
in
pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
''
)
];
}

10
nixos/modules/secrets.nix
View file

@ -1,10 +0,0 @@
{ config, lib, ... }:
{
options = {
dadada.secrets.path = lib.mkOption {
type = lib.types.path;
description = "Path to encrypted secrets files";
default = ../../secrets;
};
};
}

66
nixos/modules/vpnServer.nix
View file

@ -1,66 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.vpnServer;
wgPeer =
{ name, ... }:
{
options = {
name = mkOption {
internal = true;
default = name;
};
id = mkOption {
description = "VPN client id";
default = 0;
type = types.str;
};
key = mkOption {
description = "VPN client public key";
default = "";
type = types.str;
};
};
};
in
{
options.dadada.vpnServer = {
enable = mkEnableOption "Enable wireguard gateway";
peers = mkOption {
description = "Set of extensions and public keys of peers";
type = with types; attrsOf (submodule wgPeer);
default = { };
};
};
config = mkIf cfg.enable {
networking.wireguard = {
enable = true;
interfaces."wg0" = {
allowedIPsAsRoutes = true;
privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:9c3b:f96d:0201::0/64" ];
listenPort = 51234;
peers = map (peer: {
allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
publicKey = peer.key;
}) (attrValues cfg.peers);
postSetup = ''
wg set wg0 fwmark 51234
ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3
ip -6 route add table 2468 fd42:9c3b:f96d:201::/64 dev wg0
ip -6 rule add fwmark 51234 table 2468
'';
};
};
boot.kernel.sysctl = {
# Enable forwarding for VPN
"net.ipv6.conf.wg0.forwarding" = true;
"net.ipv6.conf.ens3.forwarding" = true;
};
};
}

53
nixos/modules/yubikey.nix
View file

@ -1,53 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
yubikey = config.dadada.yubikey;
in
{
options = {
dadada.yubikey = {
enable = mkEnableOption "Enable Yubikey";
fido2Credentials = mkOption {
type = with types; listOf str;
description = "FIDO2 credential strings";
default = [ ];
};
luksUuid = mkOption {
type = with types; nullOr str;
description = "Device UUID";
default = null;
};
};
};
config = mkIf yubikey.enable {
security.pam = {
# Keys must be placed in $XDG_CONFIG_HOME/Yubico/u2f_keys
services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
u2f = {
control = "sufficient";
settings.cue = true;
};
};
services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = with pkgs; [
#fido2luks
#linuxPackages.acpi_call
pam_u2f
pamtester
yubioath-flutter
];
};
}

Some files were not shown because too many files have changed in this diff Show more