-This file has 40302 words spanning 10289 lines and was last revised on 2024-07-11 18:36:06 +0200. +This file has 40289 words spanning 10434 lines and was last revised on 2024-07-17 02:28:18 +0200.
@@ -427,7 +428,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry
-My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-11 18:36:06 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-17 02:28:18 +0200)
-My Surface Pro 3, only used for on-the-go university work. Be careful when pushing large changes to this machine, as it easily runs out of memory on large switches. At the moment the only machine running non-NixOS, so special care must be taken not to break this one during updates. -
--This installs nixGL, which is needed to run GL apps installed through home-manager, since this machine is not using NixOS. -
- --This is not super clean (because it is not fully replicative), but I do not really care. -
- -nix-channel --add https://github.com/guibou/nixGL/archive/main.tar.gz nixgl && nix-channel --update - nix-env -iA nixgl.auto.nixGLDefault # or replace `nixGLDefault` with your desired wrapper --
-This is needed in order to use EGL. Prefix programs that use it with `nixGL` -
-
-Special things to note here: We are running xcape to allow CAPS to act as CTRL and ESC. Also we are using nixGL in most places.
-
-{ config, pkgs, lib, fetchFromGitHub, ... }:
-
-{
- programs.home-manager.enable = true;
- home.username = "leons";
- home.homeDirectory = "/home/leons";
-
- home.stateVersion = "23.05"; # Please read the comment before changing.
-
- stylix.image = ../../wallpaper/surfacewp.png;
-
- stylix = {
- enable = true;
- base16Scheme = ../../wallpaper/swarsel.yaml;
- # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
- polarity = "dark";
- opacity.popups = 0.5;
- cursor = {
- package = pkgs.capitaine-cursors;
- name = "capitaine-cursors";
- size = 16;
- };
- fonts = {
- sizes = {
- terminal = 10;
- applications = 11;
- };
- serif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
-
- sansSerif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
-
- monospace = {
- package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; });
- name = "FiraCode Nerd Font Mono";
- };
-
- emoji = {
- package = pkgs.noto-fonts-emoji;
- name = "Noto Color Emoji";
- };
- };
- };
-
-
-
-
- nixpkgs = {
- config = {
- allowUnfree = true;
- allowUnfreePredicate = (_: true);
- };
- };
- services.xcape = {
- enable = true;
- mapExpression = {
- Control_L = "Escape";
- };
- };
- #keyboard config
- home.keyboard.layout = "us";
-
- sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
-
- # waybar config
- programs.waybar.settings.mainBar.cpu.format = "{icon0} {icon1} {icon2} {icon3}";
-
- programs.waybar.settings.mainBar.temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon3/temp3_input";
- programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" "mpris" "custom/left-arrow-light"
- "network"
- "custom/left-arrow-dark"
- "pulseaudio"
- "custom/left-arrow-light"
- "battery"
- "custom/left-arrow-dark"
- "temperature"
- "custom/left-arrow-light"
- "disk"
- "custom/left-arrow-dark"
- "memory"
- "custom/left-arrow-light"
- "cpu"
- "custom/left-arrow-dark"
- "tray"
- "custom/left-arrow-light"
- "clock#2"
- "custom/left-arrow-dark"
- "clock#1" ];
- services.blueman-applet.enable = true;
- home.packages = with pkgs; [
- # nixgl.auto.nixGLDefault
- evince
- # nodejs_20
-
- # messaging
- # we use gomuks for RAM preservation, but keep schildi around for files and images
- ];
-
- programs.zsh.initExtra = "
-export GPG_TTY=\"$(tty)\"
-export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
-gpgconf --launch gpg-agent
- ";
-
- # sway config
- wayland.windowManager.sway= {
- config = rec {
- input = {
- "*" = {
- xkb_layout = "us";
- xkb_options = "ctrl:nocaps,grp:win_space_toggle";
- xkb_variant = "altgr-intl";
- };
- "type:touchpad" = {
- dwt = "enabled";
- tap = "enabled";
- natural_scroll = "enabled";
- middle_emulation = "enabled";
- };
- };
-
- output = {
- eDP-1 = {
- mode = "2160x1440@59.955Hz";
- scale = "1";
- bg = "~/.dotfiles/wallpaper/surfacewp.png fill";
- };
- };
-
- keybindings = let
- modifier = config.wayland.windowManager.sway.config.modifier;
- in {
- "${modifier}+F2" = "exec brightnessctl set +5%";
- "${modifier}+F1"= "exec brightnessctl set 5%-";
- "${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
- "${modifier}+Ctrl+p" = "exec nixGL wl-mirror eDP-1";
- "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
- "${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
- "${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
- "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkgomuks.sh\"";
- };
-
- startup = [
- { command = "sleep 60 && nixGL nextcloud --background";}
- # { command = "sleep 60 && nixGL spotify";}
- { command = "sleep 60 && nixGL discord --start-minimized -enable-features=UseOzonePlatform -ozone-platform=wayland";}
- # { command = "sleep 60 && nixGL schildichat-desktop --hidden";}
- { command = "sleep 60 && nixGL syncthingtray --wait"; }
- { command = "sleep 60 && ANKI_WAYLAND=1 nixGL anki";}
- { command = "nm-applet --indicator";}
- { command = "sleep 60 && OBSIDIAN_USE_WAYLAND=1 nixGL obsidian -enable-features=UseOzonePlatform -ozone-platform=wayland";}
- ];
-
- keycodebindings = {
- "124" = "exec systemctl suspend";
- };
- };
-
- extraConfig = "
- exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1
- exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1
- ";
- };
-}
-
-
--My laptop, sadly soon to be replaced by a new one, since most basic functions are stopping to work lately. -
-
-{ config, lib, pkgs, inputs, ... }:
-
-{
-
-
- imports =
- [
- ./hardware-configuration.nix
- ];
-
-
- services = {
- greetd.settings.initial_session.user ="swarsel";
- xserver.videoDrivers = ["nvidia"];
- };
-
-
- hardware = {
- nvidia = {
- modesetting.enable = true;
- powerManagement.enable = true;
- prime = {
- intelBusId = "PCI:0:2:0";
- nvidiaBusId = "PCI:1:0:0";
- sync.enable = true;
- };
- };
- pulseaudio.configFile = pkgs.runCommand "default.pa" {} ''
- sed 's/module-udev-detect$/module-udev-detect tsched=0/' \
- ${pkgs.pulseaudio}/etc/pulse/default.pa > $out
- '';
- bluetooth.enable = true;
- };
-
- stylix.image = ../../wallpaper/lenovowp.png;
-
- stylix = {
- enable = true;
- base16Scheme = ../../wallpaper/swarsel.yaml;
- # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
- polarity = "dark";
- opacity.popups = 0.5;
- cursor = {
- package = pkgs.capitaine-cursors;
- name = "capitaine-cursors";
- size = 16;
- };
- fonts = {
- sizes = {
- terminal = 10;
- applications = 11;
- };
- serif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
-
- sansSerif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
-
- monospace = {
- package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; });
- name = "FiraCode Nerd Font Mono";
- };
-
- emoji = {
- package = pkgs.noto-fonts-emoji;
- name = "Noto Color Emoji";
- };
- };
- };
-
-
-
-
- boot.loader.grub = {
- enable = true;
- device = "/dev/sda";
- useOSProber = true;
- };
-
- networking.hostName = "onett"; # Define your hostname.
- networking.enableIPv6 = false;
-
- users.users.swarsel = {
- isNormalUser = true;
- description = "Leon S";
- extraGroups = [ "networkmanager" "wheel" "lp"];
- packages = with pkgs; [];
- };
-
- system.stateVersion = "23.05"; # Did you read the comment?
-
- environment.systemPackages = with pkgs; [
- ];
-
-
-}
-
-
-
-{ config, pkgs, lib, fetchFromGitHub, ... }:
-
-{
-
-
- services.gpg-agent = {
- enable = true;
- enableSshSupport = true;
- enableExtraSocket = true;
- pinentryPackage = pkgs.pinentry.gtk2;
- defaultCacheTtl = 600;
- maxCacheTtl = 7200;
- extraConfig = ''
- allow-loopback-pinentry
- allow-emacs-pinentry
- '';
- };
-
-
- home = {
- username = "swarsel";
- homeDirectory = "/home/swarsel";
- stateVersion = "23.05"; # Please read the comment before changing.
- keyboard.layout = "de";
- packages = with pkgs; [
- ];
- };
-
- sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
-
- # # waybar config
- programs.waybar.settings.mainBar = {
- cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}";
- temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon3/temp3_input";
- };
-
- programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
- "mpris"
- "custom/left-arrow-light"
- "network"
- "custom/left-arrow-dark"
- "pulseaudio"
- "custom/left-arrow-light"
- "custom/pseudobat"
- "battery"
- "custom/left-arrow-dark"
- "group/hardware"
- "custom/left-arrow-light"
- "clock#2"
- "custom/left-arrow-dark"
- "clock#1"
- ];
-
-
- services.blueman-applet.enable = true;
-
- wayland.windowManager.sway= {
- config = rec {
- input = {
- "1:1:AT_Translated_Set_2_keyboard" = {
- xkb_layout = "us";
- xkb_options = "grp:win_space_toggle";
- # xkb_options = "ctrl:nocaps,grp:win_space_toggle";
- xkb_variant = "altgr-intl";
- };
- "2362:33538:ipad_keyboard_Keyboard" = {
- xkb_layout = "us";
- xkb_options = "altwin:swap_lalt_lwin,ctrl:nocaps,grp:win_space_toggle";
- xkb_variant = "colemak_dh";
- };
- "36125:53060:splitkb.com_Kyria_rev3" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
-
- "type:touchpad" = {
- dwt = "enabled";
- tap = "enabled";
- natural_scroll = "enabled";
- middle_emulation = "enabled";
- };
- };
-
- output = {
- eDP-1 = {
- mode = "1920x1080";
- scale = "1";
- bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
- position = "1920,0";
- };
- VGA-1 = {
- mode = "1920x1080";
- scale = "1";
- bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
- position = "0,0";
- };
- };
-
- keybindings = let
- modifier = config.wayland.windowManager.sway.config.modifier;
- in {
- "${modifier}+F2" = "exec brightnessctl set +5%";
- "${modifier}+F1"= "exec brightnessctl set 5%-";
- "XF86MonBrightnessUp" = "exec brightnessctl set +5%";
- "XF86MonBrightnessDown"= "exec brightnessctl set 5%-";
- "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
- "XF86HomePage" = "exec wtype -P Escape -p Escape";
- "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
- };
- keycodebindings = {
- "94" = "exec wtype c";
- "Shift+94" = "exec wtype C";
- "Ctrl+94" = "exec wtype -M ctrl c -m ctrl";
- "Ctrl+Shift+94" = "exec wtype -M ctrl -M shift c -m ctrl -m shift";
- };
-
- startup = [
-
- { command = "nextcloud --background";}
- { command = "discord --start-minimized";}
- { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
- { command = "ANKI_WAYLAND=1 anki";}
- { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
- { command = "nm-applet";}
-
- ];
- };
-
- extraConfig = "
- ";
- };
-}
-
-
-
@@ -2355,6 +1880,8 @@ Mostly just sets some opened ports for several games, enables virtualbox (which
# kernelPackages = pkgs.linuxPackages_latest;
};
+ sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
+
networking = {
hostName = "fourside"; # Define your hostname.
nftables.enable = true;
@@ -2467,10 +1994,12 @@ Mostly just sets some opened ports for several games, enables virtualbox (which
enable = false;
};
services.power-profiles-daemon.enable = true;
+ services.fprintd.enable = true;
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
+ hashedPasswordFile = config.sops.secrets.swarseluser.path;
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [];
};
@@ -2632,6 +2161,304 @@ This is basically just adjusted to the core count, path to the hwmon
+
+My work machine. +
++Mostly just sets some opened ports for several games, enables virtualbox (which I do not want everywhere because of resource considerations) and enables thinkfan, which allows for better fan control on Lenovo Thinkpad machines. +
+ +
+{ config, lib, pkgs, inputs, ... }:
+
+{
+
+ #
+ # imports =
+ # [
+ # ./hardware-configuration.nix
+ # ];
+ #
+ imports =
+ [
+ ./hardware-configuration.nix
+ ];
+
+ services = {
+ getty.autologinUser = "swarsel";
+ greetd.settings.initial_session.user="swarsel";
+ };
+
+ boot = {
+ loader.systemd-boot.enable = true;
+ loader.efi.canTouchEfiVariables = true;
+ kernelPackages = pkgs.linuxPackages_latest;
+ };
+
+ networking = {
+ hostName = "winters"; # Define your hostname.
+ nftables.enable = true;
+ enableIPv6 = true;
+ firewall.checkReversePath = "strict";
+ firewall = {
+ enable = true;
+ allowedUDPPorts = [ ];
+ allowedTCPPorts = [ ];
+ allowedTCPPortRanges = [
+ ];
+ allowedUDPPortRanges = [
+ ];
+ };
+ };
+
+ virtualisation.virtualbox = {
+ host = {
+ enable = true;
+ enableExtensionPack = true;
+ };
+ # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
+ guest = {
+ enable = false;
+ };
+ };
+
+ stylix.image = ../../wallpaper/lenovowp.png;
+
+ stylix = {
+ enable = true;
+ base16Scheme = ../../wallpaper/swarsel.yaml;
+ # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
+ polarity = "dark";
+ opacity.popups = 0.5;
+ cursor = {
+ package = pkgs.capitaine-cursors;
+ name = "capitaine-cursors";
+ size = 16;
+ };
+ fonts = {
+ sizes = {
+ terminal = 10;
+ applications = 11;
+ };
+ serif = {
+ # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+ package = pkgs.cantarell-fonts;
+ # package = pkgs.montserrat;
+ name = "Cantarell";
+ # name = "FiraCode Nerd Font Propo";
+ # name = "Montserrat";
+ };
+
+ sansSerif = {
+ # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+ package = pkgs.cantarell-fonts;
+ # package = pkgs.montserrat;
+ name = "Cantarell";
+ # name = "FiraCode Nerd Font Propo";
+ # name = "Montserrat";
+ };
+
+ monospace = {
+ package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; });
+ name = "FiraCode Nerd Font Mono";
+ };
+
+ emoji = {
+ package = pkgs.noto-fonts-emoji;
+ name = "Noto Color Emoji";
+ };
+ };
+ };
+
+
+
+
+ hardware = {
+ graphics = {
+ enable = true;
+ enable32Bit = true;
+ extraPackages = with pkgs; [
+ ];
+ };
+ bluetooth.enable = true;
+ };
+
+ programs.steam = {
+ enable = true;
+ extraCompatPackages = [
+ pkgs.proton-ge-bin
+ ];
+ };
+
+ services.power-profiles-daemon.enable = true;
+
+ users.users.swarsel = {
+ isNormalUser = true;
+ description = "Leon S";
+ extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
+ packages = with pkgs; [];
+ };
+
+ environment.systemPackages = with pkgs; [
+ sbctl
+ # gog games installing
+ heroic
+ # minecraft
+ temurin-bin-17
+ (prismlauncher.override {
+ glfw = pkgs.glfw-wayland-minecraft;
+ })
+ ];
+
+ system.stateVersion = "23.05";
+
+
+}
+
+
+
+TODO: Adjust hwmon path, I/O modules and XF86 keys once laptop arrives.
+
+{ config, pkgs, lib, fetchFromGitHub, ... }:
+
+{
+
+
+ services.gpg-agent = {
+ enable = true;
+ enableSshSupport = true;
+ enableExtraSocket = true;
+ pinentryPackage = pkgs.pinentry.gtk2;
+ defaultCacheTtl = 600;
+ maxCacheTtl = 7200;
+ extraConfig = ''
+ allow-loopback-pinentry
+ allow-emacs-pinentry
+ '';
+ };
+
+ home = {
+ username = "swarsel";
+ homeDirectory = "/home/swarsel";
+ stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing.
+ keyboard.layout = "us"; # TEMPLATE
+ packages = with pkgs; [
+ ];
+ };
+ sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
+
+ # waybar config - TEMPLATE - update for cores and temp
+ programs.waybar.settings.mainBar = {
+ cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}";
+
+ temperature.hwmon-path.abs = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
+ temperature.input-filename = "temp1_input";
+ };
+
+
+ programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
+ "mpris"
+ "custom/left-arrow-light"
+ "network"
+ "custom/left-arrow-dark"
+ "pulseaudio"
+ "custom/left-arrow-light"
+ "custom/pseudobat"
+ "battery"
+ "custom/left-arrow-dark"
+ "group/hardware"
+ "custom/left-arrow-light"
+ "clock#2"
+ "custom/left-arrow-dark"
+ "clock#1"
+ ];
+
+
+ wayland.windowManager.sway= {
+ config = rec {
+ # update for actual inputs here,
+ input = {
+ "36125:53060:splitkb.com_Kyria_rev3" = {
+ xkb_layout = "us";
+ xkb_variant = "altgr-intl";
+ };
+ "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
+ xkb_layout = "us";
+ xkb_options = "grp:win_space_toggle";
+ xkb_variant = "altgr-intl";
+ };
+ "type:touchpad" = {
+ dwt = "enabled";
+ tap = "enabled";
+ natural_scroll = "enabled";
+ middle_emulation = "enabled";
+ };
+
+ };
+
+ output = {
+ eDP-1 = {
+ mode = "1920x1080"; # TEMPLATE
+ scale = "1";
+ position = "1920,0";
+ # bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
+ };
+ # external monitor
+ HDMI-A-1 = {
+ mode = "2560x1440";
+ scale = "1";
+ # bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
+ position = "0,0";
+ };
+ };
+
+ workspaceOutputAssign = [
+ { output = "eDP-1"; workspace = "1:一";}
+ { output = "HDMI-A-1"; workspace = "2:二";}
+ ];
+
+
+ keybindings = let
+ modifier = config.wayland.windowManager.sway.config.modifier;
+ in {
+
+ };
+
+ startup = [
+
+ { command = "nextcloud --background";}
+ { command = "discord --start-minimized";}
+ { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
+ { command = "ANKI_WAYLAND=1 anki";}
+ { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
+ { command = "nm-applet";}
+
+ ];
+ };
+ };
+}
+
nix.settings.experimental-features = ["nix-command" "flakes"]; ++ + +
+This ensures that all user-configuration happens here in the config file. +
+ ++users.mutableUsers = false; +
This enables hardlinking identical files in the nix store, to save on disk space. I have read this incurs a significant I/O overhead, I need to keep an eye on this.
@@ -5901,7 +5742,210 @@ Here I only enablenetworkmanager. Most of the 'real' network confi
-networking.networkmanager.enable = true;
+networking.networkmanager = {
+ enable = true;
+ ensureProfiles = {
+ environmentFiles = [
+ "${config.sops.templates."network-manager.env".path}"
+ ];
+ profiles = {
+ "Ernest Routerford" = {
+ connection = {
+ id = "Ernest Routerford";
+ permissions = "";
+ type = "wifi";
+ };
+ ipv4 = {
+ dns-search = "";
+ method = "auto";
+ };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ dns-search = "";
+ method = "auto";
+ };
+ wifi = {
+ mac-address-blacklist = "";
+ mode = "infrastructure";
+ ssid = "Ernest Routerford";
+ };
+ wifi-security = {
+ auth-alg = "open";
+ key-mgmt = "wpa-psk";
+ psk = "$ERNEST";
+ };
+ };
+
+ LAN-Party = {
+ connection = {
+ autoconnect = "false";
+ id = "LAN-Party";
+ type = "ethernet";
+ };
+ ethernet = {
+ auto-negotiate = "true";
+ cloned-mac-address = "preserve";
+ mac-address = "90:2E:16:D0:A1:87";
+ };
+ ipv4 = { method = "shared"; };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
+ };
+
+ eduroam = {
+ "802-1x" = {
+ eap = "ttls;";
+ identity = "$EDUID";
+ password = "$EDUPASS";
+ phase2-auth = "mschapv2";
+ };
+ connection = {
+ id = "eduroam";
+ type = "wifi";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "default";
+ method = "auto";
+ };
+ proxy = { };
+ wifi = {
+ mode = "infrastructure";
+ ssid = "eduroam";
+ };
+ wifi-security = {
+ auth-alg = "open";
+ key-mgmt = "wpa-eap";
+ };
+ };
+
+ local = {
+ connection = {
+ autoconnect = "false";
+ id = "local";
+ type = "ethernet";
+ };
+ ethernet = { };
+ ipv4 = {
+ address1 = "10.42.1.1/24";
+ method = "shared";
+ };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
+ };
+
+ HH40V_39F5 = {
+ connection = {
+ id = "HH40V_39F5";
+ type = "wifi";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
+ wifi = {
+ band = "bg";
+ mode = "infrastructure";
+ ssid = "HH40V_39F5";
+ };
+ wifi-security = {
+ key-mgmt = "wpa-psk";
+ psk = "$FRAUNS";
+ };
+ };
+
+ magicant = {
+ connection = {
+ id = "magicant";
+ type = "wifi";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "default";
+ method = "auto";
+ };
+ proxy = { };
+ wifi = {
+ mode = "infrastructure";
+ ssid = "magicant";
+ };
+ wifi-security = {
+ auth-alg = "open";
+ key-mgmt = "wpa-psk";
+ psk = "$HANDYHOTSPOT";
+ };
+ };
+
+ "sweden-aes-128-cbc-udp-dns" = {
+ connection = {
+ autoconnect = "false";
+ id = "PIA Sweden";
+ type = "vpn";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
+ vpn = {
+ auth = "sha1";
+ ca =
+ "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
+ challenge-response-flags = "2";
+ cipher = "aes-128-cbc";
+ compress = "yes";
+ connection-type = "password";
+ crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
+ dev = "tun";
+ password-flags = "0";
+ remote = "sweden.privacy.network:1198";
+ remote-cert-tls = "server";
+ reneg-seconds = "0";
+ service-type = "org.freedesktop.NetworkManager.openvpn";
+ username = "$VPNUSER";
+ };
+ vpn-secrets = { password = "$VPNPASS"; };
+ };
+
+ Hotspot = {
+ connection = {
+ autoconnect = "false";
+ id = "Hotspot";
+ type = "wifi";
+ };
+ ipv4 = { method = "shared"; };
+ ipv6 = {
+ addr-gen-mode = "default";
+ method = "ignore";
+ };
+ proxy = { };
+ wifi = {
+ mode = "ap";
+ ssid = "Hotspot-fourside";
+ };
+ wifi-security = {
+ group = "ccmp;";
+ key-mgmt = "wpa-psk";
+ pairwise = "ccmp;";
+ proto = "rsn;";
+ psk = "$HOTSPOT";
+ };
+ };
+
+ };
+ };
+};
+
+systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
+I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine: +
+
+sops = {
+
+ defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
+ validateSopsFiles = false;
+
+ secrets = {
+ swarseluser = {neededForUsers = true;};
+ ernest = {};
+ frauns = {};
+ hotspot = {};
+ eduid = {};
+ edupass = {};
+ handyhotspot = {};
+ vpnuser = {};
+ vpnpass = {};
+ };
+ templates = {
+ "network-manager.env".content = ''
+ ERNEST=${config.sops.placeholder.ernest}
+ FRAUNS=${config.sops.placeholder.frauns}
+ HOTSPOT=${config.sops.placeholder.hotspot}
+ EDUID=${config.sops.placeholder.eduid}
+ EDUPASS=${config.sops.placeholder.edupass}
+ HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
+ VPNUSER=${config.sops.placeholder.vpnuser}
+ VPNPASS=${config.sops.placeholder.vpnpass}
+ '';
+ };
+};
+
+Mostly used to install some compilers and lsp's that I want to have available when not using a devShell flake. Most other packages should go in Installed packages. @@ -5958,6 +6051,10 @@ environment.systemPackages = with pkgs; [ cfssl pcsctools pcscliteWithPolkit.out + + # ledger packages + ledger-live-desktop + # pinentry # theme related @@ -6025,7 +6122,7 @@ environment.systemPackages = with pkgs; [
Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances. @@ -6050,7 +6147,7 @@ environment.pathsToLink = [ "/share/zsh" ];
Setting up some hardware services as well as keyboard related settings. Here we make sure that we can use the CAPS key as a ESC/CTRL double key, which is a lifesaver. @@ -6176,7 +6273,7 @@ services.interception-tools = {
It makes sense to house these settings in their own section, since they are all needed really. Note that the starting of the gpg-agent is done in the sway settings, to also perform this step of the setup for non NixOS-machines at the same time. @@ -6200,12 +6297,15 @@ programs.ssh.startAgent = false; services.pcscd.enable = true; +hardware.ledger.enable = true; + # environment.systemPackages = with pkgs; [ # --- IN SYSTEM PACKAGES SECTION --- # ]; services.udev.packages = with pkgs; [ yubikey-personalization + ledger-udev-rules ]; @@ -6214,7 +6314,7 @@ services.udev.packages = with pkgs; [
This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the system specific settings, make sure to update it there @@ -7238,7 +7338,7 @@ programs.zsh = { c="git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; passpull = "cd ~/.local/share/password-store; git pull; cd -;"; - hotspot = "nmcli connection up local; nmcli device wifi hotspot password 12345678;"; + hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; cd="z"; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; }; @@ -8417,6 +8517,7 @@ This tangles the flake.nix file; This block only needs to be touched when updati # NixOS modules that can only be used on NixOS systems nixModules = [ stylix.nixosModules.stylix + sops-nix.nixosModules.sops ./profiles/common/nixos.nix # dynamic library loading ({ self, system, ... }: { @@ -8509,6 +8610,20 @@ This tangles the flake.nix file; This block only needs to be touched when updati ]; }; + winters = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + nixos-hardware.nixosModules.framework-16-inch-7040-amd + ./profiles/winters/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/winters/home.nix + ]; + } + ]; + }; + stand = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs pkgs; }; modules = nixModules ++ [ @@ -11110,8 +11225,8 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc.
The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least.
@@ -12210,7 +12325,7 @@ This sets up the dashboard, which is really quite useless. But, it