vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:05c888f20ad4e7db0f11c057b3469da2d6d9db88
Branches Tags
vinzenz:main
vinzenz:vpn1-wg
...
compare: vinzenz:6754eed1d88b19216575bdb8c8d8c2d388fd973a
Branches Tags
vinzenz:main
vinzenz:vpn1-wg

28 commits
05c888f20a ... 6754eed1d8

Author SHA1 Message Date
Vinzenz Schroeter
6754eed1d8 lint checks, formatting, update statix url 2025-09-15 19:40:49 +02:00
Vinzenz Schroeter
1735ec5594 add pre-commit check script 2025-09-15 19:18:57 +02:00
Vinzenz Schroeter
9cf6333f4b merge default.nix and configuration.nix 2025-09-15 19:07:27 +02:00
Vinzenz Schroeter
8fc672bfcf move user and additional module handling into flake.nix 2025-09-15 19:01:30 +02:00
Vinzenz Schroeter
87062e05c4 update imports 2025-09-15 18:11:53 +02:00
Vinzenz Schroeter
1bebb5d096 mv home homeConfigurations 2025-09-15 18:07:38 +02:00
Vinzenz Schroeter
f89c75aad2 move more stuff into modules 2025-09-15 17:52:33 +02:00
Vinzenz Schroeter
f5e1b9c7ee move shared gnome config to homeModule 2025-09-15 17:18:59 +02:00
Vinzenz Schroeter
f1855c1265 remove dektop-hardware module 2025-09-14 14:12:14 +02:00
Vinzenz Schroeter
a208ca4df2 move more modules 2025-09-14 14:01:55 +02:00
Vinzenz Schroeter
1f1b901330 move more modules 2025-09-14 13:45:48 +02:00
Vinzenz Schroeter
1b3b7cf607 more homeModules 2025-09-14 13:36:45 +02:00
Vinzenz Schroeter
ff0c287624 default.nix for hosts 2025-09-14 13:09:37 +02:00
Vinzenz Schroeter
4d28e476dc mv hosts nixosConfigurations 2025-09-14 13:01:18 +02:00
Vinzenz Schroeter
232728a053 use overlay from zerforschen, re-rename homeModules 2025-09-14 12:54:58 +02:00
Vinzenz Schroeter
29d96e90a4 lib, fix homeManagerModules name 2025-09-14 12:37:29 +02:00
Vinzenz Schroeter
084e819232 steam mod, move adwaita to homeModules 2025-09-14 12:22:20 +02:00
Vinzenz Schroeter
78400473ef wip split gnome mod 2025-09-13 18:20:00 +02:00
Vinzenz Schroeter
2059b854de tailscale mod 2025-09-13 18:08:41 +02:00
Vinzenz Schroeter
d2b11ad2e2 move podman to nixosModules 2025-09-13 18:05:30 +02:00
Vinzenz Schroeter
3ba30b1a6d do not provide default nixosModule 2025-09-13 17:58:56 +02:00
Vinzenz Schroeter
c0d650d54f move printing to nixosModules 2025-09-13 17:37:38 +02:00
Vinzenz Schroeter
a377c8e30b auto-import nixosModules, openssh mod 2025-09-13 17:22:20 +02:00
Vinzenz Schroeter
26625c6952 move stuff into nixosModules 2025-09-13 17:02:09 +02:00
Vinzenz Schroeter
ecc65f071d remove inputs from specialArgs 2025-09-13 15:10:42 +02:00
Vinzenz Schroeter
16422ccbd7 move kdeconnect settings to nixosModule 2025-09-13 14:56:45 +02:00
Vinzenz Schroeter
a63f1c69c7 move stuff into nixosModules 2025-09-13 14:05:04 +02:00
Vinzenz Schroeter
7524f74f76 show rust and dotnet version in shell 2025-09-13 12:46:46 +02:00
94 changed files with 1161 additions and 1080 deletions
Download patch file Download diff file Expand all files Collapse all files

24
flake.lock generated
View file

@ -266,11 +266,11 @@
]
},
"locked": {
"lastModified": 1751117291,
"narHash": "sha256-iOeiPypZkl6uPL5mQ4aFG4wYVs9w9BJZ2/5XHlLgyIk=",
"lastModified": 1757763404,
"narHash": "sha256-a1h+58wDOtbQXrHoZwLwB7PhXwFhBXRHhNRhAQGq/oY=",
"ref": "refs/heads/main",
"rev": "2a4818dc2158cbdad34a701ab12d0b1cf7f52c46",
"revCount": 45,
"rev": "07a5fbca27ec941c841ad93f2ac65bc529225a51",
"revCount": 46,
"type": "git",
"url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git"
},
@ -290,11 +290,11 @@
]
},
"locked": {
"lastModified": 1752323001,
"narHash": "sha256-YEcYegmlv12yN9VWrz2qt0nyL+9EeGIlrDvac8Pf7Cw=",
"lastModified": 1757763091,
"narHash": "sha256-V3E6JKGzCrq5u+hp38sAdKv/EoxU+X0qfSoBIPxALi4=",
"ref": "refs/heads/main",
"rev": "75a0ae7a59e687bea5f92791a2d64c048f35846d",
"revCount": 119,
"rev": "493b7b0343334019b372176f811a966839ba9aa5",
"revCount": 121,
"type": "git",
"url": "https://git.berlin.ccc.de/servicepoint/servicepoint-simulator.git"
},
@ -358,11 +358,11 @@
]
},
"locked": {
"lastModified": 1755431984,
"narHash": "sha256-iBgSdzkta6zQ2eIRWjmJTLZ3b1e1EZiCyCPcgCdqPGU=",
"lastModified": 1757847061,
"narHash": "sha256-YW8fpD35tD+1zTkxk0WhP7FJSL15JlFfG7tscgkdI+A=",
"ref": "refs/heads/main",
"rev": "31abcb7a9583c4ed931f658eca3e3c1970e60814",
"revCount": 28,
"rev": "ddff8c9b206564dd9b9007e4e894afa6f7860fc8",
"revCount": 30,
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/zerforschen.plus"
},

242
flake.nix
View file

@ -1,7 +1,6 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
home-manager = {
@ -50,7 +49,7 @@
};
outputs =
inputs@{
{
self,
nixpkgs,
home-manager,
@ -59,31 +58,74 @@
nixpkgs-unstable,
servicepoint-cli,
servicepoint-simulator,
naersk,
nix-vscode-extensions,
...
}:
let
devices = {
vinzenz-lpt2 = "x86_64-linux";
vinzenz-pc2 = "x86_64-linux";
ronja-pc = "x86_64-linux";
hetzner-vpn2 = "aarch64-linux";
forgejo-runner-1 = "aarch64-linux";
vinzenz-lpt2 = {
system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-vinzenz
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.printing
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.intel-graphics
];
home-manager-users = {
inherit (self.homeConfigurations) vinzenz;
};
};
vinzenz-pc2 = {
system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-vinzenz
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.printing
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.amd-graphics
];
home-manager-users = {
inherit (self.homeConfigurations) vinzenz ronja;
};
};
ronja-pc = {
system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.vinzenz-desktop-settings
];
home-manager-users = {
inherit (self.homeConfigurations) ronja;
};
};
hetzner-vpn2 = {
system = "aarch64-linux";
};
forgejo-runner-1 = {
system = "aarch64-linux";
additional-modules = [ self.nixosModules.podman ];
};
};
homeDevices = [
"vinzenz-lpt2"
"vinzenz-pc2"
"ronja-pc"
];
forDevice = f: nixpkgs.lib.mapAttrs f devices;
supported-systems = [
"x86_64-linux"
"aarch64-linux"
];
inherit (nixpkgs) lib;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
forAllSystems =
f:
nixpkgs.lib.genAttrs supported-systems (
lib.genAttrs supported-systems (
system:
f rec {
inherit system;
@ -91,67 +133,141 @@
}
);
in
rec {
{
lib = {
importDir =
dir:
(lib.attrsets.mapAttrs' (
m: _:
lib.attrsets.nameValuePair (lib.strings.removeSuffix ".nix" m) { imports = [ "${dir}/${m}" ]; }
) (builtins.readDir dir));
};
overlays = {
unstable-packages = final: prev: {
unstable = import nixpkgs-unstable {
inherit (prev) system config;
};
};
};
nixosModules = (self.lib.importDir ./nixosModules) // {
niri = {
imports = [ niri.nixosModules.niri ];
nixpkgs.overlays = [ niri.overlays.niri ];
};
pkgs-unstable = {
nixpkgs.overlays = [ self.overlays.unstable-packages ];
};
pkgs-vscode-extensions = {
nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
};
# required modules to use other modules, should not do anything on their own
default = {
imports = [ self.nixosModules.allowed-unfree-list ];
};
};
homeModules = self.lib.importDir ./homeModules;
homeConfigurations = self.lib.importDir ./homeConfigurations;
formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-tree);
nixosConfigurations = forDevice (
device: system:
{
device,
system,
home-manager-users ? { },
additional-modules ? [ ],
}:
let
specialArgs = {
inherit inputs device;
inherit device;
};
in
nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [
{ networking.hostName = device; }
./modules/globalinstalls.nix
./modules/networking.nix
./modules/nixpkgs.nix
./modules/lix.nix
./hosts/${device}/hardware.nix
./hosts/${device}/imports.nix
./hosts/${device}/configuration.nix
{
networking.hostName = device;
nixpkgs = {
inherit system;
hostPlatform = lib.mkDefault system;
};
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nixpkgs.overlays = [
overlays.unstable-packages
self.overlays.unstable-packages
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
}
./nixosConfigurations/${device}
self.nixosModules.default
self.nixosModules.lix-is-nix
self.nixosModules.globalinstalls
self.nixosModules.autoupdate
self.nixosModules.openssh
self.nixosModules.tailscale
self.nixosModules.allowed-unfree-list
self.nixosModules.extra-caches
self.nixosModules.systemd-boot
zerforschen-plus.nixosModules.default
]
++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
home-manager.nixosModules.home-manager
{ home-manager.extraSpecialArgs = specialArgs; }
./modules/home-manager.nix
./modules/i18n.nix
niri.nixosModules.niri
++ (nixpkgs.lib.optionals (home-manager-users != { }) [
{
nixpkgs.overlays = [
niri.overlays.niri
overlays.servicepoint-packages
nix-vscode-extensions.overlays.default
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
};
time.timeZone = "Europe/Berlin";
home-manager.sharedModules = [
{ home.stateVersion = "22.11"; }
self.homeModules.adwaita
self.homeModules.git
self.homeModules.templates
self.homeModules.zsh-basics
self.homeModules.nano
self.homeModules.gnome-extensions
];
home-manager.users = home-manager-users;
}
]);
self.nixosModules.pkgs-unstable
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.niri
self.nixosModules.kdeconnect
self.nixosModules.en-de
self.nixosModules.gnome
self.nixosModules.modern-desktop
self.nixosModules.nix-ld
self.nixosModules.quiet-boot
self.nixosModules.firmware-updates
home-manager.nixosModules.home-manager
servicepoint-simulator.nixosModules.default
servicepoint-cli.nixosModules.default
])
++ additional-modules;
}
);
overlays = {
unstable-packages = final: prev: {
unstable = import nixpkgs-unstable {
system = prev.system;
config = prev.config;
};
};
servicepoint-packages = final: prev: {
servicepoint-cli = servicepoint-cli.legacyPackages."${prev.system}".servicepoint-cli;
servicepoint-simulator =
servicepoint-simulator.legacyPackages."${prev.system}".servicepoint-simulator;
};
};
formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-tree);
};
}

25
home/ronja/default.nix
View file

@ -1,25 +0,0 @@
{ pkgs, ... }:
{
config = {
# Define user account
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
home-manager.users.ronja.imports = [
./configuration.nix
./vscode.nix
];
};
}

51
home/vinzenz/default.nix
View file

@ -1,51 +0,0 @@
{ pkgs, ... }:
{
config = {
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "Vinzenz";
home = "/home/vinzenz";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "vinzenz" ];
home-manager.users.vinzenz.imports = [
./configuration.nix
./editorconfig.nix
./fuzzel.nix
./git.nix
./gnome.nix
#./niri.nix
./ssh.nix
./swaylock.nix
./vscode.nix
./waybar.nix
./zsh.nix
];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
];
};
}

26
home/vinzenz/gnome.nix
View file

@ -1,26 +0,0 @@
{ pkgs, ... }:
{
config = {
home.packages =
with pkgs.gnomeExtensions;
[
gsconnect
# battery-health-charging
quick-settings-tweaker
solaar-extension
alphabetical-app-grid
]
++ (with pkgs; [ foliate ]);
dconf.settings = {
"org/gnome/shell" = {
enabled-extensions = [
"GPaste@gnome-shell-extensions.gnome.org"
"gsconnect@andyholmes.github.io"
"solaar-extension@sidevesh"
"AlphabeticalAppGrid@stuarthayhurst"
];
};
};
};
}

1
home/ronja/configuration.nix → homeConfigurations/ronja/default.nix
View file

@ -1,5 +1,6 @@
{ config, pkgs, ... }:
{
imports = [ ./vscode.nix ];
config = {
home.packages = with pkgs; [
## Apps

0
home/ronja/vscode.nix → homeConfigurations/ronja/vscode.nix
View file

0
home/vinzenz/.config/containers/policy.json → homeConfigurations/vinzenz/.config/containers/policy.json
View file

8
home/vinzenz/.zsh/p10k.zsh → homeConfigurations/vinzenz/.zsh/p10k.zsh
View file

@ -60,8 +60,8 @@
nodeenv # node.js environment (https://github.com/ekalinin/nodeenv)
# node_version # node.js version
# go_version # go version (https://golang.org)
# rust_version # rustc version (https://www.rust-lang.org)
# dotnet_version # .NET version (https://dotnet.microsoft.com)
rust_version # rustc version (https://www.rust-lang.org)
dotnet_version # .NET version (https://dotnet.microsoft.com)
# php_version # php version (https://www.php.net/)
# laravel_version # laravel php framework version (https://laravel.com/)
# java_version # java version (https://www.java.com/)
@ -756,14 +756,14 @@
typeset -g POWERLEVEL9K_RANGER_BACKGROUND=0
# Custom icon.
# typeset -g POWERLEVEL9K_RANGER_VISUAL_IDENTIFIER_EXPANSION='⭐'
####################[ yazi: yazi shell (https://github.com/sxyazi/yazi) ]#####################
# Yazi shell color.
typeset -g POWERLEVEL9K_YAZI_FOREGROUND=3
typeset -g POWERLEVEL9K_YAZI_BACKGROUND=0
# Custom icon.
# typeset -g POWERLEVEL9K_YAZI_VISUAL_IDENTIFIER_EXPANSION='⭐'
######################[ nnn: nnn shell (https://github.com/jarun/nnn) ]#######################
# Nnn shell color.
typeset -g POWERLEVEL9K_NNN_FOREGROUND=0

4
home/vinzenz/configuration.nix → homeConfigurations/vinzenz/configuration.nix
View file

@ -56,6 +56,10 @@
icu
nextcloud-client
lutris
foliate
];
home.file = {

15
homeConfigurations/vinzenz/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
imports = [
./configuration.nix
./editorconfig.nix
./fuzzel.nix
./git.nix
./gnome.nix
#./niri.nix
./ssh.nix
./swaylock.nix
./vscode.nix
./waybar.nix
./zsh.nix
];
}

1
home/vinzenz/editorconfig.nix → homeConfigurations/vinzenz/editorconfig.nix
View file

@ -1,4 +1,3 @@
{ ... }:
{
config.editorconfig = {
enable = true;

0
home/vinzenz/fuzzel.nix → homeConfigurations/vinzenz/fuzzel.nix
View file

1
home/vinzenz/git.nix → homeConfigurations/vinzenz/git.nix
View file

@ -1,4 +1,3 @@
{ ... }:
{
config.programs.git = {
enable = true;

31
homeConfigurations/vinzenz/gnome.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, ... }:
{
config = {
home.packages = with pkgs; [
gitg
meld
simple-scan
pinta
dconf-editor
impression # usb image writer
papers # pdf viewer
gnome-software # for flatpak apps
gnomeExtensions.solaar-extension
snapshot
];
dconf.settings = {
"org/gnome/shell".enabled-extensions = [
"GPaste@gnome-shell-extensions.gnome.org"
"solaar-extension@sidevesh"
];
"org/gnome/desktop/interface".color-scheme = "prefer-dark";
"org/gnome/desktop/wm/keybindings" = {
switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Shift><Super>Tab" ];
};
};
};
}

11
home/vinzenz/niri.nix → homeConfigurations/vinzenz/niri.nix
View file

@ -16,16 +16,7 @@
name = "adwaita-dark";
};
services = {
kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
mako = {
enable = true;
};
};
services.mako.enable = true;
programs.niri.settings = {
input.keyboard.xkb.layout = "de";

1
home/vinzenz/ssh.nix → homeConfigurations/vinzenz/ssh.nix
View file

@ -1,4 +1,3 @@
{ ... }:
{
config.programs.ssh = {
enable = true;

0
home/vinzenz/swaylock.nix → homeConfigurations/vinzenz/swaylock.nix
View file

0
home/vinzenz/vscode.nix → homeConfigurations/vinzenz/vscode.nix
View file

0
home/vinzenz/waybar.nix → homeConfigurations/vinzenz/waybar.nix
View file

2
home/vinzenz/zsh.nix → homeConfigurations/vinzenz/zsh.nix
View file

@ -20,7 +20,7 @@
my-direnvallow = "echo \"use nix\" > .envrc && direnv allow";
my-ip4 = "ip addr show | grep 192";
deadnix = "nix run github:astro/deadnix -- ";
statix = "nix run git+https://git.peppe.rs/languages/statix -- ";
statix = "nix run github:oppiliappan/statix -- ";
};
history = {

12
homeModules/adwaita.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
gtk = {
enable = true;
iconTheme.name = "Adwaita";
cursorTheme.name = "Adwaita";
theme = {
name = "adw-gtk3-dark";
package = pkgs.adw-gtk3;
};
};
}

13
homeModules/git.nix Normal file
View file

@ -0,0 +1,13 @@
{
programs = {
git = {
enable = true;
extraConfig.init.defaultBranch = "main";
};
gh = {
enable = true;
gitCredentialHelper.enable = true;
};
};
}

101
homeModules/gnome-extensions.nix Normal file
View file

@ -0,0 +1,101 @@
{
lib,
pkgs,
osConfig,
config,
...
}:
{
options.vinzenz.gnome-extensions =
let
mkDefaultEnabledOption =
name:
lib.mkOption {
default = true;
example = false;
description = "Whether to enable ${name}.";
type = lib.types.bool;
};
in
{
enable = mkDefaultEnabledOption "gnome extended options";
appindicator.enable = mkDefaultEnabledOption "appindicator";
caffeine.enable = mkDefaultEnabledOption "caffeine";
tailscale-qs.enable = lib.mkOption {
default = osConfig.services.tailscale.enable;
example = true;
description = "Whether to enable tailscale quick setting.";
type = lib.types.bool;
};
alphabetic-apps.enable = mkDefaultEnabledOption "alphabetic app grid";
clock-show-seconds = mkDefaultEnabledOption "clock seconds";
show-battery-percentage = mkDefaultEnabledOption "battery percentage";
enable-numlock = mkDefaultEnabledOption "num lock on login";
enable-systool-warning = lib.mkEnableOption "system configuration tool warning";
edge-tiling = mkDefaultEnabledOption "edge tiling";
dynamic-workspaces = mkDefaultEnabledOption "dynamic workspaces";
tap-to-click = mkDefaultEnabledOption "tap to click";
two-finger-scrolling = mkDefaultEnabledOption "two finger scrolling";
};
config =
let
cfg = config.vinzenz.gnome-extensions;
in
lib.mkIf cfg.enable (
lib.mkMerge [
{
dconf = {
enable = true;
settings = {
"org/gnome/shell" = {
disable-user-extensions = false;
disabled-extensions = [ ];
enabled-extensions = [ ];
};
"ca/desrt/dconf-editor".show-warning = cfg.enable-systool-warning;
"org/gnome/tweaks".show-extensions-notice = cfg.enable-systool-warning;
"org/gnome/mutter" = {
inherit (cfg) edge-tiling dynamic-workspaces;
};
"org/gnome/desktop/peripherals/touchpad" = {
inherit (cfg) tap-to-click;
two-finger-scrolling-enabled = cfg.two-finger-scrolling;
};
"org/gnome/desktop/interface" = {
inherit (cfg) clock-show-seconds show-battery-percentage;
};
};
};
}
(lib.mkIf cfg.tailscale-qs.enable {
home.packages = [ pkgs.gnomeExtensions.tailscale-qs ];
dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ];
})
(lib.mkIf cfg.appindicator.enable {
home.packages = [ pkgs.gnomeExtensions.appindicator ];
dconf.settings."org/gnome/shell".enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" ];
})
(lib.mkIf cfg.caffeine.enable {
home.packages = [ pkgs.gnomeExtensions.caffeine ];
dconf.settings."org/gnome/shell".enabled-extensions = [ "caffeine@patapon.info" ];
})
(lib.mkIf cfg.alphabetic-apps.enable {
home.packages = [ pkgs.gnomeExtensions.alphabetical-app-grid ];
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "AlphabeticalAppGrid@stuarthayhurst" ];
"org/gnome/shell/extensions/alphabetical-app-grid".folder-order-position = "start";
};
})
(lib.mkIf cfg.enable-numlock {
dconf.settings."org/gnome/desktop/peripherals/keyboard".numlock-state = true;
})
]
);
}

9
homeModules/nano.nix Normal file
View file

@ -0,0 +1,9 @@
{
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
set linenumbers
set mouse
'';
};
}

12
homeModules/templates.nix Normal file
View file

@ -0,0 +1,12 @@
{
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
}

13
homeModules/zsh-basics.nix Normal file
View file

@ -0,0 +1,13 @@
{
programs = {
command-not-found.enable = true;
dircolors.enable = true;
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableVteIntegration = true;
};
};
}

6
hooks/pre-commit Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -euxo pipefail
nix fmt
nix flake check --all-systems --show-trace

15
hosts/forgejo-runner-1/configuration.nix
View file

@ -1,15 +0,0 @@
{ ... }:
{
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
};
}

6
hosts/forgejo-runner-1/imports.nix
View file

@ -1,6 +0,0 @@
{
imports = [
../../modules/podman.nix
./forgejo-runner.nix
];
}

21
hosts/hetzner-vpn2/configuration.nix
View file

@ -1,21 +0,0 @@
{ ... }:
{
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
#ronja.openssh.authorizedKeys.keys = [
# ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
#];
};
system.autoUpgrade.allowReboot = true;
}

5
hosts/hetzner-vpn2/imports.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./nginx.nix
];
}

26
hosts/ronja-pc/configuration.nix
View file

@ -1,26 +0,0 @@
{
config,
pkgs,
...
}:
{
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
}

10
hosts/ronja-pc/imports.nix
View file

@ -1,10 +0,0 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/ronja
];
}

63
hosts/vinzenz-lpt2/hardware.nix
View file

@ -1,63 +0,0 @@
{ lib, ... }:
{
imports = [ ../../modules/intel-graphics.nix ];
config = {
# intel cpu
boot.kernelModules = [
"kvm-intel"
"xe"
];
hardware.cpu.intel.updateMicrocode = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.initrd = {
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
};
}

14
hosts/vinzenz-lpt2/imports.nix
View file

@ -1,14 +0,0 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/printing.nix
../../modules/podman.nix
#../../modules/niri.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/vinzenz
../../home/ronja
];
}

25
hosts/vinzenz-pc2/hardware.nix
View file

@ -1,25 +0,0 @@
{ ... }:
{
imports = [ ../../modules/amd-graphics.nix ];
config = {
# amd cpu
boot.kernelModules = [ "kvm-amd" ];
hardware.cpu.amd.updateMicrocode = true;
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
]; # "usb_storage"
loader.efi.efiSysMountPoint = "/boot";
};
fileSystems = import ./fstab.nix;
swapDevices = [ ];
networking.interfaces.eno1.wakeOnLan.enable = true;
};
}

14
hosts/vinzenz-pc2/imports.nix
View file

@ -1,14 +0,0 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/printing.nix
../../modules/podman.nix
#../../modules/niri.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/vinzenz
../../home/ronja
];
}

22
modules/amd-graphics.nix
View file

@ -1,22 +0,0 @@
{ pkgs, config, ... }:
{
config = {
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
amdvlk = {
# TODO: this creates black borders around GNOME apps
# enable = true;
# support32Bit.enable = config.hardware.graphics.enable32Bit;
};
overdrive.enable = true;
};
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
};
}

121
modules/desktop-environment.nix
View file

@ -1,121 +0,0 @@
{ pkgs, ... }:
{
config = {
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
programs = {
kdeconnect.enable = true;
firefox = {
enable = true;
languagePacks = [
"en-US"
"de"
];
};
nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
];
};
appimage = {
enable = true;
binfmt = true;
};
};
networking = {
firewall = {
allowedTCPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
};
environment.systemPackages = with pkgs; [
lm_sensors
# office
libreoffice-qt
hunspell
hunspellDicts.de-de
hunspellDicts.en-us-large
];
fonts = {
enableDefaultPackages = true;
fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font" ];
packages = with pkgs; [
nerd-fonts.fira-code
roboto-mono
recursive
];
};
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
};
}

48
modules/desktop-hardware.nix
View file

@ -1,48 +0,0 @@
{
lib,
pkgs,
...
}:
{
config = {
boot = {
kernelPackages = pkgs.linuxPackages_zen;
kernelParams = [
"quiet"
"udev.log_level=3"
];
supportedFilesystems = [ "btrfs" ];
initrd.supportedFilesystems = [ "btrfs" ];
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
};
networking.networkmanager.enable = true;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
hardware = {
enableRedistributableFirmware = true;
bluetooth.enable = true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fwupd.enable = true;
};
}

81
modules/gaming.nix
View file

@ -1,81 +0,0 @@
{ pkgs, ... }:
{
config = {
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
steam-hardware.enable = true;
xpadneo.enable = true;
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
glxinfo
lutris
];
programs = {
xwayland.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
};
networking.firewall = {
allowedUDPPorts = [
# Factorio
34197
# steam network transfer
3478
];
allowedTCPPorts = [
# steam network transfer
24070
];
allowedTCPPortRanges = [
# steam network transfer
{
from = 27015;
to = 27050;
}
];
allowedUDPPortRanges = [
# steam network transfer
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
"ut1999"
];
};
}

34
modules/globalinstalls.nix
View file

@ -1,34 +0,0 @@
{ pkgs, ... }:
{
config = {
environment = {
systemPackages = with pkgs; [
ncdu
glances
iotop
pciutils
lsof
dig
screen
tldr
neofetch
nix-output-monitor
];
};
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
};
}

46
modules/gnome-shared-dconf.nix
View file

@ -1,46 +0,0 @@
{
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
clock-show-seconds = true;
show-battery-percentage = true;
};
"org/gnome/mutter" = {
edge-tiling = true;
dynamic-workspaces = true;
};
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/tweaks" = {
show-extensions-notice = false;
};
"org/gnome/shell" = {
disable-user-extensions = false;
disabled-extensions = [ ];
enabled-extensions = [
"tailscale@joaophi.github.com"
"appindicatorsupport@rgcjonas.gmail.com"
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
"caffeine@patapon.info"
];
};
"ca/desrt/dconf-editor" = {
show-warning = false;
};
"org/gnome/desktop/wm/keybindings" = {
switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Shift><Super>Tab" ];
};
"org/gnome/shell/extensions/alphabetical-app-grid" = {
folder-order-position = "start";
};
"org/gnome/shell/extensions/gsconnect" = {
enabled = true;
};
}

101
modules/gnome.nix
View file

@ -1,101 +0,0 @@
{ pkgs, ... }:
{
config = {
services = {
xserver = {
# Enable the GNOME Desktop Environment.
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
displayManager.gdm.enable = true;
excludePackages = with pkgs; [ xterm ];
};
displayManager.defaultSession = "gnome";
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
gnome-remote-desktop.enable = true;
};
};
programs = {
dconf.enable = true;
gpaste.enable = true;
kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
};
# remove some gnome default apps
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
# gnome-music
# totem # video player
# snapshot # camera
# baobab # disk usage
];
# RDP connections
networking.firewall.allowedTCPPorts = [ 3389 ];
home-manager.sharedModules = [
{
home.packages =
with pkgs;
[
gitg
meld
simple-scan
pinta
dconf-editor
gpaste
ghex
impression
papers
# graphical installer for flatpak apps
gnome-software
]
++ (with gnomeExtensions; [
caffeine
appindicator
]);
dconf.settings = import ./gnome-shared-dconf.nix;
gtk = {
enable = true;
iconTheme.name = "Adwaita";
cursorTheme.name = "Adwaita";
theme = {
name = "adw-gtk3-dark";
package = pkgs.adw-gtk3;
};
};
}
{
home.packages = with pkgs; [ trayscale ] ++ (with gnomeExtensions; [ tailscale-qs ]);
dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ];
}
];
};
}

61
modules/home-manager.nix
View file

@ -1,61 +0,0 @@
_: {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
sharedModules = [
# set stateVersion
{ home.stateVersion = "22.11"; }
# make nano the default editor
{
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
set linenumbers
set mouse
'';
};
}
# command line niceness
{
programs = {
command-not-found.enable = true;
dircolors.enable = true;
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableVteIntegration = true;
};
};
}
# common git config
{
programs = {
git = {
enable = true;
extraConfig.init.defaultBranch = "main";
};
gh = {
enable = true;
gitCredentialHelper.enable = true;
};
};
}
# Templates
{
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
}
];
};
}

19
modules/i18n.nix
View file

@ -1,19 +0,0 @@
_: {
config = {
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
};
}

12
modules/lix.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
nixpkgs.overlays = [ (final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena;
}) ];
nix.package = pkgs.lixPackageSets.stable.lix;
}

23
modules/networking.nix
View file

@ -1,23 +0,0 @@
_: {
config = {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "without-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall = {
enable = true;
checkReversePath = "loose";
};
};
}

59
modules/nixpkgs.nix
View file

@ -1,59 +0,0 @@
{ config, lib, ... }:
{
options.allowedUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam" ];
};
config = {
nixpkgs.config = {
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages;
};
nix = {
settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
"https://cache.lix.systems"
"https://niri.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
experimental-features = [
"nix-command"
"flakes"
];
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
optimise.automatic = true;
};
system = {
stateVersion = "22.11";
# enable auto updates
autoUpgrade = {
enable = true;
dates = "daily";
flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
};
documentation = {
enable = true; # documentation of packages
nixos.enable = false; # nixos documentation
man.enable = true; # manual pages and the man command
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

14
modules/printing.nix
View file

@ -1,14 +0,0 @@
_: {
config = {
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
};
}

21
nixosConfigurations/forgejo-runner-1/default.nix Normal file
View file

@ -0,0 +1,21 @@
{
imports = [
./hardware.nix
./forgejo-runner.nix
];
config = {
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
};
};
}

0
hosts/forgejo-runner-1/forgejo-runner.nix → nixosConfigurations/forgejo-runner-1/forgejo-runner.nix
View file

5
hosts/forgejo-runner-1/hardware.nix → nixosConfigurations/forgejo-runner-1/hardware.nix
View file

@ -3,11 +3,6 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];

27
nixosConfigurations/hetzner-vpn2/default.nix Normal file
View file

@ -0,0 +1,27 @@
{
imports = [
./hardware.nix
./nginx.nix
];
config = {
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
#ronja.openssh.authorizedKeys.keys = [
# ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
#];
};
system.autoUpgrade.allowReboot = true;
};
}

5
hosts/hetzner-vpn2/hardware.nix → nixosConfigurations/hetzner-vpn2/hardware.nix
View file

@ -3,11 +3,6 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];

20
hosts/hetzner-vpn2/nginx.nix → nixosConfigurations/hetzner-vpn2/nginx.nix
View file

@ -1,4 +1,4 @@
{ inputs, pkgs, ... }:
{ pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
@ -72,28 +72,26 @@ in
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
proxyPass = "http://unix:" + anubis-domain-socket;
};
};
"blog-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
root = pkgs.zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
addr = "unix:" + blog-domain-socket;
}
];
};
};
};
anubis = {
instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
anubis.instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};

32
nixosConfigurations/ronja-pc/default.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
pkgs,
...
}:
{
imports = [
./hardware.nix
];
config = {
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];};
};
}

10
hosts/ronja-pc/hardware.nix → nixosConfigurations/ronja-pc/hardware.nix
View file

@ -1,6 +1,8 @@
{ lib, ... }:
{
boot = {
supportedFilesystems = [ "btrfs" ];
initrd.supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
@ -37,6 +39,10 @@
{ device = "/dev/disk/by-uuid/bf9d19fb-499b-4bfb-b67d-131fa5bf8259"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true;
hardware.bluetooth.enable = true;
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
};
}

6
hosts/vinzenz-lpt2/configuration.nix → nixosConfigurations/vinzenz-lpt2/default.nix
View file

@ -1,6 +1,8 @@
{ ... }:
{
imports = [ ./nginx.nix ];
imports = [
./hardware.nix
./nginx.nix
];
config = {
nix.settings.extra-platforms = [

56
nixosConfigurations/vinzenz-lpt2/hardware.nix Normal file
View file

@ -0,0 +1,56 @@
{ pkgs, lib, ... }:
{
# intel cpu
boot.kernelModules = [
"kvm-intel"
"xe"
];
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
};
boot = {
kernelPackages = pkgs.linuxPackages_zen;
supportedFilesystems = [ "btrfs" ];
initrd = {
supportedFilesystems = [ "btrfs" ];
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
hardware.bluetooth.enable = true;
}

8
hosts/vinzenz-lpt2/nginx.nix → nixosConfigurations/vinzenz-lpt2/nginx.nix
View file

@ -1,4 +1,4 @@
{ inputs, pkgs, ... }:
{ pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
@ -29,15 +29,15 @@ in
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
proxyPass = "http://unix:" + anubis-domain-socket;
};
};
"vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
root = pkgs.zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
addr = "unix:" + blog-domain-socket;
}
];
};

4
hosts/vinzenz-lpt2/zerforschen-plus.nix → nixosConfigurations/vinzenz-lpt2/zerforschen-plus.nix
View file

@ -1,7 +1,5 @@
{
pkgs,
system,
inputs,
...
}:
{
@ -28,7 +26,7 @@
"zerforschen.plus" = {
#addSSL = true;
#enableACME = true;
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
root = pkgs.zerforschen-plus-content;
};
};
};

6
hosts/vinzenz-pc2/configuration.nix → nixosConfigurations/vinzenz-pc2/default.nix
View file

@ -5,6 +5,7 @@
./vscode-server.nix
./hass.nix
];
config = {
nix.settings.extra-platforms = [
"aarch64-linux"
@ -32,5 +33,10 @@
];
environment.systemPackages = with pkgs; [ lact ];
networking.firewall.allowedUDPPorts = [
# Factorio
34197
];
};
}

0
hosts/vinzenz-pc2/fstab.nix → nixosConfigurations/vinzenz-pc2/fstab.nix
View file

30
nixosConfigurations/vinzenz-pc2/hardware.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, lib, ... }:
{
# amd cpu
boot.kernelModules = [ "kvm-amd" ];
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
]; # "usb_storage"
kernelPackages = pkgs.linuxPackages_zen;
supportedFilesystems = [ "btrfs" ];
initrd.supportedFilesystems = [ "btrfs" ];
loader.efi.efiSysMountPoint = "/boot";
};
fileSystems = import ./fstab.nix;
swapDevices = [ ];
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
interfaces.eno1.wakeOnLan.enable = true;
};
hardware.bluetooth.enable = true;
}

0
hosts/vinzenz-pc2/hass.nix → nixosConfigurations/vinzenz-pc2/hass.nix
View file

20
hosts/vinzenz-pc2/vscode-server.nix → nixosConfigurations/vinzenz-pc2/vscode-server.nix
View file

@ -15,16 +15,12 @@
];
};
networking = {
firewall = {
allowedTCPPorts = [
8542
8543
8544
80
1313
5201
];
};
};
networking.firewall.allowedTCPPorts = [
8542
8543
8544
80
1313
5201
];
}

17
nixosModules/allowed-unfree-list.nix Normal file
View file

@ -0,0 +1,17 @@
{ lib, config, ... }:
{
options.allowedUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam" ];
};
config = {
nixpkgs.config = {
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = lib.mkDefault (
pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages
);
};
};
}

20
nixosModules/amd-graphics.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
amdvlk = {
# TODO: this creates black borders around GNOME apps
# enable = true;
# support32Bit.enable = config.hardware.graphics.enable32Bit;
};
overdrive.enable = true;
};
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
}

16
nixosModules/autoupdate.nix Normal file
View file

@ -0,0 +1,16 @@
{
nix = {
optimise.automatic = true;
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system.autoUpgrade = {
enable = true;
dates = "daily";
# do not forget to set `flake` when using this module!
};
}

31
nixosModules/en-de.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, ... }:
{
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocales = [
"de_DE.UTF-8/UTF-8"
];
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
}

16
nixosModules/extra-caches.nix Normal file
View file

@ -0,0 +1,16 @@
{
nix.settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
"https://cache.lix.systems"
"https://niri.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
};
}

11
nixosModules/firmware-updates.nix Normal file
View file

@ -0,0 +1,11 @@
{
hardware = {
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
};
services.fwupd.enable = true;
}

23
nixosModules/globalinstalls.nix Normal file
View file

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ncdu
glances
lsof
dig
screen
tldr
nix-output-monitor
];
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
}

65
nixosModules/gnome.nix Normal file
View file

@ -0,0 +1,65 @@
{
pkgs,
lib,
config,
...
}:
{
options.vinzenz = {
keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
};
config = lib.mkMerge [
{
services = {
xserver = {
# Enable the GNOME Desktop Environment.
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
displayManager.gdm.enable = true;
excludePackages = [ pkgs.xterm ];
};
displayManager.defaultSession = "gnome";
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
};
};
programs = {
dconf.enable = true;
gpaste.enable = true;
};
}
(lib.mkIf (!config.vinzenz.keep-gnome-default-apps) {
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
gnome-music
totem # video player
snapshot # camera
baobab # disk usage
];
})
];
}

0
modules/intel-graphics.nix → nixosModules/intel-graphics.nix
View file

53
nixosModules/kdeconnect.nix Normal file
View file

@ -0,0 +1,53 @@
{
lib,
config,
pkgs,
...
}:
{
config = lib.mkMerge [
{
networking.firewall =
let
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
};
programs.kdeconnect.enable = true;
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
}
];
}
(lib.mkIf config.services.xserver.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
};
}
)
];
})
];
}

0
modules/latex.nix → nixosModules/latex.nix
View file

15
nixosModules/lix-is-nix.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
nix.package = pkgs.lixPackageSets.latest.lix;
}

49
nixosModules/modern-desktop.nix Normal file
View file

@ -0,0 +1,49 @@
{
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
}

0
modules/niri.nix → nixosModules/niri.nix
View file

22
nixosModules/nix-ld.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, ... }:
{
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
];
};
}

11
nixosModules/openssh.nix Normal file
View file

@ -0,0 +1,11 @@
{
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "without-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
}

2
modules/podman.nix → nixosModules/podman.nix
View file

@ -1,4 +1,4 @@
_: {
{
virtualisation = {
containers.enable = true;
podman = {

12
nixosModules/printing.nix Normal file
View file

@ -0,0 +1,12 @@
{
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
}

11
nixosModules/quiet-boot.nix Normal file
View file

@ -0,0 +1,11 @@
{
boot = {
kernelParams = [
"quiet"
"udev.log_level=3"
];
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
};
}

45
nixosModules/steam.nix Normal file
View file

@ -0,0 +1,45 @@
{
hardware.steam-hardware.enable = true;
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
};
# steam network transfer
networking.firewall = {
allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ];
allowedTCPPortRanges = [
{
from = 27015;
to = 27050;
}
];
allowedUDPPortRanges = [
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
}

11
nixosModules/systemd-boot.nix Normal file
View file

@ -0,0 +1,11 @@
{
boot.loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
}

8
nixosModules/tailscale.nix Normal file
View file

@ -0,0 +1,8 @@
{
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
}

19
nixosModules/user-ronja.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, ... }:
{
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ];
}

35
nixosModules/user-vinzenz.nix Normal file
View file

@ -0,0 +1,35 @@
{ pkgs, ... }:
{
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "Vinzenz";
home = "/home/vinzenz";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "vinzenz" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
];
}

28
nixosModules/vinzenz-desktop-settings.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
{
programs.firefox.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
];
fonts = {
enableDefaultPackages = true;
fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font" ];
packages = with pkgs; [
nerd-fonts.fira-code
roboto-mono
recursive
];
};
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
}

22
nixosModules/wine-gaming.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, ... }:
{
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
xpadneo.enable = true;
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
glxinfo
];
}