vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:main
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg
..
compare: vinzenz:headscale
Branches Tags
vinzenz:main
vinzenz:qs
vinzenz:headscale
vinzenz:vpn1-wg

4 commits
main ... headscale

Author SHA1 Message Date
Vinzenz Schroeter
da3ac92eb6 headscale: enable DERP 2026-01-25 12:23:49 +01:00
Vinzenz Schroeter
2a68f77860 headscale/blog: fix url, force ssl, proxy websockets 2026-01-25 12:23:49 +01:00
Vinzenz Schroeter
af4e09ebd7 vpn2: split nginx config 2026-01-25 12:23:49 +01:00
Vinzenz Schroeter
56b1e85109 add headscale 2026-01-25 12:23:49 +01:00
94 changed files with 1431 additions and 2552 deletions
Download patch file Download diff file Expand all files Collapse all files

46
README.md
View file

@ -1,46 +0,0 @@
# nixos-configuration
Personal NixOS configuration for all machines. Devices are declared in `devices.nix`, per-device configs live in `nixosConfigurations/<name>/`, and shared modules in `nixosModules/`.
## Distributed builds
Machines are configured to act as build servers / binary caches for each other in devices.nix.
### Onboarding a device as a build client
1. Generate a key pair on the device:
```sh
sudo ssh-keygen -t ed25519 -f /etc/nix/distributed-build-key -N "" -C "$(hostname)-nix-builds" && sudo cat /etc/nix/distributed-build-key.pub
```
2. Add the public key to the device entry in `devices.nix`:
```nix
distributedBuilds.clientPublicKey = "ssh-ed25519 AAAA... <hostname>-nix-builds";
```
3. Rebuild all build machines so they pick up the new authorized key.
### Adding a build server
1. Add to its entry in `devices.nix`:
```nix
distributedBuilds.isBuilder = true;
distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 "$(hostname)"
```
2. Generate a store signing key on the builder:
```sh
sudo nix key generate-secret --key-name "$(hostname)" | sudo tee /etc/nix/signing-key.sec | sudo nix key convert-secret-to-public
```
3. Add the printed public key to `devices.nix`:
```nix
distributedBuilds.storeSigningPublicKey = "<hostname>:<base64...>";
```
4. Rebuild all machines so they trust the new signing key.

77
devices.nix
View file

@ -1,77 +0,0 @@
{ self }:
let
nixos-raspberrypi = self.inputs.nixos-raspberrypi;
in
{
# keep-sorted start block=yes
aur0ra = {
system = "aarch64-linux";
nixosSystem = nixos-raspberrypi.lib.nixosSystem;
};
aur0ra-installer = {
# build with nix build .\#nixosConfigurations.aur0ra-installer.config.system.build.sdImage
system = "aarch64-linux";
nixosSystem = nixos-raspberrypi.lib.nixosInstaller;
};
damocles = {
system = "x86_64-linux";
distributedBuilds.maxJobs = 0;
};
damocles-lab = {
system = "x86_64-linux";
distributedBuilds.maxJobs = 0;
};
epimetheus = {
system = "aarch64-linux";
};
forgejo-runner-1 = {
system = "aarch64-linux";
publicFqdn = "forgejo-runner-1.dev.zerforschen.plus";
distributedBuilds = {
isBuilder = true;
speedFactor = 1;
clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0NLgg0sFobBWz/bjYs9WkrMvlcvJC5F6+3jQ/b+AnD forgejo-runner-1-nix-builds";
hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANGC89GiT5xCsFICwrharrbV3q7acWHqk6ZwOUXbtGT";
storeSigningPublicKey = "forgejo-runner-1:ln1FVLL8G5+IveQuBi/Kn3SaqFZ1gaiQrE3yPlMhCMA=";
};
};
hetzner-vpn2 = {
system = "aarch64-linux";
};
muede-lpt2 = {
system = "x86_64-linux";
isDesktop = true;
home-manager-users = {
inherit (self.homeConfigurations) muede;
};
distributedBuilds = {
isBuilder = true;
speedFactor = 2;
hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGKoZ68wwyVRmPB0SkvpJUyUMDWeFbC5Je9zukyEOh7";
clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAbojdhb3PfazSRmudvo381Y+zUFVLMa7AbWbfK/Zp2 muede-lpt2-nix-builds";
storeSigningPublicKey = "muede-lpt2:3csut7FW6oZK/ztRLBRC80LSBfFE3qzl+aIYgOixB6U=";
};
};
muede-pc2 = {
system = "x86_64-linux";
isDesktop = true;
home-manager-users = {
inherit (self.homeConfigurations) muede;
};
distributedBuilds = {
isBuilder = true;
speedFactor = 4;
hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEQQS5XNoj62Oj85xQfIuLORwoBRwfqjvfBHHsiI+RH";
clientPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmnyhP6L+kGHV15cb/d31AQr50wSEaQhkUBwy2+OEKk muede-pc2-nix-builds";
storeSigningPublicKey = "muede-pc2:fqQO0E0y65MjUWlQnrgWt5ZsmQKlKCv4jls3CmUXDEQ=";
};
};
ronja-pc = {
system = "x86_64-linux";
isDesktop = true;
home-manager-users = {
inherit (self.homeConfigurations) ronja;
};
};
# keep-sorted end
}

275
flake.lock generated
View file

@ -1,21 +1,5 @@
{
"nodes": {
"argononed": {
"flake": false,
"locked": {
"lastModified": 1729566243,
"narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=",
"owner": "nvmd",
"repo": "argononed",
"rev": "16dbee54d49b66d5654d228d1061246b440ef7cf",
"type": "github"
},
"original": {
"owner": "nvmd",
"repo": "argononed",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@ -143,21 +127,6 @@
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1777830388,
"narHash": "sha256-2uoQAqUk2H0ijQtGiWAyNeQYGYc6yfAcRRLlJAz4Gp8=",
"owner": "ipetkov",
"repo": "crane",
"rev": "d459c1350e96ce1a7e3859c513ef5e9869d67d6f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
@ -212,31 +181,16 @@
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@ -330,11 +284,11 @@
]
},
"locked": {
"lastModified": 1775425411,
"narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"lastModified": 1768949235,
"narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5",
"type": "github"
},
"original": {
@ -378,11 +332,11 @@
]
},
"locked": {
"lastModified": 1777031541,
"narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=",
"lastModified": 1768908532,
"narHash": "sha256-HIdLXEFaUVE8FiaCPJbCfBMsnF+mVtDub8Jwj2BD+mk=",
"owner": "nix-community",
"repo": "naersk",
"rev": "5e73301621274c44798bf6c6211ed27fc2ced201",
"rev": "8d97452673640eb7fabe428e8b6a425bc355008b",
"type": "github"
},
"original": {
@ -405,11 +359,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1777472199,
"narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=",
"lastModified": 1769170609,
"narHash": "sha256-LiyaKNga2z/iG4pNr86iQLySEDoOytEzTCblxzRjnCk=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "323a80f2ce4541c595d491acbd15a8800201cbae",
"rev": "08d6e6adf34b0af12be7eaeacc0b4c1a8580b3da",
"type": "github"
},
"original": {
@ -438,11 +392,11 @@
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1777468255,
"narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=",
"lastModified": 1768678265,
"narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d",
"rev": "d7184a04b904e07113f4623610775ae78d32394c",
"type": "github"
},
"original": {
@ -473,11 +427,11 @@
]
},
"locked": {
"lastModified": 1777434090,
"narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=",
"lastModified": 1769134548,
"narHash": "sha256-16UWbfkIEaG728vwCdXM5C/8f1NLqBwZc039p8Yj9CA=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b",
"rev": "969bb9a90fa1365e8b5028d1b67dbd439b268675",
"type": "github"
},
"original": {
@ -509,11 +463,11 @@
]
},
"locked": {
"lastModified": 1769813415,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
"lastModified": 1764234087,
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
"type": "github"
},
"original": {
@ -522,61 +476,13 @@
"type": "github"
}
},
"nixos-images": {
"inputs": {
"nixos-stable": [
"nixos-raspberrypi",
"nixpkgs"
],
"nixos-unstable": [
"nixos-raspberrypi",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747747741,
"narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=",
"owner": "nvmd",
"repo": "nixos-images",
"rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "sdimage-installer",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-raspberrypi": {
"inputs": {
"argononed": "argononed",
"flake-compat": "flake-compat_2",
"nixos-images": "nixos-images",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1775857096,
"narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=",
"owner": "nvmd",
"repo": "nixos-raspberrypi",
"rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "main",
"repo": "nixos-raspberrypi",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1775595990,
"narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=",
"lastModified": 1769089682,
"narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2",
"rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
"type": "github"
},
"original": {
@ -588,11 +494,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1774748309,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
@ -603,11 +509,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1777270315,
"narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=",
"lastModified": 1768875095,
"narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6368eda62c9775c38ef7f714b2555a741c20c72d",
"rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0",
"type": "github"
},
"original": {
@ -618,22 +524,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1777077449,
"narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1757545623,
"narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=",
@ -649,29 +539,6 @@
"type": "github"
}
},
"nova-shell": {
"inputs": {
"crane": "crane_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"quickshell": "quickshell",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1778180483,
"narHash": "sha256-35cMiZn5DAnYFpKFdWg5dxW7hLO3/ey743ED6yV3pL8=",
"ref": "refs/heads/main",
"rev": "dfa3840d97186fef3480b49f289acd3ae707ee27",
"revCount": 626,
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/nova-shell"
},
"original": {
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/nova-shell"
}
},
"nur": {
"inputs": {
"flake-parts": [
@ -682,11 +549,11 @@
]
},
"locked": {
"lastModified": 1777499139,
"narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=",
"lastModified": 1769190062,
"narHash": "sha256-HXy1M80RWBW7cIIMQ/bBV/pMa3NmK6MYOOz/kA4bHIw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc",
"rev": "82023efed13ef3c1bfe99f0cd669139b4a2d2694",
"type": "github"
},
"original": {
@ -721,27 +588,6 @@
"type": "github"
}
},
"quickshell": {
"inputs": {
"nixpkgs": [
"nova-shell",
"nixpkgs"
]
},
"locked": {
"lastModified": 1776066068,
"narHash": "sha256-SwKVkgEsqsp5ki9m7fqvhncb5MjvH1hlZqbn3s+x/Uk=",
"ref": "refs/heads/master",
"rev": "fb08eced449e87e47321e95beeb890a63d2c67bd",
"revCount": 801,
"type": "git",
"url": "https://git.outfoxxed.me/outfoxxed/quickshell"
},
"original": {
"type": "git",
"url": "https://git.outfoxxed.me/outfoxxed/quickshell"
}
},
"root": {
"inputs": {
"flake-parts": "flake-parts",
@ -752,16 +598,14 @@
"nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-generators": "nixos-generators",
"nixos-raspberrypi": "nixos-raspberrypi",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"nova-shell": "nova-shell",
"nur": "nur",
"servicepoint-cli": "servicepoint-cli",
"servicepoint-simulator": "servicepoint-simulator",
"servicepoint-tanks": "servicepoint-tanks",
"stylix": "stylix",
"treefmt-nix": "treefmt-nix_2",
"treefmt-nix": "treefmt-nix",
"zerforschen-plus": "zerforschen-plus"
}
},
@ -819,11 +663,11 @@
]
},
"locked": {
"lastModified": 1771709842,
"narHash": "sha256-zbKj2waitgCFE/I4DcV4lWMRkQ7gDOa9QgPXVTao5+g=",
"lastModified": 1764875421,
"narHash": "sha256-ZO9wiokPhropwsU3BfIgjm1bc59SIyqrfjfnFCM2Q68=",
"ref": "refs/heads/main",
"rev": "6c731e3f5ac0fc63e3cf1e727856f3a3327fddfb",
"revCount": 52,
"rev": "fa892558f123c5d5395663fa666466c73b997245",
"revCount": 48,
"type": "git",
"url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git"
},
@ -840,7 +684,7 @@
"nix-filter": [
"nix-filter"
],
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1757763091,
@ -903,11 +747,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1776894428,
"narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=",
"lastModified": 1768493544,
"narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=",
"owner": "nix-community",
"repo": "stylix",
"rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d",
"rev": "362306faaa7459bebf8eabf135879785f3da9bd2",
"type": "github"
},
"original": {
@ -1016,36 +860,15 @@
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nova-shell",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"lastModified": 1768158989,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"type": "github"
},
"original": {
@ -1074,11 +897,11 @@
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1773622265,
"narHash": "sha256-wToKwH7IgWdGLMSIWksEDs4eumR6UbbsuPQ42r0oTXQ=",
"lastModified": 1768765571,
"narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "a879e5e0896a326adc79c474bf457b8b99011027",
"rev": "ed1cef792b4def3321ff9ab5479df09609f17a69",
"type": "github"
},
"original": {

132
flake.nix
View file

@ -23,10 +23,8 @@
};
niri = {
url = "github:sodiboo/niri-flake";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs";
};
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs";
};
nix-filter.url = "github:numtide/nix-filter";
nix-vscode-extensions = {
@ -37,13 +35,6 @@
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-raspberrypi = {
url = "github:nvmd/nixos-raspberrypi/main";
};
nova-shell = {
url = "git+https://git.berlin.ccc.de/vinzenz/nova-shell";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nur = {
url = "github:nix-community/NUR";
inputs = {
@ -96,18 +87,55 @@
inputs@{
self,
nixpkgs,
home-manager,
# keep-sorted start
lanzaboote,
niri,
nix-vscode-extensions,
nixos-generators,
nixpkgs-unstable,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
treefmt-nix,
zerforschen-plus,
# keep-sorted end
...
}:
let
devices = {
vinzenz-lpt2 = {
system = "x86_64-linux";
home-manager-users = {
inherit (self.homeConfigurations) vinzenz;
};
};
vinzenz-pc2 = {
system = "x86_64-linux";
home-manager-users = {
inherit (self.homeConfigurations) vinzenz;
};
};
ronja-pc = {
system = "x86_64-linux";
home-manager-users = {
inherit (self.homeConfigurations) ronja;
};
};
hetzner-vpn2 = {
system = "aarch64-linux";
};
forgejo-runner-1 = {
system = "aarch64-linux";
};
epimetheus = {
system = "aarch64-linux";
};
};
inherit (nixpkgs) lib;
nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; };
supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations);
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
treefmt-config = {
projectRootFile = "flake.nix";
programs = {
@ -136,29 +164,74 @@
in
{
overlays = {
unstable = final: prev: {
unstable-packages = final: prev: {
unstable = import nixpkgs-unstable {
localSystem = prev.stdenv.hostPlatform;
inherit (prev) config;
inherit (prev) system config;
};
};
vscodeExtensions = nix-vscode-extensions.overlays.default;
niri = niri.overlays.niri;
};
nixosModules = (importModuleDir ./nixosModules) // {
niri =
{ pkgs, ... }:
{
imports = [ niri.nixosModules.niri ];
nixpkgs.overlays = [ niri.overlays.niri ];
programs.niri = {
enable = true;
#package = pkgs.niri-stable;
};
};
pkgs-unstable = {
nixpkgs.overlays = [ self.overlays.unstable-packages ];
};
pkgs-vscode-extensions = {
nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
};
# required modules to use other modules, should not do anything on their own
default = {
imports = builtins.attrValues (builtins.removeAttrs self.nixosModules [ "default" ]);
imports = [ self.nixosModules.allowed-unfree-list ];
};
};
homeModules = importModuleDir ./homeModules;
homeConfigurations = {
muede = ./homeConfigurations/muede;
vinzenz = ./homeConfigurations/vinzenz;
ronja = ./homeConfigurations/ronja;
};
inherit nixosConfigurations;
nixosConfigurations = forDevice (
{
device,
system,
home-manager-users ? { },
}:
let
specialArgs = inputs // {
inherit device home-manager-users;
};
in
nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [
{
imports = [
./nixosConfigurations/${device}
self.nixosModules.global-settings
]
++ (lib.optionals (home-manager-users != { }) [
self.nixosModules.global-settings-desktop
]);
nixpkgs = {
inherit system;
hostPlatform = lib.mkDefault system;
};
}
];
}
);
formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper);
@ -168,5 +241,22 @@
formatting = treefmt-eval.config.build.check self;
}
);
packages = forAllSystems (
{ ... }:
{
nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "proxmox-lxc";
specialArgs = inputs // {
device = "nixos-aarch64-pxvirt-lxc-template";
};
modules = [
self.nixosModules.global-settings
self.nixosModules.pxvirt-guest
];
};
}
);
};
}

35
homeConfigurations/muede/git.nix
View file

@ -1,35 +0,0 @@
{
programs = {
git = {
enable = true;
settings = {
user = {
name = "müde";
email = "git@darkest.space";
};
aliases = {
prettylog = "log --pretty=oneline --graph";
spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d";
};
pull.ff = "only";
merge.tool = "kdiff3";
push.autoSetupRemote = "true";
credential.credentialStore = "cache";
};
ignores = [
".direnv"
".idea"
".envrc"
];
};
git-credential-oauth.enable = true;
gh = {
enable = true;
gitCredentialHelper.enable = true;
};
};
}

18
homeConfigurations/muede/podman.nix
View file

@ -1,18 +0,0 @@
{
services.podman = {
settings = {
policy = {
default = [ { type = "reject"; } ];
transports = {
docker-daemon = {
"" = [ { type = "insecureAcceptAnything"; } ];
};
docker = {
"docker.io/library/debian" = [ { type = "insecureAcceptAnything"; } ];
"docker.io/library/rust" = [ { type = "insecureAcceptAnything"; } ];
};
};
};
};
};
}

27
homeConfigurations/muede/swayidle.nix
View file

@ -1,27 +0,0 @@
{ pkgs, ... }:
{
services.swayidle =
let
lock-command = "${pkgs.systemd}/bin/loginctl lock-session";
in
{
enable = true;
systemdTarget = "graphical-session.target";
timeouts = [
{
timeout = 30;
command = lock-command;
}
{
timeout = 60 * 10;
command = "${pkgs.systemd}/bin/systemctl suspend";
}
];
events = [
{
event = "before-sleep";
command = "${pkgs.playerctl}/bin/playerctl pause; ${lock-command}";
}
];
};
}

28
homeConfigurations/muede/swaylock.nix
View file

@ -1,28 +0,0 @@
# based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix#
{ pkgs, ... }:
{
stylix.targets.swaylock = {
enable = true;
useWallpaper = true;
};
programs.swaylock = {
enable = true;
package = pkgs.swaylock-effects;
# https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd
settings = {
screenshot = false;
effect-blur = "9x9";
effect-vignette = "0.2:0.2";
fade-in = 0.5;
font-size = 75;
indicator-caps-lock = true;
clock = true;
indicator-radius = 400;
show-failed-attempts = true;
ignore-empty-password = true;
grace = 3.5;
indicator-thickness = 20;
};
};
}

330
homeConfigurations/muede/waybar.css
View file

@ -1,330 +0,0 @@
/* #region stylix overrides*/
.modules-left #workspaces button,
.modules-left #workspaces button.focused,
.modules-left #workspaces button.active,
.modules-center #workspaces button,
.modules-center #workspaces button.focused,
.modules-center #workspaces button.active,
.modules-right #workspaces button,
.modules-right #workspaces button.focused,
.modules-right #workspaces button.active {
border-bottom: unset;
}
/* #endregion */
* {
font-family: monospace;
font-size: 13px;
}
window#waybar {
transition-property: background-color;
transition-duration: 0.5s;
/* Gradient border spanning the entire waybar window */
border-bottom: 3px solid transparent;
background-clip: padding-box, border-box;
background-origin: padding-box, border-box;
background-image:
linear-gradient(135deg, @base00, @base01),
linear-gradient(135deg, @base0C, @base09);
}
/* Common pill styling for all widgets */
#clock,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#wireplumber,
#custom-media,
#mode,
#scratchpad,
#mpd,
#custom-weather,
#battery,
#power-profiles-daemon,
#idle_inhibitor,
#custom-swaync,
#bluetooth,
#mpris,
#upower,
#workspaces,
#window,
#tray,
#custom-wlogout,
#privacy-item {
margin: 0px 4px 6px;
padding: 0px 8px;
background: linear-gradient(135deg, @base02, @base01);
border-radius: 15px;
border: 2px solid;
transition: all 0.3s ease;
}
/* special treatment for weird sized widgets */
#custom-wlogout,
#power-profiles-daemon,
#idle_inhibitor {
padding: 0px 10px 0px 8px;
}
#workspaces {
padding-left: 0;
padding-right: 0;
}
/* Individual widget colors */
#workspaces,
#window,
#tray {
border-color: @base0D;
}
#workspaces button {
padding: 0 6px;
background-color: transparent;
color: @base05;
border-radius: 15px;
border: none;
transition: all 0.3s ease;
}
#workspaces button:hover {
background: @base03;
}
#workspaces button.focused,
#workspaces button.active {
background-color: @base03;
color: @base07;
}
#workspaces button.urgent {
background-color: @base08;
color: @base00;
}
#clock {
color: @base07;
border-color: @base0D;
}
#cpu {
color: @base09;
border-color: @base09;
}
#memory {
color: @base0E;
border-color: @base0E;
}
#disk {
color: @base0D;
border-color: @base0D;
}
#temperature {
color: @base08;
border-color: @base08;
}
#backlight {
color: @base0A;
border-color: @base0A;
}
#network {
color: @base0B;
border-color: @base0B;
}
#pulseaudio,
#wireplumber {
color: @base0D;
border-color: @base0D;
}
#custom-media {
color: @base0E;
border-color: @base0E;
}
#mode {
color: @base05;
border-color: @base03;
box-shadow: inset 0 -3px @base05;
}
#mpd {
color: @base0E;
border-color: @base0E;
}
#custom-weather {
color: @base0B;
border-color: @base0B;
}
#battery,
#power-profiles-daemon,
#idle_inhibitor {
color: @base05;
border-color: @base03;
}
#custom-swaync {
color: @base0E;
border-color: @base0E;
}
#bluetooth {
color: @base0D;
border-color: @base0D;
}
#mpris {
color: @base0E;
border-color: @base0E;
}
#upower {
color: @base0B;
border-color: @base0B;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
/* Battery states with colored glows */
#battery.charging {
box-shadow: 0 0 6px rgba(168, 201, 255, 0.6);
border-color: @base0B;
color: @base0B;
}
#battery.warning:not(.charging) {
box-shadow: 0 0 6px rgba(209, 98, 164, 0.6);
border-color: @base0A;
color: @base0A;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
box-shadow: 0 0 6px rgba(243, 139, 168, 0.8);
border-color: @base08;
color: @base08;
animation-name: blink;
animation-duration: 0.5s;
/* Using steps() instead of linear as a timing function to limit cpu usage */
animation-timing-function: steps(12);
animation-iteration-count: infinite;
animation-direction: alternate;
}
/* Bluetooth connected state */
#bluetooth.connected {
box-shadow: 0 0 6px rgba(137, 180, 250, 0.5);
}
/* Power profiles with state-appropriate glows */
#power-profiles-daemon.performance {
box-shadow: 0 0 6px rgba(243, 139, 168, 0.6);
border-color: @base08;
color: @base08;
}
#power-profiles-daemon.balanced {
box-shadow: 0 0 6px rgba(137, 180, 250, 0.6);
border-color: @base0D;
color: @base0D;
}
#power-profiles-daemon.power-saver {
box-shadow: 0 0 6px rgba(168, 201, 255, 0.6);
border-color: @base0B;
color: @base0B;
}
/* Idle inhibitor with state glow */
#idle_inhibitor.activated {
box-shadow: 0 0 6px rgba(137, 180, 250, 0.6);
border-color: @base0D;
color: @base0D;
}
/* MPD states with glows */
#mpd.playing {
box-shadow: 0 0 6px rgba(168, 201, 255, 0.5);
border-color: @base0B;
color: @base0B;
}
#mpd.paused {
box-shadow: 0 0 6px rgba(203, 166, 247, 0.5);
border-color: @base0E;
color: @base0E;
}
#mpd.disconnected,
#mpd.stopped {
color: @base04;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
box-shadow: 0 0 6px rgba(243, 139, 168, 0.8);
border-color: @base08;
}
#privacy {
padding: 0;
}
#privacy-item.screenshare {
box-shadow: 0 0 6px rgba(209, 98, 164, 0.6);
border-color: @base0A;
color: @base0A;
}
#privacy-item.audio-in {
box-shadow: 0 0 6px rgba(168, 201, 255, 0.6);
border-color: @base0B;
color: @base0B;
}
#privacy-item.audio-out {
box-shadow: 0 0 6px rgba(137, 180, 250, 0.6);
border-color: @base0D;
color: @base0D;
}
/* Custom wlogout button */
#custom-wlogout {
color: @base08;
border-color: @base08;
}
#custom-wlogout:hover {
box-shadow: 0 0 6px rgba(243, 139, 168, 0.5);
}

8
homeConfigurations/ronja/default.nix
View file

@ -2,14 +2,6 @@
{
imports = [ ./vscode.nix ];
config = {
my = {
# keep-sorted start
nano.enable = true;
templates.enable = true;
zsh.enable = true;
# keep-sorted end
};
home.packages = with pkgs; [
## Apps
telegram-desktop

23
homeConfigurations/vinzenz/.config/containers/policy.json Normal file
View file

@ -0,0 +1,23 @@
{
"default": [
{
"type": "reject"
}
],
"transports": {
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
},
"docker": {
"docker.io/library/debian": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}

84
homeConfigurations/muede/default.nix → homeConfigurations/vinzenz/default.nix
View file

@ -9,32 +9,22 @@
./git.nix
./gnome.nix
./niri.nix
./podman.nix
./ssh.nix
./starship.nix
./swayidle.nix
#./swaylock.nix
#./swaync.nix
./swaylock.nix
./swaync.nix
./vscode.nix
# ./waybar.nix
# ./wlogout.nix
./waybar.nix
./wlogout.nix
./zsh.nix
# keep-sorted end
];
config = {
my = {
# keep-sorted start
gnome-extensions.enable = true;
nano.enable = true;
templates.enable = true;
zsh.enable = true;
# keep-sorted end
};
programs = {
home-manager.enable = true;
fzf.enable = true;
git-credential-oauth.enable = true;
direnv = {
enable = true;
@ -58,50 +48,52 @@
};
chromium.enable = true;
nova-shell = {
enable = true;
theme = {
fontSize = 14;
};
#modules.backgroundOverlay.enable = false;
#modules.screenCorners.enable = false;
};
};
home.packages = with pkgs; [
# keep-sorted start
arduino
arduino-cli
arduino-ide
btop
claude-code
dconf2nix
foliate
fractal
geary
gnome-terminal
gparted
icu
jetbrains-toolbox
kdiff3
keepassxc
lutris
nextcloud-client
onefetch
servicepoint-cli
servicepoint-simulator
telegram-desktop
thunderbird
vlc
fractal
telegram-desktop
wireguard-tools
wirelesstools
# keep-sorted end
tailscale
kdiff3
jetbrains-toolbox
vlc
lutris
arduino
arduino-ide
arduino-cli
servicepoint-cli
servicepoint-simulator
icu
foliate
dconf2nix
gnome-terminal
];
home.file = {
"policy.json" = {
target = ".config/containers/policy.json";
text = builtins.readFile ./.config/containers/policy.json;
};
"idea.properties".text = "idea.filewatcher.executable.path = ${pkgs.fsnotifier}/bin/fsnotifier";
};
services.poweralertd.enable = true;
services = {
trayscale.enable = true;
poweralertd.enable = true;
};
};
}

0
homeConfigurations/muede/editorconfig.nix → homeConfigurations/vinzenz/editorconfig.nix
View file

0
homeConfigurations/muede/element.nix → homeConfigurations/vinzenz/element.nix
View file

0
homeConfigurations/muede/fonts.nix → homeConfigurations/vinzenz/fonts.nix
View file

0
homeConfigurations/muede/fuzzel.nix → homeConfigurations/vinzenz/fuzzel.nix
View file

27
homeConfigurations/vinzenz/git.nix Normal file
View file

@ -0,0 +1,27 @@
{
config.programs.git = {
enable = true;
settings = {
user = {
name = "müde";
email = "git@darkest.space";
};
aliases = {
prettylog = "log --pretty=oneline --graph";
spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d";
};
pull.ff = "only";
merge.tool = "kdiff3";
push.autoSetupRemote = "true";
credential.credentialStore = "cache";
};
ignores = [
".direnv"
".idea"
".envrc"
];
};
}

0
homeConfigurations/muede/gnome.nix → homeConfigurations/vinzenz/gnome.nix
View file

11
homeConfigurations/muede/niri.nix → homeConfigurations/vinzenz/niri.nix
View file

@ -56,7 +56,7 @@
from = pink_dark;
to = pink_light;
};
gap-size = 6;
gap-size = 8;
in
{
background-color = "transparent";
@ -172,6 +172,10 @@
# Suggested binds for running programs: terminal, app launcher, screen locker.
"Mod+T".action.spawn = "${lib.getBin pkgs.gnome-console}/bin/kgx";
"Mod+D".action.spawn = "${lib.getBin config.programs.fuzzel.package}/bin/fuzzel";
"Super+Alt+L" = {
action.spawn = "${lib.getBin config.programs.swaylock.package}/bin/swaylock";
allow-when-locked = true;
};
# You can also use a shell. Do this if you need pipes, multiple commands, etc.
# Note: the entire command goes as a single argument in the end.
@ -402,11 +406,6 @@
"Mod+W".action.toggle-column-tabbed-display = { };
"Mod+O".action.toggle-overview = { };
"Super+Alt+L" = {
action.spawn = "${pkgs.systemd}/bin/loginctl lock-session";
allow-when-locked = true;
};
};
};
};

0
homeConfigurations/muede/ssh.nix → homeConfigurations/vinzenz/ssh.nix
View file

7
homeConfigurations/muede/starship.nix → homeConfigurations/vinzenz/starship.nix
View file

@ -33,6 +33,9 @@
style_user = "bg:color_r fg:text_r";
style_root = "bold bg:color_r fg:text_r";
show_always = true;
aliases = {
"vinzenz" = "müde";
};
};
os = {
disabled = false;
@ -44,8 +47,8 @@
format = "$hostname";
ssh_symbol = "";
aliases = {
"muede-lpt2" = "lpt";
"muede-pc2" = "pc";
"vinzenz-lpt2" = "lpt";
"vinzenz-pc2" = "pc";
};
};
container = {

54
homeConfigurations/vinzenz/swaylock.nix Normal file
View file

@ -0,0 +1,54 @@
# based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix#
{ pkgs, config, ... }:
{
config = {
stylix.targets.swaylock = {
enable = true;
useWallpaper = true;
};
programs.swaylock = {
enable = true;
package = pkgs.swaylock-effects;
# https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd
settings = {
screenshot = false;
effect-blur = "9x9";
effect-vignette = "0.2:0.2";
fade-in = 0.5;
font-size = 75;
indicator-caps-lock = true;
clock = true;
indicator-radius = 400;
show-failed-attempts = true;
ignore-empty-password = true;
grace = 3.5;
indicator-thickness = 20;
};
};
services.swayidle = {
enable = true;
systemdTarget = "graphical-session.target";
timeouts = [
{
timeout = 60;
command = "${config.programs.swaylock.package}/bin/swaylock";
}
{
timeout = 60 * 10;
command = "${pkgs.systemd}/bin/systemctl suspend";
}
];
events = [
{
event = "before-sleep";
command = "${pkgs.playerctl}/bin/playerctl pause; ${config.programs.swaylock.package}/bin/swaylock";
}
{
event = "lock";
command = "${config.programs.swaylock.package}/bin/swaylock";
}
];
};
};
}

0
homeConfigurations/muede/swaync.nix → homeConfigurations/vinzenz/swaync.nix
View file

4
homeConfigurations/muede/vscode.nix → homeConfigurations/vinzenz/vscode.nix
View file

@ -37,10 +37,6 @@
"files.autoSave" = "afterDelay";
"files.autoSaveWhenNoErrors" = true;
"files.autoSaveWorkspaceFilesOnly" = true;
"files.exclude" = [
".git"
".direnv"
];
"editor.fontLigatures" = true;
"editor.formatOnSave" = true;

223
homeConfigurations/vinzenz/waybar.css Normal file
View file

@ -0,0 +1,223 @@
/* #region stylix overrides*/
.modules-left #workspaces button,
.modules-left #workspaces button.focused,
.modules-left #workspaces button.active,
.modules-center #workspaces button,
.modules-center #workspaces button.focused,
.modules-center #workspaces button.active,
.modules-right #workspaces button,
.modules-right #workspaces button.focused,
.modules-right #workspaces button.active {
border-bottom: unset;
}
/* #endregion */
* {
font-family: sans-serif;
}
window#waybar {
transition-property: background-color;
transition-duration: 0.5s;
background: transparent;
}
window#waybar.hidden {
opacity: 0.2;
}
window#waybar.termite {
background-color: #3f3f3f;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
.modules-left,
.modules-center,
.modules-right {
border: 0px solid #fff;
padding-bottom: 4px;
background-clip: content-box, padding-box;
background-image:
linear-gradient(90deg, @base01, @base01),
linear-gradient(90deg, #a30262, #4a6bb1);
}
.modules-center,
.modules-left {
border-bottom-right-radius: 15px;
padding-right: 4px;
}
.modules-center,
.modules-right {
border-bottom-left-radius: 15px;
padding-left: 4px;
}
widget {
margin: 0px 4px;
}
#workspaces,
#window,
#tray {
padding: 4px 6px;
margin-left: 6px;
margin-right: 6px;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
border-radius: 15px;
}
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
}
#workspaces button.focused,
#workspaces button.active {
background-color: @base03;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
#mode {
background-color: #64727d;
box-shadow: inset 0 -3px #ffffff;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#wireplumber,
#custom-media,
#mode,
#idle_inhibitor,
#scratchpad,
#power-profiles-daemon,
#mpd {
padding: 0 10px;
color: #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
/* Using steps() instead of linear as a timing function to limit cpu usage */
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: steps(12);
animation-iteration-count: infinite;
animation-direction: alternate;
}
#power-profiles-daemon {
padding-right: 15px;
}
#power-profiles-daemon.performance {
color: #f53c3c;
}
#power-profiles-daemon.balanced {
color: #2980b9;
}
#power-profiles-daemon.power-saver {
color: #2ecc71;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#language {
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state {
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state > label {
padding: 0 5px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
#scratchpad {
background: rgba(0, 0, 0, 0.2);
}
#scratchpad.empty {
background-color: transparent;
}
#privacy {
padding: 0;
}
#privacy-item {
padding: 0 5px;
color: white;
}
#privacy-item.screenshare {
background-color: #cf5700;
}
#privacy-item.audio-in {
background-color: #1ca000;
}
#privacy-item.audio-out {
background-color: #0069d4;
}

82
homeConfigurations/muede/waybar.nix → homeConfigurations/vinzenz/waybar.nix
View file

@ -37,24 +37,37 @@
"custom/swaync"
];
modules-right = [
"mpris"
"wireplumber"
"bluetooth"
"backlight"
"network"
"power-profiles-daemon"
"idle_inhibitor"
"group/system-tray"
#"image"
"custom/weather"
"temperature"
"cpu"
"memory"
"disk"
# "battery"
"upower"
"group/status-infos"
"custom/wlogout"
];
"group/system-tray" = {
orientation = "inherit";
modules = [
"mpris"
"wireplumber"
"bluetooth"
"backlight"
"network"
"power-profiles-daemon"
"idle_inhibitor"
];
};
"group/status-infos" = {
orientation = "inherit";
modules = [
"custom/weather"
"temperature"
"cpu"
"memory"
"disk"
# "battery"
"upower"
];
};
"niri/workspaces" = {
format = "{icon}";
};
@ -63,17 +76,17 @@
icon = true;
};
network = {
#interface = "wlo1";
interface = "wlo1";
format = "{ifname}";
format-wifi = " {essid}";
format-ethernet = "󰈀";
format-linked = "󱘖";
format-disconnected = "󰣽";
format-wifi = " ";
format-ethernet = "󰈀 ";
format-linked = "󱘖 ";
format-disconnected = "󰣽 ";
tooltip-format = "{ifname} via {gwaddr}";
tooltip-format-wifi = "{essid} ({signalStrength}%)";
tooltip-format-ethernet = "{ifname} {ipaddr}/{cidr}";
tooltip-format-disconnected = "Disconnected";
max-length = 20;
max-length = 50;
};
clock = {
format = "{:%a, %d. %b %H:%M}";
@ -104,7 +117,7 @@
icon-size = 14;
};
battery = {
format = "{icon} {capacity}%";
format = "{capacity}% {icon}";
format-icons = [
"󰂎" # 0%
"󰁺" # 10%
@ -163,20 +176,19 @@
};
cpu = {
interval = 1;
format = " {usage:>2}%@{avg_frequency:>3.2f}";
format = "{usage:3}%@{avg_frequency:4}";
};
disk = {
format = " {percentage_free}% {specific_total:>2.1f}";
unit = "TB";
format = "{free}/{total}";
};
"custom/wlogout" = {
format = "";
format = " ";
tooltip = false;
on-click = "wlogout";
min-width = 20;
};
idle_inhibitor = {
format = "{icon}";
format = "{icon} ";
format-icons = {
activated = "";
deactivated = "";
@ -201,7 +213,7 @@
# on-click = "playerctl play-pause";
# };
mpris = {
format = "{status_icon} {player}";
format = "{status_icon} {player} ";
tooltip-format = "{player} ({status_icon} {status}) {dynamic}";
status-icons = {
playing = "";
@ -210,7 +222,7 @@
};
};
memory = {
format = " {}%";
format = "{}% ";
};
power-profiles-daemon = {
format = "{icon}";
@ -224,7 +236,7 @@
};
};
wireplumber = {
format = "{icon} {volume}%";
format = "{volume}% {icon}";
format-muted = "";
format-icons = [
""
@ -233,16 +245,16 @@
];
};
temperature = {
format = " {temperatureC}°C";
format = "{temperatureC}°C ";
};
tray = {
spacing = 4;
show-passive-items = true;
};
bluetooth = {
format = " {status}";
format-connected = " {device_alias}";
format-connected-battery = " {device_alias} {device_battery_percentage}%";
format = " {status} ";
format-connected = " {device_alias} ";
format-connected-battery = " {device_alias} {device_battery_percentage}% ";
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
@ -254,7 +266,7 @@
in
{
tooltip = true;
format = "{icon} {0}";
format = "{icon} {0} ";
format-icons = {
notification = "󱅫";
none = "󰂜";
@ -272,7 +284,7 @@
escape = true;
};
"custom/weather" = {
format = "{}";
format = "{}°";
tooltip = true;
interval = 3600;
exec = "${lib.getBin pkgs.wttrbar}/bin/wttrbar --nerd";

0
homeConfigurations/muede/wlogout.nix → homeConfigurations/vinzenz/wlogout.nix
View file

2
homeConfigurations/muede/zsh.nix → homeConfigurations/vinzenz/zsh.nix
View file

@ -2,7 +2,7 @@
{
config.programs.zsh = {
initContent = ''
export PATH=$PATH:$HOME/.cargo/bin
export PATH=$PATH:/home/vinzenz/.cargo/bin
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word

13
homeModules/git.nix Normal file
View file

@ -0,0 +1,13 @@
{
programs = {
git = {
enable = true;
settings.init.defaultBranch = "main";
};
gh = {
enable = true;
gitCredentialHelper.enable = true;
};
};
}

6
homeModules/gnome-extensions.nix
View file

@ -6,7 +6,7 @@
...
}:
{
options.my.gnome-extensions =
options.vinzenz.gnome-extensions =
let
mkDefaultEnabledOption =
name:
@ -18,7 +18,7 @@
};
in
{
enable = lib.mkEnableOption "gnome extended options";
enable = mkDefaultEnabledOption "gnome extended options";
appindicator.enable = mkDefaultEnabledOption "appindicator";
caffeine.enable = mkDefaultEnabledOption "caffeine";
tailscale-qs.enable = lib.mkOption {
@ -40,7 +40,7 @@
config =
let
cfg = config.my.gnome-extensions;
cfg = config.vinzenz.gnome-extensions;
in
lib.mkIf cfg.enable (
lib.mkMerge [

17
homeModules/nano.nix
View file

@ -1,14 +1,9 @@
{ lib, config, ... }:
{
options.my.nano.enable = lib.mkEnableOption "nano editor config";
config = lib.mkIf config.my.nano.enable {
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
set linenumbers
set mouse
'';
};
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
set linenumbers
set mouse
'';
};
}

18
homeModules/tailscale.nix
View file

@ -1,18 +0,0 @@
{
lib,
config,
osConfig,
thisDevice,
...
}:
{
options.my.tailscale.enable = lib.mkOption {
type = lib.types.bool;
default = (thisDevice.isDesktop or false) && osConfig.my.tailscale.enable;
description = "Whether to enable the Tailscale system tray applet. Defaults to true on desktops with Tailscale enabled.";
};
config = lib.mkIf config.my.tailscale.enable {
services.tailscale-systray.enable = true;
};
}

23
homeModules/templates.nix
View file

@ -1,17 +1,12 @@
{ lib, config, ... }:
{
options.my.templates.enable = lib.mkEnableOption "file templates";
config = lib.mkIf config.my.templates.enable {
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
}

21
homeModules/zsh-basics.nix
View file

@ -1,18 +1,13 @@
{ lib, config, ... }:
{
options.my.zsh.enable = lib.mkEnableOption "zsh with basic settings";
programs = {
command-not-found.enable = true;
dircolors.enable = true;
config = lib.mkIf config.my.zsh.enable {
programs = {
command-not-found.enable = true;
dircolors.enable = true;
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableVteIntegration = true;
};
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableVteIntegration = true;
};
};
}

127
nixosConfigurations.nix
View file

@ -1,127 +0,0 @@
{
inputs,
lib,
}:
let
allDevices = import ./devices.nix { inherit (inputs) self; };
inherit (inputs)
self
home-manager
lanzaboote
nova-shell
servicepoint-cli
servicepoint-simulator
servicepoint-tanks
stylix
zerforschen-plus
;
forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) allDevices;
in
forDevice (
{
device,
system,
isDesktop ? false,
home-manager-users ? { },
nixosSystem ? inputs.nixpkgs.lib.nixosSystem,
...
}@thisDevice:
let
specialArgs = inputs // {
inherit
device
home-manager-users
allDevices
thisDevice
;
};
in
nixosSystem {
inherit specialArgs;
modules = [
./nixosConfigurations/${device}
self.nixosModules.default
# keep-sorted start
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
stylix.nixosModules.stylix
zerforschen-plus.nixosModules.default
# keep-sorted end
# Base config
{
nixpkgs.hostPlatform = lib.mkDefault system;
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false;
doc.enable = false;
};
time.timeZone = lib.mkDefault "Etc/UTC";
my = {
# keep-sorted start
autoupdate.enable = true;
distributedBuilds.enable = true;
extraCaches.enable = true;
git.enable = true;
globalinstalls.enable = true;
lixIsNix.enable = true;
openssh.enable = true;
overlays.unstable.enable = true;
# prometheusNode.enable = true;
systemdBoot.enable = true;
tailscale.enable = true;
# keep-sorted end
# keep-sorted start
enDe.enable = isDesktop;
firmwareUpdates.enable = isDesktop;
gnome.enable = isDesktop;
kdeconnect.enable = isDesktop;
modernDesktop.enable = isDesktop;
nixLd.enable = isDesktop;
overlays.vscodeExtensions.enable = isDesktop;
quietBoot.enable = isDesktop;
stylix.enable = isDesktop;
# keep-sorted end
};
}
]
++ lib.optionals isDesktop [
inputs.niri.nixosModules.niri
nova-shell.nixosModules.default
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
# Desktop config
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
users = home-manager-users;
sharedModules = [ { home.stateVersion = "22.11"; } ] ++ builtins.attrValues self.homeModules;
};
time.timeZone = "Europe/Berlin";
# on desktops, keep the device useable interactively during expensive builds
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
}
];
}
)

17
nixosConfigurations/aur0ra-installer/default.nix
View file

@ -1,17 +0,0 @@
{
nixos-images,
config,
lib,
modulesPath,
...
}:
{
imports = [
../aur0ra
# nixos-images.nixosModules.sdimage-installer
];
disabledModules = [
# disable the sd-image module that nixos-images uses
# (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix")
];
}

56
nixosConfigurations/aur0ra/default.nix
View file

@ -1,56 +0,0 @@
{ lib, ... }:
{
imports = [
./hardware.nix
./nice-looking-console.nix
];
users.users.ruth = {
# initialPassword = "setup";
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
];
# Allow the graphical user to login without password
initialHashedPassword = "";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
];
};
nix.settings.trusted-users = [ "ruth" ];
# Don't require sudo/root to `reboot` or `poweroff`.
security.polkit.enable = true;
# Allow passwordless sudo from nixos user
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
services.openssh.enable = true;
# https://github.com/nvmd/nixos-raspberrypi-demo/blob/c521600570f0365ae9c846af4b023049b80ae331/modules/server-networking.nix
networking.firewall.logRefusedConnections = lib.mkDefault false;
# Use networkd instead of the pile of shell scripts
# NOTE: SK: is it safe to combine with NetworkManager on desktops?
networking.useNetworkd = lib.mkDefault true;
# The notion of "online" is a broken concept
# https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13
# https://github.com/NixOS/nixpkgs/issues/247608
systemd.services.NetworkManager-wait-online.enable = false;
systemd.network.wait-online.enable = false;
# Do not take down the network for too long when upgrading,
# This also prevents failures of services that are restarted instead of stopped.
# It will use `systemctl restart` rather than stopping it with `systemctl stop`
# followed by a delayed `systemctl start`.
systemd.services.systemd-networkd.stopIfChanged = false;
# Services that are only restarted might be not able to resolve when resolved is stopped before
systemd.services.systemd-resolved.stopIfChanged = false;
}

62
nixosConfigurations/aur0ra/hardware.nix
View file

@ -1,62 +0,0 @@
{ nixos-raspberrypi, lib, ... }:
{
imports = with nixos-raspberrypi.nixosModules; [
raspberry-pi-5.base
raspberry-pi-5.bluetooth
raspberry-pi-5.page-size-16k
raspberry-pi-5.display-vc4
];
# No one got time for xz compression.
#isoImage.squashfsCompression = "zstd";
boot.loader.raspberry-pi.bootloader = "kernel";
my.systemdBoot.enable = lib.mkForce false;
/*
fileSystems = {
"/boot/firmware" = {
# TODO
device = "/dev/disk/by-uuid/2175-794E";
fsType = "vfat";
options = [
"noatime"
"noauto"
"x-systemd.automount"
"x-systemd.idle-timeout=1min"
];
};
"/" = {
# TODO
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
options = [ "noatime" ];
};
};
*/
hardware.raspberry-pi.config = {
all = {
# [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
# Base DTB parameters
# https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
base-dt-params = {
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
pciex1 = {
enable = true;
value = "on";
};
# PCIe Gen 3.0
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
pciex1_gen = {
enable = true;
value = "3";
};
};
};
};
}

32
nixosConfigurations/aur0ra/nice-looking-console.nix
View file

@ -1,32 +0,0 @@
# re-borrowed from https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/modules/nice-looking-console.nix
{ lib, pkgs, ... }:
{
# The following have been borrowed from:
# https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84
console.earlySetup = true;
# ter-u22n is probably too big
console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz";
# Make colored console output more readable
# for example, `ip addr`s (blues are too dark by default)
# Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/
console.colors = lib.mkDefault [
"000000"
"CC0000"
"4E9A06"
"C4A000"
"3465A4"
"75507B"
"06989A"
"D3D7CF"
"555753"
"EF2929"
"8AE234"
"FCE94F"
"739FCF"
"AD7FA8"
"34E2E2"
"EEEEEC"
];
}

16
nixosConfigurations/damocles-lab/default.nix
View file

@ -1,16 +0,0 @@
{ pkgs, ... }:
{
imports = [ ../damocles/claude-container.nix ];
services.openssh = {
enable = true;
ports = [ 2222 ];
# Path written into sshd_config as a string — not read at eval time.
# Key can be rotated without a rebuild.
authorizedKeysFiles = [ "/persist/damocles-ssh/id_ed25519.pub" ];
};
environment.systemPackages = with pkgs; [
];
}

43
nixosConfigurations/damocles/android-dev.nix
View file

@ -1,43 +0,0 @@
{ pkgs, ... }:
let
androidComposition = pkgs.androidenv.composeAndroidPackages {
buildToolsVersions = [ "36.1.0" ];
platformVersions = [ "35" ];
includeNDK = false;
includeEmulator = false;
includeSystemImages = false;
};
androidSdk = androidComposition.androidsdk;
in
{
nixpkgs.config.android_sdk.accept_license = true;
my.allowedUnfreePackages = [
"android-sdk-cmdline-tools"
"android-sdk-platform-tools"
"android-sdk-tools"
"android-sdk-build-tools"
"android-sdk-platforms"
# wtf
"platform-tools"
"tools"
"build-tools"
"cmdline-tools"
"platforms"
"cmake" # android sdk repackage
];
environment.systemPackages = with pkgs; [
androidSdk
gradle
kotlin
jdk21
];
environment.variables = {
ANDROID_HOME = "${androidSdk}/libexec/android-sdk";
ANDROID_SDK_ROOT = "${androidSdk}/libexec/android-sdk";
JAVA_HOME = "${pkgs.jdk21}";
};
}

46
nixosConfigurations/damocles/claude-container.nix
View file

@ -1,46 +0,0 @@
{
pkgs,
lib,
...
}:
{
my = {
allowedUnfreePackages = [ "claude-code" ];
overlays.unstable.enable = true;
};
environment.systemPackages = with pkgs; [
unstable.claude-code
git
python3
coreutils-full
gawk
gnugrep
curl
bintools
];
boot.isContainer = true;
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc.lib
zlib
];
};
# Container shares host network namespace (privateNetwork = false), so the
# host's tailscale already covers this. Running a second tailscaled in the
# same netns fights over routing and breaks connectivity after sleep/wake.
services.tailscale.enable = lib.mkForce false;
networking.firewall.checkReversePath = lib.mkForce "strict";
users.users.muede = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
security.sudo.wheelNeedsPassword = false;
}

15
nixosConfigurations/damocles/default.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
imports = [
./android-dev.nix
./claude-container.nix
];
environment.systemPackages = with pkgs; [
cargo
rustc
clippy
gh
buildPackages.stdenv.cc
];
}

9
nixosConfigurations/epimetheus/default.nix
View file

@ -1,13 +1,8 @@
{ modulesPath, ... }:
{ self, ... }:
{
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
imports = [ self.nixosModules.pxvirt-guest ];
config = {
my.pxvirtGuest.enable = true;
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
};
}

11
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -1,13 +1,12 @@
{ ... }:
{ self, ... }:
{
imports = [
./hardware.nix
./forgejo-runner.nix
self.nixosModules.podman
];
config = {
my.podman.enable = true;
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
@ -15,9 +14,9 @@
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming"
];
};
};

43
nixosConfigurations/hetzner-vpn2/blog.nix Normal file
View file

@ -0,0 +1,43 @@
{ pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock";
anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock";
in
{
systemd.services = {
nginx.serviceConfig.SupplementaryGroups = [ "anubis" ];
anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ];
};
services = {
nginx.virtualHosts = {
"zerforschen.plus" = {
enableACME = true;
forceSSL = true;
locations = {
"/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics";
"/".proxyPass = "http://unix:" + anubis-domain-socket;
};
};
"blog-in-anubis" = {
root = pkgs.zerforschen-plus-content;
listen = [
{
addr = "unix:" + blog-domain-socket;
}
];
};
};
anubis.instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
METRICS_BIND = anubis-metrics-socket;
};
};
};
}

8
nixosConfigurations/hetzner-vpn2/default.nix
View file

@ -2,6 +2,8 @@
imports = [
./hardware.nix
./nginx.nix
./headscale.nix
./blog.nix
];
config = {
@ -12,9 +14,9 @@
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming"
];
system.autoUpgrade.allowReboot = true;

43
nixosConfigurations/hetzner-vpn2/headscale.nix Normal file
View file

@ -0,0 +1,43 @@
let
headscale-port = 8668;
in
{
# sudo tailscale up --reset --force-reauth --login-server https://uplink.darkest.space --operator=$USER
services = {
headscale = {
enable = true;
address = "localhost";
port = headscale-port;
settings = {
server_url = "https://uplink.darkest.space/";
dns = {
override_local_dns = false;
base_domain = "high-gravity.space";
};
derp = {
server = {
enabled = true;
verify_clients = true;
stun_listen_addr = "0.0.0.0:3478";
ipv4 = "78.46.242.90";
ipv6 = "2a01:4f8:c013:65dd::1";
};
urls = [ ];
};
};
};
nginx.virtualHosts."uplink.darkest.space" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${builtins.toString headscale-port}";
proxyWebsockets = true;
};
};
};
# for DERP
networking.firewall.allowedUDPPorts = [ 3478 ];
}

55
nixosConfigurations/hetzner-vpn2/nginx.nix
View file

@ -1,62 +1,19 @@
{ pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock";
anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock";
in
{
security.acme = {
acceptTerms = true;
defaults.email = "acme@zerforschen.plus";
};
systemd.services = {
nginx.serviceConfig.SupplementaryGroups = [ "anubis" ];
anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ];
};
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"zerforschen.plus" = {
addSSL = true;
enableACME = true;
locations = {
"/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics";
"/".proxyPass = "http://unix:" + anubis-domain-socket;
};
};
"blog-in-anubis" = {
root = pkgs.zerforschen-plus-content;
listen = [
{
addr = "unix:" + blog-domain-socket;
}
];
};
};
};
anubis.instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
METRICS_BIND = anubis-metrics-socket;
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
};
networking.firewall.allowedTCPPorts = [
80
443
5201
];
}

57
nixosConfigurations/muede-lpt2/containers.nix
View file

@ -1,57 +0,0 @@
{ self, ... }:
{
config = {
boot.enableContainers = true;
virtualisation.containers.enable = true;
containers.damocles = {
autoStart = false;
privateNetwork = false;
path = self.nixosConfigurations.damocles.config.system.build.toplevel;
bindMounts."/etc/nix/distributed-build-key" = {
hostPath = "/etc/nix/distributed-build-key";
isReadOnly = true;
};
bindMounts."/persist/damocles-ssh" = {
hostPath = "/persist/damocles-ssh";
isReadOnly = true;
};
bindMounts."/persist/damocles-lab" = {
hostPath = "/persist/damocles-lab";
isReadOnly = false;
};
};
containers.damocles-lab = {
autoStart = false;
privateNetwork = false;
path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel;
bindMounts."/etc/nix/distributed-build-key" = {
hostPath = "/etc/nix/distributed-build-key";
isReadOnly = true;
};
bindMounts."/workspace" = {
hostPath = "/persist/damocles-lab";
isReadOnly = false;
};
bindMounts."/persist/damocles-ssh" = {
hostPath = "/persist/damocles-ssh";
isReadOnly = true;
};
};
# Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn
# before it finishes halting, leaving cgroups busy and breaking restarts.
systemd.services."container@damocles".serviceConfig = {
TimeoutStopSec = "60s";
# After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups.
# Without this, the immediate restart attempt fails with "Device or resource busy".
RestartSec = "5s";
};
systemd.services."container@damocles-lab".serviceConfig = {
TimeoutStopSec = "60s";
RestartSec = "5s";
};
};
}

23
nixosConfigurations/ronja-pc/default.nix
View file

@ -1,19 +1,20 @@
{ pkgs, ... }:
{
config,
pkgs,
self,
...
}:
{
imports = [
./hardware.nix
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.vinzenz-desktop-settings
];
config = {
my = {
# keep-sorted start
muedeDesktopSettings.enable = true;
steam.enable = true;
users.ronja.enable = true;
wineGaming.enable = true;
# keep-sorted end
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "de";
@ -23,6 +24,8 @@
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget

27
nixosConfigurations/muede-lpt2/default.nix → nixosConfigurations/vinzenz-lpt2/default.nix
View file

@ -1,23 +1,18 @@
{ self, ... }:
{
imports = [
./containers.nix
./hardware.nix
self.nixosModules.user-vinzenz
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.intel-graphics
self.nixosModules.secure-boot
];
config = {
my = {
# keep-sorted start
intelGraphics.enable = true;
muedeDesktopSettings.enable = true;
podman.enable = true;
secureBoot.enable = true;
steam.enable = true;
users.muede.enable = true;
wineGaming.enable = true;
# keep-sorted end
};
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"
@ -32,9 +27,9 @@
# Configure console keymap
console.keyMap = "de";
users.users.muede.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
users.users.vinzenz.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming"
];
programs = {

0
nixosConfigurations/muede-lpt2/hardware.nix → nixosConfigurations/vinzenz-lpt2/hardware.nix
View file

34
nixosConfigurations/muede-pc2/default.nix → nixosConfigurations/vinzenz-pc2/default.nix
View file

@ -1,25 +1,21 @@
{ pkgs, ... }:
{ pkgs, self, ... }:
{
imports = [
./hardware.nix
# ./vscode-server.nix
# ./hass.nix
./vscode-server.nix
./hass.nix
self.nixosModules.user-vinzenz
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.amd-graphics
self.nixosModules.secure-boot
];
config = {
my = {
# keep-sorted start
amdGraphics.enable = true;
muedeDesktopSettings.enable = true;
podman.enable = true;
secureBoot.enable = true;
steam.enable = true;
users.muede.enable = true;
wineGaming.enable = true;
# keep-sorted end
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"
@ -34,10 +30,10 @@
# Configure console keymap
console.keyMap = "de";
users.users.muede.openssh.authorizedKeys.keys = [
users.users.vinzenz.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming"
];
environment.systemPackages = with pkgs; [ lact ];

0
nixosConfigurations/muede-pc2/fstab.nix → nixosConfigurations/vinzenz-pc2/fstab.nix
View file

0
nixosConfigurations/muede-pc2/hardware.nix → nixosConfigurations/vinzenz-pc2/hardware.nix
View file

0
nixosConfigurations/muede-pc2/hass.nix → nixosConfigurations/vinzenz-pc2/hass.nix
View file

0
nixosConfigurations/muede-pc2/vscode-server.nix → nixosConfigurations/vinzenz-pc2/vscode-server.nix
View file

4
nixosModules/allowed-unfree-list.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }:
{
options.my.allowedUnfreePackages = lib.mkOption {
options.allowedUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam" ];
@ -10,7 +10,7 @@
nixpkgs.config = {
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = lib.mkDefault (
pkg: builtins.elem (lib.getName pkg) config.my.allowedUnfreePackages
pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages
);
};
};

29
nixosModules/amd-graphics.nix
View file

@ -1,24 +1,15 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers";
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
config = lib.mkIf config.my.amdGraphics.enable {
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
overdrive.enable = true;
};
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
overdrive.enable = true;
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
}

27
nixosModules/autoupdate.nix
View file

@ -1,21 +1,16 @@
{ lib, config, ... }:
{
options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades";
config = lib.mkIf config.my.autoupdate.enable {
nix = {
optimise.automatic = true;
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
system.autoUpgrade = {
enable = true;
nix = {
optimise.automatic = true;
gc = {
automatic = true;
dates = "daily";
# do not forget to set `flake` when using this module!
options = "--delete-older-than 7d";
};
};
system.autoUpgrade = {
enable = true;
dates = "daily";
# do not forget to set `flake` when using this module!
};
}

155
nixosModules/distributed-builds.nix
View file

@ -1,155 +0,0 @@
{
config,
lib,
allDevices,
thisDevice,
...
}:
let
clientSshKeyPath = "/etc/nix/distributed-build-key";
buildUser = "remotebuild";
# Collect all per-device public keys that have been registered.
allClientPublicKeys = lib.pipe allDevices [
(lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey))
(lib.mapAttrsToList (_: v: v.distributedBuilds.clientPublicKey))
];
isClient = (thisDevice.distributedBuilds or { }) ? clientPublicKey;
buildServerDevices = lib.filterAttrs (
_: v: (v.distributedBuilds or { }).isBuilder or false
) allDevices;
sshHostname = m: m.publicFqdn or m.hostName;
buildServerKnownHosts = lib.pipe buildServerDevices [
(lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
(lib.mapAttrs (
name: v: {
publicKey = v.distributedBuilds.hostPublicKey;
hostNames = [ (v.publicFqdn or name) ];
}
))
];
remoteBuildServerDevices = builtins.filter (m: m.hostName != config.networking.hostName) (
lib.mapAttrsToList (name: v: v // { hostName = name; }) buildServerDevices
);
buildMachines = map (
m:
{
hostName = sshHostname m;
systems = [ m.system ];
sshUser = buildUser;
sshKey = clientSshKeyPath;
protocol = "ssh-ng";
}
// lib.optionalAttrs (m.distributedBuilds ? speedFactor) {
speedFactor = m.distributedBuilds.speedFactor;
}
// {
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
"benchmark"
];
}
) remoteBuildServerDevices;
in
{
options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds";
config = lib.mkIf config.my.distributedBuilds.enable (
lib.mkMerge [
# All machines
{
assertions =
lib.mapAttrsToList (name: v: {
assertion = v.distributedBuilds ? hostPublicKey && v.distributedBuilds ? storeSigningPublicKey;
message = "devices.${name}: isBuilder = true requires distributedBuilds.hostPublicKey and distributedBuilds.storeSigningPublicKey";
}) buildServerDevices
++ lib.mapAttrsToList (name: v: {
assertion = lib.hasPrefix "ssh-" v.distributedBuilds.clientPublicKey;
message = "devices.${name}: distributedBuilds.clientPublicKey must start with 'ssh-'";
}) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? clientPublicKey) allDevices)
++ lib.mapAttrsToList (name: v: {
assertion = builtins.match ".+:.+" v.distributedBuilds.storeSigningPublicKey != null;
message = "devices.${name}: distributedBuilds.storeSigningPublicKey must be in '<name>:<base64>' format";
}) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices);
nix.settings = {
#fallback = true;
connect-timeout = 5;
trusted-public-keys = lib.pipe buildServerDevices [
(lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null))
(builtins.filter (k: k != null))
];
max-jobs = (thisDevice.distributedBuilds or { }).maxJobs or "auto";
cores = 0;
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
}
# Server: accept incoming build connections
(lib.mkIf (thisDevice.distributedBuilds.isBuilder or false) {
users.users.${buildUser} = {
isSystemUser = true;
group = buildUser;
useDefaultShell = true;
openssh.authorizedKeys.keys = map (
k: ''command="nix daemon --stdio",restrict ${k}''
) allClientPublicKeys;
};
users.groups.${buildUser} = { };
nix.settings = {
trusted-users = [ buildUser ];
secret-key-files = [ "/etc/nix/signing-key.sec" ];
};
})
# Client: connect to build servers for building and substitution
(lib.mkIf isClient {
programs.ssh = {
knownHosts = buildServerKnownHosts;
extraConfig = lib.concatStringsSep "\n" (
lib.mapAttrsToList (
name: v:
let
names = lib.unique [
name
(v.publicFqdn or name)
];
in
''
Match originalhost ${lib.concatStringsSep "," names} user ${buildUser}
IdentityFile ${clientSshKeyPath}
IdentitiesOnly yes
''
) buildServerDevices
);
};
nix = {
distributedBuilds = buildMachines != [ ];
buildMachines = buildMachines;
settings = {
builders-use-substitutes = true;
substituters = map (m: "ssh-ng://${buildUser}@${sshHostname m}") (
builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices
);
};
};
})
]
);
}

63
nixosModules/en-de.nix
View file

@ -1,40 +1,31 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs";
config = lib.mkIf config.my.enDe.enable {
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocales = [
"de_DE.UTF-8/UTF-8"
];
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocales = [
"de_DE.UTF-8/UTF-8"
];
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
};
programs.firefox.languagePacks = [
"en-US"
"de"
];
environment.systemPackages = [
pkgs.hunspell
pkgs.hunspellDicts.de-de
pkgs.hunspellDicts.en-us
];
}

37
nixosModules/extra-caches.nix
View file

@ -1,27 +1,16 @@
{ lib, config, ... }:
{
options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches";
config = lib.mkIf config.my.extraCaches.enable {
nix.settings = {
substituters = [
# keep-sorted start
"https://cache.lix.systems"
"https://cache.nixos.org/"
"https://niri.cachix.org"
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# keep-sorted end
];
trusted-public-keys = [
# keep-sorted start
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# keep-sorted end
];
};
nix.settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
"https://cache.lix.systems"
"https://niri.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
};
}

19
nixosModules/firmware-updates.nix
View file

@ -1,16 +1,11 @@
{ lib, config, ... }:
{
options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode";
config = lib.mkIf config.my.firmwareUpdates.enable {
hardware = {
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
hardware = {
enableRedistributableFirmware = true;
cpu = {
amd.updateMicrocode = true;
intel.updateMicrocode = true;
};
services.fwupd.enable = true;
};
services.fwupd.enable = true;
}

24
nixosModules/git.nix
View file

@ -1,24 +0,0 @@
{
lib,
config,
pkgs,
...
}:
{
options.my.git.enable = lib.mkEnableOption "git with credential helper";
config = lib.mkIf config.my.git.enable {
environment.systemPackages = [ pkgs.git-credential-oauth ];
programs.git = {
enable = true;
config = {
init.defaultBranch = "main";
credential = {
helper = "oauth";
credentialStore = "cache";
};
};
};
};
}

56
nixosModules/global-settings-desktop.nix Normal file
View file

@ -0,0 +1,56 @@
{
home-manager-users,
self,
home-manager,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
specialArgs,
...
}:
{
imports = [
# keep-sorted start
home-manager.nixosModules.home-manager
self.nixosModules.en-de
self.nixosModules.firmware-updates
self.nixosModules.gnome
self.nixosModules.kdeconnect
self.nixosModules.modern-desktop
self.nixosModules.niri
self.nixosModules.nix-ld
self.nixosModules.pkgs-unstable
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.quiet-boot
self.nixosModules.stylix
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
# keep-sorted end
];
config = {
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
};
time.timeZone = "Europe/Berlin";
home-manager.sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
# keep-sorted end
];
home-manager.users = home-manager-users;
};
}

47
nixosModules/global-settings.nix Normal file
View file

@ -0,0 +1,47 @@
{
device,
self,
lanzaboote,
zerforschen-plus,
...
}:
{
imports = [
# keep-sorted start
lanzaboote.nixosModules.lanzaboote
self.nixosModules.allowed-unfree-list
self.nixosModules.autoupdate
self.nixosModules.default
self.nixosModules.extra-caches
self.nixosModules.globalinstalls
self.nixosModules.lix-is-nix
self.nixosModules.openssh
self.nixosModules.prometheus-node
self.nixosModules.systemd-boot
self.nixosModules.tailscale
zerforschen-plus.nixosModules.default
# keep-sorted end
];
config = {
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nixpkgs.overlays = [
self.overlays.unstable-packages
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

44
nixosModules/globalinstalls.nix
View file

@ -1,31 +1,23 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools";
environment.systemPackages = with pkgs; [
ncdu
glances
lsof
dig
screen
tldr
nix-output-monitor
];
config = lib.mkIf config.my.globalinstalls.enable {
environment.systemPackages = with pkgs; [
ncdu
glances
lsof
dig
screen
tldr
nix-output-monitor
];
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
programs = {
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
}

101
nixosModules/gnome.nix
View file

@ -1,65 +1,62 @@
{
pkgs,
lib,
config,
pkgs,
...
}:
{
options.my.gnome = {
enable = lib.mkEnableOption "GNOME desktop environment";
keep-default-apps = lib.mkEnableOption "keep gnome default apps";
options.vinzenz = {
keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
};
config = lib.mkIf config.my.gnome.enable (
lib.mkMerge [
{
services = {
xserver.excludePackages = [ pkgs.xterm ];
config = lib.mkMerge [
{
services = {
xserver.excludePackages = [ pkgs.xterm ];
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
};
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
programs = {
dconf.enable = true;
gpaste.enable = true;
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
};
}
(lib.mkIf (!config.my.gnome.keep-default-apps) {
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
gnome-music
totem # video player
snapshot # camera
baobab # disk usage
];
})
]
);
};
programs = {
dconf.enable = true;
gpaste.enable = true;
};
}
(lib.mkIf (!config.vinzenz.keep-gnome-default-apps) {
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
sysprof
orca # screen reader
gnome-weather
gnome-backgrounds
gnome-user-docs
yelp # help app
gnome-music
totem # video player
snapshot # camera
baobab # disk usage
];
})
];
}

13
nixosModules/intel-graphics.nix
View file

@ -1,13 +1,6 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers";
config = lib.mkIf config.my.intelGraphics.enable {
config = {
hardware.graphics = {
extraPackages = with pkgs; [
intel-media-driver
@ -22,6 +15,6 @@
];
};
environment.systemPackages = with pkgs; [ nvtopPackages.intel ];
my.allowedUnfreePackages = [ "intel-ocl" ];
allowedUnfreePackages = [ "intel-ocl" ];
};
}

84
nixosModules/kdeconnect.nix
View file

@ -5,53 +5,49 @@
...
}:
{
options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect";
config = lib.mkIf config.my.kdeconnect.enable (
lib.mkMerge [
{
networking.firewall =
let
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
config = lib.mkMerge [
{
networking.firewall =
let
kdeconnect-range = {
from = 1714;
to = 1764;
};
in
{
allowedTCPPortRanges = [ kdeconnect-range ];
allowedUDPPortRanges = [ kdeconnect-range ];
};
programs.kdeconnect.enable = true;
home-manager.sharedModules = [
programs.kdeconnect.enable = true;
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
};
}
];
}
(lib.mkIf config.services.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{
services.kdeconnect = {
enable = true;
# this still shows up in gnome session starting with 25.05
# indicator = true;
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
};
}
];
}
(lib.mkIf config.services.desktopManager.gnome.enable {
# replace kdeconnect with gsconnect
programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
home-manager.sharedModules = [
(
{ pkgs, ... }:
{
home.packages = [ pkgs.gnomeExtensions.gsconnect ];
# enable gsconnect extension
dconf.settings = {
"org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
"org/gnome/shell/extensions/gsconnect".enabled = true;
};
}
)
];
})
]
);
)
];
})
];
}

11
nixosModules/latex.nix
View file

@ -1,13 +1,6 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)";
config = lib.mkIf config.my.latex.enable {
config = {
environment.systemPackages = with pkgs; [
fontconfig
texliveFull

33
nixosModules/lix-is-nix.nix
View file

@ -1,24 +1,15 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation";
nixpkgs.overlays = [
(final: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
config = lib.mkIf config.my.lixIsNix.enable {
nixpkgs.overlays = [
(_: prev: {
inherit (prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
nix.package = pkgs.lixPackageSets.latest.lix;
};
nix.package = pkgs.lixPackageSets.latest.lix;
}

91
nixosModules/modern-desktop.nix
View file

@ -1,52 +1,47 @@
{ lib, config, ... }:
{
options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)";
config = lib.mkIf config.my.modernDesktop.enable {
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
settings.Manager.DefaultTimeoutStopSec = "10s";
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
settings.Manager.DefaultTimeoutStopSec = "10s";
};
programs = {
xwayland.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
}

33
nixosModules/muede-desktop-settings.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
pkgs,
...
}:
{
options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)";
config = lib.mkIf config.my.muedeDesktopSettings.enable {
my.overlays.niri.enable = true;
programs.niri.enable = true;
programs.firefox.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
usbutils
];
fonts.enableDefaultPackages = true;
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
};
}

49
nixosModules/nix-ld.nix
View file

@ -1,32 +1,23 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries";
config = lib.mkIf config.my.nixLd.enable {
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
icu
];
};
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
icu
];
};
}

33
nixosModules/nixpkgs-overlays.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
self,
...
}:
{
options.my.overlays = {
enableAll = lib.mkEnableOption "all nixpkgs overlays";
}
// lib.mapAttrs (_: _: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
}) self.overlays;
config = lib.mkMerge (
[
{
my.overlays = lib.mapAttrs (_: _: {
enable = lib.mkDefault config.my.overlays.enableAll;
}) self.overlays;
}
]
++ lib.mapAttrsToList (
name: overlay:
lib.mkIf config.my.overlays.${name}.enable {
nixpkgs.overlays = [ overlay ];
}
) self.overlays
);
}

55
nixosModules/openssh.nix
View file

@ -1,52 +1,11 @@
{
lib,
config,
pkgs,
thisDevice,
...
}:
{
options.my.openssh.enable = lib.mkEnableOption "OpenSSH server";
config = lib.mkIf config.my.openssh.enable {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
# On desktops, hold a systemd sleep inhibitor while SSH connections are active
security.pam.services.sshd.rules.session.ssh-inhibit = lib.mkIf (thisDevice.isDesktop or false) {
order = 10000;
control = "optional";
modulePath = "${pkgs.pam}/lib/security/pam_exec.so";
args = [
"quiet"
"${pkgs.writeShellScript "ssh-inhibit-pam" ''
PIDFILE="/run/ssh-inhibitor-''${PPID}.pid"
case "''${PAM_TYPE:-}" in
open_session)
${pkgs.systemd}/bin/systemd-inhibit \
--what=sleep \
--who=sshd \
--why="SSH session active" \
--mode=block \
sleep infinity &
echo $! > "$PIDFILE"
;;
close_session)
if [ -f "$PIDFILE" ]; then
kill "$(cat "$PIDFILE")" 2>/dev/null || true
rm -f "$PIDFILE"
fi
;;
esac
''}"
];
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
}

19
nixosModules/podman.nix
View file

@ -1,16 +1,11 @@
{ lib, config, ... }:
{
options.my.podman.enable = lib.mkEnableOption "Podman container runtime";
config = lib.mkIf config.my.podman.enable {
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
};
}

19
nixosModules/printing.nix
View file

@ -1,17 +1,12 @@
{ lib, config, ... }:
{
options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)";
services = {
# Enable CUPS to print documents.
printing.enable = true;
config = lib.mkIf config.my.printing.enable {
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
}

37
nixosModules/prometheus-node.nix
View file

@ -1,25 +1,20 @@
{ lib, config, ... }:
{
options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter";
config = lib.mkIf config.my.prometheusNode.enable {
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
port = 9190;
enabledCollectors = [
# keep-sorted start
"cgroups"
"interrupts"
"softirqs"
"swap"
"systemd"
"tcpstat"
"wifi"
# keep-sorted end
];
};
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
port = 9190;
enabledCollectors = [
# keep-sorted start
"cgroups"
"interrupts"
"softirqs"
"swap"
"systemd"
"tcpstat"
"wifi"
# keep-sorted end
];
};
};
}

18
nixosModules/pxvirt-guest.nix
View file

@ -1,12 +1,16 @@
{ modulesPath, lib, ... }:
{
lib,
config,
...
}:
{
options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration";
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
config = {
# TODO is this needed?
# nix.settings.sandbox = false;
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
config = lib.mkIf config.my.pxvirtGuest.enable {
# Let Proxmox host handle fstrim
services.fstrim.enable = false;

49
nixosModules/quiet-boot.nix
View file

@ -1,34 +1,25 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash";
config = lib.mkIf config.my.quietBoot.enable {
boot = {
kernelParams = [
"quiet"
"udev.log_level=3"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
boot = {
kernelParams = [
"quiet"
"udev.log_level=3"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
consoleLogLevel = 0;
initrd = {
verbose = false;
systemd.enable = true; # required fpr graphical LUKS prompt
};
plymouth = {
enable = true;
theme = "catppuccin-mocha";
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
];
consoleLogLevel = 0;
initrd = {
verbose = false;
systemd.enable = true; # required fpr graphical LUKS prompt
};
plymouth = {
enable = true;
theme = "catppuccin-mocha";
themePackages = [
(pkgs.catppuccin-plymouth.override {
variant = "mocha";
})
];
};
};
};
}

53
nixosModules/secure-boot.nix
View file

@ -1,37 +1,28 @@
{ pkgs, lib, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote";
# https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
# To enroll:
# 1. sudo sbctl create-keys
# 2. import this module, rebuild
# 3. Put Secure Boot in Setup mode
# 4. sudo sbctl verify
# 5. sudo sbctl enroll-keys --microsoft
# 6, reboot
# 7. sudo sbctl status
config = lib.mkIf config.my.secureBoot.enable {
# https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
# To enroll:
# 1. sudo sbctl create-keys
# 2. enable this module, rebuild
# 3. Put Secure Boot in Setup mode
# 4. sudo sbctl verify
# 5. sudo sbctl enroll-keys --microsoft
# 6, reboot
# 7. sudo sbctl status
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
}

77
nixosModules/steam.nix
View file

@ -1,50 +1,45 @@
{ lib, config, ... }:
{
options.my.steam.enable = lib.mkEnableOption "Steam gaming platform";
hardware.steam-hardware.enable = true;
config = lib.mkIf config.my.steam.enable {
hardware.steam-hardware.enable = true;
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
};
# steam network transfer
networking.firewall = {
allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ];
# steam network transfer
networking.firewall = {
allowedUDPPorts = [ 3478 ];
allowedTCPPorts = [ 24070 ];
allowedTCPPortRanges = [
{
from = 27015;
to = 27050;
}
];
allowedTCPPortRanges = [
{
from = 27015;
to = 27050;
}
];
allowedUDPPortRanges = [
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
my.allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
allowedUDPPortRanges = [
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
}

169
nixosModules/stylix.nix
View file

@ -1,95 +1,86 @@
{ pkgs, config, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)";
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
override = {
scheme = "Catppuccin Mocha Pride";
config = lib.mkIf config.my.stylix.enable {
stylix = {
base09 = "#6f9dff";
base0A = "#d162a4";
base0B = "#a8c9ff";
base0C = "#a30262";
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
override = {
scheme = "Catppuccin Mocha Pride";
base09 = "#6f9dff";
base0A = "#d162a4";
base0B = "#a8c9ff";
base0C = "#a30262";
# pink_light = "#d162a4";
# pink_dark = "#a30262";
# blue_light = "#5BCEFA";
# blue_dark = "#4a6bb1";
# original values
# base00: "#1e1e2e" # base -
# base01: "#181825" # mantle
# base02: "#313244" # surface0
# base03: "#45475a" # surface1
# base04: "#585b70" # surface2
# base05: "#cdd6f4" # text
# base06: "#f5e0dc" # rosewater
# base07: "#b4befe" # lavender
# base08: "#f38ba8" # red
# base09: "#fab387" # peach
# base0A: "#f9e2af" # yellow
# base0B: "#a6e3a1" # green
# base0C: "#94e2d5" # teal
# base0D: "#89b4fa" # blue
# base0E: "#cba6f7" # mauve
# base0F: "#f2cdcd" # flamingo
# https://github.com/chriskempson/base16/blob/main/styling.md
# base00 - Default Background
# base01 - Lighter Background (Used for status bars, line number and folding marks)
# base02 - Selection Background
# base03 - Comments, Invisibles, Line Highlighting
# base04 - Dark Foreground (Used for status bars)
# base05 - Default Foreground, Caret, Delimiters, Operators
# base06 - Light Foreground (Not often used)
# base07 - Light Background (Not often used)
# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url
# base0A - Classes, Markup Bold, Search Text Background
# base0B - Strings, Inherited Class, Markup Code, Diff Inserted
# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes
# base0D - Functions, Methods, Attribute IDs, Headings
# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed
# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
image = config.lib.stylix.pixel "base00";
polarity = "dark";
targets = {
gnome.enable = false;
gtk.enable = false;
gtksourceview.enable = false;
fontconfig.enable = true;
plymouth.enable = false;
};
fonts = {
sansSerif = {
name = "Inter Nerd Font";
package = pkgs.inter-nerdfont;
};
monospace = {
name = "FiraCode Nerd Font Mono";
package = pkgs.nerd-fonts.fira-code;
};
};
icons = {
enable = true;
dark = "Adwaita";
light = "Adwaita";
package = pkgs.adwaita-icon-theme;
};
cursor = {
name = "Adwaita";
size = 16;
package = pkgs.adwaita-icon-theme;
};
dark = "Adwaita";
light = "Adwaita";
package = pkgs.adwaita-icon-theme;
};
cursor = {
name = "Adwaita";
size = 16;
package = pkgs.adwaita-icon-theme;
};
};
}

19
nixosModules/systemd-boot.nix
View file

@ -1,16 +1,11 @@
{ lib, config, ... }:
{
options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader";
config = lib.mkIf config.my.systemdBoot.enable {
boot.loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
boot.loader = {
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
}

15
nixosModules/tailscale.nix
View file

@ -1,13 +1,8 @@
{ lib, config, ... }:
{
options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN";
config = lib.mkIf config.my.tailscale.enable {
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall.checkReversePath = "loose";
}

46
nixosModules/user-muede.nix
View file

@ -1,46 +0,0 @@
{
lib,
config,
pkgs,
...
}:
{
options.my.users.muede.enable = lib.mkEnableOption "muede user account";
config = lib.mkIf config.my.users.muede.enable {
users.users.muede = {
isNormalUser = true;
uid = 1000;
name = "muede";
description = "müde";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "muede" ];
my.allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
"claude-code"
];
};
}

41
nixosModules/user-ronja.nix
View file

@ -1,28 +1,19 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.users.ronja.enable = lib.mkEnableOption "ronja user account";
config = lib.mkIf config.my.users.ronja.enable {
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ];
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
"openvscode-server"
];
shell = pkgs.zsh;
};
nix.settings.trusted-users = [ "ronja" ];
}

35
nixosModules/user-vinzenz.nix Normal file
View file

@ -0,0 +1,35 @@
{ pkgs, ... }:
{
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "müde";
home = "/home/vinzenz";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
nix.settings.trusted-users = [ "vinzenz" ];
allowedUnfreePackages = [
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
"vscode-extension-ms-dotnettools-csharp"
];
}

20
nixosModules/vinzenz-desktop-settings.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
programs.firefox.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
libreoffice-qt6
];
fonts.enableDefaultPackages = true;
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
# RDP connections
services.gnome.gnome-remote-desktop.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
}

43
nixosModules/wine-gaming.nix
View file

@ -1,31 +1,22 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)";
config = lib.mkIf config.my.wineGaming.enable {
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
xpadneo.enable = true;
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
xpadneo.enable = true;
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
mesa-demos
];
}