swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-15 05:39:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: Add automatic formatting for .nix files

Browse source
This commit is contained in:
Swarsel 2024-07-19 00:45:48 +02:00
parent 9dc9a1fe1b
commit 72d321f478
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
46 changed files with 3204 additions and 3164 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/flake-checks.yaml vendored
View file

@ -14,7 +14,9 @@ jobs:
- name: Install Nix - name: Install Nix
uses: DeterminateSystems/nix-installer-action@v3 uses: DeterminateSystems/nix-installer-action@v3
- uses: DeterminateSystems/magic-nix-cache-action@main - uses: DeterminateSystems/magic-nix-cache-action@main
- name: Check for dead code - name: Check for dead code in .nix files
run: git ls-files '*.nix' | nix run nixpkgs#deadnix run: git ls-files '*.nix' | nix run nixpkgs#deadnix
- name: Check for lints - name: Check for lints in .nix files
run: nix run nixpkgs#statix -- check run: nix run nixpkgs#statix -- check
- name: Check formatting in .nix files
run: git ls-files '*.nix' | xargs nix run nixpkgs#alejandra -- --check

33
SwarselSystems.org
View file

@ -5131,6 +5131,11 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499
nmap nmap
lsof lsof
# nix
alejandra
deadnix
statix
# local file sharing # local file sharing
wormhole-rs wormhole-rs
@ -7524,16 +7529,24 @@ Used in: [[#h:bbcfa895-4d46-4b1d-b84e-f634e982c46e][Centered org-mode Buffers]]
#+end_src #+end_src
**** org-mode: Auto-tangle and export Configuration Files **** org-mode: Upon-save actions (Auto-tangle, export to html, formatting)
:PROPERTIES: :PROPERTIES:
:CUSTOM_ID: h:59d4306e-9b73-4b2c-b039-6a6518c357fc :CUSTOM_ID: h:59d4306e-9b73-4b2c-b039-6a6518c357fc
:END: :END:
This section automatically tangles all configuration blocks in this file to the defined Emacs org-file. It also exports the configuration file as html. This section handles everything that shoudld happen when I save =SwarselSystems.org=. It:
1) automatically tangles all configuration blocks in this file
2) exports the configuration file as html for an easier reading experience with working links and index
3) formats the generated =.nix= files in accordance to the =Alejandra=-style.
We set a hook that runs everytime we save the file. It would be a bit more efficient to only export and format when we enter a magit window for instance (since especially the html export takes times), however, since I cannot be sure to only ever commit from magit (I do indeed sometimes use git from the command line), I prefer this approach.
#+begin_src emacs-lisp #+begin_src emacs-lisp
(defun run-alejandra ()
(interactive)
(let ((default-directory (expand-file-name "~/.dotfiles")))
(shell-command "alejandra . -q")))
(defun swarsel/org-babel-tangle-config () (defun swarsel/org-babel-tangle-config ()
(when (string-equal (buffer-file-name) (when (string-equal (buffer-file-name)
@ -7541,25 +7554,13 @@ This section automatically tangles all configuration blocks in this file to the
;; Dynamic scoping to the rescue ;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil)) (let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html) (org-html-export-to-html)
(org-babel-tangle))) (org-babel-tangle)
(when (string-equal (buffer-file-name) (run-alejandra))))
swarsel-emacs-org-filepath)
;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html)
(org-babel-tangle)))
(when (string-equal (buffer-file-name)
swarsel-nix-org-filepath)
;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil))
(org-babel-tangle))))
(setq org-html-htmlize-output-type nil) (setq org-html-htmlize-output-type nil)
(add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config))) (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config)))
#+end_src #+end_src
**** org-mode: Fold current heading **** org-mode: Fold current heading

124
flake.nix
View file

@ -2,7 +2,6 @@
description = "SwarseFlake - Nix Flake for all SwarselSystems"; description = "SwarseFlake - Nix Flake for all SwarselSystems";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -67,11 +66,9 @@
nswitch-rcm-nix = { nswitch-rcm-nix = {
url = "github:Swarsel/nswitch-rcm-nix"; url = "github:Swarsel/nswitch-rcm-nix";
}; };
}; };
outputs = inputs@{ outputs = inputs @ {
nixpkgs, nixpkgs,
nixpkgs-stable, nixpkgs-stable,
home-manager, home-manager,
@ -85,13 +82,13 @@
nixos-hardware, nixos-hardware,
nix-alien, nix-alien,
nswitch-rcm-nix, nswitch-rcm-nix,
... ...
}: let }: let
system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment
pkgs = import nixpkgs { inherit system; pkgs = import nixpkgs {
overlays = [ emacs-overlay.overlay inherit system;
overlays = [
emacs-overlay.overlay
nur.overlay nur.overlay
nixgl.overlay nixgl.overlay
(final: _prev: { (final: _prev: {
@ -104,12 +101,17 @@
}; };
# NixOS modules that can only be used on NixOS systems # NixOS modules that can only be used on NixOS systems
nixModules = [ stylix.nixosModules.stylix nixModules = [
stylix.nixosModules.stylix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
nswitch-rcm-nix.nixosModules.nswitch-rcm nswitch-rcm-nix.nixosModules.nswitch-rcm
./profiles/common/nixos.nix ./profiles/common/nixos.nix
# dynamic library loading # dynamic library loading
({ self, system, ... }: { ({
self,
system,
...
}: {
environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [ environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [
nix-alien nix-alien
]; ];
@ -119,15 +121,15 @@
]; ];
# Home-Manager modules wanted on non-NixOS systems # Home-Manager modules wanted on non-NixOS systems
homeModules = [ stylix.homeManagerModules.stylix homeModules = [
stylix.homeManagerModules.stylix
]; ];
# Home-Manager modules wanted on both NixOS and non-NixOS systems # Home-Manager modules wanted on both NixOS and non-NixOS systems
mixedModules = [ sops-nix.homeManagerModules.sops mixedModules = [
sops-nix.homeManagerModules.sops
./profiles/common/home.nix ./profiles/common/home.nix
]; ];
in { in {
# NixOS setups - run home-manager as a NixOS module for better compatibility # NixOS setups - run home-manager as a NixOS module for better compatibility
# another benefit - full rebuild on nixos-rebuild switch # another benefit - full rebuild on nixos-rebuild switch
# run rebuild using `nswitch` # run rebuild using `nswitch`
@ -136,14 +138,17 @@
# Make sure to move hardware-configuration to the appropriate location, by default it is found in /etc/nixos/. # Make sure to move hardware-configuration to the appropriate location, by default it is found in /etc/nixos/.
nixosConfigurations = { nixosConfigurations = {
onett = nixpkgs.lib.nixosSystem { onett = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = nixModules ++ [ modules =
nixModules
++ [
./profiles/onett/nixos.nix ./profiles/onett/nixos.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = mixedModules ++ [ home-manager.users.swarsel.imports =
mixedModules
++ [
./profiles/onett/home.nix ./profiles/onett/home.nix
]; ];
} }
@ -151,7 +156,7 @@
}; };
sandbox = nixpkgs.lib.nixosSystem { sandbox = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/sandbox/nixos.nix ./profiles/sandbox/nixos.nix
@ -159,12 +164,16 @@
}; };
twoson = nixpkgs.lib.nixosSystem { twoson = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = nixModules ++ [ modules =
nixModules
++ [
./profiles/twoson/nixos.nix ./profiles/twoson/nixos.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = mixedModules ++ [ home-manager.users.swarsel.imports =
mixedModules
++ [
./profiles/twoson/home.nix ./profiles/twoson/home.nix
]; ];
} }
@ -172,13 +181,17 @@
}; };
threed = nixpkgs.lib.nixosSystem { threed = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = nixModules ++ [ modules =
nixModules
++ [
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./profiles/threed/nixos.nix ./profiles/threed/nixos.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = mixedModules ++ [ home-manager.users.swarsel.imports =
mixedModules
++ [
./profiles/threed/home.nix ./profiles/threed/home.nix
]; ];
} }
@ -186,13 +199,17 @@
}; };
fourside = nixpkgs.lib.nixosSystem { fourside = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = nixModules ++ [ modules =
nixModules
++ [
nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
./profiles/fourside/nixos.nix ./profiles/fourside/nixos.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = mixedModules ++ [ home-manager.users.swarsel.imports =
mixedModules
++ [
./profiles/fourside/home.nix ./profiles/fourside/home.nix
]; ];
} }
@ -200,13 +217,17 @@
}; };
winters = nixpkgs.lib.nixosSystem { winters = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = nixModules ++ [ modules =
nixModules
++ [
nixos-hardware.nixosModules.framework-16-inch-7040-amd nixos-hardware.nixosModules.framework-16-inch-7040-amd
./profiles/winters/nixos.nix ./profiles/winters/nixos.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = mixedModules ++ [ home-manager.users.swarsel.imports =
mixedModules
++ [
./profiles/winters/home.nix ./profiles/winters/home.nix
]; ];
} }
@ -214,12 +235,16 @@
}; };
stand = nixpkgs.lib.nixosSystem { stand = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = nixModules ++ [ modules =
nixModules
++ [
./profiles/stand/nixos.nix ./profiles/stand/nixos.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.users.homelen.imports = mixedModules ++ [ home-manager.users.homelen.imports =
mixedModules
++ [
./profiles/stand/home.nix ./profiles/stand/home.nix
]; ];
} }
@ -227,7 +252,7 @@
}; };
nginx = nixpkgs.lib.nixosSystem { nginx = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/server1/nginx/nixos.nix ./profiles/server1/nginx/nixos.nix
@ -235,7 +260,7 @@
}; };
calibre = nixpkgs.lib.nixosSystem { calibre = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/server1/calibre/nixos.nix ./profiles/server1/calibre/nixos.nix
@ -243,7 +268,7 @@
}; };
jellyfin = nixpkgs.lib.nixosSystem { jellyfin = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
# sops-nix.nixosModules.sops # sops-nix.nixosModules.sops
./profiles/server1/jellyfin/nixos.nix ./profiles/server1/jellyfin/nixos.nix
@ -251,7 +276,7 @@
}; };
transmission = nixpkgs.lib.nixosSystem { transmission = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/server1/transmission/nixos.nix ./profiles/server1/transmission/nixos.nix
@ -259,7 +284,7 @@
}; };
matrix = nixpkgs.lib.nixosSystem { matrix = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
# this is to import a service module that is not on nixpkgs # this is to import a service module that is not on nixpkgs
# this way avoids infinite recursion errors # this way avoids infinite recursion errors
modules = [ modules = [
@ -269,7 +294,7 @@
}; };
sound = nixpkgs.lib.nixosSystem { sound = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/server1/sound/nixos.nix ./profiles/server1/sound/nixos.nix
@ -277,7 +302,7 @@
}; };
spotifyd = nixpkgs.lib.nixosSystem { spotifyd = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/server1/spotifyd/nixos.nix ./profiles/server1/spotifyd/nixos.nix
@ -285,7 +310,7 @@
}; };
paperless = nixpkgs.lib.nixosSystem { paperless = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/server1/paperless/nixos.nix ./profiles/server1/paperless/nixos.nix
@ -294,7 +319,7 @@
#ovm swarsel #ovm swarsel
sync = nixpkgs.lib.nixosSystem { sync = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/remote/oracle/sync/nixos.nix ./profiles/remote/oracle/sync/nixos.nix
@ -303,7 +328,7 @@
#ovm swarsel #ovm swarsel
swatrix = nixpkgs.lib.nixosSystem { swatrix = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; }; specialArgs = {inherit inputs pkgs;};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/remote/oracle/matrix/nixos.nix ./profiles/remote/oracle/matrix/nixos.nix
@ -315,29 +340,26 @@
# run rebuild using `hmswitch` # run rebuild using `hmswitch`
homeConfigurations = { homeConfigurations = {
"leons@PCisLee" = home-manager.lib.homeManagerConfiguration { "leons@PCisLee" = home-manager.lib.homeManagerConfiguration {
inherit pkgs; inherit pkgs;
modules = homeModules ++ mixedModules ++ [ modules =
homeModules
++ mixedModules
++ [
./profiles/surface/home.nix ./profiles/surface/home.nix
]; ];
}; };
}; };
nixOnDroidConfigurations = { nixOnDroidConfigurations = {
default = nix-on-droid.lib.nixOnDroidConfiguration { default = nix-on-droid.lib.nixOnDroidConfiguration {
modules = [ modules = [
./profiles/mysticant/configuration.nix ./profiles/mysticant/configuration.nix
]; ];
}; };
}; };
packages.x86_64-linux = { packages.x86_64-linux = {
}; };
}; };
} }

55
index.html
View file

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2024-07-19 Fr 00:29 --> <!-- 2024-07-19 Fr 00:52 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>SwarselSystems: NixOS + Emacs Configuration</title> <title>SwarselSystems: NixOS + Emacs Configuration</title>
@ -387,7 +387,7 @@
</div> </div>
</div> </div>
<p> <p>
<b>This file has 40971 words spanning 10908 lines and was last revised on 2024-07-19 00:29:02 +0200.</b> <b>This file has 41033 words spanning 10909 lines and was last revised on 2024-07-19 00:52:31 +0200.</b>
</p> </p>
<p> <p>
@ -437,7 +437,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry
</p> </p>
<p> <p>
My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-19 00:29:02 +0200) My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-19 00:52:31 +0200)
</p></li> </p></li>
</ul> </ul>
@ -6335,6 +6335,11 @@ Programming languages and default lsp's are defined here: <a href="#h:0e7e8bea-e
nmap nmap
lsof lsof
# nix
alejandra
deadnix
statix
# local file sharing # local file sharing
wormhole-rs wormhole-rs
@ -9194,40 +9199,40 @@ Used in: <a href="#h:bbcfa895-4d46-4b1d-b84e-f634e982c46e">Centered org-mode Buf
</div> </div>
</div> </div>
</li> </li>
<li><a id="h:59d4306e-9b73-4b2c-b039-6a6518c357fc"></a>org-mode: Auto-tangle and export Configuration Files<br /> <li><a id="h:59d4306e-9b73-4b2c-b039-6a6518c357fc"></a>org-mode: Upon-save actions (Auto-tangle, export to html, formatting)<br />
<div class="outline-text-5" id="text-h:59d4306e-9b73-4b2c-b039-6a6518c357fc"> <div class="outline-text-5" id="text-h:59d4306e-9b73-4b2c-b039-6a6518c357fc">
<p> <p>
This section automatically tangles all configuration blocks in this file to the defined Emacs org-file. It also exports the configuration file as html. This section handles everything that shoudld happen when I save <code>SwarselSystems.org</code>. It:
</p> </p>
<ol class="org-ol">
<li>automatically tangles all configuration blocks in this file</li>
<li>exports the configuration file as html for an easier reading experience with working links and index</li>
<li>formats the generated <code>.nix</code> files in accordance to the <code>Alejandra</code>-style.</li>
</ol>
<p>
We set a hook that runs everytime we save the file. It would be a bit more efficient to only export and format when we enter a magit window for instance (since especially the html export takes times), however, since I cannot be sure to only ever commit from magit (I do indeed sometimes use git from the command line), I prefer this approach.
</p>
<div class="org-src-container"> <div class="org-src-container">
<pre class="src src-emacs-lisp"> <pre class="src src-emacs-lisp">(defun run-alejandra ()
(defun swarsel/org-babel-tangle-config () (interactive)
(let ((default-directory (expand-file-name "~/.dotfiles")))
(shell-command "alejandra . -q")))
(defun swarsel/org-babel-tangle-config ()
(when (string-equal (buffer-file-name) (when (string-equal (buffer-file-name)
swarsel-swarsel-org-filepath) swarsel-swarsel-org-filepath)
;; Dynamic scoping to the rescue ;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil)) (let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html) (org-html-export-to-html)
(org-babel-tangle))) (org-babel-tangle)
(when (string-equal (buffer-file-name) (run-alejandra))))
swarsel-emacs-org-filepath)
;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html)
(org-babel-tangle)))
(when (string-equal (buffer-file-name)
swarsel-nix-org-filepath)
;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil))
(org-babel-tangle))))
(setq org-html-htmlize-output-type nil)
(add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config)))
(setq org-html-htmlize-output-type nil)
(add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config)))
</pre> </pre>
</div> </div>
@ -9336,7 +9341,7 @@ The standard Emacs behaviour for the Python process shell is a bit annoying. Thi
</div> </div>
</div> </div>
</li> </li>
<li><a id="org03da7a6"></a>Nix common prefix bracketer<br /> <li><a id="orgbb564b1"></a>Nix common prefix bracketer<br />
<div class="outline-text-5" id="text-4-2-1-15"> <div class="outline-text-5" id="text-4-2-1-15">
<p> <p>
This function searches for common delimiters in region and removes them, summarizing all captured lines by it. This function searches for common delimiters in region and removes them, summarizing all captured lines by it.
@ -12907,7 +12912,7 @@ My laptop, sadly soon to be replaced by a new one, since most basic functions ar
</div> </div>
<div id="postamble" class="status"> <div id="postamble" class="status">
<p class="author">Author: Leon Schwarzäugl</p> <p class="author">Author: Leon Schwarzäugl</p>
<p class="date">Created: 2024-07-19 Fr 00:29</p> <p class="date">Created: 2024-07-19 Fr 00:52</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p> <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div> </div>
</body> </body>

33
profiles/TEMPLATE/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
@ -29,7 +29,7 @@
]; ];
}; };
# update path if the sops private key is stored somewhere else # update path if the sops private key is stored somewhere else
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
# waybar config - TEMPLATE - update for cores and temp # waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = { programs.waybar.settings.mainBar = {
@ -67,7 +67,8 @@
# ----------------------------------------------------------------- # -----------------------------------------------------------------
# if not always connected to power (laptop), use this (default): # if not always connected to power (laptop), use this (default):
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris" "mpris"
"custom/left-arrow-light" "custom/left-arrow-light"
"network" "network"
@ -86,7 +87,7 @@
# ----------------------------------------------------------------- # -----------------------------------------------------------------
wayland.windowManager.sway= { wayland.windowManager.sway = {
config = rec { config = rec {
# update for actual inputs here, # update for actual inputs here,
input = { input = {
@ -94,7 +95,8 @@
xkb_layout = "us"; xkb_layout = "us";
xkb_variant = "altgr-intl"; xkb_variant = "altgr-intl";
}; };
"1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE "1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us"; xkb_layout = "us";
xkb_options = "grp:win_space_toggle"; xkb_options = "grp:win_space_toggle";
# xkb_options = "ctrl:nocaps,grp:win_space_toggle"; # xkb_options = "ctrl:nocaps,grp:win_space_toggle";
@ -106,7 +108,6 @@
natural_scroll = "enabled"; natural_scroll = "enabled";
middle_emulation = "enabled"; middle_emulation = "enabled";
}; };
}; };
output = { output = {
@ -126,14 +127,12 @@
}; };
startup = [ startup = [
{command = "nextcloud --background";}
{ command = "nextcloud --background";} {command = "discord --start-minimized";}
{ command = "discord --start-minimized";} {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} {command = "ANKI_WAYLAND=1 anki";}
{ command = "ANKI_WAYLAND=1 anki";} {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} {command = "nm-applet";}
{ command = "nm-applet";}
]; ];
}; };
}; };

20
profiles/TEMPLATE/nixos.nix
View file

@ -1,17 +1,11 @@
{ pkgs, ... }: {pkgs, ...}: {
imports = [
{
imports =
[
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
services = { services = {
getty.autologinUser = "TEMPLATE"; getty.autologinUser = "TEMPLATE";
greetd.settings.initial_session.user="TEMPLATE"; greetd.settings.initial_session.user = "TEMPLATE";
}; };
# Bootloader # Bootloader
@ -73,7 +67,7 @@
}; };
monospace = { monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };
@ -84,9 +78,6 @@
}; };
}; };
# Configure keymap in X11 (only used for login) # Configure keymap in X11 (only used for login)
services.xserver = { services.xserver = {
layout = "us"; layout = "us";
@ -96,7 +87,7 @@
users.users.TEMPLATE = { users.users.TEMPLATE = {
isNormalUser = true; isNormalUser = true;
description = "TEMPLATE"; description = "TEMPLATE";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; []; packages = with pkgs; [];
}; };
@ -104,5 +95,4 @@
]; ];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
} }

458
profiles/common/home.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, fetchFromGitHub , ... }:
{ {
config,
pkgs,
fetchFromGitHub,
...
}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
# audio stuff # audio stuff
spek # spectrum analyzer spek # spectrum analyzer
losslessaudiochecker losslessaudiochecker
@ -18,13 +20,18 @@
simple-scan simple-scan
# dict # dict
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) (aspellWithDicts (dicts: with dicts; [de en en-computers en-science]))
# utilities # utilities
util-linux util-linux
nmap nmap
lsof lsof
# nix
alejandra
deadnix
statix
# local file sharing # local file sharing
wormhole-rs wormhole-rs
@ -142,28 +149,39 @@
# latex and related packages # latex and related packages
(pkgs.texlive.combine { (pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full inherit
dvisvgm dvipng # for preview and export as html (pkgs.texlive)
wrapfig amsmath ulem hyperref capt-of; scheme-full
dvisvgm
dvipng # for preview and export as html
wrapfig
amsmath
ulem
hyperref
capt-of
;
}) })
# font stuff # font stuff
(nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly"]; }) (nerdfonts.override {fonts = ["FiraMono" "FiraCode" "NerdFontsSymbolsOnly"];})
noto-fonts-emoji noto-fonts-emoji
font-awesome_5 font-awesome_5
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
# cura # cura
(let cura5 = appimageTools.wrapType2 rec { (let
cura5 = appimageTools.wrapType2 rec {
name = "cura5"; name = "cura5";
version = "5.4.0"; version = "5.4.0";
src = fetchurl { src = fetchurl {
url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
}; };
extraPkgs = pkgs: with pkgs; [ ]; extraPkgs = pkgs: with pkgs; [];
}; in writeScriptBin "cura" '' };
in
writeScriptBin "cura" ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash
# AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
# So we convert each of the files passed as argument to an absolute path. # So we convert each of the files passed as argument to an absolute path.
@ -216,7 +234,7 @@
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "pass-fuzzel"; name = "pass-fuzzel";
runtimeInputs = [ pkgs.pass pkgs.fuzzel ]; runtimeInputs = [pkgs.pass pkgs.fuzzel];
text = '' text = ''
shopt -s nullglob globstar shopt -s nullglob globstar
@ -247,7 +265,7 @@
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "pass-fuzzel-otp"; name = "pass-fuzzel-otp";
runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))]; runtimeInputs = [pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))];
text = '' text = ''
shopt -s nullglob globstar shopt -s nullglob globstar
@ -278,7 +296,7 @@
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "cdw"; name = "cdw";
runtimeInputs = [ pkgs.fzf ]; runtimeInputs = [pkgs.fzf];
text = '' text = ''
cd "$(git worktree list | fzf | awk '{print $1}')" cd "$(git worktree list | fzf | awk '{print $1}')"
''; '';
@ -286,7 +304,7 @@
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "cdb"; name = "cdb";
runtimeInputs = [ pkgs.fzf ]; runtimeInputs = [pkgs.fzf];
text = '' text = ''
git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')"
''; '';
@ -298,10 +316,9 @@
cp "$1"{,.bak} cp "$1"{,.bak}
''; '';
}) })
];
]; sops = {
sops = {
defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = { secrets = {
@ -311,9 +328,9 @@ sops = {
swarselmail = {path = "/run/user/1000/secrets/swarselmail";}; swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";}; caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
}; };
}; };
programs.ssh= { programs.ssh = {
enable = true; enable = true;
extraConfig = "SetEnv TERM=xterm-256color"; extraConfig = "SetEnv TERM=xterm-256color";
matchBlocks = { matchBlocks = {
@ -442,18 +459,17 @@ programs.ssh= {
}; };
}; };
}; };
}; };
stylix.targets.emacs.enable = false; stylix.targets.emacs.enable = false;
xdg.desktopEntries = {
xdg.desktopEntries = {
cura = { cura = {
name = "Ultimaker Cura"; name = "Ultimaker Cura";
genericName = "Cura"; genericName = "Cura";
exec = "cura"; exec = "cura";
terminal = false; terminal = false;
categories = [ "Application"]; categories = ["Application"];
}; };
anki = { anki = {
@ -461,7 +477,7 @@ xdg.desktopEntries = {
genericName = "Anki"; genericName = "Anki";
exec = "anki"; exec = "anki";
terminal = false; terminal = false;
categories = [ "Application"]; categories = ["Application"];
}; };
# schlidichat = { # schlidichat = {
@ -477,7 +493,7 @@ xdg.desktopEntries = {
genericName = "Element"; genericName = "Element";
exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
terminal = false; terminal = false;
categories = [ "Application"]; categories = ["Application"];
}; };
emacsclient-newframe = { emacsclient-newframe = {
@ -486,12 +502,11 @@ xdg.desktopEntries = {
exec = "emacsclient -r %u"; exec = "emacsclient -r %u";
icon = "emacs"; icon = "emacs";
terminal = false; terminal = false;
categories = [ "Development" "TextEditor"]; categories = ["Development" "TextEditor"];
};
}; };
}; home.file = {
home.file = {
"init.el" = { "init.el" = {
source = ../../programs/emacs/init.el; source = ../../programs/emacs/init.el;
target = ".emacs.d/init.el"; target = ".emacs.d/init.el";
@ -509,18 +524,18 @@ home.file = {
source = ../../programs/git/.gitmessage; source = ../../programs/git/.gitmessage;
target = ".gitmessage"; target = ".gitmessage";
}; };
}; };
xdg.configFile = { xdg.configFile = {
"tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc; "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc;
"tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css; "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css;
}; };
home.sessionVariables = { home.sessionVariables = {
EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; EDITOR = "bash ~/.dotfiles/scripts/editor.sh";
}; };
programs = { programs = {
bottom.enable = true; bottom.enable = true;
imv.enable = true; imv.enable = true;
sioyek.enable = true; sioyek.enable = true;
@ -536,19 +551,19 @@ programs = {
pandoc.enable = true; pandoc.enable = true;
fzf.enable = true; fzf.enable = true;
zoxide.enable = true; zoxide.enable = true;
}; };
programs.password-store = { programs.password-store = {
enable = true; enable = true;
package = pkgs.pass.withExtensions (exts: [exts.pass-otp]); package = pkgs.pass.withExtensions (exts: [exts.pass-otp]);
}; };
programs.direnv = { programs.direnv = {
enable = true; enable = true;
nix-direnv.enable = true; nix-direnv.enable = true;
}; };
programs.eza = { programs.eza = {
enable = true; enable = true;
icons = true; icons = true;
git = true; git = true;
@ -556,9 +571,9 @@ programs.eza = {
"-l" "-l"
"--group-directories-first" "--group-directories-first"
]; ];
}; };
programs.git = { programs.git = {
enable = true; enable = true;
aliases = { aliases = {
a = "add"; a = "add";
@ -593,9 +608,9 @@ programs.git = {
}; };
} }
]; ];
}; };
programs.fuzzel = { programs.fuzzel = {
enable = true; enable = true;
settings = { settings = {
main = { main = {
@ -605,9 +620,9 @@ programs.fuzzel = {
}; };
border.radius = "0"; border.radius = "0";
}; };
}; };
programs.starship = { programs.starship = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
settings = { settings = {
@ -709,9 +724,9 @@ programs.starship = {
rust.symbol = " "; rust.symbol = " ";
scala.symbol = " "; scala.symbol = " ";
}; };
}; };
programs.kitty = { programs.kitty = {
enable = true; enable = true;
keybindings = { keybindings = {
"ctrl+shift+left" = "no_op"; "ctrl+shift+left" = "no_op";
@ -719,9 +734,9 @@ programs.kitty = {
"ctrl+shift+home" = "no_op"; "ctrl+shift+home" = "no_op";
"ctrl+shift+end" = "no_op"; "ctrl+shift+end" = "no_op";
}; };
}; };
programs.zsh = { programs.zsh = {
enable = true; enable = true;
shellAliases = { shellAliases = {
hg = "history | grep"; hg = "history | grep";
@ -729,13 +744,13 @@ programs.zsh = {
nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org";
magit = "emacsclient -nc -e \"(magit-status)\""; magit = "emacsclient -nc -e \"(magit-status)\"";
config="git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g="git"; g = "git";
c="git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/";
passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
passpull = "cd ~/.local/share/password-store; git pull; cd -;"; passpull = "cd ~/.local/share/password-store; git pull; cd -;";
hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
cd="z"; cd = "z";
cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
}; };
autosuggestion.enable = true; autosuggestion.enable = true;
@ -768,23 +783,23 @@ programs.zsh = {
bindkey "^[[1;5D" backward-word bindkey "^[[1;5D" backward-word
bindkey "^[[1;5C" forward-word bindkey "^[[1;5C" forward-word
''; '';
}; };
programs.mbsync = { programs.mbsync = {
enable = true; enable = true;
}; };
# this is needed so that mbsync can use the passwords from sops # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
programs.msmtp = { programs.msmtp = {
enable = true; enable = true;
}; };
programs.mu = { programs.mu = {
enable = true; enable = true;
}; };
accounts.email = { accounts.email = {
maildirBasePath = "Mail"; maildirBasePath = "Mail";
accounts.leon = { accounts.leon = {
primary = true; primary = true;
@ -805,7 +820,7 @@ accounts.email = {
}; };
mbsync = { mbsync = {
enable = true; enable = true;
create= "maildir"; create = "maildir";
expunge = "both"; expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
extraConfig = { extraConfig = {
@ -855,7 +870,7 @@ accounts.email = {
mu.enable = true; mu.enable = true;
mbsync = { mbsync = {
enable = true; enable = true;
create= "maildir"; create = "maildir";
expunge = "both"; expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
extraConfig = { extraConfig = {
@ -882,7 +897,7 @@ accounts.email = {
mu.enable = true; mu.enable = true;
mbsync = { mbsync = {
enable = true; enable = true;
create= "maildir"; create = "maildir";
expunge = "both"; expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
extraConfig = { extraConfig = {
@ -896,11 +911,11 @@ accounts.email = {
}; };
}; };
}; };
}; };
# enable emacs overlay for bleeding edge features # enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages # also read init.el file and install use-package packages
programs.emacs = { programs.emacs = {
enable = true; enable = true;
package = pkgs.emacsWithPackagesFromUsePackage { package = pkgs.emacsWithPackagesFromUsePackage {
config = ../../programs/emacs/init.el; config = ../../programs/emacs/init.el;
@ -925,7 +940,7 @@ programs.emacs = {
rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
}; };
packageRequires = [ epkgs.howm ]; packageRequires = [epkgs.howm];
}) })
(epkgs.trivialBuild rec { (epkgs.trivialBuild rec {
@ -939,28 +954,26 @@ programs.emacs = {
}; };
packageRequires = []; packageRequires = [];
}) })
]; ];
}; };
}; };
programs.waybar = {
programs.waybar = {
enable = true; enable = true;
# systemd.enable = true; # systemd.enable = true;
settings = { settings = {
mainBar = { mainBar = {
layer = "top"; layer = "top";
position = "top"; position = "top";
modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"]; modules-left = ["sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"];
modules-center = [ "sway/mode" "custom/configwarn" ]; modules-center = ["sway/mode" "custom/configwarn"];
"sway/mode" = { "sway/mode" = {
format = "<span style=\"italic\" font-weight=\"bold\">{}</span>"; format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
}; };
"custom/configwarn" = { "custom/configwarn" = {
exec= "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh";
interval= 60; interval = 60;
}; };
"group/hardware" = { "group/hardware" = {
@ -983,14 +996,14 @@ programs.waybar = {
}; };
power-profiles-daemon = { power-profiles-daemon = {
format= "{icon}"; format = "{icon}";
tooltip-format= "Power profile: {profile}\nDriver: {driver}"; tooltip-format = "Power profile: {profile}\nDriver: {driver}";
tooltip= true; tooltip = true;
format-icons= { format-icons = {
"default"= ""; "default" = "";
"performance"= ""; "performance" = "";
"balanced"= ""; "balanced" = "";
"power-saver"= ""; "power-saver" = "";
}; };
}; };
@ -998,19 +1011,18 @@ programs.waybar = {
critical-threshold = 80; critical-threshold = 80;
format-critical = " {temperatureC}°C"; format-critical = " {temperatureC}°C";
format = " {temperatureC}°C"; format = " {temperatureC}°C";
}; };
mpris = { mpris = {
format= "{player_icon} {title} <small>[{position}/{length}]</small>"; format = "{player_icon} {title} <small>[{position}/{length}]</small>";
format-paused= "{player_icon} <i>{title} <small>[{position}/{length}]</small></i>"; format-paused = "{player_icon} <i>{title} <small>[{position}/{length}]</small></i>";
player-icons= { player-icons = {
"default" = " "; "default" = " ";
"mpv" = "🎵 "; "mpv" = "🎵 ";
"spotify" = " "; "spotify" = " ";
}; };
status-icons= { status-icons = {
"paused"= " "; "paused" = " ";
}; };
interval = 1; interval = 1;
title-len = 20; title-len = 20;
@ -1021,121 +1033,120 @@ programs.waybar = {
format = ""; format = "";
tooltip = false; tooltip = false;
}; };
"custom/outer-left-arrow-dark"= { "custom/outer-left-arrow-dark" = {
format = ""; format = "";
tooltip = false; tooltip = false;
}; };
"custom/left-arrow-light"= { "custom/left-arrow-light" = {
format= ""; format = "";
tooltip= false; tooltip = false;
}; };
"custom/right-arrow-dark"= { "custom/right-arrow-dark" = {
format= ""; format = "";
tooltip= false; tooltip = false;
}; };
"custom/outer-right-arrow-dark"= { "custom/outer-right-arrow-dark" = {
format= ""; format = "";
tooltip= false; tooltip = false;
}; };
"custom/right-arrow-light"= { "custom/right-arrow-light" = {
format= ""; format = "";
tooltip= false; tooltip = false;
}; };
"sway/workspaces"= { "sway/workspaces" = {
disable-scroll= true; disable-scroll = true;
format= "{name}"; format = "{name}";
}; };
"clock#1"= { "clock#1" = {
min-length= 8; min-length = 8;
interval= 1; interval = 1;
format= "{:%H:%M:%S}"; format = "{:%H:%M:%S}";
# on-click-right= "gnome-clocks"; # on-click-right= "gnome-clocks";
tooltip-format= "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"; tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
}; };
"clock#2"= { "clock#2" = {
format= "{:%d. %B %Y}"; format = "{:%d. %B %Y}";
# on-click-right= "gnome-clocks"; # on-click-right= "gnome-clocks";
tooltip-format= "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"; tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
}; };
pulseaudio= { pulseaudio = {
format= "{icon} {volume:2}%"; format = "{icon} {volume:2}%";
format-bluetooth= "{icon} {volume}%"; format-bluetooth = "{icon} {volume}%";
format-muted= "MUTE"; format-muted = "MUTE";
format-icons= { format-icons = {
headphones= ""; headphones = "";
default= [ default = [
"" ""
"" ""
]; ];
}; };
scroll-step= 1; scroll-step = 1;
on-click= "pamixer -t"; on-click = "pamixer -t";
on-click-right= "pavucontrol"; on-click-right = "pavucontrol";
}; };
memory= { memory = {
interval= 5; interval = 5;
format= " {}%"; format = " {}%";
tooltip-format= "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G";
}; };
cpu= { cpu = {
min-length= 6; min-length = 6;
interval= 5; interval = 5;
format-icons = ["" "" "" "" "" "" "" ""]; format-icons = ["" "" "" "" "" "" "" ""];
# on-click-right= "com.github.stsdc.monitor"; # on-click-right= "com.github.stsdc.monitor";
on-click-right= "kitty -o confirm_os_window_close=0 btm"; on-click-right = "kitty -o confirm_os_window_close=0 btm";
}; };
battery= { battery = {
states= { states = {
"warning"= 60; "warning" = 60;
"error"= 30; "error" = 30;
"critical"= 15; "critical" = 15;
}; };
interval=5; interval = 5;
format= "{icon} {capacity}%"; format = "{icon} {capacity}%";
format-charging= "{capacity}% "; format-charging = "{capacity}% ";
format-plugged= "{capacity}% "; format-plugged = "{capacity}% ";
format-icons= [ format-icons = [
"" ""
"" ""
"" ""
"" ""
"" ""
]; ];
on-click-right= "wlogout -p layer-shell"; on-click-right = "wlogout -p layer-shell";
}; };
disk= { disk = {
interval= 30; interval = 30;
format= "Disk {percentage_used:2}%"; format = "Disk {percentage_used:2}%";
path= "/"; path = "/";
states= { states = {
"warning"= 80; "warning" = 80;
"critical"= 90; "critical" = 90;
}; };
tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)";
}; };
tray= { tray = {
icon-size= 20; icon-size = 20;
}; };
network= { network = {
interval = 5; interval = 5;
format-wifi= "{signalStrength}% "; format-wifi = "{signalStrength}% ";
format-ethernet= ""; format-ethernet = "";
format-linked= "{ifname} (No IP) "; format-linked = "{ifname} (No IP) ";
format-disconnected= "Disconnected "; format-disconnected = "Disconnected ";
format-alt= "{ifname}: {ipaddr}/{cidr}"; format-alt = "{ifname}: {ipaddr}/{cidr}";
tooltip-format-ethernet= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n{bandwidthUpBytes} {bandwidthDownBytes}"; tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n{bandwidthUpBytes} {bandwidthDownBytes}";
tooltip-format-wifi= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n{bandwidthUpBytes} {bandwidthDownBytes}"; tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n{bandwidthUpBytes} {bandwidthDownBytes}";
}; };
}; };
}; };
style = builtins.readFile ../../programs/waybar/style.css; style = builtins.readFile ../../programs/waybar/style.css;
}; };
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox.override { package = pkgs.firefox.override {
nativeMessagingHosts = [ nativeMessagingHosts = [
@ -1181,82 +1192,103 @@ programs.firefox = {
search.engines = { search.engines = {
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [
{
template = "https://search.nixos.org/packages"; template = "https://search.nixos.org/packages";
params = [ params = [
{ name = "type"; value = "packages"; } {
{ name = "query"; value = "{searchTerms}"; } name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
]; ];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ]; definedAliases = ["@np"];
}; };
"NixOS Wiki" = { "NixOS Wiki" = {
urls = [{ urls = [
{
template = "https://nixos.wiki/index.php?search={searchTerms}"; template = "https://nixos.wiki/index.php?search={searchTerms}";
}]; }
];
iconUpdateURL = "https://nixos.wiki/favicon.png"; iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ]; definedAliases = ["@nw"];
}; };
"NixOS Options" = { "NixOS Options" = {
urls = [{ urls = [
{
template = "https://search.nixos.org/options"; template = "https://search.nixos.org/options";
params = [ params = [
{ name = "query"; value = "{searchTerms}"; } {
name = "query";
value = "{searchTerms}";
}
];
}
]; ];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@no" ]; definedAliases = ["@no"];
}; };
"Home Manager Options" = { "Home Manager Options" = {
urls = [{ template = "https://home-manager-options.extranix.com/"; urls = [
{
template = "https://home-manager-options.extranix.com/";
params = [ params = [
{ name = "query"; value = "{searchTerms}"; } {
name = "query";
value = "{searchTerms}";
}
];
}
]; ];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@hm" "@ho" "@hmo" ]; definedAliases = ["@hm" "@ho" "@hmo"];
}; };
"Google".metaData.alias = "@g"; "Google".metaData.alias = "@g";
}; };
search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
}; };
}; };
services.gnome-keyring = { services.gnome-keyring = {
enable = true; enable = true;
}; };
services.mbsync = { services.mbsync = {
enable = true; enable = true;
}; };
services.kdeconnect = { services.kdeconnect = {
enable = true; enable = true;
indicator = true; indicator = true;
}; };
services.syncthing = { services.syncthing = {
enable = true; enable = true;
tray = { tray = {
enable = false; # we enable this by installing the syncthingtray package instead, it works better. enable = false; # we enable this by installing the syncthingtray package instead, it works better.
}; };
}; };
services.emacs = { services.emacs = {
enable = true; enable = true;
# socketActivation.enable = false; # socketActivation.enable = false;
# startWithUserSession = "graphical"; # startWithUserSession = "graphical";
}; };
services.mako = { services.mako = {
enable = true; enable = true;
# backgroundColor = "#2e3440"; # backgroundColor = "#2e3440";
# borderColor = "#88c0d0"; # borderColor = "#88c0d0";
@ -1282,9 +1314,9 @@ default-timeout=3000
default-timeout=2000 default-timeout=2000
group-by=category group-by=category
"; ";
}; };
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
checkConfig = false; # delete this line once SwayFX is fixed upstream checkConfig = false; # delete this line once SwayFX is fixed upstream
package = pkgs.swayfx; package = pkgs.swayfx;
@ -1297,7 +1329,7 @@ wayland.windowManager.sway = {
modifier = "Mod4"; modifier = "Mod4";
terminal = "kitty"; terminal = "kitty";
menu = "fuzzel"; menu = "fuzzel";
bars = [{ command = "waybar";}]; bars = [{command = "waybar";}];
keybindings = let keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
@ -1381,15 +1413,15 @@ wayland.windowManager.sway = {
}; };
defaultWorkspace = "workspace 1:"; defaultWorkspace = "workspace 1:";
startup = [ startup = [
{ command = "kitty -T kittyterm";} {command = "kitty -T kittyterm";}
{ command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";} {command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";}
]; ];
window = { window = {
border = 1; border = 1;
titlebar = false; titlebar = false;
}; };
assigns = { assigns = {
"1:" = [{ app_id = "firefox"; }]; "1:" = [{app_id = "firefox";}];
}; };
floating = { floating = {
border = 1; border = 1;
@ -1442,19 +1474,19 @@ wayland.windowManager.sway = {
{ {
command = "sticky enable, shadows enable"; command = "sticky enable, shadows enable";
criteria = { criteria = {
title="^Picture-in-Picture$"; title = "^Picture-in-Picture$";
}; };
} }
{ {
command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; command = "opacity 0.8, sticky enable, border normal, move container to scratchpad";
criteria = { criteria = {
title="^kittyterm$"; title = "^kittyterm$";
}; };
} }
{ {
command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; command = "opacity 0.95, sticky enable, border normal, move container to scratchpad";
criteria = { criteria = {
title="^spotifytui$"; title = "^spotifytui$";
}; };
} }
# { # {
@ -1465,10 +1497,9 @@ wayland.windowManager.sway = {
# }; # };
# } # }
{ {
command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
criteria = { criteria = {
class="Spotify"; class = "Spotify";
}; };
} }
{ {
@ -1495,7 +1526,7 @@ wayland.windowManager.sway = {
inner = 5; inner = 5;
}; };
}; };
extraSessionCommands ='' extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland export SDL_VIDEODRIVER=wayland
export QT_QPA_PLATFORM=wayland export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
@ -1510,7 +1541,7 @@ wayland.windowManager.sway = {
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
# exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
# "; # ";
extraConfig =let extraConfig = let
inherit (config.wayland.windowManager.sway.config) modifier; inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = " swayfxSettings = "
blur enable blur enable
@ -1544,6 +1575,5 @@ wayland.windowManager.sway = {
${swayfxSettings} ${swayfxSettings}
"; ";
}; };
} }

177
profiles/common/nixos.nix
View file

@ -1,23 +1,26 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
}; };
services.xserver = { services.xserver = {
xkb = { xkb = {
layout = "us"; layout = "us";
variant = "altgr-intl"; variant = "altgr-intl";
}; };
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
users.mutableUsers = false; users.mutableUsers = false;
environment = { environment = {
wordlist.enable = true; wordlist.enable = true;
sessionVariables = { sessionVariables = {
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";
@ -28,41 +31,41 @@ environment = {
gst-libav gst-libav
]); ]);
}; };
}; };
# gstreamer plugins for nautilus (used for file metadata) # gstreamer plugins for nautilus (used for file metadata)
time.hardwareClockInLocalTime = true; time.hardwareClockInLocalTime = true;
# dont style GRUB with stylix # dont style GRUB with stylix
stylix.targets.grub.enable = false; # the styling makes grub more ugly stylix.targets.grub.enable = false; # the styling makes grub more ugly
security.polkit.enable = true; security.polkit.enable = true;
nix.gc = { nix.gc = {
automatic = true; automatic = true;
randomizedDelaySec = "14m"; randomizedDelaySec = "14m";
dates = "weekly"; dates = "weekly";
options = "--delete-older-than 10d"; options = "--delete-older-than 10d";
}; };
nix.optimise = { nix.optimise = {
automatic = true; automatic = true;
dates = [ "weekly" ]; dates = ["weekly"];
}; };
# systemd # systemd
systemd.extraConfig = '' systemd.extraConfig = ''
DefaultTimeoutStartSec=60s DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec=15s DefaultTimeoutStopSec=15s
''; '';
hardware = { hardware = {
graphics = { graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
}; };
pulseaudio= { pulseaudio = {
enable = true; enable = true;
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
@ -77,9 +80,9 @@ hardware = {
}; };
}; };
}; };
}; };
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
ensureProfiles = { ensureProfiles = {
environmentFiles = [ environmentFiles = [
@ -124,12 +127,12 @@ networking.networkmanager = {
cloned-mac-address = "preserve"; cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87"; mac-address = "90:2E:16:D0:A1:87";
}; };
ipv4 = { method = "shared"; }; ipv4 = {method = "shared";};
ipv6 = { ipv6 = {
addr-gen-mode = "stable-privacy"; addr-gen-mode = "stable-privacy";
method = "auto"; method = "auto";
}; };
proxy = { }; proxy = {};
}; };
eduroam = { eduroam = {
@ -143,12 +146,12 @@ networking.networkmanager = {
id = "eduroam"; id = "eduroam";
type = "wifi"; type = "wifi";
}; };
ipv4 = { method = "auto"; }; ipv4 = {method = "auto";};
ipv6 = { ipv6 = {
addr-gen-mode = "default"; addr-gen-mode = "default";
method = "auto"; method = "auto";
}; };
proxy = { }; proxy = {};
wifi = { wifi = {
mode = "infrastructure"; mode = "infrastructure";
ssid = "eduroam"; ssid = "eduroam";
@ -165,7 +168,7 @@ networking.networkmanager = {
id = "local"; id = "local";
type = "ethernet"; type = "ethernet";
}; };
ethernet = { }; ethernet = {};
ipv4 = { ipv4 = {
address1 = "10.42.1.1/24"; address1 = "10.42.1.1/24";
method = "shared"; method = "shared";
@ -174,7 +177,7 @@ networking.networkmanager = {
addr-gen-mode = "stable-privacy"; addr-gen-mode = "stable-privacy";
method = "auto"; method = "auto";
}; };
proxy = { }; proxy = {};
}; };
HH40V_39F5 = { HH40V_39F5 = {
@ -182,12 +185,12 @@ networking.networkmanager = {
id = "HH40V_39F5"; id = "HH40V_39F5";
type = "wifi"; type = "wifi";
}; };
ipv4 = { method = "auto"; }; ipv4 = {method = "auto";};
ipv6 = { ipv6 = {
addr-gen-mode = "stable-privacy"; addr-gen-mode = "stable-privacy";
method = "auto"; method = "auto";
}; };
proxy = { }; proxy = {};
wifi = { wifi = {
band = "bg"; band = "bg";
mode = "infrastructure"; mode = "infrastructure";
@ -204,12 +207,12 @@ networking.networkmanager = {
id = "magicant"; id = "magicant";
type = "wifi"; type = "wifi";
}; };
ipv4 = { method = "auto"; }; ipv4 = {method = "auto";};
ipv6 = { ipv6 = {
addr-gen-mode = "default"; addr-gen-mode = "default";
method = "auto"; method = "auto";
}; };
proxy = { }; proxy = {};
wifi = { wifi = {
mode = "infrastructure"; mode = "infrastructure";
ssid = "magicant"; ssid = "magicant";
@ -227,16 +230,15 @@ networking.networkmanager = {
id = "PIA Sweden"; id = "PIA Sweden";
type = "vpn"; type = "vpn";
}; };
ipv4 = { method = "auto"; }; ipv4 = {method = "auto";};
ipv6 = { ipv6 = {
addr-gen-mode = "stable-privacy"; addr-gen-mode = "stable-privacy";
method = "auto"; method = "auto";
}; };
proxy = { }; proxy = {};
vpn = { vpn = {
auth = "sha1"; auth = "sha1";
ca = ca = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
"${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
challenge-response-flags = "2"; challenge-response-flags = "2";
cipher = "aes-128-cbc"; cipher = "aes-128-cbc";
compress = "yes"; compress = "yes";
@ -250,7 +252,7 @@ networking.networkmanager = {
service-type = "org.freedesktop.NetworkManager.openvpn"; service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER"; username = "$VPNUSER";
}; };
vpn-secrets = { password = "$VPNPASS"; }; vpn-secrets = {password = "$VPNPASS";};
}; };
Hotspot = { Hotspot = {
@ -259,12 +261,12 @@ networking.networkmanager = {
id = "Hotspot"; id = "Hotspot";
type = "wifi"; type = "wifi";
}; };
ipv4 = { method = "shared"; }; ipv4 = {method = "shared";};
ipv6 = { ipv6 = {
addr-gen-mode = "default"; addr-gen-mode = "default";
method = "ignore"; method = "ignore";
}; };
proxy = { }; proxy = {};
wifi = { wifi = {
mode = "ap"; mode = "ap";
ssid = "Hotspot-fourside"; ssid = "Hotspot-fourside";
@ -277,16 +279,15 @@ networking.networkmanager = {
psk = "$HOTSPOT"; psk = "$HOTSPOT";
}; };
}; };
}; };
}; };
}; };
systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; systemd.services.NetworkManager-ensure-profiles.after = ["NetworkManager.service"];
time.timeZone = "Europe/Vienna"; time.timeZone = "Europe/Vienna";
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8"; LC_ADDRESS = "de_AT.UTF-8";
@ -299,10 +300,9 @@ i18n = {
LC_TELEPHONE = "de_AT.UTF-8"; LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8"; LC_TIME = "de_AT.UTF-8";
}; };
}; };
sops = {
sops = {
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
@ -329,9 +329,9 @@ sops = {
VPNPASS=${config.sops.placeholder.vpnpass} VPNPASS=${config.sops.placeholder.vpnpass}
''; '';
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# yubikey packages # yubikey packages
gnupg gnupg
yubikey-personalization yubikey-personalization
@ -383,7 +383,7 @@ environment.systemPackages = with pkgs; [
#lsp-bridge / python #lsp-bridge / python
gcc gcc
gdb gdb
(python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) (python3.withPackages (ps: with ps; [jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# -------------------------------------------- # --------------------------------------------
@ -405,56 +405,54 @@ environment.systemPackages = with pkgs; [
tar xvf $src -C $out/ tar xvf $src -C $out/
mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
''; '';
}) })
];
]; programs = {
programs = {
dconf.enable = true; dconf.enable = true;
evince.enable = true; evince.enable = true;
kdeconnect.enable = true; kdeconnect.enable = true;
}; };
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ]; environment.shells = with pkgs; [zsh];
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = ["/share/zsh"];
services.blueman.enable = true; services.blueman.enable = true;
# enable scanners over network # enable scanners over network
hardware.sane = { hardware.sane = {
enable = true; enable = true;
extraBackends = [ pkgs.sane-airscan ]; extraBackends = [pkgs.sane-airscan];
}; };
# enable discovery and usage of network devices (esp. printers) # enable discovery and usage of network devices (esp. printers)
services.printing = { services.printing = {
enable = true; enable = true;
drivers = [ drivers = [
pkgs.gutenprint pkgs.gutenprint
pkgs.gutenprintBin pkgs.gutenprintBin
]; ];
browsedConf = '' browsedConf = ''
BrowseDNSSDSubTypes _cups,_print BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all BrowseLocalProtocols all
BrowseRemoteProtocols all BrowseRemoteProtocols all
CreateIPPPrinterQueues All CreateIPPPrinterQueues All
BrowseProtocols all BrowseProtocols all
''; '';
}; };
services.avahi = { services.avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
openFirewall = true; openFirewall = true;
}; };
services.gvfs.enable = true; services.gvfs.enable = true;
# Make CAPS work as a dual function ESC/CTRL key # Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = { services.interception-tools = {
enable = true; enable = true;
udevmonConfig = let udevmonConfig = let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
@ -476,20 +474,20 @@ services.interception-tools = {
EVENTS: EVENTS:
EV_KEY: [KEY_CAPSLOCK] EV_KEY: [KEY_CAPSLOCK]
''; '';
}; };
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
services.pcscd.enable = true; services.pcscd.enable = true;
hardware.ledger.enable = true; hardware.ledger.enable = true;
services.udev.packages = with pkgs; [ services.udev.packages = with pkgs; [
yubikey-personalization yubikey-personalization
ledger-udev-rules ledger-udev-rules
]; ];
services.greetd = { services.greetd = {
enable = true; enable = true;
settings = { settings = {
initial_session.command = "sway"; initial_session.command = "sway";
@ -502,10 +500,9 @@ services.greetd = {
--cmd sway --cmd sway
''; '';
}; };
}; };
environment.etc."greetd/environments".text = '' environment.etc."greetd/environments".text = ''
sway sway
''; '';
} }

31
profiles/fourside/hardware-configuration.nix
View file

@ -1,30 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26"; device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/BC7A-F7D9"; device = "/dev/disk/by-uuid/BC7A-F7D9";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a"; } {device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

48
profiles/fourside/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
@ -24,7 +24,7 @@
packages = with pkgs; [ packages = with pkgs; [
]; ];
}; };
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
# waybar config - TEMPLATE - update for cores and temp # waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = { programs.waybar.settings.mainBar = {
@ -34,8 +34,8 @@
temperature.input-filename = "temp1_input"; temperature.input-filename = "temp1_input";
}; };
programs.waybar.settings.mainBar.modules-right = [
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" "custom/outer-left-arrow-dark"
"mpris" "mpris"
"custom/left-arrow-light" "custom/left-arrow-light"
"network" "network"
@ -52,8 +52,7 @@
"clock#1" "clock#1"
]; ];
wayland.windowManager.sway = {
wayland.windowManager.sway= {
config = rec { config = rec {
# update for actual inputs here, # update for actual inputs here,
input = { input = {
@ -61,7 +60,8 @@
xkb_layout = "us"; xkb_layout = "us";
xkb_variant = "altgr-intl"; xkb_variant = "altgr-intl";
}; };
"1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE "1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us"; xkb_layout = "us";
xkb_options = "grp:win_space_toggle"; xkb_options = "grp:win_space_toggle";
xkb_variant = "altgr-intl"; xkb_variant = "altgr-intl";
@ -72,7 +72,6 @@
natural_scroll = "enabled"; natural_scroll = "enabled";
middle_emulation = "enabled"; middle_emulation = "enabled";
}; };
}; };
output = { output = {
@ -91,17 +90,22 @@
}; };
workspaceOutputAssign = [ workspaceOutputAssign = [
{ output = "eDP-1"; workspace = "1:";} {
{ output = "DP-4"; workspace = "2:";} output = "eDP-1";
workspace = "1:";
}
{
output = "DP-4";
workspace = "2:";
}
]; ];
keybindings = let keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown"= "exec brightnessctl set 5%-"; "XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
"XF86Display" = "exec wl-mirror eDP-1"; "XF86Display" = "exec wl-mirror eDP-1";
# these are left open to use # these are left open to use
# "XF86WLAN" = "exec wl-mirror eDP-1"; # "XF86WLAN" = "exec wl-mirror eDP-1";
@ -115,14 +119,12 @@
}; };
startup = [ startup = [
{command = "nextcloud --background";}
{ command = "nextcloud --background";} {command = "discord --start-minimized";}
{ command = "discord --start-minimized";} {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} {command = "ANKI_WAYLAND=1 anki";}
{ command = "ANKI_WAYLAND=1 anki";} {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} {command = "nm-applet";}
{ command = "nm-applet";}
]; ];
}; };
}; };

47
profiles/fourside/nixos.nix
View file

@ -1,21 +1,21 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
# #
# imports = # imports =
# [ # [
# ./hardware-configuration.nix # ./hardware-configuration.nix
# ]; # ];
# #
imports = imports = [
[
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
services = { services = {
getty.autologinUser = "swarsel"; getty.autologinUser = "swarsel";
greetd.settings.initial_session.user="swarsel"; greetd.settings.initial_session.user = "swarsel";
}; };
boot = { boot = {
@ -24,7 +24,7 @@
# kernelPackages = pkgs.linuxPackages_latest; # kernelPackages = pkgs.linuxPackages_latest;
}; };
sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ]; sops.age.sshKeyPaths = ["${config.users.users.swarsel.home}/.ssh/sops"];
networking = { networking = {
hostName = "fourside"; # Define your hostname. hostName = "fourside"; # Define your hostname.
@ -33,15 +33,27 @@
firewall.checkReversePath = false; firewall.checkReversePath = false;
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedUDPPorts = [4380 27036 14242 34197 51820]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedTCPPorts = []; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{from = 27015; to = 27030;} # barotrauma {
{from = 27036; to = 27037;} # barotrauma from = 27015;
to = 27030;
} # barotrauma
{
from = 27036;
to = 27037;
} # barotrauma
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{from = 27000; to = 27031;} # barotrauma {
{from = 58962; to = 58964;} # barotrauma from = 27000;
to = 27031;
} # barotrauma
{
from = 58962;
to = 58964;
} # barotrauma
]; ];
}; };
}; };
@ -94,7 +106,7 @@
}; };
monospace = { monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };
@ -105,9 +117,6 @@
}; };
}; };
hardware = { hardware = {
graphics = { graphics = {
enable = true; enable = true;
@ -153,7 +162,7 @@
isNormalUser = true; isNormalUser = true;
description = "Leon S"; description = "Leon S";
hashedPasswordFile = config.sops.secrets.swarseluser.path; hashedPasswordFile = config.sops.secrets.swarseluser.path;
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; []; packages = with pkgs; [];
}; };
@ -168,6 +177,4 @@
]; ];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

5
profiles/mysticant/configuration.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
environment.packages = with pkgs; [ environment.packages = with pkgs; [
vim vim
git git
@ -18,5 +16,4 @@
nix.extraOptions = '' nix.extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
} }

20
profiles/remote/oracle/matrix/hardware-configuration.nix
View file

@ -1,14 +1,18 @@
{ modulesPath, ... }: {modulesPath, ...}: {
{ imports = [(modulesPath + "/profiles/qemu-guest.nix")];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = { boot.loader.grub = {
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
}; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/A1B2-7E6F"; fsType = "vfat"; }; fileSystems."/boot" = {
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; device = "/dev/disk/by-uuid/A1B2-7E6F";
boot.initrd.kernelModules = [ "nvme" ]; fsType = "vfat";
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; }; };
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = {
device = "/dev/mapper/ocivolume-root";
fsType = "xfs";
};
} }

40
profiles/remote/oracle/matrix/nixos.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, sops, ... }: let {
config,
pkgs,
sops,
...
}: let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -23,16 +27,16 @@ in {
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = { secrets = {
dnstokenfull = {owner="acme";}; dnstokenfull = {owner = "acme";};
matrixsharedsecret = {owner="matrix-synapse";}; matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner="matrix-synapse";}; mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner="matrix-synapse";}; mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner="matrix-synapse";}; mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner="matrix-synapse";}; mautrixtelegram_api_hash = {owner = "matrix-synapse";};
}; };
templates = { templates = {
"certs.secret".content = '' "certs.secret".content = ''
@ -78,7 +82,6 @@ in {
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
virtualHosts = { virtualHosts = {
"swatrix.swarsel.win" = { "swatrix.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -164,14 +167,15 @@ in {
public_baseurl = "https://${matrixDomain}"; public_baseurl = "https://${matrixDomain}";
}; };
listeners = [ listeners = [
{ port = 8008; {
bind_addresses = [ "0.0.0.0" ]; port = 8008;
bind_addresses = ["0.0.0.0"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ resources = [
{ {
names = [ "client" "federation" ]; names = ["client" "federation"];
compress = true; compress = true;
} }
]; ];
@ -191,7 +195,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address= "http://localhost:29317"; address = "http://localhost:29317";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = "29317"; port = "29317";
provisioning.enabled = true; provisioning.enabled = true;
@ -240,7 +244,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address= "http://localhost:29318"; address = "http://localhost:29318";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = 29318; port = 29318;
database = { database = {
@ -287,8 +291,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address = "http://localhost:29328";
address= "http://localhost:29328";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = 29328; port = 29328;
database = { database = {
@ -314,7 +317,7 @@ in {
# messages out after a while. # messages out after a while.
systemd.timers."restart-bridges" = { systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ]; wantedBy = ["timers.target"];
timerConfig = { timerConfig = {
OnBootSec = "1d"; OnBootSec = "1d";
OnUnitActiveSec = "1d"; OnUnitActiveSec = "1d";
@ -333,5 +336,4 @@ in {
User = "root"; User = "root";
}; };
}; };
} }

31
profiles/remote/oracle/sync/hardware-configuration.nix
View file

@ -1,27 +1,30 @@
{ config, lib, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/profiles/qemu-guest.nix") lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a"; device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a";
fsType = "xfs"; fsType = "xfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/2B75-2AD5"; device = "/dev/disk/by-uuid/2B75-2AD5";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9"; } {device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

14
profiles/remote/oracle/sync/nixos.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -19,11 +21,11 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml"; defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets.swarsel = { owner = "root";}; secrets.swarsel = {owner = "root";};
secrets.dnstokenfull = {owner="acme";}; secrets.dnstokenfull = {owner = "acme";};
templates."certs.secret".content = '' templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
''; '';
@ -44,7 +46,6 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
virtualHosts = { virtualHosts = {
"synki.swarsel.win" = { "synki.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -160,5 +161,4 @@
}; };
}; };
}; };
} }

25
profiles/sandbox/hardware-configuration.nix
View file

@ -1,24 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69"; device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

219
profiles/sandbox/nixos.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, sops, ... }: let {
config,
pkgs,
sops,
...
}: let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -10,9 +14,9 @@ in {
enable = true; enable = true;
device = "/dev/sda"; device = "/dev/sda";
useOSProber = true; useOSProber = true;
supportedFilesystems = [ "zfs" ]; supportedFilesystems = ["zfs"];
zfs.forceImportRoot = false; zfs.forceImportRoot = false;
kernelModules = [ "tun" ]; kernelModules = ["tun"];
kernel.sysctl = { kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2; "net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2; "net.ipv4.conf.default.rp_filter" = 2;
@ -64,7 +68,7 @@ in {
}; };
users = { users = {
jellyfin = { jellyfin = {
extraGroups = [ "video" "render" ]; extraGroups = ["video" "render"];
}; };
vpn = { vpn = {
isNormalUser = true; isNormalUser = true;
@ -75,23 +79,23 @@ in {
isSystemUser = true; isSystemUser = true;
uid = 61593; uid = 61593;
group = "navidrome"; group = "navidrome";
extraGroups = [ "audio" "utmp" ]; extraGroups = ["audio" "utmp"];
}; };
spotifyd = { spotifyd = {
isSystemUser = true; isSystemUser = true;
uid = 65136; uid = 65136;
group = "spotifyd"; group = "spotifyd";
extraGroups = [ "audio" "utmp" ]; extraGroups = ["audio" "utmp"];
}; };
mpd = { mpd = {
isSystemUser = true; isSystemUser = true;
group = "mpd"; group = "mpd";
extraGroups = [ "audio" "utmp" ]; extraGroups = ["audio" "utmp"];
}; };
swarsel = { swarsel = {
isNormalUser = true; isNormalUser = true;
description = "Leon S"; description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp"]; extraGroups = ["networkmanager" "wheel" "lp"];
packages = with pkgs; []; packages = with pkgs; [];
}; };
root = { root = {
@ -133,24 +137,24 @@ in {
zfs zfs
]; ];
etc = { etc = {
"openvpn/iptables.sh" = "openvpn/iptables.sh" = {
{ source = ../../scripts/server1/iptables.sh; source = ../../scripts/server1/iptables.sh;
mode = "0755"; mode = "0755";
}; };
"openvpn/update-resolv-conf" = "openvpn/update-resolv-conf" = {
{ source = ../../scripts/server1/update-resolv-conf; source = ../../scripts/server1/update-resolv-conf;
mode = "0755"; mode = "0755";
}; };
"openvpn/routing.sh" = "openvpn/routing.sh" = {
{ source = ../../scripts/server1/routing.sh; source = ../../scripts/server1/routing.sh;
mode = "0755"; mode = "0755";
}; };
"openvpn/ca.rsa.2048.crt" = "openvpn/ca.rsa.2048.crt" = {
{ source = ../../secrets/certs/ca.rsa.2048.crt; source = ../../secrets/certs/ca.rsa.2048.crt;
mode = "0644"; mode = "0644";
}; };
"openvpn/crl.rsa.2048.pem" = "openvpn/crl.rsa.2048.pem" = {
{ source = ../../secrets/certs/crl.rsa.2048.pem; source = ../../secrets/certs/crl.rsa.2048.pem;
mode = "0644"; mode = "0644";
}; };
}; };
@ -161,7 +165,7 @@ in {
systemd = { systemd = {
timers."restart-bridges" = { timers."restart-bridges" = {
wantedBy = [ "timers.target" ]; wantedBy = ["timers.target"];
timerConfig = { timerConfig = {
OnBootSec = "1d"; OnBootSec = "1d";
OnUnitActiveSec = "1d"; OnUnitActiveSec = "1d";
@ -190,19 +194,19 @@ in {
}; };
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = { secrets = {
dnstokenfull = {owner="acme";}; dnstokenfull = {owner = "acme";};
kavita = { owner = "kavita";}; kavita = {owner = "kavita";};
vpnuser = {}; vpnuser = {};
rpcuser = {owner="vpn";}; rpcuser = {owner = "vpn";};
vpnpass = {}; vpnpass = {};
rpcpass = {owner="vpn";}; rpcpass = {owner = "vpn";};
vpnprot = {}; vpnprot = {};
vpnloc = {}; vpnloc = {};
mpdpass = { owner = "mpd";}; mpdpass = {owner = "mpd";};
}; };
templates = { templates = {
"transmission-rpc" = { "transmission-rpc" = {
@ -265,10 +269,12 @@ in {
openssh = { openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [
{
port = 22; port = 22;
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }
];
}; };
nginx = { nginx = {
@ -278,7 +284,6 @@ in {
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
virtualHosts = { virtualHosts = {
"stash.swarsel.win" = { "stash.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -313,7 +318,6 @@ in {
}; };
}; };
"sound.swarsel.win" = { "sound.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -417,74 +421,74 @@ in {
credentialsFile = config.sops.templates."transmission-rpc".path; credentialsFile = config.sops.templates."transmission-rpc".path;
user = "vpn"; user = "vpn";
settings = { settings = {
alt-speed-down= 8000; alt-speed-down = 8000;
alt-speed-enabled= false; alt-speed-enabled = false;
alt-speed-time-begin= 0; alt-speed-time-begin = 0;
alt-speed-time-day= 127; alt-speed-time-day = 127;
alt-speed-time-enabled= true; alt-speed-time-enabled = true;
alt-speed-time-end= 360; alt-speed-time-end = 360;
alt-speed-up= 2000; alt-speed-up = 2000;
bind-address-ipv4= "0.0.0.0"; bind-address-ipv4 = "0.0.0.0";
bind-address-ipv6= "::"; bind-address-ipv6 = "::";
blocklist-enabled= false; blocklist-enabled = false;
blocklist-url= "http://www.example.com/blocklist"; blocklist-url = "http://www.example.com/blocklist";
cache-size-mb= 256; cache-size-mb = 256;
dht-enabled= false; dht-enabled = false;
download-dir= "/test"; download-dir = "/test";
download-limit= 100; download-limit = 100;
download-limit-enabled= 0; download-limit-enabled = 0;
download-queue-enabled= true; download-queue-enabled = true;
download-queue-size= 5; download-queue-size = 5;
encryption= 2; encryption = 2;
idle-seeding-limit= 30; idle-seeding-limit = 30;
idle-seeding-limit-enabled= false; idle-seeding-limit-enabled = false;
incomplete-dir= "/var/lib/transmission-daemon/Downloads"; incomplete-dir = "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled= false; incomplete-dir-enabled = false;
lpd-enabled= false; lpd-enabled = false;
max-peers-global= 200; max-peers-global = 200;
message-level= 1; message-level = 1;
peer-congestion-algorithm= ""; peer-congestion-algorithm = "";
peer-id-ttl-hours= 6; peer-id-ttl-hours = 6;
peer-limit-global= 100; peer-limit-global = 100;
peer-limit-per-torrent= 40; peer-limit-per-torrent = 40;
peer-port= 22371; peer-port = 22371;
peer-port-random-high= 65535; peer-port-random-high = 65535;
peer-port-random-low= 49152; peer-port-random-low = 49152;
peer-port-random-on-start= false; peer-port-random-on-start = false;
peer-socket-tos= "default"; peer-socket-tos = "default";
pex-enabled= false; pex-enabled = false;
port-forwarding-enabled= false; port-forwarding-enabled = false;
preallocation= 1; preallocation = 1;
prefetch-enabled= true; prefetch-enabled = true;
queue-stalled-enabled= true; queue-stalled-enabled = true;
queue-stalled-minutes= 30; queue-stalled-minutes = 30;
ratio-limit= 2; ratio-limit = 2;
ratio-limit-enabled= false; ratio-limit-enabled = false;
rename-partial-files= true; rename-partial-files = true;
rpc-authentication-required= true; rpc-authentication-required = true;
rpc-bind-address= "0.0.0.0"; rpc-bind-address = "0.0.0.0";
rpc-enabled= true; rpc-enabled = true;
rpc-host-whitelist= ""; rpc-host-whitelist = "";
rpc-host-whitelist-enabled= true; rpc-host-whitelist-enabled = true;
rpc-port= 9091; rpc-port = 9091;
rpc-url= "/transmission/"; rpc-url = "/transmission/";
rpc-whitelist= "127.0.0.1,192.168.3.2"; rpc-whitelist = "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled= true; rpc-whitelist-enabled = true;
scrape-paused-torrents-enabled= true; scrape-paused-torrents-enabled = true;
script-torrent-done-enabled= false; script-torrent-done-enabled = false;
seed-queue-enabled= false; seed-queue-enabled = false;
seed-queue-size= 10; seed-queue-size = 10;
speed-limit-down= 6000; speed-limit-down = 6000;
speed-limit-down-enabled= true; speed-limit-down-enabled = true;
speed-limit-up= 500; speed-limit-up = 500;
speed-limit-up-enabled= true; speed-limit-up-enabled = true;
start-added-torrents= true; start-added-torrents = true;
trash-original-torrent-files= false; trash-original-torrent-files = false;
umask= 2; umask = 2;
upload-limit= 100; upload-limit = 100;
upload-limit-enabled= 0; upload-limit-enabled = 0;
upload-slots-per-torrent= 14; upload-slots-per-torrent = 14;
utp-enabled= false; utp-enabled = false;
}; };
}; };
@ -508,9 +512,6 @@ in {
# MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
# ''; # '';
# ---------------- # ----------------
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; # sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
@ -557,14 +558,15 @@ in {
config.sops.templates.matrixshared.path config.sops.templates.matrixshared.path
]; ];
settings.listeners = [ settings.listeners = [
{ port = 8008; {
bind_addresses = [ "0.0.0.0" ]; port = 8008;
bind_addresses = ["0.0.0.0"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ resources = [
{ {
names = [ "client" "federation" ]; names = ["client" "federation"];
compress = true; compress = true;
} }
]; ];
@ -581,7 +583,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address= "http://localhost:29317"; address = "http://localhost:29317";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = "29317"; port = "29317";
provisioning.enabled = true; provisioning.enabled = true;
@ -630,7 +632,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address= "http://localhost:29318"; address = "http://localhost:29318";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = 29318; port = 29318;
database = { database = {
@ -676,8 +678,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address = "http://localhost:29328";
address= "http://localhost:29328";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = 29328; port = 29328;
database = { database = {
@ -740,7 +741,6 @@ in {
]; ];
}; };
spotifyd = { spotifyd = {
enable = true; enable = true;
settings = { settings = {
@ -789,7 +789,6 @@ in {
}; };
}; };
avahi = { avahi = {
publish.enable = true; publish.enable = true;
publish.userServices = true; publish.userServices = true;

26
profiles/server1/TEMPLATE/nixos.nix
View file

@ -1,6 +1,8 @@
{ pkgs, modulesPath, ... }: {
pkgs,
{ modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
]; ];
@ -19,15 +21,15 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = { proxmoxLXC = {
manageNetwork = true; # manage network myself manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself manageHostName = false; # manage hostname myself
}; };
networking = { networking = {
hostName = "TEMPLATE"; # Define your hostname. hostName = "TEMPLATE"; # Define your hostname.
useDHCP = true; useDHCP = true;
enableIPv6 = false; enableIPv6 = false;
firewall.enable = false; firewall.enable = false;
}; };
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -38,4 +40,4 @@ firewall.enable = false;
# users.users.root.password = "TEMPLATE"; # users.users.root.password = "TEMPLATE";
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
} }

20
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/dev/mapper/pve-vm--120--disk--0";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--120--disk--0";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

39
profiles/server1/calibre/nixos.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, modulesPath, ... }: {
config,
{ pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
@ -30,21 +33,21 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets.kavita = { owner = "kavita";}; secrets.kavita = {owner = "kavita";};
}; };
proxmoxLXC = { proxmoxLXC = {
manageNetwork = true; # manage network myself manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself manageHostName = false; # manage hostname myself
}; };
networking = { networking = {
hostName = "calibre"; # Define your hostname. hostName = "calibre"; # Define your hostname.
useDHCP = true; useDHCP = true;
enableIPv6 = false; enableIPv6 = false;
firewall.enable = false; firewall.enable = false;
}; };
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -65,6 +68,4 @@ firewall.enable = false;
port = 8080; port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path; tokenKeyFile = config.sops.secrets.kavita.path;
}; };
}
}

24
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,27 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/dev/mapper/pve-vm--121--disk--0";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--121--disk--0";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/media/Videos" = fileSystems."/media/Videos" = {
{ device = "//192.168.1.3/Eternor"; device = "//192.168.1.3/Eternor";
fsType = "cifs"; fsType = "cifs";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

12
profiles/server1/jellyfin/nixos.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, modulesPath, ... }:
{ {
config,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
@ -21,7 +24,7 @@
}; };
users.users.jellyfin = { users.users.jellyfin = {
extraGroups = [ "video" "render" ]; extraGroups = ["video" "render"];
}; };
services.xserver = { services.xserver = {
@ -56,7 +59,7 @@
}; };
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
}; };
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
@ -73,5 +76,4 @@
user = "jellyfin"; user = "jellyfin";
# openFirewall = true; # this works only for the default ports # openFirewall = true; # this works only for the default ports
}; };
} }

20
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/dev/mapper/pve-vm--102--disk--0";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--102--disk--0";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

46
profiles/server1/matrix/nixos.nix
View file

@ -1,8 +1,12 @@
{ config, pkgs, modulesPath, sops, ... }: let {
config,
pkgs,
modulesPath,
sops,
...
}: let
matrixDomain = "matrix2.swarsel.win"; matrixDomain = "matrix2.swarsel.win";
in { in {
services = { services = {
xserver = { xserver = {
layout = "us"; layout = "us";
@ -11,10 +15,12 @@ in {
openssh = { openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [
{
port = 22; port = 22;
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }
];
}; };
}; };
@ -40,7 +46,6 @@ in {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
@ -62,15 +67,15 @@ in {
]; ];
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml"; defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = { secrets = {
matrixsharedsecret = {owner="matrix-synapse";}; matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner="matrix-synapse";}; mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner="matrix-synapse";}; mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner="matrix-synapse";}; mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner="matrix-synapse";}; mautrixtelegram_api_hash = {owner = "matrix-synapse";};
}; };
templates = { templates = {
"matrix_user_register.sh".content = '' "matrix_user_register.sh".content = ''
@ -132,14 +137,15 @@ in {
server_name = matrixDomain; server_name = matrixDomain;
public_baseurl = "https://${matrixDomain}"; public_baseurl = "https://${matrixDomain}";
listeners = [ listeners = [
{ port = 8008; {
bind_addresses = [ "0.0.0.0" ]; port = 8008;
bind_addresses = ["0.0.0.0"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ resources = [
{ {
names = [ "client" "federation" ]; names = ["client" "federation"];
compress = true; compress = true;
} }
]; ];
@ -160,7 +166,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address= "http://localhost:29317"; address = "http://localhost:29317";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = "29317"; port = "29317";
provisioning.enabled = true; provisioning.enabled = true;
@ -209,7 +215,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address= "http://localhost:29318"; address = "http://localhost:29318";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = 29318; port = 29318;
database = { database = {
@ -255,8 +261,7 @@ in {
domain = matrixDomain; domain = matrixDomain;
}; };
appservice = { appservice = {
address = "http://localhost:29328";
address= "http://localhost:29328";
hostname = "0.0.0.0"; hostname = "0.0.0.0";
port = 29328; port = 29328;
database = { database = {
@ -282,7 +287,7 @@ in {
# messages out after a while. # messages out after a while.
systemd.timers."restart-bridges" = { systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ]; wantedBy = ["timers.target"];
timerConfig = { timerConfig = {
OnBootSec = "1d"; OnBootSec = "1d";
OnUnitActiveSec = "1d"; OnUnitActiveSec = "1d";
@ -301,5 +306,4 @@ in {
User = "root"; User = "root";
}; };
}; };
} }

20
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/dev/mapper/pve-vm--119--disk--0";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--119--disk--0";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

14
profiles/server1/nginx/nixos.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, modulesPath, ... }:
{ {
config,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
@ -21,10 +25,10 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml"; defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets.dnstokenfull = {owner="acme";}; secrets.dnstokenfull = {owner = "acme";};
templates."certs.secret".content = '' templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
''; '';
@ -69,7 +73,6 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
virtualHosts = { virtualHosts = {
"stash.swarsel.win" = { "stash.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -107,7 +110,6 @@
}; };
}; };
"sound.swarsel.win" = { "sound.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -197,8 +199,6 @@
}; };
}; };
}; };
}; };
}; };
} }

20
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/dev/mapper/pve-vm--117--disk--0";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--117--disk--0";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

23
profiles/server1/paperless/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{ {
config,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
services = { services = {
xserver = { xserver = {
layout = "us"; layout = "us";
@ -17,10 +17,12 @@
openssh = { openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [
{
port = 22; port = 22;
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }
];
}; };
}; };
@ -46,8 +48,6 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
users.groups.lxc_shares = { users.groups.lxc_shares = {
gid = 10000; gid = 10000;
members = [ members = [
@ -68,10 +68,10 @@
}; };
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets.admin = { owner = "paperless";}; secrets.admin = {owner = "paperless";};
}; };
services.paperless = { services.paperless = {
@ -90,5 +90,4 @@
}; };
}; };
}; };
} }

26
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,28 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/mnt/data/images/118/vm-118-disk-0.raw";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/mnt/data/images/118/vm-118-disk-0.raw";
fsType = "ext4"; fsType = "ext4";
options = [ "loop" ]; options = ["loop"];
}; };
fileSystems."/media" = fileSystems."/media" = {
{ device = "//192.168.1.3/Eternor"; device = "//192.168.1.3/Eternor";
fsType = "cifs"; fsType = "cifs";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

26
profiles/server1/sound/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{ {
config,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
services = { services = {
xserver = { xserver = {
layout = "us"; layout = "us";
@ -17,10 +17,12 @@
openssh = { openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [
{
port = 22; port = 22;
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }
];
}; };
}; };
@ -46,8 +48,6 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
proxmoxLXC.privileged = true; # manage hostname myself proxmoxLXC.privileged = true; # manage hostname myself
users = { users = {
@ -73,13 +73,13 @@
isSystemUser = true; isSystemUser = true;
uid = 61593; uid = 61593;
group = "navidrome"; group = "navidrome";
extraGroups = [ "audio" "utmp" ]; extraGroups = ["audio" "utmp"];
}; };
mpd = { mpd = {
isSystemUser = true; isSystemUser = true;
group = "mpd"; group = "mpd";
extraGroups = [ "audio" "utmp" ]; extraGroups = ["audio" "utmp"];
}; };
}; };
}; };
@ -103,10 +103,10 @@
]; ];
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml"; defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets.mpdpass = { owner = "mpd";}; secrets.mpdpass = {owner = "mpd";};
}; };
services.navidrome = { services.navidrome = {

20
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/dev/mapper/pve-vm--123--disk--0";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--123--disk--0";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

20
profiles/server1/spotifyd/nixos.nix
View file

@ -1,14 +1,13 @@
{ pkgs, modulesPath, ... }:
{ {
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
services = { services = {
xserver = { xserver = {
layout = "us"; layout = "us";
@ -17,10 +16,12 @@
openssh = { openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [
{
port = 22; port = 22;
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }
];
}; };
}; };
@ -46,8 +47,6 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
proxmoxLXC.privileged = true; # manage hostname myself proxmoxLXC.privileged = true; # manage hostname myself
users.groups.spotifyd = { users.groups.spotifyd = {
@ -58,7 +57,7 @@
isSystemUser = true; isSystemUser = true;
uid = 65136; uid = 65136;
group = "spotifyd"; group = "spotifyd";
extraGroups = [ "audio" "utmp" ]; extraGroups = ["audio" "utmp"];
}; };
sound = { sound = {
@ -89,5 +88,4 @@
}; };
}; };
}; };
} }

20
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ lib, ... }: {lib, ...}: {
imports = [];
{ boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
imports = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; fileSystems."/" = {
boot.initrd.kernelModules = [ ]; device = "/dev/mapper/pve-vm--122--disk--0";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--122--disk--0";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

180
profiles/server1/transmission/nixos.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, modulesPath, ... }:
{ {
config,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
@ -45,12 +48,12 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops = { sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ]; age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml"; defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
}; };
boot.kernelModules = [ "tun" ]; boot.kernelModules = ["tun"];
proxmoxLXC = { proxmoxLXC = {
manageNetwork = true; # manage network myself manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself manageHostName = false; # manage hostname myself
@ -87,34 +90,36 @@
''; '';
}; };
environment.etc = { environment.etc = {
"openvpn/iptables.sh" = "openvpn/iptables.sh" = {
{ source = ../../../scripts/server1/iptables.sh; source = ../../../scripts/server1/iptables.sh;
mode = "0755"; mode = "0755";
}; };
"openvpn/update-resolv-conf" = "openvpn/update-resolv-conf" = {
{ source = ../../../scripts/server1/update-resolv-conf; source = ../../../scripts/server1/update-resolv-conf;
mode = "0755"; mode = "0755";
}; };
"openvpn/routing.sh" = "openvpn/routing.sh" = {
{ source = ../../../scripts/server1/routing.sh; source = ../../../scripts/server1/routing.sh;
mode = "0755"; mode = "0755";
}; };
"openvpn/ca.rsa.2048.crt" = "openvpn/ca.rsa.2048.crt" = {
{ source = ../../../secrets/certs/ca.rsa.2048.crt; source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644"; mode = "0644";
}; };
"openvpn/crl.rsa.2048.pem" = "openvpn/crl.rsa.2048.pem" = {
{ source = ../../../secrets/certs/crl.rsa.2048.pem; source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644"; mode = "0644";
}; };
}; };
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [
{
port = 22; port = 22;
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }
];
}; };
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
@ -173,9 +178,9 @@
}; };
secrets = { secrets = {
vpnuser = {}; vpnuser = {};
rpcuser = {owner="vpn";}; rpcuser = {owner = "vpn";};
vpnpass = {}; vpnpass = {};
rpcpass = {owner="vpn";}; rpcpass = {owner = "vpn";};
vpnprot = {}; vpnprot = {};
vpnloc = {}; vpnloc = {};
}; };
@ -194,77 +199,74 @@
user = "vpn"; user = "vpn";
group = "lxc_shares"; group = "lxc_shares";
settings = { settings = {
alt-speed-down = 8000;
alt-speed-down= 8000; alt-speed-enabled = false;
alt-speed-enabled= false; alt-speed-time-begin = 0;
alt-speed-time-begin= 0; alt-speed-time-day = 127;
alt-speed-time-day= 127; alt-speed-time-enabled = true;
alt-speed-time-enabled= true; alt-speed-time-end = 360;
alt-speed-time-end= 360; alt-speed-up = 2000;
alt-speed-up= 2000; bind-address-ipv4 = "0.0.0.0";
bind-address-ipv4= "0.0.0.0"; bind-address-ipv6 = "::";
bind-address-ipv6= "::"; blocklist-enabled = false;
blocklist-enabled= false; blocklist-url = "http://www.example.com/blocklist";
blocklist-url= "http://www.example.com/blocklist"; cache-size-mb = 4;
cache-size-mb= 4; dht-enabled = false;
dht-enabled= false; download-dir = "/media/Eternor/New";
download-dir= "/media/Eternor/New"; download-limit = 100;
download-limit= 100; download-limit-enabled = 0;
download-limit-enabled= 0; download-queue-enabled = true;
download-queue-enabled= true; download-queue-size = 5;
download-queue-size= 5; encryption = 2;
encryption= 2; idle-seeding-limit = 30;
idle-seeding-limit= 30; idle-seeding-limit-enabled = false;
idle-seeding-limit-enabled= false; incomplete-dir = "/var/lib/transmission-daemon/Downloads";
incomplete-dir= "/var/lib/transmission-daemon/Downloads"; incomplete-dir-enabled = false;
incomplete-dir-enabled= false; lpd-enabled = false;
lpd-enabled= false; max-peers-global = 200;
max-peers-global= 200; message-level = 1;
message-level= 1; peer-congestion-algorithm = "";
peer-congestion-algorithm= ""; peer-id-ttl-hours = 6;
peer-id-ttl-hours= 6; peer-limit-global = 100;
peer-limit-global= 100; peer-limit-per-torrent = 40;
peer-limit-per-torrent= 40; peer-port = 22371;
peer-port= 22371; peer-port-random-high = 65535;
peer-port-random-high= 65535; peer-port-random-low = 49152;
peer-port-random-low= 49152; peer-port-random-on-start = false;
peer-port-random-on-start= false; peer-socket-tos = "default";
peer-socket-tos= "default"; pex-enabled = false;
pex-enabled= false; port-forwarding-enabled = false;
port-forwarding-enabled= false; preallocation = 1;
preallocation= 1; prefetch-enabled = true;
prefetch-enabled= true; queue-stalled-enabled = true;
queue-stalled-enabled= true; queue-stalled-minutes = 30;
queue-stalled-minutes= 30; ratio-limit = 2;
ratio-limit= 2; ratio-limit-enabled = false;
ratio-limit-enabled= false; rename-partial-files = true;
rename-partial-files= true; rpc-authentication-required = true;
rpc-authentication-required= true; rpc-bind-address = "0.0.0.0";
rpc-bind-address= "0.0.0.0"; rpc-enabled = true;
rpc-enabled= true; rpc-host-whitelist = "";
rpc-host-whitelist= ""; rpc-host-whitelist-enabled = true;
rpc-host-whitelist-enabled= true; rpc-port = 9091;
rpc-port= 9091; rpc-url = "/transmission/";
rpc-url= "/transmission/"; rpc-whitelist = "127.0.0.1,192.168.3.2";
rpc-whitelist= "127.0.0.1,192.168.3.2"; rpc-whitelist-enabled = true;
rpc-whitelist-enabled= true; scrape-paused-torrents-enabled = true;
scrape-paused-torrents-enabled= true; script-torrent-done-enabled = false;
script-torrent-done-enabled= false; seed-queue-enabled = false;
seed-queue-enabled= false; seed-queue-size = 10;
seed-queue-size= 10; speed-limit-down = 6000;
speed-limit-down= 6000; speed-limit-down-enabled = true;
speed-limit-down-enabled= true; speed-limit-up = 500;
speed-limit-up= 500; speed-limit-up-enabled = true;
speed-limit-up-enabled= true; start-added-torrents = true;
start-added-torrents= true; trash-original-torrent-files = false;
trash-original-torrent-files= false; umask = 2;
umask= 2; upload-limit = 100;
upload-limit= 100; upload-limit-enabled = 0;
upload-limit-enabled= 0; upload-slots-per-torrent = 14;
upload-slots-per-torrent= 14; utp-enabled = false;
utp-enabled= false;
}; };
}; };
} }

31
profiles/threed/hardware-configuration.nix
View file

@ -1,30 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8"; device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/C67D-61AD"; device = "/dev/disk/by-uuid/C67D-61AD";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699"; } {device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

33
profiles/threed/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
@ -16,7 +16,6 @@
''; '';
}; };
home = { home = {
username = "swarsel"; username = "swarsel";
homeDirectory = "/home/swarsel"; homeDirectory = "/home/swarsel";
@ -26,14 +25,15 @@
]; ];
}; };
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
programs.waybar.settings.mainBar = { programs.waybar.settings.mainBar = {
cpu.format = "{icon0} {icon1} {icon2} {icon3}"; cpu.format = "{icon0} {icon1} {icon2} {icon3}";
temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input";
}; };
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris" "mpris"
"custom/left-arrow-light" "custom/left-arrow-light"
"network" "network"
@ -50,8 +50,7 @@
"clock#1" "clock#1"
]; ];
wayland.windowManager.sway = {
wayland.windowManager.sway= {
config = rec { config = rec {
input = { input = {
"*" = { "*" = {
@ -79,7 +78,7 @@
inherit (config.wayland.windowManager.sway.config) modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+F2" = "exec brightnessctl set +5%"; "${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1"= "exec brightnessctl set 5%-"; "${modifier}+F1" = "exec brightnessctl set 5%-";
"${modifier}+n" = "exec sway output eDP-1 transform normal, splith"; "${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
"${modifier}+Ctrl+p" = "exec wl-mirror eDP-1"; "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
"${modifier}+t" = "exec sway output eDP-1 transform 90, splitv"; "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
@ -89,14 +88,12 @@
}; };
startup = [ startup = [
{command = "nextcloud --background";}
{ command = "nextcloud --background";} {command = "discord --start-minimized";}
{ command = "discord --start-minimized";} {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} {command = "ANKI_WAYLAND=1 anki";}
{ command = "ANKI_WAYLAND=1 anki";} {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} {command = "nm-applet";}
{ command = "nm-applet";}
]; ];
keycodebindings = { keycodebindings = {

21
profiles/threed/nixos.nix
View file

@ -1,16 +1,15 @@
{ lib, pkgs, ... }:
{ {
lib,
imports = pkgs,
[ ...
}: {
imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
services = { services = {
getty.autologinUser = "swarsel"; getty.autologinUser = "swarsel";
greetd.settings.initial_session.user="swarsel"; greetd.settings.initial_session.user = "swarsel";
}; };
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
@ -71,7 +70,7 @@
}; };
monospace = { monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };
@ -82,13 +81,10 @@
}; };
}; };
users.users.swarsel = { users.users.swarsel = {
isNormalUser = true; isNormalUser = true;
description = "Leon S"; description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; []; packages = with pkgs; [];
}; };
@ -96,5 +92,4 @@
]; ];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

46
profiles/winters/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
@ -24,7 +24,7 @@
packages = with pkgs; [ packages = with pkgs; [
]; ];
}; };
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
# waybar config - TEMPLATE - update for cores and temp # waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = { programs.waybar.settings.mainBar = {
@ -34,8 +34,8 @@
temperature.input-filename = "temp1_input"; temperature.input-filename = "temp1_input";
}; };
programs.waybar.settings.mainBar.modules-right = [
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" "custom/outer-left-arrow-dark"
"mpris" "mpris"
"custom/left-arrow-light" "custom/left-arrow-light"
"network" "network"
@ -52,8 +52,7 @@
"clock#1" "clock#1"
]; ];
wayland.windowManager.sway = {
wayland.windowManager.sway= {
config = rec { config = rec {
# update for actual inputs here, # update for actual inputs here,
input = { input = {
@ -61,7 +60,8 @@
xkb_layout = "us"; xkb_layout = "us";
xkb_variant = "altgr-intl"; xkb_variant = "altgr-intl";
}; };
"1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE "1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us"; xkb_layout = "us";
xkb_options = "grp:win_space_toggle"; xkb_options = "grp:win_space_toggle";
xkb_variant = "altgr-intl"; xkb_variant = "altgr-intl";
@ -72,7 +72,6 @@
natural_scroll = "enabled"; natural_scroll = "enabled";
middle_emulation = "enabled"; middle_emulation = "enabled";
}; };
}; };
output = { output = {
@ -92,11 +91,16 @@
}; };
workspaceOutputAssign = [ workspaceOutputAssign = [
{ output = "eDP-1"; workspace = "1:";} {
{ output = "HDMI-A-1"; workspace = "2:";} output = "eDP-1";
workspace = "1:";
}
{
output = "HDMI-A-1";
workspace = "2:";
}
]; ];
# keybindings = let # keybindings = let
# inherit (config.wayland.windowManager.sway.config) modifier; # inherit (config.wayland.windowManager.sway.config) modifier;
# in { # in {
@ -104,14 +108,12 @@
# }; # };
startup = [ startup = [
{command = "nextcloud --background";}
{ command = "nextcloud --background";} {command = "discord --start-minimized";}
{ command = "discord --start-minimized";} {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} {command = "ANKI_WAYLAND=1 anki";}
{ command = "ANKI_WAYLAND=1 anki";} {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} {command = "nm-applet";}
{ command = "nm-applet";}
]; ];
}; };
}; };

23
profiles/winters/nixos.nix
View file

@ -1,21 +1,17 @@
{ pkgs, ... }: {pkgs, ...}: {
{
# #
# imports = # imports =
# [ # [
# ./hardware-configuration.nix # ./hardware-configuration.nix
# ]; # ];
# #
imports = imports = [
[
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
services = { services = {
getty.autologinUser = "swarsel"; getty.autologinUser = "swarsel";
greetd.settings.initial_session.user="swarsel"; greetd.settings.initial_session.user = "swarsel";
}; };
boot = { boot = {
@ -31,8 +27,8 @@
firewall.checkReversePath = "strict"; firewall.checkReversePath = "strict";
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [ ]; allowedUDPPorts = [];
allowedTCPPorts = [ ]; allowedTCPPorts = [];
allowedTCPPortRanges = [ allowedTCPPortRanges = [
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
@ -88,7 +84,7 @@
}; };
monospace = { monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };
@ -99,9 +95,6 @@
}; };
}; };
hardware = { hardware = {
graphics = { graphics = {
enable = true; enable = true;
@ -124,7 +117,7 @@
users.users.swarsel = { users.users.swarsel = {
isNormalUser = true; isNormalUser = true;
description = "Leon S"; description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; []; packages = with pkgs; [];
}; };
@ -140,6 +133,4 @@
]; ];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

25
programs/emacs/init.el
View file

@ -171,28 +171,23 @@ create a new one."
visual-fill-column-center-text t) visual-fill-column-center-text t)
(visual-fill-column-mode 1)) (visual-fill-column-mode 1))
(defun swarsel/org-babel-tangle-config () (defun run-alejandra ()
(interactive)
(let ((default-directory (expand-file-name "~/.dotfiles")))
(shell-command "alejandra . -q")))
(defun swarsel/org-babel-tangle-config ()
(when (string-equal (buffer-file-name) (when (string-equal (buffer-file-name)
swarsel-swarsel-org-filepath) swarsel-swarsel-org-filepath)
;; Dynamic scoping to the rescue ;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil)) (let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html) (org-html-export-to-html)
(org-babel-tangle))) (org-babel-tangle)
(when (string-equal (buffer-file-name) (run-alejandra))))
swarsel-emacs-org-filepath)
;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html)
(org-babel-tangle)))
(when (string-equal (buffer-file-name)
swarsel-nix-org-filepath)
;; Dynamic scoping to the rescue
(let ((org-confirm-babel-evaluate nil))
(org-babel-tangle))))
(setq org-html-htmlize-output-type nil) (setq org-html-htmlize-output-type nil)
(add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config))) (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config)))
(defun org-fold-outer () (defun org-fold-outer ()
(interactive) (interactive)

2
templates/cpp_flake.nix
View file

@ -11,7 +11,6 @@
llvm = pkgs.llvmPackages_latest; llvm = pkgs.llvmPackages_latest;
in { in {
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
gcc gcc
#builder #builder
@ -32,7 +31,6 @@
PATH_add ~/.dotfiles/scripts/devShell PATH_add ~/.dotfiles/scripts/devShell
''; '';
# ... # ...
}; };
}; };
} }

7
templates/cu_flake.nix
View file

@ -7,10 +7,12 @@
outputs = {nixpkgs, ...}: let outputs = {nixpkgs, ...}: let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; }; pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in { in {
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
# gcc # gcc
#builder #builder
@ -39,7 +41,6 @@
]; ];
hardeningDisable = ["all"]; hardeningDisable = ["all"];
# ... # ...
}; };
}; };
} }

1
templates/other_flake.nix
View file

@ -9,7 +9,6 @@
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
in { in {
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
# fill here # fill here
]; ];

1
templates/py_flake.nix
View file

@ -9,7 +9,6 @@
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
in { in {
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
packages = [ packages = [
(pkgs.python3.withPackages (python-pkgs: [ (pkgs.python3.withPackages (python-pkgs: [
python-pkgs.numpy python-pkgs.numpy

8
templates/rust_flake.nix
View file

@ -5,7 +5,11 @@
rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.url = "github:oxalica/rust-overlay";
}; };
outputs = { nixpkgs, rust-overlay, ...}: let outputs = {
nixpkgs,
rust-overlay,
...
}: let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
@ -14,7 +18,6 @@
toolchain = pkgs.rust-bin.fromRustupToolchainFile ./toolchain.toml; toolchain = pkgs.rust-bin.fromRustupToolchainFile ./toolchain.toml;
in { in {
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
cargo cargo
clippy clippy
@ -30,7 +33,6 @@
RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";
# ... # ...
}; };
}; };
} }