vinzenz/nixos-configuration
0
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vinzenz:main
Branches Tags
vinzenz:main
vinzenz:vpn1-wg
..
compare: vinzenz:vpn1-wg
Branches Tags
vinzenz:main
vinzenz:vpn1-wg

2 commits
main ... vpn1-wg

Author SHA1 Message Date
Vinzenz Schroeter 8b11705965 add lpt 2023-09-24 12:50:24 +02:00
Vinzenz Schroeter cff4840824 wireguard template 2023-09-24 12:49:17 +02:00
72 changed files with 1068 additions and 2559 deletions
Show stats Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
.directory
result
secrets

11
README.md Normal file
View file

@ -0,0 +1,11 @@
# nixos-configuration
When adding a new host:
1. install NixOS via the graphical installer
2. `mv /etc/hardware-configuration ./devicename-hardware-configuration.nix`
3. copy an existing devicename.nix
5. change import to `new-devicename-hardware-configuration.nix`
6. set the hostname and optional imports in `new-devicename.nix`
7. `ln -s ./new-devicename.nix /etc/nixos/configuration.nix`
8. `sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz home-manager`
9. apply

227
flake.lock
View file

@ -1,227 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742234739,
"narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729360442,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
}
},
"niri": {
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs"
],
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1742220949,
"narHash": "sha256-ZlPrKLM0FWUP36MNCJYGTlN4ZvoXZ4WY/ENKoaGU6yg=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "5d8d116ac90f54e4c95bd5c9de31b8df477b12b9",
"type": "github"
},
"original": {
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1740117926,
"narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "b94a5db8790339cf9134873d8b490be69e02ac71",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.02",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1742103165,
"narHash": "sha256-zAzMwvozlS2gmqdhrgeMz0PNp3kRDkwxIEfqWT3Hj6g=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "287480b541e85b13ff6419d372f82fa8e42c603c",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1742136038,
"narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"lix-module": "lix-module",
"niri": "niri",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1739246919,
"narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.5.1",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1742083780,
"narHash": "sha256-cVLagXvI4jFbCe76tpvAWA2N2WF94Pl0PpgsGp2P6rM=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "f9ec97b007547ad80147404335ed22e880dbd69d",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

81
flake.nix
View file

@ -1,81 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
# nixos-hardware.url = "github:NixOS/nixos-hardware/master";
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
niri = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
home-manager,
lix-module,
niri,
}:
let
devices = {
vinzenz-lpt2 = "x86_64-linux";
vinzenz-pc2 = "x86_64-linux";
hetzner-vpn2 = "aarch64-linux";
forgejo-runner-1 = "aarch64-linux";
};
homeDevices = [
"vinzenz-lpt2"
"vinzenz-pc2"
];
forDevice = f: nixpkgs.lib.mapAttrs f devices;
in
{
nixosConfigurations = forDevice (
device: system:
nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
lix-module.nixosModules.default
{ networking.hostName = device; }
./modules/globalinstalls.nix
./modules/networking.nix
./modules/nixpkgs.nix
./hosts/${device}/hardware.nix
./hosts/${device}/imports.nix
./hosts/${device}/configuration.nix
]
++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
home-manager.nixosModules.home-manager
{ home-manager.extraSpecialArgs = { inherit device; }; }
./modules/home-manager.nix
./modules/i18n.nix
niri.nixosModules.niri
{ nixpkgs.overlays = [ niri.overlays.niri ]; }
]);
}
);
formatter = {
x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
aarch64-linux = nixpkgs.legacyPackages.aarch64-linux.nixfmt-rfc-style;
};
};
}

76
hetzner-vpn1.nix Normal file
View file

@ -0,0 +1,76 @@
{pkgs, ...}: let
wg_port = 51820;
in {
imports = [
(import ./modules {
hostName = "hetzner-vpn1";
enableHomeManager = false;
})
];
config = {
my = {
enabledUsers = ["vinzenz"];
server.enable = true;
};
# TODO change to user "vinzenz" when tested
users.users.root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
];
environment = {
systemPackages = with pkgs; [iptables wireguard-tools];
};
# wireguard server for public ip
# enable NAT
networking.nat.enable = true;
networking.nat.externalInterface = "eth0";
networking.nat.internalInterfaces = ["wg0"];
networking.firewall = {
allowedUDPPorts = [wg_port];
};
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
ips = ["10.100.0.1/32"];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = wg_port;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
# Path to the private key file
privateKeyFile = "/root/wireguard/keys/private";
peers = [
# List of allowed peers.
{
# Phone
publicKey = "/sjNk9rXaMdrCHD2kmut1AXD1UhF1xcZ4ju+EmFGcCk=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = ["10.100.0.2/32"];
}
{
# vinzenz-lpt
publicKey = "D/6431f8oJ61C5vjjEIpY5Rc750oK4yVh9B/32q4xAE=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = ["10.100.0.3/32"];
}
];
};
};
};
}

56
home/ronja/configuration.nix
View file

@ -1,56 +0,0 @@
{ config, pkgs, ... }:
{
config = {
home.packages = with pkgs; [
## Apps
telegram-desktop
kdiff3
];
programs = {
home-manager.enable = true;
zsh = {
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
expireDuplicatesFirst = true;
};
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = [
"git"
"sudo"
"systemadmin"
];
};
};
git = {
userName = "Ronja Spiegelberg";
userEmail = "ronja.spiegelberg@gmail.com";
extraConfig = {
pull.ff = "only";
merge.tool = "kdiff3";
};
};
chromium = {
enable = true;
extensions = [
{
# ublock origin
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
}
{
id = "dcpihecpambacapedldabdbpakmachpb";
updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
}
];
};
};
};
}

28
home/ronja/default.nix
View file

@ -1,28 +0,0 @@
{ pkgs, ... }:
{
config = {
# Define user account
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja";
home = "/home/ronja";
extraGroups = [
"networkmanager"
"wheel"
"games"
"podman"
];
shell = pkgs.zsh;
};
home-manager.users.ronja.imports = [
./configuration.nix
./vscode.nix
];
allowedUnfreePackages = [
"vscode-extension-ms-vscode-remote-remote-ssh"
];
};
}

58
home/ronja/vscode.nix
View file

@ -1,58 +0,0 @@
{ pkgs, ... }:
{
config.programs.vscode = {
enable = true;
package = pkgs.vscodium;
enableUpdateCheck = false;
extensions = with pkgs.vscode-extensions; [
bbenoist.nix
ms-python.python
kamadorueda.alejandra
editorconfig.editorconfig
yzhang.markdown-all-in-one
redhat.vscode-yaml
pkief.material-icon-theme
rust-lang.rust-analyzer
tamasfe.even-better-toml
llvm-vs-code-extensions.vscode-clangd
mkhl.direnv
vadimcn.vscode-lldb
ms-dotnettools.csharp
ms-vscode-remote.remote-ssh
];
userSettings = {
"files.autoSave" = "afterDelay";
"files.autoSaveWhenNoErrors" = true;
"files.autoSaveWorkspaceFilesOnly" = true;
"editor.fontFamily" = "'Fira Code', 'Droid Sans Mono', 'monospace', monospace";
"editor.fontLigatures" = true;
"editor.formatOnSave" = true;
"editor.formatOnSaveMode" = "modificationsIfAvailable";
"editor.minimap.autohide" = true;
"workbench.startupEditor" = "readme";
"workbench.enableExperiments" = false;
"workbench.iconTheme" = "material-icon-theme";
"update.mode" = "none";
"extensions.autoUpdate" = false;
"extensions.autoCheckUpdates" = false;
"telemetry.telemetryLevel" = "off";
"redhat.telemetry.enabled" = false;
"git.autofetch" = true;
"diffEditor.diffAlgorithm" = "advanced";
"explorer.excludeGitIgnore" = true;
"markdown.extension.tableFormatter.normalizeIndentation" = true;
"markdown.extension.toc.orderedList" = false;
"rust-analyzer.checkOnSave.command" = "clippy";
"\[makefile\]" = {
"editor.insertSpaces" = false;
"editor.detectIndentation" = false;
};
};
};
}

23
home/vinzenz/.config/containers/policy.json
View file

@ -1,23 +0,0 @@
{
"default": [
{
"type": "reject"
}
],
"transports": {
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
},
"docker": {
"docker.io/library/debian": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}

50
home/vinzenz/configuration.nix
View file

@ -1,50 +0,0 @@
{ pkgs, ... }:
{
programs = {
home-manager.enable = true;
fzf.enable = true;
git-credential-oauth.enable = true;
direnv = {
enable = true;
nix-direnv.enable = true;
};
eza = {
enable = true;
git = true;
icons = "auto";
extraOptions = [
"--group-directories-first"
"--header"
];
};
thefuck = {
enable = true;
enableZshIntegration = true;
};
};
home.packages = with pkgs; [
keepassxc
insync
telegram-desktop
element-desktop
wireguard-tools
wirelesstools
kdiff3
jetbrains-toolbox
blanket
vlc
];
home.file."policy.json" = {
target = ".config/containers/policy.json";
text = builtins.readFile ./.config/containers/policy.json;
};
}

50
home/vinzenz/default.nix
View file

@ -1,50 +0,0 @@
{ pkgs, ... }:
{
config = {
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "Vinzenz";
home = "/home/vinzenz";
extraGroups = [
"networkmanager"
"wheel"
"games"
"dialout"
"podman"
"nginx"
"adbusers"
"kvm"
"input"
"video"
];
shell = pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.vinzenz.imports = [
./configuration.nix
./editorconfig.nix
./git.nix
./gnome.nix
./niri.nix
./ssh.nix
./swaylock.nix
./vscode.nix
./waybar.nix
./zsh.nix
];
allowedUnfreePackages = [
"vscode-extension-ms-vscode-remote-remote-ssh"
"insync"
"insync-pkg"
"rider"
"pycharm-professional"
"jetbrains-toolbox"
"anydesk"
];
};
}

20
home/vinzenz/editorconfig.nix
View file

@ -1,20 +0,0 @@
{ ... }:
{
config.editorconfig = {
enable = true;
settings = {
"*" = {
charset = "utf-8";
end_of_line = "lf";
trim_trailing_whitespace = true;
insert_final_newline = true;
max_line_width = 120;
indent_style = "space";
indent_size = 4;
};
"*.nix" = {
indent_size = 2;
};
};
};
}

26
home/vinzenz/git.nix
View file

@ -1,26 +0,0 @@
{ ... }:
{
config.programs.git = {
enable = true;
userName = "Vinzenz Schroeter";
userEmail = "vinzenz.f.s@gmail.com";
aliases = {
prettylog = "log --pretty=oneline --graph";
spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d";
};
extraConfig = {
pull.ff = "only";
merge.tool = "kdiff3";
push.autoSetupRemote = "true";
credential.credentialStore = "cache";
};
ignores = [
".direnv"
".idea"
".envrc"
];
};
}

23
home/vinzenz/gnome.nix
View file

@ -1,23 +0,0 @@
{ pkgs, ... }:
{
config = {
home.packages = with pkgs.gnomeExtensions; [
gsconnect
# battery-health-charging
quick-settings-tweaker
solaar-extension
alphabetical-app-grid
];
dconf.settings = {
"org/gnome/shell" = {
enabled-extensions = [
"GPaste@gnome-shell-extensions.gnome.org"
"gsconnect@andyholmes.github.io"
"solaar-extension@sidevesh"
"AlphabeticalAppGrid@stuarthayhurst"
];
};
};
};
}

337
home/vinzenz/niri.nix
View file

@ -1,337 +0,0 @@
{
pkgs,
lib,
devices,
config,
...
}:
{
config = {
home.sessionVariables.NIXOS_OZONE_WL = "1";
home.packages = with pkgs; [
xwayland-satellite
alacritty
];
qt.style = {
package = pkgs.adwaita-qt;
name = "adwaita-dark";
};
services = {
kdeconnect = {
enable = true;
indicator = true;
};
mako = {
enable = true;
};
};
programs.fuzzel = {
enable = true;
settings = {
main = {
terminal = "${pkgs.alacritty}/bin/alacritty";
icon-theme = "Adwaita";
counter = true;
font = "sans:size=10";
};
colors = {
border = "0003B3FF";
background = "0F0F0FFF";
text = "657b83ff";
prompt = "586e75ff";
placeholder = "93a1a1ff";
input = "657b83ff";
match = "cb4b16ff";
selection = "eee8d5ff";
selection-text = "586e75ff";
selection-match = "cb4b16ff";
counter = "93a1a1ff";
};
border = {
radius = 30;
width = 3;
};
};
};
programs.niri.settings = {
input.keyboard.xkb.layout = "de";
outputs."eDP-1" = {
scale = 1.0;
variable-refresh-rate = true;
background-color = "#000000";
};
layout.gaps = 8;
# defaults taken from https://github.com/sodiboo/niri-flake/issues/483
binds = {
# Keys consist of modifiers separated by + signs, followed by an XKB key name
# in the end. To find an XKB name for a particular key, you may use a program
# like wev.
#
# "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
# when running as a winit window.
#
# Most actions that you can bind here can also be invoked programmatically with
# `niri msg action do-something`.
# Mod-Shift-/, which is usually the same as Mod-?,
# shows a list of important hotkeys.
"Mod+Shift+Numbersign".action.show-hotkey-overlay = { };
# Suggested binds for running programs: terminal, app launcher, screen locker.
"Mod+T".action.spawn = "alacritty";
"Mod+D".action.spawn = "fuzzel";
"Super+Alt+L".action.spawn = "${config.programs.swaylock.package}/bin/swaylock";
# You can also use a shell. Do this if you need pipes, multiple commands, etc.
# Note: the entire command goes as a single argument in the end.
# Mod+T { spawn "bash" "-c" "notify-send hello && exec alacritty"; }
# Example volume keys mappings for PipeWire & WirePlumber.
# The allow-when-locked=true property makes them work even when the session is locked.
"XF86AudioRaiseVolume" = {
allow-when-locked = true;
action.spawn = [
"wpctl"
"set-volume"
"@DEFAULT_AUDIO_SINK@"
"0.1+"
];
};
"XF86AudioLowerVolume" = {
allow-when-locked = true;
action.spawn = [
"wpctl"
"set-volume"
"@DEFAULT_AUDIO_SINK@"
"0.1-"
];
};
"XF86AudioMute" = {
allow-when-locked = true;
action.spawn = [
"wpctl"
"set-mute"
"@DEFAULT_AUDIO_SINK@"
"toggle"
];
};
"XF86AudioMicMute" = {
allow-when-locked = true;
action.spawn = [
"wpctl"
"set-mute"
"@DEFAULT_AUDIO_SOURCE@"
"toggle"
];
};
"Mod+Q".action.close-window = { };
"Mod+Left".action.focus-column-left = { };
"Mod+Down".action.focus-window-down = { };
"Mod+Up".action.focus-window-up = { };
"Mod+Right".action.focus-column-right = { };
"Mod+H".action.focus-column-left = { };
"Mod+J".action.focus-window-down = { };
"Mod+K".action.focus-window-up = { };
"Mod+L".action.focus-column-right = { };
"Mod+Ctrl+Left".action.move-column-left = { };
"Mod+Ctrl+Down".action.move-window-down = { };
"Mod+Ctrl+Up".action.move-window-up = { };
"Mod+Ctrl+Right".action.move-column-right = { };
"Mod+Ctrl+H".action.move-column-left = { };
"Mod+Ctrl+J".action.move-window-down = { };
"Mod+Ctrl+K".action.move-window-up = { };
"Mod+Ctrl+L".action.move-column-right = { };
# Alternative commands that move across workspaces when reaching
# the first or last window in a column.
# Mod+J { focus-window-or-workspace-down; }
# Mod+K { focus-window-or-workspace-up; }
# Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
# Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
"Mod+Home".action.focus-column-first = { };
"Mod+End".action.focus-column-last = { };
"Mod+Ctrl+Home".action.move-column-to-first = { };
"Mod+Ctrl+End".action.move-column-to-last = { };
"Mod+Shift+Left".action.focus-monitor-left = { };
"Mod+Shift+Down".action.focus-monitor-down = { };
"Mod+Shift+Up".action.focus-monitor-up = { };
"Mod+Shift+Right".action.focus-monitor-right = { };
"Mod+Shift+H".action.focus-monitor-left = { };
"Mod+Shift+J".action.focus-monitor-down = { };
"Mod+Shift+K".action.focus-monitor-up = { };
"Mod+Shift+L".action.focus-monitor-right = { };
"Mod+Shift+Ctrl+Left".action.move-column-to-monitor-left = { };
"Mod+Shift+Ctrl+Down".action.move-column-to-monitor-down = { };
"Mod+Shift+Ctrl+Up".action.move-column-to-monitor-up = { };
"Mod+Shift+Ctrl+Right".action.move-column-to-monitor-right = { };
"Mod+Shift+Ctrl+H".action.move-column-to-monitor-left = { };
"Mod+Shift+Ctrl+J".action.move-column-to-monitor-down = { };
"Mod+Shift+Ctrl+K".action.move-column-to-monitor-up = { };
"Mod+Shift+Ctrl+L".action.move-column-to-monitor-right = { };
# Alternatively, there are commands to move just a single window:
# Mod+Shift+Ctrl+Left { move-window-to-monitor-left; }
# ...
# And you can also move a whole workspace to another monitor:
# Mod+Shift+Ctrl+Left { move-workspace-to-monitor-left; }
# ...
"Mod+Page_Down".action.focus-workspace-down = { };
"Mod+Page_Up".action.focus-workspace-up = { };
"Mod+U".action.focus-workspace-down = { };
"Mod+I".action.focus-workspace-up = { };
"Mod+Ctrl+Page_Down".action.move-column-to-workspace-down = { };
"Mod+Ctrl+Page_Up".action.move-column-to-workspace-up = { };
"Mod+Ctrl+U".action.move-column-to-workspace-down = { };
"Mod+Ctrl+I".action.move-column-to-workspace-up = { };
# Alternatively, there are commands to move just a single window:
# Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
# ...
"Mod+Shift+Page_Down".action.move-workspace-down = { };
"Mod+Shift+Page_Up".action.move-workspace-up = { };
"Mod+Shift+U".action.move-workspace-down = { };
"Mod+Shift+I".action.move-workspace-up = { };
# You can bind mouse wheel scroll ticks using the following syntax.
# These binds will change direction based on the natural-scroll setting.
#
# To avoid scrolling through workspaces really fast, you can use
# the cooldown-ms property. The bind will be rate-limited to this value.
# You can set a cooldown on any bind, but it's most useful for the wheel.
"Mod+WheelScrollDown" = {
cooldown-ms = 150;
action.focus-workspace-down = { };
};
"Mod+WheelScrollUp" = {
cooldown-ms = 150;
action.focus-workspace-up = { };
};
"Mod+Ctrl+WheelScrollDown" = {
cooldown-ms = 150;
action.move-column-to-workspace-down = { };
};
"Mod+Ctrl+WheelScrollUp" = {
cooldown-ms = 150;
action.move-column-to-workspace-up = { };
};
"Mod+WheelScrollRight".action.focus-column-right = { };
"Mod+WheelScrollLeft".action.focus-column-left = { };
"Mod+Ctrl+WheelScrollRight".action.move-column-right = { };
"Mod+Ctrl+WheelScrollLeft".action.move-column-left = { };
# Usually scrolling up and down with Shift in applications results in
# horizontal scrolling; these binds replicate that.
"Mod+Shift+WheelScrollDown".action.focus-column-right = { };
"Mod+Shift+WheelScrollUp".action.focus-column-left = { };
"Mod+Ctrl+Shift+WheelScrollDown".action.move-column-right = { };
"Mod+Ctrl+Shift+WheelScrollUp".action.move-column-left = { };
# Similarly, you can bind touchpad scroll "ticks".
# Touchpad scrolling is continuous, so for these binds it is split into
# discrete intervals.
# These binds are also affected by touchpad's natural-scroll, so these
# example binds are "inverted", since we have natural-scroll enabled for
# touchpads by default.
# Mod+TouchpadScrollDown { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.02+"; }
# Mod+TouchpadScrollUp { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.02-"; }
# You can refer to workspaces by index. However, keep in mind that
# niri is a dynamic workspace system, so these commands are kind of
# "best effort". Trying to refer to a workspace index bigger than
# the current workspace count will instead refer to the bottommost
# (empty) workspace.
#
# For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
# will all refer to the 3rd workspace.
"Mod+1".action.focus-workspace = 1;
"Mod+2".action.focus-workspace = 2;
"Mod+3".action.focus-workspace = 3;
"Mod+4".action.focus-workspace = 4;
"Mod+5".action.focus-workspace = 5;
"Mod+6".action.focus-workspace = 6;
"Mod+7".action.focus-workspace = 7;
"Mod+8".action.focus-workspace = 8;
"Mod+9".action.focus-workspace = 9;
"Mod+Ctrl+1".action.move-column-to-workspace = 1;
"Mod+Ctrl+2".action.move-column-to-workspace = 2;
"Mod+Ctrl+3".action.move-column-to-workspace = 3;
"Mod+Ctrl+4".action.move-column-to-workspace = 4;
"Mod+Ctrl+5".action.move-column-to-workspace = 5;
"Mod+Ctrl+6".action.move-column-to-workspace = 6;
"Mod+Ctrl+7".action.move-column-to-workspace = 7;
"Mod+Ctrl+8".action.move-column-to-workspace = 8;
"Mod+Ctrl+9".action.move-column-to-workspace = 9;
# Alternatively, there are commands to move just a single window:
# Mod+Ctrl+1 { move-window-to-workspace 1; }
# Switches focus between the current and the previous workspace.
# Mod+Tab { focus-workspace-previous; }
"Mod+Comma".action.consume-window-into-column = { };
"Mod+Period".action.expel-window-from-column = { };
# There are also commands that consume or expel a single window to the side.
# Mod+BracketLeft { consume-or-expel-window-left; }
# Mod+BracketRight { consume-or-expel-window-right; }
"Mod+R".action.switch-preset-column-width = { };
"Mod+Shift+R".action.reset-window-height = { };
"Mod+F".action.maximize-column = { };
"Mod+Shift+F".action.fullscreen-window = { };
"Mod+C".action.center-column = { };
# Finer width adjustments.
# This command can also:
# * set width in pixels: "1000"
# * adjust width in pixels: "-5" or "+5"
# * set width as a percentage of screen width: "25%"
# * adjust width as a percentage of screen width: "-10%" or "+10%"
# Pixel sizes use logical, or scaled, pixels. I.e. on an output with scale 2.0,
# set-column-width "100" will make the column occupy 200 physical screen pixels.
"Mod+Minus".action.set-column-width = "-10%";
"Mod+Equal".action.set-column-width = "+10%";
# Finer height adjustments when in column with other windows.
"Mod+Shift+Minus".action.set-window-height = "-10%";
"Mod+Shift+Equal".action.set-window-height = "+10%";
# Actions to switch layouts.
# Note: if you uncomment these, make sure you do NOT have
# a matching layout switch hotkey configured in xkb options above.
# Having both at once on the same hotkey will break the switching,
# since it will switch twice upon pressing the hotkey (once by xkb, once by niri).
# Mod+Space { switch-layout "next"; }
# Mod+Shift+Space { switch-layout "prev"; }
"Print".action.screenshot = { };
"Ctrl+Print".action.screenshot-screen = { };
"Alt+Print".action.screenshot-window = { };
# The quit action will show a confirmation dialog to avoid accidental exits.
"Mod+Shift+E".action.quit = { };
# Powers off the monitors. To turn them back on, do any input like
# moving the mouse or pressing any other key.
"Mod+Shift+P".action.power-off-monitors = { };
};
};
};
}

55
home/vinzenz/ssh.nix
View file

@ -1,55 +0,0 @@
{ ... }:
{
config.programs.ssh = {
enable = true;
matchBlocks = {
"vpn1" = {
host = "vpn1 hetzner-vpn1";
hostname = "157.90.146.125"; # 2a01:4f8:c012:7137::/64
user = "root";
};
"vpn2" = {
host = "vpn2 hetzner-vpn2";
hostname = "2a01:4f8:c013:65dd::1";
user = "root";
};
"vpn1-ts" = {
host = "vpn1-ts hetzner-vpn1.donkey-pentatonic.ts.net";
hostname = "hetzner-vpn1.donkey-pentatonic.ts.net";
user = "root";
};
"openwrt" = {
host = "openwrt openwrt.lan";
hostname = "openwrt.lan";
user = "root";
};
"openwrt-ts" = {
hostname = "openwrt.donkey-pentatonic.ts.net";
port = 2222;
user = "root";
};
"openwrt-j" = {
hostname = "openwrt.donkey-pentatonic.ts.net";
proxyJump = "vpn1";
port = 2222;
user = "root";
};
"pc2-power" = {
hostname = "openwrt.donkey-pentatonic.ts.net";
proxyJump = "vpn1";
port = 2222;
user = "pc2-power";
};
"avd-power" = {
# hostname = "2001:678:560:23:9833:63ff:fe2d:f477"
# hostname = "195.160.172.25";
hostname = "avd-jumphost.club.berlin.ccc.de";
user = "power";
};
"avd" = {
hostname = "avd.club.berlin.ccc.de";
user = "vinzenz";
};
};
};
}

40
home/vinzenz/swaylock.nix
View file

@ -1,40 +0,0 @@
# based on https://codeberg.org/kiara/cfg/src/commit/b9c472acd78c9c08dfe8b6a643c5c82cc5828433/home-manager/kiara/swaylock.nix#
{ pkgs, config, ... }:
{
config = {
programs.swaylock = {
enable = true;
package = pkgs.swaylock-effects;
# https://github.com/jirutka/swaylock-effects/blob/master/swaylock.1.scd
settings = {
screenshot = true;
effect-blur = "9x9";
effect-vignette = "0.2:0.2";
fade-in = 0.5;
font-size = 75;
indicator-caps-lock = true;
clock = true;
indicator-radius = 400;
show-failed-attempts = true;
ignore-empty-password = true;
grace = 2;
color = "000000";
indicator-thickness = 20;
};
};
services.swayidle = {
enable = true;
timeouts = [
{
timeout = 60;
command = "${config.programs.swaylock.package}/bin/swaylock";
}
#{
# timeout = 90;
# command = "${pkgs.systemd}/bin/systemctl suspend";
#}
];
};
};
}

60
home/vinzenz/vscode.nix
View file

@ -1,60 +0,0 @@
{ pkgs, lib, ... }:
{
config.programs.vscode = {
enable = true;
package = pkgs.vscodium;
enableUpdateCheck = false;
extensions = with pkgs.vscode-extensions; [
bbenoist.nix
ms-python.python
kamadorueda.alejandra
editorconfig.editorconfig
yzhang.markdown-all-in-one
redhat.vscode-yaml
pkief.material-icon-theme
rust-lang.rust-analyzer
tamasfe.even-better-toml
llvm-vs-code-extensions.vscode-clangd
mkhl.direnv
vadimcn.vscode-lldb
ms-dotnettools.csharp
ms-vscode-remote.remote-ssh
RoweWilsonFrederiskHolme.wikitext
];
userSettings = {
"files.autoSave" = "afterDelay";
"files.autoSaveWhenNoErrors" = true;
"files.autoSaveWorkspaceFilesOnly" = true;
"editor.fontFamily" = "'Fira Code', 'Droid Sans Mono', 'monospace', monospace";
"editor.fontLigatures" = true;
"editor.formatOnSave" = true;
"editor.formatOnSaveMode" = "modificationsIfAvailable";
"editor.minimap.autohide" = true;
"workbench.startupEditor" = "readme";
"workbench.enableExperiments" = false;
"workbench.iconTheme" = "material-icon-theme";
"update.mode" = "none";
"extensions.autoUpdate" = false;
"extensions.autoCheckUpdates" = false;
"telemetry.telemetryLevel" = "off";
"redhat.telemetry.enabled" = false;
"git.autofetch" = true;
"git.path" = "${lib.getBin pkgs.git}/bin/git";
"diffEditor.diffAlgorithm" = "advanced";
"explorer.excludeGitIgnore" = true;
"markdown.extension.tableFormatter.normalizeIndentation" = true;
"markdown.extension.toc.orderedList" = false;
"rust-analyzer.checkOnSave.command" = "clippy";
"\[makefile\]" = {
"editor.insertSpaces" = false;
"editor.detectIndentation" = false;
};
};
};
}

271
home/vinzenz/waybar.nix
View file

@ -1,271 +0,0 @@
{
pkgs,
device,
config,
...
}:
{
home.packages = with pkgs; [
waybar
playerctl
cava
];
programs.waybar = {
enable = true;
systemd.enable = true;
settings = {
mainBar = {
layer = "top";
position = "top";
output = [
"eDP-1"
"HDMI-A-1"
];
mode = "dock";
spacing = "8";
modules-left = [
"niri/workspaces"
"tray"
"niri/window"
];
modules-center = [
"privacy"
"clock"
];
modules-right = [
"mpris"
"image"
"cava"
"gamemode"
"temperature"
"cpu"
"memory"
"disk"
"wireplumber"
"bluetooth"
"backlight"
"network"
"power-profiles-daemon"
"battery"
"idle_inhibitor"
#"group/group-power"
];
"niri/workspaces" = {
format = "{icon}";
};
"niri/window" = {
separate-outputs = true;
icon = true;
};
network = {
interface = "wlo1";
format = "{ifname}";
format-wifi = " ";
format-ethernet = "󰈀 ";
format-linked = "󱘖 ";
format-disconnected = "󰣽 ";
tooltip-format = "{ifname} via {gwaddr}";
tooltip-format-wifi = "{essid} ({signalStrength}%)";
tooltip-format-ethernet = "{ifname} {ipaddr}/{cidr}";
tooltip-format-disconnected = "Disconnected";
max-length = 50;
};
clock = {
format = "{:%a, %d. %b %H:%M}";
tooltip-format = "<tt><small>{calendar}</small></tt>";
calendar = {
mode = "month";
weeks-pos = "right";
on-scroll = 1;
on-click-right = "mode";
format = {
#months = "<span color='#ffead3'><b>{}</b></span>";
#days = "<span color='#ecc6d9'><b>{}</b></span>";
#weeks = "<span color='#99ffdd'><b>W{}</b></span>";
#weekdays = "<span color='#ffcc66'><b>{}</b></span>";
#weekdays = "<b>{}</b>";
today = "<span color='#0FBB0F'><b>{}</b></span>";
};
};
actions = {
on-click-right = "mode";
on-click-forward = "tz_up";
on-click-backward = "tz_down";
on-scroll-up = "shift_down";
on-scroll-down = "shift_up";
};
};
battery = {
format = "{capacity}% {icon}";
format-icons = [
""
""
""
""
""
];
};
backlight = {
device = "intel_backlight";
format = "{percent}% ";
on-scroll-down = "light -U 1";
on-scroll-up = "light -A 1";
};
cpu = {
interval = 1;
format =
"{usage:3}%@{avg_frequency:4} "
+ (builtins.getAttr device {
"vinzenz-lpt2" =
"{icon0}{icon1}{icon2}{icon3}{icon4}{icon5}{icon6}{icon7}{icon8}{icon9}{icon10}{icon11}{icon12}{icon13}{icon14}{icon15}{icon16}{icon17}{icon18}{icon19}";
"vinzenz-pc2" =
"{icon0}{icon1}{icon2}{icon3}{icon4}{icon5}{icon6}{icon7}{icon8}{icon9}{icon10}{icon11}{icon12}{icon13}{icon14}{icon15}";
})
+ " ";
format-icons = [
"<span color='#69ff94'></span>"
"<span color='#2aa9ff'></span>"
"<span color='#f8f8f2'></span>"
"<span color='#f8f8f2'></span>"
"<span color='#ffffa5'></span>"
"<span color='#ffffa5'></span>"
"<span color='#ff9977'></span>"
"<span color='#dd532e'></span>"
];
};
cava = {
framerate = 15;
autosens = 1;
method = "pipewire";
sleep_timer = 3;
source = "auto";
bar_delimiter = 0;
bars = 12;
input_delay = 2;
hide_on_silence = true;
format-icons = [
"<span font-family='monospace'></span>"
"<span font-family='monospace'></span>"
"<span font-family='monospace'></span>"
"<span font-family='monospace'></span>"
"<span font-family='monospace'></span>"
"<span font-family='monospace'></span>"
"<span font-family='monospace'></span>"
"<span font-family='monospace'></span>"
];
actions = {
"on-click-right" = "mode";
};
};
disk = {
format = "{free}/{total}";
};
"group/group-power" = {
"orientation" = "inherit";
"drawer" = {
"transition-duration" = 500;
"children-class" = "not-power";
"transition-left-to-right" = false;
};
"modules" = [
"custom/power" # First element is the "group leader" and won't ever be hidden
"custom/quit"
"custom/lock"
"custom/reboot"
];
};
"custom/quit" = {
"format" = "󰗼";
"tooltip" = false;
"on-click" = "hyprctl dispatch exit";
min-width = 20;
};
"custom/lock" = {
"format" = "󰍁";
"tooltip" = false;
"on-click" = "swaylock";
};
"custom/reboot" = {
"format" = "󰜉";
"tooltip" = false;
"on-click" = "reboot";
};
"custom/power" = {
"format" = "";
"tooltip" = false;
"on-click" = "shutdown now";
};
idle_inhibitor = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
};
};
image =
let
albumArtScript = pkgs.writeShellScriptBin "album-art.sh" ''
#!${pkgs.bash}/bin/bash
album_art=$(playerctl metadata mpris:artUrl)
if [[ -z $album_art ]]
then
exit
fi
curl -s "''${album_art}" --output "/tmp/cover.jpeg"
echo "/tmp/cover.jpeg"
'';
in
{
exec = "${albumArtScript}/bin/album-art.sh";
interval = 15;
on-click = "playerctl play-pause";
};
mpris = {
format = "{title} ";
tooltip-format = "{player} ({status}) {dynamic}";
};
memory = {
format = "{}% ";
};
power-profiles-daemon = {
format = "{icon}";
tooltip-format = "Power profile: {profile}\nDriver: {driver}";
tooltip = true;
format-icons = {
default = "";
performance = "";
balanced = "";
power-saver = "";
};
};
wireplumber = {
format = "{volume}% {icon}";
format-muted = "";
format-icons = [
""
""
""
];
};
temperature = {
format = "{temperatureC}°C ";
};
tray = {
spacing = 4;
};
bluetooth = {
format = " {status} ";
format-connected = " {device_alias} ";
format-connected-battery = " {device_alias} {device_battery_percentage}% ";
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%";
};
};
};
};
}

41
home/vinzenz/zsh.nix
View file

@ -1,41 +0,0 @@
{ config, pkgs, ... }:
{
config.programs.zsh = {
initExtra = ''
eval "$(direnv hook zsh)";
export PATH=$PATH:/home/vinzenz/.cargo/bin
'';
enableCompletion = true;
shellAliases = {
myos-rebuild-boot = "sudo nixos-rebuild boot --flake .# --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json";
myos-rebuild-switch = "sudo nixos-rebuild switch --flake .# --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json";
my-direnvallow = "echo \"use nix\" > .envrc && direnv allow";
my-ip4 = "ip addr show | grep 192";
deadnix = "nix run github:astro/deadnix -- ";
statix = "nix run git+https://git.peppe.rs/languages/statix -- ";
};
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
expireDuplicatesFirst = true;
};
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = [
"git"
"sudo"
"systemadmin"
"battery"
"dotnet"
"rust"
"tailscale"
];
};
};
}

15
hosts/forgejo-runner-1/configuration.nix
View file

@ -1,15 +0,0 @@
{ ... }:
{
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
};
}

29
hosts/forgejo-runner-1/forgejo-runner.nix
View file

@ -1,29 +0,0 @@
{ pkgs, ... }:
{
config = {
environment.systemPackages = with pkgs; [
forgejo-runner
];
# https://wiki.nixos.org/wiki/Forgejo
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "cccb";
url = "https://git.berlin.ccc.de";
# Obtaining the path to the runner token file may differ
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
tokenFile = "/etc/forgejo-runner/registration_token";
labels = [
"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:rust-24.04"
"ubuntu-24.04:docker://ghcr.io/catthehacker/ubuntu:rust-24.04"
];
settings = {
container.network = "bridge";
};
};
};
};
}

63
hosts/forgejo-runner-1/hardware.nix
View file

@ -1,63 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/47bc77ff-12e1-4d39-bb5c-fb100ccd3aab";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/05F2-8F9A";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/bbd18a70-b0bb-4e1a-b45b-3c1f8ecc0c10"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [
"2a01:4f8:c013:a524::1/64"
];
routes = [
{ Gateway = "fe80::1"; }
];
};
};
};
}

6
hosts/forgejo-runner-1/imports.nix
View file

@ -1,6 +0,0 @@
{
imports = [
../../modules/podman.nix
./forgejo-runner.nix
];
}

21
hosts/hetzner-vpn2/configuration.nix
View file

@ -1,21 +0,0 @@
{ ... }:
{
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
users.users = {
root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
#ronja.openssh.authorizedKeys.keys = [
# ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
#];
};
system.autoUpgrade.allowReboot = true;
}

63
hosts/hetzner-vpn2/hardware.nix
View file

@ -1,63 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3263489d-9819-433c-b198-9d2e732a94e4";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/6C25-6BDC";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e147721d-86b5-40d7-a231-c6ea391c563d"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [
"2a01:4f8:c013:65dd::1/64"
];
routes = [
{ Gateway = "fe80::1"; }
];
};
};
};
}

5
hosts/hetzner-vpn2/imports.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./nginx.nix
];
}

55
hosts/hetzner-vpn2/nginx.nix
View file

@ -1,55 +0,0 @@
{ pkgs, ... }:
{
security.acme = {
acceptTerms = true;
defaults.email = "acme@zerforschen.plus";
};
security.pam.services.nginx.setEnvironment = false;
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "shadow" ];
};
services.nginx = {
enable = true;
additionalModules = [ pkgs.nginxModules.pam ];
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts =
let
servicesDomain = "services.zerforschen.plus";
mkServiceConfig = host: port: {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}/";
extraConfig = ''
# bind to tailscale ip
proxy_bind 100.88.118.60;
# pam auth
limit_except OPTIONS {
auth_pam "Password Required";
auth_pam_service_name "nginx";
}
'';
};
};
pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net";
in
{
#"vscode.${servicesDomain}" = lib.mkMerge [
# (mkServiceConfig pc2 8542)
# { locations."/".proxyWebsockets = true; }
#];
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

41
hosts/vinzenz-lpt2/configuration.nix
View file

@ -1,41 +0,0 @@
{ ... }:
{
imports = [ ./nginx.nix ];
config = {
networking.networkmanager.enable = true;
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"
];
services.xserver.xkb = {
# Configure keymap in X11
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
users.users.vinzenz.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
];
#users.users.ronja.openssh.authorizedKeys.keys = [
# ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
#];
programs = {
adb.enable = true;
light = {
enable = true;
brightnessKeys = {
enable = true;
step = 5;
};
};
};
};
}

63
hosts/vinzenz-lpt2/hardware.nix
View file

@ -1,63 +0,0 @@
{ lib, ... }:
{
imports = [ ../../modules/intel-graphics.nix ];
config = {
# intel cpu
boot.kernelModules = [
"kvm-intel"
"xe"
];
hardware.cpu.intel.updateMicrocode = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.initrd = {
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
];
luks.devices = {
"luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E2B7-2BC1";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
}
];
services.thermald.enable = true;
services.hardware.bolt.enable = true; # thunderbolt security
};
}

14
hosts/vinzenz-lpt2/imports.nix
View file

@ -1,14 +0,0 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/printing.nix
../../modules/podman.nix
../../modules/niri.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/vinzenz
../../home/ronja
];
}

30
hosts/vinzenz-lpt2/nginx.nix
View file

@ -1,30 +0,0 @@
_: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3000/";
proxyWebsockets = true;
};
serverAliases = [ "172.23.42.96" ];
};
};
};
networking.firewall = {
allowedTCPPorts = [
80
8001
3000
];
allowedUDPPorts = [ 2342 ];
};
}

34
hosts/vinzenz-pc2/configuration.nix
View file

@ -1,34 +0,0 @@
{ ... }:
{
imports = [
./hardware.nix
./vscode-server.nix
];
config = {
networking.networkmanager.enable = true;
nix.settings.extra-platforms = [
"aarch64-linux"
"i686-linux"
];
services.xserver.xkb = {
# Configure keymap in X11
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
users.users.vinzenz.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
];
users.users.ronja.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgN6J8KyVyQqBAz+y3drXDmIsxOPkdPB+ISgpIP9Eld Generated By Termius''
];
};
}

37
hosts/vinzenz-pc2/fstab.nix
View file

@ -1,37 +0,0 @@
{
"/" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/home" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
"/games" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = [ "subvol=@games" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AF67-8F16";
fsType = "vfat";
};
"/mnt/nixos_btrfs_root" = {
# subvolume with id 5 is always the root volume
# this is convenient for managing the flat subvolume hierarchy
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = [ "subvolid=5" ];
};
"/mnt/ssd2" = {
device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a";
fsType = "ext4";
};
}

25
hosts/vinzenz-pc2/hardware.nix
View file

@ -1,25 +0,0 @@
{ ... }:
{
imports = [ ../../modules/amd-graphics.nix ];
config = {
# amd cpu
boot.kernelModules = [ "kvm-amd" ];
hardware.cpu.amd.updateMicrocode = true;
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
]; # "usb_storage"
loader.efi.efiSysMountPoint = "/boot";
};
fileSystems = import ./fstab.nix;
swapDevices = [ ];
networking.interfaces.eno1.wakeOnLan.enable = true;
};
}

14
hosts/vinzenz-pc2/imports.nix
View file

@ -1,14 +0,0 @@
{
imports = [
../../modules/gnome.nix
../../modules/gaming.nix
../../modules/printing.nix
../../modules/podman.nix
../../modules/niri.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix
../../home/vinzenz
../../home/ronja
];
}

27
hosts/vinzenz-pc2/vscode-server.nix
View file

@ -1,27 +0,0 @@
{ pkgs, ... }:
{
services.openvscode-server = {
enable = true;
telemetryLevel = "off";
port = 8542;
host = "100.125.93.127"; # tailscale
withoutConnectionToken = true;
extraPackages = with pkgs; [
nodejs
git
gh
direnv
];
};
networking = {
firewall = {
allowedTCPPorts = [
8542
8543
8544
80
];
};
};
}

21
modules/amd-graphics.nix
View file

@ -1,21 +0,0 @@
{ pkgs, config, ... }:
{
config = {
boot.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
hardware = {
graphics.enable = true;
amdgpu = {
opencl.enable = true;
amdvlk = {
# TODO: this creates black borders around GNOME apps
# enable = true;
support32Bit.enable = config.hardware.graphics.enable32Bit;
};
};
};
environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
};
}

18
modules/default.nix Normal file
View file

@ -0,0 +1,18 @@
modulesCfg: {lib, ...}: {
imports =
[
./i18n.nix
./nixpkgs.nix
./globalinstalls.nix
./server.nix
./desktop
]
++ (map (path: (import path modulesCfg)) [
./hardware
./users
]);
config = {
my.modulesCfg = modulesCfg;
};
}

119
modules/desktop-environment.nix
View file

@ -1,119 +0,0 @@
{ pkgs, ... }:
{
config = {
services = {
xserver.enable = true;
libinput.enable = true;
flatpak.enable = true;
fstrim.enable = true;
earlyoom = {
enable = true;
freeMemThreshold = 5;
};
};
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
programs = {
kdeconnect.enable = true;
firefox = {
enable = true;
languagePacks = [
"en-US"
"de"
];
};
nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc
zlib
zstd
curl
openssl
attr
libssh
bzip2
libxml2
acl
libsodium
util-linux
xz
systemd
];
};
appimage = {
enable = true;
binfmt = true;
};
};
networking = {
firewall = {
allowedTCPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
# KDE Connect / gsconnect
from = 1714;
to = 1764;
}
];
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
# prevent stuck units from preventing shutdown (default is 120s)
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
};
environment.systemPackages = with pkgs; [
lm_sensors
# office
libreoffice-qt
hunspell
hunspellDicts.de-de
hunspellDicts.en-us-large
];
fonts = {
enableDefaultPackages = true;
fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font" ];
packages = with pkgs; [
(nerdfonts.override { fonts = [ "FiraCode" ]; })
roboto-mono
recursive
];
};
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
system.autoUpgrade = {
allowReboot = false;
operation = "boot";
};
};
}

110
modules/desktop/default.nix Normal file
View file

@ -0,0 +1,110 @@
{
config,
pkgs,
lib,
...
}: let
cfg = config.my.desktop;
in {
imports = [
./gnome.nix
./kde.nix
./gaming.nix
];
options.my.desktop.enable = lib.mkEnableOption "desktop";
config = lib.mkIf cfg.enable {
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
services = {
# Enable the X11 windowing system / wayland depending on DE
xserver.enable = true;
# Enable CUPS to print documents.
printing.enable = true;
# Enable the OpenSSH daemon.
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
programs = {
git.package = pkgs.gitFull;
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
};
# unblock kde connect / gsconnect
networking = {
networkmanager.enable = true;
firewall.enable = true;
firewall = {
allowedTCPPortRanges = [
{
# KDE Connect
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
# KDE Connect
from = 1714;
to = 1764;
}
];
};
};
systemd = {
# save some boot time because nothing actually requires network connectivity
services.NetworkManager-wait-online.enable = false;
extraConfig = ''
DefaultTimeoutStopSec=12s
'';
};
environment = {
pathsToLink = ["/share/zsh"];
systemPackages = with pkgs; [
lm_sensors
];
};
nixpkgs.config.permittedInsecurePackages = [
"electron-12.2.3"
];
fonts = {
fontconfig.defaultFonts.monospace = ["FiraCode Nerd Font"];
fonts = with pkgs; [
(nerdfonts.override {fonts = ["FiraCode"];})
];
};
};
}

32
modules/desktop/gaming.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableGaming;
in {
imports = [];
options.my.desktop.enableGaming = lib.mkEnableOption "gaming with wine";
config = lib.mkIf isEnabled {
hardware.opengl.driSupport32Bit = true;
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
steam
(lutris.override {
extraPkgs = pkgs: [
# List package dependencies here
];
extraLibraries = pkgs: [
# List library dependencies here
];
})
];
};
}

66
modules/desktop/gnome.nix Normal file
View file

@ -0,0 +1,66 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableGnome;
enableHomeManager = config.my.modulesCfg.enableHomeManager;
in {
options.my.desktop.enableGnome = lib.mkEnableOption "gnome desktop";
config = lib.mkMerge [
(lib.mkIf isEnabled {
my.desktop.enable = true;
services = {
xserver = {
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
gnome = {
tracker-miners.enable = false;
tracker.enable = false;
};
};
programs.gpaste.enable = true;
environment = {
systemPackages = with pkgs; [
gnomeExtensions.gsconnect
];
# remove some gnome default apps
gnome.excludePackages = with pkgs.gnome; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
seahorse # password manager
gnome-clocks
gnome-maps
gnome-weather
gnome-music
pkgs.gnome-connections
];
};
})
(lib.mkIf (isEnabled && enableHomeManager) {
home-manager.sharedModules = [
{
home.packages = with pkgs; [
amberol
];
dconf.settings = {
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = true;
};
};
}
];
})
];
}

61
modules/desktop/kde.nix Normal file
View file

@ -0,0 +1,61 @@
{
config,
pkgs,
lib,
...
}: let
isEnabled = config.my.desktop.enableKde;
enableHomeManager = config.my.modulesCfg.enableHomeManager;
in {
options.my.desktop.enableKde = lib.mkEnableOption "KDE desktop";
config = lib.mkMerge [
(lib.mkIf isEnabled {
my.desktop.enable = true;
# flatpak xdg-portal-kde crashes, otherwise this would be global
services.flatpak.enable = false;
services = {
# Enable the KDE Plasma Desktop Environment.
xserver = {
desktopManager.plasma5.enable = true;
displayManager = {
sddm.enable = true;
defaultSession = "plasmawayland";
};
};
};
environment = {
systemPackages = with pkgs; [
libsForQt5.kate
libsForQt5.kalk
];
plasma5.excludePackages = with pkgs.libsForQt5; [
elisa
gwenview
okular
khelpcenter
];
};
programs = {
dconf.enable = true;
partition-manager.enable = true;
};
})
(lib.mkIf (isEnabled && enableHomeManager) {
home-manager.sharedModules = [
{
services.kdeconnect = {
enable = true;
indicator = true;
};
}
];
})
];
}

81
modules/gaming.nix
View file

@ -1,81 +0,0 @@
{ pkgs, ... }:
{
config = {
hardware = {
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [ mangohud ];
extraPackages32 = with pkgs; [ mangohud ];
};
steam-hardware.enable = true;
xpadneo.enable = true;
};
environment.systemPackages = with pkgs; [
wineWowPackages.stagingFull
wineWowPackages.fonts
winetricks
dxvk
mangohud
vulkan-tools
glxinfo
lutris
];
programs = {
xwayland.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = false;
};
gamemode.enable = true;
};
networking.firewall = {
allowedUDPPorts = [
# Factorio
34197
# steam network transfer
3478
];
allowedTCPPorts = [
# steam network transfer
24070
];
allowedTCPPortRanges = [
# steam network transfer
{
from = 27015;
to = 27050;
}
];
allowedUDPPortRanges = [
# steam network transfer
{
from = 4379;
to = 4380;
}
{
from = 27000;
to = 27100;
}
];
};
allowedUnfreePackages = [
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
"ut1999"
];
};
}

24
modules/globalinstalls.nix
View file

@ -1,34 +1,18 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
config = {
environment = {
pathsToLink = ["/share/zsh"];
systemPackages = with pkgs; [
ncdu
glances
iotop
pciutils
lsof
dig
screen
ncdu
tldr
neofetch
nix-output-monitor
];
};
programs = {
git.enable = true;
zsh.enable = true;
htop.enable = true;
iotop.enable = true;
git.enable = true;
nano = {
enable = true;
syntaxHighlight = true;
};
};
};
}

46
modules/gnome-shared-dconf.nix
View file

@ -1,46 +0,0 @@
{
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
clock-show-seconds = true;
show-battery-percentage = true;
};
"org/gnome/mutter" = {
edge-tiling = true;
dynamic-workspaces = true;
};
"org/gnome/desktop/peripherals/keyboard" = {
numlock-state = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/tweaks" = {
show-extensions-notice = false;
};
"org/gnome/shell" = {
disable-user-extensions = false;
disabled-extensions = [ ];
enabled-extensions = [
"tailscale@joaophi.github.com"
"appindicatorsupport@rgcjonas.gmail.com"
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
"caffeine@patapon.info"
];
};
"ca/desrt/dconf-editor" = {
show-warning = false;
};
"org/gnome/desktop/wm/keybindings" = {
switch-windows = [ "<Alt>Tab" ];
switch-windows-backward = [ "<Shift><Alt>Tab" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Shift><Super>Tab" ];
};
"org/gnome/shell/extensions/alphabetical-app-grid" = {
folder-order-position = "start";
};
"org/gnome/shell/extensions/gsconnect" = {
enabled = true;
};
}

107
modules/gnome.nix
View file

@ -1,107 +0,0 @@
{ pkgs, ... }:
{
config = {
services = {
xserver = {
# Enable the GNOME Desktop Environment.
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
displayManager.gdm.enable = true;
excludePackages = with pkgs; [ xterm ];
};
displayManager.defaultSession = "gnome";
gnome = {
tinysparql.enable = false;
localsearch.enable = false;
sushi.enable = true;
gnome-remote-desktop.enable = true;
};
};
programs = {
dconf.enable = true;
gpaste.enable = true;
kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
};
# remove some gnome default apps
environment.gnome.excludePackages = with pkgs; [
cheese # photo booth
epiphany # web browser
evince # document viewer
geary # email client
gnome-maps
gnome-weather
gnome-tour
gnome-contacts
sysprof
orca # screen reader
gnome-disk-utility
gnome-system-monitor
gnome-weather
gnome-backgrounds
gnome-user-docs
gnome-calendar
yelp # help app
# gnome-music
# totem # video player
# snapshot # camera
# baobab # disk usage
];
environment.systemPackages = with pkgs; [
ghex
impression
];
# RDP connections
networking.firewall.allowedTCPPorts = [ 3389 ];
home-manager.sharedModules = [
{
home.packages =
with pkgs;
[
gitg
meld
simple-scan
pinta
dconf-editor
gpaste
# graphical installer for flatpak apps
gnome-software
]
++ (with gnomeExtensions; [
caffeine
appindicator
]);
dconf.settings = import ./gnome-shared-dconf.nix;
gtk = {
enable = true;
iconTheme.name = "Adwaita";
cursorTheme.name = "Adwaita";
theme = {
name = "adw-gtk3-dark";
package = pkgs.adw-gtk3;
};
};
}
{
home.packages = with pkgs; [ trayscale ] ++ (with gnomeExtensions; [ tailscale-qs ]);
dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ];
}
];
};
}

15
modules/hardware/amdcpu.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
config,
pkgs,
...
}: let
isEnabled = config.my.hardware.isAmdCpu;
in {
options.my.hardware.isAmdCpu = lib.mkEnableOption "amd cpu";
config = lib.mkIf isEnabled {
boot.kernelModules = ["kvm-amd"];
hardware.cpu.amd.updateMicrocode = true;
};
}

16
modules/hardware/amdgpu.nix Normal file
View file

@ -0,0 +1,16 @@
{
lib,
config,
pkgs,
...
}: let
isEnabled = config.my.hardware.isAmdGpu;
in {
options.my.hardware.isAmdGpu = lib.mkEnableOption "amd gpu";
config = lib.mkIf isEnabled {
environment.systemPackages = with pkgs; [
radeontop
];
};
}

33
modules/desktop-hardware.nix → modules/hardware/common-desktop.nix
View file

@ -1,29 +1,25 @@
{
lib,
pkgs,
config,
...
}:
{
config = {
}: let
isEnabled = config.my.hardware.enableCommonDesktopSettings;
in {
options.my.hardware.enableCommonDesktopSettings = lib.mkEnableOption "common hw settings for desktops";
config = lib.mkIf isEnabled {
boot = {
kernelPackages = pkgs.linuxPackages_zen;
kernelParams = [
"quiet"
"udev.log_level=3"
];
supportedFilesystems = [ "btrfs" ];
initrd.supportedFilesystems = [ "btrfs" ];
kernelParams = ["quiet" "udev.log_level=3"];
supportedFilesystems = ["btrfs"];
initrd.supportedFilesystems = ["btrfs"];
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
loader = {
systemd-boot.enable = true;
timeout = 3;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false; # do not allow changing kernel parameters
consoleMode = "max";
};
};
};
@ -35,13 +31,8 @@
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
hardware = {
enableRedistributableFirmware = true;
bluetooth.enable = true;
};
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fwupd.enable = true;
};
}

41
modules/hardware/default.nix Normal file
View file

@ -0,0 +1,41 @@
modulesCfg: {
modulesPath,
lib,
...
}: let
hostName = modulesCfg.hostName;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(builtins.toString ./. + "/${hostName}.nix")
./common-desktop.nix
./amdcpu.nix
./amdgpu.nix
./intelcpu.nix
];
options.my.modulesCfg.hostName = lib.mkOption {
type = lib.types.str;
};
config = {
networking.hostName = hostName;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
hardware.enableRedistributableFirmware = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
}

102
modules/hardware/hetzner-vpn1.nix Normal file
View file

@ -0,0 +1,102 @@
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
config = {
nixpkgs = {
hostPlatform = "aarch64-linux";
system = "aarch64-linux";
};
boot = {
tmp.cleanOnBoot = true;
loader = {
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = lib.mkForce false;
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
kernelModules = ["nvme"];
};
};
zramSwap.enable = true;
networking.domain = "";
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/77CF-345D";
fsType = "vfat";
};
"/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
# This file was populated at runtime with the networking
# details gathered from the active system.
networking = {
nameservers = ["8.8.8.8"];
defaultGateway = "172.31.1.1";
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
dhcpcd.enable = false;
usePredictableInterfaceNames = lib.mkForce false;
interfaces = {
eth0 = {
ipv4 = {
addresses = [
{
address = "157.90.146.125";
prefixLength = 32;
}
];
routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
};
ipv6 = {
addresses = [
{
address = "2a01:4f8:c012:7137::1";
prefixLength = 64;
}
{
address = "fe80::9400:2ff:fe87:7fc9";
prefixLength = 64;
}
];
routes = [
{
address = "fe80::1";
prefixLength = 128;
}
];
};
};
};
};
services.udev.extraRules = ''
ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0"
'';
};
}

14
modules/hardware/intelcpu.nix Normal file
View file

@ -0,0 +1,14 @@
{
lib,
config,
...
}: let
isEnabled = config.my.hardware.isIntelCpu;
in {
options.my.hardware.isIntelCpu = lib.mkEnableOption "intel cpu";
config = lib.mkIf isEnabled {
boot.kernelModules = ["kvm-intel"];
hardware.cpu.intel.updateMicrocode = true;
};
}

31
modules/hardware/vinzenz-lpt.nix Normal file
View file

@ -0,0 +1,31 @@
{...}: {
config = {
my.hardware = {
enableCommonDesktopSettings = true;
isIntelCpu = true;
isAmdGpu = true;
};
boot = {
initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
loader.efi.efiSysMountPoint = "/boot/efi";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/34cb86c4-8823-4785-9672-92ef0bcd5eaf";
fsType = "btrfs";
options = ["subvol=@"];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/2381-1CD2";
fsType = "vfat";
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/f5932f70-60e4-4abe-b23d-2cab3c095c7d";}
];
};
}

54
modules/hardware/vinzenz-pc2.nix Normal file
View file

@ -0,0 +1,54 @@
{...}: {
config = {
my.hardware = {
enableCommonDesktopSettings = true;
isAmdCpu = true;
isAmdGpu = true;
};
boot = {
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage"
loader.efi.efiSysMountPoint = "/boot";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvol=@"];
};
"/home" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvol=@home"];
};
"/games" = {
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvol=@games"];
};
"/boot" = {
device = "/dev/disk/by-uuid/AF67-8F16";
fsType = "vfat";
};
"/mnt/nixos_btrfs_root" = {
# subvolume with id 5 is always the root volume
# this is convenient for managing the flat subvolume hierarchy
device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
fsType = "btrfs";
options = ["subvolid=5"];
};
"/mnt/ssd2" = {
device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a";
fsType = "ext4";
};
};
swapDevices = [];
};
}

11
modules/i18n.nix
View file

@ -1,4 +1,4 @@
_: {
{...}: {
config = {
time.timeZone = "Europe/Berlin";
i18n = {
@ -15,5 +15,14 @@ _: {
LC_TIME = "de_DE.UTF-8";
};
};
services.xserver = {
# Configure keymap in X11
layout = "de";
xkbVariant = "";
};
# Configure console keymap
console.keyMap = "de";
};
}

20
modules/intel-graphics.nix
View file

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
config = {
hardware.graphics = {
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
intel-ocl
intel-compute-runtime
vpl-gpu-rt
];
extraPackages32 = with pkgs.driversi686Linux; [
intel-vaapi-driver
intel-media-driver
];
};
environment.systemPackages = with pkgs; [ nvtopPackages.intel ];
allowedUnfreePackages = [ "intel-ocl" ];
};
}

10
modules/latex.nix
View file

@ -1,10 +0,0 @@
{ pkgs, ... }:
{
config = {
environment.systemPackages = with pkgs; [
fontconfig
texliveFull
texstudio
];
};
}

23
modules/networking.nix
View file

@ -1,23 +0,0 @@
_: {
config = {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "without-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall = {
enable = true;
checkReversePath = "loose";
};
};
}

7
modules/niri.nix
View file

@ -1,7 +0,0 @@
{ pkgs, ... }:
{
programs.niri = {
enable = true;
package = pkgs.niri-stable;
};
}

53
modules/nixpkgs.nix
View file

@ -1,59 +1,20 @@
{ config, lib, ... }:
{
options.allowedUnfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "steam" ];
};
{...}: {
config = {
nixpkgs.config = {
# https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages;
};
nix = {
settings = {
substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
"https://cache.lix.systems"
"https://niri.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
experimental-features = [
"nix-command"
"flakes"
];
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
optimise.automatic = true;
};
nixpkgs.config.allowUnfree = true;
system = {
stateVersion = "22.11";
# enable auto updates
autoUpgrade = {
enable = true;
dates = "daily";
flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
dates = "weekly";
};
};
documentation = {
enable = true; # documentation of packages
nixos.enable = false; # nixos documentation
man.enable = true; # manual pages and the man command
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
nix.gc = {
automatic = true;
dates = "monthly";
options = "--delete-older-than 30d";
};
};
}

11
modules/podman.nix
View file

@ -1,11 +0,0 @@
_: {
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
};
}

14
modules/printing.nix
View file

@ -1,14 +0,0 @@
_: {
config = {
services = {
# Enable CUPS to print documents.
printing.enable = true;
avahi = {
enable = true; # runs the Avahi daemon
nssmdns4 = true; # enables the mDNS NSS plug-in
openFirewall = true; # opens the firewall for UDP port 5353
};
};
};
}

37
modules/server.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
pkgs,
lib,
...
}: let
cfg = config.my.server;
in {
options.my.server = {
enable = lib.mkEnableOption "server role";
};
config = lib.mkIf cfg.enable {
services = {
# Enable the OpenSSH daemon.
openssh = {
enable = true;
settings = {
# PermitRootLogin = "no"; # this is managed through authorized keys
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
networking.firewall = {
enable = true;
allowedTCPPortRanges = [
{
# ssh
from = 22;
to = 22;
}
];
};
};
}

54
modules/home-manager.nix → modules/users/default.nix
View file

@ -1,15 +1,36 @@
_: {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
sharedModules = [
modulesCfg: {
config,
pkgs,
lib,
...
}: let
enableHomeManager = modulesCfg.enableHomeManager;
in {
options.my = {
modulesCfg.enableHomeManager = lib.mkEnableOption "enable home manager";
enabledUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
};
};
imports =
[
./vinzenz.nix
./ronja.nix
]
++ lib.optionals enableHomeManager [
<home-manager/nixos>
];
config = lib.mkIf enableHomeManager {
home-manager.sharedModules = [
# set stateVersion
{ home.stateVersion = "22.11"; }
{home.stateVersion = "22.11";}
# make nano the default editor
{
home = {
sessionVariables.EDITOR = "nano";
file.".nanorc".text = ''
file.".nanorc".text = lib.mkDefault ''
set linenumbers
set mouse
'';
@ -23,8 +44,8 @@ _: {
zsh = {
enable = true;
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableSyntaxHighlighting = true;
enableAutosuggestions = true;
enableVteIntegration = true;
};
};
@ -39,23 +60,10 @@ _: {
gh = {
enable = true;
gitCredentialHelper.enable = true;
enableGitCredentialHelper = true;
};
};
}
# Templates
{
home.file = {
"Templates/Empty file".text = "";
"Templates/Empty bash script".text = ''
#!/usr/bin/env bash
# abort on error, undefined variables
set -eu
# print commands before execution
set -x
'';
};
}
];
};
}

55
modules/users/ronja-home.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
pkgs,
...
}: {
home .packages = with pkgs; [
## Apps
telegram-desktop
kdiff3
];
programs = {
home-manager.enable = true;
firefox.enable = true;
zsh = {
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
expireDuplicatesFirst = true;
};
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = ["git" "sudo" "systemadmin"];
};
};
git = {
userName = "Ronja Spiegelberg";
userEmail = "ronja.spiegelberg@gmail.com";
extraConfig = {
pull.ff = "only";
merge.tool = "kdiff3";
};
};
chromium = {
enable = true;
extensions = [
{
# ublock origin
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
}
{
id = "dcpihecpambacapedldabdbpakmachpb";
updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
}
];
};
};
}

25
modules/users/ronja.nix Normal file
View file

@ -0,0 +1,25 @@
{
config,
pkgs,
lib,
...
}: let
isUserEnabled = builtins.elem "ronja" config.my.enabledUsers;
in {
config = lib.mkMerge [
(lib.mkIf isUserEnabled {
# Define user account
users.users.ronja = {
isNormalUser = true;
name = "ronja";
description = "Ronja Spiegelberg";
home = "/home/ronja";
extraGroups = ["networkmanager" "wheel" "games"];
shell = pkgs.zsh;
};
})
(lib.mkIf (isUserEnabled && config.my.modulesCfg.enableHomeManager) {
home-manager.users.ronja = import ./ronja-home.nix;
})
];
}

173
modules/users/vinzenz-home.nix Normal file
View file

@ -0,0 +1,173 @@
{
config,
pkgs,
...
}: {
home.packages = with pkgs; [
keepassxc
insync
telegram-desktop
simple-scan
wireguard-tools
element-desktop
etcher
iotop
lsof
wirelesstools
thefuck
dotnet-sdk_7
jetbrains.rider
alejandra
arduino
uucp
screen
jetbrains.pycharm-professional
kdiff3
docker
youtube-music
];
programs = {
home-manager.enable = true;
firefox.enable = true;
fzf.enable = true;
mangohud.enable = true;
zsh = {
initExtra = ''
eval "$(direnv hook zsh)";
eval $(thefuck --alias);
'';
shellAliases = {
my-apply = "sudo nixos-rebuild boot";
my-switch = "sudo nixos-rebuild switch";
my-update = "sudo nixos-rebuild boot --upgrade";
my-fmt = "alejandra .";
my-test = "sudo nixos-rebuild test";
my-direnvallow = "echo \"use nix\" > .envrc && direnv allow";
my-ip4 = "ip addr show | grep 192";
};
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
expireDuplicatesFirst = true;
};
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = ["git" "sudo" "docker" "systemadmin" "thefuck"];
};
};
git = {
enable = true;
userName = "Vinzenz Schroeter";
userEmail = "vinzenz.f.s@gmail.com";
aliases = {
prettylog = "log --pretty=oneline --graph";
};
extraConfig = {
pull.ff = "only";
init.defaultBranch = "main";
merge.tool = "kdiff3";
push.autoSetupRemote = "true";
};
};
vscode = {
enable = true;
package = pkgs.vscodium;
enableUpdateCheck = false;
extensions = with pkgs; [
vscode-extensions.bbenoist.nix
vscode-extensions.ms-python.python
vscode-extensions.kamadorueda.alejandra
];
userSettings = {
"git.autofetch" = true;
"update.mode" = "none";
"editor.fontFamily" = "'Fira Code', 'Droid Sans Mono', 'monospace', monospace";
"editor.fontLigatures" = true;
"editor.formatOnSave" = true;
"editor.formatOnSaveMode" = "modificationsIfAvailable";
"editor.minimap.autohide" = true;
"diffEditor.diffAlgorithm" = "advanced";
"explorer.excludeGitIgnore" = true;
"workbench.startupEditor" = "readme";
"markdown.extension.tableFormatter.normalizeIndentation" = true;
"markdown.extension.toc.orderedList" = false;
"telemetry.telemetryLevel" = "off";
"redhat.telemetry.enabled" = false;
"workbench.enableExperiments" = false;
};
};
direnv = {
enable = true;
nix-direnv.enable = true;
};
chromium = {
enable = true;
extensions = [
{
# ublock origin
id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
}
{
id = "dcpihecpambacapedldabdbpakmachpb";
updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
}
];
};
exa = {
enable = true;
git = true;
icons = true;
enableAliases = true;
extraOptions = [
"--group-directories-first"
"--header"
];
};
micro = {
enable = true;
settings = {
colorcolumn = 120;
hlsearch = true;
savecursor = true;
saveundo = true;
scrollbar = true;
smartpaste = true;
};
};
# checked https://rycee.gitlab.io/home-manager/options.html until "programs.notmuch"
};
editorconfig = {
enable = true;
settings = {
"*" = {
charset = "utf-8";
end_of_line = "lf";
trim_trailing_whitespace = true;
insert_final_newline = true;
max_line_width = 120;
indent_style = "space";
indent_size = 4;
};
"*.nix" = {
indent_size = 2;
};
};
};
}

24
modules/users/vinzenz.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
pkgs,
lib,
...
}: let
isUserEnabled = builtins.elem "vinzenz" config.my.enabledUsers;
in {
config = lib.mkMerge [
(lib.mkIf isUserEnabled {
users.users.vinzenz = {
isNormalUser = true;
name = "vinzenz";
description = "Vinzenz Schroeter";
home = "/home/vinzenz";
extraGroups = ["networkmanager" "wheel" "games"];
shell = pkgs.zsh;
};
})
(lib.mkIf (isUserEnabled && config.my.modulesCfg.enableHomeManager) {
home-manager.users.vinzenz = import ./vinzenz-home.nix;
})
];
}

21
vinzenz-lpt.nix Normal file
View file

@ -0,0 +1,21 @@
{...}: {
imports = [
(import ./modules {
hostName = "vinzenz-lpt";
enableHomeManager = true;
})
];
config = {
my = {
enabledUsers = ["vinzenz"];
desktop = {
enableGnome = true;
enableGaming = true;
};
};
# flatpak xdg-portal-kde crashes, otherwise this would be global
services.flatpak.enable = true;
};
}

22
vinzenz-pc2.nix Normal file
View file

@ -0,0 +1,22 @@
{pkgs, ...}: {
imports = [
(import ./modules {
hostName = "vinzenz-pc2";
enableHomeManager = true;
})
];
config = {
my = {
enabledUsers = ["vinzenz" "ronja"];
desktop = {
enableKde = true;
enableGaming = true;
};
};
users.users.vinzenz.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming"
];
};
}