lukas/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: lukas:plasma
Branches Tags
lukas:main
lukas:plasma
...
pull from: lukas:main
Branches Tags
lukas:main
lukas:plasma

No commits in common. "plasma" and "main" have entirely different histories.
plasma ... main

204 changed files with 3495 additions and 2419 deletions
Show stats Expand all files Collapse all files

9
.envrc Normal file
View file

@ -0,0 +1,9 @@
watch_file flake.nix
watch_file flake.lock
DEVENV_ROOT_FILE="$(mktemp)"
printf %s "$PWD" > "$DEVENV_ROOT_FILE"
if ! use flake . --override-input devenv-root "file+file://$DEVENV_ROOT_FILE"
then
echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2
fi

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
.direnv/
.devenv/
.pre-commit-config.yaml

17
.sops.yaml
View file

@ -1,17 +0,0 @@
keys:
- &admin_lukas age17nt4yca38wrlptapekwmkrjx232cruygty82qhvz3t7g7z4jq9fshdglks
- &host_glacier age190zn56uqtemazc4fjtc649h7634hl9zh6jzrmq478y2t94x8vswqv5q3j8
- &host_flamingo age1p55v299rqjg7ltz3h3suq2efrgsntn2ej9lzljw9prkx50x7hd4s7cnfcc
- &host_scenery age1nxr8lyst9eleuu9dyrnlwps8xschps42tfzwxfyvyy32n75rssfsayj52j
- &host_abacus age15hmzz0mdrrtlrxwdyv7wfwfs58vzcyg3esnf5ccu5vlg83a8aq6sqp95dv
- &host_vessel age1fvn3rex66xczhard8dcx0s38xdegvguyaepytu6kh9hndhheqqwqcgnc3y
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *admin_lukas
- *host_glacier
- *host_flamingo
- *host_scenery
- *host_abacus
- *host_vessel

121
LICENSE Normal file
View file

@ -0,0 +1,121 @@
Creative Commons Legal Code
CC0 1.0 Universal
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator
and subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for
the purpose of contributing to a commons of creative, cultural and
scientific works ("Commons") that the public can reliably and without fear
of later claims of infringement build upon, modify, incorporate in other
works, reuse and redistribute as freely as possible in any form whatsoever
and for any purposes, including without limitation commercial purposes.
These owners may contribute to the Commons to promote the ideal of a free
culture and the further production of creative, cultural and scientific
works, or to gain reputation or greater distribution for their Work in
part through the use and efforts of others.
For these and/or other purposes and motivations, and without any
expectation of additional consideration or compensation, the person
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
is an owner of Copyright and Related Rights in the Work, voluntarily
elects to apply CC0 to the Work and publicly distribute the Work under its
terms, with knowledge of his or her Copyright and Related Rights in the
Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not
limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display,
communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or
likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data
in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation
thereof, including any amended or successor version of such
directive); and
vii. other similar, equivalent or corresponding rights throughout the
world based on applicable law or treaty, and any national
implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention
of, applicable law, Affirmer hereby overtly, fully, permanently,
irrevocably and unconditionally waives, abandons, and surrenders all of
Affirmer's Copyright and Related Rights and associated claims and causes
of action, whether now known or unknown (including existing as well as
future claims and causes of action), in the Work (i) in all territories
worldwide, (ii) for the maximum duration provided by applicable law or
treaty (including future time extensions), (iii) in any current or future
medium and for any number of copies, and (iv) for any purpose whatsoever,
including without limitation commercial, advertising or promotional
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
member of the public at large and to the detriment of Affirmer's heirs and
successors, fully intending that such Waiver shall not be subject to
revocation, rescission, cancellation, termination, or any other legal or
equitable action to disrupt the quiet enjoyment of the Work by the public
as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason
be judged legally invalid or ineffective under applicable law, then the
Waiver shall be preserved to the maximum extent permitted taking into
account Affirmer's express Statement of Purpose. In addition, to the
extent the Waiver is so judged Affirmer hereby grants to each affected
person a royalty-free, non transferable, non sublicensable, non exclusive,
irrevocable and unconditional license to exercise Affirmer's Copyright and
Related Rights in the Work (i) in all territories worldwide, (ii) for the
maximum duration provided by applicable law or treaty (including future
time extensions), (iii) in any current or future medium and for any number
of copies, and (iv) for any purpose whatsoever, including without
limitation commercial, advertising or promotional purposes (the
"License"). The License shall be deemed effective as of the date CC0 was
applied by Affirmer to the Work. Should any part of the License for any
reason be judged legally invalid or ineffective under applicable law, such
partial invalidity or ineffectiveness shall not invalidate the remainder
of the License, and in such case Affirmer hereby affirms that he or she
will not (i) exercise any of his or her remaining Copyright and Related
Rights in the Work or (ii) assert any associated claims and causes of
action with respect to the Work, in either case contrary to Affirmer's
express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or
warranties of any kind concerning the Work, express, implied,
statutory or otherwise, including without limitation warranties of
title, merchantability, fitness for a particular purpose, non
infringement, or the absence of latent or other defects, accuracy, or
the present or absence of errors, whether or not discoverable, all to
the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without
limitation any person's Copyright and Related Rights in the Work.
Further, Affirmer disclaims responsibility for obtaining any necessary
consents, permissions or other rights required for any use of the
Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to
this CC0 or use of the Work.

66
README.md
View file

@ -1,55 +1,25 @@
# ✨ puter ✨
# :snowflake: puter
## Setup
This is my cobbled together NixOS configuration. There are many like it, but this one is mine. Copy at your own risk.
```bash
fdisk $disk
## TODO
mkfs.vfat -F 32 -n BOOT $boot
- [ ] lanzaboote
- [ ] monitoring (prometheus)
- [ ] logging (loki)
- [ ] kiosk
- [ ] tailscale and headscale
- [ ] game rom sync insomniac
- [ ] insomniac backups
- [ ] nginx websites
cryptsetup luksFormat -yv --label cryptmain $main
cryptsetup open $main main
mkfs.btrfs /dev/mapper/main
## port allocation
mount /dev/mapper/main /mnt
* 80X0: public HTTP services that are proxied through nginx
* 40X0: private HTTP services that are accessible via tailscale
* 20XX: Administrative stuff, like prometheus etc.
for vol in nix persist home log; do btrfs subvol create /mnt/$vol; done
* 8000: vaultwarden
* 8010: headscale
umount /mnt
mount -t tmpfs -o size=8G,mode=755 tmpfs /mnt
mkdir -p /mnt/{boot,nix,persist,home,var/log}
for vol in nix persist home var/log; do mount -o subvol=$(basename $vol),compress=zstd,noatime /dev/mapper/main /mnt/$vol; done
mount $boot /mnt/boot
nixos-install --no-root-password --flake github:lukaswrz/puter#system
```
```bash
fdisk $disk
mkfs.vfat -F 32 -n BOOT $boot
mkfs.btrfs -L main $main
mount $main /mnt
for vol in nix persist log; do btrfs subvol create /mnt/$vol; done
umount /mnt
mount -t tmpfs -o size=2G,mode=755 tmpfs /mnt
mkdir -p /mnt/{boot,nix,persist,home,var/log}
for vol in nix persist var/log; do mount -o subvol=$(basename $vol),compress=zstd,noatime $main /mnt/$vol; done
mount -t tmpfs -o size=2G tmpfs /mnt/home
mount $boot /mnt/boot
nixos-install --no-root-password --flake github:lukaswrz/puter#system
```
* 4000: syncthing

3
classes/headful/clipboard.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.wl-clipboard];
}

6
classes/headful/codium.nix Normal file
View file

@ -0,0 +1,6 @@
{pkgs, ...}: {
# TODO: wrap
environment.systemPackages = [
pkgs.vscodium
];
}

17
classes/headful/cosmic.nix Normal file
View file

@ -0,0 +1,17 @@
{inputs, ...}: {
imports = [
inputs.nixos-cosmic.nixosModules.default
];
nix.settings = {
substituters = ["https://cosmic.cachix.org"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
}

3
classes/headful/devenv.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.devenv];
}

7
classes/headful/flatpak.nix Normal file
View file

@ -0,0 +1,7 @@
{inputs, ...}: {
imports = [
inputs.flatpak.nixosModules.nix-flatpak
];
services.flatpak.enable = true;
}

27
classes/headful/fonts.nix Normal file
View file

@ -0,0 +1,27 @@
{pkgs, ...}: {
fonts = {
enableDefaultPackages = true;
packages = [
pkgs.noto-fonts
pkgs.noto-fonts-extra
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.noto-fonts-monochrome-emoji
pkgs.noto-fonts-color-emoji
pkgs.nerd-fonts.fira-code
];
fontconfig = {
enable = true;
defaultFonts = {
monospace = ["FiraCode Nerd Font"];
sansSerif = ["Noto Sans"];
serif = ["Noto Serif"];
emoji = ["Noto Color Emoji" "Noto Emoji"];
};
};
fontDir.enable = true;
};
}

21
classes/headful/gamemode.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}: {
programs.gamemode = {
enable = true;
settings = {
general = {
renice = 10;
};
custom = {
start = "${lib.getExe pkgs.libnotify} 'GameMode started'";
end = "${lib.getExe pkgs.libnotify} 'GameMode stopped'";
};
};
};
users.groups.gamemode.members = config.users.normalUsers;
}

10
classes/headful/hardware.nix Normal file
View file

@ -0,0 +1,10 @@
{
hardware = {
bluetooth.enable = true;
steam-hardware.enable = true;
xone.enable = true;
xpadneo.enable = true;
opentabletdriver.enable = true;
graphics.enable = true;
};
}

3
classes/headful/location.nix Normal file
View file

@ -0,0 +1,3 @@
{
location.provider = "geoclue2";
}

6
classes/headful/mullvad.nix Normal file
View file

@ -0,0 +1,6 @@
{pkgs, ...}: {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
}

10
classes/headful/networking.nix Normal file
View file

@ -0,0 +1,10 @@
{config, ...}: {
services.resolved.enable = true;
networking.networkmanager = {
enable = true;
dns = "systemd-resolved";
};
users.groups.networkmanager.members = config.users.normalUsers;
}

1
common/system/features/pipewire.nix → classes/headful/pipewire.nix
View file

@ -1,5 +1,6 @@
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
wireplumber.enable = true;

6
classes/headful/printing.nix Normal file
View file

@ -0,0 +1,6 @@
{
services.printing = {
enable = true;
webInterface = true;
};
}

6
classes/headful/wayland.nix Normal file
View file

@ -0,0 +1,6 @@
{
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
SDL_VIDEODRIVER = "wayland";
};
}

3
classes/headful/xdg.nix Normal file
View file

@ -0,0 +1,3 @@
{
xdg.portal.xdgOpenUsePortal = true;
}

48
classes/headless/grafana.nix Normal file
View file

@ -0,0 +1,48 @@
# {config, ...}: let
# virtualHostName = "grafana.helveticanonstandard.net";
# in {
# services.grafana = {
# enable = true;
#
# settings = {
# server = {
# domain = virtualHostName;
# http_port = 9010;
# http_addr = "127.0.0.1";
# root_url = "http://192.168.1.10:8010"; # TODO
# protocol = "http";
# };
#
# analytics.reporting_enabled = false;
# };
#
# provision = {
# enable = true;
# datasources.settings.datasources = [
# {
# name = "Prometheus";
# type = "prometheus";
# access = "proxy";
# url = "http://127.0.0.1:${builtins.toString config.services.prometheus.port}";
# }
# {
# name = "Loki";
# type = "loki";
# access = "proxy";
# url = "http://127.0.0.1:${builtins.toString config.services.loki.configuration.server.http_listen_port}";
# }
# ];
# };
# };
#
# # services.nginx.virtualHosts.${virtualHostName} = {
# # locations."/" = {
# # proxyPass = let
# # host = config.services.grafana.settings.server.http_addr;
# # port = builtins.toString config.services.grafana.settings.server.http_port;
# # in "http://${host}:${port}";
# # proxyWebsockets = true;
# # };
# # };
# }
{}

79
classes/headless/loki.nix Normal file
View file

@ -0,0 +1,79 @@
# {config, ...}: {
# services.loki = {
# enable = true;
# configuration = {
# server.http_listen_port = 3030;
# auth_enabled = false;
#
# ingester = {
# lifecycler = {
# address = "127.0.0.1";
# ring = {
# kvstore = {
# store = "inmemory";
# };
# replication_factor = 1;
# };
# };
# chunk_idle_period = "1h";
# max_chunk_age = "1h";
# chunk_target_size = 999999;
# chunk_retain_period = "30s";
# max_transfer_retries = 0;
# };
#
# schema_config = {
# configs = [
# {
# from = "2022-06-06"; #TODO
# store = "tsdb";
# object_store = "filesystem";
# schema = "v13";
# index = {
# prefix = "index_";
# period = "24h";
# };
# }
# ];
# };
#
# storage_config = {
# tsdb_shipper = {
# active_index_directory = "${config.services.loki.dataDir}/tsdb-shipper-active";
# cache_location = "${config.services.loki.dataDir}/tsdb-shipper-cache";
# cache_ttl = "24h";
# shared_store = "filesystem";
# };
#
# filesystem = {
# directory = "/var/lib/loki/chunks";
# };
# };
#
# limits_config = {
# reject_old_samples = true;
# reject_old_samples_max_age = "168h";
# };
#
# chunk_store_config = {
# max_look_back_period = "0s";
# };
#
# table_manager = {
# retention_deletes_enabled = false;
# retention_period = "0s";
# };
#
# compactor = {
# working_directory = config.services.loki.dataDir;
# shared_store = "filesystem";
# compactor_ring = {
# kvstore = {
# store = "inmemory";
# };
# };
# };
# };
# };
# }
{}

3
classes/headless/networking.nix Normal file
View file

@ -0,0 +1,3 @@
{
networking.useNetworkd = true;
}

30
classes/headless/prometheus.nix Normal file
View file

@ -0,0 +1,30 @@
# {config, ...}: {
# services.prometheus = {
# enable = true;
# port = 3020;
#
# exporters = {
# node = {
# enable = true;
# listenAddress = "127.0.0.1";
# port = 3021;
# enabledCollectors = ["systemd"];
# };
# };
#
# scrapeConfigs = [
# {
# job_name = "nodes";
# static_configs = [
# {
# targets = let
# host = config.services.prometheus.exporters.node.listenAddress;
# port = builtins.toString config.services.prometheus.exporters.node.port;
# in ["${host}:${port}"];
# }
# ];
# }
# ];
# };
# }
{}

42
classes/headless/promtail.nix Normal file
View file

@ -0,0 +1,42 @@
# {config, ...}: {
# services.promtail = {
# enable = true;
#
# configuration = {
# server = {
# http_listen_port = 3031;
# grpc_listen_port = 0;
# };
#
# positions = {
# filename = "/tmp/positions.yaml";
# };
#
# clients = [
# {
# url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
# }
# ];
#
# scrape_configs = [
# {
# job_name = "journal";
# journal = {
# max_age = "12h";
# labels = {
# job = "systemd-journal";
# host = "pihole";
# };
# };
# relabel_configs = [
# {
# source_labels = ["__journal__systemd_unit"];
# target_label = "unit";
# }
# ];
# }
# ];
# };
# };
# }
{}

3
classes/headless/time.nix Normal file
View file

@ -0,0 +1,3 @@
{
time.timeZone = "UTC";
}

5
common/agenix.nix Normal file
View file

@ -0,0 +1,5 @@
{inputs, ...}: {
imports = [
inputs.agenix.nixosModules.default
];
}

5
common/bash.nix Normal file
View file

@ -0,0 +1,5 @@
{
programs.bash.interactiveShellInit = ''
shopt -s autocd globstar nullglob extglob checkwinsize
'';
}

21
common/boot.nix Normal file
View file

@ -0,0 +1,21 @@
{
fileSystems."/boot" = {
label = "BOOT";
fsType = "vfat";
};
boot = {
loader = {
systemd-boot = {
enable = true;
consoleMode = "max";
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
tmp.cleanOnBoot = true;
};
}

3
common/bottom.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.bottom];
}

3
common/comma.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.nix-index-database.comma.enable = true;
}

1
common/system/features/command-not-found.nix → common/command-not-found.nix
View file

@ -1,3 +1,4 @@
{
# TODO
programs.command-not-found.enable = false;
}

3
common/dbus.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.dbus.implementation = "broker";
}

3
common/direnv.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.direnv.enable = true;
}

13
common/documentation.nix Normal file
View file

@ -0,0 +1,13 @@
{
documentation = {
doc.enable = false;
info.enable = false;
nixos.enable = false;
man = {
enable = true;
generateCaches = true;
man-db.enable = false;
mandoc.enable = true;
};
};
}

5
common/fish.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
}

0
common/system/features/fwupd.nix → common/fwupd.nix
View file

7
common/gc.nix Normal file
View file

@ -0,0 +1,7 @@
{
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 1w";
};
}

6
common/git.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs.git = {
enable = true;
lfs.enable = true;
};
}

5
common/gitui.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
environment.systemPackages = [
pkgs.gitui
];
}

16
common/helix.nix Normal file
View file

@ -0,0 +1,16 @@
{
lib,
pkgs,
...
}: let
package = pkgs.helix;
in {
environment.systemPackages = [package];
environment.sessionVariables = let
exe = builtins.baseNameOf (lib.getExe package);
in {
EDITOR = exe;
VISUAL = exe;
};
}

7
common/networking.nix Normal file
View file

@ -0,0 +1,7 @@
{pkgs, ...}: {
networking.nftables.enable = true;
environment.systemPackages = [
pkgs.nixos-firewall-tool
];
}

5
common/nix-index-database.nix Normal file
View file

@ -0,0 +1,5 @@
{inputs, ...}: {
imports = [
inputs.nix-index-database.nixosModules.nix-index
];
}

28
common/nix.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
inputs,
lib,
...
}: {
nix = {
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
optimise.automatic = true;
settings = {
trusted-users = ["root"] ++ config.users.normalUsers;
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
flake-registry = "";
use-xdg-base-directories = true;
};
};
nixpkgs.config.allowUnfree = true;
hardware.enableAllFirmware = true;
}

17
common/pubkeys.nix Normal file
View file

@ -0,0 +1,17 @@
{
lib,
self,
...
}: {
options.pubkeys = let
inherit (lib) types;
in
lib.mkOption {
type = types.attrsOf (types.attrsOf types.str);
description = ''
Public keys.
'';
};
config.pubkeys = lib.mkForce (import (self + /pubkeys.nix));
}

12
common/puter.nix Normal file
View file

@ -0,0 +1,12 @@
{
pkgs,
self,
...
}: {
environment = {
systemPackages = [
self.packages.${pkgs.system}.puter
];
sessionVariables.PUTER_FLAKEREF = "git+https://forgejo@tea.wrz.one/lukas/puter.git";
};
}

22
common/readline.nix Normal file
View file

@ -0,0 +1,22 @@
{
environment.etc.inputrc.text = ''
set editing-mode vi
set completion-ignore-case on
set enable-bracketed-paste on
set show-all-if-ambiguous on
set show-mode-in-prompt on
set keymap vi-command
Control-l: clear-screen
Control-a: beginning-of-line
Tab: menu-complete
"\e[Z": complete
set keymap vi-insert
Control-l: clear-screen
Control-a: beginning-of-line
Tab: menu-complete
"\e[Z": complete
'';
}

5
common/ripgrep.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
environment.systemPackages = [
pkgs.ripgrep
];
}

4
common/system/features/openssh.nix → common/ssh.nix
View file

@ -1,4 +1,6 @@
{
age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
services.openssh = {
enable = true;
openFirewall = true;
@ -9,7 +11,7 @@
}
];
settings = {
PermitRootLogin = "no";
PermitRootLogin = "without-password";
PasswordAuthentication = false;
};
};

7
common/starship.nix Normal file
View file

@ -0,0 +1,7 @@
{
programs.starship = {
enable = true;
interactiveOnly = true;
settings.format = "$all";
};
}

2
common/system/features/sudo.nix → common/sudo.nix
View file

@ -3,6 +3,6 @@
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
extraConfig = ''Defaults lecture="never"'';
extraConfig = "Defaults lecture=\"never\"";
};
}

3
common/swap.nix Normal file
View file

@ -0,0 +1,3 @@
{
zramSwap.enable = true;
}

12
common/syncthing.nix Normal file
View file

@ -0,0 +1,12 @@
{config, ...}: let
inherit (config.networking) hostName;
in {
services.syncthing = {
enable = true;
systemService = true;
openDefaultPorts = true;
guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
overrideDevices = false;
overrideFolders = false;
};
}

123
common/system/desktop.nix
View file

@ -1,123 +0,0 @@
{
pkgs,
inputs,
config,
lib,
...
}: {
imports = [
./features/avahi.nix
./features/bluetooth.nix
./features/command-not-found.nix
./features/flatpak.nix
./features/fonts.nix
./features/fwupd.nix
./features/location.nix
./features/mullvad.nix
./features/opengl.nix
./features/openssh.nix
./features/opentabletdriver.nix
./features/pipewire.nix
./features/plasma.nix
./features/printing.nix
./features/sops.nix
./features/steam.nix
./features/sudo.nix
./features/users.nix
];
fileSystems = {
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=8G" "mode=755"];
};
"/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
"/nix" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/persist" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
neededForBoot = true;
};
"/home" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=16G" "mode=777"];
};
"/var/log" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
};
environment.persistence."/persist" = {
directories = [
"/var/lib"
"/var/cache"
"/etc/NetworkManager"
"/etc/mullvad-vpn"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
programs.fuse.userAllowOther = true;
boot = {
loader = {
systemd-boot = {
enable = true;
consoleMode = "max";
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain";
kernelParams = ["quiet" "splash" "vm.max_map_count=2147483642"];
kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
};
zramSwap.enable = true;
networking.networkmanager.enable = true;
users.users.lukas.extraGroups = ["networkmanager"];
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
console.keyMap = lib.mkDefault "us";
services.xserver.layout = lib.mkDefault "us";
programs.dconf.enable = true;
xdg.portal.xdgOpenUsePortal = true;
programs.kdeconnect.enable = true;
}

14
common/system/features/avahi.nix
View file

@ -1,14 +0,0 @@
{
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
}

3
common/system/features/bluetooth.nix
View file

@ -1,3 +0,0 @@
{
hardware.bluetooth.enable = true;
}

32
common/system/features/flatpak.nix
View file

@ -1,32 +0,0 @@
{
pkgs,
config,
...
}: {
services.flatpak.enable = true;
# Workaround for https://github.com/NixOS/nixpkgs/issues/119433
system.fsPackages = [pkgs.bindfs];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = ["ro" "resolve-symlinks" "x-gvfs-hide"];
};
# TODO
# aggregatedIcons = pkgs.buildEnv {
# name = "system-icons";
# paths = config.environment.systemPackages;
# pathsToLink = [ "/share/icons" ];
# };
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.packages;
pathsToLink = ["/share/fonts"];
};
in {
# "/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons";
"/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons";
"/usr/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts";
};
}

26
common/system/features/fonts.nix
View file

@ -1,26 +0,0 @@
{pkgs, ...}: {
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-extra
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
(nerdfonts.override {fonts = ["Noto"];})
(nerdfonts.override {fonts = ["Iosevka"];})
];
fontconfig = {
enable = true;
defaultFonts = {
monospace = ["NotoSansMono Nerd Font"];
sansSerif = ["Noto Sans"];
serif = ["Noto Serif"];
emoji = ["Noto Color Emoji"];
};
};
};
}

7
common/system/features/location.nix
View file

@ -1,7 +0,0 @@
{lib, ...}: {
location.provider = "geoclue2";
services = {
automatic-timezoned.enable = true;
geoclue2.enableDemoAgent = lib.mkForce true;
};
}

3
common/system/features/mullvad.nix
View file

@ -1,3 +0,0 @@
{
services.mullvad-vpn.enable = true;
}

6
common/system/features/opengl.nix
View file

@ -1,6 +0,0 @@
{
hardware.opengl = {
enable = true;
driSupport = true;
};
}

3
common/system/features/opentabletdriver.nix
View file

@ -1,3 +0,0 @@
{
hardware.opentabletdriver.enable = true;
}

41
common/system/features/plasma.nix
View file

@ -1,41 +0,0 @@
{pkgs, ...}: {
services = {
xserver = {
enable = true;
desktopManager.plasma5.enable = true;
displayManager = {
defaultSession = "plasmawayland";
sddm = {
enable = true;
autoNumlock = true;
settings = {
Theme = {
CursorTheme = "breeze_cursors";
};
};
};
};
excludePackages = with pkgs; [
xterm
];
};
};
programs.dconf.enable = true;
xdg.portal.extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
environment.sessionVariables = {
"SUDO_ASKPASS" = pkgs.writeShellScript "kdialogaskpass" ''
exec ${pkgs.kdialog} --password Askpass
'';
"MOZ_USE_XINPUT2" = "1";
"GDK_SCALE" = "1";
};
environment.systemPackages = with pkgs; [
discover
];
}

9
common/system/features/printing.nix
View file

@ -1,9 +0,0 @@
{
services = {
printing = {
enable = true;
webInterface = false;
};
system-config-printer.enable = true;
};
}

6
common/system/features/sops.nix
View file

@ -1,6 +0,0 @@
{inputs, ...}: {
sops.defaultSopsFile = ../../../secrets/default.yaml;
sops.age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
sops.gnupg.sshKeyPaths = [];
}

12
common/system/features/steam.nix
View file

@ -1,12 +0,0 @@
{
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
programs.gamescope = {
enable = true;
capSysNice = true;
};
}

29
common/system/features/users.nix
View file

@ -1,29 +0,0 @@
{
inputs,
pkgs,
config,
...
}: {
sops.secrets."users/lukas".neededForUsers = true;
programs.fish.enable = true;
users = {
mutableUsers = false;
users = {
root.hashedPassword = "!";
lukas = {
isNormalUser = true;
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/lukas".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX lukas@glacier"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy lukas@flamingo"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMC6vIcPgOHiAnG1be8IQVePlrsxN/X9PEFJghS6EcOb lukas@scenery"
];
extraGroups = ["wheel"];
};
};
};
nix.settings.allowed-users = [config.users.users.lukas.name];
}

98
common/system/server.nix
View file

@ -1,98 +0,0 @@
{
pkgs,
inputs,
config,
lib,
...
}: {
imports = [
./features/avahi.nix
./features/command-not-found.nix
./features/openssh.nix
./features/sops.nix
./features/sudo.nix
./features/users.nix
];
fileSystems = {
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=4G" "mode=755"];
};
"/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/main";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/persist" = {
device = "/dev/disk/by-label/main";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
neededForBoot = true;
};
"/home" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=4G" "mode=751"];
neededForBoot = true;
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=16G" "mode=777"];
};
"/var/log" = {
device = "/dev/disk/by-label/main";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
};
environment.persistence."/persist" = {
directories = [
"/var/lib"
"/var/cache"
"/srv"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
programs.fuse.userAllowOther = true;
boot = {
loader = {
systemd-boot = {
enable = true;
consoleMode = "max";
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
zramSwap.enable = true;
time.timeZone = lib.mkDefault "UTC";
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
console.keyMap = lib.mkDefault "us";
services.xserver.layout = lib.mkDefault "us";
}

14
common/tailscale.nix Normal file
View file

@ -0,0 +1,14 @@
{config, ...}: {
services.tailscale = {
enable = true;
openFirewall = true;
};
networking.firewall = {
trustedInterfaces = [
config.services.tailscale.interfaceName
];
# Required to connect to Tailscale exit nodes
checkReversePath = "loose";
};
}

64
common/user/desktop.nix
View file

@ -1,64 +0,0 @@
{
pkgs,
inputs,
config,
lib,
...
}: {
imports = [
./features/bottom.nix
./features/cava.nix
./features/direnv.nix
./features/fish.nix
./features/git.nix
./features/helix.nix
./features/joshuto.nix
./features/mmtc.nix
./features/mpd.nix
./features/mpris-proxy.nix
./features/mpv.nix
./features/qutebrowser
./features/readline.nix
./features/ssh.nix
];
home.packages = with pkgs; [
appimage-run
wineWowPackages.unstableFull
bat
curl
ffmpeg
file
gitui
hexyl
hyperfine
imagemagick
ncdu
netcat-openbsd
nmap
procs
progress
pv
rage
rsync
sops
systeroid
tokei
vscodium-fhs
];
xdg = {
enable = true;
mime.enable = true;
userDirs = {
enable = true;
createDirectories = true;
};
};
xdg.dataFile."flatpak/overrides/global".text = ''
[Context]
filesystems=/nix/store:ro;${config.xdg.dataHome}/fonts:ro;${config.xdg.dataHome}/icons:ro
'';
}

1
common/user/features/bottom.nix
View file

@ -1 +0,0 @@
{programs.bottom.enable = true;}

14
common/user/features/cava.nix
View file

@ -1,14 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
cava
];
xdg.configFile."cava/config".text = ''
[input]
method = pulse
source = auto
[output]
method = ncurses
'';
}

6
common/user/features/direnv.nix
View file

@ -1,6 +0,0 @@
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

149
common/user/features/fish.nix
View file

@ -1,149 +0,0 @@
{pkgs, ...}: {
programs.fish = {
enable = true;
shellAbbrs = {
l = "ls";
lsa = "ls -a";
la = "ls -a";
lsl = "ls -l";
ll = "ls -l";
lsla = "ls -la";
lla = "ls -la";
cp = "cp -n";
cpr = "cp -rn";
mv = "mv -n";
rm = "rm -i";
rmr = "rm -ri";
rr = "rm -ri";
gi = "git";
gic = "git commit";
gico = "git checkout";
gis = "git status";
gid = "git diff";
gidh = "git diff HEAD";
gia = "git add";
s = "sudo";
g = "grep";
gn = "grep -n";
gin = "grep -in";
grin = "grep -rin";
df = "df -h";
du = "du -h";
c = "cd";
"cd." = "cd .";
"cd.." = "cd ..";
v = "hx";
vi = "hx";
vim = "hx";
};
shellAliases = {
ls = "ls --classify=auto --color=auto";
ffmpeg = "ffmpeg -hide_banner";
ffprobe = "ffprobe -hide_banner";
ffplay = "ffplay -hide_banner";
};
functions = {
fish_greeting = "";
fish_prompt = ''
set -l __last_command_exit_status $status
if not set -q -g __fish_arrow_functions_defined
set -g __fish_arrow_functions_defined
function _git_branch_name
set -l branch (git symbolic-ref --quiet HEAD 2>/dev/null)
if set -q branch[1]
echo (string replace -r '^refs/heads/' ''' $branch)
else
echo (git rev-parse --short HEAD 2>/dev/null)
end
end
function _is_git_dirty
not command git diff-index --cached --quiet HEAD -- &>/dev/null
or not command git diff --no-ext-diff --quiet --exit-code &>/dev/null
end
function _is_git_repo
type -q git
or return 1
git rev-parse --git-dir >/dev/null 2>&1
end
function _hg_branch_name
echo (hg branch 2>/dev/null)
end
function _is_hg_dirty
set -l stat (hg status -mard 2>/dev/null)
test -n "$stat"
end
function _is_hg_repo
fish_print_hg_root >/dev/null
end
function _repo_branch_name
_$argv[1]_branch_name
end
function _is_repo_dirty
_is_$argv[1]_dirty
end
function _repo_type
if _is_hg_repo
echo hg
return 0
else if _is_git_repo
echo git
return 0
end
return 1
end
end
set -l cyan (set_color -o cyan)
set -l yellow (set_color -o yellow)
set -l red (set_color -o red)
set -l green (set_color -o green)
set -l blue (set_color -o blue)
set -l normal (set_color normal)
set -l prompt_color "$green"
if test $__last_command_exit_status != 0
set prompt_color "$red"
end
set -l prompt "$prompt_color\$"
if fish_is_root_user
set prompt "$prompt_color#"
end
set -l cwd $cyan(basename -- (prompt_pwd))
set -l repo_info
if set -l repo_type (_repo_type)
set -l repo_branch $red(_repo_branch_name $repo_type)
set repo_info "$blue $repo_type:($repo_branch$blue)"
if _is_repo_dirty $repo_type
set -l dirty "$yellow "
set repo_info "$repo_info$dirty"
end
end
echo -n -s -- $cwd $repo_info ' ' $prompt ' '$normal
'';
};
interactiveShellInit = ''
bind \ee edit_command_buffer
fish_vi_key_bindings
set fish_cursor_default block blink
set fish_cursor_insert line blink
set fish_cursor_replace_one underscore blink
set fish_cursor_visual block
set -x EDITOR hx
'';
};
}

83
common/user/features/git.nix
View file

@ -1,83 +0,0 @@
{pkgs, ...}: {
programs.git = {
enable = true;
delta = {
enable = true;
options = {
decorations = {
commit-decoration-style = "bold yellow box ul";
file-decoration-style = "brightyellow ul ol";
file-style = "bold yellow ul";
hunk-header-decoration-style = "purple box";
hunk-header-style = "file line-number syntax";
};
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
};
};
package = pkgs.gitAndTools.gitFull;
userName = "Lukas Wurzinger";
userEmail = "lukas@wrz.one";
extraConfig = {
color.ui = true;
feature.manyFiles = true;
init.defaultBranch = "main";
push.autoSetupRemote = true;
};
lfs.enable = true;
ignores = [
".idea/"
".vscode/"
".iml"
"*.sublime-workspace"
"node_modules/"
"vendor/"
"log/"
"*.log"
"__pycache__/"
"zig-cache/"
"*.com"
"*.class"
"*.dll"
"*.exe"
"*.o"
"*.so"
"*.pyc"
"*.pyo"
"*.7z"
"*.dmg"
"*.gz"
"*.iso"
"*.jar"
"*.rar"
"*.tar"
"*.zip"
"*.msi"
"*.sqlite"
"*.sqlite3"
"*.db"
"*.db3"
"*.s3db"
"*.sl3"
"*.rdb"
"*.bak"
"*.swp"
"*.swo"
"*~"
"*#"
"zig-out/"
];
# signing = {
# signByDefault = true;
# key = "";
# };
};
}

24
common/user/features/helix.nix
View file

@ -1,24 +0,0 @@
{pkgs, ...}: {
programs.helix = {
enable = true;
defaultEditor = true;
settings = {
theme = "penumbra+";
editor = {
lsp.display-messages = true;
indent-guides.render = true;
file-picker.hidden = false;
line-number = "relative";
bufferline = "multiple";
cursor-shape = {
insert = "bar";
normal = "block";
select = "underline";
};
};
keys.normal = {
esc = ["collapse_selection" "keep_primary_selection"];
};
};
};
}

8
common/user/features/joshuto.nix
View file

@ -1,8 +0,0 @@
{
programs.joshuto = {
enable = true;
settings = {
xdg_open = true;
};
};
}

108
common/user/features/mmtc.nix
View file

@ -1,108 +0,0 @@
{
pkgs,
config,
...
}: {
home.packages = with pkgs; [
mmtc
];
xdg.configFile."mmtc/mmtc.ron".text = ''
Config(
address: "${config.services.mpd.network.listenAddress}:${builtins.toString config.services.mpd.network.port}",
clear_query_on_play: false,
cycle: false,
jump_lines: 24,
seek_secs: 5.0,
search_fields: SearchFields(
file: false,
title: true,
artist: true,
album: true,
),
ups: 1.0,
layout: Rows([
Fixed(1, Columns([
Ratio(12, Textbox(Styled([Fg(Indexed(122)), Bold], Text("Title")))),
Ratio(10, Textbox(Styled([Fg(Indexed(158)), Bold], Text("Artist")))),
Ratio(10, Textbox(Styled([Fg(Indexed(194)), Bold], Text("Album")))),
Ratio(1, Textbox(Styled([Fg(Indexed(230)), Bold], Text("Time")))),
])),
Min(0, Queue([
Column(
item: Ratio(12, If(QueueCurrent,
Styled([Italic], If(QueueTitleExist, QueueTitle, QueueFile)),
If(QueueTitleExist, QueueTitle, QueueFile),
)),
style: [Fg(Indexed(75))],
selected_style: [Fg(Black), Bg(Indexed(75)), Bold],
),
Column(
item: Ratio(10, If(QueueCurrent,
Styled([Italic], QueueArtist),
QueueArtist,
)),
style: [Fg(Indexed(111))],
selected_style: [Fg(Black), Bg(Indexed(111)), Bold],
),
Column(
item: Ratio(10, If(QueueCurrent,
Styled([Italic], QueueAlbum),
QueueAlbum,
)),
style: [Fg(Indexed(147))],
selected_style: [Fg(Black), Bg(Indexed(147)), Bold],
),
Column(
item: Ratio(1, If(QueueCurrent,
Styled([Italic], QueueDuration),
QueueDuration,
)),
style: [Fg(Indexed(183))],
selected_style: [Fg(Black), Bg(Indexed(183)), Bold],
),
])),
Fixed(1, Columns([
Min(0, Textbox(Styled([Bold], If(Searching,
Parts([
Styled([Fg(Indexed(113))], Text("Searching: ")),
Styled([Fg(Indexed(185))], Query),
Styled([Fg(Indexed(185))], Text("")),
]),
If(Not(Stopped), Parts([
Styled([Fg(Indexed(113))], Parts([
If(Playing, Text("[playing: "), Text("[paused: ")),
CurrentElapsed,
Text("/"),
CurrentDuration,
Text("] "),
])),
If(TitleExist,
Parts([
Styled([Fg(Indexed(149))], CurrentTitle),
If(ArtistExist, Parts([
Styled([Fg(Indexed(216))], Text(" | ")),
Styled([Fg(Indexed(185))], CurrentArtist),
If(AlbumExist, Parts([
Styled([Fg(Indexed(216))], Text(" | ")),
Styled([Fg(Indexed(221))], CurrentAlbum),
])),
])),
]),
Styled([Fg(Indexed(185))], CurrentFile),
),
])),
)))),
Fixed(7, TextboxR(Styled([Fg(Indexed(81))], Parts([
Text("["),
If(Repeat, Text("@")),
If(Random, Text("#")),
If(Single, Text("^"), If(Oneshot, Text("!"))),
If(Consume, Text("*")),
Text("]"),
])))),
])),
]),
)
'';
}

22
common/user/features/mpd.nix
View file

@ -1,22 +0,0 @@
{config, ...}: {
services = {
mpd = {
enable = true;
musicDirectory = config.xdg.userDirs.music;
extraConfig = ''
audio_output {
type "pipewire"
name "pipewire"
}
'';
network.startWhenNeeded = true;
};
mpdris2 = {
enable = true;
multimediaKeys = true;
notifications = true;
};
};
}

3
common/user/features/mpris-proxy.nix
View file

@ -1,3 +0,0 @@
{
services.mpris-proxy.enable = true;
}

20
common/user/features/mpv.nix
View file

@ -1,20 +0,0 @@
{pkgs, ...}: {
programs.mpv = {
enable = true;
config = {
vo = "gpu";
profile = "gpu-hq";
scale = "ewa_lanczossharp";
cscale = "ewa_lanczossharp";
video-sync = "display-resample";
interpolation = true;
tscale = "oversample";
force-window = "immediate";
save-position-on-quit = true;
screenshot-template = "%f_%wH%wM%wS.%wT";
};
scripts = [pkgs.mpvScripts.mpris];
};
}

48
common/user/features/nushell/config.nu
View file

@ -1,48 +0,0 @@
$env.config = {
show_banner: false
rm: {
always_trash: true
}
cd: {
abbreviations: true
}
table: {
index_mode: auto
}
history: {
max_size: 1_000_000
}
completions: {
case_sensitive: false
algorithm: "fuzzy"
}
cursor_shape: {
emacs: line
vi_insert: block
vi_normal: underscore
}
edit_mode: vi
bracketed_paste: true
shell_integration: true
render_right_prompt_on_last_line: true
hooks: {
pre_prompt: [{ ||
let direnv = (direnv export json | from json)
let direnv = if ($direnv | length) == 1 { $direnv } else { {} }
$direnv | load-env
}]
}
}
def lsg [] { ls | sort-by type name -i | grid -c | str trim }

45
common/user/features/nushell/default.nix
View file

@ -1,45 +0,0 @@
{
programs.nushell = {
enable = true;
configFile.source = ./config.nu;
environmentVariables = {
# FIXME: Not properly serialized
PROMPT_COMMAND_RIGHT = "''";
};
shellAliases = {
l = "ls";
lsa = "ls -a";
la = "ls -a";
lsl = "ls -l";
ll = "ls -l";
lsla = "ls -la";
lla = "ls -la";
cpr = "cp -r";
rmr = "rm -r";
rr = "rm -r";
gi = "git";
gic = "git commit";
gico = "git checkout";
gis = "git status";
gid = "git diff";
gidh = "git diff HEAD";
gia = "git add";
s = "sudo";
g = "grep";
gn = "grep -n";
gin = "grep -in";
grin = "grep -rin";
df = "df -h";
du = "du -h";
c = "cd";
"cd." = "cd .";
"cd.." = "cd ..";
ffmpeg = "ffmpeg -hide_banner";
ffprobe = "ffprobe -hide_banner";
ffplay = "ffplay -hide_banner";
};
};
}

194
common/user/features/qutebrowser/default.nix
View file

@ -1,194 +0,0 @@
{
programs.qutebrowser = {
enable = true;
extraConfig = ''
from locale import getdefaultlocale
from os import environ
from re import match
from pathlib import Path
config.load_autoconfig()
c.aliases = {
"o": "open",
"q": "quit",
"w": "session-save",
"wq": "quit --save",
"adblock-toggle": "config-cycle -t content.blocking.enabled",
"incognito": "open --private",
"mpv": "spawn --detach mpv {url}",
}
c.colors.webpage.bg = "black"
# TODO
# c.editor.command = [
# "neovide",
# "--nofork",
# "--wayland-app-id",
# "neovidefloat",
# "--",
# "+normal {line}G{column0}l",
# "--",
# "{file}",
# ]
c.editor.encoding = "utf-8"
config.bind("td", "config-cycle colors.webpage.darkmode.enabled;; restart")
c.content.local_content_can_access_remote_urls = True
c.tabs.show = "multiple"
c.url.default_page = Path("${./start.html}").as_uri()
c.url.start_pages = [c.url.default_page]
c.url.searchengines = {
"DEFAULT": "https://www.google.com/search?q={}",
"g": "https://www.google.com/search?q={}",
"ddg": "https://lite.duckduckgo.com/lite?q={}",
"wt": "https://en.wiktionary.org/w/index.php?search={}",
"w": "https://en.wikipedia.org/w/index.php?search={}",
"bs": "https://search.brave.com/search?q={}",
"aur": "https://aur.archlinux.org/packages/?SB=p&SO=d&O=0&K={}",
"gh": "https://github.com/search?q={}",
"gist": "https://gist.github.com/search?q={}",
"dd": "https://thefreedictionary.com/{}",
"dr": "https://search.disroot.org/?q={}",
}
try:
l = getdefaultlocale()[0]
if l is None or l in ("C", "POSIX"):
raise ValueError
rematch = match(r"([a-z]+)(_([A-Z]+)?)", l)
if rematch is None:
raise ValueError
language = rematch[1]
try:
locale = rematch[3]
c.content.headers.accept_language = f"{language}-{locale},{language};q=0.9,en-{locale},en;q=0.8,en-US,en;q=0.7,*;q=0.6"
except IndexError:
c.content.headers.accept_language = f"{language};q=0.9,en-US,en;q=0.8,*;q=0.7"
except:
c.content.headers.accept_language = "en-US,en;q=0.9"
# TODO
# c.colors.webpage.preferred_color_scheme = "dark"
base00 = "#1f2022"
base01 = "#282828"
base02 = "#444155"
base03 = "#585858"
base04 = "#b8b8b8"
base05 = "#a3a3a3"
base06 = "#e8e8e8"
base07 = "#f8f8f8"
base08 = "#f2241f"
base09 = "#ffa500"
base0A = "#b1951d"
base0B = "#67b11d"
base0C = "#2d9574"
base0D = "#4f97d7"
base0E = "#a31db1"
base0F = "#b03060"
c.colors.completion.fg = base05
c.colors.completion.odd.bg = base01
c.colors.completion.even.bg = base00
c.colors.completion.category.fg = base0A
c.colors.completion.category.bg = base00
c.colors.completion.category.border.top = base00
c.colors.completion.category.border.bottom = base00
c.colors.completion.item.selected.fg = base05
c.colors.completion.item.selected.bg = base02
c.colors.completion.item.selected.border.top = base02
c.colors.completion.item.selected.border.bottom = base02
c.colors.completion.item.selected.match.fg = base0B
c.colors.completion.match.fg = base0B
c.colors.completion.scrollbar.fg = base05
c.colors.completion.scrollbar.bg = base00
c.colors.contextmenu.disabled.bg = base01
c.colors.contextmenu.disabled.fg = base04
c.colors.contextmenu.menu.bg = base00
c.colors.contextmenu.menu.fg = base05
c.colors.contextmenu.selected.bg = base02
c.colors.contextmenu.selected.fg = base05
c.colors.downloads.bar.bg = base00
c.colors.downloads.start.fg = base00
c.colors.downloads.start.bg = base0D
c.colors.downloads.stop.fg = base00
c.colors.downloads.stop.bg = base0C
c.colors.downloads.error.fg = base08
c.colors.hints.fg = base00
c.colors.hints.bg = base0A
c.colors.hints.match.fg = base05
c.colors.keyhint.fg = base05
c.colors.keyhint.suffix.fg = base05
c.colors.keyhint.bg = base00
c.colors.messages.error.fg = base00
c.colors.messages.error.bg = base08
c.colors.messages.error.border = base08
c.colors.messages.warning.fg = base00
c.colors.messages.warning.bg = base0E
c.colors.messages.warning.border = base0E
c.colors.messages.info.fg = base05
c.colors.messages.info.bg = base00
c.colors.messages.info.border = base00
c.colors.prompts.fg = base05
c.colors.prompts.border = base00
c.colors.prompts.bg = base00
c.colors.prompts.selected.bg = base02
c.colors.prompts.selected.fg = base05
c.colors.statusbar.normal.fg = base0B
c.colors.statusbar.normal.bg = base00
c.colors.statusbar.insert.fg = base00
c.colors.statusbar.insert.bg = base0D
c.colors.statusbar.passthrough.fg = base00
c.colors.statusbar.passthrough.bg = base0C
c.colors.statusbar.private.fg = base00
c.colors.statusbar.private.bg = base01
c.colors.statusbar.command.fg = base05
c.colors.statusbar.command.bg = base00
c.colors.statusbar.command.private.fg = base05
c.colors.statusbar.command.private.bg = base00
c.colors.statusbar.caret.fg = base00
c.colors.statusbar.caret.bg = base0E
c.colors.statusbar.caret.selection.fg = base00
c.colors.statusbar.caret.selection.bg = base0D
c.colors.statusbar.progress.bg = base0D
c.colors.statusbar.url.fg = base05
c.colors.statusbar.url.error.fg = base08
c.colors.statusbar.url.hover.fg = base05
c.colors.statusbar.url.success.http.fg = base0C
c.colors.statusbar.url.success.https.fg = base0B
c.colors.statusbar.url.warn.fg = base0E
c.colors.tabs.bar.bg = base00
c.colors.tabs.indicator.start = base0D
c.colors.tabs.indicator.stop = base0C
c.colors.tabs.indicator.error = base08
c.colors.tabs.odd.fg = base05
c.colors.tabs.odd.bg = base01
c.colors.tabs.even.fg = base05
c.colors.tabs.even.bg = base00
c.colors.tabs.pinned.even.bg = base0C
c.colors.tabs.pinned.even.fg = base07
c.colors.tabs.pinned.odd.bg = base0B
c.colors.tabs.pinned.odd.fg = base07
c.colors.tabs.pinned.selected.even.bg = base02
c.colors.tabs.pinned.selected.even.fg = base05
c.colors.tabs.pinned.selected.odd.bg = base02
c.colors.tabs.pinned.selected.odd.fg = base05
c.colors.tabs.selected.odd.fg = base05
c.colors.tabs.selected.odd.bg = base02
c.colors.tabs.selected.even.fg = base05
c.colors.tabs.selected.even.bg = base02
c.colors.webpage.bg = base00
'';
};
}

212
common/user/features/qutebrowser/start.html
View file

@ -1,212 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>start</title>
<style>
body {
display: flex;
flex-direction: column;
min-height: 100vh;
background-color: #202020;
padding: 0;
margin: 0;
font-family: Iosevka Nerd Font, monospace;
letter-spacing: .1em;
font-size: 24px;
text-align: center;
}
main {
margin: 2em;
display: flex;
flex-direction: column;
gap: 1em;
justify-content: center;
}
#search {
border: none;
height: 2em;
font-family: inherit;
font-size: inherit;
background-color: #eaeaea;
color: #2c2c2c;
width: 60%;
}
#search:focus {
outline: none;
}
#search::placeholder {
color: #ababab;
}
.lists {
display: grid;
gap: .5em;
grid: auto-flow / 1fr;
}
.lists .list {
display: flex;
flex-direction: column;
}
.lists .list ul {
list-style: none;
margin: 0;
padding: 0;
}
.lists .list ul li {
background-color: #565e65;
color: #dadcde;
}
.lists .list ul li:hover {
background-color: #343c43;
}
.lists .list ul li a {
display: block;
padding: .5em 2em;
text-decoration: none;
color: #ababab;
}
.lists .list .heading {
padding: .7em 2em;
}
.lists .list:nth-of-type(1) .heading {
background: #95c7ae;
color: #565e65;
}
.lists .list:nth-of-type(2) .heading {
background-color: #c7ae95;
color: #565e65;
}
.lists .list:nth-of-type(3) .heading {
background-color: #c795ae;
color: #565e65;
}
.lists .list:nth-of-type(4) .heading {
background-color: #95aec7;
color: #565e65;
}
.lists .list:nth-of-type(5) .heading {
background-color: #aec795;
color: #565e65;
}
.lists .list:nth-of-type(6) .heading {
background-color: #ae95c7;
color: #565e65;
}
@media (min-width: 768px) {
.lists {
grid-template-columns: 1fr 1fr;
}
}
@media (min-width: 992px) {
.lists {
grid-template-columns: 1fr 1fr 1fr;
}
}
@media (min-width: 1450px) {
main {
margin: auto;
}
.lists {
grid-template-columns: 1fr 1fr 1fr 1fr 1fr 1fr;
}
}
</style>
</head>
<body>
<main>
<form action="https://www.google.com/search" method="GET">
<input id="search" name="q" type="text" placeholder="search" required autocomplete="off" onload="this.focus()">
</form>
<div class="lists">
<div class="list">
<div class="heading">social</div>
<ul>
<li><a href="https://mail.tutanota.com/">tutanota</a></li>
<li><a href="https://web.whatsapp.com/">whatsapp</a></li>
<li><a href="https://discord.com/login">discord</a></li>
</ul>
</div>
<div class="list">
<div class="heading">google</div>
<ul>
<li><a href="https://www.youtube.com/">youtube</a></li>
<li><a href="https://www.google.com/maps">maps</a></li>
<li><a href="https://translate.google.com/">translate</a></li>
</ul>
</div>
<div class="list">
<div class="heading">nix</div>
<ul>
<li><a href="https://nixos.org/manual/nix/unstable/">manual</a></li>
<li><a href="https://search.nixos.org/packages">packages</a></li>
<li><a href="https://search.nixos.org/options">options</a></li>
<li><a href="https://nix-community.github.io/home-manager/options.html">hm options</a></li>
<li><a href="https://nix-community.github.io/home-manager/index.html">hm manual</a></li>
<li><a href="https://noogle.dev/">noogle</a></li>
<li><a href="https://github.com/the-nix-way/dev-templates">templates</a></li>
</ul>
</div>
<div class="list">
<div class="heading">personal</div>
<ul>
<li><a href="https://defenestrated.systems/">site</a></li>
<li><a href="https://git.defenestrated.systems/">git</a></li>
<li><a href="https://music.defenestrated.systems/">music</a></li>
<li><a href="https://share.defenestrated.systems/">share</a></li>
<li><a href="https://vault.defenestrated.systems/">vault</a></li>
</ul>
</div>
<div class="list">
<div class="heading">dev</div>
<ul>
<li><a href="https://github.com/">github</a></li>
<li><a href="https://developer.mozilla.org/">mdn</a></li>
<li><a href="https://stackoverflow.com/">stackoverflow</a></li>
<li><a href="https://www.php.net/docs.php">php</a></li>
<li><a href="https://pkg.go.dev/std">go std</a></li>
<li><a href="https://docs.python.org/3/library/index.html">python std</a></li>
</ul>
</div>
<div class="list">
<div class="heading">misc</div>
<ul>
<li><a href="https://lobste.rs/">lobsters</a></li>
<li><a href="https://mullvad.net/">mullvad</a></li>
<li><a href="https://www.protondb.com/">protondb</a></li>
</ul>
</div>
</div>
</main>
</body>
</html>

11
common/user/features/readline.nix
View file

@ -1,11 +0,0 @@
{
programs.readline = {
enable = true;
variables = {
editing-mode = "vi";
completion-ignore-case = "on";
enable-bracketed-paste = "on";
};
};
}

8
common/user/features/ssh.nix
View file

@ -1,8 +0,0 @@
{
programs.ssh = {
enable = true;
compression = true;
serverAliveInterval = 60;
};
}

26
common/user/server.nix
View file

@ -1,26 +0,0 @@
{
pkgs,
inputs,
config,
...
}: {
imports = [
./features/bottom.nix
./features/direnv.nix
./features/fish.nix
./features/git.nix
./features/helix.nix
./features/readline.nix
];
home.packages = with pkgs; [
curl
file
ncdu
netcat-openbsd
procs
progress
pv
rsync
];
}

27
common/users.nix Normal file
View file

@ -0,0 +1,27 @@
{
config,
lib,
...
}: let
inherit (config.users) mainUser;
in {
age.secrets = lib.mkSecrets {"user-${mainUser}" = {};};
users = {
mutableUsers = false;
mainUser = "lukas";
users = {
root.hashedPassword = "!";
${mainUser} = {
description = "Lukas Wurzinger";
uid = 1000;
isNormalUser = true;
hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
extraGroups = ["wheel"]; #TODO remove
};
};
};
}

3
common/wheel.nix Normal file
View file

@ -0,0 +1,3 @@
{config, ...}: {
users.groups.wheel.members = config.users.normalUsers;
}

3
common/yazi.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.yazi.enable = true;
}

5
common/zellij.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
environment.systemPackages = [
pkgs.zellij
];
}

21
devenv.nix Normal file
View file

@ -0,0 +1,21 @@
{
languages.python.enable = true;
pre-commit.hooks = {
# Nix
alejandra.enable = true;
deadnix.enable = true;
statix.enable = true;
# Flakes
flake-checker.enable = true;
# Shell
shellcheck.enable = true;
# Python
pyright.enable = true;
ruff.enable = true;
ruff-format.enable = true;
};
}

48
ffcfg
View file

@ -1,48 +0,0 @@
#!/usr/bin/env bash
set -eu
shopt -s nullglob
for dir in ~/.mozilla/firefox/*.default ~/.mozilla/firefox/*.default-release ~/.mozilla/firefox/*.dev-edition-default ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*.default ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*.default-release ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*.dev-edition-default; do
cat <<EOF > $dir/user.js
user_pref('signon.prefillForms', false);
user_pref('signon.rememberSignons', false);
user_pref('privacy.webrtc.legacyGlobalIndicator', false);
user_pref('browser.compactmode.show', true);
user_pref('toolkit.legacyUserProfileCustomizations.stylesheets', true);
user_pref('signon.autofillForms', false);
user_pref('signon.formlessCapture.enabled', false);
user_pref('browser.formfill.enable', false);
user_pref('extensions.pocket.enabled', false);
user_pref('browser.newtabpage.activity-stream.showSponsored', false);
user_pref('browser.newtabpage.activity-stream.showSponsoredTopSites', false);
user_pref('browser.newtabpage.activity-stream.feeds.section.topstories', false);
user_pref('browser.newtabpage.activity-stream.feeds.topsites', false);
user_pref('browser.newtabpage.activity-stream.section.highlights.includeBookmarks', false);
user_pref('browser.newtabpage.activity-stream.section.highlights.includeDownloads', false);
user_pref('browser.newtabpage.activity-stream.section.highlights.includeVisited', false);
user_pref('media.ffmpeg.vaapi.enabled', true);
user_pref('media.rdd-vpx.enabled', true);
user_pref('toolkit.telemetry.unified', false);
user_pref('toolkit.telemetry.enabled', false);
user_pref('toolkit.telemetry.server', 'data:,');
user_pref('toolkit.telemetry.archive.enabled', false);
user_pref('toolkit.telemetry.newProfilePing.enabled', false);
user_pref('toolkit.telemetry.shutdownPingSender.enabled', false);
user_pref('toolkit.telemetry.updatePing.enabled', false);
user_pref('toolkit.telemetry.bhrPing.enabled', false);
user_pref('toolkit.telemetry.firstShutdownPing.enabled', false);
user_pref('toolkit.telemetry.coverage.opt-out', true);
user_pref('toolkit.coverage.opt-out', true);
user_pref('toolkit.coverage.endpoint.base', '');
user_pref('browser.ping-centre.telemetry', false);
user_pref('app.shield.optoutstudies.enabled', false);
user_pref('app.normandy.enabled', false);
user_pref('app.normandy.api_url', '');
user_pref('breakpad.reportURL', '');
user_pref('browser.tabs.crashReporting.sendReport', false);
user_pref('browser.crashReports.unsubmittedCheck.autoSubmit2', false);
user_pref("network.http.referer.XOriginPolicy", 1);
user_pref("network.http.referer.XOriginTrimmingPolicy", 0);
EOF
done

750
flake.lock
View file

@ -1,12 +1,342 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"cachix": {
"inputs": {
"devenv": [
"devenv"
],
"flake-compat": [
"devenv"
],
"git-hooks": [
"devenv"
],
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1737621947,
"narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
"owner": "cachix",
"repo": "cachix",
"rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "latest",
"repo": "cachix",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devenv": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nix": "nix",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1743292849,
"narHash": "sha256-rybjlr2xNmSHrlRVliYvI9bOPRnROecFqz+tO0V2woI=",
"owner": "cachix",
"repo": "devenv",
"rev": "fa5cbf91fb1f1614936997badbb6018a2fdef320",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"devenv-root": {
"flake": false,
"locked": {
"narHash": "sha256-d6xi4mKdjkX2JFicDIv5niSzpyI0m/Hnm8GGAIU04kY=",
"type": "file",
"url": "file:///dev/null"
},
"original": {
"type": "file",
"url": "file:///dev/null"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"devenv",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flatpak": {
"locked": {
"lastModified": 1739444422,
"narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177",
"type": "github"
},
"original": {
"owner": "gmodena",
"ref": "latest",
"repo": "nix-flatpak",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"devenv"
],
"gitignore": "gitignore",
"nixpkgs": [
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1740849354,
"narHash": "sha256-oy33+t09FraucSZ2rZ6qnD1Y1c8azKKmQuCvF2ytUko=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "4a709a8ce9f8c08fa7ddb86761fe488ff7858a07",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"devenv",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1698853384,
"narHash": "sha256-/FQ2WeCjdjdNo9eGTO7JruGAjO2Ccime8y1OU4/Aesk=",
"lastModified": 1743167577,
"narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "11d50c5d52472ed40d3cb109daad03c836d2b328",
"rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42",
"type": "github"
},
"original": {
@ -18,15 +348,16 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699025595,
"narHash": "sha256-e+o4PoSu2Z6Ww8y/AVUmMU200rNZoRK+p2opQ7Db8Rg=",
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8765d4e38aa0be53cdeee26f7386173e6c65618d",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
@ -35,28 +366,127 @@
"type": "github"
}
},
"impermanence": {
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_5",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1697303681,
"narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": [
"devenv"
],
"flake-parts": "flake-parts",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-23-11": [
"devenv"
],
"nixpkgs-regression": [
"devenv"
],
"pre-commit-hooks": [
"devenv"
]
},
"locked": {
"lastModified": 1741798497,
"narHash": "sha256-E3j+3MoY8Y96mG1dUIiLFm2tZmNbRvSiyN7CrSKuAVg=",
"owner": "domenkozar",
"repo": "nix",
"rev": "f3f44b2baaf6c4c6e179de8cbb1cc6db031083cd",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.24",
"repo": "nix",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1743306489,
"narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_6",
"nixpkgs-stable": "nixpkgs-stable_2",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1743332965,
"narHash": "sha256-PCzC/PqUi7sj2SeELx/eXNOoKbd/HJbQY0DIyzwcK1M=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "5a00e93576d3ae9c6ad21d139542c236337dc840",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1698924604,
"narHash": "sha256-GCFbkl2tj8fEZBZCw3Tc0AkGo0v+YrQlohhEGJ/X4s0=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fa804edfb7869c9fb230e174182a8a1a7e512c40",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
@ -66,29 +496,140 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1740877520,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1698544399,
"narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1743231893,
"narHash": "sha256-tpJsHMUPEhEnzySoQxx7+kA+KUtgWqvlcUBqROYNNt0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c570c1f5304493cafe133b8d843c7c1c4a10d3a6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1698336494,
"narHash": "sha256-sO72WDBKyijYD1GcKPlGsycKbMBiTJMBCnmOxLAs880=",
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "808c0d8c53c7ae50f82aca8e7df263225cf235bf",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1733477122,
"narHash": "sha256-qamMCz5mNpQmgBwc8SB5tVMlD5sbwVIToVZtSxMph9s=",
"owner": "cachix",
"repo": "devenv-nixpkgs",
"rev": "7bd9e84d0452f6d2e63b6e6da29fe73fac951857",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "rolling",
"repo": "devenv-nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1731919951,
"narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1743095683,
"narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1743076231,
"narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c5963357f3c1c840201eda129a99d455074db04",
"type": "github"
},
"original": {
@ -98,31 +639,158 @@
"type": "github"
}
},
"root": {
"phps": {
"inputs": {
"hardware": "hardware",
"home-manager": "home-manager",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_7",
"utils": "utils"
},
"locked": {
"lastModified": 1699021419,
"narHash": "sha256-oy2j2OHXYcckifASMeZzpmbDLSvobMGt0V/RvoDotF4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "275b28593ef3a1b9d05b6eeda3ddce2f45f5c06f",
"lastModified": 1743328785,
"narHash": "sha256-bIpp6q4/mW0cB6UWz85j5+v9jzUxJBG1m8o/e7zLJPg=",
"owner": "fossar",
"repo": "nix-phps",
"rev": "db64ff505e1b0026627ddb3f3666eb1911aca9c7",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"owner": "fossar",
"repo": "nix-phps",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"devenv": "devenv",
"devenv-root": "devenv-root",
"flake-parts": "flake-parts_2",
"flatpak": "flatpak",
"hardware": "hardware",
"lanzaboote": "lanzaboote",
"nix-index-database": "nix-index-database",
"nixos-cosmic": "nixos-cosmic",
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
],
"phps": "phps"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743302122,
"narHash": "sha256-VWyaUfBY49kjN29N140INa9LEW0YIgAr+OEJRdbKfnQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "15c2a7930e04efc87be3ebf1b5d06232e635e24b",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}

156
flake.nix
View file

@ -3,128 +3,76 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts";
devenv-root = {
url = "file+file:///dev/null";
flake = false;
};
devenv.url = "github:cachix/devenv";
hardware.url = "github:NixOS/nixos-hardware";
home-manager = {
url = "github:nix-community/home-manager";
agenix.url = "github:ryantm/agenix";
phps.url = "github:fossar/nix-phps";
lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2";
flatpak.url = "github:gmodena/nix-flatpak?ref=latest";
nixpkgs.follows = "nixos-cosmic/nixpkgs";
nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
};
impermanence.url = "github:nix-community/impermanence";
sops-nix.url = "github:Mic92/sops-nix";
nixConfig = {
extra-substituters = "https://cosmic.cachix.org";
extra-trusted-public-keys = "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=";
};
outputs = {
self,
nixpkgs,
home-manager,
impermanence,
sops-nix,
flake-parts,
...
} @ inputs: let
inherit (self) outputs;
} @ inputs:
flake-parts.lib.mkFlake {inherit inputs;} {
imports = [
inputs.devenv.flakeModule
];
forEachSystem = f:
nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
] (system:
f {
pkgs = import nixpkgs {inherit system;};
});
systems = ["x86_64-linux" "aarch64-linux"];
mkSystem = name: {
class,
modules ? [],
...
}:
nixpkgs.lib.nixosSystem ({
specialArgs = {inherit inputs;};
}
// {
modules =
modules
++ [
({
lib,
config,
...
}: {
nix = {
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
flake = {
lib = nixpkgs.lib.extend (import ./lib.nix);
nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
nixpkgs.config.allowUnfree = true;
networking.hostName = lib.mkDefault name;
})
(./system + "/${name}")
({lib, ...}: {
home-manager = {
useGlobalPkgs = true;
extraSpecialArgs = {inherit inputs;};
users = lib.mapAttrs (username: user:
user
// {
imports =
user.imports
++ [
({config, ...}: {
home = {
username = lib.mkDefault username;
homeDirectory = lib.mkDefault "/home/${config.home.username}";
};
systemd.user.startServices = "sd-switch";
})
(./common/user + "/${class}.nix")
];
})
(import (./user + "/${name}"));
};
})
(./common/system + "/${class}.nix")
home-manager.nixosModules.home-manager
(impermanence + "/nixos.nix")
(sops-nix + "/modules/sops")
];
});
systems = {
glacier = {
class = "desktop";
nixosConfigurations = self.lib.genNixosConfigurations {inherit inputs;};
};
flamingo = {
class = "desktop";
};
perSystem = {
pkgs,
inputs',
lib,
...
}: {
devenv.shells.default = {
devenv.root = let
devenvRootFileContent = builtins.readFile inputs.devenv-root.outPath;
in
lib.mkIf (devenvRootFileContent != "") devenvRootFileContent;
scenery = {
class = "desktop";
};
name = "puter";
abacus = {
class = "server";
};
imports = [
./devenv.nix
];
vessel = {
class = "server";
packages = [
inputs'.agenix.packages.agenix
];
};
packages = lib.packagesFromDirectoryRecursive {
inherit (pkgs) callPackage;
directory = ./packages;
};
};
};
in {
formatter = forEachSystem ({pkgs}: pkgs.alejandra);
nixosConfigurations = nixpkgs.lib.mapAttrs mkSystem systems;
};
}

9
hosts/headful/flamingo/filesystems.nix Normal file
View file

@ -0,0 +1,9 @@
{
boot.initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain";
fileSystems."/" = {
fsType = "ext4";
device = "/dev/mapper/main";
options = ["noatime"];
};
}

10
system/flamingo/default.nix → hosts/headful/flamingo/hardware.nix
View file

@ -1,14 +1,10 @@
{
lib,
pkgs,
inputs,
config,
self,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
"${modulesPath}/installer/scan/not-detected.nix"
inputs.hardware.nixosModules.lenovo-thinkpad-t480
];
@ -20,10 +16,8 @@
kernelModules = ["kvm-intel"];
};
system.stateVersion = "23.11";
powerManagement.cpuFreqGovernor = "powersave";
console.keyMap = "de";
services.xserver.layout = "de";
services.xserver.xkb.layout = "de";
}

5
hosts/headful/flamingo/libreoffice.nix Normal file
View file

@ -0,0 +1,5 @@
{
services.flatpak.packages = [
"org.libreoffice.LibreOffice"
];
}

5
hosts/headful/flamingo/librewolf.nix Normal file
View file

@ -0,0 +1,5 @@
{
services.flatpak.packages = [
"io.gitlab.librewolf-community"
];
}

Some files were not shown because too many files have changed in this diff Show more