swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: code cleanup (nixpkgs-fmt style)

Browse source
This commit is contained in:
Swarsel 2024-07-20 00:21:55 +02:00
parent 2a08576697
commit dc66bb27dd
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
44 changed files with 1152 additions and 1138 deletions
Download patch file Download diff file Expand all files Collapse all files

146
flake.nix
View file

@ -2,6 +2,7 @@
description = "SwarseFlake - Nix Flake for all SwarselSystems";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -67,26 +68,29 @@
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {
nixpkgs,
nixpkgs-stable,
home-manager,
nix-on-droid,
emacs-overlay,
nur,
nixgl,
stylix,
sops-nix,
lanzaboote,
nixos-hardware,
nix-alien,
nixos-generators,
nswitch-rcm-nix,
nix-index-database,
...
}: let
outputs =
inputs@{ nixpkgs
, nixpkgs-stable
, home-manager
, nix-on-droid
, emacs-overlay
, nur
, nixgl
, stylix
, sops-nix
, lanzaboote
, nixos-hardware
, nix-alien
, nixos-generators
, nswitch-rcm-nix
, nix-index-database
, ...
}:
let
system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment
pkgs = import nixpkgs {
inherit system;
@ -110,11 +114,7 @@
nswitch-rcm-nix.nixosModules.nswitch-rcm
./profiles/common/nixos.nix
# dynamic library loading
({
self,
system,
...
}: {
({ self, system, ... }: {
environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [
nix-alien
];
@ -133,7 +133,10 @@
nix-index-database.hmModules.nix-index
./profiles/common/home.nix
];
in {
in
{
# NixOS setups - run home-manager as a NixOS module for better compatibility
# another benefit - full rebuild on nixos-rebuild switch
# run rebuild using `nswitch`
@ -142,17 +145,14 @@
# Make sure to move hardware-configuration to the appropriate location, by default it is found in /etc/nixos/.
nixosConfigurations = {
onett = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
modules =
nixModules
++ [
specialArgs = { inherit inputs pkgs; };
modules = nixModules ++ [
./profles/onett/nixos.nix
home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports =
mixedModules
++ [
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/onett/home.nix
];
}
@ -160,7 +160,7 @@
};
sandbox = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/sandbox/nixos.nix
@ -168,16 +168,12 @@
};
twoson = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
modules =
nixModules
++ [
specialArgs = { inherit inputs pkgs; };
modules = nixModules ++ [
./profiles/twoson/nixos.nix
home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports =
mixedModules
++ [
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/twoson/home.nix
];
}
@ -185,17 +181,13 @@
};
threed = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
modules =
nixModules
++ [
specialArgs = { inherit inputs pkgs; };
modules = nixModules ++ [
lanzaboote.nixosModules.lanzaboote
./profiles/threed/nixos.nix
home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports =
mixedModules
++ [
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/threed/home.nix
];
}
@ -203,17 +195,13 @@
};
fourside = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
modules =
nixModules
++ [
specialArgs = { inherit inputs pkgs; };
modules = nixModules ++ [
nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
./profiles/fourside/nixos.nix
home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports =
mixedModules
++ [
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/fourside/home.nix
];
}
@ -221,17 +209,13 @@
};
winters = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
modules =
nixModules
++ [
specialArgs = { inherit inputs pkgs; };
modules = nixModules ++ [
nixos-hardware.nixosModules.framework-16-inch-7040-amd
./profiles/winters/nixos.nix
home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports =
mixedModules
++ [
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/winters/home.nix
];
}
@ -239,16 +223,12 @@
};
stand = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
modules =
nixModules
++ [
specialArgs = { inherit inputs pkgs; };
modules = nixModules ++ [
./profiles/stand/nixos.nix
home-manager.nixosModules.home-manager
{
home-manager.users.homelen.imports =
mixedModules
++ [
home-manager.users.homelen.imports = mixedModules ++ [
./profiles/stand/home.nix
];
}
@ -256,7 +236,7 @@
};
nginx = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/server1/nginx/nixos.nix
@ -264,7 +244,7 @@
};
calibre = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/server1/calibre/nixos.nix
@ -272,7 +252,7 @@
};
jellyfin = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
# sops-nix.nixosModules.sops
./profiles/server1/jellyfin/nixos.nix
@ -280,7 +260,7 @@
};
transmission = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/server1/transmission/nixos.nix
@ -288,7 +268,7 @@
};
matrix = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
# this is to import a service module that is not on nixpkgs
# this way avoids infinite recursion errors
modules = [
@ -298,7 +278,7 @@
};
sound = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/server1/sound/nixos.nix
@ -306,7 +286,7 @@
};
spotifyd = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/server1/spotifyd/nixos.nix
@ -314,7 +294,7 @@
};
paperless = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/server1/paperless/nixos.nix
@ -323,7 +303,7 @@
#ovm swarsel
sync = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/remote/oracle/sync/nixos.nix
@ -332,7 +312,7 @@
#ovm swarsel
swatrix = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs;};
specialArgs = { inherit inputs pkgs; };
modules = [
sops-nix.nixosModules.sops
./profiles/remote/oracle/matrix/nixos.nix
@ -344,26 +324,28 @@
# run rebuild using `hmswitch`
homeConfigurations = {
"leons@PCisLee" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules =
homeModules
++ mixedModules
++ [
modules = homeModules ++ mixedModules ++ [
./profiles/surface/home.nix
];
};
};
nixOnDroidConfigurations = {
default = nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./profiles/mysticant/configuration.nix
];
};
};
packages.x86_64-linux = {
proxmox-lxc = nixos-generators.nixosGenerate {
inherit system;
modules = [
@ -371,6 +353,8 @@
];
format = "proxmox-lxc";
};
};
};
}

30
index.html
View file

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2024-07-20 Sa 00:04 -->
<!-- 2024-07-20 Sa 00:16 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>SwarselSystems: NixOS + Emacs Configuration</title>
@ -261,7 +261,7 @@
<li><a href="#h:5ef03803-e150-41bc-b603-e80d60d96efc">3.3.6. Linking dotfiles</a></li>
<li><a href="#h:4486b02f-4fb8-432b-bfa2-2e786206341d">3.3.7. Sourcing environment variables</a></li>
<li><a href="#h:070a75ce-e209-4cda-aa25-e979bbf75d47">3.3.8. Programs</a></li>
<li><a href="#org1d39a6e">3.3.9. nix-index</a></li>
<li><a href="#org05cfe0c">3.3.9. nix-index</a></li>
<li><a href="#h:ac0e5e62-0dbf-4782-9a96-9e558eae86ae">3.3.10. password-store</a></li>
<li><a href="#h:1ab84307-b3fb-4c32-9def-4b89a53a8547">3.3.11. direnv</a></li>
<li><a href="#h:1bd6b0c7-f201-43e2-9624-6c50de00a1f6">3.3.12. eza</a></li>
@ -329,7 +329,7 @@
<ul>
<li><a href="#h:99544398-72af-4382-b8e1-01b2221baff4">4.4.1. Org Mode</a></li>
<li><a href="#h:406c2ecc-0e3e-4d9f-9ae3-3eb1f8b87d1b">4.4.2. Nix Mode</a></li>
<li><a href="#org23b260b">4.4.3. nixpkgs-fmt</a></li>
<li><a href="#orgc3f7bff">4.4.3. nixpkgs-fmt</a></li>
<li><a href="#h:50327461-a11b-4e81-830a-90febc720cfa">4.4.4. Markdown Mode</a></li>
<li><a href="#h:65e69741-9860-4ed0-bbed-7b7be9a2a9d6">4.4.5. Olivetti</a></li>
<li><a href="#h:94d4a0dc-b0d7-4702-b760-beeaa6da2b8f">4.4.6. darkroom</a></li>
@ -389,7 +389,7 @@
</div>
</div>
<p>
<b>This file has 41226 words spanning 10979 lines and was last revised on 2024-07-20 00:04:46 +0200.</b>
<b>This file has 41230 words spanning 10979 lines and was last revised on 2024-07-20 00:16:24 +0200.</b>
</p>
<p>
@ -439,7 +439,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry
</p>
<p>
My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-20 00:04:46 +0200)
My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-20 00:16:24 +0200)
</p></li>
</ul>
@ -6993,8 +6993,8 @@ programs = {
</li>
</ol>
</div>
<div id="outline-container-org1d39a6e" class="outline-4">
<h4 id="org1d39a6e"><span class="section-number-4">3.3.9.</span> nix-index</h4>
<div id="outline-container-org05cfe0c" class="outline-4">
<h4 id="org05cfe0c"><span class="section-number-4">3.3.9.</span> nix-index</h4>
<div class="outline-text-4" id="text-3-3-9">
<p>
nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for <code>command-not-found.sh</code>, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output.
@ -9266,10 +9266,10 @@ We set a hook that runs everytime we save the file. It would be a bit more effic
</p>
<div class="org-src-container">
<pre class="src src-emacs-lisp">(defun run-alejandra ()
<pre class="src src-emacs-lisp">(defun swarsel/run-formatting ()
(interactive)
(let ((default-directory (expand-file-name "~/.dotfiles")))
(shell-command "alejandra . -q")))
(shell-command "nixpkgs-fmt . &gt; /dev/null")))
(defun swarsel/org-babel-tangle-config ()
(when (string-equal (buffer-file-name)
@ -9278,7 +9278,7 @@ We set a hook that runs everytime we save the file. It would be a bit more effic
(let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html)
(org-babel-tangle)
(run-alejandra))))
(swarsel/run-formatting))))
(setq org-html-htmlize-output-type nil)
@ -9391,7 +9391,7 @@ The standard Emacs behaviour for the Python process shell is a bit annoying. Thi
</div>
</div>
</li>
<li><a id="org58d332d"></a>Nix common prefix bracketer<br />
<li><a id="org5914746"></a>Nix common prefix bracketer<br />
<div class="outline-text-5" id="text-4-2-1-15">
<p>
This function searches for common delimiters in region and removes them, summarizing all captured lines by it.
@ -9424,7 +9424,7 @@ This function searches for common delimiters in region and removes them, summari
</div>
</div>
</li>
<li><a id="orge56e7f4"></a>Nix formatters<br />
<li><a id="orgd08d04a"></a>Nix formatters<br />
<div class="outline-text-5" id="text-4-2-1-16">
<p>
This formats the org code block at <code>point</code> in accordance to the <code>nixpkgs-fmt</code> formatter
@ -10997,8 +10997,8 @@ This adds a rudimentary nix-mode to Emacs. I have not really tried this out, as
</div>
</div>
</div>
<div id="outline-container-org23b260b" class="outline-4">
<h4 id="org23b260b"><span class="section-number-4">4.4.3.</span> nixpkgs-fmt</h4>
<div id="outline-container-orgc3f7bff" class="outline-4">
<h4 id="orgc3f7bff"><span class="section-number-4">4.4.3.</span> nixpkgs-fmt</h4>
<div class="outline-text-4" id="text-4-4-3">
<p>
Adds functions for formatting nix code.
@ -13013,7 +13013,7 @@ My laptop, sadly soon to be replaced by a new one, since most basic functions ar
</div>
<div id="postamble" class="status">
<p class="author">Author: Leon Schwarzäugl</p>
<p class="date">Created: 2024-07-20 Sa 00:04</p>
<p class="date">Created: 2024-07-20 Sa 00:16</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>

31
profiles/TEMPLATE/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -29,7 +29,7 @@
];
};
# update path if the sops private key is stored somewhere else
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -109,6 +109,7 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -119,21 +120,25 @@
};
};
keybindings = let
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
in
{
# TEMPLATE
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
# "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
};
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};

18
profiles/TEMPLATE/nixos.nix
View file

@ -1,8 +1,14 @@
{pkgs, ...}: {
imports = [
{ pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "TEMPLATE";
greetd.settings.initial_session.user = "TEMPLATE";
@ -67,7 +73,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -78,6 +84,7 @@
};
};
# Configure keymap in X11 (only used for login)
services.xserver = {
layout = "us";
@ -87,12 +94,13 @@
users.users.TEMPLATE = {
isNormalUser = true;
description = "TEMPLATE";
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

209
profiles/common/home.nix
View file

@ -1,10 +1,8 @@
{ config, pkgs, fetchFromGitHub, ... }:
{
config,
pkgs,
fetchFromGitHub,
...
}: {
home.packages = with pkgs; [
# audio stuff
spek # spectrum analyzer
losslessaudiochecker
@ -20,7 +18,7 @@
simple-scan
# dict
(aspellWithDicts (dicts: with dicts; [de en en-computers en-science]))
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
# utilities
util-linux
@ -150,21 +148,13 @@
# latex and related packages
(pkgs.texlive.combine {
inherit
(pkgs.texlive)
scheme-full
dvisvgm
dvipng # for preview and export as html
wrapfig
amsmath
ulem
hyperref
capt-of
;
inherit (pkgs.texlive) scheme-full
dvisvgm dvipng# for preview and export as html
wrapfig amsmath ulem hyperref capt-of;
})
# font stuff
(nerdfonts.override {fonts = ["FiraMono" "FiraCode" "NerdFontsSymbolsOnly"];})
(nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; })
noto-fonts-emoji
font-awesome_5
noto-fonts
@ -180,7 +170,7 @@
url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
};
extraPkgs = pkgs: with pkgs; [];
extraPkgs = pkgs: with pkgs; [ ];
};
in
writeScriptBin "cura" ''
@ -237,7 +227,7 @@
(pkgs.writeShellApplication {
name = "pass-fuzzel";
runtimeInputs = [pkgs.pass pkgs.fuzzel];
runtimeInputs = [ pkgs.pass pkgs.fuzzel ];
text = ''
shopt -s nullglob globstar
@ -268,7 +258,7 @@
(pkgs.writeShellApplication {
name = "pass-fuzzel-otp";
runtimeInputs = [pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))];
runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ];
text = ''
shopt -s nullglob globstar
@ -299,7 +289,7 @@
(pkgs.writeShellApplication {
name = "cdw";
runtimeInputs = [pkgs.fzf];
runtimeInputs = [ pkgs.fzf ];
text = ''
cd "$(git worktree list | fzf | awk '{print $1}')"
'';
@ -307,7 +297,7 @@
(pkgs.writeShellApplication {
name = "cdb";
runtimeInputs = [pkgs.fzf];
runtimeInputs = [ pkgs.fzf ];
text = ''
git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')"
'';
@ -319,17 +309,18 @@
cp "$1"{,.bak}
'';
})
];
sops = {
defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";};
nautilus = {path = "/run/user/1000/secrets/nautilus";};
leon = {path = "/run/user/1000/secrets/leon";};
swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
nautilus = { path = "/run/user/1000/secrets/nautilus"; };
leon = { path = "/run/user/1000/secrets/leon"; };
swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
};
};
@ -431,12 +422,13 @@
stylix.targets.emacs.enable = false;
xdg.desktopEntries = {
cura = {
name = "Ultimaker Cura";
genericName = "Cura";
exec = "cura";
terminal = false;
categories = ["Application"];
categories = [ "Application" ];
};
anki = {
@ -444,7 +436,7 @@
genericName = "Anki";
exec = "anki";
terminal = false;
categories = ["Application"];
categories = [ "Application" ];
};
# schlidichat = {
@ -460,7 +452,7 @@
genericName = "Element";
exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
terminal = false;
categories = ["Application"];
categories = [ "Application" ];
};
emacsclient-newframe = {
@ -469,8 +461,9 @@
exec = "emacsclient -r %u";
icon = "emacs";
terminal = false;
categories = ["Development" "TextEditor"];
categories = [ "Development" "TextEditor" ];
};
};
home.file = {
@ -519,25 +512,27 @@
zoxide.enable = true;
};
programs.nix-index = let
command-not-found = pkgs.runCommandLocal "command-not-found.sh" {} ''
programs.nix-index =
let
command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } ''
mkdir -p $out/etc/profile.d
substitute ${../../scripts/command-not-found.sh} \
$out/etc/profile.d/command-not-found.sh \
--replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
--replace @tput@ ${pkgs.ncurses}/bin/tput
'';
in {
in
{
enable = true;
package = pkgs.symlinkJoin {
name = "nix-index";
paths = [command-not-found];
paths = [ command-not-found ];
};
};
programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [exts.pass-otp]);
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
programs.direnv = {
@ -771,7 +766,7 @@
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.msmtp = {
enable = true;
@ -804,7 +799,7 @@
enable = true;
create = "maildir";
expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
@ -854,7 +849,7 @@
enable = true;
create = "maildir";
expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
@ -881,7 +876,7 @@
enable = true;
create = "maildir";
expunge = "both";
patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
@ -922,7 +917,7 @@
rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
};
packageRequires = [epkgs.howm];
packageRequires = [ epkgs.howm ];
})
(epkgs.trivialBuild rec {
@ -934,21 +929,23 @@
rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
};
packageRequires = [];
packageRequires = [ ];
})
];
};
};
programs.waybar = {
enable = true;
# systemd.enable = true;
settings = {
mainBar = {
layer = "top";
position = "top";
modules-left = ["sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"];
modules-center = ["sway/mode" "custom/configwarn"];
modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ];
modules-center = [ "sway/mode" "custom/configwarn" ];
"sway/mode" = {
format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
};
@ -993,6 +990,7 @@
critical-threshold = 80;
format-critical = " {temperatureC}°C";
format = " {temperatureC}°C";
};
mpris = {
@ -1077,9 +1075,10 @@
cpu = {
min-length = 6;
interval = 5;
format-icons = ["" "" "" "" "" "" "" ""];
format-icons = [ "" "" "" "" "" "" "" "" ];
# on-click-right= "com.github.stsdc.monitor";
on-click-right = "kitty -o confirm_os_window_close=0 btm";
};
battery = {
states = {
@ -1174,68 +1173,48 @@
search.engines = {
"Nix Packages" = {
urls = [
{
urls = [{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"];
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [
{
urls = [{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}
];
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@nw"];
definedAliases = [ "@nw" ];
};
"NixOS Options" = {
urls = [
{
urls = [{
template = "https://search.nixos.org/options";
params = [
{
name = "query";
value = "{searchTerms}";
}
];
}
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@no"];
definedAliases = [ "@no" ];
};
"Home Manager Options" = {
urls = [
{
urls = [{
template = "https://home-manager-options.extranix.com/";
params = [
{
name = "query";
value = "{searchTerms}";
}
];
}
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@hm" "@ho" "@hmo"];
definedAliases = [ "@hm" "@ho" "@hmo" ];
};
"Google".metaData.alias = "@g";
@ -1311,10 +1290,12 @@ group-by=category
modifier = "Mod4";
terminal = "kitty";
menu = "fuzzel";
bars = [{command = "waybar";}];
keybindings = let
bars = [{ command = "waybar"; }];
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
in
{
"${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox";
"${modifier}+Space" = "exec fuzzel";
@ -1395,41 +1376,41 @@ group-by=category
};
defaultWorkspace = "workspace 1:";
startup = [
{command = "kitty -T kittyterm";}
{command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";}
{ command = "kitty -T kittyterm"; }
{ command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
];
window = {
border = 1;
titlebar = false;
};
assigns = {
"1:" = [{app_id = "firefox";}];
"1:" = [{ app_id = "firefox"; }];
};
floating = {
border = 1;
criteria = [
{title = "^Picture-in-Picture$";}
{app_id = "qalculate-gtk";}
{app_id = "org.gnome.clocks";}
{app_id = "com.github.stsdc.monitor";}
{app_id = "blueman";}
{app_id = "pavucontrol";}
{app_id = "syncthingtray";}
{title = "Syncthing Tray";}
{app_id = "SchildiChat";}
{app_id = "Element";}
{app_id = "com.nextcloud.desktopclient.nextcloud";}
{app_id = "gnome-system-monitor";}
{title = "(?:Open|Save) (?:File|Folder|As)";}
{title = "^Add$";}
{title = "com-jgoodies-jdiskreport-JDiskReport";}
{app_id = "discord";}
{window_role = "pop-up";}
{window_role = "bubble";}
{window_role = "dialog";}
{window_role = "task_dialog";}
{window_role = "menu";}
{window_role = "Preferences";}
{ title = "^Picture-in-Picture$"; }
{ app_id = "qalculate-gtk"; }
{ app_id = "org.gnome.clocks"; }
{ app_id = "com.github.stsdc.monitor"; }
{ app_id = "blueman"; }
{ app_id = "pavucontrol"; }
{ app_id = "syncthingtray"; }
{ title = "Syncthing Tray"; }
{ app_id = "SchildiChat"; }
{ app_id = "Element"; }
{ app_id = "com.nextcloud.desktopclient.nextcloud"; }
{ app_id = "gnome-system-monitor"; }
{ title = "(?:Open|Save) (?:File|Folder|As)"; }
{ title = "^Add$"; }
{ title = "com-jgoodies-jdiskreport-JDiskReport"; }
{ app_id = "discord"; }
{ window_role = "pop-up"; }
{ window_role = "bubble"; }
{ window_role = "dialog"; }
{ window_role = "task_dialog"; }
{ window_role = "menu"; }
{ window_role = "Preferences"; }
];
titlebar = false;
};
@ -1479,6 +1460,7 @@ group-by=category
# };
# }
{
command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
criteria = {
class = "Spotify";
@ -1523,7 +1505,8 @@ group-by=category
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
# exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
# ";
extraConfig = let
extraConfig =
let
inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = "
blur enable
@ -1535,7 +1518,8 @@ group-by=category
titlebar_separator disable
default_dim_inactive 0.02
";
in "
in
"
exec_always autotiling
set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"
mode $exit {
@ -1558,4 +1542,5 @@ group-by=category
";
};
}

83
profiles/common/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
@ -16,7 +13,7 @@
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
users.mutableUsers = false;
@ -50,7 +47,7 @@
nix.optimise = {
automatic = true;
dates = ["weekly"];
dates = [ "weekly" ];
};
# systemd
@ -127,12 +124,12 @@
cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87";
};
ipv4 = {method = "shared";};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
};
eduroam = {
@ -146,12 +143,12 @@
id = "eduroam";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = {};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
@ -168,7 +165,7 @@
id = "local";
type = "ethernet";
};
ethernet = {};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
@ -177,7 +174,7 @@
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
};
HH40V_39F5 = {
@ -185,12 +182,12 @@
id = "HH40V_39F5";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
@ -207,12 +204,12 @@
id = "magicant";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = {};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "magicant";
@ -230,15 +227,16 @@
id = "PIA Sweden";
type = "vpn";
};
ipv4 = {method = "auto";};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
proxy = { };
vpn = {
auth = "sha1";
ca = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
ca =
"${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
challenge-response-flags = "2";
cipher = "aes-128-cbc";
compress = "yes";
@ -252,7 +250,7 @@
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER";
};
vpn-secrets = {password = "$VPNPASS";};
vpn-secrets = { password = "$VPNPASS"; };
};
Hotspot = {
@ -261,12 +259,12 @@
id = "Hotspot";
type = "wifi";
};
ipv4 = {method = "shared";};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = {};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-fourside";
@ -279,11 +277,12 @@
psk = "$HOTSPOT";
};
};
};
};
};
systemd.services.NetworkManager-ensure-profiles.after = ["NetworkManager.service"];
systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
time.timeZone = "Europe/Vienna";
@ -303,19 +302,20 @@
};
sops = {
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
swarseluser = {neededForUsers = true;};
ernest = {};
frauns = {};
hotspot = {};
eduid = {};
edupass = {};
handyhotspot = {};
vpnuser = {};
vpnpass = {};
swarseluser = { neededForUsers = true; };
ernest = { };
frauns = { };
hotspot = { };
eduid = { };
edupass = { };
handyhotspot = { };
vpnuser = { };
vpnpass = { };
};
templates = {
"network-manager.env".content = ''
@ -383,7 +383,7 @@
#lsp-bridge / python
gcc
gdb
(python3.withPackages (ps: with ps; [jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
(python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# --------------------------------------------
@ -405,7 +405,9 @@
tar xvf $src -C $out/
mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
'';
})
];
programs = {
@ -416,15 +418,15 @@
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [zsh];
environment.pathsToLink = ["/share/zsh"];
environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ];
services.blueman.enable = true;
# enable scanners over network
hardware.sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
extraBackends = [ pkgs.sane-airscan ];
};
# enable discovery and usage of network devices (esp. printers)
@ -454,7 +456,8 @@
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig = let
udevmonConfig =
let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
@ -465,7 +468,8 @@
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in ''
in
''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
@ -505,4 +509,5 @@
environment.etc."greetd/environments".text = ''
sway
'';
}

19
profiles/fourside/hardware-configuration.nix
View file

@ -1,20 +1,19 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26";
@ -27,7 +26,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a";}
{ device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

44
profiles/fourside/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -24,7 +24,7 @@
packages = with pkgs; [
];
};
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -34,6 +34,7 @@
temperature.input-filename = "temp1_input";
};
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
@ -52,6 +53,7 @@
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
@ -72,6 +74,7 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -90,19 +93,16 @@
};
workspaceOutputAssign = [
{
output = "eDP-1";
workspace = "1:";
}
{
output = "DP-4";
workspace = "2:";
}
{ output = "eDP-1"; workspace = "1:"; }
{ output = "DP-4"; workspace = "2:"; }
];
keybindings = let
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
in
{
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
@ -119,12 +119,14 @@
};
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};

45
profiles/fourside/nixos.nix
View file

@ -1,15 +1,15 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports = [
imports =
[
./hardware-configuration.nix
];
@ -24,7 +24,7 @@
# kernelPackages = pkgs.linuxPackages_latest;
};
sops.age.sshKeyPaths = ["${config.users.users.swarsel.home}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
networking = {
hostName = "fourside"; # Define your hostname.
@ -33,27 +33,15 @@
firewall.checkReversePath = false;
firewall = {
enable = true;
allowedUDPPorts = [4380 27036 14242 34197 51820]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPorts = []; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPortRanges = [
{
from = 27015;
to = 27030;
} # barotrauma
{
from = 27036;
to = 27037;
} # barotrauma
{ from = 27015; to = 27030; } # barotrauma
{ from = 27036; to = 27037; } # barotrauma
];
allowedUDPPortRanges = [
{
from = 27000;
to = 27031;
} # barotrauma
{
from = 58962;
to = 58964;
} # barotrauma
{ from = 27000; to = 27031; } # barotrauma
{ from = 58962; to = 58964; } # barotrauma
];
};
};
@ -106,7 +94,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -117,6 +105,7 @@
};
};
hardware = {
graphics = {
enable = true;
@ -162,8 +151,8 @@
isNormalUser = true;
description = "Leon S";
hashedPasswordFile = config.sops.secrets.swarseluser.path;
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
@ -177,4 +166,6 @@
];
system.stateVersion = "23.05";
}

2
profiles/mysticant/configuration.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
{ pkgs, ... }: {
environment.packages = with pkgs; [
vim
git

8
profiles/remote/oracle/matrix/hardware-configuration.nix
View file

@ -1,5 +1,5 @@
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
@ -9,8 +9,8 @@
device = "/dev/disk/by-uuid/A1B2-7E6F";
fsType = "vfat";
};
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/mapper/ocivolume-root";
fsType = "xfs";

37
profiles/remote/oracle/matrix/nixos.nix
View file

@ -1,11 +1,9 @@
{
config,
pkgs,
sops,
...
}: let
{ config, pkgs, sops, ... }:
let
matrixDomain = "swatrix.swarsel.win";
in {
in
{
imports = [
./hardware-configuration.nix
];
@ -24,19 +22,19 @@ in {
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
dnstokenfull = {owner = "acme";};
matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner = "matrix-synapse";};
dnstokenfull = { owner = "acme"; };
matrixsharedsecret = { owner = "matrix-synapse"; };
mautrixtelegram_as = { owner = "matrix-synapse"; };
mautrixtelegram_hs = { owner = "matrix-synapse"; };
mautrixtelegram_api_id = { owner = "matrix-synapse"; };
mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
};
templates = {
"certs.secret".content = ''
@ -82,6 +80,7 @@ in {
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"swatrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -169,13 +168,13 @@ in {
listeners = [
{
port = 8008;
bind_addresses = ["0.0.0.0"];
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
names = [ "client" "federation" ];
compress = true;
}
];
@ -291,6 +290,7 @@ in {
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
@ -317,7 +317,7 @@ in {
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -336,4 +336,5 @@ in {
User = "root";
};
};
}

19
profiles/remote/oracle/sync/hardware-configuration.nix
View file

@ -1,17 +1,16 @@
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a";
@ -24,7 +23,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9";}
{ device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

16
profiles/remote/oracle/sync/nixos.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
./hardware-configuration.nix
];
@ -18,14 +16,14 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
validateSopsFiles = false;
secrets.swarsel = {owner = "root";};
secrets.dnstokenfull = {owner = "acme";};
secrets.swarsel = { owner = "root"; };
secrets.dnstokenfull = { owner = "acme"; };
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
@ -46,6 +44,7 @@
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"synki.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -161,4 +160,5 @@
};
};
};
}

19
profiles/sandbox/hardware-configuration.nix
View file

@ -1,27 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

95
profiles/sandbox/nixos.nix
View file

@ -1,11 +1,9 @@
{
config,
pkgs,
sops,
...
}: let
{ config, pkgs, sops, ... }:
let
matrixDomain = "swatrix.swarsel.win";
in {
in
{
imports = [
./hardware-configuration.nix
];
@ -14,9 +12,9 @@ in {
enable = true;
device = "/dev/sda";
useOSProber = true;
supportedFilesystems = ["zfs"];
supportedFilesystems = [ "zfs" ];
zfs.forceImportRoot = false;
kernelModules = ["tun"];
kernelModules = [ "tun" ];
kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
@ -57,8 +55,8 @@ in {
users = {
groups = {
vpn = {};
mpd = {};
vpn = { };
mpd = { };
navidrome = {
gid = 61593;
};
@ -68,7 +66,7 @@ in {
};
users = {
jellyfin = {
extraGroups = ["video" "render"];
extraGroups = [ "video" "render" ];
};
vpn = {
isNormalUser = true;
@ -79,24 +77,24 @@ in {
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
spotifyd = {
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = ["networkmanager" "wheel" "lp"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" ];
packages = with pkgs; [ ];
};
root = {
openssh.authorizedKeys.keyFiles = [
@ -109,10 +107,12 @@ in {
fileSystems."/mnt/Eternor" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
options = let
options =
let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
in
[ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ];
};
environment = {
@ -137,23 +137,28 @@ in {
zfs
];
etc = {
"openvpn/iptables.sh" = {
"openvpn/iptables.sh" =
{
source = ../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" = {
"openvpn/update-resolv-conf" =
{
source = ../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" = {
"openvpn/routing.sh" =
{
source = ../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" = {
"openvpn/ca.rsa.2048.crt" =
{
source = ../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" = {
"openvpn/crl.rsa.2048.pem" =
{
source = ../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
@ -165,7 +170,7 @@ in {
systemd = {
timers."restart-bridges" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -185,7 +190,7 @@ in {
};
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
@ -194,19 +199,19 @@ in {
};
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml";
validateSopsFiles = false;
secrets = {
dnstokenfull = {owner = "acme";};
kavita = {owner = "kavita";};
vpnuser = {};
rpcuser = {owner = "vpn";};
vpnpass = {};
rpcpass = {owner = "vpn";};
vpnprot = {};
vpnloc = {};
mpdpass = {owner = "mpd";};
dnstokenfull = { owner = "acme"; };
kavita = { owner = "kavita"; };
vpnuser = { };
rpcuser = { owner = "vpn"; };
vpnpass = { };
rpcpass = { owner = "vpn"; };
vpnprot = { };
vpnloc = { };
mpdpass = { owner = "mpd"; };
};
templates = {
"transmission-rpc" = {
@ -269,12 +274,10 @@ in {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}
];
}];
};
nginx = {
@ -284,6 +287,7 @@ in {
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -318,6 +322,7 @@ in {
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -512,6 +517,9 @@ in {
# MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
# '';
# ----------------
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
@ -560,13 +568,13 @@ in {
settings.listeners = [
{
port = 8008;
bind_addresses = ["0.0.0.0"];
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
names = [ "client" "federation" ];
compress = true;
}
];
@ -678,6 +686,7 @@ in {
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
@ -741,6 +750,7 @@ in {
];
};
spotifyd = {
enable = true;
settings = {
@ -789,6 +799,7 @@ in {
};
};
avahi = {
publish.enable = true;
publish.userServices = true;

8
profiles/server1/TEMPLATE/nixos.nix
View file

@ -1,8 +1,6 @@
{ pkgs, modulesPath, ... }:
{
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
@ -18,7 +16,7 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself

14
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--120--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

15
profiles/server1/calibre/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -30,13 +27,13 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
validateSopsFiles = false;
secrets.kavita = {owner = "kavita";};
secrets.kavita = { owner = "kavita"; };
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -68,4 +65,6 @@
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
}

14
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,13 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--121--disk--0";
@ -19,7 +19,7 @@
fsType = "cifs";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

14
profiles/server1/jellyfin/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -24,7 +21,7 @@
};
users.users.jellyfin = {
extraGroups = ["video" "render"];
extraGroups = [ "video" "render" ];
};
services.xserver = {
@ -32,7 +29,7 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -59,7 +56,7 @@
};
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = {
enable = true;
@ -76,4 +73,5 @@
user = "jellyfin";
# openFirewall = true; # this works only for the default ports
};
}

14
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--102--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

43
profiles/server1/matrix/nixos.nix
View file

@ -1,12 +1,10 @@
{
config,
pkgs,
modulesPath,
sops,
...
}: let
{ config, pkgs, modulesPath, sops, ... }:
let
matrixDomain = "matrix2.swarsel.win";
in {
in
{
services = {
xserver = {
layout = "us";
@ -15,16 +13,14 @@ in {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}
];
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -46,6 +42,7 @@ in {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -67,15 +64,15 @@ in {
];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner = "matrix-synapse";};
matrixsharedsecret = { owner = "matrix-synapse"; };
mautrixtelegram_as = { owner = "matrix-synapse"; };
mautrixtelegram_hs = { owner = "matrix-synapse"; };
mautrixtelegram_api_id = { owner = "matrix-synapse"; };
mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
};
templates = {
"matrix_user_register.sh".content = ''
@ -139,13 +136,13 @@ in {
listeners = [
{
port = 8008;
bind_addresses = ["0.0.0.0"];
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
names = [ "client" "federation" ];
compress = true;
}
];
@ -261,6 +258,7 @@ in {
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
@ -287,7 +285,7 @@ in {
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -306,4 +304,5 @@ in {
User = "root";
};
};
}

14
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--119--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

16
profiles/server1/nginx/nixos.nix
View file

@ -1,9 +1,5 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -22,13 +18,13 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
validateSopsFiles = false;
secrets.dnstokenfull = {owner = "acme";};
secrets.dnstokenfull = { owner = "acme"; };
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
@ -73,6 +69,7 @@
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -110,6 +107,7 @@
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -199,6 +197,8 @@
};
};
};
};
};
}

14
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--117--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

25
profiles/server1/paperless/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -17,16 +17,14 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}
];
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -48,6 +46,8 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
users.groups.lxc_shares = {
gid = 10000;
members = [
@ -68,10 +68,10 @@
};
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
validateSopsFiles = false;
secrets.admin = {owner = "paperless";};
secrets.admin = { owner = "paperless"; };
};
services.paperless = {
@ -90,4 +90,5 @@
};
};
};
}

16
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,18 +1,18 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/mnt/data/images/118/vm-118-disk-0.raw";
fsType = "ext4";
options = ["loop"];
options = [ "loop" ];
};
fileSystems."/media" = {
@ -20,7 +20,7 @@
fsType = "cifs";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

30
profiles/server1/sound/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -17,16 +17,14 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}
];
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -48,6 +46,8 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users = {
@ -65,7 +65,7 @@
gid = 61593;
};
mpd = {};
mpd = { };
};
users = {
@ -73,13 +73,13 @@
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
};
};
@ -103,10 +103,10 @@
];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
validateSopsFiles = false;
secrets.mpdpass = {owner = "mpd";};
secrets.mpdpass = { owner = "mpd"; };
};
services.navidrome = {

14
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--123--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

22
profiles/server1/spotifyd/nixos.nix
View file

@ -1,13 +1,14 @@
{ pkgs, modulesPath, ... }:
{
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -16,16 +17,14 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}
];
}];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
@ -47,6 +46,8 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users.groups.spotifyd = {
@ -57,7 +58,7 @@
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = ["audio" "utmp"];
extraGroups = [ "audio" "utmp" ];
};
sound = {
@ -88,4 +89,5 @@
};
};
};
}

14
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,20 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--122--disk--0";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

51
profiles/server1/transmission/nixos.nix
View file

@ -1,9 +1,6 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -32,7 +29,7 @@
"root"
];
};
users.groups.vpn = {};
users.groups.vpn = { };
users.users.vpn = {
isNormalUser = true;
@ -45,15 +42,15 @@
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false;
};
boot.kernelModules = ["tun"];
boot.kernelModules = [ "tun" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
@ -90,23 +87,28 @@
'';
};
environment.etc = {
"openvpn/iptables.sh" = {
"openvpn/iptables.sh" =
{
source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" = {
"openvpn/update-resolv-conf" =
{
source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" = {
"openvpn/routing.sh" =
{
source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" = {
"openvpn/ca.rsa.2048.crt" =
{
source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" = {
"openvpn/crl.rsa.2048.pem" =
{
source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
@ -114,12 +116,10 @@
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [
{
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}
];
}];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
@ -177,12 +177,12 @@
'';
};
secrets = {
vpnuser = {};
rpcuser = {owner = "vpn";};
vpnpass = {};
rpcpass = {owner = "vpn";};
vpnprot = {};
vpnloc = {};
vpnuser = { };
rpcuser = { owner = "vpn"; };
vpnpass = { };
rpcpass = { owner = "vpn"; };
vpnprot = { };
vpnloc = { };
};
};
services.openvpn.servers = {
@ -199,6 +199,7 @@
user = "vpn";
group = "lxc_shares";
settings = {
alt-speed-down = 8000;
alt-speed-enabled = false;
alt-speed-time-begin = 0;
@ -269,4 +270,6 @@
utp-enabled = false;
};
};
}

19
profiles/threed/hardware-configuration.nix
View file

@ -1,20 +1,19 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
{ config
, lib
, modulesPath
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8";
@ -27,7 +26,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699";}
{ device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

32
profiles/threed/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -16,6 +16,7 @@
'';
};
home = {
username = "swarsel";
homeDirectory = "/home/swarsel";
@ -25,7 +26,7 @@
];
};
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
programs.waybar.settings.mainBar = {
cpu.format = "{icon0} {icon1} {icon2} {icon3}";
@ -50,6 +51,7 @@
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
input = {
@ -74,9 +76,11 @@
};
};
keybindings = let
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
in
{
"${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1" = "exec brightnessctl set 5%-";
"${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
@ -88,12 +92,14 @@
};
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
keycodebindings = {

19
profiles/threed/nixos.nix
View file

@ -1,12 +1,13 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
imports = [
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
greetd.settings.initial_session.user = "swarsel";
@ -70,7 +71,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -81,15 +82,17 @@
};
};
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
];
system.stateVersion = "23.05";
}

38
profiles/winters/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -24,7 +24,7 @@
packages = with pkgs; [
];
};
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -34,6 +34,7 @@
temperature.input-filename = "temp1_input";
};
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
@ -52,6 +53,7 @@
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
@ -72,6 +74,7 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -91,16 +94,11 @@
};
workspaceOutputAssign = [
{
output = "eDP-1";
workspace = "1:";
}
{
output = "HDMI-A-1";
workspace = "2:";
}
{ output = "eDP-1"; workspace = "1:"; }
{ output = "HDMI-A-1"; workspace = "2:"; }
];
# keybindings = let
# inherit (config.wayland.windowManager.sway.config) modifier;
# in {
@ -108,12 +106,14 @@
# };
startup = [
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};

21
profiles/winters/nixos.nix
View file

@ -1,11 +1,15 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports = [
imports =
[
./hardware-configuration.nix
];
@ -27,8 +31,8 @@
firewall.checkReversePath = "strict";
firewall = {
enable = true;
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedTCPPortRanges = [
];
allowedUDPPortRanges = [
@ -84,7 +88,7 @@
};
monospace = {
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
@ -95,6 +99,7 @@
};
};
hardware = {
graphics = {
enable = true;
@ -117,8 +122,8 @@
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; [];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
@ -133,4 +138,6 @@
];
system.stateVersion = "23.05";
}

6
programs/emacs/init.el
View file

@ -171,10 +171,10 @@ create a new one."
visual-fill-column-center-text t)
(visual-fill-column-mode 1))
(defun run-alejandra ()
(defun swarsel/run-formatting ()
(interactive)
(let ((default-directory (expand-file-name "~/.dotfiles")))
(shell-command "alejandra . -q")))
(shell-command "nixpkgs-fmt . > /dev/null")))
(defun swarsel/org-babel-tangle-config ()
(when (string-equal (buffer-file-name)
@ -183,7 +183,7 @@ create a new one."
(let ((org-confirm-babel-evaluate nil))
(org-html-export-to-html)
(org-babel-tangle)
(run-alejandra))))
(swarsel/run-formatting))))
(setq org-html-htmlize-output-type nil)

8
templates/cpp_flake.nix
View file

@ -5,11 +5,13 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = {nixpkgs, ...}: let
outputs = { nixpkgs, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
llvm = pkgs.llvmPackages_latest;
in {
in
{
devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [
gcc
@ -25,7 +27,7 @@
valgrind
doxygen
];
hardeningDisable = ["all"];
hardeningDisable = [ "all" ];
# direnv does not allow aliases, use scripts as a workaround
shellHook = ''
PATH_add ~/.dotfiles/scripts/devShell

8
templates/cu_flake.nix
View file

@ -5,13 +5,15 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = {nixpkgs, ...}: let
outputs = { nixpkgs, ... }:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
in
{
devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [
# gcc
@ -39,7 +41,7 @@
python-pkgs.python-lsp-server
]))
];
hardeningDisable = ["all"];
hardeningDisable = [ "all" ];
# ...
};
};

6
templates/other_flake.nix
View file

@ -4,10 +4,12 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = {nixpkgs, ...}: let
outputs = { nixpkgs, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in {
in
{
devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [
# fill here

6
templates/py_flake.nix
View file

@ -4,10 +4,12 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = {nixpkgs, ...}: let
outputs = { nixpkgs, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in {
in
{
devShells.${system}.default = pkgs.mkShell {
packages = [
(pkgs.python3.withPackages (python-pkgs: [

16
templates/rust_flake.nix
View file

@ -5,18 +5,20 @@
rust-overlay.url = "github:oxalica/rust-overlay";
};
outputs = {
nixpkgs,
rust-overlay,
...
}: let
outputs =
{ nixpkgs
, rust-overlay
, ...
}:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
overlays = [rust-overlay.overlays.default];
overlays = [ rust-overlay.overlays.default ];
};
toolchain = pkgs.rust-bin.fromRustupToolchainFile ./toolchain.toml;
in {
in
{
devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [
cargo