swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: split common/nixos.nix and -/home.nix

Browse source 
Split these big files into modular files that
are easier to share and read on their own.
This commit is contained in:
Swarsel 2024-07-23 11:37:11 +02:00
parent fc011501c0
commit 5acbfe0edd
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
77 changed files with 6763 additions and 6353 deletions
Download patch file Download diff file Expand all files Collapse all files

4858
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

39
flake.lock generated
View file

@ -135,6 +135,26 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1721417620,
"narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=",
"owner": "nix-community",
"repo": "disko",
"rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils",
@ -965,6 +985,7 @@
},
"root": {
"inputs": {
"disko": "disko",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
@ -979,7 +1000,8 @@
"nswitch-rcm-nix": "nswitch-rcm-nix",
"nur": "nur",
"sops-nix": "sops-nix",
"stylix": "stylix"
"stylix": "stylix",
"systems": "systems_4"
}
},
"rust-overlay": {
@ -1099,6 +1121,21 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1659877975,

90
flake.nix
View file

@ -7,6 +7,8 @@
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
systems.url = "github:nix-systems/default-linux";
# user-level configuration
home-manager = {
url = "github:nix-community/home-manager";
@ -69,32 +71,41 @@
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
inputs@{ self
, nixpkgs
, home-manager
, systems
, ...
}:
let
inherit (self) outputs;
lib = nixpkgs.lib // home-manager.lib;
forAllSystems = nixpkgs.lib.genAttrs [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
"aarch64-darwin"
"x86_64-darwin"
];
forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
pkgsFor = lib.genAttrs (import systems) (
system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
}
);
# pkgs for home-manager builds
homepkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
emacs-overlay.overlay
nur.overlay
nixgl.overlay
inputs.emacs-overlay.overlay
inputs.nur.overlay
inputs.nixgl.overlay
(final: _prev: {
stable = import nixpkgs-stable {
stable = import inputs.nixpkgs-stable {
inherit (final) system config;
};
})
@ -105,23 +116,10 @@
# NixOS modules that can only be used on NixOS systems
nixModules = [
(_: { nix.extraOptions = "experimental-features = nix-command flakes"; })
({ inputs, config, ... }: {
nixpkgs = {
overlays = [
(import ./overlays { inherit inputs; }).additions
(import ./overlays { inherit inputs; }).modifications
(import ./overlays { inherit inputs; }).nixpkgs-stable
inputs.nur.overlay
inputs.emacs-overlay.overlay
inputs.nixgl.overlay
];
config.allowUnfree = true;
};
})
inputs.stylix.nixosModules.stylix
inputs.sops-nix.nixosModules.sops
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
./profiles/common/nixos.nix
./profiles/common/nixos
];
# Home-Manager modules wanted on non-NixOS systems
@ -133,18 +131,17 @@
mixedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
./profiles/common/home.nix
./profiles/common/home
];
in
{
packages = forAllSystems (system:
let pkgs = nixpkgs.legacyPackages.${system}; in import ./pkgs { inherit pkgs; });
devShells = forAllSystems
(system:
let pkgs = nixpkgs.legacyPackages.${system};
in
inherit lib;
inherit mixedModules;
packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
devShells = forEachSystem
(pkgs:
{
default = pkgs.mkShell {
# Enable experimental features without having to specify the argument
@ -152,10 +149,16 @@
nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ];
};
});
formatter = forAllSystems (system:
let pkgs = nixpkgs.legacyPackages.${system};
in pkgs.nixpkgs-fmt);
overlays = import ./overlays { inherit inputs; };
formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = [
(import ./overlays { inherit inputs; }).additions
(import ./overlays { inherit inputs; }).modifications
(import ./overlays { inherit inputs; }).nixpkgs-stable
inputs.nur.overlay
inputs.emacs-overlay.overlay
inputs.nixgl.overlay
];
# NixOS setups - run home-manager as a NixOS module for better compatibility
@ -171,6 +174,8 @@
sandbox = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.disko.nixosModules.disko
./profiles/sandbox/disk-config.nix
inputs.sops-nix.nixosModules.sops
./profiles/sandbox/nixos.nix
];
@ -190,17 +195,10 @@
];
};
fourside = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
fourside = lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = nixModules ++ [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
./profiles/fourside/nixos.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/fourside/home.nix
];
}
./profiles/fourside
];
};

3540
index.html
View file

File diff suppressed because it is too large Load diff

2
pkgs/default.nix
View file

@ -1 +1 @@
_: { }
_: rec { }

4
profiles/TEMPLATE/nixos.nix
View file

@ -86,9 +86,9 @@
# Configure keymap in X11 (only used for login)
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
users.users.TEMPLATE = {

1546
profiles/common/home.nix
View file

File diff suppressed because it is too large Load diff

31
profiles/common/home/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ ... }:
{
imports = [
./packages.nix
./sops.nix
./ssh.nix
./stylix.nix
./desktop.nix
./symlink.nix
./env.nix
./programs.nix
./nix-index.nix
./password-store.nix
./direnv.nix
./eza.nix
./git.nix
./fuzzel.nix
./starship.nix
./kitty.nix
./zsh.nix
./mail.nix
./emacs.nix
./waybar.nix
./firefox.nix
./gnome-keyring.nix
./kdeconnect.nix
./mako.nix
./sway.nix
];
}

47
profiles/common/home/desktop.nix Normal file
View file

@ -0,0 +1,47 @@
{ ... }:
{
xdg.desktopEntries = {
cura = {
name = "Ultimaker Cura";
genericName = "Cura";
exec = "cura";
terminal = false;
categories = [ "Application" ];
};
anki = {
name = "Anki Flashcards";
genericName = "Anki";
exec = "anki";
terminal = false;
categories = [ "Application" ];
};
# schlidichat = {
# name = "SchildiChat Matrix Client";
# genericName = "SchildiChat";
# exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
# terminal = false;
# categories = [ "Application"];
# };
element = {
name = "Element Matrix Client";
genericName = "Element";
exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
terminal = false;
categories = [ "Application" ];
};
emacsclient-newframe = {
name = "Emacs (Client, New Frame)";
genericName = "Emacs (Client, New Frame)";
exec = "emacsclient -r %u";
icon = "emacs";
terminal = false;
categories = [ "Development" "TextEditor" ];
};
};
}

7
profiles/common/home/direnv.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

54
profiles/common/home/emacs.nix Normal file
View file

@ -0,0 +1,54 @@
{ pkgs, ... }:
{
# enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages
programs.emacs = {
enable = true;
package = pkgs.emacsWithPackagesFromUsePackage {
config = ../../../programs/emacs/init.el;
package = pkgs.emacs-pgtk;
alwaysEnsure = true;
alwaysTangle = true;
extraEmacsPackages = epkgs: [
epkgs.mu4e
epkgs.use-package
# epkgs.lsp-bridge
epkgs.doom-themes
# build the rest of the packages myself
# org-calfw is severely outdated on MELPA and throws many warnings on emacs startup
# build the package from the haji-ali fork, which is well-maintained
(epkgs.trivialBuild rec {
pname = "calfw";
version = "1.0.0-20231002";
src = pkgs.fetchFromGitHub {
owner = "haji-ali";
repo = "emacs-calfw";
rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
};
packageRequires = [ epkgs.howm ];
})
(epkgs.trivialBuild rec {
pname = "fast-scroll";
version = "1.0.0-20191016";
src = pkgs.fetchFromGitHub {
owner = "ahungry";
repo = "fast-scroll";
rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
};
packageRequires = [ ];
})
];
};
};
services.emacs = {
enable = true;
# socketActivation.enable = false;
# startWithUserSession = "graphical";
};
}

6
profiles/common/home/env.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
home.sessionVariables = {
EDITOR = "bash ~/.dotfiles/scripts/editor.sh";
};
}

12
profiles/common/home/eza.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
programs.eza = {
enable = true;
icons = true;
git = true;
extraOptions = [
"-l"
"--group-directories-first"
];
};
}

98
profiles/common/home/firefox.nix Normal file
View file

@ -0,0 +1,98 @@
{ pkgs, ... }:
{
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.tridactyl-native
pkgs.browserpass
pkgs.plasma5Packages.plasma-browser-integration
];
};
policies = {
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DisableFirefoxAccounts = false;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
EnableTrackingProtection = true;
};
profiles.default = {
isDefault = true;
userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl
browserpass
clearurls
darkreader
enhancer-for-youtube
istilldontcareaboutcookies
translate-web-pages
ublock-origin
reddit-enhancement-suite
pushbullet
sponsorblock
web-archives
single-file
widegithub
enhanced-github
unpaywall
don-t-fuck-with-paste
plasma-integration
];
search.engines = {
"Nix Packages" = {
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ];
};
"NixOS Options" = {
urls = [{
template = "https://search.nixos.org/options";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@no" ];
};
"Home Manager Options" = {
urls = [{
template = "https://home-manager-options.extranix.com/";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@hm" "@ho" "@hmo" ];
};
"Google".metaData.alias = "@g";
};
search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
};
}

14
profiles/common/home/fuzzel.nix Normal file
View file

@ -0,0 +1,14 @@
{ ... }:
{
programs.fuzzel = {
enable = true;
settings = {
main = {
layer = "overlay";
lines = "10";
width = "40";
};
border.radius = "0";
};
};
}

39
profiles/common/home/git.nix Normal file
View file

@ -0,0 +1,39 @@
{ ... }:
{
programs.git = {
enable = true;
aliases = {
a = "add";
c = "commit";
cl = "clone";
co = "checkout";
b = "branch";
i = "init";
m = "merge";
s = "status";
r = "restore";
p = "pull";
pp = "push";
};
signing = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
userEmail = "leon.schwarzaeugl@gmail.com";
userName = "Swarsel";
difftastic.enable = true;
lfs.enable = true;
includes = [
{
contents = {
github = {
user = "Swarsel";
};
commit = {
template = "~/.gitmessage";
};
};
}
];
};
}

6
profiles/common/home/gnome-keyring.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
services.gnome-keyring = {
enable = true;
};
}

7
profiles/common/home/kdeconnect.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
services.kdeconnect = {
enable = true;
indicator = true;
};
}

12
profiles/common/home/kitty.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
programs.kitty = {
enable = true;
keybindings = {
"ctrl+shift+left" = "no_op";
"ctrl+shift+right" = "no_op";
"ctrl+shift+home" = "no_op";
"ctrl+shift+end" = "no_op";
};
};
}

133
profiles/common/home/mail.nix Normal file
View file

@ -0,0 +1,133 @@
{ config, ... }:
{
programs.mbsync = {
enable = true;
};
services.mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.msmtp = {
enable = true;
};
programs.mu = {
enable = true;
};
accounts.email = {
maildirBasePath = "Mail";
accounts.leon = {
primary = true;
address = "leon.schwarzaeugl@gmail.com";
userName = "leon.schwarzaeugl@gmail.com";
realName = "Leon Schwarzäugl";
passwordCommand = "cat ${config.sops.secrets.leon.path}";
# passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/leon.schwarzaeugl@gmail.com.gpg";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
accounts.swarsel = {
address = "leon@swarsel.win";
userName = "8227dc594dd515ce232eda1471cb9a19";
realName = "Leon Schwarzäugl";
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
smtp = {
host = "in-v3.mailjet.com";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
mu.enable = false;
msmtp = {
enable = true;
};
mbsync = {
enable = false;
};
};
accounts.nautilus = {
primary = false;
address = "nautilus.dw@gmail.com";
userName = "nautilus.dw@gmail.com";
realName = "Nautilus";
passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
# passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/nautilus.dw@gmail.com.gpg";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
accounts.mrswarsel = {
primary = false;
address = "mrswarsel@gmail.com";
userName = "mrswarsel@gmail.com";
realName = "Swarsel";
# passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/mrswarsel@gmail.com.gpg";
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
};
}

30
profiles/common/home/mako.nix Normal file
View file

@ -0,0 +1,30 @@
{ ... }:
{
services.mako = {
enable = true;
# backgroundColor = "#2e3440";
# borderColor = "#88c0d0";
borderRadius = 15;
borderSize = 1;
defaultTimeout = 5000;
height = 150;
icons = true;
ignoreTimeout = true;
layer = "overlay";
maxIconSize = 64;
sort = "-time";
width = 300;
# font = "monospace 10";
extraConfig = "[urgency=low]
border-color=#cccccc
[urgency=normal]
border-color=#d08770
[urgency=high]
border-color=#bf616a
default-timeout=3000
[category=mpd]
default-timeout=2000
group-by=category
";
};
}

20
profiles/common/home/nix-index.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
programs.nix-index =
let
command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } ''
mkdir -p $out/etc/profile.d
substitute ${../../../scripts/command-not-found.sh} \
$out/etc/profile.d/command-not-found.sh \
--replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
--replace @tput@ ${pkgs.ncurses}/bin/tput
'';
in
{
enable = true;
package = pkgs.symlinkJoin {
name = "nix-index";
paths = [ command-not-found ];
};
};
}

314
profiles/common/home/packages.nix Normal file
View file

@ -0,0 +1,314 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
# audio stuff
spek # spectrum analyzer
losslessaudiochecker
ffmpeg_5-full
flac
mediainfo
picard-tools
audacity
sox
# printing
cups
simple-scan
# dict
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
# utilities
util-linux
nmap
lsof
# nix
alejandra
nixpkgs-fmt
deadnix
statix
# local file sharing
wormhole-rs
# b2 backup @backblaze
restic
# "big" programs
gimp
inkscape
zoom-us
# nomacs
libreoffice-qt
xournalpp
obsidian
spotify
discord
stable.nextcloud-client
spotify-player
element-desktop-wayland
nicotine-plus
stable.transmission
mktorrent
hexchat
hugo
# kyria
qmk
qmk-udev-rules
# games
lutris
wine
libudev-zero
dwarfs
fuse-overlayfs
# steam
# steam-run
patchelf
gamescope
vulkan-tools
moonlight-qt
ns-usbloader
# firefox related
tridactyl-native
# mako related
mako
libnotify
# general utilities
unrar
samba
cifs-utils
zbar # qr codes
readline
autotiling
brightnessctl
libappindicator-gtk3
sqlite
speechd
networkmanagerapplet
psmisc # kill etc
lm_sensors
# jq # used for searching the i3 tree in check<xxx>.sh files
# specifically needed for anki
# mpv
anki-bin
# dirvish file previews
fd
imagemagick
poppler
ffmpegthumbnailer
mediainfo
gnutar
unzip
#nautilus
nautilus
xfce.tumbler
libgsf
# wayland stuff
wtype
wl-clipboard
wl-mirror
# screenshotting tools
grim
slurp
# the following packages are used (in some way) by waybar
playerctl
pavucontrol
pamixer
# gnome.gnome-clocks
# wlogout
# jdiskreport
syncthingtray
# monitor
#keychain
qalculate-gtk
gcr # needed for gnome-secrets to work
seahorse
# sops-related
sops
ssh-to-age
# mail related packages
mu
# latex and related packages
(pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full
dvisvgm dvipng# for preview and export as html
wrapfig amsmath ulem hyperref capt-of;
})
# font stuff
(nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; })
noto-fonts-emoji
font-awesome_5
noto-fonts
noto-fonts-cjk-sans
# cura
(
let
cura5 = appimageTools.wrapType2 rec {
name = "cura5";
version = "5.4.0";
src = fetchurl {
url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
};
extraPkgs = pkgs: with pkgs; [ ];
};
in
writeScriptBin "cura" ''
#! ${pkgs.bash}/bin/bash
# AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
# So we convert each of the files passed as argument to an absolute path.
# This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`.
args=()
for a in "$@"; do
if [ -e "$a" ]; then
a="$(realpath "$a")"
fi
args+=("$a")
done
exec "${cura5}/bin/cura5" "''${args[@]}"
''
)
#E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state
(pkgs.writeShellScriptBin "e" ''
bash ~/.dotfiles/scripts/editor_nowait.sh "$@"
'')
(pkgs.writeShellScriptBin "timer" ''
sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done;
'')
(pkgs.writeScriptBin "project" ''
#! ${pkgs.bash}/bin/bash
if [ "$1" == "rust" ]; then
cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix
cp ~/.dotfiles/templates/toolchain.toml .
elif [ "$1" == "cpp" ]; then
cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix
elif [ "$1" == "python" ]; then
cp ~/.dotfiles/templates/py_flake.nix ./flake.nix
elif [ "$1" == "cuda" ]; then
cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix
elif [ "$1" == "other" ]; then
cp ~/.dotfiles/templates/other_flake.nix ./flake.nix
elif [ "$1" == "latex" ]; then
if [ "$2" == "" ]; then
echo "No filename specified, usage: 'project latex <NAME>'"
exit 0
fi
cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex
exit 0
else
echo "No valid argument given. Valid arguments are rust cpp python, cuda"
exit 0
fi
echo "use flake" >> .envrc
direnv allow
'')
(pkgs.writeShellApplication {
name = "pass-fuzzel";
runtimeInputs = [ pkgs.pass pkgs.fuzzel ];
text = ''
shopt -s nullglob globstar
typeit=0
if [[ $# -ge 1 && $1 == "--type" ]]; then
typeit=1
shift
fi
export PASSWORD_STORE_DIR=~/.local/share/password-store
prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "''${password_files[@]#"$prefix"/}" )
password_files=( "''${password_files[@]%.gpg}" )
password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@")
[[ -n $password ]] || exit
if [[ $typeit -eq 0 ]]; then
pass show -c "$password" &>/tmp/pass-fuzzel
else
pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype -
fi
notify-send -u critical -a pass -t 1000 "Copied/Typed Password"
'';
})
(pkgs.writeShellApplication {
name = "pass-fuzzel-otp";
runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ];
text = ''
shopt -s nullglob globstar
typeit=0
if [[ $# -ge 1 && $1 == "--type" ]]; then
typeit=1
shift
fi
export PASSWORD_STORE_DIR=~/.local/share/password-store
prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store}
password_files=( "$prefix"/otp/**/*.gpg )
password_files=( "''${password_files[@]#"$prefix"/}" )
password_files=( "''${password_files[@]%.gpg}" )
password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@")
[[ -n $password ]] || exit
if [[ $typeit -eq 0 ]]; then
pass otp -c "$password" &>/tmp/pass-fuzzel
else
pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype -
fi
notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword"
'';
})
(pkgs.writeShellApplication {
name = "cdw";
runtimeInputs = [ pkgs.fzf ];
text = ''
cd "$(git worktree list | fzf | awk '{print $1}')"
'';
})
(pkgs.writeShellApplication {
name = "cdb";
runtimeInputs = [ pkgs.fzf ];
text = ''
git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')"
'';
})
(pkgs.writeShellApplication {
name = "bak";
text = ''
cp "$1"{,.bak}
'';
})
];
}

10
profiles/common/home/password-store.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
programs.password-store = {
enable = true;
settings = {
PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
};
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
}

19
profiles/common/home/programs.nix Normal file
View file

@ -0,0 +1,19 @@
{ ... }:
{
programs = {
bottom.enable = true;
imv.enable = true;
sioyek.enable = true;
bat.enable = true;
carapace.enable = true;
wlogout.enable = true;
swayr.enable = true;
yt-dlp.enable = true;
mpv.enable = true;
jq.enable = true;
ripgrep.enable = true;
pandoc.enable = true;
fzf.enable = true;
zoxide.enable = true;
};
}

14
profiles/common/home/sops.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }:
{
sops = {
defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
nautilus = { path = "/run/user/1000/secrets/nautilus"; };
leon = { path = "/run/user/1000/secrets/leon"; };
swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
};
};
}

97
profiles/common/home/ssh.nix Normal file
View file

@ -0,0 +1,97 @@
{ ... }:
{
programs.ssh = {
enable = true;
forwardAgent = true;
extraConfig = ''
SetEnv TERM=xterm-256color
'';
matchBlocks = {
"nginx" = {
hostname = "192.168.1.14";
user = "root";
};
"jellyfin" = {
hostname = "192.168.1.16";
user = "root";
};
"pfsense" = {
hostname = "192.168.1.1";
user = "root";
};
"proxmox" = {
hostname = "192.168.1.2";
user = "root";
};
"transmission" = {
hostname = "192.168.1.6";
user = "root";
};
"fetcher" = {
hostname = "192.168.1.7";
user = "root";
};
"omv" = {
hostname = "192.168.1.3";
user = "root";
};
"webbot" = {
hostname = "192.168.1.11";
user = "root";
};
"nextcloud" = {
hostname = "192.168.1.5";
user = "root";
};
"sound" = {
hostname = "192.168.1.13";
user = "root";
};
"spotify" = {
hostname = "192.168.1.17";
user = "root";
};
"wordpress" = {
hostname = "192.168.1.9";
user = "root";
};
"turn" = {
hostname = "192.168.1.18";
user = "root";
};
"hugo" = {
hostname = "192.168.1.19";
user = "root";
};
"matrix" = {
hostname = "192.168.1.23";
user = "root";
};
"scroll" = {
hostname = "192.168.1.22";
user = "root";
};
"minecraft" = {
hostname = "130.61.119.129";
user = "opc";
};
"sync" = {
hostname = "193.122.53.173";
user = "root"; #this is a oracle vm server but needs root due to nixos-infect
};
"songdiver" = {
hostname = "89.168.100.65";
user = "ubuntu";
};
"pkv" = {
hostname = "46.232.248.161";
user = "root";
};
"efficient" = {
hostname = "g0.complang.tuwien.ac.at";
forwardAgent = true;
user = "ep01427399";
};
};
};
}

106
profiles/common/home/starship.nix Normal file
View file

@ -0,0 +1,106 @@
{ ... }:
{
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = false;
format = "$character";
right_format = "$all";
command_timeout = 3000;
directory.substitutions = {
"Documents" = "󰈙 ";
"Downloads" = " ";
"Music" = " ";
"Pictures" = " ";
};
git_status = {
style = "bg:#394260";
format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)";
};
character = {
success_symbol = "[λ](bold green)";
error_symbol = "[λ](bold red)";
};
aws.symbol = " ";
buf.symbol = " ";
c.symbol = " ";
conda.symbol = " ";
dart.symbol = " ";
directory.read_only = " 󰌾";
docker_context.symbol = " ";
elixir.symbol = " ";
elm.symbol = " ";
fossil_branch.symbol = " ";
git_branch.symbol = " ";
golang.symbol = " ";
guix_shell.symbol = " ";
haskell.symbol = " ";
haxe.symbol = " ";
hg_branch.symbol = " ";
hostname.ssh_symbol = " ";
java.symbol = " ";
julia.symbol = " ";
lua.symbol = " ";
memory_usage.symbol = "󰍛 ";
meson.symbol = "󰔷 ";
nim.symbol = "󰆥 ";
nix_shell.symbol = " ";
nodejs.symbol = " ";
os.symbols = {
Alpaquita = " ";
Alpine = " ";
Amazon = " ";
Android = " ";
Arch = " ";
Artix = " ";
CentOS = " ";
Debian = " ";
DragonFly = " ";
Emscripten = " ";
EndeavourOS = " ";
Fedora = " ";
FreeBSD = " ";
Garuda = "󰛓 ";
Gentoo = " ";
HardenedBSD = "󰞌 ";
Illumos = "󰈸 ";
Linux = " ";
Mabox = " ";
Macos = " ";
Manjaro = " ";
Mariner = " ";
MidnightBSD = " ";
Mint = " ";
NetBSD = " ";
NixOS = " ";
OpenBSD = "󰈺 ";
openSUSE = " ";
OracleLinux = "󰌷 ";
Pop = " ";
Raspbian = " ";
Redhat = " ";
RedHatEnterprise = " ";
Redox = "󰀘 ";
Solus = "󰠳 ";
SUSE = " ";
Ubuntu = " ";
Unknown = " ";
Windows = "󰍲 ";
};
package.symbol = "󰏗 ";
pijul_channel.symbol = " ";
python.symbol = " ";
rlang.symbol = "󰟔 ";
ruby.symbol = " ";
rust.symbol = " ";
scala.symbol = " ";
};
};
}

4
profiles/common/home/stylix.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
stylix.targets.emacs.enable = false;
}

268
profiles/common/home/sway.nix Normal file
View file

@ -0,0 +1,268 @@
{ config, pkgs, ... }:
{
wayland.windowManager.sway = {
enable = true;
checkConfig = false; # delete this line once SwayFX is fixed upstream
package = pkgs.swayfx;
systemd = {
enable = true;
xdgAutostart = true;
};
wrapperFeatures.gtk = true;
config = rec {
modifier = "Mod4";
terminal = "kitty";
menu = "fuzzel";
bars = [{ command = "waybar"; }];
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
"${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox";
"${modifier}+Space" = "exec fuzzel";
"${modifier}+Shift+Space" = "floating toggle";
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
"${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
"${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\"";
"${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\"";
"${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\"";
"${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\"";
"${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\"";
"${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\"";
"${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show";
"${modifier}+c" = "exec qalculate-gtk";
"${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel-otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type";
"${modifier}+Shift+o" = "exec pass-fuzzel-otp --type";
"${modifier}+Escape" = "mode $exit";
# "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor";
"${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
"${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\"";
"${modifier}+1" = "workspace 1:";
"${modifier}+Shift+1" = "move container to workspace 1:";
"${modifier}+2" = "workspace 2:";
"${modifier}+Shift+2" = "move container to workspace 2:";
"${modifier}+3" = "workspace 3:";
"${modifier}+Shift+3" = "move container to workspace 3:";
"${modifier}+4" = "workspace 4:";
"${modifier}+Shift+4" = "move container to workspace 4:";
"${modifier}+5" = "workspace 5:";
"${modifier}+Shift+5" = "move container to workspace 5:";
"${modifier}+6" = "workspace 6:";
"${modifier}+Shift+6" = "move container to workspace 6:";
"${modifier}+7" = "workspace 7:";
"${modifier}+Shift+7" = "move container to workspace 7:";
"${modifier}+8" = "workspace 8:";
"${modifier}+Shift+8" = "move container to workspace 8:";
"${modifier}+9" = "workspace 9:";
"${modifier}+Shift+9" = "move container to workspace 9:";
"${modifier}+0" = "workspace 10:";
"${modifier}+Shift+0" = "move container to workspace 10:";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"${modifier}+Left" = "focus left";
"${modifier}+Right" = "focus right";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Shift+Left" = "move left 40px";
"${modifier}+Shift+Right" = "move right 40px";
"${modifier}+Shift+Down" = "move down 40px";
"${modifier}+Shift+Up" = "move up 40px";
"${modifier}+h" = "focus left";
"${modifier}+l" = "focus right";
"${modifier}+j" = "focus down";
"${modifier}+k" = "focus up";
"${modifier}+Shift+h" = "move left 40px";
"${modifier}+Shift+l" = "move right 40px";
"${modifier}+Shift+j" = "move down 40px";
"${modifier}+Shift+k" = "move up 40px";
"${modifier}+Ctrl+Shift+c" = "reload";
"${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
"${modifier}+r" = "mode resize";
"${modifier}+Return" = "exec kitty";
};
modes = {
resize = {
Down = "resize grow height 10 px or 10 ppt";
Escape = "mode default";
Left = "resize shrink width 10 px or 10 ppt";
Return = "mode default";
Right = "resize grow width 10 px or 10 ppt";
Up = "resize shrink height 10 px or 10 ppt";
};
};
defaultWorkspace = "workspace 1:";
startup = [
{ command = "kitty -T kittyterm"; }
{ command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
];
window = {
border = 1;
titlebar = false;
};
assigns = {
"1:" = [{ app_id = "firefox"; }];
};
floating = {
border = 1;
criteria = [
{ title = "^Picture-in-Picture$"; }
{ app_id = "qalculate-gtk"; }
{ app_id = "org.gnome.clocks"; }
{ app_id = "com.github.stsdc.monitor"; }
{ app_id = "blueman"; }
{ app_id = "pavucontrol"; }
{ app_id = "syncthingtray"; }
{ title = "Syncthing Tray"; }
{ app_id = "SchildiChat"; }
{ app_id = "Element"; }
{ app_id = "com.nextcloud.desktopclient.nextcloud"; }
{ app_id = "gnome-system-monitor"; }
{ title = "(?:Open|Save) (?:File|Folder|As)"; }
{ title = "^Add$"; }
{ title = "com-jgoodies-jdiskreport-JDiskReport"; }
{ app_id = "discord"; }
{ window_role = "pop-up"; }
{ window_role = "bubble"; }
{ window_role = "dialog"; }
{ window_role = "task_dialog"; }
{ window_role = "menu"; }
{ window_role = "Preferences"; }
];
titlebar = false;
};
window = {
commands = [
{
command = "opacity 0.95";
criteria = {
class = ".*";
};
}
{
command = "opacity 1";
criteria = {
app_id = "Gimp-2.10";
};
}
{
command = "opacity 0.99";
criteria = {
app_id = "firefox";
};
}
{
command = "sticky enable, shadows enable";
criteria = {
title = "^Picture-in-Picture$";
};
}
{
command = "opacity 0.8, sticky enable, border normal, move container to scratchpad";
criteria = {
title = "^kittyterm$";
};
}
{
command = "opacity 0.95, sticky enable, border normal, move container to scratchpad";
criteria = {
title = "^spotifytui$";
};
}
# {
# command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
# criteria = {
# app_id="^$";
# class="^$";
# };
# }
{
command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
criteria = {
class = "Spotify";
};
}
{
command = "sticky enable";
criteria = {
app_id = "discord";
};
}
{
command = "resize set width 60 ppt height 60 ppt, sticky enable";
criteria = {
class = "Element";
};
}
{
command = "resize set width 60 ppt height 60 ppt, sticky enable";
criteria = {
app_id = "SchildiChat";
};
}
];
};
gaps = {
inner = 5;
};
};
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
export _JAVA_AWT_WM_NONREPARENTING=1
export XDG_CURRENT_DESKTOP=sway
export XDG_SESSION_DESKTOP=sway
export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
export ANKI_WAYLAND=1;
export OBSIDIAN_USE_WAYLAND=1;
'';
# extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
# exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
# ";
extraConfig =
let
inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = "
blur enable
blur_xray disable
blur_passes 1
blur_radius 1
shadows enable
corner_radius 2
titlebar_separator disable
default_dim_inactive 0.02
";
in
"
exec_always autotiling
set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"
mode $exit {
bindsym --to-code {
s exec \"systemctl suspend\", mode \"default\"
p exec \"systemctl poweroff\"
r exec \"systemctl reboot\"
l exec \"swaymsg exit\"
Return mode \"default\"
Escape mode \"default\"
${modifier}+x mode \"default\"
}
}
exec systemctl --user import-environment
${swayfxSettings}
";
};
}

27
profiles/common/home/symlink.nix Normal file
View file

@ -0,0 +1,27 @@
{ ... }:
{
home.file = {
"init.el" = {
source = ../../../programs/emacs/init.el;
target = ".emacs.d/init.el";
};
"early-init.el" = {
source = ../../../programs/emacs/early-init.el;
target = ".emacs.d/early-init.el";
};
# on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually
".aspell.conf" = {
source = ../../../programs/config/.aspell.conf;
target = ".aspell.conf";
};
".gitmessage" = {
source = ../../../programs/git/.gitmessage;
target = ".gitmessage";
};
};
xdg.configFile = {
"tridactyl/tridactylrc".source = ../../../programs/firefox/tridactyl/tridactylrc;
"tridactyl/themes/base16-codeschool.css".source = ../../../programs/firefox/tridactyl/themes/base16-codeschool.css;
};
}

193
profiles/common/home/waybar.nix Normal file
View file

@ -0,0 +1,193 @@
{ ... }:
{
programs.waybar = {
enable = true;
# systemd.enable = true;
settings = {
mainBar = {
layer = "top";
position = "top";
modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ];
modules-center = [ "sway/mode" "custom/configwarn" ];
"sway/mode" = {
format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
};
"custom/configwarn" = {
exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh";
interval = 60;
};
"group/hardware" = {
orientation = "inherit";
drawer = {
"transition-left-to-right" = false;
};
modules = [
"tray"
"temperature"
"power-profiles-daemon"
"custom/left-arrow-light"
"disk"
"custom/left-arrow-dark"
"memory"
"custom/left-arrow-light"
"cpu"
"custom/left-arrow-dark"
];
};
power-profiles-daemon = {
format = "{icon}";
tooltip-format = "Power profile: {profile}\nDriver: {driver}";
tooltip = true;
format-icons = {
"default" = "";
"performance" = "";
"balanced" = "";
"power-saver" = "";
};
};
temperature = {
critical-threshold = 80;
format-critical = " {temperatureC}°C";
format = " {temperatureC}°C";
};
mpris = {
format = "{player_icon} {title} <small>[{position}/{length}]</small>";
format-paused = "{player_icon} <i>{title} <small>[{position}/{length}]</small></i>";
player-icons = {
"default" = " ";
"mpv" = "🎵 ";
"spotify" = " ";
};
status-icons = {
"paused" = " ";
};
interval = 1;
title-len = 20;
artist-len = 20;
album-len = 10;
};
"custom/left-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/outer-left-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/left-arrow-light" = {
format = "";
tooltip = false;
};
"custom/right-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/outer-right-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/right-arrow-light" = {
format = "";
tooltip = false;
};
"sway/workspaces" = {
disable-scroll = true;
format = "{name}";
};
"clock#1" = {
min-length = 8;
interval = 1;
format = "{:%H:%M:%S}";
# on-click-right= "gnome-clocks";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
"clock#2" = {
format = "{:%d. %B %Y}";
# on-click-right= "gnome-clocks";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
pulseaudio = {
format = "{icon} {volume:2}%";
format-bluetooth = "{icon} {volume}%";
format-muted = "MUTE";
format-icons = {
headphones = "";
default = [
""
""
];
};
scroll-step = 1;
on-click = "pamixer -t";
on-click-right = "pavucontrol";
};
memory = {
interval = 5;
format = " {}%";
tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G";
};
cpu = {
min-length = 6;
interval = 5;
format-icons = [ "" "" "" "" "" "" "" "" ];
# on-click-right= "com.github.stsdc.monitor";
on-click-right = "kitty -o confirm_os_window_close=0 btm";
};
battery = {
states = {
"warning" = 60;
"error" = 30;
"critical" = 15;
};
interval = 5;
format = "{icon} {capacity}%";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-icons = [
""
""
""
""
""
];
on-click-right = "wlogout -p layer-shell";
};
disk = {
interval = 30;
format = "Disk {percentage_used:2}%";
path = "/";
states = {
"warning" = 80;
"critical" = 90;
};
tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)";
};
tray = {
icon-size = 20;
};
network = {
interval = 5;
format-wifi = "{signalStrength}% ";
format-ethernet = "";
format-linked = "{ifname} (No IP) ";
format-disconnected = "Disconnected ";
format-alt = "{ifname}: {ipaddr}/{cidr}";
tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n{bandwidthUpBytes} {bandwidthDownBytes}";
tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n{bandwidthUpBytes} {bandwidthDownBytes}";
};
};
};
style = builtins.readFile ../../../programs/waybar/style.css;
};
}

51
profiles/common/home/zsh.nix Normal file
View file

@ -0,0 +1,51 @@
{ pkgs, ... }:
{
programs.zsh = {
enable = true;
shellAliases = {
hg = "history | grep";
hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;";
nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org";
magit = "emacsclient -nc -e \"(magit-status)\"";
config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g = "git";
c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/";
passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
passpull = "cd ~/.local/share/password-store; git pull; cd -;";
hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
cd = "z";
cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
};
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
autocd = false;
cdpath = [
"~/.dotfiles"
# "~/Documents/GitHub"
];
defaultKeymap = "emacs";
dirHashes = {
dl = "$HOME/Downloads";
gh = "$HOME/Documents/GitHub";
};
history = {
expireDuplicatesFirst = true;
path = "$HOME/.histfile";
save = 10000;
size = 10000;
};
historySubstringSearch.enable = true;
plugins = [
{
name = "fzf-tab";
src = pkgs.zsh-fzf-tab;
}
];
initExtra = ''
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5C" forward-word
'';
};
}

556
profiles/common/nixos.nix
View file

@ -1,556 +0,0 @@
{ config, lib, pkgs, ... }:
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
services.xserver = {
xkb = {
layout = "us";
variant = "altgr-intl";
};
};
# nix.settings.experimental-features = ["nix-command" "flakes"];
users.mutableUsers = false;
environment = {
wordlist.enable = true;
sessionVariables = {
NIXOS_OZONE_WL = "1";
GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-libav
]);
};
};
# gstreamer plugins for nautilus (used for file metadata)
time.hardwareClockInLocalTime = true;
# dont style GRUB with stylix
stylix.targets.grub.enable = false; # the styling makes grub more ugly
security.polkit.enable = true;
nix.gc = {
automatic = true;
randomizedDelaySec = "14m";
dates = "weekly";
options = "--delete-older-than 10d";
};
nix.optimise = {
automatic = true;
dates = [ "weekly" ];
};
# systemd
systemd.extraConfig = ''
DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec=15s
'';
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
enableAllFirmware = true;
bluetooth = {
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
};
networking.networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"
];
profiles = {
"Ernest Routerford" = {
connection = {
id = "Ernest Routerford";
permissions = "";
type = "wifi";
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = "Ernest Routerford";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$ERNEST";
};
};
LAN-Party = {
connection = {
autoconnect = "false";
id = "LAN-Party";
type = "ethernet";
};
ethernet = {
auto-negotiate = "true";
cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
eduroam = {
"802-1x" = {
eap = "ttls;";
identity = "$EDUID";
password = "$EDUPASS";
phase2-auth = "mschapv2";
};
connection = {
id = "eduroam";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
local = {
connection = {
autoconnect = "false";
id = "local";
type = "ethernet";
};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
HH40V_39F5 = {
connection = {
id = "HH40V_39F5";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
ssid = "HH40V_39F5";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$FRAUNS";
};
};
magicant = {
connection = {
id = "magicant";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "magicant";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HANDYHOTSPOT";
};
};
"sweden-aes-128-cbc-udp-dns" = {
connection = {
autoconnect = "false";
id = "PIA Sweden";
type = "vpn";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
vpn = {
auth = "sha1";
ca =
"${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
challenge-response-flags = "2";
cipher = "aes-128-cbc";
compress = "yes";
connection-type = "password";
crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
dev = "tun";
password-flags = "0";
remote = "sweden.privacy.network:1198";
remote-cert-tls = "server";
reneg-seconds = "0";
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER";
};
vpn-secrets = { password = "$VPNPASS"; };
};
Hotspot = {
connection = {
autoconnect = "false";
id = "Hotspot";
type = "wifi";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-fourside";
};
wifi-security = {
group = "ccmp;";
key-mgmt = "wpa-psk";
pairwise = "ccmp;";
proto = "rsn;";
psk = "$HOTSPOT";
};
};
};
};
};
systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
time.timeZone = "Europe/Vienna";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
};
sops = {
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
swarseluser = { neededForUsers = true; };
ernest = { };
frauns = { };
hotspot = { };
eduid = { };
edupass = { };
handyhotspot = { };
vpnuser = { };
vpnpass = { };
};
templates = {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
HOTSPOT=${config.sops.placeholder.hotspot}
EDUID=${config.sops.placeholder.eduid}
EDUPASS=${config.sops.placeholder.edupass}
HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
VPNUSER=${config.sops.placeholder.vpnuser}
VPNPASS=${config.sops.placeholder.vpnpass}
'';
};
};
environment.systemPackages = with pkgs; [
# yubikey packages
gnupg
yubikey-personalization
yubikey-personalization-gui
yubico-pam
yubioath-flutter
yubikey-manager
yubikey-manager-qt
yubico-piv-tool
cfssl
pcsctools
pcscliteWithPolkit.out
# ledger packages
ledger-live-desktop
# pinentry
# theme related
adwaita-icon-theme
# kde-connect
xdg-desktop-portal
# bluetooth
bluez
# lsp-related -------------------------------
# nix
# latex
texlab
ghostscript_headless
# wireguard
wireguard-tools
# rust
rust-analyzer
clippy
rustfmt
# go
go
gopls
# zig
zig
zls
# cpp
clang-tools
# + cuda
cudatoolkit
#lsp-bridge / python
gcc
gdb
(python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# --------------------------------------------
(stdenv.mkDerivation {
name = "oama";
src = pkgs.fetchurl {
name = "oama";
url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
};
phases = [
"unpackPhase"
];
unpackPhase = ''
mkdir -p $out/bin
tar xvf $src -C $out/
mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
'';
})
];
programs = {
dconf.enable = true;
evince.enable = true;
kdeconnect.enable = true;
};
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ];
services.syncthing = {
enable = true;
user = "swarsel";
dataDir = "/home/swarsel";
configDir = "/home/swarsel/.config/syncthing";
openDefaultPorts = true;
settings = {
devices = {
"magicant" = {
id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2";
};
"sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
"server1" = {
id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ";
};
};
folders = {
"Default Folder" = {
path = "/home/swarsel/Sync";
devices = [ "sync (@oracle)" ];
id = "default";
};
"Obsidian" = {
path = "/home/swarsel/Nextcloud/Obsidian";
devices = [ "sync (@oracle)" ];
id = "yjvni-9eaa7";
};
"Org" = {
path = "/home/swarsel/Nextcloud/Org";
devices = [ "sync (@oracle)" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
path = "/home/swarsel/Vpn";
devices = [ "sync (@oracle)" ];
id = "hgp9s-fyq3p";
};
};
};
};
services.blueman.enable = true;
# enable scanners over network
hardware.sane = {
enable = true;
extraBackends = [ pkgs.sane-airscan ];
};
# enable discovery and usage of network devices (esp. printers)
services.printing = {
enable = true;
drivers = [
pkgs.gutenprint
pkgs.gutenprintBin
];
browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.gvfs.enable = true;
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig =
let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in
''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
};
programs.ssh.startAgent = false;
services.pcscd.enable = true;
hardware.ledger.enable = true;
services.udev.packages = with pkgs; [
yubikey-personalization
ledger-udev-rules
];
services.greetd = {
enable = true;
settings = {
initial_session.command = "sway";
# initial_session.user ="swarsel";
default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
'';
};
};
environment.etc."greetd/environments".text = ''
sway
'';
}

4
profiles/common/nixos/blueman.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
services.blueman.enable = true;
}

33
profiles/common/nixos/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ ... }:
{
imports = [
./xserver.nix
./users.nix
./env.nix
./stylix.nix
./polkit.nix
./gc.nix
./store.nix
./systemd.nix
./network.nix
./time.nix
./hardware.nix
./sops.nix
./packages.nix
./programs.nix
./zsh.nix
./syncthing.nix
./blueman.nix
./networkdevices.nix
./gvfs.nix
./interceptiontools.nix
./hardwarecompatibility.nix
./login.nix
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
}

16
profiles/common/nixos/env.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, pkgs, ... }:
{
environment = {
wordlist.enable = true;
sessionVariables = {
NIXOS_OZONE_WL = "1";
GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-libav
]);
};
};
# gstreamer plugins for nautilus (used for file metadata)
}

9
profiles/common/nixos/gc.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
nix.gc = {
automatic = true;
randomizedDelaySec = "14m";
dates = "weekly";
options = "--delete-older-than 10d";
};
}

4
profiles/common/nixos/gvfs.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
services.gvfs.enable = true;
}

26
profiles/common/nixos/hardware.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
{
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
enableAllFirmware = true;
bluetooth = {
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
};
}

13
profiles/common/nixos/hardwarecompatibility.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
programs.ssh.startAgent = false;
services.pcscd.enable = true;
hardware.ledger.enable = true;
services.udev.packages = with pkgs; [
yubikey-personalization
ledger-udev-rules
];
}

29
profiles/common/nixos/interceptiontools.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig =
let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in
''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
};
}

29
profiles/common/nixos/interceptiontoools.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig =
let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in
''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
};
}

21
profiles/common/nixos/login.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
services.greetd = {
enable = true;
settings = {
initial_session.command = "sway";
# initial_session.user ="swarsel";
default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
'';
};
};
environment.etc."greetd/environments".text = ''
sway
'';
}

207
profiles/common/nixos/network.nix Normal file
View file

@ -0,0 +1,207 @@
{ config, ... }:
{
networking.networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"
];
profiles = {
"Ernest Routerford" = {
connection = {
id = "Ernest Routerford";
permissions = "";
type = "wifi";
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = "Ernest Routerford";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$ERNEST";
};
};
LAN-Party = {
connection = {
autoconnect = "false";
id = "LAN-Party";
type = "ethernet";
};
ethernet = {
auto-negotiate = "true";
cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
eduroam = {
"802-1x" = {
eap = "ttls;";
identity = "$EDUID";
password = "$EDUPASS";
phase2-auth = "mschapv2";
};
connection = {
id = "eduroam";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
local = {
connection = {
autoconnect = "false";
id = "local";
type = "ethernet";
};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
HH40V_39F5 = {
connection = {
id = "HH40V_39F5";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
ssid = "HH40V_39F5";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$FRAUNS";
};
};
magicant = {
connection = {
id = "magicant";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "magicant";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HANDYHOTSPOT";
};
};
"sweden-aes-128-cbc-udp-dns" = {
connection = {
autoconnect = "false";
id = "PIA Sweden";
type = "vpn";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
vpn = {
auth = "sha1";
ca =
"${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
challenge-response-flags = "2";
cipher = "aes-128-cbc";
compress = "yes";
connection-type = "password";
crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
dev = "tun";
password-flags = "0";
remote = "sweden.privacy.network:1198";
remote-cert-tls = "server";
reneg-seconds = "0";
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER";
};
vpn-secrets = { password = "$VPNPASS"; };
};
Hotspot = {
connection = {
autoconnect = "false";
id = "Hotspot";
type = "wifi";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-fourside";
};
wifi-security = {
group = "ccmp;";
key-mgmt = "wpa-psk";
pairwise = "ccmp;";
proto = "rsn;";
psk = "$HOTSPOT";
};
};
};
};
};
systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
}

30
profiles/common/nixos/networkdevices.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, ... }:
{
# enable scanners over network
hardware.sane = {
enable = true;
extraBackends = [ pkgs.sane-airscan ];
};
# enable discovery and usage of network devices (esp. printers)
services.printing = {
enable = true;
drivers = [
pkgs.gutenprint
pkgs.gutenprintBin
];
browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
}

81
profiles/common/nixos/packages.nix Normal file
View file

@ -0,0 +1,81 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
# yubikey packages
gnupg
yubikey-personalization
yubikey-personalization-gui
yubico-pam
yubioath-flutter
yubikey-manager
yubikey-manager-qt
yubico-piv-tool
cfssl
pcsctools
pcscliteWithPolkit.out
# ledger packages
ledger-live-desktop
# pinentry
# theme related
adwaita-icon-theme
# kde-connect
xdg-desktop-portal
# bluetooth
bluez
# lsp-related -------------------------------
# nix
# latex
texlab
ghostscript_headless
# wireguard
wireguard-tools
# rust
rust-analyzer
clippy
rustfmt
# go
go
gopls
# zig
zig
zls
# cpp
clang-tools
# + cuda
cudatoolkit
#lsp-bridge / python
gcc
gdb
(python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# --------------------------------------------
(stdenv.mkDerivation {
name = "oama";
src = pkgs.fetchurl {
name = "oama";
url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
};
phases = [
"unpackPhase"
];
unpackPhase = ''
mkdir -p $out/bin
tar xvf $src -C $out/
mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
'';
})
];
}

4
profiles/common/nixos/polkit.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
security.polkit.enable = true;
}

8
profiles/common/nixos/programs.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
programs = {
dconf.enable = true;
evince.enable = true;
kdeconnect.enable = true;
};
}

32
profiles/common/nixos/sops.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, ... }:
{
sops = {
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
swarseluser = { neededForUsers = true; };
ernest = { };
frauns = { };
hotspot = { };
eduid = { };
edupass = { };
handyhotspot = { };
vpnuser = { };
vpnpass = { };
};
templates = {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
HOTSPOT=${config.sops.placeholder.hotspot}
EDUID=${config.sops.placeholder.eduid}
EDUPASS=${config.sops.placeholder.edupass}
HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
VPNUSER=${config.sops.placeholder.vpnuser}
VPNPASS=${config.sops.placeholder.vpnpass}
'';
};
};
}

7
profiles/common/nixos/store.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
nix.optimise = {
automatic = true;
dates = [ "weekly" ];
};
}

5
profiles/common/nixos/stylix.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
# dont style GRUB with stylix
stylix.targets.grub.enable = false; # the styling makes grub more ugly
}

45
profiles/common/nixos/syncthing.nix Normal file
View file

@ -0,0 +1,45 @@
{ ... }:
{
services.syncthing = {
enable = true;
user = "swarsel";
dataDir = "/home/swarsel";
configDir = "/home/swarsel/.config/syncthing";
openDefaultPorts = true;
settings = {
devices = {
"magicant" = {
id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2";
};
"sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
"server1" = {
id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ";
};
};
folders = {
"Default Folder" = {
path = "/home/swarsel/Sync";
devices = [ "sync (@oracle)" ];
id = "default";
};
"Obsidian" = {
path = "/home/swarsel/Nextcloud/Obsidian";
devices = [ "sync (@oracle)" ];
id = "yjvni-9eaa7";
};
"Org" = {
path = "/home/swarsel/Nextcloud/Org";
devices = [ "sync (@oracle)" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
path = "/home/swarsel/Vpn";
devices = [ "sync (@oracle)" ];
id = "hgp9s-fyq3p";
};
};
};
};
}

8
profiles/common/nixos/systemd.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
# systemd
systemd.extraConfig = ''
DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec=15s
'';
}

22
profiles/common/nixos/time.nix Normal file
View file

@ -0,0 +1,22 @@
{ ... }:
{
time = {
timeZone = "Europe/Vienna";
hardwareClockInLocalTime = true;
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
};
}

13
profiles/common/nixos/users.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, config, ... }:
{
users = {
mutableUsers = false;
users.swarsel = {
isNormalUser = true;
description = "Leon S";
hashedPasswordFile = config.sops.secrets.swarseluser.path;
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [ ];
};
};
}

9
profiles/common/nixos/xserver.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
services.xserver = {
xkb = {
layout = "us";
variant = "altgr-intl";
};
};
}

7
profiles/common/nixos/zsh.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ];
}

23
profiles/fourside/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ inputs, outputs, ... }:
{
imports = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
./hardware-configuration.nix
./nixos.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports = outputs.mixedModules ++ [
./home.nix
];
}
];
nixpkgs = {
overlays = outputs.overlays;
config = {
allowUnfree = true;
};
};
}

2
profiles/fourside/hardware-configuration.nix
View file

@ -39,6 +39,6 @@
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
profiles/fourside/home.nix
View file

@ -81,7 +81,7 @@
eDP-1 = {
mode = "1920x1080"; # TEMPLATE
scale = "1";
position = "1920,0";
position = "2560,0";
# bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
};
DP-4 = {

18
profiles/fourside/nixos.nix
View file

@ -2,17 +2,6 @@
{
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
greetd.settings.initial_session.user = "swarsel";
@ -147,13 +136,6 @@
};
};
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
hashedPasswordFile = config.sops.secrets.swarseluser.path;
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
# gog games installing

2
profiles/home-manager/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }:
{ config, pkgs, ... }:
{
programs.home-manager.enable = true;

4
profiles/remote/oracle/matrix/nixos.nix
View file

@ -17,9 +17,9 @@ in
ffmpeg
];
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];

4
profiles/remote/oracle/sync/nixos.nix
View file

@ -11,9 +11,9 @@
ssh-to-age
];
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];

56
profiles/sandbox/disk-config.nix Normal file
View file

@ -0,0 +1,56 @@
# Example to create a bios compatible gpt partition
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

8
profiles/sandbox/hardware-configuration.nix
View file

@ -15,10 +15,10 @@
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
fsType = "ext4";
};
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
# fsType = "ext4";
# };
swapDevices = [ ];

45
profiles/sandbox/nixos.nix
View file

@ -8,18 +8,21 @@ in
./hardware-configuration.nix
];
boot.loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
supportedFilesystems = [ "zfs" ];
boot = {
zfs.forceImportRoot = false;
supportedFilesystems = [ "zfs" ];
kernelModules = [ "tun" ];
kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
"net.ipv4.conf.enp7s0.rp_filter" = 2;
};
loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
};
};
networking = {
@ -38,19 +41,19 @@ in
};
};
hardware.graphics = {
enable = true;
hardware.enableAllFirmware = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
nixpkgs.config.allowUnfree = true;
sound = {
enable = true;
hardware = {
enableAllFirmware = true;
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
};
users = {
@ -266,9 +269,9 @@ in
};
services = {
xserver = {
xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
openssh = {
@ -390,7 +393,7 @@ in
kavita = {
enable = true;
user = "kavita";
port = 8080;
settings.port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
@ -804,7 +807,7 @@ in
publish.enable = true;
publish.userServices = true;
# ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
nssmdns = true;
nssmdns4 = true;
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
enable = true;
};

4
profiles/server1/TEMPLATE/nixos.nix
View file

@ -11,9 +11,9 @@
ssh-to-age
];
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];

4
profiles/server1/calibre/nixos.nix
View file

@ -22,9 +22,9 @@
];
};
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];

4
profiles/server1/jellyfin/nixos.nix
View file

@ -24,9 +24,9 @@
extraGroups = [ "video" "render" ];
};
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];

4
profiles/server1/matrix/nixos.nix
View file

@ -6,9 +6,9 @@ in
services = {
xserver = {
xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
openssh = {
enable = true;

4
profiles/server1/nginx/nixos.nix
View file

@ -13,9 +13,9 @@
nginx
];
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];

4
profiles/server1/paperless/nixos.nix
View file

@ -10,9 +10,9 @@
services = {
xserver = {
xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
openssh = {
enable = true;

4
profiles/server1/sound/nixos.nix
View file

@ -10,9 +10,9 @@
services = {
xserver = {
xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
openssh = {
enable = true;

4
profiles/server1/spotifyd/nixos.nix
View file

@ -10,9 +10,9 @@
services = {
xserver = {
xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
openssh = {
enable = true;

4
profiles/server1/transmission/nixos.nix
View file

@ -37,9 +37,9 @@
home = "/home/vpn";
};
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "altgr-intl";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];