diff --git a/.gitignore b/.gitignore index d3f13a7..8e21b1d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ .directory result -secrets diff --git a/README.md b/README.md index 3ad5e88..3195c03 100644 --- a/README.md +++ b/README.md @@ -1,46 +1,11 @@ # nixos-configuration -Personal NixOS configuration for all machines. Devices are declared in `devices.nix`, per-device configs live in `nixosConfigurations//`, and shared modules in `nixosModules/`. - -## Distributed builds - -Machines are configured to act as build servers / binary caches for each other in devices.nix. - -### Onboarding a device as a build client - -1. Generate a key pair on the device: - - ```sh - sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" && sudo cat /etc/nix/distributed-build-key.pub - ``` - -2. Add the public key to the device entry in `devices.nix`: - - ```nix - distributedBuilds.clientPublicKey = "ssh-ed25519 AAAA... -nix-builds"; - ``` - -3. Rebuild all build machines so they pick up the new authorized key. - -### Adding a build server - -1. Add to its entry in `devices.nix`: - - ```nix - distributedBuilds.isBuilder = true; - distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 "$(hostname)" - ``` - -2. Generate a store signing key on the builder: - - ```sh - sudo nix key generate-secret --key-name "$(hostname)" | sudo tee /etc/nix/signing-key.sec | sudo nix key convert-secret-to-public - ``` - -3. Add the printed public key to `devices.nix`: - - ```nix - distributedBuilds.storeSigningPublicKey = ":"; - ``` - -4. Rebuild all machines so they trust the new signing key. +When adding a new host: +1. install NixOS via the graphical installer +2. `mv /etc/hardware-configuration ./devicename-hardware-configuration.nix` +3. copy an existing devicename.nix +5. change import to `new-devicename-hardware-configuration.nix` +6. set the hostname and optional imports in `new-devicename.nix` +7. `ln -s ./new-devicename.nix /etc/nixos/configuration.nix` +8. `sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz home-manager` +9. apply diff --git a/devices.nix b/devices.nix deleted file mode 100644 index a4fbeb4..0000000 --- a/devices.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ self }: -let - nixos-raspberrypi = self.inputs.nixos-raspberrypi; -in -{ - # keep-sorted start block=yes - aur0ra = { - system = "aarch64-linux"; - nixosSystem = nixos-raspberrypi.lib.nixosSystem; - }; - aur0ra-installer = { - # build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage - system = "aarch64-linux"; - nixosSystem = nixos-raspberrypi.lib.nixosInstaller; - }; - damocles = { - system = "x86_64-linux"; - distributedBuilds.maxJobs = 0; - }; - damocles-lab = { - system = "x86_64-linux"; - distributedBuilds.maxJobs = 0; - }; - epimetheus = { - system = "aarch64-linux"; - }; - forgejo-runner-1 = { - system = "aarch64-linux"; - publicFqdn = "forgejo-runner-1.dev.zerforschen.plus"; - distributedBuilds = { - isBuilder = true; - speedFactor = 1; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0NLgg0sFobBWz/bjYs9WkrMvlcvJC5F6+3jQ/b+AnD forgejo-runner-1-nix-builds"; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANGC89GiT5xCsFICwrharrbV3q7acWHqk6ZwOUXbtGT"; - storeSigningPublicKey = "forgejo-runner-1:ln1FVLL8G5+IveQuBi/Kn3SaqFZ1gaiQrE3yPlMhCMA="; - }; - }; - hetzner-vpn2 = { - system = "aarch64-linux"; - }; - muede-lpt2 = { - system = "x86_64-linux"; - isDesktop = true; - home-manager-users = { - inherit (self.homeConfigurations) muede; - }; - distributedBuilds = { - isBuilder = true; - speedFactor = 2; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7"; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds"; - storeSigningPublicKey = "muede-lpt2:3csut7FW6oZK/ztRLBRC80LSBfFE3qzl+aIYgOixB6U="; - }; - }; - muede-pc2 = { - system = "x86_64-linux"; - isDesktop = true; - home-manager-users = { - inherit (self.homeConfigurations) muede; - }; - distributedBuilds = { - isBuilder = true; - speedFactor = 4; - hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH"; - clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds"; - storeSigningPublicKey = "muede-pc2:fqQO0E0y65MjUWlQnrgWt5ZsmQKlKCv4jls3CmUXDEQ="; - }; - }; - ronja-pc = { - system = "x86_64-linux"; - isDesktop = true; - home-manager-users = { - inherit (self.homeConfigurations) ronja; - }; - }; - # keep-sorted end -} diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 764d421..0000000 --- a/flake.lock +++ /dev/null @@ -1,1097 +0,0 @@ -{ - "nodes": { - "argononed": { - "flake": false, - "locked": { - "lastModified": 1729566243, - "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", - "owner": "nvmd", - "repo": "argononed", - "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", - "type": "github" - }, - "original": { - "owner": "nvmd", - "repo": "argononed", - "type": "github" - } - }, - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1755819240, - "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1765809053, - "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1760703920, - "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "d646af9b7d14bff08824538164af99d0c521b185", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, - "binding": { - "inputs": { - "binding": "binding_2", - "nixpkgs": [ - "servicepoint-tanks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1759096792, - "narHash": "sha256-CW4D1yJecw7Id6AxIEJOW3OpcX3Y4Ehng76/YlR1I9w=", - "ref": "refs/heads/main", - "rev": "8df2996504866f3193fbe51860ab173d25724e5e", - "revCount": 307, - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-binding-csharp.git" - }, - "original": { - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-binding-csharp.git" - } - }, - "binding_2": { - "inputs": { - "nixpkgs": [ - "servicepoint-tanks", - "binding", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1759093963, - "narHash": "sha256-nis9Xps/P1f/v9FC3LoMLGGCOMMbdrOniDSklqLsH8o=", - "ref": "refs/heads/main", - "rev": "44ef4bb6d707c46af1bed6244f17a16f26f246c1", - "revCount": 304, - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-binding-uniffi.git" - }, - "original": { - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-binding-uniffi.git" - } - }, - "crane": { - "locked": { - "lastModified": 1754269165, - "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", - "owner": "ipetkov", - "repo": "crane", - "rev": "444e81206df3f7d92780680e45858e31d2f07a08", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "fenix": { - "inputs": { - "nixpkgs": [ - "naersk", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1752475459, - "narHash": "sha256-z6QEu4ZFuHiqdOPbYss4/Q8B0BFhacR8ts6jO/F/aOU=", - "owner": "nix-community", - "repo": "fenix", - "rev": "bf0d6f70f4c9a9cf8845f992105652173f4b617f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, - "firefox-gnome-theme": { - "flake": false, - "locked": { - "lastModified": 1764873433, - "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", - "type": "github" - }, - "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gnome-shell": { - "flake": false, - "locked": { - "host": "gitlab.gnome.org", - "lastModified": 1767737596, - "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "ef02db02bf0ff342734d525b5767814770d85b49", - "type": "gitlab" - }, - "original": { - "host": "gitlab.gnome.org", - "owner": "GNOME", - "ref": "gnome-49", - "repo": "gnome-shell", - "type": "gitlab" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775425411, - "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.11", - "repo": "home-manager", - "type": "github" - } - }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1762205063, - "narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "v0.4.3", - "repo": "lanzaboote", - "type": "github" - } - }, - "naersk": { - "inputs": { - "fenix": "fenix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1777031541, - "narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=", - "owner": "nix-community", - "repo": "naersk", - "rev": "5e73301621274c44798bf6c6211ed27fc2ced201", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, - "niri": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ], - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1777472199, - "narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "323a80f2ce4541c595d491acbd15a8800201cbae", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.08", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1777468255, - "narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, - "nix-filter": { - "locked": { - "lastModified": 1757882181, - "narHash": "sha256-+cCxYIh2UNalTz364p+QYmWHs0P+6wDhiWR4jDIKQIU=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "59c44d1909c72441144b93cf0f054be7fe764de5", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nix-filter", - "type": "github" - } - }, - "nix-vscode-extensions": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1777434090, - "narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=", - "owner": "nix-community", - "repo": "nix-vscode-extensions", - "rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-vscode-extensions", - "type": "github" - } - }, - "nixlib": { - "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769813415, - "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "8946737ff703382fda7623b9fab071d037e897d5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, - "nixos-images": { - "inputs": { - "nixos-stable": [ - "nixos-raspberrypi", - "nixpkgs" - ], - "nixos-unstable": [ - "nixos-raspberrypi", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747747741, - "narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=", - "owner": "nvmd", - "repo": "nixos-images", - "rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4", - "type": "github" - }, - "original": { - "owner": "nvmd", - "ref": "sdimage-installer", - "repo": "nixos-images", - "type": "github" - } - }, - "nixos-raspberrypi": { - "inputs": { - "argononed": "argononed", - "flake-compat": "flake-compat_2", - "nixos-images": "nixos-images", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1775857096, - "narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=", - "owner": "nvmd", - "repo": "nixos-raspberrypi", - "rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba", - "type": "github" - }, - "original": { - "owner": "nvmd", - "ref": "main", - "repo": "nixos-raspberrypi", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1775595990, - "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1777270315, - "narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6368eda62c9775c38ef7f714b2555a741c20c72d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1777077449, - "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1757545623, - "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nova-shell": { - "inputs": { - "nixpkgs": [ - "nixpkgs-unstable" - ], - "quickshell": "quickshell", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1777656272, - "narHash": "sha256-OcxjycGuzEeU6ZbX4SjSx4YVKcDlaZm8gdSvEFGowoo=", - "ref": "refs/heads/main", - "rev": "40cc681e9a36320659175f240e9ccc3f3041a7e9", - "revCount": 598, - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" - }, - "original": { - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" - } - }, - "nur": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1777499139, - "narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=", - "owner": "nix-community", - "repo": "NUR", - "rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "quickshell": { - "inputs": { - "nixpkgs": [ - "nova-shell", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776066068, - "narHash": "sha256-SwKVkgEsqsp5ki9m7fqvhncb5MjvH1hlZqbn3s+x/Uk=", - "ref": "refs/heads/master", - "rev": "fb08eced449e87e47321e95beeb890a63d2c67bd", - "revCount": 801, - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - }, - "original": { - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - } - }, - "root": { - "inputs": { - "flake-parts": "flake-parts", - "home-manager": "home-manager", - "lanzaboote": "lanzaboote", - "naersk": "naersk", - "niri": "niri", - "nix-filter": "nix-filter", - "nix-vscode-extensions": "nix-vscode-extensions", - "nixos-generators": "nixos-generators", - "nixos-raspberrypi": "nixos-raspberrypi", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "nova-shell": "nova-shell", - "nur": "nur", - "servicepoint-cli": "servicepoint-cli", - "servicepoint-simulator": "servicepoint-simulator", - "servicepoint-tanks": "servicepoint-tanks", - "stylix": "stylix", - "treefmt-nix": "treefmt-nix_2", - "zerforschen-plus": "zerforschen-plus" - } - }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1752428706, - "narHash": "sha256-EJcdxw3aXfP8Ex1Nm3s0awyH9egQvB2Gu+QEnJn2Sfg=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "591e3b7624be97e4443ea7b5542c191311aa141d", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761791894, - "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "59c45eb69d9222a4362673141e00ff77842cd219", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "servicepoint-cli": { - "inputs": { - "naersk": [ - "naersk" - ], - "nix-filter": [ - "nix-filter" - ], - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": [ - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1771709842, - "narHash": "sha256-zbKj2waitgCFE/I4DcV4lWMRkQ7gDOa9QgPXVTao5+g=", - "ref": "refs/heads/main", - "rev": "6c731e3f5ac0fc63e3cf1e727856f3a3327fddfb", - "revCount": 52, - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git" - }, - "original": { - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git" - } - }, - "servicepoint-simulator": { - "inputs": { - "naersk": [ - "naersk" - ], - "nix-filter": [ - "nix-filter" - ], - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1757763091, - "narHash": "sha256-V3E6JKGzCrq5u+hp38sAdKv/EoxU+X0qfSoBIPxALi4=", - "ref": "refs/heads/main", - "rev": "493b7b0343334019b372176f811a966839ba9aa5", - "revCount": 121, - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-simulator.git" - }, - "original": { - "type": "git", - "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-simulator.git" - } - }, - "servicepoint-tanks": { - "inputs": { - "binding": "binding", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760288584, - "narHash": "sha256-2eY1f4LV9s5Hc/tb1iuJYPewE4Seyeguf7VdzC9bbbo=", - "ref": "service-improvements", - "rev": "1bb73d664dac78c5d69a02ae67169d76cca7aab4", - "revCount": 218, - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/servicepoint-tanks.git" - }, - "original": { - "ref": "service-improvements", - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/servicepoint-tanks.git" - } - }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": [ - "flake-parts" - ], - "gnome-shell": "gnome-shell", - "nixpkgs": [ - "nixpkgs" - ], - "nur": [ - "nur" - ], - "systems": "systems", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1776894428, - "narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=", - "owner": "nix-community", - "repo": "stylix", - "rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.11", - "repo": "stylix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1767817087, - "narHash": "sha256-eGE8OYoK6HzhJt/7bOiNV2cx01IdIrHL7gXgjkHRdNo=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "bd99656235aab343e3d597bf196df9bc67429507", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1767489635, - "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1767488740, - "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nova-shell", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1755491097, - "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "388d291e82ffbc73be18169d39470f340707edaa", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.7", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1773622265, - "narHash": "sha256-wToKwH7IgWdGLMSIWksEDs4eumR6UbbsuPQ42r0oTXQ=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "a879e5e0896a326adc79c474bf457b8b99011027", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "zerforschen-plus": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1757965108, - "narHash": "sha256-V2U1XbtfvWQ6Bt2dvbUWAlKjqY3zjrbkVveLsyxnq1w=", - "ref": "refs/heads/main", - "rev": "d794fafc25c8fdead19dcbffc4c0b4bb7ff98272", - "revCount": 32, - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/zerforschen.plus" - }, - "original": { - "type": "git", - "url": "https://git.berlin.ccc.de/vinzenz/zerforschen.plus" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index e95af0e..0000000 --- a/flake.nix +++ /dev/null @@ -1,172 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - - home-manager = { - url = "github:nix-community/home-manager/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - #keep-sorted start block=yes - flake-parts = { - url = "github:hercules-ci/flake-parts"; - #inputs.nixpkgs.follows = "nixpkgs"; - }; - lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.3"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - naersk = { - url = "github:nix-community/naersk"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - niri = { - url = "github:sodiboo/niri-flake"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; - }; - }; - nix-filter.url = "github:numtide/nix-filter"; - nix-vscode-extensions = { - url = "github:nix-community/nix-vscode-extensions"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nixos-raspberrypi = { - url = "github:nvmd/nixos-raspberrypi/main"; - }; - nova-shell = { - url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; - nur = { - url = "github:nix-community/NUR"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - }; - }; - servicepoint-cli = { - url = "git+https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git"; - inputs = { - nixpkgs.follows = "nixpkgs"; - naersk.follows = "naersk"; - nix-filter.follows = "nix-filter"; - treefmt-nix.follows = "treefmt-nix"; - }; - }; - servicepoint-simulator = { - url = "git+https://git.berlin.ccc.de/servicepoint/servicepoint-simulator.git"; - inputs = { - # TODO: update flake to 25.11 - # nixpkgs.follows = "nixpkgs"; - naersk.follows = "naersk"; - nix-filter.follows = "nix-filter"; - }; - }; - servicepoint-tanks = { - url = "git+https://git.berlin.ccc.de/vinzenz/servicepoint-tanks.git?ref=service-improvements"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - stylix = { - url = "github:nix-community/stylix/release-25.11"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nur.follows = "nur"; - flake-parts.follows = "flake-parts"; - }; - }; - treefmt-nix = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - zerforschen-plus = { - url = "git+https://git.berlin.ccc.de/vinzenz/zerforschen.plus"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - #keep-sorted end - }; - - outputs = - inputs@{ - self, - nixpkgs, - # keep-sorted start - niri, - nix-vscode-extensions, - nixpkgs-unstable, - treefmt-nix, - # keep-sorted end - ... - }: - let - inherit (nixpkgs) lib; - nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; }; - supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations); - treefmt-config = { - projectRootFile = "flake.nix"; - programs = { - nixfmt.enable = true; - jsonfmt.enable = true; - prettier.enable = true; - keep-sorted.enable = true; - }; - }; - forAllSystems = - f: - lib.genAttrs supported-systems ( - system: - f rec { - inherit system; - pkgs = nixpkgs.legacyPackages.${system}; - treefmt-eval = treefmt-nix.lib.evalModule pkgs treefmt-config; - } - ); - importModuleDir = - directory: - nixpkgs.lib.packagesFromDirectoryRecursive { - inherit directory; - callPackage = path: _args: path; - }; - in - { - overlays = { - unstable = final: prev: { - unstable = import nixpkgs-unstable { - localSystem = prev.stdenv.hostPlatform; - inherit (prev) config; - }; - }; - vscodeExtensions = nix-vscode-extensions.overlays.default; - niri = niri.overlays.niri; - }; - - nixosModules = (importModuleDir ./nixosModules) // { - default = { - imports = builtins.attrValues (builtins.removeAttrs self.nixosModules [ "default" ]); - }; - }; - - homeModules = importModuleDir ./homeModules; - homeConfigurations = { - muede = ./homeConfigurations/muede; - ronja = ./homeConfigurations/ronja; - }; - - inherit nixosConfigurations; - - formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper); - - checks = forAllSystems ( - { treefmt-eval, ... }: - { - formatting = treefmt-eval.config.build.check self; - } - ); - }; -} diff --git a/hetzner-vpn1.nix b/hetzner-vpn1.nix new file mode 100644 index 0000000..b362a87 --- /dev/null +++ b/hetzner-vpn1.nix @@ -0,0 +1,76 @@ +{pkgs, ...}: let + wg_port = 51820; +in { + imports = [ + (import ./modules { + hostName = "hetzner-vpn1"; + enableHomeManager = false; + }) + ]; + + config = { + my = { + enabledUsers = ["vinzenz"]; + server.enable = true; + }; + + # TODO change to user "vinzenz" when tested + users.users.root.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' + ]; + + environment = { + systemPackages = with pkgs; [iptables wireguard-tools]; + }; + + # wireguard server for public ip + # enable NAT + networking.nat.enable = true; + networking.nat.externalInterface = "eth0"; + networking.nat.internalInterfaces = ["wg0"]; + networking.firewall = { + allowedUDPPorts = [wg_port]; + }; + + networking.wireguard.interfaces = { + # "wg0" is the network interface name. You can name the interface arbitrarily. + wg0 = { + # Determines the IP address and subnet of the server's end of the tunnel interface. + ips = ["10.100.0.1/32"]; + + # The port that WireGuard listens to. Must be accessible by the client. + listenPort = wg_port; + + # This allows the wireguard server to route your traffic to the internet and hence be like a VPN + # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients + postSetup = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + ''; + + # This undoes the above command + postShutdown = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + ''; + + # Path to the private key file + privateKeyFile = "/root/wireguard/keys/private"; + + peers = [ + # List of allowed peers. + { + # Phone + publicKey = "/sjNk9rXaMdrCHD2kmut1AXD1UhF1xcZ4ju+EmFGcCk="; + # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. + allowedIPs = ["10.100.0.2/32"]; + } + { + # vinzenz-lpt + publicKey = "D/6431f8oJ61C5vjjEIpY5Rc750oK4yVh9B/32q4xAE="; + # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. + allowedIPs = ["10.100.0.3/32"]; + } + ]; + }; + }; + }; +} diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix deleted file mode 100644 index 17c66a0..0000000 --- a/homeConfigurations/muede/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - # keep-sorted start - ./editorconfig.nix - ./element.nix - ./fonts.nix - ./fuzzel.nix - ./git.nix - ./gnome.nix - ./niri.nix - ./podman.nix - ./ssh.nix - ./starship.nix - ./swayidle.nix - #./swaylock.nix - #./swaync.nix - ./vscode.nix - # ./waybar.nix - # ./wlogout.nix - ./zsh.nix - # keep-sorted end - ]; - - config = { - my = { - # keep-sorted start - gnome-extensions.enable = true; - nano.enable = true; - templates.enable = true; - zsh.enable = true; - # keep-sorted end - }; - - programs = { - home-manager.enable = true; - fzf.enable = true; - - direnv = { - enable = true; - nix-direnv.enable = true; - enableZshIntegration = true; - }; - - eza = { - enable = true; - git = true; - icons = "auto"; - extraOptions = [ - "--group-directories-first" - "--header" - ]; - }; - - pay-respects = { - enable = true; - enableZshIntegration = true; - }; - - chromium.enable = true; - nova-shell = { - enable = true; - theme = { - fontSize = 14; - }; - #modules.backgroundOverlay.enable = false; - #modules.screenCorners.enable = false; - }; - }; - - home.packages = with pkgs; [ - # keep-sorted start - arduino - arduino-cli - arduino-ide - claude-code - dconf2nix - foliate - fractal - geary - gnome-terminal - gparted - icu - jetbrains-toolbox - kdiff3 - keepassxc - lutris - nextcloud-client - onefetch - servicepoint-cli - servicepoint-simulator - telegram-desktop - thunderbird - vlc - wireguard-tools - wirelesstools - # keep-sorted end - ]; - - home.file = { - "idea.properties".text = "idea.filewatcher.executable.path = ${pkgs.fsnotifier}/bin/fsnotifier"; - }; - - services.poweralertd.enable = true; - }; -} diff --git a/homeConfigurations/muede/editorconfig.nix b/homeConfigurations/muede/editorconfig.nix deleted file mode 100644 index 1ebffa8..0000000 --- a/homeConfigurations/muede/editorconfig.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config.editorconfig = { - enable = true; - settings = { - "*" = { - charset = "utf-8"; - end_of_line = "lf"; - trim_trailing_whitespace = true; - insert_final_newline = true; - max_line_width = 120; - indent_style = "space"; - indent_size = 4; - }; - "*.nix" = { - indent_size = 2; - }; - }; - }; -} diff --git a/homeConfigurations/muede/element.nix b/homeConfigurations/muede/element.nix deleted file mode 100644 index e2a7474..0000000 --- a/homeConfigurations/muede/element.nix +++ /dev/null @@ -1,187 +0,0 @@ -{ - programs.element-desktop = { - enable = true; - settings = { - # https://github.com/element-hq/element-web/blob/develop/docs/config.md - # https://github.com/catppuccin/element - "show_labs_settings" = true; - "setting_defaults" = { - default_theme = "custom-Catppuccin Latte (Mauve)"; - "custom_themes" = [ - { - "name" = "Catppuccin Latte (Mauve)"; - "is_dark" = false; - "colors" = { - "accent-color" = "#8839ef"; - "primary-color" = "#8839ef"; - "warning-color" = "#d20f39"; - "alert" = "#df8e1d"; - "sidebar-color" = "#dce0e8"; - "roomlist-background-color" = "#e6e9ef"; - "roomlist-text-color" = "#4c4f69"; - "roomlist-text-secondary-color" = "#7c7f93"; - "roomlist-highlights-color" = "#bcc0cc"; - "roomlist-separator-color" = "#8c8fa1"; - "timeline-background-color" = "#eff1f5"; - "timeline-text-color" = "#4c4f69"; - "secondary-content" = "#4c4f69"; - "tertiary-content" = "#4c4f69"; - "timeline-text-secondary-color" = "#6c6f85"; - "timeline-highlights-color" = "#e6e9ef"; - "reaction-row-button-selected-bg-color" = "#bcc0cc"; - "menu-selected-color" = "#bcc0cc"; - "focus-bg-color" = "#acb0be"; - "room-highlight-color" = "#04a5e5"; - "togglesw-off-color" = "#7c7f93"; - "other-user-pill-bg-color" = "#04a5e5"; - "username-colors" = [ - "#8839ef" - "#e64553" - "#fe640b" - "#40a02b" - "#179299" - "#04a5e5" - "#209fb5" - "#7287fd" - ]; - "avatar-background-colors" = [ - "#1e66f5" - "#8839ef" - "#40a02b" - ]; - }; - } - { - "name" = "Catppuccin Frappé (Mauve)"; - "is_dark" = true; - "colors" = { - "accent-color" = "#ca9ee6"; - "primary-color" = "#ca9ee6"; - "warning-color" = "#e78284"; - "alert" = "#e5c890"; - "sidebar-color" = "#232634"; - "roomlist-background-color" = "#292c3c"; - "roomlist-text-color" = "#c6d0f5"; - "roomlist-text-secondary-color" = "#949cbb"; - "roomlist-highlights-color" = "#51576d"; - "roomlist-separator-color" = "#838ba7"; - "timeline-background-color" = "#303446"; - "timeline-text-color" = "#c6d0f5"; - "secondary-content" = "#c6d0f5"; - "tertiary-content" = "#c6d0f5"; - "timeline-text-secondary-color" = "#a5adce"; - "timeline-highlights-color" = "#292c3c"; - "reaction-row-button-selected-bg-color" = "#51576d"; - "menu-selected-color" = "#51576d"; - "focus-bg-color" = "#626880"; - "room-highlight-color" = "#99d1db"; - "togglesw-off-color" = "#949cbb"; - "other-user-pill-bg-color" = "#99d1db"; - "username-colors" = [ - "#ca9ee6" - "#ea999c" - "#ef9f76" - "#a6d189" - "#81c8be" - "#99d1db" - "#85c1dc" - "#babbf1" - ]; - "avatar-background-colors" = [ - "#8caaee" - "#ca9ee6" - "#a6d189" - ]; - }; - } - { - "name" = "Catppuccin Macchiato (Mauve)"; - "is_dark" = true; - "colors" = { - "accent-color" = "#c6a0f6"; - "primary-color" = "#c6a0f6"; - "warning-color" = "#ed8796"; - "alert" = "#eed49f"; - "sidebar-color" = "#181926"; - "roomlist-background-color" = "#1e2030"; - "roomlist-text-color" = "#cad3f5"; - "roomlist-text-secondary-color" = "#939ab7"; - "roomlist-highlights-color" = "#494d64"; - "roomlist-separator-color" = "#8087a2"; - "timeline-background-color" = "#24273a"; - "timeline-text-color" = "#cad3f5"; - "secondary-content" = "#cad3f5"; - "tertiary-content" = "#cad3f5"; - "timeline-text-secondary-color" = "#a5adcb"; - "timeline-highlights-color" = "#1e2030"; - "reaction-row-button-selected-bg-color" = "#494d64"; - "menu-selected-color" = "#494d64"; - "focus-bg-color" = "#5b6078"; - "room-highlight-color" = "#91d7e3"; - "togglesw-off-color" = "#939ab7"; - "other-user-pill-bg-color" = "#91d7e3"; - "username-colors" = [ - "#c6a0f6" - "#ee99a0" - "#f5a97f" - "#a6da95" - "#8bd5ca" - "#91d7e3" - "#7dc4e4" - "#b7bdf8" - ]; - "avatar-background-colors" = [ - "#8aadf4" - "#c6a0f6" - "#a6da95" - ]; - }; - } - { - "name" = "Catppuccin Mocha (Mauve)"; - "is_dark" = true; - "colors" = { - "accent-color" = "#cba6f7"; - "primary-color" = "#cba6f7"; - "warning-color" = "#f38ba8"; - "alert" = "#f9e2af"; - "sidebar-color" = "#11111b"; - "roomlist-background-color" = "#181825"; - "roomlist-text-color" = "#cdd6f4"; - "roomlist-text-secondary-color" = "#9399b2"; - "roomlist-highlights-color" = "#45475a"; - "roomlist-separator-color" = "#7f849c"; - "timeline-background-color" = "#1e1e2e"; - "timeline-text-color" = "#cdd6f4"; - "secondary-content" = "#cdd6f4"; - "tertiary-content" = "#cdd6f4"; - "timeline-text-secondary-color" = "#a6adc8"; - "timeline-highlights-color" = "#181825"; - "reaction-row-button-selected-bg-color" = "#45475a"; - "menu-selected-color" = "#45475a"; - "focus-bg-color" = "#585b70"; - "room-highlight-color" = "#89dceb"; - "togglesw-off-color" = "#9399b2"; - "other-user-pill-bg-color" = "#89dceb"; - "username-colors" = [ - "#cba6f7" - "#eba0ac" - "#fab387" - "#a6e3a1" - "#94e2d5" - "#89dceb" - "#74c7ec" - "#b4befe" - ]; - "avatar-background-colors" = [ - "#89b4fa" - "#cba6f7" - "#a6e3a1" - ]; - }; - } - ]; - }; - }; - }; -} diff --git a/homeConfigurations/muede/fonts.nix b/homeConfigurations/muede/fonts.nix deleted file mode 100644 index 2d001a7..0000000 --- a/homeConfigurations/muede/fonts.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - fonts.fontconfig.enable = true; - home.packages = with pkgs; [ - roboto-mono - recursive - ]; -} diff --git a/homeConfigurations/muede/fuzzel.nix b/homeConfigurations/muede/fuzzel.nix deleted file mode 100644 index bf33708..0000000 --- a/homeConfigurations/muede/fuzzel.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, lib, ... }: -{ - config.programs.fuzzel = { - enable = true; - settings = { - main = { - terminal = "${lib.getBin pkgs.gnome-console}/bin/kgx"; - icon-theme = "Adwaita"; - counter = true; - launch-prefix = "niri msg action spawn --"; - }; - border = { - radius = 30; - width = 3; - }; - }; - }; -} diff --git a/homeConfigurations/muede/git.nix b/homeConfigurations/muede/git.nix deleted file mode 100644 index 97c8477..0000000 --- a/homeConfigurations/muede/git.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - programs = { - git = { - enable = true; - settings = { - user = { - name = "müde"; - email = "git@darkest.space"; - }; - - aliases = { - prettylog = "log --pretty=oneline --graph"; - spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d"; - }; - - pull.ff = "only"; - merge.tool = "kdiff3"; - push.autoSetupRemote = "true"; - credential.credentialStore = "cache"; - }; - - ignores = [ - ".direnv" - ".idea" - ".envrc" - ]; - }; - - git-credential-oauth.enable = true; - gh = { - enable = true; - gitCredentialHelper.enable = true; - }; - }; -} diff --git a/homeConfigurations/muede/gnome.nix b/homeConfigurations/muede/gnome.nix deleted file mode 100644 index ce5416e..0000000 --- a/homeConfigurations/muede/gnome.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, lib, ... }: -{ - config = { - home.packages = with pkgs; [ - gitg - meld - simple-scan - pinta - dconf-editor - impression # usb image writer - papers # pdf viewer - gnome-software # for flatpak apps - gnomeExtensions.solaar-extension - snapshot - ]; - - dconf.settings = { - "org/gnome/shell".enabled-extensions = [ - "GPaste@gnome-shell-extensions.gnome.org" - "solaar-extension@sidevesh" - ]; - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - "org/gnome/desktop/wm/keybindings" = { - switch-windows = [ "Tab" ]; - switch-windows-backward = [ "Tab" ]; - switch-applications = [ "Tab" ]; - switch-applications-backward = [ "Tab" ]; - }; - "org/gnome/desktop/session".idle-delay = lib.hm.gvariant.mkUint32 300; - "org/gnome/Connections".first-run = false; - }; - }; -} diff --git a/homeConfigurations/muede/niri.nix b/homeConfigurations/muede/niri.nix deleted file mode 100644 index d228899..0000000 --- a/homeConfigurations/muede/niri.nix +++ /dev/null @@ -1,413 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -{ - config = { - home.sessionVariables.NIXOS_OZONE_WL = "1"; - home.packages = with pkgs; [ - xwayland-satellite - ]; - - qt.style = { - package = pkgs.adwaita-qt; - name = "adwaita-dark"; - }; - - services.wpaperd.enable = true; - - programs.niri.settings = { - outputs = { - "BOE 0x0A3B Unknown" = { - scale = 1.0; - variable-refresh-rate = true; - }; - "Dell Inc. DELL P2719H 39VHKS2" = { - scale = 1.0; - }; - "LG Electronics LG ULTRAGEAR 106NTYT27386" = { - scale = 1.0; - variable-refresh-rate = true; - }; - }; - - layout = - let - colors = config.lib.stylix.colors.withHashtag; - pink_light = colors.base0A; - pink_dark = colors.base0C; - blue_light = colors.base0B; - blue_dark = colors.base09; - gradient-common = { - angle = 90; - in' = "oklab"; - }; - gradient-active = gradient-common // { - from = pink_light; - to = blue_light; - }; - gradient-inactive = gradient-common // { - from = pink_dark; - to = blue_dark; - }; - gradient-urgent = gradient-common // { - from = pink_dark; - to = pink_light; - }; - gap-size = 6; - in - { - background-color = "transparent"; - gaps = gap-size; - border = { - enable = true; - width = gap-size / 2; - active.gradient = gradient-active; - inactive.gradient = gradient-inactive; - urgent.gradient = gradient-urgent; - }; - focus-ring = { - enable = false; - active.gradient = gradient-active; - inactive.gradient = gradient-inactive; - urgent.gradient = gradient-urgent; - }; - shadow = { - enable = false; - color = "white"; - inactive-color = pink_dark; - draw-behind-window = true; - spread = 5; - softness = 10; - offset = { - x = 0; - y = 0; - }; - }; - insert-hint = { - enable = true; - display.color = pink_dark; - }; - struts = - let - strut-inset = 4; - in - { - left = strut-inset; - right = strut-inset; - top = strut-inset; - bottom = strut-inset; - }; - tab-indicator = { - place-within-column = true; - active.gradient = gradient-inactive; - inactive.gradient = gradient-inactive; - urgent.gradient = gradient-inactive; - }; - }; - - cursor.theme = "Adwaita"; - - input = { - touchpad.tap = true; - keyboard = { - xkb = { - layout = "de"; - options = "compose:caps"; - }; - numlock = true; - }; - }; - - #prefer-no-csd = true; - hotkey-overlay.skip-at-startup = true; - - window-rules = [ - { - clip-to-geometry = true; - geometry-corner-radius = - let - radius = 15.; - in - { - top-left = radius; - bottom-left = radius; - top-right = radius; - bottom-right = radius; - }; - } - { - matches = [ - { - app-id = "steam"; - title = "^notificationtoasts_\\d+_desktop$"; - } - ]; - default-floating-position = { - x = 10; - y = 10; - relative-to = "bottom-right"; - }; - } - ]; - - # defaults taken from https://github.com/sodiboo/niri-flake/issues/483 - binds = { - # Keys consist of modifiers separated by + signs, followed by an XKB key name - # in the end. To find an XKB name for a particular key, you may use a program - # like wev. - # - # "Mod" is a special modifier equal to Super when running on a TTY, and to Alt - # when running as a winit window. - # - # Most actions that you can bind here can also be invoked programmatically with - # `niri msg action do-something`. - - # Mod-Shift-/, which is usually the same as Mod-?, - # shows a list of important hotkeys. - "Mod+Shift+Numbersign".action.show-hotkey-overlay = { }; - - # Suggested binds for running programs: terminal, app launcher, screen locker. - "Mod+T".action.spawn = "${lib.getBin pkgs.gnome-console}/bin/kgx"; - "Mod+D".action.spawn = "${lib.getBin config.programs.fuzzel.package}/bin/fuzzel"; - - # You can also use a shell. Do this if you need pipes, multiple commands, etc. - # Note: the entire command goes as a single argument in the end. - # Mod+T { spawn "bash" "-c" "notify-send hello && exec alacritty"; } - - # Example volume keys mappings for PipeWire & WirePlumber. - # The allow-when-locked=true property makes them work even when the session is locked. - "XF86AudioRaiseVolume" = { - allow-when-locked = true; - action.spawn = [ - "wpctl" - "set-volume" - "@DEFAULT_AUDIO_SINK@" - "0.1+" - ]; - }; - "XF86AudioLowerVolume" = { - allow-when-locked = true; - action.spawn = [ - "wpctl" - "set-volume" - "@DEFAULT_AUDIO_SINK@" - "0.1-" - ]; - }; - "XF86AudioMute" = { - allow-when-locked = true; - action.spawn = [ - "wpctl" - "set-mute" - "@DEFAULT_AUDIO_SINK@" - "toggle" - ]; - }; - "XF86AudioMicMute" = { - allow-when-locked = true; - action.spawn = [ - "wpctl" - "set-mute" - "@DEFAULT_AUDIO_SOURCE@" - "toggle" - ]; - }; - - "Mod+Q".action.close-window = { }; - - "Mod+Left".action.focus-column-left = { }; - "Mod+Down".action.focus-window-down = { }; - "Mod+Up".action.focus-window-up = { }; - "Mod+Right".action.focus-column-right = { }; - - "Mod+Ctrl+Left".action.move-column-left = { }; - "Mod+Ctrl+Down".action.move-window-down = { }; - "Mod+Ctrl+Up".action.move-window-up = { }; - "Mod+Ctrl+Right".action.move-column-right = { }; - - # Alternative commands that move across workspaces when reaching - # the first or last window in a column. - # Mod+J { focus-window-or-workspace-down; } - # Mod+K { focus-window-or-workspace-up; } - # Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - # Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - - "Mod+Home".action.focus-column-first = { }; - "Mod+End".action.focus-column-last = { }; - "Mod+Ctrl+Home".action.move-column-to-first = { }; - "Mod+Ctrl+End".action.move-column-to-last = { }; - - "Mod+Shift+Left".action.focus-monitor-left = { }; - "Mod+Shift+Down".action.focus-monitor-down = { }; - "Mod+Shift+Up".action.focus-monitor-up = { }; - "Mod+Shift+Right".action.focus-monitor-right = { }; - - "Mod+Shift+Ctrl+Left".action.move-column-to-monitor-left = { }; - "Mod+Shift+Ctrl+Down".action.move-column-to-monitor-down = { }; - "Mod+Shift+Ctrl+Up".action.move-column-to-monitor-up = { }; - "Mod+Shift+Ctrl+Right".action.move-column-to-monitor-right = { }; - - # Alternatively, there are commands to move just a single window: - # Mod+Shift+Ctrl+Left { move-window-to-monitor-left; } - # ... - - # And you can also move a whole workspace to another monitor: - # Mod+Shift+Ctrl+Left { move-workspace-to-monitor-left; } - # ... - - "Mod+Page_Down".action.focus-workspace-down = { }; - "Mod+Page_Up".action.focus-workspace-up = { }; - "Mod+U".action.focus-workspace-down = { }; - "Mod+I".action.focus-workspace-up = { }; - "Mod+Ctrl+Page_Down".action.move-column-to-workspace-down = { }; - "Mod+Ctrl+Page_Up".action.move-column-to-workspace-up = { }; - "Mod+Ctrl+U".action.move-column-to-workspace-down = { }; - "Mod+Ctrl+I".action.move-column-to-workspace-up = { }; - - # Alternatively, there are commands to move just a single window: - # Mod+Ctrl+Page_Down { move-window-to-workspace-down; } - # ... - - "Mod+Shift+Page_Down".action.move-workspace-down = { }; - "Mod+Shift+Page_Up".action.move-workspace-up = { }; - "Mod+Shift+U".action.move-workspace-down = { }; - "Mod+Shift+I".action.move-workspace-up = { }; - - # You can bind mouse wheel scroll ticks using the following syntax. - # These binds will change direction based on the natural-scroll setting. - # - # To avoid scrolling through workspaces really fast, you can use - # the cooldown-ms property. The bind will be rate-limited to this value. - # You can set a cooldown on any bind, but it's most useful for the wheel. - "Mod+WheelScrollDown" = { - cooldown-ms = 150; - action.focus-workspace-down = { }; - }; - "Mod+WheelScrollUp" = { - cooldown-ms = 150; - action.focus-workspace-up = { }; - }; - "Mod+Ctrl+WheelScrollDown" = { - cooldown-ms = 150; - action.move-column-to-workspace-down = { }; - }; - "Mod+Ctrl+WheelScrollUp" = { - cooldown-ms = 150; - action.move-column-to-workspace-up = { }; - }; - - "Mod+WheelScrollRight".action.focus-column-right = { }; - "Mod+WheelScrollLeft".action.focus-column-left = { }; - "Mod+Ctrl+WheelScrollRight".action.move-column-right = { }; - "Mod+Ctrl+WheelScrollLeft".action.move-column-left = { }; - - # Usually scrolling up and down with Shift in applications results in - # horizontal scrolling; these binds replicate that. - "Mod+Shift+WheelScrollDown".action.focus-column-right = { }; - "Mod+Shift+WheelScrollUp".action.focus-column-left = { }; - "Mod+Ctrl+Shift+WheelScrollDown".action.move-column-right = { }; - "Mod+Ctrl+Shift+WheelScrollUp".action.move-column-left = { }; - - # Similarly, you can bind touchpad scroll "ticks". - # Touchpad scrolling is continuous, so for these binds it is split into - # discrete intervals. - # These binds are also affected by touchpad's natural-scroll, so these - # example binds are "inverted", since we have natural-scroll enabled for - # touchpads by default. - # Mod+TouchpadScrollDown { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.02+"; } - # Mod+TouchpadScrollUp { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.02-"; } - - # You can refer to workspaces by index. However, keep in mind that - # niri is a dynamic workspace system, so these commands are kind of - # "best effort". Trying to refer to a workspace index bigger than - # the current workspace count will instead refer to the bottommost - # (empty) workspace. - # - # For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on - # will all refer to the 3rd workspace. - "Mod+1".action.focus-workspace = 1; - "Mod+2".action.focus-workspace = 2; - "Mod+3".action.focus-workspace = 3; - "Mod+4".action.focus-workspace = 4; - "Mod+5".action.focus-workspace = 5; - "Mod+6".action.focus-workspace = 6; - "Mod+7".action.focus-workspace = 7; - "Mod+8".action.focus-workspace = 8; - "Mod+9".action.focus-workspace = 9; - "Mod+Ctrl+1".action.move-column-to-workspace = 1; - "Mod+Ctrl+2".action.move-column-to-workspace = 2; - "Mod+Ctrl+3".action.move-column-to-workspace = 3; - "Mod+Ctrl+4".action.move-column-to-workspace = 4; - "Mod+Ctrl+5".action.move-column-to-workspace = 5; - "Mod+Ctrl+6".action.move-column-to-workspace = 6; - "Mod+Ctrl+7".action.move-column-to-workspace = 7; - "Mod+Ctrl+8".action.move-column-to-workspace = 8; - "Mod+Ctrl+9".action.move-column-to-workspace = 9; - - # Alternatively, there are commands to move just a single window: - # Mod+Ctrl+1 { move-window-to-workspace 1; } - - # Switches focus between the current and the previous workspace. - # Mod+Tab { focus-workspace-previous; } - - "Mod+Comma".action.consume-window-into-column = { }; - "Mod+Period".action.expel-window-from-column = { }; - - # There are also commands that consume or expel a single window to the side. - # Mod+BracketLeft { consume-or-expel-window-left; } - # Mod+BracketRight { consume-or-expel-window-right; } - - "Mod+R".action.switch-preset-column-width = { }; - "Mod+Shift+R".action.reset-window-height = { }; - "Mod+F".action.maximize-column = { }; - "Mod+Shift+F".action.fullscreen-window = { }; - "Mod+C".action.center-column = { }; - - # Finer width adjustments. - # This command can also: - # * set width in pixels: "1000" - # * adjust width in pixels: "-5" or "+5" - # * set width as a percentage of screen width: "25%" - # * adjust width as a percentage of screen width: "-10%" or "+10%" - # Pixel sizes use logical, or scaled, pixels. I.e. on an output with scale 2.0, - # set-column-width "100" will make the column occupy 200 physical screen pixels. - "Mod+Minus".action.set-column-width = "-10%"; - "Mod+Equal".action.set-column-width = "+10%"; - - # Finer height adjustments when in column with other windows. - "Mod+Shift+Minus".action.set-window-height = "-10%"; - "Mod+Shift+Equal".action.set-window-height = "+10%"; - - # Actions to switch layouts. - # Note: if you uncomment these, make sure you do NOT have - # a matching layout switch hotkey configured in xkb options above. - # Having both at once on the same hotkey will break the switching, - # since it will switch twice upon pressing the hotkey (once by xkb, once by niri). - # Mod+Space { switch-layout "next"; } - # Mod+Shift+Space { switch-layout "prev"; } - - "Print".action.screenshot = { }; - "Ctrl+Print".action.screenshot-screen = { }; - "Alt+Print".action.screenshot-window = { }; - - # The quit action will show a confirmation dialog to avoid accidental exits. - "Mod+Shift+E".action.quit = { }; - - # Powers off the monitors. To turn them back on, do any input like - # moving the mouse or pressing any other key. - "Mod+Shift+P".action.power-off-monitors = { }; - - "Mod+W".action.toggle-column-tabbed-display = { }; - "Mod+O".action.toggle-overview = { }; - - "Super+Alt+L" = { - action.spawn = "${pkgs.systemd}/bin/loginctl lock-session"; - allow-when-locked = true; - }; - }; - }; - }; -} diff --git a/homeConfigurations/muede/podman.nix b/homeConfigurations/muede/podman.nix deleted file mode 100644 index ea5b090..0000000 --- a/homeConfigurations/muede/podman.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - services.podman = { - settings = { - policy = { - default = [ { type = "reject"; } ]; - transports = { - docker-daemon = { - "" = [ { type = "insecureAcceptAnything"; } ]; - }; - docker = { - "docker.io/library/debian" = [ { type = "insecureAcceptAnything"; } ]; - "docker.io/library/rust" = [ { type = "insecureAcceptAnything"; } ]; - }; - }; - }; - }; - }; -} diff --git a/homeConfigurations/muede/ssh.nix b/homeConfigurations/muede/ssh.nix deleted file mode 100644 index 8643fc9..0000000 --- a/homeConfigurations/muede/ssh.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config.programs.ssh = { - enable = true; - enableDefaultConfig = false; - matchBlocks = { - "vpn2" = { - host = "vpn2 hetzner-vpn2"; - hostname = "2a01:4f8:c013:65dd::1"; - user = "root"; - }; - "openwrt" = { - host = "openwrt openwrt.lan"; - hostname = "openwrt.lan"; - user = "root"; - }; - "openwrt-ts" = { - hostname = "openwrt.donkey-pentatonic.ts.net"; - port = 2222; - user = "root"; - }; - "openwrt-j" = { - hostname = "openwrt.donkey-pentatonic.ts.net"; - proxyJump = "vpn1"; - port = 2222; - user = "root"; - }; - "pc2-power" = { - hostname = "openwrt.donkey-pentatonic.ts.net"; - proxyJump = "vpn1"; - port = 2222; - user = "pc2-power"; - }; - "avd-power" = { - # hostname = "2001:678:560:23:9833:63ff:fe2d:f477" - # hostname = "195.160.172.25"; - hostname = "avd-jumphost.club.berlin.ccc.de"; - user = "power"; - }; - "avd" = { - hostname = "avd.club.berlin.ccc.de"; - user = "vinzenz"; - }; - "builder.berlin.ccc.de" = { - hostname = "195.160.172.36"; - user = "root"; - }; - "cccb.zerforschen.plus" = { - hostname = "2a01:4f8:c013:cbdd::1"; - user = "root"; - }; - "berlin.ccc.de" = { - hostname = "195.160.173.9"; - user = "deploy"; - port = 31337; - }; - "forgejo-runner-1" = { - hostname = "forgejo-runner-1.dev.zerforschen.plus"; - user = "root"; - }; - }; - }; -} diff --git a/homeConfigurations/muede/starship.nix b/homeConfigurations/muede/starship.nix deleted file mode 100644 index 1550aac..0000000 --- a/homeConfigurations/muede/starship.nix +++ /dev/null @@ -1,213 +0,0 @@ -{ lib, ... }: -{ - config.programs.starship = { - enable = true; - enableZshIntegration = true; - settings = { - "$schema" = "https://starship.rs/config-schema.json"; - - add_newline = true; - format = - "[](fg:color_r)[$username $os $hostname ($container )](bg:color_r fg:text_r)[ ](fg:color_r bg:color_g)" - + "[$directory ](bg:color_g fg:text_g)[ ](fg:color_g bg:color_b)" - + "([(\\[$git_state$git_branch$git_commit$git_status\\] )" - + "$all](bg:color_b fg:text_b))[](fg:color_b bg:color_y)" - + "([ $cmd_duration$status](bg:color_y fg:text_y))[](fg:color_y)" - + "$line_break$character "; - - # TODO: replace with base16 theme - palette = lib.mkForce "color_me_surprised"; - palettes.color_me_surprised = { - "color_r" = "#a30262"; - "color_g" = "#d162a4"; - "color_b" = "#5BCEFA"; - "color_y" = "#4a6bb1"; - "text_r" = "white"; - "text_g" = "black"; - "text_b" = "black"; - "text_y" = "white"; - }; - - username = { - format = "[$user]($style)"; - style_user = "bg:color_r fg:text_r"; - style_root = "bold bg:color_r fg:text_r"; - show_always = true; - }; - os = { - disabled = false; - format = "$symbol"; - }; - hostname = { - disabled = false; - ssh_only = false; - format = "$hostname"; - ssh_symbol = ""; - aliases = { - "muede-lpt2" = "lpt"; - "muede-pc2" = "pc"; - }; - }; - container = { - format = "\[$symbol$name\]"; - }; - directory = { - format = "$path[( $read_only)]($read_only_style)"; - truncate_to_repo = true; - truncation_symbol = "…/"; - read_only = "󰌾"; - read_only_style = "fg:color_r bg:green"; - home_symbol = ""; - substitutions = { - "Documents" = "󰈙"; - "Downloads" = ""; - "Music" = "󰝚"; - "Pictures" = ""; - "Developer" = "󰲋"; - }; - }; - - git_state = { - style = "fg:text_b bg:color_b"; - }; - git_branch = { - style = "fg:text_b bg:color_b"; - format = "[$symbol $branch(:$remote_branch) ]($style)"; - symbol = ""; - }; - git_commit = { - format = "[$hash$tag ]($style)"; - style = "fg:text_b bg:color_b"; - tag_symbol = ""; - }; - git_status = { - format = "[$all_status$ahead_behind]($style)"; - style = "fg:text_b bg:color_b"; - ahead = "⇡$count"; - behind = "⇣$count"; - diverged = "⇕⇡$ahead_count⇣$behind_count"; - }; - - package = { - symbol = "󰏗"; - format = "$symbol$version "; - version_format = "$\{raw\}"; - }; - rust = { - symbol = "󱘗"; - format = "$symbol$version "; - version_format = "$major.$minor"; - }; - nix_shell = { - symbol = ""; - format = "$symbol( \($name\))"; - }; - - status = { - disabled = false; - format = "[$symbol$status_common_meaning$status_signal_name$status_maybe_int]($style)"; - map_symbol = true; - pipestatus = true; - style = "bg:color_y fg:text_y"; - }; - cmd_duration = { - format = "󱦟 $duration "; - }; - - character = { - success_symbol = "[](bold)"; - error_symbol = "[✗](bold fg:color_r)"; - }; - - # icons - c.symbol = ""; - aws.symbol = " "; - buf.symbol = ""; - bun.symbol = ""; - cpp.symbol = ""; - cmake.symbol = ""; - conda.symbol = ""; - crystal.symbol = ""; - dart.symbol = ""; - deno.symbol = ""; - docker_context.symbol = ""; - elixir.symbol = ""; - elm.symbol = ""; - fennel.symbol = ""; - fossil_branch.symbol = ""; - gcloud.symbol = " "; - golang.symbol = ""; - guix_shell.symbol = ""; - haskell.symbol = ""; - haxe.symbol = ""; - hg_branch.symbol = ""; - java.symbol = ""; - julia.symbol = ""; - kotlin.symbol = ""; - lua.symbol = ""; - memory_usage.symbol = "󰍛"; - meson.symbol = "󰔷"; - nim.symbol = "󰆥"; - nodejs.symbol = ""; - ocaml.symbol = ""; - os.symbols = { - Alpaquita = ""; - Alpine = ""; - AlmaLinux = ""; - Amazon = ""; - Android = ""; - Arch = ""; - Artix = ""; - CachyOS = ""; - CentOS = ""; - Debian = ""; - DragonFly = ""; - Emscripten = ""; - EndeavourOS = ""; - Fedora = ""; - FreeBSD = ""; - Garuda = "󰛓"; - Gentoo = ""; - HardenedBSD = "󰞌"; - Illumos = "󰈸"; - Kali = ""; - Linux = ""; - Mabox = ""; - Macos = ""; - Manjaro = ""; - Mariner = ""; - MidnightBSD = ""; - Mint = ""; - NetBSD = ""; - NixOS = ""; - Nobara = ""; - OpenBSD = "󰈺"; - openSUSE = ""; - OracleLinux = "󰌷"; - Pop = ""; - Raspbian = ""; - Redhat = ""; - RedHatEnterprise = ""; - RockyLinux = ""; - Redox = "󰀘"; - Solus = "󰠳"; - SUSE = ""; - Ubuntu = ""; - Unknown = ""; - Void = ""; - Windows = "󰍲"; - }; - perl.symbol = ""; - php.symbol = ""; - pijul_channel.symbol = ""; - pixi.symbol = "󰏗"; - python.symbol = ""; - rlang.symbol = "󰟔"; - ruby.symbol = ""; - scala.symbol = ""; - swift.symbol = ""; - zig.symbol = ""; - gradle.symbol = ""; - }; - }; -} diff --git a/homeConfigurations/muede/swayidle.nix b/homeConfigurations/muede/swayidle.nix deleted file mode 100644 index 73029e6..0000000 --- a/homeConfigurations/muede/swayidle.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: -{ - services.swayidle = - let - lock-command = "${pkgs.systemd}/bin/loginctl lock-session"; - in - { - enable = true; - systemdTarget = "graphical-session.target"; - timeouts = [ - { - timeout = 30; - command = lock-command; - } - { - timeout = 60 * 10; - command = "${pkgs.systemd}/bin/systemctl suspend"; - } - ]; - events = [ - { - event = "before-sleep"; - command = "${pkgs.playerctl}/bin/playerctl pause; ${lock-command}"; - } - ]; - }; -} diff --git a/homeConfigurations/muede/swaylock.nix b/homeConfigurations/muede/swaylock.nix deleted file mode 100644 index f807135..0000000 --- a/homeConfigurations/muede/swaylock.nix +++ /dev/null @@ -1,28 +0,0 @@ -# based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix# -{ pkgs, ... }: -{ - stylix.targets.swaylock = { - enable = true; - useWallpaper = true; - }; - - programs.swaylock = { - enable = true; - package = pkgs.swaylock-effects; - # https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd - settings = { - screenshot = false; - effect-blur = "9x9"; - effect-vignette = "0.2:0.2"; - fade-in = 0.5; - font-size = 75; - indicator-caps-lock = true; - clock = true; - indicator-radius = 400; - show-failed-attempts = true; - ignore-empty-password = true; - grace = 3.5; - indicator-thickness = 20; - }; - }; -} diff --git a/homeConfigurations/muede/swaync.nix b/homeConfigurations/muede/swaync.nix deleted file mode 100644 index 113aac0..0000000 --- a/homeConfigurations/muede/swaync.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: -{ - services.swaync = { - enable = true; - settings = { - "$schema" = "${pkgs.swaynotificationcenter}/etc/xdg/swaync/configSchema.json"; - - hide-on-clear = true; - - positionX = "center"; - fit-to-screen = false; - control-center-height = 750; - - widgets = [ - "mpris" - "volume" - "title" - "dnd" - "inhibitors" - "notifications" - ]; - - widget-config = { - mpris.autohide = true; - }; - }; - }; -} diff --git a/homeConfigurations/muede/vscode.nix b/homeConfigurations/muede/vscode.nix deleted file mode 100644 index b7e01ab..0000000 --- a/homeConfigurations/muede/vscode.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ pkgs, lib, ... }: -{ - config = { - home.sessionVariables = { - NIXOS_OZONE_WL = "1"; - ELECTRON_OZONE_PLATFORM_HINT = "auto"; - }; - programs.vscode = { - enable = true; - package = pkgs.vscodium; - profiles.default = { - enableUpdateCheck = false; - extensions = - with pkgs.nix-vscode-extensions.open-vsx; - [ - # keep-sorted start - catppuccin.catppuccin-vsc-icons - davidanson.vscode-markdownlint - editorconfig.editorconfig - jnoortheen.nix-ide - llvm-vs-code-extensions.vscode-clangd - mkhl.direnv - ms-python.python - muhammad-sammy.csharp - redhat.vscode-yaml - rust-lang.rust-analyzer - tamasfe.even-better-toml - yzhang.markdown-all-in-one - # keep-sorted end - ] - ++ (with pkgs.vscode-extensions; [ - vadimcn.vscode-lldb - RoweWilsonFrederiskHolme.wikitext - ms-dotnettools.csharp - ]); - userSettings = { - "files.autoSave" = "afterDelay"; - "files.autoSaveWhenNoErrors" = true; - "files.autoSaveWorkspaceFilesOnly" = true; - "files.exclude" = [ - ".git" - ".direnv" - ]; - - "editor.fontLigatures" = true; - "editor.formatOnSave" = true; - "editor.formatOnSaveMode" = "modificationsIfAvailable"; - "editor.minimap.autohide" = true; - "editor.mouseWheelZoom" = true; - "terminal.integrated.mouseWheelZoom" = true; - - "workbench.startupEditor" = "readme"; - "workbench.enableExperiments" = false; - "workbench.iconTheme" = "catppuchin-mocha"; - - "update.mode" = "none"; - "extensions.autoUpdate" = false; - "extensions.autoCheckUpdates" = false; - - "telemetry.telemetryLevel" = "off"; - "redhat.telemetry.enabled" = false; - - "git.autofetch" = true; - "git.path" = "${lib.getBin pkgs.git}/bin/git"; - "diffEditor.diffAlgorithm" = "advanced"; - "explorer.excludeGitIgnore" = false; - "markdown.extension.tableFormatter.normalizeIndentation" = true; - "markdown.extension.toc.orderedList" = false; - - "rust-analyzer.checkOnSave.command" = "clippy"; - - "nix.formatterPath" = "${lib.getBin pkgs.nixfmt-tree}/bin/nixfmt-tree"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "${lib.getBin pkgs.nil}/bin/nil"; - "nix.serverSettings" = { - "nil" = { - "formatting" = { - "command" = [ "${lib.getBin pkgs.nixfmt-tree}/bin/nixfmt-tree" ]; - }; - }; - }; - - "dotnetAcquisitionExtension.sharedExistingDotnetPath" = - "${lib.getBin pkgs.dotnetCorePackages.sdk_9_0}/bin/dotnet"; - - "\[makefile\]" = { - "editor.insertSpaces" = false; - "editor.detectIndentation" = false; - }; - - "\[nix\]" = { - "editor.formatOnSave" = false; - }; - - "\[css\]" = { - "editor.formatOnSave" = false; - }; - }; - }; - }; - }; -} diff --git a/homeConfigurations/muede/waybar.css b/homeConfigurations/muede/waybar.css deleted file mode 100644 index 0f1d38a..0000000 --- a/homeConfigurations/muede/waybar.css +++ /dev/null @@ -1,330 +0,0 @@ -/* #region stylix overrides*/ -.modules-left #workspaces button, -.modules-left #workspaces button.focused, -.modules-left #workspaces button.active, -.modules-center #workspaces button, -.modules-center #workspaces button.focused, -.modules-center #workspaces button.active, -.modules-right #workspaces button, -.modules-right #workspaces button.focused, -.modules-right #workspaces button.active { - border-bottom: unset; -} -/* #endregion */ - -* { - font-family: monospace; - font-size: 13px; -} - -window#waybar { - transition-property: background-color; - transition-duration: 0.5s; - /* Gradient border spanning the entire waybar window */ - border-bottom: 3px solid transparent; - background-clip: padding-box, border-box; - background-origin: padding-box, border-box; - background-image: - linear-gradient(135deg, @base00, @base01), - linear-gradient(135deg, @base0C, @base09); -} - -/* Common pill styling for all widgets */ -#clock, -#cpu, -#memory, -#disk, -#temperature, -#backlight, -#network, -#pulseaudio, -#wireplumber, -#custom-media, -#mode, -#scratchpad, -#mpd, -#custom-weather, -#battery, -#power-profiles-daemon, -#idle_inhibitor, -#custom-swaync, -#bluetooth, -#mpris, -#upower, -#workspaces, -#window, -#tray, -#custom-wlogout, -#privacy-item { - margin: 0px 4px 6px; - padding: 0px 8px; - background: linear-gradient(135deg, @base02, @base01); - border-radius: 15px; - border: 2px solid; - transition: all 0.3s ease; -} - -/* special treatment for weird sized widgets */ -#custom-wlogout, -#power-profiles-daemon, -#idle_inhibitor { - padding: 0px 10px 0px 8px; -} - -#workspaces { - padding-left: 0; - padding-right: 0; -} - -/* Individual widget colors */ -#workspaces, -#window, -#tray { - border-color: @base0D; -} - -#workspaces button { - padding: 0 6px; - background-color: transparent; - color: @base05; - border-radius: 15px; - border: none; - transition: all 0.3s ease; -} - -#workspaces button:hover { - background: @base03; -} - -#workspaces button.focused, -#workspaces button.active { - background-color: @base03; - color: @base07; -} - -#workspaces button.urgent { - background-color: @base08; - color: @base00; -} - -#clock { - color: @base07; - border-color: @base0D; -} - -#cpu { - color: @base09; - border-color: @base09; -} - -#memory { - color: @base0E; - border-color: @base0E; -} - -#disk { - color: @base0D; - border-color: @base0D; -} - -#temperature { - color: @base08; - border-color: @base08; -} - -#backlight { - color: @base0A; - border-color: @base0A; -} - -#network { - color: @base0B; - border-color: @base0B; -} - -#pulseaudio, -#wireplumber { - color: @base0D; - border-color: @base0D; -} - -#custom-media { - color: @base0E; - border-color: @base0E; -} - -#mode { - color: @base05; - border-color: @base03; - box-shadow: inset 0 -3px @base05; -} - -#mpd { - color: @base0E; - border-color: @base0E; -} - -#custom-weather { - color: @base0B; - border-color: @base0B; -} - -#battery, -#power-profiles-daemon, -#idle_inhibitor { - color: @base05; - border-color: @base03; -} - -#custom-swaync { - color: @base0E; - border-color: @base0E; -} - -#bluetooth { - color: @base0D; - border-color: @base0D; -} - -#mpris { - color: @base0E; - border-color: @base0E; -} - -#upower { - color: @base0B; - border-color: @base0B; -} - -/* If workspaces is the leftmost module, omit left margin */ -.modules-left > widget:first-child > #workspaces { - margin-left: 0; -} - -/* If workspaces is the rightmost module, omit right margin */ -.modules-right > widget:last-child > #workspaces { - margin-right: 0; -} - -/* Battery states with colored glows */ -#battery.charging { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); - border-color: @base0B; - color: @base0B; -} - -#battery.warning:not(.charging) { - box-shadow: 0 0 6px rgba(209, 98, 164, 0.6); - border-color: @base0A; - color: @base0A; -} - -@keyframes blink { - to { - background-color: #ffffff; - color: #000000; - } -} - -#battery.critical:not(.charging) { - box-shadow: 0 0 6px rgba(243, 139, 168, 0.8); - border-color: @base08; - color: @base08; - animation-name: blink; - animation-duration: 0.5s; - /* Using steps() instead of linear as a timing function to limit cpu usage */ - animation-timing-function: steps(12); - animation-iteration-count: infinite; - animation-direction: alternate; -} - -/* Bluetooth connected state */ -#bluetooth.connected { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.5); -} - -/* Power profiles with state-appropriate glows */ -#power-profiles-daemon.performance { - box-shadow: 0 0 6px rgba(243, 139, 168, 0.6); - border-color: @base08; - color: @base08; -} - -#power-profiles-daemon.balanced { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); - border-color: @base0D; - color: @base0D; -} - -#power-profiles-daemon.power-saver { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); - border-color: @base0B; - color: @base0B; -} - -/* Idle inhibitor with state glow */ -#idle_inhibitor.activated { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); - border-color: @base0D; - color: @base0D; -} - -/* MPD states with glows */ -#mpd.playing { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.5); - border-color: @base0B; - color: @base0B; -} - -#mpd.paused { - box-shadow: 0 0 6px rgba(203, 166, 247, 0.5); - border-color: @base0E; - color: @base0E; -} - -#mpd.disconnected, -#mpd.stopped { - color: @base04; -} - -#tray > .passive { - -gtk-icon-effect: dim; -} - -#tray > .needs-attention { - -gtk-icon-effect: highlight; - box-shadow: 0 0 6px rgba(243, 139, 168, 0.8); - border-color: @base08; -} - -#privacy { - padding: 0; -} - -#privacy-item.screenshare { - box-shadow: 0 0 6px rgba(209, 98, 164, 0.6); - border-color: @base0A; - color: @base0A; -} - -#privacy-item.audio-in { - box-shadow: 0 0 6px rgba(168, 201, 255, 0.6); - border-color: @base0B; - color: @base0B; -} - -#privacy-item.audio-out { - box-shadow: 0 0 6px rgba(137, 180, 250, 0.6); - border-color: @base0D; - color: @base0D; -} - -/* Custom wlogout button */ -#custom-wlogout { - color: @base08; - border-color: @base08; -} - -#custom-wlogout:hover { - box-shadow: 0 0 6px rgba(243, 139, 168, 0.5); -} diff --git a/homeConfigurations/muede/waybar.nix b/homeConfigurations/muede/waybar.nix deleted file mode 100644 index 1f014e2..0000000 --- a/homeConfigurations/muede/waybar.nix +++ /dev/null @@ -1,284 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - home.packages = with pkgs; [ - playerctl - ]; - - programs.waybar = { - enable = true; - systemd = { - enable = true; - target = "graphical-session.target"; - }; - style = lib.mkAfter (builtins.readFile ./waybar.css); - settings = { - mainBar = { - layer = "top"; - position = "top"; - output = [ - "eDP-1" - "HDMI-A-1" - ]; - mode = "dock"; - spacing = "8"; - modules-left = [ - "niri/workspaces" - "tray" - "niri/window" - ]; - modules-center = [ - "privacy" - "clock" - "custom/swaync" - ]; - modules-right = [ - "mpris" - "wireplumber" - "bluetooth" - "backlight" - "network" - "power-profiles-daemon" - "idle_inhibitor" - #"image" - "custom/weather" - "temperature" - "cpu" - "memory" - "disk" - # "battery" - "upower" - "custom/wlogout" - ]; - - "niri/workspaces" = { - format = "{icon}"; - }; - "niri/window" = { - separate-outputs = true; - icon = true; - }; - network = { - #interface = "wlo1"; - format = "{ifname}"; - format-wifi = " {essid}"; - format-ethernet = "󰈀"; - format-linked = "󱘖"; - format-disconnected = "󰣽"; - tooltip-format = "{ifname} via {gwaddr}"; - tooltip-format-wifi = "{essid} ({signalStrength}%)"; - tooltip-format-ethernet = "{ifname} {ipaddr}/{cidr}"; - tooltip-format-disconnected = "Disconnected"; - max-length = 20; - }; - clock = { - format = "{:%a, %d. %b %H:%M}"; - tooltip-format = "{calendar}"; - calendar = { - mode = "month"; - weeks-pos = "right"; - on-scroll = 1; - on-click-right = "mode"; - format = { - #months = "{}"; - #days = "{}"; - #weeks = "W{}"; - #weekdays = "{}"; - #weekdays = "{}"; - today = "{}"; - }; - }; - actions = { - on-click-right = "mode"; - on-click-forward = "tz_up"; - on-click-backward = "tz_down"; - on-scroll-up = "shift_down"; - on-scroll-down = "shift_up"; - }; - }; - upower = { - icon-size = 14; - }; - battery = { - format = "{icon} {capacity}%"; - format-icons = [ - "󰂎" # 0% - "󰁺" # 10% - "󰁻" # 20% - "󰁼" # 30% - "󰁽" # 40% - "󰁾" # 50% - "󰁿" # 60% - "󰂀" # 70% - "󰂁" # 80% - "󰂂" # 90% - "󱟢" # 100% - ]; - states = { - warning = 25; - critical = 15; - }; - events = - let - mkNotifySendCommand = - { - summary, - urgency ? null, - body ? null, - icon ? null, - category ? null, - }: - let - body-part = if body != null then "'${body}'" else ""; - urgency-part = if urgency != null then "--urgency ${urgency}" else ""; - icon-part = if icon != null then "--icon ${icon}" else ""; - category-part = if category != null then "--category ${category}" else ""; - in - "${lib.getBin pkgs.libnotify}/bin/notify-send ${urgency-part} ${icon-part} ${category-part} '${summary}' ${body-part}"; - in - { - on-discharging-warning = mkNotifySendCommand { - summary = "Low Battery"; - icon = "battery-caution"; - category = "device"; - }; - on-discharging-critical = mkNotifySendCommand { - urgency = "critical"; - summary = "Very Low Battery"; - body = "Connect to power now!"; - icon = "battery-low"; - category = "device"; - }; - }; - }; - backlight = { - device = "intel_backlight"; - format = "{percent}%  "; - on-scroll-down = "light -U 1"; - on-scroll-up = "light -A 1"; - }; - cpu = { - interval = 1; - format = " {usage:>2}%@{avg_frequency:>3.2f}"; - }; - disk = { - format = " {percentage_free}% {specific_total:>2.1f}"; - unit = "TB"; - }; - "custom/wlogout" = { - format = ""; - tooltip = false; - on-click = "wlogout"; - min-width = 20; - }; - idle_inhibitor = { - format = "{icon}"; - format-icons = { - activated = ""; - deactivated = ""; - }; - }; - #image = - # let - # albumArtScript = pkgs.writeShellScriptBin "album-art.sh" '' - # #!${pkgs.bash}/bin/bash - # album_art=$(playerctl metadata mpris:artUrl) - # if [[ -z $album_art ]] - # then - # exit - # fi - # curl -s "''${album_art}" --output "/tmp/cover.jpeg" - # echo "/tmp/cover.jpeg" - # ''; - # in - # { - # exec = "${albumArtScript}/bin/album-art.sh"; - # interval = 15; - # on-click = "playerctl play-pause"; - # }; - mpris = { - format = "{status_icon} {player}"; - tooltip-format = "{player} ({status_icon} {status}) {dynamic}"; - status-icons = { - playing = ""; - paused = "󰏤"; - stopped = "󰓛"; - }; - }; - memory = { - format = " {}%"; - }; - power-profiles-daemon = { - format = "{icon}"; - tooltip-format = "Power profile: {profile}\nDriver: {driver}"; - tooltip = true; - format-icons = { - default = ""; - performance = ""; - balanced = ""; - power-saver = ""; - }; - }; - wireplumber = { - format = "{icon} {volume}%"; - format-muted = ""; - format-icons = [ - "" - "" - "" - ]; - }; - temperature = { - format = " {temperatureC}°C"; - }; - tray = { - spacing = 4; - show-passive-items = true; - }; - bluetooth = { - format = " {status}"; - format-connected = " {device_alias}"; - format-connected-battery = " {device_alias} {device_battery_percentage}%"; - tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected"; - tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}"; - tooltip-format-enumerate-connected = "{device_alias}\t{device_address}"; - tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%"; - }; - "custom/swaync" = - let - swaync-client = "${lib.getBin config.services.swaync.package}/bin/swaync-client"; - in - { - tooltip = true; - format = "{icon} {0}"; - format-icons = { - notification = "󱅫"; - none = "󰂜"; - dnd-notification = "󰂠"; - dnd-none = "󰪓"; - inhibited-notification = "󰂛"; - inhibited-none = "󰪑"; - dnd-inhibited-notification = "󰂛"; - dnd-inhibited-none = "󰪑"; - }; - return-type = "json"; - exec = "${swaync-client} --subscribe-waybar"; - on-click = "${swaync-client} --toggle-panel --skip-wait"; - on-click-right = "${swaync-client} --toggle-dnd --skip-wait"; - escape = true; - }; - "custom/weather" = { - format = "{}"; - tooltip = true; - interval = 3600; - exec = "${lib.getBin pkgs.wttrbar}/bin/wttrbar --nerd"; - return-type = "json"; - }; - }; - }; - }; -} diff --git a/homeConfigurations/muede/wlogout.nix b/homeConfigurations/muede/wlogout.nix deleted file mode 100644 index bfd39f5..0000000 --- a/homeConfigurations/muede/wlogout.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config.programs.wlogout = { - enable = true; - style = '' - * { - /*background-image: none;*/ - box-shadow: none; - } - - window { - background-color: rgba(30, 30, 46, 0.90); - } - - button { - border-radius: 0; - border-color: #cba6f7; - text-decoration-color: #cdd6f4; - color: #cdd6f4; - background-color: #181825; - border-style: solid; - border-width: 1px; - background-repeat: no-repeat; - background-position: center; - background-size: 25%; - } - - button:focus, button:active, button:hover { - /* 20% Overlay 2, 80% mantle */ - background-color: rgb(48, 50, 66); - outline-style: none; - } - ''; - }; -} diff --git a/homeConfigurations/muede/zsh.nix b/homeConfigurations/muede/zsh.nix deleted file mode 100644 index 16f00e1..0000000 --- a/homeConfigurations/muede/zsh.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, ... }: -{ - config.programs.zsh = { - initContent = '' - export PATH=$PATH:$HOME/.cargo/bin - - bindkey "^[[1;5C" forward-word - bindkey "^[[1;5D" backward-word - ''; - enableCompletion = true; - - shellAliases = { - myos-rebuild-boot = "sudo nixos-rebuild boot --flake .# --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json"; - myos-rebuild-switch = "sudo nixos-rebuild switch --flake .# --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json"; - - s = "nix-shell -p"; - - my-direnvallow = "echo \"use nix\" > .envrc && direnv allow"; - my-ip4 = "ip addr show | grep 192"; - deadnix = "nix run github:astro/deadnix -- "; - statix = "nix run github:oppiliappan/statix -- "; - }; - - history = { - size = 10000; - path = "${config.xdg.dataHome}/zsh/history"; - expireDuplicatesFirst = true; - }; - }; -} diff --git a/homeConfigurations/ronja/default.nix b/homeConfigurations/ronja/default.nix deleted file mode 100644 index 4d5c5ee..0000000 --- a/homeConfigurations/ronja/default.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ ./vscode.nix ]; - config = { - my = { - # keep-sorted start - nano.enable = true; - templates.enable = true; - zsh.enable = true; - # keep-sorted end - }; - - home.packages = with pkgs; [ - ## Apps - telegram-desktop - kdiff3 - ]; - - programs = { - home-manager.enable = true; - - zsh = { - history = { - size = 10000; - path = "${config.xdg.dataHome}/zsh/history"; - expireDuplicatesFirst = true; - }; - - oh-my-zsh = { - enable = true; - theme = "agnoster"; - plugins = [ - "git" - "sudo" - "systemadmin" - ]; - }; - shellAliases = { - myos-update = ''echo "Enter sudo password" && sudo nixos-rebuild boot --flake git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json''; - myos-apply = ''echo "Enter sudo password" && sudo nixos-rebuild switch --flake .# --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json''; - }; - }; - - git = { - userName = "Ronja Spiegelberg"; - userEmail = "ronja.spiegelberg@gmail.com"; - - extraConfig = { - pull.ff = "only"; - merge.tool = "kdiff3"; - }; - }; - - chromium = { - enable = true; - extensions = [ - { - # ublock origin - id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; - } - { - id = "dcpihecpambacapedldabdbpakmachpb"; - updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml"; - } - ]; - }; - }; - }; -} diff --git a/homeConfigurations/ronja/vscode.nix b/homeConfigurations/ronja/vscode.nix deleted file mode 100644 index 5226411..0000000 --- a/homeConfigurations/ronja/vscode.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, lib, ... }: -{ - config = { - home.sessionVariables.NIXOS_OZONE_WL = "1"; - programs.vscode = { - enable = true; - package = pkgs.vscodium; - profiles.default = { - enableUpdateCheck = false; - extensions = with pkgs.vscode-extensions; [ - jnoortheen.nix-ide - ms-python.python - editorconfig.editorconfig - yzhang.markdown-all-in-one - redhat.vscode-yaml - pkief.material-icon-theme - rust-lang.rust-analyzer - tamasfe.even-better-toml - llvm-vs-code-extensions.vscode-clangd - mkhl.direnv - vadimcn.vscode-lldb - # ms-dotnettools.csharp - # ms-vscode-remote.remote-ssh - ]; - userSettings = { - "files.autoSave" = "afterDelay"; - "files.autoSaveWhenNoErrors" = true; - "files.autoSaveWorkspaceFilesOnly" = true; - - "editor.fontLigatures" = true; - "editor.formatOnSave" = true; - "editor.formatOnSaveMode" = "modificationsIfAvailable"; - "editor.minimap.autohide" = true; - - "workbench.startupEditor" = "readme"; - "workbench.enableExperiments" = false; - "workbench.iconTheme" = "material-icon-theme"; - - "update.mode" = "none"; - "extensions.autoUpdate" = false; - "extensions.autoCheckUpdates" = false; - - "telemetry.telemetryLevel" = "off"; - "redhat.telemetry.enabled" = false; - - "git.autofetch" = true; - "diffEditor.diffAlgorithm" = "advanced"; - "explorer.excludeGitIgnore" = true; - "markdown.extension.tableFormatter.normalizeIndentation" = true; - "markdown.extension.toc.orderedList" = false; - "rust-analyzer.checkOnSave.command" = "clippy"; - - "nix.formatterPath" = "${lib.getBin pkgs.nixfmt-rfc-style}/bin/nixfmt"; - - "\[makefile\]" = { - "editor.insertSpaces" = false; - "editor.detectIndentation" = false; - }; - - "\[nix\]" = { - "editor.formatOnSave" = false; - }; - }; - }; - }; - }; -} diff --git a/homeModules/gnome-extensions.nix b/homeModules/gnome-extensions.nix deleted file mode 100644 index 20b3a70..0000000 --- a/homeModules/gnome-extensions.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ - lib, - pkgs, - osConfig, - config, - ... -}: -{ - options.my.gnome-extensions = - let - mkDefaultEnabledOption = - name: - lib.mkOption { - default = true; - example = false; - description = "Whether to enable ${name}."; - type = lib.types.bool; - }; - in - { - enable = lib.mkEnableOption "gnome extended options"; - appindicator.enable = mkDefaultEnabledOption "appindicator"; - caffeine.enable = mkDefaultEnabledOption "caffeine"; - tailscale-qs.enable = lib.mkOption { - default = osConfig.services.tailscale.enable; - example = true; - description = "Whether to enable tailscale quick setting."; - type = lib.types.bool; - }; - alphabetic-apps.enable = mkDefaultEnabledOption "alphabetic app grid"; - clock-show-seconds = mkDefaultEnabledOption "clock seconds"; - show-battery-percentage = mkDefaultEnabledOption "battery percentage"; - enable-numlock = mkDefaultEnabledOption "num lock on login"; - enable-systool-warning = lib.mkEnableOption "system configuration tool warning"; - edge-tiling = mkDefaultEnabledOption "edge tiling"; - dynamic-workspaces = mkDefaultEnabledOption "dynamic workspaces"; - tap-to-click = mkDefaultEnabledOption "tap to click"; - two-finger-scrolling = mkDefaultEnabledOption "two finger scrolling"; - }; - - config = - let - cfg = config.my.gnome-extensions; - in - lib.mkIf cfg.enable ( - lib.mkMerge [ - { - dconf = { - enable = true; - settings = { - "org/gnome/shell" = { - disable-user-extensions = false; - disabled-extensions = [ ]; - enabled-extensions = [ ]; - }; - - "ca/desrt/dconf-editor".show-warning = cfg.enable-systool-warning; - "org/gnome/tweaks".show-extensions-notice = cfg.enable-systool-warning; - "org/gnome/mutter" = { - inherit (cfg) edge-tiling dynamic-workspaces; - }; - "org/gnome/desktop/peripherals/touchpad" = { - inherit (cfg) tap-to-click; - two-finger-scrolling-enabled = cfg.two-finger-scrolling; - }; - "org/gnome/desktop/interface" = { - inherit (cfg) clock-show-seconds show-battery-percentage; - }; - }; - }; - } - - (lib.mkIf cfg.tailscale-qs.enable { - home.packages = [ pkgs.gnomeExtensions.tailscale-qs ]; - dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ]; - }) - - (lib.mkIf cfg.appindicator.enable { - home.packages = [ pkgs.gnomeExtensions.appindicator ]; - dconf.settings."org/gnome/shell".enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" ]; - }) - - (lib.mkIf cfg.caffeine.enable { - home.packages = [ pkgs.gnomeExtensions.caffeine ]; - dconf.settings."org/gnome/shell".enabled-extensions = [ "caffeine@patapon.info" ]; - }) - - (lib.mkIf cfg.alphabetic-apps.enable { - home.packages = [ pkgs.gnomeExtensions.alphabetical-app-grid ]; - dconf.settings = { - "org/gnome/shell".enabled-extensions = [ "AlphabeticalAppGrid@stuarthayhurst" ]; - "org/gnome/shell/extensions/alphabetical-app-grid".folder-order-position = "start"; - }; - }) - - (lib.mkIf cfg.enable-numlock { - dconf.settings."org/gnome/desktop/peripherals/keyboard".numlock-state = true; - }) - ] - ); -} diff --git a/homeModules/nano.nix b/homeModules/nano.nix deleted file mode 100644 index 2293b99..0000000 --- a/homeModules/nano.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, config, ... }: -{ - options.my.nano.enable = lib.mkEnableOption "nano editor config"; - - config = lib.mkIf config.my.nano.enable { - home = { - sessionVariables.EDITOR = "nano"; - file.".nanorc".text = '' - set linenumbers - set mouse - ''; - }; - }; -} diff --git a/homeModules/tailscale.nix b/homeModules/tailscale.nix deleted file mode 100644 index 686bf84..0000000 --- a/homeModules/tailscale.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - osConfig, - thisDevice, - ... -}: -{ - options.my.tailscale.enable = lib.mkOption { - type = lib.types.bool; - default = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable; - description = "Whether to enable the Tailscale system tray applet. Defaults to true on desktops with Tailscale enabled."; - }; - - config = lib.mkIf config.my.tailscale.enable { - services.tailscale-systray.enable = true; - }; -} diff --git a/homeModules/templates.nix b/homeModules/templates.nix deleted file mode 100644 index e0a6df2..0000000 --- a/homeModules/templates.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, config, ... }: -{ - options.my.templates.enable = lib.mkEnableOption "file templates"; - - config = lib.mkIf config.my.templates.enable { - home.file = { - "Templates/Empty file".text = ""; - "Templates/Empty bash script".text = '' - #!/usr/bin/env bash - # abort on error, undefined variables - set -eu - # print commands before execution - set -x - ''; - }; - }; -} diff --git a/homeModules/zsh-basics.nix b/homeModules/zsh-basics.nix deleted file mode 100644 index 50e116a..0000000 --- a/homeModules/zsh-basics.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, config, ... }: -{ - options.my.zsh.enable = lib.mkEnableOption "zsh with basic settings"; - - config = lib.mkIf config.my.zsh.enable { - programs = { - command-not-found.enable = true; - dircolors.enable = true; - - zsh = { - enable = true; - syntaxHighlighting.enable = true; - autosuggestion.enable = true; - enableVteIntegration = true; - }; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..60755fa --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,18 @@ +modulesCfg: {lib, ...}: { + imports = + [ + ./i18n.nix + ./nixpkgs.nix + ./globalinstalls.nix + ./server.nix + ./desktop + ] + ++ (map (path: (import path modulesCfg)) [ + ./hardware + ./users + ]); + + config = { + my.modulesCfg = modulesCfg; + }; +} diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix new file mode 100644 index 0000000..d8f88b5 --- /dev/null +++ b/modules/desktop/default.nix @@ -0,0 +1,110 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.my.desktop; +in { + imports = [ + ./gnome.nix + ./kde.nix + ./gaming.nix + ]; + + options.my.desktop.enable = lib.mkEnableOption "desktop"; + + config = lib.mkIf cfg.enable { + home-manager.useUserPackages = true; + home-manager.useGlobalPkgs = true; + + services = { + # Enable the X11 windowing system / wayland depending on DE + xserver.enable = true; + + # Enable CUPS to print documents. + printing.enable = true; + + # Enable the OpenSSH daemon. + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + programs = { + git.package = pkgs.gitFull; + steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + }; + + # unblock kde connect / gsconnect + networking = { + networkmanager.enable = true; + firewall.enable = true; + + firewall = { + allowedTCPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + allowedUDPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + }; + }; + + systemd = { + # save some boot time because nothing actually requires network connectivity + services.NetworkManager-wait-online.enable = false; + + extraConfig = '' + DefaultTimeoutStopSec=12s + ''; + }; + + environment = { + pathsToLink = ["/share/zsh"]; + + systemPackages = with pkgs; [ + lm_sensors + ]; + }; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-12.2.3" + ]; + + fonts = { + fontconfig.defaultFonts.monospace = ["FiraCode Nerd Font"]; + fonts = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode"];}) + ]; + }; + }; +} diff --git a/modules/desktop/gaming.nix b/modules/desktop/gaming.nix new file mode 100644 index 0000000..8b9cd34 --- /dev/null +++ b/modules/desktop/gaming.nix @@ -0,0 +1,32 @@ +{ + config, + pkgs, + lib, + ... +}: let + isEnabled = config.my.desktop.enableGaming; +in { + imports = []; + + options.my.desktop.enableGaming = lib.mkEnableOption "gaming with wine"; + + config = lib.mkIf isEnabled { + hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + wineWowPackages.stagingFull + wineWowPackages.fonts + winetricks + steam + + (lutris.override { + extraPkgs = pkgs: [ + # List package dependencies here + ]; + extraLibraries = pkgs: [ + # List library dependencies here + ]; + }) + ]; + }; +} diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix new file mode 100644 index 0000000..9e754f3 --- /dev/null +++ b/modules/desktop/gnome.nix @@ -0,0 +1,66 @@ +{ + config, + pkgs, + lib, + ... +}: let + isEnabled = config.my.desktop.enableGnome; + enableHomeManager = config.my.modulesCfg.enableHomeManager; +in { + options.my.desktop.enableGnome = lib.mkEnableOption "gnome desktop"; + + config = lib.mkMerge [ + (lib.mkIf isEnabled { + my.desktop.enable = true; + + services = { + xserver = { + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + + gnome = { + tracker-miners.enable = false; + tracker.enable = false; + }; + }; + + programs.gpaste.enable = true; + + environment = { + systemPackages = with pkgs; [ + gnomeExtensions.gsconnect + ]; + + # remove some gnome default apps + gnome.excludePackages = with pkgs.gnome; [ + cheese # photo booth + epiphany # web browser + evince # document viewer + geary # email client + seahorse # password manager + gnome-clocks + gnome-maps + gnome-weather + gnome-music + pkgs.gnome-connections + ]; + }; + }) + (lib.mkIf (isEnabled && enableHomeManager) { + home-manager.sharedModules = [ + { + home.packages = with pkgs; [ + amberol + ]; + dconf.settings = { + "org/gnome/desktop/peripherals/keyboard" = { + numlock-state = true; + }; + }; + } + ]; + }) + ]; +} diff --git a/modules/desktop/kde.nix b/modules/desktop/kde.nix new file mode 100644 index 0000000..253ff29 --- /dev/null +++ b/modules/desktop/kde.nix @@ -0,0 +1,61 @@ +{ + config, + pkgs, + lib, + ... +}: let + isEnabled = config.my.desktop.enableKde; + enableHomeManager = config.my.modulesCfg.enableHomeManager; +in { + options.my.desktop.enableKde = lib.mkEnableOption "KDE desktop"; + + config = lib.mkMerge [ + (lib.mkIf isEnabled { + my.desktop.enable = true; + + # flatpak xdg-portal-kde crashes, otherwise this would be global + services.flatpak.enable = false; + + services = { + # Enable the KDE Plasma Desktop Environment. + xserver = { + desktopManager.plasma5.enable = true; + + displayManager = { + sddm.enable = true; + defaultSession = "plasmawayland"; + }; + }; + }; + + environment = { + systemPackages = with pkgs; [ + libsForQt5.kate + libsForQt5.kalk + ]; + + plasma5.excludePackages = with pkgs.libsForQt5; [ + elisa + gwenview + okular + khelpcenter + ]; + }; + + programs = { + dconf.enable = true; + partition-manager.enable = true; + }; + }) + (lib.mkIf (isEnabled && enableHomeManager) { + home-manager.sharedModules = [ + { + services.kdeconnect = { + enable = true; + indicator = true; + }; + } + ]; + }) + ]; +} diff --git a/modules/globalinstalls.nix b/modules/globalinstalls.nix new file mode 100644 index 0000000..412a50a --- /dev/null +++ b/modules/globalinstalls.nix @@ -0,0 +1,18 @@ +{pkgs, ...}: { + config = { + environment = { + pathsToLink = ["/share/zsh"]; + systemPackages = with pkgs; [ + pciutils + ncdu + tldr + ]; + }; + + programs = { + git.enable = true; + zsh.enable = true; + htop.enable = true; + }; + }; +} diff --git a/modules/hardware/amdcpu.nix b/modules/hardware/amdcpu.nix new file mode 100644 index 0000000..6eedbb1 --- /dev/null +++ b/modules/hardware/amdcpu.nix @@ -0,0 +1,15 @@ +{ + lib, + config, + pkgs, + ... +}: let + isEnabled = config.my.hardware.isAmdCpu; +in { + options.my.hardware.isAmdCpu = lib.mkEnableOption "amd cpu"; + + config = lib.mkIf isEnabled { + boot.kernelModules = ["kvm-amd"]; + hardware.cpu.amd.updateMicrocode = true; + }; +} diff --git a/modules/hardware/amdgpu.nix b/modules/hardware/amdgpu.nix new file mode 100644 index 0000000..5c847ae --- /dev/null +++ b/modules/hardware/amdgpu.nix @@ -0,0 +1,16 @@ +{ + lib, + config, + pkgs, + ... +}: let + isEnabled = config.my.hardware.isAmdGpu; +in { + options.my.hardware.isAmdGpu = lib.mkEnableOption "amd gpu"; + + config = lib.mkIf isEnabled { + environment.systemPackages = with pkgs; [ + radeontop + ]; + }; +} diff --git a/modules/hardware/common-desktop.nix b/modules/hardware/common-desktop.nix new file mode 100644 index 0000000..dea948e --- /dev/null +++ b/modules/hardware/common-desktop.nix @@ -0,0 +1,38 @@ +{ + lib, + pkgs, + config, + ... +}: let + isEnabled = config.my.hardware.enableCommonDesktopSettings; +in { + options.my.hardware.enableCommonDesktopSettings = lib.mkEnableOption "common hw settings for desktops"; + + config = lib.mkIf isEnabled { + boot = { + kernelPackages = pkgs.linuxPackages_zen; + kernelParams = ["quiet" "udev.log_level=3"]; + supportedFilesystems = ["btrfs"]; + initrd.supportedFilesystems = ["btrfs"]; + consoleLogLevel = 0; + initrd.verbose = false; + loader = { + systemd-boot.enable = true; + timeout = 3; + efi.canTouchEfiVariables = true; + }; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + }; +} diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix new file mode 100644 index 0000000..a6dfabc --- /dev/null +++ b/modules/hardware/default.nix @@ -0,0 +1,41 @@ +modulesCfg: { + modulesPath, + lib, + ... +}: let + hostName = modulesCfg.hostName; +in { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (builtins.toString ./. + "/${hostName}.nix") + ./common-desktop.nix + ./amdcpu.nix + ./amdgpu.nix + ./intelcpu.nix + ]; + + options.my.modulesCfg.hostName = lib.mkOption { + type = lib.types.str; + }; + + config = { + networking.hostName = hostName; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + }; +} diff --git a/modules/hardware/hetzner-vpn1.nix b/modules/hardware/hetzner-vpn1.nix new file mode 100644 index 0000000..e147668 --- /dev/null +++ b/modules/hardware/hetzner-vpn1.nix @@ -0,0 +1,102 @@ +{ + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + config = { + nixpkgs = { + hostPlatform = "aarch64-linux"; + system = "aarch64-linux"; + }; + + boot = { + tmp.cleanOnBoot = true; + loader = { + systemd-boot.enable = lib.mkForce false; + efi.canTouchEfiVariables = lib.mkForce false; + grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + }; + initrd = { + availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; + kernelModules = ["nvme"]; + }; + }; + + zramSwap.enable = true; + networking.domain = ""; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/77CF-345D"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + }; + + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = ["8.8.8.8"]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4 = { + addresses = [ + { + address = "157.90.146.125"; + prefixLength = 32; + } + ]; + routes = [ + { + address = "172.31.1.1"; + prefixLength = 32; + } + ]; + }; + ipv6 = { + addresses = [ + { + address = "2a01:4f8:c012:7137::1"; + prefixLength = 64; + } + { + address = "fe80::9400:2ff:fe87:7fc9"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + }; + + services.udev.extraRules = '' + ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0" + + ''; + }; +} diff --git a/modules/hardware/intelcpu.nix b/modules/hardware/intelcpu.nix new file mode 100644 index 0000000..e9d5ba8 --- /dev/null +++ b/modules/hardware/intelcpu.nix @@ -0,0 +1,14 @@ +{ + lib, + config, + ... +}: let + isEnabled = config.my.hardware.isIntelCpu; +in { + options.my.hardware.isIntelCpu = lib.mkEnableOption "intel cpu"; + + config = lib.mkIf isEnabled { + boot.kernelModules = ["kvm-intel"]; + hardware.cpu.intel.updateMicrocode = true; + }; +} diff --git a/modules/hardware/vinzenz-lpt.nix b/modules/hardware/vinzenz-lpt.nix new file mode 100644 index 0000000..bec7a08 --- /dev/null +++ b/modules/hardware/vinzenz-lpt.nix @@ -0,0 +1,31 @@ +{...}: { + config = { + my.hardware = { + enableCommonDesktopSettings = true; + isIntelCpu = true; + isAmdGpu = true; + }; + + boot = { + initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/34cb86c4-8823-4785-9672-92ef0bcd5eaf"; + fsType = "btrfs"; + options = ["subvol=@"]; + }; + + "/boot/efi" = { + device = "/dev/disk/by-uuid/2381-1CD2"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/f5932f70-60e4-4abe-b23d-2cab3c095c7d";} + ]; + }; +} diff --git a/modules/hardware/vinzenz-pc2.nix b/modules/hardware/vinzenz-pc2.nix new file mode 100644 index 0000000..9fdaca7 --- /dev/null +++ b/modules/hardware/vinzenz-pc2.nix @@ -0,0 +1,54 @@ +{...}: { + config = { + my.hardware = { + enableCommonDesktopSettings = true; + isAmdCpu = true; + isAmdGpu = true; + }; + + boot = { + initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage" + loader.efi.efiSysMountPoint = "/boot"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvol=@"]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvol=@home"]; + }; + + "/games" = { + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvol=@games"]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/AF67-8F16"; + fsType = "vfat"; + }; + + "/mnt/nixos_btrfs_root" = { + # subvolume with id 5 is always the root volume + # this is convenient for managing the flat subvolume hierarchy + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvolid=5"]; + }; + + "/mnt/ssd2" = { + device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a"; + fsType = "ext4"; + }; + }; + + swapDevices = []; + }; +} diff --git a/nixosModules/en-de.nix b/modules/i18n.nix similarity index 50% rename from nixosModules/en-de.nix rename to modules/i18n.nix index 4a35b28..3d38ec1 100644 --- a/nixosModules/en-de.nix +++ b/modules/i18n.nix @@ -1,18 +1,8 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs"; - - config = lib.mkIf config.my.enDe.enable { +{...}: { + config = { + time.timeZone = "Europe/Berlin"; i18n = { defaultLocale = "en_US.UTF-8"; - extraLocales = [ - "de_DE.UTF-8/UTF-8" - ]; extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; @@ -26,15 +16,13 @@ }; }; - programs.firefox.languagePacks = [ - "en-US" - "de" - ]; + services.xserver = { + # Configure keymap in X11 + layout = "de"; + xkbVariant = ""; + }; - environment.systemPackages = [ - pkgs.hunspell - pkgs.hunspellDicts.de-de - pkgs.hunspellDicts.en-us - ]; + # Configure console keymap + console.keyMap = "de"; }; } diff --git a/modules/nixpkgs.nix b/modules/nixpkgs.nix new file mode 100644 index 0000000..b8299d3 --- /dev/null +++ b/modules/nixpkgs.nix @@ -0,0 +1,20 @@ +{...}: { + config = { + nixpkgs.config.allowUnfree = true; + + system = { + stateVersion = "22.11"; + # enable auto updates + autoUpgrade = { + enable = true; + dates = "weekly"; + }; + }; + + nix.gc = { + automatic = true; + dates = "monthly"; + options = "--delete-older-than 30d"; + }; + }; +} diff --git a/modules/server.nix b/modules/server.nix new file mode 100644 index 0000000..a79adad --- /dev/null +++ b/modules/server.nix @@ -0,0 +1,37 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.my.server; +in { + options.my.server = { + enable = lib.mkEnableOption "server role"; + }; + + config = lib.mkIf cfg.enable { + services = { + # Enable the OpenSSH daemon. + openssh = { + enable = true; + settings = { + # PermitRootLogin = "no"; # this is managed through authorized keys + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; + + networking.firewall = { + enable = true; + allowedTCPPortRanges = [ + { + # ssh + from = 22; + to = 22; + } + ]; + }; + }; +} diff --git a/modules/users/default.nix b/modules/users/default.nix new file mode 100644 index 0000000..6e33607 --- /dev/null +++ b/modules/users/default.nix @@ -0,0 +1,69 @@ +modulesCfg: { + config, + pkgs, + lib, + ... +}: let + enableHomeManager = modulesCfg.enableHomeManager; +in { + options.my = { + modulesCfg.enableHomeManager = lib.mkEnableOption "enable home manager"; + enabledUsers = lib.mkOption { + type = lib.types.listOf lib.types.str; + }; + }; + + imports = + [ + ./vinzenz.nix + ./ronja.nix + ] + ++ lib.optionals enableHomeManager [ + + ]; + + config = lib.mkIf enableHomeManager { + home-manager.sharedModules = [ + # set stateVersion + {home.stateVersion = "22.11";} + # make nano the default editor + { + home = { + sessionVariables.EDITOR = "nano"; + file.".nanorc".text = lib.mkDefault '' + set linenumbers + set mouse + ''; + }; + } + # command line niceness + { + programs = { + command-not-found.enable = true; + dircolors.enable = true; + + zsh = { + enable = true; + enableSyntaxHighlighting = true; + enableAutosuggestions = true; + enableVteIntegration = true; + }; + }; + } + # common git config + { + programs = { + git = { + enable = true; + extraConfig.init.defaultBranch = "main"; + }; + + gh = { + enable = true; + enableGitCredentialHelper = true; + }; + }; + } + ]; + }; +} diff --git a/modules/users/ronja-home.nix b/modules/users/ronja-home.nix new file mode 100644 index 0000000..3e1982d --- /dev/null +++ b/modules/users/ronja-home.nix @@ -0,0 +1,55 @@ +{ + config, + pkgs, + ... +}: { + home .packages = with pkgs; [ + ## Apps + telegram-desktop + kdiff3 + ]; + + programs = { + home-manager.enable = true; + + firefox.enable = true; + + zsh = { + history = { + size = 10000; + path = "${config.xdg.dataHome}/zsh/history"; + expireDuplicatesFirst = true; + }; + + oh-my-zsh = { + enable = true; + theme = "agnoster"; + plugins = ["git" "sudo" "systemadmin"]; + }; + }; + + git = { + userName = "Ronja Spiegelberg"; + userEmail = "ronja.spiegelberg@gmail.com"; + + extraConfig = { + pull.ff = "only"; + merge.tool = "kdiff3"; + }; + }; + + chromium = { + enable = true; + extensions = [ + { + # ublock origin + id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; + } + { + id = "dcpihecpambacapedldabdbpakmachpb"; + updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml"; + } + ]; + }; + }; +} diff --git a/modules/users/ronja.nix b/modules/users/ronja.nix new file mode 100644 index 0000000..8ca8311 --- /dev/null +++ b/modules/users/ronja.nix @@ -0,0 +1,25 @@ +{ + config, + pkgs, + lib, + ... +}: let + isUserEnabled = builtins.elem "ronja" config.my.enabledUsers; +in { + config = lib.mkMerge [ + (lib.mkIf isUserEnabled { + # Define user account + users.users.ronja = { + isNormalUser = true; + name = "ronja"; + description = "Ronja Spiegelberg"; + home = "/home/ronja"; + extraGroups = ["networkmanager" "wheel" "games"]; + shell = pkgs.zsh; + }; + }) + (lib.mkIf (isUserEnabled && config.my.modulesCfg.enableHomeManager) { + home-manager.users.ronja = import ./ronja-home.nix; + }) + ]; +} diff --git a/modules/users/vinzenz-home.nix b/modules/users/vinzenz-home.nix new file mode 100644 index 0000000..351fcd8 --- /dev/null +++ b/modules/users/vinzenz-home.nix @@ -0,0 +1,173 @@ +{ + config, + pkgs, + ... +}: { + home.packages = with pkgs; [ + keepassxc + insync + telegram-desktop + simple-scan + wireguard-tools + element-desktop + etcher + iotop + lsof + wirelesstools + thefuck + dotnet-sdk_7 + jetbrains.rider + alejandra + arduino + uucp + screen + jetbrains.pycharm-professional + kdiff3 + docker + youtube-music + ]; + + programs = { + home-manager.enable = true; + + firefox.enable = true; + fzf.enable = true; + mangohud.enable = true; + + zsh = { + initExtra = '' + eval "$(direnv hook zsh)"; + eval $(thefuck --alias); + ''; + + shellAliases = { + my-apply = "sudo nixos-rebuild boot"; + my-switch = "sudo nixos-rebuild switch"; + my-update = "sudo nixos-rebuild boot --upgrade"; + my-fmt = "alejandra ."; + my-test = "sudo nixos-rebuild test"; + my-direnvallow = "echo \"use nix\" > .envrc && direnv allow"; + my-ip4 = "ip addr show | grep 192"; + }; + + history = { + size = 10000; + path = "${config.xdg.dataHome}/zsh/history"; + expireDuplicatesFirst = true; + }; + + oh-my-zsh = { + enable = true; + theme = "agnoster"; + plugins = ["git" "sudo" "docker" "systemadmin" "thefuck"]; + }; + }; + + git = { + enable = true; + userName = "Vinzenz Schroeter"; + userEmail = "vinzenz.f.s@gmail.com"; + + aliases = { + prettylog = "log --pretty=oneline --graph"; + }; + + extraConfig = { + pull.ff = "only"; + init.defaultBranch = "main"; + merge.tool = "kdiff3"; + push.autoSetupRemote = "true"; + }; + }; + + vscode = { + enable = true; + package = pkgs.vscodium; + enableUpdateCheck = false; + extensions = with pkgs; [ + vscode-extensions.bbenoist.nix + vscode-extensions.ms-python.python + vscode-extensions.kamadorueda.alejandra + ]; + userSettings = { + "git.autofetch" = true; + "update.mode" = "none"; + "editor.fontFamily" = "'Fira Code', 'Droid Sans Mono', 'monospace', monospace"; + "editor.fontLigatures" = true; + "editor.formatOnSave" = true; + "editor.formatOnSaveMode" = "modificationsIfAvailable"; + "editor.minimap.autohide" = true; + "diffEditor.diffAlgorithm" = "advanced"; + "explorer.excludeGitIgnore" = true; + "workbench.startupEditor" = "readme"; + "markdown.extension.tableFormatter.normalizeIndentation" = true; + "markdown.extension.toc.orderedList" = false; + "telemetry.telemetryLevel" = "off"; + "redhat.telemetry.enabled" = false; + "workbench.enableExperiments" = false; + }; + }; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + chromium = { + enable = true; + extensions = [ + { + # ublock origin + id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; + } + { + id = "dcpihecpambacapedldabdbpakmachpb"; + updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml"; + } + ]; + }; + + exa = { + enable = true; + git = true; + icons = true; + enableAliases = true; + extraOptions = [ + "--group-directories-first" + "--header" + ]; + }; + + micro = { + enable = true; + settings = { + colorcolumn = 120; + hlsearch = true; + savecursor = true; + saveundo = true; + scrollbar = true; + smartpaste = true; + }; + }; + + # checked https://rycee.gitlab.io/home-manager/options.html until "programs.notmuch" + }; + + editorconfig = { + enable = true; + settings = { + "*" = { + charset = "utf-8"; + end_of_line = "lf"; + trim_trailing_whitespace = true; + insert_final_newline = true; + max_line_width = 120; + indent_style = "space"; + indent_size = 4; + }; + "*.nix" = { + indent_size = 2; + }; + }; + }; +} diff --git a/modules/users/vinzenz.nix b/modules/users/vinzenz.nix new file mode 100644 index 0000000..58cff2d --- /dev/null +++ b/modules/users/vinzenz.nix @@ -0,0 +1,24 @@ +{ + config, + pkgs, + lib, + ... +}: let + isUserEnabled = builtins.elem "vinzenz" config.my.enabledUsers; +in { + config = lib.mkMerge [ + (lib.mkIf isUserEnabled { + users.users.vinzenz = { + isNormalUser = true; + name = "vinzenz"; + description = "Vinzenz Schroeter"; + home = "/home/vinzenz"; + extraGroups = ["networkmanager" "wheel" "games"]; + shell = pkgs.zsh; + }; + }) + (lib.mkIf (isUserEnabled && config.my.modulesCfg.enableHomeManager) { + home-manager.users.vinzenz = import ./vinzenz-home.nix; + }) + ]; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index 55af611..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ - inputs, - lib, -}: -let - allDevices = import ./devices.nix { inherit (inputs) self; }; - inherit (inputs) - self - home-manager - lanzaboote - nova-shell - servicepoint-cli - servicepoint-simulator - servicepoint-tanks - stylix - zerforschen-plus - ; - forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) allDevices; -in -forDevice ( - { - device, - system, - isDesktop ? false, - home-manager-users ? { }, - nixosSystem ? inputs.nixpkgs.lib.nixosSystem, - ... - }@thisDevice: - let - specialArgs = inputs // { - inherit - device - home-manager-users - allDevices - thisDevice - ; - }; - in - nixosSystem { - inherit specialArgs; - modules = [ - ./nixosConfigurations/${device} - self.nixosModules.default - - # keep-sorted start - home-manager.nixosModules.home-manager - lanzaboote.nixosModules.lanzaboote - stylix.nixosModules.stylix - zerforschen-plus.nixosModules.default - # keep-sorted end - - # Base config - { - nixpkgs.hostPlatform = lib.mkDefault system; - networking.hostName = device; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - documentation = { - info.enable = false; - doc.enable = false; - }; - - my = { - # keep-sorted start - autoupdate.enable = true; - distributedBuilds.enable = true; - extraCaches.enable = true; - git.enable = true; - globalinstalls.enable = true; - lixIsNix.enable = true; - openssh.enable = true; - overlays.unstable.enable = true; - # prometheusNode.enable = true; - systemdBoot.enable = true; - tailscale.enable = true; - # keep-sorted end - - # keep-sorted start - enDe.enable = isDesktop; - firmwareUpdates.enable = isDesktop; - gnome.enable = isDesktop; - kdeconnect.enable = isDesktop; - modernDesktop.enable = isDesktop; - nixLd.enable = isDesktop; - overlays.vscodeExtensions.enable = isDesktop; - quietBoot.enable = isDesktop; - stylix.enable = isDesktop; - # keep-sorted end - }; - } - ] - ++ lib.optionals isDesktop [ - inputs.niri.nixosModules.niri - nova-shell.nixosModules.default - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - - # Desktop config - { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - users = home-manager-users; - sharedModules = [ { home.stateVersion = "22.11"; } ] ++ builtins.attrValues self.homeModules; - }; - - time.timeZone = "Europe/Berlin"; - - # on desktops, keep the device useable interactively during expensive builds - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - }; - } - ]; - } -) diff --git a/nixosConfigurations/aur0ra-installer/default.nix b/nixosConfigurations/aur0ra-installer/default.nix deleted file mode 100644 index b6c1e1a..0000000 --- a/nixosConfigurations/aur0ra-installer/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - nixos-images, - config, - lib, - modulesPath, - ... -}: -{ - imports = [ - ../aur0ra - # nixos-images.nixosModules.sdimage-installer - ]; - disabledModules = [ - # disable the sd-image module that nixos-images uses - # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") - ]; -} diff --git a/nixosConfigurations/aur0ra/default.nix b/nixosConfigurations/aur0ra/default.nix deleted file mode 100644 index 20aa8c3..0000000 --- a/nixosConfigurations/aur0ra/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ lib, ... }: -{ - imports = [ - ./hardware.nix - ./nice-looking-console.nix - ]; - - users.users.ruth = { - # initialPassword = "setup"; - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "video" - ]; - # Allow the graphical user to login without password - initialHashedPassword = ""; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" - ]; - }; - nix.settings.trusted-users = [ "ruth" ]; - - # Don't require sudo/root to `reboot` or `poweroff`. - security.polkit.enable = true; - - # Allow passwordless sudo from nixos user - security.sudo = { - enable = true; - wheelNeedsPassword = false; - }; - - services.openssh.enable = true; - - # https://github.com/nvmd/nixos-raspberrypi-demo/blob/c521600570f0365ae9c846af4b023049b80ae331/modules/server-networking.nix - - networking.firewall.logRefusedConnections = lib.mkDefault false; - - # Use networkd instead of the pile of shell scripts - # NOTE: SK: is it safe to combine with NetworkManager on desktops? - networking.useNetworkd = lib.mkDefault true; - - # The notion of "online" is a broken concept - # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 - # https://github.com/NixOS/nixpkgs/issues/247608 - systemd.services.NetworkManager-wait-online.enable = false; - systemd.network.wait-online.enable = false; - - # Do not take down the network for too long when upgrading, - # This also prevents failures of services that are restarted instead of stopped. - # It will use `systemctl restart` rather than stopping it with `systemctl stop` - # followed by a delayed `systemctl start`. - systemd.services.systemd-networkd.stopIfChanged = false; - # Services that are only restarted might be not able to resolve when resolved is stopped before - systemd.services.systemd-resolved.stopIfChanged = false; -} diff --git a/nixosConfigurations/aur0ra/hardware.nix b/nixosConfigurations/aur0ra/hardware.nix deleted file mode 100644 index 8642f79..0000000 --- a/nixosConfigurations/aur0ra/hardware.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ nixos-raspberrypi, lib, ... }: -{ - imports = with nixos-raspberrypi.nixosModules; [ - raspberry-pi-5.base - raspberry-pi-5.bluetooth - raspberry-pi-5.page-size-16k - raspberry-pi-5.display-vc4 - ]; - - # No one got time for xz compression. - #isoImage.squashfsCompression = "zstd"; - - boot.loader.raspberry-pi.bootloader = "kernel"; - - my.systemdBoot.enable = lib.mkForce false; - - /* - fileSystems = { - "/boot/firmware" = { - # TODO - device = "/dev/disk/by-uuid/2175-794E"; - fsType = "vfat"; - options = [ - "noatime" - "noauto" - "x-systemd.automount" - "x-systemd.idle-timeout=1min" - ]; - }; - "/" = { - # TODO - device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - */ - - hardware.raspberry-pi.config = { - all = { - # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters - # Base DTB parameters - # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 - base-dt-params = { - - # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie - pciex1 = { - enable = true; - value = "on"; - }; - # PCIe Gen 3.0 - # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 - pciex1_gen = { - enable = true; - value = "3"; - }; - - }; - - }; - }; -} diff --git a/nixosConfigurations/aur0ra/nice-looking-console.nix b/nixosConfigurations/aur0ra/nice-looking-console.nix deleted file mode 100644 index 847bfc2..0000000 --- a/nixosConfigurations/aur0ra/nice-looking-console.nix +++ /dev/null @@ -1,32 +0,0 @@ -# re-borrowed from https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/modules/nice-looking-console.nix -{ lib, pkgs, ... }: -{ - # The following have been borrowed from: - # https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84 - - console.earlySetup = true; - # ter-u22n is probably too big - console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz"; - - # Make colored console output more readable - # for example, `ip addr`s (blues are too dark by default) - # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ - console.colors = lib.mkDefault [ - "000000" - "CC0000" - "4E9A06" - "C4A000" - "3465A4" - "75507B" - "06989A" - "D3D7CF" - "555753" - "EF2929" - "8AE234" - "FCE94F" - "739FCF" - "AD7FA8" - "34E2E2" - "EEEEEC" - ]; -} diff --git a/nixosConfigurations/damocles-lab/default.nix b/nixosConfigurations/damocles-lab/default.nix deleted file mode 100644 index 705e31a..0000000 --- a/nixosConfigurations/damocles-lab/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ ../damocles/claude-container.nix ]; - - services.openssh = { - enable = true; - ports = [ 2222 ]; - # Path written into sshd_config as a string — not read at eval time. - # Key can be rotated without a rebuild. - authorizedKeysFiles = [ "/persist/damocles-ssh/id_ed25519.pub" ]; - }; - - environment.systemPackages = with pkgs; [ - - ]; -} diff --git a/nixosConfigurations/damocles/android-dev.nix b/nixosConfigurations/damocles/android-dev.nix deleted file mode 100644 index f484e6a..0000000 --- a/nixosConfigurations/damocles/android-dev.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: -let - androidComposition = pkgs.androidenv.composeAndroidPackages { - buildToolsVersions = [ "36.1.0" ]; - platformVersions = [ "35" ]; - includeNDK = false; - includeEmulator = false; - includeSystemImages = false; - }; - androidSdk = androidComposition.androidsdk; -in -{ - nixpkgs.config.android_sdk.accept_license = true; - - my.allowedUnfreePackages = [ - "android-sdk-cmdline-tools" - "android-sdk-platform-tools" - "android-sdk-tools" - "android-sdk-build-tools" - "android-sdk-platforms" - - # wtf - "platform-tools" - "tools" - "build-tools" - "cmdline-tools" - "platforms" - "cmake" # android sdk repackage - ]; - - environment.systemPackages = with pkgs; [ - androidSdk - gradle - kotlin - jdk21 - ]; - - environment.variables = { - ANDROID_HOME = "${androidSdk}/libexec/android-sdk"; - ANDROID_SDK_ROOT = "${androidSdk}/libexec/android-sdk"; - JAVA_HOME = "${pkgs.jdk21}"; - }; -} diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix deleted file mode 100644 index aea9343..0000000 --- a/nixosConfigurations/damocles/claude-container.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - pkgs, - lib, - ... -}: -{ - - my = { - allowedUnfreePackages = [ "claude-code" ]; - overlays.unstable.enable = true; - }; - - environment.systemPackages = with pkgs; [ - unstable.claude-code - git - python3 - coreutils-full - gawk - gnugrep - curl - ]; - - boot.isContainer = true; - - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc.lib - zlib - ]; - }; - - # Container shares host network namespace (privateNetwork = false), so the - # host's tailscale already covers this. Running a second tailscaled in the - # same netns fights over routing and breaks connectivity after sleep/wake. - services.tailscale.enable = lib.mkForce false; - networking.firewall.checkReversePath = lib.mkForce "strict"; - - users.users.muede = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - - security.sudo.wheelNeedsPassword = false; -} diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix deleted file mode 100644 index c5eff0a..0000000 --- a/nixosConfigurations/damocles/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./android-dev.nix - ./claude-container.nix - ]; - - environment.systemPackages = with pkgs; [ - cargo - rustc - clippy - gh - ]; -} diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix deleted file mode 100644 index 19b6219..0000000 --- a/nixosConfigurations/epimetheus/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; - - config = { - my.pxvirtGuest.enable = true; - - proxmoxLXC = { - manageNetwork = false; - privileged = false; - }; - }; -} diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix deleted file mode 100644 index 41c7717..0000000 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: -{ - imports = [ - ./hardware.nix - ./forgejo-runner.nix - ]; - - config = { - my.podman.enable = true; - - # uncomment for build check on non arm system (requires --impure) - # nixpkgs.buildPlatform = builtins.currentSystem; - services.tailscale.useRoutingFeatures = "both"; - system.autoUpgrade.allowReboot = true; - - users.users = { - root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" - ]; - }; - }; -} diff --git a/nixosConfigurations/forgejo-runner-1/forgejo-runner.nix b/nixosConfigurations/forgejo-runner-1/forgejo-runner.nix deleted file mode 100644 index df9fb2b..0000000 --- a/nixosConfigurations/forgejo-runner-1/forgejo-runner.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, ... }: -{ - config = { - environment.systemPackages = with pkgs; [ - forgejo-runner - ]; - - # https://wiki.nixos.org/wiki/Forgejo - - services.gitea-actions-runner = { - package = pkgs.forgejo-runner; - instances.default = { - enable = true; - name = "cccb"; - url = "https://git.berlin.ccc.de"; - # Obtaining the path to the runner token file may differ - # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd - tokenFile = "/etc/forgejo-runner/registration_token"; - labels = [ - "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:rust-24.04" - "ubuntu-24.04:docker://ghcr.io/catthehacker/ubuntu:rust-24.04" - ]; - settings = { - container.network = "bridge"; - }; - }; - }; - }; -} diff --git a/nixosConfigurations/forgejo-runner-1/hardware.nix b/nixosConfigurations/forgejo-runner-1/hardware.nix deleted file mode 100644 index e8fbc56..0000000 --- a/nixosConfigurations/forgejo-runner-1/hardware.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - config = { - boot = { - tmp.cleanOnBoot = true; - kernelParams = [ "console=tty" ]; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_scsi" - "sr_mod" - "virtio_gpu" - ]; - kernelModules = [ ]; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/47bc77ff-12e1-4d39-bb5c-fb100ccd3aab"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/05F2-8F9A"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/bbd18a70-b0bb-4e1a-b45b-3c1f8ecc0c10"; } - ]; - - networking.useNetworkd = true; - systemd.network = { - enable = true; - networks."10-wan" = { - matchConfig.Name = "enp1s0"; - networkConfig.DHCP = "ipv4"; - address = [ - "2a01:4f8:c013:a524::1/64" - ]; - routes = [ - { Gateway = "fe80::1"; } - ]; - }; - }; - }; -} diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix deleted file mode 100644 index 5974763..0000000 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - imports = [ - ./hardware.nix - ./nginx.nix - ]; - - config = { - # uncomment for build check on non arm system (requires --impure) - # nixpkgs.buildPlatform = builtins.currentSystem; - - services.tailscale.useRoutingFeatures = "both"; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" - ]; - - system.autoUpgrade.allowReboot = true; - }; -} diff --git a/nixosConfigurations/hetzner-vpn2/hardware.nix b/nixosConfigurations/hetzner-vpn2/hardware.nix deleted file mode 100644 index d7c96f0..0000000 --- a/nixosConfigurations/hetzner-vpn2/hardware.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - config = { - boot = { - tmp.cleanOnBoot = true; - kernelParams = [ "console=tty" ]; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_scsi" - "sr_mod" - "virtio_gpu" - ]; - kernelModules = [ ]; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3263489d-9819-433c-b198-9d2e732a94e4"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/6C25-6BDC"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/e147721d-86b5-40d7-a231-c6ea391c563d"; } - ]; - - networking.useNetworkd = true; - systemd.network = { - enable = true; - networks."10-wan" = { - matchConfig.Name = "enp1s0"; - networkConfig.DHCP = "ipv4"; - address = [ - "2a01:4f8:c013:65dd::1/64" - ]; - routes = [ - { Gateway = "fe80::1"; } - ]; - }; - }; - }; -} diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix deleted file mode 100644 index aa399aa..0000000 --- a/nixosConfigurations/hetzner-vpn2/nginx.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; - anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; -in -{ - security.acme = { - acceptTerms = true; - defaults.email = "acme@zerforschen.plus"; - }; - - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; - anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; - }; - - services = { - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "zerforschen.plus" = { - addSSL = true; - enableACME = true; - locations = { - "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; - "/".proxyPass = "http://unix:" + anubis-domain-socket; - }; - }; - - "blog-in-anubis" = { - root = pkgs.zerforschen-plus-content; - listen = [ - { - addr = "unix:" + blog-domain-socket; - } - ]; - }; - }; - }; - - anubis.instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - METRICS_BIND = anubis-metrics-socket; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - 5201 - ]; -} diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix deleted file mode 100644 index f52d735..0000000 --- a/nixosConfigurations/muede-lpt2/default.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ self, ... }: -{ - imports = [ - ./hardware.nix - ]; - - config = { - my = { - # keep-sorted start - intelGraphics.enable = true; - muedeDesktopSettings.enable = true; - podman.enable = true; - secureBoot.enable = true; - steam.enable = true; - users.muede.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; - - nix.settings.extra-platforms = [ - "aarch64-linux" - "i686-linux" - ]; - - services.xserver.xkb = { - # Configure keymap in X11 - layout = "de"; - variant = ""; - }; - - # Configure console keymap - console.keyMap = "de"; - - users.users.muede.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" - ]; - - programs = { - adb.enable = true; - light = { - enable = true; - brightnessKeys = { - enable = true; - step = 5; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 8776 - 1337 - ]; - - services.servicepoint-tanks = { - enable = false; - urls = [ - "http://localhost:5666" - "http://localhost:5667" - ]; - }; - nixpkgs.config.permittedInsecurePackages = [ - "mbedtls-2.28.10" - ]; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - containers.damocles = { - autoStart = false; - privateNetwork = false; - path = self.nixosConfigurations.damocles.config.system.build.toplevel; - bindMounts."/etc/nix/distributed-build-key" = { - hostPath = "/etc/nix/distributed-build-key"; - isReadOnly = true; - }; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; - bindMounts."/persist/damocles-lab" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - }; - - containers.damocles-lab = { - autoStart = false; - privateNetwork = false; - path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel; - bindMounts."/etc/nix/distributed-build-key" = { - hostPath = "/etc/nix/distributed-build-key"; - isReadOnly = true; - }; - bindMounts."/workspace" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; - }; - - # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn - # before it finishes halting, leaving cgroups busy and breaking restarts. - systemd.services."container@damocles".serviceConfig = { - TimeoutStopSec = "60s"; - # After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups. - # Without this, the immediate restart attempt fails with "Device or resource busy". - RestartSec = "5s"; - }; - - systemd.services."container@damocles-lab".serviceConfig = { - TimeoutStopSec = "60s"; - RestartSec = "5s"; - }; - - boot.enableContainers = true; - virtualisation.containers.enable = true; - }; -} diff --git a/nixosConfigurations/muede-lpt2/hardware.nix b/nixosConfigurations/muede-lpt2/hardware.nix deleted file mode 100644 index 175a168..0000000 --- a/nixosConfigurations/muede-lpt2/hardware.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ pkgs, lib, ... }: -{ - # intel cpu - boot.kernelModules = [ - "kvm-intel" - "xe" - ]; - - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - }; - - boot = { - kernelPackages = pkgs.linuxPackages_zen; - supportedFilesystems = [ "btrfs" ]; - initrd = { - supportedFilesystems = [ "btrfs" ]; - availableKernelModules = [ - "xhci_pci" - "thunderbolt" - "nvme" - ]; - luks.devices = { - "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = { - device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3"; - }; - }; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/E2B7-2BC1"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 32 * 1024; - } - ]; - - services.thermald.enable = true; - services.hardware.bolt.enable = true; # thunderbolt security - - hardware.bluetooth.enable = true; -} diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix deleted file mode 100644 index 42f77b3..0000000 --- a/nixosConfigurations/muede-pc2/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./hardware.nix - # ./vscode-server.nix - # ./hass.nix - ]; - - config = { - my = { - # keep-sorted start - amdGraphics.enable = true; - muedeDesktopSettings.enable = true; - podman.enable = true; - secureBoot.enable = true; - steam.enable = true; - users.muede.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - nix.settings.extra-platforms = [ - "aarch64-linux" - "i686-linux" - ]; - - services.xserver.xkb = { - # Configure keymap in X11 - layout = "de"; - variant = ""; - }; - - # Configure console keymap - console.keyMap = "de"; - - users.users.muede.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" - ]; - - environment.systemPackages = with pkgs; [ lact ]; - - networking.firewall.allowedUDPPorts = [ - # Factorio - 34197 - ]; - }; -} diff --git a/nixosConfigurations/muede-pc2/fstab.nix b/nixosConfigurations/muede-pc2/fstab.nix deleted file mode 100644 index fbacbc8..0000000 --- a/nixosConfigurations/muede-pc2/fstab.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - "/" = { - device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - - "/home" = { - device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - fsType = "btrfs"; - options = [ "subvol=@home" ]; - }; - - "/games" = { - device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - fsType = "btrfs"; - options = [ "subvol=@games" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/AF67-8F16"; - fsType = "vfat"; - }; - - #"/mnt/nixos_btrfs_root" = { - # # subvolume with id 5 is always the root volume - # # this is convenient for managing the flat subvolume hierarchy - # device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - # fsType = "btrfs"; - # options = [ "subvolid=5" ]; - #}; - - "/mnt/ssd2" = { - device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a"; - fsType = "ext4"; - }; -} diff --git a/nixosConfigurations/muede-pc2/hardware.nix b/nixosConfigurations/muede-pc2/hardware.nix deleted file mode 100644 index 9e875c3..0000000 --- a/nixosConfigurations/muede-pc2/hardware.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, lib, ... }: -{ - # amd cpu - boot.kernelModules = [ "kvm-amd" ]; - - boot = { - initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; # "usb_storage" - kernelPackages = pkgs.linuxPackages_zen; - supportedFilesystems = [ "btrfs" ]; - initrd.supportedFilesystems = [ "btrfs" ]; - loader.efi.efiSysMountPoint = "/boot"; - }; - - fileSystems = import ./fstab.nix; - swapDevices = [ ]; - - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - interfaces.eno1.wakeOnLan.enable = true; - }; - - hardware.bluetooth.enable = true; -} diff --git a/nixosConfigurations/muede-pc2/hass.nix b/nixosConfigurations/muede-pc2/hass.nix deleted file mode 100644 index 187cc30..0000000 --- a/nixosConfigurations/muede-pc2/hass.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ pkgs, ... }: -let - hass-image = "ghcr.io/home-assistant/home-assistant:stable"; - hass-service = "podman-homeassistant"; -in -{ - virtualisation.oci-containers = { - backend = "podman"; - containers.homeassistant = { - image = hass-image; - hostname = "hass.lan"; - serviceName = hass-service; - volumes = [ "home-assistant:/config" ]; - environment.TZ = "Europe/Berlin"; - extraOptions = [ "--network=host" ]; - }; - }; - - systemd = { - timers.update-hass = { - timerConfig = { - Unit = "update-hass.service"; - OnCalendar = "Sun 02:00"; - }; - wantedBy = [ "timers.target" ]; - }; - - services.update-hass = { - serviceConfig = { - Type = "oneshot"; - ExecStart = pkgs.writeShellScriptBin "update-hass" '' - podman pull ${hass-image}; - systemctl restart ${hass-service}; - ''; - }; - }; - }; - - services = { - mosquitto = { - enable = true; - }; - - nginx = { - enable = true; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - # TODO: add ssl - # TODO: add pam auth - - virtualHosts."hass.lan" = { - locations."/" = { - proxyPass = "localhost:8123"; - }; - }; - }; - }; -} diff --git a/nixosConfigurations/muede-pc2/vscode-server.nix b/nixosConfigurations/muede-pc2/vscode-server.nix deleted file mode 100644 index 7c38e32..0000000 --- a/nixosConfigurations/muede-pc2/vscode-server.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: -{ - services.openvscode-server = { - enable = false; - package = pkgs.unstable.openvscode-server; - telemetryLevel = "off"; - port = 8542; - host = "127.0.0.1"; - withoutConnectionToken = true; - extraPackages = with pkgs; [ - nodejs - git - gh - direnv - ]; - }; - - networking.firewall.allowedTCPPorts = [ - 8542 - 8543 - 8544 - 80 - 1313 - 5201 - ]; -} diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix deleted file mode 100644 index 2a56407..0000000 --- a/nixosConfigurations/ronja-pc/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./hardware.nix - ]; - - config = { - my = { - # keep-sorted start - muedeDesktopSettings.enable = true; - steam.enable = true; - users.ronja.enable = true; - wineGaming.enable = true; - # keep-sorted end - }; - - # Configure keymap in X11 - services.xserver.xkb = { - layout = "de"; - variant = ""; - }; - - # Configure console keymap - console.keyMap = "de"; - - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - ]; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ];}; - }; -} diff --git a/nixosConfigurations/ronja-pc/hardware.nix b/nixosConfigurations/ronja-pc/hardware.nix deleted file mode 100644 index e6ad854..0000000 --- a/nixosConfigurations/ronja-pc/hardware.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ lib, ... }: -{ - boot = { - supportedFilesystems = [ "btrfs" ]; - initrd.supportedFilesystems = [ "btrfs" ]; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ ]; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/27eccf93-a79f-4fcb-8588-ec55d913508f"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/85D4-43FC"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/bf9d19fb-499b-4bfb-b67d-131fa5bf8259"; } - ]; - - hardware.bluetooth.enable = true; - - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - }; -} diff --git a/nixosModules/allowed-unfree-list.nix b/nixosModules/allowed-unfree-list.nix deleted file mode 100644 index 2aee96f..0000000 --- a/nixosModules/allowed-unfree-list.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, config, ... }: -{ - options.my.allowedUnfreePackages = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - example = [ "steam" ]; - }; - - config = { - nixpkgs.config = { - # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085 - allowUnfreePredicate = lib.mkDefault ( - pkg: builtins.elem (lib.getName pkg) config.my.allowedUnfreePackages - ); - }; - }; -} diff --git a/nixosModules/amd-graphics.nix b/nixosModules/amd-graphics.nix deleted file mode 100644 index 1baeb24..0000000 --- a/nixosModules/amd-graphics.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers"; - - config = lib.mkIf config.my.amdGraphics.enable { - boot.kernelModules = [ "amdgpu" ]; - services.xserver.videoDrivers = [ "amdgpu" ]; - - hardware = { - graphics.enable = true; - amdgpu = { - opencl.enable = true; - overdrive.enable = true; - }; - }; - - environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; - }; -} diff --git a/nixosModules/autoupdate.nix b/nixosModules/autoupdate.nix deleted file mode 100644 index 028cfd7..0000000 --- a/nixosModules/autoupdate.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, config, ... }: -{ - options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades"; - - config = lib.mkIf config.my.autoupdate.enable { - nix = { - optimise.automatic = true; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 7d"; - }; - }; - - system.autoUpgrade = { - enable = true; - dates = "daily"; - # do not forget to set `flake` when using this module! - }; - }; -} diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix deleted file mode 100644 index c08d657..0000000 --- a/nixosModules/distributed-builds.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - config, - lib, - allDevices, - thisDevice, - ... -}: -let - clientSshKeyPath = "/etc/nix/distributed-build-key"; - buildUser = "remotebuild"; - - # Collect all per-device public keys that have been registered. - allClientPublicKeys = lib.pipe allDevices [ - (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey)) - (lib.mapAttrsToList (_: v: v.distributedBuilds.clientPublicKey)) - ]; - - isClient = (thisDevice.distributedBuilds or { }) ? clientPublicKey; - - buildServerDevices = lib.filterAttrs ( - _: v: (v.distributedBuilds or { }).isBuilder or false - ) allDevices; - - sshHostname = m: m.publicFqdn or m.hostName; - - buildServerKnownHosts = lib.pipe buildServerDevices [ - (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) - (lib.mapAttrs ( - name: v: { - publicKey = v.distributedBuilds.hostPublicKey; - hostNames = [ (v.publicFqdn or name) ]; - } - )) - ]; - - remoteBuildServerDevices = builtins.filter (m: m.hostName != config.networking.hostName) ( - lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices - ); - - buildMachines = map ( - m: - { - hostName = sshHostname m; - systems = [ m.system ]; - sshUser = buildUser; - sshKey = clientSshKeyPath; - protocol = "ssh-ng"; - } - // lib.optionalAttrs (m.distributedBuilds ? speedFactor) { - speedFactor = m.distributedBuilds.speedFactor; - } - // { - supportedFeatures = [ - "nixos-test" - "big-parallel" - "kvm" - "benchmark" - ]; - } - ) remoteBuildServerDevices; -in -{ - options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds"; - - config = lib.mkIf config.my.distributedBuilds.enable ( - lib.mkMerge [ - - # All machines - { - assertions = - lib.mapAttrsToList (name: v: { - assertion = v.distributedBuilds ? hostPublicKey && v.distributedBuilds ? storeSigningPublicKey; - message = "devices.${name}: isBuilder = true requires distributedBuilds.hostPublicKey and distributedBuilds.storeSigningPublicKey"; - }) buildServerDevices - ++ lib.mapAttrsToList (name: v: { - assertion = lib.hasPrefix "ssh-" v.distributedBuilds.clientPublicKey; - message = "devices.${name}: distributedBuilds.clientPublicKey must start with 'ssh-'"; - }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey) allDevices) - ++ lib.mapAttrsToList (name: v: { - assertion = builtins.match ".+:.+" v.distributedBuilds.storeSigningPublicKey != null; - message = "devices.${name}: distributedBuilds.storeSigningPublicKey must be in ':' format"; - }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices); - - nix.settings = { - #fallback = true; - connect-timeout = 5; - trusted-public-keys = lib.pipe buildServerDevices [ - (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) - (builtins.filter (k: k != null)) - ]; - max-jobs = (thisDevice.distributedBuilds or { }).maxJobs or "auto"; - cores = 0; - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; - }; - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; - } - - # Server: accept incoming build connections - (lib.mkIf (thisDevice.distributedBuilds.isBuilder or false) { - users.users.${buildUser} = { - isSystemUser = true; - group = buildUser; - useDefaultShell = true; - openssh.authorizedKeys.keys = map ( - k: ''command="nix daemon --stdio",restrict ${k}'' - ) allClientPublicKeys; - }; - users.groups.${buildUser} = { }; - nix.settings = { - trusted-users = [ buildUser ]; - secret-key-files = [ "/etc/nix/signing-key.sec" ]; - }; - }) - - # Client: connect to build servers for building and substitution - (lib.mkIf isClient { - programs.ssh = { - knownHosts = buildServerKnownHosts; - extraConfig = lib.concatStringsSep "\n" ( - lib.mapAttrsToList ( - name: v: - let - names = lib.unique [ - name - (v.publicFqdn or name) - ]; - in - '' - Match originalhost ${lib.concatStringsSep "," names} user ${buildUser} - IdentityFile ${clientSshKeyPath} - IdentitiesOnly yes - '' - ) buildServerDevices - ); - }; - nix = { - distributedBuilds = buildMachines != [ ]; - buildMachines = buildMachines; - settings = { - builders-use-substitutes = true; - substituters = map (m: "ssh-ng://${buildUser}@${sshHostname m}") ( - builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices - ); - }; - }; - }) - - ] - ); -} diff --git a/nixosModules/extra-caches.nix b/nixosModules/extra-caches.nix deleted file mode 100644 index 6a72755..0000000 --- a/nixosModules/extra-caches.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, config, ... }: -{ - options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches"; - - config = lib.mkIf config.my.extraCaches.enable { - nix.settings = { - substituters = [ - # keep-sorted start - "https://cache.lix.systems" - "https://cache.nixos.org/" - "https://niri.cachix.org" - "https://nix-community.cachix.org" - "https://nixos-raspberrypi.cachix.org" - # keep-sorted end - ]; - trusted-public-keys = [ - # keep-sorted start - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" - # keep-sorted end - ]; - }; - }; -} diff --git a/nixosModules/firmware-updates.nix b/nixosModules/firmware-updates.nix deleted file mode 100644 index 61b2ff8..0000000 --- a/nixosModules/firmware-updates.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, config, ... }: -{ - options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode"; - - config = lib.mkIf config.my.firmwareUpdates.enable { - hardware = { - enableRedistributableFirmware = true; - cpu = { - amd.updateMicrocode = true; - intel.updateMicrocode = true; - }; - }; - - services.fwupd.enable = true; - }; -} diff --git a/nixosModules/git.nix b/nixosModules/git.nix deleted file mode 100644 index ffe5c78..0000000 --- a/nixosModules/git.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.git.enable = lib.mkEnableOption "git with credential helper"; - - config = lib.mkIf config.my.git.enable { - environment.systemPackages = [ pkgs.git-credential-oauth ]; - - programs.git = { - enable = true; - config = { - init.defaultBranch = "main"; - credential = { - helper = "oauth"; - credentialStore = "cache"; - }; - }; - }; - }; -} diff --git a/nixosModules/globalinstalls.nix b/nixosModules/globalinstalls.nix deleted file mode 100644 index 6c914c7..0000000 --- a/nixosModules/globalinstalls.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools"; - - config = lib.mkIf config.my.globalinstalls.enable { - environment.systemPackages = with pkgs; [ - ncdu - glances - lsof - dig - screen - tldr - nix-output-monitor - ]; - - programs = { - zsh.enable = true; - htop.enable = true; - iotop.enable = true; - nano = { - enable = true; - syntaxHighlight = true; - }; - }; - }; -} diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix deleted file mode 100644 index fd195e8..0000000 --- a/nixosModules/gnome.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.gnome = { - enable = lib.mkEnableOption "GNOME desktop environment"; - keep-default-apps = lib.mkEnableOption "keep gnome default apps"; - }; - - config = lib.mkIf config.my.gnome.enable ( - lib.mkMerge [ - { - services = { - xserver.excludePackages = [ pkgs.xterm ]; - - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome = { - enable = true; - extraGSettingsOverridePackages = [ pkgs.mutter ]; - extraGSettingsOverrides = '' - [org.gnome.mutter] - experimental-features=['scale-monitor-framebuffer'] - ''; - }; - - gnome = { - tinysparql.enable = false; - localsearch.enable = false; - sushi.enable = true; - }; - }; - - programs = { - dconf.enable = true; - gpaste.enable = true; - }; - } - (lib.mkIf (!config.my.gnome.keep-default-apps) { - environment.gnome.excludePackages = with pkgs; [ - cheese # photo booth - epiphany # web browser - evince # document viewer - geary # email client - gnome-maps - gnome-weather - gnome-tour - sysprof - orca # screen reader - gnome-weather - gnome-backgrounds - gnome-user-docs - yelp # help app - gnome-music - totem # video player - snapshot # camera - baobab # disk usage - ]; - }) - ] - ); -} diff --git a/nixosModules/intel-graphics.nix b/nixosModules/intel-graphics.nix deleted file mode 100644 index 619af5a..0000000 --- a/nixosModules/intel-graphics.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers"; - - config = lib.mkIf config.my.intelGraphics.enable { - hardware.graphics = { - extraPackages = with pkgs; [ - intel-media-driver - intel-vaapi-driver - intel-ocl - intel-compute-runtime - vpl-gpu-rt - ]; - extraPackages32 = with pkgs.driversi686Linux; [ - intel-vaapi-driver - intel-media-driver - ]; - }; - environment.systemPackages = with pkgs; [ nvtopPackages.intel ]; - my.allowedUnfreePackages = [ "intel-ocl" ]; - }; -} diff --git a/nixosModules/kdeconnect.nix b/nixosModules/kdeconnect.nix deleted file mode 100644 index bc809c9..0000000 --- a/nixosModules/kdeconnect.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect"; - - config = lib.mkIf config.my.kdeconnect.enable ( - lib.mkMerge [ - { - networking.firewall = - let - kdeconnect-range = { - from = 1714; - to = 1764; - }; - in - { - allowedTCPPortRanges = [ kdeconnect-range ]; - allowedUDPPortRanges = [ kdeconnect-range ]; - }; - - programs.kdeconnect.enable = true; - home-manager.sharedModules = [ - { - services.kdeconnect = { - enable = true; - # this still shows up in gnome session starting with 25.05 - # indicator = true; - }; - } - ]; - } - - (lib.mkIf config.services.desktopManager.gnome.enable { - # replace kdeconnect with gsconnect - programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; - - home-manager.sharedModules = [ - ( - { pkgs, ... }: - { - home.packages = [ pkgs.gnomeExtensions.gsconnect ]; - # enable gsconnect extension - dconf.settings = { - "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; - "org/gnome/shell/extensions/gsconnect".enabled = true; - }; - } - ) - ]; - }) - ] - ); -} diff --git a/nixosModules/latex.nix b/nixosModules/latex.nix deleted file mode 100644 index ce5483d..0000000 --- a/nixosModules/latex.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)"; - - config = lib.mkIf config.my.latex.enable { - environment.systemPackages = with pkgs; [ - fontconfig - texliveFull - texstudio - ]; - }; -} diff --git a/nixosModules/lix-is-nix.nix b/nixosModules/lix-is-nix.nix deleted file mode 100644 index 2bb071e..0000000 --- a/nixosModules/lix-is-nix.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation"; - - config = lib.mkIf config.my.lixIsNix.enable { - nixpkgs.overlays = [ - (_: prev: { - inherit (prev.lixPackageSets.stable) - nixpkgs-review - nix-eval-jobs - nix-fast-build - colmena - ; - }) - ]; - - nix.package = pkgs.lixPackageSets.latest.lix; - }; -} diff --git a/nixosModules/modern-desktop.nix b/nixosModules/modern-desktop.nix deleted file mode 100644 index 7a10531..0000000 --- a/nixosModules/modern-desktop.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, config, ... }: -{ - options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)"; - - config = lib.mkIf config.my.modernDesktop.enable { - services = { - xserver.enable = true; - libinput.enable = true; - flatpak.enable = true; - fstrim.enable = true; - earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - }; - - # Enable sound with pipewire. - security.rtkit.enable = true; - services = { - pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - #jack.enable = true; - }; - }; - - systemd = { - # save some boot time because nothing actually requires network connectivity - services.NetworkManager-wait-online.enable = false; - - # prevent stuck units from preventing shutdown (default is 120s) - settings.Manager.DefaultTimeoutStopSec = "10s"; - }; - - programs = { - xwayland.enable = true; - - appimage = { - enable = true; - binfmt = true; - }; - }; - - system.autoUpgrade = { - allowReboot = false; - operation = "boot"; - }; - }; -} diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix deleted file mode 100644 index 980af13..0000000 --- a/nixosModules/muede-desktop-settings.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; - - config = lib.mkIf config.my.muedeDesktopSettings.enable { - my.overlays.niri.enable = true; - programs.niri.enable = true; - - programs.firefox.enable = true; - - environment.systemPackages = with pkgs; [ - lm_sensors - libreoffice-qt6 - usbutils - ]; - - fonts.enableDefaultPackages = true; - - hardware.logitech.wireless = { - enable = true; - enableGraphical = true; - }; - - # RDP connections - services.gnome.gnome-remote-desktop.enable = true; - networking.firewall.allowedTCPPorts = [ 3389 ]; - }; -} diff --git a/nixosModules/nix-ld.nix b/nixosModules/nix-ld.nix deleted file mode 100644 index ac7ae7b..0000000 --- a/nixosModules/nix-ld.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries"; - - config = lib.mkIf config.my.nixLd.enable { - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc - zlib - zstd - curl - openssl - attr - libssh - bzip2 - libxml2 - acl - libsodium - util-linux - xz - systemd - icu - ]; - }; - }; -} diff --git a/nixosModules/nixpkgs-overlays.nix b/nixosModules/nixpkgs-overlays.nix deleted file mode 100644 index 7a657b1..0000000 --- a/nixosModules/nixpkgs-overlays.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - self, - ... -}: -{ - options.my.overlays = { - enableAll = lib.mkEnableOption "all nixpkgs overlays"; - } - // lib.mapAttrs (_: _: { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }) self.overlays; - - config = lib.mkMerge ( - [ - { - my.overlays = lib.mapAttrs (_: _: { - enable = lib.mkDefault config.my.overlays.enableAll; - }) self.overlays; - } - ] - ++ lib.mapAttrsToList ( - name: overlay: - lib.mkIf config.my.overlays.${name}.enable { - nixpkgs.overlays = [ overlay ]; - } - ) self.overlays - ); -} diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix deleted file mode 100644 index f1ba770..0000000 --- a/nixosModules/openssh.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - lib, - config, - pkgs, - thisDevice, - ... -}: -{ - options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; - - config = lib.mkIf config.my.openssh.enable { - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - # On desktops, hold a systemd sleep inhibitor while SSH connections are active - security.pam.services.sshd.rules.session.ssh-inhibit = lib.mkIf (thisDevice.isDesktop or false) { - order = 10000; - control = "optional"; - modulePath = "${pkgs.pam}/lib/security/pam_exec.so"; - args = [ - "quiet" - "${pkgs.writeShellScript "ssh-inhibit-pam" '' - PIDFILE="/run/ssh-inhibitor-''${PPID}.pid" - case "''${PAM_TYPE:-}" in - open) - ${pkgs.systemd}/bin/systemd-inhibit \ - --what=sleep \ - --who=sshd \ - --why="SSH session active" \ - --mode=block \ - sleep infinity & - echo $! > "$PIDFILE" - ;; - close) - if [ -f "$PIDFILE" ]; then - kill "$(cat "$PIDFILE")" 2>/dev/null || true - rm -f "$PIDFILE" - fi - ;; - esac - ''}" - ]; - }; - }; -} diff --git a/nixosModules/podman.nix b/nixosModules/podman.nix deleted file mode 100644 index b962242..0000000 --- a/nixosModules/podman.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, config, ... }: -{ - options.my.podman.enable = lib.mkEnableOption "Podman container runtime"; - - config = lib.mkIf config.my.podman.enable { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; - }; - }; - }; -} diff --git a/nixosModules/printing.nix b/nixosModules/printing.nix deleted file mode 100644 index 48c41ae..0000000 --- a/nixosModules/printing.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, config, ... }: -{ - options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)"; - - config = lib.mkIf config.my.printing.enable { - services = { - # Enable CUPS to print documents. - printing.enable = true; - - avahi = { - enable = true; # runs the Avahi daemon - nssmdns4 = true; # enables the mDNS NSS plug-in - openFirewall = true; # opens the firewall for UDP port 5353 - }; - }; - }; -} diff --git a/nixosModules/prometheus-node.nix b/nixosModules/prometheus-node.nix deleted file mode 100644 index f5e02fc..0000000 --- a/nixosModules/prometheus-node.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, config, ... }: -{ - options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter"; - - config = lib.mkIf config.my.prometheusNode.enable { - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - port = 9190; - enabledCollectors = [ - # keep-sorted start - "cgroups" - "interrupts" - "softirqs" - "swap" - "systemd" - "tcpstat" - "wifi" - # keep-sorted end - ]; - }; - }; - }; -} diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix deleted file mode 100644 index a70266a..0000000 --- a/nixosModules/pxvirt-guest.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - lib, - config, - ... -}: -{ - options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration"; - - config = lib.mkIf config.my.pxvirtGuest.enable { - # Let Proxmox host handle fstrim - services.fstrim.enable = false; - - # TODO is this needed - # Cache DNS lookups to improve performance - services.resolved.extraConfig = '' - Cache=true - CacheFromLocalhost=true - ''; - - boot.loader.systemd-boot.enable = lib.mkForce false; - }; -} diff --git a/nixosModules/quiet-boot.nix b/nixosModules/quiet-boot.nix deleted file mode 100644 index 84bae5f..0000000 --- a/nixosModules/quiet-boot.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash"; - - config = lib.mkIf config.my.quietBoot.enable { - boot = { - kernelParams = [ - "quiet" - "udev.log_level=3" - "udev.log_priority=3" - "rd.systemd.show_status=auto" - ]; - consoleLogLevel = 0; - initrd = { - verbose = false; - systemd.enable = true; # required fpr graphical LUKS prompt - }; - plymouth = { - enable = true; - theme = "catppuccin-mocha"; - themePackages = [ - (pkgs.catppuccin-plymouth.override { - variant = "mocha"; - }) - ]; - }; - }; - }; -} diff --git a/nixosModules/secure-boot.nix b/nixosModules/secure-boot.nix deleted file mode 100644 index 948d1c4..0000000 --- a/nixosModules/secure-boot.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote"; - - config = lib.mkIf config.my.secureBoot.enable { - # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md - # To enroll: - # 1. sudo sbctl create-keys - # 2. enable this module, rebuild - # 3. Put Secure Boot in Setup mode - # 4. sudo sbctl verify - # 5. sudo sbctl enroll-keys --microsoft - # 6, reboot - # 7. sudo sbctl status - - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; - - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - }; -} diff --git a/nixosModules/steam.nix b/nixosModules/steam.nix deleted file mode 100644 index 3a4f25a..0000000 --- a/nixosModules/steam.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ lib, config, ... }: -{ - options.my.steam.enable = lib.mkEnableOption "Steam gaming platform"; - - config = lib.mkIf config.my.steam.enable { - hardware.steam-hardware.enable = true; - - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - gamescopeSession.enable = false; - }; - gamemode.enable = true; - }; - - # steam network transfer - networking.firewall = { - allowedUDPPorts = [ 3478 ]; - allowedTCPPorts = [ 24070 ]; - - allowedTCPPortRanges = [ - { - from = 27015; - to = 27050; - } - ]; - - allowedUDPPortRanges = [ - { - from = 4379; - to = 4380; - } - { - from = 27000; - to = 27100; - } - ]; - }; - - my.allowedUnfreePackages = [ - "steam" - "steam-original" - "steam-run" - "steam-unwrapped" - ]; - }; -} diff --git a/nixosModules/stylix.nix b/nixosModules/stylix.nix deleted file mode 100644 index 4b30dc7..0000000 --- a/nixosModules/stylix.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)"; - - config = lib.mkIf config.my.stylix.enable { - stylix = { - enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - override = { - scheme = "Catppuccin Mocha Pride"; - - base09 = "#6f9dff"; - base0A = "#d162a4"; - base0B = "#a8c9ff"; - base0C = "#a30262"; - - # pink_light = "#d162a4"; - # pink_dark = "#a30262"; - # blue_light = "#5BCEFA"; - # blue_dark = "#4a6bb1"; - - # original values - # base00: "#1e1e2e" # base - - # base01: "#181825" # mantle - # base02: "#313244" # surface0 - # base03: "#45475a" # surface1 - # base04: "#585b70" # surface2 - # base05: "#cdd6f4" # text - # base06: "#f5e0dc" # rosewater - # base07: "#b4befe" # lavender - # base08: "#f38ba8" # red - # base09: "#fab387" # peach - # base0A: "#f9e2af" # yellow - # base0B: "#a6e3a1" # green - # base0C: "#94e2d5" # teal - # base0D: "#89b4fa" # blue - # base0E: "#cba6f7" # mauve - # base0F: "#f2cdcd" # flamingo - - # https://github.com/chriskempson/base16/blob/main/styling.md - # base00 - Default Background - # base01 - Lighter Background (Used for status bars, line number and folding marks) - # base02 - Selection Background - # base03 - Comments, Invisibles, Line Highlighting - # base04 - Dark Foreground (Used for status bars) - # base05 - Default Foreground, Caret, Delimiters, Operators - # base06 - Light Foreground (Not often used) - # base07 - Light Background (Not often used) - # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted - # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url - # base0A - Classes, Markup Bold, Search Text Background - # base0B - Strings, Inherited Class, Markup Code, Diff Inserted - # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes - # base0D - Functions, Methods, Attribute IDs, Headings - # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed - # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. - }; - image = config.lib.stylix.pixel "base00"; - polarity = "dark"; - targets = { - gnome.enable = false; - gtk.enable = false; - gtksourceview.enable = false; - fontconfig.enable = true; - plymouth.enable = false; - }; - fonts = { - sansSerif = { - name = "Inter Nerd Font"; - package = pkgs.inter-nerdfont; - }; - monospace = { - name = "FiraCode Nerd Font Mono"; - package = pkgs.nerd-fonts.fira-code; - }; - }; - icons = { - enable = true; - dark = "Adwaita"; - light = "Adwaita"; - package = pkgs.adwaita-icon-theme; - }; - cursor = { - name = "Adwaita"; - size = 16; - package = pkgs.adwaita-icon-theme; - }; - }; - }; -} diff --git a/nixosModules/systemd-boot.nix b/nixosModules/systemd-boot.nix deleted file mode 100644 index e44f9dc..0000000 --- a/nixosModules/systemd-boot.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, config, ... }: -{ - options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader"; - - config = lib.mkIf config.my.systemdBoot.enable { - boot.loader = { - timeout = 3; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; # do not allow changing kernel parameters - consoleMode = "max"; - }; - }; - }; -} diff --git a/nixosModules/tailscale.nix b/nixosModules/tailscale.nix deleted file mode 100644 index 55295f9..0000000 --- a/nixosModules/tailscale.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN"; - - config = lib.mkIf config.my.tailscale.enable { - services.tailscale = { - enable = true; - openFirewall = true; - }; - - networking.firewall.checkReversePath = "loose"; - }; -} diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix deleted file mode 100644 index 078cb96..0000000 --- a/nixosModules/user-muede.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.users.muede.enable = lib.mkEnableOption "muede user account"; - - config = lib.mkIf config.my.users.muede.enable { - users.users.muede = { - isNormalUser = true; - uid = 1000; - name = "muede"; - description = "müde"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "dialout" - "podman" - "nginx" - "adbusers" - "kvm" - "input" - "video" - ]; - shell = pkgs.zsh; - autoSubUidGidRange = true; - }; - - nix.settings.trusted-users = [ "muede" ]; - - my.allowedUnfreePackages = [ - "rider" - "pycharm-professional" - "jetbrains-toolbox" - - "anydesk" - - "vscode-extension-ms-dotnettools-csharp" - - "claude-code" - ]; - }; -} diff --git a/nixosModules/user-ronja.nix b/nixosModules/user-ronja.nix deleted file mode 100644 index 46319eb..0000000 --- a/nixosModules/user-ronja.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.users.ronja.enable = lib.mkEnableOption "ronja user account"; - - config = lib.mkIf config.my.users.ronja.enable { - users.users.ronja = { - isNormalUser = true; - name = "ronja"; - description = "Ronja"; - home = "/home/ronja"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "podman" - "openvscode-server" - ]; - shell = pkgs.zsh; - }; - - nix.settings.trusted-users = [ "ronja" ]; - }; -} diff --git a/nixosModules/wine-gaming.nix b/nixosModules/wine-gaming.nix deleted file mode 100644 index 58b0099..0000000 --- a/nixosModules/wine-gaming.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)"; - - config = lib.mkIf config.my.wineGaming.enable { - hardware = { - graphics = { - enable32Bit = true; - extraPackages = with pkgs; [ mangohud ]; - extraPackages32 = with pkgs; [ mangohud ]; - }; - - xpadneo.enable = true; - }; - - environment.systemPackages = with pkgs; [ - wineWowPackages.stagingFull - wineWowPackages.fonts - winetricks - dxvk - mangohud - vulkan-tools - mesa-demos - ]; - }; -} diff --git a/vinzenz-lpt.nix b/vinzenz-lpt.nix new file mode 100644 index 0000000..e184e77 --- /dev/null +++ b/vinzenz-lpt.nix @@ -0,0 +1,21 @@ +{...}: { + imports = [ + (import ./modules { + hostName = "vinzenz-lpt"; + enableHomeManager = true; + }) + ]; + + config = { + my = { + enabledUsers = ["vinzenz"]; + desktop = { + enableGnome = true; + enableGaming = true; + }; + }; + + # flatpak xdg-portal-kde crashes, otherwise this would be global + services.flatpak.enable = true; + }; +} diff --git a/vinzenz-pc2.nix b/vinzenz-pc2.nix new file mode 100644 index 0000000..a67ce96 --- /dev/null +++ b/vinzenz-pc2.nix @@ -0,0 +1,22 @@ +{pkgs, ...}: { + imports = [ + (import ./modules { + hostName = "vinzenz-pc2"; + enableHomeManager = true; + }) + ]; + + config = { + my = { + enabledUsers = ["vinzenz" "ronja"]; + desktop = { + enableKde = true; + enableGaming = true; + }; + }; + + users.users.vinzenz.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming" + ]; + }; +}