megamanmalte/nixos
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

[*] Redo flake.nix, use utils-plus, new formatter

Browse source
This commit is contained in:
Malte Tammena 2022-03-23 13:10:18 +01:00
parent 0c25556826
commit b41bb0bea3
63 changed files with 1363 additions and 1405 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
flake.lock
View file

@ -279,6 +279,21 @@
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"glados": {
"inputs": {
"nixCargoIntegration": "nixCargoIntegration_2"
@ -675,7 +690,8 @@
"qmk-udev-rules": "qmk-udev-rules",
"radicale_infcloud": "radicale_infcloud",
"rip": "rip",
"sops-nix": "sops-nix"
"sops-nix": "sops-nix",
"utils": "utils_3"
}
},
"rust-analyzer-src": {
@ -861,6 +877,24 @@
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1647259887,
"narHash": "sha256-yEkMbEHVO9qydluQ3uHGWX1PkfZhgDKxnd1rhZYZ72w=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "06dba5f3b4fa2cc0bfc98ce9cd6f9a4d8db11d46",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
}
},
"root": "root",

433
flake.nix
View file

@ -3,10 +3,10 @@
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware";
utils.url = "github:gytis-ivaskevicius/flake-utils-plus";
custom-udev-rules.url = "github:MalteT/custom-udev-rules";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";
@ -19,10 +19,6 @@
url = "github:MalteT/mensa/main";
inputs.nixpkgs.follows = "nixpkgs";
};
custom-udev-rules = {
url = "github:MalteT/custom-udev-rules";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
@ -43,6 +39,11 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
fend = {
url = "github:MalteT/fend/flake";
inputs.nixpkgs.follows = "nixpkgs";
};
gruvbox-material-gtk = {
url = "github:sainnhe/gruvbox-material-gtk";
flake = false;
@ -63,215 +64,48 @@
url = "github:Unrud/RadicaleInfCloud";
flake = false;
};
fend = {
url = "github:MalteT/fend/flake";
inputs.nixpkgs.follows = "nixpkgs";
};
qmk-udev-rules = {
url = "github:qmk/qmk_firmware";
flake = false;
};
};
outputs = { self, nixpkgs, nixos-hardware, home-manager, ... }@inputs: {
outputs = {
self,
utils,
nixpkgs,
nixos-hardware,
...
} @ inputs: let
pkgs = self.pkgs.x86_64-linux.nixpkgs;
colmena = {
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
hosts = [
"helix-texta"
"murex-pecten"
"cornu-aspersum"
"elysia-clarki"
"trochulus-hispidus"
];
helix-texta = { name, nodes, pkgs, ... }: {
imports = [ self.nixosModules.helix-texta ];
config.deployment = {
allowLocalDeployment = true;
targetHost = "helix-texta";
targetUser = "root";
};
};
murex-pecten = { name, nodes, pkgs, ... }: {
imports = [ self.nixosModules.murex-pecten ];
config.deployment = {
allowLocalDeployment = true;
targetHost = "murex-pecten";
targetUser = "root";
};
};
cornu-aspersum = { ... }: {
imports = [ self.nixosModules.cornu-aspersum ];
config.deployment = {
targetHost = "cornu-aspersum";
targetUser = "root";
};
};
elysia-clarki = { ... }: {
imports = [ self.nixosModules.elysia-clarki ];
config.deployment = {
targetHost = "elysia-clarki";
targetUser = "root";
};
};
trochulus-hispidus = { ... }: {
imports = [ self.nixosModules.trochulus-hispidus ];
config.deployment = {
targetHost = "trochulus-hispidus";
targetUser = "root";
};
};
};
nixosModules = {
helix-texta = { pkgs, config, ... }: {
imports = [
./hosts/helix-texta.nix
./modules/light-actkbd.nix
./modules/scanner.nix
self.nixosModules.thinkpad-p1-gen3
home-manager.nixosModules.home-manager
defaultModules = [
inputs.home-manager.nixosModules.home-manager
self.nixosModules.home-manager-config
self.nixosModules.x86_64-linux-basics
];
config = {
nix.settings = {
# add binary caches
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
];
substituters = nixpkgs.lib.mkForce [
"https://cache.nixos.org"
"https://nixpkgs-wayland.cachix.org"
];
};
environment.systemPackages =
[ inputs.colmena.packages.${config.nixpkgs.system}.colmena ];
# Overwrite basics
services.openssh.enable = false;
programs.mosh.enable = false;
# Overlays only relevant to my primary laptop
nixpkgs.overlays = [
inputs.nixpkgs-wayland.overlay
inputs.fenix.overlay
(import ./overlays/sane-backends.nix)
(import ./overlays/logisim.nix)
];
};
};
murex-pecten = { ... }: {
imports = [
self.nixosModules.x86_64-linux-basics
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
home-manager.nixosModules.home-manager
self.nixosModules.home-manager-config
./hosts/murex-pecten.nix
./hardware/aorus.nix
];
config = { nixpkgs.overlays = [ inputs.fenix.overlay ]; };
};
cornu-aspersum = { ... }: {
imports = [
self.nixosModules.x86_64-linux-basics
./hosts/cornu-aspersum.nix
./hardware/netcup-rs-2000-g9.nix
./modules/nginx-reverse-proxy.nix
./modules/ccqcraft.nix
inputs.glados.nixosModules.glados
];
};
elysia-clarki = { pkgs, ... }: {
imports = [
self.nixosModules.x86_64-linux-basics
./hosts/elysia-clarki.nix
./hardware/intel-nuc.nix
./modules/local-build-service.nix
./modules/nginx-reverse-proxy.nix
#./modules/binary-cache.nix
./modules/ccqcraft-backups.nix
];
config = {
# Override kernel version for zfs
boot.kernelPackages = pkgs.linuxPackages_5_10;
};
};
trochulus-hispidus = { pkgs, ... }: {
imports = [
home-manager.nixosModules.home-manager
self.nixosModules.x86_64-linux-basics
self.nixosModules.home-manager-config
./modules/scanner.nix
./hosts/trochulus-hispidus.nix
./hardware/latitude-e7440.nix
];
config = {
nixpkgs.overlays = [ (import ./overlays/sane-backends.nix) ];
};
};
};
nixosModules.thinkpad-p1-gen3 = { ... }: {
imports = [
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-nvidia
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-pc-laptop-acpi_call
./hardware/thinkpad-p1-gen3.nix
];
};
nixosModules.home-manager-config = { ... }: {
home-manager.verbose = true;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
};
# Necessary for flakes to work
nixosModules.nixUnstable = { pkgs, ... }: {
nix.registry.nixpkgs.flake = nixpkgs;
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
nixpkgs.overlays = [ (self: super: { nix = super.nixUnstable; }) ];
# Enable store optimiser
nix.optimise = {
automatic = true;
dates = [ "04:00" ];
};
};
# Some basics that every machine should have
nixosModules.x86_64-linux-basics = { pkgs, config, ... }: {
imports = [
inputs.custom-udev-rules.nixosModule
inputs.sops-nix.nixosModules.sops
self.nixosModules.nixUnstable
./modules/base-system.nix
];
in
utils.lib.mkFlake {
inherit self inputs;
config = {
# Set the system revision if this flake has it
system.configurationRevision = pkgs.lib.mkIf (self ? rev) self.rev;
supportedSystems = ["x86_64-linux"];
# Add some useful overlays
# TODO: How would I do this inside ./modules/base-system.nix?
nixpkgs.overlays = [
sharedOverlays = [
inputs.fenix.overlay
inputs.nixpkgs-wayland.overlay
inputs.colmena.overlay
utils.overlay
(self: super: {
# Add FiraCode as a package, but use NerdFonts
firaCodeNerd = super.nerdfonts.override {fonts = ["FiraCode"];};
@ -286,87 +120,177 @@
# Override cataclysm to use git
(import ./overlays/cataclysm-dda.nix)
(import ./overlays/qmk-udev-rules.nix)
(import ./overlays/sane-backends.nix)
(import ./overlays/logisim.nix)
];
hostDefaults.system = "x86_64-linux";
hostDefaults.modules = defaultModules;
hosts = builtins.listToAttrs (map (host: {
name = host;
value = {modules = [self.nixosModules.${host}];};
})
hosts);
nixosModules = {
home-manager-config = {...}: {
home-manager.verbose = true;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
};
nixUnstable = {pkgs, ...}: {
nix.registry.nixpkgs.flake = nixpkgs;
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
nixpkgs.overlays = [(self: super: {nix = super.nixUnstable;})];
# Enable store optimiser
nix.optimise = {
automatic = true;
dates = ["04:00"];
};
};
helix-texta = {
pkgs,
config,
...
}: {
imports = [
./hosts/helix-texta.nix
./modules/light-actkbd.nix
./modules/scanner.nix
self.nixosModules.thinkpad-p1-gen3
];
config = {
# Overwrite basics
services.openssh.enable = false;
programs.mosh.enable = false;
};
};
murex-pecten = {...}: {
imports = [
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
./hosts/murex-pecten.nix
./hardware/aorus.nix
];
};
cornu-aspersum = {...}: {
imports = [
./hosts/cornu-aspersum.nix
./hardware/netcup-rs-2000-g9.nix
./modules/nginx-reverse-proxy.nix
./modules/ccqcraft.nix
inputs.glados.nixosModules.glados
];
};
elysia-clarki = {pkgs, ...}: {
imports = [
./hosts/elysia-clarki.nix
./hardware/intel-nuc.nix
./modules/local-build-service.nix
./modules/nginx-reverse-proxy.nix
#./modules/binary-cache.nix
./modules/ccqcraft-backups.nix
];
config = {
# Override kernel version for zfs
boot.kernelPackages = pkgs.linuxPackages_5_10;
};
};
trochulus-hispidus = {pkgs, ...}: {
imports = [
./modules/scanner.nix
./hosts/trochulus-hispidus.nix
./hardware/latitude-e7440.nix
];
};
thinkpad-p1-gen3 = {...}: {
imports = [
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-nvidia
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-pc-laptop-acpi_call
./hardware/thinkpad-p1-gen3.nix
];
};
};
# My thinkpad P1
nixosConfigurations.helix-texta = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.helix-texta ];
colmena =
{
meta = {nixpkgs = pkgs;};
defaults = {...}: {imports = defaultModules;};
}
// (builtins.listToAttrs (map (
host: {
name = host;
value = {
imports = [self.nixosModules.${host}];
config.deployment = {
targetHost = host;
targetUser = "root";
};
# My tower
nixosConfigurations.murex-pecten = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.murex-pecten ];
};
}
)
hosts));
# Currently hosted by NetCup
nixosConfigurations.cornu-aspersum = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.cornu-aspersum ];
};
# Server @home
nixosConfigurations.elysia-clarki = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.elysia-clarki ];
};
# Marie's laptop
nixosConfigurations.trochulus-hispidus = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.trochulus-hispidus ];
};
devShell.x86_64-linux =
let pkgs = import nixpkgs { system = "x86_64-linux"; };
in pkgs.mkShell {
packages = [
(with pkgs;
writeScriptBin "rebuild" ''
outputsBuilder = channels: {
devShell = channels.nixpkgs.mkShell {
packages = let
date = "${pkgs.coreutils}/bin/date";
git = "${pkgs.git}/bin/git";
nixos-rebuild = "${pkgs.nixos-rebuild}/bin/nixos-rebuild";
sops = "${pkgs.sops}/bin/sops";
bat = "${pkgs.bat}/bin/bat";
in
with pkgs; [
(writeScriptBin "rebuild" ''
#!${stdenv.shell}
if [ -z $1 ]; then
echo "Need 'switch|boot|...'"
exit 1
fi
today=`${coreutils}/bin/date +%Y-%m-%d`
branch=`${git}/bin/git branch --show-current`
rev=`${git}/bin/git log -1 --format=%h`
dirty=`${git}/bin/git diff --quiet || echo '~'`
today=`${date} +%Y-%m-%d`
branch=`${git} branch --show-current`
rev=`${git} log -1 --format=%h`
dirty=`${git} diff --quiet || echo '~'`
NIXOS_LABEL_VERSION=$today-$branch-$rev$dirty
# Extract build secrets
echo Extracting build secrets..
${sops}/bin/sops --extract '["polymc-client-id"]' -d secrets/secrets.yaml > build-secrets/polymc-client-id
${sops} --extract '["polymc-client-id"]' -d secrets/secrets.yaml > build-secrets/polymc-client-id
sudo ${nixos-rebuild}/bin/nixos-rebuild $1 --flake .
sudo ${nixos-rebuild} $1 --flake .
'')
(with pkgs;
writeScriptBin "all-hosts" ''
(writeScriptBin "all-hosts" ''
nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[]
'')
(with pkgs;
writeScriptBin "push-to" ''
(writeScriptBin "push-to" ''
if [ -z $2 ]; then
echo "Need 'switch|boot|...'"
exit 1
fi
host=$1
action=$2
nixos-rebuild --flake .#$host --build-host root@$host --target-host root@$host $action
${nixos-rebuild} --flake .#$host --build-host root@$host --target-host root@$host $action
'')
(with pkgs;
writeScriptBin "option" ''
(writeScriptBin "option" ''
host=$1
option=$2
nix eval .#nixosConfigurations.$host.config.$option
'')
(with pkgs;
writeScriptBin "hm-option" ''
(writeScriptBin "hm-option" ''
host=$1
option=$2
user=$3
@ -375,14 +299,13 @@
fi
nix eval .#nixosConfigurations.$host.config.home-manager.users.$user.$option 2>/dev/null
'')
(with pkgs;
writeScriptBin "test-config" ''
(writeScriptBin "test-config" ''
#!${stdenv.shell}
for host in $(all-hosts); do
echo == Checking ''${host}..
nixos-rebuild --flake .#$host dry-build 2> /tmp/build-output
${nixos-rebuild} --flake .#$host dry-build 2> /tmp/build-output
if [[ $? -ne 0 ]]; then
bat --file-name "Failed to verify config for $host" /tmp/build-output
${bat} --file-name "Failed to verify config for $host" /tmp/build-output
exit 1
fi
done
@ -390,8 +313,10 @@
echo === All checks passed
'')
inputs.colmena.packages.x86_64-linux.colmena
fup-repl
alejandra
];
};
};
};
}

18
hardware/aorus.nix
View file

@ -1,16 +1,17 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
initrd = {
availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = ["dm-snapshot" "amdgpu"];
luks.devices."enc".device =
"/dev/disk/by-uuid/037d5dc5-17c3-4643-9ad8-7403d280b191";
luks.devices."enc".device = "/dev/disk/by-uuid/037d5dc5-17c3-4643-9ad8-7403d280b191";
};
kernelModules = ["kvm-amd"];
@ -44,8 +45,7 @@
};
};
swapDevices =
[{ device = "/dev/disk/by-uuid/a8d98aa8-47e4-4d32-bc95-1f4a9a1c1d91"; }];
swapDevices = [{device = "/dev/disk/by-uuid/a8d98aa8-47e4-4d32-bc95-1f4a9a1c1d91";}];
# Enable bluetooth
hardware.bluetooth.enable = true;

40
hardware/intel-nuc.nix
View file

@ -1,11 +1,15 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
# === Boot options ===
boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usbhid" "uas" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "uas" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
@ -32,9 +36,9 @@
};
# === Swap ===
swapDevices =
[{ device = "/dev/disk/by-uuid/efc7e294-1c18-4dd9-aca5-f868eb9c47fc"; }];
} // (
swapDevices = [{device = "/dev/disk/by-uuid/efc7e294-1c18-4dd9-aca5-f868eb9c47fc";}];
}
// (
# === External drives ===
let
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
@ -53,7 +57,8 @@
${cryptsetup} luksClose ${label}opened
'';
};
} overwrites;
}
overwrites;
disks = {
FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5";
@ -65,12 +70,10 @@
# Unlock all luks devices and import the zfs pools if necessary
systemd.services."luks-open-FRA" =
unlockLuksService "FRA" "/root/keys/fra" {};
systemd.services."luks-open-BER" =
unlockLuksService "BER" "/root/keys/ber" {
systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zBER";
};
systemd.services."luks-open-HND" =
unlockLuksService "HND" "/root/keys/hnd" {
systemd.services."luks-open-HND" = unlockLuksService "HND" "/root/keys/hnd" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zHND";
};
systemd.services."luks-open-LEJ" =
@ -96,12 +99,15 @@
];
# Add udev rules for every disk
services.udev.customRules = [{
services.udev.customRules = [
{
name = "85-rename-and-unlock-disks";
rules = lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
(alias: uuid: ''
SUBSYSTEM=="block", ENV{ID_FS_UUID}=="${uuid}", SYMLINK+="${alias}", TAG+="systemd"
'') disks);
}];
})
'')
disks);
}
];
}
)

14
hardware/latitude-e7440.nix
View file

@ -1,10 +1,13 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
@ -14,8 +17,7 @@
fsType = "ext4";
};
boot.initrd.luks.devices."nixos".device =
"/dev/disk/by-uuid/52caf614-e56e-46f4-9604-222ea98fc106";
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/52caf614-e56e-46f4-9604-222ea98fc106";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D70A-4148";

15
hardware/netcup-minimal.nix
View file

@ -1,17 +1,18 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
fileSystems."/" = {
device = "/dev/disk/by-uuid/652432d2-a452-496c-b29d-b22c479a8545";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/2c090f4d-4163-43b8-8b76-b1ac1c30e755"; }];
swapDevices = [{device = "/dev/disk/by-uuid/2c090f4d-4163-43b8-8b76-b1ac1c30e755";}];
}

11
hardware/netcup-rs-2000-g9.nix
View file

@ -1,10 +1,13 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";

17
hardware/thinkpad-p1-gen3.nix
View file

@ -1,12 +1,14 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
boot = {
initrd = {
availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
luks.devices."enc".device =
"/dev/disk/by-uuid/1f1e51d6-3084-4f4d-9b4b-6caa0352f542";
availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
luks.devices."enc".device = "/dev/disk/by-uuid/1f1e51d6-3084-4f4d-9b4b-6caa0352f542";
};
kernelModules = ["kvm-intel" "acpi-call"];
#blacklistedKernelModules = [ "nvidia" ];
@ -108,6 +110,5 @@
};
};
swapDevices =
[{ device = "/dev/disk/by-uuid/6948f567-03b3-4a38-b3c4-e05e0bbfbf55"; }];
swapDevices = [{device = "/dev/disk/by-uuid/6948f567-03b3-4a38-b3c4-e05e0bbfbf55";}];
}

14
hosts/cornu-aspersum.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
@ -11,8 +13,7 @@
users.users = {
root = {
hashedPassword =
"$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
};
};
@ -32,8 +33,7 @@
# Run radicale with infcloud interface for me and Marie
services.radicaleWithInfcloud.enable = true;
systemd.services.glados.serviceConfig.SupplementaryGroups =
[ config.users.groups.keys.name ];
systemd.services.glados.serviceConfig.SupplementaryGroups = [config.users.groups.keys.name];
services.qemuGuest.enable = true;
@ -51,6 +51,4 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

7
hosts/elysia-clarki.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = ["zfs"];

73
hosts/helix-texta.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
pamLogin = ''
# Account management.
account required pam_unix.so
@ -18,7 +21,6 @@ let
session required ${pkgs.linux-pam}/lib/security/pam_lastlog.so silent
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
'';
in {
boot = {
# Use the systemd-boot EFI boot loader.
@ -53,18 +55,21 @@ in {
config.pipewire = {"default.clock.allowed-rates" = [48000 44100];};
media-session.config.alsa-monitor = {
rules = [{
matches = [{
"node.name" =
"alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
}];
rules = [
{
matches = [
{
"node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
}
];
actions = {
update-props = {
#"audio.rate" = 96000;
"api.alsa.headroom" = 1024;
};
};
}];
}
];
};
};
xdg.portal = {
@ -110,34 +115,8 @@ in {
};
services.fprintd.enable = true;
users = {
# I like my users unmutable
mutableUsers = false;
# Myself
users.malte = {
description = "Malte Tammena";
hashedPassword =
"$6$zqEC2iJJ98Ne$lRERO30msyjJm7oJCqRD/xj3NIm4De37gD.VUzfg7aceosE/6S6eNAaruIakgUtSC970MHRPoNlCEy1RoFuyh.";
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"lp"
"kvm"
"libvirtd"
"podman"
"scanner"
config.users.groups.keys.name
];
# Yes, use the best, please
shell = pkgs.fish;
};
};
home-manager.users.malte.imports = [ ../users/malte/home.nix ];
programs.fish.enable = true;
users.mutableUsers = false;
users.custom.malte.enable = true;
# Use some fonts
fonts = {
@ -170,10 +149,7 @@ in {
programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs = pkgs: [ pkgs.openssl ];
#nativeOnly = true;
};
steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];};
};
programs.sway.enable = true;
@ -192,18 +168,6 @@ in {
sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# TODO: Improve this
sops.secrets."restic-backup-malte" = {
sopsFile = ../secrets/users/malte/secrets.yaml;
owner = "malte";
mode = "0400";
key = "restic-backup";
};
sops.secrets."radicale-password" = {
sopsFile = ../secrets/users/malte/secrets.yaml;
owner = "malte";
mode = "0400";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
@ -213,4 +177,3 @@ in {
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

102
hosts/murex-pecten.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
@ -31,18 +33,21 @@
config.pipewire."default.clock.allowed-rates" = [48000 44100];
media-session.config.alsa-monitor = {
rules = [{
matches = [{
"node.name" =
"alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
}];
rules = [
{
matches = [
{
"node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
}
];
actions = {
update-props = {
#"audio.rate" = 96000;
"api.alsa.headroom" = 1024;
};
};
}];
}
];
};
};
@ -62,53 +67,9 @@
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
# I like my users unmutable
mutableUsers = false;
# Myself
users.malte = {
description = "Malte Tammena";
hashedPassword =
"$6$zqEC2iJJ98Ne$lRERO30msyjJm7oJCqRD/xj3NIm4De37gD.VUzfg7aceosE/6S6eNAaruIakgUtSC970MHRPoNlCEy1RoFuyh.";
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"lp"
"kvm"
"libvirtd"
"podman"
"corectrl"
"scanner"
config.users.groups.keys.name
];
# Yes, use the best, please
shell = pkgs.fish;
};
users.marie = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"lp"
"scanner"
config.users.groups.keys.name
];
hashedPassword =
"$6$Fo/q41zf1/tI4dgX$.Y1bnBkGjwkRCOM2gg1yZtAjFQadjAVX8Eq8Llw5Y12ENOycBWtNaCVPli2P7gwNpLSg3p80iG.Zy.T1GR0NG0";
# This is really just for my comfort
shell = pkgs.fish;
};
};
home-manager.users.malte.imports = [ ../users/malte/home.nix ];
home-manager.users.marie.imports = [ ../users/marie/home.nix ];
programs.fish.enable = true;
users.mutableUsers = false;
users.custom.marie.enable = true;
users.custom.malte.enable = true;
fonts = {
enableDefaultFonts = true;
@ -129,20 +90,9 @@
security.pam = {
yubico = {
enable = true;
#id = "ccccccvblrrf";
mode = "challenge-response";
control = "sufficient";
};
#services.login = {
#name = "login";
## Fix when https://github.com/NixOS/nixpkgs/pull/105319 lands..
#text = pamLogin;
#};
#services.swaylock = {
# name = "swaylock";
# fprintAuth = true;
# unixAuth = true;
#};
};
services.udev.customRules = [
@ -191,24 +141,6 @@
sops.defaultSopsFile = ../secrets/hosts/murex-pecten/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# TODO: Improve this
sops.secrets."restic-backup-malte" = {
sopsFile = ../secrets/users/malte/secrets.yaml;
owner = "malte";
mode = "0400";
key = "restic-backup";
};
sops.secrets."restic-backup-marie" = {
sopsFile = ../secrets/users/marie/secrets.yaml;
owner = "marie";
mode = "0400";
key = "restic-backup";
};
sops.secrets."radicale-password" = {
sopsFile = ../secrets/users/malte/secrets.yaml;
owner = "malte";
mode = "0400";
};
environment.systemPackages = with pkgs; [
qt5.qtwayland
@ -232,6 +164,4 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

26
hosts/trochulus-hispidus.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -41,24 +43,8 @@
users = {
mutableUsers = false;
users.marie = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"lp"
"scanner"
config.users.groups.keys.name
];
hashedPassword =
"$6$Fo/q41zf1/tI4dgX$.Y1bnBkGjwkRCOM2gg1yZtAjFQadjAVX8Eq8Llw5Y12ENOycBWtNaCVPli2P7gwNpLSg3p80iG.Zy.T1GR0NG0";
# This is really just for my comfort
shell = pkgs.fish;
custom.marie.enable = true;
};
};
home-manager.users.marie.imports = [ ../users/marie/home.nix ];
fonts = {
enableDefaultFonts = true;
@ -90,6 +76,4 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

22
modules/7-days-to-die.nix
View file

@ -1,6 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
ports = {
tcp = [26900];
udp = [26900 26901 26902];
@ -9,13 +12,12 @@ let
gid = 459;
cfg = config.services."7-days-to-die";
portsTcp = map (port:
let portStr = builtins.toString port;
portsTcp = map (port: let
portStr = builtins.toString port;
in "${portStr}:${portStr}/tcp");
portsUdp = map (port:
let portStr = builtins.toString port;
portsUdp = map (port: let
portStr = builtins.toString port;
in "${portStr}:${portStr}/udp");
in {
options.services."7-days-to-die" = with lib; {
enable = mkEnableOption "7 Days to die game server service";
@ -26,8 +28,7 @@ in {
openFirewall = mkOption {
type = types.bool;
default = false;
description =
"Whether to open the firewall for ports ${builtins.toString ports}";
description = "Whether to open the firewall for ports ${builtins.toString ports}";
};
};
@ -66,4 +67,3 @@ in {
};
};
}

28
modules/base-system.nix
View file

@ -1,9 +1,11 @@
# Settings that most of my hosts can agree on, but
# some of these settings are overriden on a per-host basis.
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}: {
imports = [
./photoprism.nix
./7-days-to-die.nix
@ -12,6 +14,8 @@
./restic.nix
./wakeup.nix
./hdparm.nix
./malte.nix
./marie.nix
];
options.settings = with lib; {
@ -32,6 +36,23 @@
hardware.enableAllFirmware = true;
hardware.enableRedistributableFirmware = true;
# Use some binary caches
nix.settings = {
# add binary caches
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
"2a-emulator.cachix.org-1:ijJDEqNsMqhamxxWvqOiaCQNoYhWNw7A+gGICgAH1mE="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
];
substituters = [
"https://cache.nixos.org"
"https://nixpkgs-wayland.cachix.org"
"https://2a-emulator.cachix.org"
"https://colmena.cachix.org"
];
};
# Make sure that I can login over the tailscale infrastructure
# while increasing security
# TODO: Restrict openssh interface, move port
@ -78,6 +99,5 @@
interfaceName = "looking-glas";
};
networking.firewall.allowedUDPPorts = [config.services.tailscale.port];
};
}

9
modules/binary-cache.nix
View file

@ -1,6 +1,8 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv.pem";
@ -9,8 +11,7 @@
services.nginx.virtualHosts."cache.home.dyn.tammena.rocks" = {
serverAliases = ["cache.elysia-clarki"];
locations."/" = {
proxyPass =
"http://localhost:${builtins.toString config.services.nix-serve.port}";
proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

9
modules/ccqcraft-backups.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
user = "ccqcraft";
host = "ccqcraft.de";
path = "~/server/mc/plugins/EasyBackup/backups";
@ -14,7 +12,6 @@ let
DATE=$(${coreutils}/bin/date +backup_%Y-%m-%d_%H:%M:%S%z.reset)
touch ./''${DATE}
'';
in {
systemd.services = {
ccqcraft-pull-backups = {
@ -45,8 +42,7 @@ in {
serviceConfig = {
Type = "oneshot";
WorkingDirectory = "/srv/hnd/ccqcraft-backups";
ExecStart =
[ ''${pkgs.openssh}/bin/ssh "${user}@${host}" rm ${path}/*'' ];
ExecStart = [''${pkgs.openssh}/bin/ssh "${user}@${host}" rm ${path}/*''];
ExecStartPost = ["${insertResetNoteCmd}/bin/insert-reset-note"];
};
};
@ -67,5 +63,4 @@ in {
timerConfig = {OnCalendar = clearTime;};
};
};
}

9
modules/ccqcraft.nix
View file

@ -1,21 +1,17 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
ports = {
minecraft = 25565;
rcon = 24738;
voicechat = 24454;
dynmap = 8123;
};
in {
virtualisation.docker.enable = true;
users.users.ccqcraft = {
isNormalUser = true;
extraGroups = ["docker"];
hashedPassword =
"$6$D69mzkGZAitfCQOL$oL/7SmSqGwRhZgyiOEgp6N5NkZ/NpdzggomtPFa4XB33Kb3aZMBiLWQS3VSHZhRo2y9mPgXy3mFPSvtvCzoKz/";
hashedPassword = "$6$D69mzkGZAitfCQOL$oL/7SmSqGwRhZgyiOEgp6N5NkZ/NpdzggomtPFa4XB33Kb3aZMBiLWQS3VSHZhRo2y9mPgXy3mFPSvtvCzoKz/";
};
environment.systemPackages = with pkgs; [
@ -48,5 +44,4 @@ in {
#"proxy_pass_header Authorization;";
};
};
}

11
modules/grafana.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, config, ... }:
let cfg = config.services.grafanaWithNginx;
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.grafanaWithNginx;
in {
options.services."grafanaWithNginx" = with lib; {
enable =

19
modules/hdparm.nix
View file

@ -1,11 +1,15 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.hdparm;
diskPath = disk: path:
if path == null then "/dev/disk/by-id/${disk}" else path;
if path == null
then "/dev/disk/by-id/${disk}"
else path;
mkService = disk: settings: {
name = "hdparm-${disk}";
@ -23,17 +27,14 @@ let
wantedBy = ["multi-user.target"];
};
};
in {
options.services.hdparm = with lib;
mkOption {
type = types.attrsOf (types.submodule {
options = {
path = mkOption {
type = types.nullOr types.str;
description =
"Path to the disk. Will assume <name> is the id in `/dev/disk/by-id/` if left null";
description = "Path to the disk. Will assume <name> is the id in `/dev/disk/by-id/` if left null";
default = null;
};
spinDown5Secs = mkOption {

4
modules/light-actkbd.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
light = "${pkgs.light}/bin/light";
decLight = pkgs.writeScriptBin "decrease-light-smartly" ''
#!${pkgs.fish}/bin/fish

8
modules/local-build-service.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
targetHosts = ["helix-texta" "elysia-clarki"];
remote = "https://git.sr.ht/~megamanmalte/nixos";
@ -20,7 +18,6 @@ let
${builtins.concatStringsSep "\n" (map buildForHost targetHosts)}
rm result
'';
in {
systemd.services.local-build-service = {
unitConfig = {
@ -35,8 +32,7 @@ in {
RuntimeDirectory = "local-build-service";
CacheDirectory = "local-build-service";
CacheDirectoryMode = "0777";
Environment = with pkgs;
"PATH=${git}/bin:${coreutils}/bin:${nixos-rebuild}/bin";
Environment = with pkgs; "PATH=${git}/bin:${coreutils}/bin:${nixos-rebuild}/bin";
};
};
}

51
modules/malte.nix Normal file
View file

@ -0,0 +1,51 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.users.custom.malte;
in {
options.users.custom.malte = with lib; {
enable = mkEnableOption "Enable user 'malte' on this machine";
};
config = lib.mkIf cfg.enable {
users.users.malte = {
description = "Malte Tammena";
hashedPassword = "$6$zqEC2iJJ98Ne$lRERO30msyjJm7oJCqRD/xj3NIm4De37gD.VUzfg7aceosE/6S6eNAaruIakgUtSC970MHRPoNlCEy1RoFuyh.";
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"lp"
"kvm"
"libvirtd"
"podman"
"corectrl"
"scanner"
config.users.groups.keys.name
];
# Yes, use the best, please
shell = pkgs.fish;
};
home-manager.users.malte.imports = [../users/malte/home.nix];
programs.fish.enable = true;
sops.secrets = {
"restic-backup-malte" = {
sopsFile = ../secrets/users/malte/secrets.yaml;
owner = "malte";
mode = "0400";
key = "restic-backup";
};
"radicale-password" = {
sopsFile = ../secrets/users/malte/secrets.yaml;
owner = "malte";
mode = "0400";
};
};
};
}

39
modules/marie.nix Normal file
View file

@ -0,0 +1,39 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.users.custom.marie;
in {
options.users.custom.marie = with lib; {
enable = mkEnableOption "Enable user 'marie' on this machine";
};
config = lib.mkIf cfg.enable {
users.users.marie = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"video"
"lp"
"scanner"
config.users.groups.keys.name
];
hashedPassword = "$6$Fo/q41zf1/tI4dgX$.Y1bnBkGjwkRCOM2gg1yZtAjFQadjAVX8Eq8Llw5Y12ENOycBWtNaCVPli2P7gwNpLSg3p80iG.Zy.T1GR0NG0";
# This is really just for my comfort
shell = pkgs.fish;
};
programs.fish.enable = true;
home-manager.users.marie.imports = [../users/marie/home.nix];
sops.secrets."restic-backup-marie" = {
sopsFile = ../secrets/users/marie/secrets.yaml;
owner = "marie";
mode = "0400";
key = "restic-backup";
};
};
}

6
modules/nginx-reverse-proxy.nix
View file

@ -1,7 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
security.acme.defaults.email = "malte.tammena@pm.me";
security.acme.acceptTerms = true;
@ -12,5 +9,4 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
}

13
modules/photoprism.nix
View file

@ -1,13 +1,15 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
# TODO: Improve with mariadb database
let
port = 2342;
uid = 458;
gid = 458;
cfg = config.services.photoprism;
in {
options.services.photoprism = with lib; {
enable = mkEnableOption "Photoprism service";
@ -21,8 +23,7 @@ in {
};
environmentFile = mkOption {
type = types.str;
description =
"Additional environment file. I.e. for specifying PHOTOPRISM_ADMIN_PASSWORD";
description = "Additional environment file. I.e. for specifying PHOTOPRISM_ADMIN_PASSWORD";
};
};

17
modules/radicale.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
internalPort = 5232;
cfg = config.services.radicaleWithInfcloud;
lock = builtins.fromJSON (builtins.readFile ../flake.lock);
@ -21,15 +24,14 @@ let
overlay = self: super: {
radicale = super.radicale.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs
propagatedBuildInputs =
old.propagatedBuildInputs
++ [radicale_infcloud];
});
};
htpasswd_filename = "/etc/radicale/users";
in {
options.services."radicaleWithInfcloud" = with lib; {
enable =
mkEnableOption "Radicale service with Infcloud frontend and nginx config";
@ -63,8 +65,7 @@ in {
};
};
# Make sure our service user can access the `htpasswd_filename` file
systemd.services.radicale.serviceConfig.SupplementaryGroups =
[ config.users.groups.keys.name ];
systemd.services.radicale.serviceConfig.SupplementaryGroups = [config.users.groups.keys.name];
sops.secrets."radicale-htpasswd" = {
owner = config.systemd.services.radicale.serviceConfig.User;

17
modules/restic.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, config, ... }:
let cfg = config.services.resticConfigured;
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.resticConfigured;
in {
options.services.resticConfigured = with lib; {
enable = mkEnableOption "Configured Restic rest server service";
rootDir = mkOption {
@ -18,13 +20,11 @@ in {
openFirewall = mkOption {
type = types.bool;
default = false;
description =
"Whether to open the firewall for port ${builtins.toString cfg.port}";
description = "Whether to open the firewall for port ${builtins.toString cfg.port}";
};
};
config = lib.mkIf cfg.enable {
services.restic.server = {
enable = true;
dataDir = cfg.rootDir;
@ -40,6 +40,5 @@ in {
Requires = lib.mkForce ["network.target" "luks-open-HND.service"];
After = lib.mkForce ["network.target" "luks-open-HND.service"];
};
};
}

4
modules/scanner.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
scan = "${pkgs.sane-backends}/bin/scanimage";
convert = "${pkgs.imagemagick}/bin/convert";
# TODO: Can I specify this in a better way?

13
modules/wakeup.nix
View file

@ -1,6 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
cfg = config.wakeup;
createServiceName = dev: "toggle-acpi-${dev}";
@ -12,7 +15,6 @@ let
'';
wantedBy = ["multi-user.target"];
};
in {
options.wakeup = with lib; {
toggleDevice = mkOption {
@ -27,6 +29,7 @@ in {
pairs = map (dev:
lib.attrsets.nameValuePair (createServiceName dev) (createService dev))
cfg.toggleDevice;
in builtins.listToAttrs pairs;
in
builtins.listToAttrs pairs;
};
}

11
overlays/cataclysm-dda.nix
View file

@ -1,11 +1,12 @@
self: super:
let lock = builtins.fromJSON (builtins.readFile ../flake.lock);
self: super: let
lock = builtins.fromJSON (builtins.readFile ../flake.lock);
in {
cataclysm-dda-git = (super.cataclysm-dda-git.override {
cataclysm-dda-git =
(super.cataclysm-dda-git.override {
useXdgDir = true;
version = lock.nodes.cataclysm-dda.locked.rev;
rev = lock.nodes.cataclysm-dda.locked.rev;
sha256 = lock.nodes.cataclysm-dda.locked.narHash;
}).overrideAttrs (old: { enableParallelBuilding = true; });
})
.overrideAttrs (old: {enableParallelBuilding = true;});
}

8
overlays/logisim.nix
View file

@ -1,12 +1,10 @@
self: super:
let font-flags = "-Dawt.useSystemAAFontSettings=lcd -Dswing.aatext=true";
self: super: let
font-flags = "-Dawt.useSystemAAFontSettings=lcd -Dswing.aatext=true";
in {
logisim = super.logisim.overrideAttrs (old: {
pname = "logisim-evolution";
src = super.fetchurl {
url =
"https://mathcs.holycross.edu/~kwalsh/logisim-evolution-4.0.4hc.jar";
url = "https://mathcs.holycross.edu/~kwalsh/logisim-evolution-4.0.4hc.jar";
sha256 = "0nmvzpdhgfrzx0x6799a1jnsbgipbszd312crf865nzvsi2p046i";
};
installPhase = ''

6
overlays/qmk-udev-rules.nix
View file

@ -1,6 +1,5 @@
self: super:
let lock = builtins.fromJSON (builtins.readFile ../flake.lock);
self: super: let
lock = builtins.fromJSON (builtins.readFile ../flake.lock);
in {
qmk-udev-rules = super.qmk-udev-rules.overrideAttrs (old: {
version = lock.nodes.qmk-udev-rules.locked.rev;
@ -12,4 +11,3 @@ in {
};
});
}

14
overlays/sane-backends.nix
View file

@ -1,16 +1,18 @@
self: super:
self: super: {
sane-backends =
(super.sane-backends.override {
extraFirmware = [
{
sane-backends = (super.sane-backends.override {
extraFirmware = [{
src = super.fetchurl {
url = "www.meier-geinitz.de/sane/gt68xx-backend/firmware/sbfw.usb";
sha256 = "12hnacivpy153alfjyr7k92y90nmb5d7z1ca7aix5w7wi0w4jdjv";
};
name = "sbfw.usb";
backend = "gt68xx";
}];
}).overrideAttrs (old: {
}
];
})
.overrideAttrs (old: {
patches = (old.patches or []) ++ [../patches/gt68xx.conf.patch];
});
}

15
pkgs/2i-emulator.nix
View file

@ -1,7 +1,11 @@
{ lib, fetchFromGitHub, rustPlatform }:
let lock = builtins.fromJSON (builtins.readFile ../flake.lock);
in rustPlatform.buildRustPackage {
{
lib,
fetchFromGitHub,
rustPlatform,
}: let
lock = builtins.fromJSON (builtins.readFile ../flake.lock);
in
rustPlatform.buildRustPackage {
pname = lock.nodes."2i-emulator".original.repo;
version = lock.nodes."2i-emulator".locked.rev;
@ -15,8 +19,7 @@ in rustPlatform.buildRustPackage {
cargoSha256 = "sha256-FUtOLYFPRFkUAXixcUzMfDmKju/GN6r/KQYqKCK8vBk=";
meta = with lib; {
description =
"Cli emulator for the micro computer 2i used in the computer science hardware course at Leipzig University";
description = "Cli emulator for the micro computer 2i used in the computer science hardware course at Leipzig University";
homepage = "https://github.com/klemens/2i-emulator";
license = licenses.gpl3;
maintainers = [];

17
pkgs/gruvbox-material-gtk.nix
View file

@ -1,10 +1,16 @@
{ lib, stdenv, fetchFromGitHub, hiDPI ? false }:
let
{
lib,
stdenv,
fetchFromGitHub,
hiDPI ? false,
}: let
lock = builtins.fromJSON (builtins.readFile ../flake.lock);
variant =
if hiDPI then "Gruvbox-Material-Dark-HIDPI" else "Gruvbox-Material-Dark";
in stdenv.mkDerivation rec {
if hiDPI
then "Gruvbox-Material-Dark-HIDPI"
else "Gruvbox-Material-Dark";
in
stdenv.mkDerivation rec {
pname = lock.nodes.gruvbox-material-gtk.locked.repo;
version = lock.nodes.gruvbox-material-gtk.locked.rev;
@ -29,4 +35,3 @@ in stdenv.mkDerivation rec {
maintainers = [];
};
}

15
pkgs/rip.nix
View file

@ -1,7 +1,13 @@
{ lib, stdenv, rustPlatform, fetchFromGitHub, pkg-config }:
let lock = builtins.fromJSON (builtins.readFile ../flake.lock);
in rustPlatform.buildRustPackage rec {
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
pkg-config,
}: let
lock = builtins.fromJSON (builtins.readFile ../flake.lock);
in
rustPlatform.buildRustPackage rec {
pname = "rip";
version = "";
@ -23,4 +29,3 @@ in rustPlatform.buildRustPackage rec {
maintainers = with maintainers; [];
};
}

1
users/malte/bemenu.nix
View file

@ -1,5 +1,4 @@
{pkgs, ...}:
pkgs.writeScriptBin "bemenu-run-configured" ''
#!${pkgs.stdenv.shell}

13
users/malte/broot.nix
View file

@ -1,13 +1,10 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.broot = {
enable = true;
enableFishIntegration = true;
skin = {
# TODO: Fix all these colors, make them dependent on config.colors
default =
"rgb(235, 219, 178) rgb(40, 40, 40) / rgb(189, 174, 147) rgb(40, 40, 40)";
default = "rgb(235, 219, 178) rgb(40, 40, 40) / rgb(189, 174, 147) rgb(40, 40, 40)";
tree = "rgb(168, 153, 132) None / rgb(102, 92, 84) None";
file = "None None / None None Italic";
directory = "rgb(131, 165, 152) None Bold / rgb(69, 133, 136) None";
@ -59,10 +56,8 @@
help_code = "rgb(142, 192, 124) rgb(50, 48, 47)";
help_headers = "rgb(254, 128, 25) None Bold";
help_table_border = "rgb(80, 73, 69) None";
preview =
"rgb(235, 219, 178) rgb(40, 40, 40) / rgb(235, 219, 178) rgb(40, 40, 40)";
preview_line_number =
"rgb(124, 111, 100) None / rgb(124, 111, 100) rgb(40, 40, 40)";
preview = "rgb(235, 219, 178) rgb(40, 40, 40) / rgb(235, 219, 178) rgb(40, 40, 40)";
preview_line_number = "rgb(124, 111, 100) None / rgb(124, 111, 100) rgb(40, 40, 40)";
preview_match = "None rgb(80, 73, 69) Bold Underlined";
hex_null = "rgb(189, 174, 147) None";
hex_ascii_graphic = "rgb(213, 196, 161) None";

10
users/malte/cataclysm-dda.nix
View file

@ -1,9 +1,5 @@
{ pkgs, ... }:
let
font =
"${pkgs.firaCodeNerd}/share/fonts/truetype/NerdFonts/Fira Code Bold Nerd Font Complete Mono.ttf";
{pkgs, ...}: let
font = "${pkgs.firaCodeNerd}/share/fonts/truetype/NerdFonts/Fira Code Bold Nerd Font Complete Mono.ttf";
# Set SDL_VIDEODRIVER=wayland to run it natively. Currently still needs the patch
# in ../patches/cdda-wayland-sdl-fix.patch.
@ -15,9 +11,7 @@ let
'';
paths = [pkgs.cataclysm-dda-git];
};
in {
home.packages = [cataclysm-dda-wayland-sdl pkgs.firaCodeNerd];
# Configure the fonts being used

38
users/malte/colors.nix
View file

@ -1,12 +1,12 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
# Create a color from a hexadezimal 6 digit description, like 'FF0000' for pure red
# mkcolor :: hex -> Color
mkColor = rgb:
let
mkColor = rgb: let
# Mapping hex digits to actual numbers
hexDigitMap = {
"0" = 0;
@ -33,12 +33,12 @@ let
# Convert a hexadezimal string to a number
# hexStringToInt :: string -> int
hexStringToInt = string:
let
hexStringToInt = string: let
chars = lib.strings.stringToCharacters string;
nums = map hexCharToInt chars;
fun = sum: el: sum * 16 + el;
in lib.foldl fun 0 nums;
in
lib.foldl fun 0 nums;
# Convert a float from [0.0, 1.0] to a hex string from [0, 255]
# floatToFF :: float -> string
@ -58,31 +58,31 @@ let
# Create an RGB hex string from red, green, and blue parts
# rgbFromParts :: int -> int -> int -> string
rgbFromParts = r: g: b:
let
rgbFromParts = r: g: b: let
rHex = lib.strings.fixedWidthString 2 "0" (lib.toHexString r);
gHex = lib.strings.fixedWidthString 2 "0" (lib.toHexString g);
bHex = lib.strings.fixedWidthString 2 "0" (lib.toHexString b);
in rHex + gHex + bHex;
in
rHex + gHex + bHex;
# Create a Color darker than the color given by the rgb parts.
# amount is in range [0.0, 1.0], r,g, and b in range [0, 255]
# darkenColor :: int -> int -> int -> float -> Color
darkenColor = r: g: b: amount:
let
darkenColor = r: g: b: amount: let
r' = builtins.floor ((1.0 - amount) * r);
g' = builtins.floor ((1.0 - amount) * g);
b' = builtins.floor ((1.0 - amount) * b);
in mkColor (rgbFromParts r' g' b');
in
mkColor (rgbFromParts r' g' b');
# Create a Color lighter than the color given by the rgb parts. See darkenColor.
# darkenColor :: int -> int -> int -> float -> Color
lightenColor = r: g: b: amount:
let
lightenColor = r: g: b: amount: let
r' = lib.min (builtins.floor ((1.0 + amount) * r)) 255;
g' = lib.min (builtins.floor ((1.0 + amount) * g)) 255;
b' = lib.min (builtins.floor ((1.0 + amount) * b)) 255;
in mkColor (rgbFromParts r' g' b');
in
mkColor (rgbFromParts r' g' b');
in {
inherit rgb red green blue;
# e.g. "#FF0000"

5
users/malte/git.nix
View file

@ -1,6 +1,5 @@
{ ... }:
let conf = import ./conf.nix;
{...}: let
conf = import ./conf.nix;
in {
programs.git = {
enable = true;

5
users/malte/gpg.nix
View file

@ -1,6 +1,5 @@
{ pkgs, ... }:
let conf = import ./conf.nix;
{pkgs, ...}: let
conf = import ./conf.nix;
in {
home.packages = with pkgs; [yubikey-personalization];

18
users/malte/gtk.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, nixosConfig, ... }:
let hiDPI = nixosConfig.hardware.video.hidpi.enable;
{
pkgs,
lib,
nixosConfig,
...
}: let
hiDPI = nixosConfig.hardware.video.hidpi.enable;
in rec {
home.packages = with pkgs; [
numix-cursor-theme
@ -21,16 +24,17 @@ in rec {
};
gtk2 = {
extraConfig = ''
extraConfig =
''
gtk-cursor-theme-name = "Numix-Cursor-Light"
'' + (lib.optionalString hiDPI ''
''
+ (lib.optionalString hiDPI ''
gtk-cursor-theme-size = 48
'');
};
gtk3 = {
bookmarks = [
];
extraConfig = {
gtk-cursor-theme-name = "Numix-Cursor-Light";

18
users/malte/home.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, config, nixosConfig, ... }:
let
{
pkgs,
lib,
config,
nixosConfig,
...
}: let
script = name: path: pkgs.writeScriptBin name (builtins.readFile path);
wrap = name: pkg: postBuild:
@ -36,9 +39,7 @@ let
];
extraPkgs = pkgs: with pkgs; [];
};
in {
imports = [
./git.nix
./shell.nix
@ -59,12 +60,12 @@ in {
];
config = {
settings.sway.enable = true;
home = {
packages = with pkgs; [
aseprite
alejandra
element-desktop # FIXME: Once it works again? (fixElectron "element-desktop" element-desktop)
signal-desktop # FIXME: Once it works again? (fixElectron "signal-desktop" signal-desktop)
(fixGdk "Discord" discord)
@ -85,6 +86,7 @@ in {
cargo-readme
cargo-edit
cargo-udeps
colmena
feh
geekbench
gimp
@ -101,7 +103,6 @@ in {
lutrisWithLibs
mensa
mosh
nixfmt
patchelf
pavucontrol
pdftk
@ -151,7 +152,6 @@ in {
telephone = "de_DE.UTF-8";
time = "de_DE.UTF-8";
};
};
# Make sure firefox is my default browser

52
users/malte/kakoune.nix
View file

@ -1,27 +1,37 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
# Configuration for kakoune plugins
pluginConfigs = with pkgs.kakounePlugins; [
{ # FZF for kakoune
{
# FZF for kakoune
pkg = fzf-kak;
mappings = [{
mappings = [
{
docstring = "FZF mode";
mode = "user";
key = "f";
effect = ":fzf-mode<ret>";
}];
hooks = [{ # Change fzf settings before first use
}
];
hooks = [
{
# Change fzf settings before first use
name = "ModuleLoaded";
option = "fzf-file";
commands = ''
set-option global fzf_file_command "fd"
set-option global fzf_highlight_command "bat"
'';
}];
}
];
}
{ # Languange Server Config
{
# Languange Server Config
pkg = kak-lsp;
config = ''
eval %sh{kak-lsp --kakoune -s $kak_session}
@ -35,27 +45,35 @@ let
}
}
'';
mappings = [{ # Enter LSP Usermode
mappings = [
{
# Enter LSP Usermode
docstring = "LSP mode";
mode = "user";
key = "l";
effect = ":enter-user-mode lsp<ret>";
}];
hooks = [{ # Start kak-lsp for specific windows
}
];
hooks = [
{
# Start kak-lsp for specific windows
name = "WinSetOption";
commands = "lsp-enable-window";
option = "filetype=(rust|nix|python|latex|typescript|javascript)";
}];
}
];
}
];
additionalMappings = [{ # Switch to last buffer
additionalMappings = [
{
# Switch to last buffer
docstring = "Previous buffer";
mode = "user";
key = ",";
effect = ":buffer-previous<ret>";
}];
}
];
additionalConfig = ''
add-highlighter global/ number-lines -relative
@ -70,9 +88,7 @@ let
selectOr = attr: default: map (conf: conf.${attr} or default) pluginConfigs;
selectList = attr: lib.flatten (selectOr attr []);
in {
programs.kakoune = {
enable = true;

6
users/malte/kanshi.nix
View file

@ -1,11 +1,7 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
notify = profile: ''
${pkgs.libnotify}/bin/notify-send -t 10000 -a 'Kanshi' '${profile}' 'Profile activated'
'';
in {
services.kanshi = {
enable = true;

4
users/malte/kitty.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
programs.kitty = {
enable = true;

16
users/malte/mako.nix
View file

@ -1,13 +1,15 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
col = config.colors;
format = { bg, fg }:
''
format = {
bg,
fg,
}: ''
<span background="${bg.hashRgb}" foreground="${fg.hashRgb}"><b> %s </b></span> %b'';
in {
programs.mako = {
enable = true;
anchor = "top-right";

9
users/malte/mpv.nix
View file

@ -1,6 +1,9 @@
{ pkgs, config, ... }:
let col = config.colors;
{
pkgs,
config,
...
}: let
col = config.colors;
in {
programs.mpv = {
enable = true;

4
users/malte/pass.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
sed = "${pkgs.gnused}/bin/sed";
pass = "${pkgs.pass}/bin/pass";
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";

4
users/malte/qt.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
qt = {
enable = true;
platformTheme = "gtk";

19
users/malte/scarlett-solo.nix
View file

@ -1,13 +1,15 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
pipewire = "pipewire.service";
device = "dev-scarlett_solo.device";
alsa-input =
"alsa_input.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-input-0";
alsa-input = "alsa_input.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-input-0";
channelMapService = { dev, name, desc, from, to }: {
channelMapService = {
dev,
name,
desc,
from,
to,
}: {
Unit = {
Description = desc;
Requires = pipewire;
@ -29,9 +31,7 @@ let
};
Install.WantedBy = ["default.target" device];
};
in {
systemd.user.services = {
scarlett-voice = channelMapService {
dev = "scarlett-voice";
@ -55,5 +55,4 @@ in {
to = "MONO";
};
};
}

7
users/malte/shell.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
(pkgs.callPackage ../../pkgs/rip.nix {})
bottom
@ -58,8 +56,7 @@
zat = "zathura --fork";
discord-hack =
"NIXPKGS_ALLOW_UNFREE=1 nix run 'github:NixOS/nixpkgs?ref=master#discord' --impure";
discord-hack = "NIXPKGS_ALLOW_UNFREE=1 nix run 'github:NixOS/nixpkgs?ref=master#discord' --impure";
};
shellAliases = {
kal = "khal list (date '+%d.%m.%Y') (date --date='+1week' '+%d.%m.%Y')";

75
users/malte/sway.nix
View file

@ -1,7 +1,10 @@
{ pkgs, config, lib, nixosConfig, ... }:
let
{
pkgs,
config,
lib,
nixosConfig,
...
}: let
col = config.colors;
backgrounds = pkgs.fetchFromGitHub {
@ -17,22 +20,18 @@ let
wf-recorder = "${pkgs.wf-recorder}/bin/wf-recorder";
slurp = "${pkgs.slurp}/bin/slurp -db '#000000AA' -c '#EBDBB2' -w1";
fuser = "${pkgs.psmisc}/bin/fuser";
alsa_rec =
"alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp__sink.monitor";
alsa_rec = "alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp__sink.monitor";
screenshot-path = "/home/malte/Pictures/screenshots/screenshot.png";
screenshot-all =
"${grim} ${screenshot-path} && ${wl-copy} < ${screenshot-path}";
screenshot-all = "${grim} ${screenshot-path} && ${wl-copy} < ${screenshot-path}";
screenshot-region = ''
${grim} -g "$(${slurp})" ${screenshot-path} && ${wl-copy} < ${screenshot-path}'';
screencast-path = "/home/malte/Videos/screencasts/screencast.mp4";
screencast-all =
''${wf-recorder} --audio="${alsa_rec}" -f ${screencast-path}'';
screencast-all = ''${wf-recorder} --audio="${alsa_rec}" -f ${screencast-path}'';
screencast-region = ''
${wf-recorder} --audio="${alsa_rec}" -g "$$(${slurp})" -f ${screencast-path}'';
screencast-stop =
"killall -s SIGINT wf-recorder && ${wl-copy} < ${screencast-path}";
screencast-stop = "killall -s SIGINT wf-recorder && ${wl-copy} < ${screencast-path}";
swaylockConfig = ''
screenshots
@ -79,17 +78,14 @@ let
cfg = config.settings.sway;
nvidiaUsed = nixosConfig.settings.nvidiaUsed;
hiDPI = nixosConfig.hardware.video.hidpi.enable;
in {
imports =
[ ./waybar.nix ./gtk.nix ./qt.nix ./pass.nix ./mako.nix ./kanshi.nix ];
imports = [./waybar.nix ./gtk.nix ./qt.nix ./pass.nix ./mako.nix ./kanshi.nix];
options.settings.sway = with lib; {
enable = mkEnableOption "Enable sway config";
};
config = lib.mkIf cfg.enable {
home.packages = [
pkgs.firaCodeNerd
pkgs.grim
@ -112,7 +108,8 @@ in {
gtk = true;
};
extraSessionCommands = ''
extraSessionCommands =
''
# needs qt5.qtwayland in systemPackages
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
@ -123,7 +120,8 @@ in {
export _JAVA_AWT_WM_NONREPARENTING=1
export XDG_CURRENT_DESKTOP=Sway
export XDG_SESSION_TYPE=wayland
'' +
''
+
# TODO: See what actually is required here!
(lib.optionalString nvidiaUsed ''
# Set DRM devices and fix cursor
@ -167,19 +165,23 @@ in {
];
};
bars = [{
bars = [
{
command = "${pkgs.waybar}/bin/waybar";
position = "top";
}];
}
];
seat."*".xcursor_theme =
if hiDPI then "Numix-Cursor-Light 48" else "Numix-Cursor-Light 32";
if hiDPI
then "Numix-Cursor-Light 48"
else "Numix-Cursor-Light 32";
keybindings = let
mod = config.wayland.windowManager.sway.config.modifier;
move_follow = workspace:
"move container to workspace ${workspace}; workspace ${workspace}";
in lib.mkOptionDefault {
move_follow = workspace: "move container to workspace ${workspace}; workspace ${workspace}";
in
lib.mkOptionDefault {
"${mod}+Shift+e" = "exit";
# Move focused container to workspace and follow
"${mod}+Ctrl+Shift+1" = move_follow "1";
@ -197,13 +199,10 @@ in {
"${mod}+Ctrl+Shift+j" = "move workspace to output down";
"${mod}+Ctrl+Shift+h" = "move workspace to output left";
# Sound control
"XF86AudioRaiseVolume" =
"exec ${pkgs.ponymix}/bin/ponymix increase 5%";
"XF86AudioLowerVolume" =
"exec ${pkgs.ponymix}/bin/ponymix decrease 5%";
"XF86AudioRaiseVolume" = "exec ${pkgs.ponymix}/bin/ponymix increase 5%";
"XF86AudioLowerVolume" = "exec ${pkgs.ponymix}/bin/ponymix decrease 5%";
"XF86AudioMute" = "exec ${pkgs.ponymix}/bin/ponymix toggle";
"XF86AudioMicMute" =
"exec ${pkgs.ponymix}/bin/ponymix --input toggle";
"XF86AudioMicMute" = "exec ${pkgs.ponymix}/bin/ponymix --input toggle";
# Additional menus
"${mod}+p" = "exec passmenu-bemenu";
# Screenshots
@ -218,7 +217,8 @@ in {
"XF86Favorites" = "exec swaylock";
};
gaps = let size = 3;
gaps = let
size = 3;
in {
smartBorders = "on";
smartGaps = true;
@ -243,8 +243,10 @@ in {
size = 8.0;
};
modes = let mod = config.wayland.windowManager.sway.config.modifier;
in lib.mkOptionDefault {
modes = let
mod = config.wayland.windowManager.sway.config.modifier;
in
lib.mkOptionDefault {
recording = {
"${mod}+Escape" = "exec ${screencast-stop}; mode default";
};
@ -301,10 +303,8 @@ in {
output = {
"Unknown 0x1500 0x00000000".bg = "${backgrounds}/forest2.jpg fill";
"Goldstar Company Ltd IPS226 SerialNumber".bg =
"${backgrounds}/future-town.jpg fill";
"BenQ Corporation BenQ GW2270 P9J02423SL0".bg =
"${backgrounds}/leaves3.jpg fill";
"Goldstar Company Ltd IPS226 SerialNumber".bg = "${backgrounds}/future-town.jpg fill";
"BenQ Corporation BenQ GW2270 P9J02423SL0".bg = "${backgrounds}/leaves3.jpg fill";
};
colors = let
@ -346,7 +346,6 @@ in {
};
};
};
};
services.wlsunset = {

17
users/malte/taskwarrior.nix
View file

@ -1,6 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
# Data storage location for taskwarrior
dataLocation = "/home/malte/Tasks";
# A usable (with dateutil) python interpreter for timewarrior's totals.py extension
@ -31,7 +34,6 @@ let
cp ext/totals.py ext/on-modify.timewarrior $out/
'';
};
in {
# Install timewarrior aswell!
# Timewarrior hook needs Python3.. or a patch.. to lazy for the latter
@ -57,17 +59,14 @@ in {
description = "Tasksh review report. Adjust the filter to your needs.";
columns = "uuid";
sort = "reviewed+,modified+";
filter =
"( reviewed.none: or reviewed.before:now-6days ) and ( +PENDING )";
filter = "( reviewed.none: or reviewed.before:now-6days ) and ( +PENDING )";
};
};
};
home.file.".timewarrior/extensions/totals.py".source =
"${timewarriorExtensions}/totals.py";
home.file.".timewarrior/extensions/totals.py".source = "${timewarriorExtensions}/totals.py";
home.file."${dataLocation}/hooks/on-modify-timewarrior" = {
source = "${timewarriorExtensions}/on-modify.timewarrior";
executable = true;
};
}

4
users/malte/unison.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [x11_ssh_askpass openssh];
services.unison = {
enable = true;

32
users/malte/waybar.nix
View file

@ -1,19 +1,20 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
darkenBorder = 0.4;
col = config.colors;
task-activity = with pkgs;
let
task-activity = with pkgs; let
task = "${pkgs.taskwarrior}/bin/task";
jq = "${pkgs.jq}/bin/jq";
timew = "${pkgs.timewarrior}/bin/timew";
getTaskwarriorDesc = "${task} +ACTIVE export | ${jq} '.[0].description'";
getTimewarriorDesc =
"${timew} get dom.active.json | ${jq} '.tags|join(\", \")'";
in writeScriptBin "task-activity" ''
getTimewarriorDesc = "${timew} get dom.active.json | ${jq} '.tags|join(\", \")'";
in
writeScriptBin "task-activity" ''
#!${stdenv.shell}
task +ACTIVE >/dev/null 2>/dev/null
@ -43,8 +44,10 @@ let
systemctl = "${pkgs.systemd}/bin/systemctl";
jq = "${pkgs.jq}/bin/jq";
extractJson = "${jq} '.[].unit' --raw-output";
replaceNewlines = "${pkgs.coreutils}/bin/tr '\n' ' '";
in pkgs.writeScriptBin "check-system" ''
newline = "\n";
replaceNewlines = "${pkgs.coreutils}/bin/tr '${newline}' ' '";
in
pkgs.writeScriptBin "check-system" ''
#!${pkgs.stdenv.shell}
failed_user=$(${systemctl} --user --output json list-units --failed | ${extractJson} | ${replaceNewlines})
@ -64,14 +67,14 @@ let
}" | ${jq} --unbuffered --compact-output
fi
'';
in {
home.packages = [pkgs.firaCodeNerd task-activity];
programs.waybar = {
enable = true;
settings = [{
settings = [
{
layer = "top";
position = "top";
@ -139,7 +142,8 @@ in {
interval = 5;
};
};
}];
}
];
style = ''
* {

4
users/malte/wlsunset.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
services.wlsunset = {
enable = true;
latitude = 51.3;

4
users/malte/zathura.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = [pkgs.firaCodeNerd];
programs.zathura = {
enable = true;

11
users/marie/home.nix
View file

@ -1,17 +1,18 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
mkTuple = lib.hm.gvariant.mkTuple;
bg = pkgs.fetchurl {
url = "https://images.pexels.com/photos/2559941/pexels-photo-2559941.jpeg";
sha256 = "sha256-Su2UwFpZKj5sa80UrcDSX9O2GuVI6XR2gSLpp4gJZP0=";
};
in {
imports = [../modules/restic-backup.nix];
config = {
home.packages = with pkgs; [
bitwarden
element-desktop

16
users/modules/restic-backup.nix
View file

@ -3,10 +3,13 @@
# This _assumes_ a few things:
# - There is a sops.secrets with the name "restic-backup-USERNAME"
# - That the repository is actually reachable, which is a little flaky still
{ nixosConfig, pkgs, lib, config, ... }:
let
{
nixosConfig,
pkgs,
lib,
config,
...
}: let
resticCmd = "${pkgs.restic}/bin/restic";
username = config.home.username;
@ -25,9 +28,7 @@ let
};
cfg = config.services.restic;
in {
options.services.restic = with lib; {
enable = mkEnableOption "restic backup service";
@ -71,7 +72,8 @@ in {
CacheDirectoryMode = "0700";
# Convert the above map of environment variables into a list
# of "KEY=VALUE" entrie
Environment = builtins.attrValues
Environment =
builtins.attrValues
(builtins.mapAttrs (k: v: "${k}=${v}") sessionVars);
};
};

15
users/modules/synchronize-calendars.nix
View file

@ -1,8 +1,10 @@
# Synchronize calendars from https://cal.tammena.rocks
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.synchronize-calendars;
khalConfig = ''
@ -45,10 +47,11 @@ let
username = "${cfg.user}"
password.fetch = ["command", "cat", "${cfg.passwordFile}"]
'';
in {
options.services.synchronize-calendars = with lib; {
enable = mkEnableOption "Enable service to synchronize my calendars and add some necessary programs";
enable =
mkEnableOption
"Enable service to synchronize my calendars and add some necessary programs";
user = mkOption {
type = types.str;