From 9092a1384617119bf8c4e60014e9929503e0a46a Mon Sep 17 00:00:00 2001 From: Dmitriy Pleshevskiy Date: Tue, 16 Apr 2024 02:51:46 +0300 Subject: [PATCH] refac modules --- .agenix_config.nix | Bin 5057 -> 5157 bytes flake.lock | 70 ++++++- flake.nix | 32 +++- home/modules/dev_tools.nix | 50 ----- home/modules/editor.nix | 110 ----------- home/modules/mail/aerc.nix | 175 ----------------- home/modules/mail/default.nix | 5 - home/modules/pass.nix | 21 -- home/modules/shell.nix | 69 ------- home/modules/themes/default.nix | 86 --------- home/modules/work_tools.nix | 20 -- home/users/jan/accounts.secret.nix | Bin 2351 -> 0 bytes home/users/jan/default.nix | 62 ------ home/users/jan/home.nix | 88 --------- home/users/nas/default.nix | 35 ---- home/users/nas/home.nix | 34 ---- hosts/asus-gl553vd/configs/boot.nix | 13 ++ hosts/asus-gl553vd/configs/default.nix | 9 + hosts/asus-gl553vd/configs/networking.nix | 13 ++ .../configs/wireguard/default.nix | 21 ++ .../wireguard-asus-gl553vd-private.age | Bin 0 -> 1467 bytes hosts/asus-gl553vd/configuration.nix | 31 +++ .../hardware-configuration/default.nix | 36 ++++ .../hardware-configuration/generated.nix | 10 +- hosts/asus-gl553vd/users/default.nix | 19 ++ hosts/asus-gl553vd/users/jan.nix | 15 ++ .../users/xmonad-projects.secret.nix | Bin hosts/default.nix | 46 +++++ hosts/home/configs/android.nix | 51 +++++ hosts/home/configs/boot.nix | 13 ++ hosts/home/configs/default.nix | 11 ++ hosts/home/configs/networking.nix | 9 + hosts/home/configs/printer.nix | 16 ++ hosts/home/configs/wireguard/default.nix | 21 ++ .../wireguard/wireguard-home-private.age | Bin 0 -> 1467 bytes hosts/home/configuration.nix | 32 ++++ hosts/home/hardware-configuration/default.nix | 52 +++++ .../home/hardware-configuration/generated.nix | 2 +- hosts/home/users/default.nix | 19 ++ hosts/home/users/jan.nix | 41 ++++ hosts/home/users/xmonad-projects.secret.nix | Bin 0 -> 1377 bytes hosts/istal/configuration.nix | 13 ++ {nixos/hosts => hosts}/istal/data.secret.nix | Bin .../istal/hardware-configuration/default.nix | 8 + .../hardware-configuration/generated.nix | 0 .../networking.secret.nix | Bin 0 -> 821 bytes hosts/istal/services/default.nix | 5 + .../istal/services/wireguard/default.nix | 6 +- .../wireguard/wireguard-istal-private.age | Bin 0 -> 1294 bytes hosts/networking.secret.nix | Bin 0 -> 387 bytes hosts/tatos/configuration.nix | 12 ++ {nixos/hosts => hosts}/tatos/data.secret.nix | Bin .../tatos/hardware-configuration/default.nix | 8 + .../hardware-configuration/generated.nix | 0 .../networking.secret.nix | Bin hosts/tatos/services/default.nix | 5 + .../tatos/services/wireguard/default.nix | 6 +- .../wireguard}/subnets_user_list.secret.txt | 0 .../services/wireguard}/update_ru_routes.nix | 0 .../services/wireguard}/update_ru_routes.sh | 0 .../wireguard/wireguard-tatos-private.age | Bin 0 -> 1294 bytes {nixos/shared => modules}/common.nix | 16 +- modules/home-manager/configs/default.nix | 9 + modules/home-manager/configs/keyboard.nix | 25 +++ .../configs}/themes/catppuccin/frappe.nix | 5 +- .../home-manager/configs/themes/default.nix | 99 ++++++++++ .../configs/window-manager}/default.nix | 0 .../configs/window-manager}/polybar.nix | 10 +- .../window-manager}/scripts/exchangerate.nix | 0 .../window-manager}/scripts/exchangerate.sh | 0 .../window-manager}/scripts/external_ip.nix | 0 .../window-manager}/scripts/external_ip.sh | 0 .../window-manager}/scripts/get_volume.sh | 0 .../window-manager}/scripts/kdb_brightness.sh | 0 .../configs/window-manager}/xmonad.nix | 18 +- .../configs/window-manager}/xmonad_config.hs | 0 modules/home-manager/default.nix | 10 + modules/home-manager/games.nix | 17 ++ modules/home-manager/programs/aerc.nix | 179 ++++++++++++++++++ .../home-manager/programs/communication.nix | 18 ++ modules/home-manager/programs/default.nix | 14 ++ modules/home-manager/programs/dev-tools.nix | 97 ++++++++++ .../programs/editors/arduino-ide.nix | 9 + .../home-manager/programs/editors/default.nix | 9 + .../home-manager/programs/editors/gedit.nix | 9 + .../home-manager/programs/editors/neovim.nix | 179 ++++++++++++++++++ .../programs/file-managers/default.nix | 8 + .../programs/file-managers/nautilus.nix | 12 ++ .../programs/file-managers/vifm}/default.nix | 27 +-- .../file-managers/vifm}/vifm_catppuccin.vifm | 0 .../programs/file-managers/vifm}/vifmrc | 0 modules/home-manager/programs/libreoffice.nix | 24 +++ modules/home-manager/programs/share-files.nix | 20 ++ .../programs/terminals}/alacritty.nix | 11 +- .../programs/terminals/default.nix | 9 + .../programs/terminals}/wezterm.nix | 9 +- modules/home-manager/services/default.nix | 5 + .../home-manager/services/wired}/default.nix | 4 +- .../home-manager/services/wired}/wired.ron | 0 modules/home-manager/shell.nix | 73 +++++++ modules/machine.nix | 42 ++++ modules/nixos/configs/default.nix | 12 ++ modules/nixos/configs/fonts.nix | 36 ++++ modules/nixos/configs/keyboard.nix | 26 +++ .../modules => modules/nixos/configs}/nix.nix | 5 - modules/nixos/configs/sound.nix | 17 ++ modules/nixos/configs/system.nix | 51 +++++ modules/nixos/configs/window-manager.nix | 20 ++ modules/nixos/default.nix | 10 + modules/nixos/programs/browsers/default.nix | 8 + modules/nixos/programs/browsers/librewolf.nix | 27 +++ .../programs/browsers/mullvad-browser.nix | 28 +++ modules/nixos/programs/browsers/policies.nix | 91 +++++++++ .../nixos/programs/browsers/tor-browser.nix | 115 +++++++++++ modules/nixos/programs/default.nix | 8 + modules/nixos/programs/pass.nix | 19 ++ modules/nixos/services/collect-garbage.nix | 54 ++++++ modules/nixos/services/default.nix | 13 ++ modules/nixos/services/dnscrypt-proxy2.nix | 45 +++++ .../nixos/services}/fail2ban/default.nix | 0 modules/nixos/services/fail2ban/fail2ban.nix | 21 ++ .../services}/fail2ban/fail2ban.secret.nix | Bin modules/nixos/services/gnupg.nix | 14 ++ modules/nixos/services/i2pd.nix | 13 ++ .../nixos/services}/octoprint.nix | 4 +- modules/nixos/services/vpn/default.nix | 7 + .../nixos/services/vpn/wireguard/client.nix | 28 +-- .../nixos/services/vpn/wireguard/default.nix | 7 + modules/vps.nix | 22 +++ nixos/hosts/asus-gl553vd/default.nix | 86 --------- nixos/hosts/default.nix | 79 -------- nixos/hosts/home/default.nix | 174 ----------------- nixos/hosts/home/xmonad_projects.secret.nix | Bin 1544 -> 0 bytes nixos/hosts/istal/default.nix | 26 --- nixos/hosts/istal/networking.secret.nix | Bin 819 -> 0 bytes nixos/hosts/tatos/default.nix | 25 --- nixos/shared/encrypted-dns.nix | 36 ---- nixos/shared/fail2ban/fail2ban.nix | 12 -- nixos/shared/fonts.nix | 32 ---- nixos/shared/garbage-collector.nix | 14 -- nixos/shared/gnupg.nix | 11 -- nixos/shared/headless.nix | 13 -- nixos/shared/kernel.nix | 12 -- nixos/shared/networking.secret.nix | Bin 401 -> 0 bytes nixos/shared/sound.nix | 14 -- nixos/shared/tor-browser.nix | 124 ------------ nixos/shared/window-manager.nix | 22 --- secrets/users-jan-passfile.age | Bin 2426 -> 0 bytes secrets/users-nas-passfile.age | Bin 2481 -> 0 bytes secrets/wireguard-asus-gl553vd-private.age | Bin 1624 -> 0 bytes secrets/wireguard-home-private.age | Bin 1552 -> 0 bytes secrets/wireguard-istal-private.age | Bin 1348 -> 0 bytes secrets/wireguard-tatos-private.age | Bin 1435 -> 0 bytes users/jan/accounts.secret.nix | Bin 0 -> 2361 bytes .../jan/browser/Redirector.json | 0 users/jan/default.nix | 126 ++++++++++++ {home/users => users}/jan/git/default.nix | 6 +- .../users => users}/jan/git/github.secret.nix | Bin .../users => users}/jan/git/gitlab.secret.nix | Bin .../users => users}/jan/git/myrepo.secret.nix | Bin users/jan/users-jan-passfile.age | Bin 0 -> 2351 bytes .../animals_tree_branch_129397_2560x1440.png | Bin ...artist_waves_colorful_129158_2560x1440.png | Bin ...boat_river_loneliness_129582_2560x1440.png | Bin {home/users => users}/jan/wallpapers/build.sh | 0 .../wallpapers/catppuccino_landscape_1.png | Bin .../child_river_dreams_127495_2560x1440.png | Bin ..._people_reflection_sea_92817_2560x1440.png | Bin .../couple_hugs_art_140777_2560x1440.png | Bin ...eer_silhouette_forest_130032_2560x1440.png | Bin .../landscape_art_moon_127187_2560x1440.png | Bin .../landscape_art_road_127350_2560x1440.png | Bin .../wallpapers/nix-magenta-pink-1920x1080.png | Bin .../sea_sunset_art_131736_2560x1440.png | Bin .../sea_waves_art_130915_2560x1440.png | Bin .../torii_art_solitude_129792_2560x1440.png | Bin ...wolf_silhouette_hills_130119_2560x1440.png | Bin users/nas/default.nix | 74 ++++++++ users/nas/users-nas-passfile.age | Bin 0 -> 2351 bytes 179 files changed, 2416 insertions(+), 1538 deletions(-) delete mode 100644 home/modules/dev_tools.nix delete mode 100644 home/modules/editor.nix delete mode 100644 home/modules/mail/aerc.nix delete mode 100644 home/modules/mail/default.nix delete mode 100644 home/modules/pass.nix delete mode 100644 home/modules/shell.nix delete mode 100644 home/modules/themes/default.nix delete mode 100644 home/modules/work_tools.nix delete mode 100644 home/users/jan/accounts.secret.nix delete mode 100644 home/users/jan/default.nix delete mode 100644 home/users/jan/home.nix delete mode 100644 home/users/nas/default.nix delete mode 100644 home/users/nas/home.nix create mode 100644 hosts/asus-gl553vd/configs/boot.nix create mode 100644 hosts/asus-gl553vd/configs/default.nix create mode 100644 hosts/asus-gl553vd/configs/networking.nix create mode 100644 hosts/asus-gl553vd/configs/wireguard/default.nix create mode 100644 hosts/asus-gl553vd/configs/wireguard/wireguard-asus-gl553vd-private.age create mode 100644 hosts/asus-gl553vd/configuration.nix create mode 100644 hosts/asus-gl553vd/hardware-configuration/default.nix rename nixos/hosts/asus-gl553vd/hardware-configuration.nix => hosts/asus-gl553vd/hardware-configuration/generated.nix (89%) create mode 100644 hosts/asus-gl553vd/users/default.nix create mode 100644 hosts/asus-gl553vd/users/jan.nix rename nixos/hosts/asus-gl553vd/xmonad_projects.secret.nix => hosts/asus-gl553vd/users/xmonad-projects.secret.nix (100%) create mode 100644 hosts/default.nix create mode 100644 hosts/home/configs/android.nix create mode 100644 hosts/home/configs/boot.nix create mode 100644 hosts/home/configs/default.nix create mode 100644 hosts/home/configs/networking.nix create mode 100644 hosts/home/configs/printer.nix create mode 100644 hosts/home/configs/wireguard/default.nix create mode 100644 hosts/home/configs/wireguard/wireguard-home-private.age create mode 100644 hosts/home/configuration.nix create mode 100644 hosts/home/hardware-configuration/default.nix rename nixos/hosts/home/hardware-configuration.nix => hosts/home/hardware-configuration/generated.nix (98%) create mode 100644 hosts/home/users/default.nix create mode 100644 hosts/home/users/jan.nix create mode 100644 hosts/home/users/xmonad-projects.secret.nix create mode 100644 hosts/istal/configuration.nix rename {nixos/hosts => hosts}/istal/data.secret.nix (100%) create mode 100644 hosts/istal/hardware-configuration/default.nix rename nixos/hosts/istal/hardware-configuration.nix => hosts/istal/hardware-configuration/generated.nix (100%) create mode 100644 hosts/istal/hardware-configuration/networking.secret.nix create mode 100644 hosts/istal/services/default.nix rename nixos/hosts/istal/services/wireguard.nix => hosts/istal/services/wireguard/default.nix (91%) create mode 100644 hosts/istal/services/wireguard/wireguard-istal-private.age create mode 100644 hosts/networking.secret.nix create mode 100644 hosts/tatos/configuration.nix rename {nixos/hosts => hosts}/tatos/data.secret.nix (100%) create mode 100644 hosts/tatos/hardware-configuration/default.nix rename nixos/hosts/tatos/hardware-configuration.nix => hosts/tatos/hardware-configuration/generated.nix (100%) rename {nixos/hosts/tatos => hosts/tatos/hardware-configuration}/networking.secret.nix (100%) create mode 100644 hosts/tatos/services/default.nix rename nixos/hosts/tatos/services/wireguard.nix => hosts/tatos/services/wireguard/default.nix (95%) rename {nixos/hosts/tatos/services => hosts/tatos/services/wireguard}/subnets_user_list.secret.txt (100%) rename {nixos/hosts/tatos/services => hosts/tatos/services/wireguard}/update_ru_routes.nix (100%) rename {nixos/hosts/tatos/services => hosts/tatos/services/wireguard}/update_ru_routes.sh (100%) create mode 100644 hosts/tatos/services/wireguard/wireguard-tatos-private.age rename {nixos/shared => modules}/common.nix (58%) create mode 100644 modules/home-manager/configs/default.nix create mode 100644 modules/home-manager/configs/keyboard.nix rename {home/modules => modules/home-manager/configs}/themes/catppuccin/frappe.nix (98%) create mode 100644 modules/home-manager/configs/themes/default.nix rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/default.nix (100%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/polybar.nix (95%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/scripts/exchangerate.nix (100%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/scripts/exchangerate.sh (100%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/scripts/external_ip.nix (100%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/scripts/external_ip.sh (100%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/scripts/get_volume.sh (100%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/scripts/kdb_brightness.sh (100%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/xmonad.nix (88%) rename {home/modules/window_manager => modules/home-manager/configs/window-manager}/xmonad_config.hs (100%) create mode 100644 modules/home-manager/default.nix create mode 100644 modules/home-manager/games.nix create mode 100644 modules/home-manager/programs/aerc.nix create mode 100644 modules/home-manager/programs/communication.nix create mode 100644 modules/home-manager/programs/default.nix create mode 100644 modules/home-manager/programs/dev-tools.nix create mode 100644 modules/home-manager/programs/editors/arduino-ide.nix create mode 100644 modules/home-manager/programs/editors/default.nix create mode 100644 modules/home-manager/programs/editors/gedit.nix create mode 100644 modules/home-manager/programs/editors/neovim.nix create mode 100644 modules/home-manager/programs/file-managers/default.nix create mode 100644 modules/home-manager/programs/file-managers/nautilus.nix rename {home/modules/file_manager => modules/home-manager/programs/file-managers/vifm}/default.nix (51%) rename {home/modules/file_manager => modules/home-manager/programs/file-managers/vifm}/vifm_catppuccin.vifm (100%) rename {home/modules/file_manager => modules/home-manager/programs/file-managers/vifm}/vifmrc (100%) create mode 100644 modules/home-manager/programs/libreoffice.nix create mode 100644 modules/home-manager/programs/share-files.nix rename {home/modules/terminal => modules/home-manager/programs/terminals}/alacritty.nix (93%) create mode 100644 modules/home-manager/programs/terminals/default.nix rename {home/modules/terminal => modules/home-manager/programs/terminals}/wezterm.nix (88%) create mode 100644 modules/home-manager/services/default.nix rename {home/modules/notifications => modules/home-manager/services/wired}/default.nix (69%) rename {home/modules/notifications => modules/home-manager/services/wired}/wired.ron (100%) create mode 100644 modules/home-manager/shell.nix create mode 100644 modules/machine.nix create mode 100644 modules/nixos/configs/default.nix create mode 100644 modules/nixos/configs/fonts.nix create mode 100644 modules/nixos/configs/keyboard.nix rename {nixos/modules => modules/nixos/configs}/nix.nix (87%) create mode 100644 modules/nixos/configs/sound.nix create mode 100644 modules/nixos/configs/system.nix create mode 100644 modules/nixos/configs/window-manager.nix create mode 100644 modules/nixos/default.nix create mode 100644 modules/nixos/programs/browsers/default.nix create mode 100644 modules/nixos/programs/browsers/librewolf.nix create mode 100644 modules/nixos/programs/browsers/mullvad-browser.nix create mode 100644 modules/nixos/programs/browsers/policies.nix create mode 100644 modules/nixos/programs/browsers/tor-browser.nix create mode 100644 modules/nixos/programs/default.nix create mode 100644 modules/nixos/programs/pass.nix create mode 100644 modules/nixos/services/collect-garbage.nix create mode 100644 modules/nixos/services/default.nix create mode 100644 modules/nixos/services/dnscrypt-proxy2.nix rename {nixos/shared => modules/nixos/services}/fail2ban/default.nix (100%) create mode 100644 modules/nixos/services/fail2ban/fail2ban.nix rename {nixos/shared => modules/nixos/services}/fail2ban/fail2ban.secret.nix (100%) create mode 100644 modules/nixos/services/gnupg.nix create mode 100644 modules/nixos/services/i2pd.nix rename {nixos/modules => modules/nixos/services}/octoprint.nix (94%) create mode 100644 modules/nixos/services/vpn/default.nix rename nixos/modules/wireguard-client.nix => modules/nixos/services/vpn/wireguard/client.nix (67%) create mode 100644 modules/nixos/services/vpn/wireguard/default.nix create mode 100644 modules/vps.nix delete mode 100644 nixos/hosts/asus-gl553vd/default.nix delete mode 100644 nixos/hosts/default.nix delete mode 100644 nixos/hosts/home/default.nix delete mode 100644 nixos/hosts/home/xmonad_projects.secret.nix delete mode 100644 nixos/hosts/istal/default.nix delete mode 100644 nixos/hosts/istal/networking.secret.nix delete mode 100644 nixos/hosts/tatos/default.nix delete mode 100644 nixos/shared/encrypted-dns.nix delete mode 100644 nixos/shared/fail2ban/fail2ban.nix delete mode 100644 nixos/shared/fonts.nix delete mode 100644 nixos/shared/garbage-collector.nix delete mode 100644 nixos/shared/gnupg.nix delete mode 100644 nixos/shared/headless.nix delete mode 100644 nixos/shared/kernel.nix delete mode 100644 nixos/shared/networking.secret.nix delete mode 100644 nixos/shared/sound.nix delete mode 100644 nixos/shared/tor-browser.nix delete mode 100644 nixos/shared/window-manager.nix delete mode 100644 secrets/users-jan-passfile.age delete mode 100644 secrets/users-nas-passfile.age delete mode 100644 secrets/wireguard-asus-gl553vd-private.age delete mode 100644 secrets/wireguard-home-private.age delete mode 100644 secrets/wireguard-istal-private.age delete mode 100644 secrets/wireguard-tatos-private.age create mode 100644 users/jan/accounts.secret.nix rename {home/users => users}/jan/browser/Redirector.json (100%) create mode 100644 users/jan/default.nix rename {home/users => users}/jan/git/default.nix (93%) rename {home/users => users}/jan/git/github.secret.nix (100%) rename {home/users => users}/jan/git/gitlab.secret.nix (100%) rename {home/users => users}/jan/git/myrepo.secret.nix (100%) create mode 100644 users/jan/users-jan-passfile.age rename {home/users => users}/jan/wallpapers/animals_tree_branch_129397_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/build.sh (100%) rename {home/users => users}/jan/wallpapers/catppuccino_landscape_1.png (100%) rename {home/users => users}/jan/wallpapers/child_river_dreams_127495_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/couple_hugs_art_140777_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/landscape_art_moon_127187_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/landscape_art_road_127350_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/nix-magenta-pink-1920x1080.png (100%) rename {home/users => users}/jan/wallpapers/sea_sunset_art_131736_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/sea_waves_art_130915_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/torii_art_solitude_129792_2560x1440.png (100%) rename {home/users => users}/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png (100%) create mode 100644 users/nas/default.nix create mode 100644 users/nas/users-nas-passfile.age diff --git a/.agenix_config.nix b/.agenix_config.nix index 539dfa878bbaf37ca05c5fbcfb1fc13723a2c6e7..dc5d24bbc948bb17f8f7530a0cde3a92a76b7110 100644 GIT binary patch literal 5157 zcmV+=6x!Ki!WYrIQNn6w1xb(F`>uS~*YWuFSHGyU%%CepLa7FEHTi3Ut6q~GMC8A? zc!z#(bVFaa8p}^g#^=iohmi2-yT&me@JCpX3yMD!Gg-b;pBhL1zbR3~@@f5Veost| zSvpPgl$`w|o64eRpz0+i%6BgPy75guF2p2?ZXC9y-wR~y;@sog5rkXkRYQ~v{KynW=}>aU>7yb?K`L<% zM35AyD%%--6fO3EK3O;(#f3ePFp$P1{T}h?g+zy{1-Fz0B2VU9Ay;;TcQU4} z)kaN{=@=Iw6&7$kDWZv);NvkVVy6G7bYh-RA2gfD2Fb2X3ulHLB7xL3b>;*R&7){z zPRvmCCtEw0MVak@CAT4)gh)iy!2kP~g29HF(?3#kc#4XZ&~(V@uQBgGp=(eBy^^8T zKT5_L3QZ*CF~bN63;~3Y^o`GyP>b@)G=%;ySL)t)Zkl>^QS*o;TV9h z{8)2$ge2Nhgfw{EXS}*L6-Pk{_^$4EC}JBAMqe4}c&nXP7p#b78B%okG8^vF@>BDF zD=a=cuCy7}!q+oQ`>=DRodf-~oDJL{`j-{`7pfj48%q!XYk=|Cc9DPj)6B0>Q)QSb8=sCj;t>VU zSuc%i(>=!K9w_&(9{3qqHZ02UmfVOr9t%F@zJbg10hYOTMfm^{`QDLe9MYOPL<5@M#zQ1T z_)!1n^(mp$yx`v_C{iLmmI_+%5+Cgyeh=RF;ElhlC0qgYsMOA*O^lAS6@F{eub|4inPzrAqm z7wBV!d)wgvzzb*z^j8Y;@VBtTSN{jA{9yywwB+J%*;ho@)=b>b9OdjZ`9P3*xShgE zg%rtv`KjLk$kCfybwo6LW%lBDG6n_Qe_A8!x-JvC5}BT|^qy^EPoDn=#I`4K*BajU zt=8BaLli@QBy1dodSZiCLp|2O#9uN?K)zv%1wlG^XLxIX!QmBHyY}Ovx^($SnJs(C z%tUv?6)FxBA*$vp)#=OnMcnD>K> zHIzk>Y_WD!?7Rgl$Rj=|zUxXXKFX$T#9`{;SL)=TX-Xp$mCZk>NAYj zXvzKhaKYYjp3CDjQdlPjp%})cPU3bjV8B(Jk4iMOLTK2!6e|CLAi+5k@EB`OZnt_+ z`7L|9U31FrvGf`4vX*I#{!aEn# z`i2$RQCssG1H1?)lvS=0@=lH_M>b@_n&g5BPs8}S<%|fvV~e8JUQCF%zFu9}164j0 zqU_3|wYD4Q+yryRQyEKbV{#}?_yzphcbM5x{JauGIs^;UZpKr*oQ1o}*~kZ{(b>z4 zSJ|#O6|Y$tBkONP93-3tK>PE^o%&~S{t%kMnh~7Sn&?`S^E!#*AcnEtg}MbNMjIEX z8o3BL`L&`yk^mwD8^JXgaRTjQz56zvv0#1UASlDfYOc8b!%GxA$z^!%R z39jtO1Bs3l>g_#S_@@t~I(PLx$UNn&88?i~c~RdKF-$i;*_9q?o-tZP5Ucf@mQKgl zCpAG5hv<_IV$kG_B|7NHa+4NTsZ;z=krFQ#Cd9a>MLZOuD%h9Vp^BVd z;yS%=mZ%<{eMPKVy{OTDCD@gauyF0#@aG-Ycyj!vJ@d{N1cY{`(Z5wE)QlJ_w)&;J zlRNI_k#hsx5a^VmzQ@q*%k4+DH$^Q2ck0z6pbdDx1y`!uNf2N0Y3T7Wcn+xYSUFKl@jg2x4`#0YGs1&!9>N zYCTJ*Lz&lpQ!#9$!wf6quuF>(et-et745`GNx2M*KcQ*`FnEH3kPzl@N>~j$#h90j zp!V|_`L7%Qh;6WhcH!sy&93+FSB^Th;GU|bZjEYYQ-_n>hV9(qDoxggxaOgj;`R;+WV>DHJxxtLcR|aRF$qHVG4kGN>5|0EF7N zO+JARJu3Xuq#M@&f2;&0>+I4V!WJP^ZU^%SsSrQQ9Anw2NO@F`^|bT2qU3a^shlp> z(5bYH+{qtX2G)Q;n}C$c1$ybFd?6s&xgk8lA&?xM2&{6&fk>qpX#As#L68@Y*gY+1 zP+0(D$~Wq-V|v?qVMCk`ob1hgArk4+w%Q=8Nu>%KH^O@Zt8aD-Iti^Wi=t4(NtO_k=>iespp`YoTO+ zmXd|PsmpB9wM@b-Vps8wO2%D><2^h1x!k&86*j4Ahq5BOq+FHRAK)B=_(7dE@D$?L z1x;9>>%NZa4JjtgE|+)^7wfK@z2)=YG|FbbAM@2+1z@PXyqvr!*6Pa@8n#yVo&NlR za9@h~wLUkOM<;PdzD7@D_4i^m101pJbQ- z-&FDBA}X!FCX_jewaHu6ItGO>HL#23b}T)hjuCZ;ga1`d)MT(aIC@J3yeu^V99zfV z4R=9f?riE+@y?4 zd7H_D9LNl7lrnyl3AeBNhlo$i#Ia%ywamnZgXQBBK1>O7v@!Q+Bvy>mz|YUomnM37 zNlInD(m*g2)pr&(5J3rkI#-6cvXvE(-YoaMr+Isg_4rv2*1nc@v}RdL#Nq5FUKYQ% zzas}ITkHn*$45BX`1SXaWg(8Uu9UA@P=BlCBbkYHg!+#~ztnLieF?vFRZH^~b!>&3 zm|_q%B650Mq9ZB^3l~hf&f02UWlakb3YHAuQ}nm03bc(>3D_+74#~0$;_C3brkq}` zpRtLaqSYSh)uJ6(uhIyZ*jt5594J=|Tks>kq*UU&NYK5wm*U+6hRbsF-|cL@qP@RnkIss>@IhWkCJd9^x7rXL0z ze_=-ZA&6iACtmJ?OddB7v)}gp1cU=V3$g@3Deb9ZQC0H8R;i4p_v9`SjOd}&=8)f2 zTk)1R6Slxr@2P|I&rd8jN*{3^9a9;%%fBH7hp=6ub=bWmwR#~_cfk%GC7A+k{aEG= z%5A@_dK4{lbK~0P3bQ!STwna4KcFTc$CvRzag;yWJ(iyY{p|ag0D~UR?I6=+ps6Bh zyzK4`ucH@2EF4sE%Oeiap!^($@Q+>U6#w3*We}#FQqe{IQ}%&`$V_bXeb;3f9a%k= zPTmLuiHH=l2t79d7yY<{d4nH~C2P@rkLIsnjMoAwM+BkQ1apomOfU4$V zeF@h~XICqz`DY%mYW#W{)bwn{@18RZ1yUNATj4CPs>(yo&$ie*PvXB)bHqE0C1r);$`VY49?#zlGT^hYvL1%NV>sKm~EW+o#OQIIOp;$rWZ*JD) zmHq|Gdw4cUu*z~y*SQ7#qQm2}%V~5veM1~-FesD)(Mlf$>Oi`~ffY}j6)Hrf`bdjg z>*(SEdeTL6Jf>$}ga_!Dda7F;(I|&Zc-hCEbNL)DOVckG2UDBHtno6}Bdvx6=Bm|! zms0rSo-6(aDqp-0m=&4Rb(6|V$V*%fg-_G87dX9dX3ur9Cw8v-Ko^K|6tz=EFqzzY*i~rgiTCWm+hcJ|a=C4u$)yNZ!1B`Xs^&*eZ$LKgceR6t6AFjq zg|HsKURUuaJl=%a%1y*{VDL#Q(iG^7l4VEL$pG{GxkwfS%=ZLbv7elNyGC|d!F~Rb zj}3{&O)(+?SC%F-LewC(BA&J_XE7o^SJa4BnRV<(!-?fICX?6}Ox?eF8qr{ypR(mz?KT>OC+uyN!=kl?=O!z4sJIo9z zR`uN(qpc)!xMWpCUQY-!n1~}8^>nag#0y&fbEpv)mL!!+VmAD6cb`jieWWj`j;rOH z0dj~s2@LtX05IuJfa>4izish;zw95XJ==$o18b~TQ1*OI6ffuS`w{p16t0IAPag7B zgU}1I>pF4`LoX;}M@wQ3^gl~^DAzmyo&rRqkyKj8uv$;FIM!Y*zFS`Lt&vZ*2NC1l z!FhI5eXQ}SZPDUf%c&tn0N$Z_p2g6@+Ip%=@42%T=-`$ge!?#Sp+Wek+>EtI~lw0oHMJ~>F TRG<9S8lrymp$`EIPM;rQ!npJ` literal 5057 zcmV;y6F%$!M@dveQdv+`04)$X_5USVvx~@-F({*>3Q;CuaV0z-GjC(EBE7pp4jHihG9=%?1+9QG z-0TN2Y5>})3d@ljn5mfI%Z4kw+B;%yD|&$t(Qd$<26%=q<-S>iRWx*^-NuY965oS) zDWbq6RR;^X$AgUu`Mh$?+sz*>j>w~wGdy1b-Onq&!W54(d1Hbf>C};{>ad3aV7CBw zgg0EG?a}C45b85MUX^2#^_Hz7kMm`Y&p31Mls--cUq{~ox9mcpgKizfdhfPmbh_u# zXkB*Q(`;95yv{*o#aB5MLSam4?mmmFKd2Q?bTpU&2$6*9;>s`3yLn8b&iLIF zC(AvWI)dT*Cxf*3QdtN34knbZXgSO(ZTUGle~vXCj~9BTO?Ia{H^7eb$~g`xU)D0&X2}yDtdxmNGJmNCOj;r&O|*aIz{DHK_Yo9z!)0 zrW1m7&u@0yEUVrbAI*Ox^GXD|Mp~s~got2YN5Tyvh@?>ZDa|(`zh|?Qi7Jpu5fW{M zV;L~m@@ep`vW!Z;V1`R?6G#CS#GQZ9J7!DZJDkU~~N!l)%X=`A&IAfj&uC z=H~~6CmlfD8PsjxVMlml5Vxo@%5B~)(Z1V1fYw7KC*|8=%IB=@nrr*}{hf7Zo4m_< zNi%;=V_8&gyjsxj?Ysc$^D#}x^_!6?gQF-ktElyWMvY5%>^;KcWGUY>aFQVA#ccRt7yeeOG*;p1})ivj`hAm&xi! z$ES=FoLE@L<2iVJKynuQRnsWi)M;V4ruk3UtWshea&bkvGUL{VYAAYze>-@*(?=Mt zm{sRZ;z}P=9=4~c_kkJFx$c~C2Y@QO@1s_OU_mvJk1JUx5ZMI!VQwkehiNF-+OxnV zyauD-h62F|DIr2h3BK`xr`Kx+B_-bvYYlM3 zX<42ay-*=RuMx-9#x%xwsF}s|FEa+mIfB;MyE%*^HUxKM>1Z1%by+B@6!imQaD+!;&8UTpwE(1hM=3+UaFN5fk=bFP#$)jG7;#-MfxPJI3k-? zR*U^sxP0Ur1Q%*&=r{v>7IC&EMGkNI`LMxXLoPXSxD)fk*`0T{U|Ko&ih-@0f-Pl7 zuQg;-Rriy-XcxPy$Yz41vHw3=$A%46(9;wVo>k~FUO3aT%ppyb5B9VqjqWHgziK1D zf$3a_h}`M9lI5`{R}Ib7cP}t%8`P z$uVe_T^&o~X=a z69id;-MR`R9Y+GnJTtj<2Qo z6MBo-3nCfrokzZO43-6oT=qR{N}w$duClrFBt2y!azf~CvkKe=K0#$yjWgLe!lOAm z5*BfksS?K`Dqg)Y@3$9$E{d-Hge9clY{hj)Ns|$F*M^`XVuMT2;FQowp@VGpMey~^ z?I8jvzVwPz{_DF>S+&-$9p$}z*h06hb4J-+xVKFtWr1{V+^RIfKKTlfGJ%Uzp-@?w zE~)5F!sZe@1y99dKJ!PBp&yHrDs9+@QM>4DnnK`%=y`I&$gMeBF#Ddsp ze}K99*pE~%*PM|y#Fy_2-_HkIc#7oEqxy9bCQWH#GjJqC%%Wu)iCP)GOQ}!)vo?S~ zy83qypnqY|Aa$n73uZ1pUVBv+>3QkLFFg0hAIO^hvifApMj*+_z^XGTyT#Xb^I(D$pZdxUoed~h3T3^gnxrIZ} z1e~JrV67Dm0vQu+#$__lW5JepaA!%(G~_U0qq19$vKUWU(v5EWN8?-#caV4nKRX6% z))*AxH-zFs;1d%nK00X7li&<4h?BQ5|7 zWh@`-d!>u)L*;n;(x+#hVTrFgJ?Y|2GY-tx?%i=I zBnzWiTkU_St;cAdHk$S-^RW#rV|S{4gthi?NltNq40h66M66R=ZxAvbo5m$}e#!L$ z4lL1QE3XTWf$I*|9mGh(eXT%p&KOiQZI0=Wu4fMZ_nBsJtBVugD#2`$Kas$MH%94v zUaTg_bn?o`(3PK{rYHI)%LaN@Te4(R}w)Gl6F z8~g?3ADN%n)R3WpWbQw~amGd<3y6`j>{ZG_FmXz?phl2PXnkZN@0(w$4CcmMV)22k z%8`3ymO(%JYVsS0nn3W1gees^eZOzaM!)=MdE?OP2>tPPGaoYXx62qdcZ<<90ZN}R zXa!`jNjBGe#pBZv8HfxrTPGY05A=^`Q0Oqc4TfQ@%nsSgSJUzwY^82 z4bb6Wex1uS(7Yk327wV1Mv@W8P+6tlo(1Byqu$BQVR1`_x2u*n$1_Q@kvkP^5Q)#P zRa7Hc9msovc=H6!tRV774$FVi9WZS|n$tm^>~!L=EJ)|%G>_OuI{i#qdV3|h{UHMT z98!>u?srHJVa;beDMwD&Sw8w7wJ2jN!0iBE-AjMH9D^>#j4Jw*$nd~IEa!W4rpPPr zG96NLkI_c!C0t$bDk785@lGBPEapx__`@|bDln(H(v(vnn8CzSvf5|?hZm?nTq@ou zPYDz31o;t>>(mUcqL*=VyXBa+b*i<_kW_LSfhKGoA?fxX$(Qyb%IW0R5Cav<5xP{%6_OaqT3H8r&}Iwf@lvpx+6IagD&2g6=^~$*d3IK z#GYZr&fp;>)|*43YYL36L;4lt?PPMYaQ1_L(`Pv)LUP=0g}>JY3d=mwdboDj{dZuD zQmuo3GrW-82Gmo=6Ni_emNeprmf;5NK9gS#!w;oqjUR~p*FxfekSJi6Ulpr<-|PSr zsAvQdQ0O|Q!Z3dHZS^juK7x`WggXGk<2F{onWcDQgw~{Ra6huQt{u?2c6TB(@Q~ygZlHw@x+oS6O60US#|^HnO(iBb1eXfCbl@6=`BJYARA@&@@} zm;#;?Wm9LkmQ?NcI;PaD`yg!Yt6C>4pFFpKrnuw|Q#o0hoia4v+4AuJux}_^xCU5i zQu{5I-8E}42x}-iHsYq+-aZ$Gp$LW+@dLkdOoFrM`Hose{3g_}bO zd?si1M#0b1YTPgpDsByhalV7aD~4;CFwO3!)laJ0rd zK#NPnKlgZgK%R8ofI&4qCJf`Rklu-<>F1!+{NSCJ{!@GR831S-pS+bj&SeSBjrOR3 zn1SuMluj+O7`3n%b6LWxK;EbiKztEG!FA`Ztn?(|Mg}x=*SEnvM@f9Ov0kfT+*^$4 z_0R14s=A~xDC{Nx`lx67fFmunJoBz<(aHg!%(?WSZE5)=Sd-vK(OX#b1N{0us~;i& z<66R*Borrn#sm;UH6`2*S;>&eBA8aG_9`CpOd1Jw@bie4OCcl9maDYjg161)ze_f# z4%MnqSw~VBsZc=(+~Wa_KKtS^q1`J=`RJkkj@RYwoz^$It6iJs*89Y}9Y z=(YWn{|{IpatY-rOS=2jWH0&wJh7#`4Tu;SeZQ9r&w&=34GH@z+z*vm0_P+~oNflQ z^K!5SMI$HIe(}P=Tb*G>M{g`0me6W?5mR(qcJu7!5J4@p7qxR8iLmo?1`1I2sAXM3f}K=|+U+ zLzK0nG$v%ad29o_)#W9)ucJZSZYH-U>c~!1du|m-*$#5UG3EvAZZCMymT*{bteVcYqr$|Y>;&}M7k(C2-=BNN0RYpa#?O4NP1kj z(Zd*+ewmh@F0CCq{l_4AVMYn@rDg>8&UWb5$s5UO7tQ{Xri}o@Mr!GfH*Lt&j$P9; z?!m;^l&cNVb0Yc6-qphc?va@t7;b)~5DA6BP=Mc855|XWBNJHeg2qHeQFAa>CK4K% zt#>}))N(j4vp$)%y)ANC8qy|D&Hip#tr%dA))vA#4pyw6QpkYl;(@S@ibn??{@Yg9 z@C@Mk(K!1L-XssTy?BXcjciVJ-G(l1m6P0Sbi$s#_e2r9jEB$_j)|FEmGHNflWB5$2&A0PuBaT9pKQ8^!n5-PhrMqT z;ya`#%I#e=2iN#%6`0Y62>WZdwurjNx88_z=Y<=uDC}}yN!$6Cx4i%)i7dolK+XV! zSD!SdHcNr87?q{t^-{&~O4Xkpb-Xtnz-u&4ix=VtQ}DKjY0vr#Z(Ne=Q" = join "." [ - (mkCall "require" [ "telescope-live-grep-args.actions" ]) - (mkCall "quote_prompt" [ ]) - ]; - }; - }; - }; - lspSaga.settings = { - border_style = "rounded"; - symbol_in_winbar.enable = false; - code_action_lightbulb.enable = false; - code_action_keys = { quit = ""; }; - definition_action_keys = { quit = ""; }; - rename_action_quit = ""; - }; - lspConfig = { - servers = { - nickel_ls = { }; - nil_ls = { }; - tsserver = { }; - eslint = { }; - volar = { - init_options = { - typescript.tsdk = "./node_modules/typescript/lib"; - }; - }; - denols = { - root_dir = mkCall "root_pattern" [ "deno.json" "deno.jsonc" ]; - }; - rust_analyzer = { - settings.rust-analyzer = { - "server.path" = "rust-analyzer"; - "updates.prompt" = false; - "updates.checkOnStartup" = false; - "checkOnSave.enable" = true; - "checkOnSave.command" = "clippy"; - "cargo.autoreload" = true; - }; - }; - pylsp = { }; - ltex = { - language = "en-US"; - languageToolHttpServerUri = "http://localhost:8081"; - }; - }; - }; - lualine.settings = { - options.ignore_focus = [ "NvimTree" ]; - sections = { - lualine_a = [ - [ "filename" (mkNamedField "path" 1) ] - ]; - lualine_b = [ "branch" "diff" "diagnostics" ]; - lualine_c = [ "lsp_progress" ]; - lualine_x = [ "filesize" "filetype" ]; - lualine_y = [ "progress" ]; - lualine_z = [ "location" "mode" ]; - }; - }; - orgmode.settings = { - org_agenda_files = [ "~/orgs/**/*" ]; - org_default_notes_file = "~/orgs/refile.org"; - win_split_mode = "tabnew"; - org_hide_leading_stars = true; - }; - }; - }; -in -{ - home.packages = [ - pkgs.ltex-ls - myneovim - - pkgs.unstable.arduino-ide - ]; - - home.sessionVariables.EDITOR = "nvim"; -} diff --git a/home/modules/mail/aerc.nix b/home/modules/mail/aerc.nix deleted file mode 100644 index bb8a429..0000000 --- a/home/modules/mail/aerc.nix +++ /dev/null @@ -1,175 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - exec = cmd: ":${cmd}"; - fill = cmd: ":${cmd}"; - - globalBinds = { - "gt" = exec "next-tab"; - "gT" = exec "prev-tab"; - }; - - commonMessageBinds = { - "U" = exec "unsubscribe"; - "dd" = exec "delete"; - "mA" = exec "archive flat"; - "mS" = exec "move Junk"; - "mI" = exec "move INBOX"; - }; -in -{ - accounts.email.maildirBasePath = "${config.xdg.dataHome}/mail"; - - # See: https://git.sbruder.de/simon/nixos-config/src/branch/master/users/simon/modules/mail/aerc/default.nix - programs.aerc = { - enable = true; - package = pkgs.unstable.aerc; - # https://git.sr.ht/~rjarry/aerc/tree/master/item/doc/aerc-config.5.scd - extraConfig = { - general = { - unsafe-accounts-conf = true; - }; - - ui = { - # See https://godoc.org/time#Time.Format - timestamp-format = "2006-01-02 15:04 MST"; - this-day-time-format = "15:04"; - this-week-time-format = "Monday 15:04"; - this-year-time-format = "02 January"; - pinned-tab-marker = "車"; - border-char-vertical = "│"; - border-char-horizontal = "─"; - fuzzy-complete = true; - new-message-bell = true; - index-columns = "date<20,from<30,flags>4,subject<*"; - column-from = "{{ .From | emails | join \", \" }}"; - }; - - statusline = { - display-mode = "icon"; - }; - - filters = { - ".headers" = "colorize"; - "text/html" = "html | colorize"; - "text/plain" = "colorize"; - "text/rfc822-headers" = "colorize"; - # "text/*" = "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME'"; - "message/delivery-status" = "cat | colorize"; - }; - - hooks = { - mail-received = "notify-send \"New mail from $AERC_FROM_NAME\" \"$AERC_SUBJECT\""; - }; - }; - extraBinds = { - messages = lib.mkMerge [ - globalBinds - commonMessageBinds - { - "q" = exec "quit"; - - "j" = exec "next"; - "" = exec "next"; - "" = exec "next 50%"; - - "k" = exec "prev"; - "" = exec "prev"; - "" = exec "prev 50%"; - - "gg" = exec "select 0"; - "G" = exec "select -1"; - - "J" = exec "next-folder"; - "K" = exec "prev-folder"; - "c" = fill "cf"; - - "" = exec "view"; - "C" = exec "compose"; - - "/" = fill "search"; - "\\" = fill "filter"; - "n" = exec "next-result"; - "N" = exec "prev-result"; - #"D" = exec "modify-labels +deleted -inbox"; - #"A" = exec "modify-labels -inbox"; - #"ms" = exec "modify-labels +spam -inbox"; - #"mS" = exec "modify-labels -spam +inbox"; - } - ]; - - view = lib.mkMerge [ - globalBinds - commonMessageBinds - { - "q" = exec "close"; - "O" = exec "open"; - "S" = fill "save"; - - "f" = exec "forward"; - - "rr" = exec "reply -a"; - "rq" = exec "reply -aq"; - "Rr" = exec "reply"; - "Rq" = exec "reply -q"; - - "" = exec "prev-part"; - "" = exec "next-part"; - "J" = exec "next"; - "K" = exec "prev"; - } - ]; - - compose = lib.mkMerge [ - globalBinds - { - "$ex" = ""; - "" = exec "prev-field"; - "" = exec "next-field"; - "" = exec "next-field"; - } - ]; - - "compose::editor" = { - "$noinherit" = "true"; - "$ex" = ""; - "" = exec "prev-field"; - "" = exec "next-field"; - }; - - "compose::review" = { - "y" = exec "send"; - "n" = exec "abort"; - "p" = exec "postpone"; - "q" = exec "choose -o d discard abort -o p postpone postpone"; - "e" = exec "edit"; - "a" = fill "attach"; - "d" = fill "detach"; - }; - }; - - stylesets.default = { - "*.selected.reverse" = true; - "title.reverse" = true; - "header.bold" = true; - "*error.bold" = true; - "error.fg" = 1; - "warning.fg" = 3; - "success.fg" = 2; - "msglist_unread.bold" = true; - "msglist_deleted.fg" = 10; - "tab.fg" = 0; - "tab.selected.reverse" = false; - "tab.selected.bold" = true; - "tab.selected.bg" = 2; - "dirlist_default.bg" = 18; - "border.fg" = 0; - "statusline_default.bg" = 18; - "statusline_error.fg" = 1; - "statusline_error.reverse" = true; - "statusline_success.fg" = 2; - "statusline_success.reverse" = true; - "completion_default.bg" = 0; - }; - }; -} diff --git a/home/modules/mail/default.nix b/home/modules/mail/default.nix deleted file mode 100644 index eca234b..0000000 --- a/home/modules/mail/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - imports = [ ./aerc.nix ]; -} diff --git a/home/modules/pass.nix b/home/modules/pass.nix deleted file mode 100644 index b366ca1..0000000 --- a/home/modules/pass.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: - -let - passDataDir = "${config.xdg.dataHome}/pass"; - - myPassPackage = pkgs.pass.withExtensions (ext: [ - ext.pass-audit - ext.pass-update - ]); -in -{ - programs.password-store = { - enable = true; - package = myPassPackage; - settings = { - PASSWORD_STORE_DIR = "${passDataDir}/store"; - }; - }; - - services.pass-secret-service.enable = true; -} diff --git a/home/modules/shell.nix b/home/modules/shell.nix deleted file mode 100644 index 5439804..0000000 --- a/home/modules/shell.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ lib, config, pkgs, ... }: - -{ - # fish and zsh support for nix-shell - home.packages = with pkgs; [ any-nix-shell ]; - - programs.zsh = { - enable = true; - enableAutosuggestions = true; - enableCompletion = true; - defaultKeymap = "viins"; - dotDir = ".config/zsh"; - - history = { - path = "${config.xdg.dataHome}/zsh/zsh_history"; - expireDuplicatesFirst = true; - ignorePatterns = [ - "rm *" - "kill *" - ]; - }; - - oh-my-zsh.enable = true; - - initExtra = '' - any-nix-shell zsh --info-right | source /dev/stdin - ''; - }; - - programs.starship = { - enable = true; - enableZshIntegration = config.programs.zsh.enable; - settings = { - add_newline = true; - - format = lib.concatStrings [ - "$hostname" - "$directory" - "$git_branch" - "$git_commit" - "$git_state" - "$git_metrics" - "$git_status" - "$shlvl" - "$nix_shell" - "$cmd_duration" - "$jobs" - "$line_break" - "$character" - ]; - - character = { - success_symbol = "[➜](bold green)"; - error_symbol = "[➜](bold red)"; - }; - - git_commit.commit_hash_length = 6; - - shlvl = { - disabled = false; - format = "[$symbol$shlvl]($style) "; - symbol = "↕ "; - threshold = 3; - }; - - hostname.ssh_symbol = ""; - }; - }; -} diff --git a/home/modules/themes/default.nix b/home/modules/themes/default.nix deleted file mode 100644 index d475d9f..0000000 --- a/home/modules/themes/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ lib, ... }: - -let - mkColorOption = description: lib.mkOption { - type = lib.types.str; - inherit description; - }; -in -{ - options.local.theme = { - bar = { - background = mkColorOption "Background pane color"; - mainText = mkColorOption "Main text color"; - inactiveText = mkColorOption "Inactive text color"; - }; - window = { - activeBorder = mkColorOption "Window active border color"; - inactiveBorder = mkColorOption "Window inactive border color"; - background = mkColorOption "Terminal background color"; - mainText = mkColorOption "Terminal main text color"; - cursorText = mkColorOption "Cursor text color"; - cursor = mkColorOption "Cursor background color"; - cursorVi = mkColorOption "Cursor Vi Mode background color"; - searchText = mkColorOption "Search text color"; - search = mkColorOption "Search match background"; - searchFocused = mkColorOption "Search focused match background"; - footerText = mkColorOption "Footer bar text color"; - footer = mkColorOption "Footer bar background color"; - hintsText = mkColorOption "Keyboard regex hints text color"; - hintsStart = mkColorOption "Keyboard regex hints start background color"; - hintsEnd = mkColorOption "Keyboard regex hints end background color"; - selectionText = mkColorOption "Selection text color"; - selection = mkColorOption "Selection background color"; - regular = { - color0 = mkColorOption null; - color1 = mkColorOption null; - color2 = mkColorOption null; - color3 = mkColorOption null; - color4 = mkColorOption null; - color5 = mkColorOption null; - color6 = mkColorOption null; - color7 = mkColorOption null; - }; - bold = { - color8 = mkColorOption null; - color9 = mkColorOption null; - color10 = mkColorOption null; - color11 = mkColorOption null; - color12 = mkColorOption null; - color13 = mkColorOption null; - color14 = mkColorOption null; - color15 = mkColorOption null; - }; - extended = { - color16 = mkColorOption null; - color17 = mkColorOption null; - color18 = mkColorOption null; - color19 = mkColorOption null; - }; - }; - notification = { - background = mkColorOption "Notification background color"; - summary = mkColorOption "Notification summary text color"; - body = mkColorOption "Notification body text color"; - appName = mkColorOption "Notification app name text color"; - lowBorder = mkColorOption "Notification low priority border color"; - normalBorder = mkColorOption "Notification normal priority border color"; - criticalBorder = mkColorOption "Notification critical priority border color"; - pausedBorder = mkColorOption "Notification paused border color"; - }; - highlights = { - success = mkColorOption "Success color"; - warning = mkColorOption "Warnings color"; - error = mkColorOption "Errors color"; - critical = mkColorOption "Clitical color"; - link = mkColorOption "Links color"; - tags = mkColorOption "Search results, tags color"; - }; - syntax = { - markText = mkColorOption "Text color for marked background"; - mark1 = mkColorOption "Marked color 1"; - mark2 = mkColorOption "Marked color 2"; - mark3 = mkColorOption "Marked color 3"; - }; - }; -} diff --git a/home/modules/work_tools.nix b/home/modules/work_tools.nix deleted file mode 100644 index b6fd44c..0000000 --- a/home/modules/work_tools.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - home.packages = with pkgs; [ - (google-cloud-sdk.withExtraComponents ( - let gc = google-cloud-sdk.components; in [ - gc.gke-gcloud-auth-plugin - gc.kubectl - ] - )) - postgresql_14 # 🤷 I need only psql - ]; - - /* - programs.zsh.initExtra = lib.mkAfter '' - eval $(kubectl completion zsh) - ''; - */ - -} diff --git a/home/users/jan/accounts.secret.nix b/home/users/jan/accounts.secret.nix deleted file mode 100644 index 255fc91a4d8cff6975d7badc71865bb69f3ac892..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2351 zcmV+~3DEWcM@dveQdv+`0H3sO)yULuPsYsua<%ZLlQbEZB*B&>Q3A~9l^>7F-ou=K z9b}8ls+(?}5`nj@lOg+C5cv1Bz9;2K%Xx$zPOIwT6;g6^{)oO*V+}nLHiwBC2e+&+ zhK@k+u3lX_Gsl2FGOCjy31tTlKnc5s&jbvMXG1Vv3;STr1*q)w=b81zXNVM@9?dZ1Lh;2B|1_D~n{g{uqCWh=IW zbHp=!Dd{O**BD@guwV9zS~gh#jFA6*C|I<2fTNC5=qz_frcqk;a2(!Hx+{Q z(?$Vh?7773nIq}q>T7NwT%Q1dgv2`@&Pgi}Mzr}Im%I1~8z=9Ew!+mJrb$YaHIz&% zq!En93-1YGHmAa7FDHOtvo7eDgDaIg#0dDxlpw~u`l*@N`63r`3AGHQLTRW9wX zAHxZ-IPwMnU0yA==!xX^scq(K$VE7wyzCv1u-@JnI`;)`ZdAh%;<=%Q7oc-6%SC=wzE8eavkOB#JbktrKOyRCdBy-D`&mZ1D!xGh14X? zmbCEsp-gt#pbpZ6Hu8aXnB7H;U`wxUvrnUsaTgcGDIeTa<^FgZKSv*>0?RgStvu>! zpIcnd5Zauh(NT1_(rhne(`el-oWffNSdmiAXf`yXdZu%p4&b=Fv}y9Q${3t_D31ae zI#hgq7bYUgD3DSu16mDf};1m-j`e5Q+{uZc#2hnO4y&DP~%WZRVCmC(4kA*4; zc%e+>*>kJ6g+>ze1<)>`F-P0(F_e&EirM+fpu^cR!V|W)v~7hlE`MDof-r*CkU85F zv4-hcBLkT_5$JFA_eljH+8)M&pr8x?j9VPsczaipsGzF1(Y*k!w&`CARyC{Q645?y zhPLH*JQlK?>%t)r^Zx_4X3Dt`a|C1E6C2=yev*876>*1VhIIJOfVq(hZkO3XB2SIt z)W}(}KN3nc1LvK)dALYLoJ_j{8?#-Q#rmQ;(-nVLkm8)y_$v^-Vlw#U zK+8gQVG#bgPfoKfoo`D*Hud8}9@Tu3R#MyuuH{y{9GR^Vuk-KsaT#W$$W3LOaQIdt zE7BTo-CL;`HR3wTKi~JruvCg2-w#*R{ zSth7o-SNBkK67^#!zOApyJ)c_j39>;KBNKgKco>~+Pop!2`x zGk-svFi+#x=-TFlLaRVy?oa)^(9=C-f{-@-2nThNy*CN;2w$fz%ki4Dh*V-B2d-VO z=7Ckom}Z*E6EJLY?50`S03UG8T`j28Fs#b=P0ARL^E{cxyrXdaG_tV^0(s>*w>9%_ zmMOe~YT(!_-_N!{29WcX;&?RBv?=4M6OqiGS*R?Gdn$LxJGHU&>Ra!Ej@?j;Zow9+ zX4Jd~^U3jG(N3Xf3u$bG;7|-2InZiC#x6hRd0Z@b<#kC|C)-Qf|OEO=?g zbUyjww-Smn6Hn+e3VPus^1)KY3con(^X*LWsH zN(+7cQ8n7WdV8tcUz$<6&)1M(y<7aJBEliT_op4zC7=jlb;($4JyZT1_b~P}d6nMn z8O)ngVXi6>IQ?dzjLJ;--PTr@__u5?Jx$5raCE+c+zpwAr|6T6h>cwiS2xhDRG1=N zm^fNtvdYf_YMUUOV7gqQSzxaG=cWN3jnk`K-^fsFS zc%coJ1J$)1ku;MAr4RQYc?}V9f3)Y6)J|flTdv;!P!9L~@Y&-=)G2}BAd{4@d+#PWk*0F;}x^x8h=kY9Lzh29bc{r|> z=8*kddqrMus$31ciS(5hz?{5z7#1~lc9*vSN#)C4fHGQ~&uyyHb9IC`dp+Gl>(fn) z7U4XW|2?Y$KW;)^k1`NB7@|#I0@_TrvIpICu|LH~On=aenWT20QK|4KwsIgzNQMymUl`kv?R0Tval-#8-50gCCFPWG%h zayZZvPe#wO%19~4=aQC1LRK>%8K1$bS~MUITW45=WB1aJ7|tDc{Nr&8WgxY(op7}r z%ojx59p=GF%uX_RSxswnR@&q7pZYXScjw>g$gC&T1`<`#7_M9{avo!{i7H`xil*0K z3ajGTY^@_!bF?s?L_fIU_L<6{trAuc)RE7y!_^CxGr} z;Q27}3u429T+*jwU--i(KXTrk)IP_XuX0GRx4ov^GBa@!+CHX#lisey?*G9$fg6Gb zV=kBur?;jeCG54T?(C-BdA8GA+d+|j%$UO>OKg^MWkdiXSDqRW;T1Vc0>X0lw~+)6`r+{@n}s*zHkq`0%@_tDf7{61ze-6Q}3fni?u zi8_9`p!RnEY4Ja(m3+yZ62bht2 zj{+#$OJ!1`$1g6c(tdi3sN6}RmUrwz%idOWECZB+a}JLjv!8Tboyb3T3?h@h8M(T% z^*Y6P-#yuNPCDZEg?eQv5O(a_9w#6=0Vx!<#Y-{4C)nB^21>&R_jW>2 z#%_vgG7t2(!7lA^ATmg{;c$fhWPtVKqT4Pgq;`yf7(h}$B|=sh z>Z3$Rm!dTB2BqDAl>V%I<{Dztdg#e%V@NW_-fxq`9FoQ?O91z>@NhY zpaXhjY0Wg&GjJ6BO9eb9C8v&Jf_!Rq*T1z~bmU*=QuN{J_m(rPIGe2TSRKh;faUrA zJgBZ>76ASz({zFt!%*HyKZb_jy#IDBx(hjkR00P@W_wX(GD@riY^9fO*?p35BLIuu z@rBMo3(w!gKqj75);bWrKmZQa`k?6?b;#Q6tjKGFzX7_EP_&fp=T4#a*h zDg6mQfZOJ#r5C_+o5&ewcXnb*6w-1+&L;(q0qCOkjheXhjMg9bZ@nYcx6*UFBN`jcIpgXa`TB*xf_9KfNJ_x5LI+{fXh=lTk9|jvNe*mR!h!Kz49H zosX1-DQ{_;eVE|-r;-K@{XO~^Xj18e*Eq{uXRbQDM;NHcpFt3tqmzX}0O*}VI0L4f V9YUb2kTBx%VuqdH?+VPR)pc}q=q&&M literal 0 HcmV?d00001 diff --git a/hosts/asus-gl553vd/configuration.nix b/hosts/asus-gl553vd/configuration.nix new file mode 100644 index 0000000..b539658 --- /dev/null +++ b/hosts/asus-gl553vd/configuration.nix @@ -0,0 +1,31 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./configs + ./users + ]; + + ################################################################################ + # Programs + ################################################################################ + local.programs.browsers.tor-browser = { + enable = true; + container = { + enable = true; + externalInterface = "wg0"; + sshAuthorizedKeys = globalData.publicKeys.users.jan; + }; + }; + + ################################################################################ + # Services + ################################################################################ + + # Enable the Docker + virtualisation.docker.enable = true; + + # Torrent + # services.transmission.enable = true; +} diff --git a/hosts/asus-gl553vd/hardware-configuration/default.nix b/hosts/asus-gl553vd/hardware-configuration/default.nix new file mode 100644 index 0000000..591fa59 --- /dev/null +++ b/hosts/asus-gl553vd/hardware-configuration/default.nix @@ -0,0 +1,36 @@ +{ ... }: + +{ + # Include the results of the hardware scan. + imports = [ ./generated.nix ]; + + # Enable keyboard on the boot + boot.initrd.availableKernelModules = [ "hid_asus" ]; + + # Enable containers + # See: https://github.com/NixOS/nixpkgs/issues/38676 + boot.kernelModules = [ "veth" ]; + + networking = { + useDHCP = false; + interfaces = { + wlp2s0.useDHCP = true; + }; + }; + + # configure mouse and touchpad + services.xserver.libinput = { + enable = true; + touchpad = { + accelSpeed = "0.5"; + disableWhileTyping = true; + }; + }; + + hardware.bluetooth.enable = true; + + services.logind.extraConfig = '' + # don’t shutdown when power button is short-pressed + HandlePowerKey=ignore + ''; +} diff --git a/nixos/hosts/asus-gl553vd/hardware-configuration.nix b/hosts/asus-gl553vd/hardware-configuration/generated.nix similarity index 89% rename from nixos/hosts/asus-gl553vd/hardware-configuration.nix rename to hosts/asus-gl553vd/hardware-configuration/generated.nix index ad9fb66..145e45c 100644 --- a/nixos/hosts/asus-gl553vd/hardware-configuration.nix +++ b/hosts/asus-gl553vd/hardware-configuration/generated.nix @@ -10,15 +10,7 @@ boot = { initrd = { - availableKernelModules = [ - "hid_asus" - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; + availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; kernelModules = [ ]; }; diff --git a/hosts/asus-gl553vd/users/default.nix b/hosts/asus-gl553vd/users/default.nix new file mode 100644 index 0000000..1d92375 --- /dev/null +++ b/hosts/asus-gl553vd/users/default.nix @@ -0,0 +1,19 @@ +{ ... }: + +{ + imports = [ + ./jan.nix + # ../../../users/nas.nix + ]; + + home-manager.sharedModules = [ + { + local.window-manager.polybar.wifiDevice = "wlp2s0"; + + local.programs.terminals = { + wezterm.fontSize = 10.0; + alacritty.fontSize = 8.0; + }; + } + ]; +} diff --git a/hosts/asus-gl553vd/users/jan.nix b/hosts/asus-gl553vd/users/jan.nix new file mode 100644 index 0000000..b898062 --- /dev/null +++ b/hosts/asus-gl553vd/users/jan.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + imports = [ ../../../users/jan ]; + + home-manager.users.jan = { + local.window-manager = { + xmonad.projects = import ./xmonad-projects.secret.nix; + }; + + # local.programs.dev-tools.k8s.enable = true; + + local.programs.libreoffice.enable = true; + }; +} diff --git a/nixos/hosts/asus-gl553vd/xmonad_projects.secret.nix b/hosts/asus-gl553vd/users/xmonad-projects.secret.nix similarity index 100% rename from nixos/hosts/asus-gl553vd/xmonad_projects.secret.nix rename to hosts/asus-gl553vd/users/xmonad-projects.secret.nix diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..ebc08a8 --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,46 @@ +{ ... } @ inputs: + +let + hardware = inputs.hardware.nixosModules; +in +{ + home = { + system = "x86_64-linux"; + + extraModules = [ + hardware.common-gpu-amd + ../modules/machine.nix + ./networking.secret.nix + ]; + }; + + asus-gl553vd = { + system = "x86_64-linux"; + + extraModules = [ + hardware.common-cpu-intel + ../modules/machine.nix + ./networking.secret.nix + ]; + }; + + istal = { + system = "x86_64-linux"; + + extraModules = [ + ../modules/vps.nix + ]; + + targetHost = (import ./istal/data.secret.nix).addr; + }; + + tatos = { + system = "x86_64-linux"; + + extraModules = [ + ../modules/vps.nix + ]; + + targetHost = (import ./tatos/data.secret.nix).addr; + }; +} diff --git a/hosts/home/configs/android.nix b/hosts/home/configs/android.nix new file mode 100644 index 0000000..3520888 --- /dev/null +++ b/hosts/home/configs/android.nix @@ -0,0 +1,51 @@ +{ pkgs, ... }: + + +let + buildToolsVersion = "33.0.2"; + androidComposition = pkgs.unstable.androidenv.composeAndroidPackages { + platformToolsVersion = "34.0.5"; + buildToolsVersions = [ buildToolsVersion ]; + includeEmulator = false; + emulatorVersion = "34.1.9"; + platformVersions = [ "29" "30" "33" ]; + includeSources = false; + includeSystemImages = false; + systemImageTypes = [ "google_apis_playstore" ]; + abiVersions = [ "armeabi-v7a" "arm64-v8a" ]; + cmakeVersions = [ "3.10.2" ]; + includeNDK = true; + ndkVersions = [ "23.2.8568313" ]; + useGoogleAPIs = false; + useGoogleTVAddOns = false; + includeExtras = [ + "extras;google;gcm" + ]; + }; +in +{ + # TODO: try to remove this. + nixpkgs.config.allowUnfree = true; + local.nix.allowUnfreePackages = [ "android-sdk-cmdline-tools" ]; + + programs.adb.enable = true; + programs.java = { + enable = true; + package = pkgs.jdk17; + }; + + nixpkgs.config.android_sdk.accept_license = true; + + environment.variables = rec { + ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk"; + ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle"; + + # Use the same buildToolsVersion here + # GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${ANDROID_SDK_ROOT}/build-tools/${buildToolsVersion}/aapt2"; + # JAVA_HOME = pkgs.jdk17.home; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0666", GROUP="plugdev" + ''; +} diff --git a/hosts/home/configs/boot.nix b/hosts/home/configs/boot.nix new file mode 100644 index 0000000..5fa1729 --- /dev/null +++ b/hosts/home/configs/boot.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: + +{ + local.nix.allowUnfreePackages = + lib.optional config.boot.loader.grub.memtest86.enable "memtest86"; + + # Use the GRUB 2 boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sdb"; + # memtest86.enable = true; + }; +} diff --git a/hosts/home/configs/default.nix b/hosts/home/configs/default.nix new file mode 100644 index 0000000..61326df --- /dev/null +++ b/hosts/home/configs/default.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + imports = [ + ./android.nix + ./boot.nix + ./networking.nix + ./printer.nix + ./wireguard + ]; +} diff --git a/hosts/home/configs/networking.nix b/hosts/home/configs/networking.nix new file mode 100644 index 0000000..8d3f809 --- /dev/null +++ b/hosts/home/configs/networking.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + networking.hostName = "home"; + networking.networkmanager.enable = true; + networking.firewall.allowedTCPPortRanges = [ + # { from = 1300; to = 1400; } + ]; +} diff --git a/hosts/home/configs/printer.nix b/hosts/home/configs/printer.nix new file mode 100644 index 0000000..43e36e8 --- /dev/null +++ b/hosts/home/configs/printer.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: + +{ + local.nix.allowUnfreePackages = [ "cnijfilter2" ]; + + services = { + avahi = { + enable = true; + nssmdns = true; + }; + printing = { + enable = true; + drivers = with pkgs; [ gutenprint cnijfilter2 ]; + }; + }; +} diff --git a/hosts/home/configs/wireguard/default.nix b/hosts/home/configs/wireguard/default.nix new file mode 100644 index 0000000..ae79fa9 --- /dev/null +++ b/hosts/home/configs/wireguard/default.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +let + serverData = import ../../../tatos/data.secret.nix; +in +{ + age.secrets.wireguard-home-private = { + file = ./wireguard-home-private.age; + mode = "0400"; + }; + + local.services.vpn.wireguard = { + enable = true; + ip = "10.20.30.3/24"; + privateKeyFile = config.age.secrets.wireguard-home-private.path; + server = { + inherit (serverData) addr; + inherit (serverData.wireguard) port publicKey; + }; + }; +} diff --git a/hosts/home/configs/wireguard/wireguard-home-private.age b/hosts/home/configs/wireguard/wireguard-home-private.age new file mode 100644 index 0000000000000000000000000000000000000000..edd82154dc85e86388e6f0cb0993346a952c7831 GIT binary patch literal 1467 zcmV;s1w{G)M@dveQdv+`0GjV2B?uohIvRk*tyb*D-94Coo`%iE!Ecxi%^RI8%Y*ac zg*cDTj$rP>QKpC_1bqJcn=G5RNvY!WP+;=FmVbc&xf6#~^RiZeVfUtbg=F39Ghoky z#W;j5xJ)Dq0g>SMxSl!kcQT!z;dea_W3t=H#2-M36d{t7&^|Z+S0C#)nttV_?qpUu zkwg^DmO5qK?}RF*l`QBvHhySxL)&m(2ISWTmabvXqnlcGkX%#}n3apO7kTE0ix~iO z{ww^ScuOnAeLY@nREwC&#)&AJi(5I0klZ*k$yU02aaqg@;$>&E1MN_>-W;5qNQm=R z(2<1tEmozn!m-A1-)!=5E8LWDp&tjXpbSqhV_8dXcIgBFRi$W4{lC6M*udG zn2GQ1Fk%F_E{vdAxuY!xqijLTkURCp)cR+LR;gf1B6EO7vRitd`b3r*3#50b$Q90> z`CU^5TFW<|m6L6)h}9=t4U23WI&iG488^}PU{jZwsN;iirZe?ID0*=Zwn0 z;g?a3HQtA*yJ)0DHrKv{=cuc)eYSCLtFi%gAwUmQVC7HE|Jm3Sn5Fhuyn8VZ0b}X6 z&xf0SkGA!$&{i8`tH~0p$$jp9^!TrMDTxmI{n%)2GTOMhEW`-vJdlm(SVRhLK_qbc z!d=`UL^P-y2D`BrYRroZPRe0)TsYY)Z!EqZ&WG0q`|U;y10DythRpX0@U{%H)I=r9 z0gD0Gu)aufHo{5Av{H!i-Y{qF$ii7fo%dLMUz(ZG-Fr62Dms=;Ij-wyEif(dnZZ1y zhE209*(y!~a8-&~U9-bEnxnL_yZw$yN%cz0HN+FjH#?*1ta#ik$IJi&Xo+Z0R<5o3 z73`j;2$n6A#^eZnP~0-bSe#a^w6$cO*ui2MOzWZOBO#a%25?mF(bxymoXoPflSbDH zv}znb%*jauUm}2=x7`%R!9ZgntGTL?*k2(u!Ne+}$5KztbH@kzuoNv(*D z;=Izb%>P)79guq?E_V=df^f6GnH)?zy&G+|mc#?RpVq@X%ZBq`EcxnNqLJU=tu&W3 z|Al>RegrK-?g>sUdLdLG@tGX^D+k;Co75H5(T=T^&rnFd*mVVV=}PKW{WH3xvd+-{ zq>xBO-DzogzE;151m!U&2;y$27({_dY}Qf%lX7GODr9gK;sF-rpL`8YQUSR}zB3~^fSX1Kd6Og3JD|k+-i{P;c zHPx_=7cc`y_q)C%@rCAa3;<88V2*%R{Kz0x{ zH&~<6DgmR?6vj}jdh6fa(_S)iljEhx<#W%ye_6gxNbB@H3e9qEBKA( zhV(jPJECy7hrRnU85iMpN)AeauTaQau}K8sCaxO(w|juI&rOXb^LrW5i1Z_rz-aJt zoUpVys>dWw~Cp68&(8>yrCdWJ&xm*(a*{Nwef zsPkS|l$3Jw(b({#L4zSW|CguU!Edm{*tQ`|1kd@HE+smv*}cnrwWx6+7?B0tzN@wZ z{2^CTZ}uH{-Cmir*|DlFK#_l_9TwLYVxs}1C;-)I);)7S*voD*LAgxMp6`bB&UCqF zsvneG{>d4>)^`Z5Xf8md0W}_v44iv>Eb|#Bi&;!WCPVPDK0A4u0iQ{WGg8EKtMDp} VDK-n$U8!(H?x<~$Sco~)=fMs&=#u~d literal 0 HcmV?d00001 diff --git a/hosts/home/configuration.nix b/hosts/home/configuration.nix new file mode 100644 index 0000000..4573a3c --- /dev/null +++ b/hosts/home/configuration.nix @@ -0,0 +1,32 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./configs + ./users + ]; + + ################################################################################ + # Programs + ################################################################################ + local.programs.browsers.tor-browser = { + enable = true; + container = { + enable = true; + externalInterface = "wg0"; + sshAuthorizedKeys = globalData.publicKeys.users.jan; + }; + }; + + ################################################################################ + # Services + ################################################################################ + local.services.i2pd.enable = true; + + local.services.octoprint.enable = true; + + virtualisation.docker.enable = true; + # Torrent client + services.transmission.enable = true; +} diff --git a/hosts/home/hardware-configuration/default.nix b/hosts/home/hardware-configuration/default.nix new file mode 100644 index 0000000..7973e13 --- /dev/null +++ b/hosts/home/hardware-configuration/default.nix @@ -0,0 +1,52 @@ +{ config, ... }: + +{ + # Include the results of the hardware scan. + imports = [ ./generated.nix ]; + + # Add support of usb + boot.initrd.availableKernelModules = [ "usb_storage" ]; + + # Enable containers + # See: https://github.com/NixOS/nixpkgs/issues/38676 + boot.kernelModules = [ "veth" ]; + + boot.extraModulePackages = with config.boot.kernelPackages; [ + rtl88x2bu # wifi + ]; + + networking = { + useDHCP = false; + interfaces = { + wlp3s0.useDHCP = true; + # wlp11s0f3u2.useDHCP = true; + }; + }; + + # extra configs + hardware.bluetooth.enable = true; + + # All monitors in the right order + # Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/xserver.nix#L83 + services.xserver.xrandrHeads = [ + { + output = "DP-3"; + monitorConfig = '' + Option "PreferredMode" "1920x1080" + Option "Rotate" "right" + ''; + } + { + output = "DP-1"; + primary = true; + monitorConfig = '' + Option "PreferredMode" "2560x1440" + ''; + } + ]; + + services.logind.extraConfig = '' + # don’t shutdown when power button is short-pressed + HandlePowerKey=ignore + ''; +} diff --git a/nixos/hosts/home/hardware-configuration.nix b/hosts/home/hardware-configuration/generated.nix similarity index 98% rename from nixos/hosts/home/hardware-configuration.nix rename to hosts/home/hardware-configuration/generated.nix index b4e4aca..5a6b152 100644 --- a/nixos/hosts/home/hardware-configuration.nix +++ b/hosts/home/hardware-configuration/generated.nix @@ -10,7 +10,7 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "usb_storage" ]; + availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; kernelModules = [ ]; }; diff --git a/hosts/home/users/default.nix b/hosts/home/users/default.nix new file mode 100644 index 0000000..327e307 --- /dev/null +++ b/hosts/home/users/default.nix @@ -0,0 +1,19 @@ +{ ... }: + +{ + imports = [ + ./jan.nix + ../../../users/nas + ]; + + home-manager.sharedModules = [ + { + local.window-manager.polybar.wifiDevice = "wlp3s0"; + + local.programs.terminals = { + wezterm.fontSize = 10.0; + alacritty.fontSize = 8.0; + }; + } + ]; +} diff --git a/hosts/home/users/jan.nix b/hosts/home/users/jan.nix new file mode 100644 index 0000000..067f77a --- /dev/null +++ b/hosts/home/users/jan.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: + +{ + imports = [ ../../../users/jan ]; + + home-manager.users.jan = { + local.window-manager = { + xmonad.projects = import ./xmonad-projects.secret.nix; + }; + + local.programs.editors.arduino-ide.enable = true; + + local.programs.dev-tools.k8s.enable = true; + + local.programs.libreoffice = { + enable = true; + spellCheckDicts = with pkgs.hunspellDicts; [ + ru_RU + en_US + ]; + }; + + # Extra packages + home.packages = with pkgs.unstable; [ + # 3d programs + blender + cura + godot_4 + + # electronics + kicad-small + # librepcb + ]; + + # games + local.games = { + mindustry.enable = true; + widelands.enable = true; + }; + }; +} diff --git a/hosts/home/users/xmonad-projects.secret.nix b/hosts/home/users/xmonad-projects.secret.nix new file mode 100644 index 0000000000000000000000000000000000000000..47774406a35ed5d93f6aa9e26f2272e831bc9e4e GIT binary patch literal 1377 zcmV-n1)ll=SDThHY!uxD{6M$MB*R>jRR$vukuOd2O1 z1AY*5|6eC_uGMuV0PR|fL zRPU75{zm)h{H7AgsP;oIejl21ocb9dtMi`$Vg<_;R`loKda6yaZLN8wU{8l?^!C)f zUYW67wZ%ubG{ceNKpJ7FzpR@9s>$#ko^o~^>A-T5<2lvLVq}c<1e$59OKwp7H7RCPO`pUduabGzYYc z&^`@%RioXku$N;s2AvuK28YNeoUhUwY^~PuCGXR9(>oq!k=w>xAmx~(h<1X&U=Pr1 zradaYaS2w@E%w<-AuxrtYCFEC$qG(Nv;K6a$n6+1r^PIz(CcY33go7S&+L!!(Abpn z3+tYyCTA)Yk@rb1)88@7A-}zn`yIdsunEqsfTjNU+qRaD4vJVO(5^2+9OaiKCn#HH zKhoWxqq9Qk*y1FZ&lZ>jTIDcUg0P`0Sg(h+WxgWD@VV0YVo&g5( zU#0#YPK6>EEzC)cr-HA{Ty`PoI##1Ghpc%gpi|0im{w%`1|6EfVTfGOSV0Hqsp$By zU)p#%CPsjrEWzfcu%yA?0LzMghMB3S;H9kqGR+0fJ5xO|1eubUk3b)JFZPaCcdEvm z$6yaWA?!+}@h1o4gvk5=VK^5cq#75aGXC?Il`5rQ90)tnrrhlRPgsFPAY1`GPK|8E zZ!0jvTH-_beI^zpP*LbDiC?=wx20X7bYqu-@huW!ntVs6U z8oYC;Q;YkbV={Df=mDAcGgsXxk(eAr*MmcAUkWtnliz*dkX_C|zofe01hZ#2IWisz zx$vE$ay0w3&QhR^v%eH=TFyRD%S#1GR;Vzp<@i26{!+-d#c?r3MPy#&#C%A4rh;<> z=*w^NSwn(j0s&~HN4smP-OCVGF;f0uX3|2JrE?e(?xwB1z%i@GY8#t0QWR?zxRf<| z+F3IoTuBnNvtE)Q{?+aV3P?AsDPAyn!lu&E)_*s)Pw85F{p3rtc1;N?DUP{Ef@-!Y zK3iv|7}7NJ4KNZ#{r7K=mNxXj(mkUZocmGZ-fP=`$Z57U(NqsET56)?UxABs08j;{($HKb^u z=0QjA2sY_`nDxq##66|(mZJ~)n)b6d`(Q*QWS7bM10{s_Wu9*DsjX&%H;QO-HkQhh zS(VWh?Tv>cc>;Cjt^x-&w~ZoRQ^VxkKi^QO0UT)Fu}m+-CpLLVZ^F6YeFj!_fd9>L zd&RgoY8)8v0fq{^{})YUqk*Sg)o~y~4@yLR=V!H)(;Se45*FrO5ctST7M3YW_CX=h j_mXH_LoiEDI&p+#;oiwN_7Gf`R@*)unW-+z!Q-b8 literal 0 HcmV?d00001 diff --git a/hosts/istal/configuration.nix b/hosts/istal/configuration.nix new file mode 100644 index 0000000..b5b109a --- /dev/null +++ b/hosts/istal/configuration.nix @@ -0,0 +1,13 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./services + ]; + + networking.hostName = "istal"; + networking.domain = "local"; + + users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.janistal; +} diff --git a/nixos/hosts/istal/data.secret.nix b/hosts/istal/data.secret.nix similarity index 100% rename from nixos/hosts/istal/data.secret.nix rename to hosts/istal/data.secret.nix diff --git a/hosts/istal/hardware-configuration/default.nix b/hosts/istal/hardware-configuration/default.nix new file mode 100644 index 0000000..b19b46e --- /dev/null +++ b/hosts/istal/hardware-configuration/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./generated.nix + ./networking.secret.nix + ]; +} diff --git a/nixos/hosts/istal/hardware-configuration.nix b/hosts/istal/hardware-configuration/generated.nix similarity index 100% rename from nixos/hosts/istal/hardware-configuration.nix rename to hosts/istal/hardware-configuration/generated.nix diff --git a/hosts/istal/hardware-configuration/networking.secret.nix b/hosts/istal/hardware-configuration/networking.secret.nix new file mode 100644 index 0000000000000000000000000000000000000000..a05dc121cb9de7720b8878d181c657b991d424be GIT binary patch literal 821 zcmV-51IqjWM@dveQdv+`03a-m%`d)d_O2fb{B%X>ZXddh1qC__4aKQFnk)y0F~r4b zCBYY3EegYwMC+9>uQ#x!Jx?=r#=q?tS``#)-1z$3@Af1V6tmRjWce{x87yqS+afb^ zhF)P*sPF6|$FG=nC7se^6+3q>h&KV>&*I_zZ`abD z^qQWZtu9Cw3z3nXc#BF17=jvxI$vBXS@wNq*#w z+c8#P{Zkj&0g?ft6R{}l5n=uES1g&m(C5D$wU{$tic`6lGc62GDO^@P<>fB)q_%5+ z2OSmZ+Un>08L!EVsfgvUnwE2Jc^=|p(PzTt{(?R2(>(V_at(dUhE&p)(&-Q^*Kvr5 zYE92ikHB3*m6n9=N|@ub{rYIshE3Odmc(ndV|&f_qSM>vQ=+ff0++mKtnAmYjeD3& z3zBz21Z${-G_D__+yT8Qp%B;4bnwsb#5Uy7dHWp_fF1LnYw-8RH>y=NV=x$=si6Al z!;lHQW`|6!q9_wn0+mU=Hc3X}#E{mKYE$ULMX8f)H>`IvznGk-vhq7uU4N+~U}WXT#u)Q?DXGx$s?a zmQe4D`MGA*LocEUs>=M=PS960lcT$#8p1e1bIb{yFbrxiw2@>9HS`YR9aUbS{`IOP z0G_V*VDZ58Jyp-3N3KA6N|fWr@TKKsUP64s=7$j64)pDByAt{;ei3?hClj~G=f$T! zEJLPq8Tp5F1iLJ&q)?n)k;^>G4|1nzon z<*bmsmQxdtyK|r_@)$5SuHo41zqcA_jbF7ums{ygw+avs=iUF(^(*NLi7_Wm&NA63 zI5bTjw-+jc%e$79(#p9u0PfnldC_Wc$1;>Q-=vV(0*k&U6R*WoHSa8I4#kGUs^>X_ zPSl865%u+TkEVeWTLZ@WY`Kyf7x)40Sh3|tJB42l%Wb&@`%mY-H0YPe|77q4@6GO> z7|x6H_gT9Kv$mcV$h@AzQ7R($n&XHO$<8H~6H&NccQ=kYSrjp@MBUPVKWaBHKeXDbUP<(pni$rKP9KXC& zgKZoXZ~1DqtX_W%Db$pK?U%lEUD|k^Ey5&hOGN<$p1TR=TzUCTfQcN*Yh$HIZpbsi+!R%Fu3^roQ77hoT1XqEYEli^ zw0&L9&Et!VFe?+2@`eQ)Sb4W!!iA+{445@~kI4^>Oi|7`*+S_U1o|kL-4h?| zet9RhQz=AzbVu`M?oT(M9CLP~&XI{ybNku9{TO9!wQ5yubk1SoJpKcCj=zD>Tr>Ui zt8hk8_K4)52f4t>RvI2i4N7vB)oyaiVoyg=7(6s`?S4metxm-5BJ18Bc`IbZ0)l%h z(Sx#J5FFbMkIAZak)gwk!wG-S4 z-y}P~)umBKhMvjcoUX*V@Ee8%m#a3)J^_Lqbk#MCoDT?q(DU?GJ*MnvwF7#xc#Pli^aj!YCo^Z!%9yTI+!YZ8YNQf8 zD!3l+4vJsdh>|D0Q^f?O#?1EA^hG>pMtlyqUqC`?pJJJ8aDh^9Ua;=N!|JU;^ EWeu{1PXGV_ literal 0 HcmV?d00001 diff --git a/hosts/networking.secret.nix b/hosts/networking.secret.nix new file mode 100644 index 0000000000000000000000000000000000000000..556b42f47371d9307d5ff3804a8b125d42891c97 GIT binary patch literal 387 zcmV-}0et=dM@dveQdv+`0C{F@N3lF#PQS^5@Ay+*eoM5VC+uUR3+rJ$Z$2136#aL9 z=M*Tjok-96n_~4hCPgMlv3~Az4a6yXT4@kfTQvPM_i{bCmogB+BslUmeRoWR0z zxHf^0{ak@q;%IzPh6^o5L~>};pawTA``CEqWQGpJS?!$E;3G^!Y%Z8S8-7r4&tEc~ zS+&8Y?h4GGi$4w8OIZdl%Tv1=vaA1tJeE*?D12LbswU9nlLR}w9(6?6Yo<1rB_=l- zUR6=4V!*Dpc$>LJrus;@4K@oO=TQvfx;Fp- literal 0 HcmV?d00001 diff --git a/hosts/tatos/configuration.nix b/hosts/tatos/configuration.nix new file mode 100644 index 0000000..1234c44 --- /dev/null +++ b/hosts/tatos/configuration.nix @@ -0,0 +1,12 @@ +{ globalData, ... }: + +{ + imports = [ + ./hardware-configuration + ./services + ]; + + networking.hostName = "tatos"; + + users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.jan; +} diff --git a/nixos/hosts/tatos/data.secret.nix b/hosts/tatos/data.secret.nix similarity index 100% rename from nixos/hosts/tatos/data.secret.nix rename to hosts/tatos/data.secret.nix diff --git a/hosts/tatos/hardware-configuration/default.nix b/hosts/tatos/hardware-configuration/default.nix new file mode 100644 index 0000000..b19b46e --- /dev/null +++ b/hosts/tatos/hardware-configuration/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./generated.nix + ./networking.secret.nix + ]; +} diff --git a/nixos/hosts/tatos/hardware-configuration.nix b/hosts/tatos/hardware-configuration/generated.nix similarity index 100% rename from nixos/hosts/tatos/hardware-configuration.nix rename to hosts/tatos/hardware-configuration/generated.nix diff --git a/nixos/hosts/tatos/networking.secret.nix b/hosts/tatos/hardware-configuration/networking.secret.nix similarity index 100% rename from nixos/hosts/tatos/networking.secret.nix rename to hosts/tatos/hardware-configuration/networking.secret.nix diff --git a/hosts/tatos/services/default.nix b/hosts/tatos/services/default.nix new file mode 100644 index 0000000..9ac1f8d --- /dev/null +++ b/hosts/tatos/services/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + imports = [ ./wireguard ]; +} diff --git a/nixos/hosts/tatos/services/wireguard.nix b/hosts/tatos/services/wireguard/default.nix similarity index 95% rename from nixos/hosts/tatos/services/wireguard.nix rename to hosts/tatos/services/wireguard/default.nix index 8856ac7..cb33cd3 100644 --- a/nixos/hosts/tatos/services/wireguard.nix +++ b/hosts/tatos/services/wireguard/default.nix @@ -3,9 +3,9 @@ # Source: https://habr.com/ru/companies/xakep/articles/699000/ let - istalData = import ../../istal/data.secret.nix; + istalData = import ../../../istal/data.secret.nix; - tatosData = import ../data.secret.nix; + tatosData = import ../../data.secret.nix; port = tatosData.wireguard.port; update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { }; @@ -95,7 +95,7 @@ in }; age.secrets.wireguard-tatos-private = { - file = ../../../../secrets/wireguard-tatos-private.age; + file = ./wireguard-tatos-private.age; mode = "0400"; }; } diff --git a/nixos/hosts/tatos/services/subnets_user_list.secret.txt b/hosts/tatos/services/wireguard/subnets_user_list.secret.txt similarity index 100% rename from nixos/hosts/tatos/services/subnets_user_list.secret.txt rename to hosts/tatos/services/wireguard/subnets_user_list.secret.txt diff --git a/nixos/hosts/tatos/services/update_ru_routes.nix b/hosts/tatos/services/wireguard/update_ru_routes.nix similarity index 100% rename from nixos/hosts/tatos/services/update_ru_routes.nix rename to hosts/tatos/services/wireguard/update_ru_routes.nix diff --git a/nixos/hosts/tatos/services/update_ru_routes.sh b/hosts/tatos/services/wireguard/update_ru_routes.sh similarity index 100% rename from nixos/hosts/tatos/services/update_ru_routes.sh rename to hosts/tatos/services/wireguard/update_ru_routes.sh diff --git a/hosts/tatos/services/wireguard/wireguard-tatos-private.age b/hosts/tatos/services/wireguard/wireguard-tatos-private.age new file mode 100644 index 0000000000000000000000000000000000000000..f261bade8b7e8f87a1ada31711df8f3a520a164c GIT binary patch literal 1294 zcmV+p1@Za-M@dveQdv+`0Dw>IH5XOFy4P^@lReItr z1y!D)zIM{%L=Rf}85M!}jhtaA_sbI+u>_6jJP`Ne#lQ+9vMeYWMOpSVq1*wL4vVch@NTQplx??6&`E)G&Ni4F60e~O_%fyVFlMr)TlhT(T zyL&ASORpu5_z!&3gvG*ZjGskCDdcki1(z43@5BwDHDv zhaBm!WPZmD2uV?P+{NHia~1Rc`IIAs;L$v0rL(s=wJxJ%cl%voNubD^)K@+NhI?Tq z|Hp&f6y2VT)U#`!>E`xgt)an48kjE+MgMlLJaH_CQ@UtS4oxlRqhbi$7Tb6xc}r45vp?Py#E0Zb zRAAObDYsZO@o=I1Q3N7B&ze7-bTDL?ympV8Vfeqcy15~7!E{B^$zuyw(ezFg)Ufjn ziw_Isg00^}eN_pd2r%Ta{o}MW0`_U#Hqh_zZ}beQ-z=SpBl)|}S~|32phpt> z+An{zo>CxIK{2cLxB`@47tOb+?J{(z1na`5uJ6==4-f(nwGBTNqjB7zLJ-UwQ=$MF{+yP+D_+S>;_()}uufj=1Ac3PY@e7!5 zWCu5e3_E0clbG)gNx>=~KZknUIR+nW#p1N=pkK75n|!EY^a#q%L3!eV4@}G2{1`l% z9AOBo@z(=mqYbe^N86-Dyc?%hxv6`f{KN7YVP!DA?;z+Sod|wapS#VcmsW$F z-MQh9M|y%EIhT`_Ap{s`^X% zSJL?xN`&0ysuE+93-Inc-DCXgPNA9|9vu$IgxN{BD8?kc;&4^!Ynau5bgtv^AOh757>!0Gf)s E<_PMCQUCw| literal 0 HcmV?d00001 diff --git a/nixos/shared/common.nix b/modules/common.nix similarity index 58% rename from nixos/shared/common.nix rename to modules/common.nix index 4087f7b..6450ba9 100644 --- a/nixos/shared/common.nix +++ b/modules/common.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { # Select internationalisation properties. @@ -8,20 +8,9 @@ users.mutableUsers = false; - # Enable the OpenSSH daemon. + # is required for the agenix module services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave @@ -29,5 +18,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - } diff --git a/modules/home-manager/configs/default.nix b/modules/home-manager/configs/default.nix new file mode 100644 index 0000000..08ede78 --- /dev/null +++ b/modules/home-manager/configs/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./keyboard.nix + ./themes + ./window-manager + ]; +} diff --git a/modules/home-manager/configs/keyboard.nix b/modules/home-manager/configs/keyboard.nix new file mode 100644 index 0000000..df26991 --- /dev/null +++ b/modules/home-manager/configs/keyboard.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: + +let + cfg = config.local.keyboard; +in +{ + options.local.keyboard = with lib; { + enable = mkEnableOption "base keyboard configs"; + variant = mkOption { + description = "keyboard layout variant in us,ru order"; + type = types.str; + default = ","; + }; + }; + + config = lib.mkIf cfg.enable { + home.keyboard = { + model = "pc105"; + layout = "us,ru"; + variant = cfg.variant; + # variant = "dvorak,"; + options = [ "grp:win_space_toggle" ]; + }; + }; +} diff --git a/home/modules/themes/catppuccin/frappe.nix b/modules/home-manager/configs/themes/catppuccin/frappe.nix similarity index 98% rename from home/modules/themes/catppuccin/frappe.nix rename to modules/home-manager/configs/themes/catppuccin/frappe.nix index 121a758..7c8b14d 100644 --- a/home/modules/themes/catppuccin/frappe.nix +++ b/modules/home-manager/configs/themes/catppuccin/frappe.nix @@ -1,7 +1,6 @@ -{ config, ... }: +{ ... }: let - # See: https://github.com/catppuccin/catppuccin # palettes rosewater = "#f2d5cf"; # Links, URLs @@ -38,7 +37,7 @@ let crust = "#232634"; in { - config.local.theme = { + config.local.themes."catppuccin/frappe" = { bar = { background = mantle; mainText = text; diff --git a/modules/home-manager/configs/themes/default.nix b/modules/home-manager/configs/themes/default.nix new file mode 100644 index 0000000..e4fabe0 --- /dev/null +++ b/modules/home-manager/configs/themes/default.nix @@ -0,0 +1,99 @@ +{ lib, ... }: + +let + mkColorOption = description: lib.mkOption { + type = lib.types.str; + inherit description; + }; +in +{ + # TODO: add enable option + options.local.theme.name = with lib; mkOption { + type = types.str; + default = "catppuccin/frappe"; + }; + + options.local.themes = with lib; mkOption { + default = { }; + type = with types; attrsOf (submodule { + options = { + bar = { + background = mkColorOption "Background pane color"; + mainText = mkColorOption "Main text color"; + inactiveText = mkColorOption "Inactive text color"; + }; + window = { + activeBorder = mkColorOption "Window active border color"; + inactiveBorder = mkColorOption "Window inactive border color"; + background = mkColorOption "Terminal background color"; + mainText = mkColorOption "Terminal main text color"; + cursorText = mkColorOption "Cursor text color"; + cursor = mkColorOption "Cursor background color"; + cursorVi = mkColorOption "Cursor Vi Mode background color"; + searchText = mkColorOption "Search text color"; + search = mkColorOption "Search match background"; + searchFocused = mkColorOption "Search focused match background"; + footerText = mkColorOption "Footer bar text color"; + footer = mkColorOption "Footer bar background color"; + hintsText = mkColorOption "Keyboard regex hints text color"; + hintsStart = mkColorOption "Keyboard regex hints start background color"; + hintsEnd = mkColorOption "Keyboard regex hints end background color"; + selectionText = mkColorOption "Selection text color"; + selection = mkColorOption "Selection background color"; + regular = { + color0 = mkColorOption null; + color1 = mkColorOption null; + color2 = mkColorOption null; + color3 = mkColorOption null; + color4 = mkColorOption null; + color5 = mkColorOption null; + color6 = mkColorOption null; + color7 = mkColorOption null; + }; + bold = { + color8 = mkColorOption null; + color9 = mkColorOption null; + color10 = mkColorOption null; + color11 = mkColorOption null; + color12 = mkColorOption null; + color13 = mkColorOption null; + color14 = mkColorOption null; + color15 = mkColorOption null; + }; + extended = { + color16 = mkColorOption null; + color17 = mkColorOption null; + color18 = mkColorOption null; + color19 = mkColorOption null; + }; + }; + notification = { + background = mkColorOption "Notification background color"; + summary = mkColorOption "Notification summary text color"; + body = mkColorOption "Notification body text color"; + appName = mkColorOption "Notification app name text color"; + lowBorder = mkColorOption "Notification low priority border color"; + normalBorder = mkColorOption "Notification normal priority border color"; + criticalBorder = mkColorOption "Notification critical priority border color"; + pausedBorder = mkColorOption "Notification paused border color"; + }; + highlights = { + success = mkColorOption "Success color"; + warning = mkColorOption "Warnings color"; + error = mkColorOption "Errors color"; + critical = mkColorOption "Clitical color"; + link = mkColorOption "Links color"; + tags = mkColorOption "Search results, tags color"; + }; + syntax = { + markText = mkColorOption "Text color for marked background"; + mark1 = mkColorOption "Marked color 1"; + mark2 = mkColorOption "Marked color 2"; + mark3 = mkColorOption "Marked color 3"; + }; + }; + }); + }; + + imports = [ ./catppuccin/frappe.nix ]; +} diff --git a/home/modules/window_manager/default.nix b/modules/home-manager/configs/window-manager/default.nix similarity index 100% rename from home/modules/window_manager/default.nix rename to modules/home-manager/configs/window-manager/default.nix diff --git a/home/modules/window_manager/polybar.nix b/modules/home-manager/configs/window-manager/polybar.nix similarity index 95% rename from home/modules/window_manager/polybar.nix rename to modules/home-manager/configs/window-manager/polybar.nix index 556ad67..bec389b 100644 --- a/home/modules/window_manager/polybar.nix +++ b/modules/home-manager/configs/window-manager/polybar.nix @@ -3,16 +3,18 @@ with lib; let - cfg = config.local.polybar; + cfg = config.local.window-manager.polybar; inherit (config.services.polybar) package; - themeCfg = config.local.theme; + themeCfg = config.local.themes."${config.local.theme.name}"; exchangerate = import ./scripts/exchangerate.nix { inherit themeCfg pkgs; }; external_ip = import ./scripts/external_ip.nix { inherit themeCfg pkgs; }; in { - options.local.polybar = with lib; { + options.local.window-manager.polybar = with lib; { + enable = mkEnableOption "polybar"; + wifiDevice = mkOption { type = types.str; example = "wlp11s0f3u2"; @@ -20,7 +22,7 @@ in }; }; - config = { + config = lib.mkIf cfg.enable { systemd.user.services.polybar = { # Add additional /usr/bin to run custom scripts Service.Environment = mkForce "PATH=${package}/bin:/run/current-system/sw/bin"; diff --git a/home/modules/window_manager/scripts/exchangerate.nix b/modules/home-manager/configs/window-manager/scripts/exchangerate.nix similarity index 100% rename from home/modules/window_manager/scripts/exchangerate.nix rename to modules/home-manager/configs/window-manager/scripts/exchangerate.nix diff --git a/home/modules/window_manager/scripts/exchangerate.sh b/modules/home-manager/configs/window-manager/scripts/exchangerate.sh similarity index 100% rename from home/modules/window_manager/scripts/exchangerate.sh rename to modules/home-manager/configs/window-manager/scripts/exchangerate.sh diff --git a/home/modules/window_manager/scripts/external_ip.nix b/modules/home-manager/configs/window-manager/scripts/external_ip.nix similarity index 100% rename from home/modules/window_manager/scripts/external_ip.nix rename to modules/home-manager/configs/window-manager/scripts/external_ip.nix diff --git a/home/modules/window_manager/scripts/external_ip.sh b/modules/home-manager/configs/window-manager/scripts/external_ip.sh similarity index 100% rename from home/modules/window_manager/scripts/external_ip.sh rename to modules/home-manager/configs/window-manager/scripts/external_ip.sh diff --git a/home/modules/window_manager/scripts/get_volume.sh b/modules/home-manager/configs/window-manager/scripts/get_volume.sh similarity index 100% rename from home/modules/window_manager/scripts/get_volume.sh rename to modules/home-manager/configs/window-manager/scripts/get_volume.sh diff --git a/home/modules/window_manager/scripts/kdb_brightness.sh b/modules/home-manager/configs/window-manager/scripts/kdb_brightness.sh similarity index 100% rename from home/modules/window_manager/scripts/kdb_brightness.sh rename to modules/home-manager/configs/window-manager/scripts/kdb_brightness.sh diff --git a/home/modules/window_manager/xmonad.nix b/modules/home-manager/configs/window-manager/xmonad.nix similarity index 88% rename from home/modules/window_manager/xmonad.nix rename to modules/home-manager/configs/window-manager/xmonad.nix index e14a742..4553f02 100644 --- a/home/modules/window_manager/xmonad.nix +++ b/modules/home-manager/configs/window-manager/xmonad.nix @@ -1,8 +1,8 @@ { config, pkgs, lib, ... }: let - cfg = config.local.xmonad; - themeCfg = config.local.theme; + cfg = config.local.window-manager.xmonad; + themeCfg = config.local.themes."${config.local.theme.name}"; projectType = with lib; types.submodule { options = { @@ -50,15 +50,15 @@ let xmonadProjects = lib.concatStringsSep " , " (map mkXmonadProject cfg.projects); in { - options.local.xmonad = with lib; - { - projects = mkOption { - type = types.listOf projectType; - default = [ ]; - }; + options.local.window-manager.xmonad = with lib; { + enable = mkEnableOption "xmonad window manager"; + projects = mkOption { + type = types.listOf projectType; + default = [ ]; }; + }; - config = { + config = lib.mkIf cfg.enable { home.packages = with pkgs; [ xclip # access x clipboard from a console dmenu # menu for x window system diff --git a/home/modules/window_manager/xmonad_config.hs b/modules/home-manager/configs/window-manager/xmonad_config.hs similarity index 100% rename from home/modules/window_manager/xmonad_config.hs rename to modules/home-manager/configs/window-manager/xmonad_config.hs diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..c0bc3dd --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + imports = [ + ./games.nix + ./shell.nix + ./configs + ./programs + ./services + ]; +} diff --git a/modules/home-manager/games.nix b/modules/home-manager/games.nix new file mode 100644 index 0000000..150c986 --- /dev/null +++ b/modules/home-manager/games.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.games; +in +{ + options.local.games = with lib; { + mindustry.enable = mkEnableOption "mindustry"; + widelands.enable = mkEnableOption "widelands"; + unciv.enable = mkEnableOption "unciv"; + }; + + config.home.packages = + lib.optional cfg.mindustry.enable pkgs.unstable.mindustry + ++ lib.optional cfg.widelands.enable pkgs.widelands + ++ lib.optional cfg.unciv.enable pkgs.unstable.unciv; +} diff --git a/modules/home-manager/programs/aerc.nix b/modules/home-manager/programs/aerc.nix new file mode 100644 index 0000000..aaafda9 --- /dev/null +++ b/modules/home-manager/programs/aerc.nix @@ -0,0 +1,179 @@ +{ config, lib, pkgs, ... }: + +let + exec = cmd: ":${cmd}"; + fill = cmd: ":${cmd}"; + + globalBinds = { + "gt" = exec "next-tab"; + "gT" = exec "prev-tab"; + }; + + commonMessageBinds = { + "U" = exec "unsubscribe"; + "dd" = exec "delete"; + "mA" = exec "archive flat"; + "mS" = exec "move Junk"; + "mI" = exec "move INBOX"; + }; +in +{ + options.local.programs.aerc.enable = lib.mkEnableOption "aerc"; + + config = lib.mkIf config.local.programs.aerc.enable { + accounts.email.maildirBasePath = "${config.xdg.dataHome}/mail"; + + # See: https://git.sbruder.de/simon/nixos-config/src/branch/master/users/simon/modules/mail/aerc/default.nix + programs.aerc = { + enable = true; + package = pkgs.unstable.aerc; + # https://git.sr.ht/~rjarry/aerc/tree/master/item/doc/aerc-config.5.scd + extraConfig = { + general = { + unsafe-accounts-conf = true; + }; + + ui = { + # See https://godoc.org/time#Time.Format + timestamp-format = "2006-01-02 15:04 MST"; + this-day-time-format = "15:04"; + this-week-time-format = "Monday 15:04"; + this-year-time-format = "02 January"; + pinned-tab-marker = "車"; + border-char-vertical = "│"; + border-char-horizontal = "─"; + fuzzy-complete = true; + new-message-bell = true; + index-columns = "date<20,from<30,flags>4,subject<*"; + column-from = "{{ .From | emails | join \", \" }}"; + }; + + statusline = { + display-mode = "icon"; + }; + + filters = { + ".headers" = "colorize"; + "text/html" = "html | colorize"; + "text/plain" = "colorize"; + "text/rfc822-headers" = "colorize"; + # "text/*" = "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME'"; + "message/delivery-status" = "cat | colorize"; + }; + + hooks = { + mail-received = "notify-send \"New mail from $AERC_FROM_NAME\" \"$AERC_SUBJECT\""; + }; + }; + extraBinds = { + messages = lib.mkMerge [ + globalBinds + commonMessageBinds + { + "q" = exec "quit"; + + "j" = exec "next"; + "" = exec "next"; + "" = exec "next 50%"; + + "k" = exec "prev"; + "" = exec "prev"; + "" = exec "prev 50%"; + + "gg" = exec "select 0"; + "G" = exec "select -1"; + + "J" = exec "next-folder"; + "K" = exec "prev-folder"; + "c" = fill "cf"; + + "" = exec "view"; + "C" = exec "compose"; + + "/" = fill "search"; + "\\" = fill "filter"; + "n" = exec "next-result"; + "N" = exec "prev-result"; + #"D" = exec "modify-labels +deleted -inbox"; + #"A" = exec "modify-labels -inbox"; + #"ms" = exec "modify-labels +spam -inbox"; + #"mS" = exec "modify-labels -spam +inbox"; + } + ]; + + view = lib.mkMerge [ + globalBinds + commonMessageBinds + { + "q" = exec "close"; + "O" = exec "open"; + "S" = fill "save"; + + "f" = exec "forward"; + + "rr" = exec "reply -a"; + "rq" = exec "reply -aq"; + "Rr" = exec "reply"; + "Rq" = exec "reply -q"; + + "" = exec "prev-part"; + "" = exec "next-part"; + "J" = exec "next"; + "K" = exec "prev"; + } + ]; + + compose = lib.mkMerge [ + globalBinds + { + "$ex" = ""; + "" = exec "prev-field"; + "" = exec "next-field"; + "" = exec "next-field"; + } + ]; + + "compose::editor" = { + "$noinherit" = "true"; + "$ex" = ""; + "" = exec "prev-field"; + "" = exec "next-field"; + }; + + "compose::review" = { + "y" = exec "send"; + "n" = exec "abort"; + "p" = exec "postpone"; + "q" = exec "choose -o d discard abort -o p postpone postpone"; + "e" = exec "edit"; + "a" = fill "attach"; + "d" = fill "detach"; + }; + }; + + stylesets.default = { + "*.selected.reverse" = true; + "title.reverse" = true; + "header.bold" = true; + "*error.bold" = true; + "error.fg" = 1; + "warning.fg" = 3; + "success.fg" = 2; + "msglist_unread.bold" = true; + "msglist_deleted.fg" = 10; + "tab.fg" = 0; + "tab.selected.reverse" = false; + "tab.selected.bold" = true; + "tab.selected.bg" = 2; + "dirlist_default.bg" = 18; + "border.fg" = 0; + "statusline_default.bg" = 18; + "statusline_error.fg" = 1; + "statusline_error.reverse" = true; + "statusline_success.fg" = 2; + "statusline_success.reverse" = true; + "completion_default.bg" = 0; + }; + }; + }; +} diff --git a/modules/home-manager/programs/communication.nix b/modules/home-manager/programs/communication.nix new file mode 100644 index 0000000..52a2609 --- /dev/null +++ b/modules/home-manager/programs/communication.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + + +let cfg = config.local.programs.communication; in +{ + options.local.programs.communication = with lib; { + simplex-chat.enable = mkEnableOption "SimplexChat"; + telegram.enable = mkEnableOption "tdesktop. telegram client"; + matrix.enable = mkEnableOption "nheko. matrix client"; + skype.enable = mkEnableOption "skype"; + }; + + config.home.packages = with pkgs.unstable; + lib.optional cfg.simplex-chat.enable simplex-chat-desktop + ++ lib.optional cfg.telegram.enable tdesktop + ++ lib.optional cfg.matrix.enable nheko + ++ lib.optional cfg.skype.enable skypeforlinux; +} diff --git a/modules/home-manager/programs/default.nix b/modules/home-manager/programs/default.nix new file mode 100644 index 0000000..f058112 --- /dev/null +++ b/modules/home-manager/programs/default.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + imports = [ + ./aerc.nix + ./communication.nix + ./dev-tools.nix + ./libreoffice.nix + ./share-files.nix + ./editors + ./file-managers + ./terminals + ]; +} diff --git a/modules/home-manager/programs/dev-tools.nix b/modules/home-manager/programs/dev-tools.nix new file mode 100644 index 0000000..7008027 --- /dev/null +++ b/modules/home-manager/programs/dev-tools.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.local.programs.dev-tools; +in +{ + options.local.programs.dev-tools = with lib; { + base.enable = mkEnableOption "base tools"; + nix.enable = mkEnableOption "tools for nix developer"; + web.enable = mkEnableOption "tools for web developer"; + k8s.enable = mkEnableOption "k8s tools"; + psql = { + enable = mkEnableOption "psql"; + package = mkOption { + type = types.package; + default = pkgs.postgresql; + }; + }; + + eza.enable = mkEnableOption "eza. ls replacement"; + direnv.enable = mkEnableOption "direnv"; + zoxide.enable = mkEnableOption "zoxide"; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.base.enable { + home.packages = with pkgs; [ + gnumake + bat # a cat clone with syntax highlighting and git integration + fd # a simple, fast and user-friendly alternative to find + ripgrep # a fuzzy finder + libnotify # tool to send notifications via cli + ]; + }) + + (lib.mkIf cfg.eza.enable { + programs.eza = { + enable = true; + package = pkgs.unstable.eza.override { gitSupport = false; }; + }; + programs.zsh.shellAliases = + let + defaultArgs = "--icons --classify --group-directories-first --all"; + bin = "${config.programs.eza.package}/bin/exa ${defaultArgs}"; + in + lib.mkIf config.programs.zsh.enable { + ls = "${bin} --oneline"; + lt = "${bin} --tree --level=3"; + ll = "${bin} --long --header"; + }; + }) + + (lib.mkIf cfg.direnv.enable { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + }) + + (lib.mkIf cfg.zoxide.enable { + programs.zoxide = { + enable = true; + enableZshIntegration = config.programs.zsh.enable; + }; + }) + + (lib.mkIf cfg.web.enable { + home.packages = with pkgs.unstable; [ + xh # friendly and fast tool for sending HTTP requests + deno + docker-compose + ]; + }) + + (lib.mkIf cfg.nix.enable { + home.packages = with pkgs.unstable; [ + nixpkgs-fmt # nix formatter + nil # nix lsp server + ]; + }) + + (lib.mkIf cfg.k8s.enable { + home.packages = with pkgs; [ + (google-cloud-sdk.withExtraComponents ( + let gc = google-cloud-sdk.components; in [ + gc.gke-gcloud-auth-plugin + gc.kubectl + ] + )) + ]; + }) + + (lib.mkIf cfg.psql.enable { + home.packages = [ cfg.psql.package ]; + }) + ]; +} diff --git a/modules/home-manager/programs/editors/arduino-ide.nix b/modules/home-manager/programs/editors/arduino-ide.nix new file mode 100644 index 0000000..b5d9934 --- /dev/null +++ b/modules/home-manager/programs/editors/arduino-ide.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.programs.editors.arduino-ide.enable = lib.mkEnableOption "arduino-ide"; + + config.home.packages = lib.optional + config.local.programs.editors.arduino-ide.enable + pkgs.unstable.arduino-ide; +} diff --git a/modules/home-manager/programs/editors/default.nix b/modules/home-manager/programs/editors/default.nix new file mode 100644 index 0000000..38cac40 --- /dev/null +++ b/modules/home-manager/programs/editors/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./arduino-ide.nix + ./gedit.nix + ./neovim.nix + ]; +} diff --git a/modules/home-manager/programs/editors/gedit.nix b/modules/home-manager/programs/editors/gedit.nix new file mode 100644 index 0000000..fc0a3e1 --- /dev/null +++ b/modules/home-manager/programs/editors/gedit.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.programs.editors.gedit.enable = lib.mkEnableOption "gnome gedit"; + + config.home.packages = lib.optional + config.local.programs.editors.gedit.enable + pkgs.unstable.gedit; +} diff --git a/modules/home-manager/programs/editors/neovim.nix b/modules/home-manager/programs/editors/neovim.nix new file mode 100644 index 0000000..4c700fa --- /dev/null +++ b/modules/home-manager/programs/editors/neovim.nix @@ -0,0 +1,179 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.editors.neovim; + + # TODO: add more configs + myneovim = pkgs.myneovim.override { + viAlias = true; + vimAlias = true; + enableDevIcons = true; + enableTabby = true; + enableOrgMode = true; + extraConfig = '' + aug extra_ftdetect + au! + au BufNewFile,BufRead *.d2 setfiletype d2 + au BufNewFile,BufRead *.ncl setfiletype nickel + au BufNewFile,BufRead *.psql setfiletype psql + aug END + ''; + plugins = with pkgs.myneovim.nix2lua; (lib.mkMerge [ + { + nvimTree.settings = { + renderer = { + group_empty = true; + full_name = true; + }; + tab.sync = { + open = true; + close = true; + }; + }; + telescope.settings = { + extensions.live_grep_args = { + auto_quoting = true; + mappings.i = { + "" = join "." [ + (mkCall "require" [ "telescope-live-grep-args.actions" ]) + (mkCall "quote_prompt" [ ]) + ]; + }; + }; + }; + lspSaga.settings = { + border_style = "rounded"; + symbol_in_winbar.enable = false; + code_action_lightbulb.enable = false; + code_action_keys = { quit = ""; }; + definition_action_keys = { quit = ""; }; + rename_action_quit = ""; + }; + lspConfig.servers = { + nickel_ls = { }; + tsserver = { }; + eslint = { }; + volar = { + init_options = { + typescript.tsdk = "./node_modules/typescript/lib"; + }; + }; + denols = { + root_dir = mkCall "root_pattern" [ "deno.json" "deno.jsonc" ]; + }; + pylsp = { }; + }; + lualine.settings = { + options.ignore_focus = [ "NvimTree" ]; + sections = { + lualine_a = [ + [ "filename" (mkNamedField "path" 1) ] + ]; + lualine_b = [ "branch" "diff" "diagnostics" ]; + lualine_c = [ "lsp_progress" ]; + lualine_x = [ "filesize" "filetype" ]; + lualine_y = [ "progress" ]; + lualine_z = [ "location" "mode" ]; + }; + }; + } + + (lib.mkIf cfg.orgmode.enable { + orgmode.settings = { + org_agenda_files = [ "~/orgs/**/*" ]; + org_default_notes_file = "~/orgs/refile.org"; + win_split_mode = "tabnew"; + org_hide_leading_stars = true; + }; + }) + + (lib.mkIf cfg.ltex.enable { + lspConfig.servers.ltex = { + language = "en-US"; + languageToolHttpServerUri = "http://localhost:8081"; + }; + }) + + (lib.mkIf cfg.nix.enable { + lspConfig.servers.nil_ls = { }; + }) + + (lib.mkIf cfg.rust.enable { + lspConfig.servers.rust_analyzer = { + settings.rust-analyzer = { + "server.path" = "rust-analyzer"; + "updates.prompt" = false; + "updates.checkOnStartup" = false; + "checkOnSave.enable" = true; + "checkOnSave.command" = "clippy"; + "cargo.autoreload" = true; + }; + }; + }) + + (lib.mkIf (cfg.typescript.enable || cfg.vue.enable) { + lspConfig.servers = { + tsserver = { }; + eslint = { }; + }; + }) + + (lib.mkIf cfg.vue.enable { + lspConfig.servers.volar = { + init_options = { + typescript.tsdk = "./node_modules/typescript/lib"; + }; + }; + }) + + (lib.mkIf cfg.deno.enable { + lspConfig.servers.denols = { + root_dir = mkCall "root_pattern" [ "deno.json" "deno.jsonc" ]; + }; + }) + + (lib.mkIf cfg.python.enable { + lspConfig.servers.pylsp = { }; + }) + + (lib.mkIf cfg.nickel.enable { + lspConfig.servers.nickel_ls = { }; + }) + ]); + }; +in +{ + options.local.programs.editors.neovim = with lib; { + enable = mkEnableOption "neovim"; + defaultEditor = mkOption { + description = "set neovim as default editor"; + type = types.bool; + default = false; + }; + ltex.enable = mkEnableOption "ltex language server"; + orgmode.enable = mkEnableOption "orgmode"; + + nix.enable = mkEnableOptions "nix"; + rust.enable = mkEnableOption "rust"; + typescript.enable = mkEnableOption "typescript"; + vue.enable = mkEnableOption "vue"; + deno.enable = mkEnableOption "deno"; + python.enable = mkEnableOption "python"; + + nickel.enable = mkEnableOption "nickel"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ myneovim ]; + } + + (lib.mkIf cfg.ltex.enable { + home.packages = [ pkgs.ltex-ls ]; + }) + + (lib.mkIf cfg.defaultEditor { + home.sessionVariables.EDITOR = "nvim"; + }) + ]); +} diff --git a/modules/home-manager/programs/file-managers/default.nix b/modules/home-manager/programs/file-managers/default.nix new file mode 100644 index 0000000..ed40eca --- /dev/null +++ b/modules/home-manager/programs/file-managers/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./nautilus.nix + ./vifm + ]; +} diff --git a/modules/home-manager/programs/file-managers/nautilus.nix b/modules/home-manager/programs/file-managers/nautilus.nix new file mode 100644 index 0000000..22d4ed4 --- /dev/null +++ b/modules/home-manager/programs/file-managers/nautilus.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.file-managers.nautilus; +in +{ + options.local.programs.file-managers.nautilus = with lib; { + enable = mkEnableOption "nautilus"; + }; + + config.home.packages = with pkgs.unstable; lib.optional cfg.enable gnome.nautilus; +} diff --git a/home/modules/file_manager/default.nix b/modules/home-manager/programs/file-managers/vifm/default.nix similarity index 51% rename from home/modules/file_manager/default.nix rename to modules/home-manager/programs/file-managers/vifm/default.nix index ed84120..cc248f4 100644 --- a/home/modules/file_manager/default.nix +++ b/modules/home-manager/programs/file-managers/vifm/default.nix @@ -1,7 +1,6 @@ -{ pkgs, lib, ... }: +{ config, pkgs, lib, ... }: let - viu = pkgs.rustPlatform.buildRustPackage { pname = "viu"; version = "23-10-2022"; @@ -20,16 +19,20 @@ let }; in { - home.packages = [ - pkgs.vifm - viu # terminal image viewer - pkgs.libarchive - pkgs.zip - pkgs.unzip - ]; + options.local.programs.file-managers.vifm.enable = lib.mkEnableOption "vifm"; - xdg.configFile = { - "vifm/vifmrc".source = ./vifmrc; - "vifm/colors/catppuccin".source = ./vifm_catppuccin.vifm; + config = lib.mkIf config.local.programs.file-managers.vifm.enable { + home.packages = [ + pkgs.vifm + viu # terminal image viewer + pkgs.libarchive + pkgs.zip + pkgs.unzip + ]; + + xdg.configFile = { + "vifm/vifmrc".source = ./vifmrc; + "vifm/colors/catppuccin".source = ./vifm_catppuccin.vifm; + }; }; } diff --git a/home/modules/file_manager/vifm_catppuccin.vifm b/modules/home-manager/programs/file-managers/vifm/vifm_catppuccin.vifm similarity index 100% rename from home/modules/file_manager/vifm_catppuccin.vifm rename to modules/home-manager/programs/file-managers/vifm/vifm_catppuccin.vifm diff --git a/home/modules/file_manager/vifmrc b/modules/home-manager/programs/file-managers/vifm/vifmrc similarity index 100% rename from home/modules/file_manager/vifmrc rename to modules/home-manager/programs/file-managers/vifm/vifmrc diff --git a/modules/home-manager/programs/libreoffice.nix b/modules/home-manager/programs/libreoffice.nix new file mode 100644 index 0000000..a72bd95 --- /dev/null +++ b/modules/home-manager/programs/libreoffice.nix @@ -0,0 +1,24 @@ +{ config, pkgs, lib, ... }: + + +let + cfg = config.local.programs.libreoffice; +in +{ + options.local.programs.libreoffice = with lib; { + enable = mkEnableOption "libreoffice"; + + spellCheckDicts = mkOption { + type = types.listOf types.package; + default = [ ]; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; ( + [ libreoffice ] + ++ lib.optional (cfg.spellCheckDicts != [ ]) hunspell + ++ cfg.spellCheckDicts + ); + }; +} diff --git a/modules/home-manager/programs/share-files.nix b/modules/home-manager/programs/share-files.nix new file mode 100644 index 0000000..7244d5b --- /dev/null +++ b/modules/home-manager/programs/share-files.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.share-files; +in +{ + options.local.programs.share-files = with lib; { + onionshare.enable = mkEnableOption "onionshare"; + croc.enable = mkEnableOption "croc"; + }; + + config.home.packages = + # OnionShare is an open-source tool that lets you securely and anonymously share files, + # host websites, and chat with friends using the Tor network. + lib.optional cfg.onionshare.enable pkgs.onionshare-gui + + # Easily and securely send things from one computer to another + ++ lib.optional cfg.croc.enable pkgs.croc; + +} diff --git a/home/modules/terminal/alacritty.nix b/modules/home-manager/programs/terminals/alacritty.nix similarity index 93% rename from home/modules/terminal/alacritty.nix rename to modules/home-manager/programs/terminals/alacritty.nix index d70d82e..db3bd77 100644 --- a/home/modules/terminal/alacritty.nix +++ b/modules/home-manager/programs/terminals/alacritty.nix @@ -1,11 +1,12 @@ -{ lib, config, pkgs, ... }: +{ lib, config, ... }: let - cfg = config.local.alacritty; - themeCfg = config.local.theme; + cfg = config.local.programs.terminals.alacritty; + themeCfg = config.local.themes."${config.local.theme.name}"; in { - options.local.alacritty = with lib; { + options.local.programs.terminals.alacritty = with lib; { + enable = mkEnableOption "alacritty"; fontSize = mkOption { type = types.number; default = 11.0; @@ -13,7 +14,7 @@ in }; }; - config = { + config = lib.mkIf cfg.enable { programs.alacritty = { enable = true; settings = { diff --git a/modules/home-manager/programs/terminals/default.nix b/modules/home-manager/programs/terminals/default.nix new file mode 100644 index 0000000..0b22efd --- /dev/null +++ b/modules/home-manager/programs/terminals/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./alacritty.nix + ./wezterm.nix + ]; + +} diff --git a/home/modules/terminal/wezterm.nix b/modules/home-manager/programs/terminals/wezterm.nix similarity index 88% rename from home/modules/terminal/wezterm.nix rename to modules/home-manager/programs/terminals/wezterm.nix index b782cec..46b0149 100644 --- a/home/modules/terminal/wezterm.nix +++ b/modules/home-manager/programs/terminals/wezterm.nix @@ -1,11 +1,12 @@ { lib, config, ... }: let - cfg = config.local.wezterm; - themeCfg = config.local.theme; + cfg = config.local.programs.terminals.wezterm; + themeCfg = config.local.themes."${config.local.theme.name}"; in { - options.local.wezterm = with lib; { + options.local.programs.terminals.wezterm = with lib; { + enable = mkEnableOption "wezterm"; fontSize = mkOption { type = types.number; default = 11.0; @@ -13,7 +14,7 @@ in }; }; - config = { + config = lib.mkIf cfg.enable { programs.wezterm = { enable = true; colorSchemes = { diff --git a/modules/home-manager/services/default.nix b/modules/home-manager/services/default.nix new file mode 100644 index 0000000..43a649a --- /dev/null +++ b/modules/home-manager/services/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + imports = [ ./wired ]; +} diff --git a/home/modules/notifications/default.nix b/modules/home-manager/services/wired/default.nix similarity index 69% rename from home/modules/notifications/default.nix rename to modules/home-manager/services/wired/default.nix index a05995e..7e8e6f2 100644 --- a/home/modules/notifications/default.nix +++ b/modules/home-manager/services/wired/default.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: -let themeCfg = config.local.theme; in +let + themeCfg = config.local.themes."${config.local.theme.name}"; +in { services.wired = { enable = true; diff --git a/home/modules/notifications/wired.ron b/modules/home-manager/services/wired/wired.ron similarity index 100% rename from home/modules/notifications/wired.ron rename to modules/home-manager/services/wired/wired.ron diff --git a/modules/home-manager/shell.nix b/modules/home-manager/shell.nix new file mode 100644 index 0000000..25eaef4 --- /dev/null +++ b/modules/home-manager/shell.nix @@ -0,0 +1,73 @@ +{ lib, config, pkgs, ... }: + +{ + options.local.shell.enable = lib.mkEnableOption "enable shell"; + + config = lib.mkIf config.local.shell.enable { + # fish and zsh support for nix-shell + home.packages = with pkgs; [ any-nix-shell ]; + + programs.zsh = { + enable = true; + enableAutosuggestions = true; + enableCompletion = true; + defaultKeymap = "viins"; + dotDir = ".config/zsh"; + + history = { + path = "${config.xdg.dataHome}/zsh/zsh_history"; + expireDuplicatesFirst = true; + ignorePatterns = [ + "rm *" + "kill *" + ]; + }; + + oh-my-zsh.enable = true; + + initExtra = '' + any-nix-shell zsh --info-right | source /dev/stdin + ''; + }; + + programs.starship = { + enable = true; + enableZshIntegration = config.programs.zsh.enable; + settings = { + add_newline = true; + + format = lib.concatStrings [ + "$hostname" + "$directory" + "$git_branch" + "$git_commit" + "$git_state" + "$git_metrics" + "$git_status" + "$shlvl" + "$nix_shell" + "$cmd_duration" + "$jobs" + "$line_break" + "$character" + ]; + + character = { + success_symbol = "[➜](bold green)"; + error_symbol = "[➜](bold red)"; + }; + + git_commit.commit_hash_length = 6; + + shlvl = { + disabled = false; + format = "[$symbol$shlvl]($style) "; + symbol = "↕ "; + threshold = 3; + }; + + hostname.ssh_symbol = ""; + }; + }; + }; +} diff --git a/modules/machine.nix b/modules/machine.nix new file mode 100644 index 0000000..9f7103c --- /dev/null +++ b/modules/machine.nix @@ -0,0 +1,42 @@ +{ lib, ... }: + +{ + imports = [ ./common.nix ]; + + ################################################################################ + # Configs + ################################################################################ + local.nix.enableMyRegistry = lib.mkDefault true; + + local.system.kernel = lib.mkDefault "stable"; + + local.keyboard = { + enable = lib.mkDefault true; + lan-mouse.enable = lib.mkDefault true; + }; + + local.fonts.enable = lib.mkDefault true; + local.sound.enable = lib.mkDefault true; + + local.window-manager.enable = lib.mkDefault true; + + ################################################################################ + # Services + ################################################################################ + + local.services.collect-garbage = { + enable = lib.mkDefault true; + nix.nixShellProtection = lib.mkDefault true; + }; + + local.services.gnupg.enable = lib.mkDefault true; + + local.services.dnscrypt-proxy2.enable = true; + + ################################################################################ + # Programs + ################################################################################ + local.programs.pass.enable = lib.mkDefault true; + + local.programs.browsers.librewolf.enable = lib.mkDefault true; +} diff --git a/modules/nixos/configs/default.nix b/modules/nixos/configs/default.nix new file mode 100644 index 0000000..fb07fc0 --- /dev/null +++ b/modules/nixos/configs/default.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + imports = [ + ./fonts.nix + ./keyboard.nix + ./nix.nix + ./sound.nix + ./system.nix + ./window-manager.nix + ]; +} diff --git a/modules/nixos/configs/fonts.nix b/modules/nixos/configs/fonts.nix new file mode 100644 index 0000000..5f835b3 --- /dev/null +++ b/modules/nixos/configs/fonts.nix @@ -0,0 +1,36 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.fonts.enable = lib.mkEnableOption "fonts"; + + config = lib.mkIf config.local.fonts.enable { + fonts = { + enableDefaultPackages = true; + packages = with pkgs; [ + ubuntu_font_family + fira-code + fira-code-symbols + (nerdfonts.override { fonts = [ "FiraCode" ]; }) + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + liberation_ttf + mplus-outline-fonts.githubRelease + dina-font + proggyfonts + ]; + fontconfig = { + defaultFonts = { + monospace = [ + "Fira Code" + "emoji" + "FiraCode Nerd Font Mono" + ]; + serif = [ "Ubuntu" "emoji" ]; + sansSerif = [ "Ubuntu" "emoji" ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + }; + }; +} diff --git a/modules/nixos/configs/keyboard.nix b/modules/nixos/configs/keyboard.nix new file mode 100644 index 0000000..dc4440b --- /dev/null +++ b/modules/nixos/configs/keyboard.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.keyboard; +in +{ + options.local.keyboard = with lib; { + enable = mkEnableOption "base keyboard configuration"; + lan-mouse.enable = mkEnableOption "a software KVM switch for sharing a mouse and keyboard with multiple hosts through the network"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + lib.optional cfg.lan-mouse.enable pkgs.unstable.lan-mouse; + + services.xserver = { + xkbModel = "pc105"; + layout = "us,us"; + xkbVariant = "dvorak,"; + xkbOptions = "grp:win_space_toggle"; + }; + + console.useXkbConfig = true; + }; + +} diff --git a/nixos/modules/nix.nix b/modules/nixos/configs/nix.nix similarity index 87% rename from nixos/modules/nix.nix rename to modules/nixos/configs/nix.nix index b547819..5c35b15 100644 --- a/nixos/modules/nix.nix +++ b/modules/nixos/configs/nix.nix @@ -43,11 +43,6 @@ in trusted-users = [ "root" ]; experimental-features = [ "nix-command" "flakes" ]; - - # To protect nix-shell against garbage collection - # Source: https://github.com/nix-community/nix-direnv#installation - keep-derivations = true; - keep-outputs = true; }; registry = lib.mkMerge [ diff --git a/modules/nixos/configs/sound.nix b/modules/nixos/configs/sound.nix new file mode 100644 index 0000000..5306396 --- /dev/null +++ b/modules/nixos/configs/sound.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.sound.enable = lib.mkEnableOption "sound"; + + config = lib.mkIf config.local.sound.enable { + sound = { + enable = true; + mediaKeys.enable = true; + }; + + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + }; + }; +} diff --git a/modules/nixos/configs/system.nix b/modules/nixos/configs/system.nix new file mode 100644 index 0000000..1181b6e --- /dev/null +++ b/modules/nixos/configs/system.nix @@ -0,0 +1,51 @@ +{ inputs, config, pkgs, lib, ... } @ args: + +let + headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args; + hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args; + + cfg = config.local.system; +in +{ + options.local.system = with lib; { + kernel = mkOption { + type = types.enum [ "hardened" "stable" "latest" ]; + default = "latest"; + }; + headless = mkEnableOption "headless profile"; + }; + + config = lib.mkMerge [ + { + boot.tmp.cleanOnBoot = true; + } + + (lib.mkIf cfg.headless ( + headlessProfile // { + zramSwap.enable = true; + } + )) + + (lib.mkIf (cfg.kernel == "hardened") ( + hardenedProfile // { + boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened; + # Fix for GLIBC errors due to 'scudo' from hardened profile. + # https://github.com/NixOS/nix/issues/6563 + environment.memoryAllocator.provider = "libc"; + } + )) + (lib.mkIf (cfg.headless && cfg.kernel == "hardened") { + # Disabled by hardened profile, big performance hit. + security.allowSimultaneousMultithreading = true; + }) + + (lib.mkIf (cfg.kernel == "stable") { + boot.kernelPackages = pkgs.unstable.linuxPackages_6_6; + }) + + (lib.mkIf (cfg.kernel == "latest") { + boot.kernelPackages = pkgs.unstable.linuxPackages_latest; + }) + + ]; +} diff --git a/modules/nixos/configs/window-manager.nix b/modules/nixos/configs/window-manager.nix new file mode 100644 index 0000000..e13733d --- /dev/null +++ b/modules/nixos/configs/window-manager.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: + +{ + options.local.window-manager.enable = lib.mkEnableOption "window-manager"; + + config = lib.mkIf config.local.window-manager.enable { + services.dbus = { + enable = true; + packages = [ pkgs.dconf ]; + }; + + services.xserver = { + enable = true; + displayManager.defaultSession = "none+xmonad"; + windowManager.xmonad.enable = true; + }; + + programs.gnupg.agent.pinentryFlavor = "gtk2"; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..ae865d8 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + imports = [ + ./configs + ./programs + ./services + ]; + +} diff --git a/modules/nixos/programs/browsers/default.nix b/modules/nixos/programs/browsers/default.nix new file mode 100644 index 0000000..9ce94a8 --- /dev/null +++ b/modules/nixos/programs/browsers/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./tor-browser.nix + ./mullvad-browser.nix + ./librewolf.nix + ]; +} diff --git a/modules/nixos/programs/browsers/librewolf.nix b/modules/nixos/programs/browsers/librewolf.nix new file mode 100644 index 0000000..1764ef3 --- /dev/null +++ b/modules/nixos/programs/browsers/librewolf.nix @@ -0,0 +1,27 @@ +{ config, pkgs, lib, inputs, ... }: + +let + cfg = config.local.programs.browsers.librewolf; + isPassEnabled = config.local.programs.pass.enable; + + policiesJson = pkgs.callPackage ./policies.nix { + firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}"; + withPassffAddon = isPassEnabled; + withRedirectorAddon = true; + withSidebarTabsAddon = true; + }; + + librewolf' = with pkgs.unstable; librewolf.override { + extraPoliciesFiles = librewolf.unwrapped.extraPoliciesFiles ++ [ policiesJson ]; + nativeMessagingHosts = lib.optional isPassEnabled passff-host; + }; +in +{ + options.local.programs.browsers.librewolf = with lib; { + enable = mkEnableOption "librewolf"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ librewolf' ]; + }; +} diff --git a/modules/nixos/programs/browsers/mullvad-browser.nix b/modules/nixos/programs/browsers/mullvad-browser.nix new file mode 100644 index 0000000..3139143 --- /dev/null +++ b/modules/nixos/programs/browsers/mullvad-browser.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, inputs, ... }: + +let + cfg = config.local.programs.browsers.mullvad-browser; + + policiesJson = pkgs.callPackage ./policies.nix { + firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}"; + withRedirectorAddon = true; + withSidebarTabsAddon = true; + }; + + mullvadBrowser = pkgs.mullvad-browser.overrideAttrs (attrs: { + postInstall = '' + rm $out/share/mullvad-browser/distribution/policies.json + + install -Dvm644 ${policiesJson} $out/share/mullvad-browser/distribution/policies.json + ''; + }); +in +{ + options.local.programs.browsers.mullvad-browser = with lib; { + enable = mkEnableOption "mullvad-browser"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ mullvadBrowser ]; + }; +} diff --git a/modules/nixos/programs/browsers/policies.nix b/modules/nixos/programs/browsers/policies.nix new file mode 100644 index 0000000..da5a4fe --- /dev/null +++ b/modules/nixos/programs/browsers/policies.nix @@ -0,0 +1,91 @@ +{ withKeePassXcAddon ? false +, withPassffAddon ? false +, withRedirectorAddon ? false +, withSidebarTabsAddon ? false +, firefoxAddons +, lib +, writeText +, ... +}: + +let + firefoxAddonXpiPath = addon: + "${addon}/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/${addon.addonId}.xpi"; +in +# See: https://mozilla.github.io/policy-templates/ +writeText "policies.json" (builtins.toJSON { + policies = { + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + DisableAppUpdate = true; + DisableSystemAddonUpdate = true; + DisableFirefoxStudies = true; + DisableTelemetry = true; + DisableFeedbackCommands = true; + SearchBar = "unified"; + SearchSuggestEnabled = false; + SearchEngines = { + Add = [ + { + Alias = "sx"; + Name = "SearXNG"; + Description = "SearXNG — a privacy-respecting, open metasearch engine"; + IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png"; + URLTemplate = "https://search.sapti.me/search?q={searchTerms}"; + } + { + Alias = "np"; + Name = "NixOS Packages"; + Description = "Search NixOS packages by name or description."; + IconURL = "https://nixos.org/favicon.png"; + URLTemplate = "https://search.nixos.org/packages?query={searchTerms}"; + } + { + Alias = "no"; + Name = "NixOS Options"; + Description = "Search NixOS options by name or description."; + IconURL = "https://nixos.org/favicon.png"; + URLTemplate = "https://search.nixos.org/options?query={searchTerms}"; + } + ]; + Default = "SearXNG"; + Remove = [ + "Google" + "Bing" + "Amazon.com" + "eBay" + "Twitter" + "YouTube" + "Yahoo" + ]; + }; + FirefoxSuggest = { + WebSuggestions = false; + SponsoredSuggestions = false; + ImproveSuggest = false; + Locked = true; + }; + Preferences = { + "layout.spellcheckDefault" = { + Value = 0; + Status = "locked"; + }; + }; + Extensions = { + Install = + lib.optional withKeePassXcAddon (firefoxAddonXpiPath firefoxAddons.keepassxc-browser) + ++ lib.optional withPassffAddon (firefoxAddonXpiPath firefoxAddons.passff) + ++ lib.optional withRedirectorAddon (firefoxAddonXpiPath firefoxAddons.redirector) + ++ lib.optional withSidebarTabsAddon (firefoxAddonXpiPath firefoxAddons.sidebartabs); + Uninstall = [ + "google@search.mozilla.org" + "bing@search.mozilla.org" + "amazondotcom@search.mozilla.org" + "ebay@search.mozilla.org" + "twitter@search.mozilla.org" + "youtube@search.mozilla.org" + "yahoo@search.mozilla.org" + ]; + }; + }; +}) diff --git a/modules/nixos/programs/browsers/tor-browser.nix b/modules/nixos/programs/browsers/tor-browser.nix new file mode 100644 index 0000000..9470a5e --- /dev/null +++ b/modules/nixos/programs/browsers/tor-browser.nix @@ -0,0 +1,115 @@ +{ config, pkgs, lib, inputs, ... }: + +let + cfg = config.local.programs.browsers.tor-browser; + + policiesJson = pkgs.callPackage ./policies.nix { + firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}"; + }; + + torBrowser = (pkgs.tor-browser-bundle-bin.override { + mediaSupport = true; + pulseaudioSupport = true; + }).overrideAttrs (attrs: { + postInstall = '' + rm $out/share/tor-browser/distribution/policies.json + + install -Dvm644 ${policiesJson} $out/share/tor-browser/distribution/policies.json + ''; + }); +in +{ + options.local.programs.browsers.tor-browser = with lib; { + enable = mkEnableOption "tor-browser"; + container = { + enable = mkEnableOption "tor-browser inside a container"; + externalInterface = mkOption { + type = types.str; + default = ""; + }; + sshAuthorizedKeys = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.mkIf (!cfg.container.enable) { + environment.systemPackages = [ torBrowser ]; + }) + (lib.mkIf cfg.container.enable ( + let + hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' + ${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & + ${pkgs.xorg.xhost}/bin/xhost + + ssh -X browser@192.168.7.11 tor-browser + ${pkgs.xorg.xhost}/bin/xhost - + ''; + + clientRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' + PULSE_SERVER=tcp:192.168.7.10:4713 \ + XAUTHORITY="/home/browser/.Xauthority" \ + DBUS_SESSION_BUS_ADDRESS="" \ + DISPLAY=192.168.7.10:0.0 \ + ${pkgs.apulse}/bin/apulse ${torBrowser}/bin/tor-browser $@ + ''; + in + { + assertions = [ + { + assertion = cfg.container.externalInterface != ""; + message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `externalInterface` with Internet access"; + } + { + assertion = cfg.container.sshAuthorizedKeys != [ ]; + message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `sshAuthorizedKeys` to connect to the container"; + } + ]; + + environment.systemPackages = [ hostRunTorBrowser ]; + + hardware.pulseaudio = { + systemWide = true; + support32Bit = true; + tcp = { + enable = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ]; + }; + }; + + networking = { + firewall.allowedTCPPorts = [ 4713 6000 ]; + nat = { + enable = true; + internalInterfaces = [ "ve-browser" ]; + externalInterface = cfg.container.externalInterface; + }; + }; + + containers.browser = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.7.10"; + localAddress = "192.168.7.11"; + + config = { ... }: { + system.stateVersion = "23.11"; + services.openssh = { + enable = true; + settings.X11Forwarding = true; + }; + + users.extraUsers.browser = { + isNormalUser = true; + home = "/home/browser"; + openssh.authorizedKeys.keys = cfg.container.sshAuthorizedKeys; + extraGroups = [ "pulse-access" ]; + packages = [ clientRunTorBrowser ]; + }; + }; + }; + } + )) + ]); +} diff --git a/modules/nixos/programs/default.nix b/modules/nixos/programs/default.nix new file mode 100644 index 0000000..8e4328e --- /dev/null +++ b/modules/nixos/programs/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./pass.nix + ./browsers + ]; +} diff --git a/modules/nixos/programs/pass.nix b/modules/nixos/programs/pass.nix new file mode 100644 index 0000000..9a5513e --- /dev/null +++ b/modules/nixos/programs/pass.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.local.programs.pass; + + pass = pkgs.pass.withExtensions (ext: [ + ext.pass-audit + ext.pass-update + ]); +in +{ + options.local.programs.pass.enable = lib.mkEnableOption "pass"; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ pass ]; + + services.passSecretService.enable = true; + }; +} diff --git a/modules/nixos/services/collect-garbage.nix b/modules/nixos/services/collect-garbage.nix new file mode 100644 index 0000000..3b11f22 --- /dev/null +++ b/modules/nixos/services/collect-garbage.nix @@ -0,0 +1,54 @@ +{ config, lib, ... }: + +let + cfg = config.local.services.collect-garbage; +in +{ + options.local.services.collect-garbage = with lib; { + enable = mkEnableOption "collect nix and docker garbage"; + nix = { + enable = mkOption { + description = "collect unused nix packages"; + type = types.bool; + default = true; + }; + nixShellProtection = mkOption { + description = '' + Protect nix-shell against garbage collection. + Source: https://github.com/nix-community/nix-direnv#installation + ''; + type = types.bool; + default = false; + }; + }; + docker.enable = mkOption { + description = "collect unused docker images"; + type = types.bool; + default = config.virtualisation.docker.enable; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.mkIf cfg.nix.enable { + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + }) + + (lib.mkIf (cfg.nix.enable && cfg.nix.nixShellProtection) { + nix.settings = { + keep-derivations = true; + keep-outputs = true; + }; + }) + + (lib.mkIf cfg.docker.enable { + virtualisation.docker.autoPrune = { + enable = true; + dates = "weekly"; + }; + }) + ]); +} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix new file mode 100644 index 0000000..50a3b0d --- /dev/null +++ b/modules/nixos/services/default.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + imports = [ + ./collect-garbage.nix + ./dnscrypt-proxy2.nix + ./gnupg.nix + ./i2pd.nix + ./octoprint.nix + ./vpn + ./fail2ban + ]; +} diff --git a/modules/nixos/services/dnscrypt-proxy2.nix b/modules/nixos/services/dnscrypt-proxy2.nix new file mode 100644 index 0000000..f44ad03 --- /dev/null +++ b/modules/nixos/services/dnscrypt-proxy2.nix @@ -0,0 +1,45 @@ +{ config, lib, ... }: + +let + cfg = config.local.services.dnscrypt-proxy2; +in +{ + options.local.services.dnscrypt-proxy2 = with lib; { + enable = mkEnableOption "dnscrypt-proxy2"; + }; + + config = lib.mkIf cfg.enable { + networking = { + nameservers = [ "127.0.0.1" "::1" ]; + networkmanager.dns = "none"; + }; + + services.dnscrypt-proxy2 = { + enable = true; + # See: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.1.5/dnscrypt-proxy/example-dnscrypt-proxy.toml + settings = { + require_dnssec = true; + require_nolog = true; + require_nofilter = true; + + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + + # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + server_names = [ + "ams-ads-doh-nl" + "ams-dnscrypt-nl" + "ams-doh-nl" + "brahma-world" + ]; + }; + }; + }; + +} diff --git a/nixos/shared/fail2ban/default.nix b/modules/nixos/services/fail2ban/default.nix similarity index 100% rename from nixos/shared/fail2ban/default.nix rename to modules/nixos/services/fail2ban/default.nix diff --git a/modules/nixos/services/fail2ban/fail2ban.nix b/modules/nixos/services/fail2ban/fail2ban.nix new file mode 100644 index 0000000..7f31f99 --- /dev/null +++ b/modules/nixos/services/fail2ban/fail2ban.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: + +let + cfg = config.local.services.fail2ban; +in +{ + options.local.services.fail2ban = with lib; { + enable = mkEnableOption "fail2ban"; + }; + + config = lib.mkIf cfg.enable { + services.fail2ban = { + enable = true; + bantime-increment = { + enable = true; + factor = "4"; + maxtime = "48h"; + }; + }; + }; +} diff --git a/nixos/shared/fail2ban/fail2ban.secret.nix b/modules/nixos/services/fail2ban/fail2ban.secret.nix similarity index 100% rename from nixos/shared/fail2ban/fail2ban.secret.nix rename to modules/nixos/services/fail2ban/fail2ban.secret.nix diff --git a/modules/nixos/services/gnupg.nix b/modules/nixos/services/gnupg.nix new file mode 100644 index 0000000..4248a21 --- /dev/null +++ b/modules/nixos/services/gnupg.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: + +{ + options.local.services.gnupg = with lib; { + enable = mkEnableOption "gnupg service"; + }; + + config = lib.mkIf config.local.services.gnupg.enable { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; +} diff --git a/modules/nixos/services/i2pd.nix b/modules/nixos/services/i2pd.nix new file mode 100644 index 0000000..8f45fb3 --- /dev/null +++ b/modules/nixos/services/i2pd.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: + +{ + options.local.services.i2pd.enable = lib.mkEnableOption "i2pd. Invisible internet project"; + + config = lib.mkIf config.local.services.i2pd.enable { + services.i2pd = { + enable = true; + proto.httpProxy.enable = true; + proto.http.enable = true; + }; + }; +} diff --git a/nixos/modules/octoprint.nix b/modules/nixos/services/octoprint.nix similarity index 94% rename from nixos/modules/octoprint.nix rename to modules/nixos/services/octoprint.nix index b52dba6..c9b2325 100644 --- a/nixos/modules/octoprint.nix +++ b/modules/nixos/services/octoprint.nix @@ -1,10 +1,10 @@ { lib, pkgs, config, ... }: let - cfg = config.local.octoprint; + cfg = config.local.services.octoprint; in { - options.local.octoprint = with lib; { + options.local.services.octoprint = with lib; { enable = mkEnableOption "octoprint"; }; diff --git a/modules/nixos/services/vpn/default.nix b/modules/nixos/services/vpn/default.nix new file mode 100644 index 0000000..a46c5d9 --- /dev/null +++ b/modules/nixos/services/vpn/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./wireguard + ]; +} diff --git a/nixos/modules/wireguard-client.nix b/modules/nixos/services/vpn/wireguard/client.nix similarity index 67% rename from nixos/modules/wireguard-client.nix rename to modules/nixos/services/vpn/wireguard/client.nix index d816d4e..5893f64 100644 --- a/nixos/modules/wireguard-client.nix +++ b/modules/nixos/services/vpn/wireguard/client.nix @@ -1,15 +1,10 @@ { config, lib, ... }: let - cfg = config.local.wireguard; - - serverData = import ../hosts/tatos/data.secret.nix; - - serverAddr = serverData.addr; - serverPort = serverData.wireguard.port; + cfg = config.local.services.vpn.wireguard; in { - options.local.wireguard = with lib; { + options.local.services.vpn.wireguard = with lib; { enable = mkEnableOption "Enable wireguard vpn"; ip = mkOption { type = types.str; @@ -19,11 +14,22 @@ in privateKeyFile = mkOption { type = types.str; }; + server = { + addr = mkOption { + type = types.str; + }; + port = mkOption { + type = types.int; + }; + publicKey = mkOption { + type = types.str; + }; + }; }; config = lib.mkIf cfg.enable { networking.firewall = { - allowedUDPPorts = [ serverPort ]; # Clients and peers can use the same port, see listenport + allowedUDPPorts = [ cfg.server.port ]; # Clients and peers can use the same port, see listenport }; # Enable WireGuard networking.wg-quick.interfaces = { @@ -33,7 +39,7 @@ in address = [ cfg.ip ]; dns = [ "10.20.30.1" ]; - listenPort = serverPort; # to match firewall allowedUDPPorts (without this wg uses random port numbers) + listenPort = cfg.server.port; # to match firewall allowedUDPPorts (without this wg uses random port numbers) # Path to the private key file. privateKeyFile = cfg.privateKeyFile; @@ -43,7 +49,7 @@ in { # Public key of the server (not a file path). - publicKey = serverData.wireguard.publicKey; + publicKey = cfg.server.publicKey; # Forward all the traffic via VPN. allowedIPs = [ "0.0.0.0/0" ]; @@ -51,7 +57,7 @@ in # allowedIPs = [ "192.168.0.0/24" ]; # Set this to the server IP and port. - endpoint = "${serverAddr}:${toString serverPort}"; + endpoint = "${cfg.server.addr}:${toString cfg.server.port}"; # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 15; diff --git a/modules/nixos/services/vpn/wireguard/default.nix b/modules/nixos/services/vpn/wireguard/default.nix new file mode 100644 index 0000000..707607b --- /dev/null +++ b/modules/nixos/services/vpn/wireguard/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./client.nix + ]; +} diff --git a/modules/vps.nix b/modules/vps.nix new file mode 100644 index 0000000..16177dc --- /dev/null +++ b/modules/vps.nix @@ -0,0 +1,22 @@ +{ lib, ... }: + +{ + imports = [ ./common.nix ]; + + ################################################################################ + # Configs + ################################################################################ + local.system = { + kernel = lib.mkDefault "hardened"; + headless = lib.mkDefault true; + }; + + ################################################################################ + # Services + ################################################################################ + local.services.fail2ban.enable = lib.mkDefault true; + + local.services.collect-garbage.enable = lib.mkDefault true; + + local.services.dnscrypt-proxy2.enable = lib.mkDefault true; +} diff --git a/nixos/hosts/asus-gl553vd/default.nix b/nixos/hosts/asus-gl553vd/default.nix deleted file mode 100644 index be6f7b2..0000000 --- a/nixos/hosts/asus-gl553vd/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../shared/common.nix - ../../shared/sound.nix - ../../shared/window-manager.nix - ../../shared/fonts.nix - ../../shared/gnupg.nix - ../../shared/garbage-collector.nix - ../../shared/networking.secret.nix - ../../shared/encrypted-dns.nix - ]; - - # Use latest lts kernel - boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened; - - # Use the systemd-boot EFI boot loader. - boot.loader = { - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - - efi.canTouchEfiVariables = true; - }; - - networking = { - hostName = "laptop"; # Define your hostname. - - useDHCP = false; - interfaces = { - enp3s0.useDHCP = true; - wlp2s0.useDHCP = true; - }; - - networkmanager.enable = true; - firewall.allowedTCPPortRanges = [ - { from = 33000; to = 33999; } - ]; - }; - - # enable bluetooth - hardware.bluetooth.enable = true; - - # configure mouse and touchpad - services.xserver.libinput = { - enable = true; - touchpad = { - accelSpeed = "0.5"; - disableWhileTyping = true; - }; - }; - - services.logind.extraConfig = '' - # don’t shutdown when power button is short-pressed - HandlePowerKey=ignore - ''; - - services.openssh.enable = true; - - # Enable the Docker - virtualisation.docker.enable = true; - - # Additional nix configs - local.nix.enableMyRegistry = true; - - # Wireguard client - age.secrets.wireguard-asus-gl553vd-private = { - file = ../../../secrets/wireguard-asus-gl553vd-private.age; - mode = "0400"; - }; - local.wireguard = { - enable = true; - ip = "10.20.30.4/24"; - privateKeyFile = config.age.secrets.wireguard-asus-gl553vd-private.path; - }; - - # Torrent - # services.transmission.enable = true; - - # Style and Grammar Checker - services.languagetool.enable = true; -} diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix deleted file mode 100644 index 0712154..0000000 --- a/nixos/hosts/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ ... } @ inputs: - -let - hardware = inputs.hardware.nixosModules; -in -{ - home = { - system = "x86_64-linux"; - - extraModules = [ - hardware.common-gpu-amd - ../modules/nix.nix - ../modules/wireguard-client.nix - ../modules/octoprint.nix - ../../home/users/jan - # ../../home/users/nas - ]; - - extraHomeModule = { lib, pkgs, ... }: { - local.polybar.wifiDevice = "wlp3s0"; - # local.alacritty.fontSize = 8.0; - local.wezterm.fontSize = 10.0; - - }; - - specialArgs = { - extraJanHomeModule = { lib, pkgs, ... }: { - imports = [ ./home/xmonad_projects.secret.nix ]; - - home.packages = lib.mkAfter (with pkgs.unstable; [ - # 3d programs - blender - cura - godot_4 - # electronics - kicad-small - # librepcb - ]); - - }; - }; - }; - - asus-gl553vd = { - system = "x86_64-linux"; - - extraModules = [ - hardware.common-cpu-intel - ../modules/nix.nix - ../modules/wireguard-client.nix - ../../home/users/jan - # ../../home/users/nas - ]; - - extraHomeModule = { ... }: { - local.polybar.wifiDevice = "wlp2s0"; - # local.alacritty.fontSize = 6.0; - local.wezterm.fontSize = 10.0; - }; - - specialArgs = { - extraJanHomeModule = { lib, ... }: { - imports = [ ./asus-gl553vd/xmonad_projects.secret.nix ]; - }; - }; - }; - - istal = { - system = "x86_64-linux"; - - targetHost = (import ./istal/data.secret.nix).addr; - }; - - tatos = { - system = "x86_64-linux"; - - targetHost = (import ./tatos/data.secret.nix).addr; - }; -} diff --git a/nixos/hosts/home/default.nix b/nixos/hosts/home/default.nix deleted file mode 100644 index 2879c0f..0000000 --- a/nixos/hosts/home/default.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, pkgs, ... }: - - -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../shared/kernel.nix - ../../shared/common.nix - ../../shared/sound.nix - ../../shared/window-manager.nix - ../../shared/fonts.nix - ../../shared/gnupg.nix - ../../shared/garbage-collector.nix - ../../shared/networking.secret.nix - ../../shared/encrypted-dns.nix - ../../shared/tor-browser.nix - ]; - - # Enable containers - # See: https://github.com/NixOS/nixpkgs/issues/38676 - boot.kernelModules = [ "veth" ]; - - boot.extraModulePackages = with config.boot.kernelPackages; [ - rtl88x2bu # wifi - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub = { - enable = true; - device = "/dev/sdb"; - # memtest86.enable = true; - }; - - networking = { - hostName = "home"; # Define your hostname. - - useDHCP = false; - interfaces = { - wlp3s0.useDHCP = true; - # wlp11s0f3u2.useDHCP = true; - }; - - networkmanager.enable = true; - - firewall.allowedTCPPortRanges = [ - { from = 1300; to = 1400; } - ]; - }; - - # enable bluetooth - hardware.bluetooth.enable = true; - - nixpkgs.config.allowUnfree = true; - local.nix.allowUnfreePackages = [ - "cnijfilter2" - "memtest86" - "android-sdk-cmdline-tools" - ]; - - services.openssh.enable = true; - - services = { - avahi = { - enable = true; - nssmdns = true; - }; - printing = { - enable = true; - drivers = with pkgs; [ gutenprint cnijfilter2 ]; - }; - }; - - services.xserver = { - # All monitors in the right order - # Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/xserver.nix#L83 - xrandrHeads = [ - { - output = "DP-3"; - monitorConfig = '' - Option "PreferredMode" "1920x1080" - Option "Rotate" "right" - ''; - } - { - output = "DP-1"; - primary = true; - monitorConfig = '' - Option "PreferredMode" "2560x1440" - ''; - } - ]; - }; - - services.logind.extraConfig = '' - # don’t shutdown when power button is short-pressed - HandlePowerKey=ignore - ''; - - # Enable the Docker - virtualisation.docker.enable = true; - - # Additional nix configs - local.nix.enableMyRegistry = true; - - # Wireguard client - age.secrets.wireguard-home-private = { - file = ../../../secrets/wireguard-home-private.age; - mode = "0400"; - }; - local.wireguard = { - enable = true; - ip = "10.20.30.3/24"; - privateKeyFile = config.age.secrets.wireguard-home-private.path; - }; - - # Invisible internet project - services.i2pd = { - enable = true; - proto.httpProxy.enable = true; - proto.http.enable = true; - }; - - # Torrent client - services.transmission.enable = true; - - # 3D printing - local.octoprint.enable = true; - - # Android - programs.adb.enable = true; - programs.java = { - enable = true; - package = pkgs.jdk17; - }; - - nixpkgs.config.android_sdk.accept_license = true; - - environment.variables = - let - buildToolsVersion = "33.0.2"; - androidComposition = pkgs.unstable.androidenv.composeAndroidPackages { - platformToolsVersion = "34.0.5"; - buildToolsVersions = [ buildToolsVersion ]; - includeEmulator = false; - emulatorVersion = "34.1.9"; - platformVersions = [ "29" "30" "33" ]; - includeSources = false; - includeSystemImages = false; - systemImageTypes = [ "google_apis_playstore" ]; - abiVersions = [ "armeabi-v7a" "arm64-v8a" ]; - cmakeVersions = [ "3.10.2" ]; - includeNDK = true; - ndkVersions = [ "23.2.8568313" ]; - useGoogleAPIs = false; - useGoogleTVAddOns = false; - includeExtras = [ - "extras;google;gcm" - ]; - }; - in - rec { - ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk"; - ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle"; - - # Use the same buildToolsVersion here - # GRADLE_OPTS = "-Dorg.gradle.project.android.aapt2FromMavenOverride=${ANDROID_SDK_ROOT}/build-tools/${buildToolsVersion}/aapt2"; - # JAVA_HOME = pkgs.jdk17.home; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0666", GROUP="plugdev" - ''; -} diff --git a/nixos/hosts/home/xmonad_projects.secret.nix b/nixos/hosts/home/xmonad_projects.secret.nix deleted file mode 100644 index 57ca5f26dd4bca02b0891b9435b7387691aa1fd2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1544 zcmV+j2KV^@M@dveQdv+`0GRC;OlAhKH*H~qXltFr5^l0rG#54UayO1xHXpYIPmac> zIh)gT#}Y!vF%ejIAJP^VWxPv7$RRnxvBXT~!z=2^dS~C0IlAvorf`gI*k_e0(f(pE zzZLu!hENB^f>|FkwSDLCbK2@D#!T*DU=YwT5lnuOiHsrtbTRHZW zGXL78^AQoJp~b;-!3x^f(}S06s|39-sN|2JOcD)01hM0%x3Gr;|Jqt)jucfNmi!tN zMBYQ#M0W}m1lXot%}tj55lP;ap`Ne0r6!8hC*i%jqt}N{b1HQcp~1d&Vi2L%Sr+Sq zBjh$ZwkjYN49AOLmCXqfe;%AaPm;EVI2tHWpv)4U86`qSj`AZ3e6%j_f;c1C)k5!O zdG{E%7{;+<42jm~G0DT*uMAwX=J%Lpy-(;n5g_h-z`c3X5Pa$g#9r`IaJMUl0qlTt zh2lp*Wz>*0q@P_`)DuCP_A$E&@?v?2P@?&uP{bh?4V>!5tW0 z7Quf-LzZT|wuXH=(bs5;yFsdNuUMA+0!whGmz|c?6#G2~@EHE;6)pa3{duCA{Ebph zQp?jduLemjCwq0PS;WH-x>@qt)g-lyoonTUabmtY*2=1#p@4L5oph31iq8ID+Pr)C zRnka(+EZ42zESX3%?;u)w@5ms*fXe}F02tp5i(kfkFa+E@-5No?^K~w z9mCVEZy7*Gp%Lc%7ew(Fw#o{P-bvc~jcUseJOra^IBONH{)l}c*0^#4FT7J<#f^6N z2VtiE#nCN4xO$p)?kP*5TC6!#Q91)k&EJ(B)^$bY;F zg69zB(3JoFO8O%|;9=$Pf@jjD-+fPvtH^S#NUrO6QzlxGcb#XuZY#qwVs%WM+TA0K z@9uQjXAGjm$n_9rd;{8LZhhd;S=P`!QnM#dt>1(Or*u0B3RM$E#Aluz`BP#rOECBG zV|;03J4ny4#n6#0JsP2NX`5GBe%v6P$QDut={lHLDD*f%DR>HyjEDST1K2fM9^&V# zP1~^2&us+V+&FB-Qb$2Na*MCxqdLIet946^6-k*U746fQ!?|GReRrYl65>$jnAlq5 z@JR(;cRKA$S==i2`Hgn!1JKEC2_h5EhMC>~GWNeHt|8*YEF1X#-f+&SxYN|B20Wfy zxC2t;PEb>*(8i|s#dPf>_1UDWfdXc`=P3?m*lH+<^F-7YyKzqG5{2+zm7nmNmIW^g zuvNe_Lw|U|$e;--^$8V<6V8m_Tz1_v#Xep-uQ3DnM8AP-Nmw-v{*O+XuwlzvBHWyD zZmd(pqLeedYN(`2om9@vkFDGTIWcRn*m=PrnC|kwCmzjriN`CZpYJ$l6~uoP=3g3I z5r0(nDn2L7$m{%6Fn(_&i`$t!{n^PlBkU+f!9d0dwm?c{f*~r37nVswJSVnB%yL z&F9Z9u|AK?Y7rrJZQPZQEb1Z@U&0R8Xl5a!f`1`gC(em#%`L9_<&px% zSYKWnPu%@p*x`{K2mS*| udOw@zw6nu{ndj$hpDOU>z;cUfrilQ$;~P8NasKPqS)&ZM>NK7i3DellcmmM? diff --git a/nixos/hosts/istal/default.nix b/nixos/hosts/istal/default.nix deleted file mode 100644 index 032ed71..0000000 --- a/nixos/hosts/istal/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ ... }: - -let - data = import ../../../data.nix; -in -{ - imports = [ - ./hardware-configuration.nix - ./networking.secret.nix # generated at runtime by nixos-infect - ../../shared/kernel.nix - ../../shared/headless.nix - - ../../modules/nix.nix - ../../shared/common.nix - ../../shared/garbage-collector.nix - ../../shared/fail2ban - - ./services/wireguard.nix - ]; - - networking.hostName = "istal"; - networking.domain = "local"; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.janistal; -} diff --git a/nixos/hosts/istal/networking.secret.nix b/nixos/hosts/istal/networking.secret.nix deleted file mode 100644 index 4f45ed00ca653e25883b9b692f2c134cdefc05bf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 819 zcmV-31I+vYM@dveQdv+`0OX-7aEoxS@Fh2>ucg!A&NHzHy&}Vmja|7WpBEbcfXBnC z$K5BZql>*Ev#)kZxU_9Q3T8u&^}9q%%PgXa6A7IJa$iL~adI+H?Yt@tz#!RCH?M!w zWUfakn|%R~9ED40w6i}ulZ>*PEo19~@X9Oa95pPwC$bRz96KjH~2 zK0yU zjOYSf-~SHedo^s#Pt;CkA2goZ4V_{ZBN|`n!{3y0Z=>J_6Cm%wpbFPK=&|hThnT+%-@wgO> z$i?Xgdk!^IW8=ujQ*Mv#_w(bV6++y^3%53KY78~IJsjHcBMg#}oECP{zEn??#r4<> zu`$f1#h8a^eg06gZ;L+3UHx6%NVvG3Axm&&27c#ITcRvwv!R9}d5EHd_GfJ}TrlmH zliHPQt~0A?&pEpbPgkQzHZnwafU_&wKcOOLu2|#e9(W}8YjwC9Nb>3soklQ_^Cq{p z^v$vM9@Se7c=uQ78*ihkvRd~(xF^m(=Pnxj@*)0P5fXE02nsO?7^IrjMO0&^!K1Ny zASD6Rw=366zDx;BPM@dveQdv+`0GnXe1exT=Qn35n0T&Ff6%y$*SV=klx{6!HAqXZ`hj1#O zstPO1X&s4W;1Z)RfNI>J@ z9IdSRdNPxb{Yq6f@O?5Bz>e(R1}_dDsY%g;u&nCI3!KDmRV4f63#4B;psf&Szzu!>mfF%iL4pMq2wvauf9f_8x*BGrLvf#>J*Ctpwvn(z&*XxJl5+&LU v&sox>P3wWn(e#esY7R1*JXV;}{`Ksvj~oP6vN8D#xlc8`$Bk9GXDB)#$&bR2 diff --git a/nixos/shared/sound.nix b/nixos/shared/sound.nix deleted file mode 100644 index 91a58f2..0000000 --- a/nixos/shared/sound.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - # Enable sound. - sound = { - enable = true; - mediaKeys.enable = true; - }; - - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - }; -} diff --git a/nixos/shared/tor-browser.nix b/nixos/shared/tor-browser.nix deleted file mode 100644 index ff65adb..0000000 --- a/nixos/shared/tor-browser.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ pkgs, ... }: - -let - data = import ../../data.nix; - - # See: https://mozilla.github.io/policy-templates/ - policiesJson = pkgs.writeText "policies.json" (builtins.toJSON { - policies = { - DisableAppUpdate = true; - SearchBar = "unified"; - SearchSuggestEnabled = false; - SearchEngines = { - Add = [ - { - Alias = "sx"; - Name = "SearXNG"; - Description = "SearXNG — a privacy-respecting, open metasearch engine"; - IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png"; - URLTemplate = "https://search.sapti.me/search?q={searchTerms}"; - } - { - Alias = "np"; - Name = "NixOS Packages"; - Description = "Search NixOS packages by name or description."; - IconURL = "https://nixos.org/favicon.png"; - URLTemplate = "https://search.nixos.org/packages?query={searchTerms}"; - } - { - Alias = "no"; - Name = "NixOS Options"; - Description = "Search NixOS options by name or description."; - IconURL = "https://nixos.org/favicon.png"; - URLTemplate = "https://search.nixos.org/options?query={searchTerms}"; - } - ]; - Default = "SearXNG"; - Remove = [ "YouTube" "Google" "Twitter" "Yahoo" ]; - }; - FirefoxSuggest = { - WebSuggestions = false; - SponsoredSuggestions = false; - ImproveSuggest = false; - Locked = true; - }; - Preferences = { - "layout.spellcheckDefault" = { - Value = 0; - Status = "locked"; - }; - }; - }; - }); - - torBrowser = (pkgs.unstable.tor-browser-bundle-bin.override { - mediaSupport = true; - pulseaudioSupport = true; - }).overrideAttrs (attrs: { - postInstall = '' - rm $out/share/tor-browser/distribution/policies.json - - install -Dvm644 ${policiesJson} $out/share/tor-browser/distribution/policies.json - ''; - }); - - hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' - ${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & - ${pkgs.xorg.xhost}/bin/xhost + - ssh -X browser@192.168.7.11 tor-browser - ${pkgs.xorg.xhost}/bin/xhost - - ''; - - clientRunTorBrowser = pkgs.writeScriptBin "tor-browser" '' - PULSE_SERVER=tcp:192.168.7.10:4713 \ - XAUTHORITY="/home/browser/.Xauthority" \ - DBUS_SESSION_BUS_ADDRESS="" \ - DISPLAY=192.168.7.10:0.0 \ - ${pkgs.apulse}/bin/apulse ${torBrowser}/bin/tor-browser $@ - ''; -in -{ - environment.systemPackages = [ hostRunTorBrowser ]; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - support32Bit = true; - tcp = { - enable = true; - anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ]; - }; - }; - - networking = { - firewall.allowedTCPPorts = [ 4713 6000 ]; - nat = { - enable = true; - internalInterfaces = [ "ve-browser" ]; - externalInterface = "wg0"; - }; - }; - - containers.browser = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.7.10"; - localAddress = "192.168.7.11"; - - config = { config, pkgs, ... }: { - system.stateVersion = "23.11"; - services.openssh = { - enable = true; - settings.X11Forwarding = true; - }; - - users.extraUsers.browser = { - isNormalUser = true; - home = "/home/browser"; - openssh.authorizedKeys.keys = data.publicKeys.users.jan; - extraGroups = [ "pulse-access" ]; - packages = [ clientRunTorBrowser ]; - }; - }; - }; -} diff --git a/nixos/shared/window-manager.nix b/nixos/shared/window-manager.nix deleted file mode 100644 index d9c52d1..0000000 --- a/nixos/shared/window-manager.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, ... }: - -{ - services.dbus = { - enable = true; - packages = [ pkgs.dconf ]; - }; - - services.xserver = { - enable = true; - - xkbModel = "pc105"; - layout = "us,us"; - xkbVariant = "dvorak,"; - xkbOptions = "grp:win_space_toggle"; - - displayManager.defaultSession = "none+xmonad"; - windowManager.xmonad.enable = true; - }; - - console.useXkbConfig = true; -} diff --git a/secrets/users-jan-passfile.age b/secrets/users-jan-passfile.age deleted file mode 100644 index bd5e3f1833c7c15189d2643e4b7645dd021abb10..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2426 zcmV-=35E6mM@dveQdv+`0I5;v@+2VXB-!cMM3=v8`FNSe2~oQQ?6*V^TO=zGfJp%U z0hHZ5h^(no`>vCosyAs-@*2=D7}_D9Anbh-hm8*L^Pv;^`x`ayq?=Ob4OJr5n@9Dn zh<$CFhpv_Z-YZY~E0`8tUiMm!Umk zfbx$HJ~G50$L2(Jnrlfeb(#b~_Qd6h+sGXR>IaUUAlt%S1y>nBhV6yK7#-RrR>OyW zjLnbN#u#)}LMCOZ8PI0_O;OIKF!g);7pw2I69Bsrp~9Bz;GN2V!V5~~pIgs8YK1J3 zSs%UB5<)p9W$Kft!xSNkqNXK18s3ng@nCc7bn#VwZmS!_Q&vSm`hy)KSD0h!niW=x z5?}`imJZQ4Xj!lC6g!R*y8Y$B=BvnA_x?xC$xjy0Zy6vi#(pA*bGE{&3(RX0M*V5>Xj}lZs=kITB9=;A zU>Y7Od?c!F?3f-xsa;bFCI9w zQ;WR%L;k>cE%Y8DBHRlKP~?RZZKE@Kng9&JBDD%W`?8Q2dt~}Sc)~|`>oyYushGNP zA1}!mtjnygpLIC5tv40QM?`F?Yf4yNNMh`b9~^!+N7=^!vgGLSwkU3qK|t6Aldf>& z;WHRrsSLs(43ZiI+sqsNKWzI{Meb8kcr?dp>f$(FJspaIY#1qg$fxwD<1K zP?h1Tq@>v1h0k?KMW$bllzTgy?-q~nDK{J3> zU@O6kOP(L4vr@a1OyUf|tzrD_tJr;T&lOLdrU(8qC8-&BYnJ}rsgT+RjaG)TjB%$i zcpr{i6gIo)02mW}GQm0Fm18MH<34oJ#Ba>8Lz&NCUZX^9i~u;*trx6?{a%+HATj@} zR^54KcY}7j4)Bzf%IO+inz;v%f4lPf*j;aJy#0=_*CPOsSFt*vS=)OU$)L*Bs$s=5 zNF7J`gw>(JxsDq{?sR{9gg>KOPN>~5SB$OJUF7zhPxr23j#g1Vj;kR3mZxZdCSepB z!z)bZ+1|3P^F=KpJBYxSX`yPuKFey?Jz28Nt4lZ4n*BOSC{?MbpQIDWuC8CQ89-rf zvd~MDK==@W4b&~|+yiKly$_&On%&_>qbsqOk*I(Y^MO2qR`sXYGM#JwIoo_oosn#& zNdb}!JFuC5s7#5%#D-});xbxta_r1qV8hMI_mps4>xF|u^U7w}lqAl=;4|oM`)O9i z=Uiy;AAc~COKDM>{tfnM8EB_TpIW4o7$)@T|A3bqw0AH$6-vO=r@kqp_Xzi;`>#(c zdzp;*{kFi)R>5m=nAmMAt-mG2=SwguVvOC}DcNg7Zct9%hSKe|zf48!~{_;HXo%w@2`bl)J)C>C) zo#S&;a|Bokyt~9I#t>GSmpM4QPr&lG{A?u$I=kk1dW? zK`;u0Y*wP>Un!G*pa4Ly!Jb;`lF8!befgH0p9U@+T|?|Lp2ZM`0=Vm`b5SlyJIqVH zW;xK%!Q$nKg~gdN+_s4s3W}B-1UDkpU5T0|ijqIJIwi2b(|G24|PCy31dp7H#!`fEvQgCq|c@li@r?GNRoMuD+n4?vjSQGH7%lif>g8w5vG zcn36Z<55T1;kzdF(^p>!pY5H^C`sH{nZZIr*K*oOww%CR+52s*TD4MG*3fWwj~tmZ zrs+ZJeyiw&RG>6?bJfX!D*UI s$i02BRC3S>hNNLl9}r*Mg4<@HUz9MBZp>H!@0b%AMheGa-#xp6@>lJEbiVD*_vA-l4$y0}NBA@x+ z!RS>{eDW3%(XxGAsO;vY4W9V`P02%aQ=Ynr|(0H)O1P zKE_xTa*x(~LkZc{|2gyXt(Q6hirLy<8R@)>kFP#~vO^^uYz!963#=h>-5o^KUZ9pe zU=DyYKpp}sT0nHZ$ddPCo%qgPNTN{wG2AaJS)|Y+0tYh>j*fI}zG(T2!2%GYg6p5- zMw1r}`JL}O@bwc2WY#=Rrik_tY#f7}{ZI$^zbj{fp3Un26JUV02+=)65`i6kRW6GF z;FjN<8RZZc-i`hY0&Bba&U0!^r+u4f>k#9rtnN;iB<%_{l=jPCMl)DAikeSy2 zjU)HnS~?w*JE~vmHCS;oqPjoG`Y3Md=#|2TpbmgeLQmpj%{8fxmO?s)Qiw2t3NCg) zpY1$e0Dwbhp{BGUO_tk&4!RQDiX~5C`U?{Cgn+RpzS@Cc*HJ}Lb8r|K+~6t<^{XaM zWJR6cn|@g?o`s3HtYpN7my{D*YJ4SeyN$&^OSx9ZD1Do#Gb3SJm3SWREl@?~j$OuR zVVf&I{U9mRsz+f~d@Z^I;F1>bhmAl)5rB#KZf~o(b*EfND~!o%BGU=}I|??B^bIT7 zX5N{Pwd8~Y+>4nuRrsBXe^yhrH&p?pa3aPLHZXz@jwms@bbO6M)`!e`yK`lyT%^^4 z)c~5h%F+0!j}8mhq#s)3Gm_AO)u1Z=nn82{tJbi_=|QUxbQq7(yhb&&p@%v^YlS8N z@nOGa8QftmsTr$WE3fELjC~!k*`WN-97~Lmw6Mb`MlzC95fa4U!0lSsh{#QKE2twU zN6FFFlMfPV<1R1o@k6a5Bg)e69*j($NMrD$R+Qa<7XZF zVuQ))1VI1z49K+?)=P+}^%1kDw?C;G|ew|nS2*#^HlI!t?^-RvaP$wgr{CLDHI;#>iuLS%!a1qI9r z5z&?0>7G{@|4LLzX)5Qac`B(MSS|p^O=gd&L?$q4jW0b%Ji#JlaJm}X!}a|s09p%P zV75XGG8^4kl!t3ih`cf0LScKyg=@-=jo0kQ6tZpy+d8JQIk44f-rayjZ1navWhxFY z!8fW$5N9DVY+qI47Se1*ubn)Gsau?t`PUV9?He><_IR@p3E0^UYc9tswgc6xHt%nN zkm3S><~dx@m$Kthcffc|xzvsC6IOu~vD>l&W%B1j`pp~eDAF|o!NS!-}$0OxZ)5?a7pdj_q*?usUT^^KN*JIuQc zi3F*DW1dcc~C63XM2Ow=w58_r+q4oYmkTQ_4KL79-<6^OvR`^^Rb)0PZLF zxGONSt`Q6dAqyhhg2bU+b4BX_pVwh)1~$f2v(pa6qs3(M4XzVsfGkv#3w?;J8##1X zt^;VS@tOF9BT?q~a{Y?OEB|f+crF7}Qd9B}AyXe| zlDD_)6s+OtCD!S`NN_MbA|pjSUjx>RZ+b=@2 zfj2wHdRJd+OG?PN8c83m1sU&VJ&%C6`CEn{NkNB-*Z^7&xHS0=zH4uoTYsktec@sB z?CnvNn^McncM8wxG<$vEn^8M+LuM*C>r~APH&=K{WAf0kW3JeR+8)VECe?%O;7Zoz z3jglsncU&9a#h?Uvx!8Q8ior}@@v7_4@Z-x?&A6jd9SQwvje3p4u3kz&agiEfBpaI zb?&dbsNx*!_$1^?g*32q|1e1Ch=i4gbT5GjZ^^J-5T*QBFgo=^I4c*Wl?u)@dg9w- z8ebtd#GkYX$4j065$>j4FO5u_5yKN%mE~^1fC$*DcZD$jJHSPi!~BtimKo4(|e&Mw zW6S&Rl5G7oxeYjMl1N*iI6VJzuo@EEaCfQu>g@o3tXu{PO;nr4KW(4mGwezyxm7jx#ptUW7=niNothHX?2b#tO}O<2sl z<$B`q)`S?EOL_*(@s|p?E>~t0+A1PY%ZILIFucRJZvZ4NJ6e4$4tjooSY(C>63G>X zuH?zQBe}-j@hl4BUU!lMV2&T$-?mu)!TGLLti#EGRG5hh?0RY1mY4k}8D2ruLzICb vKHk(9k;`R{8R~)NwOV@+%z`KAIm_h4jgs!p9CXXoQZBnk0s`Ra+MR1?u6o61 diff --git a/secrets/wireguard-asus-gl553vd-private.age b/secrets/wireguard-asus-gl553vd-private.age deleted file mode 100644 index ee6e35c9dc1a347dcd8d77409591369b699613c9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1624 zcmV-e2B-M|M@dveQdv+`01cO&G66i67C>KB*-+`2lmE|TW&yxc(VR#AGe?6kSW0_{ zR?a;1Az413P+%Sh%+D}K8875ndQ7K`dOT%>z&3kVW#O`3SSZLm)uc-?0kC;8R{I`J zymj%J%;W~{dEng|rf&DCys|ErtZ3dC@$xx5x(I^ZeZe}Ju>1tD7u#1qik-Fhsak>V zzMe<^3?}$n0tF2pJ&(uTZ@nWVyYls@cQp0}EKQzMLQx_u+#SXkf@{Ed8NWd(q5crx zB6S7p#uMSD+Li)+Ujn;k9k0Fep$Xr4XDf0A(IDZ(8H)YK^GK$2v}rYHlHWF&1Hzyw zr~%66dWtx($@_j;r;y!T1+g)OfP&4VVXvJWtcMt2hgW_}=G0gp+%XLEsIob^D)s0X z|7Nc?iap8^O}0(zy)&r{(i7!Dk$UvjPdO6+Kd)y59a6ixdsf%rGp#MB9pD#R%-4eN zKf~8Uj4a-=Rs`o>_1-CIui3|;Tx5eRiaWA1C1%LLH~a>r<@N*cxuF>y9^5)9@eg-4oI-QnxD_e8+$ia26a){Py3zlCZjTH+51`s zi-fQ-Ta!;()(iTQY_gC5WrTroU~EQ+?UbUNcmwdd1?xSNDajw zGdvd{U<&D4sV)mv^sRw8V6mzx=OpE|k3++8@j11=X* zk3Z*}iV+?nuXEus%;)ox@uvqvB)OE>Ee3BK1c6RtxzF5BJ^KH)6G@?`%^esZ1{p)3 z(yazrh}3xQpz$}4oWmr+@6X(^vx#{TSiaJ1+$ycRPSO%annC!$?ccfTc5l0*SuQ`E z*beUqG%rD{O#iI63+7h26%ZkLE5(;<4L@uKcKrrKApHsvF?dZW06;%o$)K>kwIB+* zoQOrLcGt25z|Qbd%cU}B^(7!Z_YVg1$6Qd^28wEK;#Sh5%@z=ssBgP9%3aBi^SV(4 z!vS9&R|d{4x=BK#~gj9SVy8*OPv19tgw!c)&rMPa#^RYk>2N)jin_sp6o8QvQzG#5{&Y)z@K_aC_PAu*|KvR8o4(oMKpG0EjEgyG@K9cD(` zA5a5}V1kQi5*YEd@IwkOg-?r3>cAelWu2$N89f3;FXv-o?7j*sxE28k@FJhGQGRr6 W?8fj1EAwC-ZONb@p~Q*^B1xQx9vSBV diff --git a/secrets/wireguard-home-private.age b/secrets/wireguard-home-private.age deleted file mode 100644 index dbee23583756e1e4f57f9d82956524a88231f854..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1552 zcmV+r2JiU*M@dveQdv+`0Q5=_2reW**BD932~16Jl2s+r(b2JIe)puCc zTs=}$GJ_HC4I8N0>8(jocBTDnM_a&UOA{R|O~Yi-`**gNi|Ap}aeU+mFjsc(PiMZ7 zrP;Ah=;iS08Vo~nrnWTpjF&e+UgWtFA$;SvWdy-}wD{p|Ycn85)BzdCqy|N#3uLr- zZsF>wxErQvUB8prGb2ti18?+RHrmYL=H7W(0iqVo8K-vdQ# zH{dd>oIJPfQ$QT8;>k?qknlQP<_)ZZ((tsLwp*y^Jyt5P2X#Gjw_*o7 zOEErrzNecks>Bq5;ou#3YEHDbnqRo=R^!olgm&g|;fV#OcD7%T@1CKCh@ATEfm~?!23OHh$S+;kqoZ7y|*oC`)ka(MyZEQ z-A4&-meqC#$`p9_K^#=D_-~o~3?RxWe^0Jw?**}=T4E6V%8XQh+;a31b^%Tbc1HKM zDf~US^!?OpJ5IE7=-EuJY=5z6{h;Y~@_#zbhU7-WbsQSpwiN?;lKWi=ftg7>|MvRz&j<4C>4@(hUH zvm$qo0EjQR@@*;Dp=>VuTbDC z8ivP|+qO!p?fhO};kv1i_Gu{);*1n-_;72F5|+>CT8=@IK#ZXdm`Wt%^H1W-11*Z37zEKh{UgXV|sLp9EMa%`jva^Rl_Of%o>?M%XcAMX5=%y8n94e@1mxS~6 zV#i5=YwY6&aNXghd^8TB70M~-;=~YC#=!z{n8KOO7T`ust;|mYVpzFK%lGP&=To!B zY6eAEO1m#(EL#rsfbhUsDiV7BBdxD2o6iD53L^v3y`2i@2JIdG-MumyE;B=5pSnhd z`Lep?(t0d?bA@PTwiJ3ih*Z%xex3%%*}q5N@Lx zlL?fVKM?AW+0SHq#F4zNz78(dL2g5$MzXUxu^bc`xyPVxTA+x>@D2zF(6$ CYZJ@> diff --git a/secrets/wireguard-istal-private.age b/secrets/wireguard-istal-private.age deleted file mode 100644 index 6abdef26cf7b248e1445839960ac849bc736b35f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1348 zcmV-K1-tqHM@dveQdv+`08vJgV-&pslqK|Y(ct#Bl+=JVQ@1#3b#VRJ2hAfy8CJ%! zJ}YDaUFsiAy6pimhl(TdP}~WBf8Imvd08(Ly7`A_K*Paxru)DwbiWI+#!vgY|D!f4 zt9mxPGzt>LtUl8ZY}W7mURpa@$xG{2a<<6BfZKXw%`20e!zf)KfLbr}1giQnFpkn@ z`Dy-%Ja6N4uFHN~Qy5RPPYP?A7Ye^0vZ!Llwn?aLz{%_-{`QVS8^3_(Npn?FhMwf> zv82ba@z8*(FW%5Es`bBZ0h0=^HAKLYm!yz$tpn!a7SM(*Y{s=x%?S?DM*Zrm;_AhT zXlA~~qKhaAx>rZcpU?H>()U(vm|T!GURB6B4E54|)sUpyc-w`mPT)b_W8s=2=(f zjU2%bQ%sKx@|8b^9^_SO_(UOS#db7~iDyVk=O|t3xC(ZS%z?;HJG3o& zFc{I*iDfF*w_HqhvN>EGWdk%dDRhiI@G>L4pVsDio#d|0_5OTDoh;FV12;*mMH2Pc z4N7bMjV6Q^YA$}bKAnh){y*iO!3Ylg;Qpxag-aEne8_u0X|g4aA}R=QCdcyIcGLpk zvm}f8yd4ZWJf%EDj7?b(PtJi{#*{lG1gX0C82aZ$rn0;WY>wQr&Vu?onHtir3q%RA z9AxQS@1uW(WWkfbGpwj8K$Y>yJUf)uK#9GnhIKd&d1mikl!LR0>Q+owCxBC$y#Lbg zen}Q0ff!A9T^`}q0?$MBLJ-cAF1JJ>$)Ylw!{xfIk|I;p;3u$+XNrBHIER$~qRkc- zX~_KnhgV@C4qJK@`9j(y>!4%I766dPX$$B-X$5swnxCvNien1d(qrVJ zbDfL`fKz1{x3QnkBh#EQS@@CO$8t7D_c>XmW5^kCpbeNq`h47_T61*CrLj?ClY z&^`N53jhXWLPj|G+h5W&_8*JPkiEpMzYEy;2+v~3vIzA+LUVRln8O8qLE8%qbwj4s zV9|WGB#2+$5Lbu{k4LPe%KcbhGMb^5wIA_;#NmHOovzo|Ym9npU%v<|)1(4v`!s3J z&=FI0kMD*29}ZbFJhxQy!r|BIY=ZGA*mManLf^SkqW$+9gHICyUs;smy{w0kwK{2V zT24?VWF07E(qGFT+FiRcK{1-inun>R!^Sl2OoJ1VGn!rIxKS540A4liEub)1Rb|G++V#!^h)txJbx?v zp>k(V9SiUUJzU*y3G~Tn)ruy{*z0#8@=(G(s#b8?cVqHJl!rB$W>h_#%Du%!6_ diff --git a/secrets/wireguard-tatos-private.age b/secrets/wireguard-tatos-private.age deleted file mode 100644 index b5844b8520e070543d131fb7eaa1225ff6eeea35..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1435 zcmV;M1!VdFM@dveQdv+`00hEu%9ogb-xk#(`_m)eu}8y3Mts!qGR23?_OG7d;2Uh~ zFqG1oPXe`xI|$D~dLbwac@mFu35RUXrBW@s03hEDyVOdQI(Xp36fqtXv_Pc39BKHi(=qILkUQ z`7~ciI$yqjb9|&oo>#ZlVvlcvU_?$JlO_EXlC5L*{E+03I~O%j$kq*7N-7ADMJ7SU zbF{wBE$PvgZepW4i;_%Y9VKNt8zqb-oNxhO+z{FztSI6w4LIk>+M`5$Av7xT;emWKYCVr(!-nHxPhF0g;?NS??af*_-<2-w592X48Q%>V z`ZW}y_Duo1hj2~@nR!u^Sm!it^)>)rT@fKSeBmnLbFh;^96}&{)ognW)X>qEJx|71 zg!+%+g8a|T5vJ%=d5eAUx=ikdM2ojY)+^e3t(L0U+bd#(w>eDoG7vv?S2fr@458^< z;sI254`!;q@MYGFLXVi9YGj9rmueiVlIU>vrc11NzoEmhK?+K)j8s`%lyF8!*9$WJ z%|PJ%jgn}fX5IXKN|qe{Ye&gf{7&e*_q6O}RNiL#RP>=KnD=^V31~zy?(k#5g%tG# z(hHfJ8OXI^>ERw}@v%Hs=-$^(D|;kLe&bff=+!43c@@R{^At5(BD!vu0Em6q&S7`%*T627&ik((jgG$ph;_W7^(Ybij*1~k&E}KBpI{0Pb#Ea^`UO%wIqR0hGKhJC$9K@#raOB z;zKKegR|2;ngHxVXLVpWWAVbR&R;v2aI{(ki5UAF{$XF3dqBYrG$oIUa9OHTl8)z) zmb=?`$2Pr@-9Si)QP>1sJTZx;VRO4itru#^>7$- zkk2@|^4#JzE^$tqK|Ml0B6Gt~C36?gL)IAjMbL2eP!7;3n99Vu`V|T?BasU0E&5Z*$5&hiR%17XdL<`XIy9 z_$MBzu+Ae1oB1M;-J=bB@xz8xS6c*?*g>f%mQ|IE*KZ^Hk)YLO;0S~;=I!1k0-vVD$;k#*M3?ayAK_31gmWxD58fs3X3Y%Pt|43*_s2E}^RR@TbI0+q0! zm{^DlUDY6C4@t)a zawNvF%pX@arwLOAwWAFv(kusMUfg%ILY&1F-C~V+p9RSsI@Xvq{YxZ1i78O0=xqH6 zmg{4CeoQm(5NX+1jr7lhycH430ic?=sb%GLg+Qm8uH!l>gvn@~vm!vr58K!>l!s?T zIP3?Ee{+}eqOAa-j}+9@{f>13o^8wo`ANpnVC^eXy8 zve5O~u>BUR3t14Md6T4gUGuTDo5x{tatfIE+12U{Z1*NXk21=fF+7t()fhO~+#jJ# zIC$Jog3dTND#m6+L81a86CMi+I{Nk-w-!oZwN47^BbxW&eBuV0gQl*EXC0a{va*tX zu%0LHr?q#m_@WN##Wpgl(IArkkBwv&lZ3HVuEYMM)g`Lbjv zBM&CqAm^)PoUqG(QSAOngd=e|z;>JzSqHY9&kf?T`D1Rr!*Jf^d$e(1F*9iOu$(qS zTcvXj!+R!NO_MNdNv#7sHA>q2d&%@8td-C`f@&?s?+)d;t8iGW8q?NRZW4+|P!n#m zm&hz^%RJp&)BQ%&B?=`Mgl+KXYW(v2Z*uF^D~?S&VE#(2h h@oj0+w8m9fLW&W zTTr1!2dYOQ=*+)Z(P@XRA0rFR{gy%3Gr}shUHE3j%^yV+x>YGJoYfgmdWsWv_F7m- z=W0$|QLh4$a~~K;l=twmZaPW~6=`kxb{L=pD93lJ7#7qU?AmkpAF$Mzeem)NGz$$2 z(tSBp35pBOdWm1KT23Jq(G-C&RtW@EP(skTKUuKS(+MDscmX>GrRG1;l|4kcsZm1>a-xsvC6BF1a<^Uc+;2pq8LW9GSaAs3|J6JypxwB_ zAL`cNUEF2kt?<*zp6`&{RygqO>@6(k%Q{ zyR^xg8mr~sM-?M8O$y}y#!2X1W+?+nGNm_qNPIakE&GonY%FfX89HnMH9vGyuBy#; zT5($E7{bA`Wnos&o2*jgq4T{2%kCZ!7O+ZT^C!n`Q6X7~LaipZ(f3T!*o#tVt>yst zx?>XW80NlOCjmLh1v&)V8JZZqQ}4=_MehJp_u&3s!J7y4sOT>ha(V(@T5NhP=x+i3 zq+@}en@pf)=)1}M{`FhOz{QIHCVZyNo3`6J2&Tc*Fm8-6~JZ`i!uYH zZA6DnTQf^*9Fbun)**P}Hn&&B%EkMk`t(|r8nUj{oqzs~R4NOmUN#LtK|KJPfpB1F zhamX$vx@*8!b_16vnH?n!J`Q7X7o25hVQNkVTVhv#R+h+nt44HWKoV;+&pGf@V!zJRW37p#nzkWluE2o16BIW^1K3tPMiWj;BUde1`Ny$eRRn4X5sp@QJP zUh*f$TzKIa(E~HJ_KU$S0Ec|xKIK%-I-eGJJy<{Ig1w5Gfrn+dwT(_2-9&26Hk2jI z0_qb@7R(aOHfy+ogFKXx~gDovtx=4?o_$wqp}8r#T^C`t-EC5 fW>LEuz!OYzdWSCS8!h?!(TXCKIWGdI~$sx)&*!HyT83Ft>@W#^Xp-eSvRffD0 z;HR!I^fr8}{|U`+5!bYJTp|H*Ns`1&vWaOwb80NS(Z2&uZ4m&qb_$l-ZfUyto3Kk-or@HE=IK))NxDye5jZzh@`RoG(>aM;$x+)9q;oyj9A!~ z?0rX$;#pV8IMB^A7RfMZpaP8V7veG9ZvJal)m9hfsu3_U@85`c>;pc-H@M2rO47pV zlB9(?=?D0 zB-arw+m66{Ovfu6+iBsCY|OM+_epY&MlvSbJ&Lr3?mL;4vU0vm_j&e(A_XZZgIK1L z4QukUka^`*X_!4A>s(cB>X)N9VE4DZjP_*bvN z?k9Rms%Y-d3(#)^+u6@IwD)p+yy?pKm|t=jF9i!WUJR7_U{rirt3!zs5M|v|;63Dc zs)k`gmfZl%5fHx^P(BKsf0xmCI=);6OL@s9RozVI|DF%~XOn#ElK7dOh=lY*&J16G zUj`mvgm^yy%+?>TCVVZS=O$Ba$*D*9Q|=PNhN;P4I3|*4c2ZkxSm?l~}L4R23O{GtPOw)MkPw)yo5M3|3 z#tGzJCoVmA*80)Nv8dIC-pNUu=`>5U*#y*i&N=z8C;a`W;{u++)sdLybfndmrjFz2 zPw#t3xNuX+)$FYj5UPe|JAH1AgWV>@G;H>bUIxWPMz?I;--|_GPsS&i9USL2S~bvt zm{qun+UrhcQR=LghG^84@)Ibsy-5Iasc_NWFAxFIQP4l^QF?~kc8L|OKX>iNzfFG5 z^e6P%qyJpL{1`lO@z|^gVNX&}a;FD+|Edn>bi8QBAXe9$_!irk7~JOlhX&l?O#W(f zww3QxBuS)s@VELmvgPI!Xd*vIj@$oyjM!W@vrj5F=20HqgmTrz7j0!rL*NMVw~cQD zgFaNHn}ybhBj?@pfnzx2%PUHgUYk$#;!Wh|9~eeE-|4kVyn*>J2GRn(Z8u7mcwCrW zfDhM3+GFZPLyb~4?j|)iQCTYnsWJOlG?`DcEQk9wZ&TD@SN=YxcVcP19g1MD)H&Aw zj6-}Db9$Gp;a#j6+$Bjz%=|s+w2`pPV*xxBosfBcZTii*ZgVpOe5Hu}b|+E7lyB|o ziX|KPgH9YJ4g`O2dasomDh@tRq*fwkEViK(+PcuxQW7>RSp*T1F5dq#AMkddJU(B| zuKH>r@<+AqZlmT82oEhx+!zMh78gfgV_lj*pglq{JONr_lI+EKPR`S&b5luwE4HAH z*&JKD45FeaEo6Xy5a~<35@oi=AdBxqL=a4rO@?C!#?f+!aEahZUx46j&*o-H;Hz!o zlon|ZLEB(@a9LZ0=w}#4hKRTEAn%|I+xZA*5S;61T>{P54igMT{KCC6>doID44moP z^x=vKR@;np)bNK$VMa zQAWCSl2(SEDHUv!YA}^rgH@j{M2kZUdBmJT^`%R&8wXH}g_qgkzA$*S%k14e{IG20 z@BiD;v1+;h+e-@?nG%_mA|M$!fS*U=&YMvh!yYYDTxQGpXI!08e}D6I!4+o-FzNtg zF0_8G$ubKhDp2Jevk(ZpvuJ$>RB#^kFY2tdsV3mi{LsGt0U{wblgE7m!U}Cp8i4QX z=M+K(GnP(#wju9W&ca9w8dckpISnE{I^`uGU<=oFBe(`^&uK8^h@P6kJ=vNHZOLN% zTPmom)DvXgQC|GVl^ZeYSyp=iD2864X}E{zE}Rcm#p)JHtthjmOq~1DdX`FvZWzQ4~C= z*od{f08H0GY&kLq*cqibPO3wHa?DgD;0xZ3iyQZR1QYs?ztuU(pc5`kNryJ$@S0N4 zweGt`PlKNs41b~5esQV{_1XbBc<+f0l%Qp#eI5d5K$-iL!XD}O&TmpRg$yX_lMrM5 z!sx?)I!LkKl4EZ6&x_Xjb(PXa`J98qqS_-mcWdMetcolS> zsuqEtpn z(7ab0yq`1tm?8)}a$sd(l7HSu0B*gfkw;q4sSbC=QI~v)HPc`d|8$sgm(cN-8G!yt zlVf;+KIYd0{ZM3Z!EnW`+;l&QY%gkE5JLSrj;S8kMD`oH zCt|Xne(_Iu(EjVn^L$s^9;Hiwq8#?fNgw7dvbeCCU+hF?i1~1x?H>U0;Stsi`eVUY z`lo5AFE@BraKP=Tw73-c55D)rQmu^^osiO}s~7Bgq*VKG9orErCuZ VpHg^1epwFk2OY!!hcs@>wCnthh%x{G literal 0 HcmV?d00001 diff --git a/home/users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png b/users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png rename to users/jan/wallpapers/animals_tree_branch_129397_2560x1440.png diff --git a/home/users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png b/users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png rename to users/jan/wallpapers/artist_waves_colorful_129158_2560x1440.png diff --git a/home/users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png b/users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png rename to users/jan/wallpapers/boat_river_loneliness_129582_2560x1440.png diff --git a/home/users/jan/wallpapers/build.sh b/users/jan/wallpapers/build.sh similarity index 100% rename from home/users/jan/wallpapers/build.sh rename to users/jan/wallpapers/build.sh diff --git a/home/users/jan/wallpapers/catppuccino_landscape_1.png b/users/jan/wallpapers/catppuccino_landscape_1.png similarity index 100% rename from home/users/jan/wallpapers/catppuccino_landscape_1.png rename to users/jan/wallpapers/catppuccino_landscape_1.png diff --git a/home/users/jan/wallpapers/child_river_dreams_127495_2560x1440.png b/users/jan/wallpapers/child_river_dreams_127495_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/child_river_dreams_127495_2560x1440.png rename to users/jan/wallpapers/child_river_dreams_127495_2560x1440.png diff --git a/home/users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png b/users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png rename to users/jan/wallpapers/clouds_sky_bridge_people_reflection_sea_92817_2560x1440.png diff --git a/home/users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png b/users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png rename to users/jan/wallpapers/couple_hugs_art_140777_2560x1440.png diff --git a/home/users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png b/users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png rename to users/jan/wallpapers/deer_silhouette_forest_130032_2560x1440.png diff --git a/home/users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png b/users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png rename to users/jan/wallpapers/landscape_art_moon_127187_2560x1440.png diff --git a/home/users/jan/wallpapers/landscape_art_road_127350_2560x1440.png b/users/jan/wallpapers/landscape_art_road_127350_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/landscape_art_road_127350_2560x1440.png rename to users/jan/wallpapers/landscape_art_road_127350_2560x1440.png diff --git a/home/users/jan/wallpapers/nix-magenta-pink-1920x1080.png b/users/jan/wallpapers/nix-magenta-pink-1920x1080.png similarity index 100% rename from home/users/jan/wallpapers/nix-magenta-pink-1920x1080.png rename to users/jan/wallpapers/nix-magenta-pink-1920x1080.png diff --git a/home/users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png b/users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png rename to users/jan/wallpapers/sea_sunset_art_131736_2560x1440.png diff --git a/home/users/jan/wallpapers/sea_waves_art_130915_2560x1440.png b/users/jan/wallpapers/sea_waves_art_130915_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/sea_waves_art_130915_2560x1440.png rename to users/jan/wallpapers/sea_waves_art_130915_2560x1440.png diff --git a/home/users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png b/users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png rename to users/jan/wallpapers/torii_art_solitude_129792_2560x1440.png diff --git a/home/users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png b/users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png similarity index 100% rename from home/users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png rename to users/jan/wallpapers/wolf_silhouette_hills_130119_2560x1440.png diff --git a/users/nas/default.nix b/users/nas/default.nix new file mode 100644 index 0000000..2525ce3 --- /dev/null +++ b/users/nas/default.nix @@ -0,0 +1,74 @@ +{ config, pkgs, lib, inputs, ... }: + +{ + nixpkgs.overlays = lib.mkAfter [ + inputs.wired.overlays.default + ]; + + local.nix.allowUnfreePackages = [ "skypeforlinux" ]; + + programs.zsh.enable = true; + + age.secrets.users-nas-passfile.file = ./users-nas-passfile.age; + users.users.nas = { + isNormalUser = true; + shell = pkgs.zsh; + hashedPasswordFile = config.age.secrets.users-nas-passfile.path; + }; + + home-manager.users.nas = { + home.stateVersion = config.system.stateVersion; + + ################################################################################ + # Configs + ################################################################################ + + local.keyboard.enable = true; + + local.window-manager = { + xmonad.enable = true; + polybar.enable = true; + }; + + xdg.enable = true; + + local.shell.enable = true; + + ################################################################################ + # Programs + ################################################################################ + + local.programs.terminals.wezterm.enable = lib.mkDefault true; + + local.programs.editors.gedit.enable = lib.mkDefault true; + + local.programs.file-managers.nautilus.enable = lib.mkDefault true; + + local.programs.communication = { + telegram.enable = lib.mkDefault true; + skype.enable = lib.mkDefault true; + }; + + local.programs.share-files.croc.enable = true; + + local.programs.libreoffice = { + enable = true; + + spellCheckDicts = with pkgs.hunspellDicts; [ + ru_RU + ]; + }; + + ################################################################################ + # Packages + ################################################################################ + + home.packages = with pkgs.unstable; [ + image-roll + vlc + + firefox + ]; + }; + +} diff --git a/users/nas/users-nas-passfile.age b/users/nas/users-nas-passfile.age new file mode 100644 index 0000000000000000000000000000000000000000..e9b758690af4f81c4388edc81fc7b1438155ec19 GIT binary patch literal 2351 zcmV+~3DEWcM@dveQdv+`0FLa_xTTihV+ibi#z-F&QXy8})|l59nBj2ld@bnrn0$B! z9AaJKd=t661p6<+x>qMH@3%UYIR0X;V7a@Q-#0)P16fG)PB6bxERrtU|4m1Su6UTz z>EN5J@2JaZe@X)0wb9p7)J--a&oO>Oj>$+mICx+BS6Hy>y;5D&)HWu!cK(gwU=fFC}UJ5DG z(XLfxu{VNFlqph4H-_SJ!{96>=ApYe`Y#nWACM7Q$y~#t#*PAZnwRfd)0I{s45f(3OCoDbT)tx z=x>Lr@yub6c~V9bF$kLNei*#`#?EN2x(iD6LT9Xl^L`sKLIKk4K} zoDngX!Ro}FpBfbM@Xl5l_nTjhmmcY(ZaFZV(}p&`kTGbEHD(8~>ZS85&+F4~l$8t_ zi;RoEY;$VS@lF|d{{WM#m%inu%$R!ZaDN{fvh8iBERzW}TsRUCl z#P<-H&{N_$4jh24R8}?1uDUPTH+WZ+alTYktiL`Wf65k>w+JeorQ(xiAqoOt@KoMm zV?$W1{cE^*|BFCR5BIZ1$zUp;D#A|DwU`cc$&XRW@Ep)#i`2iyWSWI8YQoQya>+CD zpXdxlir7Cs>HalDWFBO0)q0+`i47c*zADe}AMA^YI<2&D&g>DuW)_1YZs0e9f(O88 zI&X)X9MkgI)kQdg#_cl5IJcMfL}*Wgkr7rE#v$g4JYF4*)Zjdxpi$&V;btyVC-S^a z95RHGe=5)wagYJ!O$#uura}=QbnF0g_W8OQ78)OZl6)77IUu;L@Ns13z**){v4{YP zw?k`((9m04l!-xOu-WFAhmE>#)3*5+q3O57^K z;}@AmtEC$T3DN~1g@b2UQWJ!32?XGlWW+F#Hwm0-)K#M(N;wNGSF|pSbCTmqHSBEI z?E0;Hdp3PL>RRwK?86F7Of(ciU=`XC=IlQgOaCD7VhQ%kvY>H@Yx=w5M{Ln1sde@& zZg$bq7=^xli4Ehp>pfmfwI+pf-pMgo_y1pJK3Yz+%DE6;1~Y;F~p_Q=UjWU<^NS*TAet9gxF$O$rnsO+xIeLUTM1ul0r|deUKc z+Jw+QCkB`bN%p2_FB%T5=0Y3C6a}$LEGWop{wKKiL5S_XkiuS3EYBt!N-D5PDo-xF+&7kroYD^|j^Clp7|w{!6D@M!AVd|c zY%DbY`0uYacu~h#5GPV#N8vHci@TF~zLkgM>bdT)N42-X3YJRr#fkKOa&2kpC|q7uo;gEW z8Va=9EKbus@rYnJ(nO(7=GPXrqQ^=AR$4fX96h4MbG__C=T=P)Y~ z;?5L9`h~`!g5`V$6-h+&i`-!`U3o3eNykWsBEP(tQG*{i68VX+Qvwx5Ho`zQb5#4E zd?d&xxp_;=!Z0Ftx&pPP6S%R&`j$x0ugIErm*Z@|83R|@Lclr1f^AEyw9!K>E%8pBhsLEvWMn*X63z{K_v$!op!TH=ZlB16u$oip z$R7bE@+I)b(@qR{aZCty8Kvp5_{W^0x+@=C5or^Ajct7_=-el4aY46S&`P@fc9YH7 zZQq)+O#nM{rD(4X*Ey`>t(^IER5VD3g9vB=fG0rga&UY}Wllulp`rvBjeKRlzJ5Cj zA{HZBuM4W(XaDvOLSqT&E&(BQI(Qk>o69EaQFDfm0IzzNBlDZ$=aRg^M|Q+?S(#WE z5a+gsG;q!=h$SU74NDkgDRzyf`Zp6>{L$A$F@zrF82~!%vcrcpnwbMiw&9ppfor^X z)V{zXkufHk?mMVu*7&h#nUjAxkxk$@0l)dL{IQZ1G