cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reformat all files using alejandra

Browse source
This commit is contained in:
Cyryl Płotnicki 2023-08-13 17:00:41 +01:00
parent d9543e17a4
commit df4d72c06e
74 changed files with 1351 additions and 972 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

383
flake.nix
View file

@ -1,198 +1,211 @@
{ {
description = "NixOS configuration with flakes"; description = "NixOS configuration with flakes";
outputs = { self, flake-utils, flake-compat, home-manager outputs = {
, nixpkgs-nixos-unstable, nixpkgs-master, nixpkgs-stable, darwin self,
, nixos-hardware, nur, sops, nil, helix, alejandra, nixpkgs-rust-analyzer flake-utils,
, endless-sky, disko }@inputs: flake-compat,
let home-manager,
mkServer = pkgs: system: hostname: nixpkgs-nixos-unstable,
pkgs.lib.nixosSystem { nixpkgs-master,
inherit system; nixpkgs-stable,
modules = [ darwin,
(./. + "/nixos/boxes/${hostname}") nixos-hardware,
(import ./nixos/server-common.nix) nur,
sops.nixosModules.sops sops,
disko.nixosModules.disko nil,
]; helix,
specialArgs = { inherit inputs system; }; alejandra,
}; nixpkgs-rust-analyzer,
mkRaspi = pkgs: hostname: endless-sky,
pkgs.lib.nixosSystem { disko,
system = "aarch64-linux"; } @ inputs: let
modules = [ (./. + "/nixos/boxes/${hostname}") mkServer = pkgs: system: hostname:
sops.nixosModules.sops pkgs.lib.nixosSystem {
]; inherit system;
specialArgs = { inherit inputs; }; modules = [
}; (./. + "/nixos/boxes/${hostname}")
mkKiosk = pkgs: system: hostname: (import ./nixos/server-common.nix)
pkgs.lib.nixosSystem { sops.nixosModules.sops
inherit system; disko.nixosModules.disko
modules = [ ];
(./. + "/nixos/boxes/${hostname}") specialArgs = {inherit inputs system;};
(import ./nixos/common.nix)
sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports =
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = { allowUnfree = true; };
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = { allowUnfree = true; };
};
};
};
mkWorkstation = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/email-accounts.nix)
(import ./nixos/common.nix)
sops.nixosModules.sops
disko.nixosModules.disko
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports =
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = { allowUnfree = true; };
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = { allowUnfree = true; };
};
};
};
mkShell = packageSet: system:
let pkgs = packageSet.legacyPackages.${system};
in pkgs.mkShell {
packages = with pkgs; [
inputs.alejandra.defaultPackage.${system}
cacert
git
git-lfs
nixpkgs-fmt
openssh
openssl
pkg-config
statix
];
};
in {
devShells = {
"x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
}; };
darwinConfigurations = { mkRaspi = pkgs: hostname:
"FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec { pkgs.lib.nixosSystem {
system = "x86_64-darwin"; system = "aarch64-linux";
modules = [ modules = [
(./. + "/nixos/boxes/form3") (./. + "/nixos/boxes/${hostname}")
home-manager.darwinModules.home-manager sops.nixosModules.sops
{ ];
home-manager.useGlobalPkgs = true; specialArgs = {inherit inputs;};
home-manager.useUserPackages = true; };
home-manager.users.cyryl = { mkKiosk = pkgs: system: hostname:
imports = [ ./nixos/home-manager ]; pkgs.lib.nixosSystem {
_module.args.inputs = inputs; inherit system;
_module.args.system = system; modules = [
}; (./. + "/nixos/boxes/${hostname}")
} (import ./nixos/common.nix)
]; sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = {allowUnfree = true;};
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = {allowUnfree = true;};
};
}; };
}; };
mkWorkstation = pkgs: system: hostname:
nixosConfigurations = { pkgs.lib.nixosSystem {
foryog = mkWorkstation nixpkgs-stable "x86_64-linux" "foryog"; inherit system;
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; modules = [
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; (./. + "/nixos/boxes/${hostname}")
vpsfree1 = mkServer nixpkgs-stable"x86_64-linux" "vpsfree1"; (import ./nixos/email-accounts.nix)
mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1"; (import ./nixos/common.nix)
homescreen = mkRaspi nixpkgs-stable "homescreen"; sops.nixosModules.sops
disko.nixosModules.disko
bootstrap = nixpkgs-stable.lib.nixosSystem rec { home-manager.nixosModules.home-manager
system = "x86_64-linux"; {
modules = [ (./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops ]; home-manager.useGlobalPkgs = true;
specialArgs = { home-manager.useUserPackages = true;
inherit inputs system; home-manager.users.cyryl = {
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
inherit system; _module.args.inputs = inputs;
config = { allowUnfree = true; }; _module.args.system = system;
}; };
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = {allowUnfree = true;};
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = {allowUnfree = true;};
}; };
}; };
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage };
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress mkShell = packageSet: system: let
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes pkgs = packageSet.legacyPackages.${system};
raspiimage = nixpkgs-stable.lib.nixosSystem { in
system = "aarch64-linux"; pkgs.mkShell {
modules = [ packages = with pkgs; [
(import inputs.alejandra.defaultPackage.${system}
"${inputs.nixpkgs-stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") cacert
{ git
environment.systemPackages = git-lfs
with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [ nixpkgs-fmt
neovim openssh
htop openssl
btop pkg-config
atop statix
]; ];
};
networking.networkmanager.enable = false; in {
hardware.enableRedistributableFirmware = true; devShells = {
networking.wireless.enable = true; "x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
services.openssh = { };
enable = true; darwinConfigurations = {
permitRootLogin = "FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec {
nixpkgs-stable.lib.mkForce "prohibit-password"; system = "x86_64-darwin";
passwordAuthentication = false; modules = [
}; (./. + "/nixos/boxes/form3")
home-manager.darwinModules.home-manager
services.xserver = { {
enable = true; home-manager.useGlobalPkgs = true;
displayManager.lightdm.enable = true; home-manager.useUserPackages = true;
desktopManager.gnome.enable = true; home-manager.users.cyryl = {
libinput.enable = true; imports = [./nixos/home-manager];
}; _module.args.inputs = inputs;
_module.args.system = system;
users.extraUsers.root.openssh.authorizedKeys.keys = [ };
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" }
]; ];
sdImage.compressImage = false;
console.earlySetup = true;
}
];
specialArgs = { inherit inputs; };
};
}; };
}; };
nixosConfigurations = {
foryog = mkWorkstation nixpkgs-stable "x86_64-linux" "foryog";
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1";
mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1";
homescreen = mkRaspi nixpkgs-stable "homescreen";
bootstrap = nixpkgs-stable.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [(./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = {allowUnfree = true;};
};
};
};
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes
raspiimage = nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
modules = [
(import
"${inputs.nixpkgs-stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
{
environment.systemPackages = with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [
neovim
htop
btop
atop
];
networking.networkmanager.enable = false;
hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true;
services.openssh = {
enable = true;
permitRootLogin =
nixpkgs-stable.lib.mkForce "prohibit-password";
passwordAuthentication = false;
};
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
];
sdImage.compressImage = false;
console.earlySetup = true;
}
];
specialArgs = {inherit inputs;};
};
};
};
inputs = { inputs = {
nixpkgs-master = { nixpkgs-master = {
type = "github"; type = "github";

9
nixos/boot.nix
View file

@ -1,5 +1,10 @@
{ config, pkgs, lib, ... }: { {
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; config,
pkgs,
lib,
...
}: {
fileSystems."/".options = ["noatime" "nodiratime" "discard"];
hardware.enableRedistributableFirmware = lib.mkDefault true; hardware.enableRedistributableFirmware = lib.mkDefault true;
boot = { boot = {

27
nixos/boxes/bolty/bolty-boot.nix
View file

@ -1,26 +1,29 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
boot = { boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
initrd.availableKernelModules = initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"];
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ]; initrd.kernelModules = ["dm-snapshot"];
initrd.kernelModules = [ "dm-snapshot" ]; kernelModules = ["kvm-amd"];
kernelModules = [ "kvm-amd" ]; extraModulePackages = [];
extraModulePackages = [ ];
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = false; loader.efi.canTouchEfiVariables = false;
supportedFilesystems = [ "zfs" ]; supportedFilesystems = ["zfs"];
zfs.forceImportRoot = false; zfs.forceImportRoot = false;
}; };
services.btrfs.autoScrub.enable = true; services.btrfs.autoScrub.enable = true;
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true; services.zfs.trim.enable = true;
boot.kernelParams = [ "zfs.zfs_arc_max=8589934592" ];
boot.zfs.extraPools = [ "data" ]; boot.kernelParams = ["zfs.zfs_arc_max=8589934592"];
fileSystems."/" = { boot.zfs.extraPools = ["data"];
fileSystems."/" = {
device = "/dev/disk/by-uuid/28afab71-ff3d-4f1a-b7e4-2129572706dd"; device = "/dev/disk/by-uuid/28afab71-ff3d-4f1a-b7e4-2129572706dd";
fsType = "btrfs"; fsType = "btrfs";
}; };
@ -30,7 +33,7 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [];
nix.settings = { nix.settings = {
max-jobs = 8; max-jobs = 8;

10
nixos/boxes/bolty/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, inputs, lib, ... }: { {
config,
pkgs,
inputs,
lib,
...
}: {
imports = [ imports = [
../cli.nix ../cli.nix
./bolty-boot.nix ./bolty-boot.nix
@ -15,7 +21,7 @@
./tailscale-cert.nix ./tailscale-cert.nix
./virtualisation.nix ./virtualisation.nix
]; ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = ["aarch64-linux"];
programs.ccache.enable = true; programs.ccache.enable = true;
networking.hostName = "bolty"; networking.hostName = "bolty";
networking.hostId = "f05dd3b4"; networking.hostId = "f05dd3b4";

19
nixos/boxes/bolty/gitea-runner.nix
View file

@ -1,9 +1,14 @@
{ config, pkgs, inputs, lib, system, ... }: {
let config,
pkgs,
inputs,
lib,
system,
...
}: let
unstable = inputs.nixpkgs-nixos-unstable; unstable = inputs.nixpkgs-nixos-unstable;
package = unstable.legacyPackages."${system}".gitea-actions-runner; package = unstable.legacyPackages."${system}".gitea-actions-runner;
in in {
{
sops.secrets."gitea-runner-token" = { sops.secrets."gitea-runner-token" = {
sopsFile = ./gitea-runner-token.sops; sopsFile = ./gitea-runner-token.sops;
format = "binary"; format = "binary";
@ -11,11 +16,11 @@ in
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
daemon.settings = { daemon.settings = {
}; };
}; };
disabledModules = [ "services/continuous-integration/gitea-actions-runner.nix" ]; disabledModules = ["services/continuous-integration/gitea-actions-runner.nix"];
imports = [ "${unstable}/nixos/modules/services/continuous-integration/gitea-actions-runner.nix" ]; imports = ["${unstable}/nixos/modules/services/continuous-integration/gitea-actions-runner.nix"];
services.gitea-actions-runner = { services.gitea-actions-runner = {
inherit package; inherit package;

17
nixos/boxes/bolty/grafana.nix
View file

@ -1,12 +1,17 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
fqdn = "bolty.raptor-carp.ts.net"; fqdn = "bolty.raptor-carp.ts.net";
port = 30001; port = 30001;
path = "/data/grafana"; path = "/data/grafana";
certPath = "${path}/cert.pem"; certPath = "${path}/cert.pem";
keyPath = "${path}/key.pem"; keyPath = "${path}/key.pem";
in { in {
networking.firewall.allowedTCPPorts = [ port ]; networking.firewall.allowedTCPPorts = [port];
systemd.services.grafana-prep = { systemd.services.grafana-prep = {
script = '' script = ''
@ -19,15 +24,15 @@ in {
Type = "oneshot"; Type = "oneshot";
ReloadPropagatedFrom = "tailscale-cert.service"; ReloadPropagatedFrom = "tailscale-cert.service";
}; };
before = [ "grafana.service" ]; before = ["grafana.service"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
after = [ after = [
"network.target" "network.target"
"network-online.target" "network-online.target"
"tailscaled.service" "tailscaled.service"
"tailscale-cert.service" "tailscale-cert.service"
]; ];
wants = [ "tailscale-cert.service" ]; wants = ["tailscale-cert.service"];
}; };
systemd.services.grafana = { systemd.services.grafana = {

27
nixos/boxes/bolty/home-assistant.nix
View file

@ -1,15 +1,20 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
port = 8123; port = 8123;
path = "/data/nginx"; path = "/data/nginx";
certPath = "${path}/cert.pem"; certPath = "${path}/cert.pem";
keyPath = "${path}/key.pem"; keyPath = "${path}/key.pem";
in { in {
imports = [ ../nginx.nix ./virtualisation.nix ]; imports = [../nginx.nix ./virtualisation.nix];
networking.firewall.allowedTCPPorts = [ port 1883 ]; networking.firewall.allowedTCPPorts = [port 1883];
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
listeners = [ listeners = [
{ {
port = 1883; port = 1883;
@ -18,8 +23,9 @@ in {
settings = { settings = {
allow_anonymous = true; allow_anonymous = true;
}; };
acl = [ "topic readwrite #" ]; acl = ["topic readwrite #"];
}]; }
];
}; };
services.nginx = { services.nginx = {
@ -48,15 +54,14 @@ in {
Type = "oneshot"; Type = "oneshot";
ReloadPropagatedFrom = "tailscale-cert.service"; ReloadPropagatedFrom = "tailscale-cert.service";
}; };
before = [ "nginx.service" ]; before = ["nginx.service"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
after = [ after = [
"network.target" "network.target"
"network-online.target" "network-online.target"
"tailscaled.service" "tailscaled.service"
"tailscale-cert.service" "tailscale-cert.service"
]; ];
wants = [ "tailscale-cert.service" ]; wants = ["tailscale-cert.service"];
}; };
} }

8
nixos/boxes/bolty/home-security.nix
View file

@ -1,2 +1,8 @@
{ config, pkgs, inputs, lib, ... }: { {
config,
pkgs,
inputs,
lib,
...
}: {
} }

18
nixos/boxes/bolty/influxdb.nix
View file

@ -1,12 +1,17 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
fqdn = "bolty.raptor-carp.ts.net"; fqdn = "bolty.raptor-carp.ts.net";
port = 8086; port = 8086;
path = "/data/influxdb"; path = "/data/influxdb";
certPath = "${path}/cert.pem"; certPath = "${path}/cert.pem";
keyPath = "${path}/key.pem"; keyPath = "${path}/key.pem";
in { in {
networking.firewall.allowedTCPPorts = [ port ]; networking.firewall.allowedTCPPorts = [port];
systemd.services.influxdb2-prep = { systemd.services.influxdb2-prep = {
script = '' script = ''
@ -19,15 +24,15 @@ in {
Type = "oneshot"; Type = "oneshot";
ReloadPropagatedFrom = "tailscale-cert.service"; ReloadPropagatedFrom = "tailscale-cert.service";
}; };
before = [ "influxdb2.service" ]; before = ["influxdb2.service"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
after = [ after = [
"network.target" "network.target"
"network-online.target" "network-online.target"
"tailscaled.service" "tailscaled.service"
"tailscale-cert.service" "tailscale-cert.service"
]; ];
wants = [ "tailscale-cert.service" ]; wants = ["tailscale-cert.service"];
}; };
systemd.services.influxdb2 = { systemd.services.influxdb2 = {
@ -48,5 +53,4 @@ in {
tls-key = "${keyPath}"; tls-key = "${keyPath}";
}; };
}; };
} }

13
nixos/boxes/bolty/nas.nix
View file

@ -1,5 +1,11 @@
{ config, pkgs, inputs, lib, ... }: { {
networking.firewall.allowedTCPPorts = [ 2049 ]; config,
pkgs,
inputs,
lib,
...
}: {
networking.firewall.allowedTCPPorts = [2049];
services.nfs.server.enable = true; services.nfs.server.enable = true;
services.nfs.server.exports = '' services.nfs.server.exports = ''
/data/nfs 10.0.0.244/24(rw,sync,insecure,no_subtree_check,fsid=0) 100.81.212.51(rw,sync,insecure,no_subtree_check) /data/nfs 10.0.0.244/24(rw,sync,insecure,no_subtree_check,fsid=0) 100.81.212.51(rw,sync,insecure,no_subtree_check)
@ -7,5 +13,4 @@
/data/nfs/home_assistant/media 10.0.0.244/24(rw,sync,insecure,no_subtree_check) 100.81.212.51(rw,sync,insecure,no_subtree_check) /data/nfs/home_assistant/media 10.0.0.244/24(rw,sync,insecure,no_subtree_check) 100.81.212.51(rw,sync,insecure,no_subtree_check)
/data/nfs/home_assistant/backups 10.0.0.244/24(rw,sync,insecure,no_subtree_check) 100.81.212.51(rw,sync,insecure,no_subtree_check) /data/nfs/home_assistant/backups 10.0.0.244/24(rw,sync,insecure,no_subtree_check) 100.81.212.51(rw,sync,insecure,no_subtree_check)
''; '';
}
}

14
nixos/boxes/bolty/networking.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, inputs, lib, ... }: { {
config,
pkgs,
inputs,
lib,
...
}: {
networking.hostName = "bolty"; networking.hostName = "bolty";
systemd.network.enable = true; systemd.network.enable = true;
networking.networkmanager.enable = false; networking.networkmanager.enable = false;
@ -8,10 +14,10 @@
}; };
systemd.network.networks."br0" = { systemd.network.networks."br0" = {
name = "br0"; name = "br0";
address = [ "10.0.0.8/24" ]; address = ["10.0.0.8/24"];
gateway = [ "10.0.0.1" ]; gateway = ["10.0.0.1"];
DHCP = "no"; DHCP = "no";
dns = [ "100.100.100.100" "9.9.9.9" ]; dns = ["100.100.100.100" "9.9.9.9"];
}; };
systemd.network.networks."eth" = { systemd.network.networks."eth" = {

8
nixos/boxes/bolty/nix-store-server.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: { {
nix.settings.trusted-users = [ "nix-ssh" ]; config,
pkgs,
...
}: {
nix.settings.trusted-users = ["nix-ssh"];
nix.sshServe = { nix.sshServe = {
enable = true; enable = true;
write = true; write = true;

42
nixos/boxes/bolty/print-server.nix
View file

@ -1,39 +1,45 @@
{ config, pkgs, lib, ... }: { {
config,
pkgs,
lib,
...
}: {
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 631 6566 ]; networking.firewall.allowedTCPPorts = [631 6566];
networking.firewall.allowedUDPPorts = [ 631 6566 ]; networking.firewall.allowedUDPPorts = [631 6566];
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ epson-escpr ]; drivers = with pkgs; [epson-escpr];
listenAddresses = [ "*:631" ]; listenAddresses = ["*:631"];
defaultShared = true; defaultShared = true;
browsing = true; browsing = true;
allowFrom = [ "all" ]; allowFrom = ["all"];
extraConf = '' extraConf = ''
ServerAlias * ServerAlias *
DefaultEncryption Never DefaultEncryption Never
''; '';
}; };
hardware.printers.ensurePrinters = [{ hardware.printers.ensurePrinters = [
description = "Epson XP-540"; {
location = "connected to bolty"; description = "Epson XP-540";
name = "epson_xp540"; location = "connected to bolty";
deviceUri = name = "epson_xp540";
"usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1"; deviceUri = "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
model = "raw"; model = "raw";
ppdOptions = { PageSize = "A4"; }; ppdOptions = {PageSize = "A4";};
}]; }
];
hardware.sane = { hardware.sane = {
enable = true; enable = true;
extraBackends = with pkgs; [ sane-airscan gawk ]; extraBackends = with pkgs; [sane-airscan gawk];
snapshot = true; snapshot = true;
}; };
services.udev.packages = [ ]; services.udev.packages = [];
environment.systemPackages = with pkgs; [ gawk ]; environment.systemPackages = with pkgs; [gawk];
services.saned = { services.saned = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

33
nixos/boxes/bolty/tailscale-cert.nix
View file

@ -1,34 +1,39 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
fqdn = "bolty.raptor-carp.ts.net"; fqdn = "bolty.raptor-carp.ts.net";
basePath = "/var/lib/tailscale-certs"; basePath = "/var/lib/tailscale-certs";
keyPath = "${basePath}/key.pem"; keyPath = "${basePath}/key.pem";
certPath = "${basePath}/cert.pem"; certPath = "${basePath}/cert.pem";
in { in {
imports = [ ]; imports = [];
systemd.services.tailscale-cert-make-path = { systemd.services.tailscale-cert-make-path = {
script = '' script = ''
mkdir -p ${basePath} mkdir -p ${basePath}
''; '';
serviceConfig = { Type = "oneshot"; }; serviceConfig = {Type = "oneshot";};
before = [ "tailscale-cert.service" ]; before = ["tailscale-cert.service"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
}; };
systemd.services.tailscale-cert = { systemd.services.tailscale-cert = {
after = [ "network.target" "network-online.target" "tailscaled.service" ]; after = ["network.target" "network-online.target" "tailscaled.service"];
wants = [ "tailscaled.service" ]; wants = ["tailscaled.service"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
path = with pkgs; [ tailscale ]; path = with pkgs; [tailscale];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
UMask = 22; UMask = 22;
StateDirectoryMode = 750; StateDirectoryMode = 750;
ProtectSystem = "strict"; ProtectSystem = "strict";
ReadWritePaths = [ "${basePath}" ]; ReadWritePaths = ["${basePath}"];
PrivateTmp = true; PrivateTmp = true;
WorkingDirectory = "${basePath}"; WorkingDirectory = "${basePath}";
NoNewPrivileges = true; NoNewPrivileges = true;
@ -36,16 +41,16 @@ in {
ProtectClock = true; ProtectClock = true;
ProtectHome = true; ProtectHome = true;
ProtectHostname = true; ProtectHostname = true;
StateDirectory = [ "${basePath}" ]; StateDirectory = ["${basePath}"];
}; };
script = '' script = ''
tailscale cert --cert-file ${certPath} --key-file ${keyPath} ${fqdn} tailscale cert --cert-file ${certPath} --key-file ${keyPath} ${fqdn}
''; '';
}; };
systemd.timers.tailscale-renew = { systemd.timers.tailscale-renew = {
wantedBy = [ "timers.target" ]; wantedBy = ["timers.target"];
description = "Renew tailscale server cert"; description = "Renew tailscale server cert";
timerConfig = { timerConfig = {
OnCalendar = "weekly"; OnCalendar = "weekly";

15
nixos/boxes/bolty/virtualisation.nix
View file

@ -1,10 +1,16 @@
{ config, pkgs, inputs, lib, ... }: { {
boot.kernelModules = [ "kvm_amd" ]; config,
pkgs,
inputs,
lib,
...
}: {
boot.kernelModules = ["kvm_amd"];
virtualisation = { virtualisation = {
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu.ovmf.enable = true; qemu.ovmf.enable = true;
allowedBridges = [ "br0" ]; allowedBridges = ["br0"];
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -14,8 +20,7 @@
virt-viewer virt-viewer
lm_sensors lm_sensors
]; ];
networking.firewall.allowedTCPPorts = [ 5900 ]; networking.firewall.allowedTCPPorts = [5900];
security.allowUserNamespaces = true; security.allowUserNamespaces = true;
} }

2
nixos/boxes/bootstrap/default.nix
View file

@ -16,5 +16,5 @@
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
programs.zsh.enable=true; programs.zsh.enable = true;
} }

6
nixos/boxes/cli.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
atop atop
btop btop

25
nixos/boxes/form3/default.nix
View file

@ -1,14 +1,21 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: {
let config,
pkgs,
inputs,
lib,
nixpkgs-nixos-unstable-and-unfree,
...
}: let
system_cert_bundle_path = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; system_cert_bundle_path = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
form3_cert_path = ./form3-palo-alto.pem; form3_cert_path = ./form3-palo-alto.pem;
form3_cert_bundle = builtins.toFile "form3-cert-bundle.crt" form3_cert_bundle =
builtins.toFile "form3-cert-bundle.crt"
(builtins.readFile system_cert_bundle_path (builtins.readFile system_cert_bundle_path
+ builtins.readFile form3_cert_path); + builtins.readFile form3_cert_path);
in { in {
environment.systemPackages = with pkgs; [ vim nixfmt ]; environment.systemPackages = with pkgs; [vim nixfmt];
imports = [ ../../git ../../mercurial ]; imports = [../../git ../../mercurial];
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
nix = { nix = {
useDaemon = true; useDaemon = true;
@ -30,7 +37,7 @@ in {
source-code-pro source-code-pro
weather-icons weather-icons
]; ];
security.pki.certificateFiles = [ form3_cert_path system_cert_bundle_path ]; security.pki.certificateFiles = [form3_cert_path system_cert_bundle_path];
environment.variables = { environment.variables = {
SSL_CERT_FILE = form3_cert_bundle; SSL_CERT_FILE = form3_cert_bundle;
NIX_SSL_CERT_FILE = form3_cert_bundle; NIX_SSL_CERT_FILE = form3_cert_bundle;
@ -41,9 +48,9 @@ in {
system.stateVersion = 4; system.stateVersion = 4;
home-manager.users.cyryl = { ... }: { home-manager.users.cyryl = {...}: {
imports = [ ]; imports = [];
home.packages = with pkgs; [ awscli kubectl cargo-update ]; home.packages = with pkgs; [awscli kubectl cargo-update];
programs.git.userEmail = lib.mkForce "cyryl.plotnicki@form3.tech"; programs.git.userEmail = lib.mkForce "cyryl.plotnicki@form3.tech";
programs.git.extraConfig = { programs.git.extraConfig = {
user.signingkey = "6441B1BC81F8FB1561C9AFF5534222210FE423ED"; user.signingkey = "6441B1BC81F8FB1561C9AFF5534222210FE423ED";

2
nixos/boxes/foryog/default.nix
View file

@ -26,7 +26,7 @@
fileSystems."/" = {options = ["compress=zstd"];}; fileSystems."/" = {options = ["compress=zstd"];};
services.restic.backups.home-to-b2 = { services.restic.backups.home-to-b2 = {
repository = lib.mkForce "b2:cyplo-restic-foureighty:/"; repository = lib.mkForce "b2:cyplo-restic-foureighty:/";
}; };
boot.kernelParams = ["initcall_debug" ''dyndbg="file suspend.c +p"'' "no_console_suspend"]; boot.kernelParams = ["initcall_debug" ''dyndbg="file suspend.c +p"'' "no_console_suspend"];
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;

24
nixos/boxes/foryog/hardware-configuration.nix
View file

@ -1,11 +1,16 @@
{ config, lib, pkgs, inputs, ... }: { {
config,
lib,
pkgs,
inputs,
...
}: {
boot = { boot = {
kernelModules = [ "kvm-intel" ]; kernelModules = ["kvm-intel"];
initrd = { initrd = {
kernelModules = [ "dm-snapshot" ]; kernelModules = ["dm-snapshot"];
availableKernelModules = availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
[ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
}; };
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
@ -13,9 +18,8 @@
loader.efi.efiSysMountPoint = "/boot/efi"; loader.efi.efiSysMountPoint = "/boot/efi";
}; };
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; boot.initrd.secrets = {"/crypto_keyfile.bin" = null;};
boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device = boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device = "/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
"/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
fileSystems."/boot/efi" = { fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/D6C0-1A9D"; device = "/dev/disk/by-uuid/D6C0-1A9D";
@ -25,8 +29,8 @@
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/98f3597c-183a-45fb-b2a4-b598c18d089a"; device = "/dev/disk/by-uuid/98f3597c-183a-45fb-b2a4-b598c18d089a";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = ["subvol=@"];
}; };
swapDevices = [ ]; swapDevices = [];
} }

33
nixos/boxes/foureighty/default.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: { {
config,
pkgs,
inputs,
lib,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
networking.hostName = "foureighty"; networking.hostName = "foureighty";
imports = [ imports = [
@ -17,9 +24,9 @@
../../sdr.nix ../../sdr.nix
]; ];
fileSystems."/" = { options = [ "compress=zstd" ]; }; fileSystems."/" = {options = ["compress=zstd"];};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = ["aarch64-linux"];
boot.plymouth = { boot.plymouth = {
enable = true; enable = true;
logo = ./boot.png; logo = ./boot.png;
@ -56,9 +63,9 @@
}; };
}; };
}; };
services.fprintd = { enable = true; }; services.fprintd = {enable = true;};
programs.ccache.enable = true; programs.ccache.enable = true;
hardware.opengl.extraPackages = with pkgs; [ libva ]; hardware.opengl.extraPackages = with pkgs; [libva];
programs.steam.enable = true; programs.steam.enable = true;
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
@ -71,15 +78,11 @@
"vscode" "vscode"
]; ];
home-manager.users.cyryl = { ... }: { home-manager.users.cyryl = {...}: {
imports = imports = [../../home-manager/programs/alacritty.nix ../../gui/vscode.nix];
[ ../../home-manager/programs/alacritty.nix ../../gui/vscode.nix ]; home.packages = with inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux";
home.packages = [bisq-desktop]
with inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux"; ++ (with pkgs; [lutris])
[ bisq-desktop ] ++ ++ (with inputs.endless-sky.legacyPackages."x86_64-linux"; [endless-sky]);
(with pkgs; [ lutris ])
++ (with inputs.endless-sky.legacyPackages."x86_64-linux";
[ endless-sky ]);
}; };
} }

21
nixos/boxes/homescreen/default.nix
View file

@ -1,14 +1,19 @@
{ config, pkgs, inputs, lib, ... }: { {
imports = config,
[ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ../../tailscale ]; pkgs,
inputs,
lib,
...
}: {
imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4 ../../tailscale];
networking = { networking = {
hostName = "homescreen"; hostName = "homescreen";
networkmanager = { enable = true; }; networkmanager = {enable = true;};
}; };
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
environment.systemPackages = with pkgs; [ neovim htop btop atop ]; environment.systemPackages = with pkgs; [neovim htop btop atop];
services.fail2ban.enable = true; services.fail2ban.enable = true;
@ -33,7 +38,7 @@
users = { users = {
mutableUsers = false; mutableUsers = false;
users.kiosk = { isNormalUser = true; }; users.kiosk = {isNormalUser = true;};
}; };
users.extraUsers.root.openssh.authorizedKeys.keys = [ users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
@ -42,12 +47,12 @@
"/" = { "/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4"; fsType = "ext4";
options = [ "noatime" ]; options = ["noatime"];
}; };
"/boot/firmware" = { "/boot/firmware" = {
device = "/dev/disk/by-label/FIRMWARE"; device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat"; fsType = "vfat";
options = [ "nofail" "noauto" ]; options = ["nofail" "noauto"];
}; };
}; };
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

12
nixos/boxes/mb1/atuin.nix
View file

@ -1,16 +1,22 @@
{ config, pkgs, inputs, lib, ... }: { {
config,
pkgs,
inputs,
lib,
...
}: {
imports = [ imports = [
"${inputs.nixpkgs-nixos-unstable}/nixos/modules/services/misc/atuin.nix" "${inputs.nixpkgs-nixos-unstable}/nixos/modules/services/misc/atuin.nix"
../nginx.nix ../nginx.nix
]; ];
disabledModules = [ "services/misc/atuin.nix" ]; disabledModules = ["services/misc/atuin.nix"];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"atuin.cyplo.dev" = { "atuin.cyplo.dev" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:8888"; }; locations."/" = {proxyPass = "http://127.0.0.1:8888";};
}; };
}; };
}; };

22
nixos/boxes/mb1/blog.nix
View file

@ -1,16 +1,18 @@
{ config, pkgs, ... }:
let
path = "/var/www/blog/";
in
{ {
imports = [ ../nginx.nix ]; config,
pkgs,
...
}: let
path = "/var/www/blog/";
in {
imports = [../nginx.nix];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"blog.cyplo.dev" = { "blog.cyplo.dev" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
root = path; root = path;
}; };
}; };
"blog.cyplo.net" = { "blog.cyplo.net" = {
@ -24,12 +26,12 @@ in
users.extraUsers.blog = { users.extraUsers.blog = {
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILqDeXcIQwLXxuueu9KTC6y6NPUUzDRdF4Q5NUk+nFwt upload@blog" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILqDeXcIQwLXxuueu9KTC6y6NPUUzDRdF4Q5NUk+nFwt upload@blog"
]; ];
group = "nginx"; group = "nginx";
isSystemUser = false; isSystemUser = false;
isNormalUser = true; isNormalUser = true;
home = path; home = path;
createHome = true; createHome = true;
homeMode = "750"; homeMode = "750";
}; };
} }

11
nixos/boxes/mb1/boot.nix
View file

@ -1,10 +1,15 @@
{ config, pkgs, inputs, lib, ... }: { {
config,
pkgs,
inputs,
lib,
...
}: {
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.grub = { boot.loader.grub = {
devices = [ "/dev/vda" ]; devices = ["/dev/vda"];
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
}; };
} }

10
nixos/boxes/mb1/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, inputs, lib, ... }: { {
config,
pkgs,
inputs,
lib,
...
}: {
imports = [ imports = [
"${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix" "${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
../cli.nix ../cli.nix
@ -10,7 +16,6 @@
]; ];
networking.hostName = "mb1"; networking.hostName = "mb1";
zramSwap = { zramSwap = {
enable = true; enable = true;
algorithm = "zstd"; algorithm = "zstd";
@ -18,5 +23,4 @@
}; };
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
} }

2
nixos/boxes/mb1/disks.nix
View file

@ -12,7 +12,7 @@ _: {
name = "boot"; name = "boot";
start = "0"; start = "0";
end = "1M"; end = "1M";
flags = [ "bios_grub" ]; flags = ["bios_grub"];
} }
{ {
name = "ESP"; name = "ESP";

18
nixos/boxes/mb1/search.nix
View file

@ -1,11 +1,14 @@
{ config, pkgs, ... }: { {
imports = [ ../nginx.nix ]; config,
pkgs,
...
}: {
imports = [../nginx.nix];
virtualisation.oci-containers.containers.searxng = { virtualisation.oci-containers.containers.searxng = {
image = image = "searxng/searxng@sha256:650c0b183a129e10c2493126bb27c3541ffebbead6e0255fab91831457211b06";
"searxng/searxng@sha256:650c0b183a129e10c2493126bb27c3541ffebbead6e0255fab91831457211b06"; volumes = [];
volumes = [ ]; environment = {BASE_URL = "https://search.cyplo.dev";};
environment = { BASE_URL = "https://search.cyplo.dev"; }; ports = ["9999:8080"];
ports = [ "9999:8080" ];
}; };
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
@ -28,5 +31,4 @@
}; };
}; };
}; };
} }

11
nixos/boxes/thinky/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib,... }: { {
config,
pkgs,
lib,
...
}: {
networking.hostName = "thinky"; networking.hostName = "thinky";
imports = [ imports = [
@ -28,7 +33,7 @@
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"spotify" "spotify"
]; ];
home-manager.users.cyryl = { ... }: { home-manager.users.cyryl = {...}: {
imports = [ ../../home-manager/programs/termite.nix ]; imports = [../../home-manager/programs/termite.nix];
}; };
} }

20
nixos/boxes/thinky/hardware-configuration.nix
View file

@ -1,11 +1,16 @@
{ config, lib, pkgs, inputs, ... }: { {
config,
lib,
pkgs,
inputs,
...
}: {
boot = { boot = {
kernelModules = [ "kvm-intel" ]; kernelModules = ["kvm-intel"];
initrd = { initrd = {
kernelModules = [ "dm-snapshot" ]; kernelModules = ["dm-snapshot"];
availableKernelModules = availableKernelModules = ["ata_generic" "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod"];
[ "ata_generic" "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
}; };
loader.grub.enable = true; loader.grub.enable = true;
@ -17,15 +22,14 @@
fsType = "btrfs"; fsType = "btrfs";
}; };
boot.initrd.luks.devices."crypt".device = boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/8d51b38a-5d90-4a7a-a86a-0d57648fd82d";
"/dev/disk/by-uuid/8d51b38a-5d90-4a7a-a86a-0d57648fd82d";
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/195b3f15-885e-4123-879f-6e4591a58317"; device = "/dev/disk/by-uuid/195b3f15-885e-4123-879f-6e4591a58317";
fsType = "ext2"; fsType = "ext2";
}; };
swapDevices = [ ]; swapDevices = [];
nix.settings = { nix.settings = {
max-jobs = 2; max-jobs = 2;

16
nixos/boxes/vpsfree1/backups.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, ... }: {
let config,
pkgs,
...
}: let
genericBackupPath = "/var/lib/backups/"; genericBackupPath = "/var/lib/backups/";
containersBackupPath = "${genericBackupPath}/oci-containers/"; containersBackupPath = "${genericBackupPath}/oci-containers/";
in rec { in rec {
environment.systemPackages = with pkgs; [ restic ]; environment.systemPackages = with pkgs; [restic];
sops.secrets."restic-backups-b2-repo-password" = { sops.secrets."restic-backups-b2-repo-password" = {
sopsFile = ./restic.sops.yaml; sopsFile = ./restic.sops.yaml;
@ -31,14 +34,13 @@ in rec {
backupCleanupCommand = '' backupCleanupCommand = ''
systemctl start container@mastodon.service systemctl start container@mastodon.service
''; '';
timerConfig = { OnCalendar = "daily"; }; timerConfig = {OnCalendar = "daily";};
environmentFile = environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}";
"${config.sops.secrets.restic-backups-b2-environment.path}";
}; };
}; };
systemd.services.restic-backups-b2 = { systemd.services.restic-backups-b2 = {
environment = { GOMAXPROCS = "1"; }; environment = {GOMAXPROCS = "1";};
serviceConfig = { serviceConfig = {
Nice = 19; Nice = 19;
IOSchedulingClass = "idle"; IOSchedulingClass = "idle";

17
nixos/boxes/vpsfree1/cryptpad.nix
View file

@ -1,12 +1,18 @@
{ config, pkgs, inputs, lib, ... }: { {
imports = [ ../nginx.nix ]; config,
pkgs,
inputs,
lib,
...
}: {
imports = [../nginx.nix];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"notes.purrfect.estate" = { "notes.purrfect.estate" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
serverAliases = [ "notes-sandbox.purrfect.estate" ]; serverAliases = ["notes-sandbox.purrfect.estate"];
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:9005"; proxyPass = "http://127.0.0.1:9005";
proxyWebsockets = true; proxyWebsockets = true;
@ -15,8 +21,7 @@
}; };
}; };
virtualisation.oci-containers.containers.cryptpad = { virtualisation.oci-containers.containers.cryptpad = {
image = image = "promasu/cryptpad@sha256:29c61f69e41173188c0592e72f2273cf23a83f48e7d143337e2cd7fea441ed87";
"promasu/cryptpad@sha256:29c61f69e41173188c0592e72f2273cf23a83f48e7d143337e2cd7fea441ed87";
volumes = [ volumes = [
"${./cryptpad.config.js}:/cryptpad/config/config.js" "${./cryptpad.config.js}:/cryptpad/config/config.js"
@ -34,6 +39,6 @@
CPAD_TRUSTED_PROXY = "0.0.0.0/0"; CPAD_TRUSTED_PROXY = "0.0.0.0/0";
CPAD_HTTP2_DISABLE = "true"; CPAD_HTTP2_DISABLE = "true";
}; };
ports = [ "9005:80" ]; ports = ["9005:80"];
}; };
} }

10
nixos/boxes/vpsfree1/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, inputs, lib, ... }: { {
config,
pkgs,
inputs,
lib,
...
}: {
networking.hostName = "vpsfree1"; networking.hostName = "vpsfree1";
imports = [ imports = [
@ -20,7 +26,7 @@
DefaultTimeoutStartSec=900s DefaultTimeoutStartSec=900s
''; '';
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = ["aarch64-linux"];
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
nix.settings.cores = 8; nix.settings.cores = 8;
} }

102
nixos/boxes/vpsfree1/fossil.nix
View file

@ -1,71 +1,85 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
port = 8081; port = 8081;
domain = "fossil.cyplo.dev"; domain = "fossil.cyplo.dev";
baseurl = "https://${domain}"; baseurl = "https://${domain}";
path = "/var/lib/fossil"; path = "/var/lib/fossil";
in { in {
imports = [ ../nginx.nix ]; imports = [../nginx.nix];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { proxyPass = "http://localhost:" + toString port; }; locations."/" = {proxyPass = "http://localhost:" + toString port;};
}; };
}; };
}; };
containers.fossil = { containers.fossil = {
autoStart = true; autoStart = true;
forwardPorts = [{ forwardPorts = [
containerPort = port; {
hostPort = port; containerPort = port;
}]; hostPort = port;
}
];
bindMounts = { bindMounts = {
"${path}" = { "${path}" = {
hostPath = "${path}"; hostPath = "${path}";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = { config, pkgs, ... }: config = {
let config,
user = "fossil"; pkgs,
group = "fossil"; ...
in { }: let
system.stateVersion = "23.05"; user = "fossil";
environment.systemPackages = [ pkgs.fossil ]; group = "fossil";
users.groups = { "${group}" = { }; }; in {
users.users = { system.stateVersion = "23.05";
fossil = { environment.systemPackages = [pkgs.fossil];
inherit group; users.groups = {"${group}" = {};};
description = "Fossil Service"; users.users = {
home = path; fossil = {
useDefaultShell = true; inherit group;
isSystemUser = true; description = "Fossil Service";
}; home = path;
}; useDefaultShell = true;
isSystemUser = true;
systemd.tmpfiles.rules = [ "d '${path}' 0770 ${user} ${group} - -" ];
systemd.services.fossil = {
description = "fossil server";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.fossil pkgs.git ];
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = path;
ReadWritePaths = [ path ];
ExecStart = "${pkgs.fossil}/bin/fossil server" + " --localhost"
+ " --https" + " --port ${toString port}"
+ " --baseurl ${baseurl}" + " --repolist ${path}";
Restart = "always";
RestartSec = 3;
};
}; };
}; };
systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"];
systemd.services.fossil = {
description = "fossil server";
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
path = [pkgs.fossil pkgs.git];
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = path;
ReadWritePaths = [path];
ExecStart =
"${pkgs.fossil}/bin/fossil server"
+ " --localhost"
+ " --https"
+ " --port ${toString port}"
+ " --baseurl ${baseurl}"
+ " --repolist ${path}";
Restart = "always";
RestartSec = 3;
};
};
};
}; };
} }

31
nixos/boxes/vpsfree1/foundryvtt.nix
View file

@ -1,5 +1,10 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
foundryvtt = pkgs.fetchzip { foundryvtt = pkgs.fetchzip {
name = "foundryvtt"; name = "foundryvtt";
url = "file:///" + ./FoundryVTT-11.306.zip; url = "file:///" + ./FoundryVTT-11.306.zip;
@ -8,7 +13,7 @@ let
stripRoot = false; stripRoot = false;
}; };
in { in {
imports = [ ../nginx.nix ]; imports = [../nginx.nix];
services.nginx = { services.nginx = {
clientMaxBodySize = "300M"; clientMaxBodySize = "300M";
@ -26,21 +31,27 @@ in {
containers.foundryvtt = { containers.foundryvtt = {
autoStart = true; autoStart = true;
forwardPorts = [{ forwardPorts = [
containerPort = 30000; {
hostPort = 30000; containerPort = 30000;
}]; hostPort = 30000;
}
];
bindMounts = { bindMounts = {
"/var/lib/foundryvtt" = { "/var/lib/foundryvtt" = {
hostPath = "/var/lib/foundryvtt"; hostPath = "/var/lib/foundryvtt";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = { config, pkgs, ... }: { config = {
config,
pkgs,
...
}: {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
systemd.services."foundryvtt" = { systemd.services."foundryvtt" = {
requires = [ "network-online.target" ]; requires = ["network-online.target"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
script = '' script = ''
mkdir -p /var/lib/foundryvtt mkdir -p /var/lib/foundryvtt
${pkgs.nodejs-18_x}/bin/node ${foundryvtt}/resources/app/main.js --dataPath=/var/lib/foundryvtt ${pkgs.nodejs-18_x}/bin/node ${foundryvtt}/resources/app/main.js --dataPath=/var/lib/foundryvtt

43
nixos/boxes/vpsfree1/gitea.nix
View file

@ -1,5 +1,11 @@
{ config, pkgs, inputs, lib, system, ... }: {
let config,
pkgs,
inputs,
lib,
system,
...
}: let
unstable = inputs.nixpkgs-nixos-unstable; unstable = inputs.nixpkgs-nixos-unstable;
package = unstable.legacyPackages."${system}".gitea; package = unstable.legacyPackages."${system}".gitea;
httpPort = 8083; httpPort = 8083;
@ -23,18 +29,18 @@ let
}; };
groups."${systemGroupName}" = { groups."${systemGroupName}" = {
inherit gid; inherit gid;
members = [ "${systemUserName}" "nginx" ]; members = ["${systemUserName}" "nginx"];
}; };
}; };
in { in {
imports = [ ../nginx.nix ]; imports = [../nginx.nix];
inherit users; inherit users;
boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; }; boot.kernel.sysctl = {"net.ipv4.ip_unprivileged_port_start" = 0;};
systemd.services.systemd-sysctl.enable = lib.mkForce true; systemd.services.systemd-sysctl.enable = lib.mkForce true;
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [sshPort];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
@ -76,15 +82,21 @@ in {
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = { config, pkgs, lib, ... }: { config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
users = users // { users =
mutableUsers = false; users
allowNoPasswordLogin = true; // {
}; mutableUsers = false;
disabledModules = [ "services/misc/gitea.nix" ]; allowNoPasswordLogin = true;
imports = };
[ "${unstable}/nixos/modules/services/misc/gitea.nix" ]; disabledModules = ["services/misc/gitea.nix"];
imports = ["${unstable}/nixos/modules/services/misc/gitea.nix"];
services.gitea = { services.gitea = {
enable = true; enable = true;
inherit package; inherit package;
@ -101,8 +113,7 @@ in {
"markup.mermaid" = { "markup.mermaid" = {
ENABLED = true; ENABLED = true;
FILE_EXTENSIONS = ".md"; FILE_EXTENSIONS = ".md";
RENDER_COMMAND = RENDER_COMMAND = "${pkgs.asciidoc-full}/bin/asciidoc --out-file=- -";
"${pkgs.asciidoc-full}/bin/asciidoc --out-file=- -";
IS_INPUT_FILE = false; IS_INPUT_FILE = false;
}; };
server = { server = {

56
nixos/boxes/vpsfree1/mastodon.nix
View file

@ -1,5 +1,10 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
newestPackages = inputs.nixpkgs-master.legacyPackages.${pkgs.system}; newestPackages = inputs.nixpkgs-master.legacyPackages.${pkgs.system};
package = newestPackages.mastodon; package = newestPackages.mastodon;
domain = "peninsula.industries"; domain = "peninsula.industries";
@ -24,7 +29,7 @@ let
}; };
groups."${systemGroupName}" = { groups."${systemGroupName}" = {
inherit gid; inherit gid;
members = [ "${systemUserName}" "nginx" ]; members = ["${systemUserName}" "nginx"];
}; };
}; };
secretSettings = { secretSettings = {
@ -33,7 +38,7 @@ let
}; };
publicPath = "${path}/public-system/"; publicPath = "${path}/public-system/";
in { in {
imports = [ ../nginx.nix ]; imports = [../nginx.nix];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
services.nginx = { services.nginx = {
@ -43,7 +48,7 @@ in {
enableACME = true; enableACME = true;
root = "${package}/public/"; root = "${package}/public/";
locations."/" = { tryFiles = "$uri @proxy"; }; locations."/" = {tryFiles = "$uri @proxy";};
locations."/system/".alias = "${publicPath}"; locations."/system/".alias = "${publicPath}";
locations."@proxy" = { locations."@proxy" = {
@ -58,14 +63,18 @@ in {
}; };
}; };
sops.secrets."${mailgunSmtpSecretName}" = { sops.secrets."${mailgunSmtpSecretName}" =
sopsFile = ./mailgun.sops.yaml; {
path = mailgunSmtpPasswordPath; sopsFile = ./mailgun.sops.yaml;
} // secretSettings; path = mailgunSmtpPasswordPath;
sops.secrets."${mastodonDbSecretName}" = { }
sopsFile = ./mastodon-db.sops.yaml; // secretSettings;
path = mastodonDbSecretPath; sops.secrets."${mastodonDbSecretName}" =
} // secretSettings; {
sopsFile = ./mastodon-db.sops.yaml;
path = mastodonDbSecretPath;
}
// secretSettings;
inherit users; inherit users;
@ -80,8 +89,8 @@ in {
chmod -R g+r ${publicPath} chmod -R g+r ${publicPath}
chmod -R u+rwX ${publicPath} chmod -R u+rwX ${publicPath}
''; '';
serviceConfig = { Type = "oneshot"; }; serviceConfig = {Type = "oneshot";};
before = [ "container@mastodon.service" ]; before = ["container@mastodon.service"];
}; };
containers.mastodon = { containers.mastodon = {
@ -110,13 +119,20 @@ in {
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = { config, pkgs, lib, ... }: { config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
services.postgresql.port = postgresPort; services.postgresql.port = postgresPort;
users = users // { users =
mutableUsers = false; users
allowNoPasswordLogin = true; // {
}; mutableUsers = false;
allowNoPasswordLogin = true;
};
systemd.services.mastodon-media-auto-remove = { systemd.services.mastodon-media-auto-remove = {
description = "Mastodon media auto remove"; description = "Mastodon media auto remove";
serviceConfig = { serviceConfig = {

94
nixos/boxes/vpsfree1/rss.nix
View file

@ -1,65 +1,77 @@
{ config, pkgs, inputs, lib, ... }: {
let config,
pkgs,
inputs,
lib,
...
}: let
port = 8080; port = 8080;
domain = "news.cyplo.dev"; domain = "news.cyplo.dev";
postgresPort = 5435; postgresPort = 5435;
in { in {
imports = [ ../nginx.nix ]; imports = [../nginx.nix];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:" + toString port; }; locations."/" = {proxyPass = "http://127.0.0.1:" + toString port;};
}; };
}; };
}; };
containers.rss = { containers.rss = {
autoStart = true; autoStart = true;
forwardPorts = [{ forwardPorts = [
containerPort = port; {
hostPort = port; containerPort = port;
}]; hostPort = port;
config = { config, pkgs, ... }: }
let ];
inherit (config.services.tt-rss) pool; config = {
inherit (config.services.tt-rss) root; config,
in { pkgs,
system.stateVersion = "23.05"; ...
services.postgresql.port = postgresPort; }: let
services.tt-rss = { inherit (config.services.tt-rss) pool;
enable = true; inherit (config.services.tt-rss) root;
selfUrlPath = "https://${domain}"; in {
virtualHost = null; system.stateVersion = "23.05";
registration.enable = false; services.postgresql.port = postgresPort;
simpleUpdateMode = true; services.tt-rss = {
database.port = postgresPort; enable = true;
}; selfUrlPath = "https://${domain}";
services.nginx = { virtualHost = null;
enable = true; registration.enable = false;
virtualHosts = { simpleUpdateMode = true;
"${domain}" = { database.port = postgresPort;
listen = [{ };
services.nginx = {
enable = true;
virtualHosts = {
"${domain}" = {
listen = [
{
inherit port; inherit port;
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }
root = "${root}/www"; ];
locations."/" = { index = "index.php"; }; root = "${root}/www";
locations."^~ /feed-icons" = { root = "${root}"; }; locations."/" = {index = "index.php";};
locations."~ \\.php$" = { locations."^~ /feed-icons" = {root = "${root}";};
extraConfig = '' locations."~ \\.php$" = {
fastcgi_split_path_info ^(.+\.php)(/.+)$; extraConfig = ''
fastcgi_pass unix:${ fastcgi_split_path_info ^(.+\.php)(/.+)$;
config.services.phpfpm.pools.${pool}.socket fastcgi_pass unix:${
}; config.services.phpfpm.pools.${pool}.socket
fastcgi_index index.php; };
''; fastcgi_index index.php;
}; '';
}; };
}; };
}; };
}; };
};
}; };
} }

27
nixos/boxes/yoga/default.nix
View file

@ -1,18 +1,30 @@
{ config, pkgs, inputs, lib, system, nixpkgs-nixos-unstable-and-unfree, ... }: { {
config,
pkgs,
inputs,
lib,
system,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
networking.hostName = "yoga"; networking.hostName = "yoga";
imports = [ ./hardware-configuration.nix ../../boot.nix ../../git ../../gui imports = [
./hardware-configuration.nix
../../boot.nix
../../git
../../gui
../../vim ../../vim
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
hardware.trackpoint.enable = true; hardware.trackpoint.enable = true;
services.hardware.bolt.enable = true; services.hardware.bolt.enable = true;
services.fprintd = { enable = true; }; services.fprintd = {enable = true;};
home-manager.users.cyryl = { lib, ... }: { home.packages = with pkgs; [ ]; }; home-manager.users.cyryl = {lib, ...}: {home.packages = with pkgs; [];};
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
@ -61,8 +73,8 @@
users.users.cyryl = { users.users.cyryl = {
isNormalUser = true; isNormalUser = true;
description = "cyryl"; description = "cyryl";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = ["networkmanager" "wheel"];
packages = with pkgs; [ ]; packages = with pkgs; [];
}; };
services.fwupd.enable = true; services.fwupd.enable = true;
@ -73,5 +85,4 @@
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false; systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false; systemd.services."autovt@tty1".enable = false;
} }

28
nixos/boxes/yoga/hardware-configuration.nix
View file

@ -1,33 +1,37 @@
{ config, lib, pkgs, modulesPath, ... }: { {
imports = [ ]; config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [];
boot.initrd.kernelModules = [ ]; boot.kernelModules = ["kvm-intel"];
boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [];
boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Setup keyfile # Setup keyfile
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; boot.initrd.secrets = {"/crypto_keyfile.bin" = null;};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/a43a1c42-9166-47dc-9e78-20e0975c75c5"; device = "/dev/disk/by-uuid/a43a1c42-9166-47dc-9e78-20e0975c75c5";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = ["subvol=@"];
}; };
boot.initrd.luks.devices."luks-99498047-118a-484a-8c2a-987ca68d4943".device = boot.initrd.luks.devices."luks-99498047-118a-484a-8c2a-987ca68d4943".device = "/dev/disk/by-uuid/99498047-118a-484a-8c2a-987ca68d4943";
"/dev/disk/by-uuid/99498047-118a-484a-8c2a-987ca68d4943";
fileSystems."/boot/efi" = { fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/F179-A4EA"; device = "/dev/disk/by-uuid/F179-A4EA";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;

64
nixos/common-hardware.nix
View file

@ -1,33 +1,41 @@
{ config, pkgs, nixpkgs-nixos-unstable-and-unfree, lib, ... }: { {
boot.kernelModules = [ "fuse" ]; config,
pkgs,
nixpkgs-nixos-unstable-and-unfree,
lib,
...
}: {
boot.kernelModules = ["fuse"];
services.smartd.enable = true; services.smartd.enable = true;
sound.enable = true; sound.enable = true;
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
dispatcherScripts = [{ dispatcherScripts = [
source = pkgs.writeText "upHook" '' {
enable_disable_wifi () source = pkgs.writeText "upHook" ''
{ enable_disable_wifi ()
result=$(nmcli dev | grep "ethernet" | grep -w "connected") {
if [ -n "$result" ]; then result=$(nmcli dev | grep "ethernet" | grep -w "connected")
nmcli radio wifi off if [ -n "$result" ]; then
else nmcli radio wifi off
nmcli radio wifi on else
nmcli radio wifi on
fi
}
if [ "$2" = "up" ]; then
enable_disable_wifi
fi fi
}
if [ "$2" = "up" ]; then if [ "$2" = "down" ]; then
enable_disable_wifi enable_disable_wifi
fi fi
'';
if [ "$2" = "down" ]; then type = "basic";
enable_disable_wifi }
fi ];
'';
type = "basic";
}];
}; };
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
@ -36,7 +44,7 @@
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
package = pkgs.bluezFull; package = pkgs.bluezFull;
settings = { General = { Enable = "Source,Sink,Media,Socket"; }; }; settings = {General = {Enable = "Source,Sink,Media,Socket";};};
}; };
services.blueman.enable = true; services.blueman.enable = true;
@ -55,7 +63,7 @@
# no need to redefine it in your config for now) # no need to redefine it in your config for now)
#media-session.enable = true; #media-session.enable = true;
}; };
environment.systemPackages = with pkgs; [ ghostscript poppler ]; environment.systemPackages = with pkgs; [ghostscript poppler];
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ drivers = with pkgs; [
@ -73,8 +81,7 @@
description = "Epson XP-540 via bolty"; description = "Epson XP-540 via bolty";
name = "epson_xp540_via_bolty"; name = "epson_xp540_via_bolty";
deviceUri = "ipp://bolty:631/printers/epson_xp540"; deviceUri = "ipp://bolty:631/printers/epson_xp540";
model = model = "epson-inkjet-printer-escpr/Epson-XP-540_Series-epson-escpr-en.ppd";
"epson-inkjet-printer-escpr/Epson-XP-540_Series-epson-escpr-en.ppd";
ppdOptions = { ppdOptions = {
PageSize = "A4"; PageSize = "A4";
Duplex = "DuplexNoTumble"; Duplex = "DuplexNoTumble";
@ -83,8 +90,7 @@
{ {
description = "Samsung SCX-4623 Series"; description = "Samsung SCX-4623 Series";
name = "samsung-SCX-4623"; name = "samsung-SCX-4623";
deviceUri = deviceUri = "usb://Samsung/SCX-4623%20Series?serial=Z2TYBFFZC01007W&interface=1";
"usb://Samsung/SCX-4623%20Series?serial=Z2TYBFFZC01007W&interface=1";
model = "samsung/SCX-4623FW.ppd"; model = "samsung/SCX-4623FW.ppd";
ppdOptions = { ppdOptions = {
PageSize = "A4"; PageSize = "A4";
@ -93,7 +99,7 @@
} }
]; ];
services.udev.packages = [ ]; services.udev.packages = [];
hardware.sane = { hardware.sane = {
enable = true; enable = true;
snapshot = true; snapshot = true;

11
nixos/common-services.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
console.keyMap = "pl2"; console.keyMap = "pl2";
imports = [ ./tailscale ]; imports = [./tailscale];
services = { services = {
udev.packages = [ pkgs.android-udev-rules ]; udev.packages = [pkgs.android-udev-rules];
ratbagd.enable = true; ratbagd.enable = true;
fwupd = { fwupd = {

21
nixos/common.nix
View file

@ -1,5 +1,11 @@
{ config, pkgs, lib, inputs, nixpkgs-nixos-unstable-and-unfree, ... }: {
let config,
pkgs,
lib,
inputs,
nixpkgs-nixos-unstable-and-unfree,
...
}: let
stateVersion = "23.05"; stateVersion = "23.05";
username = "cyryl"; username = "cyryl";
in { in {
@ -54,10 +60,9 @@ in {
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
networking.nameservers = networking.nameservers = ["9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9"];
[ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ];
networking.hosts = { "10.11.99.1" = [ "remarkable" ]; }; networking.hosts = {"10.11.99.1" = ["remarkable"];};
programs.light.enable = true; programs.light.enable = true;
programs.adb.enable = true; programs.adb.enable = true;
@ -74,13 +79,13 @@ in {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
daemon.settings = { daemon.settings = {
"insecure-registries" = [ "vpsfree1.raptor-carp.ts.net:5000" ]; "insecure-registries" = ["vpsfree1.raptor-carp.ts.net:5000"];
}; };
}; };
fonts.fontconfig = { fonts.fontconfig = {
enable = true; enable = true;
defaultFonts.monospace = [ "BerkeleyMono Nerd Font" ]; defaultFonts.monospace = ["BerkeleyMono Nerd Font"];
}; };
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
@ -106,7 +111,7 @@ in {
''; '';
}; };
system = { inherit stateVersion; }; system = {inherit stateVersion;};
system.activationScripts.diff = '' system.activationScripts.diff = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig" ${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
''; '';

34
nixos/distributed-builds.nix
View file

@ -1,21 +1,25 @@
{ config, pkgs, ... }: { {
nix.buildMachines = [{ config,
hostName = "bolty"; pkgs,
sshUser = "nix-builder"; ...
sshKey = "/home/cyryl/.ssh/id_ed25519"; }: {
systems = [ "i686-linux" "x86_64-linux" "aarch64-linux" ]; nix.buildMachines = [
maxJobs = 2; {
speedFactor = 1; hostName = "bolty";
supportedFeatures = [ "kvm" "big-parallel" ]; sshUser = "nix-builder";
mandatoryFeatures = [ ]; sshKey = "/home/cyryl/.ssh/id_ed25519";
}]; systems = ["i686-linux" "x86_64-linux" "aarch64-linux"];
maxJobs = 2;
speedFactor = 1;
supportedFeatures = ["kvm" "big-parallel"];
mandatoryFeatures = [];
}
];
nix.extraOptions = '' nix.extraOptions = ''
builders-use-substitutes = true builders-use-substitutes = true
''; '';
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.settings.substituters = nix.settings.substituters = ["https://cache.nixos.org/" "ssh://nix-ssh@bolty.raptor-carp.ts.net"];
[ "https://cache.nixos.org/" "ssh://nix-ssh@bolty.raptor-carp.ts.net" ]; nix.settings.trusted-public-keys = ["cyplodev-store-key:a/+PEufePs7giWqYyRqy+TgUKLMbY+RQuJQu2aUjdl8="];
nix.settings.trusted-public-keys =
[ "cyplodev-store-key:a/+PEufePs7giWqYyRqy+TgUKLMbY+RQuJQu2aUjdl8=" ];
} }

2
nixos/emacs/home.nix
View file

@ -23,7 +23,7 @@
(setq make-backup-files nil) (setq make-backup-files nil)
(setq auto-save-default nil) (setq auto-save-default nil)
(require 'helm) (require 'helm)
(require 'helm-config) (require 'helm-config)

15
nixos/gnome/home.nix
View file

@ -1,9 +1,14 @@
{ config, pkgs, ... }: { {
services = { }; config,
pkgs,
...
}: {
services = {};
xsession = { enable = false; }; xsession = {enable = false;};
home.packages = (with pkgs; [ gnome-usage gnome3.gnome-tweaks ]) home.packages =
(with pkgs; [gnome-usage gnome3.gnome-tweaks])
++ (with pkgs.gnomeExtensions; [ ++ (with pkgs.gnomeExtensions; [
caffeine caffeine
clipboard-indicator clipboard-indicator
@ -13,7 +18,7 @@
dconf.settings = { dconf.settings = {
"org/gnome/mutter" = { "org/gnome/mutter" = {
# https://github.com/NixOS/nixpkgs/issues/114514#issuecomment-1177709271 # https://github.com/NixOS/nixpkgs/issues/114514#issuecomment-1177709271
experimental-features = [ "scale-monitor-framebuffer" ]; experimental-features = ["scale-monitor-framebuffer"];
}; };
"org/gnome/shell" = { "org/gnome/shell" = {
disable-user-extensions = false; disable-user-extensions = false;

6
nixos/gnome/system.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
services.xserver = { services.xserver = {
enable = true; enable = true;
displayManager.gdm.enable = true; displayManager.gdm.enable = true;

24
nixos/gui/default.nix
View file

@ -1,12 +1,18 @@
{ config, pkgs, discord, inputs, nixpkgs-nixos-stable-and-unfree {
, nixpkgs-nixos-unstable-and-unfree, ... }: config,
let pkgs,
discord,
inputs,
nixpkgs-nixos-stable-and-unfree,
nixpkgs-nixos-unstable-and-unfree,
...
}: let
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
nixpkgs-master = inputs.nixpkgs-master.legacyPackages.${pkgs.system}; nixpkgs-master = inputs.nixpkgs-master.legacyPackages.${pkgs.system};
in { in {
security.chromiumSuidSandbox.enable = true; security.chromiumSuidSandbox.enable = true;
home-manager.users.cyryl = { ... }: { home-manager.users.cyryl = {...}: {
gtk = { gtk = {
enable = true; enable = true;
iconTheme = { iconTheme = {
@ -21,13 +27,13 @@ in {
style.package = pkgs.adwaita-qt; style.package = pkgs.adwaita-qt;
}; };
imports = [ ]; imports = [];
programs.chromium.enable = true; programs.chromium.enable = true;
programs.firefox.enable = true; programs.firefox.enable = true;
home.packages = with pkgs; home.packages = with pkgs;
with pkgs.gnome3; with pkgs.gnome3;
with pkgs.python38Packages; with pkgs.python38Packages;
[ [
anarchism anarchism
calibre calibre
@ -81,7 +87,9 @@ in {
yubikey-manager-qt yubikey-manager-qt
yubikey-personalization yubikey-personalization
yubikey-personalization-gui yubikey-personalization-gui
] ++ (with unstable; [ glaxnimate gnucash kicad thunderbird ]) ++ [ ]
++ (with unstable; [glaxnimate gnucash kicad thunderbird])
++ [
nixpkgs-nixos-stable-and-unfree.discord nixpkgs-nixos-stable-and-unfree.discord
nixpkgs-nixos-unstable-and-unfree.hopper nixpkgs-nixos-unstable-and-unfree.hopper
]; ];

320
nixos/gui/vscode.nix
View file

@ -1,159 +1,163 @@
{ config, pkgs, inputs, ... }: { {
home.packages = with pkgs; config,
[ pkgs,
(vscode-with-extensions.override { inputs,
vscodeExtensions = with vscode-extensions; ...
[ }: {
ms-python.python home.packages = with pkgs; [
inputs.nixpkgs-rust-analyzer.legacyPackages.x86_64-linux.vscode-extensions.rust-lang.rust-analyzer (vscode-with-extensions.override {
(vscode-utils.buildVscodeExtension { vscodeExtensions = with vscode-extensions;
vscodeExtUniqueId = "vadimcn.vscode-lldb"; [
vscodeExtPublisher = "vadimcn"; ms-python.python
vscodeExtName = "vscode-lldb"; inputs.nixpkgs-rust-analyzer.legacyPackages.x86_64-linux.vscode-extensions.rust-lang.rust-analyzer
version = "1.6.10"; (vscode-utils.buildVscodeExtension {
name = "vadimcn.vscode-lldb-1.6.10"; vscodeExtUniqueId = "vadimcn.vscode-lldb";
src = fetchurl { vscodeExtPublisher = "vadimcn";
name = "vadimcn.vscode-lldb.zip"; vscodeExtName = "vscode-lldb";
url = version = "1.6.10";
"https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix"; name = "vadimcn.vscode-lldb-1.6.10";
sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw="; src = fetchurl {
}; name = "vadimcn.vscode-lldb.zip";
buildInputs = with pkgs; [ llvm lldb python38 autoPatchelfHook ]; url = "https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix";
}) sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw=";
] ++ vscode-utils.extensionsFromVscodeMarketplace [ };
{ buildInputs = with pkgs; [llvm lldb python38 autoPatchelfHook];
publisher = "bierner"; })
name = "markdown-mermaid"; ]
version = "1.18.1"; ++ vscode-utils.extensionsFromVscodeMarketplace [
sha256 = "sha256-JWeSs7V/LZ345vGWOLeUgGi68Fot/eA2k+CzWL/Wp4w="; {
} publisher = "bierner";
{ name = "markdown-mermaid";
publisher = "arrterian"; version = "1.18.1";
name = "nix-env-selector"; sha256 = "sha256-JWeSs7V/LZ345vGWOLeUgGi68Fot/eA2k+CzWL/Wp4w=";
version = "1.0.9"; }
sha256 = "sha256-TkxqWZ8X+PAonzeXQ+sI9WI+XlqUHll7YyM7N9uErk0="; {
} publisher = "arrterian";
{ name = "nix-env-selector";
publisher = "vscodevim"; version = "1.0.9";
name = "vim"; sha256 = "sha256-TkxqWZ8X+PAonzeXQ+sI9WI+XlqUHll7YyM7N9uErk0=";
version = "1.21.7"; }
sha256 = "sha256-nCcDafZ2CUhTjVha+6Mjxoil61xMGboO5lajc7dGEJg="; {
} publisher = "vscodevim";
{ name = "vim";
publisher = "bbenoist"; version = "1.21.7";
name = "nix"; sha256 = "sha256-nCcDafZ2CUhTjVha+6Mjxoil61xMGboO5lajc7dGEJg=";
version = "1.0.1"; }
sha256 = "sha256-qwxqOGublQeVP2qrLF94ndX/Be9oZOn+ZMCFX1yyoH0="; {
} publisher = "bbenoist";
{ name = "nix";
publisher = "hashicorp"; version = "1.0.1";
name = "terraform"; sha256 = "sha256-qwxqOGublQeVP2qrLF94ndX/Be9oZOn+ZMCFX1yyoH0=";
version = "2.19.0"; }
sha256 = "sha256-k/fcEJuELz0xkwivSrP6Nxtz861BLq1wR2ZDMXVrvkY="; {
} publisher = "hashicorp";
{ name = "terraform";
publisher = "be5invis"; version = "2.19.0";
name = "toml"; sha256 = "sha256-k/fcEJuELz0xkwivSrP6Nxtz861BLq1wR2ZDMXVrvkY=";
version = "0.6.0"; }
sha256 = "sha256-yk7buEyQIw6aiUizAm+sgalWxUibIuP9crhyBaOjC2E="; {
} publisher = "be5invis";
{ name = "toml";
publisher = "ms-vscode"; version = "0.6.0";
name = "cpptools-extension-pack"; sha256 = "sha256-yk7buEyQIw6aiUizAm+sgalWxUibIuP9crhyBaOjC2E=";
version = "1.1.0"; }
sha256 = "sha256-XKHBwoRXNHIpy7gDR9/xEFdEdB4S0B9L9Jbk53f/Vbc="; {
} publisher = "ms-vscode";
{ name = "cpptools-extension-pack";
publisher = "tiehuis"; version = "1.1.0";
name = "zig"; sha256 = "sha256-XKHBwoRXNHIpy7gDR9/xEFdEdB4S0B9L9Jbk53f/Vbc=";
version = "0.2.5"; }
sha256 = "sha256-P8Sep0OtdchTfnudxFNvIK+SW++TyibGVI9zd+B5tu4="; {
} publisher = "tiehuis";
{ name = "zig";
publisher = "sjhuangx"; version = "0.2.5";
name = "vscode-scheme"; sha256 = "sha256-P8Sep0OtdchTfnudxFNvIK+SW++TyibGVI9zd+B5tu4=";
version = "0.4.0"; }
sha256 = "07vjfymvfv98s5r5a4b5iqhgfz1wpgq2l8h3wlq1bnhhhvmq5pq4"; {
} publisher = "sjhuangx";
{ name = "vscode-scheme";
publisher = "shaunlebron"; version = "0.4.0";
name = "vscode-parinfer"; sha256 = "07vjfymvfv98s5r5a4b5iqhgfz1wpgq2l8h3wlq1bnhhhvmq5pq4";
version = "0.6.2"; }
sha256 = "0h4v4rnximy6rbh83y4s2qj1cqbj66g9wld39mzd0zwgi6ig9syd"; {
} publisher = "shaunlebron";
{ name = "vscode-parinfer";
publisher = "swyphcosmo"; version = "0.6.2";
name = "spellchecker"; sha256 = "0h4v4rnximy6rbh83y4s2qj1cqbj66g9wld39mzd0zwgi6ig9syd";
version = "1.2.13"; }
sha256 = "1lr33lf01afgi74c1a9gylk92li4hyq24l8bki4l6ggl4z4c2h3w"; {
} publisher = "swyphcosmo";
{ name = "spellchecker";
publisher = "asabil"; version = "1.2.13";
name = "meson"; sha256 = "1lr33lf01afgi74c1a9gylk92li4hyq24l8bki4l6ggl4z4c2h3w";
version = "1.1.1"; }
sha256 = "00cc28a2nb325f54bx51wf5q15x1pmsn0j9z6rnxxqxwii1dm5cl"; {
} publisher = "asabil";
{ name = "meson";
publisher = "codezombiech"; version = "1.1.1";
name = "gitignore"; sha256 = "00cc28a2nb325f54bx51wf5q15x1pmsn0j9z6rnxxqxwii1dm5cl";
version = "0.6.0"; }
sha256 = "0gnc0691pwkd9s8ldqabmpfvj0236rw7bxvkf0bvmww32kv1ia0b"; {
} publisher = "codezombiech";
{ name = "gitignore";
publisher = "DavidAnson"; version = "0.6.0";
name = "vscode-markdownlint"; sha256 = "0gnc0691pwkd9s8ldqabmpfvj0236rw7bxvkf0bvmww32kv1ia0b";
version = "0.26.0"; }
sha256 = "0g4pssvajn7d8p2547v7313gjyqx4pzs7cbjws2s3v2fk1sw7vbj"; {
} publisher = "DavidAnson";
{ name = "vscode-markdownlint";
publisher = "esbenp"; version = "0.26.0";
name = "prettier-vscode"; sha256 = "0g4pssvajn7d8p2547v7313gjyqx4pzs7cbjws2s3v2fk1sw7vbj";
version = "1.8.1"; }
sha256 = "0qcm2784n9qc4p77my1kwqrswpji7bp895ay17yzs5g84cj010ln"; {
} publisher = "esbenp";
{ name = "prettier-vscode";
publisher = "hbenl"; version = "1.8.1";
name = "vscode-test-explorer"; sha256 = "0qcm2784n9qc4p77my1kwqrswpji7bp895ay17yzs5g84cj010ln";
version = "2.9.3"; }
sha256 = "1yf85hgvganxq5n5jff9ckn3smxd6xi79cgn6k53qi5w1r5rahy0"; {
} publisher = "hbenl";
{ name = "vscode-test-explorer";
publisher = "lextudio"; version = "2.9.3";
name = "restructuredtext"; sha256 = "1yf85hgvganxq5n5jff9ckn3smxd6xi79cgn6k53qi5w1r5rahy0";
version = "106.0.0"; }
sha256 = "096r8071202nxi1is6z7dghcmpsh0f0mm3mp3cfh1yj2mnyzlaxa"; {
} publisher = "lextudio";
{ name = "restructuredtext";
publisher = "lostintangent"; version = "106.0.0";
name = "vsls-pomodoro"; sha256 = "096r8071202nxi1is6z7dghcmpsh0f0mm3mp3cfh1yj2mnyzlaxa";
version = "0.1.0"; }
sha256 = "1b73zbkhlhacvi18cx4g3n6randy3hw9cab1gkw5gzb3375w7w3p"; {
} publisher = "lostintangent";
{ name = "vsls-pomodoro";
publisher = "lostintangent"; version = "0.1.0";
name = "vsls-whiteboard"; sha256 = "1b73zbkhlhacvi18cx4g3n6randy3hw9cab1gkw5gzb3375w7w3p";
version = "0.0.8"; }
sha256 = "13fcay9bs861msb5y694casbw66dmhl504xm5cvprssx1qka186p"; {
} publisher = "lostintangent";
{ name = "vsls-whiteboard";
publisher = "mechatroner"; version = "0.0.8";
name = "rainbow-csv"; sha256 = "13fcay9bs861msb5y694casbw66dmhl504xm5cvprssx1qka186p";
version = "1.0.0"; }
sha256 = "1fyamgm7zq31r3c00cn6pcb66rrkfhwfmp72qnhrajydmnvcnbg6"; {
} publisher = "mechatroner";
{ name = "rainbow-csv";
publisher = "ronnidc"; version = "1.0.0";
name = "nunjucks"; sha256 = "1fyamgm7zq31r3c00cn6pcb66rrkfhwfmp72qnhrajydmnvcnbg6";
version = "0.2.3"; }
sha256 = "119xgyn1dggw2rcqkn2mnz364iw5jlrxg7pcydbijsqj5d3zdfsf"; {
} publisher = "ronnidc";
{ name = "nunjucks";
publisher = "serayuzgur"; version = "0.2.3";
name = "crates"; sha256 = "119xgyn1dggw2rcqkn2mnz364iw5jlrxg7pcydbijsqj5d3zdfsf";
version = "0.4.2"; }
sha256 = "1knspsc98cfw4mhc0yaz0f2185sxdf9kn9qsysfs6c82g9wjaqcj"; {
} publisher = "serayuzgur";
]; name = "crates";
}) version = "0.4.2";
]; sha256 = "1knspsc98cfw4mhc0yaz0f2185sxdf9kn9qsysfs6c82g9wjaqcj";
}
];
})
];
} }

8
nixos/home-manager/cli.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, inputs, system, ... }: { {
config,
pkgs,
inputs,
system,
...
}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
(pass.withExtensions (ext: [ (pass.withExtensions (ext: [
ext.pass-otp ext.pass-otp

12
nixos/home-manager/default.nix
View file

@ -1,5 +1,11 @@
{ config, pkgs, inputs, lib, ... }: {
let username = "cyryl"; config,
pkgs,
inputs,
lib,
...
}: let
username = "cyryl";
in { in {
home.sessionVariables = { home.sessionVariables = {
LC_ALL = "en_GB.UTF-8"; LC_ALL = "en_GB.UTF-8";
@ -9,7 +15,7 @@ in {
news.display = "show"; news.display = "show";
home.packages = with pkgs; [ ]; home.packages = with pkgs; [];
home.username = username; home.username = username;
home.homeDirectory = lib.mkDefault "/home/${username}"; home.homeDirectory = lib.mkDefault "/home/${username}";

7
nixos/home-manager/linux.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, inputs, ... }: { {
config,
pkgs,
inputs,
...
}: {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
pinentryFlavor = "curses"; pinentryFlavor = "curses";

8
nixos/home-manager/programs.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
@ -11,7 +15,7 @@
gpg = { gpg = {
enable = true; enable = true;
settings = { }; settings = {};
}; };
taskwarrior.enable = true; taskwarrior.enable = true;

20
nixos/home-manager/programs/alacritty.nix
View file

@ -1,16 +1,22 @@
{ config, pkgs, ... }: { {
home.sessionVariables = { TERMINAL = "alacritty"; }; config,
pkgs,
...
}: {
home.sessionVariables = {TERMINAL = "alacritty";};
programs.alacritty = { programs.alacritty = {
enable = true; enable = true;
settings = { settings = {
window.decorations = "none"; window.decorations = "none";
mouse_bindings = [{ mouse_bindings = [
mouse = "Middle"; {
mode = "~Vi"; mouse = "Middle";
action = "None"; mode = "~Vi";
}]; action = "None";
}
];
scrolling = { scrolling = {
history = 32000; history = 32000;
multiplier = 3; multiplier = 3;

16
nixos/home-manager/programs/helix.nix
View file

@ -9,10 +9,18 @@
alejandra = lib.getExe inputs.alejandra.packages.${system}.default; alejandra = lib.getExe inputs.alejandra.packages.${system}.default;
nil = lib.getExe inputs.nil.packages.${system}.default; nil = lib.getExe inputs.nil.packages.${system}.default;
in { in {
home.sessionVariables = {
home.sessionVariables = { EDITOR = "vim"; VISUAL="vim"; }; EDITOR = "vim";
programs.zsh.sessionVariables = { EDITOR = "vim"; VISUAL="vim"; }; VISUAL = "vim";
systemd.user.sessionVariables = { EDITOR = "vim"; VISUAL="vim"; }; };
programs.zsh.sessionVariables = {
EDITOR = "vim";
VISUAL = "vim";
};
systemd.user.sessionVariables = {
EDITOR = "vim";
VISUAL = "vim";
};
programs.helix = { programs.helix = {
enable = true; enable = true;

8
nixos/home-manager/programs/kitty.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: { {
home.sessionVariables = { TERMINAL = "kitty"; }; config,
pkgs,
...
}: {
home.sessionVariables = {TERMINAL = "kitty";};
programs.kitty = { programs.kitty = {
enable = true; enable = true;

6
nixos/home-manager/programs/ssh.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host vpsfree1 vpsfree1.cyplo.dev vpsfree1.raptor-carp.ts.net Host vpsfree1 vpsfree1.cyplo.dev vpsfree1.raptor-carp.ts.net
HostName vpsfree1 HostName vpsfree1

8
nixos/home-manager/programs/termite.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: { {
home.sessionVariables = { TERMINAL = "termite"; }; config,
pkgs,
...
}: {
home.sessionVariables = {TERMINAL = "termite";};
programs.termite = { programs.termite = {
enable = true; enable = true;
allowBold = true; allowBold = true;

44
nixos/i3/default.nix
View file

@ -1,28 +1,36 @@
{ config, pkgs, ... }: { {
imports = [ ./autorandr.nix ./openweathermap-secrets.nix ]; config,
environment.systemPackages = with pkgs; [ dconf ]; pkgs,
...
}: {
imports = [./autorandr.nix ./openweathermap-secrets.nix];
environment.systemPackages = with pkgs; [dconf];
programs.dconf.enable = true; programs.dconf.enable = true;
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
users = [ "cyryl" ]; users = ["cyryl"];
commands = [{ commands = [
command = "${pkgs.i3}/bin/i3-msg"; {
options = [ "NOPASSWD" ]; command = "${pkgs.i3}/bin/i3-msg";
}]; options = ["NOPASSWD"];
}
];
} }
{ {
users = [ "cyryl" ]; users = ["cyryl"];
commands = [{ commands = [
command = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top"; {
options = [ "NOPASSWD" ]; command = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top";
}]; options = ["NOPASSWD"];
}
];
} }
]; ];
xdg.portal = { xdg.portal = {
enable = true; enable = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-kde ]; extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-kde];
}; };
services = { services = {
@ -32,7 +40,7 @@
allowAnyUser = true; allowAnyUser = true;
}; };
dbus = { packages = with pkgs; [ gnome2.GConf dconf ]; }; dbus = {packages = with pkgs; [gnome2.GConf dconf];};
fractalart.enable = true; fractalart.enable = true;
colord.enable = true; colord.enable = true;
@ -42,8 +50,8 @@
enableHidpi = true; enableHidpi = true;
}; };
}; };
home-manager.users.cyryl = { ... }: { home-manager.users.cyryl = {...}: {
imports = [ ./home.nix ]; imports = [./home.nix];
home.packages = with pkgs; [ ]; home.packages = with pkgs; [];
}; };
} }

6
nixos/i3/dunst.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
services.dunst = { services.dunst = {
enable = true; enable = true;
settings = { settings = {

12
nixos/i3/i3-status.nix
View file

@ -1,12 +1,16 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
programs.i3status = { programs.i3status = {
enable = true; enable = true;
enableDefault = false; enableDefault = false;
modules = { modules = {
"load" = { position = 1; }; "load" = {position = 1;};
"disk /" = { "disk /" = {
position = 2; position = 2;
settings = { format = " %avail"; }; settings = {format = " %avail";};
}; };
"memory" = { "memory" = {
settings = { settings = {
@ -27,7 +31,7 @@
position = 3; position = 3;
}; };
"time" = { "time" = {
settings = { format = "%a %d/%m %H:%M"; }; settings = {format = "%a %d/%m %H:%M";};
position = 9; position = 9;
}; };
}; };

61
nixos/i3/i3.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, ... }: {
let mod = "Mod4"; config,
pkgs,
...
}: let
mod = "Mod4";
in { in {
home.packages = with pkgs; [ font-awesome intel-gpu-tools ]; home.packages = with pkgs; [font-awesome intel-gpu-tools];
xsession.windowManager.i3 = { xsession.windowManager.i3 = {
enable = true; enable = true;
@ -23,8 +27,7 @@ in {
notification = false; notification = false;
} }
{ {
command = command = "exec xdg-mime default org.gnome.Evince.desktop application/pdf";
"exec xdg-mime default org.gnome.Evince.desktop application/pdf";
always = false; always = false;
notification = false; notification = false;
} }
@ -42,18 +45,20 @@ in {
}; };
workspaceLayout = "tabbed"; workspaceLayout = "tabbed";
bars = [{ bars = [
statusCommand = "${pkgs.i3status}/bin/i3status"; {
position = "top"; statusCommand = "${pkgs.i3status}/bin/i3status";
colors.background = "#001e26"; position = "top";
colors.statusline = "#708183"; colors.background = "#001e26";
fonts = { colors.statusline = "#708183";
names = [ "BerkeleyMono Nerd Font" ]; fonts = {
size = 10.0; names = ["BerkeleyMono Nerd Font"];
}; size = 10.0;
};
trayOutput = "primary"; trayOutput = "primary";
}]; }
];
modifier = mod; modifier = mod;
keybindings = { keybindings = {
@ -64,25 +69,17 @@ in {
"${mod}+Shift+l" = "exec physlock -d"; "${mod}+Shift+l" = "exec physlock -d";
"${mod}+Return" = "exec i3-sensible-terminal"; "${mod}+Return" = "exec i3-sensible-terminal";
"XF86AudioRaiseVolume" = "XF86AudioRaiseVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%"; "XF86AudioLowerVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioLowerVolume" = "XF86AudioMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%"; "XF86AudioMicMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86AudioMute" =
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" =
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessUp" = "XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5";
"exec light -s sysfs/backlight/intel_backlight -A 5"; "XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5";
"XF86MonBrightnessDown" =
"exec light -s sysfs/backlight/intel_backlight -U 5";
"Print" = "Print" = "exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i";
"exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i";
"${mod}+r" = "${mod}+r" = "exec ${pkgs.rofi}/bin/rofi -show combi -combi-modi window#run#ssh -modi combi";
"exec ${pkgs.rofi}/bin/rofi -show combi -combi-modi window#run#ssh -modi combi";
"${mod}+c" = "exec ${pkgs.clipmenu}/bin/clipmenu"; "${mod}+c" = "exec ${pkgs.clipmenu}/bin/clipmenu";
"${mod}+q" = "kill"; "${mod}+q" = "kill";
"${mod}+f" = "fullscreen toggle"; "${mod}+f" = "fullscreen toggle";

6
nixos/i3/rofi.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
programs.rofi = { programs.rofi = {
enable = true; enable = true;
font = "BerkeleyMono Nerd Font 16"; font = "BerkeleyMono Nerd Font 16";

29
nixos/sdr.nix
View file

@ -1,20 +1,21 @@
{ config, pkgs, inputs, ... }:
{ {
home-manager.users.cyryl = { ... }: { config,
imports = [ ]; pkgs,
home.packages = inputs,
with inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux"; ...
with gnuradio3_8Packages; }: {
[ gnuradio3_8 osmosdr gqrx audacity rtl-sdr inspectrum ] ++ home-manager.users.cyryl = {...}: {
imports = [];
(with pkgs; [ ]); home.packages = with inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux";
with gnuradio3_8Packages;
[gnuradio3_8 osmosdr gqrx audacity rtl-sdr inspectrum]
++ (with pkgs; []);
}; };
users.extraUsers.cyryl.extraGroups = [ "plugdev" ]; users.extraUsers.cyryl.extraGroups = ["plugdev"];
users.groups = { "plugdev" = { }; }; users.groups = {"plugdev" = {};};
services.udev = { services.udev = {
packages = [ pkgs.rtl-sdr ]; packages = [pkgs.rtl-sdr];
extraRules = '' extraRules = ''
# RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc. # RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc.
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev" SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
@ -22,5 +23,5 @@
}; };
# dont load DVB-T modules automatically # dont load DVB-T modules automatically
boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ]; boot.blacklistedKernelModules = ["dvb_usb_rtl28xxu"];
} }

8
nixos/server-common.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: { {
imports = [ ./server-security.nix ./tailscale ]; config,
pkgs,
...
}: {
imports = [./server-security.nix ./tailscale];
networking.nameservers = [ networking.nameservers = [
"100.100.100.100" "100.100.100.100"
"9.9.9.9" "9.9.9.9"

11
nixos/server-security.nix
View file

@ -1,5 +1,8 @@
{ config, pkgs, ... }: {
let config,
pkgs,
...
}: let
authorizedKeys = [ authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
@ -7,7 +10,7 @@ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDa2qAxpUEFeBYl2wlzDa/x37TAAy5pOBHv50OXUrV5 cyryl@thinky" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDa2qAxpUEFeBYl2wlzDa/x37TAAy5pOBHv50OXUrV5 cyryl@thinky"
]; ];
in { in {
imports = [ ./security.nix ]; imports = [./security.nix];
security.acme.defaults.email = "admin@cyplo.dev"; security.acme.defaults.email = "admin@cyplo.dev";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
@ -27,7 +30,7 @@ in {
openssh.authorizedKeys.keys = authorizedKeys; openssh.authorizedKeys.keys = authorizedKeys;
}; };
nix.settings.trusted-users = [ "root" "nix-builder" ]; nix.settings.trusted-users = ["root" "nix-builder"];
nix.sshServe.enable = true; nix.sshServe.enable = true;
nix.sshServe.keys = authorizedKeys; nix.sshServe.keys = authorizedKeys;
} }

31
nixos/sway/default.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, ... }: {
let mod = "Mod4"; config,
pkgs,
...
}: let
mod = "Mod4";
in { in {
services.dbus.packages = with pkgs; [ ]; services.dbus.packages = with pkgs; [];
programs.dconf.enable = true; programs.dconf.enable = true;
systemd.defaultUnit = "graphical.target"; systemd.defaultUnit = "graphical.target";
security.polkit.enable = true; security.polkit.enable = true;
@ -13,10 +17,10 @@ in {
fi fi
''; '';
home-manager.users.cyryl = { ... }: { home-manager.users.cyryl = {...}: {
programs.mako.enable = true; programs.mako.enable = true;
imports = [ ./keybindings.nix ../home-manager/programs/alacritty.nix ]; imports = [./keybindings.nix ../home-manager/programs/alacritty.nix];
home.pointerCursor = { home.pointerCursor = {
name = "Adwaita"; name = "Adwaita";
@ -73,16 +77,17 @@ in {
titlebar = false; titlebar = false;
border = 0; border = 0;
}; };
bars = [{ bars = [
position = "top"; {
command = "${pkgs.waybar}/bin/waybar"; position = "top";
}]; command = "${pkgs.waybar}/bin/waybar";
}
];
startup = [ startup = [
{ {
command = command = "${pkgs.wl-clipboard}/bin/wl-paste -t text --watch ${pkgs.clipman}/bin/clipman store";
"${pkgs.wl-clipboard}/bin/wl-paste -t text --watch ${pkgs.clipman}/bin/clipman store";
} }
{ command = "${pkgs.clipman}/bin/clipman restore"; } {command = "${pkgs.clipman}/bin/clipman restore";}
{ {
command = '' command = ''
swayidle -w timeout 300 'swaylock -f -c 000000' timeout 600 'swaymsg "output * dpms off" && systemctl suspend' resume 'swaymsg "output * dpms on"' before-sleep 'swaylock -f -c 657b83' swayidle -w timeout 300 'swaylock -f -c 000000' timeout 600 'swaymsg "output * dpms off" && systemctl suspend' resume 'swaymsg "output * dpms on"' before-sleep 'swaylock -f -c 657b83'
@ -94,7 +99,7 @@ in {
xkb_layout = "pl"; xkb_layout = "pl";
xkb_options = "caps:ctrl_modifier"; xkb_options = "caps:ctrl_modifier";
}; };
input."2:7:SynPS/2_Synaptics_TouchPad" = { tap = "enabled"; }; input."2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";};
}; };
}; };
}; };

26
nixos/sway/keybindings.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
let mod = "Mod4"; config,
pkgs,
...
}: let
mod = "Mod4";
in { in {
wayland.windowManager.sway.config.keybindings = { wayland.windowManager.sway.config.keybindings = {
"${mod}+Shift+e" = "exit"; "${mod}+Shift+e" = "exit";
@ -7,19 +11,13 @@ in {
"${mod}+Shift+l" = "exec swaylock -c 657b83"; "${mod}+Shift+l" = "exec swaylock -c 657b83";
"${mod}+Return" = "exec ${pkgs.alacritty}/bin/alacritty"; "${mod}+Return" = "exec ${pkgs.alacritty}/bin/alacritty";
"XF86AudioRaiseVolume" = "XF86AudioRaiseVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%"; "XF86AudioLowerVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioLowerVolume" = "XF86AudioMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%"; "XF86AudioMicMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86AudioMute" =
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" =
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessUp" = "XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5";
"exec light -s sysfs/backlight/intel_backlight -A 5"; "XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5";
"XF86MonBrightnessDown" =
"exec light -s sysfs/backlight/intel_backlight -U 5";
"Print" = "exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i"; "Print" = "exec ${pkgs.gnome3.gnome-screenshot}/bin/gnome-screenshot -i";

22
nixos/syncthing.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, inputs, ... }: {
let config,
workstations = [ "skinnyv" "foryog" "thinky" ]; pkgs,
workstations_plus_phone = [ "OnePlus9" ] ++ workstations; inputs,
...
}: let
workstations = ["skinnyv" "foryog" "thinky"];
workstations_plus_phone = ["OnePlus9"] ++ workstations;
in { in {
services.syncthing = { services.syncthing = {
enable = true; enable = true;
@ -41,12 +45,12 @@ in {
"/home/cyryl/vaults" = { "/home/cyryl/vaults" = {
id = "vaults"; id = "vaults";
label = "vaults"; label = "vaults";
devices = workstations_plus_phone ++ [ "hagath" ]; devices = workstations_plus_phone ++ ["hagath"];
}; };
"/home/cyryl/Documents" = { "/home/cyryl/Documents" = {
id = "documents"; id = "documents";
label = "documents"; label = "documents";
devices = workstations_plus_phone ++ [ "hagath" ]; devices = workstations_plus_phone ++ ["hagath"];
}; };
"/home/cyryl/camera" = { "/home/cyryl/camera" = {
id = "camera"; id = "camera";
@ -71,7 +75,7 @@ in {
"/home/cyryl/Photos" = { "/home/cyryl/Photos" = {
id = "photos"; id = "photos";
label = "photos"; label = "photos";
devices = workstations ++ [ "hagath" ]; devices = workstations ++ ["hagath"];
}; };
"/home/cyryl/gopro" = { "/home/cyryl/gopro" = {
id = "gopro"; id = "gopro";
@ -81,12 +85,12 @@ in {
"/home/cyryl/Videos" = { "/home/cyryl/Videos" = {
id = "videos"; id = "videos";
label = "videos"; label = "videos";
devices = workstations ++ [ "hagath" ]; devices = workstations ++ ["hagath"];
}; };
"/home/cyryl/rodzice_sync" = { "/home/cyryl/rodzice_sync" = {
id = "rodzice"; id = "rodzice";
label = "rodzice"; label = "rodzice";
devices = workstations ++ [ "hagath" "mama" "janusz" "danuta" ]; devices = workstations ++ ["hagath" "mama" "janusz" "danuta"];
}; };
}; };
extraOptions = { extraOptions = {

28
nixos/tailscale/default.nix
View file

@ -1,28 +1,34 @@
{ config, pkgs, inputs, ... }: {
let config,
inherit (inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux") pkgs,
tailscale; inputs,
...
}: let
inherit
(inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux")
tailscale
;
in { in {
environment.systemPackages = [ tailscale ]; environment.systemPackages = [tailscale];
services.tailscale = { services.tailscale = {
enable = true; enable = true;
package = tailscale; package = tailscale;
}; };
networking.firewall = { networking.firewall = {
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = ["tailscale0"];
allowedUDPPorts = [ config.services.tailscale.port ]; allowedUDPPorts = [config.services.tailscale.port];
}; };
sops.secrets."tailscale-key-${config.networking.hostName}" = { sops.secrets."tailscale-key-${config.networking.hostName}" = {
sopsFile = ./keys.sops.yaml; sopsFile = ./keys.sops.yaml;
restartUnits = [ "tailscale-auth.service" ]; restartUnits = ["tailscale-auth.service"];
}; };
systemd.services.tailscale-auth = { systemd.services.tailscale-auth = {
description = "Auth with tailscale"; description = "Auth with tailscale";
after = [ "network-pre.target" "tailscale.service" ]; after = ["network-pre.target" "tailscale.service"];
wants = [ "network-pre.target" "tailscale.service" ]; wants = ["network-pre.target" "tailscale.service"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";

9
nixos/vim/default.nix
View file

@ -1,5 +1,10 @@
{ config, pkgs, lib, ... }: { {
config,
pkgs,
lib,
...
}: {
programs.zsh.enable = true; programs.zsh.enable = true;
home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; }; home-manager.users.cyryl = {...}: {imports = [./home.nix];};
} }

135
nixos/vim/home.nix
View file

@ -1,15 +1,30 @@
{ config, pkgs, lib, inputs, system, ... }: {
let config,
pkgs,
lib,
inputs,
system,
...
}: let
unstablePackages = inputs.nixpkgs-nixos-unstable.legacyPackages."${system}"; unstablePackages = inputs.nixpkgs-nixos-unstable.legacyPackages."${system}";
nil = inputs.nil.packages."${system}".default; nil = inputs.nil.packages."${system}".default;
cocPackage = unstablePackages.vimPlugins.coc-nvim; cocPackage = unstablePackages.vimPlugins.coc-nvim;
nvimPackage = unstablePackages.neovim-unwrapped; nvimPackage = unstablePackages.neovim-unwrapped;
in { in {
home.file.".vimrc".source = ../../.vimrc; home.file.".vimrc".source = ../../.vimrc;
home.packages = with pkgs; [ ripgrep ]; home.packages = with pkgs; [ripgrep];
home.sessionVariables = { EDITOR = "vim"; VISUAL="vim"; }; home.sessionVariables = {
programs.zsh.sessionVariables = { EDITOR = "vim"; VISUAL="vim"; }; EDITOR = "vim";
systemd.user.sessionVariables = { EDITOR = "vim"; VISUAL="vim"; }; VISUAL = "vim";
};
programs.zsh.sessionVariables = {
EDITOR = "vim";
VISUAL = "vim";
};
systemd.user.sessionVariables = {
EDITOR = "vim";
VISUAL = "vim";
};
programs.neovim = { programs.neovim = {
enable = true; enable = true;
@ -26,8 +41,8 @@ in {
languageserver = { languageserver = {
nix = { nix = {
command = "${nil}/bin/nil"; command = "${nil}/bin/nil";
rootPatterns = [ "flake.nix" ]; rootPatterns = ["flake.nix"];
filetypes = [ "nix" ]; filetypes = ["nix"];
}; };
}; };
}; };
@ -40,58 +55,58 @@ in {
withRuby = true; withRuby = true;
plugins = with pkgs; plugins = with pkgs;
with pkgs.vimPlugins; [ with pkgs.vimPlugins; [
(vimUtils.buildVimPluginFrom2Nix rec { (vimUtils.buildVimPluginFrom2Nix rec {
pname = "vim-tada"; pname = "vim-tada";
version = "2022-04-22"; version = "2022-04-22";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "dewyze"; owner = "dewyze";
repo = pname; repo = pname;
rev = "acfda7229fc487ee6da44650164cb770d1cc608c"; rev = "acfda7229fc487ee6da44650164cb770d1cc608c";
sha256 = "sha256-9kvLbzrVjtBTjbXmhJ7JTggXgFvGVF7sc2YiVW9fUGY="; sha256 = "sha256-9kvLbzrVjtBTjbXmhJ7JTggXgFvGVF7sc2YiVW9fUGY=";
}; };
}) })
(vimUtils.buildVimPluginFrom2Nix rec { (vimUtils.buildVimPluginFrom2Nix rec {
pname = "srht.vim"; pname = "srht.vim";
version = "2022-01-04"; version = "2022-01-04";
src = fetchFromSourcehut { src = fetchFromSourcehut {
owner = "~willdurand"; owner = "~willdurand";
repo = pname; repo = pname;
rev = "825e685f75464cbd41a5f8eded974e46f416355e"; rev = "825e685f75464cbd41a5f8eded974e46f416355e";
sha256 = "sha256-9/Yeqmq/1ZIIsEgsrLLZ7o0cjOt/wlUgeLEzJoK7eco="; sha256 = "sha256-9/Yeqmq/1ZIIsEgsrLLZ7o0cjOt/wlUgeLEzJoK7eco=";
}; };
}) })
ack-vim ack-vim
coc-go coc-go
coc-highlight coc-highlight
coc-rust-analyzer coc-rust-analyzer
coc-yaml coc-yaml
committia-vim committia-vim
ctrlp-vim ctrlp-vim
editorconfig-vim editorconfig-vim
fzf-vim fzf-vim
lsp-colors-nvim lsp-colors-nvim
nvim-tree-lua nvim-tree-lua
nvim-web-devicons nvim-web-devicons
quickfix-reflector-vim quickfix-reflector-vim
rainbow rainbow
tabular tabular
vim-airline vim-airline
vim-airline-themes vim-airline-themes
vim-autoformat vim-autoformat
vim-colors-solarized vim-colors-solarized
vim-devicons vim-devicons
vim-dirdiff vim-dirdiff
vim-dispatch vim-dispatch
vim-fugitive vim-fugitive
vim-gitgutter vim-gitgutter
vim-markdown vim-markdown
vim-nix vim-nix
vim-sensible vim-sensible
vim-startify vim-startify
vim-surround vim-surround
vim-toml vim-toml
]; ];
extraConfig = '' extraConfig = ''
if filereadable($HOME . "/.vimrc") if filereadable($HOME . "/.vimrc")
source $HOME/.vimrc source $HOME/.vimrc

9
nixos/zsh/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: { {
config,
pkgs,
lib,
...
}: {
programs.zsh.enable = true; programs.zsh.enable = true;
home-manager.users.cyryl = { ... }: { imports = [ ./home.nix ]; }; home-manager.users.cyryl = {...}: {imports = [./home.nix];};
} }

10
nixos/zsh/home.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
programs.atuin.enableZshIntegration = true; programs.atuin.enableZshIntegration = true;
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -15,7 +19,7 @@
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
plugins = [ "vi-mode" "git" "python" "history-substring-search" "tmux" ]; plugins = ["vi-mode" "git" "python" "history-substring-search" "tmux"];
}; };
initExtra = '' initExtra = ''
@ -65,7 +69,7 @@
programs.direnv = { programs.direnv = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
nix-direnv = { enable = true; }; nix-direnv = {enable = true;};
}; };
home.file.".config/starship.toml".text = '' home.file.".config/starship.toml".text = ''