diff --git a/.agenix_config.nix b/.agenix_config.nix index 539dfa8..dc5d24b 100644 Binary files a/.agenix_config.nix and b/.agenix_config.nix differ diff --git a/flake.lock b/flake.lock index db79adf..0bcc3b1 100644 --- a/flake.lock +++ b/flake.lock @@ -109,7 +109,44 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "dir": "repos/rycee/pkgs/firefox-addons", + "lastModified": 1713127732, + "narHash": "sha256-07prd+in1ZUcxETxPyWtFjl7xPKwlXzk9a47Q3RnHXU=", + "owner": "nix-community", + "repo": "nur-combined", + "rev": "6edb2a1a43dbd2f8b32876268a530ce82c64013f", + "type": "github" + }, + "original": { + "dir": "repos/rycee/pkgs/firefox-addons", + "owner": "nix-community", + "ref": "master", + "repo": "nur-combined", + "type": "github" + } + }, "flake-utils": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -400,16 +437,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", - "owner": "NixOS", + "lastModified": 1627814220, + "narHash": "sha256-P+MDgdZw2CBk9X1ZZaUgHgN+32pTfLFf3XVIBOXirI4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "ab5b6828af26215bf2646c31961da5d3749591ef", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-23.11", + "owner": "nixos", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -430,6 +467,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nlsp-settings-nvim": { "flake": false, "locked": { @@ -578,12 +631,13 @@ "root": { "inputs": { "agenix": "agenix", - "flake-utils": "flake-utils", + "firefox-addons": "firefox-addons", + "flake-utils": "flake-utils_2", "hardware": "hardware", "home-manager": "home-manager_2", "myneovim": "myneovim", "nil": "nil", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "vnetod": "vnetod", "wired": "wired" diff --git a/flake.nix b/flake.nix index a5d33b9..c7b4613 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,8 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; hardware.url = "github:NixOS/nixos-hardware/master"; + firefox-addons.url = "github:nix-community/nur-combined/master?dir=repos/rycee/pkgs/firefox-addons"; + agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -44,7 +46,10 @@ }; outputs = inputs @ { self, flake-utils, nixpkgs, ... }: - flake-utils.lib.eachDefaultSystem + let + inherit (flake-utils.lib) eachSystem system; + in + eachSystem [ system.x86_64-linux ] (system: let pkgs = import nixpkgs { inherit system; }; @@ -60,7 +65,7 @@ (name: program: { type = "app"; program = toString program; }) (flake-utils.lib.flattenTree { deploy = lib.recurseIntoAttrs (lib.mapAttrs - (hostname: machine: pkgs.writeShellScript "deploy-${hostname}" '' + (hostname: machine: pkgs.writeShellScript "deploy/${hostname}" '' ${nixos-rebuild}/bin/nixos-rebuild switch \ --flake .#${hostname} \ --target-host root@${machine.config.deployment.targetHost} \ @@ -69,7 +74,7 @@ vpsMachines); switch = lib.recurseIntoAttrs (lib.mapAttrs - (hostname: machine: pkgs.writeShellScript "switch-${hostname}" '' + (hostname: machine: pkgs.writeShellScript "switch/${hostname}" '' ${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@ '') localMachines); @@ -101,21 +106,22 @@ (hostname: { system , specialArgs ? { } , extraModules ? [ ] - , extraHomeModule ? null , targetHost ? null , nixpkgs ? inputs.nixpkgs }: nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs extraHomeModule; } // specialArgs; + specialArgs = { + inherit inputs; + globalData = import ./data.nix; + } // specialArgs; modules = (with inputs; [ agenix.nixosModules.default home-manager.nixosModule ]) - ++ extraModules ++ [ # deployment settings ({ lib, ... }: { @@ -132,10 +138,20 @@ ({ ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; + home-manager.sharedModules = [ + { + imports = [ + ./modules/home-manager + inputs.wired.homeManagerModules.default + ]; + } + ]; }) ] - ++ [ ./nixos/hosts/${hostname} ]; + ++ extraModules + ++ [ ./modules/nixos ] + ++ [ ./hosts/${hostname}/configuration.nix ]; }) - (import ./nixos/hosts inputs); + (import ./hosts inputs); }; } diff --git a/home/modules/dev_tools.nix b/home/modules/dev_tools.nix deleted file mode 100644 index 457bf16..0000000 --- a/home/modules/dev_tools.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - exaPackage = pkgs.unstable.eza.override { gitSupport = true; }; -in -{ - programs.eza = { - enable = true; - package = exaPackage; - }; - programs.zsh.shellAliases = - let - defaultArgs = "--icons --classify --group-directories-first --all"; - bin = "${exaPackage}/bin/exa ${defaultArgs}"; - in - lib.mkIf config.programs.zsh.enable { - ls = "${bin} --oneline"; - lt = "${bin} --tree --level=3"; - ll = "${bin} --long --header"; - }; - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - - programs.zoxide = { - enable = true; - enableZshIntegration = config.programs.zsh.enable; - }; - - home.packages = with pkgs; [ - # tools - xh # friendly and fast tool for sending HTTP requests - fd # a simple, fast and user-friendly alternative to find - bat # a cat clone with syntax highlighting and git integration - ripgrep # a fuzzy finder - vnetod # a tool to change env sections - gnumake - libnotify # tool to send notifications via cli - - deno - unstable.nickel - - nixpkgs-fmt # nix formatter - unstable.nil # nix lsp server - - docker-compose - ]; -} diff --git a/home/modules/editor.nix b/home/modules/editor.nix deleted file mode 100644 index fedcfba..0000000 --- a/home/modules/editor.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ pkgs, ... }: - -let - myneovim = pkgs.myneovim.override { - viAlias = true; - vimAlias = true; - enableDevIcons = true; - enableTabby = true; - enableOrgMode = true; - extraConfig = '' - aug extra_ftdetect - au! - au BufNewFile,BufRead *.d2 setfiletype d2 - au BufNewFile,BufRead *.ncl setfiletype nickel - au BufNewFile,BufRead *.psql setfiletype psql - aug END - ''; - plugins = with pkgs.myneovim.nix2lua; { - nvimTree.settings = { - renderer = { - group_empty = true; - full_name = true; - }; - tab.sync = { - open = true; - close = true; - }; - }; - telescope.settings = { - extensions.live_grep_args = { - auto_quoting = true; - mappings.i = { - "" = join "." [ - (mkCall "require" [ "telescope-live-grep-args.actions" ]) - (mkCall "quote_prompt" [ ]) - ]; - }; - }; - }; - lspSaga.settings = { - border_style = "rounded"; - symbol_in_winbar.enable = false; - code_action_lightbulb.enable = false; - code_action_keys = { quit = ""; }; - definition_action_keys = { quit = ""; }; - rename_action_quit = ""; - }; - lspConfig = { - servers = { - nickel_ls = { }; - nil_ls = { }; - tsserver = { }; - eslint = { }; - volar = { - init_options = { - typescript.tsdk = "./node_modules/typescript/lib"; - }; - }; - denols = { - root_dir = mkCall "root_pattern" [ "deno.json" "deno.jsonc" ]; - }; - rust_analyzer = { - settings.rust-analyzer = { - "server.path" = "rust-analyzer"; - "updates.prompt" = false; - "updates.checkOnStartup" = false; - "checkOnSave.enable" = true; - "checkOnSave.command" = "clippy"; - "cargo.autoreload" = true; - }; - }; - pylsp = { }; - ltex = { - language = "en-US"; - languageToolHttpServerUri = "http://localhost:8081"; - }; - }; - }; - lualine.settings = { - options.ignore_focus = [ "NvimTree" ]; - sections = { - lualine_a = [ - [ "filename" (mkNamedField "path" 1) ] - ]; - lualine_b = [ "branch" "diff" "diagnostics" ]; - lualine_c = [ "lsp_progress" ]; - lualine_x = [ "filesize" "filetype" ]; - lualine_y = [ "progress" ]; - lualine_z = [ "location" "mode" ]; - }; - }; - orgmode.settings = { - org_agenda_files = [ "~/orgs/**/*" ]; - org_default_notes_file = "~/orgs/refile.org"; - win_split_mode = "tabnew"; - org_hide_leading_stars = true; - }; - }; - }; -in -{ - home.packages = [ - pkgs.ltex-ls - myneovim - - pkgs.unstable.arduino-ide - ]; - - home.sessionVariables.EDITOR = "nvim"; -} diff --git a/home/modules/mail/aerc.nix b/home/modules/mail/aerc.nix deleted file mode 100644 index bb8a429..0000000 --- a/home/modules/mail/aerc.nix +++ /dev/null @@ -1,175 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - exec = cmd: ":${cmd}"; - fill = cmd: ":${cmd}"; - - globalBinds = { - "gt" = exec "next-tab"; - "gT" = exec "prev-tab"; - }; - - commonMessageBinds = { - "U" = exec "unsubscribe"; - "dd" = exec "delete"; - "mA" = exec "archive flat"; - "mS" = exec "move Junk"; - "mI" = exec "move INBOX"; - }; -in -{ - accounts.email.maildirBasePath = "${config.xdg.dataHome}/mail"; - - # See: https://git.sbruder.de/simon/nixos-config/src/branch/master/users/simon/modules/mail/aerc/default.nix - programs.aerc = { - enable = true; - package = pkgs.unstable.aerc; - # https://git.sr.ht/~rjarry/aerc/tree/master/item/doc/aerc-config.5.scd - extraConfig = { - general = { - unsafe-accounts-conf = true; - }; - - ui = { - # See https://godoc.org/time#Time.Format - timestamp-format = "2006-01-02 15:04 MST"; - this-day-time-format = "15:04"; - this-week-time-format = "Monday 15:04"; - this-year-time-format = "02 January"; - pinned-tab-marker = "車"; - border-char-vertical = "│"; - border-char-horizontal = "─"; - fuzzy-complete = true; - new-message-bell = true; - index-columns = "date<20,from<30,flags>4,subject<*"; - column-from = "{{ .From | emails | join \", \" }}"; - }; - - statusline = { - display-mode = "icon"; - }; - - filters = { - ".headers" = "colorize"; - "text/html" = "html | colorize"; - "text/plain" = "colorize"; - "text/rfc822-headers" = "colorize"; - # "text/*" = "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME'"; - "message/delivery-status" = "cat | colorize"; - }; - - hooks = { - mail-received = "notify-send \"New mail from $AERC_FROM_NAME\" \"$AERC_SUBJECT\""; - }; - }; - extraBinds = { - messages = lib.mkMerge [ - globalBinds - commonMessageBinds - { - "q" = exec "quit"; - - "j" = exec "next"; - "" = exec "next"; - "" = exec "next 50%"; - - "k" = exec "prev"; - "" = exec "prev"; - "" = exec "prev 50%"; - - "gg" = exec "select 0"; - "G" = exec "select -1"; - - "J" = exec "next-folder"; - "K" = exec "prev-folder"; - "c" = fill "cf"; - - "" = exec "view"; - "C" = exec "compose"; - - "/" = fill "search"; - "\\" = fill "filter"; - "n" = exec "next-result"; - "N" = exec "prev-result"; - #"D" = exec "modify-labels +deleted -inbox"; - #"A" = exec "modify-labels -inbox"; - #"ms" = exec "modify-labels +spam -inbox"; - #"mS" = exec "modify-labels -spam +inbox"; - } - ]; - - view = lib.mkMerge [ - globalBinds - commonMessageBinds - { - "q" = exec "close"; - "O" = exec "open"; - "S" = fill "save"; - - "f" = exec "forward"; - - "rr" = exec "reply -a"; - "rq" = exec "reply -aq"; - "Rr" = exec "reply"; - "Rq" = exec "reply -q"; - - "" = exec "prev-part"; - "" = exec "next-part"; - "J" = exec "next"; - "K" = exec "prev"; - } - ]; - - compose = lib.mkMerge [ - globalBinds - { - "$ex" = ""; - "" = exec "prev-field"; - "" = exec "next-field"; - "" = exec "next-field"; - } - ]; - - "compose::editor" = { - "$noinherit" = "true"; - "$ex" = ""; - "" = exec "prev-field"; - "" = exec "next-field"; - }; - - "compose::review" = { - "y" = exec "send"; - "n" = exec "abort"; - "p" = exec "postpone"; - "q" = exec "choose -o d discard abort -o p postpone postpone"; - "e" = exec "edit"; - "a" = fill "attach"; - "d" = fill "detach"; - }; - }; - - stylesets.default = { - "*.selected.reverse" = true; - "title.reverse" = true; - "header.bold" = true; - "*error.bold" = true; - "error.fg" = 1; - "warning.fg" = 3; - "success.fg" = 2; - "msglist_unread.bold" = true; - "msglist_deleted.fg" = 10; - "tab.fg" = 0; - "tab.selected.reverse" = false; - "tab.selected.bold" = true; - "tab.selected.bg" = 2; - "dirlist_default.bg" = 18; - "border.fg" = 0; - "statusline_default.bg" = 18; - "statusline_error.fg" = 1; - "statusline_error.reverse" = true; - "statusline_success.fg" = 2; - "statusline_success.reverse" = true; - "completion_default.bg" = 0; - }; - }; -} diff --git a/home/modules/mail/default.nix b/home/modules/mail/default.nix deleted file mode 100644 index eca234b..0000000 --- a/home/modules/mail/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - imports = [ ./aerc.nix ]; -} diff --git a/home/modules/pass.nix b/home/modules/pass.nix deleted file mode 100644 index b366ca1..0000000 --- a/home/modules/pass.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: - -let - passDataDir = "${config.xdg.dataHome}/pass"; - - myPassPackage = pkgs.pass.withExtensions (ext: [ - ext.pass-audit - ext.pass-update - ]); -in -{ - programs.password-store = { - enable = true; - package = myPassPackage; - settings = { - PASSWORD_STORE_DIR = "${passDataDir}/store"; - }; - }; - - services.pass-secret-service.enable = true; -} diff --git a/home/modules/shell.nix b/home/modules/shell.nix deleted file mode 100644 index 5439804..0000000 --- a/home/modules/shell.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ lib, config, pkgs, ... }: - -{ - # fish and zsh support for nix-shell - home.packages = with pkgs; [ any-nix-shell ]; - - programs.zsh = { - enable = true; - enableAutosuggestions = true; - enableCompletion = true; - defaultKeymap = "viins"; - dotDir = ".config/zsh"; - - history = { - path = "${config.xdg.dataHome}/zsh/zsh_history"; - expireDuplicatesFirst = true; - ignorePatterns = [ - "rm *" - "kill *" - ]; - }; - - oh-my-zsh.enable = true; - - initExtra = '' - any-nix-shell zsh --info-right | source /dev/stdin - ''; - }; - - programs.starship = { - enable = true; - enableZshIntegration = config.programs.zsh.enable; - settings = { - add_newline = true; - - format = lib.concatStrings [ - "$hostname" - "$directory" - "$git_branch" - "$git_commit" - "$git_state" - "$git_metrics" - "$git_status" - "$shlvl" - "$nix_shell" - "$cmd_duration" - "$jobs" - "$line_break" - "$character" - ]; - - character = { - success_symbol = "[➜](bold green)"; - error_symbol = "[➜](bold red)"; - }; - - git_commit.commit_hash_length = 6; - - shlvl = { - disabled = false; - format = "[$symbol$shlvl]($style) "; - symbol = "↕ "; - threshold = 3; - }; - - hostname.ssh_symbol = ""; - }; - }; -} diff --git a/home/modules/themes/default.nix b/home/modules/themes/default.nix deleted file mode 100644 index d475d9f..0000000 --- a/home/modules/themes/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ lib, ... }: - -let - mkColorOption = description: lib.mkOption { - type = lib.types.str; - inherit description; - }; -in -{ - options.local.theme = { - bar = { - background = mkColorOption "Background pane color"; - mainText = mkColorOption "Main text color"; - inactiveText = mkColorOption "Inactive text color"; - }; - window = { - activeBorder = mkColorOption "Window active border color"; - inactiveBorder = mkColorOption "Window inactive border color"; - background = mkColorOption "Terminal background color"; - mainText = mkColorOption "Terminal main text color"; - cursorText = mkColorOption "Cursor text color"; - cursor = mkColorOption "Cursor background color"; - cursorVi = mkColorOption "Cursor Vi Mode background color"; - searchText = mkColorOption "Search text color"; - search = mkColorOption "Search match background"; - searchFocused = mkColorOption "Search focused match background"; - footerText = mkColorOption "Footer bar text color"; - footer = mkColorOption "Footer bar background color"; - hintsText = mkColorOption "Keyboard regex hints text color"; - hintsStart = mkColorOption "Keyboard regex hints start background color"; - hintsEnd = mkColorOption "Keyboard regex hints end background color"; - selectionText = mkColorOption "Selection text color"; - selection = mkColorOption "Selection background color"; - regular = { - color0 = mkColorOption null; - color1 = mkColorOption null; - color2 = mkColorOption null; - color3 = mkColorOption null; - color4 = mkColorOption null; - color5 = mkColorOption null; - color6 = mkColorOption null; - color7 = mkColorOption null; - }; - bold = { - color8 = mkColorOption null; - color9 = mkColorOption null; - color10 = mkColorOption null; - color11 = mkColorOption null; - color12 = mkColorOption null; - color13 = mkColorOption null; - color14 = mkColorOption null; - color15 = mkColorOption null; - }; - extended = { - color16 = mkColorOption null; - color17 = mkColorOption null; - color18 = mkColorOption null; - color19 = mkColorOption null; - }; - }; - notification = { - background = mkColorOption "Notification background color"; - summary = mkColorOption "Notification summary text color"; - body = mkColorOption "Notification body text color"; - appName = mkColorOption "Notification app name text color"; - lowBorder = mkColorOption "Notification low priority border color"; - normalBorder = mkColorOption "Notification normal priority border color"; - criticalBorder = mkColorOption "Notification critical priority border color"; - pausedBorder = mkColorOption "Notification paused border color"; - }; - highlights = { - success = mkColorOption "Success color"; - warning = mkColorOption "Warnings color"; - error = mkColorOption "Errors color"; - critical = mkColorOption "Clitical color"; - link = mkColorOption "Links color"; - tags = mkColorOption "Search results, tags color"; - }; - syntax = { - markText = mkColorOption "Text color for marked background"; - mark1 = mkColorOption "Marked color 1"; - mark2 = mkColorOption "Marked color 2"; - mark3 = mkColorOption "Marked color 3"; - }; - }; -} diff --git a/home/modules/work_tools.nix b/home/modules/work_tools.nix deleted file mode 100644 index b6fd44c..0000000 --- a/home/modules/work_tools.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - home.packages = with pkgs; [ - (google-cloud-sdk.withExtraComponents ( - let gc = google-cloud-sdk.components; in [ - gc.gke-gcloud-auth-plugin - gc.kubectl - ] - )) - postgresql_14 # 🤷 I need only psql - ]; - - /* - programs.zsh.initExtra = lib.mkAfter '' - eval $(kubectl completion zsh) - ''; - */ - -} diff --git a/home/users/jan/accounts.secret.nix b/home/users/jan/accounts.secret.nix deleted file mode 100644 index 255fc91..0000000 Binary files a/home/users/jan/accounts.secret.nix and /dev/null differ diff --git a/home/users/jan/default.nix b/home/users/jan/default.nix deleted file mode 100644 index 53fcfec..0000000 --- a/home/users/jan/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config -, pkgs -, lib -, inputs -, extraHomeModule ? null -, extraJanHomeModule ? null -, ... -}: - - -let - data = import ../../../data.nix; -in -{ - nixpkgs.overlays = lib.mkAfter [ - inputs.myneovim.overlays.default - inputs.nil.overlays.default - inputs.vnetod.overlays.default - inputs.wired.overlays.default - ]; - - programs.zsh.enable = true; - - users.users.jan = { - isNormalUser = true; - extraGroups = [ - "wheel" # Enable ‘sudo’ for the user. - (lib.mkIf config.networking.networkmanager.enable "networkmanager") - (lib.mkIf config.virtualisation.docker.enable "docker") - (lib.mkIf config.services.transmission.enable "transmission") - (lib.mkIf config.services.kubo.enable config.services.kubo.group) - (lib.mkIf config.programs.adb.enable "adbusers") - (lib.mkIf config.programs.adb.enable "plugdev") - (lib.mkIf config.hardware.pulseaudio.systemWide "pulse-access") - ]; - shell = pkgs.zsh; - hashedPasswordFile = config.age.secrets.users-jan-passfile.path; - - openssh.authorizedKeys.keys = data.publicKeys.users.jan; - }; - - users.groups.plugdev = lib.mkIf config.programs.adb.enable { }; - - home-manager.users.jan = { lib, ... }: { - imports = [ - inputs.wired.homeManagerModules.default - ./home.nix - extraHomeModule - extraJanHomeModule - ]; - - home.stateVersion = config.system.stateVersion; - - home.packages = [ - (pkgs.callPackage ../../../packages/git-crypt-rm-gpg-user { }) - ]; - }; - - nix.settings.trusted-users = lib.mkAfter [ "jan" ]; - - age.secrets.users-jan-passfile.file = ../../../secrets/users-jan-passfile.age; -} diff --git a/home/users/jan/home.nix b/home/users/jan/home.nix deleted file mode 100644 index bcc77fd..0000000 --- a/home/users/jan/home.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - ./accounts.secret.nix - ./git - - ../../modules/window_manager - ../../modules/terminal/wezterm.nix - ../../modules/terminal/alacritty.nix - ../../modules/shell.nix - - ../../modules/notifications - ../../modules/file_manager - ../../modules/mail - ../../modules/pass.nix - - ../../modules/dev_tools.nix - ../../modules/editor.nix - - ../../modules/work_tools.nix - - ../../modules/themes - ../../modules/themes/catppuccin/frappe.nix - ]; - - xdg.enable = true; - - home.keyboard = { - model = "pc105"; - layout = "us,ru"; - variant = "dvorak,"; - options = [ "grp:win_space_toggle" ]; - }; - - # a fork of firefox, focused on privacy, security and freedom - programs.librewolf = { - enable = true; - package = with pkgs.unstable; librewolf.override { - nativeMessagingHosts = [ passff-host ]; - }; - # See: https://librewolf.net/docs/settings/ - settings = { - "webgl.disabled" = false; - }; - }; - - home.packages = with pkgs.unstable; [ - simplex-chat-desktop # simplex chat client - tdesktop # telegram client - nheko # matrix client - - image-roll - vlc - # playerctl - - gimp - libresprite - - # office - libreoffice - hunspell - hunspellDicts.ru_RU - hunspellDicts.en_US - - # tools - procs - bottom - asciinema # record the terminal - neofetch # command-line system information - bind.dnsutils - kubo # ipfs - - woodpecker-cli - - # games - mindustry - pkgs.widelands - ]; - - home.file = { - "pictures/wallpapers" = { - source = ./wallpapers; - recursive = true; - }; - }; - -} diff --git a/home/users/nas/default.nix b/home/users/nas/default.nix deleted file mode 100644 index ec9ab90..0000000 --- a/home/users/nas/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config -, pkgs -, lib -, inputs -, extraHomeModule ? null -, ... -}: - -{ - nixpkgs.overlays = lib.mkAfter [ - inputs.wired.overlays.default - ]; - - local.nix.allowUnfreePackages = [ "skypeforlinux" ]; - - programs.zsh.enable = true; - - users.users.nas = { - isNormalUser = true; - shell = pkgs.zsh; - hashedPasswordFile = config.age.secrets.users-nas-passfile.path; - }; - - home-manager.users.nas = { lib, ... }: { - imports = [ - inputs.wired.homeManagerModules.default - ./home.nix - extraHomeModule - ]; - - home.stateVersion = config.system.stateVersion; - }; - - age.secrets.users-nas-passfile.file = ../../../secrets/users-nas-passfile.age; -} diff --git a/home/users/nas/home.nix b/home/users/nas/home.nix deleted file mode 100644 index 129311e..0000000 --- a/home/users/nas/home.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - ../../modules/window_manager - ../../modules/terminal/wezterm.nix - ../../modules/shell.nix - - ../../modules/notifications - - ../../modules/themes - ../../modules/themes/catppuccin/frappe.nix - ]; - - xdg.enable = true; - - home.keyboard = { - model = "pc105"; - layout = "us,ru"; - options = [ "grp:win_space_toggle" ]; - }; - - home.packages = with pkgs.unstable; [ - skypeforlinux - tdesktop - libreoffice - image-roll - gnome.nautilus - gnome.gedit - - # browser - firefox - ]; -} diff --git a/hosts/asus-gl553vd/configs/boot.nix b/hosts/asus-gl553vd/configs/boot.nix new file mode 100644 index 0000000..7053e4e --- /dev/null +++ b/hosts/asus-gl553vd/configs/boot.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + # Use the systemd-boot EFI boot loader. + boot.loader = { + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + + efi.canTouchEfiVariables = true; + }; +} diff --git a/hosts/asus-gl553vd/configs/default.nix b/hosts/asus-gl553vd/configs/default.nix new file mode 100644 index 0000000..224fec7 --- /dev/null +++ b/hosts/asus-gl553vd/configs/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./boot.nix + ./networking.nix + ./wireguard + ]; +} diff --git a/hosts/asus-gl553vd/configs/networking.nix b/hosts/asus-gl553vd/configs/networking.nix new file mode 100644 index 0000000..bdcb0e5 --- /dev/null +++ b/hosts/asus-gl553vd/configs/networking.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + networking = { + hostName = "laptop"; # Define your hostname. + + networkmanager.enable = true; + + firewall.allowedTCPPortRanges = [ + { from = 33000; to = 33999; } + ]; + }; +} diff --git a/hosts/asus-gl553vd/configs/wireguard/default.nix b/hosts/asus-gl553vd/configs/wireguard/default.nix new file mode 100644 index 0000000..6d91edf --- /dev/null +++ b/hosts/asus-gl553vd/configs/wireguard/default.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +let + serverData = import ../../../tatos/data.secret.nix; +in +{ + age.secrets.wireguard-asus-gl553vd-private = { + file = ./wireguard-asus-gl553vd-private.age; + mode = "0400"; + }; + + local.services.vpn.wireguard = { + enable = true; + ip = "10.20.30.4/24"; + privateKeyFile = config.age.secrets.wireguard-asus-gl553vd-private.path; + server = { + inherit (serverData) addr; + inherit (serverData.wireguard) port publicKey; + }; + }; +} diff --git a/hosts/asus-gl553vd/configs/wireguard/wireguard-asus-gl553vd-private.age b/hosts/asus-gl553vd/configs/wireguard/wireguard-asus-gl553vd-private.age new file mode 100644 index 0000000..c817e50 Binary files /dev/null and b/hosts/asus-gl553vd/configs/wireguard/wireguard-asus-gl553vd-private.age differ diff --git a/hosts/asus-gl553vd/configuration.nix b/hosts/asus-gl553vd/configuration.nix new file mode 100644 index 0000000..b539658 --- /dev/null +++ b/hosts/asus-gl553vd/configuration.nix @@ -0,0 +1,31 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./configs + ./users + ]; + + ################################################################################ + # Programs + ################################################################################ + local.programs.browsers.tor-browser = { + enable = true; + container = { + enable = true; + externalInterface = "wg0"; + sshAuthorizedKeys = globalData.publicKeys.users.jan; + }; + }; + + ################################################################################ + # Services + ################################################################################ + + # Enable the Docker + virtualisation.docker.enable = true; + + # Torrent + # services.transmission.enable = true; +} diff --git a/hosts/asus-gl553vd/hardware-configuration/default.nix b/hosts/asus-gl553vd/hardware-configuration/default.nix new file mode 100644 index 0000000..591fa59 --- /dev/null +++ b/hosts/asus-gl553vd/hardware-configuration/default.nix @@ -0,0 +1,36 @@ +{ ... }: + +{ + # Include the results of the hardware scan. + imports = [ ./generated.nix ]; + + # Enable keyboard on the boot + boot.initrd.availableKernelModules = [ "hid_asus" ]; + + # Enable containers + # See: https://github.com/NixOS/nixpkgs/issues/38676 + boot.kernelModules = [ "veth" ]; + + networking = { + useDHCP = false; + interfaces = { + wlp2s0.useDHCP = true; + }; + }; + + # configure mouse and touchpad + services.xserver.libinput = { + enable = true; + touchpad = { + accelSpeed = "0.5"; + disableWhileTyping = true; + }; + }; + + hardware.bluetooth.enable = true; + + services.logind.extraConfig = '' + # don’t shutdown when power button is short-pressed + HandlePowerKey=ignore + ''; +} diff --git a/nixos/hosts/asus-gl553vd/hardware-configuration.nix b/hosts/asus-gl553vd/hardware-configuration/generated.nix similarity index 89% rename from nixos/hosts/asus-gl553vd/hardware-configuration.nix rename to hosts/asus-gl553vd/hardware-configuration/generated.nix index ad9fb66..145e45c 100644 --- a/nixos/hosts/asus-gl553vd/hardware-configuration.nix +++ b/hosts/asus-gl553vd/hardware-configuration/generated.nix @@ -10,15 +10,7 @@ boot = { initrd = { - availableKernelModules = [ - "hid_asus" - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; + availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; kernelModules = [ ]; }; diff --git a/hosts/asus-gl553vd/users/default.nix b/hosts/asus-gl553vd/users/default.nix new file mode 100644 index 0000000..1d92375 --- /dev/null +++ b/hosts/asus-gl553vd/users/default.nix @@ -0,0 +1,19 @@ +{ ... }: + +{ + imports = [ + ./jan.nix + # ../../../users/nas.nix + ]; + + home-manager.sharedModules = [ + { + local.window-manager.polybar.wifiDevice = "wlp2s0"; + + local.programs.terminals = { + wezterm.fontSize = 10.0; + alacritty.fontSize = 8.0; + }; + } + ]; +} diff --git a/hosts/asus-gl553vd/users/jan.nix b/hosts/asus-gl553vd/users/jan.nix new file mode 100644 index 0000000..b898062 --- /dev/null +++ b/hosts/asus-gl553vd/users/jan.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + imports = [ ../../../users/jan ]; + + home-manager.users.jan = { + local.window-manager = { + xmonad.projects = import ./xmonad-projects.secret.nix; + }; + + # local.programs.dev-tools.k8s.enable = true; + + local.programs.libreoffice.enable = true; + }; +} diff --git a/nixos/hosts/asus-gl553vd/xmonad_projects.secret.nix b/hosts/asus-gl553vd/users/xmonad-projects.secret.nix similarity index 100% rename from nixos/hosts/asus-gl553vd/xmonad_projects.secret.nix rename to hosts/asus-gl553vd/users/xmonad-projects.secret.nix diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..ebc08a8 --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,46 @@ +{ ... } @ inputs: + +let + hardware = inputs.hardware.nixosModules; +in +{ + home = { + system = "x86_64-linux"; + + extraModules = [ + hardware.common-gpu-amd + ../modules/machine.nix + ./networking.secret.nix + ]; + }; + + asus-gl553vd = { + system = "x86_64-linux"; + + extraModules = [ + hardware.common-cpu-intel + ../modules/machine.nix + ./networking.secret.nix + ]; + }; + + istal = { + system = "x86_64-linux"; + + extraModules = [ + ../modules/vps.nix + ]; + + targetHost = (import ./istal/data.secret.nix).addr; + }; + + tatos = { + system = "x86_64-linux"; + + extraModules = [ + ../modules/vps.nix + ]; + + targetHost = (import ./tatos/data.secret.nix).addr; + }; +} diff --git a/hosts/home/configs/android.nix b/hosts/home/configs/android.nix new file mode 100644 index 0000000..3520888 --- /dev/null +++ b/hosts/home/configs/android.nix @@ -0,0 +1,51 @@ +{ pkgs, ... }: + + +let + buildToolsVersion = "33.0.2"; + androidComposition = pkgs.unstable.androidenv.composeAndroidPackages { + platformToolsVersion = "34.0.5"; + buildToolsVersions = [ buildToolsVersion ]; + includeEmulator = false; + emulatorVersion = "34.1.9"; + platformVersions = [ "29" "30" "33" ]; + includeSources = false; + includeSystemImages = false; + systemImageTypes = [ "google_apis_playstore" ]; + abiVersions = [ "armeabi-v7a" "arm64-v8a" ]; + cmakeVersions = [ "3.10.2" ]; + includeNDK = true; + ndkVersions = [ "23.2.8568313" ]; + useGoogleAPIs = false; + useGoogleTVAddOns = false; + includeExtras = [ + "extras;google;gcm" + ]; + }; +in +{ + # TODO: try to remove this. + nixpkgs.config.allowUnfree = true; + local.nix.allowUnfreePackages = [ "android-sdk-cmdline-tools" ]; + + programs.adb.enable = true; + programs.java = { + enable = true; + package = pkgs.jdk17; + }; + + nixpkgs.config.android_sdk.accept_license = true; + + environment.variables = rec { + ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk"; + ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle"; + + # Use the same buildToolsVersion here + # GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${ANDROID_SDK_ROOT}/build-tools/${buildToolsVersion}/aapt2"; + # JAVA_HOME = pkgs.jdk17.home; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0666", GROUP="plugdev" + ''; +} diff --git a/hosts/home/configs/boot.nix b/hosts/home/configs/boot.nix new file mode 100644 index 0000000..5fa1729 --- /dev/null +++ b/hosts/home/configs/boot.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: + +{ + local.nix.allowUnfreePackages = + lib.optional config.boot.loader.grub.memtest86.enable "memtest86"; + + # Use the GRUB 2 boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sdb"; + # memtest86.enable = true; + }; +} diff --git a/hosts/home/configs/default.nix b/hosts/home/configs/default.nix new file mode 100644 index 0000000..61326df --- /dev/null +++ b/hosts/home/configs/default.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + imports = [ + ./android.nix + ./boot.nix + ./networking.nix + ./printer.nix + ./wireguard + ]; +} diff --git a/hosts/home/configs/networking.nix b/hosts/home/configs/networking.nix new file mode 100644 index 0000000..8d3f809 --- /dev/null +++ b/hosts/home/configs/networking.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + networking.hostName = "home"; + networking.networkmanager.enable = true; + networking.firewall.allowedTCPPortRanges = [ + # { from = 1300; to = 1400; } + ]; +} diff --git a/hosts/home/configs/printer.nix b/hosts/home/configs/printer.nix new file mode 100644 index 0000000..43e36e8 --- /dev/null +++ b/hosts/home/configs/printer.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: + +{ + local.nix.allowUnfreePackages = [ "cnijfilter2" ]; + + services = { + avahi = { + enable = true; + nssmdns = true; + }; + printing = { + enable = true; + drivers = with pkgs; [ gutenprint cnijfilter2 ]; + }; + }; +} diff --git a/hosts/home/configs/wireguard/default.nix b/hosts/home/configs/wireguard/default.nix new file mode 100644 index 0000000..ae79fa9 --- /dev/null +++ b/hosts/home/configs/wireguard/default.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +let + serverData = import ../../../tatos/data.secret.nix; +in +{ + age.secrets.wireguard-home-private = { + file = ./wireguard-home-private.age; + mode = "0400"; + }; + + local.services.vpn.wireguard = { + enable = true; + ip = "10.20.30.3/24"; + privateKeyFile = config.age.secrets.wireguard-home-private.path; + server = { + inherit (serverData) addr; + inherit (serverData.wireguard) port publicKey; + }; + }; +} diff --git a/hosts/home/configs/wireguard/wireguard-home-private.age b/hosts/home/configs/wireguard/wireguard-home-private.age new file mode 100644 index 0000000..edd8215 Binary files /dev/null and b/hosts/home/configs/wireguard/wireguard-home-private.age differ diff --git a/hosts/home/configuration.nix b/hosts/home/configuration.nix new file mode 100644 index 0000000..4573a3c --- /dev/null +++ b/hosts/home/configuration.nix @@ -0,0 +1,32 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./configs + ./users + ]; + + ################################################################################ + # Programs + ################################################################################ + local.programs.browsers.tor-browser = { + enable = true; + container = { + enable = true; + externalInterface = "wg0"; + sshAuthorizedKeys = globalData.publicKeys.users.jan; + }; + }; + + ################################################################################ + # Services + ################################################################################ + local.services.i2pd.enable = true; + + local.services.octoprint.enable = true; + + virtualisation.docker.enable = true; + # Torrent client + services.transmission.enable = true; +} diff --git a/hosts/home/hardware-configuration/default.nix b/hosts/home/hardware-configuration/default.nix new file mode 100644 index 0000000..7973e13 --- /dev/null +++ b/hosts/home/hardware-configuration/default.nix @@ -0,0 +1,52 @@ +{ config, ... }: + +{ + # Include the results of the hardware scan. + imports = [ ./generated.nix ]; + + # Add support of usb + boot.initrd.availableKernelModules = [ "usb_storage" ]; + + # Enable containers + # See: https://github.com/NixOS/nixpkgs/issues/38676 + boot.kernelModules = [ "veth" ]; + + boot.extraModulePackages = with config.boot.kernelPackages; [ + rtl88x2bu # wifi + ]; + + networking = { + useDHCP = false; + interfaces = { + wlp3s0.useDHCP = true; + # wlp11s0f3u2.useDHCP = true; + }; + }; + + # extra configs + hardware.bluetooth.enable = true; + + # All monitors in the right order + # Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/xserver.nix#L83 + services.xserver.xrandrHeads = [ + { + output = "DP-3"; + monitorConfig = '' + Option "PreferredMode" "1920x1080" + Option "Rotate" "right" + ''; + } + { + output = "DP-1"; + primary = true; + monitorConfig = '' + Option "PreferredMode" "2560x1440" + ''; + } + ]; + + services.logind.extraConfig = '' + # don’t shutdown when power button is short-pressed + HandlePowerKey=ignore + ''; +} diff --git a/nixos/hosts/home/hardware-configuration.nix b/hosts/home/hardware-configuration/generated.nix similarity index 98% rename from nixos/hosts/home/hardware-configuration.nix rename to hosts/home/hardware-configuration/generated.nix index b4e4aca..5a6b152 100644 --- a/nixos/hosts/home/hardware-configuration.nix +++ b/hosts/home/hardware-configuration/generated.nix @@ -10,7 +10,7 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "usb_storage" ]; + availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; kernelModules = [ ]; }; diff --git a/hosts/home/users/default.nix b/hosts/home/users/default.nix new file mode 100644 index 0000000..327e307 --- /dev/null +++ b/hosts/home/users/default.nix @@ -0,0 +1,19 @@ +{ ... }: + +{ + imports = [ + ./jan.nix + ../../../users/nas + ]; + + home-manager.sharedModules = [ + { + local.window-manager.polybar.wifiDevice = "wlp3s0"; + + local.programs.terminals = { + wezterm.fontSize = 10.0; + alacritty.fontSize = 8.0; + }; + } + ]; +} diff --git a/hosts/home/users/jan.nix b/hosts/home/users/jan.nix new file mode 100644 index 0000000..067f77a --- /dev/null +++ b/hosts/home/users/jan.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: + +{ + imports = [ ../../../users/jan ]; + + home-manager.users.jan = { + local.window-manager = { + xmonad.projects = import ./xmonad-projects.secret.nix; + }; + + local.programs.editors.arduino-ide.enable = true; + + local.programs.dev-tools.k8s.enable = true; + + local.programs.libreoffice = { + enable = true; + spellCheckDicts = with pkgs.hunspellDicts; [ + ru_RU + en_US + ]; + }; + + # Extra packages + home.packages = with pkgs.unstable; [ + # 3d programs + blender + cura + godot_4 + + # electronics + kicad-small + # librepcb + ]; + + # games + local.games = { + mindustry.enable = true; + widelands.enable = true; + }; + }; +} diff --git a/hosts/home/users/xmonad-projects.secret.nix b/hosts/home/users/xmonad-projects.secret.nix new file mode 100644 index 0000000..4777440 Binary files /dev/null and b/hosts/home/users/xmonad-projects.secret.nix differ diff --git a/hosts/istal/configuration.nix b/hosts/istal/configuration.nix new file mode 100644 index 0000000..b5b109a --- /dev/null +++ b/hosts/istal/configuration.nix @@ -0,0 +1,13 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./services + ]; + + networking.hostName = "istal"; + networking.domain = "local"; + + users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.janistal; +} diff --git a/nixos/hosts/istal/data.secret.nix b/hosts/istal/data.secret.nix similarity index 100% rename from nixos/hosts/istal/data.secret.nix rename to hosts/istal/data.secret.nix diff --git a/hosts/istal/hardware-configuration/default.nix b/hosts/istal/hardware-configuration/default.nix new file mode 100644 index 0000000..b19b46e --- /dev/null +++ b/hosts/istal/hardware-configuration/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./generated.nix + ./networking.secret.nix + ]; +} diff --git a/nixos/hosts/istal/hardware-configuration.nix b/hosts/istal/hardware-configuration/generated.nix similarity index 100% rename from nixos/hosts/istal/hardware-configuration.nix rename to hosts/istal/hardware-configuration/generated.nix diff --git a/hosts/istal/hardware-configuration/networking.secret.nix b/hosts/istal/hardware-configuration/networking.secret.nix new file mode 100644 index 0000000..a05dc12 Binary files /dev/null and b/hosts/istal/hardware-configuration/networking.secret.nix differ diff --git a/hosts/istal/services/default.nix b/hosts/istal/services/default.nix new file mode 100644 index 0000000..9ac1f8d --- /dev/null +++ b/hosts/istal/services/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + imports = [ ./wireguard ]; +} diff --git a/nixos/hosts/istal/services/wireguard.nix b/hosts/istal/services/wireguard/default.nix similarity index 91% rename from nixos/hosts/istal/services/wireguard.nix rename to hosts/istal/services/wireguard/default.nix index 4c69395..d15c70b 100644 --- a/nixos/hosts/istal/services/wireguard.nix +++ b/hosts/istal/services/wireguard/default.nix @@ -1,9 +1,9 @@ { config, pkgs, ... }: let - tatosData = import ../../tatos/data.secret.nix; + tatosData = import ../../../tatos/data.secret.nix; - istalData = import ../data.secret.nix; + istalData = import ../../data.secret.nix; inherit (istalData.wireguard) port; in { @@ -52,7 +52,7 @@ in }; age.secrets.wireguard-istal-private = { - file = ../../../../secrets/wireguard-istal-private.age; + file = ./wireguard-istal-private.age; mode = "0400"; }; } diff --git a/hosts/istal/services/wireguard/wireguard-istal-private.age b/hosts/istal/services/wireguard/wireguard-istal-private.age new file mode 100644 index 0000000..dfb3fd0 Binary files /dev/null and b/hosts/istal/services/wireguard/wireguard-istal-private.age differ diff --git a/hosts/networking.secret.nix b/hosts/networking.secret.nix new file mode 100644 index 0000000..556b42f Binary files /dev/null and b/hosts/networking.secret.nix differ diff --git a/hosts/tatos/configuration.nix b/hosts/tatos/configuration.nix new file mode 100644 index 0000000..1234c44 --- /dev/null +++ b/hosts/tatos/configuration.nix @@ -0,0 +1,12 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./services + ]; + + networking.hostName = "tatos"; + + users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.jan; +} diff --git a/nixos/hosts/tatos/data.secret.nix b/hosts/tatos/data.secret.nix similarity index 100% rename from nixos/hosts/tatos/data.secret.nix rename to hosts/tatos/data.secret.nix diff --git a/hosts/tatos/hardware-configuration/default.nix b/hosts/tatos/hardware-configuration/default.nix new file mode 100644 index 0000000..b19b46e --- /dev/null +++ b/hosts/tatos/hardware-configuration/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./generated.nix + ./networking.secret.nix + ]; +} diff --git a/nixos/hosts/tatos/hardware-configuration.nix b/hosts/tatos/hardware-configuration/generated.nix similarity index 100% rename from nixos/hosts/tatos/hardware-configuration.nix rename to hosts/tatos/hardware-configuration/generated.nix diff --git a/nixos/hosts/tatos/networking.secret.nix b/hosts/tatos/hardware-configuration/networking.secret.nix similarity index 100% rename from nixos/hosts/tatos/networking.secret.nix rename to hosts/tatos/hardware-configuration/networking.secret.nix diff --git a/hosts/tatos/services/default.nix b/hosts/tatos/services/default.nix new file mode 100644 index 0000000..9ac1f8d --- /dev/null +++ b/hosts/tatos/services/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + imports = [ ./wireguard ]; +} diff --git a/nixos/hosts/tatos/services/wireguard.nix b/hosts/tatos/services/wireguard/default.nix similarity index 95% rename from nixos/hosts/tatos/services/wireguard.nix rename to hosts/tatos/services/wireguard/default.nix index 8856ac7..cb33cd3 100644 --- a/nixos/hosts/tatos/services/wireguard.nix +++ b/hosts/tatos/services/wireguard/default.nix @@ -3,9 +3,9 @@ # Source: https://habr.com/ru/companies/xakep/articles/699000/ let - istalData = import ../../istal/data.secret.nix; + istalData = import ../../../istal/data.secret.nix; - tatosData = import ../data.secret.nix; + tatosData = import ../../data.secret.nix; port = tatosData.wireguard.port; update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { }; @@ -95,7 +95,7 @@ in }; age.secrets.wireguard-tatos-private = { - file = ../../../../secrets/wireguard-tatos-private.age; + file = ./wireguard-tatos-private.age; mode = "0400"; }; } diff --git a/nixos/hosts/tatos/services/subnets_user_list.secret.txt b/hosts/tatos/services/wireguard/subnets_user_list.secret.txt similarity index 100% rename from nixos/hosts/tatos/services/subnets_user_list.secret.txt rename to hosts/tatos/services/wireguard/subnets_user_list.secret.txt diff --git a/nixos/hosts/tatos/services/update_ru_routes.nix b/hosts/tatos/services/wireguard/update_ru_routes.nix similarity index 100% rename from nixos/hosts/tatos/services/update_ru_routes.nix rename to hosts/tatos/services/wireguard/update_ru_routes.nix diff --git a/nixos/hosts/tatos/services/update_ru_routes.sh b/hosts/tatos/services/wireguard/update_ru_routes.sh similarity index 100% rename from nixos/hosts/tatos/services/update_ru_routes.sh rename to hosts/tatos/services/wireguard/update_ru_routes.sh diff --git a/hosts/tatos/services/wireguard/wireguard-tatos-private.age b/hosts/tatos/services/wireguard/wireguard-tatos-private.age new file mode 100644 index 0000000..f261bad Binary files /dev/null and b/hosts/tatos/services/wireguard/wireguard-tatos-private.age differ diff --git a/nixos/shared/common.nix b/modules/common.nix similarity index 58% rename from nixos/shared/common.nix rename to modules/common.nix index 4087f7b..6450ba9 100644 --- a/nixos/shared/common.nix +++ b/modules/common.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { # Select internationalisation properties. @@ -8,20 +8,9 @@ users.mutableUsers = false; - # Enable the OpenSSH daemon. + # is required for the agenix module services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave @@ -29,5 +18,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - } diff --git a/modules/home-manager/configs/default.nix b/modules/home-manager/configs/default.nix new file mode 100644 index 0000000..08ede78 --- /dev/null +++ b/modules/home-manager/configs/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./keyboard.nix + ./themes + ./window-manager + ]; +} diff --git a/modules/home-manager/configs/keyboard.nix b/modules/home-manager/configs/keyboard.nix new file mode 100644 index 0000000..df26991 --- /dev/null +++ b/modules/home-manager/configs/keyboard.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: + +let + cfg = config.local.keyboard; +in +{ + options.local.keyboard = with lib; { + enable = mkEnableOption "base keyboard configs"; + variant = mkOption { + description = "keyboard layout variant in us,ru order"; + type = types.str; + default = ","; + }; + }; + + config = lib.mkIf cfg.enable { + home.keyboard = { + model = "pc105"; + layout = "us,ru"; + variant = cfg.variant; + # variant = "dvorak,"; + options = [ "grp:win_space_toggle" ]; + }; + }; +} diff --git a/home/modules/themes/catppuccin/frappe.nix b/modules/home-manager/configs/themes/catppuccin/frappe.nix similarity index 98% rename from home/modules/themes/catppuccin/frappe.nix rename to modules/home-manager/configs/themes/catppuccin/frappe.nix index 121a758..7c8b14d 100644 --- a/home/modules/themes/catppuccin/frappe.nix +++ b/modules/home-manager/configs/themes/catppuccin/frappe.nix @@ -1,7 +1,6 @@ -{ config, ... }: +{ ... }: let - # See: https://github.com/catppuccin/catppuccin # palettes rosewater = "#f2d5cf"; # Links, URLs @@ -38,7 +37,7 @@ let crust = "#232634"; in { - config.local.theme = { + config.local.themes."catppuccin/frappe" = { bar = { background = mantle; mainText = text; diff --git a/modules/home-manager/configs/themes/default.nix b/modules/home-manager/configs/themes/default.nix new file mode 100644 index 0000000..e4fabe0 --- /dev/null +++ b/modules/home-manager/configs/themes/default.nix @@ -0,0 +1,99 @@ +{ lib, ... }: + +let + mkColorOption = description: lib.mkOption { + type = lib.types.str; + inherit description; + }; +in +{ + # TODO: add enable option + options.local.theme.name = with lib; mkOption { + type = types.str; + default = "catppuccin/frappe"; + }; + + options.local.themes = with lib; mkOption { + default = { }; + type = with types; attrsOf (submodule { + options = { + bar = { + background = mkColorOption "Background pane color"; + mainText = mkColorOption "Main text color"; + inactiveText = mkColorOption "Inactive text color"; + }; + window = { + activeBorder = mkColorOption "Window active border color"; + inactiveBorder = mkColorOption "Window inactive border color"; + background = mkColorOption "Terminal background color"; + mainText = mkColorOption "Terminal main text color"; + cursorText = mkColorOption "Cursor text color"; + cursor = mkColorOption "Cursor background color"; + cursorVi = mkColorOption "Cursor Vi Mode background color"; + searchText = mkColorOption "Search text color"; + search = mkColorOption "Search match background"; + searchFocused = mkColorOption "Search focused match background"; + footerText = mkColorOption "Footer bar text color"; + footer = mkColorOption "Footer bar background color"; + hintsText = mkColorOption "Keyboard regex hints text color"; + hintsStart = mkColorOption "Keyboard regex hints start background color"; + hintsEnd = mkColorOption "Keyboard regex hints end background color"; + selectionText = mkColorOption "Selection text color"; + selection = mkColorOption "Selection background color"; + regular = { + color0 = mkColorOption null; + color1 = mkColorOption null; + color2 = mkColorOption null; + color3 = mkColorOption null; + color4 = mkColorOption null; + color5 = mkColorOption null; + color6 = mkColorOption null; + color7 = mkColorOption null; + }; + bold = { + color8 = mkColorOption null; + color9 = mkColorOption null; + color10 = mkColorOption null; + color11 = mkColorOption null; + color12 = mkColorOption null; + color13 = mkColorOption null; + color14 = mkColorOption null; + color15 = mkColorOption null; + }; + extended = { + color16 = mkColorOption null; + color17 = mkColorOption null; + color18 = mkColorOption null; + color19 = mkColorOption null; + }; + }; + notification = { + background = mkColorOption "Notification background color"; + summary = mkColorOption "Notification summary text color"; + body = mkColorOption "Notification body text color"; + appName = mkColorOption "Notification app name text color"; + lowBorder = mkColorOption "Notification low priority border color"; + normalBorder = mkColorOption "Notification normal priority border color"; + criticalBorder = mkColorOption "Notification critical priority border color"; + pausedBorder = mkColorOption "Notification paused border color"; + }; + highlights = { + success = mkColorOption "Success color"; + warning = mkColorOption "Warnings color"; + error = mkColorOption "Errors color"; + critical = mkColorOption "Clitical color"; + link = mkColorOption "Links color"; + tags = mkColorOption "Search results, tags color"; + }; + syntax = { + markText = mkColorOption "Text color for marked background"; + mark1 = mkColorOption "Marked color 1"; + mark2 = mkColorOption "Marked color 2"; + mark3 = mkColorOption "Marked color 3"; + }; + }; + }); + }; + + imports = [ ./catppuccin/frappe.nix ]; +} diff --git a/home/modules/window_manager/default.nix b/modules/home-manager/configs/window-manager/default.nix similarity index 100% rename from home/modules/window_manager/default.nix rename to modules/home-manager/configs/window-manager/default.nix diff --git a/home/modules/window_manager/polybar.nix b/modules/home-manager/configs/window-manager/polybar.nix similarity index 95% rename from home/modules/window_manager/polybar.nix rename to modules/home-manager/configs/window-manager/polybar.nix index 556ad67..bec389b 100644 --- a/home/modules/window_manager/polybar.nix +++ b/modules/home-manager/configs/window-manager/polybar.nix @@ -3,16 +3,18 @@ with lib; let - cfg = config.local.polybar; + cfg = config.local.window-manager.polybar; inherit (config.services.polybar) package; - themeCfg = config.local.theme; + themeCfg = config.local.themes."${config.local.theme.name}"; exchangerate = import ./scripts/exchangerate.nix { inherit themeCfg pkgs; }; external_ip = import ./scripts/external_ip.nix { inherit themeCfg pkgs; }; in { - options.local.polybar = with lib; { + options.local.window-manager.polybar = with lib; { + enable = mkEnableOption "polybar"; + wifiDevice = mkOption { type = types.str; example = "wlp11s0f3u2"; @@ -20,7 +22,7 @@ in }; }; - config = { + config = lib.mkIf cfg.enable { systemd.user.services.polybar = { # Add additional /usr/bin to run custom scripts Service.Environment = mkForce "PATH=${package}/bin:/run/current-system/sw/bin"; diff --git a/home/modules/window_manager/scripts/exchangerate.nix b/modules/home-manager/configs/window-manager/scripts/exchangerate.nix similarity index 100% rename from home/modules/window_manager/scripts/exchangerate.nix rename to modules/home-manager/configs/window-manager/scripts/exchangerate.nix diff --git a/home/modules/window_manager/scripts/exchangerate.sh b/modules/home-manager/configs/window-manager/scripts/exchangerate.sh similarity index 100% rename from home/modules/window_manager/scripts/exchangerate.sh rename to modules/home-manager/configs/window-manager/scripts/exchangerate.sh diff --git a/home/modules/window_manager/scripts/external_ip.nix b/modules/home-manager/configs/window-manager/scripts/external_ip.nix similarity index 100% rename from home/modules/window_manager/scripts/external_ip.nix rename to modules/home-manager/configs/window-manager/scripts/external_ip.nix diff --git a/home/modules/window_manager/scripts/external_ip.sh b/modules/home-manager/configs/window-manager/scripts/external_ip.sh similarity index 100% rename from home/modules/window_manager/scripts/external_ip.sh rename to modules/home-manager/configs/window-manager/scripts/external_ip.sh diff --git a/home/modules/window_manager/scripts/get_volume.sh b/modules/home-manager/configs/window-manager/scripts/get_volume.sh similarity index 100% rename from home/modules/window_manager/scripts/get_volume.sh rename to modules/home-manager/configs/window-manager/scripts/get_volume.sh diff --git a/home/modules/window_manager/scripts/kdb_brightness.sh b/modules/home-manager/configs/window-manager/scripts/kdb_brightness.sh similarity index 100% rename from home/modules/window_manager/scripts/kdb_brightness.sh rename to modules/home-manager/configs/window-manager/scripts/kdb_brightness.sh diff --git a/home/modules/window_manager/xmonad.nix b/modules/home-manager/configs/window-manager/xmonad.nix similarity index 88% rename from home/modules/window_manager/xmonad.nix rename to modules/home-manager/configs/window-manager/xmonad.nix index e14a742..4553f02 100644 --- a/home/modules/window_manager/xmonad.nix +++ b/modules/home-manager/configs/window-manager/xmonad.nix @@ -1,8 +1,8 @@ { config, pkgs, lib, ... }: let - cfg = config.local.xmonad; - themeCfg = config.local.theme; + cfg = config.local.window-manager.xmonad; + themeCfg = config.local.themes."${config.local.theme.name}"; projectType = with lib; types.submodule { options = { @@ -50,15 +50,15 @@ let xmonadProjects = lib.concatStringsSep " , " (map mkXmonadProject cfg.projects); in { - options.local.xmonad = with lib; - { - projects = mkOption { - type = types.listOf projectType; - default = [ ]; - }; + options.local.window-manager.xmonad = with lib; { + enable = mkEnableOption "xmonad window manager"; + projects = mkOption { + type = types.listOf projectType; + default = [ ]; }; + }; - config = { + config = lib.mkIf cfg.enable { home.packages = with pkgs; [ xclip # access x clipboard from a console dmenu # menu for x window system diff --git a/home/modules/window_manager/xmonad_config.hs b/modules/home-manager/configs/window-manager/xmonad_config.hs similarity index 100% rename from home/modules/window_manager/xmonad_config.hs rename to modules/home-manager/configs/window-manager/xmonad_config.hs diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..c0bc3dd --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + imports = [ + ./games.nix + ./shell.nix + ./configs + ./programs + ./services + ]; +} diff --git a/modules/home-manager/games.nix b/modules/home-manager/games.nix new file mode 100644 index 0000000..150c986 --- /dev/null +++ b/modules/home-manager/games.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.games; +in +{ + options.local.games = with lib; { + mindustry.enable = mkEnableOption "mindustry"; + widelands.enable = mkEnableOption "widelands"; + unciv.enable = mkEnableOption "unciv"; + }; + + config.home.packages = + lib.optional cfg.mindustry.enable pkgs.unstable.mindustry + ++ lib.optional cfg.widelands.enable pkgs.widelands + ++ lib.optional cfg.unciv.enable pkgs.unstable.unciv; +} diff --git a/modules/home-manager/programs/aerc.nix b/modules/home-manager/programs/aerc.nix new file mode 100644 index 0000000..aaafda9 --- /dev/null +++ b/modules/home-manager/programs/aerc.nix @@ -0,0 +1,179 @@ +{ config, lib, pkgs, ... }: + +let + exec = cmd: ":${cmd}"; + fill = cmd: ":${cmd}"; + + globalBinds = { + "gt" = exec "next-tab"; + "gT" = exec "prev-tab"; + }; + + commonMessageBinds = { + "U" = exec "unsubscribe"; + "dd" = exec "delete"; + "mA" = exec "archive flat"; + "mS" = exec "move Junk"; + "mI" = exec "move INBOX"; + }; +in +{ + options.local.programs.aerc.enable = lib.mkEnableOption "aerc"; + + config = lib.mkIf config.local.programs.aerc.enable { + accounts.email.maildirBasePath = "${config.xdg.dataHome}/mail"; + + # See: https://git.sbruder.de/simon/nixos-config/src/branch/master/users/simon/modules/mail/aerc/default.nix + programs.aerc = { + enable = true; + package = pkgs.unstable.aerc; + # https://git.sr.ht/~rjarry/aerc/tree/master/item/doc/aerc-config.5.scd + extraConfig = { + general = { + unsafe-accounts-conf = true; + }; + + ui = { + # See https://godoc.org/time#Time.Format + timestamp-format = "2006-01-02 15:04 MST"; + this-day-time-format = "15:04"; + this-week-time-format = "Monday 15:04"; + this-year-time-format = "02 January"; + pinned-tab-marker = "車"; + border-char-vertical = "│"; + border-char-horizontal = "─"; + fuzzy-complete = true; + new-message-bell = true; + index-columns = "date<20,from<30,flags>4,subject<*"; + column-from = "{{ .From | emails | join \", \" }}"; + }; + + statusline = { + display-mode = "icon"; + }; + + filters = { + ".headers" = "colorize"; + "text/html" = "html | colorize"; + "text/plain" = "colorize"; + "text/rfc822-headers" = "colorize"; + # "text/*" = "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME'"; + "message/delivery-status" = "cat | colorize"; + }; + + hooks = { + mail-received = "notify-send \"New mail from $AERC_FROM_NAME\" \"$AERC_SUBJECT\""; + }; + }; + extraBinds = { + messages = lib.mkMerge [ + globalBinds + commonMessageBinds + { + "q" = exec "quit"; + + "j" = exec "next"; + "" = exec "next"; + "" = exec "next 50%"; + + "k" = exec "prev"; + "" = exec "prev"; + "" = exec "prev 50%"; + + "gg" = exec "select 0"; + "G" = exec "select -1"; + + "J" = exec "next-folder"; + "K" = exec "prev-folder"; + "c" = fill "cf"; + + "" = exec "view"; + "C" = exec "compose"; + + "/" = fill "search"; + "\\" = fill "filter"; + "n" = exec "next-result"; + "N" = exec "prev-result"; + #"D" = exec "modify-labels +deleted -inbox"; + #"A" = exec "modify-labels -inbox"; + #"ms" = exec "modify-labels +spam -inbox"; + #"mS" = exec "modify-labels -spam +inbox"; + } + ]; + + view = lib.mkMerge [ + globalBinds + commonMessageBinds + { + "q" = exec "close"; + "O" = exec "open"; + "S" = fill "save"; + + "f" = exec "forward"; + + "rr" = exec "reply -a"; + "rq" = exec "reply -aq"; + "Rr" = exec "reply"; + "Rq" = exec "reply -q"; + + "" = exec "prev-part"; + "" = exec "next-part"; + "J" = exec "next"; + "K" = exec "prev"; + } + ]; + + compose = lib.mkMerge [ + globalBinds + { + "$ex" = ""; + "" = exec "prev-field"; + "" = exec "next-field"; + "" = exec "next-field"; + } + ]; + + "compose::editor" = { + "$noinherit" = "true"; + "$ex" = ""; + "" = exec "prev-field"; + "" = exec "next-field"; + }; + + "compose::review" = { + "y" = exec "send"; + "n" = exec "abort"; + "p" = exec "postpone"; + "q" = exec "choose -o d discard abort -o p postpone postpone"; + "e" = exec "edit"; + "a" = fill "attach"; + "d" = fill "detach"; + }; + }; + + stylesets.default = { + "*.selected.reverse" = true; + "title.reverse" = true; + "header.bold" = true; + "*error.bold" = true; + "error.fg" = 1; + "warning.fg" = 3; + "success.fg" = 2; + "msglist_unread.bold" = true; + "msglist_deleted.fg" = 10; + "tab.fg" = 0; + "tab.selected.reverse" = false; + "tab.selected.bold" = true; + "tab.selected.bg" = 2; + "dirlist_default.bg" = 18; + "border.fg" = 0; + "statusline_default.bg" = 18; + "statusline_error.fg" = 1; + "statusline_error.reverse" = true; + "statusline_success.fg" = 2; + "statusline_success.reverse" = true; + "completion_default.bg" = 0; + }; + }; + }; +} diff --git a/modules/home-manager/programs/communication.nix b/modules/home-manager/programs/communication.nix new file mode 100644 index 0000000..52a2609 --- /dev/null +++ b/modules/home-manager/programs/communication.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + + +let cfg = config.local.programs.communication; in +{ + options.local.programs.communication = with lib; { + simplex-chat.enable = mkEnableOption "SimplexChat"; + telegram.enable = mkEnableOption "tdesktop. telegram client"; + matrix.enable = mkEnableOption "nheko. matrix client"; + skype.enable = mkEnableOption "skype"; + }; + + config.home.packages = with pkgs.unstable; + lib.optional cfg.simplex-chat.enable simplex-chat-desktop + ++ lib.optional cfg.telegram.enable tdesktop + ++ lib.optional cfg.matrix.enable nheko + ++ lib.optional cfg.skype.enable skypeforlinux; +} diff --git a/modules/home-manager/programs/default.nix b/modules/home-manager/programs/default.nix new file mode 100644 index 0000000..f058112 --- /dev/null +++ b/modules/home-manager/programs/default.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + imports = [ + ./aerc.nix + ./communication.nix + ./dev-tools.nix + ./libreoffice.nix + ./share-files.nix + ./editors + ./file-managers + ./terminals + ]; +} diff --git a/modules/home-manager/programs/dev-tools.nix b/modules/home-manager/programs/dev-tools.nix new file mode 100644 index 0000000..7008027 --- /dev/null +++ b/modules/home-manager/programs/dev-tools.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.local.programs.dev-tools; +in +{ + options.local.programs.dev-tools = with lib; { + base.enable = mkEnableOption "base tools"; + nix.enable = mkEnableOption "tools for nix developer"; + web.enable = mkEnableOption "tools for web developer"; + k8s.enable = mkEnableOption "k8s tools"; + psql = { + enable = mkEnableOption "psql"; + package = mkOption { + type = types.package; + default = pkgs.postgresql; + }; + }; + + eza.enable = mkEnableOption "eza. ls replacement"; + direnv.enable = mkEnableOption "direnv"; + zoxide.enable = mkEnableOption "zoxide"; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.base.enable { + home.packages = with pkgs; [ + gnumake + bat # a cat clone with syntax highlighting and git integration + fd # a simple, fast and user-friendly alternative to find + ripgrep # a fuzzy finder + libnotify # tool to send notifications via cli + ]; + }) + + (lib.mkIf cfg.eza.enable { + programs.eza = { + enable = true; + package = pkgs.unstable.eza.override { gitSupport = false; }; + }; + programs.zsh.shellAliases = + let + defaultArgs = "--icons --classify --group-directories-first --all"; + bin = "${config.programs.eza.package}/bin/exa ${defaultArgs}"; + in + lib.mkIf config.programs.zsh.enable { + ls = "${bin} --oneline"; + lt = "${bin} --tree --level=3"; + ll = "${bin} --long --header"; + }; + }) + + (lib.mkIf cfg.direnv.enable { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + }) + + (lib.mkIf cfg.zoxide.enable { + programs.zoxide = { + enable = true; + enableZshIntegration = config.programs.zsh.enable; + }; + }) + + (lib.mkIf cfg.web.enable { + home.packages = with pkgs.unstable; [ + xh # friendly and fast tool for sending HTTP requests + deno + docker-compose + ]; + }) + + (lib.mkIf cfg.nix.enable { + home.packages = with pkgs.unstable; [ + nixpkgs-fmt # nix formatter + nil # nix lsp server + ]; + }) + + (lib.mkIf cfg.k8s.enable { + home.packages = with pkgs; [ + (google-cloud-sdk.withExtraComponents ( + let gc = google-cloud-sdk.components; in [ + gc.gke-gcloud-auth-plugin + gc.kubectl + ] + )) + ]; + }) + + (lib.mkIf cfg.psql.enable { + home.packages = [ cfg.psql.package ]; + }) + ]; +} diff --git a/modules/home-manager/programs/editors/arduino-ide.nix b/modules/home-manager/programs/editors/arduino-ide.nix new file mode 100644 index 0000000..b5d9934 --- /dev/null +++ b/modules/home-manager/programs/editors/arduino-ide.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.programs.editors.arduino-ide.enable = lib.mkEnableOption "arduino-ide"; + + config.home.packages = lib.optional + config.local.programs.editors.arduino-ide.enable + pkgs.unstable.arduino-ide; +} diff --git a/modules/home-manager/programs/editors/default.nix b/modules/home-manager/programs/editors/default.nix new file mode 100644 index 0000000..38cac40 --- /dev/null +++ b/modules/home-manager/programs/editors/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./arduino-ide.nix + ./gedit.nix + ./neovim.nix + ]; +} diff --git a/modules/home-manager/programs/editors/gedit.nix b/modules/home-manager/programs/editors/gedit.nix new file mode 100644 index 0000000..fc0a3e1 --- /dev/null +++ b/modules/home-manager/programs/editors/gedit.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.programs.editors.gedit.enable = lib.mkEnableOption "gnome gedit"; + + config.home.packages = lib.optional + config.local.programs.editors.gedit.enable + pkgs.unstable.gedit; +} diff --git a/modules/home-manager/programs/editors/neovim.nix b/modules/home-manager/programs/editors/neovim.nix new file mode 100644 index 0000000..4c700fa --- /dev/null +++ b/modules/home-manager/programs/editors/neovim.nix @@ -0,0 +1,179 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.editors.neovim; + + # TODO: add more configs + myneovim = pkgs.myneovim.override { + viAlias = true; + vimAlias = true; + enableDevIcons = true; + enableTabby = true; + enableOrgMode = true; + extraConfig = '' + aug extra_ftdetect + au! + au BufNewFile,BufRead *.d2 setfiletype d2 + au BufNewFile,BufRead *.ncl setfiletype nickel + au BufNewFile,BufRead *.psql setfiletype psql + aug END + ''; + plugins = with pkgs.myneovim.nix2lua; (lib.mkMerge [ + { + nvimTree.settings = { + renderer = { + group_empty = true; + full_name = true; + }; + tab.sync = { + open = true; + close = true; + }; + }; + telescope.settings = { + extensions.live_grep_args = { + auto_quoting = true; + mappings.i = { + "" = join "." [ + (mkCall "require" [ "telescope-live-grep-args.actions" ]) + (mkCall "quote_prompt" [ ]) + ]; + }; + }; + }; + lspSaga.settings = { + border_style = "rounded"; + symbol_in_winbar.enable = false; + code_action_lightbulb.enable = false; + code_action_keys = { quit = ""; }; + definition_action_keys = { quit = ""; }; + rename_action_quit = ""; + }; + lspConfig.servers = { + nickel_ls = { }; + tsserver = { }; + eslint = { }; + volar = { + init_options = { + typescript.tsdk = "./node_modules/typescript/lib"; + }; + }; + denols = { + root_dir = mkCall "root_pattern" [ "deno.json" "deno.jsonc" ]; + }; + pylsp = { }; + }; + lualine.settings = { + options.ignore_focus = [ "NvimTree" ]; + sections = { + lualine_a = [ + [ "filename" (mkNamedField "path" 1) ] + ]; + lualine_b = [ "branch" "diff" "diagnostics" ]; + lualine_c = [ "lsp_progress" ]; + lualine_x = [ "filesize" "filetype" ]; + lualine_y = [ "progress" ]; + lualine_z = [ "location" "mode" ]; + }; + }; + } + + (lib.mkIf cfg.orgmode.enable { + orgmode.settings = { + org_agenda_files = [ "~/orgs/**/*" ]; + org_default_notes_file = "~/orgs/refile.org"; + win_split_mode = "tabnew"; + org_hide_leading_stars = true; + }; + }) + + (lib.mkIf cfg.ltex.enable { + lspConfig.servers.ltex = { + language = "en-US"; + languageToolHttpServerUri = "http://localhost:8081"; + }; + }) + + (lib.mkIf cfg.nix.enable { + lspConfig.servers.nil_ls = { }; + }) + + (lib.mkIf cfg.rust.enable { + lspConfig.servers.rust_analyzer = { + settings.rust-analyzer = { + "server.path" = "rust-analyzer"; + "updates.prompt" = false; + "updates.checkOnStartup" = false; + "checkOnSave.enable" = true; + "checkOnSave.command" = "clippy"; + "cargo.autoreload" = true; + }; + }; + }) + + (lib.mkIf (cfg.typescript.enable || cfg.vue.enable) { + lspConfig.servers = { + tsserver = { }; + eslint = { }; + }; + }) + + (lib.mkIf cfg.vue.enable { + lspConfig.servers.volar = { + init_options = { + typescript.tsdk = "./node_modules/typescript/lib"; + }; + }; + }) + + (lib.mkIf cfg.deno.enable { + lspConfig.servers.denols = { + root_dir = mkCall "root_pattern" [ "deno.json" "deno.jsonc" ]; + }; + }) + + (lib.mkIf cfg.python.enable { + lspConfig.servers.pylsp = { }; + }) + + (lib.mkIf cfg.nickel.enable { + lspConfig.servers.nickel_ls = { }; + }) + ]); + }; +in +{ + options.local.programs.editors.neovim = with lib; { + enable = mkEnableOption "neovim"; + defaultEditor = mkOption { + description = "set neovim as default editor"; + type = types.bool; + default = false; + }; + ltex.enable = mkEnableOption "ltex language server"; + orgmode.enable = mkEnableOption "orgmode"; + + nix.enable = mkEnableOptions "nix"; + rust.enable = mkEnableOption "rust"; + typescript.enable = mkEnableOption "typescript"; + vue.enable = mkEnableOption "vue"; + deno.enable = mkEnableOption "deno"; + python.enable = mkEnableOption "python"; + + nickel.enable = mkEnableOption "nickel"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ myneovim ]; + } + + (lib.mkIf cfg.ltex.enable { + home.packages = [ pkgs.ltex-ls ]; + }) + + (lib.mkIf cfg.defaultEditor { + home.sessionVariables.EDITOR = "nvim"; + }) + ]); +} diff --git a/modules/home-manager/programs/file-managers/default.nix b/modules/home-manager/programs/file-managers/default.nix new file mode 100644 index 0000000..ed40eca --- /dev/null +++ b/modules/home-manager/programs/file-managers/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./nautilus.nix + ./vifm + ]; +} diff --git a/modules/home-manager/programs/file-managers/nautilus.nix b/modules/home-manager/programs/file-managers/nautilus.nix new file mode 100644 index 0000000..22d4ed4 --- /dev/null +++ b/modules/home-manager/programs/file-managers/nautilus.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.file-managers.nautilus; +in +{ + options.local.programs.file-managers.nautilus = with lib; { + enable = mkEnableOption "nautilus"; + }; + + config.home.packages = with pkgs.unstable; lib.optional cfg.enable gnome.nautilus; +} diff --git a/home/modules/file_manager/default.nix b/modules/home-manager/programs/file-managers/vifm/default.nix similarity index 51% rename from home/modules/file_manager/default.nix rename to modules/home-manager/programs/file-managers/vifm/default.nix index ed84120..cc248f4 100644 --- a/home/modules/file_manager/default.nix +++ b/modules/home-manager/programs/file-managers/vifm/default.nix @@ -1,7 +1,6 @@ -{ pkgs, lib, ... }: +{ config, pkgs, lib, ... }: let - viu = pkgs.rustPlatform.buildRustPackage { pname = "viu"; version = "23-10-2022"; @@ -20,16 +19,20 @@ let }; in { - home.packages = [ - pkgs.vifm - viu # terminal image viewer - pkgs.libarchive - pkgs.zip - pkgs.unzip - ]; + options.local.programs.file-managers.vifm.enable = lib.mkEnableOption "vifm"; - xdg.configFile = { - "vifm/vifmrc".source = ./vifmrc; - "vifm/colors/catppuccin".source = ./vifm_catppuccin.vifm; + config = lib.mkIf config.local.programs.file-managers.vifm.enable { + home.packages = [ + pkgs.vifm + viu # terminal image viewer + pkgs.libarchive + pkgs.zip + pkgs.unzip + ]; + + xdg.configFile = { + "vifm/vifmrc".source = ./vifmrc; + "vifm/colors/catppuccin".source = ./vifm_catppuccin.vifm; + }; }; } diff --git a/home/modules/file_manager/vifm_catppuccin.vifm b/modules/home-manager/programs/file-managers/vifm/vifm_catppuccin.vifm similarity index 100% rename from home/modules/file_manager/vifm_catppuccin.vifm rename to modules/home-manager/programs/file-managers/vifm/vifm_catppuccin.vifm diff --git a/home/modules/file_manager/vifmrc b/modules/home-manager/programs/file-managers/vifm/vifmrc similarity index 100% rename from home/modules/file_manager/vifmrc rename to modules/home-manager/programs/file-managers/vifm/vifmrc diff --git a/modules/home-manager/programs/libreoffice.nix b/modules/home-manager/programs/libreoffice.nix new file mode 100644 index 0000000..a72bd95 --- /dev/null +++ b/modules/home-manager/programs/libreoffice.nix @@ -0,0 +1,24 @@ +{ config, pkgs, lib, ... }: + + +let + cfg = config.local.programs.libreoffice; +in +{ + options.local.programs.libreoffice = with lib; { + enable = mkEnableOption "libreoffice"; + + spellCheckDicts = mkOption { + type = types.listOf types.package; + default = [ ]; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; ( + [ libreoffice ] + ++ lib.optional (cfg.spellCheckDicts != [ ]) hunspell + ++ cfg.spellCheckDicts + ); + }; +} diff --git a/modules/home-manager/programs/share-files.nix b/modules/home-manager/programs/share-files.nix new file mode 100644 index 0000000..7244d5b --- /dev/null +++ b/modules/home-manager/programs/share-files.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.share-files; +in +{ + options.local.programs.share-files = with lib; { + onionshare.enable = mkEnableOption "onionshare"; + croc.enable = mkEnableOption "croc"; + }; + + config.home.packages = + # OnionShare is an open-source tool that lets you securely and anonymously share files, + # host websites, and chat with friends using the Tor network. + lib.optional cfg.onionshare.enable pkgs.onionshare-gui + + # Easily and securely send things from one computer to another + ++ lib.optional cfg.croc.enable pkgs.croc; + +} diff --git a/home/modules/terminal/alacritty.nix b/modules/home-manager/programs/terminals/alacritty.nix similarity index 93% rename from home/modules/terminal/alacritty.nix rename to modules/home-manager/programs/terminals/alacritty.nix index d70d82e..db3bd77 100644 --- a/home/modules/terminal/alacritty.nix +++ b/modules/home-manager/programs/terminals/alacritty.nix @@ -1,11 +1,12 @@ -{ lib, config, pkgs, ... }: +{ lib, config, ... }: let - cfg = config.local.alacritty; - themeCfg = config.local.theme; + cfg = config.local.programs.terminals.alacritty; + themeCfg = config.local.themes."${config.local.theme.name}"; in { - options.local.alacritty = with lib; { + options.local.programs.terminals.alacritty = with lib; { + enable = mkEnableOption "alacritty"; fontSize = mkOption { type = types.number; default = 11.0; @@ -13,7 +14,7 @@ in }; }; - config = { + config = lib.mkIf cfg.enable { programs.alacritty = { enable = true; settings = { diff --git a/modules/home-manager/programs/terminals/default.nix b/modules/home-manager/programs/terminals/default.nix new file mode 100644 index 0000000..0b22efd --- /dev/null +++ b/modules/home-manager/programs/terminals/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./alacritty.nix + ./wezterm.nix + ]; + +} diff --git a/home/modules/terminal/wezterm.nix b/modules/home-manager/programs/terminals/wezterm.nix similarity index 88% rename from home/modules/terminal/wezterm.nix rename to modules/home-manager/programs/terminals/wezterm.nix index b782cec..46b0149 100644 --- a/home/modules/terminal/wezterm.nix +++ b/modules/home-manager/programs/terminals/wezterm.nix @@ -1,11 +1,12 @@ { lib, config, ... }: let - cfg = config.local.wezterm; - themeCfg = config.local.theme; + cfg = config.local.programs.terminals.wezterm; + themeCfg = config.local.themes."${config.local.theme.name}"; in { - options.local.wezterm = with lib; { + options.local.programs.terminals.wezterm = with lib; { + enable = mkEnableOption "wezterm"; fontSize = mkOption { type = types.number; default = 11.0; @@ -13,7 +14,7 @@ in }; }; - config = { + config = lib.mkIf cfg.enable { programs.wezterm = { enable = true; colorSchemes = { diff --git a/modules/home-manager/services/default.nix b/modules/home-manager/services/default.nix new file mode 100644 index 0000000..43a649a --- /dev/null +++ b/modules/home-manager/services/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + imports = [ ./wired ]; +} diff --git a/home/modules/notifications/default.nix b/modules/home-manager/services/wired/default.nix similarity index 69% rename from home/modules/notifications/default.nix rename to modules/home-manager/services/wired/default.nix index a05995e..7e8e6f2 100644 --- a/home/modules/notifications/default.nix +++ b/modules/home-manager/services/wired/default.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: -let themeCfg = config.local.theme; in +let + themeCfg = config.local.themes."${config.local.theme.name}"; +in { services.wired = { enable = true; diff --git a/home/modules/notifications/wired.ron b/modules/home-manager/services/wired/wired.ron similarity index 100% rename from home/modules/notifications/wired.ron rename to modules/home-manager/services/wired/wired.ron diff --git a/modules/home-manager/shell.nix b/modules/home-manager/shell.nix new file mode 100644 index 0000000..25eaef4 --- /dev/null +++ b/modules/home-manager/shell.nix @@ -0,0 +1,73 @@ +{ lib, config, pkgs, ... }: + +{ + options.local.shell.enable = lib.mkEnableOption "enable shell"; + + config = lib.mkIf config.local.shell.enable { + # fish and zsh support for nix-shell + home.packages = with pkgs; [ any-nix-shell ]; + + programs.zsh = { + enable = true; + enableAutosuggestions = true; + enableCompletion = true; + defaultKeymap = "viins"; + dotDir = ".config/zsh"; + + history = { + path = "${config.xdg.dataHome}/zsh/zsh_history"; + expireDuplicatesFirst = true; + ignorePatterns = [ + "rm *" + "kill *" + ]; + }; + + oh-my-zsh.enable = true; + + initExtra = '' + any-nix-shell zsh --info-right | source /dev/stdin + ''; + }; + + programs.starship = { + enable = true; + enableZshIntegration = config.programs.zsh.enable; + settings = { + add_newline = true; + + format = lib.concatStrings [ + "$hostname" + "$directory" + "$git_branch" + "$git_commit" + "$git_state" + "$git_metrics" + "$git_status" + "$shlvl" + "$nix_shell" + "$cmd_duration" + "$jobs" + "$line_break" + "$character" + ]; + + character = { + success_symbol = "[➜](bold green)"; + error_symbol = "[➜](bold red)"; + }; + + git_commit.commit_hash_length = 6; + + shlvl = { + disabled = false; + format = "[$symbol$shlvl]($style) "; + symbol = "↕ "; + threshold = 3; + }; + + hostname.ssh_symbol = ""; + }; + }; + }; +} diff --git a/modules/machine.nix b/modules/machine.nix new file mode 100644 index 0000000..9f7103c --- /dev/null +++ b/modules/machine.nix @@ -0,0 +1,42 @@ +{ lib, ... }: + +{ + imports = [ ./common.nix ]; + + ################################################################################ + # Configs + ################################################################################ + local.nix.enableMyRegistry = lib.mkDefault true; + + local.system.kernel = lib.mkDefault "stable"; + + local.keyboard = { + enable = lib.mkDefault true; + lan-mouse.enable = lib.mkDefault true; + }; + + local.fonts.enable = lib.mkDefault true; + local.sound.enable = lib.mkDefault true; + + local.window-manager.enable = lib.mkDefault true; + + ################################################################################ + # Services + ################################################################################ + + local.services.collect-garbage = { + enable = lib.mkDefault true; + nix.nixShellProtection = lib.mkDefault true; + }; + + local.services.gnupg.enable = lib.mkDefault true; + + local.services.dnscrypt-proxy2.enable = true; + + ################################################################################ + # Programs + ################################################################################ + local.programs.pass.enable = lib.mkDefault true; + + local.programs.browsers.librewolf.enable = lib.mkDefault true; +} diff --git a/modules/nixos/configs/default.nix b/modules/nixos/configs/default.nix new file mode 100644 index 0000000..fb07fc0 --- /dev/null +++ b/modules/nixos/configs/default.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + imports = [ + ./fonts.nix + ./keyboard.nix + ./nix.nix + ./sound.nix + ./system.nix + ./window-manager.nix + ]; +} diff --git a/modules/nixos/configs/fonts.nix b/modules/nixos/configs/fonts.nix new file mode 100644 index 0000000..5f835b3 --- /dev/null +++ b/modules/nixos/configs/fonts.nix @@ -0,0 +1,36 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.fonts.enable = lib.mkEnableOption "fonts"; + + config = lib.mkIf config.local.fonts.enable { + fonts = { + enableDefaultPackages = true; + packages = with pkgs; [ + ubuntu_font_family + fira-code + fira-code-symbols + (nerdfonts.override { fonts = [ "FiraCode" ]; }) + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + liberation_ttf + mplus-outline-fonts.githubRelease + dina-font + proggyfonts + ]; + fontconfig = { + defaultFonts = { + monospace = [ + "Fira Code" + "emoji" + "FiraCode Nerd Font Mono" + ]; + serif = [ "Ubuntu" "emoji" ]; + sansSerif = [ "Ubuntu" "emoji" ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + }; + }; +} diff --git a/modules/nixos/configs/keyboard.nix b/modules/nixos/configs/keyboard.nix new file mode 100644 index 0000000..dc4440b --- /dev/null +++ b/modules/nixos/configs/keyboard.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.keyboard; +in +{ + options.local.keyboard = with lib; { + enable = mkEnableOption "base keyboard configuration"; + lan-mouse.enable = mkEnableOption "a software KVM switch for sharing a mouse and keyboard with multiple hosts through the network"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + lib.optional cfg.lan-mouse.enable pkgs.unstable.lan-mouse; + + services.xserver = { + xkbModel = "pc105"; + layout = "us,us"; + xkbVariant = "dvorak,"; + xkbOptions = "grp:win_space_toggle"; + }; + + console.useXkbConfig = true; + }; + +} diff --git a/nixos/modules/nix.nix b/modules/nixos/configs/nix.nix similarity index 87% rename from nixos/modules/nix.nix rename to modules/nixos/configs/nix.nix index b547819..5c35b15 100644 --- a/nixos/modules/nix.nix +++ b/modules/nixos/configs/nix.nix @@ -43,11 +43,6 @@ in trusted-users = [ "root" ]; experimental-features = [ "nix-command" "flakes" ]; - - # To protect nix-shell against garbage collection - # Source: https://github.com/nix-community/nix-direnv#installation - keep-derivations = true; - keep-outputs = true; }; registry = lib.mkMerge [ diff --git a/modules/nixos/configs/sound.nix b/modules/nixos/configs/sound.nix new file mode 100644 index 0000000..5306396 --- /dev/null +++ b/modules/nixos/configs/sound.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.sound.enable = lib.mkEnableOption "sound"; + + config = lib.mkIf config.local.sound.enable { + sound = { + enable = true; + mediaKeys.enable = true; + }; + + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + }; + }; +} diff --git a/modules/nixos/configs/system.nix b/modules/nixos/configs/system.nix new file mode 100644 index 0000000..1181b6e --- /dev/null +++ b/modules/nixos/configs/system.nix @@ -0,0 +1,51 @@ +{ inputs, config, pkgs, lib, ... } @ args: + +let + headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args; + hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args; + + cfg = config.local.system; +in +{ + options.local.system = with lib; { + kernel = mkOption { + type = types.enum [ "hardened" "stable" "latest" ]; + default = "latest"; + }; + headless = mkEnableOption "headless profile"; + }; + + config = lib.mkMerge [ + { + boot.tmp.cleanOnBoot = true; + } + + (lib.mkIf cfg.headless ( + headlessProfile // { + zramSwap.enable = true; + } + )) + + (lib.mkIf (cfg.kernel == "hardened") ( + hardenedProfile // { + boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened; + # Fix for GLIBC errors due to 'scudo' from hardened profile. + # https://github.com/NixOS/nix/issues/6563 + environment.memoryAllocator.provider = "libc"; + } + )) + (lib.mkIf (cfg.headless && cfg.kernel == "hardened") { + # Disabled by hardened profile, big performance hit. + security.allowSimultaneousMultithreading = true; + }) + + (lib.mkIf (cfg.kernel == "stable") { + boot.kernelPackages = pkgs.unstable.linuxPackages_6_6; + }) + + (lib.mkIf (cfg.kernel == "latest") { + boot.kernelPackages = pkgs.unstable.linuxPackages_latest; + }) + + ]; +} diff --git a/modules/nixos/configs/window-manager.nix b/modules/nixos/configs/window-manager.nix new file mode 100644 index 0000000..e13733d --- /dev/null +++ b/modules/nixos/configs/window-manager.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.window-manager.enable = lib.mkEnableOption "window-manager"; + + config = lib.mkIf config.local.window-manager.enable { + services.dbus = { + enable = true; + packages = [ pkgs.dconf ]; + }; + + services.xserver = { + enable = true; + displayManager.defaultSession = "none+xmonad"; + windowManager.xmonad.enable = true; + }; + + programs.gnupg.agent.pinentryFlavor = "gtk2"; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..ae865d8 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + imports = [ + ./configs + ./programs + ./services + ]; + +} diff --git a/modules/nixos/programs/browsers/default.nix b/modules/nixos/programs/browsers/default.nix new file mode 100644 index 0000000..9ce94a8 --- /dev/null +++ b/modules/nixos/programs/browsers/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./tor-browser.nix + ./mullvad-browser.nix + ./librewolf.nix + ]; +} diff --git a/modules/nixos/programs/browsers/librewolf.nix b/modules/nixos/programs/browsers/librewolf.nix new file mode 100644 index 0000000..1764ef3 --- /dev/null +++ b/modules/nixos/programs/browsers/librewolf.nix @@ -0,0 +1,27 @@ +{ config, pkgs, lib, inputs, ... }: + +let + cfg = config.local.programs.browsers.librewolf; + isPassEnabled = config.local.programs.pass.enable; + + policiesJson = pkgs.callPackage ./policies.nix { + firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}"; + withPassffAddon = isPassEnabled; + withRedirectorAddon = true; + withSidebarTabsAddon = true; + }; + + librewolf' = with pkgs.unstable; librewolf.override { + extraPoliciesFiles = librewolf.unwrapped.extraPoliciesFiles ++ [ policiesJson ]; + nativeMessagingHosts = lib.optional isPassEnabled passff-host; + }; +in +{ + options.local.programs.browsers.librewolf = with lib; { + enable = mkEnableOption "librewolf"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ librewolf' ]; + }; +} diff --git a/modules/nixos/programs/browsers/mullvad-browser.nix b/modules/nixos/programs/browsers/mullvad-browser.nix new file mode 100644 index 0000000..3139143 --- /dev/null +++ b/modules/nixos/programs/browsers/mullvad-browser.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, inputs, ... }: + +let + cfg = config.local.programs.browsers.mullvad-browser; + + policiesJson = pkgs.callPackage ./policies.nix { + firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}"; + withRedirectorAddon = true; + withSidebarTabsAddon = true; + }; + + mullvadBrowser = pkgs.mullvad-browser.overrideAttrs (attrs: { + postInstall = '' + rm $out/share/mullvad-browser/distribution/policies.json + + install -Dvm644 ${policiesJson} $out/share/mullvad-browser/distribution/policies.json + ''; + }); +in +{ + options.local.programs.browsers.mullvad-browser = with lib; { + enable = mkEnableOption "mullvad-browser"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ mullvadBrowser ]; + }; +} diff --git a/modules/nixos/programs/browsers/policies.nix b/modules/nixos/programs/browsers/policies.nix new file mode 100644 index 0000000..da5a4fe --- /dev/null +++ b/modules/nixos/programs/browsers/policies.nix @@ -0,0 +1,91 @@ +{ withKeePassXcAddon ? false +, withPassffAddon ? false +, withRedirectorAddon ? false +, withSidebarTabsAddon ? false +, firefoxAddons +, lib +, writeText +, ... +}: + +let + firefoxAddonXpiPath = addon: + "${addon}/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/${addon.addonId}.xpi"; +in +# See: https://mozilla.github.io/policy-templates/ +writeText "policies.json" (builtins.toJSON { + policies = { + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + DisableAppUpdate = true; + DisableSystemAddonUpdate = true; + DisableFirefoxStudies = true; + DisableTelemetry = true; + DisableFeedbackCommands = true; + SearchBar = "unified"; + SearchSuggestEnabled = false; + SearchEngines = { + Add = [ + { + Alias = "sx"; + Name = "SearXNG"; + Description = "SearXNG — a privacy-respecting, open metasearch engine"; + IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png"; + URLTemplate = "https://search.sapti.me/search?q={searchTerms}"; + } + { + Alias = "np"; + Name = "NixOS Packages"; + Description = "Search NixOS packages by name or description."; + IconURL = "https://nixos.org/favicon.png"; + URLTemplate = "https://search.nixos.org/packages?query={searchTerms}"; + } + { + Alias = "no"; + Name = "NixOS Options"; + Description = "Search NixOS options by name or description."; + IconURL = "https://nixos.org/favicon.png"; + URLTemplate = "https://search.nixos.org/options?query={searchTerms}"; + } + ]; + Default = "SearXNG"; + Remove = [ + "Google" + "Bing" + "Amazon.com" + "eBay" + "Twitter" + "YouTube" + "Yahoo" + ]; + }; + FirefoxSuggest = { + WebSuggestions = false; + SponsoredSuggestions = false; + ImproveSuggest = false; + Locked = true; + }; + Preferences = { + "layout.spellcheckDefault" = { + Value = 0; + Status = "locked"; + }; + }; + Extensions = { + Install = + lib.optional withKeePassXcAddon (firefoxAddonXpiPath firefoxAddons.keepassxc-browser) + ++ lib.optional withPassffAddon (firefoxAddonXpiPath firefoxAddons.passff) + ++ lib.optional withRedirectorAddon (firefoxAddonXpiPath firefoxAddons.redirector) + ++ lib.optional withSidebarTabsAddon (firefoxAddonXpiPath firefoxAddons.sidebartabs); + Uninstall = [ + "google@search.mozilla.org" + "bing@search.mozilla.org" + "amazondotcom@search.mozilla.org" + "ebay@search.mozilla.org" + "twitter@search.mozilla.org" + "youtube@search.mozilla.org" + "yahoo@search.mozilla.org" + ]; + }; + }; +}) diff --git a/modules/nixos/programs/browsers/tor-browser.nix b/modules/nixos/programs/browsers/tor-browser.nix new file mode 100644 index 0000000..9470a5e --- /dev/null +++ b/modules/nixos/programs/browsers/tor-browser.nix @@ -0,0 +1,115 @@ +{ config, pkgs, lib, inputs, ... }: + +let + cfg = config.local.programs.browsers.tor-browser; + + policiesJson = pkgs.callPackage ./policies.nix { + firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}"; + }; + + torBrowser = (pkgs.tor-browser-bundle-bin.override { + mediaSupport = true; + pulseaudioSupport = true; + }).overrideAttrs (attrs: { + postInstall = '' + rm $out/share/tor-browser/distribution/policies.json + + install -Dvm644 ${policiesJson} $out/share/tor-browser/distribution/policies.json + ''; + }); +in +{ + options.local.programs.browsers.tor-browser = with lib; { + enable = mkEnableOption "tor-browser"; + container = { + enable = mkEnableOption "tor-browser inside a container"; + externalInterface = mkOption { + type = types.str; + default = ""; + }; + sshAuthorizedKeys = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.mkIf (!cfg.container.enable) { + environment.systemPackages = [ torBrowser ]; + }) + (lib.mkIf cfg.container.enable ( + let + hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' + ${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & + ${pkgs.xorg.xhost}/bin/xhost + + ssh -X browser@192.168.7.11 tor-browser + ${pkgs.xorg.xhost}/bin/xhost - + ''; + + clientRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' + PULSE_SERVER=tcp:192.168.7.10:4713 \ + XAUTHORITY="/home/browser/.Xauthority" \ + DBUS_SESSION_BUS_ADDRESS="" \ + DISPLAY=192.168.7.10:0.0 \ + ${pkgs.apulse}/bin/apulse ${torBrowser}/bin/tor-browser $@ + ''; + in + { + assertions = [ + { + assertion = cfg.container.externalInterface != ""; + message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `externalInterface` with Internet access"; + } + { + assertion = cfg.container.sshAuthorizedKeys != [ ]; + message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `sshAuthorizedKeys` to connect to the container"; + } + ]; + + environment.systemPackages = [ hostRunTorBrowser ]; + + hardware.pulseaudio = { + systemWide = true; + support32Bit = true; + tcp = { + enable = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ]; + }; + }; + + networking = { + firewall.allowedTCPPorts = [ 4713 6000 ]; + nat = { + enable = true; + internalInterfaces = [ "ve-browser" ]; + externalInterface = cfg.container.externalInterface; + }; + }; + + containers.browser = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.7.10"; + localAddress = "192.168.7.11"; + + config = { ... }: { + system.stateVersion = "23.11"; + services.openssh = { + enable = true; + settings.X11Forwarding = true; + }; + + users.extraUsers.browser = { + isNormalUser = true; + home = "/home/browser"; + openssh.authorizedKeys.keys = cfg.container.sshAuthorizedKeys; + extraGroups = [ "pulse-access" ]; + packages = [ clientRunTorBrowser ]; + }; + }; + }; + } + )) + ]); +} diff --git a/modules/nixos/programs/default.nix b/modules/nixos/programs/default.nix new file mode 100644 index 0000000..8e4328e --- /dev/null +++ b/modules/nixos/programs/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./pass.nix + ./browsers + ]; +} diff --git a/modules/nixos/programs/pass.nix b/modules/nixos/programs/pass.nix new file mode 100644 index 0000000..9a5513e --- /dev/null +++ b/modules/nixos/programs/pass.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.pass; + + pass = pkgs.pass.withExtensions (ext: [ + ext.pass-audit + ext.pass-update + ]); +in +{ + options.local.programs.pass.enable = lib.mkEnableOption "pass"; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ pass ]; + + services.passSecretService.enable = true; + }; +} diff --git a/modules/nixos/services/collect-garbage.nix b/modules/nixos/services/collect-garbage.nix new file mode 100644 index 0000000..3b11f22 --- /dev/null +++ b/modules/nixos/services/collect-garbage.nix @@ -0,0 +1,54 @@ +{ config, lib, ... }: + +let + cfg = config.local.services.collect-garbage; +in +{ + options.local.services.collect-garbage = with lib; { + enable = mkEnableOption "collect nix and docker garbage"; + nix = { + enable = mkOption { + description = "collect unused nix packages"; + type = types.bool; + default = true; + }; + nixShellProtection = mkOption { + description = '' + Protect nix-shell against garbage collection. + Source: https://github.com/nix-community/nix-direnv#installation + ''; + type = types.bool; + default = false; + }; + }; + docker.enable = mkOption { + description = "collect unused docker images"; + type = types.bool; + default = config.virtualisation.docker.enable; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.mkIf cfg.nix.enable { + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + }) + + (lib.mkIf (cfg.nix.enable && cfg.nix.nixShellProtection) { + nix.settings = { + keep-derivations = true; + keep-outputs = true; + }; + }) + + (lib.mkIf cfg.docker.enable { + virtualisation.docker.autoPrune = { + enable = true; + dates = "weekly"; + }; + }) + ]); +} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix new file mode 100644 index 0000000..50a3b0d --- /dev/null +++ b/modules/nixos/services/default.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + imports = [ + ./collect-garbage.nix + ./dnscrypt-proxy2.nix + ./gnupg.nix + ./i2pd.nix + ./octoprint.nix + ./vpn + ./fail2ban + ]; +} diff --git a/modules/nixos/services/dnscrypt-proxy2.nix b/modules/nixos/services/dnscrypt-proxy2.nix new file mode 100644 index 0000000..f44ad03 --- /dev/null +++ b/modules/nixos/services/dnscrypt-proxy2.nix @@ -0,0 +1,45 @@ +{ config, lib, ... }: + +let + cfg = config.local.services.dnscrypt-proxy2; +in +{ + options.local.services.dnscrypt-proxy2 = with lib; { + enable = mkEnableOption "dnscrypt-proxy2"; + }; + + config = lib.mkIf cfg.enable { + networking = { + nameservers = [ "127.0.0.1" "::1" ]; + networkmanager.dns = "none"; + }; + + services.dnscrypt-proxy2 = { + enable = true; + # See: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.1.5/dnscrypt-proxy/example-dnscrypt-proxy.toml + settings = { + require_dnssec = true; + require_nolog = true; + require_nofilter = true; + + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + + # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + server_names = [ + "ams-ads-doh-nl" + "ams-dnscrypt-nl" + "ams-doh-nl" + "brahma-world" + ]; + }; + }; + }; + +} diff --git a/nixos/shared/fail2ban/default.nix b/modules/nixos/services/fail2ban/default.nix similarity index 100% rename from nixos/shared/fail2ban/default.nix rename to modules/nixos/services/fail2ban/default.nix diff --git a/modules/nixos/services/fail2ban/fail2ban.nix b/modules/nixos/services/fail2ban/fail2ban.nix new file mode 100644 index 0000000..7f31f99 --- /dev/null +++ b/modules/nixos/services/fail2ban/fail2ban.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: + +let + cfg = config.local.services.fail2ban; +in +{ + options.local.services.fail2ban = with lib; { + enable = mkEnableOption "fail2ban"; + }; + + config = lib.mkIf cfg.enable { + services.fail2ban = { + enable = true; + bantime-increment = { + enable = true; + factor = "4"; + maxtime = "48h"; + }; + }; + }; +} diff --git a/nixos/shared/fail2ban/fail2ban.secret.nix b/modules/nixos/services/fail2ban/fail2ban.secret.nix similarity index 100% rename from nixos/shared/fail2ban/fail2ban.secret.nix rename to modules/nixos/services/fail2ban/fail2ban.secret.nix diff --git a/modules/nixos/services/gnupg.nix b/modules/nixos/services/gnupg.nix new file mode 100644 index 0000000..4248a21 --- /dev/null +++ b/modules/nixos/services/gnupg.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: + +{ + options.local.services.gnupg = with lib; { + enable = mkEnableOption "gnupg service"; + }; + + config = lib.mkIf config.local.services.gnupg.enable { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; +} diff --git a/modules/nixos/services/i2pd.nix b/modules/nixos/services/i2pd.nix new file mode 100644 index 0000000..8f45fb3 --- /dev/null +++ b/modules/nixos/services/i2pd.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: + +{ + options.local.services.i2pd.enable = lib.mkEnableOption "i2pd. Invisible internet project"; + + config = lib.mkIf config.local.services.i2pd.enable { + services.i2pd = { + enable = true; + proto.httpProxy.enable = true; + proto.http.enable = true; + }; + }; +} diff --git a/nixos/modules/octoprint.nix b/modules/nixos/services/octoprint.nix similarity index 94% rename from nixos/modules/octoprint.nix rename to modules/nixos/services/octoprint.nix index b52dba6..c9b2325 100644 --- a/nixos/modules/octoprint.nix +++ b/modules/nixos/services/octoprint.nix @@ -1,10 +1,10 @@ { lib, pkgs, config, ... }: let - cfg = config.local.octoprint; + cfg = config.local.services.octoprint; in { - options.local.octoprint = with lib; { + options.local.services.octoprint = with lib; { enable = mkEnableOption "octoprint"; }; diff --git a/modules/nixos/services/vpn/default.nix b/modules/nixos/services/vpn/default.nix new file mode 100644 index 0000000..a46c5d9 --- /dev/null +++ b/modules/nixos/services/vpn/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./wireguard + ]; +} diff --git a/nixos/modules/wireguard-client.nix b/modules/nixos/services/vpn/wireguard/client.nix similarity index 67% rename from nixos/modules/wireguard-client.nix rename to modules/nixos/services/vpn/wireguard/client.nix index d816d4e..5893f64 100644 --- a/nixos/modules/wireguard-client.nix +++ b/modules/nixos/services/vpn/wireguard/client.nix @@ -1,15 +1,10 @@ { config, lib, ... }: let - cfg = config.local.wireguard; - - serverData = import ../hosts/tatos/data.secret.nix; - - serverAddr = serverData.addr; - serverPort = serverData.wireguard.port; + cfg = config.local.services.vpn.wireguard; in { - options.local.wireguard = with lib; { + options.local.services.vpn.wireguard = with lib; { enable = mkEnableOption "Enable wireguard vpn"; ip = mkOption { type = types.str; @@ -19,11 +14,22 @@ in privateKeyFile = mkOption { type = types.str; }; + server = { + addr = mkOption { + type = types.str; + }; + port = mkOption { + type = types.int; + }; + publicKey = mkOption { + type = types.str; + }; + }; }; config = lib.mkIf cfg.enable { networking.firewall = { - allowedUDPPorts = [ serverPort ]; # Clients and peers can use the same port, see listenport + allowedUDPPorts = [ cfg.server.port ]; # Clients and peers can use the same port, see listenport }; # Enable WireGuard networking.wg-quick.interfaces = { @@ -33,7 +39,7 @@ in address = [ cfg.ip ]; dns = [ "10.20.30.1" ]; - listenPort = serverPort; # to match firewall allowedUDPPorts (without this wg uses random port numbers) + listenPort = cfg.server.port; # to match firewall allowedUDPPorts (without this wg uses random port numbers) # Path to the private key file. privateKeyFile = cfg.privateKeyFile; @@ -43,7 +49,7 @@ in { # Public key of the server (not a file path). - publicKey = serverData.wireguard.publicKey; + publicKey = cfg.server.publicKey; # Forward all the traffic via VPN. allowedIPs = [ "0.0.0.0/0" ]; @@ -51,7 +57,7 @@ in # allowedIPs = [ "192.168.0.0/24" ]; # Set this to the server IP and port. - endpoint = "${serverAddr}:${toString serverPort}"; + endpoint = "${cfg.server.addr}:${toString cfg.server.port}"; # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 15; diff --git a/modules/nixos/services/vpn/wireguard/default.nix b/modules/nixos/services/vpn/wireguard/default.nix new file mode 100644 index 0000000..707607b --- /dev/null +++ b/modules/nixos/services/vpn/wireguard/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./client.nix + ]; +} diff --git a/modules/vps.nix b/modules/vps.nix new file mode 100644 index 0000000..16177dc --- /dev/null +++ b/modules/vps.nix @@ -0,0 +1,22 @@ +{ lib, ... }: + +{ + imports = [ ./common.nix ]; + + ################################################################################ + # Configs + ################################################################################ + local.system = { + kernel = lib.mkDefault "hardened"; + headless = lib.mkDefault true; + }; + + ################################################################################ + # Services + ################################################################################ + local.services.fail2ban.enable = lib.mkDefault true; + + local.services.collect-garbage.enable = lib.mkDefault true; + + local.services.dnscrypt-proxy2.enable = lib.mkDefault true; +} diff --git a/nixos/hosts/asus-gl553vd/default.nix b/nixos/hosts/asus-gl553vd/default.nix deleted file mode 100644 index be6f7b2..0000000 --- a/nixos/hosts/asus-gl553vd/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../shared/common.nix - ../../shared/sound.nix - ../../shared/window-manager.nix - ../../shared/fonts.nix - ../../shared/gnupg.nix - ../../shared/garbage-collector.nix - ../../shared/networking.secret.nix - ../../shared/encrypted-dns.nix - ]; - - # Use latest lts kernel - boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened; - - # Use the systemd-boot EFI boot loader. - boot.loader = { - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - - efi.canTouchEfiVariables = true; - }; - - networking = { - hostName = "laptop"; # Define your hostname. - - useDHCP = false; - interfaces = { - enp3s0.useDHCP = true; - wlp2s0.useDHCP = true; - }; - - networkmanager.enable = true; - firewall.allowedTCPPortRanges = [ - { from = 33000; to = 33999; } - ]; - }; - - # enable bluetooth - hardware.bluetooth.enable = true; - - # configure mouse and touchpad - services.xserver.libinput = { - enable = true; - touchpad = { - accelSpeed = "0.5"; - disableWhileTyping = true; - }; - }; - - services.logind.extraConfig = '' - # don’t shutdown when power button is short-pressed - HandlePowerKey=ignore - ''; - - services.openssh.enable = true; - - # Enable the Docker - virtualisation.docker.enable = true; - - # Additional nix configs - local.nix.enableMyRegistry = true; - - # Wireguard client - age.secrets.wireguard-asus-gl553vd-private = { - file = ../../../secrets/wireguard-asus-gl553vd-private.age; - mode = "0400"; - }; - local.wireguard = { - enable = true; - ip = "10.20.30.4/24"; - privateKeyFile = config.age.secrets.wireguard-asus-gl553vd-private.path; - }; - - # Torrent - # services.transmission.enable = true; - - # Style and Grammar Checker - services.languagetool.enable = true; -} diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix deleted file mode 100644 index 0712154..0000000 --- a/nixos/hosts/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ ... } @ inputs: - -let - hardware = inputs.hardware.nixosModules; -in -{ - home = { - system = "x86_64-linux"; - - extraModules = [ - hardware.common-gpu-amd - ../modules/nix.nix - ../modules/wireguard-client.nix - ../modules/octoprint.nix - ../../home/users/jan - # ../../home/users/nas - ]; - - extraHomeModule = { lib, pkgs, ... }: { - local.polybar.wifiDevice = "wlp3s0"; - # local.alacritty.fontSize = 8.0; - local.wezterm.fontSize = 10.0; - - }; - - specialArgs = { - extraJanHomeModule = { lib, pkgs, ... }: { - imports = [ ./home/xmonad_projects.secret.nix ]; - - home.packages = lib.mkAfter (with pkgs.unstable; [ - # 3d programs - blender - cura - godot_4 - # electronics - kicad-small - # librepcb - ]); - - }; - }; - }; - - asus-gl553vd = { - system = "x86_64-linux"; - - extraModules = [ - hardware.common-cpu-intel - ../modules/nix.nix - ../modules/wireguard-client.nix - ../../home/users/jan - # ../../home/users/nas - ]; - - extraHomeModule = { ... }: { - local.polybar.wifiDevice = "wlp2s0"; - # local.alacritty.fontSize = 6.0; - local.wezterm.fontSize = 10.0; - }; - - specialArgs = { - extraJanHomeModule = { lib, ... }: { - imports = [ ./asus-gl553vd/xmonad_projects.secret.nix ]; - }; - }; - }; - - istal = { - system = "x86_64-linux"; - - targetHost = (import ./istal/data.secret.nix).addr; - }; - - tatos = { - system = "x86_64-linux"; - - targetHost = (import ./tatos/data.secret.nix).addr; - }; -} diff --git a/nixos/hosts/home/default.nix b/nixos/hosts/home/default.nix deleted file mode 100644 index 2879c0f..0000000 --- a/nixos/hosts/home/default.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, pkgs, ... }: - - -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../shared/kernel.nix - ../../shared/common.nix - ../../shared/sound.nix - ../../shared/window-manager.nix - ../../shared/fonts.nix - ../../shared/gnupg.nix - ../../shared/garbage-collector.nix - ../../shared/networking.secret.nix - ../../shared/encrypted-dns.nix - ../../shared/tor-browser.nix - ]; - - # Enable containers - # See: https://github.com/NixOS/nixpkgs/issues/38676 - boot.kernelModules = [ "veth" ]; - - boot.extraModulePackages = with config.boot.kernelPackages; [ - rtl88x2bu # wifi - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub = { - enable = true; - device = "/dev/sdb"; - # memtest86.enable = true; - }; - - networking = { - hostName = "home"; # Define your hostname. - - useDHCP = false; - interfaces = { - wlp3s0.useDHCP = true; - # wlp11s0f3u2.useDHCP = true; - }; - - networkmanager.enable = true; - - firewall.allowedTCPPortRanges = [ - { from = 1300; to = 1400; } - ]; - }; - - # enable bluetooth - hardware.bluetooth.enable = true; - - nixpkgs.config.allowUnfree = true; - local.nix.allowUnfreePackages = [ - "cnijfilter2" - "memtest86" - "android-sdk-cmdline-tools" - ]; - - services.openssh.enable = true; - - services = { - avahi = { - enable = true; - nssmdns = true; - }; - printing = { - enable = true; - drivers = with pkgs; [ gutenprint cnijfilter2 ]; - }; - }; - - services.xserver = { - # All monitors in the right order - # Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/xserver.nix#L83 - xrandrHeads = [ - { - output = "DP-3"; - monitorConfig = '' - Option "PreferredMode" "1920x1080" - Option "Rotate" "right" - ''; - } - { - output = "DP-1"; - primary = true; - monitorConfig = '' - Option "PreferredMode" "2560x1440" - ''; - } - ]; - }; - - services.logind.extraConfig = '' - # don’t shutdown when power button is short-pressed - HandlePowerKey=ignore - ''; - - # Enable the Docker - virtualisation.docker.enable = true; - - # Additional nix configs - local.nix.enableMyRegistry = true; - - # Wireguard client - age.secrets.wireguard-home-private = { - file = ../../../secrets/wireguard-home-private.age; - mode = "0400"; - }; - local.wireguard = { - enable = true; - ip = "10.20.30.3/24"; - privateKeyFile = config.age.secrets.wireguard-home-private.path; - }; - - # Invisible internet project - services.i2pd = { - enable = true; - proto.httpProxy.enable = true; - proto.http.enable = true; - }; - - # Torrent client - services.transmission.enable = true; - - # 3D printing - local.octoprint.enable = true; - - # Android - programs.adb.enable = true; - programs.java = { - enable = true; - package = pkgs.jdk17; - }; - - nixpkgs.config.android_sdk.accept_license = true; - - environment.variables = - let - buildToolsVersion = "33.0.2"; - androidComposition = pkgs.unstable.androidenv.composeAndroidPackages { - platformToolsVersion = "34.0.5"; - buildToolsVersions = [ buildToolsVersion ]; - includeEmulator = false; - emulatorVersion = "34.1.9"; - platformVersions = [ "29" "30" "33" ]; - includeSources = false; - includeSystemImages = false; - systemImageTypes = [ "google_apis_playstore" ]; - abiVersions = [ "armeabi-v7a" "arm64-v8a" ]; - cmakeVersions = [ "3.10.2" ]; - includeNDK = true; - ndkVersions = [ "23.2.8568313" ]; - useGoogleAPIs = false; - useGoogleTVAddOns = false; - includeExtras = [ - "extras;google;gcm" - ]; - }; - in - rec { - ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk"; - ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle"; - - # Use the same buildToolsVersion here - # GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${ANDROID_SDK_ROOT}/build-tools/${buildToolsVersion}/aapt2"; - # JAVA_HOME = pkgs.jdk17.home; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0666", GROUP="plugdev" - ''; -} diff --git a/nixos/hosts/home/xmonad_projects.secret.nix b/nixos/hosts/home/xmonad_projects.secret.nix deleted file mode 100644 index 57ca5f2..0000000 Binary files a/nixos/hosts/home/xmonad_projects.secret.nix and /dev/null differ diff --git a/nixos/hosts/istal/default.nix b/nixos/hosts/istal/default.nix deleted file mode 100644 index 032ed71..0000000 --- a/nixos/hosts/istal/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ ... }: - -let - data = import ../../../data.nix; -in -{ - imports = [ - ./hardware-configuration.nix - ./networking.secret.nix # generated at runtime by nixos-infect - ../../shared/kernel.nix - ../../shared/headless.nix - - ../../modules/nix.nix - ../../shared/common.nix - ../../shared/garbage-collector.nix - ../../shared/fail2ban - - ./services/wireguard.nix - ]; - - networking.hostName = "istal"; - networking.domain = "local"; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.janistal; -} diff --git a/nixos/hosts/istal/networking.secret.nix b/nixos/hosts/istal/networking.secret.nix deleted file mode 100644 index 4f45ed0..0000000 Binary files a/nixos/hosts/istal/networking.secret.nix and /dev/null differ diff --git a/nixos/hosts/tatos/default.nix b/nixos/hosts/tatos/default.nix deleted file mode 100644 index 8383dfd..0000000 --- a/nixos/hosts/tatos/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: - -let - data = import ../../../data.nix; -in -{ - imports = [ - ./hardware-configuration.nix - ./networking.secret.nix # generated at runtime by nixos-infect - ../../shared/kernel.nix - ../../shared/headless.nix - - ../../modules/nix.nix - ../../shared/common.nix - ../../shared/garbage-collector.nix - ../../shared/fail2ban - - ./services/wireguard.nix - ]; - - networking.hostName = "tatos"; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan; -} diff --git a/nixos/shared/encrypted-dns.nix b/nixos/shared/encrypted-dns.nix deleted file mode 100644 index 0903cc8..0000000 --- a/nixos/shared/encrypted-dns.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ ... }: - -{ - networking = { - nameservers = [ "127.0.0.1" "::1" ]; - networkmanager.dns = "none"; - }; - - services.dnscrypt-proxy2 = { - enable = true; - # See: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.1.5/dnscrypt-proxy/example-dnscrypt-proxy.toml - settings = { - require_dnssec = true; - require_nolog = true; - require_nofilter = true; - - sources.public-resolvers = { - urls = [ - "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" - "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" - ]; - cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; - minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; - }; - - # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md - server_names = [ - "ams-ads-doh-nl" - "ams-dnscrypt-nl" - "ams-doh-nl" - "brahma-world" - ]; - }; - }; - -} diff --git a/nixos/shared/fail2ban/fail2ban.nix b/nixos/shared/fail2ban/fail2ban.nix deleted file mode 100644 index cf36818..0000000 --- a/nixos/shared/fail2ban/fail2ban.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - services.fail2ban = { - enable = true; - bantime-increment = { - enable = true; - factor = "4"; - maxtime = "48h"; - }; - }; -} diff --git a/nixos/shared/fonts.nix b/nixos/shared/fonts.nix deleted file mode 100644 index ab8a62b..0000000 --- a/nixos/shared/fonts.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, ... }: - -{ - fonts = { - enableDefaultPackages = true; - packages = with pkgs; [ - ubuntu_font_family - fira-code - fira-code-symbols - (nerdfonts.override { fonts = [ "FiraCode" ]; }) - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - liberation_ttf - mplus-outline-fonts.githubRelease - dina-font - proggyfonts - ]; - fontconfig = { - defaultFonts = { - monospace = [ - "Fira Code" - "emoji" - "FiraCode Nerd Font Mono" - ]; - serif = [ "Ubuntu" "emoji" ]; - sansSerif = [ "Ubuntu" "emoji" ]; - emoji = [ "Noto Color Emoji" ]; - }; - }; - }; -} diff --git a/nixos/shared/garbage-collector.nix b/nixos/shared/garbage-collector.nix deleted file mode 100644 index ddefced..0000000 --- a/nixos/shared/garbage-collector.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: - -{ - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 14d"; - }; - - virtualisation.docker.autoPrune = { - enable = true; - dates = "weekly"; - }; -} diff --git a/nixos/shared/gnupg.nix b/nixos/shared/gnupg.nix deleted file mode 100644 index 38e2396..0000000 --- a/nixos/shared/gnupg.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: - -{ - programs.gnupg.agent = { - enable = true; - enableSSHSupport = config.services.openssh.enable; - pinentryFlavor = "gtk2"; - }; - - services.passSecretService.enable = true; -} diff --git a/nixos/shared/headless.nix b/nixos/shared/headless.nix deleted file mode 100644 index a5e2d1c..0000000 --- a/nixos/shared/headless.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - "${inputs.nixpkgs}/nixos/modules/profiles/headless.nix" - ]; - - # Disabled by hardened profile, big performance hit. - security.allowSimultaneousMultithreading = true; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; -} diff --git a/nixos/shared/kernel.nix b/nixos/shared/kernel.nix deleted file mode 100644 index fcb4d84..0000000 --- a/nixos/shared/kernel.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - imports = [ - "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" - ]; - - boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened; - # Fix for GLIBC errors due to 'scudo' from hardened profile. - # https://github.com/NixOS/nix/issues/6563 - environment.memoryAllocator.provider = "libc"; -} diff --git a/nixos/shared/networking.secret.nix b/nixos/shared/networking.secret.nix deleted file mode 100644 index 8d17b7e..0000000 Binary files a/nixos/shared/networking.secret.nix and /dev/null differ diff --git a/nixos/shared/sound.nix b/nixos/shared/sound.nix deleted file mode 100644 index 91a58f2..0000000 --- a/nixos/shared/sound.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - # Enable sound. - sound = { - enable = true; - mediaKeys.enable = true; - }; - - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - }; -} diff --git a/nixos/shared/tor-browser.nix b/nixos/shared/tor-browser.nix deleted file mode 100644 index ff65adb..0000000 --- a/nixos/shared/tor-browser.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ pkgs, ... }: - -let - data = import ../../data.nix; - - # See: https://mozilla.github.io/policy-templates/ - policiesJson = pkgs.writeText "policies.json" (builtins.toJSON { - policies = { - DisableAppUpdate = true; - SearchBar = "unified"; - SearchSuggestEnabled = false; - SearchEngines = { - Add = [ - { - Alias = "sx"; - Name = "SearXNG"; - Description = "SearXNG — a privacy-respecting, open metasearch engine"; - IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png"; - URLTemplate = "https://search.sapti.me/search?q={searchTerms}"; - } - { - Alias = "np"; - Name = "NixOS Packages"; - Description = "Search NixOS packages by name or description."; - IconURL = "https://nixos.org/favicon.png"; - URLTemplate = "https://search.nixos.org/packages?query={searchTerms}"; - } - { - Alias = "no"; - Name = "NixOS Options"; - Description = "Search NixOS options by name or description."; - IconURL = "https://nixos.org/favicon.png"; - URLTemplate = "https://search.nixos.org/options?query={searchTerms}"; - } - ]; - Default = "SearXNG"; - Remove = [ "YouTube" "Google" "Twitter" "Yahoo" ]; - }; - FirefoxSuggest = { - WebSuggestions = false; - SponsoredSuggestions = false; - ImproveSuggest = false; - Locked = true; - }; - Preferences = { - "layout.spellcheckDefault" = { - Value = 0; - Status = "locked"; - }; - }; - }; - }); - - torBrowser = (pkgs.unstable.tor-browser-bundle-bin.override { - mediaSupport = true; - pulseaudioSupport = true; - }).overrideAttrs (attrs: { - postInstall = '' - rm $out/share/tor-browser/distribution/policies.json - - install -Dvm644 ${policiesJson} $out/share/tor-browser/distribution/policies.json - ''; - }); - - hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' - ${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & - ${pkgs.xorg.xhost}/bin/xhost + - ssh -X browser@192.168.7.11 tor-browser - ${pkgs.xorg.xhost}/bin/xhost - - ''; - - clientRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' - PULSE_SERVER=tcp:192.168.7.10:4713 \ - XAUTHORITY="/home/browser/.Xauthority" \ - DBUS_SESSION_BUS_ADDRESS="" \ - DISPLAY=192.168.7.10:0.0 \ - ${pkgs.apulse}/bin/apulse ${torBrowser}/bin/tor-browser $@ - ''; -in -{ - environment.systemPackages = [ hostRunTorBrowser ]; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - support32Bit = true; - tcp = { - enable = true; - anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ]; - }; - }; - - networking = { - firewall.allowedTCPPorts = [ 4713 6000 ]; - nat = { - enable = true; - internalInterfaces = [ "ve-browser" ]; - externalInterface = "wg0"; - }; - }; - - containers.browser = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.7.10"; - localAddress = "192.168.7.11"; - - config = { config, pkgs, ... }: { - system.stateVersion = "23.11"; - services.openssh = { - enable = true; - settings.X11Forwarding = true; - }; - - users.extraUsers.browser = { - isNormalUser = true; - home = "/home/browser"; - openssh.authorizedKeys.keys = data.publicKeys.users.jan; - extraGroups = [ "pulse-access" ]; - packages = [ clientRunTorBrowser ]; - }; - }; - }; -} diff --git a/nixos/shared/window-manager.nix b/nixos/shared/window-manager.nix deleted file mode 100644 index d9c52d1..0000000 --- a/nixos/shared/window-manager.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, ... }: - -{ - services.dbus = { - enable = true; - packages = [ pkgs.dconf ]; - }; - - services.xserver = { - enable = true; - - xkbModel = "pc105"; - layout = "us,us"; - xkbVariant = "dvorak,"; - xkbOptions = "grp:win_space_toggle"; - - displayManager.defaultSession = "none+xmonad"; - windowManager.xmonad.enable = true; - }; - - console.useXkbConfig = true; -} diff --git a/secrets/users-jan-passfile.age b/secrets/users-jan-passfile.age deleted file mode 100644 index bd5e3f1..0000000 Binary files a/secrets/users-jan-passfile.age and /dev/null differ diff --git a/secrets/users-nas-passfile.age b/secrets/users-nas-passfile.age deleted file mode 100644 index 8f4911c..0000000 Binary files a/secrets/users-nas-passfile.age and /dev/null differ diff --git a/secrets/wireguard-asus-gl553vd-private.age b/secrets/wireguard-asus-gl553vd-private.age deleted file mode 100644 index ee6e35c..0000000 Binary files a/secrets/wireguard-asus-gl553vd-private.age and /dev/null differ diff --git a/secrets/wireguard-home-private.age b/secrets/wireguard-home-private.age deleted file mode 100644 index dbee235..0000000 Binary files a/secrets/wireguard-home-private.age and /dev/null differ diff --git a/secrets/wireguard-istal-private.age b/secrets/wireguard-istal-private.age deleted file mode 100644 index 6abdef2..0000000 Binary files a/secrets/wireguard-istal-private.age and /dev/null differ diff --git a/secrets/wireguard-tatos-private.age b/secrets/wireguard-tatos-private.age deleted file mode 100644 index b5844b8..0000000 Binary files a/secrets/wireguard-tatos-private.age and /dev/null differ diff --git a/users/jan/accounts.secret.nix b/users/jan/accounts.secret.nix new file mode 100644 index 0000000..537c105 Binary files /dev/null and b/users/jan/accounts.secret.nix differ diff --git a/home/users/jan/browser/Redirector.json b/users/jan/browser/Redirector.json similarity index 100% rename from home/users/jan/browser/Redirector.json rename to users/jan/browser/Redirector.json diff --git a/users/jan/default.nix b/users/jan/default.nix new file mode 100644 index 0000000..74a7030 --- /dev/null +++ b/users/jan/default.nix @@ -0,0 +1,126 @@ +{ config, pkgs, lib, inputs, globalData, ... }: + +{ + nixpkgs.overlays = lib.mkAfter [ + inputs.myneovim.overlays.default + inputs.nil.overlays.default + inputs.vnetod.overlays.default + inputs.wired.overlays.default + ]; + + programs.zsh.enable = true; + + nix.settings.trusted-users = lib.mkAfter [ "jan" ]; + + age.secrets.users-jan-passfile.file = ./users-jan-passfile.age; + users.users.jan = { + isNormalUser = true; + extraGroups = [ + "wheel" # Enable ‘sudo’ for the user. + (lib.mkIf config.networking.networkmanager.enable "networkmanager") + (lib.mkIf config.virtualisation.docker.enable "docker") + (lib.mkIf config.services.transmission.enable "transmission") + (lib.mkIf config.services.kubo.enable config.services.kubo.group) + (lib.mkIf config.programs.adb.enable "adbusers") + (lib.mkIf config.programs.adb.enable "plugdev") + (lib.mkIf config.hardware.pulseaudio.systemWide "pulse-access") + ]; + shell = pkgs.zsh; + hashedPasswordFile = config.age.secrets.users-jan-passfile.path; + + openssh.authorizedKeys.keys = globalData.publicKeys.users.jan; + }; + + users.groups.plugdev = lib.mkIf config.programs.adb.enable { }; + + home-manager.users.jan = { + imports = [ + ./accounts.secret.nix + ./git + ]; + + ################################################################################ + # Configs + ################################################################################ + + local.keyboard = { + enable = true; + variant = "dvorak,"; + }; + + local.window-manager = { + xmonad.enable = true; + polybar.enable = true; + }; + + xdg.enable = true; + + local.shell.enable = true; + + ################################################################################ + # Programs + ################################################################################ + + local.programs.terminals.wezterm.enable = lib.mkDefault true; + + local.programs.editors.neovim.enable = lib.mkDefault true; + + local.programs.file-managers.vifm.enable = lib.mkDefault true; + + local.programs.aerc.enable = lib.mkDefault true; + + local.programs.communication = { + telegram.enable = lib.mkDefault true; + matrix.enable = lib.mkDefault true; + simplex-chat.enable = lib.mkDefault (config.local.system.kernel != "hardened"); + }; + + local.programs.dev-tools = { + base.enable = lib.mkDefault true; + nix.enable = lib.mkDefault true; + web.enable = lib.mkDefault true; + psql = { + enable = lib.mkDefault true; + package = lib.mkDefault pkgs.postgresql_14; + }; + eza.enable = lib.mkDefault true; + direnv.enable = lib.mkDefault true; + zoxide.enable = lib.mkDefault true; + }; + + local.programs.share-files.croc.enable = true; + + ################################################################################ + # Packages + ################################################################################ + + home.packages = with pkgs.unstable; [ + image-roll + vlc + + gimp + libresprite + + # tools + procs + bottom + bind.dnsutils + + kubo # ipfs + + neofetch # command-line system information + # asciinema # record the terminal + + woodpecker-cli + ]; + + home.file = { + "pictures/wallpapers" = { + source = ./wallpapers; + recursive = true; + }; + }; + + home.stateVersion = config.system.stateVersion; + }; +} diff --git a/home/users/jan/git/default.nix b/users/jan/git/default.nix similarity index 93% rename from home/users/jan/git/default.nix rename to users/jan/git/default.nix index 876ed76..0d2f609 100644 --- a/home/users/jan/git/default.nix +++ b/users/jan/git/default.nix @@ -1,6 +1,10 @@ { pkgs, ... }: + { - home.packages = [ pkgs.git-crypt ]; + home.packages = [ + pkgs.git-crypt + (pkgs.callPackage ../../../packages/git-crypt-rm-gpg-user { }) + ]; programs.git = { enable = true; diff --git a/home/users/jan/git/github.secret.nix b/users/jan/git/github.secret.nix similarity index 100% rename from home/users/jan/git/github.secret.nix rename to users/jan/git/github.secret.nix diff --git a/home/users/jan/git/gitlab.secret.nix b/users/jan/git/gitlab.secret.nix similarity index 100% rename from home/users/jan/git/gitlab.secret.nix rename to users/jan/git/gitlab.secret.nix diff --git a/home/users/jan/git/myrepo.secret.nix b/users/jan/git/myrepo.secret.nix similarity index 100% rename from home/users/jan/git/myrepo.secret.nix rename to users/jan/git/myrepo.secret.nix diff --git a/users/jan/users-jan-passfile.age b/users/jan/users-jan-passfile.age new file mode 100644 index 0000000..df48da4 Binary files /dev/null and b/users/jan/users-jan-passfile.age differ diff --git a/home/users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png b/users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png rename to users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png diff --git a/home/users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png b/users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png rename to users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png diff --git a/home/users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png b/users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png rename to users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png diff --git a/home/users/jan/wallpapers/build.sh b/users/jan/wallpapers/build.sh similarity index 100% rename from home/users/jan/wallpapers/build.sh rename to users/jan/wallpapers/build.sh diff --git a/home/users/jan/wallpapers/catppuccino_landscape_1.png b/users/jan/wallpapers/catppuccino_landscape_1.png similarity index 100% rename from home/users/jan/wallpapers/catppuccino_landscape_1.png rename to users/jan/wallpapers/catppuccino_landscape_1.png diff --git a/home/users/jan/wallpapers/child_river_dreams_127495_2560x1440.png b/users/jan/wallpapers/child_river_dreams_127495_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/child_river_dreams_127495_2560x1440.png rename to users/jan/wallpapers/child_river_dreams_127495_2560x1440.png diff --git a/home/users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png b/users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png rename to users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png diff --git a/home/users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png b/users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png rename to users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png diff --git a/home/users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png b/users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png rename to users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png diff --git a/home/users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png b/users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png rename to users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png diff --git a/home/users/jan/wallpapers/landscape_art_road_127350_2560x1440.png b/users/jan/wallpapers/landscape_art_road_127350_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/landscape_art_road_127350_2560x1440.png rename to users/jan/wallpapers/landscape_art_road_127350_2560x1440.png diff --git a/home/users/jan/wallpapers/nix-magenta-pink-1920x1080.png b/users/jan/wallpapers/nix-magenta-pink-1920x1080.png similarity index 100% rename from home/users/jan/wallpapers/nix-magenta-pink-1920x1080.png rename to users/jan/wallpapers/nix-magenta-pink-1920x1080.png diff --git a/home/users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png b/users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png rename to users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png diff --git a/home/users/jan/wallpapers/sea_waves_art_130915_2560x1440.png b/users/jan/wallpapers/sea_waves_art_130915_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/sea_waves_art_130915_2560x1440.png rename to users/jan/wallpapers/sea_waves_art_130915_2560x1440.png diff --git a/home/users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png b/users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png rename to users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png diff --git a/home/users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png b/users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png rename to users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png diff --git a/users/nas/default.nix b/users/nas/default.nix new file mode 100644 index 0000000..2525ce3 --- /dev/null +++ b/users/nas/default.nix @@ -0,0 +1,74 @@ +{ config, pkgs, lib, inputs, ... }: + +{ + nixpkgs.overlays = lib.mkAfter [ + inputs.wired.overlays.default + ]; + + local.nix.allowUnfreePackages = [ "skypeforlinux" ]; + + programs.zsh.enable = true; + + age.secrets.users-nas-passfile.file = ./users-nas-passfile.age; + users.users.nas = { + isNormalUser = true; + shell = pkgs.zsh; + hashedPasswordFile = config.age.secrets.users-nas-passfile.path; + }; + + home-manager.users.nas = { + home.stateVersion = config.system.stateVersion; + + ################################################################################ + # Configs + ################################################################################ + + local.keyboard.enable = true; + + local.window-manager = { + xmonad.enable = true; + polybar.enable = true; + }; + + xdg.enable = true; + + local.shell.enable = true; + + ################################################################################ + # Programs + ################################################################################ + + local.programs.terminals.wezterm.enable = lib.mkDefault true; + + local.programs.editors.gedit.enable = lib.mkDefault true; + + local.programs.file-managers.nautilus.enable = lib.mkDefault true; + + local.programs.communication = { + telegram.enable = lib.mkDefault true; + skype.enable = lib.mkDefault true; + }; + + local.programs.share-files.croc.enable = true; + + local.programs.libreoffice = { + enable = true; + + spellCheckDicts = with pkgs.hunspellDicts; [ + ru_RU + ]; + }; + + ################################################################################ + # Packages + ################################################################################ + + home.packages = with pkgs.unstable; [ + image-roll + vlc + + firefox + ]; + }; + +} diff --git a/users/nas/users-nas-passfile.age b/users/nas/users-nas-passfile.age new file mode 100644 index 0000000..e9b7586 Binary files /dev/null and b/users/nas/users-nas-passfile.age differ