From 56b1e8510963d67f06d62c5c99bd53017b067e03 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:16:56 +0100 Subject: [PATCH 01/80] add headscale --- nixosConfigurations/hetzner-vpn2/default.nix | 1 + .../hetzner-vpn2/headscale.nix | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 nixosConfigurations/hetzner-vpn2/headscale.nix diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index 5aeb629..16f8d08 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -2,6 +2,7 @@ imports = [ ./hardware.nix ./nginx.nix + ./headscale.nix ]; config = { diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix new file mode 100644 index 0000000..538c557 --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -0,0 +1,26 @@ +let + headscale-port = 8668; +in +{ + services = { + headscale = { + enable = true; + address = "localhost"; + port = headscale-port; + settings = { + server_url = "https://headscale.zerforschen.plus"; + dns = { + override_local_dns = false; + base_domain = "high-gravity.space"; + }; + }; + }; + nginx.virtualHosts."uplink.darkest.space" = { + addSSL = true; + enableACME = true; + locations = { + "/".proxyPass = "http://localhost:${builtins.toString headscale-port}"; + }; + }; + }; +} From af4e09ebd7a41d6453a7e2abdedca40fb137e2b0 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:17:22 +0100 Subject: [PATCH 02/80] vpn2: split nginx config --- nixosConfigurations/hetzner-vpn2/blog.nix | 43 +++++++++++++++ nixosConfigurations/hetzner-vpn2/default.nix | 1 + nixosConfigurations/hetzner-vpn2/nginx.nix | 55 +++----------------- 3 files changed, 50 insertions(+), 49 deletions(-) create mode 100644 nixosConfigurations/hetzner-vpn2/blog.nix diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix new file mode 100644 index 0000000..4b29cb3 --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/blog.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +let + blog-domain-socket = "/run/nginx/blog.sock"; + anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; + anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; +in +{ + systemd.services = { + nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; + anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; + }; + + services = { + nginx.virtualHosts = { + "zerforschen.plus" = { + addSSL = true; + enableACME = true; + locations = { + "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; + "/".proxyPass = "http://unix:" + anubis-domain-socket; + }; + }; + + "blog-in-anubis" = { + root = pkgs.zerforschen-plus-content; + listen = [ + { + addr = "unix:" + blog-domain-socket; + } + ]; + }; + }; + + anubis.instances.main = { + enable = true; + settings = { + BIND = anubis-domain-socket; + TARGET = "unix://" + blog-domain-socket; + METRICS_BIND = anubis-metrics-socket; + }; + }; + }; +} diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index 16f8d08..5d58835 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -3,6 +3,7 @@ ./hardware.nix ./nginx.nix ./headscale.nix + ./blog.nix ]; config = { diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix index aa399aa..7178b0d 100644 --- a/nixosConfigurations/hetzner-vpn2/nginx.nix +++ b/nixosConfigurations/hetzner-vpn2/nginx.nix @@ -1,62 +1,19 @@ -{ pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; - anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; -in { security.acme = { acceptTerms = true; defaults.email = "acme@zerforschen.plus"; }; - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; - anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; - }; - - services = { - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "zerforschen.plus" = { - addSSL = true; - enableACME = true; - locations = { - "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; - "/".proxyPass = "http://unix:" + anubis-domain-socket; - }; - }; - - "blog-in-anubis" = { - root = pkgs.zerforschen-plus-content; - listen = [ - { - addr = "unix:" + blog-domain-socket; - } - ]; - }; - }; - }; - - anubis.instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - METRICS_BIND = anubis-metrics-socket; - }; - }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; }; networking.firewall.allowedTCPPorts = [ 80 443 - 5201 ]; } From 2a68f77860a7e410dc689c7a882734e0bea675b8 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:51:42 +0100 Subject: [PATCH 03/80] headscale/blog: fix url, force ssl, proxy websockets --- nixosConfigurations/hetzner-vpn2/blog.nix | 2 +- nixosConfigurations/hetzner-vpn2/headscale.nix | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix index 4b29cb3..367ef2b 100644 --- a/nixosConfigurations/hetzner-vpn2/blog.nix +++ b/nixosConfigurations/hetzner-vpn2/blog.nix @@ -13,8 +13,8 @@ in services = { nginx.virtualHosts = { "zerforschen.plus" = { - addSSL = true; enableACME = true; + forceSSL = true; locations = { "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; "/".proxyPass = "http://unix:" + anubis-domain-socket; diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index 538c557..43eda08 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -8,7 +8,7 @@ in address = "localhost"; port = headscale-port; settings = { - server_url = "https://headscale.zerforschen.plus"; + server_url = "https://uplink.darkest.space/"; dns = { override_local_dns = false; base_domain = "high-gravity.space"; @@ -16,10 +16,11 @@ in }; }; nginx.virtualHosts."uplink.darkest.space" = { - addSSL = true; enableACME = true; - locations = { - "/".proxyPass = "http://localhost:${builtins.toString headscale-port}"; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString headscale-port}"; + proxyWebsockets = true; }; }; }; From da3ac92eb6b04901fc4c5cbe9540329de05691e8 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 21:59:05 +0100 Subject: [PATCH 04/80] headscale: enable DERP --- nixosConfigurations/hetzner-vpn2/headscale.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index 43eda08..6eac407 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -2,6 +2,8 @@ let headscale-port = 8668; in { + # sudo tailscale up --reset --force-reauth --login-server https://uplink.darkest.space --operator=$USER + services = { headscale = { enable = true; @@ -13,8 +15,19 @@ in override_local_dns = false; base_domain = "high-gravity.space"; }; + derp = { + server = { + enabled = true; + verify_clients = true; + stun_listen_addr = "0.0.0.0:3478"; + ipv4 = "78.46.242.90"; + ipv6 = "2a01:4f8:c013:65dd::1"; + }; + urls = [ ]; + }; }; }; + nginx.virtualHosts."uplink.darkest.space" = { enableACME = true; forceSSL = true; @@ -24,4 +37,7 @@ in }; }; }; + + # for DERP + networking.firewall.allowedUDPPorts = [ 3478 ]; } From 82631191ea15ba34ef16f2cbb6501d986527f0bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 1 Feb 2026 12:23:07 +0100 Subject: [PATCH 05/80] user rename --- flake.nix | 10 +++++----- .../.config/containers/policy.json | 0 homeConfigurations/{vinzenz => muede}/default.nix | 0 .../{vinzenz => muede}/editorconfig.nix | 0 homeConfigurations/{vinzenz => muede}/element.nix | 0 homeConfigurations/{vinzenz => muede}/fonts.nix | 0 homeConfigurations/{vinzenz => muede}/fuzzel.nix | 0 homeConfigurations/{vinzenz => muede}/git.nix | 0 homeConfigurations/{vinzenz => muede}/gnome.nix | 0 homeConfigurations/{vinzenz => muede}/niri.nix | 0 homeConfigurations/{vinzenz => muede}/ssh.nix | 0 homeConfigurations/{vinzenz => muede}/starship.nix | 7 ++----- homeConfigurations/{vinzenz => muede}/swaylock.nix | 0 homeConfigurations/{vinzenz => muede}/swaync.nix | 0 homeConfigurations/{vinzenz => muede}/vscode.nix | 0 homeConfigurations/{vinzenz => muede}/waybar.css | 0 homeConfigurations/{vinzenz => muede}/waybar.nix | 0 homeConfigurations/{vinzenz => muede}/wlogout.nix | 0 homeConfigurations/{vinzenz => muede}/zsh.nix | 2 +- homeModules/gnome-extensions.nix | 4 ++-- nixosConfigurations/forgejo-runner-1/default.nix | 6 +++--- nixosConfigurations/hetzner-vpn2/default.nix | 6 +++--- .../{vinzenz-lpt2 => muede-lpt2}/default.nix | 12 +++++++----- .../{vinzenz-lpt2 => muede-lpt2}/hardware.nix | 0 .../{vinzenz-pc2 => muede-pc2}/default.nix | 12 +++++++----- .../{vinzenz-pc2 => muede-pc2}/fstab.nix | 0 .../{vinzenz-pc2 => muede-pc2}/hardware.nix | 0 .../{vinzenz-pc2 => muede-pc2}/hass.nix | 0 .../{vinzenz-pc2 => muede-pc2}/vscode-server.nix | 0 nixosConfigurations/ronja-pc/default.nix | 2 +- nixosModules/gnome.nix | 4 ++-- ...sktop-settings.nix => muede-desktop-settings.nix} | 0 nixosModules/{user-vinzenz.nix => user-muede.nix} | 7 +++---- 33 files changed, 36 insertions(+), 36 deletions(-) rename homeConfigurations/{vinzenz => muede}/.config/containers/policy.json (100%) rename homeConfigurations/{vinzenz => muede}/default.nix (100%) rename homeConfigurations/{vinzenz => muede}/editorconfig.nix (100%) rename homeConfigurations/{vinzenz => muede}/element.nix (100%) rename homeConfigurations/{vinzenz => muede}/fonts.nix (100%) rename homeConfigurations/{vinzenz => muede}/fuzzel.nix (100%) rename homeConfigurations/{vinzenz => muede}/git.nix (100%) rename homeConfigurations/{vinzenz => muede}/gnome.nix (100%) rename homeConfigurations/{vinzenz => muede}/niri.nix (100%) rename homeConfigurations/{vinzenz => muede}/ssh.nix (100%) rename homeConfigurations/{vinzenz => muede}/starship.nix (97%) rename homeConfigurations/{vinzenz => muede}/swaylock.nix (100%) rename homeConfigurations/{vinzenz => muede}/swaync.nix (100%) rename homeConfigurations/{vinzenz => muede}/vscode.nix (100%) rename homeConfigurations/{vinzenz => muede}/waybar.css (100%) rename homeConfigurations/{vinzenz => muede}/waybar.nix (100%) rename homeConfigurations/{vinzenz => muede}/wlogout.nix (100%) rename homeConfigurations/{vinzenz => muede}/zsh.nix (94%) rename nixosConfigurations/{vinzenz-lpt2 => muede-lpt2}/default.nix (82%) rename nixosConfigurations/{vinzenz-lpt2 => muede-lpt2}/hardware.nix (100%) rename nixosConfigurations/{vinzenz-pc2 => muede-pc2}/default.nix (78%) rename nixosConfigurations/{vinzenz-pc2 => muede-pc2}/fstab.nix (100%) rename nixosConfigurations/{vinzenz-pc2 => muede-pc2}/hardware.nix (100%) rename nixosConfigurations/{vinzenz-pc2 => muede-pc2}/hass.nix (100%) rename nixosConfigurations/{vinzenz-pc2 => muede-pc2}/vscode-server.nix (100%) rename nixosModules/{vinzenz-desktop-settings.nix => muede-desktop-settings.nix} (100%) rename nixosModules/{user-vinzenz.nix => user-muede.nix} (79%) diff --git a/flake.nix b/flake.nix index 5894172..e864fc6 100644 --- a/flake.nix +++ b/flake.nix @@ -105,16 +105,16 @@ }: let devices = { - vinzenz-lpt2 = { + muede-lpt2 = { system = "x86_64-linux"; home-manager-users = { - inherit (self.homeConfigurations) vinzenz; + inherit (self.homeConfigurations) muede; }; }; - vinzenz-pc2 = { + muede-pc2 = { system = "x86_64-linux"; home-manager-users = { - inherit (self.homeConfigurations) vinzenz; + inherit (self.homeConfigurations) muede; }; }; ronja-pc = { @@ -197,7 +197,7 @@ homeModules = importModuleDir ./homeModules; homeConfigurations = { - vinzenz = ./homeConfigurations/vinzenz; + muede = ./homeConfigurations/muede; ronja = ./homeConfigurations/ronja; }; diff --git a/homeConfigurations/vinzenz/.config/containers/policy.json b/homeConfigurations/muede/.config/containers/policy.json similarity index 100% rename from homeConfigurations/vinzenz/.config/containers/policy.json rename to homeConfigurations/muede/.config/containers/policy.json diff --git a/homeConfigurations/vinzenz/default.nix b/homeConfigurations/muede/default.nix similarity index 100% rename from homeConfigurations/vinzenz/default.nix rename to homeConfigurations/muede/default.nix diff --git a/homeConfigurations/vinzenz/editorconfig.nix b/homeConfigurations/muede/editorconfig.nix similarity index 100% rename from homeConfigurations/vinzenz/editorconfig.nix rename to homeConfigurations/muede/editorconfig.nix diff --git a/homeConfigurations/vinzenz/element.nix b/homeConfigurations/muede/element.nix similarity index 100% rename from homeConfigurations/vinzenz/element.nix rename to homeConfigurations/muede/element.nix diff --git a/homeConfigurations/vinzenz/fonts.nix b/homeConfigurations/muede/fonts.nix similarity index 100% rename from homeConfigurations/vinzenz/fonts.nix rename to homeConfigurations/muede/fonts.nix diff --git a/homeConfigurations/vinzenz/fuzzel.nix b/homeConfigurations/muede/fuzzel.nix similarity index 100% rename from homeConfigurations/vinzenz/fuzzel.nix rename to homeConfigurations/muede/fuzzel.nix diff --git a/homeConfigurations/vinzenz/git.nix b/homeConfigurations/muede/git.nix similarity index 100% rename from homeConfigurations/vinzenz/git.nix rename to homeConfigurations/muede/git.nix diff --git a/homeConfigurations/vinzenz/gnome.nix b/homeConfigurations/muede/gnome.nix similarity index 100% rename from homeConfigurations/vinzenz/gnome.nix rename to homeConfigurations/muede/gnome.nix diff --git a/homeConfigurations/vinzenz/niri.nix b/homeConfigurations/muede/niri.nix similarity index 100% rename from homeConfigurations/vinzenz/niri.nix rename to homeConfigurations/muede/niri.nix diff --git a/homeConfigurations/vinzenz/ssh.nix b/homeConfigurations/muede/ssh.nix similarity index 100% rename from homeConfigurations/vinzenz/ssh.nix rename to homeConfigurations/muede/ssh.nix diff --git a/homeConfigurations/vinzenz/starship.nix b/homeConfigurations/muede/starship.nix similarity index 97% rename from homeConfigurations/vinzenz/starship.nix rename to homeConfigurations/muede/starship.nix index 458058d..1550aac 100644 --- a/homeConfigurations/vinzenz/starship.nix +++ b/homeConfigurations/muede/starship.nix @@ -33,9 +33,6 @@ style_user = "bg:color_r fg:text_r"; style_root = "bold bg:color_r fg:text_r"; show_always = true; - aliases = { - "vinzenz" = "müde"; - }; }; os = { disabled = false; @@ -47,8 +44,8 @@ format = "$hostname"; ssh_symbol = ""; aliases = { - "vinzenz-lpt2" = "lpt"; - "vinzenz-pc2" = "pc"; + "muede-lpt2" = "lpt"; + "muede-pc2" = "pc"; }; }; container = { diff --git a/homeConfigurations/vinzenz/swaylock.nix b/homeConfigurations/muede/swaylock.nix similarity index 100% rename from homeConfigurations/vinzenz/swaylock.nix rename to homeConfigurations/muede/swaylock.nix diff --git a/homeConfigurations/vinzenz/swaync.nix b/homeConfigurations/muede/swaync.nix similarity index 100% rename from homeConfigurations/vinzenz/swaync.nix rename to homeConfigurations/muede/swaync.nix diff --git a/homeConfigurations/vinzenz/vscode.nix b/homeConfigurations/muede/vscode.nix similarity index 100% rename from homeConfigurations/vinzenz/vscode.nix rename to homeConfigurations/muede/vscode.nix diff --git a/homeConfigurations/vinzenz/waybar.css b/homeConfigurations/muede/waybar.css similarity index 100% rename from homeConfigurations/vinzenz/waybar.css rename to homeConfigurations/muede/waybar.css diff --git a/homeConfigurations/vinzenz/waybar.nix b/homeConfigurations/muede/waybar.nix similarity index 100% rename from homeConfigurations/vinzenz/waybar.nix rename to homeConfigurations/muede/waybar.nix diff --git a/homeConfigurations/vinzenz/wlogout.nix b/homeConfigurations/muede/wlogout.nix similarity index 100% rename from homeConfigurations/vinzenz/wlogout.nix rename to homeConfigurations/muede/wlogout.nix diff --git a/homeConfigurations/vinzenz/zsh.nix b/homeConfigurations/muede/zsh.nix similarity index 94% rename from homeConfigurations/vinzenz/zsh.nix rename to homeConfigurations/muede/zsh.nix index f2fc674..16f00e1 100644 --- a/homeConfigurations/vinzenz/zsh.nix +++ b/homeConfigurations/muede/zsh.nix @@ -2,7 +2,7 @@ { config.programs.zsh = { initContent = '' - export PATH=$PATH:/home/vinzenz/.cargo/bin + export PATH=$PATH:$HOME/.cargo/bin bindkey "^[[1;5C" forward-word bindkey "^[[1;5D" backward-word diff --git a/homeModules/gnome-extensions.nix b/homeModules/gnome-extensions.nix index 9c30c40..0e6ca16 100644 --- a/homeModules/gnome-extensions.nix +++ b/homeModules/gnome-extensions.nix @@ -6,7 +6,7 @@ ... }: { - options.vinzenz.gnome-extensions = + options.muede.gnome-extensions = let mkDefaultEnabledOption = name: @@ -40,7 +40,7 @@ config = let - cfg = config.vinzenz.gnome-extensions; + cfg = config.muede.gnome-extensions; in lib.mkIf cfg.enable ( lib.mkMerge [ diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix index c64882b..4196430 100644 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ b/nixosConfigurations/forgejo-runner-1/default.nix @@ -14,9 +14,9 @@ users.users = { root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" ]; }; }; diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index 5aeb629..5974763 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -12,9 +12,9 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" ]; system.autoUpgrade.allowReboot = true; diff --git a/nixosConfigurations/vinzenz-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix similarity index 82% rename from nixosConfigurations/vinzenz-lpt2/default.nix rename to nixosConfigurations/muede-lpt2/default.nix index 8b2c909..61ef827 100644 --- a/nixosConfigurations/vinzenz-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -2,12 +2,12 @@ { imports = [ ./hardware.nix - self.nixosModules.user-vinzenz + self.nixosModules.user-muede self.nixosModules.gnome self.nixosModules.wine-gaming self.nixosModules.steam self.nixosModules.podman - self.nixosModules.vinzenz-desktop-settings + self.nixosModules.muede-desktop-settings self.nixosModules.intel-graphics self.nixosModules.secure-boot ]; @@ -27,9 +27,9 @@ # Configure console keymap console.keyMap = "de"; - users.users.vinzenz.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming" + users.users.muede.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" ]; programs = { @@ -60,5 +60,7 @@ ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + users.users.muede.home = "/home/vinzenz"; }; } diff --git a/nixosConfigurations/vinzenz-lpt2/hardware.nix b/nixosConfigurations/muede-lpt2/hardware.nix similarity index 100% rename from nixosConfigurations/vinzenz-lpt2/hardware.nix rename to nixosConfigurations/muede-lpt2/hardware.nix diff --git a/nixosConfigurations/vinzenz-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix similarity index 78% rename from nixosConfigurations/vinzenz-pc2/default.nix rename to nixosConfigurations/muede-pc2/default.nix index 2c1fb29..886757f 100644 --- a/nixosConfigurations/vinzenz-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -5,12 +5,12 @@ ./vscode-server.nix ./hass.nix - self.nixosModules.user-vinzenz + self.nixosModules.user-muede self.nixosModules.gnome self.nixosModules.wine-gaming self.nixosModules.steam self.nixosModules.podman - self.nixosModules.vinzenz-desktop-settings + self.nixosModules.muede-desktop-settings self.nixosModules.amd-graphics self.nixosModules.secure-boot ]; @@ -30,10 +30,10 @@ # Configure console keymap console.keyMap = "de"; - users.users.vinzenz.openssh.authorizedKeys.keys = [ + users.users.muede.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" ]; environment.systemPackages = with pkgs; [ lact ]; @@ -42,5 +42,7 @@ # Factorio 34197 ]; + + users.users.muede.home = "/home/vinzenz"; }; } diff --git a/nixosConfigurations/vinzenz-pc2/fstab.nix b/nixosConfigurations/muede-pc2/fstab.nix similarity index 100% rename from nixosConfigurations/vinzenz-pc2/fstab.nix rename to nixosConfigurations/muede-pc2/fstab.nix diff --git a/nixosConfigurations/vinzenz-pc2/hardware.nix b/nixosConfigurations/muede-pc2/hardware.nix similarity index 100% rename from nixosConfigurations/vinzenz-pc2/hardware.nix rename to nixosConfigurations/muede-pc2/hardware.nix diff --git a/nixosConfigurations/vinzenz-pc2/hass.nix b/nixosConfigurations/muede-pc2/hass.nix similarity index 100% rename from nixosConfigurations/vinzenz-pc2/hass.nix rename to nixosConfigurations/muede-pc2/hass.nix diff --git a/nixosConfigurations/vinzenz-pc2/vscode-server.nix b/nixosConfigurations/muede-pc2/vscode-server.nix similarity index 100% rename from nixosConfigurations/vinzenz-pc2/vscode-server.nix rename to nixosConfigurations/muede-pc2/vscode-server.nix diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 7630611..8e1eb52 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -11,7 +11,7 @@ self.nixosModules.gnome self.nixosModules.steam self.nixosModules.wine-gaming - self.nixosModules.vinzenz-desktop-settings + self.nixosModules.muede-desktop-settings ]; config = { diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index ead61d0..260fbbd 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -5,7 +5,7 @@ ... }: { - options.vinzenz = { + options.muede = { keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; }; @@ -37,7 +37,7 @@ gpaste.enable = true; }; } - (lib.mkIf (!config.vinzenz.keep-gnome-default-apps) { + (lib.mkIf (!config.muede.keep-gnome-default-apps) { environment.gnome.excludePackages = with pkgs; [ cheese # photo booth epiphany # web browser diff --git a/nixosModules/vinzenz-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix similarity index 100% rename from nixosModules/vinzenz-desktop-settings.nix rename to nixosModules/muede-desktop-settings.nix diff --git a/nixosModules/user-vinzenz.nix b/nixosModules/user-muede.nix similarity index 79% rename from nixosModules/user-vinzenz.nix rename to nixosModules/user-muede.nix index 13ccf11..959be07 100644 --- a/nixosModules/user-vinzenz.nix +++ b/nixosModules/user-muede.nix @@ -1,10 +1,9 @@ { pkgs, ... }: { - users.users.vinzenz = { + users.users.muede = { isNormalUser = true; - name = "vinzenz"; + name = "muede"; description = "müde"; - home = "/home/vinzenz"; extraGroups = [ "networkmanager" "wheel" @@ -21,7 +20,7 @@ autoSubUidGidRange = true; }; - nix.settings.trusted-users = [ "vinzenz" ]; + nix.settings.trusted-users = [ "muede" ]; allowedUnfreePackages = [ "rider" From 1f5f86ed2968086b8fd4fa72f5e6ad834b15fcd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 1 Feb 2026 19:23:35 +0100 Subject: [PATCH 06/80] fixed uid --- nixosModules/user-muede.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix index 959be07..19e4d82 100644 --- a/nixosModules/user-muede.nix +++ b/nixosModules/user-muede.nix @@ -2,6 +2,7 @@ { users.users.muede = { isNormalUser = true; + uid = 1000; name = "muede"; description = "müde"; extraGroups = [ From 5fc4be420744bf5b996fe520dac39c9ba0604ee2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 1 Feb 2026 19:23:43 +0100 Subject: [PATCH 07/80] nix flake update --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index e0df6e3..5022955 100644 --- a/flake.lock +++ b/flake.lock @@ -284,11 +284,11 @@ ] }, "locked": { - "lastModified": 1768949235, - "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", + "lastModified": 1769580047, + "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=", "owner": "nix-community", "repo": "home-manager", - "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", + "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1768908532, - "narHash": "sha256-HIdLXEFaUVE8FiaCPJbCfBMsnF+mVtDub8Jwj2BD+mk=", + "lastModified": 1769799857, + "narHash": "sha256-88IFXZ7Sa1vxbz5pty0Io5qEaMQMMUPMonLa3Ls/ss4=", "owner": "nix-community", "repo": "naersk", - "rev": "8d97452673640eb7fabe428e8b6a425bc355008b", + "rev": "9d4ed44d8b8cecdceb1d6fd76e74123d90ae6339", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1769170609, - "narHash": "sha256-LiyaKNga2z/iG4pNr86iQLySEDoOytEzTCblxzRjnCk=", + "lastModified": 1769948416, + "narHash": "sha256-auvybZw7/95ln7J01VUqg6i7zvCpspgR1miG7WwiQBg=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "08d6e6adf34b0af12be7eaeacc0b4c1a8580b3da", + "rev": "0ddfba5c5475a415c56123d700f3ceb5744c32fd", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1768678265, - "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", + "lastModified": 1769577126, + "narHash": "sha256-v9vz9Rj4MGwPuhGELdvpRKl2HH+xvkgat6VwL0L86Fg=", "owner": "YaLTeR", "repo": "niri", - "rev": "d7184a04b904e07113f4623610775ae78d32394c", + "rev": "f30db163b5748e8cf95c05aba77d0d3736f40543", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1769134548, - "narHash": "sha256-16UWbfkIEaG728vwCdXM5C/8f1NLqBwZc039p8Yj9CA=", + "lastModified": 1769914816, + "narHash": "sha256-GXK/ub/LfBFEEBO2M+HhqWu3VW042pWw145Y+jYEMT0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "969bb9a90fa1365e8b5028d1b67dbd439b268675", + "rev": "8eebcb40d2658badb78b4162868ffcc1006b59f3", "type": "github" }, "original": { @@ -463,11 +463,11 @@ ] }, "locked": { - "lastModified": 1764234087, - "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", + "lastModified": 1769813415, + "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", + "rev": "8946737ff703382fda7623b9fab071d037e897d5", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769089682, - "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", + "lastModified": 1769741972, + "narHash": "sha256-RxSg1EioTWNpoLaykiT1UQKTo/K0PPdLqCyQgNjNqWs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", + "rev": "63590ac958a8af30ebd52c7a0309d8c52a94dd77", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1768875095, - "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", + "lastModified": 1769740369, + "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", + "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", "type": "github" }, "original": { @@ -549,11 +549,11 @@ ] }, "locked": { - "lastModified": 1769190062, - "narHash": "sha256-HXy1M80RWBW7cIIMQ/bBV/pMa3NmK6MYOOz/kA4bHIw=", + "lastModified": 1769947836, + "narHash": "sha256-CYSecY7oPzVkQmorHjI5lTWdwGpwqP62z+YJmObxYQ4=", "owner": "nix-community", "repo": "NUR", - "rev": "82023efed13ef3c1bfe99f0cd669139b4a2d2694", + "rev": "0d28d95d7bf9e852b4e6b514955dceef2e4921a5", "type": "github" }, "original": { @@ -747,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1768493544, - "narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=", + "lastModified": 1769885983, + "narHash": "sha256-jLS7410B58f+3WfZ4PQ28aaaTONnmxlfAbDPdNuciLc=", "owner": "nix-community", "repo": "stylix", - "rev": "362306faaa7459bebf8eabf135879785f3da9bd2", + "rev": "fe06391a1e1905fc7e6c13443ea439a89695ca69", "type": "github" }, "original": { @@ -864,11 +864,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1769691507, + "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", "type": "github" }, "original": { @@ -897,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1768765571, - "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", + "lastModified": 1769713942, + "narHash": "sha256-0BtCSO2qzYK/akRDsERqRVLknCYD3FYErc+szreSHUo=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", + "rev": "37ec78ee26e158b71f42e113e0e7dd9d5eb6bdb0", "type": "github" }, "original": { From 9d5cb1e98c2227417775fd1fa704777dec79e7f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 1 Feb 2026 19:24:33 +0100 Subject: [PATCH 08/80] pc2: disable vscode-server and hass --- nixosConfigurations/muede-pc2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index 886757f..5062ada 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -2,8 +2,8 @@ { imports = [ ./hardware.nix - ./vscode-server.nix - ./hass.nix +# ./vscode-server.nix +# ./hass.nix self.nixosModules.user-muede self.nixosModules.gnome From 7901ac306527cc40d5b23d4314ffba99b4b32658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 1 Feb 2026 20:05:04 +0100 Subject: [PATCH 09/80] lpt2: move home --- nixosConfigurations/muede-lpt2/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 61ef827..dcb580f 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -60,7 +60,5 @@ ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - users.users.muede.home = "/home/vinzenz"; }; } From c09b746466c69d75f0941debd72b58061e707a19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 1 Feb 2026 20:14:54 +0100 Subject: [PATCH 10/80] pc2: move home --- nixosConfigurations/muede-pc2/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index 5062ada..742fa9f 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -42,7 +42,5 @@ # Factorio 34197 ]; - - users.users.muede.home = "/home/vinzenz"; }; } From e3583cf85a10c7f526f35e0ab335a581230130a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 7 Feb 2026 20:05:37 +0100 Subject: [PATCH 11/80] nix flake update --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 5022955..1e2104c 100644 --- a/flake.lock +++ b/flake.lock @@ -186,11 +186,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -284,11 +284,11 @@ ] }, "locked": { - "lastModified": 1769580047, - "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=", + "lastModified": 1770260404, + "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", "owner": "nix-community", "repo": "home-manager", - "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826", + "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1769948416, - "narHash": "sha256-auvybZw7/95ln7J01VUqg6i7zvCpspgR1miG7WwiQBg=", + "lastModified": 1770400632, + "narHash": "sha256-TsOt49sYfzmxSTj2wKHKK2ZToCByLJLxPbwbu1brDt0=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "0ddfba5c5475a415c56123d700f3ceb5744c32fd", + "rev": "652dbeb0ac2c481dee5b57be972c6fd6feb38adc", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1769577126, - "narHash": "sha256-v9vz9Rj4MGwPuhGELdvpRKl2HH+xvkgat6VwL0L86Fg=", + "lastModified": 1770394936, + "narHash": "sha256-Pa0fkyLYUR+pZh7phPENDUo4mJIweaAm0uV83iUUlX8=", "owner": "YaLTeR", "repo": "niri", - "rev": "f30db163b5748e8cf95c05aba77d0d3736f40543", + "rev": "549148d27779d024255a84535b42b947f1c2a113", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1769914816, - "narHash": "sha256-GXK/ub/LfBFEEBO2M+HhqWu3VW042pWw145Y+jYEMT0=", + "lastModified": 1770431965, + "narHash": "sha256-vVMfSjrmeYGfT+dj5eLZ8xNnJP62gvdW32IFQk606wM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "8eebcb40d2658badb78b4162868ffcc1006b59f3", + "rev": "2b53743c0c65c6c525952fce502fe6eaa0913300", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769741972, - "narHash": "sha256-RxSg1EioTWNpoLaykiT1UQKTo/K0PPdLqCyQgNjNqWs=", + "lastModified": 1770464364, + "narHash": "sha256-z5NJPSBwsLf/OfD8WTmh79tlSU8XgIbwmk6qB1/TFzY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63590ac958a8af30ebd52c7a0309d8c52a94dd77", + "rev": "23d72dabcb3b12469f57b37170fcbc1789bd7457", "type": "github" }, "original": { @@ -494,11 +494,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1769740369, - "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", + "lastModified": 1770380644, + "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", + "rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe", "type": "github" }, "original": { @@ -549,11 +549,11 @@ ] }, "locked": { - "lastModified": 1769947836, - "narHash": "sha256-CYSecY7oPzVkQmorHjI5lTWdwGpwqP62z+YJmObxYQ4=", + "lastModified": 1770486118, + "narHash": "sha256-eto9txBNwwlQmi445yHZ+x+7mMbyYnbcSn5jG+WJpQU=", "owner": "nix-community", "repo": "NUR", - "rev": "0d28d95d7bf9e852b4e6b514955dceef2e4921a5", + "rev": "efe9288eff027bbef3bc02ff23937751d20f64c1", "type": "github" }, "original": { @@ -747,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1769885983, - "narHash": "sha256-jLS7410B58f+3WfZ4PQ28aaaTONnmxlfAbDPdNuciLc=", + "lastModified": 1770308890, + "narHash": "sha256-7bx8Bn9B2g/loBaz+uLwdKI2rUW+RhDPyP/MqAgvrxU=", "owner": "nix-community", "repo": "stylix", - "rev": "fe06391a1e1905fc7e6c13443ea439a89695ca69", + "rev": "7e7fa955abac04a8e118b1cedf930a8fd41c34a6", "type": "github" }, "original": { @@ -864,11 +864,11 @@ ] }, "locked": { - "lastModified": 1769691507, - "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -897,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1769713942, - "narHash": "sha256-0BtCSO2qzYK/akRDsERqRVLknCYD3FYErc+szreSHUo=", + "lastModified": 1770167989, + "narHash": "sha256-rE2WTxKHe3KMG/Zr5YUNeKHkZfWwSFl7yJXrOKnunHg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "37ec78ee26e158b71f42e113e0e7dd9d5eb6bdb0", + "rev": "0947c4685f6237d4f8045482ce0c62feab40b6c4", "type": "github" }, "original": { From a00f15adfc74ffbf6da88e8974e81dc4eaf12fe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 8 Feb 2026 15:13:39 +0100 Subject: [PATCH 12/80] waybar: pill style widgets, whole width bar --- homeConfigurations/muede/waybar.css | 360 +++++++++++++++++++--------- homeConfigurations/muede/waybar.nix | 59 ++--- 2 files changed, 264 insertions(+), 155 deletions(-) diff --git a/homeConfigurations/muede/waybar.css b/homeConfigurations/muede/waybar.css index 0210f6f..a5bd155 100644 --- a/homeConfigurations/muede/waybar.css +++ b/homeConfigurations/muede/waybar.css @@ -13,90 +13,31 @@ /* #endregion */ * { - font-family: sans-serif; + font-family: monospace sans-serif; + font-size: 12px; + } window#waybar { transition-property: background-color; transition-duration: 0.5s; - background: transparent; -} - -window#waybar.hidden { - opacity: 0.2; -} - -window#waybar.termite { - background-color: #3f3f3f; -} - -window#waybar.chromium { - background-color: #000000; - border: none; + /* Gradient border spanning the entire waybar window */ + border-bottom: 4px solid transparent; + background-clip: padding-box, border-box; + background-origin: padding-box, border-box; + background-image: + linear-gradient(90deg, @base01, @base00, @base01, @base00, @base01), + linear-gradient(90deg, @base0C, @base0D, @base0A, @base0D, @base0C); } .modules-left, .modules-center, .modules-right { - border: 0px solid #fff; - padding-bottom: 4px; - background-clip: content-box, padding-box; - background-image: - linear-gradient(90deg, @base01, @base01), - linear-gradient(90deg, #a30262, #4a6bb1); -} - -.modules-center, -.modules-left { - border-bottom-right-radius: 15px; - padding-right: 4px; -} - -.modules-center, -.modules-right { - border-bottom-left-radius: 15px; - padding-left: 4px; -} - -widget { - margin: 0px 4px; -} - -#workspaces, -#window, -#tray { - padding: 4px 6px; - margin-left: 6px; - margin-right: 6px; -} - -#workspaces button { - padding: 0 5px; - background-color: transparent; - color: #ffffff; - border-radius: 15px; -} - -#workspaces button:hover { - background: rgba(0, 0, 0, 0.2); -} - -#workspaces button.focused, -#workspaces button.active { - background-color: @base03; -} - -#workspaces button.urgent { - background-color: #eb4d4b; -} - -#mode { - background-color: #64727d; - box-shadow: inset 0 -3px #ffffff; + padding: 0px 4px 8px 4px; } +/* Common pill styling for all widgets */ #clock, -#battery, #cpu, #memory, #disk, @@ -107,17 +48,154 @@ widget { #wireplumber, #custom-media, #mode, -#idle_inhibitor, #scratchpad, +#mpd, +#custom-weather, +#battery, #power-profiles-daemon, -#mpd { - padding: 0 10px; - color: #ffffff; +#idle_inhibitor, +#custom-swaync, +#bluetooth, +#mpris, +#upower, +#workspaces, +#window, +#tray { + margin: 0px 4px; + padding: 0px 6px; + background: linear-gradient(135deg, @base02, @base01); + border-radius: 16px; + border: 1px solid; + transition: all 0.3s ease; } +/* special treatment for weird sized widgets */ +#custom-wlogout { + padding: 0px 10px 0px 8px; +} +#power-profiles-daemon, +#idle_inhibitor { + padding: 0px 14px 0px 8px; +} + +/* Individual widget colors */ +#workspaces, #window, -#workspaces { - margin: 0 4px; +#tray { + border-color: @base0D; +} + +#workspaces button { + padding: 0 6px; + background-color: transparent; + color: @base05; + border-radius: 12px; + border: none; + transition: all 0.3s ease; +} + +#workspaces button:hover { + background: @base03; +} + +#workspaces button.focused, +#workspaces button.active { + background-color: @base03; + color: @base07; +} + +#workspaces button.urgent { + background-color: @base08; + color: @base00; +} + +#clock { + color: @base07; + border-color: @base0D; +} + +#cpu { + color: @base09; + border-color: @base09; +} + +#memory { + color: @base0E; + border-color: @base0E; +} + +#disk { + color: @base0D; + border-color: @base0D; +} + +#temperature { + color: @base08; + border-color: @base08; +} + +#backlight { + color: @base0A; + border-color: @base0A; +} + +#network { + color: @base0B; + border-color: @base0B; +} + +#pulseaudio, +#wireplumber { + color: @base0D; + border-color: @base0D; +} + +#custom-media { + color: @base0E; + border-color: @base0E; +} + +#mode { + color: @base05; + border-color: @base03; + box-shadow: inset 0 -3px @base05; +} + +#mpd { + color: @base0E; + border-color: @base0E; +} + +#custom-weather { + color: @base0B; + border-color: @base0B; +} + +#battery, +#power-profiles-daemon, +#idle_inhibitor { + color: @base05; + border-color: @base03; +} + +#custom-swaync { + color: @base0E; + border-color: @base0E; +} + +#bluetooth { + color: @base0D; + border-color: @base0D; +} + +#mpris { + color: @base0E; + border-color: @base0E; +} + +#upower { + color: @base0B; + border-color: @base0B; } /* If workspaces is the leftmost module, omit left margin */ @@ -130,6 +208,19 @@ widget { margin-right: 0; } +/* Battery states with colored glows */ +#battery.charging { + box-shadow: 0 0 10px rgba(168, 201, 255, 0.6); + border-color: @base0B; + color: @base0B; +} + +#battery.warning:not(.charging) { + box-shadow: 0 0 10px rgba(209, 98, 164, 0.6); + border-color: @base0A; + color: @base0A; +} + @keyframes blink { to { background-color: #ffffff; @@ -137,31 +228,65 @@ widget { } } -/* Using steps() instead of linear as a timing function to limit cpu usage */ #battery.critical:not(.charging) { - background-color: #f53c3c; - color: #ffffff; + box-shadow: 0 0 10px rgba(243, 139, 168, 0.8); + border-color: @base08; + color: @base08; animation-name: blink; animation-duration: 0.5s; + /* Using steps() instead of linear as a timing function to limit cpu usage */ animation-timing-function: steps(12); animation-iteration-count: infinite; animation-direction: alternate; } -#power-profiles-daemon { - padding-right: 15px; +/* Bluetooth connected state */ +#bluetooth.connected { + box-shadow: 0 0 10px rgba(137, 180, 250, 0.5); } +/* Power profiles with state-appropriate glows */ #power-profiles-daemon.performance { - color: #f53c3c; + box-shadow: 0 0 10px rgba(243, 139, 168, 0.6); + border-color: @base08; + color: @base08; } #power-profiles-daemon.balanced { - color: #2980b9; + box-shadow: 0 0 10px rgba(137, 180, 250, 0.6); + border-color: @base0D; + color: @base0D; } #power-profiles-daemon.power-saver { - color: #2ecc71; + box-shadow: 0 0 10px rgba(168, 201, 255, 0.6); + border-color: @base0B; + color: @base0B; +} + +/* Idle inhibitor with state glow */ +#idle_inhibitor.activated { + box-shadow: 0 0 10px rgba(137, 180, 250, 0.6); + border-color: @base0D; + color: @base0D; +} + +/* MPD states with glows */ +#mpd.playing { + box-shadow: 0 0 10px rgba(168, 201, 255, 0.5); + border-color: @base0B; + color: @base0B; +} + +#mpd.paused { + box-shadow: 0 0 10px rgba(203, 166, 247, 0.5); + border-color: @base0E; + color: @base0E; +} + +#mpd.disconnected, +#mpd.stopped { + color: @base04; } #tray > .passive { @@ -170,35 +295,8 @@ widget { #tray > .needs-attention { -gtk-icon-effect: highlight; - background-color: #eb4d4b; -} - -#language { - padding: 0 5px; - margin: 0 5px; - min-width: 16px; -} - -#keyboard-state { - padding: 0 0px; - margin: 0 5px; - min-width: 16px; -} - -#keyboard-state > label { - padding: 0 5px; -} - -#keyboard-state > label.locked { - background: rgba(0, 0, 0, 0.2); -} - -#scratchpad { - background: rgba(0, 0, 0, 0.2); -} - -#scratchpad.empty { - background-color: transparent; + box-shadow: 0 0 10px rgba(243, 139, 168, 0.8); + border-color: @base08; } #privacy { @@ -206,18 +304,42 @@ widget { } #privacy-item { - padding: 0 5px; - color: white; + /*padding: 4px 10px; + margin: 4px 6px 6px 6px;*/ + color: @base05; + background: linear-gradient(135deg, @base02, @base01); + border-radius: 16px; + transition: all 0.3s ease; } #privacy-item.screenshare { - background-color: #cf5700; + box-shadow: 0 0 10px rgba(209, 98, 164, 0.6); + border-color: @base0A; + color: @base0A; } #privacy-item.audio-in { - background-color: #1ca000; + box-shadow: 0 0 10px rgba(168, 201, 255, 0.6); + border-color: @base0B; + color: @base0B; } #privacy-item.audio-out { - background-color: #0069d4; + box-shadow: 0 0 10px rgba(137, 180, 250, 0.6); + border-color: @base0D; + color: @base0D; +} + +/* Custom wlogout button */ +#custom-wlogout { + color: @base08; + background: linear-gradient(135deg, @base02, @base01); + border-radius: 16px; + border: 1px solid @base08; + transition: all 0.3s ease; +} + +#custom-wlogout:hover { + box-shadow: 0 0 10px rgba(243, 139, 168, 0.5); + border-color: @base08; } diff --git a/homeConfigurations/muede/waybar.nix b/homeConfigurations/muede/waybar.nix index b04fd5b..4cf9532 100644 --- a/homeConfigurations/muede/waybar.nix +++ b/homeConfigurations/muede/waybar.nix @@ -37,37 +37,24 @@ "custom/swaync" ]; modules-right = [ - "group/system-tray" + "mpris" + "wireplumber" + "bluetooth" + "backlight" + "network" + "power-profiles-daemon" + "idle_inhibitor" #"image" - "group/status-infos" + "custom/weather" + "temperature" + "cpu" + "memory" + "disk" + # "battery" + "upower" "custom/wlogout" ]; - "group/system-tray" = { - orientation = "inherit"; - modules = [ - "mpris" - "wireplumber" - "bluetooth" - "backlight" - "network" - "power-profiles-daemon" - "idle_inhibitor" - ]; - }; - "group/status-infos" = { - orientation = "inherit"; - modules = [ - "custom/weather" - "temperature" - "cpu" - "memory" - "disk" - # "battery" - "upower" - ]; - }; - "niri/workspaces" = { format = "{icon}"; }; @@ -117,7 +104,7 @@ icon-size = 14; }; battery = { - format = "{capacity}% {icon}"; + format = "{icon} {capacity}%"; format-icons = [ "󰂎" # 0% "󰁺" # 10% @@ -176,19 +163,19 @@ }; cpu = { interval = 1; - format = "{usage:3}%@{avg_frequency:4}"; + format = " {usage:>3}%@{avg_frequency:>3.2f}"; }; disk = { format = "{free}/{total}"; }; "custom/wlogout" = { - format = " "; + format = ""; tooltip = false; on-click = "wlogout"; min-width = 20; }; idle_inhibitor = { - format = "{icon} "; + format = "{icon}"; format-icons = { activated = ""; deactivated = ""; @@ -213,7 +200,7 @@ # on-click = "playerctl play-pause"; # }; mpris = { - format = "{status_icon} {player} "; + format = "{status_icon} {player}"; tooltip-format = "{player} ({status_icon} {status}) {dynamic}"; status-icons = { playing = ""; @@ -222,7 +209,7 @@ }; }; memory = { - format = "{}%  "; + format = " {}%"; }; power-profiles-daemon = { format = "{icon}"; @@ -236,7 +223,7 @@ }; }; wireplumber = { - format = "{volume}% {icon}"; + format = "{icon} {volume}%"; format-muted = ""; format-icons = [ "" @@ -245,7 +232,7 @@ ]; }; temperature = { - format = "{temperatureC}°C "; + format = " {temperatureC}°C"; }; tray = { spacing = 4; @@ -266,7 +253,7 @@ in { tooltip = true; - format = "{icon} {0} "; + format = "{icon} {0}"; format-icons = { notification = "󱅫"; none = "󰂜"; From 74809ee2bb8ab221e701995bbf69158f5de4e159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 8 Feb 2026 17:43:33 +0100 Subject: [PATCH 13/80] waybar: theme tweaks --- homeConfigurations/muede/niri.nix | 2 +- homeConfigurations/muede/waybar.css | 87 ++++++++++++----------------- homeConfigurations/muede/waybar.nix | 27 ++++----- 3 files changed, 51 insertions(+), 65 deletions(-) diff --git a/homeConfigurations/muede/niri.nix b/homeConfigurations/muede/niri.nix index ba55d2e..d88db90 100644 --- a/homeConfigurations/muede/niri.nix +++ b/homeConfigurations/muede/niri.nix @@ -56,7 +56,7 @@ from = pink_dark; to = pink_light; }; - gap-size = 8; + gap-size = 6; in { background-color = "transparent"; diff --git a/homeConfigurations/muede/waybar.css b/homeConfigurations/muede/waybar.css index a5bd155..79e7671 100644 --- a/homeConfigurations/muede/waybar.css +++ b/homeConfigurations/muede/waybar.css @@ -13,27 +13,20 @@ /* #endregion */ * { - font-family: monospace sans-serif; - font-size: 12px; - + font-family: monospace; + font-size: 13px; } window#waybar { transition-property: background-color; transition-duration: 0.5s; /* Gradient border spanning the entire waybar window */ - border-bottom: 4px solid transparent; + border-bottom: 3px solid transparent; background-clip: padding-box, border-box; background-origin: padding-box, border-box; background-image: - linear-gradient(90deg, @base01, @base00, @base01, @base00, @base01), - linear-gradient(90deg, @base0C, @base0D, @base0A, @base0D, @base0C); -} - -.modules-left, -.modules-center, -.modules-right { - padding: 0px 4px 8px 4px; + linear-gradient(135deg, @base00, @base01), + linear-gradient(135deg, @base0C, @base09); } /* Common pill styling for all widgets */ @@ -60,22 +53,27 @@ window#waybar { #upower, #workspaces, #window, -#tray { - margin: 0px 4px; - padding: 0px 6px; +#tray, +#custom-wlogout, +#privacy-item { + margin: 0px 4px 6px; + padding: 0px 8px; background: linear-gradient(135deg, @base02, @base01); - border-radius: 16px; - border: 1px solid; + border-radius: 15px; + border: 2px solid; transition: all 0.3s ease; } /* special treatment for weird sized widgets */ -#custom-wlogout { - padding: 0px 10px 0px 8px; -} +#custom-wlogout, #power-profiles-daemon, #idle_inhibitor { - padding: 0px 14px 0px 8px; + padding: 0px 10px 0px 8px; +} + +#workspaces { + padding-left: 0; + padding-right: 0; } /* Individual widget colors */ @@ -89,7 +87,7 @@ window#waybar { padding: 0 6px; background-color: transparent; color: @base05; - border-radius: 12px; + border-radius: 15px; border: none; transition: all 0.3s ease; } @@ -210,13 +208,13 @@ window#waybar { /* Battery states with colored glows */ #battery.charging { - box-shadow: 0 0 10px rgba(168, 201, 255, 0.6); + box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); border-color: @base0B; color: @base0B; } #battery.warning:not(.charging) { - box-shadow: 0 0 10px rgba(209, 98, 164, 0.6); + box-shadow: 0 0 6px rgba(209, 98, 164, 0.6); border-color: @base0A; color: @base0A; } @@ -229,7 +227,7 @@ window#waybar { } #battery.critical:not(.charging) { - box-shadow: 0 0 10px rgba(243, 139, 168, 0.8); + box-shadow: 0 0 6px rgba(243, 139, 168, 0.8); border-color: @base08; color: @base08; animation-name: blink; @@ -242,44 +240,44 @@ window#waybar { /* Bluetooth connected state */ #bluetooth.connected { - box-shadow: 0 0 10px rgba(137, 180, 250, 0.5); + box-shadow: 0 0 6px rgba(137, 180, 250, 0.5); } /* Power profiles with state-appropriate glows */ #power-profiles-daemon.performance { - box-shadow: 0 0 10px rgba(243, 139, 168, 0.6); + box-shadow: 0 0 6px rgba(243, 139, 168, 0.6); border-color: @base08; color: @base08; } #power-profiles-daemon.balanced { - box-shadow: 0 0 10px rgba(137, 180, 250, 0.6); + box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); border-color: @base0D; color: @base0D; } #power-profiles-daemon.power-saver { - box-shadow: 0 0 10px rgba(168, 201, 255, 0.6); + box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); border-color: @base0B; color: @base0B; } /* Idle inhibitor with state glow */ #idle_inhibitor.activated { - box-shadow: 0 0 10px rgba(137, 180, 250, 0.6); + box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); border-color: @base0D; color: @base0D; } /* MPD states with glows */ #mpd.playing { - box-shadow: 0 0 10px rgba(168, 201, 255, 0.5); + box-shadow: 0 0 6px rgba(168, 201, 255, 0.5); border-color: @base0B; color: @base0B; } #mpd.paused { - box-shadow: 0 0 10px rgba(203, 166, 247, 0.5); + box-shadow: 0 0 6px rgba(203, 166, 247, 0.5); border-color: @base0E; color: @base0E; } @@ -295,7 +293,7 @@ window#waybar { #tray > .needs-attention { -gtk-icon-effect: highlight; - box-shadow: 0 0 10px rgba(243, 139, 168, 0.8); + box-shadow: 0 0 6px rgba(243, 139, 168, 0.8); border-color: @base08; } @@ -303,29 +301,20 @@ window#waybar { padding: 0; } -#privacy-item { - /*padding: 4px 10px; - margin: 4px 6px 6px 6px;*/ - color: @base05; - background: linear-gradient(135deg, @base02, @base01); - border-radius: 16px; - transition: all 0.3s ease; -} - #privacy-item.screenshare { - box-shadow: 0 0 10px rgba(209, 98, 164, 0.6); + box-shadow: 0 0 6px rgba(209, 98, 164, 0.6); border-color: @base0A; color: @base0A; } #privacy-item.audio-in { - box-shadow: 0 0 10px rgba(168, 201, 255, 0.6); + box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); border-color: @base0B; color: @base0B; } #privacy-item.audio-out { - box-shadow: 0 0 10px rgba(137, 180, 250, 0.6); + box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); border-color: @base0D; color: @base0D; } @@ -333,13 +322,9 @@ window#waybar { /* Custom wlogout button */ #custom-wlogout { color: @base08; - background: linear-gradient(135deg, @base02, @base01); - border-radius: 16px; - border: 1px solid @base08; - transition: all 0.3s ease; + border-color: @base08; } #custom-wlogout:hover { - box-shadow: 0 0 10px rgba(243, 139, 168, 0.5); - border-color: @base08; + box-shadow: 0 0 6px rgba(243, 139, 168, 0.5); } diff --git a/homeConfigurations/muede/waybar.nix b/homeConfigurations/muede/waybar.nix index 4cf9532..1f014e2 100644 --- a/homeConfigurations/muede/waybar.nix +++ b/homeConfigurations/muede/waybar.nix @@ -63,17 +63,17 @@ icon = true; }; network = { - interface = "wlo1"; + #interface = "wlo1"; format = "{ifname}"; - format-wifi = " "; - format-ethernet = "󰈀 "; - format-linked = "󱘖 "; - format-disconnected = "󰣽 "; + format-wifi = " {essid}"; + format-ethernet = "󰈀"; + format-linked = "󱘖"; + format-disconnected = "󰣽"; tooltip-format = "{ifname} via {gwaddr}"; tooltip-format-wifi = "{essid} ({signalStrength}%)"; tooltip-format-ethernet = "{ifname} {ipaddr}/{cidr}"; tooltip-format-disconnected = "Disconnected"; - max-length = 50; + max-length = 20; }; clock = { format = "{:%a, %d. %b %H:%M}"; @@ -163,10 +163,11 @@ }; cpu = { interval = 1; - format = " {usage:>3}%@{avg_frequency:>3.2f}"; + format = " {usage:>2}%@{avg_frequency:>3.2f}"; }; disk = { - format = "{free}/{total}"; + format = " {percentage_free}% {specific_total:>2.1f}"; + unit = "TB"; }; "custom/wlogout" = { format = ""; @@ -209,7 +210,7 @@ }; }; memory = { - format = " {}%"; + format = " {}%"; }; power-profiles-daemon = { format = "{icon}"; @@ -239,9 +240,9 @@ show-passive-items = true; }; bluetooth = { - format = "  {status} "; - format-connected = "  {device_alias} "; - format-connected-battery = "  {device_alias} {device_battery_percentage}% "; + format = " {status}"; + format-connected = " {device_alias}"; + format-connected-battery = " {device_alias} {device_battery_percentage}%"; tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected"; tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}"; tooltip-format-enumerate-connected = "{device_alias}\t{device_address}"; @@ -271,7 +272,7 @@ escape = true; }; "custom/weather" = { - format = "{}°"; + format = "{}"; tooltip = true; interval = 3600; exec = "${lib.getBin pkgs.wttrbar}/bin/wttrbar --nerd"; From 00ca7b0a01c25fb6be139b59e3eb75c5ee78a3db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 20 Feb 2026 22:10:20 +0100 Subject: [PATCH 14/80] nix flake update --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 1e2104c..297204d 100644 --- a/flake.lock +++ b/flake.lock @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1770400632, - "narHash": "sha256-TsOt49sYfzmxSTj2wKHKK2ZToCByLJLxPbwbu1brDt0=", + "lastModified": 1771514840, + "narHash": "sha256-t3WbZvwoDj/75YDX/nwkZuxanZLZaWr9meSfKswaN6g=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "652dbeb0ac2c481dee5b57be972c6fd6feb38adc", + "rev": "4f69ab280e9bb34e2c0b67fdfa6f0978a170ef56", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1770394936, - "narHash": "sha256-Pa0fkyLYUR+pZh7phPENDUo4mJIweaAm0uV83iUUlX8=", + "lastModified": 1771305475, + "narHash": "sha256-lqweVTwHhYc+9T33cysp38gVwxaibGJHriOPZXWyhCY=", "owner": "YaLTeR", "repo": "niri", - "rev": "549148d27779d024255a84535b42b947f1c2a113", + "rev": "a2a52911757cb3b497db9407592f9b4c439571ea", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1770431965, - "narHash": "sha256-vVMfSjrmeYGfT+dj5eLZ8xNnJP62gvdW32IFQk606wM=", + "lastModified": 1771555311, + "narHash": "sha256-aFjIc57eYBx5jgyLcHujraPf6b/p9RWxzvOGnHML5h0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2b53743c0c65c6c525952fce502fe6eaa0913300", + "rev": "88fc33a8a8868de1ac41362fb62341513904dc0f", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770464364, - "narHash": "sha256-z5NJPSBwsLf/OfD8WTmh79tlSU8XgIbwmk6qB1/TFzY=", + "lastModified": 1771419570, + "narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23d72dabcb3b12469f57b37170fcbc1789bd7457", + "rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1770380644, - "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", + "lastModified": 1771207753, + "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe", + "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", "type": "github" }, "original": { @@ -549,11 +549,11 @@ ] }, "locked": { - "lastModified": 1770486118, - "narHash": "sha256-eto9txBNwwlQmi445yHZ+x+7mMbyYnbcSn5jG+WJpQU=", + "lastModified": 1771620573, + "narHash": "sha256-EnAmfSplNKGQsf2NB/IySJi2uJ756+yCBl2jNvnbvCs=", "owner": "nix-community", "repo": "NUR", - "rev": "efe9288eff027bbef3bc02ff23937751d20f64c1", + "rev": "55ea501d235d485f2943b71050407ab8ec256043", "type": "github" }, "original": { @@ -747,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1770308890, - "narHash": "sha256-7bx8Bn9B2g/loBaz+uLwdKI2rUW+RhDPyP/MqAgvrxU=", + "lastModified": 1771429540, + "narHash": "sha256-YKytDx8LOPOvE+dip1ja+1nbIpDVdqTaFbP4MaXwveM=", "owner": "nix-community", "repo": "stylix", - "rev": "7e7fa955abac04a8e118b1cedf930a8fd41c34a6", + "rev": "1a5c9d8be82127aeccc929f60b952e8a3df6b63c", "type": "github" }, "original": { @@ -897,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1770167989, - "narHash": "sha256-rE2WTxKHe3KMG/Zr5YUNeKHkZfWwSFl7yJXrOKnunHg=", + "lastModified": 1771195969, + "narHash": "sha256-BUE41HjLIGPjq3U8VXPjf8asH8GaMI7FYdgrIHKFMXA=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "0947c4685f6237d4f8045482ce0c62feab40b6c4", + "rev": "536bd32efc935bf876d6de385ec18a1b715c9358", "type": "github" }, "original": { From 95c202eabd31624a7fff56bd07eb87793c69a5c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 21 Feb 2026 23:28:48 +0100 Subject: [PATCH 15/80] update servicepoint-cli --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 297204d..5579220 100644 --- a/flake.lock +++ b/flake.lock @@ -663,11 +663,11 @@ ] }, "locked": { - "lastModified": 1764875421, - "narHash": "sha256-ZO9wiokPhropwsU3BfIgjm1bc59SIyqrfjfnFCM2Q68=", + "lastModified": 1771709842, + "narHash": "sha256-zbKj2waitgCFE/I4DcV4lWMRkQ7gDOa9QgPXVTao5+g=", "ref": "refs/heads/main", - "rev": "fa892558f123c5d5395663fa666466c73b997245", - "revCount": 48, + "rev": "6c731e3f5ac0fc63e3cf1e727856f3a3327fddfb", + "revCount": 52, "type": "git", "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git" }, From 866b51811135b69991b9b65093cb40b94985ac54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 22 Feb 2026 12:32:16 +0100 Subject: [PATCH 16/80] move most git config into home --- homeConfigurations/muede/default.nix | 1 - homeConfigurations/muede/git.nix | 48 ++++++++++++++++------------ homeModules/git.nix | 13 ++------ 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 4847729..7b4b688 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -24,7 +24,6 @@ programs = { home-manager.enable = true; fzf.enable = true; - git-credential-oauth.enable = true; direnv = { enable = true; diff --git a/homeConfigurations/muede/git.nix b/homeConfigurations/muede/git.nix index ba7cd61..97c8477 100644 --- a/homeConfigurations/muede/git.nix +++ b/homeConfigurations/muede/git.nix @@ -1,27 +1,35 @@ { - config.programs.git = { - enable = true; - settings = { - user = { - name = "müde"; - email = "git@darkest.space"; + programs = { + git = { + enable = true; + settings = { + user = { + name = "müde"; + email = "git@darkest.space"; + }; + + aliases = { + prettylog = "log --pretty=oneline --graph"; + spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d"; + }; + + pull.ff = "only"; + merge.tool = "kdiff3"; + push.autoSetupRemote = "true"; + credential.credentialStore = "cache"; }; - aliases = { - prettylog = "log --pretty=oneline --graph"; - spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d"; - }; - - pull.ff = "only"; - merge.tool = "kdiff3"; - push.autoSetupRemote = "true"; - credential.credentialStore = "cache"; + ignores = [ + ".direnv" + ".idea" + ".envrc" + ]; }; - ignores = [ - ".direnv" - ".idea" - ".envrc" - ]; + git-credential-oauth.enable = true; + gh = { + enable = true; + gitCredentialHelper.enable = true; + }; }; } diff --git a/homeModules/git.nix b/homeModules/git.nix index 5da1ba7..2c66c82 100644 --- a/homeModules/git.nix +++ b/homeModules/git.nix @@ -1,13 +1,6 @@ { - programs = { - git = { - enable = true; - settings.init.defaultBranch = "main"; - }; - - gh = { - enable = true; - gitCredentialHelper.enable = true; - }; + programs.git = { + enable = true; + settings.init.defaultBranch = "main"; }; } From e9e3eea3d0ff628a889525b9beed1eeca736baea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 22 Feb 2026 14:34:19 +0100 Subject: [PATCH 17/80] move podman policy to home manager config, add arch btw --- .../muede/.config/containers/policy.json | 23 ------------------- homeConfigurations/muede/default.nix | 5 +--- homeConfigurations/muede/podman.nix | 18 +++++++++++++++ 3 files changed, 19 insertions(+), 27 deletions(-) delete mode 100644 homeConfigurations/muede/.config/containers/policy.json create mode 100644 homeConfigurations/muede/podman.nix diff --git a/homeConfigurations/muede/.config/containers/policy.json b/homeConfigurations/muede/.config/containers/policy.json deleted file mode 100644 index 245b3df..0000000 --- a/homeConfigurations/muede/.config/containers/policy.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "default": [ - { - "type": "reject" - } - ], - "transports": { - "docker-daemon": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "docker": { - "docker.io/library/debian": [ - { - "type": "insecureAcceptAnything" - } - ] - } - } -} diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 7b4b688..4b5e1ec 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -9,6 +9,7 @@ ./git.nix ./gnome.nix ./niri.nix + ./podman.nix ./ssh.nix ./starship.nix ./swaylock.nix @@ -83,10 +84,6 @@ ]; home.file = { - "policy.json" = { - target = ".config/containers/policy.json"; - text = builtins.readFile ./.config/containers/policy.json; - }; "idea.properties".text = "idea.filewatcher.executable.path = ${pkgs.fsnotifier}/bin/fsnotifier"; }; diff --git a/homeConfigurations/muede/podman.nix b/homeConfigurations/muede/podman.nix new file mode 100644 index 0000000..ea5b090 --- /dev/null +++ b/homeConfigurations/muede/podman.nix @@ -0,0 +1,18 @@ +{ + services.podman = { + settings = { + policy = { + default = [ { type = "reject"; } ]; + transports = { + docker-daemon = { + "" = [ { type = "insecureAcceptAnything"; } ]; + }; + docker = { + "docker.io/library/debian" = [ { type = "insecureAcceptAnything"; } ]; + "docker.io/library/rust" = [ { type = "insecureAcceptAnything"; } ]; + }; + }; + }; + }; + }; +} From 22436fccae75aab9325a97789748ca0f03eab58b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 15 Mar 2026 11:59:24 +0100 Subject: [PATCH 18/80] vscode: ignore .git and .direnv in search --- homeConfigurations/muede/vscode.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/homeConfigurations/muede/vscode.nix b/homeConfigurations/muede/vscode.nix index a32a433..b7e01ab 100644 --- a/homeConfigurations/muede/vscode.nix +++ b/homeConfigurations/muede/vscode.nix @@ -37,6 +37,10 @@ "files.autoSave" = "afterDelay"; "files.autoSaveWhenNoErrors" = true; "files.autoSaveWorkspaceFilesOnly" = true; + "files.exclude" = [ + ".git" + ".direnv" + ]; "editor.fontLigatures" = true; "editor.formatOnSave" = true; From 26a4d3374215b9dbf376cc56d9bb4fd22940b805 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 15 Mar 2026 12:00:44 +0100 Subject: [PATCH 19/80] nix flake update --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 5579220..2665279 100644 --- a/flake.lock +++ b/flake.lock @@ -186,11 +186,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -284,11 +284,11 @@ ] }, "locked": { - "lastModified": 1770260404, - "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", + "lastModified": 1773264488, + "narHash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", + "rev": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1771514840, - "narHash": "sha256-t3WbZvwoDj/75YDX/nwkZuxanZLZaWr9meSfKswaN6g=", + "lastModified": 1773501701, + "narHash": "sha256-+0LBAEm8F5h9Nm+hdS07aoS1W4oTtW6c8lltb66oOYQ=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "4f69ab280e9bb34e2c0b67fdfa6f0978a170ef56", + "rev": "39ac039250a4a32bf8691405cac04864fc66a70d", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1771305475, - "narHash": "sha256-lqweVTwHhYc+9T33cysp38gVwxaibGJHriOPZXWyhCY=", + "lastModified": 1773130184, + "narHash": "sha256-3bwx4WqCB06yfQIGB+OgIckOkEDyKxiTD5pOo4Xz2rI=", "owner": "YaLTeR", "repo": "niri", - "rev": "a2a52911757cb3b497db9407592f9b4c439571ea", + "rev": "b07bde3ee82dd73115e6b949e4f3f63695da35ea", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1771555311, - "narHash": "sha256-aFjIc57eYBx5jgyLcHujraPf6b/p9RWxzvOGnHML5h0=", + "lastModified": 1773543606, + "narHash": "sha256-phMmtcMDGos4O82iEE3qFl58jp7fp1mu2liDE0A11gQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "88fc33a8a8868de1ac41362fb62341513904dc0f", + "rev": "014e1925a28b3e53f90883530ce6ff80e2da238a", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771419570, - "narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=", + "lastModified": 1773375660, + "narHash": "sha256-SEzUWw2Rf5Ki3bcM26nSKgbeoqi2uYy8IHVBqOKjX3w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47", + "rev": "3e20095fe3c6cbb1ddcef89b26969a69a1570776", "type": "github" }, "original": { @@ -494,11 +494,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1771207753, - "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", + "lastModified": 1773507054, + "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", + "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", "type": "github" }, "original": { @@ -549,11 +549,11 @@ ] }, "locked": { - "lastModified": 1771620573, - "narHash": "sha256-EnAmfSplNKGQsf2NB/IySJi2uJ756+yCBl2jNvnbvCs=", + "lastModified": 1773570788, + "narHash": "sha256-WarFHtdyYB1tCDNCPIfazfXWKGpmW5lpYhxqC+IfX/E=", "owner": "nix-community", "repo": "NUR", - "rev": "55ea501d235d485f2943b71050407ab8ec256043", + "rev": "ca9c5ddc6cd9671fadff5da08e26255d55030179", "type": "github" }, "original": { @@ -747,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1771429540, - "narHash": "sha256-YKytDx8LOPOvE+dip1ja+1nbIpDVdqTaFbP4MaXwveM=", + "lastModified": 1771788390, + "narHash": "sha256-RzBpBwn93GWxLjacTte+ngwwg0L/BVOg4G/sSIeK3Rw=", "owner": "nix-community", "repo": "stylix", - "rev": "1a5c9d8be82127aeccc929f60b952e8a3df6b63c", + "rev": "ebb238f14d6f930068be4718472da3105fd5d3bf", "type": "github" }, "original": { @@ -864,11 +864,11 @@ ] }, "locked": { - "lastModified": 1770228511, - "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "lastModified": 1773297127, + "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", "type": "github" }, "original": { @@ -897,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1771195969, - "narHash": "sha256-BUE41HjLIGPjq3U8VXPjf8asH8GaMI7FYdgrIHKFMXA=", + "lastModified": 1773499041, + "narHash": "sha256-XZ4/tVdLeAYDgKe4JD4C7yYUKydMxwt8c2j6APFWcIc=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "536bd32efc935bf876d6de385ec18a1b715c9358", + "rev": "309d8e2a29953f7465dc14c939e2afe4682c0aa9", "type": "github" }, "original": { From 98da73dceb3fbce2705f876af68dba35d488b04f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Thu, 9 Apr 2026 17:31:53 +0200 Subject: [PATCH 20/80] swaylock: move niri lock hotkey --- homeConfigurations/muede/niri.nix | 4 ---- homeConfigurations/muede/swaylock.nix | 11 ++++++++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/homeConfigurations/muede/niri.nix b/homeConfigurations/muede/niri.nix index d88db90..4eebab7 100644 --- a/homeConfigurations/muede/niri.nix +++ b/homeConfigurations/muede/niri.nix @@ -172,10 +172,6 @@ # Suggested binds for running programs: terminal, app launcher, screen locker. "Mod+T".action.spawn = "${lib.getBin pkgs.gnome-console}/bin/kgx"; "Mod+D".action.spawn = "${lib.getBin config.programs.fuzzel.package}/bin/fuzzel"; - "Super+Alt+L" = { - action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; - allow-when-locked = true; - }; # You can also use a shell. Do this if you need pipes, multiple commands, etc. # Note: the entire command goes as a single argument in the end. diff --git a/homeConfigurations/muede/swaylock.nix b/homeConfigurations/muede/swaylock.nix index 1b756ff..8ff6747 100644 --- a/homeConfigurations/muede/swaylock.nix +++ b/homeConfigurations/muede/swaylock.nix @@ -1,11 +1,11 @@ # based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { - config = { stylix.targets.swaylock = { enable = true; useWallpaper = true; }; + programs.swaylock = { enable = true; package = pkgs.swaylock-effects; @@ -50,5 +50,10 @@ } ]; }; - }; + + + programs.niri.settings.binds."Super+Alt+L" = { + action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; + allow-when-locked = true; + }; } From aeba29ef356ca13da13cfe3abfa686dd0697269a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 10 Apr 2026 11:44:33 +0200 Subject: [PATCH 21/80] nix flake update --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 2665279..e1d289b 100644 --- a/flake.lock +++ b/flake.lock @@ -186,11 +186,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1775087534, + "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", "type": "github" }, "original": { @@ -284,11 +284,11 @@ ] }, "locked": { - "lastModified": 1773264488, - "narHash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=", + "lastModified": 1775425411, + "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", "owner": "nix-community", "repo": "home-manager", - "rev": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c", + "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1773501701, - "narHash": "sha256-+0LBAEm8F5h9Nm+hdS07aoS1W4oTtW6c8lltb66oOYQ=", + "lastModified": 1775710668, + "narHash": "sha256-pi2TWoWZR22vzr5RBAgIdl1LDwgLX+fh+Hqngt/Kkt8=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "39ac039250a4a32bf8691405cac04864fc66a70d", + "rev": "bef414577a6a745543989716df478afec96486bd", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1773130184, - "narHash": "sha256-3bwx4WqCB06yfQIGB+OgIckOkEDyKxiTD5pOo4Xz2rI=", + "lastModified": 1775561155, + "narHash": "sha256-TK2IrqQivRcwqJa0suZMbcsN17CtA8Uu0v7CDnLATb0=", "owner": "YaLTeR", "repo": "niri", - "rev": "b07bde3ee82dd73115e6b949e4f3f63695da35ea", + "rev": "599db847f857b8a7ff78ce02f15acab5d5d9fee1", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1773543606, - "narHash": "sha256-phMmtcMDGos4O82iEE3qFl58jp7fp1mu2liDE0A11gQ=", + "lastModified": 1775703285, + "narHash": "sha256-Dck/lX920n3ClC6U2m3fWaXgoGrtJpnqfGCdiOb8Gf4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "014e1925a28b3e53f90883530ce6ff80e2da238a", + "rev": "c2281bf25d05ecb8155319456340afd34bea28ec", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1773375660, - "narHash": "sha256-SEzUWw2Rf5Ki3bcM26nSKgbeoqi2uYy8IHVBqOKjX3w=", + "lastModified": 1775595990, + "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e20095fe3c6cbb1ddcef89b26969a69a1570776", + "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", "type": "github" }, "original": { @@ -494,11 +494,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1774748309, + "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "rev": "333c4e0545a6da976206c74db8773a1645b5870a", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1773507054, - "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", + "lastModified": 1775701739, + "narHash": "sha256-2FWWY1rr/+pGUJK1npcVcsWNEblzmKs6VxD3VEvwJSs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", + "rev": "0f7663154ff2fec150f9dbf5f81ec2785dc1e0db", "type": "github" }, "original": { @@ -549,11 +549,11 @@ ] }, "locked": { - "lastModified": 1773570788, - "narHash": "sha256-WarFHtdyYB1tCDNCPIfazfXWKGpmW5lpYhxqC+IfX/E=", + "lastModified": 1775746236, + "narHash": "sha256-wCMkv45LNU6gjWbl53WE4LAHU3Q3dNFU4dRWdlGW1PE=", "owner": "nix-community", "repo": "NUR", - "rev": "ca9c5ddc6cd9671fadff5da08e26255d55030179", + "rev": "1088e4c4f5f40c9ce5e5181ae501576f72f1bce8", "type": "github" }, "original": { @@ -747,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1771788390, - "narHash": "sha256-RzBpBwn93GWxLjacTte+ngwwg0L/BVOg4G/sSIeK3Rw=", + "lastModified": 1775509805, + "narHash": "sha256-CxmSn6FihFw7RvqLGGAdQUhbdBfdok946bg8ubvTfa4=", "owner": "nix-community", "repo": "stylix", - "rev": "ebb238f14d6f930068be4718472da3105fd5d3bf", + "rev": "83e8a81710ddd56fb5112da54e0395de51bbcd3a", "type": "github" }, "original": { @@ -864,11 +864,11 @@ ] }, "locked": { - "lastModified": 1773297127, - "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", "type": "github" }, "original": { @@ -897,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1773499041, - "narHash": "sha256-XZ4/tVdLeAYDgKe4JD4C7yYUKydMxwt8c2j6APFWcIc=", + "lastModified": 1773622265, + "narHash": "sha256-wToKwH7IgWdGLMSIWksEDs4eumR6UbbsuPQ42r0oTXQ=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "309d8e2a29953f7465dc14c939e2afe4682c0aa9", + "rev": "a879e5e0896a326adc79c474bf457b8b99011027", "type": "github" }, "original": { From 39496b44a01b4ce526e04b39a3aabd315062e881 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 10 Apr 2026 11:44:58 +0200 Subject: [PATCH 22/80] git credential helper globally --- nixosModules/globalinstalls.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixosModules/globalinstalls.nix b/nixosModules/globalinstalls.nix index 47fb343..146d401 100644 --- a/nixosModules/globalinstalls.nix +++ b/nixosModules/globalinstalls.nix @@ -8,6 +8,7 @@ screen tldr nix-output-monitor + git-credential-oauth ]; programs = { @@ -20,4 +21,10 @@ syntaxHighlight = true; }; }; + + environment.etc."gitconfig".text = '' + [credential] + helper = oauth + credentialStore = cache + ''; } From fb7d4981b1d9a01def8bb18069fdbe201cf6e5dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 10 Apr 2026 11:45:31 +0200 Subject: [PATCH 23/80] misc installs --- homeConfigurations/muede/default.nix | 6 ++++++ nixosModules/muede-desktop-settings.nix | 1 + nixosModules/user-muede.nix | 2 ++ 3 files changed, 9 insertions(+) diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 4b5e1ec..9face22 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -81,6 +81,12 @@ dconf2nix gnome-terminal + + gparted + + geary + + claude-code ]; home.file = { diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix index ea02ed9..27e790b 100644 --- a/nixosModules/muede-desktop-settings.nix +++ b/nixosModules/muede-desktop-settings.nix @@ -5,6 +5,7 @@ environment.systemPackages = with pkgs; [ lm_sensors libreoffice-qt6 + usbutils ]; fonts.enableDefaultPackages = true; diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix index 19e4d82..498c5a8 100644 --- a/nixosModules/user-muede.nix +++ b/nixosModules/user-muede.nix @@ -31,5 +31,7 @@ "anydesk" "vscode-extension-ms-dotnettools-csharp" + + "claude-code" ]; } From f30165eada5a9fddea3ac89260bfc770bd7957ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 10 Apr 2026 11:49:11 +0200 Subject: [PATCH 24/80] add damocles container --- flake.nix | 3 +++ nixosConfigurations/damocles/default.nix | 18 ++++++++++++++++++ nixosConfigurations/muede-lpt2/default.nix | 6 ++++++ 3 files changed, 27 insertions(+) create mode 100644 nixosConfigurations/damocles/default.nix diff --git a/flake.nix b/flake.nix index e864fc6..2a7ad86 100644 --- a/flake.nix +++ b/flake.nix @@ -132,6 +132,9 @@ epimetheus = { system = "aarch64-linux"; }; + damocles = { + system = "x86_64-linux"; + }; }; inherit (nixpkgs) lib; forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix new file mode 100644 index 0000000..36ef5b9 --- /dev/null +++ b/nixosConfigurations/damocles/default.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + boot.isContainer = true; + + allowedUnfreePackages = [ "claude-code" ]; + + environment.systemPackages = with pkgs; [ + unstable.claude-code + git + ]; + + users.users.muede = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + security.sudo.wheelNeedsPassword = false; +} diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index dcb580f..29f97bc 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -60,5 +60,11 @@ ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + containers.damocles = { + autoStart = false; + privateNetwork = false; + path = self.nixosConfigurations.damocles.config.system.build.toplevel; + }; }; } From 30b2b8668b00cb2c7d498251483060af009618bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 12 Apr 2026 21:37:14 +0200 Subject: [PATCH 25/80] only eval unstable if needed --- nixosConfigurations/damocles/default.nix | 4 +++- nixosModules/global-settings-desktop.nix | 1 - nixosModules/global-settings.nix | 4 ---- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index 36ef5b9..69ebb1a 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,5 +1,7 @@ -{ pkgs, ... }: +{ pkgs, self, ... }: { + nixpkgs.overlays = [ self.overlays.unstable-packages ]; + boot.isContainer = true; allowedUnfreePackages = [ "claude-code" ]; diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix index eda369d..5f8bbf7 100644 --- a/nixosModules/global-settings-desktop.nix +++ b/nixosModules/global-settings-desktop.nix @@ -20,7 +20,6 @@ self.nixosModules.modern-desktop self.nixosModules.niri self.nixosModules.nix-ld - self.nixosModules.pkgs-unstable self.nixosModules.pkgs-vscode-extensions self.nixosModules.quiet-boot self.nixosModules.stylix diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix index 77bddae..cd92140 100644 --- a/nixosModules/global-settings.nix +++ b/nixosModules/global-settings.nix @@ -30,10 +30,6 @@ autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; }; - nixpkgs.overlays = [ - self.overlays.unstable-packages - ]; - nix.settings.experimental-features = [ "nix-command" "flakes" From dc70f474a9ed16e4ae608ce348d52630fcee3fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 12 Apr 2026 11:33:12 +0200 Subject: [PATCH 26/80] replace waybar and wlogout with nova-shell --- flake.lock | 67 ++++- flake.nix | 10 +- foo.diff | 295 ++++++++++++++++++++++ homeConfigurations/muede/default.nix | 13 +- homeConfigurations/muede/swaylock.nix | 110 ++++---- homeConfigurations/muede/waybar.css | 4 +- nixosConfigurations/damocles/default.nix | 1 + nixosConfigurations/muede-pc2/default.nix | 4 +- 8 files changed, 441 insertions(+), 63 deletions(-) create mode 100644 foo.diff diff --git a/flake.lock b/flake.lock index e1d289b..9773037 100644 --- a/flake.lock +++ b/flake.lock @@ -539,6 +539,28 @@ "type": "github" } }, + "nova-shell": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ], + "quickshell": "quickshell", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1776022066, + "narHash": "sha256-EVl6pS3C8qogiqMNGBLibPsnK8saURb5Ayf9pxzcFjA=", + "ref": "refs/heads/main", + "rev": "d33b47139a431ebc6aef9926f1f80bb2420ac596", + "revCount": 152, + "type": "git", + "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" + }, + "original": { + "type": "git", + "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -588,6 +610,27 @@ "type": "github" } }, + "quickshell": { + "inputs": { + "nixpkgs": [ + "nova-shell", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775720097, + "narHash": "sha256-p+vqkCuFfVNyQBo370wr6MebNUvz55RZiC0m8YKUhvQ=", + "ref": "refs/heads/master", + "rev": "d4c92973b53d9fa34cc110d3b974eb6bde5b3027", + "revCount": 800, + "type": "git", + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" + }, + "original": { + "type": "git", + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" + } + }, "root": { "inputs": { "flake-parts": "flake-parts", @@ -600,12 +643,13 @@ "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", + "nova-shell": "nova-shell", "nur": "nur", "servicepoint-cli": "servicepoint-cli", "servicepoint-simulator": "servicepoint-simulator", "servicepoint-tanks": "servicepoint-tanks", "stylix": "stylix", - "treefmt-nix": "treefmt-nix", + "treefmt-nix": "treefmt-nix_2", "zerforschen-plus": "zerforschen-plus" } }, @@ -858,6 +902,27 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nova-shell", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 2a7ad86..4cb474f 100644 --- a/flake.nix +++ b/flake.nix @@ -23,8 +23,10 @@ }; niri = { url = "github:sodiboo/niri-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs"; + }; }; nix-filter.url = "github:numtide/nix-filter"; nix-vscode-extensions = { @@ -35,6 +37,10 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; + nova-shell = { + url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; nur = { url = "github:nix-community/NUR"; inputs = { diff --git a/foo.diff b/foo.diff new file mode 100644 index 0000000..a070e7b --- /dev/null +++ b/foo.diff @@ -0,0 +1,295 @@ +diff --git a/flake.lock b/flake.lock +index e1d289b..2ae403c 100644 +--- a/flake.lock ++++ b/flake.lock +@@ -539,6 +539,28 @@ + "type": "github" + } + }, ++ "nova-shell": { ++ "inputs": { ++ "nixpkgs": [ ++ "nixpkgs-unstable" ++ ], ++ "quickshell": "quickshell", ++ "treefmt-nix": "treefmt-nix" ++ }, ++ "locked": { ++ "lastModified": 1775855370, ++ "narHash": "sha256-HCTOC6tSXvRNoZl/CQjjvZ63iMlYgH4HSPsqn25zFJA=", ++ "ref": "refs/heads/main", ++ "rev": "3c9f6e78cc8a0af240a5ac7a0ed0cb517f2bbb5a", ++ "revCount": 8, ++ "type": "git", ++ "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" ++ }, ++ "original": { ++ "type": "git", ++ "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" ++ } ++ }, + "nur": { + "inputs": { + "flake-parts": [ +@@ -588,6 +610,27 @@ + "type": "github" + } + }, ++ "quickshell": { ++ "inputs": { ++ "nixpkgs": [ ++ "nova-shell", ++ "nixpkgs" ++ ] ++ }, ++ "locked": { ++ "lastModified": 1775720097, ++ "narHash": "sha256-p+vqkCuFfVNyQBo370wr6MebNUvz55RZiC0m8YKUhvQ=", ++ "ref": "refs/heads/master", ++ "rev": "d4c92973b53d9fa34cc110d3b974eb6bde5b3027", ++ "revCount": 800, ++ "type": "git", ++ "url": "https://git.outfoxxed.me/outfoxxed/quickshell" ++ }, ++ "original": { ++ "type": "git", ++ "url": "https://git.outfoxxed.me/outfoxxed/quickshell" ++ } ++ }, + "root": { + "inputs": { + "flake-parts": "flake-parts", +@@ -600,12 +643,13 @@ + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", ++ "nova-shell": "nova-shell", + "nur": "nur", + "servicepoint-cli": "servicepoint-cli", + "servicepoint-simulator": "servicepoint-simulator", + "servicepoint-tanks": "servicepoint-tanks", + "stylix": "stylix", +- "treefmt-nix": "treefmt-nix", ++ "treefmt-nix": "treefmt-nix_2", + "zerforschen-plus": "zerforschen-plus" + } + }, +@@ -858,6 +902,27 @@ + } + }, + "treefmt-nix": { ++ "inputs": { ++ "nixpkgs": [ ++ "nova-shell", ++ "nixpkgs" ++ ] ++ }, ++ "locked": { ++ "lastModified": 1775636079, ++ "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", ++ "owner": "numtide", ++ "repo": "treefmt-nix", ++ "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", ++ "type": "github" ++ }, ++ "original": { ++ "owner": "numtide", ++ "repo": "treefmt-nix", ++ "type": "github" ++ } ++ }, ++ "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" +diff --git a/flake.nix b/flake.nix +index 2a7ad86..87683fe 100644 +--- a/flake.nix ++++ b/flake.nix +@@ -35,6 +35,10 @@ + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; ++ nova-shell = { ++ url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; ++ inputs.nixpkgs.follows = "nixpkgs-unstable"; ++ }; + nur = { + url = "github:nix-community/NUR"; + inputs = { +diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix +index 9face22..5f12afb 100644 +--- a/homeConfigurations/muede/default.nix ++++ b/homeConfigurations/muede/default.nix +@@ -1,4 +1,4 @@ +-{ pkgs, ... }: ++{ pkgs, self,... }: + { + imports = [ + # keep-sorted start ++ self.inputs.nova-shell.homeModules.default +@@ -18,6 +18,7 @@ + ./waybar.nix + ./wlogout.nix + ./zsh.nix + # keep-sorted end + ]; + +@@ -48,6 +49,7 @@ + }; + + chromium.enable = true; ++ nova-shell.enable = true; + }; + + home.packages = with pkgs; [ +diff --git a/homeConfigurations/muede/swaylock.nix b/homeConfigurations/muede/swaylock.nix +index 8ff6747..55d7f91 100644 +--- a/homeConfigurations/muede/swaylock.nix ++++ b/homeConfigurations/muede/swaylock.nix +@@ -1,59 +1,63 @@ + # based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# +-{ pkgs, config, lib, ... }: + { +- stylix.targets.swaylock = { +- enable = true; +- useWallpaper = true; +- }; +- +- programs.swaylock = { +- enable = true; +- package = pkgs.swaylock-effects; +- # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd +- settings = { +- screenshot = false; +- effect-blur = "9x9"; +- effect-vignette = "0.2:0.2"; +- fade-in = 0.5; +- font-size = 75; +- indicator-caps-lock = true; +- clock = true; +- indicator-radius = 400; +- show-failed-attempts = true; +- ignore-empty-password = true; +- grace = 3.5; +- indicator-thickness = 20; +- }; +- }; ++ pkgs, ++ config, ++ lib, ++ ... ++}: ++{ ++ stylix.targets.swaylock = { ++ enable = true; ++ useWallpaper = true; ++ }; + +- services.swayidle = { +- enable = true; +- systemdTarget = "graphical-session.target"; +- timeouts = [ +- { +- timeout = 60; +- command = "${config.programs.swaylock.package}/bin/swaylock"; +- } +- { +- timeout = 60 * 10; +- command = "${pkgs.systemd}/bin/systemctl suspend"; +- } +- ]; +- events = [ +- { +- event = "before-sleep"; +- command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; +- } +- { +- event = "lock"; +- command = "${config.programs.swaylock.package}/bin/swaylock"; +- } +- ]; ++ programs.swaylock = { ++ enable = true; ++ package = pkgs.swaylock-effects; ++ # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd ++ settings = { ++ screenshot = false; ++ effect-blur = "9x9"; ++ effect-vignette = "0.2:0.2"; ++ fade-in = 0.5; ++ font-size = 75; ++ indicator-caps-lock = true; ++ clock = true; ++ indicator-radius = 400; ++ show-failed-attempts = true; ++ ignore-empty-password = true; ++ grace = 3.5; ++ indicator-thickness = 20; + }; ++ }; + ++ services.swayidle = { ++ enable = true; ++ systemdTarget = "graphical-session.target"; ++ timeouts = [ ++ { ++ timeout = 60; ++ command = "${config.programs.swaylock.package}/bin/swaylock"; ++ } ++ { ++ timeout = 60 * 10; ++ command = "${pkgs.systemd}/bin/systemctl suspend"; ++ } ++ ]; ++ events = [ ++ { ++ event = "before-sleep"; ++ command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; ++ } ++ { ++ event = "lock"; ++ command = "${config.programs.swaylock.package}/bin/swaylock"; ++ } ++ ]; ++ }; + +- programs.niri.settings.binds."Super+Alt+L" = { +- action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; +- allow-when-locked = true; +- }; ++ programs.niri.settings.binds."Super+Alt+L" = { ++ action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; ++ allow-when-locked = true; ++ }; + } +diff --git a/homeConfigurations/muede/waybar.css b/homeConfigurations/muede/waybar.css +index 79e7671..0f1d38a 100644 +--- a/homeConfigurations/muede/waybar.css ++++ b/homeConfigurations/muede/waybar.css +@@ -72,8 +72,8 @@ window#waybar { + } + + #workspaces { +- padding-left: 0; +- padding-right: 0; ++ padding-left: 0; ++ padding-right: 0; + } + + /* Individual widget colors */ +diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix +index 742fa9f..dd97b00 100644 +--- a/nixosConfigurations/muede-pc2/default.nix ++++ b/nixosConfigurations/muede-pc2/default.nix +@@ -2,8 +2,8 @@ + { + imports = [ + ./hardware.nix +-# ./vscode-server.nix +-# ./hass.nix ++ # ./vscode-server.nix ++ # ./hass.nix + + self.nixosModules.user-muede + self.nixosModules.gnome diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 9face22..e4ff011 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, self, ... }: { imports = [ # keep-sorted start @@ -15,9 +15,10 @@ ./swaylock.nix ./swaync.nix ./vscode.nix - ./waybar.nix - ./wlogout.nix +# ./waybar.nix +# ./wlogout.nix ./zsh.nix + self.inputs.nova-shell.homeModules.default # keep-sorted end ]; @@ -48,6 +49,12 @@ }; chromium.enable = true; + nova-shell = { + enable = true; + theme = { + fontSize = 13; + }; + }; }; home.packages = with pkgs; [ diff --git a/homeConfigurations/muede/swaylock.nix b/homeConfigurations/muede/swaylock.nix index 8ff6747..064cb9b 100644 --- a/homeConfigurations/muede/swaylock.nix +++ b/homeConfigurations/muede/swaylock.nix @@ -1,59 +1,63 @@ # based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# -{ pkgs, config, lib, ... }: { - stylix.targets.swaylock = { - enable = true; - useWallpaper = true; + pkgs, + config, + lib, + ... +}: +{ + stylix.targets.swaylock = { + enable = true; + useWallpaper = true; + }; + + programs.swaylock = { + enable = true; + package = pkgs.swaylock-effects; + # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd + settings = { + screenshot = false; + effect-blur = "9x9"; + effect-vignette = "0.2:0.2"; + fade-in = 0.5; + font-size = 75; + indicator-caps-lock = true; + clock = true; + indicator-radius = 400; + show-failed-attempts = true; + ignore-empty-password = true; + grace = 3.5; + indicator-thickness = 20; }; + }; - programs.swaylock = { - enable = true; - package = pkgs.swaylock-effects; - # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd - settings = { - screenshot = false; - effect-blur = "9x9"; - effect-vignette = "0.2:0.2"; - fade-in = 0.5; - font-size = 75; - indicator-caps-lock = true; - clock = true; - indicator-radius = 400; - show-failed-attempts = true; - ignore-empty-password = true; - grace = 3.5; - indicator-thickness = 20; - }; - }; + services.swayidle = { + enable = true; + systemdTarget = "graphical-session.target"; + timeouts = [ + { + timeout = 5; + command = "${config.programs.swaylock.package}/bin/swaylock"; + } + { + timeout = 60 * 10; + command = "${pkgs.systemd}/bin/systemctl suspend"; + } + ]; + events = [ + { + event = "before-sleep"; + command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; + } + { + event = "lock"; + command = "${config.programs.swaylock.package}/bin/swaylock"; + } + ]; + }; - services.swayidle = { - enable = true; - systemdTarget = "graphical-session.target"; - timeouts = [ - { - timeout = 60; - command = "${config.programs.swaylock.package}/bin/swaylock"; - } - { - timeout = 60 * 10; - command = "${pkgs.systemd}/bin/systemctl suspend"; - } - ]; - events = [ - { - event = "before-sleep"; - command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; - } - { - event = "lock"; - command = "${config.programs.swaylock.package}/bin/swaylock"; - } - ]; - }; - - - programs.niri.settings.binds."Super+Alt+L" = { - action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; - allow-when-locked = true; - }; + programs.niri.settings.binds."Super+Alt+L" = { + action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; + allow-when-locked = true; + }; } diff --git a/homeConfigurations/muede/waybar.css b/homeConfigurations/muede/waybar.css index 79e7671..0f1d38a 100644 --- a/homeConfigurations/muede/waybar.css +++ b/homeConfigurations/muede/waybar.css @@ -72,8 +72,8 @@ window#waybar { } #workspaces { - padding-left: 0; - padding-right: 0; + padding-left: 0; + padding-right: 0; } /* Individual widget colors */ diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index 69ebb1a..e62b6ac 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -9,6 +9,7 @@ environment.systemPackages = with pkgs; [ unstable.claude-code git + python3 ]; users.users.muede = { diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index 742fa9f..dd97b00 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -2,8 +2,8 @@ { imports = [ ./hardware.nix -# ./vscode-server.nix -# ./hass.nix + # ./vscode-server.nix + # ./hass.nix self.nixosModules.user-muede self.nixosModules.gnome From 8a097b0581586b73c580452503af86a759053325 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 12 Apr 2026 21:39:52 +0200 Subject: [PATCH 27/80] nix fmt, explicit container enable --- homeConfigurations/muede/default.nix | 58 ++++++++++------------ nixosConfigurations/muede-lpt2/default.nix | 3 ++ 2 files changed, 28 insertions(+), 33 deletions(-) diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index e4ff011..d239d01 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -15,8 +15,8 @@ ./swaylock.nix ./swaync.nix ./vscode.nix -# ./waybar.nix -# ./wlogout.nix + # ./waybar.nix + # ./wlogout.nix ./zsh.nix self.inputs.nova-shell.homeModules.default # keep-sorted end @@ -58,42 +58,34 @@ }; home.packages = with pkgs; [ - keepassxc - nextcloud-client - thunderbird - fractal - telegram-desktop - - wireguard-tools - wirelesstools - tailscale - - kdiff3 - jetbrains-toolbox - - vlc - lutris + # keep-sorted start arduino - arduino-ide arduino-cli - + arduino-ide + claude-code + dconf2nix + foliate + fractal + geary + gnome-terminal + gparted + icu + jetbrains-toolbox + kdiff3 + keepassxc + lutris + nextcloud-client + onefetch servicepoint-cli servicepoint-simulator - - icu - - foliate - - dconf2nix - - gnome-terminal - - gparted - - geary - - claude-code + tailscale + telegram-desktop + thunderbird + vlc + wireguard-tools + wirelesstools + # keep-sorted end ]; home.file = { diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 29f97bc..6cc5934 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -66,5 +66,8 @@ privateNetwork = false; path = self.nixosConfigurations.damocles.config.system.build.toplevel; }; + + boot.enableContainers = true; + virtualisation.containers.enable = true; }; } From 925fd85c2855d7899cd49ad32e21e841c870332d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 12 Apr 2026 21:44:10 +0200 Subject: [PATCH 28/80] remove diff --- foo.diff | 295 ------------------------------------------------------- 1 file changed, 295 deletions(-) delete mode 100644 foo.diff diff --git a/foo.diff b/foo.diff deleted file mode 100644 index a070e7b..0000000 --- a/foo.diff +++ /dev/null @@ -1,295 +0,0 @@ -diff --git a/flake.lock b/flake.lock -index e1d289b..2ae403c 100644 ---- a/flake.lock -+++ b/flake.lock -@@ -539,6 +539,28 @@ - "type": "github" - } - }, -+ "nova-shell": { -+ "inputs": { -+ "nixpkgs": [ -+ "nixpkgs-unstable" -+ ], -+ "quickshell": "quickshell", -+ "treefmt-nix": "treefmt-nix" -+ }, -+ "locked": { -+ "lastModified": 1775855370, -+ "narHash": "sha256-HCTOC6tSXvRNoZl/CQjjvZ63iMlYgH4HSPsqn25zFJA=", -+ "ref": "refs/heads/main", -+ "rev": "3c9f6e78cc8a0af240a5ac7a0ed0cb517f2bbb5a", -+ "revCount": 8, -+ "type": "git", -+ "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" -+ }, -+ "original": { -+ "type": "git", -+ "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" -+ } -+ }, - "nur": { - "inputs": { - "flake-parts": [ -@@ -588,6 +610,27 @@ - "type": "github" - } - }, -+ "quickshell": { -+ "inputs": { -+ "nixpkgs": [ -+ "nova-shell", -+ "nixpkgs" -+ ] -+ }, -+ "locked": { -+ "lastModified": 1775720097, -+ "narHash": "sha256-p+vqkCuFfVNyQBo370wr6MebNUvz55RZiC0m8YKUhvQ=", -+ "ref": "refs/heads/master", -+ "rev": "d4c92973b53d9fa34cc110d3b974eb6bde5b3027", -+ "revCount": 800, -+ "type": "git", -+ "url": "https://git.outfoxxed.me/outfoxxed/quickshell" -+ }, -+ "original": { -+ "type": "git", -+ "url": "https://git.outfoxxed.me/outfoxxed/quickshell" -+ } -+ }, - "root": { - "inputs": { - "flake-parts": "flake-parts", -@@ -600,12 +643,13 @@ - "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", -+ "nova-shell": "nova-shell", - "nur": "nur", - "servicepoint-cli": "servicepoint-cli", - "servicepoint-simulator": "servicepoint-simulator", - "servicepoint-tanks": "servicepoint-tanks", - "stylix": "stylix", -- "treefmt-nix": "treefmt-nix", -+ "treefmt-nix": "treefmt-nix_2", - "zerforschen-plus": "zerforschen-plus" - } - }, -@@ -858,6 +902,27 @@ - } - }, - "treefmt-nix": { -+ "inputs": { -+ "nixpkgs": [ -+ "nova-shell", -+ "nixpkgs" -+ ] -+ }, -+ "locked": { -+ "lastModified": 1775636079, -+ "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", -+ "owner": "numtide", -+ "repo": "treefmt-nix", -+ "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", -+ "type": "github" -+ }, -+ "original": { -+ "owner": "numtide", -+ "repo": "treefmt-nix", -+ "type": "github" -+ } -+ }, -+ "treefmt-nix_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" -diff --git a/flake.nix b/flake.nix -index 2a7ad86..87683fe 100644 ---- a/flake.nix -+++ b/flake.nix -@@ -35,6 +35,10 @@ - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; -+ nova-shell = { -+ url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; -+ inputs.nixpkgs.follows = "nixpkgs-unstable"; -+ }; - nur = { - url = "github:nix-community/NUR"; - inputs = { -diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix -index 9face22..5f12afb 100644 ---- a/homeConfigurations/muede/default.nix -+++ b/homeConfigurations/muede/default.nix -@@ -1,4 +1,4 @@ --{ pkgs, ... }: -+{ pkgs, self,... }: - { - imports = [ - # keep-sorted start -+ self.inputs.nova-shell.homeModules.default -@@ -18,6 +18,7 @@ - ./waybar.nix - ./wlogout.nix - ./zsh.nix - # keep-sorted end - ]; - -@@ -48,6 +49,7 @@ - }; - - chromium.enable = true; -+ nova-shell.enable = true; - }; - - home.packages = with pkgs; [ -diff --git a/homeConfigurations/muede/swaylock.nix b/homeConfigurations/muede/swaylock.nix -index 8ff6747..55d7f91 100644 ---- a/homeConfigurations/muede/swaylock.nix -+++ b/homeConfigurations/muede/swaylock.nix -@@ -1,59 +1,63 @@ - # based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# --{ pkgs, config, lib, ... }: - { -- stylix.targets.swaylock = { -- enable = true; -- useWallpaper = true; -- }; -- -- programs.swaylock = { -- enable = true; -- package = pkgs.swaylock-effects; -- # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd -- settings = { -- screenshot = false; -- effect-blur = "9x9"; -- effect-vignette = "0.2:0.2"; -- fade-in = 0.5; -- font-size = 75; -- indicator-caps-lock = true; -- clock = true; -- indicator-radius = 400; -- show-failed-attempts = true; -- ignore-empty-password = true; -- grace = 3.5; -- indicator-thickness = 20; -- }; -- }; -+ pkgs, -+ config, -+ lib, -+ ... -+}: -+{ -+ stylix.targets.swaylock = { -+ enable = true; -+ useWallpaper = true; -+ }; - -- services.swayidle = { -- enable = true; -- systemdTarget = "graphical-session.target"; -- timeouts = [ -- { -- timeout = 60; -- command = "${config.programs.swaylock.package}/bin/swaylock"; -- } -- { -- timeout = 60 * 10; -- command = "${pkgs.systemd}/bin/systemctl suspend"; -- } -- ]; -- events = [ -- { -- event = "before-sleep"; -- command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; -- } -- { -- event = "lock"; -- command = "${config.programs.swaylock.package}/bin/swaylock"; -- } -- ]; -+ programs.swaylock = { -+ enable = true; -+ package = pkgs.swaylock-effects; -+ # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd -+ settings = { -+ screenshot = false; -+ effect-blur = "9x9"; -+ effect-vignette = "0.2:0.2"; -+ fade-in = 0.5; -+ font-size = 75; -+ indicator-caps-lock = true; -+ clock = true; -+ indicator-radius = 400; -+ show-failed-attempts = true; -+ ignore-empty-password = true; -+ grace = 3.5; -+ indicator-thickness = 20; - }; -+ }; - -+ services.swayidle = { -+ enable = true; -+ systemdTarget = "graphical-session.target"; -+ timeouts = [ -+ { -+ timeout = 60; -+ command = "${config.programs.swaylock.package}/bin/swaylock"; -+ } -+ { -+ timeout = 60 * 10; -+ command = "${pkgs.systemd}/bin/systemctl suspend"; -+ } -+ ]; -+ events = [ -+ { -+ event = "before-sleep"; -+ command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; -+ } -+ { -+ event = "lock"; -+ command = "${config.programs.swaylock.package}/bin/swaylock"; -+ } -+ ]; -+ }; - -- programs.niri.settings.binds."Super+Alt+L" = { -- action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; -- allow-when-locked = true; -- }; -+ programs.niri.settings.binds."Super+Alt+L" = { -+ action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; -+ allow-when-locked = true; -+ }; - } -diff --git a/homeConfigurations/muede/waybar.css b/homeConfigurations/muede/waybar.css -index 79e7671..0f1d38a 100644 ---- a/homeConfigurations/muede/waybar.css -+++ b/homeConfigurations/muede/waybar.css -@@ -72,8 +72,8 @@ window#waybar { - } - - #workspaces { -- padding-left: 0; -- padding-right: 0; -+ padding-left: 0; -+ padding-right: 0; - } - - /* Individual widget colors */ -diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix -index 742fa9f..dd97b00 100644 ---- a/nixosConfigurations/muede-pc2/default.nix -+++ b/nixosConfigurations/muede-pc2/default.nix -@@ -2,8 +2,8 @@ - { - imports = [ - ./hardware.nix --# ./vscode-server.nix --# ./hass.nix -+ # ./vscode-server.nix -+ # ./hass.nix - - self.nixosModules.user-muede - self.nixosModules.gnome From c87d351456e02c05a0ceb6c616feeeac1d36a80e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 12 Apr 2026 23:57:00 +0200 Subject: [PATCH 29/80] also replace swaync with nova-shell --- flake.lock | 8 ++++---- homeConfigurations/muede/default.nix | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9773037..aa40828 100644 --- a/flake.lock +++ b/flake.lock @@ -548,11 +548,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1776022066, - "narHash": "sha256-EVl6pS3C8qogiqMNGBLibPsnK8saURb5Ayf9pxzcFjA=", + "lastModified": 1776030769, + "narHash": "sha256-q9qIqbFyCr0kqRbrABpiwydZzErBU75Y10rOgld5sYg=", "ref": "refs/heads/main", - "rev": "d33b47139a431ebc6aef9926f1f80bb2420ac596", - "revCount": 152, + "rev": "c973bd8163758ffb1b2c9762d00dae9e89efdcb1", + "revCount": 173, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index d239d01..25b953d 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -13,7 +13,7 @@ ./ssh.nix ./starship.nix ./swaylock.nix - ./swaync.nix + #./swaync.nix ./vscode.nix # ./waybar.nix # ./wlogout.nix @@ -59,7 +59,6 @@ home.packages = with pkgs; [ # keep-sorted start - arduino arduino-cli arduino-ide From 61b054463d41109384643ffa4acfb641ba25934a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Mon, 13 Apr 2026 10:21:13 +0200 Subject: [PATCH 30/80] fix system deprecated --- flake.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 4cb474f..04acd07 100644 --- a/flake.nix +++ b/flake.nix @@ -175,7 +175,8 @@ overlays = { unstable-packages = final: prev: { unstable = import nixpkgs-unstable { - inherit (prev) system config; + localSystem = prev.stdenv.hostPlatform; + inherit (prev) config; }; }; }; @@ -222,7 +223,7 @@ }; in nixpkgs.lib.nixosSystem { - inherit system specialArgs; + inherit specialArgs; modules = [ { imports = [ @@ -234,7 +235,6 @@ ]); nixpkgs = { - inherit system; hostPlatform = lib.mkDefault system; }; } From ad0844356fe53ba18946469a60d4ddd5a9e914ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Thu, 16 Apr 2026 21:13:24 +0200 Subject: [PATCH 31/80] nix flake update --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index aa40828..68eec1a 100644 --- a/flake.lock +++ b/flake.lock @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1769799857, - "narHash": "sha256-88IFXZ7Sa1vxbz5pty0Io5qEaMQMMUPMonLa3Ls/ss4=", + "lastModified": 1776200608, + "narHash": "sha256-broZ6RFQr4Fv0wT73gGmzNX14A43TmTFF8g4wDKlNss=", "owner": "nix-community", "repo": "naersk", - "rev": "9d4ed44d8b8cecdceb1d6fd76e74123d90ae6339", + "rev": "8b23250ab45c2a38cd91031aee26478ca4d0a28e", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1775710668, - "narHash": "sha256-pi2TWoWZR22vzr5RBAgIdl1LDwgLX+fh+Hqngt/Kkt8=", + "lastModified": 1776363101, + "narHash": "sha256-PIsrdhbaD+aqB473D3IjVjRdO5uQJ6etnm5b7nvdnmU=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "bef414577a6a745543989716df478afec96486bd", + "rev": "f273e1406713b729e02e419d31c48200a285fac1", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1775561155, - "narHash": "sha256-TK2IrqQivRcwqJa0suZMbcsN17CtA8Uu0v7CDnLATb0=", + "lastModified": 1776358048, + "narHash": "sha256-0OpEyuTrEVVkQXFJ5iSmjFXqSEsTNje0ldmiTNgEkOQ=", "owner": "YaLTeR", "repo": "niri", - "rev": "599db847f857b8a7ff78ce02f15acab5d5d9fee1", + "rev": "a1b0bd6d1cbbc695188f53839e42def4c5d38f43", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1775703285, - "narHash": "sha256-Dck/lX920n3ClC6U2m3fWaXgoGrtJpnqfGCdiOb8Gf4=", + "lastModified": 1776310443, + "narHash": "sha256-XQo/vlS6xak3iT3xS2Q3TUMbreeeqe+PR99feUoV0UQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c2281bf25d05ecb8155319456340afd34bea28ec", + "rev": "3a6d0ea13d092493b285b9093b5ce81e79df5cee", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1775595990, - "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", + "lastModified": 1776067740, + "narHash": "sha256-B35lpsqnSZwn1Lmz06BpwF7atPgFmUgw1l8KAV3zpVQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", + "rev": "7e495b747b51f95ae15e74377c5ce1fe69c1765f", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1775701739, - "narHash": "sha256-2FWWY1rr/+pGUJK1npcVcsWNEblzmKs6VxD3VEvwJSs=", + "lastModified": 1776255774, + "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0f7663154ff2fec150f9dbf5f81ec2785dc1e0db", + "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a", "type": "github" }, "original": { @@ -548,11 +548,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1776030769, - "narHash": "sha256-q9qIqbFyCr0kqRbrABpiwydZzErBU75Y10rOgld5sYg=", + "lastModified": 1776366610, + "narHash": "sha256-7HXk7GwK7fCiIQ3ep8SsKUkfWhOOWxARuBKRPqWy0fc=", "ref": "refs/heads/main", - "rev": "c973bd8163758ffb1b2c9762d00dae9e89efdcb1", - "revCount": 173, + "rev": "434f8f8ffd3801cfeac82f6caaf1b58ef25e9c11", + "revCount": 344, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, @@ -571,11 +571,11 @@ ] }, "locked": { - "lastModified": 1775746236, - "narHash": "sha256-wCMkv45LNU6gjWbl53WE4LAHU3Q3dNFU4dRWdlGW1PE=", + "lastModified": 1776364314, + "narHash": "sha256-xH/BIk0BBiZRhcJrurLBzpe0tAdmpeE3FAExIPnb3/w=", "owner": "nix-community", "repo": "NUR", - "rev": "1088e4c4f5f40c9ce5e5181ae501576f72f1bce8", + "rev": "528ff912ac19b61c3be7d29e3976e7f2186c2101", "type": "github" }, "original": { @@ -791,11 +791,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1775509805, - "narHash": "sha256-CxmSn6FihFw7RvqLGGAdQUhbdBfdok946bg8ubvTfa4=", + "lastModified": 1775935110, + "narHash": "sha256-twTHKUFXjNNsaAvX0KoaIClt+923jXDRbfCd9PC/f0o=", "owner": "nix-community", "repo": "stylix", - "rev": "83e8a81710ddd56fb5112da54e0395de51bbcd3a", + "rev": "14f248ad1a7668e7858c6d9163608c208b7daf02", "type": "github" }, "original": { From 3c8024045e46a53374aacc1c312d3f48a29629a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 17 Apr 2026 12:39:45 +0200 Subject: [PATCH 32/80] damocles: longer timeout to prevent namespace breakage --- nixosConfigurations/muede-lpt2/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 6cc5934..2f5e949 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -67,6 +67,10 @@ path = self.nixosConfigurations.damocles.config.system.build.toplevel; }; + # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn + # before it finishes halting, leaving cgroups busy and breaking restarts. + systemd.services."container@damocles".serviceConfig.TimeoutStopSec = "60s"; + boot.enableContainers = true; virtualisation.containers.enable = true; }; From 4c82ecd2b94607dd03c38a0c2ca3ca4ecba82303 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 17 Apr 2026 12:47:51 +0200 Subject: [PATCH 33/80] replace swaylock with nova-shell lock --- flake.lock | 8 +++--- homeConfigurations/muede/default.nix | 7 +++-- homeConfigurations/muede/niri.nix | 5 ++++ homeConfigurations/muede/swayidle.nix | 27 +++++++++++++++++++ homeConfigurations/muede/swaylock.nix | 37 +-------------------------- 5 files changed, 42 insertions(+), 42 deletions(-) create mode 100644 homeConfigurations/muede/swayidle.nix diff --git a/flake.lock b/flake.lock index 68eec1a..cbaede4 100644 --- a/flake.lock +++ b/flake.lock @@ -548,11 +548,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1776366610, - "narHash": "sha256-7HXk7GwK7fCiIQ3ep8SsKUkfWhOOWxARuBKRPqWy0fc=", + "lastModified": 1776422982, + "narHash": "sha256-H4TfZRvGyWHzY/o0JiSYj/0UOxLv4mOM38xQKUKFW6Q=", "ref": "refs/heads/main", - "rev": "434f8f8ffd3801cfeac82f6caaf1b58ef25e9c11", - "revCount": 344, + "rev": "1a78b5808d49131aa13371235172f31587f4af3f", + "revCount": 398, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 25b953d..9a5f714 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -12,7 +12,8 @@ ./podman.nix ./ssh.nix ./starship.nix - ./swaylock.nix + ./swayidle.nix + #./swaylock.nix #./swaync.nix ./vscode.nix # ./waybar.nix @@ -52,8 +53,10 @@ nova-shell = { enable = true; theme = { - fontSize = 13; + fontSize = 14; }; + #modules.backgroundOverlay.enable = false; + #modules.screenCorners.enable = false; }; }; diff --git a/homeConfigurations/muede/niri.nix b/homeConfigurations/muede/niri.nix index 4eebab7..d228899 100644 --- a/homeConfigurations/muede/niri.nix +++ b/homeConfigurations/muede/niri.nix @@ -402,6 +402,11 @@ "Mod+W".action.toggle-column-tabbed-display = { }; "Mod+O".action.toggle-overview = { }; + + "Super+Alt+L" = { + action.spawn = "${pkgs.systemd}/bin/loginctl lock-session"; + allow-when-locked = true; + }; }; }; }; diff --git a/homeConfigurations/muede/swayidle.nix b/homeConfigurations/muede/swayidle.nix new file mode 100644 index 0000000..73029e6 --- /dev/null +++ b/homeConfigurations/muede/swayidle.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: +{ + services.swayidle = + let + lock-command = "${pkgs.systemd}/bin/loginctl lock-session"; + in + { + enable = true; + systemdTarget = "graphical-session.target"; + timeouts = [ + { + timeout = 30; + command = lock-command; + } + { + timeout = 60 * 10; + command = "${pkgs.systemd}/bin/systemctl suspend"; + } + ]; + events = [ + { + event = "before-sleep"; + command = "${pkgs.playerctl}/bin/playerctl pause; ${lock-command}"; + } + ]; + }; +} diff --git a/homeConfigurations/muede/swaylock.nix b/homeConfigurations/muede/swaylock.nix index 064cb9b..f807135 100644 --- a/homeConfigurations/muede/swaylock.nix +++ b/homeConfigurations/muede/swaylock.nix @@ -1,10 +1,5 @@ # based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# -{ - pkgs, - config, - lib, - ... -}: +{ pkgs, ... }: { stylix.targets.swaylock = { enable = true; @@ -30,34 +25,4 @@ indicator-thickness = 20; }; }; - - services.swayidle = { - enable = true; - systemdTarget = "graphical-session.target"; - timeouts = [ - { - timeout = 5; - command = "${config.programs.swaylock.package}/bin/swaylock"; - } - { - timeout = 60 * 10; - command = "${pkgs.systemd}/bin/systemctl suspend"; - } - ]; - events = [ - { - event = "before-sleep"; - command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock"; - } - { - event = "lock"; - command = "${config.programs.swaylock.package}/bin/swaylock"; - } - ]; - }; - - programs.niri.settings.binds."Super+Alt+L" = { - action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock"; - allow-when-locked = true; - }; } From e45185a95b63abff0de11c530844b70493e3d338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 18 Apr 2026 16:37:53 +0200 Subject: [PATCH 34/80] nix flake update nixpkgs-unstable nova-shell --- flake.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index cbaede4..a714aff 100644 --- a/flake.lock +++ b/flake.lock @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1776255774, - "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=", + "lastModified": 1776329215, + "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a", + "rev": "b86751bc4085f48661017fa226dee99fab6c651b", "type": "github" }, "original": { @@ -548,11 +548,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1776422982, - "narHash": "sha256-H4TfZRvGyWHzY/o0JiSYj/0UOxLv4mOM38xQKUKFW6Q=", + "lastModified": 1776522593, + "narHash": "sha256-HqQ8XQGv14TehBKL1IXF28wvbC6OCoHWvTOI/IdCA/8=", "ref": "refs/heads/main", - "rev": "1a78b5808d49131aa13371235172f31587f4af3f", - "revCount": 398, + "rev": "d821500db7375ebb346aaa17c80dc25214165584", + "revCount": 479, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, @@ -618,11 +618,11 @@ ] }, "locked": { - "lastModified": 1775720097, - "narHash": "sha256-p+vqkCuFfVNyQBo370wr6MebNUvz55RZiC0m8YKUhvQ=", + "lastModified": 1776066068, + "narHash": "sha256-SwKVkgEsqsp5ki9m7fqvhncb5MjvH1hlZqbn3s+x/Uk=", "ref": "refs/heads/master", - "rev": "d4c92973b53d9fa34cc110d3b974eb6bde5b3027", - "revCount": 800, + "rev": "fb08eced449e87e47321e95beeb890a63d2c67bd", + "revCount": 801, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, From 8670cd15b867404a5c087281275be46777b63aec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 18 Apr 2026 16:38:17 +0200 Subject: [PATCH 35/80] add more tools to damocles --- nixosConfigurations/damocles/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index e62b6ac..786a1b8 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -10,6 +10,9 @@ unstable.claude-code git python3 + coreutils-full + gawk + gnugrep ]; users.users.muede = { From 1969d71a8c7bf0ea98966da1666daad27d543ebd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Tue, 21 Apr 2026 23:57:24 +0200 Subject: [PATCH 36/80] make desktops more responsive while nix builds run --- nixosModules/global-settings-desktop.nix | 28 ++++++++++++++---------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix index 5f8bbf7..bf23ef7 100644 --- a/nixosModules/global-settings-desktop.nix +++ b/nixosModules/global-settings-desktop.nix @@ -35,21 +35,25 @@ extraSpecialArgs = specialArgs; useGlobalPkgs = true; useUserPackages = true; + users = home-manager-users; + sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; }; time.timeZone = "Europe/Berlin"; - home-manager.sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.git - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - # keep-sorted end - ]; - - home-manager.users = home-manager-users; + # on desktops, keep the device useable interactively during expensive builds + nix = { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + }; }; } From fbe9ce80d1763f7bcfb3cb17c7c8c46637ec6fe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Wed, 22 Apr 2026 23:44:26 +0200 Subject: [PATCH 37/80] add android tools to damocles --- nixosConfigurations/damocles/android-dev.nix | 43 ++++++++++++++++++++ nixosConfigurations/damocles/default.nix | 10 +++++ 2 files changed, 53 insertions(+) create mode 100644 nixosConfigurations/damocles/android-dev.nix diff --git a/nixosConfigurations/damocles/android-dev.nix b/nixosConfigurations/damocles/android-dev.nix new file mode 100644 index 0000000..ea5432c --- /dev/null +++ b/nixosConfigurations/damocles/android-dev.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +let + androidComposition = pkgs.androidenv.composeAndroidPackages { + buildToolsVersions = [ "36.1.0" ]; + platformVersions = [ "35" ]; + includeNDK = false; + includeEmulator = false; + includeSystemImages = false; + }; + androidSdk = androidComposition.androidsdk; +in +{ + nixpkgs.config.android_sdk.accept_license = true; + + allowedUnfreePackages = [ + "android-sdk-cmdline-tools" + "android-sdk-platform-tools" + "android-sdk-tools" + "android-sdk-build-tools" + "android-sdk-platforms" + + # wtf + "platform-tools" + "tools" + "build-tools" + "cmdline-tools" + "platforms" + "cmake" # android sdk repackage + ]; + + environment.systemPackages = with pkgs; [ + androidSdk + gradle + kotlin + jdk21 + ]; + + environment.variables = { + ANDROID_HOME = "${androidSdk}/libexec/android-sdk"; + ANDROID_SDK_ROOT = "${androidSdk}/libexec/android-sdk"; + JAVA_HOME = "${pkgs.jdk21}"; + }; +} diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index 786a1b8..a91e131 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,5 +1,7 @@ { pkgs, self, ... }: { + imports = [ ./android-dev.nix ]; + nixpkgs.overlays = [ self.overlays.unstable-packages ]; boot.isContainer = true; @@ -21,4 +23,12 @@ }; security.sudo.wheelNeedsPassword = false; + + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + ]; + }; } From e71e56a30d7c1fad794d9ab1a762b97b411713d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Wed, 22 Apr 2026 23:44:40 +0200 Subject: [PATCH 38/80] update nova-shell --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a714aff..d23a8ad 100644 --- a/flake.lock +++ b/flake.lock @@ -548,11 +548,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1776522593, - "narHash": "sha256-HqQ8XQGv14TehBKL1IXF28wvbC6OCoHWvTOI/IdCA/8=", + "lastModified": 1776893458, + "narHash": "sha256-/oT77s8xQGAr80mWV+zcRixZMOqU6AJBloC97xuGY34=", "ref": "refs/heads/main", - "rev": "d821500db7375ebb346aaa17c80dc25214165584", - "revCount": 479, + "rev": "2c370afe8ed3ea4c198f65246a32a8809c246fd6", + "revCount": 524, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, From f2ed78747c83e4b106ad1fa3eda886c5ca0ba2d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 24 Apr 2026 20:55:18 +0200 Subject: [PATCH 39/80] fix damocles cgroup broken after sleep with network switch --- nixosConfigurations/damocles/default.nix | 8 +++++++- nixosConfigurations/muede-lpt2/default.nix | 7 ++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index a91e131..4cdd6f7 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,4 +1,4 @@ -{ pkgs, self, ... }: +{ pkgs, lib, self, ... }: { imports = [ ./android-dev.nix ]; @@ -6,6 +6,12 @@ boot.isContainer = true; + # Container shares host network namespace (privateNetwork = false), so the + # host's tailscale already covers this. Running a second tailscaled in the + # same netns fights over routing and breaks connectivity after sleep/wake. + services.tailscale.enable = lib.mkForce false; + networking.firewall.checkReversePath = lib.mkForce "strict"; + allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 2f5e949..19b2119 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -69,7 +69,12 @@ # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn # before it finishes halting, leaving cgroups busy and breaking restarts. - systemd.services."container@damocles".serviceConfig.TimeoutStopSec = "60s"; + systemd.services."container@damocles".serviceConfig = { + TimeoutStopSec = "60s"; + # After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups. + # Without this, the immediate restart attempt fails with "Device or resource busy". + RestartSec = "5s"; + }; boot.enableContainers = true; virtualisation.containers.enable = true; From fcd4b958270dbf5944e5955378cebbe4cfdf4d67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 24 Apr 2026 20:55:35 +0200 Subject: [PATCH 40/80] nix flake update --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index d23a8ad..3dce7db 100644 --- a/flake.lock +++ b/flake.lock @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1776363101, - "narHash": "sha256-PIsrdhbaD+aqB473D3IjVjRdO5uQJ6etnm5b7nvdnmU=", + "lastModified": 1776879043, + "narHash": "sha256-M9RjuowtoqQbFRdQAm2P6GjFwgHjRcnWYcB7ChSjDms=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f273e1406713b729e02e419d31c48200a285fac1", + "rev": "535ebbe038039215a5d1c6c0c67f833409a5be96", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1776358048, - "narHash": "sha256-0OpEyuTrEVVkQXFJ5iSmjFXqSEsTNje0ldmiTNgEkOQ=", + "lastModified": 1776853441, + "narHash": "sha256-mSxfoEs7DiDhMCBzprI/1K7UXzMISuGq0b7T06LVJXE=", "owner": "YaLTeR", "repo": "niri", - "rev": "a1b0bd6d1cbbc695188f53839e42def4c5d38f43", + "rev": "74d2b18603366b98ec9045ecf4a632422f472365", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1776310443, - "narHash": "sha256-XQo/vlS6xak3iT3xS2Q3TUMbreeeqe+PR99feUoV0UQ=", + "lastModified": 1776828494, + "narHash": "sha256-gQ5+syn8ndyF/+c5g5ZpeAScNKhkTF4/63JsO2hqGHo=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3a6d0ea13d092493b285b9093b5ce81e79df5cee", + "rev": "ea6764d22ff5478f5db39ede57eeafc70d14e8e6", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1776067740, - "narHash": "sha256-B35lpsqnSZwn1Lmz06BpwF7atPgFmUgw1l8KAV3zpVQ=", + "lastModified": 1776734388, + "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7e495b747b51f95ae15e74377c5ce1fe69c1765f", + "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", "type": "github" }, "original": { @@ -548,11 +548,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1776893458, - "narHash": "sha256-/oT77s8xQGAr80mWV+zcRixZMOqU6AJBloC97xuGY34=", + "lastModified": 1776984220, + "narHash": "sha256-7o1I1Nl+HU+aXbCg7HLmj4W9o5/u6Tqviwmeczxzds0=", "ref": "refs/heads/main", - "rev": "2c370afe8ed3ea4c198f65246a32a8809c246fd6", - "revCount": 524, + "rev": "8d76df6ef5188b7fc640518b5c80687c52fcec55", + "revCount": 536, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, @@ -571,11 +571,11 @@ ] }, "locked": { - "lastModified": 1776364314, - "narHash": "sha256-xH/BIk0BBiZRhcJrurLBzpe0tAdmpeE3FAExIPnb3/w=", + "lastModified": 1776893492, + "narHash": "sha256-V4r/mdAFHe6fRiu3D+3+UdclSH7LJoHfv+4Y1YNawK0=", "owner": "nix-community", "repo": "NUR", - "rev": "528ff912ac19b61c3be7d29e3976e7f2186c2101", + "rev": "0aa8e8fc21887cc34a4c0e3816f08b56795f52ca", "type": "github" }, "original": { From 96239eef490056e0feb30d764919ff3dca20e396 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 26 Apr 2026 19:06:01 +0200 Subject: [PATCH 41/80] nova-shell: use system module --- flake.lock | 8 ++++---- homeConfigurations/muede/default.nix | 1 - nixosModules/global-settings-desktop.nix | 2 ++ 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 3dce7db..7593fcd 100644 --- a/flake.lock +++ b/flake.lock @@ -548,11 +548,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1776984220, - "narHash": "sha256-7o1I1Nl+HU+aXbCg7HLmj4W9o5/u6Tqviwmeczxzds0=", + "lastModified": 1777222693, + "narHash": "sha256-5AQpEtjSaWfcWfuO8Z4nRgYqJegCa/0lUO2HUVJR4AI=", "ref": "refs/heads/main", - "rev": "8d76df6ef5188b7fc640518b5c80687c52fcec55", - "revCount": 536, + "rev": "dc8344d0af83ba9de5f74a68bee82cdf6364c9a2", + "revCount": 573, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 9a5f714..767b40e 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -19,7 +19,6 @@ # ./waybar.nix # ./wlogout.nix ./zsh.nix - self.inputs.nova-shell.homeModules.default # keep-sorted end ]; diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix index bf23ef7..a94ab80 100644 --- a/nixosModules/global-settings-desktop.nix +++ b/nixosModules/global-settings-desktop.nix @@ -7,12 +7,14 @@ servicepoint-tanks, stylix, specialArgs, + nova-shell, ... }: { imports = [ # keep-sorted start home-manager.nixosModules.home-manager + nova-shell.nixosModules.default self.nixosModules.en-de self.nixosModules.firmware-updates self.nixosModules.gnome From 1366030c9bab35c22aa626b9118a85cf7c5ad6d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 26 Apr 2026 19:07:12 +0200 Subject: [PATCH 42/80] wip add aur0ra --- flake.lock | 114 ++++++++++++++++-- flake.nix | 62 +++++----- .../aur0ra-installer/default.nix | 17 +++ nixosConfigurations/aur0ra/default.nix | 56 +++++++++ nixosConfigurations/aur0ra/hardware.nix | 64 ++++++++++ .../aur0ra/nice-looking-console.nix | 32 +++++ nixosConfigurations/damocles/default.nix | 7 +- nixosModules/extra-caches.nix | 14 ++- 8 files changed, 321 insertions(+), 45 deletions(-) create mode 100644 nixosConfigurations/aur0ra-installer/default.nix create mode 100644 nixosConfigurations/aur0ra/default.nix create mode 100644 nixosConfigurations/aur0ra/hardware.nix create mode 100644 nixosConfigurations/aur0ra/nice-looking-console.nix diff --git a/flake.lock b/flake.lock index 7593fcd..f2eef87 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "argononed": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -181,6 +197,21 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -476,13 +507,61 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-raspberrypi", + "nixpkgs" + ], + "nixos-unstable": [ + "nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747747741, + "narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=", + "owner": "nvmd", + "repo": "nixos-images", + "rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "sdimage-installer", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-raspberrypi": { + "inputs": { + "argononed": "argononed", + "flake-compat": "flake-compat_2", + "nixos-images": "nixos-images", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1775857096, + "narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "main", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1776734388, - "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", + "lastModified": 1775595990, + "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", + "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", "type": "github" }, "original": { @@ -524,6 +603,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1776734388, + "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1757545623, "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", @@ -548,11 +643,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1777222693, - "narHash": "sha256-5AQpEtjSaWfcWfuO8Z4nRgYqJegCa/0lUO2HUVJR4AI=", + "lastModified": 1777295064, + "narHash": "sha256-A+Ooli4ckGyiT+zh10Ybj3nY2ql4QX1p6q6HrKCDvpA=", "ref": "refs/heads/main", - "rev": "dc8344d0af83ba9de5f74a68bee82cdf6364c9a2", - "revCount": 573, + "rev": "adb6c21135c93e0c57517ba90a32dd8f6bf2704d", + "revCount": 578, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, @@ -641,7 +736,8 @@ "nix-filter": "nix-filter", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", + "nixos-raspberrypi": "nixos-raspberrypi", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "nova-shell": "nova-shell", "nur": "nur", @@ -728,7 +824,7 @@ "nix-filter": [ "nix-filter" ], - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1757763091, diff --git a/flake.nix b/flake.nix index 04acd07..5a0fe15 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ }; #keep-sorted start block=yes + flake-parts = { url = "github:hercules-ci/flake-parts"; #inputs.nixpkgs.follows = "nixpkgs"; @@ -37,6 +38,9 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-raspberrypi = { + url = "github:nvmd/nixos-raspberrypi/main"; + }; nova-shell = { url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -99,6 +103,7 @@ niri, nix-vscode-extensions, nixos-generators, + nixos-raspberrypi, nixpkgs-unstable, servicepoint-cli, servicepoint-simulator, @@ -111,6 +116,28 @@ }: let devices = { + # keep-sorted start block=yes + aur0ra = { + system = "aarch64-linux"; + nixosSystem = nixos-raspberrypi.lib.nixosSystem; + }; + aur0ra-installer = { + # build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage + system = "aarch64-linux"; + nixosSystem = nixos-raspberrypi.lib.nixosInstaller; + }; + damocles = { + system = "x86_64-linux"; + }; + epimetheus = { + system = "aarch64-linux"; + }; + forgejo-runner-1 = { + system = "aarch64-linux"; + }; + hetzner-vpn2 = { + system = "aarch64-linux"; + }; muede-lpt2 = { system = "x86_64-linux"; home-manager-users = { @@ -129,18 +156,7 @@ inherit (self.homeConfigurations) ronja; }; }; - hetzner-vpn2 = { - system = "aarch64-linux"; - }; - forgejo-runner-1 = { - system = "aarch64-linux"; - }; - epimetheus = { - system = "aarch64-linux"; - }; - damocles = { - system = "x86_64-linux"; - }; + # keep-sorted end }; inherit (nixpkgs) lib; forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; @@ -216,18 +232,19 @@ device, system, home-manager-users ? { }, + nixosSystem ? nixpkgs.lib.nixosSystem }: let specialArgs = inputs // { inherit device home-manager-users; }; in - nixpkgs.lib.nixosSystem { + nixosSystem { inherit specialArgs; modules = [ { imports = [ - ./nixosConfigurations/${device} + ./nixosConfigurations/${device} self.nixosModules.global-settings ] ++ (lib.optionals (home-manager-users != { }) [ @@ -250,22 +267,5 @@ formatting = treefmt-eval.config.build.check self; } ); - - packages = forAllSystems ( - { ... }: - { - nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate { - system = "aarch64-linux"; - format = "proxmox-lxc"; - specialArgs = inputs // { - device = "nixos-aarch64-pxvirt-lxc-template"; - }; - modules = [ - self.nixosModules.global-settings - self.nixosModules.pxvirt-guest - ]; - }; - } - ); }; } diff --git a/nixosConfigurations/aur0ra-installer/default.nix b/nixosConfigurations/aur0ra-installer/default.nix new file mode 100644 index 0000000..5557fae --- /dev/null +++ b/nixosConfigurations/aur0ra-installer/default.nix @@ -0,0 +1,17 @@ +{ + nixos-images, + config, + lib, + modulesPath, + ... +}: +{ + imports = [ + ../aur0ra + # nixos-images.nixosModules.sdimage-installer + ]; + disabledModules = [ + # disable the sd-image module that nixos-images uses + # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") + ]; +} diff --git a/nixosConfigurations/aur0ra/default.nix b/nixosConfigurations/aur0ra/default.nix new file mode 100644 index 0000000..20aa8c3 --- /dev/null +++ b/nixosConfigurations/aur0ra/default.nix @@ -0,0 +1,56 @@ +{ lib, ... }: +{ + imports = [ + ./hardware.nix + ./nice-looking-console.nix + ]; + + users.users.ruth = { + # initialPassword = "setup"; + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + ]; + # Allow the graphical user to login without password + initialHashedPassword = ""; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" + ]; + }; + nix.settings.trusted-users = [ "ruth" ]; + + # Don't require sudo/root to `reboot` or `poweroff`. + security.polkit.enable = true; + + # Allow passwordless sudo from nixos user + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + + services.openssh.enable = true; + + # https://github.com/nvmd/nixos-raspberrypi-demo/blob/c521600570f0365ae9c846af4b023049b80ae331/modules/server-networking.nix + + networking.firewall.logRefusedConnections = lib.mkDefault false; + + # Use networkd instead of the pile of shell scripts + # NOTE: SK: is it safe to combine with NetworkManager on desktops? + networking.useNetworkd = lib.mkDefault true; + + # The notion of "online" is a broken concept + # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 + # https://github.com/NixOS/nixpkgs/issues/247608 + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; + + # Do not take down the network for too long when upgrading, + # This also prevents failures of services that are restarted instead of stopped. + # It will use `systemctl restart` rather than stopping it with `systemctl stop` + # followed by a delayed `systemctl start`. + systemd.services.systemd-networkd.stopIfChanged = false; + # Services that are only restarted might be not able to resolve when resolved is stopped before + systemd.services.systemd-resolved.stopIfChanged = false; +} diff --git a/nixosConfigurations/aur0ra/hardware.nix b/nixosConfigurations/aur0ra/hardware.nix new file mode 100644 index 0000000..8014f41 --- /dev/null +++ b/nixosConfigurations/aur0ra/hardware.nix @@ -0,0 +1,64 @@ +{ nixos-raspberrypi, lib, ... }: +{ + imports = with nixos-raspberrypi.nixosModules; [ + raspberry-pi-5.base + raspberry-pi-5.bluetooth + raspberry-pi-5.page-size-16k + raspberry-pi-5.display-vc4 + ]; + + # No one got time for xz compression. + #isoImage.squashfsCompression = "zstd"; + + boot.loader = { + raspberry-pi.bootloader = "kernel"; + systemd-boot.enable = lib.mkForce false; + #generic-extlinux-compatible.enable = lib.mkForce false; + }; + + /* + fileSystems = { + "/boot/firmware" = { + # TODO + device = "/dev/disk/by-uuid/2175-794E"; + fsType = "vfat"; + options = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + "/" = { + # TODO + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + */ + + hardware.raspberry-pi.config = { + all = { + # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + # Base DTB parameters + # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 + base-dt-params = { + + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie + pciex1 = { + enable = true; + value = "on"; + }; + # PCIe Gen 3.0 + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 + pciex1_gen = { + enable = true; + value = "3"; + }; + + }; + + }; + }; +} diff --git a/nixosConfigurations/aur0ra/nice-looking-console.nix b/nixosConfigurations/aur0ra/nice-looking-console.nix new file mode 100644 index 0000000..847bfc2 --- /dev/null +++ b/nixosConfigurations/aur0ra/nice-looking-console.nix @@ -0,0 +1,32 @@ +# re-borrowed from https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/modules/nice-looking-console.nix +{ lib, pkgs, ... }: +{ + # The following have been borrowed from: + # https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84 + + console.earlySetup = true; + # ter-u22n is probably too big + console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz"; + + # Make colored console output more readable + # for example, `ip addr`s (blues are too dark by default) + # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ + console.colors = lib.mkDefault [ + "000000" + "CC0000" + "4E9A06" + "C4A000" + "3465A4" + "75507B" + "06989A" + "D3D7CF" + "555753" + "EF2929" + "8AE234" + "FCE94F" + "739FCF" + "AD7FA8" + "34E2E2" + "EEEEEC" + ]; +} diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index 4cdd6f7..75c5439 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, self, ... }: +{ + pkgs, + lib, + self, + ... +}: { imports = [ ./android-dev.nix ]; diff --git a/nixosModules/extra-caches.nix b/nixosModules/extra-caches.nix index 6af372f..8b5431c 100644 --- a/nixosModules/extra-caches.nix +++ b/nixosModules/extra-caches.nix @@ -1,16 +1,22 @@ { nix.settings = { substituters = [ - "https://cache.nixos.org/" - "https://nix-community.cachix.org" + # keep-sorted start "https://cache.lix.systems" + "https://cache.nixos.org/" "https://niri.cachix.org" + "https://nix-community.cachix.org" + "https://nixos-raspberrypi.cachix.org" + # keep-sorted end ]; trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + # keep-sorted start "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + # keep-sorted end ]; }; } From 27a71e94ce6dd0f32a2c73645670a178814077e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Wed, 29 Apr 2026 21:38:40 +0200 Subject: [PATCH 43/80] add damocles-lab container --- flake.nix | 3 ++ nixosConfigurations/damocles-lab/default.nix | 16 +++++++ .../damocles/claude-container.nix | 41 +++++++++++++++++ nixosConfigurations/damocles/default.nix | 44 +------------------ nixosConfigurations/muede-lpt2/default.nix | 27 ++++++++++++ 5 files changed, 88 insertions(+), 43 deletions(-) create mode 100644 nixosConfigurations/damocles-lab/default.nix create mode 100644 nixosConfigurations/damocles/claude-container.nix diff --git a/flake.nix b/flake.nix index 5a0fe15..ea6d9fe 100644 --- a/flake.nix +++ b/flake.nix @@ -129,6 +129,9 @@ damocles = { system = "x86_64-linux"; }; + damocles-lab = { + system = "x86_64-linux"; + }; epimetheus = { system = "aarch64-linux"; }; diff --git a/nixosConfigurations/damocles-lab/default.nix b/nixosConfigurations/damocles-lab/default.nix new file mode 100644 index 0000000..752065d --- /dev/null +++ b/nixosConfigurations/damocles-lab/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + imports = [../damocles/claude-container.nix]; + + services.openssh = { + enable = true; + ports = [ 2222 ]; + # Path written into sshd_config as a string — not read at eval time. + # Key can be rotated without a rebuild. + authorizedKeysFiles = [ "/persist/damocles-ssh/id_ed25519.pub" ]; + }; + + environment.systemPackages = with pkgs; [ + + ]; +} diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix new file mode 100644 index 0000000..c754f47 --- /dev/null +++ b/nixosConfigurations/damocles/claude-container.nix @@ -0,0 +1,41 @@ +{ pkgs,self,lib, ... }: { + + nixpkgs.overlays = [ self.overlays.unstable-packages ]; + allowedUnfreePackages = [ "claude-code" ]; + + environment.systemPackages = with pkgs; [ + unstable.claude-code + git + python3 + coreutils-full + gawk + gnugrep + curl + cargo + rustc + clippy + ]; + + boot.isContainer = true; + + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + ]; + }; + + # Container shares host network namespace (privateNetwork = false), so the + # host's tailscale already covers this. Running a second tailscaled in the + # same netns fights over routing and breaks connectivity after sleep/wake. + services.tailscale.enable = lib.mkForce false; + networking.firewall.checkReversePath = lib.mkForce "strict"; + + users.users.muede = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + security.sudo.wheelNeedsPassword = false; +} diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index 75c5439..e0c276b 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,45 +1,3 @@ { - pkgs, - lib, - self, - ... -}: -{ - imports = [ ./android-dev.nix ]; - - nixpkgs.overlays = [ self.overlays.unstable-packages ]; - - boot.isContainer = true; - - # Container shares host network namespace (privateNetwork = false), so the - # host's tailscale already covers this. Running a second tailscaled in the - # same netns fights over routing and breaks connectivity after sleep/wake. - services.tailscale.enable = lib.mkForce false; - networking.firewall.checkReversePath = lib.mkForce "strict"; - - allowedUnfreePackages = [ "claude-code" ]; - - environment.systemPackages = with pkgs; [ - unstable.claude-code - git - python3 - coreutils-full - gawk - gnugrep - ]; - - users.users.muede = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - - security.sudo.wheelNeedsPassword = false; - - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc.lib - zlib - ]; - }; + imports = [ ./android-dev.nix ./claude-container.nix ]; } diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 19b2119..711a578 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -65,6 +65,28 @@ autoStart = false; privateNetwork = false; path = self.nixosConfigurations.damocles.config.system.build.toplevel; + bindMounts."/persist/damocles-ssh" = { + hostPath = "/persist/damocles-ssh"; + isReadOnly = true; + }; + bindMounts."/persist/damocles-lab" = { + hostPath = "/persist/damocles-lab"; + isReadOnly = false; + }; + }; + + containers.damocles-lab = { + autoStart = false; + privateNetwork = false; + path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel; + bindMounts."/workspace" = { + hostPath = "/persist/damocles-lab"; + isReadOnly = false; + }; + bindMounts."/persist/damocles-ssh" = { + hostPath = "/persist/damocles-ssh"; + isReadOnly = true; + }; }; # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn @@ -76,6 +98,11 @@ RestartSec = "5s"; }; + systemd.services."container@damocles-lab".serviceConfig = { + TimeoutStopSec = "60s"; + RestartSec = "5s"; + }; + boot.enableContainers = true; virtualisation.containers.enable = true; }; From 7b56f73a488766de5bfd276cce3a3c0ec11bb3de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Wed, 29 Apr 2026 21:38:54 +0200 Subject: [PATCH 44/80] update nova-shell --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f2eef87..461b3c0 100644 --- a/flake.lock +++ b/flake.lock @@ -643,11 +643,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1777295064, - "narHash": "sha256-A+Ooli4ckGyiT+zh10Ybj3nY2ql4QX1p6q6HrKCDvpA=", + "lastModified": 1777479755, + "narHash": "sha256-rKha1HlZIYn+nhptqOSaSPGywXXdM5S462oiXh64EWM=", "ref": "refs/heads/main", - "rev": "adb6c21135c93e0c57517ba90a32dd8f6bf2704d", - "revCount": 578, + "rev": "7ab784e101b69f35f65e300d5779888624f7a7a5", + "revCount": 596, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, From 4d872cd6323b5579e3b7bb50185c082d8c7f5632 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Wed, 29 Apr 2026 23:58:15 +0200 Subject: [PATCH 45/80] damocles-lab misc --- flake.nix | 4 ++-- nixosConfigurations/aur0ra-installer/default.nix | 4 ++-- nixosConfigurations/damocles-lab/default.nix | 2 +- nixosConfigurations/damocles/claude-container.nix | 11 +++++++---- nixosConfigurations/damocles/default.nix | 13 ++++++++++++- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index ea6d9fe..dce3929 100644 --- a/flake.nix +++ b/flake.nix @@ -235,7 +235,7 @@ device, system, home-manager-users ? { }, - nixosSystem ? nixpkgs.lib.nixosSystem + nixosSystem ? nixpkgs.lib.nixosSystem, }: let specialArgs = inputs // { @@ -247,7 +247,7 @@ modules = [ { imports = [ - ./nixosConfigurations/${device} + ./nixosConfigurations/${device} self.nixosModules.global-settings ] ++ (lib.optionals (home-manager-users != { }) [ diff --git a/nixosConfigurations/aur0ra-installer/default.nix b/nixosConfigurations/aur0ra-installer/default.nix index 5557fae..b6c1e1a 100644 --- a/nixosConfigurations/aur0ra-installer/default.nix +++ b/nixosConfigurations/aur0ra-installer/default.nix @@ -8,10 +8,10 @@ { imports = [ ../aur0ra - # nixos-images.nixosModules.sdimage-installer + # nixos-images.nixosModules.sdimage-installer ]; disabledModules = [ # disable the sd-image module that nixos-images uses - # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") + # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") ]; } diff --git a/nixosConfigurations/damocles-lab/default.nix b/nixosConfigurations/damocles-lab/default.nix index 752065d..705e31a 100644 --- a/nixosConfigurations/damocles-lab/default.nix +++ b/nixosConfigurations/damocles-lab/default.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { - imports = [../damocles/claude-container.nix]; + imports = [ ../damocles/claude-container.nix ]; services.openssh = { enable = true; diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index c754f47..17d599f 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -1,4 +1,10 @@ -{ pkgs,self,lib, ... }: { +{ + pkgs, + self, + lib, + ... +}: +{ nixpkgs.overlays = [ self.overlays.unstable-packages ]; allowedUnfreePackages = [ "claude-code" ]; @@ -11,9 +17,6 @@ gawk gnugrep curl - cargo - rustc - clippy ]; boot.isContainer = true; diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index e0c276b..c5eff0a 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,3 +1,14 @@ +{ pkgs, ... }: { - imports = [ ./android-dev.nix ./claude-container.nix ]; + imports = [ + ./android-dev.nix + ./claude-container.nix + ]; + + environment.systemPackages = with pkgs; [ + cargo + rustc + clippy + gh + ]; } From f5a7d1ec100a3ab835b184ea67d4294686f81ae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Thu, 30 Apr 2026 00:00:44 +0200 Subject: [PATCH 46/80] nix flake update --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 461b3c0..9445a9a 100644 --- a/flake.lock +++ b/flake.lock @@ -363,11 +363,11 @@ ] }, "locked": { - "lastModified": 1776200608, - "narHash": "sha256-broZ6RFQr4Fv0wT73gGmzNX14A43TmTFF8g4wDKlNss=", + "lastModified": 1777031541, + "narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=", "owner": "nix-community", "repo": "naersk", - "rev": "8b23250ab45c2a38cd91031aee26478ca4d0a28e", + "rev": "5e73301621274c44798bf6c6211ed27fc2ced201", "type": "github" }, "original": { @@ -390,11 +390,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1776879043, - "narHash": "sha256-M9RjuowtoqQbFRdQAm2P6GjFwgHjRcnWYcB7ChSjDms=", + "lastModified": 1777472199, + "narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "535ebbe038039215a5d1c6c0c67f833409a5be96", + "rev": "323a80f2ce4541c595d491acbd15a8800201cbae", "type": "github" }, "original": { @@ -423,11 +423,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1776853441, - "narHash": "sha256-mSxfoEs7DiDhMCBzprI/1K7UXzMISuGq0b7T06LVJXE=", + "lastModified": 1777468255, + "narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=", "owner": "YaLTeR", "repo": "niri", - "rev": "74d2b18603366b98ec9045ecf4a632422f472365", + "rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d", "type": "github" }, "original": { @@ -458,11 +458,11 @@ ] }, "locked": { - "lastModified": 1776828494, - "narHash": "sha256-gQ5+syn8ndyF/+c5g5ZpeAScNKhkTF4/63JsO2hqGHo=", + "lastModified": 1777434090, + "narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ea6764d22ff5478f5db39ede57eeafc70d14e8e6", + "rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b", "type": "github" }, "original": { @@ -588,11 +588,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1776329215, - "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=", + "lastModified": 1777270315, + "narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b86751bc4085f48661017fa226dee99fab6c651b", + "rev": "6368eda62c9775c38ef7f714b2555a741c20c72d", "type": "github" }, "original": { @@ -604,11 +604,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1776734388, - "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", + "lastModified": 1777077449, + "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", + "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", "type": "github" }, "original": { @@ -666,11 +666,11 @@ ] }, "locked": { - "lastModified": 1776893492, - "narHash": "sha256-V4r/mdAFHe6fRiu3D+3+UdclSH7LJoHfv+4Y1YNawK0=", + "lastModified": 1777499139, + "narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=", "owner": "nix-community", "repo": "NUR", - "rev": "0aa8e8fc21887cc34a4c0e3816f08b56795f52ca", + "rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc", "type": "github" }, "original": { @@ -887,11 +887,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1775935110, - "narHash": "sha256-twTHKUFXjNNsaAvX0KoaIClt+923jXDRbfCd9PC/f0o=", + "lastModified": 1776894428, + "narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=", "owner": "nix-community", "repo": "stylix", - "rev": "14f248ad1a7668e7858c6d9163608c208b7daf02", + "rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d", "type": "github" }, "original": { From aa567694df35d78788dbdf1db93df0d50773dab9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 21:17:51 +0200 Subject: [PATCH 47/80] distributed builds - infra and lpt2 --- flake.nix | 10 ++- nixosConfigurations/muede-lpt2/default.nix | 8 +++ nixosModules/distributed-builds.nix | 80 ++++++++++++++++++++++ nixosModules/global-settings.nix | 1 + 4 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 nixosModules/distributed-builds.nix diff --git a/flake.nix b/flake.nix index dce3929..57d4037 100644 --- a/flake.nix +++ b/flake.nix @@ -128,9 +128,11 @@ }; damocles = { system = "x86_64-linux"; + distributedBuilds.maxJobs = 0; }; damocles-lab = { system = "x86_64-linux"; + distributedBuilds.maxJobs = 0; }; epimetheus = { system = "aarch64-linux"; @@ -146,12 +148,17 @@ home-manager-users = { inherit (self.homeConfigurations) muede; }; + distributedBuilds.isBuilder = true; }; muede-pc2 = { system = "x86_64-linux"; home-manager-users = { inherit (self.homeConfigurations) muede; }; + distributedBuilds = { + isBuilder = true; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-pc2-nix-builds"; + }; }; ronja-pc = { system = "x86_64-linux"; @@ -236,10 +243,11 @@ system, home-manager-users ? { }, nixosSystem ? nixpkgs.lib.nixosSystem, + ... }: let specialArgs = inputs // { - inherit device home-manager-users; + inherit device home-manager-users devices; }; in nixosSystem { diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 711a578..434b046 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -65,6 +65,10 @@ autoStart = false; privateNetwork = false; path = self.nixosConfigurations.damocles.config.system.build.toplevel; + bindMounts."/etc/nix/distributed-build-key" = { + hostPath = "/etc/nix/distributed-build-key"; + isReadOnly = true; + }; bindMounts."/persist/damocles-ssh" = { hostPath = "/persist/damocles-ssh"; isReadOnly = true; @@ -79,6 +83,10 @@ autoStart = false; privateNetwork = false; path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel; + bindMounts."/etc/nix/distributed-build-key" = { + hostPath = "/etc/nix/distributed-build-key"; + isReadOnly = true; + }; bindMounts."/workspace" = { hostPath = "/persist/damocles-lab"; isReadOnly = false; diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix new file mode 100644 index 0000000..a811a71 --- /dev/null +++ b/nixosModules/distributed-builds.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + devices, + ... +}: +let + sshKeyPath = "/etc/nix/distributed-build-key"; + buildUser = "remotebuild"; + + # Collect all per-device public keys that have been registered. + authorizedPublicKeys = lib.pipe devices [ + (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? publicKey)) + (lib.mapAttrsToList (_: v: v.distributedBuilds.publicKey)) + ]; + + # === Onboarding a device as a build client === + # + # 1. Generate a key pair on the device: + # sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "-nix-builds" + # (owned by root, mode 0600) + # + # 2. Add the public key to the device entry in flake.nix: + # distributedBuilds.publicKey = "ssh-ed25519 AAAA... -nix-builds"; + # + # 3. Rebuild all machines so they pick up the new authorized key. + # + # === Marking a device as a build server === + # + # Add to its entry in flake.nix: + # distributedBuilds.isBuilder = true; + # All machines automatically discover and use it after the next rebuild. + + buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices; + + buildMachineList = lib.mapAttrsToList (hostName: v: { + inherit hostName; + systems = [ v.system ]; + sshUser = buildUser; + sshKey = sshKeyPath; + protocol = "ssh-ng"; + supportedFeatures = [ + "nixos-test" + "big-parallel" + "kvm" + "benchmark" + ]; + }) buildServerDevices; + + remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList; +in +{ + # Dedicated user for receiving distributed build connections + users.users.${buildUser} = { + isSystemUser = true; + group = buildUser; + useDefaultShell = true; + openssh.authorizedKeys.keys = authorizedPublicKeys; + }; + users.groups.${buildUser} = { }; + + nix = { + distributedBuilds = remoteMachines != [ ]; + buildMachines = remoteMachines; + settings = { + trusted-users = [ buildUser ]; + builders-use-substitutes = true; + max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; + cores = 0; + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; +} diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix index cd92140..2d1c5b3 100644 --- a/nixosModules/global-settings.nix +++ b/nixosModules/global-settings.nix @@ -12,6 +12,7 @@ self.nixosModules.allowed-unfree-list self.nixosModules.autoupdate self.nixosModules.default + self.nixosModules.distributed-builds self.nixosModules.extra-caches self.nixosModules.globalinstalls self.nixosModules.lix-is-nix From cde2658789cf45a8e4f987d6829cf46e10553305 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 21:24:16 +0200 Subject: [PATCH 48/80] distributed builds: fix swapped key, add pc2 --- flake.nix | 7 +++++-- nixosModules/distributed-builds.nix | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 57d4037..2c80aec 100644 --- a/flake.nix +++ b/flake.nix @@ -148,7 +148,10 @@ home-manager-users = { inherit (self.homeConfigurations) muede; }; - distributedBuilds.isBuilder = true; + distributedBuilds = { + isBuilder = true; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; + }; }; muede-pc2 = { system = "x86_64-linux"; @@ -157,7 +160,7 @@ }; distributedBuilds = { isBuilder = true; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-pc2-nix-builds"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; }; }; ronja-pc = { diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index a811a71..27804ee 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -17,7 +17,7 @@ let # === Onboarding a device as a build client === # # 1. Generate a key pair on the device: - # sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "-nix-builds" + # sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" # (owned by root, mode 0600) # # 2. Add the public key to the device entry in flake.nix: From 05645a2c46eb2c6bc2a8596a00c6b01dac8adc25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 21:24:32 +0200 Subject: [PATCH 49/80] nix flake update nova-shell --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 9445a9a..764d421 100644 --- a/flake.lock +++ b/flake.lock @@ -643,11 +643,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1777479755, - "narHash": "sha256-rKha1HlZIYn+nhptqOSaSPGywXXdM5S462oiXh64EWM=", + "lastModified": 1777656272, + "narHash": "sha256-OcxjycGuzEeU6ZbX4SjSx4YVKcDlaZm8gdSvEFGowoo=", "ref": "refs/heads/main", - "rev": "7ab784e101b69f35f65e300d5779888624f7a7a5", - "revCount": 596, + "rev": "40cc681e9a36320659175f240e9ccc3f3041a7e9", + "revCount": 598, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, From b995113f56d3669f589a0aba30a5360d7c32b3d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 21:54:54 +0200 Subject: [PATCH 50/80] distributed builds: add builders to known hosts --- flake.nix | 7 +++++-- nixosModules/distributed-builds.nix | 21 +++++++++++++++++---- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index 2c80aec..35739dc 100644 --- a/flake.nix +++ b/flake.nix @@ -150,7 +150,8 @@ }; distributedBuilds = { isBuilder = true; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; + hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7"; + clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; }; }; muede-pc2 = { @@ -160,7 +161,9 @@ }; distributedBuilds = { isBuilder = true; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; + speedFactor = 2; + hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH"; + clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; }; }; ronja-pc = { diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 27804ee..f0c45da 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -10,8 +10,8 @@ let # Collect all per-device public keys that have been registered. authorizedPublicKeys = lib.pipe devices [ - (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? publicKey)) - (lib.mapAttrsToList (_: v: v.distributedBuilds.publicKey)) + (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey)) + (lib.mapAttrsToList (_: v: v.distributedBuilds.clientPublicKey)) ]; # === Onboarding a device as a build client === @@ -21,7 +21,7 @@ let # (owned by root, mode 0600) # # 2. Add the public key to the device entry in flake.nix: - # distributedBuilds.publicKey = "ssh-ed25519 AAAA... -nix-builds"; + # distributedBuilds.clientPublicKey = "ssh-ed25519 AAAA... -nix-builds"; # # 3. Rebuild all machines so they pick up the new authorized key. # @@ -29,16 +29,27 @@ let # # Add to its entry in flake.nix: # distributedBuilds.isBuilder = true; + # distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 # All machines automatically discover and use it after the next rebuild. buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices; + knownHosts = lib.pipe buildServerDevices [ + (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) + (lib.mapAttrs (hostName: v: { + publicKey = v.distributedBuilds.hostPublicKey; + })) + ]; + buildMachineList = lib.mapAttrsToList (hostName: v: { inherit hostName; systems = [ v.system ]; sshUser = buildUser; sshKey = sshKeyPath; protocol = "ssh-ng"; + } // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { + speedFactor = v.distributedBuilds.speedFactor; + } // { supportedFeatures = [ "nixos-test" "big-parallel" @@ -51,11 +62,13 @@ let in { # Dedicated user for receiving distributed build connections + programs.ssh.knownHosts = knownHosts; + users.users.${buildUser} = { isSystemUser = true; group = buildUser; useDefaultShell = true; - openssh.authorizedKeys.keys = authorizedPublicKeys; + openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys; }; users.groups.${buildUser} = { }; From c2d4ce78de05fc554e767cc9ee9050832944246a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 22:04:11 +0200 Subject: [PATCH 51/80] move devices to own file --- devices.nix | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 60 +------------------------------------------------- 2 files changed, 64 insertions(+), 59 deletions(-) create mode 100644 devices.nix diff --git a/devices.nix b/devices.nix new file mode 100644 index 0000000..a8e427a --- /dev/null +++ b/devices.nix @@ -0,0 +1,63 @@ +{ self }: +let + nixos-raspberrypi = self.inputs.nixos-raspberrypi; +in +{ + # keep-sorted start block=yes + aur0ra = { + system = "aarch64-linux"; + nixosSystem = nixos-raspberrypi.lib.nixosSystem; + }; + aur0ra-installer = { + # build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage + system = "aarch64-linux"; + nixosSystem = nixos-raspberrypi.lib.nixosInstaller; + }; + damocles = { + system = "x86_64-linux"; + distributedBuilds.maxJobs = 0; + }; + damocles-lab = { + system = "x86_64-linux"; + distributedBuilds.maxJobs = 0; + }; + epimetheus = { + system = "aarch64-linux"; + }; + forgejo-runner-1 = { + system = "aarch64-linux"; + }; + hetzner-vpn2 = { + system = "aarch64-linux"; + }; + muede-lpt2 = { + system = "x86_64-linux"; + home-manager-users = { + inherit (self.homeConfigurations) muede; + }; + distributedBuilds = { + isBuilder = true; + hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7"; + clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; + }; + }; + muede-pc2 = { + system = "x86_64-linux"; + home-manager-users = { + inherit (self.homeConfigurations) muede; + }; + distributedBuilds = { + isBuilder = true; + speedFactor = 2; + hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH"; + clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; + }; + }; + ronja-pc = { + system = "x86_64-linux"; + home-manager-users = { + inherit (self.homeConfigurations) ronja; + }; + }; + # keep-sorted end +} diff --git a/flake.nix b/flake.nix index 35739dc..805c81f 100644 --- a/flake.nix +++ b/flake.nix @@ -115,65 +115,7 @@ ... }: let - devices = { - # keep-sorted start block=yes - aur0ra = { - system = "aarch64-linux"; - nixosSystem = nixos-raspberrypi.lib.nixosSystem; - }; - aur0ra-installer = { - # build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage - system = "aarch64-linux"; - nixosSystem = nixos-raspberrypi.lib.nixosInstaller; - }; - damocles = { - system = "x86_64-linux"; - distributedBuilds.maxJobs = 0; - }; - damocles-lab = { - system = "x86_64-linux"; - distributedBuilds.maxJobs = 0; - }; - epimetheus = { - system = "aarch64-linux"; - }; - forgejo-runner-1 = { - system = "aarch64-linux"; - }; - hetzner-vpn2 = { - system = "aarch64-linux"; - }; - muede-lpt2 = { - system = "x86_64-linux"; - home-manager-users = { - inherit (self.homeConfigurations) muede; - }; - distributedBuilds = { - isBuilder = true; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7"; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; - }; - }; - muede-pc2 = { - system = "x86_64-linux"; - home-manager-users = { - inherit (self.homeConfigurations) muede; - }; - distributedBuilds = { - isBuilder = true; - speedFactor = 2; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH"; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; - }; - }; - ronja-pc = { - system = "x86_64-linux"; - home-manager-users = { - inherit (self.homeConfigurations) ronja; - }; - }; - # keep-sorted end - }; + devices = import ./devices.nix { inherit self; }; inherit (nixpkgs) lib; forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices; From 850d67303528e64fb4aab6634bc0a4f7650c593e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 22:39:21 +0200 Subject: [PATCH 52/80] refactor: import nixosModules unconditionally, add enable options --- flake.nix | 110 +++++++++--- nixosConfigurations/epimetheus/default.nix | 6 +- .../forgejo-runner-1/default.nix | 5 +- nixosConfigurations/muede-lpt2/default.nix | 16 +- nixosConfigurations/muede-pc2/default.nix | 19 +- nixosConfigurations/ronja-pc/default.nix | 19 +- nixosModules/amd-graphics.nix | 29 +-- nixosModules/autoupdate.nix | 27 +-- nixosModules/default.nix | 37 ++++ nixosModules/distributed-builds.nix | 105 ++++++----- nixosModules/en-de.nix | 63 ++++--- nixosModules/extra-caches.nix | 43 +++-- nixosModules/firmware-updates.nix | 21 ++- nixosModules/global-settings-desktop.nix | 61 ------- nixosModules/global-settings.nix | 44 ----- nixosModules/globalinstalls.nix | 59 +++--- nixosModules/gnome.nix | 101 ++++++----- nixosModules/intel-graphics.nix | 11 +- nixosModules/kdeconnect.nix | 86 ++++----- nixosModules/latex.nix | 11 +- nixosModules/lix-is-nix.nix | 33 ++-- nixosModules/modern-desktop.nix | 79 ++++---- nixosModules/muede-desktop-settings.nix | 39 ++-- nixosModules/nix-ld.nix | 49 ++--- nixosModules/openssh.nix | 19 +- nixosModules/podman.nix | 19 +- nixosModules/printing.nix | 19 +- nixosModules/prometheus-node.nix | 37 ++-- nixosModules/pxvirt-guest.nix | 12 +- nixosModules/quiet-boot.nix | 49 ++--- nixosModules/secure-boot.nix | 53 +++--- nixosModules/steam.nix | 77 ++++---- nixosModules/stylix.nix | 169 +++++++++--------- nixosModules/systemd-boot.nix | 19 +- nixosModules/tailscale.nix | 15 +- nixosModules/user-muede.nix | 75 ++++---- nixosModules/user-ronja.nix | 41 +++-- nixosModules/wine-gaming.nix | 43 +++-- 38 files changed, 959 insertions(+), 761 deletions(-) create mode 100644 nixosModules/default.nix delete mode 100644 nixosModules/global-settings-desktop.nix delete mode 100644 nixosModules/global-settings.nix diff --git a/flake.nix b/flake.nix index 805c81f..8cacd37 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,6 @@ }; #keep-sorted start block=yes - flake-parts = { url = "github:hercules-ci/flake-parts"; #inputs.nixpkgs.follows = "nixpkgs"; @@ -103,8 +102,8 @@ niri, nix-vscode-extensions, nixos-generators, - nixos-raspberrypi, nixpkgs-unstable, + nova-shell, servicepoint-cli, servicepoint-simulator, servicepoint-tanks, @@ -157,14 +156,18 @@ nixosModules = (importModuleDir ./nixosModules) // { niri = - { pkgs, ... }: + { lib, config, ... }: { imports = [ niri.nixosModules.niri ]; - nixpkgs.overlays = [ niri.overlays.niri ]; - programs.niri = { - enable = true; - #package = pkgs.niri-stable; + options.my.niri.enable = lib.mkEnableOption "niri wayland compositor"; + + config = lib.mkIf config.my.niri.enable { + nixpkgs.overlays = [ niri.overlays.niri ]; + programs.niri = { + enable = true; + #package = pkgs.niri-stable; + }; }; }; pkgs-unstable = { @@ -173,10 +176,6 @@ pkgs-vscode-extensions = { nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ]; }; - # required modules to use other modules, should not do anything on their own - default = { - imports = [ self.nixosModules.allowed-unfree-list ]; - }; }; homeModules = importModuleDir ./homeModules; @@ -201,18 +200,87 @@ nixosSystem { inherit specialArgs; modules = [ - { - imports = [ - ./nixosConfigurations/${device} - self.nixosModules.global-settings - ] - ++ (lib.optionals (home-manager-users != { }) [ - self.nixosModules.global-settings-desktop - ]); + ./nixosConfigurations/${device} + self.nixosModules.default - nixpkgs = { - hostPlatform = lib.mkDefault system; + # keep-sorted start + home-manager.nixosModules.home-manager + lanzaboote.nixosModules.lanzaboote + nova-shell.nixosModules.default + self.nixosModules.niri + self.nixosModules.pkgs-vscode-extensions + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + stylix.nixosModules.stylix + zerforschen-plus.nixosModules.default + # keep-sorted end + + # Base config (replaces global-settings.nix) + { + nixpkgs.hostPlatform = lib.mkDefault system; + networking.hostName = device; + system = { + stateVersion = "22.11"; + autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; }; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + documentation = { + info.enable = false; + doc.enable = false; + }; + + my.autoupdate.enable = true; + my.distributedBuilds.enable = true; + my.extraCaches.enable = true; + my.globalinstalls.enable = true; + my.lixIsNix.enable = true; + my.openssh.enable = true; + my.prometheusNode.enable = true; + my.systemdBoot.enable = true; + my.tailscale.enable = true; + } + ] + ++ lib.optionals (home-manager-users != { }) [ + # Desktop config (replaces global-settings-desktop.nix) + { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + users = home-manager-users; + sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; + }; + + time.timeZone = "Europe/Berlin"; + + # on desktops, keep the device useable interactively during expensive builds + nix = { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + }; + + my.enDe.enable = true; + my.firmwareUpdates.enable = true; + my.gnome.enable = true; + my.kdeconnect.enable = true; + my.modernDesktop.enable = true; + my.niri.enable = true; + my.nixLd.enable = true; + my.quietBoot.enable = true; + my.stylix.enable = true; } ]; } diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix index 02c6ae8..bff9b14 100644 --- a/nixosConfigurations/epimetheus/default.nix +++ b/nixosConfigurations/epimetheus/default.nix @@ -1,8 +1,6 @@ -{ self, ... }: +{ ... }: { - imports = [ self.nixosModules.pxvirt-guest ]; - config = { - + my.pxvirtGuest.enable = true; }; } diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix index 4196430..41c7717 100644 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ b/nixosConfigurations/forgejo-runner-1/default.nix @@ -1,12 +1,13 @@ -{ self, ... }: +{ ... }: { imports = [ ./hardware.nix ./forgejo-runner.nix - self.nixosModules.podman ]; config = { + my.podman.enable = true; + # uncomment for build check on non arm system (requires --impure) # nixpkgs.buildPlatform = builtins.currentSystem; services.tailscale.useRoutingFeatures = "both"; diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 434b046..78c9d55 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -2,17 +2,17 @@ { imports = [ ./hardware.nix - self.nixosModules.user-muede - self.nixosModules.gnome - self.nixosModules.wine-gaming - self.nixosModules.steam - self.nixosModules.podman - self.nixosModules.muede-desktop-settings - self.nixosModules.intel-graphics - self.nixosModules.secure-boot ]; config = { + my.users.muede.enable = true; + my.wineGaming.enable = true; + my.steam.enable = true; + my.podman.enable = true; + my.muedeDesktopSettings.enable = true; + my.intelGraphics.enable = true; + my.secureBoot.enable = true; + nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index dd97b00..5a90eea 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -1,21 +1,20 @@ -{ pkgs, self, ... }: +{ pkgs, ... }: { imports = [ ./hardware.nix # ./vscode-server.nix # ./hass.nix - - self.nixosModules.user-muede - self.nixosModules.gnome - self.nixosModules.wine-gaming - self.nixosModules.steam - self.nixosModules.podman - self.nixosModules.muede-desktop-settings - self.nixosModules.amd-graphics - self.nixosModules.secure-boot ]; config = { + my.users.muede.enable = true; + my.wineGaming.enable = true; + my.steam.enable = true; + my.podman.enable = true; + my.muedeDesktopSettings.enable = true; + my.amdGraphics.enable = true; + my.secureBoot.enable = true; + nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 8e1eb52..85227ff 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -1,20 +1,15 @@ -{ - config, - pkgs, - self, - ... -}: +{ pkgs, ... }: { imports = [ ./hardware.nix - self.nixosModules.user-ronja - self.nixosModules.gnome - self.nixosModules.steam - self.nixosModules.wine-gaming - self.nixosModules.muede-desktop-settings ]; config = { + my.users.ronja.enable = true; + my.steam.enable = true; + my.wineGaming.enable = true; + my.muedeDesktopSettings.enable = true; + # Configure keymap in X11 services.xserver.xkb = { layout = "de"; @@ -24,8 +19,6 @@ # Configure console keymap console.keyMap = "de"; - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget diff --git a/nixosModules/amd-graphics.nix b/nixosModules/amd-graphics.nix index 9bc386c..1baeb24 100644 --- a/nixosModules/amd-graphics.nix +++ b/nixosModules/amd-graphics.nix @@ -1,15 +1,24 @@ -{ pkgs, ... }: { - boot.kernelModules = [ "amdgpu" ]; - services.xserver.videoDrivers = [ "amdgpu" ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers"; - hardware = { - graphics.enable = true; - amdgpu = { - opencl.enable = true; - overdrive.enable = true; + config = lib.mkIf config.my.amdGraphics.enable { + boot.kernelModules = [ "amdgpu" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; + + hardware = { + graphics.enable = true; + amdgpu = { + opencl.enable = true; + overdrive.enable = true; + }; }; - }; - environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; + environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; + }; } diff --git a/nixosModules/autoupdate.nix b/nixosModules/autoupdate.nix index 0f26b7e..028cfd7 100644 --- a/nixosModules/autoupdate.nix +++ b/nixosModules/autoupdate.nix @@ -1,16 +1,21 @@ +{ lib, config, ... }: { - nix = { - optimise.automatic = true; - gc = { - automatic = true; + options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades"; + + config = lib.mkIf config.my.autoupdate.enable { + nix = { + optimise.automatic = true; + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; + }; + + system.autoUpgrade = { + enable = true; dates = "daily"; - options = "--delete-older-than 7d"; + # do not forget to set `flake` when using this module! }; }; - - system.autoUpgrade = { - enable = true; - dates = "daily"; - # do not forget to set `flake` when using this module! - }; } diff --git a/nixosModules/default.nix b/nixosModules/default.nix new file mode 100644 index 0000000..621cca7 --- /dev/null +++ b/nixosModules/default.nix @@ -0,0 +1,37 @@ +{ ... }: +{ + imports = [ + # keep-sorted start + ./allowed-unfree-list.nix + ./amd-graphics.nix + ./autoupdate.nix + ./distributed-builds.nix + ./en-de.nix + ./extra-caches.nix + ./firmware-updates.nix + ./globalinstalls.nix + ./gnome.nix + ./intel-graphics.nix + ./kdeconnect.nix + ./latex.nix + ./lix-is-nix.nix + ./modern-desktop.nix + ./muede-desktop-settings.nix + ./nix-ld.nix + ./openssh.nix + ./podman.nix + ./printing.nix + ./prometheus-node.nix + ./pxvirt-guest.nix + ./quiet-boot.nix + ./secure-boot.nix + ./steam.nix + ./stylix.nix + ./systemd-boot.nix + ./tailscale.nix + ./user-muede.nix + ./user-ronja.nix + ./wine-gaming.nix + # keep-sorted end + ]; +} diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index f0c45da..94ec25c 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -32,62 +32,77 @@ let # distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 # All machines automatically discover and use it after the next rebuild. - buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices; + buildServerDevices = lib.filterAttrs ( + _: v: (v.distributedBuilds or { }).isBuilder or false + ) devices; knownHosts = lib.pipe buildServerDevices [ (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) - (lib.mapAttrs (hostName: v: { - publicKey = v.distributedBuilds.hostPublicKey; - })) + (lib.mapAttrs ( + _: v: { + publicKey = v.distributedBuilds.hostPublicKey; + } + )) ]; - buildMachineList = lib.mapAttrsToList (hostName: v: { - inherit hostName; - systems = [ v.system ]; - sshUser = buildUser; - sshKey = sshKeyPath; - protocol = "ssh-ng"; - } // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { - speedFactor = v.distributedBuilds.speedFactor; - } // { - supportedFeatures = [ - "nixos-test" - "big-parallel" - "kvm" - "benchmark" - ]; - }) buildServerDevices; + buildMachineList = lib.mapAttrsToList ( + hostName: v: + { + inherit hostName; + systems = [ v.system ]; + sshUser = buildUser; + sshKey = sshKeyPath; + protocol = "ssh-ng"; + } + // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { + speedFactor = v.distributedBuilds.speedFactor; + } + // { + supportedFeatures = [ + "nixos-test" + "big-parallel" + "kvm" + "benchmark" + ]; + } + ) buildServerDevices; remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList; in { - # Dedicated user for receiving distributed build connections - programs.ssh.knownHosts = knownHosts; + options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds"; - users.users.${buildUser} = { - isSystemUser = true; - group = buildUser; - useDefaultShell = true; - openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys; - }; - users.groups.${buildUser} = { }; + config = lib.mkIf config.my.distributedBuilds.enable { + programs.ssh.knownHosts = knownHosts; - nix = { - distributedBuilds = remoteMachines != [ ]; - buildMachines = remoteMachines; - settings = { - trusted-users = [ buildUser ]; - builders-use-substitutes = true; - max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; - cores = 0; - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; + # Dedicated user for receiving distributed build connections + users.users.${buildUser} = { + isSystemUser = true; + group = buildUser; + useDefaultShell = true; + openssh.authorizedKeys.keys = map ( + k: ''command="nix daemon --stdio",restrict ${k}'' + ) authorizedPublicKeys; + }; + users.groups.${buildUser} = { }; + + nix = { + distributedBuilds = remoteMachines != [ ]; + buildMachines = remoteMachines; + settings = { + trusted-users = [ buildUser ]; + builders-use-substitutes = true; + max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; + cores = 0; + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; }; }; - - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; } diff --git a/nixosModules/en-de.nix b/nixosModules/en-de.nix index a91780e..4a35b28 100644 --- a/nixosModules/en-de.nix +++ b/nixosModules/en-de.nix @@ -1,31 +1,40 @@ -{ pkgs, ... }: { - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocales = [ - "de_DE.UTF-8/UTF-8" - ]; - extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; + lib, + config, + pkgs, + ... +}: +{ + options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs"; + + config = lib.mkIf config.my.enDe.enable { + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocales = [ + "de_DE.UTF-8/UTF-8" + ]; + extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; }; + + programs.firefox.languagePacks = [ + "en-US" + "de" + ]; + + environment.systemPackages = [ + pkgs.hunspell + pkgs.hunspellDicts.de-de + pkgs.hunspellDicts.en-us + ]; }; - - programs.firefox.languagePacks = [ - "en-US" - "de" - ]; - - environment.systemPackages = [ - pkgs.hunspell - pkgs.hunspellDicts.de-de - pkgs.hunspellDicts.en-us - ]; } diff --git a/nixosModules/extra-caches.nix b/nixosModules/extra-caches.nix index 8b5431c..6a72755 100644 --- a/nixosModules/extra-caches.nix +++ b/nixosModules/extra-caches.nix @@ -1,22 +1,27 @@ +{ lib, config, ... }: { - nix.settings = { - substituters = [ - # keep-sorted start - "https://cache.lix.systems" - "https://cache.nixos.org/" - "https://niri.cachix.org" - "https://nix-community.cachix.org" - "https://nixos-raspberrypi.cachix.org" - # keep-sorted end - ]; - trusted-public-keys = [ - # keep-sorted start - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" - # keep-sorted end - ]; + options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches"; + + config = lib.mkIf config.my.extraCaches.enable { + nix.settings = { + substituters = [ + # keep-sorted start + "https://cache.lix.systems" + "https://cache.nixos.org/" + "https://niri.cachix.org" + "https://nix-community.cachix.org" + "https://nixos-raspberrypi.cachix.org" + # keep-sorted end + ]; + trusted-public-keys = [ + # keep-sorted start + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + # keep-sorted end + ]; + }; }; } diff --git a/nixosModules/firmware-updates.nix b/nixosModules/firmware-updates.nix index 8e81b72..61b2ff8 100644 --- a/nixosModules/firmware-updates.nix +++ b/nixosModules/firmware-updates.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - hardware = { - enableRedistributableFirmware = true; - cpu = { - amd.updateMicrocode = true; - intel.updateMicrocode = true; - }; - }; + options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode"; - services.fwupd.enable = true; + config = lib.mkIf config.my.firmwareUpdates.enable { + hardware = { + enableRedistributableFirmware = true; + cpu = { + amd.updateMicrocode = true; + intel.updateMicrocode = true; + }; + }; + + services.fwupd.enable = true; + }; } diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix deleted file mode 100644 index a94ab80..0000000 --- a/nixosModules/global-settings-desktop.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - home-manager-users, - self, - home-manager, - servicepoint-cli, - servicepoint-simulator, - servicepoint-tanks, - stylix, - specialArgs, - nova-shell, - ... -}: -{ - imports = [ - # keep-sorted start - home-manager.nixosModules.home-manager - nova-shell.nixosModules.default - self.nixosModules.en-de - self.nixosModules.firmware-updates - self.nixosModules.gnome - self.nixosModules.kdeconnect - self.nixosModules.modern-desktop - self.nixosModules.niri - self.nixosModules.nix-ld - self.nixosModules.pkgs-vscode-extensions - self.nixosModules.quiet-boot - self.nixosModules.stylix - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - stylix.nixosModules.stylix - # keep-sorted end - ]; - - config = { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - users = home-manager-users; - sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.git - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - # keep-sorted end - ]; - }; - - time.timeZone = "Europe/Berlin"; - - # on desktops, keep the device useable interactively during expensive builds - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - }; - }; -} diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix deleted file mode 100644 index 2d1c5b3..0000000 --- a/nixosModules/global-settings.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - device, - self, - lanzaboote, - zerforschen-plus, - ... -}: -{ - imports = [ - # keep-sorted start - lanzaboote.nixosModules.lanzaboote - self.nixosModules.allowed-unfree-list - self.nixosModules.autoupdate - self.nixosModules.default - self.nixosModules.distributed-builds - self.nixosModules.extra-caches - self.nixosModules.globalinstalls - self.nixosModules.lix-is-nix - self.nixosModules.openssh - self.nixosModules.prometheus-node - self.nixosModules.systemd-boot - self.nixosModules.tailscale - zerforschen-plus.nixosModules.default - # keep-sorted end - ]; - - config = { - networking.hostName = device; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - documentation = { - info.enable = false; # info pages and the info command - doc.enable = false; # documentation distributed in packages' /share/doc - }; - }; -} diff --git a/nixosModules/globalinstalls.nix b/nixosModules/globalinstalls.nix index 146d401..56061ee 100644 --- a/nixosModules/globalinstalls.nix +++ b/nixosModules/globalinstalls.nix @@ -1,30 +1,39 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - ncdu - glances - lsof - dig - screen - tldr - nix-output-monitor - git-credential-oauth - ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools"; - programs = { - zsh.enable = true; - htop.enable = true; - iotop.enable = true; - git.enable = true; - nano = { - enable = true; - syntaxHighlight = true; + config = lib.mkIf config.my.globalinstalls.enable { + environment.systemPackages = with pkgs; [ + ncdu + glances + lsof + dig + screen + tldr + nix-output-monitor + git-credential-oauth + ]; + + programs = { + zsh.enable = true; + htop.enable = true; + iotop.enable = true; + git.enable = true; + nano = { + enable = true; + syntaxHighlight = true; + }; }; - }; - environment.etc."gitconfig".text = '' - [credential] - helper = oauth - credentialStore = cache - ''; + environment.etc."gitconfig".text = '' + [credential] + helper = oauth + credentialStore = cache + ''; + }; } diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index 260fbbd..b0bf406 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -1,62 +1,65 @@ { - pkgs, lib, config, + pkgs, ... }: { - options.muede = { - keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; + options = { + my.gnome.enable = lib.mkEnableOption "GNOME desktop environment"; + muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; }; - config = lib.mkMerge [ - { - services = { - xserver.excludePackages = [ pkgs.xterm ]; + config = lib.mkIf config.my.gnome.enable ( + lib.mkMerge [ + { + services = { + xserver.excludePackages = [ pkgs.xterm ]; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome = { - enable = true; - extraGSettingsOverridePackages = [ pkgs.mutter ]; - extraGSettingsOverrides = '' - [org.gnome.mutter] - experimental-features=['scale-monitor-framebuffer'] - ''; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome = { + enable = true; + extraGSettingsOverridePackages = [ pkgs.mutter ]; + extraGSettingsOverrides = '' + [org.gnome.mutter] + experimental-features=['scale-monitor-framebuffer'] + ''; + }; + + gnome = { + tinysparql.enable = false; + localsearch.enable = false; + sushi.enable = true; + }; }; - gnome = { - tinysparql.enable = false; - localsearch.enable = false; - sushi.enable = true; + programs = { + dconf.enable = true; + gpaste.enable = true; }; - }; - - programs = { - dconf.enable = true; - gpaste.enable = true; - }; - } - (lib.mkIf (!config.muede.keep-gnome-default-apps) { - environment.gnome.excludePackages = with pkgs; [ - cheese # photo booth - epiphany # web browser - evince # document viewer - geary # email client - gnome-maps - gnome-weather - gnome-tour - sysprof - orca # screen reader - gnome-weather - gnome-backgrounds - gnome-user-docs - yelp # help app - gnome-music - totem # video player - snapshot # camera - baobab # disk usage - ]; - }) - ]; + } + (lib.mkIf (!config.muede.keep-gnome-default-apps) { + environment.gnome.excludePackages = with pkgs; [ + cheese # photo booth + epiphany # web browser + evince # document viewer + geary # email client + gnome-maps + gnome-weather + gnome-tour + sysprof + orca # screen reader + gnome-weather + gnome-backgrounds + gnome-user-docs + yelp # help app + gnome-music + totem # video player + snapshot # camera + baobab # disk usage + ]; + }) + ] + ); } diff --git a/nixosModules/intel-graphics.nix b/nixosModules/intel-graphics.nix index 74c6e67..b367489 100644 --- a/nixosModules/intel-graphics.nix +++ b/nixosModules/intel-graphics.nix @@ -1,6 +1,13 @@ -{ pkgs, ... }: { - config = { + lib, + config, + pkgs, + ... +}: +{ + options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers"; + + config = lib.mkIf config.my.intelGraphics.enable { hardware.graphics = { extraPackages = with pkgs; [ intel-media-driver diff --git a/nixosModules/kdeconnect.nix b/nixosModules/kdeconnect.nix index 1a3c2f1..bc809c9 100644 --- a/nixosModules/kdeconnect.nix +++ b/nixosModules/kdeconnect.nix @@ -5,49 +5,53 @@ ... }: { - config = lib.mkMerge [ - { - networking.firewall = - let - kdeconnect-range = { - from = 1714; - to = 1764; - }; - in - { - allowedTCPPortRanges = [ kdeconnect-range ]; - allowedUDPPortRanges = [ kdeconnect-range ]; - }; + options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect"; - programs.kdeconnect.enable = true; - home-manager.sharedModules = [ - { - services.kdeconnect = { - enable = true; - # this still shows up in gnome session starting with 25.05 - # indicator = true; - }; - } - ]; - } - - (lib.mkIf config.services.desktopManager.gnome.enable { - # replace kdeconnect with gsconnect - programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; - - home-manager.sharedModules = [ - ( - { pkgs, ... }: + config = lib.mkIf config.my.kdeconnect.enable ( + lib.mkMerge [ + { + networking.firewall = + let + kdeconnect-range = { + from = 1714; + to = 1764; + }; + in { - home.packages = [ pkgs.gnomeExtensions.gsconnect ]; - # enable gsconnect extension - dconf.settings = { - "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; - "org/gnome/shell/extensions/gsconnect".enabled = true; + allowedTCPPortRanges = [ kdeconnect-range ]; + allowedUDPPortRanges = [ kdeconnect-range ]; + }; + + programs.kdeconnect.enable = true; + home-manager.sharedModules = [ + { + services.kdeconnect = { + enable = true; + # this still shows up in gnome session starting with 25.05 + # indicator = true; }; } - ) - ]; - }) - ]; + ]; + } + + (lib.mkIf config.services.desktopManager.gnome.enable { + # replace kdeconnect with gsconnect + programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; + + home-manager.sharedModules = [ + ( + { pkgs, ... }: + { + home.packages = [ pkgs.gnomeExtensions.gsconnect ]; + # enable gsconnect extension + dconf.settings = { + "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; + "org/gnome/shell/extensions/gsconnect".enabled = true; + }; + } + ) + ]; + }) + ] + ); } diff --git a/nixosModules/latex.nix b/nixosModules/latex.nix index 3d097f8..ce5483d 100644 --- a/nixosModules/latex.nix +++ b/nixosModules/latex.nix @@ -1,6 +1,13 @@ -{ pkgs, ... }: { - config = { + lib, + config, + pkgs, + ... +}: +{ + options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)"; + + config = lib.mkIf config.my.latex.enable { environment.systemPackages = with pkgs; [ fontconfig texliveFull diff --git a/nixosModules/lix-is-nix.nix b/nixosModules/lix-is-nix.nix index 3480d06..04eaf42 100644 --- a/nixosModules/lix-is-nix.nix +++ b/nixosModules/lix-is-nix.nix @@ -1,15 +1,24 @@ -{ pkgs, ... }: { - nixpkgs.overlays = [ - (final: prev: { - inherit (prev.lixPackageSets.stable) - nixpkgs-review - nix-eval-jobs - nix-fast-build - colmena - ; - }) - ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation"; - nix.package = pkgs.lixPackageSets.latest.lix; + config = lib.mkIf config.my.lixIsNix.enable { + nixpkgs.overlays = [ + (final: prev: { + inherit (prev.lixPackageSets.stable) + nixpkgs-review + nix-eval-jobs + nix-fast-build + colmena + ; + }) + ]; + + nix.package = pkgs.lixPackageSets.latest.lix; + }; } diff --git a/nixosModules/modern-desktop.nix b/nixosModules/modern-desktop.nix index 6f3ccac..7a10531 100644 --- a/nixosModules/modern-desktop.nix +++ b/nixosModules/modern-desktop.nix @@ -1,47 +1,52 @@ +{ lib, config, ... }: { - services = { - xserver.enable = true; - libinput.enable = true; - flatpak.enable = true; - fstrim.enable = true; - earlyoom = { - enable = true; - freeMemThreshold = 5; + options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)"; + + config = lib.mkIf config.my.modernDesktop.enable { + services = { + xserver.enable = true; + libinput.enable = true; + flatpak.enable = true; + fstrim.enable = true; + earlyoom = { + enable = true; + freeMemThreshold = 5; + }; }; - }; - # Enable sound with pipewire. - security.rtkit.enable = true; - services = { - pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - #jack.enable = true; + # Enable sound with pipewire. + security.rtkit.enable = true; + services = { + pulseaudio.enable = false; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + #jack.enable = true; + }; }; - }; - systemd = { - # save some boot time because nothing actually requires network connectivity - services.NetworkManager-wait-online.enable = false; + systemd = { + # save some boot time because nothing actually requires network connectivity + services.NetworkManager-wait-online.enable = false; - # prevent stuck units from preventing shutdown (default is 120s) - settings.Manager.DefaultTimeoutStopSec = "10s"; - }; - - programs = { - xwayland.enable = true; - - appimage = { - enable = true; - binfmt = true; + # prevent stuck units from preventing shutdown (default is 120s) + settings.Manager.DefaultTimeoutStopSec = "10s"; }; - }; - system.autoUpgrade = { - allowReboot = false; - operation = "boot"; + programs = { + xwayland.enable = true; + + appimage = { + enable = true; + binfmt = true; + }; + }; + + system.autoUpgrade = { + allowReboot = false; + operation = "boot"; + }; }; } diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix index 27e790b..3203524 100644 --- a/nixosModules/muede-desktop-settings.nix +++ b/nixosModules/muede-desktop-settings.nix @@ -1,21 +1,30 @@ -{ pkgs, ... }: { - programs.firefox.enable = true; + lib, + config, + pkgs, + ... +}: +{ + options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; - environment.systemPackages = with pkgs; [ - lm_sensors - libreoffice-qt6 - usbutils - ]; + config = lib.mkIf config.my.muedeDesktopSettings.enable { + programs.firefox.enable = true; - fonts.enableDefaultPackages = true; + environment.systemPackages = with pkgs; [ + lm_sensors + libreoffice-qt6 + usbutils + ]; - hardware.logitech.wireless = { - enable = true; - enableGraphical = true; + fonts.enableDefaultPackages = true; + + hardware.logitech.wireless = { + enable = true; + enableGraphical = true; + }; + + # RDP connections + services.gnome.gnome-remote-desktop.enable = true; + networking.firewall.allowedTCPPorts = [ 3389 ]; }; - - # RDP connections - services.gnome.gnome-remote-desktop.enable = true; - networking.firewall.allowedTCPPorts = [ 3389 ]; } diff --git a/nixosModules/nix-ld.nix b/nixosModules/nix-ld.nix index 0d09078..ac7ae7b 100644 --- a/nixosModules/nix-ld.nix +++ b/nixosModules/nix-ld.nix @@ -1,23 +1,32 @@ -{ pkgs, ... }: { - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc - zlib - zstd - curl - openssl - attr - libssh - bzip2 - libxml2 - acl - libsodium - util-linux - xz - systemd - icu - ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries"; + + config = lib.mkIf config.my.nixLd.enable { + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + stdenv.cc.cc + zlib + zstd + curl + openssl + attr + libssh + bzip2 + libxml2 + acl + libsodium + util-linux + xz + systemd + icu + ]; + }; }; } diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index 7ff8b18..bed46f8 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; + options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; + + config = lib.mkIf config.my.openssh.enable { + services.openssh = { + enable = true; + openFirewall = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; }; }; } diff --git a/nixosModules/podman.nix b/nixosModules/podman.nix index 93540f8..b962242 100644 --- a/nixosModules/podman.nix +++ b/nixosModules/podman.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; + options.my.podman.enable = lib.mkEnableOption "Podman container runtime"; + + config = lib.mkIf config.my.podman.enable { + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; }; }; } diff --git a/nixosModules/printing.nix b/nixosModules/printing.nix index c85edd7..48c41ae 100644 --- a/nixosModules/printing.nix +++ b/nixosModules/printing.nix @@ -1,12 +1,17 @@ +{ lib, config, ... }: { - services = { - # Enable CUPS to print documents. - printing.enable = true; + options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)"; - avahi = { - enable = true; # runs the Avahi daemon - nssmdns4 = true; # enables the mDNS NSS plug-in - openFirewall = true; # opens the firewall for UDP port 5353 + config = lib.mkIf config.my.printing.enable { + services = { + # Enable CUPS to print documents. + printing.enable = true; + + avahi = { + enable = true; # runs the Avahi daemon + nssmdns4 = true; # enables the mDNS NSS plug-in + openFirewall = true; # opens the firewall for UDP port 5353 + }; }; }; } diff --git a/nixosModules/prometheus-node.nix b/nixosModules/prometheus-node.nix index 576db81..f5e02fc 100644 --- a/nixosModules/prometheus-node.nix +++ b/nixosModules/prometheus-node.nix @@ -1,20 +1,25 @@ +{ lib, config, ... }: { - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - port = 9190; - enabledCollectors = [ - # keep-sorted start - "cgroups" - "interrupts" - "softirqs" - "swap" - "systemd" - "tcpstat" - "wifi" - # keep-sorted end - ]; + options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter"; + + config = lib.mkIf config.my.prometheusNode.enable { + services.prometheus.exporters = { + node = { + enable = true; + openFirewall = true; + port = 9190; + enabledCollectors = [ + # keep-sorted start + "cgroups" + "interrupts" + "softirqs" + "swap" + "systemd" + "tcpstat" + "wifi" + # keep-sorted end + ]; + }; }; }; } diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix index 067a0ec..4a66ff2 100644 --- a/nixosModules/pxvirt-guest.nix +++ b/nixosModules/pxvirt-guest.nix @@ -1,8 +1,16 @@ -{ modulesPath, lib, ... }: { + modulesPath, + lib, + config, + ... +}: +{ + # Import unconditionally — the module only defines options, activating nothing by default. imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; - config = { + options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration"; + + config = lib.mkIf config.my.pxvirtGuest.enable { # TODO is this needed? # nix.settings.sandbox = false; diff --git a/nixosModules/quiet-boot.nix b/nixosModules/quiet-boot.nix index d9b59c8..84bae5f 100644 --- a/nixosModules/quiet-boot.nix +++ b/nixosModules/quiet-boot.nix @@ -1,25 +1,34 @@ -{ pkgs, ... }: { - boot = { - kernelParams = [ - "quiet" - "udev.log_level=3" - "udev.log_priority=3" - "rd.systemd.show_status=auto" - ]; - consoleLogLevel = 0; - initrd = { - verbose = false; - systemd.enable = true; # required fpr graphical LUKS prompt - }; - plymouth = { - enable = true; - theme = "catppuccin-mocha"; - themePackages = [ - (pkgs.catppuccin-plymouth.override { - variant = "mocha"; - }) + lib, + config, + pkgs, + ... +}: +{ + options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash"; + + config = lib.mkIf config.my.quietBoot.enable { + boot = { + kernelParams = [ + "quiet" + "udev.log_level=3" + "udev.log_priority=3" + "rd.systemd.show_status=auto" ]; + consoleLogLevel = 0; + initrd = { + verbose = false; + systemd.enable = true; # required fpr graphical LUKS prompt + }; + plymouth = { + enable = true; + theme = "catppuccin-mocha"; + themePackages = [ + (pkgs.catppuccin-plymouth.override { + variant = "mocha"; + }) + ]; + }; }; }; } diff --git a/nixosModules/secure-boot.nix b/nixosModules/secure-boot.nix index 9bf2c93..948d1c4 100644 --- a/nixosModules/secure-boot.nix +++ b/nixosModules/secure-boot.nix @@ -1,28 +1,37 @@ -{ pkgs, lib, ... }: { - # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md - # To enroll: - # 1. sudo sbctl create-keys - # 2. import this module, rebuild - # 3. Put Secure Boot in Setup mode - # 4. sudo sbctl verify - # 5. sudo sbctl enroll-keys --microsoft - # 6, reboot - # 7. sudo sbctl status + lib, + config, + pkgs, + ... +}: +{ + options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote"; - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; + config = lib.mkIf config.my.secureBoot.enable { + # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md + # To enroll: + # 1. sudo sbctl create-keys + # 2. enable this module, rebuild + # 3. Put Secure Boot in Setup mode + # 4. sudo sbctl verify + # 5. sudo sbctl enroll-keys --microsoft + # 6, reboot + # 7. sudo sbctl status - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; }; } diff --git a/nixosModules/steam.nix b/nixosModules/steam.nix index b0991e6..78bbf71 100644 --- a/nixosModules/steam.nix +++ b/nixosModules/steam.nix @@ -1,45 +1,50 @@ +{ lib, config, ... }: { - hardware.steam-hardware.enable = true; + options.my.steam.enable = lib.mkEnableOption "Steam gaming platform"; - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - gamescopeSession.enable = false; + config = lib.mkIf config.my.steam.enable { + hardware.steam-hardware.enable = true; + + programs = { + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + gamescopeSession.enable = false; + }; + gamemode.enable = true; }; - gamemode.enable = true; - }; - # steam network transfer - networking.firewall = { - allowedUDPPorts = [ 3478 ]; - allowedTCPPorts = [ 24070 ]; + # steam network transfer + networking.firewall = { + allowedUDPPorts = [ 3478 ]; + allowedTCPPorts = [ 24070 ]; - allowedTCPPortRanges = [ - { - from = 27015; - to = 27050; - } - ]; + allowedTCPPortRanges = [ + { + from = 27015; + to = 27050; + } + ]; - allowedUDPPortRanges = [ - { - from = 4379; - to = 4380; - } - { - from = 27000; - to = 27100; - } + allowedUDPPortRanges = [ + { + from = 4379; + to = 4380; + } + { + from = 27000; + to = 27100; + } + ]; + }; + + allowedUnfreePackages = [ + "steam" + "steam-original" + "steam-run" + "steam-unwrapped" ]; }; - - allowedUnfreePackages = [ - "steam" - "steam-original" - "steam-run" - "steam-unwrapped" - ]; } diff --git a/nixosModules/stylix.nix b/nixosModules/stylix.nix index 33ab6ee..4b30dc7 100644 --- a/nixosModules/stylix.nix +++ b/nixosModules/stylix.nix @@ -1,86 +1,95 @@ -{ pkgs, config, ... }: { - stylix = { - enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - override = { - scheme = "Catppuccin Mocha Pride"; + lib, + config, + pkgs, + ... +}: +{ + options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)"; - base09 = "#6f9dff"; - base0A = "#d162a4"; - base0B = "#a8c9ff"; - base0C = "#a30262"; - - # pink_light = "#d162a4"; - # pink_dark = "#a30262"; - # blue_light = "#5BCEFA"; - # blue_dark = "#4a6bb1"; - - # original values - # base00: "#1e1e2e" # base - - # base01: "#181825" # mantle - # base02: "#313244" # surface0 - # base03: "#45475a" # surface1 - # base04: "#585b70" # surface2 - # base05: "#cdd6f4" # text - # base06: "#f5e0dc" # rosewater - # base07: "#b4befe" # lavender - # base08: "#f38ba8" # red - # base09: "#fab387" # peach - # base0A: "#f9e2af" # yellow - # base0B: "#a6e3a1" # green - # base0C: "#94e2d5" # teal - # base0D: "#89b4fa" # blue - # base0E: "#cba6f7" # mauve - # base0F: "#f2cdcd" # flamingo - - # https://github.com/chriskempson/base16/blob/main/styling.md - # base00 - Default Background - # base01 - Lighter Background (Used for status bars, line number and folding marks) - # base02 - Selection Background - # base03 - Comments, Invisibles, Line Highlighting - # base04 - Dark Foreground (Used for status bars) - # base05 - Default Foreground, Caret, Delimiters, Operators - # base06 - Light Foreground (Not often used) - # base07 - Light Background (Not often used) - # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted - # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url - # base0A - Classes, Markup Bold, Search Text Background - # base0B - Strings, Inherited Class, Markup Code, Diff Inserted - # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes - # base0D - Functions, Methods, Attribute IDs, Headings - # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed - # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. - }; - image = config.lib.stylix.pixel "base00"; - polarity = "dark"; - targets = { - gnome.enable = false; - gtk.enable = false; - gtksourceview.enable = false; - fontconfig.enable = true; - plymouth.enable = false; - }; - fonts = { - sansSerif = { - name = "Inter Nerd Font"; - package = pkgs.inter-nerdfont; - }; - monospace = { - name = "FiraCode Nerd Font Mono"; - package = pkgs.nerd-fonts.fira-code; - }; - }; - icons = { + config = lib.mkIf config.my.stylix.enable { + stylix = { enable = true; - dark = "Adwaita"; - light = "Adwaita"; - package = pkgs.adwaita-icon-theme; - }; - cursor = { - name = "Adwaita"; - size = 16; - package = pkgs.adwaita-icon-theme; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + override = { + scheme = "Catppuccin Mocha Pride"; + + base09 = "#6f9dff"; + base0A = "#d162a4"; + base0B = "#a8c9ff"; + base0C = "#a30262"; + + # pink_light = "#d162a4"; + # pink_dark = "#a30262"; + # blue_light = "#5BCEFA"; + # blue_dark = "#4a6bb1"; + + # original values + # base00: "#1e1e2e" # base - + # base01: "#181825" # mantle + # base02: "#313244" # surface0 + # base03: "#45475a" # surface1 + # base04: "#585b70" # surface2 + # base05: "#cdd6f4" # text + # base06: "#f5e0dc" # rosewater + # base07: "#b4befe" # lavender + # base08: "#f38ba8" # red + # base09: "#fab387" # peach + # base0A: "#f9e2af" # yellow + # base0B: "#a6e3a1" # green + # base0C: "#94e2d5" # teal + # base0D: "#89b4fa" # blue + # base0E: "#cba6f7" # mauve + # base0F: "#f2cdcd" # flamingo + + # https://github.com/chriskempson/base16/blob/main/styling.md + # base00 - Default Background + # base01 - Lighter Background (Used for status bars, line number and folding marks) + # base02 - Selection Background + # base03 - Comments, Invisibles, Line Highlighting + # base04 - Dark Foreground (Used for status bars) + # base05 - Default Foreground, Caret, Delimiters, Operators + # base06 - Light Foreground (Not often used) + # base07 - Light Background (Not often used) + # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted + # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url + # base0A - Classes, Markup Bold, Search Text Background + # base0B - Strings, Inherited Class, Markup Code, Diff Inserted + # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes + # base0D - Functions, Methods, Attribute IDs, Headings + # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed + # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. + }; + image = config.lib.stylix.pixel "base00"; + polarity = "dark"; + targets = { + gnome.enable = false; + gtk.enable = false; + gtksourceview.enable = false; + fontconfig.enable = true; + plymouth.enable = false; + }; + fonts = { + sansSerif = { + name = "Inter Nerd Font"; + package = pkgs.inter-nerdfont; + }; + monospace = { + name = "FiraCode Nerd Font Mono"; + package = pkgs.nerd-fonts.fira-code; + }; + }; + icons = { + enable = true; + dark = "Adwaita"; + light = "Adwaita"; + package = pkgs.adwaita-icon-theme; + }; + cursor = { + name = "Adwaita"; + size = 16; + package = pkgs.adwaita-icon-theme; + }; }; }; } diff --git a/nixosModules/systemd-boot.nix b/nixosModules/systemd-boot.nix index 321a26c..e44f9dc 100644 --- a/nixosModules/systemd-boot.nix +++ b/nixosModules/systemd-boot.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - boot.loader = { - timeout = 3; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; # do not allow changing kernel parameters - consoleMode = "max"; + options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader"; + + config = lib.mkIf config.my.systemdBoot.enable { + boot.loader = { + timeout = 3; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; # do not allow changing kernel parameters + consoleMode = "max"; + }; }; }; } diff --git a/nixosModules/tailscale.nix b/nixosModules/tailscale.nix index e51ee7f..55295f9 100644 --- a/nixosModules/tailscale.nix +++ b/nixosModules/tailscale.nix @@ -1,8 +1,13 @@ +{ lib, config, ... }: { - services.tailscale = { - enable = true; - openFirewall = true; - }; + options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN"; - networking.firewall.checkReversePath = "loose"; + config = lib.mkIf config.my.tailscale.enable { + services.tailscale = { + enable = true; + openFirewall = true; + }; + + networking.firewall.checkReversePath = "loose"; + }; } diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix index 498c5a8..20f9cdb 100644 --- a/nixosModules/user-muede.nix +++ b/nixosModules/user-muede.nix @@ -1,37 +1,46 @@ -{ pkgs, ... }: { - users.users.muede = { - isNormalUser = true; - uid = 1000; - name = "muede"; - description = "müde"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "dialout" - "podman" - "nginx" - "adbusers" - "kvm" - "input" - "video" + lib, + config, + pkgs, + ... +}: +{ + options.my.users.muede.enable = lib.mkEnableOption "muede user account"; + + config = lib.mkIf config.my.users.muede.enable { + users.users.muede = { + isNormalUser = true; + uid = 1000; + name = "muede"; + description = "müde"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "dialout" + "podman" + "nginx" + "adbusers" + "kvm" + "input" + "video" + ]; + shell = pkgs.zsh; + autoSubUidGidRange = true; + }; + + nix.settings.trusted-users = [ "muede" ]; + + allowedUnfreePackages = [ + "rider" + "pycharm-professional" + "jetbrains-toolbox" + + "anydesk" + + "vscode-extension-ms-dotnettools-csharp" + + "claude-code" ]; - shell = pkgs.zsh; - autoSubUidGidRange = true; }; - - nix.settings.trusted-users = [ "muede" ]; - - allowedUnfreePackages = [ - "rider" - "pycharm-professional" - "jetbrains-toolbox" - - "anydesk" - - "vscode-extension-ms-dotnettools-csharp" - - "claude-code" - ]; } diff --git a/nixosModules/user-ronja.nix b/nixosModules/user-ronja.nix index b374ab9..46319eb 100644 --- a/nixosModules/user-ronja.nix +++ b/nixosModules/user-ronja.nix @@ -1,19 +1,28 @@ -{ pkgs, ... }: { - users.users.ronja = { - isNormalUser = true; - name = "ronja"; - description = "Ronja"; - home = "/home/ronja"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "podman" - "openvscode-server" - ]; - shell = pkgs.zsh; - }; + lib, + config, + pkgs, + ... +}: +{ + options.my.users.ronja.enable = lib.mkEnableOption "ronja user account"; - nix.settings.trusted-users = [ "ronja" ]; + config = lib.mkIf config.my.users.ronja.enable { + users.users.ronja = { + isNormalUser = true; + name = "ronja"; + description = "Ronja"; + home = "/home/ronja"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "podman" + "openvscode-server" + ]; + shell = pkgs.zsh; + }; + + nix.settings.trusted-users = [ "ronja" ]; + }; } diff --git a/nixosModules/wine-gaming.nix b/nixosModules/wine-gaming.nix index 8411114..58b0099 100644 --- a/nixosModules/wine-gaming.nix +++ b/nixosModules/wine-gaming.nix @@ -1,22 +1,31 @@ -{ pkgs, ... }: { - hardware = { - graphics = { - enable32Bit = true; - extraPackages = with pkgs; [ mangohud ]; - extraPackages32 = with pkgs; [ mangohud ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)"; + + config = lib.mkIf config.my.wineGaming.enable { + hardware = { + graphics = { + enable32Bit = true; + extraPackages = with pkgs; [ mangohud ]; + extraPackages32 = with pkgs; [ mangohud ]; + }; + + xpadneo.enable = true; }; - xpadneo.enable = true; + environment.systemPackages = with pkgs; [ + wineWowPackages.stagingFull + wineWowPackages.fonts + winetricks + dxvk + mangohud + vulkan-tools + mesa-demos + ]; }; - - environment.systemPackages = with pkgs; [ - wineWowPackages.stagingFull - wineWowPackages.fonts - winetricks - dxvk - mangohud - vulkan-tools - mesa-demos - ]; } From 281d763c6261535863e287cb01b348af56678433 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 23:06:26 +0200 Subject: [PATCH 53/80] refactor: automatic options for overlays, fix build --- flake.nix | 52 +++++++++---------- nixosConfigurations/aur0ra/hardware.nix | 8 ++- .../damocles/claude-container.nix | 3 +- nixosConfigurations/epimetheus/default.nix | 9 +++- nixosModules/default.nix | 1 + nixosModules/nixpkgs-overlays.nix | 33 ++++++++++++ nixosModules/pxvirt-guest.nix | 12 ----- 7 files changed, 72 insertions(+), 46 deletions(-) create mode 100644 nixosModules/nixpkgs-overlays.nix diff --git a/flake.nix b/flake.nix index 8cacd37..f76fe57 100644 --- a/flake.nix +++ b/flake.nix @@ -146,12 +146,13 @@ in { overlays = { - unstable-packages = final: prev: { + unstable = final: prev: { unstable = import nixpkgs-unstable { localSystem = prev.stdenv.hostPlatform; inherit (prev) config; }; }; + vscodeExtensions = nix-vscode-extensions.overlays.default; }; nixosModules = (importModuleDir ./nixosModules) // { @@ -170,12 +171,6 @@ }; }; }; - pkgs-unstable = { - nixpkgs.overlays = [ self.overlays.unstable-packages ]; - }; - pkgs-vscode-extensions = { - nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ]; - }; }; homeModules = importModuleDir ./homeModules; @@ -208,7 +203,6 @@ lanzaboote.nixosModules.lanzaboote nova-shell.nixosModules.default self.nixosModules.niri - self.nixosModules.pkgs-vscode-extensions servicepoint-cli.nixosModules.default servicepoint-simulator.nixosModules.default servicepoint-tanks.nixosModules.default @@ -233,15 +227,19 @@ doc.enable = false; }; - my.autoupdate.enable = true; - my.distributedBuilds.enable = true; - my.extraCaches.enable = true; - my.globalinstalls.enable = true; - my.lixIsNix.enable = true; - my.openssh.enable = true; - my.prometheusNode.enable = true; - my.systemdBoot.enable = true; - my.tailscale.enable = true; + my = { + autoupdate.enable = true; + distributedBuilds.enable = true; + overlays.unstable.enable = true; + overlays.vscodeExtensions.enable = true; + extraCaches.enable = true; + globalinstalls.enable = true; + lixIsNix.enable = true; + openssh.enable = true; + prometheusNode.enable = true; + systemdBoot.enable = true; + tailscale.enable = true; + }; } ] ++ lib.optionals (home-manager-users != { }) [ @@ -272,15 +270,17 @@ daemonIOSchedClass = "idle"; }; - my.enDe.enable = true; - my.firmwareUpdates.enable = true; - my.gnome.enable = true; - my.kdeconnect.enable = true; - my.modernDesktop.enable = true; - my.niri.enable = true; - my.nixLd.enable = true; - my.quietBoot.enable = true; - my.stylix.enable = true; + my = { + enDe.enable = true; + firmwareUpdates.enable = true; + gnome.enable = true; + kdeconnect.enable = true; + modernDesktop.enable = true; + niri.enable = true; + nixLd.enable = true; + quietBoot.enable = true; + stylix.enable = true; + }; } ]; } diff --git a/nixosConfigurations/aur0ra/hardware.nix b/nixosConfigurations/aur0ra/hardware.nix index 8014f41..8642f79 100644 --- a/nixosConfigurations/aur0ra/hardware.nix +++ b/nixosConfigurations/aur0ra/hardware.nix @@ -10,11 +10,9 @@ # No one got time for xz compression. #isoImage.squashfsCompression = "zstd"; - boot.loader = { - raspberry-pi.bootloader = "kernel"; - systemd-boot.enable = lib.mkForce false; - #generic-extlinux-compatible.enable = lib.mkForce false; - }; + boot.loader.raspberry-pi.bootloader = "kernel"; + + my.systemdBoot.enable = lib.mkForce false; /* fileSystems = { diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index 17d599f..c568243 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -1,12 +1,11 @@ { pkgs, - self, lib, ... }: { - nixpkgs.overlays = [ self.overlays.unstable-packages ]; + my.overlays.unstable.enable = true; allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix index bff9b14..19b6219 100644 --- a/nixosConfigurations/epimetheus/default.nix +++ b/nixosConfigurations/epimetheus/default.nix @@ -1,6 +1,13 @@ -{ ... }: +{ modulesPath, ... }: { + imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + config = { my.pxvirtGuest.enable = true; + + proxmoxLXC = { + manageNetwork = false; + privileged = false; + }; }; } diff --git a/nixosModules/default.nix b/nixosModules/default.nix index 621cca7..46dbbd7 100644 --- a/nixosModules/default.nix +++ b/nixosModules/default.nix @@ -18,6 +18,7 @@ ./modern-desktop.nix ./muede-desktop-settings.nix ./nix-ld.nix + ./nixpkgs-overlays.nix ./openssh.nix ./podman.nix ./printing.nix diff --git a/nixosModules/nixpkgs-overlays.nix b/nixosModules/nixpkgs-overlays.nix new file mode 100644 index 0000000..7a657b1 --- /dev/null +++ b/nixosModules/nixpkgs-overlays.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + self, + ... +}: +{ + options.my.overlays = { + enableAll = lib.mkEnableOption "all nixpkgs overlays"; + } + // lib.mapAttrs (_: _: { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }) self.overlays; + + config = lib.mkMerge ( + [ + { + my.overlays = lib.mapAttrs (_: _: { + enable = lib.mkDefault config.my.overlays.enableAll; + }) self.overlays; + } + ] + ++ lib.mapAttrsToList ( + name: overlay: + lib.mkIf config.my.overlays.${name}.enable { + nixpkgs.overlays = [ overlay ]; + } + ) self.overlays + ); +} diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix index 4a66ff2..a70266a 100644 --- a/nixosModules/pxvirt-guest.nix +++ b/nixosModules/pxvirt-guest.nix @@ -1,24 +1,12 @@ { - modulesPath, lib, config, ... }: { - # Import unconditionally — the module only defines options, activating nothing by default. - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; - options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration"; config = lib.mkIf config.my.pxvirtGuest.enable { - # TODO is this needed? - # nix.settings.sandbox = false; - - proxmoxLXC = { - manageNetwork = false; - privileged = false; - }; - # Let Proxmox host handle fstrim services.fstrim.enable = false; From a7cc61a624577422a7cfd1ff47296ae4d6c8a8c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 23:15:02 +0200 Subject: [PATCH 54/80] refactor: move niri enable to desktop settings --- flake.nix | 23 +++-------------------- nixosModules/muede-desktop-settings.nix | 6 ++++++ 2 files changed, 9 insertions(+), 20 deletions(-) diff --git a/flake.nix b/flake.nix index f76fe57..3b58cc3 100644 --- a/flake.nix +++ b/flake.nix @@ -153,25 +153,10 @@ }; }; vscodeExtensions = nix-vscode-extensions.overlays.default; + niri = niri.overlays.niri; }; - nixosModules = (importModuleDir ./nixosModules) // { - niri = - { lib, config, ... }: - { - imports = [ niri.nixosModules.niri ]; - - options.my.niri.enable = lib.mkEnableOption "niri wayland compositor"; - - config = lib.mkIf config.my.niri.enable { - nixpkgs.overlays = [ niri.overlays.niri ]; - programs.niri = { - enable = true; - #package = pkgs.niri-stable; - }; - }; - }; - }; + nixosModules = importModuleDir ./nixosModules; homeModules = importModuleDir ./homeModules; homeConfigurations = { @@ -202,7 +187,6 @@ home-manager.nixosModules.home-manager lanzaboote.nixosModules.lanzaboote nova-shell.nixosModules.default - self.nixosModules.niri servicepoint-cli.nixosModules.default servicepoint-simulator.nixosModules.default servicepoint-tanks.nixosModules.default @@ -236,7 +220,7 @@ globalinstalls.enable = true; lixIsNix.enable = true; openssh.enable = true; - prometheusNode.enable = true; + # prometheusNode.enable = true; systemdBoot.enable = true; tailscale.enable = true; }; @@ -276,7 +260,6 @@ gnome.enable = true; kdeconnect.enable = true; modernDesktop.enable = true; - niri.enable = true; nixLd.enable = true; quietBoot.enable = true; stylix.enable = true; diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix index 3203524..8f25f62 100644 --- a/nixosModules/muede-desktop-settings.nix +++ b/nixosModules/muede-desktop-settings.nix @@ -2,12 +2,18 @@ lib, config, pkgs, + niri, ... }: { + imports = [ niri.nixosModules.niri ]; + options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; config = lib.mkIf config.my.muedeDesktopSettings.enable { + my.overlays.niri.enable = true; + programs.niri.enable = true; + programs.firefox.enable = true; environment.systemPackages = with pkgs; [ From ec5b785a8a2e9734121d0f3903f6b9922bfbbeb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 23:20:46 +0200 Subject: [PATCH 55/80] refactor: move out nixosConfigurations --- flake.nix | 110 +---------------------------------- nixosConfigurations.nix | 123 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+), 107 deletions(-) create mode 100644 nixosConfigurations.nix diff --git a/flake.nix b/flake.nix index 3b58cc3..f692eff 100644 --- a/flake.nix +++ b/flake.nix @@ -114,10 +114,9 @@ ... }: let - devices = import ./devices.nix { inherit self; }; inherit (nixpkgs) lib; - forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; - supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices; + nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; }; + supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations); treefmt-config = { projectRootFile = "flake.nix"; programs = { @@ -164,110 +163,7 @@ ronja = ./homeConfigurations/ronja; }; - nixosConfigurations = forDevice ( - { - device, - system, - home-manager-users ? { }, - nixosSystem ? nixpkgs.lib.nixosSystem, - ... - }: - let - specialArgs = inputs // { - inherit device home-manager-users devices; - }; - in - nixosSystem { - inherit specialArgs; - modules = [ - ./nixosConfigurations/${device} - self.nixosModules.default - - # keep-sorted start - home-manager.nixosModules.home-manager - lanzaboote.nixosModules.lanzaboote - nova-shell.nixosModules.default - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - stylix.nixosModules.stylix - zerforschen-plus.nixosModules.default - # keep-sorted end - - # Base config (replaces global-settings.nix) - { - nixpkgs.hostPlatform = lib.mkDefault system; - networking.hostName = device; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - documentation = { - info.enable = false; - doc.enable = false; - }; - - my = { - autoupdate.enable = true; - distributedBuilds.enable = true; - overlays.unstable.enable = true; - overlays.vscodeExtensions.enable = true; - extraCaches.enable = true; - globalinstalls.enable = true; - lixIsNix.enable = true; - openssh.enable = true; - # prometheusNode.enable = true; - systemdBoot.enable = true; - tailscale.enable = true; - }; - } - ] - ++ lib.optionals (home-manager-users != { }) [ - # Desktop config (replaces global-settings-desktop.nix) - { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - users = home-manager-users; - sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.git - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - # keep-sorted end - ]; - }; - - time.timeZone = "Europe/Berlin"; - - # on desktops, keep the device useable interactively during expensive builds - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - }; - - my = { - enDe.enable = true; - firmwareUpdates.enable = true; - gnome.enable = true; - kdeconnect.enable = true; - modernDesktop.enable = true; - nixLd.enable = true; - quietBoot.enable = true; - stylix.enable = true; - }; - } - ]; - } - ); + inherit nixosConfigurations; formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper); diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix new file mode 100644 index 0000000..9874985 --- /dev/null +++ b/nixosConfigurations.nix @@ -0,0 +1,123 @@ +{ + inputs, + lib, +}: +let + devices = import ./devices.nix { inherit (inputs) self; }; + inherit (inputs) + self + home-manager + lanzaboote + nova-shell + servicepoint-cli + servicepoint-simulator + servicepoint-tanks + stylix + zerforschen-plus + ; + forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; +in +forDevice ( + { + device, + system, + home-manager-users ? { }, + nixosSystem ? inputs.nixpkgs.lib.nixosSystem, + ... + }: + let + specialArgs = inputs // { + inherit device home-manager-users devices; + }; + in + nixosSystem { + inherit specialArgs; + modules = [ + ./nixosConfigurations/${device} + self.nixosModules.default + + # keep-sorted start + home-manager.nixosModules.home-manager + lanzaboote.nixosModules.lanzaboote + nova-shell.nixosModules.default + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + stylix.nixosModules.stylix + zerforschen-plus.nixosModules.default + # keep-sorted end + + # Base config + { + nixpkgs.hostPlatform = lib.mkDefault system; + networking.hostName = device; + system = { + stateVersion = "22.11"; + autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; + }; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + documentation = { + info.enable = false; + doc.enable = false; + }; + + my = { + autoupdate.enable = true; + distributedBuilds.enable = true; + overlays.unstable.enable = true; + overlays.vscodeExtensions.enable = true; + extraCaches.enable = true; + globalinstalls.enable = true; + lixIsNix.enable = true; + openssh.enable = true; + # prometheusNode.enable = true; + systemdBoot.enable = true; + tailscale.enable = true; + }; + } + ] + ++ lib.optionals (home-manager-users != { }) [ + # Desktop config + { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + users = home-manager-users; + sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; + }; + + time.timeZone = "Europe/Berlin"; + + # on desktops, keep the device useable interactively during expensive builds + nix = { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + }; + + my = { + enDe.enable = true; + firmwareUpdates.enable = true; + gnome.enable = true; + kdeconnect.enable = true; + modernDesktop.enable = true; + nixLd.enable = true; + quietBoot.enable = true; + stylix.enable = true; + }; + } + ]; + } +) From 29ab335879b87a76e13dff527a862dc6fe430546 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 23:31:14 +0200 Subject: [PATCH 56/80] deadnix fixes --- flake.nix | 9 --------- homeConfigurations/muede/default.nix | 2 +- nixosModules/lix-is-nix.nix | 2 +- 3 files changed, 2 insertions(+), 11 deletions(-) diff --git a/flake.nix b/flake.nix index f692eff..01c4906 100644 --- a/flake.nix +++ b/flake.nix @@ -96,20 +96,11 @@ inputs@{ self, nixpkgs, - home-manager, # keep-sorted start - lanzaboote, niri, nix-vscode-extensions, - nixos-generators, nixpkgs-unstable, - nova-shell, - servicepoint-cli, - servicepoint-simulator, - servicepoint-tanks, - stylix, treefmt-nix, - zerforschen-plus, # keep-sorted end ... }: diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 767b40e..185476d 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -1,4 +1,4 @@ -{ pkgs, self, ... }: +{ pkgs, ... }: { imports = [ # keep-sorted start diff --git a/nixosModules/lix-is-nix.nix b/nixosModules/lix-is-nix.nix index 04eaf42..2bb071e 100644 --- a/nixosModules/lix-is-nix.nix +++ b/nixosModules/lix-is-nix.nix @@ -9,7 +9,7 @@ config = lib.mkIf config.my.lixIsNix.enable { nixpkgs.overlays = [ - (final: prev: { + (_: prev: { inherit (prev.lixPackageSets.stable) nixpkgs-review nix-eval-jobs From c2aa932494fbab644471b96089b88bcc3113b5df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 23:43:24 +0200 Subject: [PATCH 57/80] move git to own mod --- homeModules/git.nix | 6 ------ nixosConfigurations.nix | 10 +++++++--- nixosModules/default.nix | 1 + nixosModules/git.nix | 24 ++++++++++++++++++++++++ nixosModules/globalinstalls.nix | 8 -------- 5 files changed, 32 insertions(+), 17 deletions(-) delete mode 100644 homeModules/git.nix create mode 100644 nixosModules/git.nix diff --git a/homeModules/git.nix b/homeModules/git.nix deleted file mode 100644 index 2c66c82..0000000 --- a/homeModules/git.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - programs.git = { - enable = true; - settings.init.defaultBranch = "main"; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 9874985..9fb2cf2 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -65,17 +65,20 @@ forDevice ( }; my = { + # keep-sorted start autoupdate.enable = true; distributedBuilds.enable = true; - overlays.unstable.enable = true; - overlays.vscodeExtensions.enable = true; extraCaches.enable = true; + git.enable = true; globalinstalls.enable = true; lixIsNix.enable = true; openssh.enable = true; + overlays.unstable.enable = true; + overlays.vscodeExtensions.enable = true; # prometheusNode.enable = true; systemdBoot.enable = true; tailscale.enable = true; + # keep-sorted end }; } ] @@ -90,7 +93,6 @@ forDevice ( sharedModules = [ { home.stateVersion = "22.11"; } # keep-sorted start - self.homeModules.git self.homeModules.gnome-extensions self.homeModules.nano self.homeModules.templates @@ -108,6 +110,7 @@ forDevice ( }; my = { + # keep-sorted start enDe.enable = true; firmwareUpdates.enable = true; gnome.enable = true; @@ -116,6 +119,7 @@ forDevice ( nixLd.enable = true; quietBoot.enable = true; stylix.enable = true; + # keep-sorted end }; } ]; diff --git a/nixosModules/default.nix b/nixosModules/default.nix index 46dbbd7..2808b2a 100644 --- a/nixosModules/default.nix +++ b/nixosModules/default.nix @@ -9,6 +9,7 @@ ./en-de.nix ./extra-caches.nix ./firmware-updates.nix + ./git.nix ./globalinstalls.nix ./gnome.nix ./intel-graphics.nix diff --git a/nixosModules/git.nix b/nixosModules/git.nix new file mode 100644 index 0000000..ffe5c78 --- /dev/null +++ b/nixosModules/git.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + options.my.git.enable = lib.mkEnableOption "git with credential helper"; + + config = lib.mkIf config.my.git.enable { + environment.systemPackages = [ pkgs.git-credential-oauth ]; + + programs.git = { + enable = true; + config = { + init.defaultBranch = "main"; + credential = { + helper = "oauth"; + credentialStore = "cache"; + }; + }; + }; + }; +} diff --git a/nixosModules/globalinstalls.nix b/nixosModules/globalinstalls.nix index 56061ee..6c914c7 100644 --- a/nixosModules/globalinstalls.nix +++ b/nixosModules/globalinstalls.nix @@ -16,24 +16,16 @@ screen tldr nix-output-monitor - git-credential-oauth ]; programs = { zsh.enable = true; htop.enable = true; iotop.enable = true; - git.enable = true; nano = { enable = true; syntaxHighlight = true; }; }; - - environment.etc."gitconfig".text = '' - [credential] - helper = oauth - credentialStore = cache - ''; }; } From cfa42f11b59d64fd3682b89a5bff57ae3cd926a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 1 May 2026 23:50:28 +0200 Subject: [PATCH 58/80] pc2: fix cannot build aarch64 --- nixosConfigurations/muede-pc2/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index 5a90eea..4686ffb 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -15,6 +15,7 @@ my.amdGraphics.enable = true; my.secureBoot.enable = true; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" From 396e8121d03be47a940c0456ac36bbb55412cd62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 2 May 2026 00:03:09 +0200 Subject: [PATCH 59/80] distributed builds: use builders as binary caches --- README.md | 36 +++++++++++++++++++++++++++++ devices.nix | 2 ++ nixosModules/distributed-builds.nix | 34 +++++++++++++-------------- 3 files changed, 54 insertions(+), 18 deletions(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..f97d4b5 --- /dev/null +++ b/README.md @@ -0,0 +1,36 @@ +# nixos-configuration + +Personal NixOS configuration for all machines. Devices are declared in `devices.nix`, per-device configs live in `nixosConfigurations//`, and shared modules in `nixosModules/`. + +## Distributed builds + +Machines are configured to act as build servers / binary caches for each other in devices.nix. + +### Onboarding a device as a build client + +1. Generate a key pair on the device: + ``` + sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" + ``` +2. Add the public key to the device entry in `devices.nix`: + ```nix + distributedBuilds.clientPublicKey = "ssh-ed25519 AAAA... -nix-builds"; + ``` +3. Rebuild all build machines so they pick up the new authorized key. + +### Adding a build server + +1. Add to its entry in `devices.nix`: + ```nix + distributedBuilds.isBuilder = true; + distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 + ``` +2. Generate a store signing key on the builder: + ``` + sudo nix key generate-secret --key-name "$(hostname)" | sudo tee /etc/nix/signing-key.sec | sudo nix key convert-secret-to-public + ``` +3. Add the printed public key to `devices.nix`: + ```nix + distributedBuilds.storeSigningPublicKey = ":"; + ``` +4. Rebuild all machines so they trust the new signing key. diff --git a/devices.nix b/devices.nix index a8e427a..c17d02e 100644 --- a/devices.nix +++ b/devices.nix @@ -39,6 +39,7 @@ in isBuilder = true; hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7"; clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; + storeSigningPublicKey = "muede-lpt2:3csut7FW6oZK/ztRLBRC80LSBfFE3qzl+aIYgOixB6U="; }; }; muede-pc2 = { @@ -51,6 +52,7 @@ in speedFactor = 2; hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH"; clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; + storeSigningPublicKey = "muede-pc2:fqQO0E0y65MjUWlQnrgWt5ZsmQKlKCv4jls3CmUXDEQ="; }; }; ronja-pc = { diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 94ec25c..32a8f34 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -14,24 +14,6 @@ let (lib.mapAttrsToList (_: v: v.distributedBuilds.clientPublicKey)) ]; - # === Onboarding a device as a build client === - # - # 1. Generate a key pair on the device: - # sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" - # (owned by root, mode 0600) - # - # 2. Add the public key to the device entry in flake.nix: - # distributedBuilds.clientPublicKey = "ssh-ed25519 AAAA... -nix-builds"; - # - # 3. Rebuild all machines so they pick up the new authorized key. - # - # === Marking a device as a build server === - # - # Add to its entry in flake.nix: - # distributedBuilds.isBuilder = true; - # distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 - # All machines automatically discover and use it after the next rebuild. - buildServerDevices = lib.filterAttrs ( _: v: (v.distributedBuilds or { }).isBuilder or false ) devices; @@ -92,6 +74,22 @@ in settings = { trusted-users = [ buildUser ]; builders-use-substitutes = true; + # Use build machines as binary caches so already-built paths are downloaded + # rather than rebuilt. Only machines with a storeSigningPublicKey are used. + substituters = lib.pipe buildServerDevices [ + (lib.filterAttrs (_: v: v.distributedBuilds ? storeSigningPublicKey)) + (lib.mapAttrsToList (hostName: _: "ssh-ng://${buildUser}@${hostName}")) + (lib.filter (s: s != "ssh-ng://${buildUser}@${config.networking.hostName}")) + ]; + trusted-public-keys = lib.pipe buildServerDevices [ + (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) + (builtins.filter (k: k != null)) + ]; + secret-key-files = + let + thisDevice = devices.${config.networking.hostName} or { }; + in + lib.optional (thisDevice.distributedBuilds.isBuilder or false) "/etc/nix/signing-key.sec"; max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; cores = 0; min-free = 10 * 1024 * 1024; From f035f1300ff8e6f57a25e8cb82680b1f1b989c3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 2 May 2026 01:18:51 +0200 Subject: [PATCH 60/80] auto-generate nixosModules.default --- flake.nix | 6 +++++- nixosModules/default.nix | 39 --------------------------------------- 2 files changed, 5 insertions(+), 40 deletions(-) delete mode 100644 nixosModules/default.nix diff --git a/flake.nix b/flake.nix index 01c4906..e95af0e 100644 --- a/flake.nix +++ b/flake.nix @@ -146,7 +146,11 @@ niri = niri.overlays.niri; }; - nixosModules = importModuleDir ./nixosModules; + nixosModules = (importModuleDir ./nixosModules) // { + default = { + imports = builtins.attrValues (builtins.removeAttrs self.nixosModules [ "default" ]); + }; + }; homeModules = importModuleDir ./homeModules; homeConfigurations = { diff --git a/nixosModules/default.nix b/nixosModules/default.nix deleted file mode 100644 index 2808b2a..0000000 --- a/nixosModules/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ ... }: -{ - imports = [ - # keep-sorted start - ./allowed-unfree-list.nix - ./amd-graphics.nix - ./autoupdate.nix - ./distributed-builds.nix - ./en-de.nix - ./extra-caches.nix - ./firmware-updates.nix - ./git.nix - ./globalinstalls.nix - ./gnome.nix - ./intel-graphics.nix - ./kdeconnect.nix - ./latex.nix - ./lix-is-nix.nix - ./modern-desktop.nix - ./muede-desktop-settings.nix - ./nix-ld.nix - ./nixpkgs-overlays.nix - ./openssh.nix - ./podman.nix - ./printing.nix - ./prometheus-node.nix - ./pxvirt-guest.nix - ./quiet-boot.nix - ./secure-boot.nix - ./steam.nix - ./stylix.nix - ./systemd-boot.nix - ./tailscale.nix - ./user-muede.nix - ./user-ronja.nix - ./wine-gaming.nix - # keep-sorted end - ]; -} From 736557bb8adedd081b57cb59506979a3b9868980 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 2 May 2026 02:01:30 +0200 Subject: [PATCH 61/80] distributed builds: cleanups, fixes --- nixosConfigurations.nix | 13 ++- nixosModules/distributed-builds.nix | 142 ++++++++++++++++------------ 2 files changed, 90 insertions(+), 65 deletions(-) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 9fb2cf2..29e78c3 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -3,7 +3,7 @@ lib, }: let - devices = import ./devices.nix { inherit (inputs) self; }; + allDevices = import ./devices.nix { inherit (inputs) self; }; inherit (inputs) self home-manager @@ -15,7 +15,7 @@ let stylix zerforschen-plus ; - forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; + forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) allDevices; in forDevice ( { @@ -24,10 +24,15 @@ forDevice ( home-manager-users ? { }, nixosSystem ? inputs.nixpkgs.lib.nixosSystem, ... - }: + }@thisDevice: let specialArgs = inputs // { - inherit device home-manager-users devices; + inherit + device + home-manager-users + allDevices + thisDevice + ; }; in nixosSystem { diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 32a8f34..1d0a55e 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -1,24 +1,27 @@ { config, lib, - devices, + allDevices, + thisDevice, ... }: let - sshKeyPath = "/etc/nix/distributed-build-key"; + clientSshKeyPath = "/etc/nix/distributed-build-key"; buildUser = "remotebuild"; # Collect all per-device public keys that have been registered. - authorizedPublicKeys = lib.pipe devices [ + allClientPublicKeys = lib.pipe allDevices [ (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey)) (lib.mapAttrsToList (_: v: v.distributedBuilds.clientPublicKey)) ]; + isClient = (thisDevice.distributedBuilds or { }) ? clientPublicKey; + buildServerDevices = lib.filterAttrs ( _: v: (v.distributedBuilds or { }).isBuilder or false - ) devices; + ) allDevices; - knownHosts = lib.pipe buildServerDevices [ + buildServerKnownHosts = lib.pipe buildServerDevices [ (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) (lib.mapAttrs ( _: v: { @@ -27,17 +30,21 @@ let )) ]; - buildMachineList = lib.mapAttrsToList ( - hostName: v: + remoteBuildServerDevices = builtins.filter ( + m: m.hostName != config.networking.hostName + ) (lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices); + + buildMachines = map ( + m: { - inherit hostName; - systems = [ v.system ]; + hostName = m.hostName; + systems = [ m.system ]; sshUser = buildUser; - sshKey = sshKeyPath; + sshKey = clientSshKeyPath; protocol = "ssh-ng"; } - // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { - speedFactor = v.distributedBuilds.speedFactor; + // lib.optionalAttrs (m.distributedBuilds ? speedFactor) { + speedFactor = m.distributedBuilds.speedFactor; } // { supportedFeatures = [ @@ -47,60 +54,73 @@ let "benchmark" ]; } - ) buildServerDevices; - - remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList; + ) remoteBuildServerDevices; in { options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds"; - config = lib.mkIf config.my.distributedBuilds.enable { - programs.ssh.knownHosts = knownHosts; + config = lib.mkIf config.my.distributedBuilds.enable ( + lib.mkMerge [ - # Dedicated user for receiving distributed build connections - users.users.${buildUser} = { - isSystemUser = true; - group = buildUser; - useDefaultShell = true; - openssh.authorizedKeys.keys = map ( - k: ''command="nix daemon --stdio",restrict ${k}'' - ) authorizedPublicKeys; - }; - users.groups.${buildUser} = { }; + # All machines + { + nix.settings = { + trusted-public-keys = lib.pipe buildServerDevices [ + (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) + (builtins.filter (k: k != null)) + ]; + max-jobs = (thisDevice.distributedBuilds or { }).maxJobs or "auto"; + cores = 0; + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + }; + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; + } - nix = { - distributedBuilds = remoteMachines != [ ]; - buildMachines = remoteMachines; - settings = { - trusted-users = [ buildUser ]; - builders-use-substitutes = true; - # Use build machines as binary caches so already-built paths are downloaded - # rather than rebuilt. Only machines with a storeSigningPublicKey are used. - substituters = lib.pipe buildServerDevices [ - (lib.filterAttrs (_: v: v.distributedBuilds ? storeSigningPublicKey)) - (lib.mapAttrsToList (hostName: _: "ssh-ng://${buildUser}@${hostName}")) - (lib.filter (s: s != "ssh-ng://${buildUser}@${config.networking.hostName}")) - ]; - trusted-public-keys = lib.pipe buildServerDevices [ - (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) - (builtins.filter (k: k != null)) - ]; - secret-key-files = - let - thisDevice = devices.${config.networking.hostName} or { }; - in - lib.optional (thisDevice.distributedBuilds.isBuilder or false) "/etc/nix/signing-key.sec"; - max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; - cores = 0; - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; - }; - }; + # Server: accept incoming build connections + (lib.mkIf (thisDevice.distributedBuilds.isBuilder or false) { + users.users.${buildUser} = { + isSystemUser = true; + group = buildUser; + useDefaultShell = true; + openssh.authorizedKeys.keys = map ( + k: ''command="nix daemon --stdio",restrict ${k}'' + ) allClientPublicKeys; + }; + users.groups.${buildUser} = { }; + nix.settings = { + trusted-users = [ buildUser ]; + secret-key-files = [ "/etc/nix/signing-key.sec" ]; + }; + }) - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; - }; + # Client: connect to build servers for building and substitution + (lib.mkIf isClient { + programs.ssh = { + knownHosts = buildServerKnownHosts; + extraConfig = '' + Host ${lib.concatStringsSep " " (lib.attrNames buildServerDevices)} + User ${buildUser} + IdentityFile ${clientSshKeyPath} + IdentitiesOnly yes + ''; + }; + nix = { + distributedBuilds = buildMachines != [ ]; + buildMachines = buildMachines; + settings = { + builders-use-substitutes = true; + substituters = map (m: "ssh-ng://${buildUser}@${m.hostName}") ( + builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices + ); + }; + }; + }) + + ] + ); } From cf98cb7880851e980567b1c245befd4e3daacc4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 2 May 2026 11:37:32 +0200 Subject: [PATCH 62/80] ditributed builds: add forgejo-runner-1 it may be a bad idea to have it act as a client, but only one way to find out --- README.md | 18 ++++++++++++++---- devices.nix | 6 ++++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f97d4b5..3ad5e88 100644 --- a/README.md +++ b/README.md @@ -9,28 +9,38 @@ Machines are configured to act as build servers / binary caches for each other i ### Onboarding a device as a build client 1. Generate a key pair on the device: + + ```sh + sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" && sudo cat /etc/nix/distributed-build-key.pub ``` - sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" - ``` + 2. Add the public key to the device entry in `devices.nix`: + ```nix distributedBuilds.clientPublicKey = "ssh-ed25519 AAAA... -nix-builds"; ``` + 3. Rebuild all build machines so they pick up the new authorized key. ### Adding a build server 1. Add to its entry in `devices.nix`: + ```nix distributedBuilds.isBuilder = true; - distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 + distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 "$(hostname)" ``` + 2. Generate a store signing key on the builder: - ``` + + ```sh sudo nix key generate-secret --key-name "$(hostname)" | sudo tee /etc/nix/signing-key.sec | sudo nix key convert-secret-to-public ``` + 3. Add the printed public key to `devices.nix`: + ```nix distributedBuilds.storeSigningPublicKey = ":"; ``` + 4. Rebuild all machines so they trust the new signing key. diff --git a/devices.nix b/devices.nix index c17d02e..ea3c6f6 100644 --- a/devices.nix +++ b/devices.nix @@ -26,6 +26,12 @@ in }; forgejo-runner-1 = { system = "aarch64-linux"; + distributedBuilds = { + isBuilder = true; + clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0NLgg0sFobBWz/bjYs9WkrMvlcvJC5F6+3jQ/b+AnD forgejo-runner-1-nix-builds"; + hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANGC89GiT5xCsFICwrharrbV3q7acWHqk6ZwOUXbtGT"; + storeSigningPublicKey = "forgejo-runner-1:ln1FVLL8G5+IveQuBi/Kn3SaqFZ1gaiQrE3yPlMhCMA="; + }; }; hetzner-vpn2 = { system = "aarch64-linux"; From ceeec5be416aad5b47154e622b262c394babccd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 2 May 2026 11:48:32 +0200 Subject: [PATCH 63/80] distributed builds: fix ssh only accepting build key --- nixosModules/distributed-builds.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 1d0a55e..7d5df6e 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -103,8 +103,7 @@ in programs.ssh = { knownHosts = buildServerKnownHosts; extraConfig = '' - Host ${lib.concatStringsSep " " (lib.attrNames buildServerDevices)} - User ${buildUser} + Match Host ${lib.concatStringsSep " " (lib.attrNames buildServerDevices)} User ${buildUser} IdentityFile ${clientSshKeyPath} IdentitiesOnly yes ''; From 704e14251f81e953e432f1e7e01e8a82feb576d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 13:45:51 +0200 Subject: [PATCH 64/80] rename options.muede to options.my --- homeModules/gnome-extensions.nix | 4 ++-- nixosModules/gnome.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/homeModules/gnome-extensions.nix b/homeModules/gnome-extensions.nix index 0e6ca16..071fa15 100644 --- a/homeModules/gnome-extensions.nix +++ b/homeModules/gnome-extensions.nix @@ -6,7 +6,7 @@ ... }: { - options.muede.gnome-extensions = + options.my.gnome-extensions = let mkDefaultEnabledOption = name: @@ -40,7 +40,7 @@ config = let - cfg = config.muede.gnome-extensions; + cfg = config.my.gnome-extensions; in lib.mkIf cfg.enable ( lib.mkMerge [ diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index b0bf406..8311373 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -7,7 +7,7 @@ { options = { my.gnome.enable = lib.mkEnableOption "GNOME desktop environment"; - muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; + my.gnome.keep-default-apps = lib.mkEnableOption "keep gnome default apps"; }; config = lib.mkIf config.my.gnome.enable ( @@ -39,7 +39,7 @@ gpaste.enable = true; }; } - (lib.mkIf (!config.muede.keep-gnome-default-apps) { + (lib.mkIf (!config.my.gnome.keep-default-apps) { environment.gnome.excludePackages = with pkgs; [ cheese # photo booth epiphany # web browser From e394a6e21e642666c4c8c0962bad09834efd02cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 13:46:30 +0200 Subject: [PATCH 65/80] distributed builds: fix ssh only accepting build key for real --- nixosModules/distributed-builds.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 7d5df6e..91341f5 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -102,11 +102,13 @@ in (lib.mkIf isClient { programs.ssh = { knownHosts = buildServerKnownHosts; - extraConfig = '' - Match Host ${lib.concatStringsSep " " (lib.attrNames buildServerDevices)} User ${buildUser} - IdentityFile ${clientSshKeyPath} - IdentitiesOnly yes - ''; + extraConfig = lib.concatStringsSep "\n" ( + lib.mapAttrsToList (name: _: '' + Match host ${name} user ${buildUser} + IdentityFile ${clientSshKeyPath} + IdentitiesOnly yes + '') buildServerDevices + ); }; nix = { distributedBuilds = buildMachines != [ ]; From 95eb2fa1cb95e4065f37888514414402a5adaa1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 13:53:11 +0200 Subject: [PATCH 66/80] devices: flag desktps, install tailscale tray if dektop --- devices.nix | 3 +++ homeConfigurations/muede/default.nix | 6 +----- homeModules/tailscale.nix | 4 ++++ nixosConfigurations.nix | 4 +++- 4 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 homeModules/tailscale.nix diff --git a/devices.nix b/devices.nix index ea3c6f6..0eaa3b0 100644 --- a/devices.nix +++ b/devices.nix @@ -38,6 +38,7 @@ in }; muede-lpt2 = { system = "x86_64-linux"; + isDesktop = true; home-manager-users = { inherit (self.homeConfigurations) muede; }; @@ -50,6 +51,7 @@ in }; muede-pc2 = { system = "x86_64-linux"; + isDesktop = true; home-manager-users = { inherit (self.homeConfigurations) muede; }; @@ -63,6 +65,7 @@ in }; ronja-pc = { system = "x86_64-linux"; + isDesktop = true; home-manager-users = { inherit (self.homeConfigurations) ronja; }; diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 185476d..87db634 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -80,7 +80,6 @@ onefetch servicepoint-cli servicepoint-simulator - tailscale telegram-desktop thunderbird vlc @@ -93,9 +92,6 @@ "idea.properties".text = "idea.filewatcher.executable.path = ${pkgs.fsnotifier}/bin/fsnotifier"; }; - services = { - trayscale.enable = true; - poweralertd.enable = true; - }; + services.poweralertd.enable = true; }; } diff --git a/homeModules/tailscale.nix b/homeModules/tailscale.nix new file mode 100644 index 0000000..34d1c3d --- /dev/null +++ b/homeModules/tailscale.nix @@ -0,0 +1,4 @@ +{ osConfig, thisDevice, ... }: +{ + services.tailscale-systray.enable = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 29e78c3..c0d3a80 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -21,6 +21,7 @@ forDevice ( { device, system, + isDesktop ? false, home-manager-users ? { }, nixosSystem ? inputs.nixpkgs.lib.nixosSystem, ... @@ -87,7 +88,7 @@ forDevice ( }; } ] - ++ lib.optionals (home-manager-users != { }) [ + ++ lib.optionals isDesktop [ # Desktop config { home-manager = { @@ -100,6 +101,7 @@ forDevice ( # keep-sorted start self.homeModules.gnome-extensions self.homeModules.nano + self.homeModules.tailscale self.homeModules.templates self.homeModules.zsh-basics # keep-sorted end From dc36665e7a004b428271bb44271f6b317e837975 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 14:21:34 +0200 Subject: [PATCH 67/80] distributed builds: fix host name does not match after expansion --- nixosModules/distributed-builds.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 91341f5..50d9ee6 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -104,7 +104,7 @@ in knownHosts = buildServerKnownHosts; extraConfig = lib.concatStringsSep "\n" ( lib.mapAttrsToList (name: _: '' - Match host ${name} user ${buildUser} + Match originalhost ${name} user ${buildUser} IdentityFile ${clientSshKeyPath} IdentitiesOnly yes '') buildServerDevices From 6ee82131cd2db664c9e24dacca753c3e8d9de0a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 14:24:56 +0200 Subject: [PATCH 68/80] ditributed builds: tweak speed factors --- devices.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/devices.nix b/devices.nix index 0eaa3b0..7313e7b 100644 --- a/devices.nix +++ b/devices.nix @@ -28,6 +28,7 @@ in system = "aarch64-linux"; distributedBuilds = { isBuilder = true; + speedFactor = 1; clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0NLgg0sFobBWz/bjYs9WkrMvlcvJC5F6+3jQ/b+AnD forgejo-runner-1-nix-builds"; hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANGC89GiT5xCsFICwrharrbV3q7acWHqk6ZwOUXbtGT"; storeSigningPublicKey = "forgejo-runner-1:ln1FVLL8G5+IveQuBi/Kn3SaqFZ1gaiQrE3yPlMhCMA="; @@ -44,6 +45,7 @@ in }; distributedBuilds = { isBuilder = true; + speedFactor = 2; hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7"; clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; storeSigningPublicKey = "muede-lpt2:3csut7FW6oZK/ztRLBRC80LSBfFE3qzl+aIYgOixB6U="; @@ -57,7 +59,7 @@ in }; distributedBuilds = { isBuilder = true; - speedFactor = 2; + speedFactor = 4; hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH"; clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; storeSigningPublicKey = "muede-pc2:fqQO0E0y65MjUWlQnrgWt5ZsmQKlKCv4jls3CmUXDEQ="; From c8cfa37bb9e3dbd3bc0e2c004db909aca512b5a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 15:19:06 +0200 Subject: [PATCH 69/80] hm modules: gate behind enable options, always import --- homeConfigurations/muede/default.nix | 9 +++++++++ homeConfigurations/ronja/default.nix | 8 ++++++++ homeModules/gnome-extensions.nix | 2 +- homeModules/nano.nix | 17 +++++++++++------ homeModules/tailscale.nix | 12 ++++++++++-- homeModules/templates.nix | 23 ++++++++++++++--------- homeModules/zsh-basics.nix | 21 +++++++++++++-------- nixosConfigurations.nix | 11 +---------- 8 files changed, 67 insertions(+), 36 deletions(-) diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 87db634..17c66a0 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -23,6 +23,15 @@ ]; config = { + my = { + # keep-sorted start + gnome-extensions.enable = true; + nano.enable = true; + templates.enable = true; + zsh.enable = true; + # keep-sorted end + }; + programs = { home-manager.enable = true; fzf.enable = true; diff --git a/homeConfigurations/ronja/default.nix b/homeConfigurations/ronja/default.nix index 0f202cd..4d5c5ee 100644 --- a/homeConfigurations/ronja/default.nix +++ b/homeConfigurations/ronja/default.nix @@ -2,6 +2,14 @@ { imports = [ ./vscode.nix ]; config = { + my = { + # keep-sorted start + nano.enable = true; + templates.enable = true; + zsh.enable = true; + # keep-sorted end + }; + home.packages = with pkgs; [ ## Apps telegram-desktop diff --git a/homeModules/gnome-extensions.nix b/homeModules/gnome-extensions.nix index 071fa15..20b3a70 100644 --- a/homeModules/gnome-extensions.nix +++ b/homeModules/gnome-extensions.nix @@ -18,7 +18,7 @@ }; in { - enable = mkDefaultEnabledOption "gnome extended options"; + enable = lib.mkEnableOption "gnome extended options"; appindicator.enable = mkDefaultEnabledOption "appindicator"; caffeine.enable = mkDefaultEnabledOption "caffeine"; tailscale-qs.enable = lib.mkOption { diff --git a/homeModules/nano.nix b/homeModules/nano.nix index ab3e7b2..2293b99 100644 --- a/homeModules/nano.nix +++ b/homeModules/nano.nix @@ -1,9 +1,14 @@ +{ lib, config, ... }: { - home = { - sessionVariables.EDITOR = "nano"; - file.".nanorc".text = '' - set linenumbers - set mouse - ''; + options.my.nano.enable = lib.mkEnableOption "nano editor config"; + + config = lib.mkIf config.my.nano.enable { + home = { + sessionVariables.EDITOR = "nano"; + file.".nanorc".text = '' + set linenumbers + set mouse + ''; + }; }; } diff --git a/homeModules/tailscale.nix b/homeModules/tailscale.nix index 34d1c3d..5f51fc9 100644 --- a/homeModules/tailscale.nix +++ b/homeModules/tailscale.nix @@ -1,4 +1,12 @@ -{ osConfig, thisDevice, ... }: +{ lib, config, osConfig, thisDevice, ... }: { - services.tailscale-systray.enable = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable; + options.my.tailscale.enable = lib.mkOption { + type = lib.types.bool; + default = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable; + description = "Whether to enable the Tailscale system tray applet. Defaults to true on desktops with Tailscale enabled."; + }; + + config = lib.mkIf config.my.tailscale.enable { + services.tailscale-systray.enable = true; + }; } diff --git a/homeModules/templates.nix b/homeModules/templates.nix index 71d2e0b..e0a6df2 100644 --- a/homeModules/templates.nix +++ b/homeModules/templates.nix @@ -1,12 +1,17 @@ +{ lib, config, ... }: { - home.file = { - "Templates/Empty file".text = ""; - "Templates/Empty bash script".text = '' - #!/usr/bin/env bash - # abort on error, undefined variables - set -eu - # print commands before execution - set -x - ''; + options.my.templates.enable = lib.mkEnableOption "file templates"; + + config = lib.mkIf config.my.templates.enable { + home.file = { + "Templates/Empty file".text = ""; + "Templates/Empty bash script".text = '' + #!/usr/bin/env bash + # abort on error, undefined variables + set -eu + # print commands before execution + set -x + ''; + }; }; } diff --git a/homeModules/zsh-basics.nix b/homeModules/zsh-basics.nix index 0b0e281..50e116a 100644 --- a/homeModules/zsh-basics.nix +++ b/homeModules/zsh-basics.nix @@ -1,13 +1,18 @@ +{ lib, config, ... }: { - programs = { - command-not-found.enable = true; - dircolors.enable = true; + options.my.zsh.enable = lib.mkEnableOption "zsh with basic settings"; - zsh = { - enable = true; - syntaxHighlighting.enable = true; - autosuggestion.enable = true; - enableVteIntegration = true; + config = lib.mkIf config.my.zsh.enable { + programs = { + command-not-found.enable = true; + dircolors.enable = true; + + zsh = { + enable = true; + syntaxHighlighting.enable = true; + autosuggestion.enable = true; + enableVteIntegration = true; + }; }; }; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index c0d3a80..1c39c23 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -96,16 +96,7 @@ forDevice ( useGlobalPkgs = true; useUserPackages = true; users = home-manager-users; - sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.tailscale - self.homeModules.templates - self.homeModules.zsh-basics - # keep-sorted end - ]; + sharedModules = [ { home.stateVersion = "22.11"; } ] ++ builtins.attrValues self.homeModules; }; time.timeZone = "Europe/Berlin"; From 9bff3f718f51080897ade7eda4de06611675f5ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 16:04:27 +0200 Subject: [PATCH 70/80] ditributed builds: use fqdn if available --- devices.nix | 1 + nixosModules/distributed-builds.nix | 31 ++++++++++++++++++----------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/devices.nix b/devices.nix index 7313e7b..a4fbeb4 100644 --- a/devices.nix +++ b/devices.nix @@ -26,6 +26,7 @@ in }; forgejo-runner-1 = { system = "aarch64-linux"; + publicFqdn = "forgejo-runner-1.dev.zerforschen.plus"; distributedBuilds = { isBuilder = true; speedFactor = 1; diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 50d9ee6..84628e4 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -21,13 +21,14 @@ let _: v: (v.distributedBuilds or { }).isBuilder or false ) allDevices; + sshHostname = m: m.publicFqdn or m.hostName; + buildServerKnownHosts = lib.pipe buildServerDevices [ (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) - (lib.mapAttrs ( - _: v: { - publicKey = v.distributedBuilds.hostPublicKey; - } - )) + (lib.mapAttrs (name: v: { + publicKey = v.distributedBuilds.hostPublicKey; + hostNames = [ (v.publicFqdn or name) ]; + })) ]; remoteBuildServerDevices = builtins.filter ( @@ -37,7 +38,7 @@ let buildMachines = map ( m: { - hostName = m.hostName; + hostName = sshHostname m; systems = [ m.system ]; sshUser = buildUser; sshKey = clientSshKeyPath; @@ -65,6 +66,8 @@ in # All machines { nix.settings = { + #fallback = true; + connect-timeout = 5; trusted-public-keys = lib.pipe buildServerDevices [ (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) (builtins.filter (k: k != null)) @@ -103,11 +106,15 @@ in programs.ssh = { knownHosts = buildServerKnownHosts; extraConfig = lib.concatStringsSep "\n" ( - lib.mapAttrsToList (name: _: '' - Match originalhost ${name} user ${buildUser} - IdentityFile ${clientSshKeyPath} - IdentitiesOnly yes - '') buildServerDevices + lib.mapAttrsToList (name: v: + let + names = lib.unique [ name (v.publicFqdn or name) ]; + in + '' + Match originalhost ${lib.concatStringsSep "," names} user ${buildUser} + IdentityFile ${clientSshKeyPath} + IdentitiesOnly yes + '') buildServerDevices ); }; nix = { @@ -115,7 +122,7 @@ in buildMachines = buildMachines; settings = { builders-use-substitutes = true; - substituters = map (m: "ssh-ng://${buildUser}@${m.hostName}") ( + substituters = map (m: "ssh-ng://${buildUser}@${sshHostname m}") ( builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices ); }; From 7de5751743ccba459fbde3b1a11c44b4af13ac31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 16:13:47 +0200 Subject: [PATCH 71/80] distributed builds: add assertions, nix fmt --- homeModules/tailscale.nix | 8 +++++- nixosModules/distributed-builds.nix | 41 ++++++++++++++++++++++------- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/homeModules/tailscale.nix b/homeModules/tailscale.nix index 5f51fc9..686bf84 100644 --- a/homeModules/tailscale.nix +++ b/homeModules/tailscale.nix @@ -1,4 +1,10 @@ -{ lib, config, osConfig, thisDevice, ... }: +{ + lib, + config, + osConfig, + thisDevice, + ... +}: { options.my.tailscale.enable = lib.mkOption { type = lib.types.bool; diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index 84628e4..c08d657 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -25,15 +25,17 @@ let buildServerKnownHosts = lib.pipe buildServerDevices [ (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) - (lib.mapAttrs (name: v: { - publicKey = v.distributedBuilds.hostPublicKey; - hostNames = [ (v.publicFqdn or name) ]; - })) + (lib.mapAttrs ( + name: v: { + publicKey = v.distributedBuilds.hostPublicKey; + hostNames = [ (v.publicFqdn or name) ]; + } + )) ]; - remoteBuildServerDevices = builtins.filter ( - m: m.hostName != config.networking.hostName - ) (lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices); + remoteBuildServerDevices = builtins.filter (m: m.hostName != config.networking.hostName) ( + lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices + ); buildMachines = map ( m: @@ -65,6 +67,20 @@ in # All machines { + assertions = + lib.mapAttrsToList (name: v: { + assertion = v.distributedBuilds ? hostPublicKey && v.distributedBuilds ? storeSigningPublicKey; + message = "devices.${name}: isBuilder = true requires distributedBuilds.hostPublicKey and distributedBuilds.storeSigningPublicKey"; + }) buildServerDevices + ++ lib.mapAttrsToList (name: v: { + assertion = lib.hasPrefix "ssh-" v.distributedBuilds.clientPublicKey; + message = "devices.${name}: distributedBuilds.clientPublicKey must start with 'ssh-'"; + }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey) allDevices) + ++ lib.mapAttrsToList (name: v: { + assertion = builtins.match ".+:.+" v.distributedBuilds.storeSigningPublicKey != null; + message = "devices.${name}: distributedBuilds.storeSigningPublicKey must be in ':' format"; + }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices); + nix.settings = { #fallback = true; connect-timeout = 5; @@ -106,15 +122,20 @@ in programs.ssh = { knownHosts = buildServerKnownHosts; extraConfig = lib.concatStringsSep "\n" ( - lib.mapAttrsToList (name: v: + lib.mapAttrsToList ( + name: v: let - names = lib.unique [ name (v.publicFqdn or name) ]; + names = lib.unique [ + name + (v.publicFqdn or name) + ]; in '' Match originalhost ${lib.concatStringsSep "," names} user ${buildUser} IdentityFile ${clientSshKeyPath} IdentitiesOnly yes - '') buildServerDevices + '' + ) buildServerDevices ); }; nix = { From d2acd47e715a97240c2136fefda4a10654e2c152 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 16:29:34 +0200 Subject: [PATCH 72/80] move some imports to desktop only --- nixosConfigurations.nix | 36 ++++++++++++------------- nixosModules/muede-desktop-settings.nix | 3 --- 2 files changed, 18 insertions(+), 21 deletions(-) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 1c39c23..55af611 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -45,10 +45,6 @@ forDevice ( # keep-sorted start home-manager.nixosModules.home-manager lanzaboote.nixosModules.lanzaboote - nova-shell.nixosModules.default - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default stylix.nixosModules.stylix zerforschen-plus.nixosModules.default # keep-sorted end @@ -80,15 +76,32 @@ forDevice ( lixIsNix.enable = true; openssh.enable = true; overlays.unstable.enable = true; - overlays.vscodeExtensions.enable = true; # prometheusNode.enable = true; systemdBoot.enable = true; tailscale.enable = true; # keep-sorted end + + # keep-sorted start + enDe.enable = isDesktop; + firmwareUpdates.enable = isDesktop; + gnome.enable = isDesktop; + kdeconnect.enable = isDesktop; + modernDesktop.enable = isDesktop; + nixLd.enable = isDesktop; + overlays.vscodeExtensions.enable = isDesktop; + quietBoot.enable = isDesktop; + stylix.enable = isDesktop; + # keep-sorted end }; } ] ++ lib.optionals isDesktop [ + inputs.niri.nixosModules.niri + nova-shell.nixosModules.default + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + # Desktop config { home-manager = { @@ -106,19 +119,6 @@ forDevice ( daemonCPUSchedPolicy = "idle"; daemonIOSchedClass = "idle"; }; - - my = { - # keep-sorted start - enDe.enable = true; - firmwareUpdates.enable = true; - gnome.enable = true; - kdeconnect.enable = true; - modernDesktop.enable = true; - nixLd.enable = true; - quietBoot.enable = true; - stylix.enable = true; - # keep-sorted end - }; } ]; } diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix index 8f25f62..980af13 100644 --- a/nixosModules/muede-desktop-settings.nix +++ b/nixosModules/muede-desktop-settings.nix @@ -2,12 +2,9 @@ lib, config, pkgs, - niri, ... }: { - imports = [ niri.nixosModules.niri ]; - options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; config = lib.mkIf config.my.muedeDesktopSettings.enable { From 63ce7eac05ea8610ebb2cf4b9933d5f5e08619e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 16:32:26 +0200 Subject: [PATCH 73/80] move allowedUnfreePackages into my namespace --- nixosConfigurations/damocles/android-dev.nix | 2 +- nixosConfigurations/damocles/claude-container.nix | 2 +- nixosModules/allowed-unfree-list.nix | 4 ++-- nixosModules/intel-graphics.nix | 2 +- nixosModules/steam.nix | 2 +- nixosModules/user-muede.nix | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/nixosConfigurations/damocles/android-dev.nix b/nixosConfigurations/damocles/android-dev.nix index ea5432c..f484e6a 100644 --- a/nixosConfigurations/damocles/android-dev.nix +++ b/nixosConfigurations/damocles/android-dev.nix @@ -12,7 +12,7 @@ in { nixpkgs.config.android_sdk.accept_license = true; - allowedUnfreePackages = [ + my.allowedUnfreePackages = [ "android-sdk-cmdline-tools" "android-sdk-platform-tools" "android-sdk-tools" diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index c568243..7df7b24 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -6,7 +6,7 @@ { my.overlays.unstable.enable = true; - allowedUnfreePackages = [ "claude-code" ]; + my.allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ unstable.claude-code diff --git a/nixosModules/allowed-unfree-list.nix b/nixosModules/allowed-unfree-list.nix index 7bfa758..2aee96f 100644 --- a/nixosModules/allowed-unfree-list.nix +++ b/nixosModules/allowed-unfree-list.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - options.allowedUnfreePackages = lib.mkOption { + options.my.allowedUnfreePackages = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; example = [ "steam" ]; @@ -10,7 +10,7 @@ nixpkgs.config = { # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085 allowUnfreePredicate = lib.mkDefault ( - pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages + pkg: builtins.elem (lib.getName pkg) config.my.allowedUnfreePackages ); }; }; diff --git a/nixosModules/intel-graphics.nix b/nixosModules/intel-graphics.nix index b367489..619af5a 100644 --- a/nixosModules/intel-graphics.nix +++ b/nixosModules/intel-graphics.nix @@ -22,6 +22,6 @@ ]; }; environment.systemPackages = with pkgs; [ nvtopPackages.intel ]; - allowedUnfreePackages = [ "intel-ocl" ]; + my.allowedUnfreePackages = [ "intel-ocl" ]; }; } diff --git a/nixosModules/steam.nix b/nixosModules/steam.nix index 78bbf71..3a4f25a 100644 --- a/nixosModules/steam.nix +++ b/nixosModules/steam.nix @@ -40,7 +40,7 @@ ]; }; - allowedUnfreePackages = [ + my.allowedUnfreePackages = [ "steam" "steam-original" "steam-run" diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix index 20f9cdb..078cb96 100644 --- a/nixosModules/user-muede.nix +++ b/nixosModules/user-muede.nix @@ -31,7 +31,7 @@ nix.settings.trusted-users = [ "muede" ]; - allowedUnfreePackages = [ + my.allowedUnfreePackages = [ "rider" "pycharm-professional" "jetbrains-toolbox" From d75e91b7bc10dddec3c7c296f415386311093628 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 16:33:56 +0200 Subject: [PATCH 74/80] group options in my namespace --- .../damocles/claude-container.nix | 6 ++++-- nixosConfigurations/muede-lpt2/default.nix | 18 +++++++++++------- nixosConfigurations/muede-pc2/default.nix | 18 +++++++++++------- nixosConfigurations/ronja-pc/default.nix | 12 ++++++++---- nixosModules/gnome.nix | 6 +++--- 5 files changed, 37 insertions(+), 23 deletions(-) diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index 7df7b24..aea9343 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -5,8 +5,10 @@ }: { - my.overlays.unstable.enable = true; - my.allowedUnfreePackages = [ "claude-code" ]; + my = { + allowedUnfreePackages = [ "claude-code" ]; + overlays.unstable.enable = true; + }; environment.systemPackages = with pkgs; [ unstable.claude-code diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 78c9d55..f52d735 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -5,13 +5,17 @@ ]; config = { - my.users.muede.enable = true; - my.wineGaming.enable = true; - my.steam.enable = true; - my.podman.enable = true; - my.muedeDesktopSettings.enable = true; - my.intelGraphics.enable = true; - my.secureBoot.enable = true; + my = { + # keep-sorted start + intelGraphics.enable = true; + muedeDesktopSettings.enable = true; + podman.enable = true; + secureBoot.enable = true; + steam.enable = true; + users.muede.enable = true; + wineGaming.enable = true; + # keep-sorted end + }; nix.settings.extra-platforms = [ "aarch64-linux" diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index 4686ffb..42f77b3 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -7,13 +7,17 @@ ]; config = { - my.users.muede.enable = true; - my.wineGaming.enable = true; - my.steam.enable = true; - my.podman.enable = true; - my.muedeDesktopSettings.enable = true; - my.amdGraphics.enable = true; - my.secureBoot.enable = true; + my = { + # keep-sorted start + amdGraphics.enable = true; + muedeDesktopSettings.enable = true; + podman.enable = true; + secureBoot.enable = true; + steam.enable = true; + users.muede.enable = true; + wineGaming.enable = true; + # keep-sorted end + }; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.extra-platforms = [ diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 85227ff..2a56407 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -5,10 +5,14 @@ ]; config = { - my.users.ronja.enable = true; - my.steam.enable = true; - my.wineGaming.enable = true; - my.muedeDesktopSettings.enable = true; + my = { + # keep-sorted start + muedeDesktopSettings.enable = true; + steam.enable = true; + users.ronja.enable = true; + wineGaming.enable = true; + # keep-sorted end + }; # Configure keymap in X11 services.xserver.xkb = { diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index 8311373..fd195e8 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -5,9 +5,9 @@ ... }: { - options = { - my.gnome.enable = lib.mkEnableOption "GNOME desktop environment"; - my.gnome.keep-default-apps = lib.mkEnableOption "keep gnome default apps"; + options.my.gnome = { + enable = lib.mkEnableOption "GNOME desktop environment"; + keep-default-apps = lib.mkEnableOption "keep gnome default apps"; }; config = lib.mkIf config.my.gnome.enable ( From a2494f52134980e9b0ae7a87df494afb45fca4ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 17:11:13 +0200 Subject: [PATCH 75/80] ssh: block sleep while conntections acive --- nixosModules/openssh.nix | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index bed46f8..f1ba770 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -1,4 +1,10 @@ -{ lib, config, ... }: +{ + lib, + config, + pkgs, + thisDevice, + ... +}: { options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; @@ -12,5 +18,35 @@ KbdInteractiveAuthentication = false; }; }; + + # On desktops, hold a systemd sleep inhibitor while SSH connections are active + security.pam.services.sshd.rules.session.ssh-inhibit = lib.mkIf (thisDevice.isDesktop or false) { + order = 10000; + control = "optional"; + modulePath = "${pkgs.pam}/lib/security/pam_exec.so"; + args = [ + "quiet" + "${pkgs.writeShellScript "ssh-inhibit-pam" '' + PIDFILE="/run/ssh-inhibitor-''${PPID}.pid" + case "''${PAM_TYPE:-}" in + open) + ${pkgs.systemd}/bin/systemd-inhibit \ + --what=sleep \ + --who=sshd \ + --why="SSH session active" \ + --mode=block \ + sleep infinity & + echo $! > "$PIDFILE" + ;; + close) + if [ -f "$PIDFILE" ]; then + kill "$(cat "$PIDFILE")" 2>/dev/null || true + rm -f "$PIDFILE" + fi + ;; + esac + ''}" + ]; + }; }; } From edc2e50a9bde2b2b3c46defd906137d201656ea9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sun, 3 May 2026 23:26:37 +0200 Subject: [PATCH 76/80] timezone UTC for non desktop devices --- nixosConfigurations.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 55af611..6082283 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -66,6 +66,8 @@ forDevice ( doc.enable = false; }; + time.timeZone = lib.mkDefault "Etc/UTC"; + my = { # keep-sorted start autoupdate.enable = true; From 90dfef044ce781bfc49ad5e09487e6c1e16c7707 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Wed, 6 May 2026 23:32:08 +0200 Subject: [PATCH 77/80] ssh: fix prevent sleep on open ssh conn --- nixosModules/openssh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index f1ba770..92eb5f6 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -29,7 +29,7 @@ "${pkgs.writeShellScript "ssh-inhibit-pam" '' PIDFILE="/run/ssh-inhibitor-''${PPID}.pid" case "''${PAM_TYPE:-}" in - open) + open_session) ${pkgs.systemd}/bin/systemd-inhibit \ --what=sleep \ --who=sshd \ @@ -38,7 +38,7 @@ sleep infinity & echo $! > "$PIDFILE" ;; - close) + close_session) if [ -f "$PIDFILE" ]; then kill "$(cat "$PIDFILE")" 2>/dev/null || true rm -f "$PIDFILE" From 9d2ecaa0105c3a1775fc852d14290c425a34f58e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Thu, 7 May 2026 18:21:38 +0200 Subject: [PATCH 78/80] lpt2: split containers --- nixosConfigurations/muede-lpt2/containers.nix | 57 +++++++++++++++++++ nixosConfigurations/muede-lpt2/default.nix | 54 +----------------- 2 files changed, 58 insertions(+), 53 deletions(-) create mode 100644 nixosConfigurations/muede-lpt2/containers.nix diff --git a/nixosConfigurations/muede-lpt2/containers.nix b/nixosConfigurations/muede-lpt2/containers.nix new file mode 100644 index 0000000..7033b52 --- /dev/null +++ b/nixosConfigurations/muede-lpt2/containers.nix @@ -0,0 +1,57 @@ +{ self, ... }: +{ + config = { + boot.enableContainers = true; + virtualisation.containers.enable = true; + + containers.damocles = { + autoStart = false; + privateNetwork = false; + path = self.nixosConfigurations.damocles.config.system.build.toplevel; + bindMounts."/etc/nix/distributed-build-key" = { + hostPath = "/etc/nix/distributed-build-key"; + isReadOnly = true; + }; + bindMounts."/persist/damocles-ssh" = { + hostPath = "/persist/damocles-ssh"; + isReadOnly = true; + }; + bindMounts."/persist/damocles-lab" = { + hostPath = "/persist/damocles-lab"; + isReadOnly = false; + }; + }; + + containers.damocles-lab = { + autoStart = false; + privateNetwork = false; + path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel; + bindMounts."/etc/nix/distributed-build-key" = { + hostPath = "/etc/nix/distributed-build-key"; + isReadOnly = true; + }; + bindMounts."/workspace" = { + hostPath = "/persist/damocles-lab"; + isReadOnly = false; + }; + bindMounts."/persist/damocles-ssh" = { + hostPath = "/persist/damocles-ssh"; + isReadOnly = true; + }; + }; + + # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn + # before it finishes halting, leaving cgroups busy and breaking restarts. + systemd.services."container@damocles".serviceConfig = { + TimeoutStopSec = "60s"; + # After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups. + # Without this, the immediate restart attempt fails with "Device or resource busy". + RestartSec = "5s"; + }; + + systemd.services."container@damocles-lab".serviceConfig = { + TimeoutStopSec = "60s"; + RestartSec = "5s"; + }; + }; +} diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index f52d735..be7927c 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -1,6 +1,7 @@ { self, ... }: { imports = [ + ./containers.nix ./hardware.nix ]; @@ -64,58 +65,5 @@ ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - containers.damocles = { - autoStart = false; - privateNetwork = false; - path = self.nixosConfigurations.damocles.config.system.build.toplevel; - bindMounts."/etc/nix/distributed-build-key" = { - hostPath = "/etc/nix/distributed-build-key"; - isReadOnly = true; - }; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; - bindMounts."/persist/damocles-lab" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - }; - - containers.damocles-lab = { - autoStart = false; - privateNetwork = false; - path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel; - bindMounts."/etc/nix/distributed-build-key" = { - hostPath = "/etc/nix/distributed-build-key"; - isReadOnly = true; - }; - bindMounts."/workspace" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; - }; - - # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn - # before it finishes halting, leaving cgroups busy and breaking restarts. - systemd.services."container@damocles".serviceConfig = { - TimeoutStopSec = "60s"; - # After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups. - # Without this, the immediate restart attempt fails with "Device or resource busy". - RestartSec = "5s"; - }; - - systemd.services."container@damocles-lab".serviceConfig = { - TimeoutStopSec = "60s"; - RestartSec = "5s"; - }; - - boot.enableContainers = true; - virtualisation.containers.enable = true; }; } From 1ca757fe95faad6f23fc0369222384502d9fda11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Thu, 7 May 2026 21:09:22 +0200 Subject: [PATCH 79/80] update nova-shell --- flake.lock | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 764d421..a74a893 100644 --- a/flake.lock +++ b/flake.lock @@ -143,6 +143,21 @@ "type": "github" } }, + "crane_2": { + "locked": { + "lastModified": 1777830388, + "narHash": "sha256-2uoQAqUk2H0ijQtGiWAyNeQYGYc6yfAcRRLlJAz4Gp8=", + "owner": "ipetkov", + "repo": "crane", + "rev": "d459c1350e96ce1a7e3859c513ef5e9869d67d6f", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -636,6 +651,7 @@ }, "nova-shell": { "inputs": { + "crane": "crane_2", "nixpkgs": [ "nixpkgs-unstable" ], @@ -643,11 +659,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1777656272, - "narHash": "sha256-OcxjycGuzEeU6ZbX4SjSx4YVKcDlaZm8gdSvEFGowoo=", + "lastModified": 1778180483, + "narHash": "sha256-35cMiZn5DAnYFpKFdWg5dxW7hLO3/ey743ED6yV3pL8=", "ref": "refs/heads/main", - "rev": "40cc681e9a36320659175f240e9ccc3f3041a7e9", - "revCount": 598, + "rev": "dfa3840d97186fef3480b49f289acd3ae707ee27", + "revCount": 626, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, From 5188d951ef09aede3706331114adeb55f7fead31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Thu, 7 May 2026 23:10:49 +0200 Subject: [PATCH 80/80] misc installs --- homeConfigurations/muede/default.nix | 1 + nixosConfigurations/damocles/claude-container.nix | 1 + nixosConfigurations/damocles/default.nix | 1 + 3 files changed, 3 insertions(+) diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 17c66a0..c2293ca 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -73,6 +73,7 @@ arduino arduino-cli arduino-ide + btop claude-code dconf2nix foliate diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index aea9343..8093878 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -18,6 +18,7 @@ gawk gnugrep curl + bintools ]; boot.isContainer = true; diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index c5eff0a..a511d47 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -10,5 +10,6 @@ rustc clippy gh + buildPackages.stdenv.cc ]; }