vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

first building version of lpt2 as flake

Browse source
This commit is contained in:
Vinzenz Schroeter 2024-10-26 00:04:27 +02:00
parent 31e80e7401
commit b71f8ee636
44 changed files with 396 additions and 677 deletions
Download patch file Download diff file Expand all files Collapse all files

116
modules/buildtools.nix
View file

@ -1,116 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.my.buildtools;
isDesktop = config.my.desktop.enable;
dotnetPackage = with pkgs.unstable; (dotnetCorePackages.combinePackages [
dotnet-sdk_8
]);
in {
options.my.buildtools = {
native = lib.mkEnableOption "include native build tools";
dotnet = lib.mkEnableOption "include dotnet build tools";
rust = lib.mkEnableOption "include rust build tools";
jetbrains-remote-server = lib.mkEnableOption "setup jetbrais IDE installs so -remote-dev-server can be started";
objective-c = lib.mkEnableOption "Objective-C with GNUStep";
js = lib.mkEnableOption "node stuff";
android = lib.mkEnableOption "android development";
python = lib.mkEnableOption "generic python 3";
};
config = lib.mkMerge [
(lib.mkIf cfg.native {
environment.systemPackages = with pkgs; [
cmake
gnumake
gcc
gdb
];
})
(lib.mkIf cfg.dotnet {
environment = {
systemPackages = with pkgs; [
dotnetPackage
zlib
zlib.dev
openssl
icu
icu.dev
# native aot
gcc
libunwind
];
variables = {
DOTNET_CLI_TELEMETRY_OPTOUT = "1";
};
};
programs.nix-ld.libraries = with pkgs; [
# native aot
libunwind
icu
zlib
zlib.dev
openssl
icu
icu.dev
dotnetPackage
];
})
(lib.mkIf cfg.js {
environment.systemPackages = with pkgs; [
nodejs
];
})
(lib.mkIf cfg.rust {
environment.systemPackages = with pkgs; [
rustup
musl
];
})
(lib.mkIf cfg.jetbrains-remote-server {
my.buildtools.dotnet = true;
my.buildtools.native = true;
my.buildtools.python = true;
})
(lib.mkIf cfg.objective-c {
my.buildtools.native = true;
environment.systemPackages =
(with pkgs.gnustep; [
gui
make
gorm
base
back
system_preferences
projectcenter
libobjc
gworkspace
])
++ (with pkgs; [
clang-tools
clang
]);
})
(lib.mkIf cfg.android {
environment.systemPackages = with pkgs; [
android-tools
android-udev-rules
];
})
(lib.mkIf cfg.python {
environment.systemPackages = with pkgs; [python3 python3Packages.pip];
})
];
}

25
modules/default.nix
View file

@ -1,25 +0,0 @@
modulesCfg: {lib, ...}: {
imports =
[
./i18n.nix
./nixpkgs.nix
./globalinstalls.nix
./sshd.nix
./tailscale.nix
./buildtools.nix
]
++ (map (path: (import path modulesCfg)) [
./hardware
./users
./desktop
]);
config = {
my.modulesCfg = modulesCfg;
networking.firewall = {
enable = true;
checkReversePath = "loose";
};
};
}

157
modules/desktop/default.nix
View file

@ -1,157 +0,0 @@
modulesCfg: {
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enable;
isHomeManager = modulesCfg.enableHomeManager;
in {
imports =
[
./gnome.nix
./kde.nix
./gaming.nix
./printing.nix
./latex.nix
]
++ lib.optionals isHomeManager [
./gnome-home.nix
./kde-home.nix
];
options.my.desktop.enable = lib.mkEnableOption "desktop";
config = lib.mkIf isEnabled {
services = {
# Enable the X11 windowing system / wayland depending on DE
xserver = {
enable = true;
};
libinput.enable = true;
# flatpak xdg-portal-kde crashes, otherwise this would be global
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
programs = {
kdeconnect.enable = true;
firefox = {
enable = true;
languagePacks = ["en-US" "de"];
};
nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
];
};
appimage = {
enable = true;
binfmt = true;
};
};
networking = {
networkmanager.enable = true;
firewall = {
allowedTCPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
extraConfig = ''
DefaultTimeoutStopSec=12s
'';
};
environment.systemPackages = with pkgs; [
lm_sensors
# office
libreoffice-qt
hunspell
hunspellDicts.de-de
hunspellDicts.en-us-large
gnumake
];
nixpkgs.config.permittedInsecurePackages = [];
my.allowUnfreePackages = [
"insync"
"insync-pkg"
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
];
fonts = {
enableDefaultPackages = true;
fontconfig.defaultFonts.monospace = ["FiraCode Nerd Font"];
packages = with pkgs; [
(nerdfonts.override {fonts = ["FiraCode"];})
];
};
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
};
}

56
modules/desktop/gaming.nix
View file

@ -1,56 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableGaming;
in {
options.my.desktop.enableGaming = lib.mkEnableOption "gaming with wine";
config = lib.mkIf isEnabled {
hardware = {
opengl = {
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [mangohud];
extraPackages32 = with pkgs; [mangohud];
};
steam-hardware.enable = true;
xpadneo.enable = true;
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
glxinfo
lutris
];
programs = {
xwayland.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
gamemode.enable = true;
};
networking.firewall.allowedUDPPorts = [
# Factorio
34197
];
my.allowUnfreePackages = [
"steam"
"steam-original"
"steam-run"
];
};
}

103
modules/desktop/gnome-home.nix
View file

@ -1,103 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
isEnabled = config.my.desktop.enableGnome;
in {
config = lib.mkIf isEnabled {
home-manager.sharedModules = [
{
home.packages = with pkgs;
[
amberol
gitg
gnome-builder
meld
simple-scan
pinta
]
++ (with gnome; [
dconf-editor
gpaste
# graphical installer for flatpak apps
gnome-software
])
++ (with gnomeExtensions; [
caffeine
appindicator
gsconnect
battery-health-charging
quick-settings-tweaker
solaar-extension
]);
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
clock-show-seconds = true;
show-battery-percentage = true;
};
"org/gnome/mutter" = {
edge-tiling = true;
dynamic-workspaces = true;
};
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/tweaks" = {
show-extensions-notice = false;
};
"org/gnome/shell" = {
disable-user-extensions = false;
disabled-extensions = [];
enabled-extensions = [
"appindicatorsupport@rgcjonas.gmail.com"
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
"caffeine@patapon.info"
"GPaste@gnome-shell-extensions.gnome.org"
"gsconnect@andyholmes.github.io"
"solaar-extension@sidevesh"
];
};
"ca/desrt/dconf-editor" = {
show-warning = false;
};
"org/gnome/desktop/wm/keybindings" = {
switch-windows = ["<Alt>Tab"];
switch-windows-backward = ["<Shift><Alt>Tab"];
switch-applications = ["<Super>Tab"];
switch-applications-backward = ["<Shift><Super>Tab"];
};
};
gtk = {
enable = true;
iconTheme.name = "Adwaita";
cursorTheme.name = "Adwaita";
theme = {
name = "adw-gtk3-dark";
package = pkgs.adw-gtk3;
};
};
}
(lib.mkIf config.my.tailscale.enable
{
home.packages = with pkgs;
[
trayscale
]
++ (with gnomeExtensions; [
tailscale-qs
]);
dconf.settings."org/gnome/shell".enabled-extensions = ["tailscale@joaophi.github.com"];
})
];
};
}

56
modules/desktop/gnome.nix
View file

@ -1,56 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableGnome;
in {
options.my.desktop.enableGnome = lib.mkEnableOption "gnome desktop";
config = lib.mkIf isEnabled {
my.desktop.enable = true;
services = {
xserver = {
# Enable the GNOME Desktop Environment.
desktopManager.gnome.enable = true;
displayManager = {
gdm.enable = true;
};
};
displayManager.defaultSession = "gnome";
gnome = {
tracker-miners.enable = false;
tracker.enable = false;
sushi.enable = true;
gnome-remote-desktop.enable = true;
};
};
programs = {
dconf.enable = true;
gpaste.enable = true;
kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
};
# remove some gnome default apps
environment.gnome.excludePackages = with pkgs.gnome; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-music
pkgs.gnome-tour
];
environment.systemPackages = with pkgs; [gnome.ghex impression];
# RDP connections
networking.firewall.allowedTCPPorts = [3389];
};
}

18
modules/desktop/kde-home.nix
View file

@ -1,18 +0,0 @@
{
lib,
config,
...
}: let
isEnabled = config.my.desktop.enableKde;
in {
config = lib.mkIf isEnabled {
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
indicator = true;
};
}
];
};
}

46
modules/desktop/kde.nix
View file

@ -1,46 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableKde;
in {
options.my.desktop.enableKde = lib.mkEnableOption "KDE desktop";
config = lib.mkIf isEnabled {
my.desktop.enable = true;
services = {
# Enable the KDE Plasma Desktop Environment.
xserver = {
desktopManager.plasma5.enable = true;
displayManager = {
sddm.enable = true;
defaultSession = "plasmawayland";
};
};
};
environment = {
systemPackages = with pkgs; [
libsForQt5.kate
libsForQt5.kalk
];
plasma5.excludePackages = with pkgs.libsForQt5; [
elisa
gwenview
okular
khelpcenter
];
};
programs = {
dconf.enable = true;
partition-manager.enable = true;
kdeconnect.enable = true;
};
};
}

20
modules/desktop/latex.nix
View file

@ -1,20 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableLaTeX;
in {
options.my.desktop.enableLaTeX = lib.mkEnableOption "LaTeX tools and IDE";
config = lib.mkIf isEnabled {
my.desktop.enable = true;
environment.systemPackages = with pkgs; [
fontconfig
texliveFull
texstudio
];
};
}

23
modules/desktop/printing.nix
View file

@ -1,23 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enablePrinting;
in {
options.my.desktop.enablePrinting = lib.mkEnableOption "printing";
config = lib.mkIf isEnabled {
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
};
}

35
modules/globalinstalls.nix
View file

@ -1,35 +0,0 @@
{pkgs, ...}: {
config = {
environment = {
pathsToLink = ["/share/zsh"];
systemPackages = with pkgs; [
ncdu
glances
iotop
pciutils
lsof
dig
screen
tldr
neofetch
];
};
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
git = {
enable = true;
package = pkgs.gitFull;
};
};
};
}

47
modules/hardware/amd.nix
View file

@ -1,47 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.my.hardware.amd;
in {
options.my.hardware.amd = {
cpu = lib.mkEnableOption "amd cpu";
gpu = lib.mkEnableOption "amd gpu";
radeon = lib.mkEnableOption "amd legacy gpu"; # old hardware, dont judge
};
config = lib.mkMerge [
(lib.mkIf cfg.cpu {
boot.kernelModules = ["kvm-amd"];
hardware.cpu.amd.updateMicrocode = true;
})
(lib.mkIf cfg.gpu {
boot.kernelModules = ["amdgpu"];
services.xserver.videoDrivers = ["amdgpu"];
hardware.opengl = {
extraPackages = with pkgs; [
amdvlk
];
extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
};
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
})
(lib.mkIf cfg.radeon {
boot.kernelModules = ["radeon"];
services.xserver.videoDrivers = ["radeon"];
environment.systemPackages = with pkgs; [
radeontop
];
})
];
}

48
modules/hardware/common-desktop.nix
View file

@ -1,48 +0,0 @@
{
lib,
pkgs,
config,
...
}: let
isEnabled = config.my.hardware.enableCommonDesktopSettings;
in {
options.my.hardware.enableCommonDesktopSettings = lib.mkEnableOption "common hw settings for desktops";
config = lib.mkIf isEnabled {
boot = {
kernelPackages = pkgs.linuxPackages_zen;
kernelParams = ["quiet" "udev.log_level=3"];
supportedFilesystems = ["btrfs"];
initrd.supportedFilesystems = ["btrfs"];
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
hardware = {
enableRedistributableFirmware = true;
bluetooth.enable = true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fwupd.enable = true;
};
}

40
modules/hardware/default.nix
View file

@ -1,40 +0,0 @@
modulesCfg: {
modulesPath,
lib,
...
}: let
hostName = modulesCfg.hostName;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(builtins.toString ./. + "/${hostName}.nix")
./common-desktop.nix
./amd.nix
./intel.nix
];
options.my.modulesCfg.hostName = lib.mkOption {
type = lib.types.str;
};
config = {
networking.hostName = hostName;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
}

102
modules/hardware/hetzner-vpn1.nix
View file

@ -1,102 +0,0 @@
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
loader = {
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = lib.mkForce false;
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
kernelModules = ["nvme"];
};
};
zramSwap.enable = true;
networking.domain = "";
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/77CF-345D";
fsType = "vfat";
};
"/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
# This file was populated at runtime with the networking
# details gathered from the active system.
networking = {
nameservers = ["8.8.8.8"];
defaultGateway = "172.31.1.1";
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
dhcpcd.enable = false;
usePredictableInterfaceNames = lib.mkForce false;
interfaces = {
eth0 = {
ipv4 = {
addresses = [
{
address = "157.90.146.125";
prefixLength = 32;
}
];
routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
};
ipv6 = {
addresses = [
{
address = "2a01:4f8:c012:7137::1";
prefixLength = 64;
}
{
address = "fe80::9400:2ff:fe87:7fc9";
prefixLength = 64;
}
];
routes = [
{
address = "fe80::1";
prefixLength = 128;
}
];
};
};
};
};
services.udev.extraRules = ''
ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0"
'';
};
}

42
modules/hardware/intel.nix
View file

@ -1,42 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.my.hardware.intel;
in {
options.my.hardware.intel = {
cpu = lib.mkEnableOption "intel cpu";
iGpu = lib.mkEnableOption "intel integrated gpu";
xe = lib.mkEnableOption "intel xe gpu";
};
config = lib.mkMerge [
(lib.mkIf cfg.cpu {
boot.kernelModules = ["kvm-intel"];
hardware.cpu.intel.updateMicrocode = true;
})
(lib.mkIf (cfg.iGpu || cfg.xe) {
hardware.opengl = {
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-ocl
];
extraPackages32 = with pkgs.pkgsi686Linux; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
environment.systemPackages = with pkgs; [
nvtopPackages.intel
];
my.allowUnfreePackages = ["intel-ocl"];
})
];
}

34
modules/hardware/vinzenz-lpt.nix
View file

@ -1,34 +0,0 @@
{...}: {
config = {
my.hardware = {
enableCommonDesktopSettings = true;
amd.radeon = true;
intel = {
cpu = true;
iGpu = true;
};
};
boot = {
initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
loader.efi.efiSysMountPoint = "/boot/efi";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/34cb86c4-8823-4785-9672-92ef0bcd5eaf";
fsType = "btrfs";
options = ["subvol=@"];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/2381-1CD2";
fsType = "vfat";
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/f5932f70-60e4-4abe-b23d-2cab3c095c7d";}
];
};
}

43
modules/hardware/vinzenz-lpt2.nix
View file

@ -1,43 +0,0 @@
{...}: {
config = {
my.hardware = {
enableCommonDesktopSettings = true;
intel = {
cpu = true;
xe = true;
};
};
boot.initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = ["subvol=@"];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
};
}

56
modules/hardware/vinzenz-pc2.nix
View file

@ -1,56 +0,0 @@
{...}: {
config = {
my.hardware = {
enableCommonDesktopSettings = true;
amd = {
cpu = true;
gpu = true;
};
};
boot = {
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage"
loader.efi.efiSysMountPoint = "/boot";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvol=@"];
};
"/home" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvol=@home"];
};
"/games" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvol=@games"];
};
"/boot" = {
device = "/dev/disk/by-uuid/AF67-8F16";
fsType = "vfat";
};
"/mnt/nixos_btrfs_root" = {
# subvolume with id 5 is always the root volume
# this is convenient for managing the flat subvolume hierarchy
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvolid=5"];
};
"/mnt/ssd2" = {
device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a";
fsType = "ext4";
};
};
swapDevices = [];
};
}

28
modules/i18n.nix
View file

@ -1,28 +0,0 @@
{...}: {
config = {
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
services.xserver.xkb = {
# Configure keymap in X11
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
};
}

80
modules/nixpkgs.nix
View file

@ -1,80 +0,0 @@
{
config,
lib,
...
}: let
unstable-commit-sha = "9df3e30ce24fd28c7b3e2de0d986769db5d6225d";
ultrastable-commit-sha = "2be119add7b37dc535da2dd4cba68e2cf8d1517e";
in {
options.my.allowUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = ["steam"];
};
imports = [
# this switches the nix implementation to lix everywhere, but means recompiling lix every build.
# https://lix.systems/add-to-config/
(
let
module = fetchTarball {
name = "source";
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz";
sha256 = "sha256-yEO2cGNgzm9x/XxiDQI+WckSWnZX63R8aJLBRSXtYNE=";
};
lixSrc = fetchTarball {
name = "source";
url = "https://git.lix.systems/lix-project/lix/archive/2.90.0.tar.gz";
sha256 = "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=";
};
in
import "${module}/module.nix" {lix = lixSrc;}
)
];
config = {
nixpkgs.config = {
# make nixos-unstable availiable as 'pkgs.unstable'
packageOverrides = pkgs: {
unstable = import (fetchTarball "https://github.com/nixos/nixpkgs/tarball/${unstable-commit-sha}") {
config = config.nixpkgs.config;
};
ultrastable = import (fetchTarball "https://github.com/nixos/nixpkgs/tarball/${ultrastable-commit-sha}") {
config = config.nixpkgs.config;
};
};
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.my.allowUnfreePackages;
};
nix = {
settings = {
substituters = ["https://nix-community.cachix.org" "https://cache.nixos.org/"];
trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system = {
stateVersion = "22.11";
# enable auto updates
autoUpgrade = {
enable = true;
dates = "weekly";
};
};
documentation = {
enable = true; # documentation of packages
nixos.enable = false; # nixos documentation
man.enable = true; # manual pages and the man command
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

13
modules/sshd.nix
View file

@ -1,13 +0,0 @@
{...}: {
config = {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "without-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
}

19
modules/tailscale.nix
View file

@ -1,19 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.my.tailscale;
in {
options.my.tailscale = {
enable = lib.mkEnableOption "enable tailscale vpn";
};
config = lib.mkIf cfg.enable {
services.tailscale = {
enable = true;
openFirewall = true;
};
};
}

24
modules/users/default.nix
View file

@ -1,24 +0,0 @@
modulesCfg: {
config,
pkgs,
lib,
...
}: let
enableHomeManager = modulesCfg.enableHomeManager;
in {
options.my = {
modulesCfg.enableHomeManager = lib.mkEnableOption "enable home manager";
enabledUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
};
};
imports =
[
./vinzenz.nix
./ronja.nix
]
++ lib.optionals enableHomeManager [
./home-manager.nix
];
}

25
modules/users/home-manager.nix
View file

@ -1,25 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
imports = [
<home-manager/nixos>
];
config = {
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
# defaults for users
sharedModules = import ./home-shared-modules.nix;
users = {
ronja = lib.mkIf (builtins.elem "ronja" config.my.enabledUsers) (import ./ronja-home.nix);
vinzenz = lib.mkIf (builtins.elem "vinzenz" config.my.enabledUsers) (import ./vinzenz-home.nix);
};
};
};
}

57
modules/users/home-shared-modules.nix
View file

@ -1,57 +0,0 @@
[
# set stateVersion
{
home.stateVersion = "22.11";
}
# make nano the default editor
{
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
set linenumbers
set mouse
'';
};
}
# command line niceness
{
programs = {
command-not-found.enable = true;
dircolors.enable = true;
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableVteIntegration = true;
};
};
}
# common git config
{
programs = {
git = {
enable = true;
extraConfig.init.defaultBranch = "main";
};
gh = {
enable = true;
gitCredentialHelper.enable = true;
};
};
}
# Templates
{
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
}
]

53
modules/users/ronja-home.nix
View file

@ -1,53 +0,0 @@
{
config,
pkgs,
...
}: {
home .packages = with pkgs; [
## Apps
telegram-desktop
kdiff3
];
programs = {
home-manager.enable = true;
zsh = {
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
expireDuplicatesFirst = true;
};
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = ["git" "sudo" "systemadmin"];
};
};
git = {
userName = "Ronja Spiegelberg";
userEmail = "ronja.spiegelberg@gmail.com";
extraConfig = {
pull.ff = "only";
merge.tool = "kdiff3";
};
};
chromium = {
enable = true;
extensions = [
{
# ublock origin
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
}
{
id = "dcpihecpambacapedldabdbpakmachpb";
updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
}
];
};
};
}

20
modules/users/ronja.nix
View file

@ -1,20 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isUserEnabled = builtins.elem "ronja" config.my.enabledUsers;
in {
config = lib.mkIf isUserEnabled {
# Define user account
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = ["networkmanager" "wheel" "games" "podman"];
shell = pkgs.zsh;
};
};
}

248
modules/users/vinzenz-home.nix
View file

@ -1,248 +0,0 @@
{
config,
osConfig,
pkgs,
lib,
...
}: let
isGnomeEnabled = osConfig.my.desktop.enableGnome;
in
lib.mkMerge [
{
home.packages = with pkgs; [
keepassxc
insync
telegram-desktop
element-desktop
wireguard-tools
wirelesstools
alejandra # nix formatter
arduino
uucp
kdiff3
jetbrains-toolbox
];
programs = {
home-manager.enable = true;
fzf.enable = true;
zsh = {
initExtra = ''
eval "$(direnv hook zsh)";
export PATH=$PATH:/home/vinzenz/.cargo/bin
'';
shellAliases = {
my-apply = "sudo nixos-rebuild boot";
my-switch = "sudo nixos-rebuild switch";
my-update = "sudo nixos-rebuild boot --upgrade";
my-pull = "git -C ~/Repos/nixos-configuration pull --rebase";
my-fmt = "alejandra .";
my-test = "sudo nixos-rebuild test";
my-direnvallow = "echo \"use nix\" > .envrc && direnv allow";
my-ip4 = "ip addr show | grep 192";
};
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
expireDuplicatesFirst = true;
};
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = ["git" "sudo" "docker" "systemadmin"];
};
};
git = {
enable = true;
userName = "Vinzenz Schroeter";
userEmail = "vinzenz.f.s@gmail.com";
aliases = {
prettylog = "log --pretty=oneline --graph";
spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d";
};
extraConfig = {
pull.ff = "only";
merge.tool = "kdiff3";
push.autoSetupRemote = "true";
};
};
vscode = {
enable = true;
package = pkgs.vscodium;
enableUpdateCheck = false;
extensions = with pkgs.vscode-extensions; [
bbenoist.nix
ms-python.python
kamadorueda.alejandra
editorconfig.editorconfig
yzhang.markdown-all-in-one
redhat.vscode-yaml
pkief.material-icon-theme
mhutchie.git-graph
rust-lang.rust-analyzer
tamasfe.even-better-toml
llvm-vs-code-extensions.vscode-clangd
mkhl.direnv
vadimcn.vscode-lldb
ms-dotnettools.csharp
];
userSettings = {
"git.autofetch" = true;
"update.mode" = "none";
"editor.fontFamily" = "'Fira Code', 'Droid Sans Mono', 'monospace', monospace";
"editor.fontLigatures" = true;
"editor.formatOnSave" = true;
"editor.formatOnSaveMode" = "modificationsIfAvailable";
"editor.minimap.autohide" = true;
"diffEditor.diffAlgorithm" = "advanced";
"explorer.excludeGitIgnore" = true;
"markdown.extension.tableFormatter.normalizeIndentation" = true;
"markdown.extension.toc.orderedList" = false;
"telemetry.telemetryLevel" = "off";
"redhat.telemetry.enabled" = false;
"workbench.startupEditor" = "readme";
"workbench.enableExperiments" = false;
"workbench.iconTheme" = "material-icon-theme";
"rust-analyzer.checkOnSave.command" = "clippy";
"extensions.autoUpdate" = false;
"extensions.autoCheckUpdates" = false;
"\[makefile\]" = {
"editor.insertSpaces" = false;
"editor.detectIndentation" = false;
};
};
};
direnv = {
enable = true;
nix-direnv.enable = true;
};
chromium = {
enable = true;
extensions = [
{
# ublock origin
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
}
{
id = "dcpihecpambacapedldabdbpakmachpb";
updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
}
];
};
eza = {
enable = true;
git = true;
icons = true;
extraOptions = [
"--group-directories-first"
"--header"
];
};
# checked https://rycee.gitlab.io/home-manager/options.html until "programs.notmuch"
ssh = {
enable = true;
matchBlocks = {
"vpn1" = {
host = "vpn1 hetzner-vpn1";
hostname = "157.90.146.125"; # 2a01:4f8:c012:7137::/64
user = "root";
};
"vpn1-ts" = {
host = "vpn1-ts hetzner-vpn1.donkey-pentatonic.ts.net";
hostname = "hetzner-vpn1.donkey-pentatonic.ts.net";
user = "root";
};
"openwrt" = {
host = "openwrt openwrt.lan";
hostname = "openwrt.lan";
user = "root";
};
"openwrt-ts" = {
hostname = "openwrt.donkey-pentatonic.ts.net";
port = 2222;
user = "root";
};
"openwrt-j" = {
hostname = "openwrt.donkey-pentatonic.ts.net";
proxyJump = "vpn1";
port = 2222;
user = "root";
};
"pc2-power" = {
hostname = "openwrt.donkey-pentatonic.ts.net";
proxyJump = "vpn1";
port = 2222;
user = "pc2-power";
};
"avd-power" = {
# hostname = "2001:678:560:23:9833:63ff:fe2d:f477"
# hostname = "195.160.172.25";
hostname = "avd-jumphost.club.berlin.ccc.de";
user = "power";
};
"avd" = {
hostname = "avd.club.berlin.ccc.de";
user = "vinzenz";
};
};
};
};
editorconfig = {
enable = true;
settings = {
"*" = {
charset = "utf-8";
end_of_line = "lf";
trim_trailing_whitespace = true;
insert_final_newline = true;
max_line_width = 120;
indent_style = "space";
indent_size = 4;
};
"*.nix" = {
indent_size = 2;
};
};
};
home.file."policy.json" = {
target = ".config/containers/policy.json";
text = ''
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
'';
};
}
]

20
modules/users/vinzenz.nix
View file

@ -1,20 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
isUserEnabled = builtins.elem "vinzenz" config.my.enabledUsers;
in {
config = lib.mkIf isUserEnabled {
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "Vinzenz";
home = "/home/vinzenz";
extraGroups = ["networkmanager" "wheel" "games" "dialout" "podman" "nginx"];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
};
}