vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:6754eed1d88b19216575bdb8c8d8c2d388fd973a
Branches Tags
vinzenz:main
vinzenz:vpn1-wg
..
compare: vinzenz:05c888f20ad4e7db0f11c057b3469da2d6d9db88
Branches Tags
vinzenz:main
vinzenz:vpn1-wg

No commits in common. "6754eed1d88b19216575bdb8c8d8c2d388fd973a" and "05c888f20ad4e7db0f11c057b3469da2d6d9db88" have entirely different histories.
6754eed1d8 ... 05c888f20a

94 changed files with 1082 additions and 1163 deletions
Download patch file Download diff file Expand all files Collapse all files

24
flake.lock generated
View file

@ -266,11 +266,11 @@
]
},
"locked": {
"lastModified": 1757763404,
"narHash": "sha256-a1h+58wDOtbQXrHoZwLwB7PhXwFhBXRHhNRhAQGq/oY=",
"lastModified": 1751117291,
"narHash": "sha256-iOeiPypZkl6uPL5mQ4aFG4wYVs9w9BJZ2/5XHlLgyIk=",
"ref": "refs/heads/main",
"rev": "07a5fbca27ec941c841ad93f2ac65bc529225a51",
"revCount": 46,
"rev": "2a4818dc2158cbdad34a701ab12d0b1cf7f52c46",
"revCount": 45,
"type": "git",
"url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git"
},
@ -290,11 +290,11 @@
]
},
"locked": {
"lastModified": 1757763091,
"narHash": "sha256-V3E6JKGzCrq5u+hp38sAdKv/EoxU+X0qfSoBIPxALi4=",
"lastModified": 1752323001,
"narHash": "sha256-YEcYegmlv12yN9VWrz2qt0nyL+9EeGIlrDvac8Pf7Cw=",
"ref": "refs/heads/main",
"rev": "493b7b0343334019b372176f811a966839ba9aa5",
"revCount": 121,
"rev": "75a0ae7a59e687bea5f92791a2d64c048f35846d",
"revCount": 119,
"type": "git",
"url": "https://git.berlin.ccc.de/servicepoint/servicepoint-simulator.git"
},
@ -358,11 +358,11 @@
]
},
"locked": {
"lastModified": 1757847061,
"narHash": "sha256-YW8fpD35tD+1zTkxk0WhP7FJSL15JlFfG7tscgkdI+A=",
"lastModified": 1755431984,
"narHash": "sha256-iBgSdzkta6zQ2eIRWjmJTLZ3b1e1EZiCyCPcgCdqPGU=",
"ref": "refs/heads/main",
"rev": "ddff8c9b206564dd9b9007e4e894afa6f7860fc8",
"revCount": 30,
"rev": "31abcb7a9583c4ed931f658eca3e3c1970e60814",
"revCount": 28,
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/zerforschen.plus"
},

246
flake.nix
View file

@ -1,6 +1,7 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
home-manager = {
@ -49,7 +50,7 @@
};
outputs =
{
inputs@{
self,
nixpkgs,
home-manager,
@ -58,74 +59,31 @@
nixpkgs-unstable,
servicepoint-cli,
servicepoint-simulator,
naersk,
nix-vscode-extensions,
...
}:
let
devices = {
vinzenz-lpt2 = {
system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-vinzenz
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.printing
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.intel-graphics
];
home-manager-users = {
inherit (self.homeConfigurations) vinzenz;
};
};
vinzenz-pc2 = {
system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-vinzenz
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.printing
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.amd-graphics
];
home-manager-users = {
inherit (self.homeConfigurations) vinzenz ronja;
};
};
ronja-pc = {
system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.vinzenz-desktop-settings
];
home-manager-users = {
inherit (self.homeConfigurations) ronja;
};
};
hetzner-vpn2 = {
system = "aarch64-linux";
};
forgejo-runner-1 = {
system = "aarch64-linux";
additional-modules = [ self.nixosModules.podman ];
};
vinzenz-lpt2 = "x86_64-linux";
vinzenz-pc2 = "x86_64-linux";
ronja-pc = "x86_64-linux";
hetzner-vpn2 = "aarch64-linux";
forgejo-runner-1 = "aarch64-linux";
};
inherit (nixpkgs) lib;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
homeDevices = [
"vinzenz-lpt2"
"vinzenz-pc2"
"ronja-pc"
];
forDevice = f: nixpkgs.lib.mapAttrs f devices;
supported-systems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems =
f:
lib.genAttrs supported-systems (
nixpkgs.lib.genAttrs supported-systems (
system:
f rec {
inherit system;
@ -133,141 +91,67 @@
}
);
in
{
lib = {
importDir =
dir:
(lib.attrsets.mapAttrs' (
m: _:
lib.attrsets.nameValuePair (lib.strings.removeSuffix ".nix" m) { imports = [ "${dir}/${m}" ]; }
) (builtins.readDir dir));
};
overlays = {
unstable-packages = final: prev: {
unstable = import nixpkgs-unstable {
inherit (prev) system config;
};
};
};
nixosModules = (self.lib.importDir ./nixosModules) // {
niri = {
imports = [ niri.nixosModules.niri ];
nixpkgs.overlays = [ niri.overlays.niri ];
};
pkgs-unstable = {
nixpkgs.overlays = [ self.overlays.unstable-packages ];
};
pkgs-vscode-extensions = {
nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
};
# required modules to use other modules, should not do anything on their own
default = {
imports = [ self.nixosModules.allowed-unfree-list ];
};
};
homeModules = self.lib.importDir ./homeModules;
homeConfigurations = self.lib.importDir ./homeConfigurations;
formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-tree);
rec {
nixosConfigurations = forDevice (
{
device,
system,
home-manager-users ? { },
additional-modules ? [ ],
}:
device: system:
let
specialArgs = {
inherit device;
inherit inputs device;
};
in
nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [
{
networking.hostName = device;
nixpkgs = {
inherit system;
hostPlatform = lib.mkDefault system;
};
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
{ networking.hostName = device; }
./modules/globalinstalls.nix
./modules/networking.nix
./modules/nixpkgs.nix
./modules/lix.nix
./hosts/${device}/hardware.nix
./hosts/${device}/imports.nix
./hosts/${device}/configuration.nix
{
nixpkgs.overlays = [
self.overlays.unstable-packages
overlays.unstable-packages
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
}
./nixosConfigurations/${device}
self.nixosModules.default
self.nixosModules.lix-is-nix
self.nixosModules.globalinstalls
self.nixosModules.autoupdate
self.nixosModules.openssh
self.nixosModules.tailscale
self.nixosModules.allowed-unfree-list
self.nixosModules.extra-caches
self.nixosModules.systemd-boot
zerforschen-plus.nixosModules.default
]
++ (nixpkgs.lib.optionals (home-manager-users != { }) [
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
};
time.timeZone = "Europe/Berlin";
home-manager.sharedModules = [
{ home.stateVersion = "22.11"; }
self.homeModules.adwaita
self.homeModules.git
self.homeModules.templates
self.homeModules.zsh-basics
self.homeModules.nano
self.homeModules.gnome-extensions
];
home-manager.users = home-manager-users;
}
self.nixosModules.pkgs-unstable
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.niri
self.nixosModules.kdeconnect
self.nixosModules.en-de
self.nixosModules.gnome
self.nixosModules.modern-desktop
self.nixosModules.nix-ld
self.nixosModules.quiet-boot
self.nixosModules.firmware-updates
++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
home-manager.nixosModules.home-manager
servicepoint-simulator.nixosModules.default
servicepoint-cli.nixosModules.default
])
++ additional-modules;
{ home-manager.extraSpecialArgs = specialArgs; }
./modules/home-manager.nix
./modules/i18n.nix
niri.nixosModules.niri
{
nixpkgs.overlays = [
niri.overlays.niri
overlays.servicepoint-packages
nix-vscode-extensions.overlays.default
];
}
]);
}
);
overlays = {
unstable-packages = final: prev: {
unstable = import nixpkgs-unstable {
system = prev.system;
config = prev.config;
};
};
servicepoint-packages = final: prev: {
servicepoint-cli = servicepoint-cli.legacyPackages."${prev.system}".servicepoint-cli;
servicepoint-simulator =
servicepoint-simulator.legacyPackages."${prev.system}".servicepoint-simulator;
};
};
formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-tree);
};
}

1
homeConfigurations/ronja/default.nix → home/ronja/configuration.nix
View file

@ -1,6 +1,5 @@
{ config, pkgs, ... }:
{
imports = [ ./vscode.nix ];
config = {
home.packages = with pkgs; [
## Apps

25
home/ronja/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs, ... }:
{
config = {
# Define user account
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
home-manager.users.ronja.imports = [
./configuration.nix
./vscode.nix
];
};
}

0
homeConfigurations/ronja/vscode.nix → home/ronja/vscode.nix
View file

0
homeConfigurations/vinzenz/.config/containers/policy.json → home/vinzenz/.config/containers/policy.json
View file

8
homeConfigurations/vinzenz/.zsh/p10k.zsh → home/vinzenz/.zsh/p10k.zsh
View file

@ -60,8 +60,8 @@
nodeenv # node.js environment (https://github.com/ekalinin/nodeenv)
# node_version # node.js version
# go_version # go version (https://golang.org)
rust_version # rustc version (https://www.rust-lang.org)
dotnet_version # .NET version (https://dotnet.microsoft.com)
# rust_version # rustc version (https://www.rust-lang.org)
# dotnet_version # .NET version (https://dotnet.microsoft.com)
# php_version # php version (https://www.php.net/)
# laravel_version # laravel php framework version (https://laravel.com/)
# java_version # java version (https://www.java.com/)
@ -756,14 +756,14 @@
typeset -g POWERLEVEL9K_RANGER_BACKGROUND=0
# Custom icon.
# typeset -g POWERLEVEL9K_RANGER_VISUAL_IDENTIFIER_EXPANSION='⭐'
####################[ yazi: yazi shell (https://github.com/sxyazi/yazi) ]#####################
# Yazi shell color.
typeset -g POWERLEVEL9K_YAZI_FOREGROUND=3
typeset -g POWERLEVEL9K_YAZI_BACKGROUND=0
# Custom icon.
# typeset -g POWERLEVEL9K_YAZI_VISUAL_IDENTIFIER_EXPANSION='⭐'
######################[ nnn: nnn shell (https://github.com/jarun/nnn) ]#######################
# Nnn shell color.
typeset -g POWERLEVEL9K_NNN_FOREGROUND=0

4
homeConfigurations/vinzenz/configuration.nix → home/vinzenz/configuration.nix
View file

@ -56,10 +56,6 @@
icu
nextcloud-client
lutris
foliate
];
home.file = {

51
home/vinzenz/default.nix Normal file
View file

@ -0,0 +1,51 @@
{ pkgs, ... }:
{
config = {
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "Vinzenz";
home = "/home/vinzenz";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "vinzenz" ];
home-manager.users.vinzenz.imports = [
./configuration.nix
./editorconfig.nix
./fuzzel.nix
./git.nix
./gnome.nix
#./niri.nix
./ssh.nix
./swaylock.nix
./vscode.nix
./waybar.nix
./zsh.nix
];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
];
};
}

1
homeConfigurations/vinzenz/editorconfig.nix → home/vinzenz/editorconfig.nix
View file

@ -1,3 +1,4 @@
{ ... }:
{
config.editorconfig = {
enable = true;

0
homeConfigurations/vinzenz/fuzzel.nix → home/vinzenz/fuzzel.nix
View file

1
homeConfigurations/vinzenz/git.nix → home/vinzenz/git.nix
View file

@ -1,3 +1,4 @@
{ ... }:
{
config.programs.git = {
enable = true;

26
home/vinzenz/gnome.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
{
config = {
home.packages =
with pkgs.gnomeExtensions;
[
gsconnect
# battery-health-charging
quick-settings-tweaker
solaar-extension
alphabetical-app-grid
]
++ (with pkgs; [ foliate ]);
dconf.settings = {
"org/gnome/shell" = {
enabled-extensions = [
"GPaste@gnome-shell-extensions.gnome.org"
"gsconnect@andyholmes.github.io"
"solaar-extension@sidevesh"
"AlphabeticalAppGrid@stuarthayhurst"
];
};
};
};
}

11
homeConfigurations/vinzenz/niri.nix → home/vinzenz/niri.nix
View file

@ -16,7 +16,16 @@
name = "adwaita-dark";
};
services.mako.enable = true;
services = {
kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
mako = {
enable = true;
};
};
programs.niri.settings = {
input.keyboard.xkb.layout = "de";

1
homeConfigurations/vinzenz/ssh.nix → home/vinzenz/ssh.nix
View file

@ -1,3 +1,4 @@
{ ... }:
{
config.programs.ssh = {
enable = true;

0
homeConfigurations/vinzenz/swaylock.nix → home/vinzenz/swaylock.nix
View file

0
homeConfigurations/vinzenz/vscode.nix → home/vinzenz/vscode.nix
View file

0
homeConfigurations/vinzenz/waybar.nix → home/vinzenz/waybar.nix
View file

2
homeConfigurations/vinzenz/zsh.nix → home/vinzenz/zsh.nix
View file

@ -20,7 +20,7 @@
my-direnvallow = "echo \"use nix\" > .envrc && direnv allow";
my-ip4 = "ip addr show | grep 192";
deadnix = "nix run github:astro/deadnix -- ";
statix = "nix run github:oppiliappan/statix -- ";
statix = "nix run git+https://git.peppe.rs/languages/statix -- ";
};
history = {

15
homeConfigurations/vinzenz/default.nix
View file

@ -1,15 +0,0 @@
{
imports = [
./configuration.nix
./editorconfig.nix
./fuzzel.nix
./git.nix
./gnome.nix
#./niri.nix
./ssh.nix
./swaylock.nix
./vscode.nix
./waybar.nix
./zsh.nix
];
}

31
homeConfigurations/vinzenz/gnome.nix
View file

@ -1,31 +0,0 @@
{ pkgs, ... }:
{
config = {
home.packages = with pkgs; [
gitg
meld
simple-scan
pinta
dconf-editor
impression # usb image writer
papers # pdf viewer
gnome-software # for flatpak apps
gnomeExtensions.solaar-extension
snapshot
];
dconf.settings = {
"org/gnome/shell".enabled-extensions = [
"GPaste@gnome-shell-extensions.gnome.org"
"solaar-extension@sidevesh"
];
"org/gnome/desktop/interface".color-scheme = "prefer-dark";
"org/gnome/desktop/wm/keybindings" = {
switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Shift><Super>Tab" ];
};
};
};
}

12
homeModules/adwaita.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
gtk = {
enable = true;
iconTheme.name = "Adwaita";
cursorTheme.name = "Adwaita";
theme = {
name = "adw-gtk3-dark";
package = pkgs.adw-gtk3;
};
};
}

13
homeModules/git.nix
View file

@ -1,13 +0,0 @@
{
programs = {
git = {
enable = true;
extraConfig.init.defaultBranch = "main";
};
gh = {
enable = true;
gitCredentialHelper.enable = true;
};
};
}

101
homeModules/gnome-extensions.nix
View file

@ -1,101 +0,0 @@
{
lib,
pkgs,
osConfig,
config,
...
}:
{
options.vinzenz.gnome-extensions =
let
mkDefaultEnabledOption =
name:
lib.mkOption {
default = true;
example = false;
description = "Whether to enable ${name}.";
type = lib.types.bool;
};
in
{
enable = mkDefaultEnabledOption "gnome extended options";
appindicator.enable = mkDefaultEnabledOption "appindicator";
caffeine.enable = mkDefaultEnabledOption "caffeine";
tailscale-qs.enable = lib.mkOption {
default = osConfig.services.tailscale.enable;
example = true;
description = "Whether to enable tailscale quick setting.";
type = lib.types.bool;
};
alphabetic-apps.enable = mkDefaultEnabledOption "alphabetic app grid";
clock-show-seconds = mkDefaultEnabledOption "clock seconds";
show-battery-percentage = mkDefaultEnabledOption "battery percentage";
enable-numlock = mkDefaultEnabledOption "num lock on login";
enable-systool-warning = lib.mkEnableOption "system configuration tool warning";
edge-tiling = mkDefaultEnabledOption "edge tiling";
dynamic-workspaces = mkDefaultEnabledOption "dynamic workspaces";
tap-to-click = mkDefaultEnabledOption "tap to click";
two-finger-scrolling = mkDefaultEnabledOption "two finger scrolling";
};
config =
let
cfg = config.vinzenz.gnome-extensions;
in
lib.mkIf cfg.enable (
lib.mkMerge [
{
dconf = {
enable = true;
settings = {
"org/gnome/shell" = {
disable-user-extensions = false;
disabled-extensions = [ ];
enabled-extensions = [ ];
};
"ca/desrt/dconf-editor".show-warning = cfg.enable-systool-warning;
"org/gnome/tweaks".show-extensions-notice = cfg.enable-systool-warning;
"org/gnome/mutter" = {
inherit (cfg) edge-tiling dynamic-workspaces;
};
"org/gnome/desktop/peripherals/touchpad" = {
inherit (cfg) tap-to-click;
two-finger-scrolling-enabled = cfg.two-finger-scrolling;
};
"org/gnome/desktop/interface" = {
inherit (cfg) clock-show-seconds show-battery-percentage;
};
};
};
}
(lib.mkIf cfg.tailscale-qs.enable {
home.packages = [ pkgs.gnomeExtensions.tailscale-qs ];
dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ];
})
(lib.mkIf cfg.appindicator.enable {
home.packages = [ pkgs.gnomeExtensions.appindicator ];
dconf.settings."org/gnome/shell".enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" ];
})
(lib.mkIf cfg.caffeine.enable {
home.packages = [ pkgs.gnomeExtensions.caffeine ];
dconf.settings."org/gnome/shell".enabled-extensions = [ "caffeine@patapon.info" ];
})
(lib.mkIf cfg.alphabetic-apps.enable {
home.packages = [ pkgs.gnomeExtensions.alphabetical-app-grid ];
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "AlphabeticalAppGrid@stuarthayhurst" ];
"org/gnome/shell/extensions/alphabetical-app-grid".folder-order-position = "start";
};
})
(lib.mkIf cfg.enable-numlock {
dconf.settings."org/gnome/desktop/peripherals/keyboard".numlock-state = true;
})
]
);
}

9
homeModules/nano.nix
View file

@ -1,9 +0,0 @@
{
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
set linenumbers
set mouse
'';
};
}

12
homeModules/templates.nix
View file

@ -1,12 +0,0 @@
{
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
}

13
homeModules/zsh-basics.nix
View file

@ -1,13 +0,0 @@
{
programs = {
command-not-found.enable = true;
dircolors.enable = true;
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableVteIntegration = true;
};
};
}

6
hooks/pre-commit
View file

@ -1,6 +0,0 @@
#!/usr/bin/env bash
set -euxo pipefail
nix fmt
nix flake check --all-systems --show-trace

15
hosts/forgejo-runner-1/configuration.nix Normal file
View file

@ -0,0 +1,15 @@
{ ... }:
{
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
};
}

0
nixosConfigurations/forgejo-runner-1/forgejo-runner.nix → hosts/forgejo-runner-1/forgejo-runner.nix
View file

5
nixosConfigurations/forgejo-runner-1/hardware.nix → hosts/forgejo-runner-1/hardware.nix
View file

@ -3,6 +3,11 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];

6
hosts/forgejo-runner-1/imports.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
../../modules/podman.nix
./forgejo-runner.nix
];
}

21
hosts/hetzner-vpn2/configuration.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }:
{
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
#ronja.openssh.authorizedKeys.keys = [
# ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
#];
};
system.autoUpgrade.allowReboot = true;
}

5
nixosConfigurations/hetzner-vpn2/hardware.nix → hosts/hetzner-vpn2/hardware.nix
View file

@ -3,6 +3,11 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];

5
hosts/hetzner-vpn2/imports.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./nginx.nix
];
}

20
nixosConfigurations/hetzner-vpn2/nginx.nix → hosts/hetzner-vpn2/nginx.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ inputs, pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
@ -72,26 +72,28 @@ in
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:" + anubis-domain-socket;
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"blog-in-anubis" = {
root = pkgs.zerforschen-plus-content;
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = "unix:" + blog-domain-socket;
addr = ("unix:" + blog-domain-socket);
}
];
};
};
};
anubis.instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
anubis = {
instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};
};

26
hosts/ronja-pc/configuration.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
pkgs,
...
}:
{
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
}

10
nixosConfigurations/ronja-pc/hardware.nix → hosts/ronja-pc/hardware.nix
View file

@ -1,8 +1,6 @@
{ lib, ... }:
{
boot = {
supportedFilesystems = [ "btrfs" ];
initrd.supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
@ -39,10 +37,6 @@
{ device = "/dev/disk/by-uuid/bf9d19fb-499b-4bfb-b67d-131fa5bf8259"; }
];
hardware.bluetooth.enable = true;
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true;
}

10
hosts/ronja-pc/imports.nix Normal file
View file

@ -0,0 +1,10 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/ronja
];
}

6
nixosConfigurations/vinzenz-lpt2/default.nix → hosts/vinzenz-lpt2/configuration.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./hardware.nix
./nginx.nix
];
imports = [ ./nginx.nix ];
config = {
nix.settings.extra-platforms = [

63
hosts/vinzenz-lpt2/hardware.nix Normal file
View file

@ -0,0 +1,63 @@
{ lib, ... }:
{
imports = [ ../../modules/intel-graphics.nix ];
config = {
# intel cpu
boot.kernelModules = [
"kvm-intel"
"xe"
];
hardware.cpu.intel.updateMicrocode = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.initrd = {
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
};
}

14
hosts/vinzenz-lpt2/imports.nix Normal file
View file

@ -0,0 +1,14 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/printing.nix
../../modules/podman.nix
#../../modules/niri.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/vinzenz
../../home/ronja
];
}

8
nixosConfigurations/vinzenz-lpt2/nginx.nix → hosts/vinzenz-lpt2/nginx.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ inputs, pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
@ -29,15 +29,15 @@ in
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = "http://unix:" + anubis-domain-socket;
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"vinzenz-lpt2-in-anubis" = {
root = pkgs.zerforschen-plus-content;
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = "unix:" + blog-domain-socket;
addr = ("unix:" + blog-domain-socket);
}
];
};

4
nixosConfigurations/vinzenz-lpt2/zerforschen-plus.nix → hosts/vinzenz-lpt2/zerforschen-plus.nix
View file

@ -1,5 +1,7 @@
{
pkgs,
system,
inputs,
...
}:
{
@ -26,7 +28,7 @@
"zerforschen.plus" = {
#addSSL = true;
#enableACME = true;
root = pkgs.zerforschen-plus-content;
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
};
};
};

6
nixosConfigurations/vinzenz-pc2/default.nix → hosts/vinzenz-pc2/configuration.nix
View file

@ -5,7 +5,6 @@
./vscode-server.nix
./hass.nix
];
config = {
nix.settings.extra-platforms = [
"aarch64-linux"
@ -33,10 +32,5 @@
];
environment.systemPackages = with pkgs; [ lact ];
networking.firewall.allowedUDPPorts = [
# Factorio
34197
];
};
}

0
nixosConfigurations/vinzenz-pc2/fstab.nix → hosts/vinzenz-pc2/fstab.nix
View file

25
hosts/vinzenz-pc2/hardware.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
imports = [ ../../modules/amd-graphics.nix ];
config = {
# amd cpu
boot.kernelModules = [ "kvm-amd" ];
hardware.cpu.amd.updateMicrocode = true;
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
]; # "usb_storage"
loader.efi.efiSysMountPoint = "/boot";
};
fileSystems = import ./fstab.nix;
swapDevices = [ ];
networking.interfaces.eno1.wakeOnLan.enable = true;
};
}

0
nixosConfigurations/vinzenz-pc2/hass.nix → hosts/vinzenz-pc2/hass.nix
View file

14
hosts/vinzenz-pc2/imports.nix Normal file
View file

@ -0,0 +1,14 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/printing.nix
../../modules/podman.nix
#../../modules/niri.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/vinzenz
../../home/ronja
];
}

20
nixosConfigurations/vinzenz-pc2/vscode-server.nix → hosts/vinzenz-pc2/vscode-server.nix
View file

@ -15,12 +15,16 @@
];
};
networking.firewall.allowedTCPPorts = [
8542
8543
8544
80
1313
5201
];
networking = {
firewall = {
allowedTCPPorts = [
8542
8543
8544
80
1313
5201
];
};
};
}

22
modules/amd-graphics.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, config, ... }:
{
config = {
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
amdvlk = {
# TODO: this creates black borders around GNOME apps
# enable = true;
# support32Bit.enable = config.hardware.graphics.enable32Bit;
};
overdrive.enable = true;
};
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
};
}

121
modules/desktop-environment.nix Normal file
View file

@ -0,0 +1,121 @@
{ pkgs, ... }:
{
config = {
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
programs = {
kdeconnect.enable = true;
firefox = {
enable = true;
languagePacks = [
"en-US"
"de"
];
};
nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
];
};
appimage = {
enable = true;
binfmt = true;
};
};
networking = {
firewall = {
allowedTCPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
};
environment.systemPackages = with pkgs; [
lm_sensors
# office
libreoffice-qt
hunspell
hunspellDicts.de-de
hunspellDicts.en-us-large
];
fonts = {
enableDefaultPackages = true;
fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font" ];
packages = with pkgs; [
nerd-fonts.fira-code
roboto-mono
recursive
];
};
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
};
}

48
modules/desktop-hardware.nix Normal file
View file

@ -0,0 +1,48 @@
{
lib,
pkgs,
...
}:
{
config = {
boot = {
kernelPackages = pkgs.linuxPackages_zen;
kernelParams = [
"quiet"
"udev.log_level=3"
];
supportedFilesystems = [ "btrfs" ];
initrd.supportedFilesystems = [ "btrfs" ];
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
};
networking.networkmanager.enable = true;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
hardware = {
enableRedistributableFirmware = true;
bluetooth.enable = true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fwupd.enable = true;
};
}

81
modules/gaming.nix Normal file
View file

@ -0,0 +1,81 @@
{ pkgs, ... }:
{
config = {
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
steam-hardware.enable = true;
xpadneo.enable = true;
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
glxinfo
lutris
];
programs = {
xwayland.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
};
networking.firewall = {
allowedUDPPorts = [
# Factorio
34197
# steam network transfer
3478
];
allowedTCPPorts = [
# steam network transfer
24070
];
allowedTCPPortRanges = [
# steam network transfer
{
from = 27015;
to = 27050;
}
];
allowedUDPPortRanges = [
# steam network transfer
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
"ut1999"
];
};
}

34
modules/globalinstalls.nix Normal file
View file

@ -0,0 +1,34 @@
{ pkgs, ... }:
{
config = {
environment = {
systemPackages = with pkgs; [
ncdu
glances
iotop
pciutils
lsof
dig
screen
tldr
neofetch
nix-output-monitor
];
};
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
};
}

46
modules/gnome-shared-dconf.nix Normal file
View file

@ -0,0 +1,46 @@
{
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
clock-show-seconds = true;
show-battery-percentage = true;
};
"org/gnome/mutter" = {
edge-tiling = true;
dynamic-workspaces = true;
};
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/tweaks" = {
show-extensions-notice = false;
};
"org/gnome/shell" = {
disable-user-extensions = false;
disabled-extensions = [ ];
enabled-extensions = [
"tailscale@joaophi.github.com"
"appindicatorsupport@rgcjonas.gmail.com"
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
"caffeine@patapon.info"
];
};
"ca/desrt/dconf-editor" = {
show-warning = false;
};
"org/gnome/desktop/wm/keybindings" = {
switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Shift><Super>Tab" ];
};
"org/gnome/shell/extensions/alphabetical-app-grid" = {
folder-order-position = "start";
};
"org/gnome/shell/extensions/gsconnect" = {
enabled = true;
};
}

101
modules/gnome.nix Normal file
View file

@ -0,0 +1,101 @@
{ pkgs, ... }:
{
config = {
services = {
xserver = {
# Enable the GNOME Desktop Environment.
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
displayManager.gdm.enable = true;
excludePackages = with pkgs; [ xterm ];
};
displayManager.defaultSession = "gnome";
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
gnome-remote-desktop.enable = true;
};
};
programs = {
dconf.enable = true;
gpaste.enable = true;
kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
};
# remove some gnome default apps
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
# gnome-music
# totem # video player
# snapshot # camera
# baobab # disk usage
];
# RDP connections
networking.firewall.allowedTCPPorts = [ 3389 ];
home-manager.sharedModules = [
{
home.packages =
with pkgs;
[
gitg
meld
simple-scan
pinta
dconf-editor
gpaste
ghex
impression
papers
# graphical installer for flatpak apps
gnome-software
]
++ (with gnomeExtensions; [
caffeine
appindicator
]);
dconf.settings = import ./gnome-shared-dconf.nix;
gtk = {
enable = true;
iconTheme.name = "Adwaita";
cursorTheme.name = "Adwaita";
theme = {
name = "adw-gtk3-dark";
package = pkgs.adw-gtk3;
};
};
}
{
home.packages = with pkgs; [ trayscale ] ++ (with gnomeExtensions; [ tailscale-qs ]);
dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ];
}
];
};
}

61
modules/home-manager.nix Normal file
View file

@ -0,0 +1,61 @@
_: {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
sharedModules = [
# set stateVersion
{ home.stateVersion = "22.11"; }
# make nano the default editor
{
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
set linenumbers
set mouse
'';
};
}
# command line niceness
{
programs = {
command-not-found.enable = true;
dircolors.enable = true;
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableVteIntegration = true;
};
};
}
# common git config
{
programs = {
git = {
enable = true;
extraConfig.init.defaultBranch = "main";
};
gh = {
enable = true;
gitCredentialHelper.enable = true;
};
};
}
# Templates
{
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
}
];
};
}

19
modules/i18n.nix Normal file
View file

@ -0,0 +1,19 @@
_: {
config = {
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
};
}

0
nixosModules/intel-graphics.nix → modules/intel-graphics.nix
View file

0
nixosModules/latex.nix → modules/latex.nix
View file

12
modules/lix.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
nixpkgs.overlays = [ (final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena;
}) ];
nix.package = pkgs.lixPackageSets.stable.lix;
}

23
modules/networking.nix Normal file
View file

@ -0,0 +1,23 @@
_: {
config = {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "without-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall = {
enable = true;
checkReversePath = "loose";
};
};
}

0
nixosModules/niri.nix → modules/niri.nix
View file

59
modules/nixpkgs.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, lib, ... }:
{
options.allowedUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam" ];
};
config = {
nixpkgs.config = {
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages;
};
nix = {
settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
"https://cache.lix.systems"
"https://niri.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
experimental-features = [
"nix-command"
"flakes"
];
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
optimise.automatic = true;
};
system = {
stateVersion = "22.11";
# enable auto updates
autoUpgrade = {
enable = true;
dates = "daily";
flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
};
documentation = {
enable = true; # documentation of packages
nixos.enable = false; # nixos documentation
man.enable = true; # manual pages and the man command
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

2
nixosModules/podman.nix → modules/podman.nix
View file

@ -1,4 +1,4 @@
{
_: {
virtualisation = {
containers.enable = true;
podman = {

14
modules/printing.nix Normal file
View file

@ -0,0 +1,14 @@
_: {
config = {
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
};
}

21
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -1,21 +0,0 @@
{
imports = [
./hardware.nix
./forgejo-runner.nix
];
config = {
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
};
};
}

27
nixosConfigurations/hetzner-vpn2/default.nix
View file

@ -1,27 +0,0 @@
{
imports = [
./hardware.nix
./nginx.nix
];
config = {
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
#ronja.openssh.authorizedKeys.keys = [
# ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
#];
};
system.autoUpgrade.allowReboot = true;
};
}

32
nixosConfigurations/ronja-pc/default.nix
View file

@ -1,32 +0,0 @@
{
config,
pkgs,
...
}:
{
imports = [
./hardware.nix
];
config = {
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];};
};
}

56
nixosConfigurations/vinzenz-lpt2/hardware.nix
View file

@ -1,56 +0,0 @@
{ pkgs, lib, ... }:
{
# intel cpu
boot.kernelModules = [
"kvm-intel"
"xe"
];
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
};
boot = {
kernelPackages = pkgs.linuxPackages_zen;
supportedFilesystems = [ "btrfs" ];
initrd = {
supportedFilesystems = [ "btrfs" ];
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
hardware.bluetooth.enable = true;
}

30
nixosConfigurations/vinzenz-pc2/hardware.nix
View file

@ -1,30 +0,0 @@
{ pkgs, lib, ... }:
{
# amd cpu
boot.kernelModules = [ "kvm-amd" ];
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
]; # "usb_storage"
kernelPackages = pkgs.linuxPackages_zen;
supportedFilesystems = [ "btrfs" ];
initrd.supportedFilesystems = [ "btrfs" ];
loader.efi.efiSysMountPoint = "/boot";
};
fileSystems = import ./fstab.nix;
swapDevices = [ ];
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
interfaces.eno1.wakeOnLan.enable = true;
};
hardware.bluetooth.enable = true;
}

17
nixosModules/allowed-unfree-list.nix
View file

@ -1,17 +0,0 @@
{ lib, config, ... }:
{
options.allowedUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam" ];
};
config = {
nixpkgs.config = {
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = lib.mkDefault (
pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages
);
};
};
}

20
nixosModules/amd-graphics.nix
View file

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
amdvlk = {
# TODO: this creates black borders around GNOME apps
# enable = true;
# support32Bit.enable = config.hardware.graphics.enable32Bit;
};
overdrive.enable = true;
};
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
}

16
nixosModules/autoupdate.nix
View file

@ -1,16 +0,0 @@
{
nix = {
optimise.automatic = true;
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system.autoUpgrade = {
enable = true;
dates = "daily";
# do not forget to set `flake` when using this module!
};
}

31
nixosModules/en-de.nix
View file

@ -1,31 +0,0 @@
{ pkgs, ... }:
{
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocales = [
"de_DE.UTF-8/UTF-8"
];
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
}

16
nixosModules/extra-caches.nix
View file

@ -1,16 +0,0 @@
{
nix.settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
"https://cache.lix.systems"
"https://niri.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
};
}

11
nixosModules/firmware-updates.nix
View file

@ -1,11 +0,0 @@
{
hardware = {
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
};
services.fwupd.enable = true;
}

23
nixosModules/globalinstalls.nix
View file

@ -1,23 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ncdu
glances
lsof
dig
screen
tldr
nix-output-monitor
];
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
}

65
nixosModules/gnome.nix
View file

@ -1,65 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
options.vinzenz = {
keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
};
config = lib.mkMerge [
{
services = {
xserver = {
# Enable the GNOME Desktop Environment.
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
displayManager.gdm.enable = true;
excludePackages = [ pkgs.xterm ];
};
displayManager.defaultSession = "gnome";
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
};
};
programs = {
dconf.enable = true;
gpaste.enable = true;
};
}
(lib.mkIf (!config.vinzenz.keep-gnome-default-apps) {
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
gnome-music
totem # video player
snapshot # camera
baobab # disk usage
];
})
];
}

53
nixosModules/kdeconnect.nix
View file

@ -1,53 +0,0 @@
{
lib,
config,
pkgs,
...
}:
{
config = lib.mkMerge [
{
networking.firewall =
let
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
};
programs.kdeconnect.enable = true;
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
}
];
}
(lib.mkIf config.services.xserver.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
};
}
)
];
})
];
}

15
nixosModules/lix-is-nix.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
nix.package = pkgs.lixPackageSets.latest.lix;
}

49
nixosModules/modern-desktop.nix
View file

@ -1,49 +0,0 @@
{
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
}

22
nixosModules/nix-ld.nix
View file

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
];
};
}

11
nixosModules/openssh.nix
View file

@ -1,11 +0,0 @@
{
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "without-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
}

12
nixosModules/printing.nix
View file

@ -1,12 +0,0 @@
{
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
}

11
nixosModules/quiet-boot.nix
View file

@ -1,11 +0,0 @@
{
boot = {
kernelParams = [
"quiet"
"udev.log_level=3"
];
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
};
}

45
nixosModules/steam.nix
View file

@ -1,45 +0,0 @@
{
hardware.steam-hardware.enable = true;
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
};
# steam network transfer
networking.firewall = {
allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ];
allowedTCPPortRanges = [
{
from = 27015;
to = 27050;
}
];
allowedUDPPortRanges = [
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
}

11
nixosModules/systemd-boot.nix
View file

@ -1,11 +0,0 @@
{
boot.loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
}

8
nixosModules/tailscale.nix
View file

@ -1,8 +0,0 @@
{
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
}

19
nixosModules/user-ronja.nix
View file

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ];
}

35
nixosModules/user-vinzenz.nix
View file

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "Vinzenz";
home = "/home/vinzenz";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "vinzenz" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
];
}

28
nixosModules/vinzenz-desktop-settings.nix
View file

@ -1,28 +0,0 @@
{ pkgs, ... }:
{
programs.firefox.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
];
fonts = {
enableDefaultPackages = true;
fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font" ];
packages = with pkgs; [
nerd-fonts.fira-code
roboto-mono
recursive
];
};
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
}

22
nixosModules/wine-gaming.nix
View file

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
xpadneo.enable = true;
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
glxinfo
];
}