cyplo
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reformat with alejandra

This commit is contained in:
Cyryl Płotnicki 2022-12-19 09:09:08 +00:00
parent 2c324ccaf7
commit 1c9bae290c
120 changed files with 2199 additions and 1759 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

352
flake.nix
View File

@ -1,187 +1,194 @@
{
description = "NixOS configuration with flakes";
outputs = { self, flake-utils, flake-compat, home-manager
, nixpkgs-nixos-unstable, nixpkgs-master, nixpkgs-stable, darwin
, nixos-hardware, nur, sops, nil, helix, alejandra }@inputs:
outputs = {
self,
flake-utils,
flake-compat,
home-manager,
nixpkgs-nixos-unstable,
nixpkgs-master,
nixpkgs-stable,
darwin,
nixos-hardware,
nur,
sops,
nil,
helix,
alejandra,
} @ inputs: let
mkServer = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/server-common.nix)
sops.nixosModules.sops
];
specialArgs = {inherit inputs;};
};
mkRaspi = pkgs: hostname:
pkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [(./. + "/nixos/boxes/${hostname}")];
specialArgs = {inherit inputs;};
};
mkKiosk = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
let
mkServer = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/server-common.nix)
sops.nixosModules.sops
];
specialArgs = { inherit inputs; };
};
mkRaspi = pkgs: hostname:
pkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [ (./. + "/nixos/boxes/${hostname}") ];
specialArgs = { inherit inputs; };
};
mkKiosk = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
sops.nixosModules.sops
sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports =
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = { inherit inputs system; };
};
mkWorkstation = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/email-accounts.nix)
(import ./nixos/common.nix)
sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports =
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = { allowUnfree = true; };
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
_module.args.inputs = inputs;
_module.args.system = system;
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = { allowUnfree = true; };
}
];
specialArgs = {inherit inputs system;};
};
mkWorkstation = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/email-accounts.nix)
(import ./nixos/common.nix)
sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = {allowUnfree = true;};
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = {allowUnfree = true;};
};
};
mkShell = packageSet: system:
let pkgs = packageSet.legacyPackages.${system};
in pkgs.mkShell {
packages = with pkgs; [
cacert
git
git-lfs
nixpkgs-fmt
openssh
openssl
pkg-config
statix
];
};
in {
devShells = {
"x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
};
darwinConfigurations = {
"FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec {
system = "x86_64-darwin";
modules = [
(./. + "/nixos/boxes/form3")
home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [ ./nixos/home-manager ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
};
mkShell = packageSet: system: let
pkgs = packageSet.legacyPackages.${system};
in
pkgs.mkShell {
packages = with pkgs; [
cacert
git
git-lfs
nixpkgs-fmt
openssh
openssl
pkg-config
statix
];
};
nixosConfigurations = {
foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty";
skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv";
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1";
yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga";
homescreen = mkRaspi nixpkgs-stable "homescreen";
bootstrap = nixpkgs-stable.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [ (./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops ];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = { allowUnfree = true; };
in {
devShells = {
"x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
};
darwinConfigurations = {
"FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec {
system = "x86_64-darwin";
modules = [
(./. + "/nixos/boxes/form3")
home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [./nixos/home-manager];
_module.args.inputs = inputs;
_module.args.system = system;
};
};
};
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes
raspiimage = nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
modules = [
(import
"${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
{
environment.systemPackages =
with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [
neovim
htop
btop
atop
];
networking.networkmanager.enable = false;
hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true;
services.openssh = {
enable = true;
permitRootLogin =
nixpkgs-stable.lib.mkForce "prohibit-password";
passwordAuthentication = false;
};
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
];
sdImage.compressImage = false;
console.earlySetup = true;
}
];
specialArgs = { inherit inputs; };
};
}
];
};
};
nixosConfigurations = {
foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty";
skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv";
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1";
yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga";
homescreen = mkRaspi nixpkgs-stable "homescreen";
bootstrap = nixpkgs-stable.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [(./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = {allowUnfree = true;};
};
};
};
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes
raspiimage = nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
modules = [
(import
"${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
{
environment.systemPackages = with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [
neovim
htop
btop
atop
];
networking.networkmanager.enable = false;
hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true;
services.openssh = {
enable = true;
permitRootLogin =
nixpkgs-stable.lib.mkForce "prohibit-password";
passwordAuthentication = false;
};
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
];
sdImage.compressImage = false;
console.earlySetup = true;
}
];
specialArgs = {inherit inputs;};
};
};
};
inputs = {
nixpkgs-master = {
type = "github";
@ -262,7 +269,7 @@
inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.nixpkgs-stable.follows = "nixpkgs-stable";
};
alejandra = {
alejandra = {
type = "github";
owner = "kamadorueda";
repo = "alejandra";
@ -274,5 +281,4 @@ alejandra = {
flake = false;
};
};
}

16
nixos/backups.nix
View File

@ -1,5 +1,8 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
extraArgs = [
"--exclude='.cache'"
"--exclude='.rustup'"
@ -12,21 +15,20 @@ let
IOSchedulingClass = "idle";
};
in {
services = {
restic.backups.home-to-bolty = {
passwordFile = "/etc/nixos/secrets/restic-password-bolty";
paths = [ "/home" ];
paths = ["/home"];
repository = "rest:http://bolty:8000/";
timerConfig = { OnCalendar = "hourly"; };
timerConfig = {OnCalendar = "hourly";};
extraBackupArgs = extraArgs;
};
restic.backups.home-to-b2 = {
passwordFile = "/etc/nixos/secrets/restic-password-b2";
paths = [ "/home" ];
paths = ["/home"];
repository = "b2:cyplo-restic-${config.networking.hostName}:/";
timerConfig = { OnCalendar = "hourly"; };
timerConfig = {OnCalendar = "hourly";};
extraBackupArgs = extraArgs;
environmentFile = "/etc/nixos/secrets/b2-env";
};

10
nixos/boot.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
{
config,
pkgs,
...
}: {
fileSystems."/".options = ["noatime" "nodiratime" "discard"];
boot = {
kernel.sysctl = {
@ -10,6 +14,4 @@
"net.core.bpf_jit_harden" = true;
};
};
}

18
nixos/boxes/bolty/bolty-boot.nix
View File

@ -1,12 +1,14 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ];
initrd.kernelModules = [ "dm-snapshot" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"];
initrd.kernelModules = ["dm-snapshot"];
kernelModules = ["kvm-amd"];
extraModulePackages = [];
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = false;
};
@ -35,7 +37,7 @@
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [];
nix.settings = {
max-jobs = 8;

30
nixos/boxes/bolty/default.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
physicalInterface = "enp4s0";
bridgeInterface = "br0";
in {
@ -13,7 +18,7 @@ in {
./print-server.nix
./restic-server.nix
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
programs.ccache.enable = true;
networking = {
hostName = "bolty";
@ -22,22 +27,24 @@ in {
address = "10.0.0.1";
interface = "${bridgeInterface}";
};
nameservers = [ "91.239.100.100" "89.233.43.71" "1.1.1.1" ];
nameservers = ["91.239.100.100" "89.233.43.71" "1.1.1.1"];
interfaces = {
"${physicalInterface}" = {
useDHCP = false;
wakeOnLan.enable = true;
};
"${bridgeInterface}" = {
ipv4.addresses = [{
"address" = "10.0.0.8";
"prefixLength" = 24;
}];
ipv4.addresses = [
{
"address" = "10.0.0.8";
"prefixLength" = 24;
}
];
};
};
bridges = { "${bridgeInterface}".interfaces = [ "${physicalInterface}" ]; };
bridges = {"${bridgeInterface}".interfaces = ["${physicalInterface}"];};
};
boot.kernelModules = [ "kvm_amd" ];
boot.kernelModules = ["kvm_amd"];
virtualisation = {
libvirtd = {
enable = true;
@ -51,11 +58,10 @@ in {
virt-viewer
lm_sensors
];
networking.firewall.allowedTCPPorts = [ 5900 ];
networking.firewall.allowedTCPPorts = [5900];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
security.allowUserNamespaces = true;
time.timeZone = "Europe/London";
}

15
nixos/boxes/bolty/home-assistant.nix
View File

@ -1,8 +1,13 @@
{ config, pkgs, inputs, lib, ... }:
let port = 8123;
{
config,
pkgs,
inputs,
lib,
...
}: let
port = 8123;
in {
imports = [ ];
networking.firewall.allowedTCPPorts = [ port ];
imports = [];
networking.firewall.allowedTCPPorts = [port];
}

6
nixos/boxes/bolty/i2p.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.i2pd = {
enable = true;
bandwidth = 1024; # kb/s

37
nixos/boxes/bolty/matrix-server.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, inputs, ... }: {
{
config,
pkgs,
inputs,
...
}: {
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
@ -14,18 +19,22 @@
enable = true;
settings = {
server_name = "cyplo.dev";
listeners = [{
port = 8008;
bind_addresses = [ "bolty.cyplo.github.beta.tailscale.net" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = false;
}];
}];
experimental_features = { spaces_enabled = true; };
listeners = [
{
port = 8008;
bind_addresses = ["bolty.cyplo.github.beta.tailscale.net"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
compress = false;
}
];
}
];
experimental_features = {spaces_enabled = true;};
enable_registration = false;
suppress_key_server_warning = true;
};
@ -33,5 +42,5 @@
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".matrix-synapse;
};
networking.firewall.allowedTCPPorts = [ 8008 ];
networking.firewall.allowedTCPPorts = [8008];
}

11
nixos/boxes/bolty/nix-store-server.nix
View File

@ -1,10 +1,13 @@
{ config, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [9000 9001];
services.minio = {
enable = true;
region = "home";
dataDir = [ "/var/lib/minio/data" ];
dataDir = ["/var/lib/minio/data"];
configDir = "/var/lib/minio/config";
listenAddress = ":9000";
consoleAddress = ":9001";

44
nixos/boxes/bolty/print-server.nix
View File

@ -1,40 +1,45 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 631 6566 ];
networking.firewall.allowedUDPPorts = [ 631 6566 ];
networking.firewall.allowedTCPPorts = [631 6566];
networking.firewall.allowedUDPPorts = [631 6566];
services.printing = {
enable = true;
drivers = with pkgs; [ epson-escpr ];
listenAddresses = [ "*:631" ];
drivers = with pkgs; [epson-escpr];
listenAddresses = ["*:631"];
defaultShared = true;
browsing = true;
allowFrom = [ "all" ];
allowFrom = ["all"];
extraConf = ''
ServerAlias *
DefaultEncryption Never
'';
};
hardware.printers.ensurePrinters = [{
description = "Epson XP-540";
location = "connected to bolty";
name = "epson_xp540";
deviceUri =
"usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
model = "raw";
ppdOptions = { PageSize = "A4"; };
}];
hardware.printers.ensurePrinters = [
{
description = "Epson XP-540";
location = "connected to bolty";
name = "epson_xp540";
deviceUri = "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
model = "raw";
ppdOptions = {PageSize = "A4";};
}
];
hardware.sane = {
enable = true;
extraBackends = with pkgs; [ utsushi sane-airscan gawk ];
extraBackends = with pkgs; [utsushi sane-airscan gawk];
snapshot = true;
};
services.udev.packages = [ pkgs.utsushi ];
services.udev.packages = [pkgs.utsushi];
environment.systemPackages = with pkgs; [ gawk ];
environment.systemPackages = with pkgs; [gawk];
services.saned = {
enable = true;
extraConfig = ''
@ -45,5 +50,4 @@
hagath
'';
};
}

9
nixos/boxes/bolty/prometheus-node.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, lib, ... }: {
networking.firewall.allowedTCPPorts = [ 9100 ];
{
config,
pkgs,
lib,
...
}: {
networking.firewall.allowedTCPPorts = [9100];
services.prometheus = {
enable = true;
exporters.node.enable = true;

9
nixos/boxes/bolty/real-hardware.nix
View File

@ -1,8 +1,13 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
hardware.enableRedistributableFirmware = true;
services.smartd.enable = true;
services.fstrim.enable = true;
environment.systemPackages = with pkgs; [ smartmontools ];
environment.systemPackages = with pkgs; [smartmontools];
services.fwupd.enable = true;
services.thermald.enable = true;
services.haveged.enable = true;

13
nixos/boxes/bolty/restic-server.nix
View File

@ -1,12 +1,15 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [ restic ];
networking.firewall.allowedTCPPorts = [ 8000 ];
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [restic];
networking.firewall.allowedTCPPorts = [8000];
services.restic.server = {
enable = true;
dataDir = "/data/restic";
appendOnly = true;
prometheus = true;
extraFlags = [ "--no-auth" ];
extraFlags = ["--no-auth"];
};
}

8
nixos/boxes/bootstrap/default.nix
View File

@ -1,4 +1,10 @@
{ config, pkgs, inputs, nixpkgs-nixos-unstable-and-unfree, ... }: {
{
config,
pkgs,
inputs,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
networking.hostName = "fixme";
imports = [

17
nixos/boxes/bootstrap/hardware-configuration.nix
View File

@ -1,11 +1,16 @@
{ config, lib, pkgs, inputs, ... }: {
{
config,
lib,
pkgs,
inputs,
...
}: {
boot = {
kernelModules = [ "kvm-intel" ];
kernelModules = ["kvm-intel"];
initrd = {
kernelModules = [ "dm-snapshot" ];
availableKernelModules =
[ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = ["dm-snapshot"];
availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
};
loader.efi.canTouchEfiVariables = true;
@ -24,7 +29,7 @@
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [];
nix.settings = {
max-jobs = "auto";

6
nixos/boxes/cli.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
atop
btop

41
nixos/boxes/form3/default.nix
View File

@ -1,14 +1,21 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }:
let
{
config,
pkgs,
inputs,
lib,
nixpkgs-nixos-unstable-and-unfree,
...
}: let
system_cert_bundle_path = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
form3_cert_path = ./form3-palo-alto.pem;
form3_cert_bundle = builtins.toFile "form3-cert-bundle.crt"
form3_cert_bundle =
builtins.toFile "form3-cert-bundle.crt"
(builtins.readFile system_cert_bundle_path
+ builtins.readFile form3_cert_path);
in {
environment.systemPackages = with pkgs; [ vim nixfmt ];
environment.systemPackages = with pkgs; [vim nixfmt];
imports = [ ../../git ../../mercurial ];
imports = [../../git ../../mercurial];
services.nix-daemon.enable = true;
nix = {
useDaemon = true;
@ -21,15 +28,11 @@ in {
fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
(runCommand "berkeley-fonts" { } ''
(runCommand "berkeley-fonts" {} ''
mkdir -vp "$out/share/fonts/opentype"
mkdir -vp "$out/share/fonts/truetype"
${pkgs.unzip}/bin/unzip ${
../../fonts.zip
} \*.otf -d $out/share/fonts/opentype
${pkgs.unzip}/bin/unzip ${
../../fonts.zip
} \*.ttf -d $out/share/fonts/truetype
${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.otf -d $out/share/fonts/opentype
${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.ttf -d $out/share/fonts/truetype
'')
nerdfonts
@ -40,7 +43,7 @@ in {
source-code-pro
weather-icons
];
security.pki.certificateFiles = [ form3_cert_path system_cert_bundle_path ];
security.pki.certificateFiles = [form3_cert_path system_cert_bundle_path];
environment.variables = {
SSL_CERT_FILE = form3_cert_bundle;
NIX_SSL_CERT_FILE = form3_cert_bundle;
@ -51,15 +54,13 @@ in {
system.stateVersion = 4;
home-manager.users.cyryl = { ... }: {
imports = [ ];
home.packages = with pkgs; [ awscli kubectl cargo-update ];
home-manager.users.cyryl = {...}: {
imports = [];
home.packages = with pkgs; [awscli kubectl cargo-update];
programs.git.userEmail = lib.mkForce "cyryl.plotnicki@form3.tech";
programs.git.extraConfig.user.signingkey =
"6441B1BC81F8FB1561C9AFF5534222210FE423ED";
programs.git.extraConfig.user.signingkey = "6441B1BC81F8FB1561C9AFF5534222210FE423ED";
programs.git.extraConfig.commit.gpgsign = true;
programs.git.extraConfig."url \"git@github.com:\"".insteadOf =
"https://github.com/";
programs.git.extraConfig."url \"git@github.com:\"".insteadOf = "https://github.com/";
programs.gpg.enable = true;
programs.gpg.homedir = "/Users/cyryl/.gnupg";
programs.zsh.loginExtra = ''

177
nixos/boxes/foureighty/custom-kernel.nix
View File

@ -1,93 +1,100 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
boot.kernelPackages = pkgs.linuxPackages_latest;
nixpkgs.overlays = [
(self: super: {
buildLinux = x:
super.buildLinux ({
ignoreConfigErrors = true;
enableParallelBuilding = true;
} // x);
ignoreConfigErrors = true;
enableParallelBuilding = true;
}
// x);
})
];
boot.kernelPatches = [{
name = "foureighty";
patch = null;
extraConfig = ''
ACPI_CUSTOM_METHOD n
ACPI_DPTF y
BUG y
CC_STACKPROTECTOR_STRONG y
CPU_IDLE_GOV_HALTPOLL y
CPU_IDLE_GOV_TEO y
DEBUG_CREDENTIALS y
DEBUG_NOTIFIERS y
DEBUG_PI_LIST y
DEBUG_PLIST y
DEBUG_RODATA y
DEBUG_SET_MODULE_RONX y
DEBUG_SG y
DEVMEM y
DPTF_PCH_FIVR m
DPTF_POWER m
ENERGY_MODEL y
FORTIFY_SOURCE y
GCC_PLUGINS y
GCC_PLUGIN_LATENT_ENTROPY y
GCC_PLUGIN_RANDSTRUCT y
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
GCC_PLUGIN_STACKLEAK y
GCC_PLUGIN_STRUCTLEAK y
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y
HARDENED_USERCOPY y
HARDENED_USERCOPY_FALLBACK y
HARDLOCKUP_DETECTOR y
HZ_300 y
INET_DIAG n
INET_DIAG_DESTROY option no
INET_MPTCP_DIAG option no
INET_RAW_DIAG option no
INET_TCP_DIAG option no
INET_UDP_DIAG option no
INIT_ON_ALLOC_DEFAULT_ON y
INIT_ON_FREE_DEFAULT_ON y
INTEL_TXT y
KEXEC n
KFENCE y
LEGACY_VSYSCALL_NONE y
LOCKUP_DETECTOR y
MCORE2 y
NR_CPUS 16
NUMA_BALANCING y
NUMA_BALANCING_DEFAULT_ENABLED y
PAGE_POISONING y
PAGE_POISONING_NO_SANITY y
PAGE_POISONING_ZERO y
PANIC_TIMEOUT -1
PM_AUTOSLEEP y
POWER_EFFICIENT_DEFAULT y
PREEMPT y
PREEMPTION y
PREEMPT_COUNT y
PREEMPT_DYNAMIC y
PREEMPT_RCU y
PROC_KCORE n
RANDOMIZE_KSTACK_OFFSET_DEFAULT y
SCHED_CORE y
SCHED_STACK_END_CHECK y
SECURITY_SAFESETID y
SECURITY_SELINUX_DISABLE n
SECURITY_WRITABLE_HOOKS n
SHUFFLE_PAGE_ALLOCATOR y
SLAB_FREELIST_HARDENED y
SLAB_FREELIST_RANDOM y
SLUB_DEBUG y
STRICT_DEVMEM y
STRICT_KERNEL_RWX y
UNINLINE_SPIN_UNLOCK y
WATCH_QUEUE y
X86_INTEL_TSX_MODE_AUTO y
X86_SGX y
X86_SGX_KVM y
'';
}];
boot.kernelPatches = [
{
name = "foureighty";
patch = null;
extraConfig = ''
ACPI_CUSTOM_METHOD n
ACPI_DPTF y
BUG y
CC_STACKPROTECTOR_STRONG y
CPU_IDLE_GOV_HALTPOLL y
CPU_IDLE_GOV_TEO y
DEBUG_CREDENTIALS y
DEBUG_NOTIFIERS y
DEBUG_PI_LIST y
DEBUG_PLIST y
DEBUG_RODATA y
DEBUG_SET_MODULE_RONX y
DEBUG_SG y
DEVMEM y
DPTF_PCH_FIVR m
DPTF_POWER m
ENERGY_MODEL y
FORTIFY_SOURCE y
GCC_PLUGINS y
GCC_PLUGIN_LATENT_ENTROPY y
GCC_PLUGIN_RANDSTRUCT y
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
GCC_PLUGIN_STACKLEAK y
GCC_PLUGIN_STRUCTLEAK y
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y
HARDENED_USERCOPY y
HARDENED_USERCOPY_FALLBACK y
HARDLOCKUP_DETECTOR y
HZ_300 y
INET_DIAG n
INET_DIAG_DESTROY option no
INET_MPTCP_DIAG option no
INET_RAW_DIAG option no
INET_TCP_DIAG option no
INET_UDP_DIAG option no
INIT_ON_ALLOC_DEFAULT_ON y
INIT_ON_FREE_DEFAULT_ON y
INTEL_TXT y
KEXEC n
KFENCE y
LEGACY_VSYSCALL_NONE y
LOCKUP_DETECTOR y
MCORE2 y
NR_CPUS 16
NUMA_BALANCING y
NUMA_BALANCING_DEFAULT_ENABLED y
PAGE_POISONING y
PAGE_POISONING_NO_SANITY y
PAGE_POISONING_ZERO y
PANIC_TIMEOUT -1
PM_AUTOSLEEP y
POWER_EFFICIENT_DEFAULT y
PREEMPT y
PREEMPTION y
PREEMPT_COUNT y
PREEMPT_DYNAMIC y
PREEMPT_RCU y
PROC_KCORE n
RANDOMIZE_KSTACK_OFFSET_DEFAULT y
SCHED_CORE y
SCHED_STACK_END_CHECK y
SECURITY_SAFESETID y
SECURITY_SELINUX_DISABLE n
SECURITY_WRITABLE_HOOKS n
SHUFFLE_PAGE_ALLOCATOR y
SLAB_FREELIST_HARDENED y
SLAB_FREELIST_RANDOM y
SLUB_DEBUG y
STRICT_DEVMEM y
STRICT_KERNEL_RWX y
UNINLINE_SPIN_UNLOCK y
WATCH_QUEUE y
X86_INTEL_TSX_MODE_AUTO y
X86_SGX y
X86_SGX_KVM y
'';
}
];
}

20
nixos/boxes/foureighty/default.nix
View File

@ -1,4 +1,11 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: {
{
config,
pkgs,
inputs,
lib,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
networking.hostName = "foureighty";
imports = [
@ -16,9 +23,9 @@
../../mercurial
];
fileSystems."/" = { options = [ "compress=zstd" ]; };
fileSystems."/" = {options = ["compress=zstd"];};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
boot.plymouth = {
enable = true;
logo = ./boot.png;
@ -55,13 +62,12 @@
buttonMapping = "1 0 3 4 5 6 7 8 9 10";
};
};
};
services.fprintd = { enable = true; };
services.fprintd = {enable = true;};
programs.ccache.enable = true;
home-manager.users.cyryl = { ... }: {
imports = [ ../../home-manager/programs/alacritty.nix ];
home-manager.users.cyryl = {...}: {
imports = [../../home-manager/programs/alacritty.nix];
home.packages = [
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".bisq-desktop
];

24
nixos/boxes/foureighty/hardware-configuration.nix
View File

@ -1,11 +1,16 @@
{ config, lib, pkgs, inputs, ... }: {
{
config,
lib,
pkgs,
inputs,
...
}: {
boot = {
kernelModules = [ "kvm-intel" ];
kernelModules = ["kvm-intel"];
initrd = {
kernelModules = [ "dm-snapshot" ];
availableKernelModules =
[ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = ["dm-snapshot"];
availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
};
loader.systemd-boot.enable = true;
@ -13,9 +18,8 @@
loader.efi.efiSysMountPoint = "/boot/efi";
};
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device =
"/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
boot.initrd.secrets = {"/crypto_keyfile.bin" = null;};
boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device = "/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/D6C0-1A9D";
@ -25,10 +29,10 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/98f3597c-183a-45fb-b2a4-b598c18d089a";
fsType = "btrfs";
options = [ "subvol=@" ];
options = ["subvol=@"];
};
swapDevices = [ ];
swapDevices = [];
nix.settings = {
max-jobs = 7;

12
nixos/boxes/foureighty/lte-modem.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [ libqmi ];
boot.extraModulePackages = with pkgs; [ libqmi ];
boot.kernelModules = [ "qmi_wwan" "qcserial" ];
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [libqmi];
boot.extraModulePackages = with pkgs; [libqmi];
boot.kernelModules = ["qmi_wwan" "qcserial"];
}

10
nixos/boxes/foureighty/nvidia.nix
View File

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
@ -17,11 +15,11 @@ let
glxinfo | grep vendor; echo OK!;
'';
in {
environment.systemPackages = [ nvidia-offload whichgpu nvidiaon ];
environment.systemPackages = [nvidia-offload whichgpu nvidiaon];
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [libva];
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA

32
nixos/boxes/foureighty/thermal.nix
View File

@ -1,46 +1,50 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
boot.extraModprobeConfig = "options thinkpad_acpi fan_control=1";
services.thinkfan = {
enable = true;
levels = [
[ 0 0 55 ]
[ 1 48 60 ]
[ 2 50 61 ]
[ 3 52 63 ]
[ 6 56 70 ]
[ 7 65 85 ]
[ "level full-speed" 80 32767 ]
[0 0 55]
[1 48 60]
[2 50 61]
[3 52 63]
[6 56 70]
[7 65 85]
["level full-speed" 80 32767]
];
sensors = [
{
type = "hwmon";
query = "/sys/class/hwmon";
name = "coretemp";
indices = [ 1 2 3 4 5 ];
indices = [1 2 3 4 5];
}
{
type = "hwmon";
query = "/sys/class/hwmon";
name = "nvme";
indices = [ 1 ];
indices = [1];
}
{
type = "hwmon";
query = "/sys/class/hwmon";
name = "acpitz";
indices = [ 1 ];
indices = [1];
}
{
type = "hwmon";
query = "/sys/class/hwmon";
name = "pch_skylake";
indices = [ 1 ];
indices = [1];
}
{
type = "tpacpi";
query = "/proc/acpi/ibm/thermal";
indices = [ 0 1 ];
indices = [0 1];
}
];
};

20
nixos/boxes/homescreen/default.nix
View File

@ -1,13 +1,19 @@
{ config, pkgs, inputs, lib, ... }: {
imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ];
{
config,
pkgs,
inputs,
lib,
...
}: {
imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4];
networking = {
hostName = "homescreen";
networkmanager = { enable = true; };
networkmanager = {enable = true;};
};
hardware.enableRedistributableFirmware = true;
environment.systemPackages = with pkgs; [ neovim htop btop atop ];
environment.systemPackages = with pkgs; [neovim htop btop atop];
services.fail2ban.enable = true;
@ -32,7 +38,7 @@
users = {
mutableUsers = false;
users.kiosk = { isNormalUser = true; };
users.kiosk = {isNormalUser = true;};
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
@ -41,12 +47,12 @@
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
options = ["noatime"];
};
"/boot/firmware" = {
device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat";
options = [ "nofail" "noauto" ];
options = ["nofail" "noauto"];
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

50
nixos/boxes/homescreen/homeassistant.nix
View File

@ -1,29 +1,33 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.home-assistant = {
enable = true;
openFirewall = true;
package = (pkgs.home-assistant.override {
extraPackages = ps: with ps; [ ];
extraComponents = [
"api"
"auth"
"cloud"
"config"
"default_config"
"http"
"mobile_app"
"onboarding"
"search"
"ssdp"
"system_log"
"tts"
"websocket_api"
"zeroconf"
"zwave"
];
}).overridePythonAttrs { doCheck = false; };
package =
(pkgs.home-assistant.override {
extraPackages = ps: with ps; [];
extraComponents = [
"api"
"auth"
"cloud"
"config"
"default_config"
"http"
"mobile_app"
"onboarding"
"search"
"ssdp"
"system_log"
"tts"
"websocket_api"
"zeroconf"
"zwave"
];
})
.overridePythonAttrs {doCheck = false;};
};
}

19
nixos/boxes/macmini/default.nix
View File

@ -1,7 +1,14 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: {
environment.systemPackages = with pkgs; [ vim nixfmt ];
{
config,
pkgs,
inputs,
lib,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
environment.systemPackages = with pkgs; [vim nixfmt];
imports = [ ../../git ../../mercurial ];
imports = [../../git ../../mercurial];
services.nix-daemon.enable = true;
nix = {
useDaemon = true;
@ -38,8 +45,8 @@
system.stateVersion = 4;
home-manager.users.cyryl = { ... }: {
imports = [ ];
home.packages = [ ];
home-manager.users.cyryl = {...}: {
imports = [];
home.packages = [];
};
}

8
nixos/boxes/nginx.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 ];
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [80 443];
services.nginx = {
enable = true;
statusPage = true;

10
nixos/boxes/skinnyv/default.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
networking.hostName = "skinnyv";
imports = [
@ -19,7 +23,7 @@
time.timeZone = "Europe/London";
services.thermald.enable = true;
home-manager.users.cyryl = { ... }: {
imports = [ ../../home-manager/programs/kitty.nix ];
home-manager.users.cyryl = {...}: {
imports = [../../home-manager/programs/kitty.nix];
};
}

36
nixos/boxes/skinnyv/hardware-configuration.nix
View File

@ -1,33 +1,37 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9dba116f-c9fe-403a-a8e2-f9fdab23f1f1";
fsType = "btrfs";
options = [ "compress=zstd" ];
options = ["compress=zstd"];
};
boot.initrd.luks.devices."crypt".device =
"/dev/disk/by-uuid/0c192a18-178f-4598-a1ed-5295ef2abdc4";
boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/0c192a18-178f-4598-a1ed-5295ef2abdc4";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/0A6A-AAFC";
fsType = "vfat";
};
swapDevices = [{
device = "/swapfile";
size = 16 * 1024;
priority = 1;
}];
swapDevices = [
{
device = "/swapfile";
size = 16 * 1024;
priority = 1;
}
];
zramSwap = {
enable = true;

10
nixos/boxes/thinky/default.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
networking.hostName = "thinky";
imports = [
@ -23,7 +27,7 @@
algorithm = "zstd";
memoryPercent = 50;
};
home-manager.users.cyryl = { ... }: {
imports = [ ../../home-manager/programs/termite.nix ];
home-manager.users.cyryl = {...}: {
imports = [../../home-manager/programs/termite.nix];
};
}

20
nixos/boxes/thinky/hardware-configuration.nix
View File

@ -1,11 +1,16 @@
{ config, lib, pkgs, inputs, ... }: {
{
config,
lib,
pkgs,
inputs,
...
}: {
boot = {
kernelModules = [ "kvm-intel" ];
kernelModules = ["kvm-intel"];
initrd = {
kernelModules = [ "dm-snapshot" ];
availableKernelModules =
[ "ata_generic" "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
kernelModules = ["dm-snapshot"];
availableKernelModules = ["ata_generic" "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod"];
};
loader.grub.enable = true;
@ -18,15 +23,14 @@
fsType = "btrfs";
};
boot.initrd.luks.devices."crypt".device =
"/dev/disk/by-uuid/8d51b38a-5d90-4a7a-a86a-0d57648fd82d";
boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/8d51b38a-5d90-4a7a-a86a-0d57648fd82d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/195b3f15-885e-4123-879f-6e4591a58317";
fsType = "ext2";
};
swapDevices = [ ];
swapDevices = [];
nix.settings = {
max-jobs = 2;

10
nixos/boxes/vm.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
time.timeZone = "Europe/London";
services.xserver.desktopManager.plasma5.enable = lib.mkForce false;
@ -7,6 +12,5 @@
virtualisation.virtualbox.guest.enable = true;
virtualisation.virtualbox.guest.x11 = true;
imports =
[ <nixpkgs/nixos/modules/installer/virtualbox-demo.nix> ../common.nix ];
imports = [<nixpkgs/nixos/modules/installer/virtualbox-demo.nix> ../common.nix];
}

15
nixos/boxes/vpsfree1/backups.nix
View File

@ -1,10 +1,12 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
genericBackupPath = "/var/lib/backups/";
containersBackupPath = "${genericBackupPath}/oci-containers/";
in rec {
environment.systemPackages = with pkgs; [ restic ];
environment.systemPackages = with pkgs; [restic];
sops.secrets."restic-backups-b2-repo-password" = {
sopsFile = ./restic.sops.yaml;
@ -28,9 +30,8 @@ in rec {
mkdir -p ${containersBackupPath}/
${pkgs.podman}/bin/podman volume export woodpecker-server-data -o ${containersBackupPath}/woodpecker.tar
'';
timerConfig = { OnCalendar = "hourly"; };
environmentFile =
"${config.sops.secrets.restic-backups-b2-environment.path}";
timerConfig = {OnCalendar = "hourly";};
environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}";
};
};

12
nixos/boxes/vpsfree1/blog.cyplo.net.nix
View File

@ -1,8 +1,11 @@
{ config, pkgs, inputs, lib, ... }:
{
imports = [ ../nginx.nix ];
config,
pkgs,
inputs,
lib,
...
}: {
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
@ -13,5 +16,4 @@
};
};
};
}

16
nixos/boxes/vpsfree1/cryptpad.nix
View File

@ -1,15 +1,18 @@
{ config, pkgs, inputs, lib, ... }:
{
imports = [ ../nginx.nix ];
config,
pkgs,
inputs,
lib,
...
}: {
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
"notes.purrfect.estate" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "notes-sandbox.purrfect.estate" ];
serverAliases = ["notes-sandbox.purrfect.estate"];
locations."/" = {
proxyPass = "http://127.0.0.1:9005";
proxyWebsockets = true;
@ -36,7 +39,6 @@
CPAD_TRUSTED_PROXY = "0.0.0.0/0";
CPAD_HTTP2_DISABLE = "true";
};
ports = [ "9005:80" ];
ports = ["9005:80"];
};
}

10
nixos/boxes/vpsfree1/default.nix
View File

@ -1,4 +1,10 @@
{ config, pkgs, inputs, lib, ... }: {
{
config,
pkgs,
inputs,
lib,
...
}: {
networking.hostName = "vpsfree1";
imports = [
@ -24,7 +30,7 @@
DefaultTimeoutStartSec=900s
'';
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
time.timeZone = "Europe/London";
nix.settings.cores = 8;
}

103
nixos/boxes/vpsfree1/fossil.nix
View File

@ -1,72 +1,85 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
port = 8081;
domain = "fossil.cyplo.dev";
baseurl = "https://${domain}";
path = "/var/lib/fossil";
in {
imports = [ ../nginx.nix ];
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://localhost:" + toString port; };
locations."/" = {proxyPass = "http://localhost:" + toString port;};
};
};
};
containers.fossil = {
autoStart = true;
forwardPorts = [{
containerPort = port;
hostPort = port;
}];
forwardPorts = [
{
containerPort = port;
hostPort = port;
}
];
bindMounts = {
"${path}" = {
hostPath = "${path}";
isReadOnly = false;
};
};
config = { config, pkgs, ... }:
let
user = "fossil";
group = "fossil";
in {
system.stateVersion = "22.05";
environment.systemPackages = [ pkgs.fossil ];
users.groups = { "${group}" = { }; };
users.users = {
fossil = {
inherit group;
description = "Fossil Service";
home = path;
useDefaultShell = true;
isSystemUser = true;
};
};
systemd.tmpfiles.rules = [ "d '${path}' 0770 ${user} ${group} - -" ];
systemd.services.fossil = {
description = "fossil server";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.fossil pkgs.git ];
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = path;
ReadWritePaths = [ path ];
ExecStart = "${pkgs.fossil}/bin/fossil server" + " --localhost"
+ " --https" + " --port ${toString port}"
+ " --baseurl ${baseurl}" + " --repolist ${path}";
Restart = "always";
RestartSec = 3;
};
config = {
config,
pkgs,
...
}: let
user = "fossil";
group = "fossil";
in {
system.stateVersion = "22.05";
environment.systemPackages = [pkgs.fossil];
users.groups = {"${group}" = {};};
users.users = {
fossil = {
inherit group;
description = "Fossil Service";
home = path;
useDefaultShell = true;
isSystemUser = true;
};
};
systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"];
systemd.services.fossil = {
description = "fossil server";
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
path = [pkgs.fossil pkgs.git];
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = path;
ReadWritePaths = [path];
ExecStart =
"${pkgs.fossil}/bin/fossil server"
+ " --localhost"
+ " --https"
+ " --port ${toString port}"
+ " --baseurl ${baseurl}"
+ " --repolist ${path}";
Restart = "always";
RestartSec = 3;
};
};
};
};
}

51
nixos/boxes/vpsfree1/foundryvtt.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
foundryvtt = pkgs.fetchzip {
name = "foundryvtt";
url = "file:///" + ./FoundryVTT-10.290.zip;
@ -8,7 +13,7 @@ let
stripRoot = false;
};
in {
imports = [ ../nginx.nix ];
imports = [../nginx.nix];
services.nginx = {
clientMaxBodySize = "300M";
@ -36,21 +41,27 @@ in {
containers.foundryvtt = {
autoStart = true;
forwardPorts = [{
containerPort = 30000;
hostPort = 30000;
}];
forwardPorts = [
{
containerPort = 30000;
hostPort = 30000;
}
];
bindMounts = {
"/var/lib/foundryvtt" = {
hostPath = "/var/lib/foundryvtt";
isReadOnly = false;
};
};
config = { config, pkgs, ... }: {
config = {
config,
pkgs,
...
}: {
system.stateVersion = "22.05";
systemd.services."foundryvtt" = {
requires = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
script = ''
mkdir -p /var/lib/foundryvtt
${pkgs.nodejs-18_x}/bin/node ${foundryvtt}/resources/app/main.js --dataPath=/var/lib/foundryvtt
@ -61,15 +72,21 @@ in {
};
containers.foundryvtt-test = {
autoStart = true;
forwardPorts = [{
containerPort = 30001;
hostPort = 30001;
}];
config = { config, pkgs, ... }: {
forwardPorts = [
{
containerPort = 30001;
hostPort = 30001;
}
];
config = {
config,
pkgs,
...
}: {
system.stateVersion = "22.05";
systemd.services."foundryvtt" = {
requires = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
script = ''
mkdir -p /var/lib/foundryvtt
${pkgs.nodejs-18_x}/bin/node ${foundryvtt}/resources/app/main.js --dataPath=/var/lib/foundryvtt --port=30001

35
nixos/boxes/vpsfree1/gitea.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
httpPort = 8083;
sshPort = 22;
domain = "git.cyplo.dev";
@ -21,18 +26,18 @@ let
};
groups."${systemGroupName}" = {
inherit gid;
members = [ "${systemUserName}" "nginx" ];
members = ["${systemUserName}" "nginx"];
};
};
in {
imports = [ ../nginx.nix ];
imports = [../nginx.nix];
inherit users;
boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; };
boot.kernel.sysctl = {"net.ipv4.ip_unprivileged_port_start" = 0;};
systemd.services.systemd-sysctl.enable = lib.mkForce true;
networking.firewall.allowedTCPPorts = [ sshPort ];
networking.firewall.allowedTCPPorts = [sshPort];
services.nginx = {
virtualHosts = {
"${domain}" = {
@ -74,12 +79,19 @@ in {
isReadOnly = true;
};
};
config = { config, pkgs, lib, ... }: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05";
users = users // {
mutableUsers = false;
allowNoPasswordLogin = true;
};
users =
users
// {
mutableUsers = false;
allowNoPasswordLogin = true;
};
services.gitea = {
inherit domain httpPort;
enable = true;
@ -104,7 +116,6 @@ in {
IS_TLS_ENABLED = true;
USER = "postmaster@${emailDomain}";
};
};
};
};

55
nixos/boxes/vpsfree1/mastodon.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
domain = "peninsula.industries";
streamingPort = 55000;
webPort = 55001;
@ -22,7 +27,7 @@ let
};
groups."${systemGroupName}" = {
inherit gid;
members = [ "${systemUserName}" "nginx" ];
members = ["${systemUserName}" "nginx"];
};
};
secretSettings = {
@ -33,7 +38,7 @@ let
package =
inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon;
in {
imports = [ ../nginx.nix ];
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
@ -42,7 +47,7 @@ in {
enableACME = true;
root = "${package}/public/";
locations."/" = { tryFiles = "$uri @proxy"; };
locations."/" = {tryFiles = "$uri @proxy";};
locations."/system/".alias = "${publicPath}";
locations."@proxy" = {
@ -57,14 +62,18 @@ in {
};
};
sops.secrets."${mailgunSmtpSecretName}" = {
sopsFile = ./mailgun.sops.yaml;
path = mailgunSmtpPasswordPath;
} // secretSettings;
sops.secrets."${mastodonDbSecretName}" = {
sopsFile = ./mastodon-db.sops.yaml;
path = mastodonDbSecretPath;
} // secretSettings;
sops.secrets."${mailgunSmtpSecretName}" =
{
sopsFile = ./mailgun.sops.yaml;
path = mailgunSmtpPasswordPath;
}
// secretSettings;
sops.secrets."${mastodonDbSecretName}" =
{
sopsFile = ./mastodon-db.sops.yaml;
path = mastodonDbSecretPath;
}
// secretSettings;
inherit users;
@ -84,7 +93,7 @@ in {
ProtectSystem = "strict";
ReadWritePaths = path;
};
before = [ "container@mastodon.service" ];
before = ["container@mastodon.service"];
};
containers.mastodon = {
@ -113,13 +122,20 @@ in {
isReadOnly = true;
};
};
config = { config, pkgs, lib, ... }: {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05";
services.postgresql.port = postgresPort;
users = users // {
mutableUsers = false;
allowNoPasswordLogin = true;
};
users =
users
// {
mutableUsers = false;
allowNoPasswordLogin = true;
};
services.mastodon = {
enable = true;
inherit package;
@ -151,6 +167,5 @@ in {
};
};
};
};
}

24
nixos/boxes/vpsfree1/matrix-front.nix
View File

@ -1,21 +1,24 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.nginx = {
virtualHosts = {
"cyplo.dev" = {
forceSSL = true;
enableACME = true;
locations."= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "cyplo.dev:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/server".extraConfig = let
server = {"m.server" = "cyplo.dev:443";};
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = { "base_url" = "https://cyplo.dev"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
"m.homeserver" = {"base_url" = "https://cyplo.dev";};
"m.identity_server" = {"base_url" = "https://vector.im";};
};
in ''
add_header Content-Type application/json;
@ -33,5 +36,4 @@
};
};
};
}

91
nixos/boxes/vpsfree1/rss.nix
View File

@ -1,63 +1,74 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
port = 8080;
domain = "news.cyplo.dev";
in {
imports = [ ../nginx.nix ];
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:" + toString port; };
locations."/" = {proxyPass = "http://127.0.0.1:" + toString port;};
};
};
};
containers.rss = {
autoStart = true;
forwardPorts = [{
containerPort = port;
hostPort = port;
}];
config = { config, pkgs, ... }:
let
inherit (config.services.tt-rss) pool;
inherit (config.services.tt-rss) root;
in {
system.stateVersion = "22.05";
services.tt-rss = {
enable = true;
selfUrlPath = "https://${domain}";
virtualHost = null;
registration.enable = false;
simpleUpdateMode = true;
};
services.nginx = {
enable = true;
virtualHosts = {
"${domain}" = {
listen = [{
forwardPorts = [
{
containerPort = port;
hostPort = port;
}
];
config = {
config,
pkgs,
...
}: let
inherit (config.services.tt-rss) pool;
inherit (config.services.tt-rss) root;
in {
system.stateVersion = "22.05";
services.tt-rss = {
enable = true;
selfUrlPath = "https://${domain}";
virtualHost = null;
registration.enable = false;
simpleUpdateMode = true;
};
services.nginx = {
enable = true;
virtualHosts = {
"${domain}" = {
listen = [
{
inherit port;
addr = "0.0.0.0";
}];
root = "${root}/www";
locations."/" = { index = "index.php"; };
locations."^~ /feed-icons" = { root = "${root}"; };
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${
config.services.phpfpm.pools.${pool}.socket
};
fastcgi_index index.php;
'';
};
}
];
root = "${root}/www";
locations."/" = {index = "index.php";};
locations."^~ /feed-icons" = {root = "${root}";};
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${
config.services.phpfpm.pools.${pool}.socket
};
fastcgi_index index.php;
'';
};
};
};
};
};
};
}

10
nixos/boxes/vpsfree1/search.nix
View File

@ -1,5 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.nginx = {
virtualHosts = {
"search.cyplo.dev" = {
@ -12,7 +15,7 @@
proxy_send_timeout 60s;
proxy_read_timeout 60s;
'';
locations."/" = { proxyPass = "http://localhost:8888"; };
locations."/" = {proxyPass = "http://localhost:8888";};
};
};
};
@ -25,4 +28,3 @@
};
};
}

12
nixos/boxes/vpsfree1/ssh.nix
View File

@ -1,9 +1,13 @@
{ config, pkgs, ... }:
let port = 2222;
{
config,
pkgs,
...
}: let
port = 2222;
in {
services.openssh = {
enable = true;
ports = [ port ];
ports = [port];
};
networking.firewall.allowedTCPPorts = [ port ];
networking.firewall.allowedTCPPorts = [port];
}

13
nixos/boxes/vpsfree1/syncthing-relay.nix
View File

@ -1,9 +1,14 @@
{ config, pkgs, inputs, lib, ... }: {
networking.firewall.allowedTCPPorts = [ 22067 22070 ];
{
config,
pkgs,
inputs,
lib,
...
}: {
networking.firewall.allowedTCPPorts = [22067 22070];
services.syncthing.relay = {
enable = true;
listenAddress = "vpsfree1.cyplo.github.beta.tailscale.net";
pools = [ "" ]; # private relay
pools = [""]; # private relay
};
}

35
nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix
View File

@ -5,21 +5,27 @@
# from vpsAdminOS repository:
#
# https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix
{ config, pkgs, lib, ... }:
with lib;
let nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ];
{
config,
pkgs,
lib,
...
}:
with lib; let
nameservers = ["1.1.1.1" "2606:4700:4700::1111"];
in {
networking.nameservers = mkDefault nameservers;
services.resolved = mkDefault { fallbackDns = nameservers; };
services.resolved = mkDefault {fallbackDns = nameservers;};
networking.dhcpcd.extraConfig = "noipv4ll";
systemd.services.systemd-sysctl.enable = false;
systemd.sockets."systemd-journald-audit".enable = false;
systemd.mounts = [{
where = "/sys/kernel/debug";
enable = false;
}];
systemd.mounts = [
{
where = "/sys/kernel/debug";
enable = false;
}
];
systemd.services.systemd-udev-trigger.enable = false;
systemd.services.rpc-gssd.enable = false;
@ -27,7 +33,8 @@ in {
boot.enableContainers = mkDefault true;
boot.loader.initScript.enable = true;
boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs";
boot.systemdExecutable = mkDefault
boot.systemdExecutable =
mkDefault
"/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0";
# Overrides for <nixpkgs/nixos/modules/virtualisation/container-config.nix>
@ -39,10 +46,10 @@ in {
# Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host
systemd.services.networking-setup = {
description = "Load network configuration provided by the vpsAdminOS host";
before = [ "network.target" ];
wantedBy = [ "network.target" ];
after = [ "network-pre.target" ];
path = [ pkgs.iproute ];
before = ["network.target"];
wantedBy = ["network.target"];
after = ["network-pre.target"];
path = [pkgs.iproute];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;

35
nixos/boxes/vpsfree1/woodpecker.nix
View File

@ -1,27 +1,30 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
httpPort = 8000;
agentPort = 9000;
domain = "ci.cyplo.dev";
path = "/var/lib/woodpecker";
serverContainerName = "woodpecker-server";
agent = {
dependsOn = [ "${serverContainerName}" ];
volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock" ];
image =
"woodpeckerci/woodpecker-agent@sha256:9a98e25ca6fcf7c437ad355cfce53a696c55b9864399a4d456429a20bfb44545";
environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ];
dependsOn = ["${serverContainerName}"];
volumes = ["/var/run/podman/podman.sock:/var/run/docker.sock"];
image = "woodpeckerci/woodpecker-agent@sha256:9a98e25ca6fcf7c437ad355cfce53a696c55b9864399a4d456429a20bfb44545";
environmentFiles = ["${config.sops.secrets.gitea-env.path}"];
environment = {
WOODPECKER_SERVER = "${serverContainerName}:${toString agentPort}";
WOODPECKER_MAX_PROCS = "1";
WOODPECKER_DEBUG_PRETTY = "true";
WOODPECKER_LOG_LEVEL = "info";
};
extraOptions = [ "--network=woodpecker" ];
extraOptions = ["--network=woodpecker"];
};
in {
imports = [ ../nginx.nix ];
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
@ -43,10 +46,9 @@ in {
virtualisation.podman.defaultNetwork.dnsname.enable = true;
virtualisation.oci-containers.containers = {
"${serverContainerName}" = {
image =
"woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea";
volumes = [ "woodpecker-server-data:${path}" ];
environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ];
image = "woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea";
volumes = ["woodpecker-server-data:${path}"];
environmentFiles = ["${config.sops.secrets.gitea-env.path}"];
environment = {
WOODPECKER_OPEN = "false";
WOODPECKER_ADMIN = "cyplo";
@ -54,13 +56,12 @@ in {
WOODPECKER_GITEA = "true";
WOODPECKER_GITEA_URL = "https://git.cyplo.dev";
};
ports = [ "${toString httpPort}:${toString httpPort}" ];
extraOptions = [ "--network=woodpecker" ];
ports = ["${toString httpPort}:${toString httpPort}"];
extraOptions = ["--network=woodpecker"];
};
woodpecker-agent1 = agent;
woodpecker-agent2 = agent;
woodpecker-agent3 = agent;
woodpecker-agent4 = agent;
};
}

30
nixos/boxes/yoga/default.nix
View File

@ -1,18 +1,25 @@
{ config, pkgs, inputs, lib, system, nixpkgs-nixos-unstable-and-unfree, ... }: {
{
config,
pkgs,
inputs,
lib,
system,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
networking.hostName = "yoga";
imports = [ ./hardware-configuration.nix ../../boot.nix ../../git ];
imports = [./hardware-configuration.nix ../../boot.nix ../../git];
boot.kernelPackages = pkgs.linuxPackages_latest;
hardware.trackpoint.enable = true;
services.hardware.bolt.enable = true;
services.fprintd = { enable = true; };
services.fprintd = {enable = true;};
home-manager.users.cyryl = { lib, ... }: {
home.packages = with pkgs; [ firefox vim gnome3.gedit git ];
home-manager.users.cyryl = {lib, ...}: {
home.packages = with pkgs; [firefox vim gnome3.gedit git];
};
networking.networkmanager.enable = true;
@ -49,11 +56,9 @@
users.users.cyryl = {
isNormalUser = true;
description = "cyryl";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs;
[
];
extraGroups = ["networkmanager" "wheel"];
packages = with pkgs; [
];
};
services.fwupd.enable = true;
@ -75,6 +80,5 @@
'';
};
system = { stateVersion = "22.05"; };
system = {stateVersion = "22.05";};
}

33
nixos/boxes/yoga/hardware-configuration.nix
View File

@ -1,40 +1,39 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
boot.initrd.secrets = {"/crypto_keyfile.bin" = null;};
boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".device =
"/dev/disk/by-uuid/e6cb9de6-a571-4462-ba9e-6f8dafdd3d21";
boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".keyFile =
"/crypto_keyfile.bin";
boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".device = "/dev/disk/by-uuid/e6cb9de6-a571-4462-ba9e-6f8dafdd3d21";
boot.initrd.luks.devices."luks-e6cb9de6-a571-4462-ba9e-6f8dafdd3d21".keyFile = "/crypto_keyfile.bin";
fileSystems."/" = {
device = "/dev/disk/by-uuid/d19afedb-d03b-4a85-9ad7-d99d2ed057c5";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-10f9ad25-cff6-4a5c-ae92-4847e1374b2d".device =
"/dev/disk/by-uuid/10f9ad25-cff6-4a5c-ae92-4847e1374b2d";
boot.initrd.luks.devices."luks-10f9ad25-cff6-4a5c-ae92-4847e1374b2d".device = "/dev/disk/by-uuid/10f9ad25-cff6-4a5c-ae92-4847e1374b2d";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/5A4D-EDA3";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/5c9ab30b-9128-4c31-b392-785e7acbc0d2"; }];
swapDevices = [{device = "/dev/disk/by-uuid/5c9ab30b-9128-4c31-b392-785e7acbc0d2";}];
networking.useDHCP = lib.mkDefault true;

66
nixos/common-hardware.nix
View File

@ -1,33 +1,41 @@
{ config, pkgs, nixpkgs-nixos-unstable-and-unfree, lib, ... }: {
boot.kernelModules = [ "fuse" ];
{
config,
pkgs,
nixpkgs-nixos-unstable-and-unfree,
lib,
...
}: {
boot.kernelModules = ["fuse"];
services.smartd.enable = true;
sound.enable = true;
networking.networkmanager = {
enable = true;
dispatcherScripts = [{
source = pkgs.writeText "upHook" ''
enable_disable_wifi ()
{
result=$(nmcli dev | grep "ethernet" | grep -w "connected")
if [ -n "$result" ]; then
nmcli radio wifi off
else
nmcli radio wifi on
dispatcherScripts = [
{
source = pkgs.writeText "upHook" ''
enable_disable_wifi ()
{
result=$(nmcli dev | grep "ethernet" | grep -w "connected")
if [ -n "$result" ]; then
nmcli radio wifi off
else
nmcli radio wifi on
fi
}
if [ "$2" = "up" ]; then
enable_disable_wifi
fi
}
if [ "$2" = "up" ]; then
enable_disable_wifi
fi
if [ "$2" = "down" ]; then
enable_disable_wifi
fi
'';
type = "basic";
}];
if [ "$2" = "down" ]; then
enable_disable_wifi
fi
'';
type = "basic";
}
];
};
hardware.enableRedistributableFirmware = true;
@ -36,7 +44,7 @@
enable = true;
package = pkgs.pulseaudioFull;
support32Bit = true;
extraModules = [ ];
extraModules = [];
daemon.config = {
nice-level = -15;
realtime-scheduling = "yes";
@ -46,12 +54,12 @@
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
settings = { General = { Enable = "Source,Sink,Media,Socket"; }; };
settings = {General = {Enable = "Source,Sink,Media,Socket";};};
};
services.blueman.enable = true;
environment.systemPackages = with pkgs; [ ghostscript poppler ];
environment.systemPackages = with pkgs; [ghostscript poppler];
services.printing = {
enable = true;
drivers = with pkgs; [
@ -69,8 +77,7 @@
description = "Epson XP-540 via bolty";
name = "epson_xp540_via_bolty";
deviceUri = "ipp://bolty:631/printers/epson_xp540";
model =
"epson-inkjet-printer-escpr/Epson-XP-540_Series-epson-escpr-en.ppd";
model = "epson-inkjet-printer-escpr/Epson-XP-540_Series-epson-escpr-en.ppd";
ppdOptions = {
PageSize = "A4";
Duplex = "DuplexNoTumble";
@ -79,8 +86,7 @@
{
description = "Samsung SCX-4623 Series";
name = "samsung-SCX-4623";
deviceUri =
"usb://Samsung/SCX-4623%20Series?serial=Z2TYBFFZC01007W&interface=1";
deviceUri = "usb://Samsung/SCX-4623%20Series?serial=Z2TYBFFZC01007W&interface=1";
model = "samsung/SCX-4623FW.ppd";
ppdOptions = {
PageSize = "A4";
@ -89,7 +95,7 @@
}
];
services.udev.packages = [ pkgs.utsushi ];
services.udev.packages = [pkgs.utsushi];
hardware.sane = {
enable = true;
snapshot = true;

13
nixos/common-services.nix
View File

@ -1,8 +1,12 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
console.keyMap = "pl";
imports = [ ./tailscale ];
imports = [./tailscale];
services = {
udev.packages = [ pkgs.android-udev-rules ];
udev.packages = [pkgs.android-udev-rules];
ratbagd.enable = true;
fwupd = {
@ -12,7 +16,7 @@
tlp = {
enable = true;
settings = { "DISK_IOSCHED" = "mq-deadline"; };
settings = {"DISK_IOSCHED" = "mq-deadline";};
};
upower.enable = true;
@ -41,7 +45,6 @@
Option "TearFree" "true"
Option "AccelMethod" "sna"
'';
};
};
}

42
nixos/common.nix
View File

@ -1,5 +1,11 @@
{ config, pkgs, lib, inputs, nixpkgs-nixos-unstable-and-unfree, ... }:
let
{
config,
pkgs,
lib,
inputs,
nixpkgs-nixos-unstable-and-unfree,
...
}: let
stateVersion = "22.05";
username = "cyryl";
in {
@ -51,10 +57,9 @@ in {
shell = pkgs.zsh;
};
networking.nameservers =
[ "91.239.100.100" "89.233.43.71" "1.1.1.1" "8.8.8.8" ];
networking.nameservers = ["91.239.100.100" "89.233.43.71" "1.1.1.1" "8.8.8.8"];
networking.hosts = { "10.11.99.1" = [ "remarkable" ]; };
networking.hosts = {"10.11.99.1" = ["remarkable"];};
programs.light.enable = true;
programs.adb.enable = true;
@ -64,29 +69,24 @@ in {
enable = true;
autoPrune.enable = true;
daemon.settings = {
"insecure-registries" = [ "vpsfree1.raptor-carp.ts.net:5000" ];
"insecure-registries" = ["vpsfree1.raptor-carp.ts.net:5000"];
};
};
fonts.fontconfig = {
enable = true;
defaultFonts.monospace = [ "Berkeley Mono" ];
defaultFonts.monospace = ["Berkeley Mono"];
};
fonts.fonts = with pkgs;
[
(runCommand "berkeley-fonts" { } ''
mkdir -vp "$out/share/fonts/opentype"
mkdir -vp "$out/share/fonts/truetype"
${pkgs.unzip}/bin/unzip ${
./fonts.zip
} \*.otf -d $out/share/fonts/opentype
${pkgs.unzip}/bin/unzip ${
./fonts.zip
} \*.ttf -d $out/share/fonts/truetype
fonts.fonts = with pkgs; [
(runCommand "berkeley-fonts" {} ''
mkdir -vp "$out/share/fonts/opentype"
mkdir -vp "$out/share/fonts/truetype"
${pkgs.unzip}/bin/unzip ${./fonts.zip} \*.otf -d $out/share/fonts/opentype
${pkgs.unzip}/bin/unzip ${./fonts.zip} \*.ttf -d $out/share/fonts/truetype
'')
];
'')
];
nix = {
settings.auto-optimise-store = true;
@ -98,5 +98,5 @@ in {
'';
};
system = { inherit stateVersion; };
system = {inherit stateVersion;};
}

33
nixos/distributed-builds.nix
View File

@ -1,25 +1,30 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs.ssh.extraConfig = ''
Host vpsfree1
Host vpsfree1
HostName vpsfree1
Port 2222
Port 2222
StrictHostKeyChecking=accept-new
'';
nix.buildMachines = [{
hostName = "bolty";
sshUser = "nix-builder";
sshKey = "/home/cyryl/.ssh/id_ed25519";
systems = [ "i686-linux" "x86_64-linux" "aarch64-linux" ];
maxJobs = 2;
speedFactor = 1;
supportedFeatures = [ "kvm" "big-parallel" ];
mandatoryFeatures = [ ];
}];
nix.buildMachines = [
{
hostName = "bolty";
sshUser = "nix-builder";
sshKey = "/home/cyryl/.ssh/id_ed25519";
systems = ["i686-linux" "x86_64-linux" "aarch64-linux"];
maxJobs = 2;
speedFactor = 1;
supportedFeatures = ["kvm" "big-parallel"];
mandatoryFeatures = [];
}
];
nix.extraOptions = ''
builders-use-substitutes = true
'';
nix.distributedBuilds = true;
}

23
nixos/email-accounts.nix
View File

@ -1,11 +1,16 @@
{ config, pkgs, inputs, ... }:
let unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
{
config,
pkgs,
inputs,
...
}: let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
in {
home-manager.users.cyryl = {
accounts.email.accounts.cyplo = {
primary = true;
address = "cyplo@cyplo.dev";
aliases = [ "cyplo@cyplo.net" ];
aliases = ["cyplo@cyplo.net"];
realName = "Cyryl Płotnicki";
userName = "cyplo@cyplo.dev";
imap = {
@ -52,14 +57,14 @@ in {
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.neomutt = { enable = true; };
programs.neomutt = {enable = true;};
programs.notmuch = {
enable = true;
hooks.preNew = "${pkgs.isync}/bin/mbsync -a";
};
programs.alot = { enable = true; };
programs.alot = {enable = true;};
home.packages = with pkgs; [ unstable.protonmail-bridge ];
home.packages = with pkgs; [unstable.protonmail-bridge];
services.mbsync.enable = true;
@ -69,11 +74,9 @@ in {
systemd.user.services."proton-bridge" = {
Unit.Description = "Bridge to ProtonMail";
Install.WantedBy = [ "default.target" "mbsync.service" ];
Service.ExecStart =
"${unstable.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
Install.WantedBy = ["default.target" "mbsync.service"];
Service.ExecStart = "${unstable.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
Service.Environment = "PATH=${pkgs.pass}/bin:${pkgs.gnupg}/bin";
};
};
}

10
nixos/enlightenment/home.nix
View File

@ -1,7 +1,11 @@
{ config, pkgs, ... }: {
services = { };
{
config,
pkgs,
...
}: {
services = {};
xsession = { enable = false; };
xsession = {enable = false;};
programs.gnome-terminal = {
enable = true;

9
nixos/enlightenment/system.nix
View File

@ -1,8 +1,11 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.xserver = {
enable = true;
desktopManager.enlightenment.enable = true;
};
users.users.cyryl.packages = with pkgs; [ ];
users.users.cyryl.packages = with pkgs; [];
}

11
nixos/gfx-intel-dri2.nix
View File

@ -1,6 +1,10 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.xserver = {
videoDrivers = [ "intel" ];
videoDrivers = ["intel"];
deviceSection = ''
Option "DRI" "2"
Option "TearFree" "true"
@ -20,8 +24,7 @@
nixpkgs.config = {
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
};
}

11
nixos/gfx-intel.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
services.xserver = { videoDrivers = [ "modesetting" ]; };
{
config,
pkgs,
...
}: {
services.xserver = {videoDrivers = ["modesetting"];};
hardware.opengl = {
enable = true;
@ -14,8 +18,7 @@
nixpkgs.config = {
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
};
}

9
nixos/git/default.nix
View File

@ -1,3 +1,8 @@
{ config, pkgs, lib, ... }: {
home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; };
{
config,
pkgs,
lib,
...
}: {
home-manager.users.cyryl = {...}: {imports = [./home.nix];};
}

18
nixos/git/home.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, inputs, ... }: {
{
config,
pkgs,
inputs,
...
}: {
programs.git = {
enable = true;
lfs.enable = true;
@ -13,7 +18,7 @@
};
extraConfig = {
colour.ui = true;
credential = { helper = "cache"; };
credential = {helper = "cache";};
diff.algorithm = "histogram";
diff.renameLimit = 2048;
diff.renames = "copy";
@ -25,13 +30,10 @@
push.default = "simple";
};
aliases = {
tree =
"log --show-signature --color --decorate --date=short --all --graph -n 3";
newbranch =
"!git checkout master && git fetch -p && git reset --hard origin/master && git checkout -b $2";
tree = "log --show-signature --color --decorate --date=short --all --graph -n 3";
newbranch = "!git checkout master && git fetch -p && git reset --hard origin/master && git checkout -b $2";
head = "log HEAD -n1";
vacuum =
"!git fetch -p && git branch -vv | awk '/: gone]/{print $1}' | xargs -r git branch -D && git gc --aggressive --auto";
vacuum = "!git fetch -p && git branch -vv | awk '/: gone]/{print $1}' | xargs -r git branch -D && git gc --aggressive --auto";
};
};
}

10
nixos/gnome/default.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
imports = [ ./system.nix ];
{
config,
pkgs,
...
}: {
imports = [./system.nix];
home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; };
home-manager.users.cyryl = {...}: {imports = [./home.nix];};
}

12
nixos/gnome/home.nix
View File

@ -1,9 +1,13 @@
{ config, pkgs, ... }: {
services = { };
{
config,
pkgs,
...
}: {
services = {};
xsession = { enable = false; };
xsession = {enable = false;};
home.packages = with pkgs; [ gnome-usage gnome3.gnome-tweaks ];
home.packages = with pkgs; [gnome-usage gnome3.gnome-tweaks];
programs.gnome-terminal = {
enable = true;

9
nixos/gnome/system.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
@ -7,7 +11,7 @@
desktopManager.gnome3.enable = true;
};
services.flatpak.enable = true;
services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.dconf gcr ];
services.dbus.packages = with pkgs; [gnome2.GConf gnome3.dconf gcr];
users.users.cyryl.packages = with pkgs.gnomeExtensions; [
caffeine
clipboard-indicator
@ -15,4 +19,3 @@
gsconnect
];
}

26
nixos/gsconnect.nix
View File

@ -1,10 +1,18 @@
{ config, pkgs, ... }: {
networking.firewall.allowedTCPPortRanges = [{
from = 1716;
to = 1764;
}];
networking.firewall.allowedUDPPortRanges = [{
from = 1716;
to = 1764;
}];
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPortRanges = [
{
from = 1716;
to = 1764;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 1716;
to = 1764;
}
];
}

25
nixos/gui/default.nix
View File

@ -1,13 +1,18 @@
{ config, pkgs, discord, inputs, nixpkgs-nixos-stable-and-unfree
, nixpkgs-nixos-unstable-and-unfree, ... }:
let
{
config,
pkgs,
discord,
inputs,
nixpkgs-nixos-stable-and-unfree,
nixpkgs-nixos-unstable-and-unfree,
...
}: let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
nixpkgs-master = inputs.nixpkgs-master.legacyPackages.${pkgs.system};
in {
security.chromiumSuidSandbox.enable = true;
home-manager.users.cyryl = { ... }: {
home-manager.users.cyryl = {...}: {
gtk = {
enable = true;
iconTheme = {
@ -22,13 +27,13 @@ in {
style.package = pkgs.adwaita-qt;
};
imports = [ ];
imports = [];
programs.chromium.enable = true;
programs.firefox.enable = true;
home.packages = with pkgs;
with pkgs.gnome3;
with pkgs.python38Packages;
with pkgs.gnome3;
with pkgs.python38Packages;
[
anarchism
calibre
@ -76,7 +81,9 @@ in {
yubikey-manager-qt
yubikey-personalization
yubikey-personalization-gui
] ++ [ unstable.gnucash unstable.thunderbird ] ++ [
]
++ [unstable.gnucash unstable.thunderbird]
++ [
nixpkgs-nixos-stable-and-unfree.discord
nixpkgs-nixos-unstable-and-unfree.hopper
];

18
nixos/gui/firejail.nix
View File

@ -1,7 +1,15 @@
{ config, pkgs, lib, ... }: {
home.file.".config/firejail/firefox.profile".text = ''
include ${pkgs.firejail}/etc/firejail/firefox.profile
{
config,
pkgs,
lib,
...
}: {
home.file.".config/firejail/firefox.profile".text =
''
include ${pkgs.firejail}/etc/firejail/firefox.profile
ignore apparmor
ignore noexec '' + "$" + "{HOME}";
ignore apparmor
ignore noexec ''
+ "$"
+ "{HOME}";
}

303
nixos/gui/vscode.nix
View File

@ -1,153 +1,152 @@
{ config, pkgs, ... }: {
home.packages = with pkgs;
[
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions;
[
ms-python.python
(vscode-utils.buildVscodeExtension {
vscodeExtUniqueId = "vadimcn.vscode-lldb";
name = "vadimcn.vscode-lldb-1.6.10";
src = fetchurl {
name = "vadimcn.vscode-lldb.zip";
url =
"https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix";
sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw=";
};
buildInputs = with pkgs; [ llvm lldb python37 autoPatchelfHook ];
})
]
++
vscode-utils.extensionsFromVscodeMarketplace [
{
publisher = "vscodevim";
name = "vim";
version = "1.21.7";
sha256 = "sha256-nCcDafZ2CUhTjVha+6Mjxoil61xMGboO5lajc7dGEJg=";
}
{
publisher = "bbenoist";
name = "nix";
version = "1.0.1";
sha256 = "sha256-qwxqOGublQeVP2qrLF94ndX/Be9oZOn+ZMCFX1yyoH0=";
}
{
publisher = "matklad";
name = "rust-analyzer";
version = "0.3.937";
sha256 = "sha256-aGBFKnntycpgNFdWwxFPVtQ2ryUvFCx7oet9uILiUTY=";
}
{
publisher = "hashicorp";
name = "terraform";
version = "2.19.0";
sha256 = "sha256-k/fcEJuELz0xkwivSrP6Nxtz861BLq1wR2ZDMXVrvkY=";
}
{
publisher = "be5invis";
name = "toml";
version = "0.6.0";
sha256 = "sha256-yk7buEyQIw6aiUizAm+sgalWxUibIuP9crhyBaOjC2E=";
}
{
publisher = "ms-vscode";
name = "cpptools-extension-pack";
version = "1.1.0";
sha256 = "sha256-XKHBwoRXNHIpy7gDR9/xEFdEdB4S0B9L9Jbk53f/Vbc=";
}
{
publisher = "tiehuis";
name = "zig";
version = "0.2.5";
sha256 = "sha256-P8Sep0OtdchTfnudxFNvIK+SW++TyibGVI9zd+B5tu4=";
}
{
publisher = "sjhuangx";
name = "vscode-scheme";
version = "0.4.0";
sha256 = "07vjfymvfv98s5r5a4b5iqhgfz1wpgq2l8h3wlq1bnhhhvmq5pq4";
}
{
publisher = "shaunlebron";
name = "vscode-parinfer";
version = "0.6.2";
sha256 = "0h4v4rnximy6rbh83y4s2qj1cqbj66g9wld39mzd0zwgi6ig9syd";
}
{
publisher = "swyphcosmo";
name = "spellchecker";
version = "1.2.13";
sha256 = "1lr33lf01afgi74c1a9gylk92li4hyq24l8bki4l6ggl4z4c2h3w";
}
{
publisher = "asabil";
name = "meson";
version = "1.1.1";
sha256 = "00cc28a2nb325f54bx51wf5q15x1pmsn0j9z6rnxxqxwii1dm5cl";
}
{
publisher = "codezombiech";
name = "gitignore";
version = "0.6.0";
sha256 = "0gnc0691pwkd9s8ldqabmpfvj0236rw7bxvkf0bvmww32kv1ia0b";
}
{
publisher = "DavidAnson";
name = "vscode-markdownlint";
version = "0.26.0";
sha256 = "0g4pssvajn7d8p2547v7313gjyqx4pzs7cbjws2s3v2fk1sw7vbj";
}
{
publisher = "esbenp";
name = "prettier-vscode";
version = "1.8.1";
sha256 = "0qcm2784n9qc4p77my1kwqrswpji7bp895ay17yzs5g84cj010ln";
}
{
publisher = "hbenl";
name = "vscode-test-explorer";
version = "2.9.3";
sha256 = "1yf85hgvganxq5n5jff9ckn3smxd6xi79cgn6k53qi5w1r5rahy0";
}
{
publisher = "lextudio";
name = "restructuredtext";
version = "106.0.0";
sha256 = "096r8071202nxi1is6z7dghcmpsh0f0mm3mp3cfh1yj2mnyzlaxa";
}
{
publisher = "lostintangent";
name = "vsls-pomodoro";
version = "0.1.0";
sha256 = "1b73zbkhlhacvi18cx4g3n6randy3hw9cab1gkw5gzb3375w7w3p";
}
{
publisher = "lostintangent";
name = "vsls-whiteboard";
version = "0.0.8";
sha256 = "13fcay9bs861msb5y694casbw66dmhl504xm5cvprssx1qka186p";
}
{
publisher = "mechatroner";
name = "rainbow-csv";
version = "1.0.0";
sha256 = "1fyamgm7zq31r3c00cn6pcb66rrkfhwfmp72qnhrajydmnvcnbg6";
}
{
publisher = "ronnidc";
name = "nunjucks";
version = "0.2.3";
sha256 = "119xgyn1dggw2rcqkn2mnz364iw5jlrxg7pcydbijsqj5d3zdfsf";
}
{
publisher = "serayuzgur";
name = "crates";
version = "0.4.2";
sha256 = "1knspsc98cfw4mhc0yaz0f2185sxdf9kn9qsysfs6c82g9wjaqcj";
}
];
})
];
{
config,
pkgs,
...
}: {
home.packages = with pkgs; [
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions;
[
ms-python.python
(vscode-utils.buildVscodeExtension {
vscodeExtUniqueId = "vadimcn.vscode-lldb";
name = "vadimcn.vscode-lldb-1.6.10";
src = fetchurl {
name = "vadimcn.vscode-lldb.zip";
url = "https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix";
sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw=";
};
buildInputs = with pkgs; [llvm lldb python37 autoPatchelfHook];
})
]
++ vscode-utils.extensionsFromVscodeMarketplace [
{
publisher = "vscodevim";
name = "vim";
version = "1.21.7";
sha256 = "sha256-nCcDafZ2CUhTjVha+6Mjxoil61xMGboO5lajc7dGEJg=";
}
{
publisher = "bbenoist";
name = "nix";
version = "1.0.1";
sha256 = "sha256-qwxqOGublQeVP2qrLF94ndX/Be9oZOn+ZMCFX1yyoH0=";
}
{
publisher = "matklad";
name = "rust-analyzer";
version = "0.3.937";
sha256 = "sha256-aGBFKnntycpgNFdWwxFPVtQ2ryUvFCx7oet9uILiUTY=";
}
{
publisher = "hashicorp";
name = "terraform";
version = "2.19.0";
sha256 = "sha256-k/fcEJuELz0xkwivSrP6Nxtz861BLq1wR2ZDMXVrvkY=";
}
{
publisher = "be5invis";
name = "toml";
version = "0.6.0";
sha256 = "sha256-yk7buEyQIw6aiUizAm+sgalWxUibIuP9crhyBaOjC2E=";
}
{
publisher = "ms-vscode";
name = "cpptools-extension-pack";
version = "1.1.0";
sha256 = "sha256-XKHBwoRXNHIpy7gDR9/xEFdEdB4S0B9L9Jbk53f/Vbc=";
}
{
publisher = "tiehuis";
name = "zig";
version = "0.2.5";
sha256 = "sha256-P8Sep0OtdchTfnudxFNvIK+SW++TyibGVI9zd+B5tu4=";
}
{
publisher = "sjhuangx";
name = "vscode-scheme";
version = "0.4.0";
sha256 = "07vjfymvfv98s5r5a4b5iqhgfz1wpgq2l8h3wlq1bnhhhvmq5pq4";
}
{
publisher = "shaunlebron";
name = "vscode-parinfer";
version = "0.6.2";
sha256 = "0h4v4rnximy6rbh83y4s2qj1cqbj66g9wld39mzd0zwgi6ig9syd";
}
{
publisher = "swyphcosmo";
name = "spellchecker";
version = "1.2.13";
sha256 = "1lr33lf01afgi74c1a9gylk92li4hyq24l8bki4l6ggl4z4c2h3w";
}
{
publisher = "asabil";
name = "meson";
version = "1.1.1";
sha256 = "00cc28a2nb325f54bx51wf5q15x1pmsn0j9z6rnxxqxwii1dm5cl";
}
{
publisher = "codezombiech";
name = "gitignore";
version = "0.6.0";
sha256 = "0gnc0691pwkd9s8ldqabmpfvj0236rw7bxvkf0bvmww32kv1ia0b";
}
{
publisher = "DavidAnson";
name = "vscode-markdownlint";
version = "0.26.0";
sha256 = "0g4pssvajn7d8p2547v7313gjyqx4pzs7cbjws2s3v2fk1sw7vbj";
}
{
publisher = "esbenp";
name = "prettier-vscode";
version = "1.8.1";
sha256 = "0qcm2784n9qc4p77my1kwqrswpji7bp895ay17yzs5g84cj010ln";
}
{
publisher = "hbenl";
name = "vscode-test-explorer";
version = "2.9.3";
sha256 = "1yf85hgvganxq5n5jff9ckn3smxd6xi79cgn6k53qi5w1r5rahy0";
}
{
publisher = "lextudio";
name = "restructuredtext";
version = "106.0.0";
sha256 = "096r8071202nxi1is6z7dghcmpsh0f0mm3mp3cfh1yj2mnyzlaxa";
}
{
publisher = "lostintangent";
name = "vsls-pomodoro";
version = "0.1.0";
sha256 = "1b73zbkhlhacvi18cx4g3n6randy3hw9cab1gkw5gzb3375w7w3p";
}
{
publisher = "lostintangent";
name = "vsls-whiteboard";
version = "0.0.8";
sha256 = "13fcay9bs861msb5y694casbw66dmhl504xm5cvprssx1qka186p";
}
{
publisher = "mechatroner";
name = "rainbow-csv";
version = "1.0.0";
sha256 = "1fyamgm7zq31r3c00cn6pcb66rrkfhwfmp72qnhrajydmnvcnbg6";
}
{
publisher = "ronnidc";
name = "nunjucks";
version = "0.2.3";
sha256 = "119xgyn1dggw2rcqkn2mnz364iw5jlrxg7pcydbijsqj5d3zdfsf";
}
{
publisher = "serayuzgur";
name = "crates";
version = "0.4.2";
sha256 = "1knspsc98cfw4mhc0yaz0f2185sxdf9kn9qsysfs6c82g9wjaqcj";
}
];
})
];
}

10
nixos/home-manager/cli.nix
View File

@ -1,4 +1,10 @@
{ config, pkgs, inputs, ... }: {
{
config,
pkgs,
inputs,
system,
...
}: {
home.packages = with pkgs; [
(pass.withExtensions (ext: [
ext.pass-otp
@ -7,6 +13,7 @@
ext.pass-audit
ext.pass-update
]))
inputs.alejandra.packages.${system}.default
age
android-tools
aria
@ -53,6 +60,5 @@
wget
whois
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".youtube-dl
];
}

12
nixos/home-manager/default.nix
View File

@ -1,5 +1,10 @@
{ config, pkgs, inputs, ... }:
let username = "cyryl";
{
config,
pkgs,
inputs,
...
}: let
username = "cyryl";
in {
home.sessionVariables = {
LC_ALL = "en_GB.UTF-8";
@ -9,7 +14,7 @@ in {
news.display = "show";
home.packages = with pkgs; [ ];
home.packages = with pkgs; [];
home.username = username;
home.homeDirectory = "/home/${username}";
@ -30,5 +35,4 @@ in {
./programs/vim.nix
./programs/zsh.nix
];
}

6
nixos/home-manager/links.nix
View File

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
home.file.".config/nixpkgs/config.nix".source = ../shell-config.nix;
home.file.".gdbinit".text = ''
set auto-load python-scripts on

7
nixos/home-manager/linux.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, inputs, ... }: {
{
config,
pkgs,
inputs,
...
}: {
services.gpg-agent = {
enable = true;
pinentryFlavor = "curses";

8
nixos/home-manager/programs.nix
View File

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
programs = {
home-manager.enable = true;
@ -13,7 +15,7 @@
gpg = {
enable = true;
settings = { };
settings = {};
};
taskwarrior.enable = true;

20
nixos/home-manager/programs/alacritty.nix
View File

@ -1,16 +1,22 @@
{ config, pkgs, ... }: {
home.sessionVariables = { TERMINAL = "alacritty"; };
{
config,
pkgs,
...
}: {
home.sessionVariables = {TERMINAL = "alacritty";};
programs.alacritty = {
enable = true;
settings = {
window.decorations = "none";
mouse_bindings = [{
mouse = "Middle";
mode = "~Vi";
action = "None";
}];
mouse_bindings = [
{
mouse = "Middle";
mode = "~Vi";
action = "None";
}
];
scrolling = {
history = 32000;
multiplier = 3;

9
nixos/home-manager/programs/emacs/default.nix
View File

@ -1,3 +1,8 @@
{ config, pkgs, lib, ... }: {
home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; };
{
config,
pkgs,
lib,
...
}: {
home-manager.users.cyryl = {...}: {imports = [./home.nix];};
}

43
nixos/home-manager/programs/emacs/emacs.nix
View File

@ -1,22 +1,25 @@
{ pkgs }:
let
{pkgs}: let
myEmacs = pkgs.emacs-nox;
inherit ((pkgs.emacsPackagesFor myEmacs)) emacsWithPackages;
in emacsWithPackages (epkgs:
(with epkgs.melpaStablePackages; [ ]) ++ (with epkgs.melpaPackages; [
color-theme-sanityinc-solarized
evil
evil-collection
helm
helm-projectile
helm-rg
magit
nix-mode
projectile
xterm-color
]) ++ (with epkgs.elpaPackages; [
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
]) ++ [
pkgs.notmuch # From main packages set
])
in
emacsWithPackages (epkgs:
(with epkgs.melpaStablePackages; [])
++ (with epkgs.melpaPackages; [
color-theme-sanityinc-solarized
evil
evil-collection
helm
helm-projectile
helm-rg
magit
nix-mode
projectile
xterm-color
])
++ (with epkgs.elpaPackages; [
beacon # ; highlight my cursor when scrolling
nameless # ; hide current package name everywhere in elisp code
])
++ [
pkgs.notmuch # From main packages set
])

9
nixos/home-manager/programs/emacs/home.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
home.file.".emacs".text = ''
(require 'package)
@ -31,7 +35,6 @@
'';
programs.emacs = {
enable = true;
package = import ./emacs.nix { inherit pkgs; };
package = import ./emacs.nix {inherit pkgs;};
};
}

38
nixos/home-manager/programs/genpass.nix
View File

@ -1,24 +1,24 @@
{ pkgs ? import <nixpkgs> { } }:
{pkgs ? import <nixpkgs> {}}:
with pkgs;
rustPlatform.buildRustPackage rec {
pname = "genpass";
version = "0.4.1";
rustPlatform.buildRustPackage rec {
pname = "genpass";
version = "0.4.1";
src = fetchFromGitHub {
owner = "cyplo";
repo = pname;
rev = "v" + version;
sha256 = "1b22m7g55k5ry0vwyd8pakh8rmfkhk37qy5r74cn3n5pv3fcwini";
};
src = fetchFromGitHub {
owner = "cyplo";
repo = pname;
rev = "v" + version;
sha256 = "1b22m7g55k5ry0vwyd8pakh8rmfkhk37qy5r74cn3n5pv3fcwini";
};
cargoSha256 = "1p6l64s9smhwka8bh3pamqimamxziad859i62nrmxzqc49nq5s7m";
cargoSha256 = "1p6l64s9smhwka8bh3pamqimamxziad859i62nrmxzqc49nq5s7m";
buildInputs = [ openssl pkgconfig git ];
buildInputs = [openssl pkgconfig git];
meta = with stdenv.lib; {
description = "A simple yet robust commandline random password generator.";
homepage = "https://github.com/cyplo/genpass";
license = licenses.agpl3;
platforms = platforms.all;
};
}
meta = with stdenv.lib; {
description = "A simple yet robust commandline random password generator.";
homepage = "https://github.com/cyplo/genpass";
license = licenses.agpl3;
platforms = platforms.all;
};
}

9
nixos/home-manager/programs/kitty.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
home.sessionVariables = { TERMINAL = "kitty"; };
{
config,
pkgs,
...
}: {
home.sessionVariables = {TERMINAL = "kitty";};
programs.kitty = {
enable = true;
@ -33,7 +37,6 @@
color13 = "#5856b9";
color14 = "#81908f";
color15 = "#fcf4dc";
};
};
}

567
nixos/home-manager/programs/newsboat.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs.newsboat = {
enable = true;
autoReload = true;
@ -16,294 +20,291 @@
color article default default
'';
urls = [
{ url = "https://www.scattered-thoughts.net/atom.xml"; }
{ url = "https://acoup.blog/feed/"; }
{ url = "https://gaymingmag.com/feed/"; }
{ url = "https://blog.benjojo.co.uk/rss.xml"; }
{ url = "https://electronicsdeli.net/feed/"; }
{ url = "https://michael.stapelberg.ch/feed.xml"; }
{ url = "https://blog.nelhage.com/atom.xml"; }
{ url = "https://deninet.com/rss.xml"; }
{ url = "https://berthub.eu/articles/index.xml"; }
{ url = "https://ciko.io/index.xml"; }
{ url = "https://blog.thea.codes/feed.xml"; }
{ url = "https://ambrevar.xyz/atom.xml"; }
{ url = "https://openprivacy.ca/feed/discreet-log.xml"; }
{ url = "https://shealevy.com/blog/index.xml"; }
{ url = "https://oxide.computer/blog/index.xml"; }
{ url = "https://alecmuffett.com/article/tag/essay/feed"; }
{ url = "https://osarch.org/feed/"; }
{ url = "https://fosdem.org/2021/atom.xml"; }
{ url = "https://tailscale.com/blog/index.xml"; }
{ url = "https://nrdxp.dev/feed.xml"; }
{ url = "https://ww.telent.net/news.rss"; }
{ url = "https://guix.gnu.org/feeds/blog.atom"; }
{ url = "https://blog.servo.org/feed.xml"; }
{ url = "https://www.radicalroutes.org.uk/?format=feed&type=atom"; }
{ url = "https://matklad.github.io/feed.xml"; }
{ url = "https://sfconservancy.org/feeds/blog/"; }
{ url = "https://sourcehut.org/blog/index.xml"; }
{url = "https://www.scattered-thoughts.net/atom.xml";}
{url = "https://acoup.blog/feed/";}
{url = "https://gaymingmag.com/feed/";}
{url = "https://blog.benjojo.co.uk/rss.xml";}
{url = "https://electronicsdeli.net/feed/";}
{url = "https://michael.stapelberg.ch/feed.xml";}
{url = "https://blog.nelhage.com/atom.xml";}
{url = "https://deninet.com/rss.xml";}
{url = "https://berthub.eu/articles/index.xml";}
{url = "https://ciko.io/index.xml";}
{url = "https://blog.thea.codes/feed.xml";}
{url = "https://ambrevar.xyz/atom.xml";}
{url = "https://openprivacy.ca/feed/discreet-log.xml";}
{url = "https://shealevy.com/blog/index.xml";}
{url = "https://oxide.computer/blog/index.xml";}
{url = "https://alecmuffett.com/article/tag/essay/feed";}
{url = "https://osarch.org/feed/";}
{url = "https://fosdem.org/2021/atom.xml";}
{url = "https://tailscale.com/blog/index.xml";}
{url = "https://nrdxp.dev/feed.xml";}
{url = "https://ww.telent.net/news.rss";}
{url = "https://guix.gnu.org/feeds/blog.atom";}
{url = "https://blog.servo.org/feed.xml";}
{url = "https://www.radicalroutes.org.uk/?format=feed&type=atom";}
{url = "https://matklad.github.io/feed.xml";}
{url = "https://sfconservancy.org/feeds/blog/";}
{url = "https://sourcehut.org/blog/index.xml";}
{
url =
"https://openwrt.org/feed.php?type=rss&mode=list&sort=date&ns=advisory&linkto=current&content=html";
url = "https://openwrt.org/feed.php?type=rss&mode=list&sort=date&ns=advisory&linkto=current&content=html";
}
{ url = "https://nora.codes/index.xml"; }
{ url = "http://hackedfrompieces.wordpress.com/feed/"; }
{ url = "http://notonlyzeroesandones.site40.net/feed/"; }
{ url = "https://tonyarcieri.com/feed"; }
{ url = "https://www.destroyallsoftware.com/screencasts/feed"; }
{ url = "https://blog.liftsecurity.io/rss"; }
{ url = "http://mightyohm.com/blog/feed/"; }
{ url = "http://feeds.falkvinge.net/Falkvinge-on-Infopolicy"; }
{ url = "http://www.veronicabelmont.com/feed/"; }
{ url = "https://perplexinglyemma.blogspot.com/feeds/posts/default"; }
{ url = "http://www.davecooper.org/blog/feed/"; }
{ url = "http://hackaweek.com/hacks/?feed=rss2"; }
{ url = "https://www.hadean.com/blog/rss.xml"; }
{ url = "http://feeds.feedburner.com/malukah"; }
{ url = "http://jonasdn.blogspot.com/feeds/posts/default"; }
{ url = "https://www.destroyallsoftware.com/blog/index.xml"; }
{ url = "http://metajack.im/"; }
{ url = "https://haskell-at-work.com/feed.xml"; }
{ url = "http://temporal.pr0.pl/devblog/feed/"; }
{ url = "https://superevr.com/blog/feed/"; }
{ url = "http://thejoysofcode.com/rss"; }
{ url = "http://www.rsspect.com/rss/threeps.xml"; }
{ url = "http://brianzawesomeblog.blogspot.com/feeds/posts/default"; }
{ url = "http://ssj3gohan.tweakblogs.net/feed/"; }
{ url = "http://planet.mozilla.org/releng/atom.xml"; }
{ url = "https://grahamc.com/feed/"; }
{ url = "http://www.h-online.com/grand-atom.xml"; }
{ url = "https://jneem.github.io/feed.xml"; }
{ url = "http://blog.opensourceecology.org/feed/"; }
{ url = "http://pepijndevos.nl/atom.xml"; }
{ url = "https://wedistribute.org/feed/"; }
{ url = "http://www.wattnotions.com/feed/"; }
{ url = "https://blondihacks.com/feed/"; }
{ url = "http://ghcarm.wordpress.com/feed/"; }
{ url = "http://blog.tkjelectronics.dk/feed/"; }
{ url = "https://www.circuitlab.com/blog/feed/"; }
{ url = "http://danluu.com/atom.xml"; }
{ url = "http://silverwingedseraph.net/feed"; }
{ url = "http://takbardzozle.blogspot.com/feeds/posts/default"; }
{ url = "https://weekly.nixos.org/feeds/all.rss.xml"; }
{ url = "http://www.hscott.net/feed/"; }
{ url = "http://feeds.feedburner.com/kernelmag?format=xml"; }
{ url = "http://www.malwaretech.com/feeds/posts/default"; }
{ url = "https://nixos.org/blogs.xml"; }
{ url = "http://spaceismore.com/feed/"; }
{ url = "https://blog.cyplo.dev/index.xml"; }
{ url = "https://blog.kobol.io/feed.xml"; }
{ url = "http://blog.ffwll.ch/feeds/posts/default"; }
{ url = "http://blog.pnkfx.org/atom.xml"; }
{ url = "http://metaltronics.wordpress.com/feed/"; }
{ url = "http://ncrmnt.org/wp/feed/"; }
{ url = "http://www.arachnidlabs.com/atom.xml"; }
{ url = "http://blogs.valvesoftware.com/feed/"; }
{ url = "http://billmccloskey.wordpress.com/feed/"; }
{ url = "http://sparkleshare.org/feed/"; }
{ url = "http://osprintingllc.com/feed/"; }
{url = "https://nora.codes/index.xml";}
{url = "http://hackedfrompieces.wordpress.com/feed/";}
{url = "http://notonlyzeroesandones.site40.net/feed/";}
{url = "https://tonyarcieri.com/feed";}
{url = "https://www.destroyallsoftware.com/screencasts/feed";}
{url = "https://blog.liftsecurity.io/rss";}
{url = "http://mightyohm.com/blog/feed/";}
{url = "http://feeds.falkvinge.net/Falkvinge-on-Infopolicy";}
{url = "http://www.veronicabelmont.com/feed/";}
{url = "https://perplexinglyemma.blogspot.com/feeds/posts/default";}
{url = "http://www.davecooper.org/blog/feed/";}
{url = "http://hackaweek.com/hacks/?feed=rss2";}
{url = "https://www.hadean.com/blog/rss.xml";}
{url = "http://feeds.feedburner.com/malukah";}
{url = "http://jonasdn.blogspot.com/feeds/posts/default";}
{url = "https://www.destroyallsoftware.com/blog/index.xml";}
{url = "http://metajack.im/";}
{url = "https://haskell-at-work.com/feed.xml";}
{url = "http://temporal.pr0.pl/devblog/feed/";}
{url = "https://superevr.com/blog/feed/";}
{url = "http://thejoysofcode.com/rss";}
{url = "http://www.rsspect.com/rss/threeps.xml";}
{url = "http://brianzawesomeblog.blogspot.com/feeds/posts/default";}
{url = "http://ssj3gohan.tweakblogs.net/feed/";}
{url = "http://planet.mozilla.org/releng/atom.xml";}
{url = "https://grahamc.com/feed/";}
{url = "http://www.h-online.com/grand-atom.xml";}
{url = "https://jneem.github.io/feed.xml";}
{url = "http://blog.opensourceecology.org/feed/";}
{url = "http://pepijndevos.nl/atom.xml";}
{url = "https://wedistribute.org/feed/";}
{url = "http://www.wattnotions.com/feed/";}
{url = "https://blondihacks.com/feed/";}
{url = "http://ghcarm.wordpress.com/feed/";}
{url = "http://blog.tkjelectronics.dk/feed/";}
{url = "https://www.circuitlab.com/blog/feed/";}
{url = "http://danluu.com/atom.xml";}
{url = "http://silverwingedseraph.net/feed";}
{url = "http://takbardzozle.blogspot.com/feeds/posts/default";}
{url = "https://weekly.nixos.org/feeds/all.rss.xml";}
{url = "http://www.hscott.net/feed/";}
{url = "http://feeds.feedburner.com/kernelmag?format=xml";}
{url = "http://www.malwaretech.com/feeds/posts/default";}
{url = "https://nixos.org/blogs.xml";}
{url = "http://spaceismore.com/feed/";}
{url = "https://blog.cyplo.dev/index.xml";}
{url = "https://blog.kobol.io/feed.xml";}
{url = "http://blog.ffwll.ch/feeds/posts/default";}
{url = "http://blog.pnkfx.org/atom.xml";}
{url = "http://metaltronics.wordpress.com/feed/";}
{url = "http://ncrmnt.org/wp/feed/";}
{url = "http://www.arachnidlabs.com/atom.xml";}
{url = "http://blogs.valvesoftware.com/feed/";}
{url = "http://billmccloskey.wordpress.com/feed/";}
{url = "http://sparkleshare.org/feed/";}
{url = "http://osprintingllc.com/feed/";}
{
url =
"https://forum.openwrt.org/extern.php?action=feed&fid=11&type=rss";
url = "https://forum.openwrt.org/extern.php?action=feed&fid=11&type=rss";
}
{ url = "http://corgibytes.com/feed.xml"; }
{ url = "http://chatolandia.pl/feed/"; }
{ url = "http://niczsoft.com/feed/"; }
{ url = "http://blog.macrofab.net/feed/"; }
{ url = "http://hackaday.com/feed/"; }
{ url = "https://blog.uncensoreddns.org/feeds/atom/all/"; }
{ url = "http://www.paulallenengineering.com/1/feed"; }
{url = "http://corgibytes.com/feed.xml";}
{url = "http://chatolandia.pl/feed/";}
{url = "http://niczsoft.com/feed/";}
{url = "http://blog.macrofab.net/feed/";}
{url = "http://hackaday.com/feed/";}
{url = "https://blog.uncensoreddns.org/feeds/atom/all/";}
{url = "http://www.paulallenengineering.com/1/feed";}
{
url =
"http://komornik.wroclaw.pl/index.php?option=com_rss&feed=RSS2.0&no_html=1";
url = "http://komornik.wroclaw.pl/index.php?option=com_rss&feed=RSS2.0&no_html=1";
}
{ url = "https://rachelbythebay.com/w/atom.xml"; }
{ url = "http://sliptonic.com/feed/"; }
{ url = "http://blog.unsecu.re/feeds/posts/default"; }
{ url = "http://neverworkintheory.org/feed.xml"; }
{ url = "http://kocikocizabci.blogspot.com/feeds/posts/default"; }
{ url = "https://blog.christophersmart.com/feed/"; }
{ url = "http://sarah.thesharps.us/feed/"; }
{ url = "http://explique.me/feed.xml"; }
{ url = "http://www.arcfn.com/feeds/posts/default"; }
{ url = "http://sunrider-vn.com/feed/"; }
{ url = "http://www.wrocnet.org/syndication.axd"; }
{ url = "http://www.goldsborough.me/feed.xml"; }
{ url = "http://blog.tilaa.nl/feeds/posts/default"; }
{ url = "http://latkin.org/blog/index.xml"; }
{ url = "https://ind.ie/blog/rss/index.xml"; }
{ url = "http://spritesmods.com/rss.php"; }
{ url = "http://codeascraft.etsy.com/feed/"; }
{ url = "http://chrisgammell.com/feed/"; }
{ url = "https://www.stellar.org/feed/"; }
{ url = "http://shenzhentrip.blogspot.com/feeds/posts/default"; }
{ url = "https://aphyr.com/posts.atom"; }
{ url = "http://www.latentlaboratories.com/blog?format=RSS"; }
{ url = "http://zentasrobots.com/feed/"; }
{ url = "http://grugq.github.io/atom.xml"; }
{ url = "http://gusclass.com/blog/feed/"; }
{ url = "http://www.devttys0.com/feed/"; }
{ url = "https://www.ruma.io/news/feed.atom"; }
{ url = "http://runawaybrainz.blogspot.com/feeds/posts/default"; }
{ url = "http://blog.ploeh.dk/rss.xml"; }
{ url = "http://lab.whitequark.org/atom.xml"; }
{ url = "http://rroarr.blog.pl/index.rss"; }
{ url = "http://slic3r.org/rss"; }
{ url = "http://feeds.feedburner.com/EmbeddedInAcademia"; }
{ url = "http://mightydevices.com/?feed=rss2"; }
{ url = "http://www.cppwroclaw.pl/dokuwiki/feed.php"; }
{ url = "http://pagekite.net/Blog?rss=1"; }
{ url = "http://iradan.com/?feed=rss2"; }
{ url = "http://tirania.org/blog/miguel.rss2"; }
{ url = "http://the-missing-link-of-agile.com/feed/"; }
{ url = "http://www.kroah.com/log/index.rss"; }
{ url = "http://ebldc.com/?feed=rss2"; }
{ url = "http://codegangsta.io/atom.xml"; }
{ url = "http://intorust.com/feed.xml"; }
{ url = "http://carol-nichols.com/feed.xml"; }
{ url = "http://blogs.msdn.com/b/ericlippert/atom.aspx"; }
{ url = "http://kroah.com/log/index.rss"; }
{ url = "http://quinndunki.com/blondihacks/?feed=rss2"; }
{ url = "http://gerrysweeney.com/feed/"; }
{ url = "http://cybergibbons.com/feed/"; }
{ url = "https://freedom-to-tinker.com/feed/"; }
{ url = "http://sealedabstract.com/feed/"; }
{ url = "http://hermanradtke.com/atom.xml"; }
{ url = "http://feeds.feedburner.com/plainlystated/xtwL?format=xml"; }
{ url = "http://www.mdswanson.com/atom.xml"; }
{ url = "http://feeds.feedburner.com/thegrue"; }
{ url = "https://gergely.imreh.net/blog/feed/"; }
{ url = "http://www.sigrok.org/blog/rss.xml"; }
{ url = "https://thesquareplanet.com/feed.xml"; }
{ url = "http://feedpress.me/inessential"; }
{ url = "http://wheningit.tumblr.com/rss"; }
{ url = "http://b.truzzi.me/?feed=rss2"; }
{ url = "https://blog.conformal.com/feed/"; }
{ url = "http://windytan.blogspot.com/feeds/posts/default"; }
{ url = "http://www.logicalelegance.com/journey/feed/"; }
{ url = "https://www.adafruit.com/blog/feed/"; }
{ url = "https://electronichamsters.wordpress.com/feed/"; }
{ url = "http://security.goatse.fr/feed"; }
{ url = "http://panoptykon.org/rss.xml"; }
{ url = "http://blog.piston.rs/atom.xml"; }
{ url = "http://tenderlovemaking.com/atom.xml"; }
{ url = "http://www.wired.com/threatlevel/feed/"; }
{ url = "http://onethingwell.org/rss"; }
{ url = "http://serialized.net/rss.xml"; }
{ url = "http://aosabook.org/blog/feeds/all.atom.xml"; }
{ url = "http://www.alicegrove.com/rss"; }
{ url = "http://www.konradokonski.com/KWD/feed/"; }
{ url = "http://way-cooler.org/feed.xml"; }
{ url = "http://antygea.blogspot.com/feeds/posts/default"; }
{ url = "http://blog.gameagent.com/feed/"; }
{ url = "http://llogiq.github.io/feed.xml"; }
{ url = "http://lambda-the-ultimate.org/rss.xml"; }
{ url = "https://soldernerd.com/feed/"; }
{ url = "http://www.0xrage.com/?feed=rss2"; }
{ url = "http://www.bitscope.com/blog/feed.xml"; }
{ url = "http://theprofoundprogrammer.com/rss"; }
{ url = "http://essentialscrap.com/rss.xml"; }
{ url = "http://handmade.hackaday.com/feed/"; }
{ url = "http://events.ccc.de/feed/"; }
{ url = "http://www.estechnical.co.uk/blog/latest?format=feed&type=rss"; }
{ url = "http://perso.aquilenet.fr/~sven337/feeds/feed_english.xml"; }
{ url = "http://blog.trailofbits.com/feed/"; }
{ url = "https://michaelwoerister.github.io/feed.xml"; }
{ url = "http://nitschinger.at//index.xml"; }
{ url = "http://lambdaops.com/feed"; }
{ url = "http://simon-says-architecture.com/feed/"; }
{ url = "https://sha2017.org/rss.xml"; }
{ url = "http://www.davidhunt.ie/feed/"; }
{ url = "https://begriffs.com/atom.xml"; }
{ url = "http://dankaminsky.com/feed/"; }
{ url = "http://www.analogzoo.com/feed/"; }
{ url = "http://blog.makezine.com/feed/"; }
{ url = "http://wot.lv/feeds/all.atom.xml"; }
{ url = "http://www.bunniestudios.com/blog/?feed=rss2"; }
{ url = "http://lukelectro.wordpress.com/feed/"; }
{ url = "http://buffered.io/index.xml"; }
{ url = "http://www.yesodweb.com/feed"; }
{ url = "http://lcamtuf.blogspot.com/feeds/posts/default"; }
{ url = "http://feeds.feedburner.com/schneier/fulltext"; }
{ url = "https://simplysecure.org/feed.xml"; }
{ url = "http://maryrosecook.com/blog/feed"; }
{ url = "https://nathanleclaire.com/index.xml"; }
{ url = "http://downingsbasement.com/feed/"; }
{ url = "http://www.pxdojo.net/feeds/posts/default"; }
{ url = "http://fulmicoton.com/atom.xml"; }
{ url = "http://rys.io/en/rss"; }
{ url = "https://rust-embedded.github.io/blog/rss.xml"; }
{ url = "https://pointersgonewild.com/feed/"; }
{ url = "http://blog.cryptographyengineering.com/feeds/posts/default"; }
{ url = "http://www.hardhack.org/feed/"; }
{ url = "http://blog.system76.com/rss"; }
{ url = "https://www.mailpile.is/blog/index.rss"; }
{ url = "https://blog.rustfest.eu/feed.xml"; }
{ url = "http://nullr0ute.com/feed/"; }
{ url = "http://xion.io/feeds/atom.xml"; }
{ url = "http://blog.mozilla.org/nfroyd/feed/"; }
{ url = "http://anniemachon.ch/feed"; }
{ url = "http://befinitiv.wordpress.com/feed/"; }
{ url = "http://www.2600.com/rss.xml"; }
{ url = "http://www.planet-rust.com/atom.xml"; }
{ url = "http://www.elidedbranches.com/feeds/posts/default"; }
{ url = "http://www.eevblog.com/feed/"; }
{ url = "http://www.questionablecontent.net/QCRSS.xml"; }
{ url = "http://davidegironi.blogspot.com/feeds/posts/default"; }
{ url = "http://intorust.com/blog/feed.xml"; }
{ url = "http://londyn.msz.gov.pl/rss/ambasadalondynaktualnosci.xml450"; }
{ url = "http://www.thegamercat.com/feed/"; }
{ url = "http://feeds.feedburner.com/gadgetfactory/zjHC"; }
{ url = "http://embedderslife.wordpress.com/feed/"; }
{ url = "http://blog.ctf365.com/feed/"; }
{ url = "http://owncloud.org/news/feed/"; }
{ url = "http://jreeblog.wordpress.com/feed/"; }
{ url = "http://www.wildcircuits.com/feeds/posts/default"; }
{ url = "http://www.raspberrypi.org/feed"; }
{ url = "https://apollo.open-resource.org/mission:log:feed"; }
{ url = "http://bikerglen.com/blog/feed/"; }
{ url = "http://www.crypto.com/blog/rss20.xml"; }
{ url = "https://www.platymuus.com/feed.xml"; }
{ url = "http://oneweekwonder.blogspot.com/feeds/posts/default"; }
{ url = "https://blog.mozilla.org/thunderbird/feed/"; }
{ url = "https://blog.mozilla.org/research/feed/"; }
{ url = "http://thesignalpath.com/blogs/feed/"; }
{ url = "http://www.daemonology.net/blog/index.rss"; }
{ url = "http://dangerousprototypes.com/feed/"; }
{ url = "https://www.trueos.org/feed/"; }
{ url = "http://nautil.us/rss/all"; }
{ url = "http://blog.computationalcomplexity.org/feeds/posts/default"; }
{ url = "http://blog.humblebundle.com/rss"; }
{ url = "https://copperhead.co/feed.xml"; }
{ url = "http://blog.xamarin.com/feed/"; }
{ url = "http://coreos.com/atom.xml"; }
{ url = "http://lowpowerlab.com/feed/"; }
{ url = "http://feeds.feedburner.com/TheBitBangTheory_en?format=xml"; }
{ url = "http://feeds.feedburner.com/TheLifeOfKenneth"; }
{ url = "http://corporat.blox.pl/rss2"; }
{ url = "http://www.willowgarage.com/news/feed"; }
{ url = "http://nakedsecurity.sophos.com/feed/"; }
{ url = "http://edri.org/feed/"; }
{ url = "https://ruudvanasseldonk.com/feed.xml"; }
{ url = "http://www.lowrisc.org//index.xml"; }
{ url = "http://feeds.feedburner.com/Phoronix"; }
{ url = "http://jvns.ca/atom.xml"; }
{ url = "http://feeds.feedburner.com/steveklabnik/words"; }
{ url = "https://blog.torproject.org/blog/feed"; }
{ url = "http://this-week-in-rust.org/atom.xml"; }
{ url = "http://opensource.com/feed"; }
{ url = "http://blog.elementary.io/rss"; }
{ url = "https://www.insinuator.net/feed/"; }
{ url = "https://www.mapbox.com/blog/blog.rss"; }
{ url = "http://www.harmj0y.net/blog/feed/"; }
{ url = "http://codurance.com/atom.xml"; }
{ url = "https://blog.makersacademy.com/feed"; }
{ url = "https://sensepost.com/rss.xml"; }
{ url = "https://www.evilsocket.net/atom.xml"; }
{ url = "https://krebsonsecurity.com/feed/"; }
{ url = "https://tisiphone.net/feed/"; }
{ url = "https://blog.bastion.rs/feed.xml"; }
{url = "https://rachelbythebay.com/w/atom.xml";}
{url = "http://sliptonic.com/feed/";}
{url = "http://blog.unsecu.re/feeds/posts/default";}
{url = "http://neverworkintheory.org/feed.xml";}
{url = "http://kocikocizabci.blogspot.com/feeds/posts/default";}
{url = "https://blog.christophersmart.com/feed/";}
{url = "http://sarah.thesharps.us/feed/";}
{url = "http://explique.me/feed.xml";}
{url = "http://www.arcfn.com/feeds/posts/default";}
{url = "http://sunrider-vn.com/feed/";}
{url = "http://www.wrocnet.org/syndication.axd";}
{url = "http://www.goldsborough.me/feed.xml";}
{url = "http://blog.tilaa.nl/feeds/posts/default";}
{url = "http://latkin.org/blog/index.xml";}
{url = "https://ind.ie/blog/rss/index.xml";}
{url = "http://spritesmods.com/rss.php";}
{url = "http://codeascraft.etsy.com/feed/";}
{url = "http://chrisgammell.com/feed/";}
{url = "https://www.stellar.org/feed/";}
{url = "http://shenzhentrip.blogspot.com/feeds/posts/default";}
{url = "https://aphyr.com/posts.atom";}
{url = "http://www.latentlaboratories.com/blog?format=RSS";}
{url = "http://zentasrobots.com/feed/";}
{url = "http://grugq.github.io/atom.xml";}
{url = "http://gusclass.com/blog/feed/";}
{url = "http://www.devttys0.com/feed/";}
{url = "https://www.ruma.io/news/feed.atom";}
{url = "http://runawaybrainz.blogspot.com/feeds/posts/default";}
{url = "http://blog.ploeh.dk/rss.xml";}
{url = "http://lab.whitequark.org/atom.xml";}
{url = "http://rroarr.blog.pl/index.rss";}
{url = "http://slic3r.org/rss";}
{url = "http://feeds.feedburner.com/EmbeddedInAcademia";}
{url = "http://mightydevices.com/?feed=rss2";}
{url = "http://www.cppwroclaw.pl/dokuwiki/feed.php";}
{url = "http://pagekite.net/Blog?rss=1";}
{url = "http://iradan.com/?feed=rss2";}
{url = "http://tirania.org/blog/miguel.rss2";}
{url = "http://the-missing-link-of-agile.com/feed/";}
{url = "http://www.kroah.com/log/index.rss";}
{url = "http://ebldc.com/?feed=rss2";}
{url = "http://codegangsta.io/atom.xml";}
{url = "http://intorust.com/feed.xml";}
{url = "http://carol-nichols.com/feed.xml";}
{url = "http://blogs.msdn.com/b/ericlippert/atom.aspx";}
{url = "http://kroah.com/log/index.rss";}
{url = "http://quinndunki.com/blondihacks/?feed=rss2";}
{url = "http://gerrysweeney.com/feed/";}
{url = "http://cybergibbons.com/feed/";}
{url = "https://freedom-to-tinker.com/feed/";}
{url = "http://sealedabstract.com/feed/";}
{url = "http://hermanradtke.com/atom.xml";}
{url = "http://feeds.feedburner.com/plainlystated/xtwL?format=xml";}
{url = "http://www.mdswanson.com/atom.xml";}
{url = "http://feeds.feedburner.com/thegrue";}
{url = "https://gergely.imreh.net/blog/feed/";}
{url = "http://www.sigrok.org/blog/rss.xml";}
{url = "https://thesquareplanet.com/feed.xml";}
{url = "http://feedpress.me/inessential";}
{url = "http://wheningit.tumblr.com/rss";}
{url = "http://b.truzzi.me/?feed=rss2";}
{url = "https://blog.conformal.com/feed/";}
{url = "http://windytan.blogspot.com/feeds/posts/default";}
{url = "http://www.logicalelegance.com/journey/feed/";}
{url = "https://www.adafruit.com/blog/feed/";}
{url = "https://electronichamsters.wordpress.com/feed/";}
{url = "http://security.goatse.fr/feed";}
{url = "http://panoptykon.org/rss.xml";}
{url = "http://blog.piston.rs/atom.xml";}
{url = "http://tenderlovemaking.com/atom.xml";}
{url = "http://www.wired.com/threatlevel/feed/";}
{url = "http://onethingwell.org/rss";}
{url = "http://serialized.net/rss.xml";}
{url = "http://aosabook.org/blog/feeds/all.atom.xml";}
{url = "http://www.alicegrove.com/rss";}
{url = "http://www.konradokonski.com/KWD/feed/";}
{url = "http://way-cooler.org/feed.xml";}
{url = "http://antygea.blogspot.com/feeds/posts/default";}
{url = "http://blog.gameagent.com/feed/";}
{url = "http://llogiq.github.io/feed.xml";}
{url = "http://lambda-the-ultimate.org/rss.xml";}
{url = "https://soldernerd.com/feed/";}
{url = "http://www.0xrage.com/?feed=rss2";}
{url = "http://www.bitscope.com/blog/feed.xml";}
{url = "http://theprofoundprogrammer.com/rss";}
{url = "http://essentialscrap.com/rss.xml";}
{url = "http://handmade.hackaday.com/feed/";}
{url = "http://events.ccc.de/feed/";}
{url = "http://www.estechnical.co.uk/blog/latest?format=feed&type=rss";}
{url = "http://perso.aquilenet.fr/~sven337/feeds/feed_english.xml";}
{url = "http://blog.trailofbits.com/feed/";}
{url = "https://michaelwoerister.github.io/feed.xml";}
{url = "http://nitschinger.at//index.xml";}
{url = "http://lambdaops.com/feed";}
{url = "http://simon-says-architecture.com/feed/";}
{url = "https://sha2017.org/rss.xml";}
{url = "http://www.davidhunt.ie/feed/";}
{url = "https://begriffs.com/atom.xml";}
{url = "http://dankaminsky.com/feed/";}
{url = "http://www.analogzoo.com/feed/";}
{url = "http://blog.makezine.com/feed/";}
{url = "http://wot.lv/feeds/all.atom.xml";}
{url = "http://www.bunniestudios.com/blog/?feed=rss2";}
{url = "http://lukelectro.wordpress.com/feed/";}
{url = "http://buffered.io/index.xml";}
{url = "http://www.yesodweb.com/feed";}
{url = "http://lcamtuf.blogspot.com/feeds/posts/default";}
{url = "http://feeds.feedburner.com/schneier/fulltext";}
{url = "https://simplysecure.org/feed.xml";}
{url = "http://maryrosecook.com/blog/feed";}
{url = "https://nathanleclaire.com/index.xml";}
{url = "http://downingsbasement.com/feed/";}
{url = "http://www.pxdojo.net/feeds/posts/default";}
{url = "http://fulmicoton.com/atom.xml";}
{url = "http://rys.io/en/rss";}
{url = "https://rust-embedded.github.io/blog/rss.xml";}
{url = "https://pointersgonewild.com/feed/";}
{url = "http://blog.cryptographyengineering.com/feeds/posts/default";}
{url = "http://www.hardhack.org/feed/";}
{url = "http://blog.system76.com/rss";}
{url = "https://www.mailpile.is/blog/index.rss";}
{url = "https://blog.rustfest.eu/feed.xml";}
{url = "http://nullr0ute.com/feed/";}
{url = "http://xion.io/feeds/atom.xml";}
{url = "http://blog.mozilla.org/nfroyd/feed/";}
{url = "http://anniemachon.ch/feed";}
{url = "http://befinitiv.wordpress.com/feed/";}
{url = "http://www.2600.com/rss.xml";}
{url = "http://www.planet-rust.com/atom.xml";}
{url = "http://www.elidedbranches.com/feeds/posts/default";}
{url = "http://www.eevblog.com/feed/";}
{url = "http://www.questionablecontent.net/QCRSS.xml";}
{url = "http://davidegironi.blogspot.com/feeds/posts/default";}
{url = "http://intorust.com/blog/feed.xml";}
{url = "http://londyn.msz.gov.pl/rss/ambasadalondynaktualnosci.xml450";}
{url = "http://www.thegamercat.com/feed/";}
{url = "http://feeds.feedburner.com/gadgetfactory/zjHC";}
{url = "http://embedderslife.wordpress.com/feed/";}
{url = "http://blog.ctf365.com/feed/";}
{url = "http://owncloud.org/news/feed/";}
{url = "http://jreeblog.wordpress.com/feed/";}
{url = "http://www.wildcircuits.com/feeds/posts/default";}
{url = "http://www.raspberrypi.org/feed";}
{url = "https://apollo.open-resource.org/mission:log:feed";}
{url = "http://bikerglen.com/blog/feed/";}
{url = "http://www.crypto.com/blog/rss20.xml";}
{url = "https://www.platymuus.com/feed.xml";}
{url = "http://oneweekwonder.blogspot.com/feeds/posts/default";}
{url = "https://blog.mozilla.org/thunderbird/feed/";}
{url = "https://blog.mozilla.org/research/feed/";}
{url = "http://thesignalpath.com/blogs/feed/";}
{url = "http://www.daemonology.net/blog/index.rss";}
{url = "http://dangerousprototypes.com/feed/";}
{url = "https://www.trueos.org/feed/";}
{url = "http://nautil.us/rss/all";}
{url = "http://blog.computationalcomplexity.org/feeds/posts/default";}
{url = "http://blog.humblebundle.com/rss";}
{url = "https://copperhead.co/feed.xml";}
{url = "http://blog.xamarin.com/feed/";}
{url = "http://coreos.com/atom.xml";}
{url = "http://lowpowerlab.com/feed/";}
{url = "http://feeds.feedburner.com/TheBitBangTheory_en?format=xml";}
{url = "http://feeds.feedburner.com/TheLifeOfKenneth";}
{url = "http://corporat.blox.pl/rss2";}
{url = "http://www.willowgarage.com/news/feed";}
{url = "http://nakedsecurity.sophos.com/feed/";}
{url = "http://edri.org/feed/";}
{url = "https://ruudvanasseldonk.com/feed.xml";}
{url = "http://www.lowrisc.org//index.xml";}
{url = "http://feeds.feedburner.com/Phoronix";}
{url = "http://jvns.ca/atom.xml";}
{url = "http://feeds.feedburner.com/steveklabnik/words";}
{url = "https://blog.torproject.org/blog/feed";}
{url = "http://this-week-in-rust.org/atom.xml";}
{url = "http://opensource.com/feed";}
{url = "http://blog.elementary.io/rss";}
{url = "https://www.insinuator.net/feed/";}
{url = "https://www.mapbox.com/blog/blog.rss";}
{url = "http://www.harmj0y.net/blog/feed/";}
{url = "http://codurance.com/atom.xml";}
{url = "https://blog.makersacademy.com/feed";}
{url = "https://sensepost.com/rss.xml";}
{url = "https://www.evilsocket.net/atom.xml";}
{url = "https://krebsonsecurity.com/feed/";}
{url = "https://tisiphone.net/feed/";}
{url = "https://blog.bastion.rs/feed.xml";}
];
};
}

8
nixos/home-manager/programs/ssh.nix
View File

@ -1,7 +1,9 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs.ssh.extraConfig = ''
StrictHostKeyChecking=accept-new
'';
}

8
nixos/home-manager/programs/termite.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
home.sessionVariables = { TERMINAL = "termite"; };
{
config,
pkgs,
...
}: {
home.sessionVariables = {TERMINAL = "termite";};
programs.termite = {
enable = true;
allowBold = true;

6
nixos/home-manager/programs/tmux.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs.tmux = {
enable = true;
shortcut = "a";

121
nixos/home-manager/programs/vim.nix
View File

@ -1,12 +1,18 @@
{ config, pkgs, lib, inputs, system, ... }:
let
{
config,
pkgs,
lib,
inputs,
system,
...
}: let
unstablePackages = inputs.nixpkgs-nixos-unstable.legacyPackages."${system}";
nil = inputs.nil.packages."${system}".default;
cocPackage = unstablePackages.vimPlugins.coc-nvim;
nvimPackage = unstablePackages.neovim-unwrapped;
in {
home.file.".vimrc".source = ../../../.vimrc;
home.packages = with pkgs; [ ripgrep ];
home.packages = with pkgs; [ripgrep];
programs.neovim = {
enable = true;
package = nvimPackage;
@ -22,12 +28,11 @@ in {
languageserver = {
nix = {
command = "${nil}/bin/nil";
rootPatterns = [ "flake.nix" ];
filetypes = [ "nix" ];
rootPatterns = ["flake.nix"];
filetypes = ["nix"];
};
};
};
};
viAlias = true;
vimAlias = true;
@ -37,58 +42,58 @@ in {
withRuby = true;
plugins = with pkgs;
with pkgs.vimPlugins; [
(vimUtils.buildVimPluginFrom2Nix rec {
pname = "vim-tada";
version = "2022-04-22";
src = fetchFromGitHub {
owner = "dewyze";
repo = pname;
rev = "acfda7229fc487ee6da44650164cb770d1cc608c";
sha256 = "sha256-9kvLbzrVjtBTjbXmhJ7JTggXgFvGVF7sc2YiVW9fUGY=";
};
})
(vimUtils.buildVimPluginFrom2Nix rec {
pname = "srht.vim";
version = "2022-01-04";
src = fetchFromSourcehut {
owner = "~willdurand";
repo = pname;
rev = "825e685f75464cbd41a5f8eded974e46f416355e";
sha256 = "sha256-9/Yeqmq/1ZIIsEgsrLLZ7o0cjOt/wlUgeLEzJoK7eco=";
};
})
ack-vim
coc-go
coc-highlight
coc-rust-analyzer
coc-yaml
committia-vim
ctrlp-vim
editorconfig-vim
fzf-vim
lsp-colors-nvim
nvim-tree-lua
nvim-web-devicons
quickfix-reflector-vim
rainbow
tabular
vim-airline
vim-airline-themes
vim-autoformat
vim-colors-solarized
vim-devicons
vim-dirdiff
vim-dispatch
vim-fugitive
vim-gitgutter
vim-markdown
vim-nix
vim-sensible
vim-startify
vim-surround
vim-toml
];
with pkgs.vimPlugins; [
(vimUtils.buildVimPluginFrom2Nix rec {
pname = "vim-tada";
version = "2022-04-22";
src = fetchFromGitHub {
owner = "dewyze";
repo = pname;
rev = "acfda7229fc487ee6da44650164cb770d1cc608c";
sha256 = "sha256-9kvLbzrVjtBTjbXmhJ7JTggXgFvGVF7sc2YiVW9fUGY=";
};
})
(vimUtils.buildVimPluginFrom2Nix rec {
pname = "srht.vim";
version = "2022-01-04";
src = fetchFromSourcehut {
owner = "~willdurand";
repo = pname;
rev = "825e685f75464cbd41a5f8eded974e46f416355e";
sha256 = "sha256-9/Yeqmq/1ZIIsEgsrLLZ7o0cjOt/wlUgeLEzJoK7eco=";
};
})
ack-vim
coc-go
coc-highlight
coc-rust-analyzer
coc-yaml
committia-vim
ctrlp-vim
editorconfig-vim
fzf-vim
lsp-colors-nvim
nvim-tree-lua
nvim-web-devicons
quickfix-reflector-vim
rainbow
tabular
vim-airline
vim-airline-themes
vim-autoformat
vim-colors-solarized
vim-devicons
vim-dirdiff
vim-dispatch
vim-fugitive
vim-gitgutter
vim-markdown
vim-nix
vim-sensible
vim-startify
vim-surround
vim-toml
];
extraConfig = ''
if filereadable($HOME . "/.vimrc")
source $HOME/.vimrc

10
nixos/home-manager/programs/zsh.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs.zsh = {
enable = true;
history = {
@ -14,7 +18,7 @@
oh-my-zsh = {
enable = true;
plugins = [ "vi-mode" "git" "python" "history-substring-search" "tmux" ];
plugins = ["vi-mode" "git" "python" "history-substring-search" "tmux"];
};
initExtra = ''
@ -65,7 +69,7 @@
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv = { enable = true; };
nix-direnv = {enable = true;};
};
home.file.".config/starship.toml".text = ''

6
nixos/home-manager/scripts.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
imports = [
./scripts/mount-vault.nix
./scripts/umount-vault.nix

12
nixos/home-manager/scripts/download.nix
View File

@ -1,11 +1,11 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
download = pkgs.writeShellScriptBin "download" ''
${pkgs.aria}/bin/aria2c -x 16 -s 16 $@
'';
in {
home.packages = with pkgs; [ download ];
home.packages = with pkgs; [download];
}

12
nixos/home-manager/scripts/mount-vault.nix
View File

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
mount-vault = pkgs.writeTextFile {
name = "mount-vault";
executable = true;
@ -49,8 +51,6 @@ let
fi
'';
};
in {
home.packages = with pkgs; [ mount-vault ];
home.packages = with pkgs; [mount-vault];
}

11
nixos/home-manager/scripts/umount-vault.nix
View File

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
umount-vault = pkgs.writeTextFile {
name = "umount-vault";
executable = true;
@ -16,5 +18,4 @@ let
$VERACRYPT -t -d
'';
};
in { home.packages = with pkgs; [ umount-vault ]; }
in {home.packages = with pkgs; [umount-vault];}

19
nixos/i3/autorandr.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.autorandr.enable = true;
home-manager.users.cyryl = _: {
programs.autorandr = {
@ -23,15 +27,12 @@
};
profiles = {
"foureighty-docked" = {
fingerprint = {
eDP1 =
"00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060";
DP1 =
"00ffffffffffff0026cd4e66f3030000271d0104b53c22783ef6d5a7544b9e250d5054bfef80714f8140818081c09500b300d1c001014dd000a0f0703e8030203500544f2100001a000000ff0031313636333933393031303131000000fd00184c1fa03c000a202020202020000000fc00504c3237393255480a202020200176020320f15390050403020716011f121314201511065d5e5f2309070783010000023a801871382d40582c4500544f2100001f011d8018711c1620582c2500544f2100009fa76600a0f0701f8030205500544f2100001ff45100a0f070198030203500544f2100001f565e00a0a0a0295030203500544f2100001b000000000059";
eDP1 = "00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060";
DP1 = "00ffffffffffff0026cd4e66f3030000271d0104b53c22783ef6d5a7544b9e250d5054bfef80714f8140818081c09500b300d1c001014dd000a0f0703e8030203500544f2100001a000000ff0031313636333933393031303131000000fd00184c1fa03c000a202020202020000000fc00504c3237393255480a202020200176020320f15390050403020716011f121314201511065d5e5f2309070783010000023a801871382d40582c4500544f2100001f011d8018711c1620582c2500544f2100009fa76600a0f0701f8030205500544f2100001ff45100a0f070198030203500544f2100001f565e00a0a0a0295030203500544f2100001b000000000059";
};
config = {
eDP1 = { enable = false; };
eDP1 = {enable = false;};
DP1 = {
enable = true;
primary = true;
@ -42,8 +43,7 @@
};
"foureighty" = {
fingerprint = {
eDP1 =
"00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060";
eDP1 = "00ffffffffffff0030e4ee0500000000001c0104a51f1178e272e5a15148a2280e505400000001010101010101010101010101010101695e00a0a0a029503020a50035ae1000001a000000000000000000000000000000000000000000fe004c4720446973706c61790a2020000000fe004c503134305148322d535044310060";
};
config = {
eDP1 = {
@ -57,5 +57,4 @@
};
};
};
}

44
nixos/i3/default.nix
View File

@ -1,28 +1,36 @@
{ config, pkgs, ... }: {
imports = [ ./autorandr.nix ./openweathermap-secrets.nix ];
environment.systemPackages = with pkgs; [ dconf ];
{
config,
pkgs,
...
}: {
imports = [./autorandr.nix ./openweathermap-secrets.nix];
environment.systemPackages = with pkgs; [dconf];
programs.dconf.enable = true;
security.sudo.extraRules = [
{
users = [ "cyryl" ];
commands = [{
command = "${pkgs.i3}/bin/i3-msg";
options = [ "NOPASSWD" ];
}];
users = ["cyryl"];
commands = [
{
command = "${pkgs.i3}/bin/i3-msg";
options = ["NOPASSWD"];
}
];
}
{
users = [ "cyryl" ];
commands = [{
command = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top";
options = [ "NOPASSWD" ];
}];
users = ["cyryl"];
commands = [
{
command = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top";
options = ["NOPASSWD"];
}
];
}
];
xdg.portal = {
enable = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-kde ];
extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-kde];
};
services = {
@ -31,7 +39,7 @@
allowAnyUser = true;
};
dbus = { packages = with pkgs; [ gnome2.GConf dconf ]; };
dbus = {packages = with pkgs; [gnome2.GConf dconf];};
fractalart.enable = true;
colord.enable = true;
@ -41,8 +49,8 @@
enableHidpi = true;
};
};
home-manager.users.cyryl = { ... }: {
imports = [ ./home.nix ];
home.packages = with pkgs; [ ];
home-manager.users.cyryl = {...}: {
imports = [./home.nix];
home.packages = with pkgs; [];
};
}

6
nixos/i3/dunst.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.dunst = {
enable = true;
settings = {

15
nixos/i3/grobi.nix
View File

@ -1,6 +1,9 @@
{ config, pkgs, ... }: {
home.packages = with pkgs; [ grobi ];
{
config,
pkgs,
...
}: {
home.packages = with pkgs; [grobi];
services.grobi = {
enable = true;
executeAfter = [
@ -10,7 +13,7 @@
rules = [
{
name = "foureighty-docked";
outputs_connected = [ "eDP1" "DP1" ];
outputs_connected = ["eDP1" "DP1"];
configure_single = "DP1";
execute_after = [
"${pkgs.xorg.xrandr}/bin/xrandr --dpi 192"
@ -19,7 +22,7 @@
}
{
name = "foureighty";
outputs_connected = [ "eDP1-AUO-9014-0--" ];
outputs_connected = ["eDP1-AUO-9014-0--"];
configure_single = "eDP1";
execute_after = [
"${pkgs.xorg.xrandr}/bin/xrandr --dpi 144"
@ -28,7 +31,7 @@
}
{
name = "skinnyv";
outputs_connected = [ "eDP1-AUO-8493-0--" ];
outputs_connected = ["eDP1-AUO-8493-0--"];
configure_single = "eDP1";
execute_after = [
"${pkgs.xorg.xrandr}/bin/xrandr --dpi 120"

16
nixos/i3/home.nix
View File

@ -1,8 +1,11 @@
{ config, pkgs, ... }: {
imports =
[ ./i3.nix ./i3status-rust.nix ./dunst.nix ./rofi.nix ./xidlehook.nix ];
{
config,
pkgs,
...
}: {
imports = [./i3.nix ./i3status-rust.nix ./dunst.nix ./rofi.nix ./xidlehook.nix];
home.sessionVariables = { CM_LAUNCHER = "rofi"; };
home.sessionVariables = {CM_LAUNCHER = "rofi";};
services = {
picom = {
@ -13,7 +16,7 @@
pasystray.enable = true;
gnome-keyring = {
enable = true;
components = [ "pkcs11" "secrets" "ssh" ];
components = ["pkcs11" "secrets" "ssh"];
};
};
@ -26,6 +29,5 @@
longitude = -1.0;
};
xsession = { enable = true; };
xsession = {enable = true;};
}

13
nixos/i3/i3-status.nix
View File

@ -1,12 +1,16 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs.i3status = {
enable = true;
enableDefault = false;
modules = {
"load" = { position = 1; };
"load" = {position = 1;};
"disk /" = {
position = 2;
settings = { format = " %avail"; };
settings = {format = " %avail";};
};
"memory" = {
settings = {
@ -27,10 +31,9 @@
position = 3;
};
"time" = {
settings = { format = "%a %d/%m %H:%M"; };
settings = {format = "%a %d/%m %H:%M";};
position = 9;
};
};
};
}

64
nixos/i3/i3.nix
View File

@ -1,7 +1,11 @@
{ config, pkgs, ... }:
let mod = "Mod4";
{
config,
pkgs,
...
}: let
mod = "Mod4";
in {
home.packages = with pkgs; [ font-awesome intel-gpu-tools ];
home.packages = with pkgs; [font-awesome intel-gpu-tools];
xsession.windowManager.i3 = {
enable = true;
@ -23,8 +27,7 @@ in {
notification = false;
}
{
command =
"exec xdg-mime default org.gnome.Evince.desktop application/pdf";
command = "exec xdg-mime default org.gnome.Evince.desktop application/pdf";
always = false;
notification = false;
}
@ -42,19 +45,20 @@ in {
};
workspaceLayout = "tabbed";
bars = [{
statusCommand =
"${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-top.toml";
position = "top";
colors.background = "#001e26";
colors.statusline = "#708183";
fonts = {
names = [ "Berkeley Mono" "Font Awesome 6 Free" ];
size = 10.0;
};
bars = [
{
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-top.toml";
position = "top";
colors.background = "#001e26";
colors.statusline = "#708183";
fonts = {
names = ["Berkeley Mono" "Font Awesome 6 Free"];
size = 10.0;
};
trayOutput = "primary";
}];
trayOutput = "primary";
}
];
modifier = mod;
keybindings = {
@ -65,25 +69,17 @@ in {
"${mod}+Shift+l" = "exec physlock -d";
"${mod}+Return" = "exec i3-sensible-terminal";
"XF86AudioRaiseVolume" =
"exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" =
"exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" =
"exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" =
"exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86AudioRaiseVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessUp" =
"exec light -s sysfs/backlight/intel_backlight -A 5";
"XF86MonBrightnessDown" =
"exec light -s sysfs/backlight/intel_backlight -U 5";
"XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5";
"XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5";
"Print" =
"exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i";
"Print" = "exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i";
"${mod}+r" =
"exec ${pkgs.rofi}/bin/rofi -show combi -combi-modi window#run#ssh -modi combi";
"${mod}+r" = "exec ${pkgs.rofi}/bin/rofi -show combi -combi-modi window#run#ssh -modi combi";
"${mod}+c" = "exec ${pkgs.clipmenu}/bin/clipmenu";
"${mod}+q" = "kill";
"${mod}+f" = "fullscreen toggle";
@ -120,8 +116,6 @@ in {
"${mod}+Ctrl+Up" = "move workspace to output up";
"${mod}+Ctrl+Down" = "move workspace to output down";
};
};
};
}

7
nixos/i3/i3status-rust.nix
View File

@ -1,5 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs.i3status-rust = {
enable = true;
bars = {

8
nixos/i3/openweathermap-secrets.nix
View File

@ -1,11 +1,13 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
sops.secrets.openweathermap-api-key = {
inherit (config.users.users.cyryl) group;
mode = "0440";
owner = config.users.users.cyryl.name;
sopsFile = ./openweathermap.sops.yaml;
};
home-manager.users.cyryl = { home.sessionVariables = { }; };
home-manager.users.cyryl = {home.sessionVariables = {};};
}

18
nixos/i3/polybar/polybar.nix
View File

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.polybar = {
enable = true;
script = "polybar -r main_bar &";
@ -10,7 +14,7 @@
githubSupport = true;
};
config = {
"settings" = { screenchange-reload = "true"; };
"settings" = {screenchange-reload = "true";};
"bar/main_bar" = {
font-0 = "DejaVu Sans Mono for Powerline:size=12.0;weight=bold";
font-1 = "Weather Icons:size=12;0";
@ -40,12 +44,11 @@
"module/weather" = {
type = "custom/script";
interval = 600;
exec =
"${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/openweathermap-fullfeatured.sh'";
exec = "${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/openweathermap-fullfeatured.sh'";
label-font = 2;
};
"module/i3" = { type = "internal/i3"; };
"module/i3" = {type = "internal/i3";};
"module/cpu" = {
type = "internal/cpu";
@ -56,8 +59,7 @@
"module/temperature" = {
type = "custom/script";
interval = 5;
exec =
"${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/cpu-temp.sh'";
exec = "${pkgs.bash}/bin/bash -c 'source ~/dev/dotfiles/nixos/i3/polybar/cpu-temp.sh'";
};
"module/memory" = {
@ -89,8 +91,6 @@
format-discharging = "<label-discharging>";
label-discharging = "%time%";
};
};
};
}

6
nixos/i3/rofi.nix
View File

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
programs.rofi = {
enable = true;
font = "Berkeley Mono 16";

10
nixos/i3/xidlehook.nix
View File

@ -1,11 +1,14 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.xidlehook = {
enable = true;
not-when-audio = true;
not-when-fullscreen = true;
environment = {
"PRIMARY_DISPLAY" =
"$(${pkgs.xorg.xrandr}/bin/xrandr | awk '/ primary/{print $1}')";
"PRIMARY_DISPLAY" = "$(${pkgs.xorg.xrandr}/bin/xrandr | awk '/ primary/{print $1}')";
};
timers = [
{
@ -24,6 +27,5 @@
''}";
}
];
};
}

Some files were not shown because too many files have changed in this diff Show More