swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: code cleanup (nixpkgs-fmt style)

Browse source
This commit is contained in:
Swarsel 2024-07-20 00:21:55 +02:00
parent 2a08576697
commit dc66bb27dd
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
44 changed files with 1152 additions and 1138 deletions
Download patch file Download diff file Expand all files Collapse all files

45
profiles/TEMPLATE/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -29,7 +29,7 @@
];
};
# update path if the sops private key is stored somewhere else
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -40,7 +40,7 @@
# -----------------------------------------------------------------
# is this machine always connected to power? If yes, use this block:
#
#
# programs.waybar.settings.mainBar."custom/pseudobat" = {
# format = "";
# on-click-right = "wlogout -p layer-shell";
@ -62,7 +62,7 @@
# "custom/left-arrow-dark"
# "clock#1"
# ];
#
#
# -----------------------------------------------------------------
# -----------------------------------------------------------------
@ -109,6 +109,7 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -119,21 +120,25 @@
};
};
keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
# TEMPLATE
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
# "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
};
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
# TEMPLATE
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
# "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
};
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};

22
profiles/TEMPLATE/nixos.nix
View file

@ -1,7 +1,13 @@
{pkgs, ...}: {
imports = [
./hardware-configuration.nix
];
{ pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "TEMPLATE";
@ -67,7 +73,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -78,6 +84,7 @@
};
};
# Configure keymap in X11 (only used for login)
services.xserver = {
layout = "us";
@ -87,12 +94,13 @@
users.users.TEMPLATE = {
isNormalUser = true;
description = "TEMPLATE";
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

419
profiles/common/home.nix
View file

@ -1,10 +1,8 @@
{ config, pkgs, fetchFromGitHub, ... }:
{
config,
pkgs,
fetchFromGitHub,
...
}: {
home.packages = with pkgs; [
# audio stuff
spek # spectrum analyzer
losslessaudiochecker
@ -20,7 +18,7 @@
simple-scan
# dict
(aspellWithDicts (dicts: with dicts; [de en en-computers en-science]))
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
# utilities
util-linux
@ -150,21 +148,13 @@
# latex and related packages
(pkgs.texlive.combine {
inherit
(pkgs.texlive)
scheme-full
dvisvgm
dvipng # for preview and export as html
wrapfig
amsmath
ulem
hyperref
capt-of
;
inherit (pkgs.texlive) scheme-full
dvisvgm dvipng# for preview and export as html
wrapfig amsmath ulem hyperref capt-of;
})
# font stuff
(nerdfonts.override {fonts = ["FiraMono" "FiraCode" "NerdFontsSymbolsOnly"];})
(nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; })
noto-fonts-emoji
font-awesome_5
noto-fonts
@ -180,23 +170,23 @@
url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
};
extraPkgs = pkgs: with pkgs; [];
extraPkgs = pkgs: with pkgs; [ ];
};
in
writeScriptBin "cura" ''
#! ${pkgs.bash}/bin/bash
# AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
# So we convert each of the files passed as argument to an absolute path.
# This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`.
args=()
for a in "$@"; do
if [ -e "$a" ]; then
a="$(realpath "$a")"
fi
args+=("$a")
done
exec "${cura5}/bin/cura5" "''${args[@]}"
''
writeScriptBin "cura" ''
#! ${pkgs.bash}/bin/bash
# AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
# So we convert each of the files passed as argument to an absolute path.
# This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`.
args=()
for a in "$@"; do
if [ -e "$a" ]; then
a="$(realpath "$a")"
fi
args+=("$a")
done
exec "${cura5}/bin/cura5" "''${args[@]}"
''
)
#E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state
@ -237,7 +227,7 @@
(pkgs.writeShellApplication {
name = "pass-fuzzel";
runtimeInputs = [pkgs.pass pkgs.fuzzel];
runtimeInputs = [ pkgs.pass pkgs.fuzzel ];
text = ''
shopt -s nullglob globstar
@ -268,7 +258,7 @@
(pkgs.writeShellApplication {
name = "pass-fuzzel-otp";
runtimeInputs = [pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))];
runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ];
text = ''
shopt -s nullglob globstar
@ -299,7 +289,7 @@
(pkgs.writeShellApplication {
name = "cdw";
runtimeInputs = [pkgs.fzf];
runtimeInputs = [ pkgs.fzf ];
text = ''
cd "$(git worktree list | fzf | awk '{print $1}')"
'';
@ -307,7 +297,7 @@
(pkgs.writeShellApplication {
name = "cdb";
runtimeInputs = [pkgs.fzf];
runtimeInputs = [ pkgs.fzf ];
text = ''
git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')"
'';
@ -319,17 +309,18 @@
cp "$1"{,.bak}
'';
})
];
sops = {
defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";};
nautilus = {path = "/run/user/1000/secrets/nautilus";};
leon = {path = "/run/user/1000/secrets/leon";};
swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
nautilus = { path = "/run/user/1000/secrets/nautilus"; };
leon = { path = "/run/user/1000/secrets/leon"; };
swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
};
};
@ -431,12 +422,13 @@
stylix.targets.emacs.enable = false;
xdg.desktopEntries = {
cura = {
name = "Ultimaker Cura";
genericName = "Cura";
exec = "cura";
terminal = false;
categories = ["Application"];
categories = [ "Application" ];
};
anki = {
@ -444,7 +436,7 @@
genericName = "Anki";
exec = "anki";
terminal = false;
categories = ["Application"];
categories = [ "Application" ];
};
# schlidichat = {
@ -460,7 +452,7 @@
genericName = "Element";
exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
terminal = false;
categories = ["Application"];
categories = [ "Application" ];
};
emacsclient-newframe = {
@ -469,8 +461,9 @@
exec = "emacsclient -r %u";
icon = "emacs";
terminal = false;
categories = ["Development" "TextEditor"];
categories = [ "Development" "TextEditor" ];
};
};
home.file = {
@ -519,25 +512,27 @@
zoxide.enable = true;
};
programs.nix-index = let
command-not-found = pkgs.runCommandLocal "command-not-found.sh" {} ''
mkdir -p $out/etc/profile.d
substitute ${../../scripts/command-not-found.sh} \
$out/etc/profile.d/command-not-found.sh \
--replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
--replace @tput@ ${pkgs.ncurses}/bin/tput
'';
in {
enable = true;
package = pkgs.symlinkJoin {
name = "nix-index";
paths = [command-not-found];
programs.nix-index =
let
command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } ''
mkdir -p $out/etc/profile.d
substitute ${../../scripts/command-not-found.sh} \
$out/etc/profile.d/command-not-found.sh \
--replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
--replace @tput@ ${pkgs.ncurses}/bin/tput
'';
in
{
enable = true;
package = pkgs.symlinkJoin {
name = "nix-index";
paths = [ command-not-found ];
};
};
};
programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [exts.pass-otp]);
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
programs.direnv = {
@ -771,7 +766,7 @@
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.msmtp = {
enable = true;
@ -804,7 +799,7 @@
enable = true;
create = "maildir";
expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
@ -854,7 +849,7 @@
enable = true;
create = "maildir";
expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
@ -881,7 +876,7 @@
enable = true;
create = "maildir";
expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
@ -922,7 +917,7 @@
rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
};
packageRequires = [epkgs.howm];
packageRequires = [ epkgs.howm ];
})
(epkgs.trivialBuild rec {
@ -934,21 +929,23 @@
rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
};
packageRequires = [];
packageRequires = [ ];
})
];
};
};
programs.waybar = {
enable = true;
# systemd.enable = true;
settings = {
mainBar = {
layer = "top";
position = "top";
modules-left = ["sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"];
modules-center = ["sway/mode" "custom/configwarn"];
modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ];
modules-center = [ "sway/mode" "custom/configwarn" ];
"sway/mode" = {
format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
};
@ -993,6 +990,7 @@
critical-threshold = 80;
format-critical = " {temperatureC}°C";
format = " {temperatureC}°C";
};
mpris = {
@ -1077,9 +1075,10 @@
cpu = {
min-length = 6;
interval = 5;
format-icons = ["" "" "" "" "" "" "" ""];
format-icons = [ "" "" "" "" "" "" "" "" ];
# on-click-right= "com.github.stsdc.monitor";
on-click-right = "kitty -o confirm_os_window_close=0 btm";
};
battery = {
states = {
@ -1174,68 +1173,48 @@
search.engines = {
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"];
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [
{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}
];
urls = [{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@nw"];
definedAliases = [ "@nw" ];
};
"NixOS Options" = {
urls = [
{
template = "https://search.nixos.org/options";
params = [
{
name = "query";
value = "{searchTerms}";
}
];
}
];
urls = [{
template = "https://search.nixos.org/options";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@no"];
definedAliases = [ "@no" ];
};
"Home Manager Options" = {
urls = [
{
template = "https://home-manager-options.extranix.com/";
params = [
{
name = "query";
value = "{searchTerms}";
}
];
}
];
urls = [{
template = "https://home-manager-options.extranix.com/";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@hm" "@ho" "@hmo"];
definedAliases = [ "@hm" "@ho" "@hmo" ];
};
"Google".metaData.alias = "@g";
@ -1311,78 +1290,80 @@ group-by=category
modifier = "Mod4";
terminal = "kitty";
menu = "fuzzel";
bars = [{command = "waybar";}];
keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
"${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox";
"${modifier}+Space" = "exec fuzzel";
"${modifier}+Shift+Space" = "floating toggle";
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
"${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
"${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\"";
"${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\"";
"${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\"";
"${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\"";
"${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\"";
"${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\"";
"${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show";
"${modifier}+c" = "exec qalculate-gtk";
"${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel-otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type";
"${modifier}+Shift+o" = "exec pass-fuzzel-otp --type";
"${modifier}+Escape" = "mode $exit";
# "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor";
"${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
"${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\"";
"${modifier}+1" = "workspace 1:";
"${modifier}+Shift+1" = "move container to workspace 1:";
"${modifier}+2" = "workspace 2:";
"${modifier}+Shift+2" = "move container to workspace 2:";
"${modifier}+3" = "workspace 3:";
"${modifier}+Shift+3" = "move container to workspace 3:";
"${modifier}+4" = "workspace 4:";
"${modifier}+Shift+4" = "move container to workspace 4:";
"${modifier}+5" = "workspace 5:";
"${modifier}+Shift+5" = "move container to workspace 5:";
"${modifier}+6" = "workspace 6:";
"${modifier}+Shift+6" = "move container to workspace 6:";
"${modifier}+7" = "workspace 7:";
"${modifier}+Shift+7" = "move container to workspace 7:";
"${modifier}+8" = "workspace 8:";
"${modifier}+Shift+8" = "move container to workspace 8:";
"${modifier}+9" = "workspace 9:";
"${modifier}+Shift+9" = "move container to workspace 9:";
"${modifier}+0" = "workspace 10:";
"${modifier}+Shift+0" = "move container to workspace 10:";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"${modifier}+Left" = "focus left";
"${modifier}+Right" = "focus right";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Shift+Left" = "move left 40px";
"${modifier}+Shift+Right" = "move right 40px";
"${modifier}+Shift+Down" = "move down 40px";
"${modifier}+Shift+Up" = "move up 40px";
"${modifier}+h" = "focus left";
"${modifier}+l" = "focus right";
"${modifier}+j" = "focus down";
"${modifier}+k" = "focus up";
"${modifier}+Shift+h" = "move left 40px";
"${modifier}+Shift+l" = "move right 40px";
"${modifier}+Shift+j" = "move down 40px";
"${modifier}+Shift+k" = "move up 40px";
"${modifier}+Ctrl+Shift+c" = "reload";
"${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
"${modifier}+r" = "mode resize";
"${modifier}+Return" = "exec kitty";
};
bars = [{ command = "waybar"; }];
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
"${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox";
"${modifier}+Space" = "exec fuzzel";
"${modifier}+Shift+Space" = "floating toggle";
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
"${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
"${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\"";
"${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\"";
"${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\"";
"${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\"";
"${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\"";
"${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\"";
"${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show";
"${modifier}+c" = "exec qalculate-gtk";
"${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel-otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type";
"${modifier}+Shift+o" = "exec pass-fuzzel-otp --type";
"${modifier}+Escape" = "mode $exit";
# "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor";
"${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
"${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\"";
"${modifier}+1" = "workspace 1:";
"${modifier}+Shift+1" = "move container to workspace 1:";
"${modifier}+2" = "workspace 2:";
"${modifier}+Shift+2" = "move container to workspace 2:";
"${modifier}+3" = "workspace 3:";
"${modifier}+Shift+3" = "move container to workspace 3:";
"${modifier}+4" = "workspace 4:";
"${modifier}+Shift+4" = "move container to workspace 4:";
"${modifier}+5" = "workspace 5:";
"${modifier}+Shift+5" = "move container to workspace 5:";
"${modifier}+6" = "workspace 6:";
"${modifier}+Shift+6" = "move container to workspace 6:";
"${modifier}+7" = "workspace 7:";
"${modifier}+Shift+7" = "move container to workspace 7:";
"${modifier}+8" = "workspace 8:";
"${modifier}+Shift+8" = "move container to workspace 8:";
"${modifier}+9" = "workspace 9:";
"${modifier}+Shift+9" = "move container to workspace 9:";
"${modifier}+0" = "workspace 10:";
"${modifier}+Shift+0" = "move container to workspace 10:";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"${modifier}+Left" = "focus left";
"${modifier}+Right" = "focus right";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Shift+Left" = "move left 40px";
"${modifier}+Shift+Right" = "move right 40px";
"${modifier}+Shift+Down" = "move down 40px";
"${modifier}+Shift+Up" = "move up 40px";
"${modifier}+h" = "focus left";
"${modifier}+l" = "focus right";
"${modifier}+j" = "focus down";
"${modifier}+k" = "focus up";
"${modifier}+Shift+h" = "move left 40px";
"${modifier}+Shift+l" = "move right 40px";
"${modifier}+Shift+j" = "move down 40px";
"${modifier}+Shift+k" = "move up 40px";
"${modifier}+Ctrl+Shift+c" = "reload";
"${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
"${modifier}+r" = "mode resize";
"${modifier}+Return" = "exec kitty";
};
modes = {
resize = {
Down = "resize grow height 10 px or 10 ppt";
@ -1395,41 +1376,41 @@ group-by=category
};
defaultWorkspace = "workspace 1:";
startup = [
{command = "kitty -T kittyterm";}
{command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";}
{ command = "kitty -T kittyterm"; }
{ command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
];
window = {
border = 1;
titlebar = false;
};
assigns = {
"1:" = [{app_id = "firefox";}];
"1:" = [{ app_id = "firefox"; }];
};
floating = {
border = 1;
criteria = [
{title = "^Picture-in-Picture$";}
{app_id = "qalculate-gtk";}
{app_id = "org.gnome.clocks";}
{app_id = "com.github.stsdc.monitor";}
{app_id = "blueman";}
{app_id = "pavucontrol";}
{app_id = "syncthingtray";}
{title = "Syncthing Tray";}
{app_id = "SchildiChat";}
{app_id = "Element";}
{app_id = "com.nextcloud.desktopclient.nextcloud";}
{app_id = "gnome-system-monitor";}
{title = "(?:Open|Save) (?:File|Folder|As)";}
{title = "^Add$";}
{title = "com-jgoodies-jdiskreport-JDiskReport";}
{app_id = "discord";}
{window_role = "pop-up";}
{window_role = "bubble";}
{window_role = "dialog";}
{window_role = "task_dialog";}
{window_role = "menu";}
{window_role = "Preferences";}
{ title = "^Picture-in-Picture$"; }
{ app_id = "qalculate-gtk"; }
{ app_id = "org.gnome.clocks"; }
{ app_id = "com.github.stsdc.monitor"; }
{ app_id = "blueman"; }
{ app_id = "pavucontrol"; }
{ app_id = "syncthingtray"; }
{ title = "Syncthing Tray"; }
{ app_id = "SchildiChat"; }
{ app_id = "Element"; }
{ app_id = "com.nextcloud.desktopclient.nextcloud"; }
{ app_id = "gnome-system-monitor"; }
{ title = "(?:Open|Save) (?:File|Folder|As)"; }
{ title = "^Add$"; }
{ title = "com-jgoodies-jdiskreport-JDiskReport"; }
{ app_id = "discord"; }
{ window_role = "pop-up"; }
{ window_role = "bubble"; }
{ window_role = "dialog"; }
{ window_role = "task_dialog"; }
{ window_role = "menu"; }
{ window_role = "Preferences"; }
];
titlebar = false;
};
@ -1479,6 +1460,7 @@ group-by=category
# };
# }
{
command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
criteria = {
class = "Spotify";
@ -1523,9 +1505,10 @@ group-by=category
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
# exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
# ";
extraConfig = let
inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = "
extraConfig =
let
inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = "
blur enable
blur_xray disable
blur_passes 1
@ -1535,7 +1518,8 @@ group-by=category
titlebar_separator disable
default_dim_inactive 0.02
";
in "
in
"
exec_always autotiling
set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"
mode $exit {
@ -1558,4 +1542,5 @@ group-by=category
";
};
}

115
profiles/common/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
@ -16,7 +13,7 @@
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
users.mutableUsers = false;
@ -50,7 +47,7 @@
nix.optimise = {
automatic = true;
dates = ["weekly"];
dates = [ "weekly" ];
};
# systemd
@ -127,12 +124,12 @@
cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87";
};
ipv4 = {method = "shared";};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
};
eduroam = {
@ -146,12 +143,12 @@
id = "eduroam";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = {};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
@ -168,7 +165,7 @@
id = "local";
type = "ethernet";
};
ethernet = {};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
@ -177,7 +174,7 @@
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
};
HH40V_39F5 = {
@ -185,12 +182,12 @@
id = "HH40V_39F5";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
@ -207,12 +204,12 @@
id = "magicant";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = {};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "magicant";
@ -230,15 +227,16 @@
id = "PIA Sweden";
type = "vpn";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
vpn = {
auth = "sha1";
ca = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
ca =
"${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
challenge-response-flags = "2";
cipher = "aes-128-cbc";
compress = "yes";
@ -252,7 +250,7 @@
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER";
};
vpn-secrets = {password = "$VPNPASS";};
vpn-secrets = { password = "$VPNPASS"; };
};
Hotspot = {
@ -261,12 +259,12 @@
id = "Hotspot";
type = "wifi";
};
ipv4 = {method = "shared";};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = {};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-fourside";
@ -279,11 +277,12 @@
psk = "$HOTSPOT";
};
};
};
};
};
systemd.services.NetworkManager-ensure-profiles.after = ["NetworkManager.service"];
systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
time.timeZone = "Europe/Vienna";
@ -303,19 +302,20 @@
};
sops = {
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
swarseluser = {neededForUsers = true;};
ernest = {};
frauns = {};
hotspot = {};
eduid = {};
edupass = {};
handyhotspot = {};
vpnuser = {};
vpnpass = {};
swarseluser = { neededForUsers = true; };
ernest = { };
frauns = { };
hotspot = { };
eduid = { };
edupass = { };
handyhotspot = { };
vpnuser = { };
vpnpass = { };
};
templates = {
"network-manager.env".content = ''
@ -383,7 +383,7 @@
#lsp-bridge / python
gcc
gdb
(python3.withPackages (ps: with ps; [jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
(python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# --------------------------------------------
@ -405,7 +405,9 @@
tar xvf $src -C $out/
mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
'';
})
];
programs = {
@ -416,15 +418,15 @@
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [zsh];
environment.pathsToLink = ["/share/zsh"];
environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ];
services.blueman.enable = true;
# enable scanners over network
hardware.sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
extraBackends = [ pkgs.sane-airscan ];
};
# enable discovery and usage of network devices (esp. printers)
@ -454,26 +456,28 @@
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig = let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
udevmonConfig =
let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in
''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
in ''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
};
programs.ssh.startAgent = false;
@ -505,4 +509,5 @@
environment.etc."greetd/environments".text = ''
sway
'';
}

19
profiles/fourside/hardware-configuration.nix
View file

@ -1,20 +1,19 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26";
@ -27,7 +26,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a";}
{ device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

74
profiles/fourside/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -24,7 +24,7 @@
packages = with pkgs; [
];
};
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -34,6 +34,7 @@
temperature.input-filename = "temp1_input";
};
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
@ -52,6 +53,7 @@
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
@ -72,6 +74,7 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -90,41 +93,40 @@
};
workspaceOutputAssign = [
{
output = "eDP-1";
workspace = "1:";
}
{
output = "DP-4";
workspace = "2:";
}
{ output = "eDP-1"; workspace = "1:"; }
{ output = "DP-4"; workspace = "2:"; }
];
keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
"XF86Display" = "exec wl-mirror eDP-1";
# these are left open to use
# "XF86WLAN" = "exec wl-mirror eDP-1";
# "XF86Messenger" = "exec wl-mirror eDP-1";
# "XF86Go" = "exec wl-mirror eDP-1";
# "XF86Favorites" = "exec wl-mirror eDP-1";
# "XF86HomePage" = "exec wtype -P Escape -p Escape";
# "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%";
# "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5% ";
"XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle";
};
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
"XF86Display" = "exec wl-mirror eDP-1";
# these are left open to use
# "XF86WLAN" = "exec wl-mirror eDP-1";
# "XF86Messenger" = "exec wl-mirror eDP-1";
# "XF86Go" = "exec wl-mirror eDP-1";
# "XF86Favorites" = "exec wl-mirror eDP-1";
# "XF86HomePage" = "exec wtype -P Escape -p Escape";
# "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%";
# "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5% ";
"XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle";
};
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};

53
profiles/fourside/nixos.nix
View file

@ -1,17 +1,17 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
#
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports = [
./hardware-configuration.nix
];
#
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
@ -24,7 +24,7 @@
# kernelPackages = pkgs.linuxPackages_latest;
};
sops.age.sshKeyPaths = ["${config.users.users.swarsel.home}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
networking = {
hostName = "fourside"; # Define your hostname.
@ -33,27 +33,15 @@
firewall.checkReversePath = false;
firewall = {
enable = true;
allowedUDPPorts = [4380 27036 14242 34197 51820]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPorts = []; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPortRanges = [
{
from = 27015;
to = 27030;
} # barotrauma
{
from = 27036;
to = 27037;
} # barotrauma
{ from = 27015; to = 27030; } # barotrauma
{ from = 27036; to = 27037; } # barotrauma
];
allowedUDPPortRanges = [
{
from = 27000;
to = 27031;
} # barotrauma
{
from = 58962;
to = 58964;
} # barotrauma
{ from = 27000; to = 27031; } # barotrauma
{ from = 58962; to = 58964; } # barotrauma
];
};
};
@ -106,7 +94,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -117,6 +105,7 @@
};
};
hardware = {
graphics = {
enable = true;
@ -162,8 +151,8 @@
isNormalUser = true;
description = "Leon S";
hashedPasswordFile = config.sops.secrets.swarseluser.path;
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
@ -177,4 +166,6 @@
];
system.stateVersion = "23.05";
}

2
profiles/mysticant/configuration.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
{ pkgs, ... }: {
environment.packages = with pkgs; [
vim
git

8
profiles/remote/oracle/matrix/hardware-configuration.nix
View file

@ -1,5 +1,5 @@
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
@ -9,8 +9,8 @@
device = "/dev/disk/by-uuid/A1B2-7E6F";
fsType = "vfat";
};
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/mapper/ocivolume-root";
fsType = "xfs";

37
profiles/remote/oracle/matrix/nixos.nix
View file

@ -1,11 +1,9 @@
{
config,
pkgs,
sops,
...
}: let
{ config, pkgs, sops, ... }:
let
matrixDomain = "swatrix.swarsel.win";
in {
in
{
imports = [
./hardware-configuration.nix
];
@ -24,19 +22,19 @@ in {
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
dnstokenfull = {owner = "acme";};
matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner = "matrix-synapse";};
dnstokenfull = { owner = "acme"; };
matrixsharedsecret = { owner = "matrix-synapse"; };
mautrixtelegram_as = { owner = "matrix-synapse"; };
mautrixtelegram_hs = { owner = "matrix-synapse"; };
mautrixtelegram_api_id = { owner = "matrix-synapse"; };
mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
};
templates = {
"certs.secret".content = ''
@ -82,6 +80,7 @@ in {
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"swatrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -169,13 +168,13 @@ in {
listeners = [
{
port = 8008;
bind_addresses = ["0.0.0.0"];
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
names = [ "client" "federation" ];
compress = true;
}
];
@ -291,6 +290,7 @@ in {
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
@ -317,7 +317,7 @@ in {
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -336,4 +336,5 @@ in {
User = "root";
};
};
}

19
profiles/remote/oracle/sync/hardware-configuration.nix
View file

@ -1,17 +1,16 @@
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a";
@ -24,7 +23,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9";}
{ device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

16
profiles/remote/oracle/sync/nixos.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
./hardware-configuration.nix
];
@ -18,14 +16,14 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
validateSopsFiles = false;
secrets.swarsel = {owner = "root";};
secrets.dnstokenfull = {owner = "acme";};
secrets.swarsel = { owner = "root"; };
secrets.dnstokenfull = { owner = "acme"; };
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
@ -46,6 +44,7 @@
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"synki.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -161,4 +160,5 @@
};
};
};
}

19
profiles/sandbox/hardware-configuration.nix
View file

@ -1,27 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

133
profiles/sandbox/nixos.nix
View file

@ -1,11 +1,9 @@
{
config,
pkgs,
sops,
...
}: let
{ config, pkgs, sops, ... }:
let
matrixDomain = "swatrix.swarsel.win";
in {
in
{
imports = [
./hardware-configuration.nix
];
@ -14,9 +12,9 @@ in {
enable = true;
device = "/dev/sda";
useOSProber = true;
supportedFilesystems = ["zfs"];
supportedFilesystems = [ "zfs" ];
zfs.forceImportRoot = false;
kernelModules = ["tun"];
kernelModules = [ "tun" ];
kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
@ -57,8 +55,8 @@ in {
users = {
groups = {
vpn = {};
mpd = {};
vpn = { };
mpd = { };
navidrome = {
gid = 61593;
};
@ -68,7 +66,7 @@ in {
};
users = {
jellyfin = {
extraGroups = ["video" "render"];
extraGroups = [ "video" "render" ];
};
vpn = {
isNormalUser = true;
@ -79,24 +77,24 @@ in {
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
spotifyd = {
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = ["networkmanager" "wheel" "lp"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" ];
packages = with pkgs; [ ];
};
root = {
openssh.authorizedKeys.keyFiles = [
@ -109,10 +107,12 @@ in {
fileSystems."/mnt/Eternor" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
options =
let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in
[ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ];
};
environment = {
@ -137,26 +137,31 @@ in {
zfs
];
etc = {
"openvpn/iptables.sh" = {
source = ../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" = {
source = ../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" = {
source = ../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" = {
source = ../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" = {
source = ../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
"openvpn/iptables.sh" =
{
source = ../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{
source = ../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{
source = ../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{
source = ../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{
source = ../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
shellAliases = {
nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
@ -165,7 +170,7 @@ in {
systemd = {
timers."restart-bridges" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -185,7 +190,7 @@ in {
};
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
@ -194,19 +199,19 @@ in {
};
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml";
validateSopsFiles = false;
secrets = {
dnstokenfull = {owner = "acme";};
kavita = {owner = "kavita";};
vpnuser = {};
rpcuser = {owner = "vpn";};
vpnpass = {};
rpcpass = {owner = "vpn";};
vpnprot = {};
vpnloc = {};
mpdpass = {owner = "mpd";};
dnstokenfull = { owner = "acme"; };
kavita = { owner = "kavita"; };
vpnuser = { };
rpcuser = { owner = "vpn"; };
vpnpass = { };
rpcpass = { owner = "vpn"; };
vpnprot = { };
vpnloc = { };
mpdpass = { owner = "mpd"; };
};
templates = {
"transmission-rpc" = {
@ -269,12 +274,10 @@ in {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
nginx = {
@ -284,6 +287,7 @@ in {
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -318,6 +322,7 @@ in {
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -512,6 +517,9 @@ in {
# MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
# '';
# ----------------
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
@ -560,13 +568,13 @@ in {
settings.listeners = [
{
port = 8008;
bind_addresses = ["0.0.0.0"];
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
names = [ "client" "federation" ];
compress = true;
}
];
@ -678,6 +686,7 @@ in {
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
@ -741,6 +750,7 @@ in {
];
};
spotifyd = {
enable = true;
settings = {
@ -789,6 +799,7 @@ in {
};
};
avahi = {
publish.enable = true;
publish.userServices = true;

8
profiles/server1/TEMPLATE/nixos.nix
View file

@ -1,8 +1,6 @@
{ pkgs, modulesPath, ... }:
{
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
@ -18,7 +16,7 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself

14
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--120--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

15
profiles/server1/calibre/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -30,13 +27,13 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
validateSopsFiles = false;
secrets.kavita = {owner = "kavita";};
secrets.kavita = { owner = "kavita"; };
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -68,4 +65,6 @@
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
}

14
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,13 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--121--disk--0";
@ -19,7 +19,7 @@
fsType = "cifs";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

14
profiles/server1/jellyfin/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -24,7 +21,7 @@
};
users.users.jellyfin = {
extraGroups = ["video" "render"];
extraGroups = [ "video" "render" ];
};
services.xserver = {
@ -32,7 +29,7 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -59,7 +56,7 @@
};
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = {
enable = true;
@ -76,4 +73,5 @@
user = "jellyfin";
# openFirewall = true; # this works only for the default ports
};
}

14
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--102--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

47
profiles/server1/matrix/nixos.nix
View file

@ -1,12 +1,10 @@
{
config,
pkgs,
modulesPath,
sops,
...
}: let
{ config, pkgs, modulesPath, sops, ... }:
let
matrixDomain = "matrix2.swarsel.win";
in {
in
{
services = {
xserver = {
layout = "us";
@ -15,16 +13,14 @@ in {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -46,6 +42,7 @@ in {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -67,15 +64,15 @@ in {
];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner = "matrix-synapse";};
matrixsharedsecret = { owner = "matrix-synapse"; };
mautrixtelegram_as = { owner = "matrix-synapse"; };
mautrixtelegram_hs = { owner = "matrix-synapse"; };
mautrixtelegram_api_id = { owner = "matrix-synapse"; };
mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
};
templates = {
"matrix_user_register.sh".content = ''
@ -139,13 +136,13 @@ in {
listeners = [
{
port = 8008;
bind_addresses = ["0.0.0.0"];
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
names = [ "client" "federation" ];
compress = true;
}
];
@ -261,6 +258,7 @@ in {
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
@ -287,7 +285,7 @@ in {
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -306,4 +304,5 @@ in {
User = "root";
};
};
}

14
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--119--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

16
profiles/server1/nginx/nixos.nix
View file

@ -1,9 +1,5 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -22,13 +18,13 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
validateSopsFiles = false;
secrets.dnstokenfull = {owner = "acme";};
secrets.dnstokenfull = { owner = "acme"; };
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
@ -73,6 +69,7 @@
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -110,6 +107,7 @@
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -199,6 +197,8 @@
};
};
};
};
};
}

14
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--117--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

29
profiles/server1/paperless/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -17,16 +17,14 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -48,6 +46,8 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
users.groups.lxc_shares = {
gid = 10000;
members = [
@ -68,10 +68,10 @@
};
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
validateSopsFiles = false;
secrets.admin = {owner = "paperless";};
secrets.admin = { owner = "paperless"; };
};
services.paperless = {
@ -90,4 +90,5 @@
};
};
};
}

16
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,18 +1,18 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/mnt/data/images/118/vm-118-disk-0.raw";
fsType = "ext4";
options = ["loop"];
options = [ "loop" ];
};
fileSystems."/media" = {
@ -20,7 +20,7 @@
fsType = "cifs";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

34
profiles/server1/sound/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -17,16 +17,14 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -48,6 +46,8 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users = {
@ -65,7 +65,7 @@
gid = 61593;
};
mpd = {};
mpd = { };
};
users = {
@ -73,13 +73,13 @@
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
};
};
@ -103,10 +103,10 @@
];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
validateSopsFiles = false;
secrets.mpdpass = {owner = "mpd";};
secrets.mpdpass = { owner = "mpd"; };
};
services.navidrome = {

14
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--123--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

26
profiles/server1/spotifyd/nixos.nix
View file

@ -1,13 +1,14 @@
{ pkgs, modulesPath, ... }:
{
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -16,16 +17,14 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -47,6 +46,8 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users.groups.spotifyd = {
@ -57,7 +58,7 @@
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
sound = {
@ -88,4 +89,5 @@
};
};
};
}

14
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--122--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

85
profiles/server1/transmission/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -32,7 +29,7 @@
"root"
];
};
users.groups.vpn = {};
users.groups.vpn = { };
users.users.vpn = {
isNormalUser = true;
@ -45,15 +42,15 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false;
};
boot.kernelModules = ["tun"];
boot.kernelModules = [ "tun" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
@ -90,36 +87,39 @@
'';
};
environment.etc = {
"openvpn/iptables.sh" = {
source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" = {
source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" = {
source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" = {
source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" = {
source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
"openvpn/iptables.sh" =
{
source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{
source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{
source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{
source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{
source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
@ -177,12 +177,12 @@
'';
};
secrets = {
vpnuser = {};
rpcuser = {owner = "vpn";};
vpnpass = {};
rpcpass = {owner = "vpn";};
vpnprot = {};
vpnloc = {};
vpnuser = { };
rpcuser = { owner = "vpn"; };
vpnpass = { };
rpcpass = { owner = "vpn"; };
vpnprot = { };
vpnloc = { };
};
};
services.openvpn.servers = {
@ -199,6 +199,7 @@
user = "vpn";
group = "lxc_shares";
settings = {
alt-speed-down = 8000;
alt-speed-enabled = false;
alt-speed-time-begin = 0;
@ -269,4 +270,6 @@
utp-enabled = false;
};
};
}

19
profiles/threed/hardware-configuration.nix
View file

@ -1,20 +1,19 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8";
@ -27,7 +26,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699";}
{ device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

52
profiles/threed/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -16,6 +16,7 @@
'';
};
home = {
username = "swarsel";
homeDirectory = "/home/swarsel";
@ -25,7 +26,7 @@
];
};
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
programs.waybar.settings.mainBar = {
cpu.format = "{icon0} {icon1} {icon2} {icon3}";
@ -50,6 +51,7 @@
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
input = {
@ -74,26 +76,30 @@
};
};
keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
"${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1" = "exec brightnessctl set 5%-";
"${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
"${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
"${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
"${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
};
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
"${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1" = "exec brightnessctl set 5%-";
"${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
"${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
"${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
"${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
};
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
keycodebindings = {

23
profiles/threed/nixos.nix
View file

@ -1,11 +1,12 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
imports = [
./hardware-configuration.nix
];
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
@ -70,7 +71,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -81,15 +82,17 @@
};
};
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
];
system.stateVersion = "23.05";
}

38
profiles/winters/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -24,7 +24,7 @@
packages = with pkgs; [
];
};
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -34,6 +34,7 @@
temperature.input-filename = "temp1_input";
};
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
@ -52,6 +53,7 @@
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
@ -72,6 +74,7 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -91,16 +94,11 @@
};
workspaceOutputAssign = [
{
output = "eDP-1";
workspace = "1:";
}
{
output = "HDMI-A-1";
workspace = "2:";
}
{ output = "eDP-1"; workspace = "1:"; }
{ output = "HDMI-A-1"; workspace = "2:"; }
];
# keybindings = let
# inherit (config.wayland.windowManager.sway.config) modifier;
# in {
@ -108,12 +106,14 @@
# };
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};

29
profiles/winters/nixos.nix
View file

@ -1,13 +1,17 @@
{pkgs, ...}: {
#
{ pkgs, ... }:
{
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports = [
./hardware-configuration.nix
];
#
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
@ -27,8 +31,8 @@
firewall.checkReversePath = "strict";
firewall = {
enable = true;
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedTCPPortRanges = [
];
allowedUDPPortRanges = [
@ -84,7 +88,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -95,6 +99,7 @@
};
};
hardware = {
graphics = {
enable = true;
@ -117,8 +122,8 @@
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
@ -133,4 +138,6 @@
];
system.stateVersion = "23.05";
}