Compare commits

..

1 commit

Author SHA1 Message Date
7796baa7e5
host/home: add radicale calendar 2024-05-22 22:12:33 +03:00
106 changed files with 571 additions and 1675 deletions

Binary file not shown.

View file

@ -32,13 +32,13 @@ help:
define machine_rule
.PHONY: $(1)
$(1): ;
# systemctl --user reset-failed
sudo nix run -L $(NIX_ARGS) .#switch/$(1) -- $(BUILD_ARGS)
systemctl --user reset-failed
sudo nix run $(NIX_ARGS) .#switch/$(1) -- $(BUILD_ARGS)
endef
define vps_rule
.PHONY: $(1)
$(1): ; nix run -L .#deploy/$(1) -- $(BUILD_ARGS)
$(1): ; nix run .#deploy/$(1) -- $(BUILD_ARGS)
endef
@ -47,7 +47,7 @@ $(foreach vps,$(VPS),$(eval $(call vps_rule,$(vps))))
.PHONY: rollback
rollback:
sudo nixos-rebuild switch --rollback
sudo nixos-rebuild --rollback
################################################################################
# Editor

View file

@ -1,63 +0,0 @@
{ device, memSize ? 1024 * 5, swapSize ? "10G" }:
{
disko = {
inherit memSize;
devices = {
disk = {
main = {
type = "disk";
inherit device;
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
priority = 1;
};
cryptoroot = {
size = "100%";
content = {
type = "luks";
name = "luksroot";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
root = {
mountpoint = "/";
mountOptions = [ "compress=zstd" ];
};
persistent = {
mountpoint = "/persistent";
mountOptions = [ "compress=zstd" "noatime" ];
};
nix = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
swap = {
mountpoint = "/.swapvol";
mountOptions = [ "noatime" ];
swap.swapfile.size = swapSize;
};
};
};
};
};
};
};
};
};
};
};
}

View file

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"lastModified": 1715290355,
"narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"type": "github"
},
"original": {
@ -23,26 +23,6 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1727531434,
"narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=",
"owner": "nix-community",
"repo": "disko",
"rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": "flake-utils",
@ -50,11 +30,11 @@
},
"locked": {
"dir": "repos/rycee/pkgs/firefox-addons",
"lastModified": 1727605244,
"narHash": "sha256-LQOKClgjj4L8gSl0duMqBQFTfD1d2o92JZ0lBhIg9iA=",
"lastModified": 1713127732,
"narHash": "sha256-07prd+in1ZUcxETxPyWtFjl7xPKwlXzk9a47Q3RnHXU=",
"owner": "nix-community",
"repo": "nur-combined",
"rev": "03735bab40042843097839f2fabac72793f5f669",
"rev": "6edb2a1a43dbd2f8b32876268a530ce82c64013f",
"type": "github"
},
"original": {
@ -70,11 +50,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1726153070,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"lastModified": 1714641030,
"narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
"type": "github"
},
"original": {
@ -99,15 +79,12 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@ -117,6 +94,24 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_3"
},
@ -136,11 +131,11 @@
},
"hardware": {
"locked": {
"lastModified": 1728729581,
"narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
"lastModified": 1716173274,
"narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
"rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
"type": "github"
},
"original": {
@ -178,11 +173,11 @@
]
},
"locked": {
"lastModified": 1727383923,
"narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
"lastModified": 1713818326,
"narHash": "sha256-aw3xbVPJauLk/bbrlakIYxKpeuMWzA2feGrkIpIuXd8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ffe2d07e771580a005e675108212597e5b367d2d",
"rev": "67de98ae6eed5ad6f91b1142356d71a87ba97f21",
"type": "github"
},
"original": {
@ -199,35 +194,20 @@
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1715381426,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1727556076,
"narHash": "sha256-5Iplxbdn/7kQp4UYXMnUMFL2i2lyysOhRyzvvtPe1Qc=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "fff0d95cf40609941769a443a001b25fb95b68ab",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"lan-mouse": {
"inputs": {
"nixpkgs": [
@ -236,11 +216,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1726858237,
"narHash": "sha256-fAHjrIZV9cxAtJmp1SEP11ubvX3Er6lqUHUb7NBFuA8=",
"lastModified": 1713168888,
"narHash": "sha256-pNd6KbkLlZtXKQvHWYwQB/Wbqa7lQYVffpSq5uWJqzQ=",
"owner": "feschber",
"repo": "lan-mouse",
"rev": "b071201dcb000a09330df81784d2ef2c0446da90",
"rev": "36855a1a1767f4a777bad580d5a76fec1be5d9d1",
"type": "github"
},
"original": {
@ -260,11 +240,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1726716330,
"narHash": "sha256-mIuOP4I51eFLquRaxMKx67pHmhatZrcVPjfHL98v/M8=",
"lastModified": 1714571717,
"narHash": "sha256-o4tqlTzi9kcVub167kTGXgCac9jM3kW4+v9MH/ue4Hk=",
"owner": "oxalica",
"repo": "nil",
"rev": "c8e8ce72442a164d89d3fdeaae0bcc405f8c015a",
"rev": "2f3ed6348bbf1440fcd1ab0411271497a0fbbfa4",
"type": "github"
},
"original": {
@ -299,11 +279,11 @@
]
},
"locked": {
"lastModified": 1731097096,
"narHash": "sha256-hMBcuTUJs1+zQ5nwTA06isLxk/vUd1r5qs95JRJ5L5E=",
"lastModified": 1716244689,
"narHash": "sha256-tFsMxZcbg8WAmNmmL/WxFjp4wgCK2XzTDkM5PNZqCZQ=",
"ref": "refs/heads/main",
"rev": "20bf0c7e51e1e5ebf5f3754332f134a8ca0ce04c",
"revCount": 94,
"rev": "881339ef7077b5c1d07041a0024575a4170c0174",
"revCount": 83,
"type": "git",
"url": "https://git.pleshevski.ru/pleshevskiy/nixeovim"
},
@ -330,23 +310,23 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1725233747,
"narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=",
"lastModified": 1714640452,
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1728979988,
"narHash": "sha256-GBJRnbFLDg0y7ridWJHAP4Nn7oss50/VNgqoXaf/RVk=",
"lastModified": 1716128955,
"narHash": "sha256-3DNg/PV+X2V7yn8b/fUR2ppakw7D9N4sjVBGk6nDwII=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7881fbfd2e3ed1dfa315fca889b2cfd94be39337",
"rev": "f9256de8281f2ccd04985ac5c30d8f69aefadbe8",
"type": "github"
},
"original": {
@ -358,27 +338,27 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1729044727,
"narHash": "sha256-GKJjtPY+SXfLF/yTN7M2cAnQB6RERFKnQhD8UvPSf3M=",
"lastModified": 1716061101,
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc2e0028d274394f73653c7c90cc63edbb696be1",
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1718428119,
"narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=",
"lastModified": 1706487304,
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e6cea36f83499eb4e9cd184c8a8e823296b50ad5",
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
"type": "github"
},
"original": {
@ -391,13 +371,11 @@
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"firefox-addons": "firefox-addons",
"flake-utils": "flake-utils_2",
"hardware": "hardware",
"home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence",
"lan-mouse": "lan-mouse",
"nil": "nil",
"nixeovim": "nixeovim",
@ -415,11 +393,11 @@
]
},
"locked": {
"lastModified": 1716257780,
"narHash": "sha256-R+NjvJzKEkTVCmdrKRfPE4liX/KMGVqGUwwS5H8ET8A=",
"lastModified": 1710987136,
"narHash": "sha256-Q8GRdlAIKZ8tJUXrbcRO1pA33AdoPfTUirsSnmGQnOU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4e5e3d2c5c9b2721bd266f9e43c14e96811b89d2",
"rev": "97596b54ac34ad8184ca1eef44b1ec2e5c2b5f9e",
"type": "github"
},
"original": {
@ -430,17 +408,21 @@
},
"rust-overlay_2": {
"inputs": {
"flake-utils": [
"nil",
"flake-utils"
],
"nixpkgs": [
"nil",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726453838,
"narHash": "sha256-pupsow4L79SBfNwT6vh/5RAbVZuhngIA0RTCZksXmZY=",
"lastModified": 1714529851,
"narHash": "sha256-YMKJW880f7LHXVRzu93xa6Ek+QLECIu0IRQbXbzZe38=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ca2e79cd22625d214b8437c2c4080ce79bd9f7d2",
"rev": "9ca720fdcf7865385ae3b93ecdf65f1a64cb475e",
"type": "github"
},
"original": {
@ -451,14 +433,15 @@
},
"rust-overlay_3": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1727663505,
"narHash": "sha256-83j/GrHsx8GFUcQofKh+PRPz6pz8sxAsZyT/HCNdey8=",
"lastModified": 1715393623,
"narHash": "sha256-nSUFcUqyTQQ/aYFIB05mpCzytcKvfKMy3ZQAe0fP26A=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "c2099c6c7599ea1980151b8b6247a8f93e1806ee",
"rev": "8eb8671512cb0c72c748058506e50c54fb5d8e2b",
"type": "github"
},
"original": {
@ -521,11 +504,11 @@
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1727849733,
"narHash": "sha256-mqxs/nyzOEKiBHa94OtcOLYBXd65P8tO4DUVTHWHn6o=",
"lastModified": 1715552757,
"narHash": "sha256-ZOgCSIcdvG8+RcZCXSAEmb/LZ2Ap9wU4nvbxNDA+QN0=",
"owner": "Toqozz",
"repo": "wired-notify",
"rev": "a1f6965737754e7424f9468f6befef885a9ee0ad",
"rev": "18b44306b2636fc7f238a9d946c7b8aac217122d",
"type": "github"
},
"original": {

View file

@ -1,14 +1,9 @@
{
inputs = {
flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
hardware.url = "github:NixOS/nixos-hardware/master";
impermanence.url = "github:nix-community/impermanence";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
firefox-addons.url = "github:nix-community/nur-combined/master?dir=repos/rycee/pkgs/firefox-addons";
@ -19,7 +14,7 @@
};
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-unstable = {
@ -87,7 +82,7 @@
set -e
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
${lib.optionalString machine.config.hardware.pulseaudio.systemWide ''
systemctl restart alsa-store.service
systemctl restart pulseaudio.service
''}
'')
localMachines);
@ -104,11 +99,6 @@
# Path to the agenix configuration file
RULES = "./.agenix_config.nix";
};
disk = pkgs.mkShell {
packages = [
inputs.disko.packages.${system}.disko
];
};
tools = pkgs.mkShell {
packages = with pkgs; [
mkpasswd
@ -141,9 +131,7 @@
modules =
(with inputs; [
agenix.nixosModules.default
home-manager.nixosModules.default
disko.nixosModules.disko
impermanence.nixosModules.impermanence
home-manager.nixosModule
])
++ [
# deployment settings
@ -159,7 +147,6 @@
})
# base home manager settings
({ ... }: {
home-manager.backupFileExtension = "backup";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
@ -171,6 +158,7 @@
./modules/home-manager
inputs.wired.homeManagerModules.default
inputs.lan-mouse.homeManagerModules.default
"${inputs.home-manager-unstable}/modules/services/window-managers/river.nix"
];
}
];
@ -178,12 +166,8 @@
]
++ extraModules
++ [ ./modules/nixos ]
++ [ ./hosts/${hostname}/configuration.nix ]
++ [ "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/renovate.nix" ];
++ [ ./hosts/${hostname}/configuration.nix ];
})
(import ./hosts inputs);
diskoConfigurations = {
asus-gl553vd = import ./hosts/asus-gl553vd/disk-config.nix;
};
};
}

View file

@ -1,10 +1,13 @@
{ ... }:
{
# Use the systemd-boot EFI boot loader.
boot.loader = {
timeout = 1;
systemd-boot = {
enable = true;
configurationLimit = 20;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
};
}

View file

@ -1,7 +1,8 @@
{ ... }:
{
imports = [
./boot.nix
./imp.nix
./networking.nix
./wireguard
];

View file

@ -1,76 +0,0 @@
{ config, lib, ... }:
{
# A setup which would clean root subvolume between boots remove automatically removed roots that
# are older than one day:
#
# Source: https://github.com/nix-community/impermanence
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/mapper/luksroot /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +1); do
delete_subvolume_recursively "$i"
done
echo 1 | tee /btrfs_tmp/root/sys/class/leds/asus\:\:kbd_backlight/brightness
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
rm -r /btrfs_tmp
'';
age.identityPaths = map (v: "/persistent/system/etc/ssh/${v}") [
"ssh_host_rsa_key"
"ssh_host_ed25519_key"
];
environment.persistence = {
"/persistent/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
"/persistent/docker" = lib.mkIf config.virtualisation.docker.enable {
hideMounts = true;
directories = map (v: "/var/lib/docker/${v}") [
"containers"
"volumes"
"image"
"overlay2"
"network"
];
files = [ "/var/lib/docker/engine-id" ];
};
"/presistent/ollama" = lib.mkIf config.services.ollama.enable {
hideMounts = true;
directories = [
"/var/lib/private/ollama"
];
};
};
}

View file

@ -1,10 +1,13 @@
{ ... }:
{
networking = {
hostName = "laptop"; # Define your hostname.
networkmanager.enable = true;
useDHCP = false;
interfaces.wlp2s0.useDHCP = true;
firewall.allowedTCPPortRanges = [
{ from = 33000; to = 33999; }
];
};
}

View file

@ -1,4 +1,4 @@
{ globalData, pkgs, ... }:
{ globalData, ... }:
{
imports = [
@ -7,11 +7,7 @@
./users
];
local.yubikey = {
enable = true;
serial = "28058247";
unplug.enable = true;
};
local.yubikey.enable = true;
################################################################################
# Services
@ -26,25 +22,12 @@
################################################################################
# Programs
################################################################################
services.ollama = {
local.programs.browsers.tor-browser = {
enable = true;
package = pkgs.unstable.ollama;
};
local.programs.communication = {
telegram = {
container = {
enable = true;
package = pkgs.unstable.tdesktop;
};
simplex-chat = {
enable = true;
package = pkgs.unstable.simplex-chat-desktop;
openFirewall = true;
externalInterface = "wg0";
sshAuthorizedKeys = globalData.publicKeys.users.jan;
};
};
environment.shellInit = ''
[ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
'';
}

View file

@ -1,3 +0,0 @@
import ../../disko/luks-btrfs.nix {
device = "/dev/disk/by-id/nvme-NE-256_2280_0015167003217";
}

View file

@ -1,7 +1,16 @@
{ ... }:
{
imports = [
./generated.nix # Include the results of the hardware scan.
./manual.nix
# Include the results of the hardware scan.
imports = [ ./generated.nix ];
# Enable keyboard on the boot
boot.initrd.availableKernelModules = [ "hid_asus" ];
boot.kernelModules = [
# Enable containers
# See: https://github.com/NixOS/nixpkgs/issues/38676
"veth"
];
@ -20,7 +29,7 @@
};
# configure mouse and touchpad
services.libinput = {
services.xserver.libinput = {
enable = true;
touchpad = {
accelSpeed = "0.5";

View file

@ -1,56 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
kernelModules = [ ];
luks.devices."luksroot".device = "/dev/disk/by-uuid/eb896c1c-f012-412e-86bd-48f663377129";
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/persistent" = {
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
fsType = "btrfs";
options = [ "subvol=persistent" "compress=zstd" ];
neededForBoot = true;
};
"/nix" = {
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/.swapvol" = {
device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
device = "/dev/disk/by-uuid/e6c0cbba-7000-4b1e-ba53-e7b5f8ae11c0";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/94EE-CA0D";
device = "/dev/disk/by-uuid/499C-4EBD";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
swapDevices = [{ device = "/.swapvol/swapfile"; }];
swapDevices = [{ device = "/dev/disk/by-uuid/fa457df9-cd48-4c81-90cb-a511a7689988"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -60,6 +40,6 @@
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,24 +0,0 @@
{ ... }:
{
boot.kernelModules = [
# Enable containers
# See: https://github.com/NixOS/nixpkgs/issues/38676
"veth"
];
# Enable keyboard on the boot
boot.initrd.availableKernelModules = [ "hid_asus" ];
boot.blacklistedKernelModules = [ "nouveau" ];
fileSystems."/home/jan" = {
device = "/dev/disk/by-uuid/e6c0cbba-7000-4b1e-ba53-e7b5f8ae11c0";
fsType = "ext4";
options = [
"defaults"
"X-mount.subdir=home/jan"
"X-mount.mkdir"
];
};
}

View file

@ -1,4 +1,4 @@
{ hostsPath, usersPath, lib, ... }:
{ hostsPath, usersPath, ... }:
let
asusData = import (hostsPath + "/asus-gl553vd/data.secret.nix");

View file

@ -6,7 +6,7 @@
services = {
avahi = {
enable = true;
nssmdns4 = true;
nssmdns = true;
};
printing = {
enable = true;

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ globalData, ... }:
{
imports = [
@ -7,111 +7,57 @@
./users
];
local.yubikey.enable = true;
services.radicale = {
enable = true;
settings = {
auth = {
# htpasswd -B -c /etc/radicale/users
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
};
rights = {
root = {
user = ".+";
collection = "";
permissions = "R";
};
principal = {
user = ".+";
collection = "{user}";
permissions = "RW";
};
calendars = {
user = ".+";
collection = "{user}/[^/]+";
permissions = "rw";
};
};
};
################################################################################
# Programs
################################################################################
local.programs.browsers.tor-browser = {
enable = true;
container = {
enable = true;
externalInterface = "wg0";
sshAuthorizedKeys = globalData.publicKeys.users.jan;
};
};
################################################################################
# Services
################################################################################
local.services.i2pd.enable = true;
local.services.kubo.enable = true;
local.services.octoprint.enable = true;
virtualisation.docker.enable = true;
# Torrent client
services.transmission = {
enable = true;
settings = {
rpc-bind-address = "192.168.7.10";
rpc-port = 9091;
rpc-whitelist = "192.168.7.*";
};
};
services.ollama = {
enable = true;
package = pkgs.unstable.ollama;
acceleration = "rocm";
};
programs.sniffnet.enable = true;
################################################################################
# Containers
################################################################################
environment.shellInit = ''
[ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
'';
local.programs.communication = {
telegram = {
enable = true;
package = pkgs.unstable.tdesktop;
};
simplex-chat = {
enable = true;
package = pkgs.unstable.simplex-chat-desktop;
openFirewall = true;
};
};
containers.games = {
autoStart = true;
bindMounts = {
"${config.services.transmission.settings.download-dir}" = { };
"/tmp/.X11-unix" = { };
"/run/opengl-driver/lib" = { };
"/run/opengl-driver-32/lib" = { };
};
allowedDevices = [
{
modifier = "r";
node = "/dev/kfd";
}
{
modifier = "r";
node = "/dev/dri";
}
];
config = { pkgs, ... }: {
nixpkgs.config.allowUnfree = true;
system.stateVersion = "23.11";
users.groups.transmission = config.users.groups.transmission;
users.users.john = {
isNormalUser = true;
home = "/home/john";
password = "hello";
extraGroups = [ "pulse-access" "transmission" ];
packages = with pkgs; [
# wine
wineWowPackages.stable
winetricks
# community edition
fallout-ce
fallout2-ce
openmw
openxcom
# tools
innoextract
vim
unzip
p7zip
unrar-wrapper
wget
];
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:127.0.0.1:4713";
XAUTHORITY = "/home/john/.Xauthority";
WINEPREFIX = "/home/john/.wine";
WINEARCH = "win32";
};
};
};
services.transmission.enable = true;
}

View file

@ -26,11 +26,6 @@
# extra configs
hardware.bluetooth.enable = true;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
# All monitors in the right order
# Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/xserver.nix#L83
services.xserver.xrandrHeads = [

View file

@ -33,28 +33,30 @@ in
];
};
local.games.endless-sky.enable = true;
# Extra packages
home.packages = with pkgs.unstable; [
## game dev
blender-hip
# game dev
blender
godot_4
libresprite
## 3d printer
# Cannot build unstable Cura!
# See: https://github.com/NixOS/nixpkgs/issues/325896
# it's too old in the nixpkgs!
# See: https://github.com/NixOS/nixpkgs/issues/186570
pkgs.cura
# 3d printer
cura
## electronics
# kicad-small
# electronics
kicad-small
# librepcb
# tools
bind.dnsutils
kubo # ipfs
];
# games
local.games = {
mindustry.enable = true;
widelands.enable = true;
};
};
}

View file

@ -5,11 +5,4 @@
./generated.nix
./networking.secret.nix
];
swapDevices = [
{
device = "/var/lib/swapfile";
size = 2 * 1024;
}
];
}

View file

@ -1,9 +1,5 @@
{ ... }:
{
imports = [
./forgejo-runners
./wireguard
# ./docker-registry-proxy.nix
./nginx.nix
./renovate.nix
];
imports = [ ./wireguard ];
}

View file

@ -1,20 +0,0 @@
{...}:
{
services.dockerRegistry = {
enable = true;
enableGarbageCollect = true;
extraConfig = {
proxy.remoteurl = "https://registry-1.docker.io";
};
};
services.nginx = {
upstreams.docker-hub-registry.servers."localhost:5000" = { };
virtualHosts."docker-hub.pleshevski.ru" = {
enableACME = true;
forceSSL = true;
locations."/v2/".proxyPass = "http://docker-hub-registry";
};
};
}

View file

@ -1,45 +0,0 @@
{ config, pkgs, ... }:
let
NODE_OPTIONS = "--max_old_space_size=4096";
in
{
age.secrets.forgejo-runner-token-istal-docker.file = ./forgejo-runner-token-istal-docker.age;
age.secrets.forgejo-runner-token-codeberg-docker.file = ./forgejo-runner-token-codeberg-docker.age;
virtualisation.docker.enable = true;
services.gitea-actions-runner = {
package = pkgs.unstable.forgejo-runner;
instances = {
istal-docker = {
enable = true;
name = "istal-docker";
url = "https://git.pleshevski.ru";
labels = [ ];
tokenFile = config.age.secrets.forgejo-runner-token-istal-docker.path;
settings = {
runner = {
envs = { inherit NODE_OPTIONS; };
timeout = "1h";
};
};
};
codeberg-docker = {
enable = true;
name = "codeberg-docker";
url = "https://codeberg.org";
labels = [ ];
tokenFile = config.age.secrets.forgejo-runner-token-codeberg-docker.path;
settings = {
runner = {
envs = { inherit NODE_OPTIONS; };
timeout = "1h";
};
};
};
};
};
}

View file

@ -1,41 +0,0 @@
{ ... }:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = {
acceptTerms = true;
defaults.email = "dmitriy@pleshevski.ru";
};
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
appendHttpConfig = ''
# Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
# Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame
add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff;
# This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
};
}

View file

@ -1,48 +0,0 @@
{ config, pkgs, ... }:
{
age.secrets.renovate-gitea-token.file = ./renovate-gitea-token.age;
age.secrets.renovate-github-token.file = ./renovate-github-token.age;
services.renovate = {
enable = true;
package = pkgs.unstable.renovate;
schedule = "0..3,10..23:00/15";
credentials = {
RENOVATE_TOKEN = config.age.secrets.renovate-gitea-token.path;
GITHUB_COM_TOKEN = config.age.secrets.renovate-github-token.path;
};
runtimePackages = with pkgs.unstable; [
nodePackages.pnpm
nodePackages.npm
python312
poetry
gnumake
cargo
];
settings = {
platform = "gitea";
endpoint = "https://git.pleshevski.ru";
assignees = [ "pleshevskiy" ];
autodiscover = true;
packageRules = [
{
matchUpdateTypes = [ "minor" "patch" "pin" "digest" ];
automerge = true;
}
];
automergeStrategy = "fast-forward";
onboardingConfig = {
"$schema" = "https://docs.renovatebot.com/renovate-schema.json";
extends = [ "config:recommended" ];
configMigration = true;
};
globalExtends = ["npm:unpublishSafe"];
cacheHardTtlMinutes = 30;
httpCacheTtlDays = 1;
};
};
# systemd.services.renovate.environment.LOG_LEVEL = "debug";
}

Binary file not shown.

View file

@ -6,8 +6,6 @@
./services
];
local.system.kernel = "hardened";
networking.hostName = "tatos";
users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.jan;

View file

@ -79,7 +79,7 @@ in
}
# Phone 2 m
{
publicKey = "p1GR0Ax2wrqnnd/coKYA4p0lvhdY9Mkk4iwhPxZfl3I=";
publicKey = "0+ejwId5JcTeMvoz+I/ACpmpUFjD7rl9wqz8H/OAHEw=";
allowedIPs = [ "10.20.30.6/32" ];
}
# Phone 3 n
@ -87,11 +87,6 @@ in
publicKey = "IUw38F1ik2y2XoPh3Nd1VVxHz9nfKDfNKyzBaEi0rjc=";
allowedIPs = [ "10.20.30.7/32" ];
}
# Laptop m
{
publicKey = "dF5YEeK1nw2V4GNLwg67M+r8NMA315KpueQMk+ZFO1M=";
allowedIPs = [ "10.20.30.8/32" ];
}
];
};
};

View file

@ -1,3 +1,4 @@
# use nix-build -E (import <system>/misc/wg-client-conf.nix {})
{ pkgs ? import <nixpkgs> { }
, address
, privateKey

View file

@ -63,22 +63,8 @@ in
xclip # access x clipboard from a console
dmenu # menu for x window system
nitrogen # wallpaper manager
rofimoji # emoji picker
];
programs.rofi.pass = {
enable = true;
extraConfig = ''
EDITOR='wezterm start -- nvim'
URL_field='url'
USERNAME_field='login'
AUTOTYPE_field='autotype'
default_autotype='user :tab pass'
'';
};
xsession = {
enable = true;

View file

@ -233,13 +233,10 @@ myManageHook = manageApps
anyOf :: [Query Bool] -> Query Bool
anyOf = foldl (<||>) (pure False)
machine = stringProperty "WM_CLIENT_MACHINE"
role = stringProperty "WM_WINDOW_ROLE"
isPopup = role =? "pop-up"
isPinentry = anyOf [className =? "Gcr-promter", className =? "Pinentry"]
isGameMachine = machine =? "games"
isWezterm = className =? "org.wezfurlong.wezterm"
isAlacritty = className =? "Alacritty"
isTerminal = anyOf [isWezterm, isAlacritty]
@ -249,7 +246,6 @@ myManageHook = manageApps
composeOne
[ -- apps
className =? "Gimp" -?> doFloat,
isGameMachine -?> doFloat,
-- general
anyOf
[ resource =? "desktop_window",
@ -277,15 +273,10 @@ myKeys conf =
("M-S-<Return>", spawn $ XMonad.terminal conf),
-- launch a 'flameshot' to screenshot
("M-S-s", safeSpawn "flameshot" ["gui"]),
-- launch browsers
-- launch 'librewolf' browser
("M-S-b", spawn "librewolf"),
("M-S-t", spawn "tor-browser"),
-- launch 'dmenu_run' to choose applications
("M-r", spawn "dmenu_run"),
-- launch 'rofi-pass' to use password manager
("M-p", spawn "rofi-pass --last-used"),
-- launch 'rofimoji' to pick emoji
("M-e", spawn "rofimoji --action copy")
("M-p", spawn "dmenu_run")
-- Open calculator
-- ("<XF86Calculator>", spawn "gnome-calculator"),
]

View file

@ -8,14 +8,10 @@ in
mindustry.enable = mkEnableOption "mindustry";
widelands.enable = mkEnableOption "widelands";
unciv.enable = mkEnableOption "unciv";
freeciv.enable = mkEnableOption "freeciv";
endless-sky.enable = mkEnableOption "endless-sky";
};
config.home.packages =
lib.optional cfg.mindustry.enable pkgs.unstable.mindustry
++ lib.optional cfg.widelands.enable pkgs.widelands
++ lib.optional cfg.unciv.enable pkgs.unstable.unciv
++ lib.optional cfg.freeciv.enable pkgs.unstable.freeciv
++ lib.optional cfg.endless-sky.enable pkgs.unstable.endless-sky;
++ lib.optional cfg.unciv.enable pkgs.unstable.unciv;
}

View file

@ -85,12 +85,9 @@ in
"text/plain" = "colorize";
"text/rfc822-headers" = "colorize";
# "text/*" = "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME'";
"message/*" = "cat | colorize";
"message/delivery-status" = "cat | colorize";
"application/pgp-keys" = "gpg";
".filename,~\\.gpg" = "gpg --decrypt";
".filename,~\\.xml\\.gz" = "${pkgs.gzip}/bin/gunzip |"
+ "${pkgs.xmlformat}/bin/xmlformat |"
+ "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME' --language xml";
};
openers = { };
@ -128,6 +125,10 @@ in
"\\" = fill "filter";
"n" = exec "next-result";
"N" = exec "prev-result";
#"D" = exec "modify-labels +deleted -inbox";
#"A" = exec "modify-labels -inbox";
#"ms" = exec "modify-labels +spam -inbox";
#"mS" = exec "modify-labels -spam +inbox";
}
];
@ -153,14 +154,15 @@ in
}
];
compose = {
compose = lib.mkMerge [
globalBinds
{
"$ex" = "<C-x>";
"<C-k>" = exec "prev-field";
"<C-j>" = exec "next-field";
"<tab>" = exec "next-field";
"<C-l>" = exec "next-tab";
"<C-h>" = exec "prev-tab";
};
}
];
"compose::editor" = {
"$noinherit" = "true";

View file

@ -1,18 +0,0 @@
{ config, lib, pkgs, ... }:
let cfg = config.local.programs.argos-translate; in
{
options.local.programs.argos-translate = with lib; {
enable = mkEnableOption "argostranslate";
package = mkPackageOption pkgs.python311Packages "argostranslate" {};
};
config = lib.mkIf cfg.enable {
home.packages = [ cfg.package ];
programs.zsh.shellAliases = lib.mkIf config.programs.zsh.enable {
en2ru = "${cfg.package}/bin/argos-translate --from en --to ru";
ru2en = "${cfg.package}/bin/argos-translate --from ru --to en";
};
};
}

View file

@ -4,19 +4,15 @@
let cfg = config.local.programs.communication; in
{
options.local.programs.communication = with lib; {
matrix = {
enable = mkEnableOption "nheko. matrix client";
package = mkPackageOption pkgs "nheko" { };
};
tox = {
enable = mkEnableOption "tox";
package = mkPackageOption pkgs "qtox" { };
};
simplex-chat.enable = mkEnableOption "SimplexChat";
telegram.enable = mkEnableOption "tdesktop. telegram client";
matrix.enable = mkEnableOption "nheko. matrix client";
skype.enable = mkEnableOption "skype";
};
config = {
home.packages =
lib.optional cfg.matrix.enable cfg.matrix.package
++ lib.optional cfg.tox.enable cfg.tox.package;
};
config.home.packages = with pkgs.unstable;
lib.optional cfg.simplex-chat.enable simplex-chat-desktop
++ lib.optional cfg.telegram.enable tdesktop
++ lib.optional cfg.matrix.enable nheko
++ lib.optional cfg.skype.enable skypeforlinux;
}

View file

@ -3,7 +3,6 @@
{
imports = [
./aerc.nix
./argos-translate.nix
./communication.nix
./dev-tools.nix
./flameshot.nix

View file

@ -88,10 +88,6 @@ in
]
))
];
programs.zsh.initExtra = ''
source <(kubectl completion zsh)
'';
})
(lib.mkIf cfg.psql.enable {

View file

@ -3,7 +3,6 @@
{
imports = [
./nautilus.nix
./nnn.nix
./vifm
];
}

View file

@ -8,5 +8,5 @@ in
enable = mkEnableOption "nautilus";
};
config.home.packages = with pkgs.unstable; lib.optional cfg.enable nautilus;
config.home.packages = with pkgs.unstable; lib.optional cfg.enable gnome.nautilus;
}

View file

@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.file-managers.nnn;
in
{
options.local.programs.file-managers.nnn = with lib; {
enable = mkEnableOption "nnn";
package = mkPackageOption pkgs "nnn" {};
};
config.home.packages = lib.optional cfg.enable cfg.package;
}

View file

@ -11,7 +11,7 @@
" If you would like to use another vi clone such as Elvis or Vile
" you will need to change this setting.
set vicmd=nvim
set vicmd=vim
" This makes vifm perform file operations on its own instead of relying on
" standard utilities like `cp`. While using `cp` and alike is a more universal
@ -128,12 +128,12 @@ mark h ~/
" %m run the command in a menu window
command! df df -h %m 2> /dev/null
command! diff nvim -d %f %F
command! diff vim -d %f %F
command! zip zip -r %c.zip %f
command! run !! ./%f
command! make !!make %a
command! mkcd :mkdir %a | cd %a
command! vgrep nvim "+grep %a"
command! vgrep vim "+grep %a"
command! reload :write | restart full
" ------------------------------------------------------------------------------
@ -316,6 +316,11 @@ nnoremap S :sort<cr>
nnoremap w :view<cr>
vnoremap w :view<cr>gv
" Open file in existing instance of gvim
nnoremap o :!gvim --remote-tab-silent %f<cr>
" Open file in new instance of gvim
nnoremap O :!gvim %f<cr>
" Open file in the background using its default program
nnoremap gb :file &<cr>l
@ -349,6 +354,8 @@ nnoremap ,t :!xterm &<cr>
" Open editor to edit vifmrc and apply settings after returning to vifm
nnoremap ,c :write | edit $MYVIFMRC | restart full<cr>
" Open gvim to edit vifmrc
nnoremap ,C :!gvim --remote-tab-silent $MYVIFMRC &<cr>
" Toggle wrap setting on ,w key
nnoremap ,w :set wrap!<cr>

View file

@ -9,7 +9,7 @@
programs.zsh = {
enable = true;
autosuggestion.enable = true;
enableAutosuggestions = true;
enableCompletion = true;
defaultKeymap = "viins";
dotDir = ".config/zsh";

View file

@ -1,4 +1,4 @@
{ lib, pkgs, ... }:
{ lib, ... }:
{
imports = [ ./common.nix ];
@ -35,19 +35,5 @@
################################################################################
local.programs.pass.enable = lib.mkDefault true;
local.programs.browsers = {
librewolf.enable = lib.mkDefault true;
tor-browser.enable = lib.mkDefault true;
ungoogled-chromium.enable = lib.mkDefault true;
};
security.sudo.extraRules = [{
commands = [
{
command = "/run/current-system/sw/bin/nixos-container";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
local.programs.browsers.librewolf.enable = lib.mkDefault true;
}

View file

@ -9,11 +9,11 @@ in
};
config = lib.mkIf cfg.enable {
services.xserver.xkb = {
model = "pc105";
services.xserver = {
xkbModel = "pc105";
layout = "us,us";
variant = "dvorak,";
options = "grp:win_space_toggle";
xkbVariant = "dvorak,";
xkbOptions = "grp:win_space_toggle";
};
console.useXkbConfig = true;

View file

@ -11,7 +11,7 @@ in
config = lib.mkIf cfg.enable {
programs.i3lock = {
enable = true;
u2fSupport = lib.mkDefault config.security.pam.u2f.enable;
u2fSupport = lib.mkDefault config.local.yubikey.enable;
};
programs.xss-lock.enable = true;

View file

@ -42,11 +42,6 @@ in
};
};
})
(final: prev: {
sniffnet = (import inputs.nixpkgs-unstable {
inherit (config.nixpkgs) config system;
}).sniffnet;
})
(final: prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (config.nixpkgs) config overlays system;

View file

@ -1,36 +0,0 @@
{ config, lib, ... }:
let
cfg = config.local.security.sudo;
in
{
options.local.security.sudo = with lib; {
nopasswd = mkOption {
type = types.listOf (types.submodule {
options = {
commands = mkOption {
type = with types; listOf (either str package);
};
groups = mkOption {
type = types.listOf types.str;
default = [ "wheel" ];
};
};
});
default = [ ];
};
};
config = lib.mkIf (cfg.nopasswd != [ ]) {
security.sudo.extraRules = lib.flip map cfg.nopasswd (rule: {
inherit (rule) groups;
commands = lib.flip map rule.commands (cmd:
{
command = "${cmd}";
options = [ "NOPASSWD" ];
}
);
});
};
}

View file

@ -1,35 +1,17 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.sound;
in
{
options.local.sound = {
enable = lib.mkEnableOption "sound";
systemWide = lib.mkEnableOption "systemWide";
};
options.local.sound.enable = lib.mkEnableOption "sound";
config = lib.mkIf cfg.enable {
config = lib.mkIf config.local.sound.enable {
sound = {
enable = true;
mediaKeys.enable = true;
};
hardware.pulseaudio = lib.mkMerge [
{
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
}
(lib.mkIf cfg.systemWide {
systemWide = true;
support32Bit = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" ];
};
})
];
networking.firewall.allowedTCPPorts = lib.mkIf cfg.systemWide [ 4713 ];
};
}

View file

@ -40,7 +40,7 @@ in
})
(lib.mkIf (cfg.kernel == "stable") {
boot.kernelPackages = pkgs.unstable.linuxPackages_6_10;
boot.kernelPackages = pkgs.unstable.linuxPackages_6_6;
})
(lib.mkIf (cfg.kernel == "latest") {

View file

@ -14,7 +14,7 @@ in
package = pkgs.unstable.hyprland;
};
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
programs.gnupg.agent.pinentryFlavor = "gtk2";
local.lockscreen.waylock.enable = lib.mkDefault true;
};

View file

@ -14,7 +14,7 @@ in
package = pkgs.unstable.river;
};
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
programs.gnupg.agent.pinentryFlavor = "gtk2";
local.lockscreen.waylock.enable = lib.mkDefault true;
};

View file

@ -10,18 +10,19 @@ let cfg = config.local.window-manager.xmonad; in
packages = [ pkgs.dconf ];
};
services.displayManager.defaultSession = "none+xmonad";
services.xserver = {
enable = true;
displayManager.lightdm = {
displayManager = {
defaultSession = "none+xmonad";
lightdm = {
enable = true;
# greeters.tiny.enable = true;
};
};
windowManager.xmonad.enable = true;
};
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
programs.gnupg.agent.pinentryFlavor = "gtk2";
local.lockscreen.i3lock.enable = lib.mkDefault true;
};

View file

@ -1,71 +1,32 @@
{ config, lib, pkgs, ... }:
let
cfg = config.local.yubikey;
control = if cfg.multi-factor.enable then "required" else "sufficient";
in
let cfg = config.local.yubikey; in
{
options.local.yubikey = with lib; {
enable = mkEnableOption "yubikey";
serial = mkOption {
type = types.nullOr types.str;
default = null;
};
multi-factor.enable = mkEnableOption "multi-factor" // { default = true; };
unplug = {
enable = mkEnableOption "Do action when a Yubikey is unplugged";
model = mkOption {
type = types.str;
default = "407";
};
command = mkOption {
type = types.str;
default = "${pkgs.systemd}/bin/loginctl lock-sessions";
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
security.pam =
if cfg.serial == null then
{
u2f = {
security.pam.u2f = {
enable = true;
inherit control;
control = "required";
cue = lib.mkDefault true;
};
services = {
login.u2fAuth = lib.mkDefault true;
sudo.u2fAuth = lib.mkDefault true;
};
}
else
{
yubico = {
enable = true;
inherit control;
mode = "challenge-response";
id = [ cfg.serial ];
};
services.udev.packages = [ pkgs.yubikey-personalization ];
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
services.pcscd.enable = true;
services.pcscd.enable = cfg.serial != null;
services.udev = {
packages = [ pkgs.yubikey-personalization ];
extraRules = lib.mkIf cfg.unplug.enable ''
services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
ACTION=="remove",\
ENV{DEVTYPE}=="usb_device",\
ENV{PRODUCT}=="1050/${cfg.unplug.model}/543",\
RUN+="${cfg.unplug.command}"
ENV{PRODUCT}=="1050/402/543",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
};
};
}

View file

@ -1,107 +1,8 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.browsers;
contPackages =
lib.optional cfg.tor-browser.enable cfg.tor-browser.finalPackage
++ lib.optional cfg.librewolf.enable cfg.librewolf.finalPackage
++ lib.optional cfg.mullvad-browser.enable cfg.mullvad-browser.finalPackage
++ lib.optional cfg.ungoogled-chromium.enable cfg.ungoogled-chromium.package;
hostPackages = lib.flip map contPackages (p:
let
hostRunBrowser = pkgs.writeScript "cont-run-browser" ''
sudo nixos-container run browsers -- su -l jan -c "$*"
'';
hostBrowserScript = pkgs.writeScriptBin "${p.meta.mainProgram}" ''
${hostRunBrowser} ${p.meta.mainProgram} $@
'';
in
pkgs.runCommand "${p.meta.mainProgram}" { } ''
mkdir $out
cp -r ${hostBrowserScript}/bin $out/bin
cp -r ${p}/share $out/share
''
);
isEnable = cfg.tor-browser.enable
or cfg.librewolf.enable
or cfg.mullvad-browser.enable;
in
{ ... }:
{
imports = [
./tor-browser.nix
./mullvad-browser.nix
./librewolf.nix
./ungoogled-chromium.nix
];
config = lib.mkIf isEnable {
environment.systemPackages = hostPackages;
local.sound.systemWide = true;
containers.browsers = {
autoStart = true;
ephemeral = true;
restartIfChanged = false;
bindMounts = lib.mkMerge [
{
"/tmp/.X11-unix" = { };
"/home/jan/Downloads" = {
isReadOnly = false;
hostPath = "/home/jan/downloads/browser";
};
}
(lib.mkIf config.hardware.graphics.enable {
"/run/opengl-driver/lib" = { };
})
(lib.mkIf config.hardware.graphics.enable32Bit {
"/run/opengl-driver-32/lib" = { };
})
(lib.mkIf cfg.librewolf.enable {
"/home/jan/.librewolf" = {
isReadOnly = false;
hostPath = "/persistent/per-machine/browsers/home/jan/.librewolf";
};
})
(lib.mkIf cfg.ungoogled-chromium.enable {
"/home/jan/.config/chromium" = {
isReadOnly = false;
hostPath = "/persistent/per-machine/browsers/home/jan/.config/chromium";
};
})
(lib.mkIf config.local.programs.communication.telegram.enable {
"/home/jan/downloads/telegram" = { };
})
];
config = { pkgs, ... }: {
system.stateVersion = "23.11";
fonts = {
inherit (config.fonts) enableDefaultPackages packages;
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
};
networking.hosts = config.networking.hosts;
users.users.jan = {
isNormalUser = true;
home = "/home/jan";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = contPackages;
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:127.0.0.1:4713";
};
};
};
};
}

View file

@ -2,26 +2,27 @@
let
cfg = config.local.programs.browsers.librewolf;
isPassEnabled = config.local.programs.pass.enable;
policiesJson = pkgs.callPackage ./policies.nix {
firefoxAddons = inputs.firefox-addons.packages."${pkgs.system}";
withPassffAddon = isPassEnabled;
withRedirectorAddon = true;
withSidebarTabsAddon = true;
withAllSearchEngines = true;
};
finalLibrewolf = cfg.package.override {
extraPoliciesFiles = cfg.package.unwrapped.extraPoliciesFiles ++ [ policiesJson ];
librewolf' = with pkgs.unstable; librewolf.override {
extraPoliciesFiles = librewolf.unwrapped.extraPoliciesFiles ++ [ policiesJson ];
nativeMessagingHosts = lib.optional isPassEnabled passff-host;
};
in
{
options.local.programs.browsers.librewolf = with lib; {
enable = mkEnableOption "librewolf";
package = mkPackageOption pkgs "librewolf" {};
finalPackage = mkOption {
type = types.package;
readOnly = true;
default = finalLibrewolf;
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ librewolf' ];
};
}

View file

@ -10,7 +10,7 @@ let
withAllSearchEngines = true;
};
finalMullvadBrowser = cfg.package.overrideAttrs (attrs: {
mullvadBrowser = pkgs.mullvad-browser.overrideAttrs (attrs: {
postInstall = ''
rm $out/share/mullvad-browser/distribution/policies.json
@ -21,11 +21,9 @@ in
{
options.local.programs.browsers.mullvad-browser = with lib; {
enable = mkEnableOption "mullvad-browser";
package = mkPackageOption pkgs "mullvad-browser" {};
finalPackage = mkOption {
type = types.package;
readOnly = true;
default = finalMullvadBrowser;
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ mullvadBrowser ];
};
}

View file

@ -28,7 +28,7 @@ writeText "policies.json" (builtins.toJSON {
SearchEngines = {
Add = [
{
Alias = "@sx";
Alias = "sx";
Name = "SearXNG";
Description = "SearXNG a privacy-respecting, open metasearch engine";
IconURL = "https://search.sapti.me/static/themes/simple/img/favicon.png";
@ -36,28 +36,28 @@ writeText "policies.json" (builtins.toJSON {
}
] ++ lib.optionals withAllSearchEngines [
{
Alias = "@np";
Alias = "np";
Name = "NixOS Packages";
Description = "Search NixOS packages by name or description.";
IconURL = "https://nixos.org/favicon.png";
URLTemplate = "https://search.nixos.org/packages?query={searchTerms}";
}
{
Alias = "@no";
Alias = "no";
Name = "NixOS Options";
Description = "Search NixOS options by name or description.";
IconURL = "https://nixos.org/favicon.png";
URLTemplate = "https://search.nixos.org/options?query={searchTerms}";
}
{
Alias = "@ng";
Alias = "ng";
Name = "Noogle";
Description = "Search for nix functions by name.";
IconURL = "https://noogle.dev/favicon.png";
URLTemplate = "https://noogle.dev/q?term={searchTerms}";
}
{
Alias = "@hg";
Alias = "hg";
Name = "Hoogle";
Description = ''
Hoogle is a Haskell API search engine, which allows you to
@ -106,12 +106,5 @@ writeText "policies.json" (builtins.toJSON {
"yahoo@search.mozilla.org"
];
};
Containers.Default = let cont = name: icon: color: { inherit name icon color; }; in [
(cont "per" "fingerprint" "blue")
(cont "wor" "briefcase" "orange")
(cont "com" "tree" "green")
(cont "fin" "dollar" "yellow")
(cont "sea" "circle" "purple")
];
};
})

View file

@ -5,7 +5,7 @@ let
policiesJson = pkgs.callPackage ./policies.nix { };
finalTorBrowser = (cfg.package.override {
torBrowser = (pkgs.tor-browser-bundle-bin.override {
mediaSupport = true;
pulseaudioSupport = true;
}).overrideAttrs (attrs: {
@ -18,11 +18,95 @@ in
{
options.local.programs.browsers.tor-browser = with lib; {
enable = mkEnableOption "tor-browser";
package = mkPackageOption pkgs "tor-browser-bundle-bin" {};
finalPackage = mkOption {
type = types.package;
readOnly = true;
default = finalTorBrowser;
container = {
enable = mkEnableOption "tor-browser inside a container";
externalInterface = mkOption {
type = types.str;
default = "";
};
sshAuthorizedKeys = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
(lib.mkIf (!cfg.container.enable) {
environment.systemPackages = [ torBrowser ];
})
(lib.mkIf cfg.container.enable (
let
hostRunTorBrowser = pkgs.writeScriptBin "tor-browser" ''
${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 &
${pkgs.xorg.xhost}/bin/xhost +
ssh -X browser@192.168.7.11 tor-browser
${pkgs.xorg.xhost}/bin/xhost -
'';
clientRunTorBrowser = pkgs.writeScriptBin "tor-browser" ''
PULSE_SERVER=tcp:192.168.7.10:4713 \
XAUTHORITY="/home/browser/.Xauthority" \
DBUS_SESSION_BUS_ADDRESS="" \
DISPLAY=192.168.7.10:0.0 \
${pkgs.apulse}/bin/apulse ${torBrowser}/bin/tor-browser $@
'';
in
{
assertions = [
{
assertion = cfg.container.externalInterface != "";
message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `externalInterface` with Internet access";
}
{
assertion = cfg.container.sshAuthorizedKeys != [ ];
message = "The `tor-browser` module with the `isContainer` option enabled requires a non-empty `sshAuthorizedKeys` to connect to the container";
}
];
environment.systemPackages = [ hostRunTorBrowser ];
hardware.pulseaudio = {
systemWide = true;
support32Bit = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
};
};
networking = {
firewall.allowedTCPPorts = [ 4713 6000 ];
nat = {
enable = true;
internalInterfaces = [ "ve-browser" ];
externalInterface = cfg.container.externalInterface;
};
};
containers.browser = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.7.10";
localAddress = "192.168.7.11";
config = { ... }: {
system.stateVersion = "23.11";
services.openssh = {
enable = true;
settings.X11Forwarding = true;
};
users.extraUsers.browser = {
isNormalUser = true;
home = "/home/browser";
openssh.authorizedKeys.keys = cfg.container.sshAuthorizedKeys;
extraGroups = [ "pulse-access" ];
packages = [ clientRunTorBrowser ];
};
};
};
}
))
]);
}

View file

@ -1,8 +0,0 @@
{ pkgs, lib, ... }:
{
options.local.programs.browsers.ungoogled-chromium = with lib; {
enable = mkEnableOption "ungoogled-chromium";
package = mkPackageOption pkgs "ungoogled-chromium" {};
};
}

View file

@ -1,9 +0,0 @@
{ ... }:
{
imports = [
./skype.nix
./telegram.nix
./simplex-chat.nix
];
}

View file

@ -1,20 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.communication.simplex-chat;
in
{
options.local.programs.communication.simplex-chat = with lib; {
enable = mkEnableOption "SimplexChat";
package = mkPackageOption pkgs "simplex-chat-desktop" { };
openFirewall = mkEnableOption "Open firewall to link mobile device";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ 44000 ];
};
};
}

View file

@ -1,73 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.communication.skype;
hostRunPackage = pkgs.writeScript "cont-run" ''
sudo nixos-container run skype -- su -l jan -c "$*"
'';
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
'';
hostSkype = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
mkdir $out
cp -r ${hostPackageScript}/bin $out/bin
cp -r ${cfg.package}/share $out/share
'';
in
{
options.local.programs.communication.skype = with lib; {
enable = mkEnableOption "skype";
package = mkPackageOption pkgs "skypeforlinux" { };
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ hostSkype ];
local.sound.systemWide = true;
containers.skype = {
autoStart = true;
ephemeral = true;
bindMounts = lib.mkMerge [
{
"/tmp/.X11-unix" = { };
"/home/jan/downloads/skype" = { isReadonly = false; };
}
(lib.mkIf config.hardware.graphics.enable {
"/run/opengl-driver/lib" = { };
})
(lib.mkIf config.hardware.graphics.enable32Bit {
"/run/opengl-driver-32/lib" = { };
})
];
config = { pkgs, ... }: {
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
fonts = {
inherit (config.fonts) enableDefaultPackages packages;
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
};
users.users.jan = {
isNormalUser = true;
home = "/home/jan";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = [ cfg.package ];
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:127.0.0.1:4713";
};
};
};
};
}

View file

@ -1,77 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.communication.telegram;
hostRunPackage = pkgs.writeScript "cont-run" ''
sudo nixos-container run telegram -- su -l jan -c "$*"
'';
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
'';
hostTelegram = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
mkdir $out
cp -r ${hostPackageScript}/bin $out/bin
cp -r ${cfg.package}/share $out/share
'';
in
{
options.local.programs.communication.telegram = with lib; {
enable = mkEnableOption "tdesktop. telegram client";
package = mkPackageOption pkgs "tdesktop" { };
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ hostTelegram ];
local.sound.systemWide = true;
containers.telegram = {
autoStart = true;
ephemeral = true;
bindMounts = lib.mkMerge [
{
"/tmp/.X11-unix" = { };
"/home/jan/downloads/telegram" = {
isReadOnly = false;
};
}
(lib.mkIf config.hardware.graphics.enable {
"/run/opengl-driver/lib" = { };
})
(lib.mkIf config.hardware.graphics.enable32Bit {
"/run/opengl-driver-32/lib" = { };
})
(lib.mkIf config.local.programs.browsers.librewolf.enable {
"/home/jan/downloads/browser" = { };
})
];
config = { pkgs, ... }: {
system.stateVersion = "23.11";
fonts = {
inherit (config.fonts) enableDefaultPackages packages;
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
};
users.users.jan = {
isNormalUser = true;
home = "/home/jan";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = [ cfg.package ];
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:127.0.0.1:4713";
};
};
};
};
}

View file

@ -4,7 +4,5 @@
imports = [
./pass.nix
./browsers
./communication
./editors
];
}

View file

@ -1,5 +0,0 @@
{ ... }:
{
imports = [ ./jetbrains-idea.nix ];
}

View file

@ -1,48 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.editors.jetbrains-idea;
in
{
options.local.programs.editors.jetbrains-idea = with lib; {
enable = mkEnableOption "jetbrains idea-community";
package = mkPackageOption pkgs.jetbrains "idea-community" { };
};
config = lib.mkIf cfg.enable {
containers.jetbrains-idea = {
autoStart = true;
ephemeral = true;
bindMounts = {
"/tmp/.X11-unix" = { };
"/home/john/projects" = {
isReadOnly = false;
hostPath = "/home/jan/containers/jetbrains-idea/projects";
};
};
config = { pkgs, ... }: {
system.stateVersion = "23.11";
fonts = {
inherit (config.fonts) enableDefaultPackages packages;
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
};
users.users.john = {
isNormalUser = true;
home = "/home/john";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = [ cfg.package ];
};
environment.sessionVariables = {
DISPLAY = ":0";
};
};
};
};
}

View file

@ -6,9 +6,7 @@
./dnscrypt-proxy2.nix
./gnupg.nix
./i2pd.nix
./kubo.nix
./octoprint.nix
./vpn
./fail2ban
];

View file

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.local.services.kubo.enable = lib.mkEnableOption "kubo. The InterPlanetary File System (IPFS)";
config = lib.mkIf config.local.services.kubo.enable {
services.kubo = {
enable = true;
package = pkgs.unstable.kubo;
# required to use ipfs companion browser extension
settings.Addresses.API = [ "/ip4/127.0.0.1/tcp/5001" ];
};
};
}

View file

@ -1,20 +1,14 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
let
cfg = config.local.services.vpn.wireguard;
addrsViaDefaultInterface = [
# cache.nixos.org
"151.101.86.217/32"
# tbank.ru
"178.248.236.218/32"
];
in
{
options.local.services.vpn.wireguard = with lib; {
enable = mkEnableOption "Enable wireguard vpn";
ip = mkOption {
type = types.str;
description = "10.100.0.<num>/24";
example = "10.100.0.1/24";
};
privateKeyFile = mkOption {
@ -50,22 +44,6 @@ in
# Path to the private key file.
privateKeyFile = cfg.privateKeyFile;
postUp = ''
addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
'' + lib.concatLines (map
(addr: "${pkgs.iproute}/bin/ip route add ${addr} via $addr dev $interface || true")
addrsViaDefaultInterface
);
preDown = ''
addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
'' + lib.concatLines (map
(addr: "${pkgs.iproute}/bin/ip route del ${addr} via $addr dev $interface || true")
addrsViaDefaultInterface
);
peers = [
# For a client configuration, one peer entry for the server will suffice.

View file

@ -7,7 +7,7 @@
# Configs
################################################################################
local.system = {
kernel = lib.mkDefault "stable";
kernel = lib.mkDefault "hardened";
headless = lib.mkDefault true;
};

View file

@ -1,6 +0,0 @@
{
imports = [
./language-server.nix
./line-limiter.nix
];
}

View file

@ -1,86 +0,0 @@
{ config, lib, pkgs, ... }:
let inherit (lib.nix2lua) call; in
{
fn.lspconfig-eslint-on-attach = {
args = [ "client" "bufnr" ];
content = { bufnr, ... }: {
vim.augroup.eslint-fix = {
event = "BufWritePre";
buffer = bufnr;
command = "silent! EslintFixAll";
};
};
};
plugins.language-server.lspconfig.serverSettings = {
# nix
nil_ls = { };
# rust
rust_analyzer = {
settings.rust-analyzer = {
"server.path" = "rust-analyzer";
"updates.prompt" = false;
"updates.checkOnStartup" = false;
"checkOnSave.enable" = true;
"checkOnSave.command" = "clippy";
"cargo.autoreload" = true;
};
};
# linter for javascript, typescript, vue
eslint = {
on_attach = config.fn.lspconfig-eslint-on-attach.lambda;
flags = {
allow_incremental_sync = false;
debounce_text_changes = 1000;
};
};
# vue
volar = {
init_options = {
typescript.tsdk = "./node_modules/typescript/lib";
};
};
# python
pylsp = { };
# typescript, javascript
denols = {
root_dir = call "${config.plugin.nvim-lspconfig.varName}.util.root_pattern" [ "deno.json" "deno.jsonc" ];
};
# java
jdtls = {
cmd = [
"${pkgs.jdt-language-server}/bin/jdtls"
"--jvm-arg=-javaagent:${pkgs.lombok.out}/share/java/lombok.jar"
"--jvm-arg=-Xbootclasspath/a:${pkgs.lombok.out}/share/java/lombok.jar"
];
};
# json
jsonls = { };
# css, scss, less
cssls = { };
css_variables = {
lookupFiles = [
"**/*.scss"
"**/*.less"
"**/*.css"
];
};
# Grammar/Spell Checker
ltex = {
language = "en-US";
languageToolHttpServerUri = "http://localhost:8081";
};
};
plugins.language-server.typescript-tools = {
enable = true;
serverSettings = {
filetypes = [ "javascript" "javascriptreact" "typescript" "typescriptreact" "vue" ];
settings = {
tsserver_max_memory = "auto";
tsserver_plugins = [ "@vue/typescript-plugin" ];
};
};
};
}

View file

@ -1,48 +0,0 @@
{ lib, ... }:
let
mkLineLimiterOpts = limit: {
colorcolumn = toString (limit + 1);
textwidth = limit;
};
mkLineLimiterGroup = { limit, pattern }:
lib.nameValuePair
"line-limiter-${toString limit}"
{
inherit pattern;
opt = mkLineLimiterOpts limit;
};
in
{
buffer.filetype = lib.listToAttrs [
(mkLineLimiterGroup {
limit = 100;
pattern = [
"nix"
"javascript,javascriptreact"
"typescript,typescriptreact"
"vue"
"rust"
"haskell"
];
})
(mkLineLimiterGroup {
limit = 90;
pattern = [
"python"
];
})
(mkLineLimiterGroup {
limit = 80;
pattern = [
"json"
"yaml"
"markdown"
"html,htmldjango"
"css,scss,less"
"sql,psql"
];
})
];
}

View file

@ -1,72 +1,86 @@
{ modulesPath, lib, pkgs, ... }:
{ config, modulesPath, lib, pkgs, ... }:
let
inherit (lib.mod) ctrl;
inherit (lib.nix2lua) pipe1 require call0 nf var;
inherit (lib.nix2lua) pipe1 require call call0;
mkLineLimiterGroup = { limit, pattern }:
lib.nameValuePair
"line-limiter-${toString limit}"
{
inherit pattern;
opt = {
colorcolumn = toString limit;
textwidth = limit;
};
};
in
{
imports = [
"${modulesPath}/profiles/recommended.nix"
./snippets.nix
./configs
./plugins
];
vim.opt = {
list = true;
formatoptions = "roqnlj";
formatexpr = "neoformat#Neoformat(0, '', v:lnum, v:lnum + v:count)";
};
buffer.filetype = {
text-options = {
pattern = [ "txt" "markdown" "mail" "man" ];
opt = { formatoptions = "roqwnjp"; };
};
};
nix.opt.formatexpr = "neoformat#Neoformat(0, '', 0, 99999)";
} // lib.listToAttrs [
(mkLineLimiterGroup {
limit = 101;
pattern = [
"nix"
"javascript,javascriptreact"
"typescript,typescriptreact"
"rust"
"haskell"
];
})
(mkLineLimiterGroup {
limit = 81;
pattern = [
"python"
"json"
"yaml"
"markdown"
"html"
"css"
"scss"
"less"
"sql"
"psql"
];
})
];
filetype.detect = {
d2 = "*.d2";
nickel = "*.ncl";
psql = "*.psql";
sql = "*.pgsql";
};
# Enable fast navigation between windows
vim.keymap.set = map (k: { mode = "n"; lhs = ctrl k; rhs = "${ctrl "w"}${k}"; }) [ "h" "l" "j" "k" ];
plugins.style.nvim-treesitter = {
extraGrammars = {
plugins.style.nvim-treesitter.extraGrammars = {
tree-sitter-d2 = rec {
language = "d2";
version = "1e6d8ca3d85c0031ff010759bb60804dd47b95f2";
version = "8a9d50043d58eedf1e375b0e2059e43efd856902";
# version = "e7507ddd983427cb71b4bd96b039c382c73d65c5";
src = pkgs.fetchFromGitea {
domain = "git.pleshevski.ru";
owner = "pleshevskiy";
repo = "tree-sitter-d2";
rev = version;
sha256 = "sha256-ld9zlJ7tXl/SyrHJXwPKviDHePbw/jhI9WPT3aNntt8=";
sha256 = "sha256-ZhVjxo7Xi7DaHN3qabUcykflY74bUqPcOA410fA3zRk=";
# sha256 = "sha256-m7ZCxnW4Q1bQp1GhntUF7l+p6DV1p/2AJXhVeRy8Rec=";
};
};
};
# Source: https://github.com/DariusCorvus/tree-sitter-language-injection.nvim/blob/main/lua/tree-sitter-language-injection/init.lua
extraQueries.javascript.injections =
let
lang = "sql";
langMatch = ''^//+( )*${lang}( )*|^/[*]+( )*${lang}( )*[*]+/$'';
in
''
((comment) @comment .
([ (string(string_fragment) @injection.content)
(template_string(string_fragment) @injection.content)
] @injection.content
)
(#match? @comment "${langMatch}")
(#set! injection.language "${lang}")
)
'';
};
plugins.style.neoformat.autoformat = {
enable = true;
pattern = [ "*.ts" "*.tsx" "*.rs" "flake.nix" ];
@ -94,14 +108,45 @@ in
};
};
plugins.snippet.luasnip.settings = {
ext_opts = [
(nf (var "luasnip_types.choiceNode") {
active.virt_text = [ [ "" "WarningMsg" ] ];
})
(nf (var "luasnip_types.insertNode") {
active.virt_text = [ [ "" "Title" ] ];
})
];
fn.lspconfig-eslint-on-attach = {
args = [ "client" "bufnr" ];
content = { bufnr, ... }: {
vim.augroup.eslint-fix = {
event = "BufWritePre";
buffer = bufnr;
command = "silent! EslintFixAll";
};
};
};
plugins.language-server.lspconfig.serverSettings = {
nil_ls = { };
rust_analyzer = {
settings.rust-analyzer = {
"server.path" = "rust-analyzer";
"updates.prompt" = false;
"updates.checkOnStartup" = false;
"checkOnSave.enable" = true;
"checkOnSave.command" = "clippy";
"cargo.autoreload" = true;
};
};
tsserver = { };
eslint = {
on_attach = config.fn.lspconfig-eslint-on-attach.lambda;
};
volar = {
init_options = {
typescript.tsdk = "./node_modules/typescript/lib";
};
};
ltex = {
language = "en-US";
languageToolHttpServerUri = "http://localhost:8081";
};
pylsp = { };
denols = {
root_dir = call "${config.plugin.nvim-lspconfig.varName}.util.root_pattern" [ "deno.json" "deno.jsonc" ];
};
};
}

View file

@ -1,6 +0,0 @@
{
imports = [
./ollama.nix
./spring-boot.nix
];
}

View file

@ -1,7 +0,0 @@
{
plugin.ollama-nvim = {
enable = true;
name = "ollama";
setupSettings = { };
};
}

View file

@ -1,40 +0,0 @@
{ config, pkgs, lib, ... }:
let
inherit (lib.nix2lua) pipe1 call0 call1;
inherit (pkgs) vimUtils fetchFromGitHub;
spring-boot-nvim = vimUtils.buildVimPlugin {
pname = "spring-boot";
version = "2024-08-10";
src = fetchFromGitHub {
owner = "JavaHello";
repo = "spring-boot.nvim";
rev = "995a705becbc711b703f9ab344745ececf6471a3";
hash = "sha256-Hri6WQnWTmFwlOUCVG8O1eELn9FhlvVpUC9lt+uIGkc=";
};
};
in
{
plugin.spring-boot-nvim = {
enable = true;
package = spring-boot-nvim;
name = "spring_boot";
};
plugin.nvim-lspconfig.beforeSetup = [
(pipe1 config.plugin.spring-boot-nvim.var (call1 "setup" {
java_cmd = "${pkgs.jdk22}/bin/java";
log_file = "/tmp/spring-boot.log";
}))
(pipe1 config.plugin.spring-boot-nvim.var (call0 "init_lsp_commands"))
];
plugins.language-server.lspconfig.serverSettings.jdtls = {
init_options = {
bundles = (pipe1 config.plugin.spring-boot-nvim.var (call0 "java_extensions"));
};
};
}

View file

@ -12,35 +12,35 @@
{ jump = 2; text = "trueBody"; }
{ text = " else "; }
{ jump = 3; text = "falseBody"; }
{ jump = 0; }
];
"inherit".nodes = [
{ text = "inherit "; }
{
jump = 1;
choices = [
{
nodes = [
{ text = "("; }
{ jump = 1; text = "lib"; }
{ text = ") "; }
];
}
{ text = ""; }
];
}
{ jump = 2; text = "filter"; }
{ text = ";"; }
{ jump = 0; }
];
"var".nodes = [
{ jump = 1; text = "name"; }
{ text = " = "; }
{ jump = 2; text = "value"; }
{
jump = 2;
choices = [
{ kind = "insert"; text = "value"; }
{
nodes = [
{ jump = 1; }
{ text = "["; }
{ jump = 2; }
{ text = "]"; }
];
}
{
nodes = [
{ jump = 1; }
{ text = "{"; }
{ jump = 2; }
{ text = "}"; }
];
}
];
}
{ text = ";"; }
{ jump = 0; }
];
"module".nodes = [
@ -61,15 +61,17 @@
choices = [
{
nodes = [
{ text = "let "; }
{ jump = 1; }
{ text = "let "; }
{ jump = 2; }
{ text = "in"; }
];
}
{
nodes = [
{ jump = 1; }
{ text = "with "; }
{ jump = 1; text = "lib"; }
{ jump = 2; text = "lib"; }
{ text = ";"; }
];
}
@ -85,7 +87,6 @@
];
}
{ text = [ "" "}" ]; }
{ jump = 0; }
];
};
}

View file

@ -1,19 +0,0 @@
# Davmail
## Update refresh token
Stop current `davmail.service` and clone properties to a temp file
```sh
sudo systemctl stop davmail.service
cat $(sudo systemctl cat davmail.service | awk '/ExecStart=/ { print $2; }') > /tmp/davmail.properties
```
Start davmail manually
```sh
davmail /tmp/davmail.properties
```
Open renew link in the browser and copy `refreshToken` from
`/tmp/davmail.properties`

View file

@ -1,6 +1,6 @@
# WireGuard
## Generate key pair
## Generate keypair
```sh
umask 077
@ -8,20 +8,6 @@ wg genkey > ./private
wg pubkey < ./private > ./public
```
## Configuration
Then create QR code with configuration using the following command:
```sh
nix build -f ./misc/wg-client-conf.nix \
--argstr address "" \
--argstr dns "" \
--argstr privateKey "$(cat private)" \
--argstr serverPublicKey "" \
--argstr serverEndpoint ""
```
# References:
- https://nixos.wiki/wiki/WireGuard

View file

@ -1,20 +0,0 @@
{ buildNpmPackage, fetchFromGitHub }:
# https://github.com/BuilderIO/micro-agent
buildNpmPackage rec {
pname = "micro-agent";
version = "0.0.41";
src = fetchFromGitHub {
owner = "BuilderIO";
repo = "micro-agent";
rev = "v${version}";
hash = "sha256-NxnK8MgKPTZVIADd03fJ6egUWq5vgVxkOvqaD/T/12w=";
};
npmDepsHash = "sha256-exIqyldG5dcUt1xoVLQw/FLOOqfIpG44i3fdzG4cyvM=";
NODE_OPTIONS = "--openssl-legacy-provider";
npmFlags = [ "--ignore-scripts" ];
}

View file

@ -2,6 +2,35 @@
This repository contains configurations for my personal vps and workstations.
## Hosts
Workstations:
- **home** - Home desktop computer for work.
- **asus-gl553vd** - My laptop for remote work.
# Home Manager configs
User configurations are included.
### Themes
| Name | Palettes | Note |
| :--------- | :------- | :------ |
| Catppuccin | Frappe | Current |
### Core Programs
| Type | Program |
| :------------- | :------ |
| Status Bar | Polybar |
| Window Manager | XMonad |
| Launcher | Dmenu |
| Terminal | Wezterm |
| Editor | Neovim |
| File Manager | vifm |
| Shell | Zsh |
### Screenshots
![workspace](assets/screenshot_1.png)

View file

@ -5,12 +5,12 @@
{
"description": "home youtube.com/youtu.be -> invidious",
"exampleUrl": "https://www.youtube.com/",
"exampleResult": "https://yewtu.be/",
"exampleResult": "https://inv.oikei.net/",
"error": null,
"includePattern": "https://(?:www\\.)?(youtube\\.com|youtu.be)/$",
"excludePattern": "",
"patternDesc": "get home page ",
"redirectUrl": "https://yewtu.be/",
"redirectUrl": "https://inv.oikei.net/",
"patternType": "R",
"processMatches": "noProcessing",
"disabled": false,
@ -22,12 +22,12 @@
{
"description": "youtu.be -> invidious",
"exampleUrl": "https://youtu.be/MYRBI-X5nfhI?si=sSoZBk9bB7NSEE8j",
"exampleResult": "https://yewtu.be/watch?v=MYRBI-X5nfhI",
"exampleResult": "https://inv.oikei.net/watch?v=MYRBI-X5nfhI",
"error": null,
"includePattern": "https://youtu.be/([\\w-]+)(\\?.*)?",
"excludePattern": "",
"patternDesc": "get video id from url",
"redirectUrl": "https://yewtu.be/watch?v=$1",
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
"patternType": "R",
"processMatches": "noProcessing",
"disabled": false,
@ -39,12 +39,12 @@
{
"description": "youtube.com -> invidious",
"exampleUrl": "https://www.youtube.com/watch?v=jQ-KdWyzKfE",
"exampleResult": "https://yewtu.be/watch?v=jQ-KdWyzKfE",
"exampleResult": "https://inv.oikei.net/watch?v=jQ-KdWyzKfE",
"error": null,
"includePattern": "https://(?:www\\.)?youtube\\.com/watch\\?v=([\\w-]+)(&.*)?",
"excludePattern": "",
"patternDesc": "get video id from url",
"redirectUrl": "https://yewtu.be/watch?v=$1",
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
"patternType": "R",
"processMatches": "noProcessing",
"disabled": false,
@ -56,12 +56,12 @@
{
"description": "youtube.com/shorts -> invidious",
"exampleUrl": "https://www.youtube.com/shorts/jQkhyLSqlLg",
"exampleResult": "https://yewtu.be/watch?v=jQkhyLSqlLg",
"exampleResult": "https://inv.oikei.net/watch?v=jQkhyLSqlLg",
"error": null,
"includePattern": "https://(?:www\\.)?youtube\\.com/shorts/([\\w-]+)(&.*)?",
"excludePattern": "",
"patternDesc": "get video id from url",
"redirectUrl": "https://yewtu.be/watch?v=$1",
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
"patternType": "R",
"processMatches": "noProcessing",
"disabled": false,
@ -73,12 +73,12 @@
{
"description": "youtube.com/live -> invidious",
"exampleUrl": "https://www.youtube.com/live/jQ-KdWyzKfE",
"exampleResult": "https://yewtu.be/watch?v=jQ-KdWyzKfE",
"exampleResult": "https://inv.oikei.net/watch?v=jQ-KdWyzKfE",
"error": null,
"includePattern": "https://(?:www\\.)?youtube\\.com/live/([\\w-]+)(\\?.*)?",
"excludePattern": "",
"patternDesc": "get video id from url",
"redirectUrl": "https://yewtu.be/watch?v=$1",
"redirectUrl": "https://inv.oikei.net/watch?v=$1",
"patternType": "R",
"processMatches": "noProcessing",
"disabled": false,
@ -90,12 +90,12 @@
{
"description": "youtube.com/channel -> invidious",
"exampleUrl": "https://www.youtube.com/@KdWyzKfE",
"exampleResult": "https://yewtu.be/@KdWyzKfE",
"exampleResult": "https://inv.oikei.net/@KdWyzKfE",
"error": null,
"includePattern": "https://(?:www\\.)?youtube\\.com/(@[\\w-]+)(\\?.*)?",
"excludePattern": "",
"patternDesc": "get channel name from url",
"redirectUrl": "https://yewtu.be/$1",
"redirectUrl": "https://inv.oikei.net/$1",
"patternType": "R",
"processMatches": "noProcessing",
"disabled": false,
@ -107,12 +107,12 @@
{
"description": "indivious (old -> current)",
"exampleUrl": "https://yt.cdaut.de/watch?v=jUnhS74uicE",
"exampleResult": "https://yewtu.be/watch?v=jUnhS74uicE",
"exampleResult": "https://invidious.einfachzocken.eu/watch?v=jUnhS74uicE",
"error": null,
"includePattern": "https://(yt.cdaut.de|inv.oikei.net|invidious.einfachzocken.eu)/(.*)",
"includePattern": "https://(yt.cdaut.de|inv.oikei.net)/(.*)",
"excludePattern": "",
"patternDesc": "Redirect from old instances",
"redirectUrl": "https://yewtu.be/$2",
"redirectUrl": "https://invidious.einfachzocken.eu/$2",
"patternType": "R",
"processMatches": "noProcessing",
"disabled": false,

Binary file not shown.

View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, inputs, globalData, packagesPath, ... }:
{ config, pkgs, lib, inputs, globalData, ... }:
{
imports = [./davmail.secret.nix];
@ -57,7 +57,6 @@
imports = [
./email_accounts.secret.nix
./calendars.secret.nix
./ssh.secret.nix
./git
];
@ -95,20 +94,22 @@
};
local.programs.file-managers.vifm.enable = lib.mkDefault true;
local.programs.file-managers.nnn = {
enable = true;
package = pkgs.unstable.nnn;
};
local.programs.aerc.enable = lib.mkDefault true;
local.programs.communication = {
telegram.enable = lib.mkDefault true;
matrix.enable = lib.mkDefault true;
simplex-chat.enable = lib.mkDefault (config.local.system.kernel != "hardened");
};
local.programs.dev-tools = {
base.enable = lib.mkDefault true;
nix.enable = lib.mkDefault true;
web.enable = lib.mkDefault true;
psql = {
enable = lib.mkDefault true;
package = lib.mkDefault pkgs.postgresql_16;
package = lib.mkDefault pkgs.postgresql_14;
};
eza.enable = lib.mkDefault true;
direnv.enable = lib.mkDefault true;
@ -119,8 +120,6 @@
local.programs.flameshot.enable = lib.mkDefault true;
local.programs.argos-translate.enable = lib.mkDefault true;
################################################################################
# Services
################################################################################
@ -156,11 +155,6 @@
# tools
procs
bottom
jq
nodePackages.vscode-langservers-extracted # html, css, json, eslint
(pkgs.callPackage (packagesPath + /micro-agent) {})
];
home.file = {

Binary file not shown.

View file

@ -25,7 +25,6 @@
extraConfig = {
init.defaultBranch = "main";
pull.rebase = true;
advice.skippedCherryPicks = false;
};
aliases = {
co = "switch";
@ -47,9 +46,7 @@
can = "commit --amend --no-edit";
p = "push";
pt = "push --tags";
po = "push origin";
pot = "push origin --tags";
pf = "push --force-with-lease";
pfo = "push --force-with-lease origin";
pl = "pull";
@ -73,14 +70,8 @@
re = "restore";
res = "restore --staged";
resw = "restore --staged --worktree";
rls = "ls-remote --heads";
rlso = "ls-remote --heads origin";
rlsu = "ls-remote --heads upstream";
lo = "log --pretty=oneline";
los = "log --pretty='format:%s'";
sma = "submodule add";
smui = "submodule update --init";
@ -92,9 +83,6 @@
sai = "stash apply --index";
sp = "stash pop";
spi = "stash pop --index";
t = "tag";
tf = "tag --force";
};
};
}

Binary file not shown.

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more