Compare commits
163 commits
Author | SHA1 | Date | |
---|---|---|---|
6ee7a9ad94 | |||
327a787b6a | |||
d715aeb92b | |||
bf10c236a3 | |||
8524aaa6e7 | |||
bc94e8831a | |||
6d8dc4c879 | |||
2c79df9edf | |||
9f82d98603 | |||
2028091bd6 | |||
469ac4d1b3 | |||
d8302e3364 | |||
6727763076 | |||
314c30bcab | |||
9e7589ee36 | |||
53fca9c808 | |||
260907046b | |||
482349b94d | |||
5dc3fc10ca | |||
ffe908e18e | |||
6c0592d39b | |||
f2038504b0 | |||
47e6195e70 | |||
34ba9c0f55 | |||
29c1290f08 | |||
17b9c93563 | |||
e813ce3c9a | |||
fe3043c6a4 | |||
a501f2ea16 | |||
390f54b1f5 | |||
be498490af | |||
7f119a6844 | |||
c2b4b94f0e | |||
459a1c7132 | |||
c0c761e740 | |||
d5be2c18f9 | |||
7784352dc8 | |||
be8de8cc58 | |||
ed61cd41a7 | |||
45bde33b55 | |||
0bb4941ab7 | |||
374837754c | |||
1fc5b9e75f | |||
1956230264 | |||
ae08a31c1f | |||
05fe48a540 | |||
20ec3eb336 | |||
b26c6edefa | |||
b2f8aa4b44 | |||
f6c855fe8a | |||
53f0af6bc8 | |||
1c65b13d29 | |||
9c7be1d64e | |||
292fc5930f | |||
7b129546bb | |||
23acfa2b57 | |||
fb78ebafba | |||
a96ab9bf1f | |||
979d6e11f2 | |||
6a7276e96e | |||
9d871d9f57 | |||
ede2a1ef54 | |||
e0b7b94270 | |||
bd12213e4a | |||
1e2e4aa397 | |||
165f567d93 | |||
5abf88dc22 | |||
0d8747b39d | |||
b6ac86a1e5 | |||
4dcbaa3656 | |||
4016eb1b71 | |||
a6d5a32396 | |||
9ed6528c55 | |||
6eb4f817f0 | |||
e247859807 | |||
4366a215e6 | |||
2a3784696b | |||
ebffa75c63 | |||
f5ca68b55c | |||
5ec1de397e | |||
4dca932223 | |||
15596fc12d | |||
d915336df4 | |||
b3554bdb76 | |||
cb87dd9997 | |||
33c226e119 | |||
f4e4f8ef91 | |||
1ba961aec9 | |||
061ff0f5f5 | |||
1e3b9afc4b | |||
019df2b55e | |||
b674bd8b36 | |||
67da2f2483 | |||
1296267c18 | |||
86dd8bec5e | |||
752d6a3a60 | |||
22a689f190 | |||
433102ea63 | |||
92bb77a4ee | |||
3e7756f565 | |||
bdfd04e072 | |||
cdae8fdd16 | |||
2bb77ea5d0 | |||
3b896978ee | |||
210366db04 | |||
2764bc463d | |||
b6d04c928e | |||
003ebad5cd | |||
afc0b9847c | |||
ac42361f3b | |||
370bad97f8 | |||
1a25e9d1fd | |||
7c7f4407d4 | |||
94450fedd8 | |||
dcfe5ff676 | |||
9a6af2dcc5 | |||
807b75b227 | |||
9f6bedbdc8 | |||
9ed408cc86 | |||
43586edf29 | |||
cc8e92ade6 | |||
1cbcc1c569 | |||
5748b1d3d9 | |||
1c00e445f9 | |||
35cab56fa0 | |||
b8198cf56f | |||
4ef5f14b30 | |||
869afe4b3a | |||
ca0679d82d | |||
59632cb3f7 | |||
a67cadfd8d | |||
e639bcc8f0 | |||
d06e1faf3b | |||
33cac6a066 | |||
730d99efb5 | |||
27cd261820 | |||
26887e2f33 | |||
b9fe063b50 | |||
9cda7b1c76 | |||
26338a9f35 | |||
2195435753 | |||
da1cec5765 | |||
ce87cb3699 | |||
e5945d905c | |||
ff91b3b580 | |||
2d9136b189 | |||
8e0a030085 | |||
0fe23e8bf8 | |||
57d8d2a610 | |||
8461819774 | |||
5e3394e74f | |||
88ef9c1318 | |||
311beb844e | |||
b703b69513 | |||
6ef8e79113 | |||
eb40e0ddb6 | |||
40ff58434d | |||
50df3f2d77 | |||
95c704e96e | |||
648d827d4b | |||
2027271b49 | |||
db3d26e687 | |||
59129e97b9 |
106 changed files with 1674 additions and 570 deletions
Binary file not shown.
8
Makefile
8
Makefile
|
@ -32,13 +32,13 @@ help:
|
|||
define machine_rule
|
||||
.PHONY: $(1)
|
||||
$(1): ;
|
||||
systemctl --user reset-failed
|
||||
sudo nix run $(NIX_ARGS) .#switch/$(1) -- $(BUILD_ARGS)
|
||||
# systemctl --user reset-failed
|
||||
sudo nix run -L $(NIX_ARGS) .#switch/$(1) -- $(BUILD_ARGS)
|
||||
endef
|
||||
|
||||
define vps_rule
|
||||
.PHONY: $(1)
|
||||
$(1): ; nix run .#deploy/$(1) -- $(BUILD_ARGS)
|
||||
$(1): ; nix run -L .#deploy/$(1) -- $(BUILD_ARGS)
|
||||
|
||||
endef
|
||||
|
||||
|
@ -47,7 +47,7 @@ $(foreach vps,$(VPS),$(eval $(call vps_rule,$(vps))))
|
|||
|
||||
.PHONY: rollback
|
||||
rollback:
|
||||
sudo nixos-rebuild --rollback
|
||||
sudo nixos-rebuild switch --rollback
|
||||
|
||||
################################################################################
|
||||
# Editor
|
||||
|
|
63
disko/luks-btrfs.nix
Normal file
63
disko/luks-btrfs.nix
Normal file
|
@ -0,0 +1,63 @@
|
|||
{ device, memSize ? 1024 * 5, swapSize ? "10G" }:
|
||||
{
|
||||
disko = {
|
||||
inherit memSize;
|
||||
|
||||
devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
inherit device;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "defaults" ];
|
||||
};
|
||||
priority = 1;
|
||||
};
|
||||
cryptoroot = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "luksroot";
|
||||
settings.allowDiscards = true;
|
||||
passwordFile = "/tmp/secret.key";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
root = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" ];
|
||||
};
|
||||
persistent = {
|
||||
mountpoint = "/persistent";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
nix = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
swap = {
|
||||
mountpoint = "/.swapvol";
|
||||
mountOptions = [ "noatime" ];
|
||||
swap.swapfile.size = swapSize;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
179
flake.lock
179
flake.lock
|
@ -10,11 +10,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715290355,
|
||||
"narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
|
||||
"lastModified": 1723293904,
|
||||
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
|
||||
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -23,6 +23,26 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727531434,
|
||||
"narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"firefox-addons": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
|
@ -30,11 +50,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "repos/rycee/pkgs/firefox-addons",
|
||||
"lastModified": 1713127732,
|
||||
"narHash": "sha256-07prd+in1ZUcxETxPyWtFjl7xPKwlXzk9a47Q3RnHXU=",
|
||||
"lastModified": 1727605244,
|
||||
"narHash": "sha256-LQOKClgjj4L8gSl0duMqBQFTfD1d2o92JZ0lBhIg9iA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nur-combined",
|
||||
"rev": "6edb2a1a43dbd2f8b32876268a530ce82c64013f",
|
||||
"rev": "03735bab40042843097839f2fabac72793f5f669",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -50,11 +70,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714641030,
|
||||
"narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
|
||||
"lastModified": 1726153070,
|
||||
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
|
||||
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -79,12 +99,15 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"lastModified": 1726560853,
|
||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -94,24 +117,6 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
|
@ -131,11 +136,11 @@
|
|||
},
|
||||
"hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1716173274,
|
||||
"narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
|
||||
"lastModified": 1728729581,
|
||||
"narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
|
||||
"rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -173,11 +178,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713818326,
|
||||
"narHash": "sha256-aw3xbVPJauLk/bbrlakIYxKpeuMWzA2feGrkIpIuXd8=",
|
||||
"lastModified": 1727383923,
|
||||
"narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "67de98ae6eed5ad6f91b1142356d71a87ba97f21",
|
||||
"rev": "ffe2d07e771580a005e675108212597e5b367d2d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -194,20 +199,35 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715381426,
|
||||
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
|
||||
"lastModified": 1726989464,
|
||||
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
|
||||
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-23.11",
|
||||
"ref": "release-24.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1727556076,
|
||||
"narHash": "sha256-5Iplxbdn/7kQp4UYXMnUMFL2i2lyysOhRyzvvtPe1Qc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "fff0d95cf40609941769a443a001b25fb95b68ab",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lan-mouse": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -216,11 +236,11 @@
|
|||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713168888,
|
||||
"narHash": "sha256-pNd6KbkLlZtXKQvHWYwQB/Wbqa7lQYVffpSq5uWJqzQ=",
|
||||
"lastModified": 1726858237,
|
||||
"narHash": "sha256-fAHjrIZV9cxAtJmp1SEP11ubvX3Er6lqUHUb7NBFuA8=",
|
||||
"owner": "feschber",
|
||||
"repo": "lan-mouse",
|
||||
"rev": "36855a1a1767f4a777bad580d5a76fec1be5d9d1",
|
||||
"rev": "b071201dcb000a09330df81784d2ef2c0446da90",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -240,11 +260,11 @@
|
|||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714571717,
|
||||
"narHash": "sha256-o4tqlTzi9kcVub167kTGXgCac9jM3kW4+v9MH/ue4Hk=",
|
||||
"lastModified": 1726716330,
|
||||
"narHash": "sha256-mIuOP4I51eFLquRaxMKx67pHmhatZrcVPjfHL98v/M8=",
|
||||
"owner": "oxalica",
|
||||
"repo": "nil",
|
||||
"rev": "2f3ed6348bbf1440fcd1ab0411271497a0fbbfa4",
|
||||
"rev": "c8e8ce72442a164d89d3fdeaae0bcc405f8c015a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -279,11 +299,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716244689,
|
||||
"narHash": "sha256-tFsMxZcbg8WAmNmmL/WxFjp4wgCK2XzTDkM5PNZqCZQ=",
|
||||
"lastModified": 1731097096,
|
||||
"narHash": "sha256-hMBcuTUJs1+zQ5nwTA06isLxk/vUd1r5qs95JRJ5L5E=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "881339ef7077b5c1d07041a0024575a4170c0174",
|
||||
"revCount": 83,
|
||||
"rev": "20bf0c7e51e1e5ebf5f3754332f134a8ca0ce04c",
|
||||
"revCount": 94,
|
||||
"type": "git",
|
||||
"url": "https://git.pleshevski.ru/pleshevskiy/nixeovim"
|
||||
},
|
||||
|
@ -310,23 +330,23 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1714640452,
|
||||
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
|
||||
"lastModified": 1725233747,
|
||||
"narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1716128955,
|
||||
"narHash": "sha256-3DNg/PV+X2V7yn8b/fUR2ppakw7D9N4sjVBGk6nDwII=",
|
||||
"lastModified": 1728979988,
|
||||
"narHash": "sha256-GBJRnbFLDg0y7ridWJHAP4Nn7oss50/VNgqoXaf/RVk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f9256de8281f2ccd04985ac5c30d8f69aefadbe8",
|
||||
"rev": "7881fbfd2e3ed1dfa315fca889b2cfd94be39337",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -338,27 +358,27 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1716061101,
|
||||
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
|
||||
"lastModified": 1729044727,
|
||||
"narHash": "sha256-GKJjtPY+SXfLF/yTN7M2cAnQB6RERFKnQhD8UvPSf3M=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
|
||||
"rev": "dc2e0028d274394f73653c7c90cc63edbb696be1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1706487304,
|
||||
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
|
||||
"lastModified": 1718428119,
|
||||
"narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
|
||||
"rev": "e6cea36f83499eb4e9cd184c8a8e823296b50ad5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -371,11 +391,13 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"disko": "disko",
|
||||
"firefox-addons": "firefox-addons",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"hardware": "hardware",
|
||||
"home-manager": "home-manager_2",
|
||||
"home-manager-unstable": "home-manager-unstable",
|
||||
"impermanence": "impermanence",
|
||||
"lan-mouse": "lan-mouse",
|
||||
"nil": "nil",
|
||||
"nixeovim": "nixeovim",
|
||||
|
@ -393,11 +415,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710987136,
|
||||
"narHash": "sha256-Q8GRdlAIKZ8tJUXrbcRO1pA33AdoPfTUirsSnmGQnOU=",
|
||||
"lastModified": 1716257780,
|
||||
"narHash": "sha256-R+NjvJzKEkTVCmdrKRfPE4liX/KMGVqGUwwS5H8ET8A=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "97596b54ac34ad8184ca1eef44b1ec2e5c2b5f9e",
|
||||
"rev": "4e5e3d2c5c9b2721bd266f9e43c14e96811b89d2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -408,21 +430,17 @@
|
|||
},
|
||||
"rust-overlay_2": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"nil",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nil",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714529851,
|
||||
"narHash": "sha256-YMKJW880f7LHXVRzu93xa6Ek+QLECIu0IRQbXbzZe38=",
|
||||
"lastModified": 1726453838,
|
||||
"narHash": "sha256-pupsow4L79SBfNwT6vh/5RAbVZuhngIA0RTCZksXmZY=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "9ca720fdcf7865385ae3b93ecdf65f1a64cb475e",
|
||||
"rev": "ca2e79cd22625d214b8437c2c4080ce79bd9f7d2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -433,15 +451,14 @@
|
|||
},
|
||||
"rust-overlay_3": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715393623,
|
||||
"narHash": "sha256-nSUFcUqyTQQ/aYFIB05mpCzytcKvfKMy3ZQAe0fP26A=",
|
||||
"lastModified": 1727663505,
|
||||
"narHash": "sha256-83j/GrHsx8GFUcQofKh+PRPz6pz8sxAsZyT/HCNdey8=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "8eb8671512cb0c72c748058506e50c54fb5d8e2b",
|
||||
"rev": "c2099c6c7599ea1980151b8b6247a8f93e1806ee",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -504,11 +521,11 @@
|
|||
"rust-overlay": "rust-overlay_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715552757,
|
||||
"narHash": "sha256-ZOgCSIcdvG8+RcZCXSAEmb/LZ2Ap9wU4nvbxNDA+QN0=",
|
||||
"lastModified": 1727849733,
|
||||
"narHash": "sha256-mqxs/nyzOEKiBHa94OtcOLYBXd65P8tO4DUVTHWHn6o=",
|
||||
"owner": "Toqozz",
|
||||
"repo": "wired-notify",
|
||||
"rev": "18b44306b2636fc7f238a9d946c7b8aac217122d",
|
||||
"rev": "a1f6965737754e7424f9468f6befef885a9ee0ad",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
28
flake.nix
28
flake.nix
|
@ -1,9 +1,14 @@
|
|||
{
|
||||
inputs = {
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
firefox-addons.url = "github:nix-community/nur-combined/master?dir=repos/rycee/pkgs/firefox-addons";
|
||||
|
||||
|
@ -14,7 +19,7 @@
|
|||
};
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/release-23.11";
|
||||
url = "github:nix-community/home-manager/release-24.05";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager-unstable = {
|
||||
|
@ -82,7 +87,7 @@
|
|||
set -e
|
||||
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
|
||||
${lib.optionalString machine.config.hardware.pulseaudio.systemWide ''
|
||||
systemctl restart pulseaudio.service
|
||||
systemctl restart alsa-store.service
|
||||
''}
|
||||
'')
|
||||
localMachines);
|
||||
|
@ -99,6 +104,11 @@
|
|||
# Path to the agenix configuration file
|
||||
RULES = "./.agenix_config.nix";
|
||||
};
|
||||
disk = pkgs.mkShell {
|
||||
packages = [
|
||||
inputs.disko.packages.${system}.disko
|
||||
];
|
||||
};
|
||||
tools = pkgs.mkShell {
|
||||
packages = with pkgs; [
|
||||
mkpasswd
|
||||
|
@ -131,7 +141,9 @@
|
|||
modules =
|
||||
(with inputs; [
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModule
|
||||
home-manager.nixosModules.default
|
||||
disko.nixosModules.disko
|
||||
impermanence.nixosModules.impermanence
|
||||
])
|
||||
++ [
|
||||
# deployment settings
|
||||
|
@ -147,6 +159,7 @@
|
|||
})
|
||||
# base home manager settings
|
||||
({ ... }: {
|
||||
home-manager.backupFileExtension = "backup";
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.extraSpecialArgs = {
|
||||
|
@ -158,7 +171,6 @@
|
|||
./modules/home-manager
|
||||
inputs.wired.homeManagerModules.default
|
||||
inputs.lan-mouse.homeManagerModules.default
|
||||
"${inputs.home-manager-unstable}/modules/services/window-managers/river.nix"
|
||||
];
|
||||
}
|
||||
];
|
||||
|
@ -166,8 +178,12 @@
|
|||
]
|
||||
++ extraModules
|
||||
++ [ ./modules/nixos ]
|
||||
++ [ ./hosts/${hostname}/configuration.nix ];
|
||||
++ [ ./hosts/${hostname}/configuration.nix ]
|
||||
++ [ "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/renovate.nix" ];
|
||||
})
|
||||
(import ./hosts inputs);
|
||||
diskoConfigurations = {
|
||||
asus-gl553vd = import ./hosts/asus-gl553vd/disk-config.nix;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,10 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader = {
|
||||
timeout = 1;
|
||||
systemd-boot = {
|
||||
enable = true;
|
||||
configurationLimit = 10;
|
||||
configurationLimit = 20;
|
||||
};
|
||||
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./boot.nix
|
||||
./imp.nix
|
||||
./networking.nix
|
||||
./wireguard
|
||||
];
|
||||
|
|
76
hosts/asus-gl553vd/configs/imp.nix
Normal file
76
hosts/asus-gl553vd/configs/imp.nix
Normal file
|
@ -0,0 +1,76 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
# A setup which would clean root subvolume between boots remove automatically removed roots that
|
||||
# are older than one day:
|
||||
#
|
||||
# Source: https://github.com/nix-community/impermanence
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
mkdir /btrfs_tmp
|
||||
mount /dev/mapper/luksroot /btrfs_tmp
|
||||
if [[ -e /btrfs_tmp/root ]]; then
|
||||
mkdir -p /btrfs_tmp/old_roots
|
||||
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
|
||||
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
|
||||
fi
|
||||
|
||||
delete_subvolume_recursively() {
|
||||
IFS=$'\n'
|
||||
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
|
||||
delete_subvolume_recursively "/btrfs_tmp/$i"
|
||||
done
|
||||
btrfs subvolume delete "$1"
|
||||
}
|
||||
|
||||
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +1); do
|
||||
delete_subvolume_recursively "$i"
|
||||
done
|
||||
|
||||
echo 1 | tee /btrfs_tmp/root/sys/class/leds/asus\:\:kbd_backlight/brightness
|
||||
|
||||
btrfs subvolume create /btrfs_tmp/root
|
||||
umount /btrfs_tmp
|
||||
rm -r /btrfs_tmp
|
||||
'';
|
||||
|
||||
age.identityPaths = map (v: "/persistent/system/etc/ssh/${v}") [
|
||||
"ssh_host_rsa_key"
|
||||
"ssh_host_ed25519_key"
|
||||
];
|
||||
|
||||
environment.persistence = {
|
||||
"/persistent/system" = {
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/var/lib/bluetooth"
|
||||
"/var/lib/nixos"
|
||||
"/var/lib/systemd/coredump"
|
||||
"/etc/NetworkManager/system-connections"
|
||||
];
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
"/etc/ssh/ssh_host_rsa_key"
|
||||
"/etc/ssh/ssh_host_rsa_key.pub"
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||
];
|
||||
};
|
||||
"/persistent/docker" = lib.mkIf config.virtualisation.docker.enable {
|
||||
hideMounts = true;
|
||||
directories = map (v: "/var/lib/docker/${v}") [
|
||||
"containers"
|
||||
"volumes"
|
||||
"image"
|
||||
"overlay2"
|
||||
"network"
|
||||
];
|
||||
files = [ "/var/lib/docker/engine-id" ];
|
||||
};
|
||||
"/presistent/ollama" = lib.mkIf config.services.ollama.enable {
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/var/lib/private/ollama"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,13 +1,10 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
networking = {
|
||||
hostName = "laptop"; # Define your hostname.
|
||||
|
||||
networkmanager.enable = true;
|
||||
|
||||
firewall.allowedTCPPortRanges = [
|
||||
{ from = 33000; to = 33999; }
|
||||
];
|
||||
useDHCP = false;
|
||||
interfaces.wlp2s0.useDHCP = true;
|
||||
};
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,4 +1,4 @@
|
|||
{ globalData, ... }:
|
||||
{ globalData, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -7,7 +7,11 @@
|
|||
./users
|
||||
];
|
||||
|
||||
local.yubikey.enable = true;
|
||||
local.yubikey = {
|
||||
enable = true;
|
||||
serial = "28058247";
|
||||
unplug.enable = true;
|
||||
};
|
||||
|
||||
################################################################################
|
||||
# Services
|
||||
|
@ -22,12 +26,25 @@
|
|||
################################################################################
|
||||
# Programs
|
||||
################################################################################
|
||||
local.programs.browsers.tor-browser = {
|
||||
services.ollama = {
|
||||
enable = true;
|
||||
container = {
|
||||
package = pkgs.unstable.ollama;
|
||||
};
|
||||
|
||||
|
||||
local.programs.communication = {
|
||||
telegram = {
|
||||
enable = true;
|
||||
externalInterface = "wg0";
|
||||
sshAuthorizedKeys = globalData.publicKeys.users.jan;
|
||||
package = pkgs.unstable.tdesktop;
|
||||
};
|
||||
simplex-chat = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.simplex-chat-desktop;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.shellInit = ''
|
||||
[ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
|
||||
'';
|
||||
}
|
||||
|
|
3
hosts/asus-gl553vd/disk-config.nix
Normal file
3
hosts/asus-gl553vd/disk-config.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import ../../disko/luks-btrfs.nix {
|
||||
device = "/dev/disk/by-id/nvme-NE-256_2280_0015167003217";
|
||||
}
|
|
@ -1,16 +1,7 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# Include the results of the hardware scan.
|
||||
imports = [ ./generated.nix ];
|
||||
|
||||
# Enable keyboard on the boot
|
||||
boot.initrd.availableKernelModules = [ "hid_asus" ];
|
||||
|
||||
boot.kernelModules = [
|
||||
# Enable containers
|
||||
# See: https://github.com/NixOS/nixpkgs/issues/38676
|
||||
"veth"
|
||||
imports = [
|
||||
./generated.nix # Include the results of the hardware scan.
|
||||
./manual.nix
|
||||
];
|
||||
|
||||
|
||||
|
@ -29,7 +20,7 @@
|
|||
};
|
||||
|
||||
# configure mouse and touchpad
|
||||
services.xserver.libinput = {
|
||||
services.libinput = {
|
||||
enable = true;
|
||||
touchpad = {
|
||||
accelSpeed = "0.5";
|
||||
|
|
|
@ -1,36 +1,56 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{ config, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
boot.initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
kernelModules = [ ];
|
||||
luks.devices."luksroot".device = "/dev/disk/by-uuid/eb896c1c-f012-412e-86bd-48f663377129";
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/e6c0cbba-7000-4b1e-ba53-e7b5f8ae11c0";
|
||||
fsType = "ext4";
|
||||
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=root" "compress=zstd" ];
|
||||
};
|
||||
|
||||
"/persistent" = {
|
||||
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=persistent" "compress=zstd" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
"/nix" = {
|
||||
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" "compress=zstd" "noatime" ];
|
||||
};
|
||||
|
||||
"/.swapvol" = {
|
||||
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=swap" "noatime" ];
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/499C-4EBD";
|
||||
device = "/dev/disk/by-uuid/94EE-CA0D";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-uuid/fa457df9-cd48-4c81-90cb-a511a7689988"; }];
|
||||
swapDevices = [{ device = "/.swapvol/swapfile"; }];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
|
@ -40,6 +60,6 @@
|
|||
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
24
hosts/asus-gl553vd/hardware-configuration/manual.nix
Normal file
24
hosts/asus-gl553vd/hardware-configuration/manual.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
boot.kernelModules = [
|
||||
# Enable containers
|
||||
# See: https://github.com/NixOS/nixpkgs/issues/38676
|
||||
"veth"
|
||||
];
|
||||
|
||||
# Enable keyboard on the boot
|
||||
boot.initrd.availableKernelModules = [ "hid_asus" ];
|
||||
|
||||
boot.blacklistedKernelModules = [ "nouveau" ];
|
||||
|
||||
fileSystems."/home/jan" = {
|
||||
device = "/dev/disk/by-uuid/e6c0cbba-7000-4b1e-ba53-e7b5f8ae11c0";
|
||||
fsType = "ext4";
|
||||
options = [
|
||||
"defaults"
|
||||
"X-mount.subdir=home/jan"
|
||||
"X-mount.mkdir"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ hostsPath, usersPath, ... }:
|
||||
{ hostsPath, usersPath, lib, ... }:
|
||||
|
||||
let
|
||||
asusData = import (hostsPath + "/asus-gl553vd/data.secret.nix");
|
||||
|
|
Binary file not shown.
|
@ -6,7 +6,7 @@
|
|||
services = {
|
||||
avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
nssmdns4 = true;
|
||||
};
|
||||
printing = {
|
||||
enable = true;
|
||||
|
|
Binary file not shown.
|
@ -1,4 +1,4 @@
|
|||
{ globalData, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -7,57 +7,111 @@
|
|||
./users
|
||||
];
|
||||
|
||||
local.yubikey.enable = true;
|
||||
|
||||
services.radicale = {
|
||||
enable = true;
|
||||
settings = {
|
||||
auth = {
|
||||
# htpasswd -B -c /etc/radicale/users
|
||||
type = "htpasswd";
|
||||
htpasswd_filename = "/etc/radicale/users";
|
||||
htpasswd_encryption = "bcrypt";
|
||||
};
|
||||
};
|
||||
rights = {
|
||||
root = {
|
||||
user = ".+";
|
||||
collection = "";
|
||||
permissions = "R";
|
||||
};
|
||||
principal = {
|
||||
user = ".+";
|
||||
collection = "{user}";
|
||||
permissions = "RW";
|
||||
};
|
||||
calendars = {
|
||||
user = ".+";
|
||||
collection = "{user}/[^/]+";
|
||||
permissions = "rw";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
################################################################################
|
||||
# Programs
|
||||
################################################################################
|
||||
local.programs.browsers.tor-browser = {
|
||||
enable = true;
|
||||
container = {
|
||||
enable = true;
|
||||
externalInterface = "wg0";
|
||||
sshAuthorizedKeys = globalData.publicKeys.users.jan;
|
||||
};
|
||||
};
|
||||
|
||||
################################################################################
|
||||
# Services
|
||||
################################################################################
|
||||
local.services.i2pd.enable = true;
|
||||
local.services.kubo.enable = true;
|
||||
|
||||
local.services.octoprint.enable = true;
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
# Torrent client
|
||||
services.transmission.enable = true;
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
settings = {
|
||||
rpc-bind-address = "192.168.7.10";
|
||||
rpc-port = 9091;
|
||||
rpc-whitelist = "192.168.7.*";
|
||||
};
|
||||
};
|
||||
|
||||
services.ollama = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.ollama;
|
||||
acceleration = "rocm";
|
||||
};
|
||||
|
||||
programs.sniffnet.enable = true;
|
||||
|
||||
################################################################################
|
||||
# Containers
|
||||
################################################################################
|
||||
|
||||
environment.shellInit = ''
|
||||
[ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
|
||||
'';
|
||||
|
||||
local.programs.communication = {
|
||||
telegram = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.tdesktop;
|
||||
};
|
||||
simplex-chat = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.simplex-chat-desktop;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
|
||||
containers.games = {
|
||||
autoStart = true;
|
||||
bindMounts = {
|
||||
"${config.services.transmission.settings.download-dir}" = { };
|
||||
"/tmp/.X11-unix" = { };
|
||||
"/run/opengl-driver/lib" = { };
|
||||
"/run/opengl-driver-32/lib" = { };
|
||||
};
|
||||
allowedDevices = [
|
||||
{
|
||||
modifier = "r";
|
||||
node = "/dev/kfd";
|
||||
}
|
||||
{
|
||||
modifier = "r";
|
||||
node = "/dev/dri";
|
||||
}
|
||||
];
|
||||
config = { pkgs, ... }: {
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
users.groups.transmission = config.users.groups.transmission;
|
||||
users.users.john = {
|
||||
isNormalUser = true;
|
||||
home = "/home/john";
|
||||
password = "hello";
|
||||
extraGroups = [ "pulse-access" "transmission" ];
|
||||
packages = with pkgs; [
|
||||
# wine
|
||||
wineWowPackages.stable
|
||||
winetricks
|
||||
# community edition
|
||||
fallout-ce
|
||||
fallout2-ce
|
||||
openmw
|
||||
openxcom
|
||||
# tools
|
||||
innoextract
|
||||
vim
|
||||
unzip
|
||||
p7zip
|
||||
unrar-wrapper
|
||||
wget
|
||||
];
|
||||
};
|
||||
environment.sessionVariables = {
|
||||
DISPLAY = ":0";
|
||||
PULSE_SERVER = "tcp:127.0.0.1:4713";
|
||||
XAUTHORITY = "/home/john/.Xauthority";
|
||||
|
||||
WINEPREFIX = "/home/john/.wine";
|
||||
WINEARCH = "win32";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -26,6 +26,11 @@
|
|||
# extra configs
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
};
|
||||
|
||||
# All monitors in the right order
|
||||
# Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/xserver.nix#L83
|
||||
services.xserver.xrandrHeads = [
|
||||
|
|
|
@ -33,30 +33,28 @@ in
|
|||
];
|
||||
};
|
||||
|
||||
local.games.endless-sky.enable = true;
|
||||
|
||||
# Extra packages
|
||||
home.packages = with pkgs.unstable; [
|
||||
# game dev
|
||||
blender
|
||||
## game dev
|
||||
blender-hip
|
||||
godot_4
|
||||
libresprite
|
||||
|
||||
# 3d printer
|
||||
cura
|
||||
## 3d printer
|
||||
# Cannot build unstable Cura!
|
||||
# See: https://github.com/NixOS/nixpkgs/issues/325896
|
||||
# it's too old in the nixpkgs!
|
||||
# See: https://github.com/NixOS/nixpkgs/issues/186570
|
||||
pkgs.cura
|
||||
|
||||
# electronics
|
||||
kicad-small
|
||||
## electronics
|
||||
# kicad-small
|
||||
# librepcb
|
||||
|
||||
# tools
|
||||
bind.dnsutils
|
||||
|
||||
kubo # ipfs
|
||||
];
|
||||
|
||||
# games
|
||||
local.games = {
|
||||
mindustry.enable = true;
|
||||
widelands.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -5,4 +5,11 @@
|
|||
./generated.nix
|
||||
./networking.secret.nix
|
||||
];
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/var/lib/swapfile";
|
||||
size = 2 * 1024;
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [ ./wireguard ];
|
||||
imports = [
|
||||
./forgejo-runners
|
||||
./wireguard
|
||||
# ./docker-registry-proxy.nix
|
||||
./nginx.nix
|
||||
./renovate.nix
|
||||
];
|
||||
}
|
||||
|
|
20
hosts/istal/services/docker-registry-proxy.nix
Normal file
20
hosts/istal/services/docker-registry-proxy.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{...}:
|
||||
|
||||
{
|
||||
services.dockerRegistry = {
|
||||
enable = true;
|
||||
enableGarbageCollect = true;
|
||||
extraConfig = {
|
||||
proxy.remoteurl = "https://registry-1.docker.io";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
upstreams.docker-hub-registry.servers."localhost:5000" = { };
|
||||
virtualHosts."docker-hub.pleshevski.ru" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/v2/".proxyPass = "http://docker-hub-registry";
|
||||
};
|
||||
};
|
||||
}
|
45
hosts/istal/services/forgejo-runners/default.nix
Normal file
45
hosts/istal/services/forgejo-runners/default.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
NODE_OPTIONS = "--max_old_space_size=4096";
|
||||
in
|
||||
{
|
||||
age.secrets.forgejo-runner-token-istal-docker.file = ./forgejo-runner-token-istal-docker.age;
|
||||
age.secrets.forgejo-runner-token-codeberg-docker.file = ./forgejo-runner-token-codeberg-docker.age;
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.unstable.forgejo-runner;
|
||||
instances = {
|
||||
istal-docker = {
|
||||
enable = true;
|
||||
name = "istal-docker";
|
||||
url = "https://git.pleshevski.ru";
|
||||
labels = [ ];
|
||||
tokenFile = config.age.secrets.forgejo-runner-token-istal-docker.path;
|
||||
settings = {
|
||||
runner = {
|
||||
envs = { inherit NODE_OPTIONS; };
|
||||
|
||||
timeout = "1h";
|
||||
};
|
||||
};
|
||||
};
|
||||
codeberg-docker = {
|
||||
enable = true;
|
||||
name = "codeberg-docker";
|
||||
url = "https://codeberg.org";
|
||||
labels = [ ];
|
||||
tokenFile = config.age.secrets.forgejo-runner-token-codeberg-docker.path;
|
||||
settings = {
|
||||
runner = {
|
||||
envs = { inherit NODE_OPTIONS; };
|
||||
|
||||
timeout = "1h";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Binary file not shown.
Binary file not shown.
41
hosts/istal/services/nginx.nix
Normal file
41
hosts/istal/services/nginx.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "dmitriy@pleshevski.ru";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
# Use recommended settings
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
appendHttpConfig = ''
|
||||
# Add HSTS header with preloading to HTTPS requests.
|
||||
# Adding this header to HTTP requests is discouraged
|
||||
map $scheme $hsts_header {
|
||||
https "max-age=31536000; includeSubdomains; preload";
|
||||
}
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
|
||||
# Minimize information leaked to other domains
|
||||
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||
|
||||
# Disable embedding as a frame
|
||||
add_header X-Frame-Options DENY;
|
||||
|
||||
# Prevent injection of code in other mime types (XSS Attacks)
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
# This might create errors
|
||||
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||
'';
|
||||
};
|
||||
}
|
BIN
hosts/istal/services/renovate-gitea-token.age
Normal file
BIN
hosts/istal/services/renovate-gitea-token.age
Normal file
Binary file not shown.
BIN
hosts/istal/services/renovate-github-token.age
Normal file
BIN
hosts/istal/services/renovate-github-token.age
Normal file
Binary file not shown.
48
hosts/istal/services/renovate.nix
Normal file
48
hosts/istal/services/renovate.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
age.secrets.renovate-gitea-token.file = ./renovate-gitea-token.age;
|
||||
age.secrets.renovate-github-token.file = ./renovate-github-token.age;
|
||||
|
||||
services.renovate = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.renovate;
|
||||
schedule = "0..3,10..23:00/15";
|
||||
credentials = {
|
||||
RENOVATE_TOKEN = config.age.secrets.renovate-gitea-token.path;
|
||||
GITHUB_COM_TOKEN = config.age.secrets.renovate-github-token.path;
|
||||
};
|
||||
runtimePackages = with pkgs.unstable; [
|
||||
nodePackages.pnpm
|
||||
nodePackages.npm
|
||||
python312
|
||||
poetry
|
||||
gnumake
|
||||
cargo
|
||||
];
|
||||
settings = {
|
||||
platform = "gitea";
|
||||
endpoint = "https://git.pleshevski.ru";
|
||||
assignees = [ "pleshevskiy" ];
|
||||
autodiscover = true;
|
||||
packageRules = [
|
||||
{
|
||||
matchUpdateTypes = [ "minor" "patch" "pin" "digest" ];
|
||||
automerge = true;
|
||||
}
|
||||
];
|
||||
automergeStrategy = "fast-forward";
|
||||
onboardingConfig = {
|
||||
"$schema" = "https://docs.renovatebot.com/renovate-schema.json";
|
||||
extends = [ "config:recommended" ];
|
||||
configMigration = true;
|
||||
};
|
||||
globalExtends = ["npm:unpublishSafe"];
|
||||
|
||||
cacheHardTtlMinutes = 30;
|
||||
httpCacheTtlDays = 1;
|
||||
};
|
||||
};
|
||||
|
||||
# systemd.services.renovate.environment.LOG_LEVEL = "debug";
|
||||
}
|
Binary file not shown.
Binary file not shown.
|
@ -6,6 +6,8 @@
|
|||
./services
|
||||
];
|
||||
|
||||
local.system.kernel = "hardened";
|
||||
|
||||
networking.hostName = "tatos";
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.jan;
|
||||
|
|
Binary file not shown.
|
@ -79,7 +79,7 @@ in
|
|||
}
|
||||
# Phone 2 m
|
||||
{
|
||||
publicKey = "0+ejwId5JcTeMvoz+I/ACpmpUFjD7rl9wqz8H/OAHEw=";
|
||||
publicKey = "p1GR0Ax2wrqnnd/coKYA4p0lvhdY9Mkk4iwhPxZfl3I=";
|
||||
allowedIPs = [ "10.20.30.6/32" ];
|
||||
}
|
||||
# Phone 3 n
|
||||
|
@ -87,6 +87,11 @@ in
|
|||
publicKey = "IUw38F1ik2y2XoPh3Nd1VVxHz9nfKDfNKyzBaEi0rjc=";
|
||||
allowedIPs = [ "10.20.30.7/32" ];
|
||||
}
|
||||
# Laptop m
|
||||
{
|
||||
publicKey = "dF5YEeK1nw2V4GNLwg67M+r8NMA315KpueQMk+ZFO1M=";
|
||||
allowedIPs = [ "10.20.30.8/32" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
Binary file not shown.
|
@ -1,4 +1,3 @@
|
|||
# use nix-build -E (import <system>/misc/wg-client-conf.nix {})
|
||||
{ pkgs ? import <nixpkgs> { }
|
||||
, address
|
||||
, privateKey
|
||||
|
|
|
@ -63,8 +63,22 @@ in
|
|||
xclip # access x clipboard from a console
|
||||
dmenu # menu for x window system
|
||||
nitrogen # wallpaper manager
|
||||
rofimoji # emoji picker
|
||||
];
|
||||
|
||||
programs.rofi.pass = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
EDITOR='wezterm start -- nvim'
|
||||
|
||||
URL_field='url'
|
||||
USERNAME_field='login'
|
||||
AUTOTYPE_field='autotype'
|
||||
|
||||
default_autotype='user :tab pass'
|
||||
'';
|
||||
};
|
||||
|
||||
xsession = {
|
||||
enable = true;
|
||||
|
||||
|
|
|
@ -233,10 +233,13 @@ myManageHook = manageApps
|
|||
anyOf :: [Query Bool] -> Query Bool
|
||||
anyOf = foldl (<||>) (pure False)
|
||||
|
||||
machine = stringProperty "WM_CLIENT_MACHINE"
|
||||
role = stringProperty "WM_WINDOW_ROLE"
|
||||
isPopup = role =? "pop-up"
|
||||
isPinentry = anyOf [className =? "Gcr-promter", className =? "Pinentry"]
|
||||
|
||||
isGameMachine = machine =? "games"
|
||||
|
||||
isWezterm = className =? "org.wezfurlong.wezterm"
|
||||
isAlacritty = className =? "Alacritty"
|
||||
isTerminal = anyOf [isWezterm, isAlacritty]
|
||||
|
@ -246,6 +249,7 @@ myManageHook = manageApps
|
|||
composeOne
|
||||
[ -- apps
|
||||
className =? "Gimp" -?> doFloat,
|
||||
isGameMachine -?> doFloat,
|
||||
-- general
|
||||
anyOf
|
||||
[ resource =? "desktop_window",
|
||||
|
@ -273,10 +277,15 @@ myKeys conf =
|
|||
("M-S-<Return>", spawn $ XMonad.terminal conf),
|
||||
-- launch a 'flameshot' to screenshot
|
||||
("M-S-s", safeSpawn "flameshot" ["gui"]),
|
||||
-- launch 'librewolf' browser
|
||||
-- launch browsers
|
||||
("M-S-b", spawn "librewolf"),
|
||||
("M-S-t", spawn "tor-browser"),
|
||||
-- launch 'dmenu_run' to choose applications
|
||||
("M-p", spawn "dmenu_run")
|
||||
("M-r", spawn "dmenu_run"),
|
||||
-- launch 'rofi-pass' to use password manager
|
||||
("M-p", spawn "rofi-pass --last-used"),
|
||||
-- launch 'rofimoji' to pick emoji
|
||||
("M-e", spawn "rofimoji --action copy")
|
||||
-- Open calculator
|
||||
-- ("<XF86Calculator>", spawn "gnome-calculator"),
|
||||
]
|
||||
|
|
|
@ -8,10 +8,14 @@ in
|
|||
mindustry.enable = mkEnableOption "mindustry";
|
||||
widelands.enable = mkEnableOption "widelands";
|
||||
unciv.enable = mkEnableOption "unciv";
|
||||
freeciv.enable = mkEnableOption "freeciv";
|
||||
endless-sky.enable = mkEnableOption "endless-sky";
|
||||
};
|
||||
|
||||
config.home.packages =
|
||||
lib.optional cfg.mindustry.enable pkgs.unstable.mindustry
|
||||
++ lib.optional cfg.widelands.enable pkgs.widelands
|
||||
++ lib.optional cfg.unciv.enable pkgs.unstable.unciv;
|
||||
++ lib.optional cfg.unciv.enable pkgs.unstable.unciv
|
||||
++ lib.optional cfg.freeciv.enable pkgs.unstable.freeciv
|
||||
++ lib.optional cfg.endless-sky.enable pkgs.unstable.endless-sky;
|
||||
}
|
||||
|
|
|
@ -85,9 +85,12 @@ in
|
|||
"text/plain" = "colorize";
|
||||
"text/rfc822-headers" = "colorize";
|
||||
# "text/*" = "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME'";
|
||||
"message/delivery-status" = "cat | colorize";
|
||||
"message/*" = "cat | colorize";
|
||||
"application/pgp-keys" = "gpg";
|
||||
".filename,~\\.gpg" = "gpg --decrypt";
|
||||
".filename,~\\.xml\\.gz" = "${pkgs.gzip}/bin/gunzip |"
|
||||
+ "${pkgs.xmlformat}/bin/xmlformat |"
|
||||
+ "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME' --language xml";
|
||||
};
|
||||
|
||||
openers = { };
|
||||
|
@ -125,10 +128,6 @@ in
|
|||
"\\" = fill "filter";
|
||||
"n" = exec "next-result";
|
||||
"N" = exec "prev-result";
|
||||
#"D" = exec "modify-labels +deleted -inbox";
|
||||
#"A" = exec "modify-labels -inbox";
|
||||
#"ms" = exec "modify-labels +spam -inbox";
|
||||
#"mS" = exec "modify-labels -spam +inbox";
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -154,15 +153,14 @@ in
|
|||
}
|
||||
];
|
||||
|
||||
compose = lib.mkMerge [
|
||||
globalBinds
|
||||
{
|
||||
compose = {
|
||||
"$ex" = "<C-x>";
|
||||
"<C-k>" = exec "prev-field";
|
||||
"<C-j>" = exec "next-field";
|
||||
"<tab>" = exec "next-field";
|
||||
}
|
||||
];
|
||||
"<C-l>" = exec "next-tab";
|
||||
"<C-h>" = exec "prev-tab";
|
||||
};
|
||||
|
||||
"compose::editor" = {
|
||||
"$noinherit" = "true";
|
||||
|
|
18
modules/home-manager/programs/argos-translate.nix
Normal file
18
modules/home-manager/programs/argos-translate.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let cfg = config.local.programs.argos-translate; in
|
||||
{
|
||||
options.local.programs.argos-translate = with lib; {
|
||||
enable = mkEnableOption "argostranslate";
|
||||
package = mkPackageOption pkgs.python311Packages "argostranslate" {};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
home.packages = [ cfg.package ];
|
||||
|
||||
programs.zsh.shellAliases = lib.mkIf config.programs.zsh.enable {
|
||||
en2ru = "${cfg.package}/bin/argos-translate --from en --to ru";
|
||||
ru2en = "${cfg.package}/bin/argos-translate --from ru --to en";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -4,15 +4,19 @@
|
|||
let cfg = config.local.programs.communication; in
|
||||
{
|
||||
options.local.programs.communication = with lib; {
|
||||
simplex-chat.enable = mkEnableOption "SimplexChat";
|
||||
telegram.enable = mkEnableOption "tdesktop. telegram client";
|
||||
matrix.enable = mkEnableOption "nheko. matrix client";
|
||||
skype.enable = mkEnableOption "skype";
|
||||
matrix = {
|
||||
enable = mkEnableOption "nheko. matrix client";
|
||||
package = mkPackageOption pkgs "nheko" { };
|
||||
};
|
||||
tox = {
|
||||
enable = mkEnableOption "tox";
|
||||
package = mkPackageOption pkgs "qtox" { };
|
||||
};
|
||||
};
|
||||
|
||||
config.home.packages = with pkgs.unstable;
|
||||
lib.optional cfg.simplex-chat.enable simplex-chat-desktop
|
||||
++ lib.optional cfg.telegram.enable tdesktop
|
||||
++ lib.optional cfg.matrix.enable nheko
|
||||
++ lib.optional cfg.skype.enable skypeforlinux;
|
||||
config = {
|
||||
home.packages =
|
||||
lib.optional cfg.matrix.enable cfg.matrix.package
|
||||
++ lib.optional cfg.tox.enable cfg.tox.package;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
{
|
||||
imports = [
|
||||
./aerc.nix
|
||||
./argos-translate.nix
|
||||
./communication.nix
|
||||
./dev-tools.nix
|
||||
./flameshot.nix
|
||||
|
|
|
@ -88,6 +88,10 @@ in
|
|||
]
|
||||
))
|
||||
];
|
||||
|
||||
programs.zsh.initExtra = ''
|
||||
source <(kubectl completion zsh)
|
||||
'';
|
||||
})
|
||||
|
||||
(lib.mkIf cfg.psql.enable {
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
{
|
||||
imports = [
|
||||
./nautilus.nix
|
||||
./nnn.nix
|
||||
./vifm
|
||||
];
|
||||
}
|
||||
|
|
|
@ -8,5 +8,5 @@ in
|
|||
enable = mkEnableOption "nautilus";
|
||||
};
|
||||
|
||||
config.home.packages = with pkgs.unstable; lib.optional cfg.enable gnome.nautilus;
|
||||
config.home.packages = with pkgs.unstable; lib.optional cfg.enable nautilus;
|
||||
}
|
||||
|
|
13
modules/home-manager/programs/file-managers/nnn.nix
Normal file
13
modules/home-manager/programs/file-managers/nnn.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.local.programs.file-managers.nnn;
|
||||
in
|
||||
{
|
||||
options.local.programs.file-managers.nnn = with lib; {
|
||||
enable = mkEnableOption "nnn";
|
||||
package = mkPackageOption pkgs "nnn" {};
|
||||
};
|
||||
|
||||
config.home.packages = lib.optional cfg.enable cfg.package;
|
||||
}
|
|
@ -11,7 +11,7 @@
|
|||
" If you would like to use another vi clone such as Elvis or Vile
|
||||
" you will need to change this setting.
|
||||
|
||||
set vicmd=vim
|
||||
set vicmd=nvim
|
||||
|
||||
" This makes vifm perform file operations on its own instead of relying on
|
||||
" standard utilities like `cp`. While using `cp` and alike is a more universal
|
||||
|
@ -128,12 +128,12 @@ mark h ~/
|
|||
" %m run the command in a menu window
|
||||
|
||||
command! df df -h %m 2> /dev/null
|
||||
command! diff vim -d %f %F
|
||||
command! diff nvim -d %f %F
|
||||
command! zip zip -r %c.zip %f
|
||||
command! run !! ./%f
|
||||
command! make !!make %a
|
||||
command! mkcd :mkdir %a | cd %a
|
||||
command! vgrep vim "+grep %a"
|
||||
command! vgrep nvim "+grep %a"
|
||||
command! reload :write | restart full
|
||||
|
||||
" ------------------------------------------------------------------------------
|
||||
|
@ -316,11 +316,6 @@ nnoremap S :sort<cr>
|
|||
nnoremap w :view<cr>
|
||||
vnoremap w :view<cr>gv
|
||||
|
||||
" Open file in existing instance of gvim
|
||||
nnoremap o :!gvim --remote-tab-silent %f<cr>
|
||||
" Open file in new instance of gvim
|
||||
nnoremap O :!gvim %f<cr>
|
||||
|
||||
" Open file in the background using its default program
|
||||
nnoremap gb :file &<cr>l
|
||||
|
||||
|
@ -354,8 +349,6 @@ nnoremap ,t :!xterm &<cr>
|
|||
|
||||
" Open editor to edit vifmrc and apply settings after returning to vifm
|
||||
nnoremap ,c :write | edit $MYVIFMRC | restart full<cr>
|
||||
" Open gvim to edit vifmrc
|
||||
nnoremap ,C :!gvim --remote-tab-silent $MYVIFMRC &<cr>
|
||||
|
||||
" Toggle wrap setting on ,w key
|
||||
nnoremap ,w :set wrap!<cr>
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
enableAutosuggestions = true;
|
||||
autosuggestion.enable = true;
|
||||
enableCompletion = true;
|
||||
defaultKeymap = "viins";
|
||||
dotDir = ".config/zsh";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ./common.nix ];
|
||||
|
@ -35,5 +35,19 @@
|
|||
################################################################################
|
||||
local.programs.pass.enable = lib.mkDefault true;
|
||||
|
||||
local.programs.browsers.librewolf.enable = lib.mkDefault true;
|
||||
local.programs.browsers = {
|
||||
librewolf.enable = lib.mkDefault true;
|
||||
tor-browser.enable = lib.mkDefault true;
|
||||
ungoogled-chromium.enable = lib.mkDefault true;
|
||||
};
|
||||
|
||||
security.sudo.extraRules = [{
|
||||
commands = [
|
||||
{
|
||||
command = "/run/current-system/sw/bin/nixos-container";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
groups = [ "wheel" ];
|
||||
}];
|
||||
}
|
||||
|
|
|
@ -9,11 +9,11 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.xserver = {
|
||||
xkbModel = "pc105";
|
||||
services.xserver.xkb = {
|
||||
model = "pc105";
|
||||
layout = "us,us";
|
||||
xkbVariant = "dvorak,";
|
||||
xkbOptions = "grp:win_space_toggle";
|
||||
variant = "dvorak,";
|
||||
options = "grp:win_space_toggle";
|
||||
};
|
||||
|
||||
console.useXkbConfig = true;
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
programs.i3lock = {
|
||||
enable = true;
|
||||
u2fSupport = lib.mkDefault config.local.yubikey.enable;
|
||||
u2fSupport = lib.mkDefault config.security.pam.u2f.enable;
|
||||
};
|
||||
|
||||
programs.xss-lock.enable = true;
|
||||
|
|
|
@ -42,6 +42,11 @@ in
|
|||
};
|
||||
};
|
||||
})
|
||||
(final: prev: {
|
||||
sniffnet = (import inputs.nixpkgs-unstable {
|
||||
inherit (config.nixpkgs) config system;
|
||||
}).sniffnet;
|
||||
})
|
||||
(final: prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
inherit (config.nixpkgs) config overlays system;
|
||||
|
|
36
modules/nixos/configs/security.nix
Normal file
36
modules/nixos/configs/security.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.local.security.sudo;
|
||||
in
|
||||
{
|
||||
options.local.security.sudo = with lib; {
|
||||
nopasswd = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
commands = mkOption {
|
||||
type = with types; listOf (either str package);
|
||||
};
|
||||
groups = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "wheel" ];
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf (cfg.nopasswd != [ ]) {
|
||||
security.sudo.extraRules = lib.flip map cfg.nopasswd (rule: {
|
||||
inherit (rule) groups;
|
||||
commands = lib.flip map rule.commands (cmd:
|
||||
{
|
||||
command = "${cmd}";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
);
|
||||
});
|
||||
};
|
||||
|
||||
}
|
|
@ -1,17 +1,35 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.local.sound;
|
||||
in
|
||||
{
|
||||
options.local.sound.enable = lib.mkEnableOption "sound";
|
||||
options.local.sound = {
|
||||
enable = lib.mkEnableOption "sound";
|
||||
systemWide = lib.mkEnableOption "systemWide";
|
||||
};
|
||||
|
||||
config = lib.mkIf config.local.sound.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
sound = {
|
||||
enable = true;
|
||||
mediaKeys.enable = true;
|
||||
};
|
||||
|
||||
hardware.pulseaudio = {
|
||||
hardware.pulseaudio = lib.mkMerge [
|
||||
{
|
||||
enable = true;
|
||||
package = pkgs.pulseaudioFull;
|
||||
}
|
||||
(lib.mkIf cfg.systemWide {
|
||||
systemWide = true;
|
||||
support32Bit = true;
|
||||
tcp = {
|
||||
enable = true;
|
||||
anonymousClients.allowedIpRanges = [ "127.0.0.1" ];
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.systemWide [ 4713 ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -40,7 +40,7 @@ in
|
|||
})
|
||||
|
||||
(lib.mkIf (cfg.kernel == "stable") {
|
||||
boot.kernelPackages = pkgs.unstable.linuxPackages_6_6;
|
||||
boot.kernelPackages = pkgs.unstable.linuxPackages_6_10;
|
||||
})
|
||||
|
||||
(lib.mkIf (cfg.kernel == "latest") {
|
||||
|
|
|
@ -14,7 +14,7 @@ in
|
|||
package = pkgs.unstable.hyprland;
|
||||
};
|
||||
|
||||
programs.gnupg.agent.pinentryFlavor = "gtk2";
|
||||
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
|
||||
|
||||
local.lockscreen.waylock.enable = lib.mkDefault true;
|
||||
};
|
||||
|
|
|
@ -14,7 +14,7 @@ in
|
|||
package = pkgs.unstable.river;
|
||||
};
|
||||
|
||||
programs.gnupg.agent.pinentryFlavor = "gtk2";
|
||||
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
|
||||
|
||||
local.lockscreen.waylock.enable = lib.mkDefault true;
|
||||
};
|
||||
|
|
|
@ -10,19 +10,18 @@ let cfg = config.local.window-manager.xmonad; in
|
|||
packages = [ pkgs.dconf ];
|
||||
};
|
||||
|
||||
services.displayManager.defaultSession = "none+xmonad";
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager = {
|
||||
defaultSession = "none+xmonad";
|
||||
lightdm = {
|
||||
displayManager.lightdm = {
|
||||
enable = true;
|
||||
# greeters.tiny.enable = true;
|
||||
};
|
||||
};
|
||||
windowManager.xmonad.enable = true;
|
||||
};
|
||||
|
||||
programs.gnupg.agent.pinentryFlavor = "gtk2";
|
||||
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
|
||||
|
||||
local.lockscreen.i3lock.enable = lib.mkDefault true;
|
||||
};
|
||||
|
|
|
@ -1,32 +1,71 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let cfg = config.local.yubikey; in
|
||||
let
|
||||
cfg = config.local.yubikey;
|
||||
|
||||
control = if cfg.multi-factor.enable then "required" else "sufficient";
|
||||
in
|
||||
{
|
||||
options.local.yubikey = with lib; {
|
||||
enable = mkEnableOption "yubikey";
|
||||
|
||||
serial = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
multi-factor.enable = mkEnableOption "multi-factor" // { default = true; };
|
||||
|
||||
unplug = {
|
||||
enable = mkEnableOption "Do action when a Yubikey is unplugged";
|
||||
model = mkOption {
|
||||
type = types.str;
|
||||
default = "407";
|
||||
};
|
||||
command = mkOption {
|
||||
type = types.str;
|
||||
default = "${pkgs.systemd}/bin/loginctl lock-sessions";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
|
||||
|
||||
security.pam.u2f = {
|
||||
security.pam =
|
||||
if cfg.serial == null then
|
||||
{
|
||||
u2f = {
|
||||
enable = true;
|
||||
control = "required";
|
||||
inherit control;
|
||||
cue = lib.mkDefault true;
|
||||
};
|
||||
|
||||
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||
security.pam.services = {
|
||||
login.u2fAuth = true;
|
||||
sudo.u2fAuth = true;
|
||||
};
|
||||
services.pcscd.enable = true;
|
||||
|
||||
services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
|
||||
ACTION=="remove",\
|
||||
ENV{DEVTYPE}=="usb_device",\
|
||||
ENV{PRODUCT}=="1050/402/543",\
|
||||
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
||||
'';
|
||||
services = {
|
||||
login.u2fAuth = lib.mkDefault true;
|
||||
sudo.u2fAuth = lib.mkDefault true;
|
||||
};
|
||||
}
|
||||
else
|
||||
{
|
||||
yubico = {
|
||||
enable = true;
|
||||
inherit control;
|
||||
mode = "challenge-response";
|
||||
id = [ cfg.serial ];
|
||||
};
|
||||
};
|
||||
|
||||
services.pcscd.enable = cfg.serial != null;
|
||||
|
||||
services.udev = {
|
||||
packages = [ pkgs.yubikey-personalization ];
|
||||
extraRules = lib.mkIf cfg.unplug.enable ''
|
||||
ACTION=="remove",\
|
||||
ENV{DEVTYPE}=="usb_device",\
|
||||
ENV{PRODUCT}=="1050/${cfg.unplug.model}/543",\
|
||||
RUN+="${cfg.unplug.command}"
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,107 @@
|
|||
{ ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.local.programs.browsers;
|
||||
|
||||
contPackages =
|
||||
lib.optional cfg.tor-browser.enable cfg.tor-browser.finalPackage
|
||||
++ lib.optional cfg.librewolf.enable cfg.librewolf.finalPackage
|
||||
++ lib.optional cfg.mullvad-browser.enable cfg.mullvad-browser.finalPackage
|
||||
++ lib.optional cfg.ungoogled-chromium.enable cfg.ungoogled-chromium.package;
|
||||
|
||||
hostPackages = lib.flip map contPackages (p:
|
||||
let
|
||||
hostRunBrowser = pkgs.writeScript "cont-run-browser" ''
|
||||
sudo nixos-container run browsers -- su -l jan -c "$*"
|
||||
'';
|
||||
|
||||
hostBrowserScript = pkgs.writeScriptBin "${p.meta.mainProgram}" ''
|
||||
${hostRunBrowser} ${p.meta.mainProgram} $@
|
||||
'';
|
||||
in
|
||||
pkgs.runCommand "${p.meta.mainProgram}" { } ''
|
||||
mkdir $out
|
||||
cp -r ${hostBrowserScript}/bin $out/bin
|
||||
cp -r ${p}/share $out/share
|
||||
''
|
||||
);
|
||||
|
||||
isEnable = cfg.tor-browser.enable
|
||||
or cfg.librewolf.enable
|
||||
or cfg.mullvad-browser.enable;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./tor-browser.nix
|
||||
./mullvad-browser.nix
|
||||
./librewolf.nix
|
||||
./ungoogled-chromium.nix
|
||||
];
|
||||
|
||||
config = lib.mkIf isEnable {
|
||||
environment.systemPackages = hostPackages;
|
||||
|
||||
local.sound.systemWide = true;
|
||||
|
||||
containers.browsers = {
|
||||
autoStart = true;
|
||||
ephemeral = true;
|
||||
restartIfChanged = false;
|
||||
|
||||
bindMounts = lib.mkMerge [
|
||||
{
|
||||
"/tmp/.X11-unix" = { };
|
||||
"/home/jan/Downloads" = {
|
||||
isReadOnly = false;
|
||||
hostPath = "/home/jan/downloads/browser";
|
||||
};
|
||||
}
|
||||
(lib.mkIf config.hardware.graphics.enable {
|
||||
"/run/opengl-driver/lib" = { };
|
||||
})
|
||||
(lib.mkIf config.hardware.graphics.enable32Bit {
|
||||
"/run/opengl-driver-32/lib" = { };
|
||||
})
|
||||
(lib.mkIf cfg.librewolf.enable {
|
||||
"/home/jan/.librewolf" = {
|
||||
isReadOnly = false;
|
||||
hostPath = "/persistent/per-machine/browsers/home/jan/.librewolf";
|
||||
};
|
||||
})
|
||||
(lib.mkIf cfg.ungoogled-chromium.enable {
|
||||
"/home/jan/.config/chromium" = {
|
||||
isReadOnly = false;
|
||||
hostPath = "/persistent/per-machine/browsers/home/jan/.config/chromium";
|
||||
};
|
||||
})
|
||||
(lib.mkIf config.local.programs.communication.telegram.enable {
|
||||
"/home/jan/downloads/telegram" = { };
|
||||
})
|
||||
];
|
||||
|
||||
config = { pkgs, ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
fonts = {
|
||||
inherit (config.fonts) enableDefaultPackages packages;
|
||||
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
|
||||
};
|
||||
|
||||
networking.hosts = config.networking.hosts;
|
||||
|
||||
users.users.jan = {
|
||||
isNormalUser = true;
|
||||
home = "/home/jan";
|
||||
password = "hello";
|
||||
extraGroups = [ "pulse-access" ];
|
||||
packages = contPackages;
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
DISPLAY = ":0";
|
||||
PULSE_SERVER = "tcp:127.0.0.1:4713";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,27 +2,26 @@
|
|||
|
||||
let
|
||||
cfg = config.local.programs.browsers.librewolf;
|
||||
isPassEnabled = config.local.programs.pass.enable;
|
||||
|
||||
policiesJson = pkgs.callPackage ./policies.nix {
|
||||
firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}";
|
||||
withPassffAddon = isPassEnabled;
|
||||
withRedirectorAddon = true;
|
||||
withSidebarTabsAddon = true;
|
||||
withAllSearchEngines = true;
|
||||
};
|
||||
|
||||
librewolf' = with pkgs.unstable; librewolf.override {
|
||||
extraPoliciesFiles = librewolf.unwrapped.extraPoliciesFiles ++ [ policiesJson ];
|
||||
nativeMessagingHosts = lib.optional isPassEnabled passff-host;
|
||||
finalLibrewolf = cfg.package.override {
|
||||
extraPoliciesFiles = cfg.package.unwrapped.extraPoliciesFiles ++ [ policiesJson ];
|
||||
};
|
||||
in
|
||||
{
|
||||
options.local.programs.browsers.librewolf = with lib; {
|
||||
enable = mkEnableOption "librewolf";
|
||||
package = mkPackageOption pkgs "librewolf" {};
|
||||
finalPackage = mkOption {
|
||||
type = types.package;
|
||||
readOnly = true;
|
||||
default = finalLibrewolf;
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ librewolf' ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ let
|
|||
withAllSearchEngines = true;
|
||||
};
|
||||
|
||||
mullvadBrowser = pkgs.mullvad-browser.overrideAttrs (attrs: {
|
||||
finalMullvadBrowser = cfg.package.overrideAttrs (attrs: {
|
||||
postInstall = ''
|
||||
rm $out/share/mullvad-browser/distribution/policies.json
|
||||
|
||||
|
@ -21,9 +21,11 @@ in
|
|||
{
|
||||
options.local.programs.browsers.mullvad-browser = with lib; {
|
||||
enable = mkEnableOption "mullvad-browser";
|
||||
package = mkPackageOption pkgs "mullvad-browser" {};
|
||||
finalPackage = mkOption {
|
||||
type = types.package;
|
||||
readOnly = true;
|
||||
default = finalMullvadBrowser;
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ mullvadBrowser ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@ writeText "policies.json" (builtins.toJSON {
|
|||
SearchEngines = {
|
||||
Add = [
|
||||
{
|
||||
Alias = "sx";
|
||||
Alias = "@sx";
|
||||
Name = "SearXNG";
|
||||
Description = "SearXNG — a privacy-respecting, open metasearch engine";
|
||||
IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png";
|
||||
|
@ -36,28 +36,28 @@ writeText "policies.json" (builtins.toJSON {
|
|||
}
|
||||
] ++ lib.optionals withAllSearchEngines [
|
||||
{
|
||||
Alias = "np";
|
||||
Alias = "@np";
|
||||
Name = "NixOS Packages";
|
||||
Description = "Search NixOS packages by name or description.";
|
||||
IconURL = "https://nixos.org/favicon.png";
|
||||
URLTemplate = "https://search.nixos.org/packages?query={searchTerms}";
|
||||
}
|
||||
{
|
||||
Alias = "no";
|
||||
Alias = "@no";
|
||||
Name = "NixOS Options";
|
||||
Description = "Search NixOS options by name or description.";
|
||||
IconURL = "https://nixos.org/favicon.png";
|
||||
URLTemplate = "https://search.nixos.org/options?query={searchTerms}";
|
||||
}
|
||||
{
|
||||
Alias = "ng";
|
||||
Alias = "@ng";
|
||||
Name = "Noogle";
|
||||
Description = "Search for nix functions by name.";
|
||||
IconURL = "https://noogle.dev/favicon.png";
|
||||
URLTemplate = "https://noogle.dev/q?term={searchTerms}";
|
||||
}
|
||||
{
|
||||
Alias = "hg";
|
||||
Alias = "@hg";
|
||||
Name = "Hoogle";
|
||||
Description = ''
|
||||
Hoogle is a Haskell API search engine, which allows you to
|
||||
|
@ -106,5 +106,12 @@ writeText "policies.json" (builtins.toJSON {
|
|||
"yahoo@search.mozilla.org"
|
||||
];
|
||||
};
|
||||
Containers.Default = let cont = name: icon: color: { inherit name icon color; }; in [
|
||||
(cont "per" "fingerprint" "blue")
|
||||
(cont "wor" "briefcase" "orange")
|
||||
(cont "com" "tree" "green")
|
||||
(cont "fin" "dollar" "yellow")
|
||||
(cont "sea" "circle" "purple")
|
||||
];
|
||||
};
|
||||
})
|
||||
|
|
|
@ -5,7 +5,7 @@ let
|
|||
|
||||
policiesJson = pkgs.callPackage ./policies.nix { };
|
||||
|
||||
torBrowser = (pkgs.tor-browser-bundle-bin.override {
|
||||
finalTorBrowser = (cfg.package.override {
|
||||
mediaSupport = true;
|
||||
pulseaudioSupport = true;
|
||||
}).overrideAttrs (attrs: {
|
||||
|
@ -18,95 +18,11 @@ in
|
|||
{
|
||||
options.local.programs.browsers.tor-browser = with lib; {
|
||||
enable = mkEnableOption "tor-browser";
|
||||
container = {
|
||||
enable = mkEnableOption "tor-browser inside a container";
|
||||
externalInterface = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
sshAuthorizedKeys = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable (lib.mkMerge [
|
||||
(lib.mkIf (!cfg.container.enable) {
|
||||
environment.systemPackages = [ torBrowser ];
|
||||
})
|
||||
(lib.mkIf cfg.container.enable (
|
||||
let
|
||||
hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" ''
|
||||
${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 &
|
||||
${pkgs.xorg.xhost}/bin/xhost +
|
||||
ssh -X browser@192.168.7.11 tor-browser
|
||||
${pkgs.xorg.xhost}/bin/xhost -
|
||||
'';
|
||||
|
||||
clientRunTorBrowser = pkgs.writeScriptBin "tor-browser" ''
|
||||
PULSE_SERVER=tcp:192.168.7.10:4713 \
|
||||
XAUTHORITY="/home/browser/.Xauthority" \
|
||||
DBUS_SESSION_BUS_ADDRESS="" \
|
||||
DISPLAY=192.168.7.10:0.0 \
|
||||
${pkgs.apulse}/bin/apulse ${torBrowser}/bin/tor-browser $@
|
||||
'';
|
||||
in
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.container.externalInterface != "";
|
||||
message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `externalInterface` with Internet access";
|
||||
}
|
||||
{
|
||||
assertion = cfg.container.sshAuthorizedKeys != [ ];
|
||||
message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `sshAuthorizedKeys` to connect to the container";
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ hostRunTorBrowser ];
|
||||
|
||||
hardware.pulseaudio = {
|
||||
systemWide = true;
|
||||
support32Bit = true;
|
||||
tcp = {
|
||||
enable = true;
|
||||
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [ 4713 6000 ];
|
||||
nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-browser" ];
|
||||
externalInterface = cfg.container.externalInterface;
|
||||
};
|
||||
};
|
||||
|
||||
containers.browser = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.7.10";
|
||||
localAddress = "192.168.7.11";
|
||||
|
||||
config = { ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.X11Forwarding = true;
|
||||
};
|
||||
|
||||
users.extraUsers.browser = {
|
||||
isNormalUser = true;
|
||||
home = "/home/browser";
|
||||
openssh.authorizedKeys.keys = cfg.container.sshAuthorizedKeys;
|
||||
extraGroups = [ "pulse-access" ];
|
||||
packages = [ clientRunTorBrowser ];
|
||||
};
|
||||
package = mkPackageOption pkgs "tor-browser-bundle-bin" {};
|
||||
finalPackage = mkOption {
|
||||
type = types.package;
|
||||
readOnly = true;
|
||||
default = finalTorBrowser;
|
||||
};
|
||||
};
|
||||
}
|
||||
))
|
||||
]);
|
||||
}
|
||||
|
|
8
modules/nixos/programs/browsers/ungoogled-chromium.nix
Normal file
8
modules/nixos/programs/browsers/ungoogled-chromium.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
options.local.programs.browsers.ungoogled-chromium = with lib; {
|
||||
enable = mkEnableOption "ungoogled-chromium";
|
||||
package = mkPackageOption pkgs "ungoogled-chromium" {};
|
||||
};
|
||||
}
|
9
modules/nixos/programs/communication/default.nix
Normal file
9
modules/nixos/programs/communication/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./skype.nix
|
||||
./telegram.nix
|
||||
./simplex-chat.nix
|
||||
];
|
||||
}
|
20
modules/nixos/programs/communication/simplex-chat.nix
Normal file
20
modules/nixos/programs/communication/simplex-chat.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.local.programs.communication.simplex-chat;
|
||||
in
|
||||
{
|
||||
options.local.programs.communication.simplex-chat = with lib; {
|
||||
enable = mkEnableOption "SimplexChat";
|
||||
package = mkPackageOption pkgs "simplex-chat-desktop" { };
|
||||
openFirewall = mkEnableOption "Open firewall to link mobile device";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ 44000 ];
|
||||
};
|
||||
};
|
||||
}
|
73
modules/nixos/programs/communication/skype.nix
Normal file
73
modules/nixos/programs/communication/skype.nix
Normal file
|
@ -0,0 +1,73 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
||||
let
|
||||
cfg = config.local.programs.communication.skype;
|
||||
|
||||
hostRunPackage = pkgs.writeScript "cont-run" ''
|
||||
sudo nixos-container run skype -- su -l jan -c "$*"
|
||||
'';
|
||||
|
||||
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
|
||||
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
|
||||
'';
|
||||
|
||||
hostSkype = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
|
||||
mkdir $out
|
||||
cp -r ${hostPackageScript}/bin $out/bin
|
||||
cp -r ${cfg.package}/share $out/share
|
||||
'';
|
||||
in
|
||||
{
|
||||
options.local.programs.communication.skype = with lib; {
|
||||
enable = mkEnableOption "skype";
|
||||
package = mkPackageOption pkgs "skypeforlinux" { };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ hostSkype ];
|
||||
|
||||
local.sound.systemWide = true;
|
||||
|
||||
containers.skype = {
|
||||
autoStart = true;
|
||||
ephemeral = true;
|
||||
|
||||
bindMounts = lib.mkMerge [
|
||||
{
|
||||
"/tmp/.X11-unix" = { };
|
||||
"/home/jan/downloads/skype" = { isReadonly = false; };
|
||||
}
|
||||
(lib.mkIf config.hardware.graphics.enable {
|
||||
"/run/opengl-driver/lib" = { };
|
||||
})
|
||||
(lib.mkIf config.hardware.graphics.enable32Bit {
|
||||
"/run/opengl-driver-32/lib" = { };
|
||||
})
|
||||
];
|
||||
|
||||
config = { pkgs, ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
fonts = {
|
||||
inherit (config.fonts) enableDefaultPackages packages;
|
||||
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
|
||||
};
|
||||
|
||||
users.users.jan = {
|
||||
isNormalUser = true;
|
||||
home = "/home/jan";
|
||||
password = "hello";
|
||||
extraGroups = [ "pulse-access" ];
|
||||
packages = [ cfg.package ];
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
DISPLAY = ":0";
|
||||
PULSE_SERVER = "tcp:127.0.0.1:4713";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
77
modules/nixos/programs/communication/telegram.nix
Normal file
77
modules/nixos/programs/communication/telegram.nix
Normal file
|
@ -0,0 +1,77 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
||||
let
|
||||
cfg = config.local.programs.communication.telegram;
|
||||
|
||||
hostRunPackage = pkgs.writeScript "cont-run" ''
|
||||
sudo nixos-container run telegram -- su -l jan -c "$*"
|
||||
'';
|
||||
|
||||
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
|
||||
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
|
||||
'';
|
||||
|
||||
hostTelegram = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
|
||||
mkdir $out
|
||||
cp -r ${hostPackageScript}/bin $out/bin
|
||||
cp -r ${cfg.package}/share $out/share
|
||||
'';
|
||||
in
|
||||
{
|
||||
options.local.programs.communication.telegram = with lib; {
|
||||
enable = mkEnableOption "tdesktop. telegram client";
|
||||
package = mkPackageOption pkgs "tdesktop" { };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ hostTelegram ];
|
||||
|
||||
local.sound.systemWide = true;
|
||||
|
||||
containers.telegram = {
|
||||
autoStart = true;
|
||||
ephemeral = true;
|
||||
|
||||
bindMounts = lib.mkMerge [
|
||||
{
|
||||
"/tmp/.X11-unix" = { };
|
||||
"/home/jan/downloads/telegram" = {
|
||||
isReadOnly = false;
|
||||
};
|
||||
}
|
||||
(lib.mkIf config.hardware.graphics.enable {
|
||||
"/run/opengl-driver/lib" = { };
|
||||
})
|
||||
(lib.mkIf config.hardware.graphics.enable32Bit {
|
||||
"/run/opengl-driver-32/lib" = { };
|
||||
})
|
||||
(lib.mkIf config.local.programs.browsers.librewolf.enable {
|
||||
"/home/jan/downloads/browser" = { };
|
||||
})
|
||||
];
|
||||
|
||||
config = { pkgs, ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
fonts = {
|
||||
inherit (config.fonts) enableDefaultPackages packages;
|
||||
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
|
||||
};
|
||||
|
||||
users.users.jan = {
|
||||
isNormalUser = true;
|
||||
home = "/home/jan";
|
||||
password = "hello";
|
||||
extraGroups = [ "pulse-access" ];
|
||||
packages = [ cfg.package ];
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
DISPLAY = ":0";
|
||||
PULSE_SERVER = "tcp:127.0.0.1:4713";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -4,5 +4,7 @@
|
|||
imports = [
|
||||
./pass.nix
|
||||
./browsers
|
||||
./communication
|
||||
./editors
|
||||
];
|
||||
}
|
||||
|
|
5
modules/nixos/programs/editors/default.nix
Normal file
5
modules/nixos/programs/editors/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [ ./jetbrains-idea.nix ];
|
||||
}
|
48
modules/nixos/programs/editors/jetbrains-idea.nix
Normal file
48
modules/nixos/programs/editors/jetbrains-idea.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
||||
let
|
||||
cfg = config.local.programs.editors.jetbrains-idea;
|
||||
in
|
||||
{
|
||||
options.local.programs.editors.jetbrains-idea = with lib; {
|
||||
enable = mkEnableOption "jetbrains idea-community";
|
||||
package = mkPackageOption pkgs.jetbrains "idea-community" { };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
containers.jetbrains-idea = {
|
||||
autoStart = true;
|
||||
ephemeral = true;
|
||||
|
||||
bindMounts = {
|
||||
"/tmp/.X11-unix" = { };
|
||||
"/home/john/projects" = {
|
||||
isReadOnly = false;
|
||||
hostPath = "/home/jan/containers/jetbrains-idea/projects";
|
||||
};
|
||||
};
|
||||
|
||||
config = { pkgs, ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
fonts = {
|
||||
inherit (config.fonts) enableDefaultPackages packages;
|
||||
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
|
||||
};
|
||||
|
||||
users.users.john = {
|
||||
isNormalUser = true;
|
||||
home = "/home/john";
|
||||
password = "hello";
|
||||
extraGroups = [ "pulse-access" ];
|
||||
packages = [ cfg.package ];
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,7 +6,9 @@
|
|||
./dnscrypt-proxy2.nix
|
||||
./gnupg.nix
|
||||
./i2pd.nix
|
||||
./kubo.nix
|
||||
./octoprint.nix
|
||||
|
||||
./vpn
|
||||
./fail2ban
|
||||
];
|
||||
|
|
14
modules/nixos/services/kubo.nix
Normal file
14
modules/nixos/services/kubo.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
options.local.services.kubo.enable = lib.mkEnableOption "kubo. The InterPlanetary File System (IPFS)";
|
||||
|
||||
config = lib.mkIf config.local.services.kubo.enable {
|
||||
services.kubo = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.kubo;
|
||||
# required to use ipfs companion browser extension
|
||||
settings.Addresses.API = [ "/ip4/127.0.0.1/tcp/5001" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,14 +1,20 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.local.services.vpn.wireguard;
|
||||
|
||||
addrsViaDefaultInterface = [
|
||||
# cache.nixos.org
|
||||
"151.101.86.217/32"
|
||||
# tbank.ru
|
||||
"178.248.236.218/32"
|
||||
];
|
||||
in
|
||||
{
|
||||
options.local.services.vpn.wireguard = with lib; {
|
||||
enable = mkEnableOption "Enable wireguard vpn";
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
description = "10.100.0.<num>/24";
|
||||
example = "10.100.0.1/24";
|
||||
};
|
||||
privateKeyFile = mkOption {
|
||||
|
@ -44,6 +50,22 @@ in
|
|||
# Path to the private key file.
|
||||
privateKeyFile = cfg.privateKeyFile;
|
||||
|
||||
postUp = ''
|
||||
addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
|
||||
interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
|
||||
'' + lib.concatLines (map
|
||||
(addr: "${pkgs.iproute}/bin/ip route add ${addr} via $addr dev $interface || true")
|
||||
addrsViaDefaultInterface
|
||||
);
|
||||
|
||||
preDown = ''
|
||||
addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
|
||||
interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
|
||||
'' + lib.concatLines (map
|
||||
(addr: "${pkgs.iproute}/bin/ip route del ${addr} via $addr dev $interface || true")
|
||||
addrsViaDefaultInterface
|
||||
);
|
||||
|
||||
peers = [
|
||||
# For a client configuration, one peer entry for the server will suffice.
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
# Configs
|
||||
################################################################################
|
||||
local.system = {
|
||||
kernel = lib.mkDefault "hardened";
|
||||
kernel = lib.mkDefault "stable";
|
||||
headless = lib.mkDefault true;
|
||||
};
|
||||
|
||||
|
|
6
neovim/configs/default.nix
Normal file
6
neovim/configs/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./language-server.nix
|
||||
./line-limiter.nix
|
||||
];
|
||||
}
|
86
neovim/configs/language-server.nix
Normal file
86
neovim/configs/language-server.nix
Normal file
|
@ -0,0 +1,86 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let inherit (lib.nix2lua) call; in
|
||||
{
|
||||
fn.lspconfig-eslint-on-attach = {
|
||||
args = [ "client" "bufnr" ];
|
||||
content = { bufnr, ... }: {
|
||||
vim.augroup.eslint-fix = {
|
||||
event = "BufWritePre";
|
||||
buffer = bufnr;
|
||||
command = "silent! EslintFixAll";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
plugins.language-server.lspconfig.serverSettings = {
|
||||
# nix
|
||||
nil_ls = { };
|
||||
# rust
|
||||
rust_analyzer = {
|
||||
settings.rust-analyzer = {
|
||||
"server.path" = "rust-analyzer";
|
||||
"updates.prompt" = false;
|
||||
"updates.checkOnStartup" = false;
|
||||
"checkOnSave.enable" = true;
|
||||
"checkOnSave.command" = "clippy";
|
||||
"cargo.autoreload" = true;
|
||||
};
|
||||
};
|
||||
# linter for javascript, typescript, vue
|
||||
eslint = {
|
||||
on_attach = config.fn.lspconfig-eslint-on-attach.lambda;
|
||||
flags = {
|
||||
allow_incremental_sync = false;
|
||||
debounce_text_changes = 1000;
|
||||
};
|
||||
};
|
||||
# vue
|
||||
volar = {
|
||||
init_options = {
|
||||
typescript.tsdk = "./node_modules/typescript/lib";
|
||||
};
|
||||
};
|
||||
# python
|
||||
pylsp = { };
|
||||
# typescript, javascript
|
||||
denols = {
|
||||
root_dir = call "${config.plugin.nvim-lspconfig.varName}.util.root_pattern" [ "deno.json" "deno.jsonc" ];
|
||||
};
|
||||
# java
|
||||
jdtls = {
|
||||
cmd = [
|
||||
"${pkgs.jdt-language-server}/bin/jdtls"
|
||||
"--jvm-arg=-javaagent:${pkgs.lombok.out}/share/java/lombok.jar"
|
||||
"--jvm-arg=-Xbootclasspath/a:${pkgs.lombok.out}/share/java/lombok.jar"
|
||||
];
|
||||
};
|
||||
# json
|
||||
jsonls = { };
|
||||
# css, scss, less
|
||||
cssls = { };
|
||||
css_variables = {
|
||||
lookupFiles = [
|
||||
"**/*.scss"
|
||||
"**/*.less"
|
||||
"**/*.css"
|
||||
];
|
||||
};
|
||||
# Grammar/Spell Checker
|
||||
ltex = {
|
||||
language = "en-US";
|
||||
languageToolHttpServerUri = "http://localhost:8081";
|
||||
};
|
||||
};
|
||||
|
||||
plugins.language-server.typescript-tools = {
|
||||
enable = true;
|
||||
serverSettings = {
|
||||
filetypes = [ "javascript" "javascriptreact" "typescript" "typescriptreact" "vue" ];
|
||||
settings = {
|
||||
tsserver_max_memory = "auto";
|
||||
tsserver_plugins = [ "@vue/typescript-plugin" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
48
neovim/configs/line-limiter.nix
Normal file
48
neovim/configs/line-limiter.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ lib, ... }:
|
||||
|
||||
let
|
||||
mkLineLimiterOpts = limit: {
|
||||
colorcolumn = toString (limit + 1);
|
||||
textwidth = limit;
|
||||
};
|
||||
|
||||
mkLineLimiterGroup = { limit, pattern }:
|
||||
lib.nameValuePair
|
||||
"line-limiter-${toString limit}"
|
||||
{
|
||||
inherit pattern;
|
||||
opt = mkLineLimiterOpts limit;
|
||||
};
|
||||
in
|
||||
{
|
||||
buffer.filetype = lib.listToAttrs [
|
||||
(mkLineLimiterGroup {
|
||||
limit = 100;
|
||||
pattern = [
|
||||
"nix"
|
||||
"javascript,javascriptreact"
|
||||
"typescript,typescriptreact"
|
||||
"vue"
|
||||
"rust"
|
||||
"haskell"
|
||||
];
|
||||
})
|
||||
(mkLineLimiterGroup {
|
||||
limit = 90;
|
||||
pattern = [
|
||||
"python"
|
||||
];
|
||||
})
|
||||
(mkLineLimiterGroup {
|
||||
limit = 80;
|
||||
pattern = [
|
||||
"json"
|
||||
"yaml"
|
||||
"markdown"
|
||||
"html,htmldjango"
|
||||
"css,scss,less"
|
||||
"sql,psql"
|
||||
];
|
||||
})
|
||||
];
|
||||
}
|
129
neovim/dev.nix
129
neovim/dev.nix
|
@ -1,86 +1,72 @@
|
|||
{ config, modulesPath, lib, pkgs, ... }:
|
||||
{ modulesPath, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib.mod) ctrl;
|
||||
inherit (lib.nix2lua) pipe1 require call call0;
|
||||
|
||||
mkLineLimiterGroup = { limit, pattern }:
|
||||
lib.nameValuePair
|
||||
"line-limiter-${toString limit}"
|
||||
{
|
||||
inherit pattern;
|
||||
opt = {
|
||||
colorcolumn = toString limit;
|
||||
textwidth = limit;
|
||||
};
|
||||
};
|
||||
inherit (lib.nix2lua) pipe1 require call0 nf var;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
"${modulesPath}/profiles/recommended.nix"
|
||||
./snippets.nix
|
||||
./configs
|
||||
./plugins
|
||||
];
|
||||
|
||||
vim.opt = {
|
||||
list = true;
|
||||
formatexpr = "neoformat#Neoformat(0, '', v:lnum, v:lnum + v:count)";
|
||||
formatoptions = "roqnlj";
|
||||
};
|
||||
|
||||
buffer.filetype = {
|
||||
nix.opt.formatexpr = "neoformat#Neoformat(0, '', 0, 99999)";
|
||||
} // lib.listToAttrs [
|
||||
(mkLineLimiterGroup {
|
||||
limit = 101;
|
||||
pattern = [
|
||||
"nix"
|
||||
"javascript,javascriptreact"
|
||||
"typescript,typescriptreact"
|
||||
"rust"
|
||||
"haskell"
|
||||
];
|
||||
})
|
||||
(mkLineLimiterGroup {
|
||||
limit = 81;
|
||||
pattern = [
|
||||
"python"
|
||||
"json"
|
||||
"yaml"
|
||||
"markdown"
|
||||
"html"
|
||||
"css"
|
||||
"scss"
|
||||
"less"
|
||||
"sql"
|
||||
"psql"
|
||||
];
|
||||
})
|
||||
];
|
||||
text-options = {
|
||||
pattern = [ "txt" "markdown" "mail" "man" ];
|
||||
opt = { formatoptions = "roqwnjp"; };
|
||||
};
|
||||
};
|
||||
|
||||
filetype.detect = {
|
||||
d2 = "*.d2";
|
||||
nickel = "*.ncl";
|
||||
psql = "*.psql";
|
||||
sql = "*.pgsql";
|
||||
};
|
||||
|
||||
# Enable fast navigation between windows
|
||||
vim.keymap.set = map (k: { mode = "n"; lhs = ctrl k; rhs = "${ctrl "w"}${k}"; }) [ "h" "l" "j" "k" ];
|
||||
|
||||
plugins.style.nvim-treesitter.extraGrammars = {
|
||||
plugins.style.nvim-treesitter = {
|
||||
extraGrammars = {
|
||||
tree-sitter-d2 = rec {
|
||||
language = "d2";
|
||||
version = "8a9d50043d58eedf1e375b0e2059e43efd856902";
|
||||
# version = "e7507ddd983427cb71b4bd96b039c382c73d65c5";
|
||||
version = "1e6d8ca3d85c0031ff010759bb60804dd47b95f2";
|
||||
src = pkgs.fetchFromGitea {
|
||||
domain = "git.pleshevski.ru";
|
||||
owner = "pleshevskiy";
|
||||
repo = "tree-sitter-d2";
|
||||
rev = version;
|
||||
sha256 = "sha256-ZhVjxo7Xi7DaHN3qabUcykflY74bUqPcOA410fA3zRk=";
|
||||
# sha256 = "sha256-m7ZCxnW4Q1bQp1GhntUF7l+p6DV1p/2AJXhVeRy8Rec=";
|
||||
sha256 = "sha256-ld9zlJ7tXl/SyrHJXwPKviDHePbw/jhI9WPT3aNntt8=";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Source: https://github.com/DariusCorvus/tree-sitter-language-injection.nvim/blob/main/lua/tree-sitter-language-injection/init.lua
|
||||
extraQueries.javascript.injections =
|
||||
let
|
||||
lang = "sql";
|
||||
langMatch = ''^//+( )*${lang}( )*|^/[*]+( )*${lang}( )*[*]+/$'';
|
||||
in
|
||||
''
|
||||
((comment) @comment .
|
||||
([ (string(string_fragment) @injection.content)
|
||||
(template_string(string_fragment) @injection.content)
|
||||
] @injection.content
|
||||
)
|
||||
(#match? @comment "${langMatch}")
|
||||
(#set! injection.language "${lang}")
|
||||
)
|
||||
'';
|
||||
};
|
||||
|
||||
plugins.style.neoformat.autoformat = {
|
||||
enable = true;
|
||||
pattern = [ "*.ts" "*.tsx" "*.rs" "flake.nix" ];
|
||||
|
@ -108,45 +94,14 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
fn.lspconfig-eslint-on-attach = {
|
||||
args = [ "client" "bufnr" ];
|
||||
content = { bufnr, ... }: {
|
||||
vim.augroup.eslint-fix = {
|
||||
event = "BufWritePre";
|
||||
buffer = bufnr;
|
||||
command = "silent! EslintFixAll";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
plugins.language-server.lspconfig.serverSettings = {
|
||||
nil_ls = { };
|
||||
rust_analyzer = {
|
||||
settings.rust-analyzer = {
|
||||
"server.path" = "rust-analyzer";
|
||||
"updates.prompt" = false;
|
||||
"updates.checkOnStartup" = false;
|
||||
"checkOnSave.enable" = true;
|
||||
"checkOnSave.command" = "clippy";
|
||||
"cargo.autoreload" = true;
|
||||
};
|
||||
};
|
||||
tsserver = { };
|
||||
eslint = {
|
||||
on_attach = config.fn.lspconfig-eslint-on-attach.lambda;
|
||||
};
|
||||
volar = {
|
||||
init_options = {
|
||||
typescript.tsdk = "./node_modules/typescript/lib";
|
||||
};
|
||||
};
|
||||
ltex = {
|
||||
language = "en-US";
|
||||
languageToolHttpServerUri = "http://localhost:8081";
|
||||
};
|
||||
pylsp = { };
|
||||
denols = {
|
||||
root_dir = call "${config.plugin.nvim-lspconfig.varName}.util.root_pattern" [ "deno.json" "deno.jsonc" ];
|
||||
};
|
||||
plugins.snippet.luasnip.settings = {
|
||||
ext_opts = [
|
||||
(nf (var "luasnip_types.choiceNode") {
|
||||
active.virt_text = [ [ "●" "WarningMsg" ] ];
|
||||
})
|
||||
(nf (var "luasnip_types.insertNode") {
|
||||
active.virt_text = [ [ "●" "Title" ] ];
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
6
neovim/plugins/default.nix
Normal file
6
neovim/plugins/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./ollama.nix
|
||||
./spring-boot.nix
|
||||
];
|
||||
}
|
7
neovim/plugins/ollama.nix
Normal file
7
neovim/plugins/ollama.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
plugin.ollama-nvim = {
|
||||
enable = true;
|
||||
name = "ollama";
|
||||
setupSettings = { };
|
||||
};
|
||||
}
|
40
neovim/plugins/spring-boot.nix
Normal file
40
neovim/plugins/spring-boot.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
||||
let
|
||||
inherit (lib.nix2lua) pipe1 call0 call1;
|
||||
inherit (pkgs) vimUtils fetchFromGitHub;
|
||||
|
||||
spring-boot-nvim = vimUtils.buildVimPlugin {
|
||||
pname = "spring-boot";
|
||||
version = "2024-08-10";
|
||||
src = fetchFromGitHub {
|
||||
owner = "JavaHello";
|
||||
repo = "spring-boot.nvim";
|
||||
rev = "995a705becbc711b703f9ab344745ececf6471a3";
|
||||
hash = "sha256-Hri6WQnWTmFwlOUCVG8O1eELn9FhlvVpUC9lt+uIGkc=";
|
||||
};
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
plugin.spring-boot-nvim = {
|
||||
enable = true;
|
||||
package = spring-boot-nvim;
|
||||
name = "spring_boot";
|
||||
};
|
||||
|
||||
plugin.nvim-lspconfig.beforeSetup = [
|
||||
(pipe1 config.plugin.spring-boot-nvim.var (call1 "setup" {
|
||||
java_cmd = "${pkgs.jdk22}/bin/java";
|
||||
log_file = "/tmp/spring-boot.log";
|
||||
}))
|
||||
(pipe1 config.plugin.spring-boot-nvim.var (call0 "init_lsp_commands"))
|
||||
];
|
||||
|
||||
plugins.language-server.lspconfig.serverSettings.jdtls = {
|
||||
init_options = {
|
||||
bundles = (pipe1 config.plugin.spring-boot-nvim.var (call0 "java_extensions"));
|
||||
};
|
||||
};
|
||||
}
|
|
@ -12,35 +12,35 @@
|
|||
{ jump = 2; text = "trueBody"; }
|
||||
{ text = " else "; }
|
||||
{ jump = 3; text = "falseBody"; }
|
||||
{ jump = 0; }
|
||||
];
|
||||
|
||||
"inherit".nodes = [
|
||||
{ text = "inherit "; }
|
||||
{
|
||||
jump = 1;
|
||||
choices = [
|
||||
{
|
||||
nodes = [
|
||||
{ text = "("; }
|
||||
{ jump = 1; text = "lib"; }
|
||||
{ text = ") "; }
|
||||
];
|
||||
}
|
||||
{ text = ""; }
|
||||
];
|
||||
}
|
||||
{ jump = 2; text = "filter"; }
|
||||
{ text = ";"; }
|
||||
{ jump = 0; }
|
||||
];
|
||||
|
||||
"var".nodes = [
|
||||
{ jump = 1; text = "name"; }
|
||||
{ text = " = "; }
|
||||
{
|
||||
jump = 2;
|
||||
choices = [
|
||||
{ kind = "insert"; text = "value"; }
|
||||
{
|
||||
nodes = [
|
||||
{ jump = 1; }
|
||||
{ text = "["; }
|
||||
{ jump = 2; }
|
||||
{ text = "]"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
nodes = [
|
||||
{ jump = 1; }
|
||||
{ text = "{"; }
|
||||
{ jump = 2; }
|
||||
{ text = "}"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
{ jump = 2; text = "value"; }
|
||||
{ text = ";"; }
|
||||
{ jump = 0; }
|
||||
];
|
||||
|
||||
"module".nodes = [
|
||||
|
@ -61,17 +61,15 @@
|
|||
choices = [
|
||||
{
|
||||
nodes = [
|
||||
{ jump = 1; }
|
||||
{ text = "let "; }
|
||||
{ jump = 2; }
|
||||
{ jump = 1; }
|
||||
{ text = "in"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
nodes = [
|
||||
{ jump = 1; }
|
||||
{ text = "with "; }
|
||||
{ jump = 2; text = "lib"; }
|
||||
{ jump = 1; text = "lib"; }
|
||||
{ text = ";"; }
|
||||
];
|
||||
}
|
||||
|
@ -87,6 +85,7 @@
|
|||
];
|
||||
}
|
||||
{ text = [ "" "}" ]; }
|
||||
{ jump = 0; }
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
19
notes/davmail.md
Normal file
19
notes/davmail.md
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Davmail
|
||||
|
||||
## Update refresh token
|
||||
|
||||
Stop current `davmail.service` and clone properties to a temp file
|
||||
|
||||
```sh
|
||||
sudo systemctl stop davmail.service
|
||||
cat $(sudo systemctl cat davmail.service | awk '/ExecStart=/ { print $2; }') > /tmp/davmail.properties
|
||||
```
|
||||
|
||||
Start davmail manually
|
||||
|
||||
```sh
|
||||
davmail /tmp/davmail.properties
|
||||
```
|
||||
|
||||
Open renew link in the browser and copy `refreshToken` from
|
||||
`/tmp/davmail.properties`
|
14
notes/vpn.md
14
notes/vpn.md
|
@ -8,6 +8,20 @@ wg genkey > ./private
|
|||
wg pubkey < ./private > ./public
|
||||
```
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
Then create QR code with configuration using the following command:
|
||||
|
||||
```sh
|
||||
nix build -f ./misc/wg-client-conf.nix \
|
||||
--argstr address "" \
|
||||
--argstr dns "" \
|
||||
--argstr privateKey "$(cat private)" \
|
||||
--argstr serverPublicKey "" \
|
||||
--argstr serverEndpoint ""
|
||||
```
|
||||
|
||||
# References:
|
||||
|
||||
- https://nixos.wiki/wiki/WireGuard
|
||||
|
|
20
packages/micro-agent/default.nix
Normal file
20
packages/micro-agent/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ buildNpmPackage, fetchFromGitHub }:
|
||||
|
||||
# https://github.com/BuilderIO/micro-agent
|
||||
buildNpmPackage rec {
|
||||
pname = "micro-agent";
|
||||
version = "0.0.41";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BuilderIO";
|
||||
repo = "micro-agent";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-NxnK8MgKPTZVIADd03fJ6egUWq5vgVxkOvqaD/T/12w=";
|
||||
};
|
||||
|
||||
npmDepsHash = "sha256-exIqyldG5dcUt1xoVLQw/FLOOqfIpG44i3fdzG4cyvM=";
|
||||
|
||||
NODE_OPTIONS = "--openssl-legacy-provider";
|
||||
|
||||
npmFlags = [ "--ignore-scripts" ];
|
||||
}
|
29
readme.md
29
readme.md
|
@ -2,35 +2,6 @@
|
|||
|
||||
This repository contains configurations for my personal vps and workstations.
|
||||
|
||||
## Hosts
|
||||
|
||||
Workstations:
|
||||
|
||||
- **home** - Home desktop computer for work.
|
||||
- **asus-gl553vd** - My laptop for remote work.
|
||||
|
||||
# Home Manager configs
|
||||
|
||||
User configurations are included.
|
||||
|
||||
### Themes
|
||||
|
||||
| Name | Palettes | Note |
|
||||
| :--------- | :------- | :------ |
|
||||
| Catppuccin | Frappe | Current |
|
||||
|
||||
### Core Programs
|
||||
|
||||
| Type | Program |
|
||||
| :------------- | :------ |
|
||||
| Status Bar | Polybar |
|
||||
| Window Manager | XMonad |
|
||||
| Launcher | Dmenu |
|
||||
| Terminal | Wezterm |
|
||||
| Editor | Neovim |
|
||||
| File Manager | vifm |
|
||||
| Shell | Zsh |
|
||||
|
||||
### Screenshots
|
||||
|
||||
![workspace](assets/screenshot_1.png)
|
||||
|
|
|
@ -5,12 +5,12 @@
|
|||
{
|
||||
"description": "home youtube.com/youtu.be -> invidious",
|
||||
"exampleUrl": "https://www.youtube.com/",
|
||||
"exampleResult": "https://inv.oikei.net/",
|
||||
"exampleResult": "https://yewtu.be/",
|
||||
"error": null,
|
||||
"includePattern": "https://(?:www\\.)?(youtube\\.com|youtu.be)/$",
|
||||
"excludePattern": "",
|
||||
"patternDesc": "get home page ",
|
||||
"redirectUrl": "https://inv.oikei.net/",
|
||||
"redirectUrl": "https://yewtu.be/",
|
||||
"patternType": "R",
|
||||
"processMatches": "noProcessing",
|
||||
"disabled": false,
|
||||
|
@ -22,12 +22,12 @@
|
|||
{
|
||||
"description": "youtu.be -> invidious",
|
||||
"exampleUrl": "https://youtu.be/MYRBI-X5nfhI?si=sSoZBk9bB7NSEE8j",
|
||||
"exampleResult": "https://inv.oikei.net/watch?v=MYRBI-X5nfhI",
|
||||
"exampleResult": "https://yewtu.be/watch?v=MYRBI-X5nfhI",
|
||||
"error": null,
|
||||
"includePattern": "https://youtu.be/([\\w-]+)(\\?.*)?",
|
||||
"excludePattern": "",
|
||||
"patternDesc": "get video id from url",
|
||||
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
|
||||
"redirectUrl": "https://yewtu.be/watch?v=$1",
|
||||
"patternType": "R",
|
||||
"processMatches": "noProcessing",
|
||||
"disabled": false,
|
||||
|
@ -39,12 +39,12 @@
|
|||
{
|
||||
"description": "youtube.com -> invidious",
|
||||
"exampleUrl": "https://www.youtube.com/watch?v=jQ-KdWyzKfE",
|
||||
"exampleResult": "https://inv.oikei.net/watch?v=jQ-KdWyzKfE",
|
||||
"exampleResult": "https://yewtu.be/watch?v=jQ-KdWyzKfE",
|
||||
"error": null,
|
||||
"includePattern": "https://(?:www\\.)?youtube\\.com/watch\\?v=([\\w-]+)(&.*)?",
|
||||
"excludePattern": "",
|
||||
"patternDesc": "get video id from url",
|
||||
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
|
||||
"redirectUrl": "https://yewtu.be/watch?v=$1",
|
||||
"patternType": "R",
|
||||
"processMatches": "noProcessing",
|
||||
"disabled": false,
|
||||
|
@ -56,12 +56,12 @@
|
|||
{
|
||||
"description": "youtube.com/shorts -> invidious",
|
||||
"exampleUrl": "https://www.youtube.com/shorts/jQkhyLSqlLg",
|
||||
"exampleResult": "https://inv.oikei.net/watch?v=jQkhyLSqlLg",
|
||||
"exampleResult": "https://yewtu.be/watch?v=jQkhyLSqlLg",
|
||||
"error": null,
|
||||
"includePattern": "https://(?:www\\.)?youtube\\.com/shorts/([\\w-]+)(&.*)?",
|
||||
"excludePattern": "",
|
||||
"patternDesc": "get video id from url",
|
||||
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
|
||||
"redirectUrl": "https://yewtu.be/watch?v=$1",
|
||||
"patternType": "R",
|
||||
"processMatches": "noProcessing",
|
||||
"disabled": false,
|
||||
|
@ -73,12 +73,12 @@
|
|||
{
|
||||
"description": "youtube.com/live -> invidious",
|
||||
"exampleUrl": "https://www.youtube.com/live/jQ-KdWyzKfE",
|
||||
"exampleResult": "https://inv.oikei.net/watch?v=jQ-KdWyzKfE",
|
||||
"exampleResult": "https://yewtu.be/watch?v=jQ-KdWyzKfE",
|
||||
"error": null,
|
||||
"includePattern": "https://(?:www\\.)?youtube\\.com/live/([\\w-]+)(\\?.*)?",
|
||||
"excludePattern": "",
|
||||
"patternDesc": "get video id from url",
|
||||
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
|
||||
"redirectUrl": "https://yewtu.be/watch?v=$1",
|
||||
"patternType": "R",
|
||||
"processMatches": "noProcessing",
|
||||
"disabled": false,
|
||||
|
@ -90,12 +90,12 @@
|
|||
{
|
||||
"description": "youtube.com/channel -> invidious",
|
||||
"exampleUrl": "https://www.youtube.com/@KdWyzKfE",
|
||||
"exampleResult": "https://inv.oikei.net/@KdWyzKfE",
|
||||
"exampleResult": "https://yewtu.be/@KdWyzKfE",
|
||||
"error": null,
|
||||
"includePattern": "https://(?:www\\.)?youtube\\.com/(@[\\w-]+)(\\?.*)?",
|
||||
"excludePattern": "",
|
||||
"patternDesc": "get channel name from url",
|
||||
"redirectUrl": "https://inv.oikei.net/$1",
|
||||
"redirectUrl": "https://yewtu.be/$1",
|
||||
"patternType": "R",
|
||||
"processMatches": "noProcessing",
|
||||
"disabled": false,
|
||||
|
@ -107,12 +107,12 @@
|
|||
{
|
||||
"description": "indivious (old -> current)",
|
||||
"exampleUrl": "https://yt.cdaut.de/watch?v=jUnhS74uicE",
|
||||
"exampleResult": "https://invidious.einfachzocken.eu/watch?v=jUnhS74uicE",
|
||||
"exampleResult": "https://yewtu.be/watch?v=jUnhS74uicE",
|
||||
"error": null,
|
||||
"includePattern": "https://(yt.cdaut.de|inv.oikei.net)/(.*)",
|
||||
"includePattern": "https://(yt.cdaut.de|inv.oikei.net|invidious.einfachzocken.eu)/(.*)",
|
||||
"excludePattern": "",
|
||||
"patternDesc": "Redirect from old instances",
|
||||
"redirectUrl": "https://invidious.einfachzocken.eu/$2",
|
||||
"redirectUrl": "https://yewtu.be/$2",
|
||||
"patternType": "R",
|
||||
"processMatches": "noProcessing",
|
||||
"disabled": false,
|
||||
|
|
Binary file not shown.
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, inputs, globalData, ... }:
|
||||
{ config, pkgs, lib, inputs, globalData, packagesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [./davmail.secret.nix];
|
||||
|
@ -57,6 +57,7 @@
|
|||
imports = [
|
||||
./email_accounts.secret.nix
|
||||
./calendars.secret.nix
|
||||
./ssh.secret.nix
|
||||
./git
|
||||
];
|
||||
|
||||
|
@ -94,22 +95,20 @@
|
|||
};
|
||||
|
||||
local.programs.file-managers.vifm.enable = lib.mkDefault true;
|
||||
local.programs.file-managers.nnn = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.nnn;
|
||||
};
|
||||
|
||||
local.programs.aerc.enable = lib.mkDefault true;
|
||||
|
||||
local.programs.communication = {
|
||||
telegram.enable = lib.mkDefault true;
|
||||
matrix.enable = lib.mkDefault true;
|
||||
simplex-chat.enable = lib.mkDefault (config.local.system.kernel != "hardened");
|
||||
};
|
||||
|
||||
local.programs.dev-tools = {
|
||||
base.enable = lib.mkDefault true;
|
||||
nix.enable = lib.mkDefault true;
|
||||
web.enable = lib.mkDefault true;
|
||||
psql = {
|
||||
enable = lib.mkDefault true;
|
||||
package = lib.mkDefault pkgs.postgresql_14;
|
||||
package = lib.mkDefault pkgs.postgresql_16;
|
||||
};
|
||||
eza.enable = lib.mkDefault true;
|
||||
direnv.enable = lib.mkDefault true;
|
||||
|
@ -120,6 +119,8 @@
|
|||
|
||||
local.programs.flameshot.enable = lib.mkDefault true;
|
||||
|
||||
local.programs.argos-translate.enable = lib.mkDefault true;
|
||||
|
||||
################################################################################
|
||||
# Services
|
||||
################################################################################
|
||||
|
@ -155,6 +156,11 @@
|
|||
# tools
|
||||
procs
|
||||
bottom
|
||||
jq
|
||||
|
||||
nodePackages.vscode-langservers-extracted # html, css, json, eslint
|
||||
|
||||
(pkgs.callPackage (packagesPath + /micro-agent) {})
|
||||
];
|
||||
|
||||
home.file = {
|
||||
|
|
Binary file not shown.
|
@ -25,6 +25,7 @@
|
|||
extraConfig = {
|
||||
init.defaultBranch = "main";
|
||||
pull.rebase = true;
|
||||
advice.skippedCherryPicks = false;
|
||||
};
|
||||
aliases = {
|
||||
co = "switch";
|
||||
|
@ -46,7 +47,9 @@
|
|||
can = "commit --amend --no-edit";
|
||||
|
||||
p = "push";
|
||||
pt = "push --tags";
|
||||
po = "push origin";
|
||||
pot = "push origin --tags";
|
||||
pf = "push --force-with-lease";
|
||||
pfo = "push --force-with-lease origin";
|
||||
pl = "pull";
|
||||
|
@ -70,8 +73,14 @@
|
|||
|
||||
re = "restore";
|
||||
res = "restore --staged";
|
||||
resw = "restore --staged --worktree";
|
||||
|
||||
rls = "ls-remote --heads";
|
||||
rlso = "ls-remote --heads origin";
|
||||
rlsu = "ls-remote --heads upstream";
|
||||
|
||||
lo = "log --pretty=oneline";
|
||||
los = "log --pretty='format:%s'";
|
||||
|
||||
sma = "submodule add";
|
||||
smui = "submodule update --init";
|
||||
|
@ -83,6 +92,9 @@
|
|||
sai = "stash apply --index";
|
||||
sp = "stash pop";
|
||||
spi = "stash pop --index";
|
||||
|
||||
t = "tag";
|
||||
tf = "tag --force";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue