helvetica/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

init

Browse source
This commit is contained in:
Lukas Wurzinger 2023-09-17 13:31:20 +02:00
commit 1e9b3e0ab1
75 changed files with 3831 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.sops.yaml Normal file
View file

@ -0,0 +1,17 @@
keys:
- &admin_lukas age17nt4yca38wrlptapekwmkrjx232cruygty82qhvz3t7g7z4jq9fshdglks
- &host_glacier age190zn56uqtemazc4fjtc649h7634hl9zh6jzrmq478y2t94x8vswqv5q3j8
- &host_flamingo age1p55v299rqjg7ltz3h3suq2efrgsntn2ej9lzljw9prkx50x7hd4s7cnfcc
- &host_scenery age1nxr8lyst9eleuu9dyrnlwps8xschps42tfzwxfyvyy32n75rssfsayj52j
- &host_abacus age15hmzz0mdrrtlrxwdyv7wfwfs58vzcyg3esnf5ccu5vlg83a8aq6sqp95dv
- &host_vessel age1fvn3rex66xczhard8dcx0s38xdegvguyaepytu6kh9hndhheqqwqcgnc3y
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *admin_lukas
- *host_glacier
- *host_flamingo
- *host_scenery
- *host_abacus
- *host_vessel

55
README.md Normal file
View file

@ -0,0 +1,55 @@
# ✨ puter ✨
## Setup
```bash
fdisk $disk
mkfs.vfat -F 32 -n BOOT $boot
cryptsetup luksFormat -yv --label cryptmain $main
cryptsetup open $main main
mkfs.btrfs /dev/mapper/main
mount /dev/mapper/main /mnt
for vol in nix persist home log; do btrfs subvol create /mnt/$vol; done
umount /mnt
mount -t tmpfs -o size=8G,mode=755 tmpfs /mnt
mkdir -p /mnt/{boot,nix,persist,home,var/log}
for vol in nix persist home var/log; do mount -o subvol=$(basename $vol),compress=zstd,noatime /dev/mapper/main /mnt/$vol; done
mount $boot /mnt/boot
nixos-install --no-root-password --flake github:lukaswrz/puter#system
```
```bash
fdisk $disk
mkfs.vfat -F 32 -n BOOT $boot
mkfs.btrfs -L main $main
mount $main /mnt
for vol in nix persist log; do btrfs subvol create /mnt/$vol; done
umount /mnt
mount -t tmpfs -o size=2G,mode=755 tmpfs /mnt
mkdir -p /mnt/{boot,nix,persist,home,var/log}
for vol in nix persist var/log; do mount -o subvol=$(basename $vol),compress=zstd,noatime $main /mnt/$vol; done
mount -t tmpfs -o size=2G tmpfs /mnt/home
mount $boot /mnt/boot
nixos-install --no-root-password --flake github:lukaswrz/puter#system
```

204
common/home-manager/desktop.nix Normal file
View file

@ -0,0 +1,204 @@
{
pkgs,
inputs,
config,
lib,
...
}: {
imports = [
./features/bottom.nix
./features/cava.nix
./features/cursor.nix
./features/darkman.nix
./features/direnv.nix
./features/fish.nix
./features/fnott.nix
./features/foot.nix
./features/fuzzel.nix
./features/gammastep.nix
./features/git.nix
./features/helix.nix
./features/i3status-rust.nix
./features/imv.nix
./features/joshuto.nix
./features/mmtc.nix
./features/mpd.nix
./features/mpris-proxy.nix
./features/mpv.nix
./features/qutebrowser
./features/readline.nix
./features/ssh.nix
./features/swayidle.nix
./features/swaylock.nix
./features/sway.nix
./features/zathura.nix
];
home.packages = with pkgs; [
appimage-run
wineWowPackages.unstableFull
bat
curl
ffmpeg
file
gitui
hexyl
hyperfine
imagemagick
ncdu
netcat-openbsd
nmap
procs
progress
pv
rage
ripdrag
rsync
sops
systeroid
tokei
tutanota-desktop
vscodium
wf-recorder
];
xdg = {
enable = true;
mime.enable = true;
mimeApps = {
enable = true;
defaultApplications = let
mkDefaultApplication = mimeTypes: desktopFile: (lib.genAttrs mimeTypes (_: desktopFile));
in
lib.attrsets.mergeAttrsList [
(
mkDefaultApplication [
"x-scheme-handler/http"
"x-scheme-handler/https"
"text/html"
] "qutebrowser.desktop"
)
(
mkDefaultApplication [
"x-scheme-handler/mailto"
] "tutanota-desktop.desktop"
)
# TODO
# (
# mkDefaultApplication [
# "inode/directory"
# ] ""
# )
# (
# mkDefaultApplication [
# "x-scheme-handler/geo"
# ] ""
# )
(
mkDefaultApplication [
"image/png"
"image/jpeg"
"image/webp"
"image/avif"
"image/heif"
"image/bmp"
"image/x-icns"
] "imv.desktop"
)
(
mkDefaultApplication [
"audio/aac"
"audio/mp4"
"audio/mpeg"
"audio/mpegurl"
"audio/ogg"
"audio/vnd.rn-realaudio"
"audio/vorbis"
"audio/x-flac"
"audio/x-mp3"
"audio/x-mpegurl"
"audio/x-ms-wma"
"audio/x-musepack"
"audio/x-oggflac"
"audio/x-pn-realaudio"
"audio/x-scpls"
"audio/x-speex"
"audio/x-vorbis"
"audio/x-vorbis+ogg"
"audio/x-wav"
] "mpv.desktop"
)
(
mkDefaultApplication [
"application/pdf"
] "zathura.desktop"
)
(
mkDefaultApplication [
# TODO: Add more text filetypes
"text/plain"
"text/x-cmake"
"text/markdown"
"application/x-docbook+xml"
"application/json"
"application/x-yaml"
] "helix.desktop"
)
(
mkDefaultApplication [
"video/3gp"
"video/3gpp2"
"video/divx"
"video/fli"
"video/mp2t"
"video/mp4v-es"
"video/msvideo"
"video/quicktime"
"video/vnd.mpegurl"
"video/x-avi"
"video/x-m4v"
"video/x-mpeg2"
"video/x-msvideo"
"video/x-ms-wmx"
"video/x-ogm+ogg"
"video/x-theora+ogg"
"video/3gpp"
"video/avi"
"video/dv"
"video/flv"
"video/mp4"
"video/mpeg"
"video/ogg"
"video/vnd.divx"
"video/vnd.rn-realvideo"
"video/x-flv"
"video/x-matroska"
"video/x-ms-asf"
"video/x-ms-wmv"
"video/x-ogm"
"video/x-theora"
"application/x-matroska"
] "mpv.desktop"
)
];
};
userDirs = {
enable = true;
createDirectories = true;
desktop = "${config.home.homeDirectory}/desk";
documents = "${config.home.homeDirectory}/doc";
download = "${config.home.homeDirectory}/dl";
music = "${config.home.homeDirectory}/music";
pictures = "${config.home.homeDirectory}/pic";
publicShare = "${config.home.homeDirectory}/pub";
templates = "${config.home.homeDirectory}/tpl";
videos = "${config.home.homeDirectory}/vid";
};
};
xdg.dataFile."flatpak/overrides/global".text = ''
[Context]
filesystems=/nix/store:ro;${config.xdg.dataHome}/fonts:ro;${config.xdg.dataHome}/icons:ro
'';
}

1
common/home-manager/features/bottom.nix Normal file
View file

@ -0,0 +1 @@
{programs.bottom.enable = true;}

14
common/home-manager/features/cava.nix Normal file
View file

@ -0,0 +1,14 @@
{pkgs, ...}: {
home.packages = with pkgs; [
cava
];
xdg.configFile."cava/config".text = ''
[input]
method = pulse
source = auto
[output]
method = ncurses
'';
}

9
common/home-manager/features/cursor.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
home.pointerCursor = {
name = "Bibata-Modern-Classic";
size = 16;
package = pkgs.bibata-cursors;
gtk.enable = true;
x11.enable = true;
};
}

30
common/home-manager/features/darkman.nix Normal file
View file

@ -0,0 +1,30 @@
{pkgs, ...}: {
systemd.user.services.darkman = {
Unit = {
Description = "Framework for dark-mode and light-mode transitions";
Documentation = ["man:darkman(1)"];
};
Service = {
Type = "dbus";
BusName = "nl.whynothugo.darkman";
ExecStart = "${pkgs.darkman}/bin/darkman run";
Restart = "on-failure";
TimeoutStopSec = 15;
Slice = "background.slice";
LockPersonality = true;
RestrictNamespaces = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"@timer"
"mincore"
];
MemoryDenyWriteExecute = true;
};
Install = {
WantedBy = ["default.target"];
};
};
}

6
common/home-manager/features/direnv.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

22
common/home-manager/features/dunst.nix Normal file
View file

@ -0,0 +1,22 @@
{
services.dunst = {
enable = true;
settings = {
global = {
width = 500;
height = 200;
offset = "20x50";
origin = "top-right";
transparency = 10;
frame_color = "#eceff1";
font = "monospace 12";
};
urgency_normal = {
background = "#37474f";
foreground = "#eceff1";
timeout = 10;
};
};
};
}

149
common/home-manager/features/fish.nix Normal file
View file

@ -0,0 +1,149 @@
{pkgs, ...}: {
programs.fish = {
enable = true;
shellAbbrs = {
l = "ls";
lsa = "ls -a";
la = "ls -a";
lsl = "ls -l";
ll = "ls -l";
lsla = "ls -la";
lla = "ls -la";
cp = "cp -n";
cpr = "cp -rn";
mv = "mv -n";
rm = "rm -i";
rmr = "rm -ri";
rr = "rm -ri";
gi = "git";
gic = "git commit";
gico = "git checkout";
gis = "git status";
gid = "git diff";
gidh = "git diff HEAD";
gia = "git add";
s = "sudo";
g = "grep";
gn = "grep -n";
gin = "grep -in";
grin = "grep -rin";
df = "df -h";
du = "du -h";
c = "cd";
"cd." = "cd .";
"cd.." = "cd ..";
v = "hx";
vi = "hx";
vim = "hx";
};
shellAliases = {
ls = "ls --classify=auto --color=auto";
ffmpeg = "ffmpeg -hide_banner";
ffprobe = "ffprobe -hide_banner";
ffplay = "ffplay -hide_banner";
};
functions = {
fish_greeting = "";
fish_prompt = ''
set -l __last_command_exit_status $status
if not set -q -g __fish_arrow_functions_defined
set -g __fish_arrow_functions_defined
function _git_branch_name
set -l branch (git symbolic-ref --quiet HEAD 2>/dev/null)
if set -q branch[1]
echo (string replace -r '^refs/heads/' ''' $branch)
else
echo (git rev-parse --short HEAD 2>/dev/null)
end
end
function _is_git_dirty
not command git diff-index --cached --quiet HEAD -- &>/dev/null
or not command git diff --no-ext-diff --quiet --exit-code &>/dev/null
end
function _is_git_repo
type -q git
or return 1
git rev-parse --git-dir >/dev/null 2>&1
end
function _hg_branch_name
echo (hg branch 2>/dev/null)
end
function _is_hg_dirty
set -l stat (hg status -mard 2>/dev/null)
test -n "$stat"
end
function _is_hg_repo
fish_print_hg_root >/dev/null
end
function _repo_branch_name
_$argv[1]_branch_name
end
function _is_repo_dirty
_is_$argv[1]_dirty
end
function _repo_type
if _is_hg_repo
echo hg
return 0
else if _is_git_repo
echo git
return 0
end
return 1
end
end
set -l cyan (set_color -o cyan)
set -l yellow (set_color -o yellow)
set -l red (set_color -o red)
set -l green (set_color -o green)
set -l blue (set_color -o blue)
set -l normal (set_color normal)
set -l prompt_color "$green"
if test $__last_command_exit_status != 0
set prompt_color "$red"
end
set -l prompt "$prompt_color\$"
if fish_is_root_user
set prompt "$prompt_color#"
end
set -l cwd $cyan(basename -- (prompt_pwd))
set -l repo_info
if set -l repo_type (_repo_type)
set -l repo_branch $red(_repo_branch_name $repo_type)
set repo_info "$blue $repo_type:($repo_branch$blue)"
if _is_repo_dirty $repo_type
set -l dirty "$yellow "
set repo_info "$repo_info$dirty"
end
end
echo -n -s -- $cwd $repo_info ' ' $prompt ' '$normal
'';
};
interactiveShellInit = ''
bind \ee edit_command_buffer
fish_vi_key_bindings
set fish_cursor_default block blink
set fish_cursor_insert line blink
set fish_cursor_replace_one underscore blink
set fish_cursor_visual block
set -x EDITOR hx
'';
};
}

66
common/home-manager/features/fnott.nix Normal file
View file

@ -0,0 +1,66 @@
{pkgs, ...}: {
services.fnott = {
enable = true;
settings = {
main = {
min-width = 400;
max-icon-size = 96;
stacking-order = "bottom-up";
anchor = "top-right";
notification-margin = 5;
selection-helper = "${pkgs.bemenu}/bin/bemenu";
background = "263238ff";
border-color = "546e7acf";
border-size = 2;
padding-vertical = 20;
padding-horizontal = 20;
title-font = "sans-serif";
title-color = "ffffffff";
title-format = "<i>%a%A</i>";
summary-font = "sans-serif";
summary-color = "ffffffff";
summary-format = "<b>%s</b>\n";
body-font = "sans-serif";
body-color = "ffffffff";
body-format = "%b";
progress-bar-height = 20;
progress-bar-color = "ffffffff";
max-timeout = 0;
default-timeout = 10;
idle-timeout = 0;
};
# TODO
low = {
background = "2632388f";
title-color = "888888ff";
summary-color = "888888ff";
body-color = "888888ff";
};
normal = {
background = "263238ff";
title-color = "ffffffff";
summary-color = "ffffffff";
body-color = "ffffffff";
};
critical = {
background = "546e7aaf";
title-color = "888888ff";
summary-color = "888888ff";
body-color = "888888ff";
};
};
};
}

53
common/home-manager/features/foot.nix Normal file
View file

@ -0,0 +1,53 @@
{pkgs, ...}: {
programs.foot = {
enable = true;
settings = {
main = {
app-id = "foot";
font = "monospace:size=12";
initial-window-size-chars = "80x24";
notify = "notify-send -a \${app-id} -i \${app-id} \${title} \${body}";
};
scrollback = {
lines = 10000;
};
url = {
launch = "${pkgs.xdg-utils}/bin/xdg-open \${url}";
};
cursor = {
style = "block";
blink = "yes";
};
mouse = {
hide-when-typing = "yes";
};
colors = {
alpha = "0.9";
foreground = "a9b1d6";
background = "09090a";
regular0 = "212121";
regular1 = "f07178";
regular2 = "c3e88d";
regular3 = "ffcb6b";
regular4 = "82aaff";
regular5 = "c792ea";
regular6 = "89ddff";
regular7 = "eeffff";
bright0 = "4a4a4a";
bright1 = "f07178";
bright2 = "c3e88d";
bright3 = "ffcb6b";
bright4 = "82aaff";
bright5 = "c792ea";
bright6 = "89ddff";
bright7 = "ffffff";
};
};
};
}

25
common/home-manager/features/fuzzel.nix Normal file
View file

@ -0,0 +1,25 @@
{config, ...}: {
programs.fuzzel = {
enable = true;
settings = {
main = {
font = "Iosevka Nerd Font";
terminal = "${config.programs.foot.package}/bin/foot";
layer = "overlay";
};
colors = {
background = "263238c0";
text = "ffffffff";
match = "eeffffff";
selection = "82aaffdd";
selection-text = "eeffffff";
border = "314549fa";
};
border = {
width = 2;
radius = 5;
};
};
};
}

7
common/home-manager/features/gammastep.nix Normal file
View file

@ -0,0 +1,7 @@
{
services.gammastep = {
enable = true;
provider = "geoclue2";
tray = true;
};
}

83
common/home-manager/features/git.nix Normal file
View file

@ -0,0 +1,83 @@
{pkgs, ...}: {
programs.git = {
enable = true;
delta = {
enable = true;
options = {
decorations = {
commit-decoration-style = "bold yellow box ul";
file-decoration-style = "brightyellow ul ol";
file-style = "bold yellow ul";
hunk-header-decoration-style = "purple box";
hunk-header-style = "file line-number syntax";
};
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
};
};
package = pkgs.gitAndTools.gitFull;
userName = "Lukas Wurzinger";
userEmail = "lukas@wrz.one";
extraConfig = {
color.ui = true;
feature.manyFiles = true;
init.defaultBranch = "main";
push.autoSetupRemote = true;
};
lfs.enable = true;
ignores = [
".idea/"
".vscode/"
".iml"
"*.sublime-workspace"
"node_modules/"
"vendor/"
"log/"
"*.log"
"__pycache__/"
"zig-cache/"
"*.com"
"*.class"
"*.dll"
"*.exe"
"*.o"
"*.so"
"*.pyc"
"*.pyo"
"*.7z"
"*.dmg"
"*.gz"
"*.iso"
"*.jar"
"*.rar"
"*.tar"
"*.zip"
"*.msi"
"*.sqlite"
"*.sqlite3"
"*.db"
"*.db3"
"*.s3db"
"*.sl3"
"*.rdb"
"*.bak"
"*.swp"
"*.swo"
"*~"
"*#"
"zig-out/"
];
# signing = {
# signByDefault = true;
# key = "";
# };
};
}

24
common/home-manager/features/helix.nix Normal file
View file

@ -0,0 +1,24 @@
{pkgs, ...}: {
programs.helix = {
enable = true;
defaultEditor = true;
settings = {
theme = "penumbra+";
editor = {
lsp.display-messages = true;
indent-guides.render = true;
file-picker.hidden = false;
line-number = "relative";
bufferline = "multiple";
cursor-shape = {
insert = "bar";
normal = "block";
select = "underline";
};
};
keys.normal = {
esc = ["collapse_selection" "keep_primary_selection"];
};
};
};
}

93
common/home-manager/features/i3status-rust.nix Normal file
View file

@ -0,0 +1,93 @@
{
programs.i3status-rust = {
enable = true;
bars = {
default = {
icons = "material-nf";
settings = {
theme.overrides = {
idle_bg = "#000000";
idle_fg = "#c5c8c6";
info_bg = "#3971ed";
info_fg = "#0e0e0ef0";
good_bg = "#198844";
good_fg = "#0e0e0ef0";
warning_bg = "#fba922";
warning_fg = "#0e0e0ef0";
critical_bg = "#cc342b";
critical_fg = "#0e0e0ef0";
separator = "";
separator_bg = "auto";
separator_fg = "auto";
};
};
blocks = [
{
block = "focused_window";
format = "{ $title $visible_marks |}";
}
{
block = "net";
format = " $icon ^icon_net_up $speed_up ^icon_net_down $speed_down ";
interval = 1;
}
{
block = "memory";
format = " $icon $mem_used ";
interval = 5;
}
{
block = "cpu";
format = " $icon $barchart ";
interval = 5;
}
{
block = "disk_space";
path = "/home";
info_type = "available";
alert_unit = "GB";
alert = 10;
warning = 15;
format = " $icon $used/$total ";
}
{
block = "battery";
interval = 10;
format = " $icon $percentage ";
missing_format = "";
device = "BAT0";
}
{
block = "battery";
interval = 10;
format = " $icon $percentage {$time |}";
missing_format = "";
device = "BAT1";
}
{
block = "sound";
format = " $icon {$volume |}";
device_kind = "sink";
}
{
block = "sound";
format = " $icon {$volume |}";
device_kind = "source";
}
{
block = "music";
format = "{ $icon $combo $prev $play $next |}";
}
{
block = "time";
interval = 1;
format = " $icon $timestamp.datetime(f:'%H:%M:%S, %b %d.') ";
}
];
};
};
};
}

12
common/home-manager/features/imv.nix Normal file
View file

@ -0,0 +1,12 @@
{
programs.imv = {
enable = true;
settings = {
options = {
background = "checks";
loop_input = false;
overlay = true;
};
};
};
}

8
common/home-manager/features/joshuto.nix Normal file
View file

@ -0,0 +1,8 @@
{
programs.joshuto = {
enable = true;
settings = {
xdg_open = true;
};
};
}

108
common/home-manager/features/mmtc.nix Normal file
View file

@ -0,0 +1,108 @@
{
pkgs,
config,
...
}: {
home.packages = with pkgs; [
mmtc
];
xdg.configFile."mmtc/mmtc.ron".text = ''
Config(
address: "${config.services.mpd.network.listenAddress}:${builtins.toString config.services.mpd.network.port}",
clear_query_on_play: false,
cycle: false,
jump_lines: 24,
seek_secs: 5.0,
search_fields: SearchFields(
file: false,
title: true,
artist: true,
album: true,
),
ups: 1.0,
layout: Rows([
Fixed(1, Columns([
Ratio(12, Textbox(Styled([Fg(Indexed(122)), Bold], Text("Title")))),
Ratio(10, Textbox(Styled([Fg(Indexed(158)), Bold], Text("Artist")))),
Ratio(10, Textbox(Styled([Fg(Indexed(194)), Bold], Text("Album")))),
Ratio(1, Textbox(Styled([Fg(Indexed(230)), Bold], Text("Time")))),
])),
Min(0, Queue([
Column(
item: Ratio(12, If(QueueCurrent,
Styled([Italic], If(QueueTitleExist, QueueTitle, QueueFile)),
If(QueueTitleExist, QueueTitle, QueueFile),
)),
style: [Fg(Indexed(75))],
selected_style: [Fg(Black), Bg(Indexed(75)), Bold],
),
Column(
item: Ratio(10, If(QueueCurrent,
Styled([Italic], QueueArtist),
QueueArtist,
)),
style: [Fg(Indexed(111))],
selected_style: [Fg(Black), Bg(Indexed(111)), Bold],
),
Column(
item: Ratio(10, If(QueueCurrent,
Styled([Italic], QueueAlbum),
QueueAlbum,
)),
style: [Fg(Indexed(147))],
selected_style: [Fg(Black), Bg(Indexed(147)), Bold],
),
Column(
item: Ratio(1, If(QueueCurrent,
Styled([Italic], QueueDuration),
QueueDuration,
)),
style: [Fg(Indexed(183))],
selected_style: [Fg(Black), Bg(Indexed(183)), Bold],
),
])),
Fixed(1, Columns([
Min(0, Textbox(Styled([Bold], If(Searching,
Parts([
Styled([Fg(Indexed(113))], Text("Searching: ")),
Styled([Fg(Indexed(185))], Query),
Styled([Fg(Indexed(185))], Text("")),
]),
If(Not(Stopped), Parts([
Styled([Fg(Indexed(113))], Parts([
If(Playing, Text("[playing: "), Text("[paused: ")),
CurrentElapsed,
Text("/"),
CurrentDuration,
Text("] "),
])),
If(TitleExist,
Parts([
Styled([Fg(Indexed(149))], CurrentTitle),
If(ArtistExist, Parts([
Styled([Fg(Indexed(216))], Text(" | ")),
Styled([Fg(Indexed(185))], CurrentArtist),
If(AlbumExist, Parts([
Styled([Fg(Indexed(216))], Text(" | ")),
Styled([Fg(Indexed(221))], CurrentAlbum),
])),
])),
]),
Styled([Fg(Indexed(185))], CurrentFile),
),
])),
)))),
Fixed(7, TextboxR(Styled([Fg(Indexed(81))], Parts([
Text("["),
If(Repeat, Text("@")),
If(Random, Text("#")),
If(Single, Text("^"), If(Oneshot, Text("!"))),
If(Consume, Text("*")),
Text("]"),
])))),
])),
]),
)
'';
}

22
common/home-manager/features/mpd.nix Normal file
View file

@ -0,0 +1,22 @@
{config, ...}: {
services = {
mpd = {
enable = true;
musicDirectory = config.xdg.userDirs.music;
extraConfig = ''
audio_output {
type "pipewire"
name "pipewire"
}
'';
network.startWhenNeeded = true;
};
mpdris2 = {
enable = true;
multimediaKeys = true;
notifications = true;
};
};
}

3
common/home-manager/features/mpris-proxy.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.mpris-proxy.enable = true;
}

20
common/home-manager/features/mpv.nix Normal file
View file

@ -0,0 +1,20 @@
{pkgs, ...}: {
programs.mpv = {
enable = true;
config = {
vo = "gpu";
profile = "gpu-hq";
scale = "ewa_lanczossharp";
cscale = "ewa_lanczossharp";
video-sync = "display-resample";
interpolation = true;
tscale = "oversample";
force-window = "immediate";
save-position-on-quit = true;
screenshot-template = "%f_%wH%wM%wS.%wT";
};
scripts = [pkgs.mpvScripts.mpris];
};
}

48
common/home-manager/features/nushell/config.nu Normal file
View file

@ -0,0 +1,48 @@
$env.config = {
show_banner: false
rm: {
always_trash: true
}
cd: {
abbreviations: true
}
table: {
index_mode: auto
}
history: {
max_size: 1_000_000
}
completions: {
case_sensitive: false
algorithm: "fuzzy"
}
cursor_shape: {
emacs: line
vi_insert: block
vi_normal: underscore
}
edit_mode: vi
bracketed_paste: true
shell_integration: true
render_right_prompt_on_last_line: true
hooks: {
pre_prompt: [{ ||
let direnv = (direnv export json | from json)
let direnv = if ($direnv | length) == 1 { $direnv } else { {} }
$direnv | load-env
}]
}
}
def lsg [] { ls | sort-by type name -i | grid -c | str trim }

45
common/home-manager/features/nushell/default.nix Normal file
View file

@ -0,0 +1,45 @@
{
programs.nushell = {
enable = true;
configFile.source = ./config.nu;
environmentVariables = {
# FIXME: Not properly serialized
PROMPT_COMMAND_RIGHT = "''";
};
shellAliases = {
l = "ls";
lsa = "ls -a";
la = "ls -a";
lsl = "ls -l";
ll = "ls -l";
lsla = "ls -la";
lla = "ls -la";
cpr = "cp -r";
rmr = "rm -r";
rr = "rm -r";
gi = "git";
gic = "git commit";
gico = "git checkout";
gis = "git status";
gid = "git diff";
gidh = "git diff HEAD";
gia = "git add";
s = "sudo";
g = "grep";
gn = "grep -n";
gin = "grep -in";
grin = "grep -rin";
df = "df -h";
du = "du -h";
c = "cd";
"cd." = "cd .";
"cd.." = "cd ..";
ffmpeg = "ffmpeg -hide_banner";
ffprobe = "ffprobe -hide_banner";
ffplay = "ffplay -hide_banner";
};
};
}

196
common/home-manager/features/qutebrowser/default.nix Normal file
View file

@ -0,0 +1,196 @@
{
programs.qutebrowser = {
enable = true;
extraConfig = ''
from locale import getdefaultlocale
from os import environ
from re import match
from pathlib import Path
config.load_autoconfig()
c.aliases = {
"o": "open",
"q": "quit",
"w": "session-save",
"wq": "quit --save",
"adblock-toggle": "config-cycle -t content.blocking.enabled",
"incognito": "open --private",
"mpv": "spawn --detach mpv {url}",
}
c.colors.webpage.bg = "black"
# TODO
# c.editor.command = [
# "neovide",
# "--nofork",
# "--wayland-app-id",
# "neovidefloat",
# "--",
# "+normal {line}G{column0}l",
# "--",
# "{file}",
# ]
c.editor.encoding = "utf-8"
config.bind("td", "config-cycle colors.webpage.darkmode.enabled;; restart")
c.tabs.show = "multiple"
c.tabs.tabs_are_windows = True
c.content.local_content_can_access_remote_urls = True
c.url.default_page = Path("${./start.html}").as_uri()
c.url.start_pages = [c.url.default_page]
c.url.searchengines = {
"DEFAULT": "https://www.google.com/search?q={}",
"g": "https://www.google.com/search?q={}",
"ddg": "https://lite.duckduckgo.com/lite?q={}",
"wt": "https://en.wiktionary.org/w/index.php?search={}",
"w": "https://en.wikipedia.org/w/index.php?search={}",
"bs": "https://search.brave.com/search?q={}",
"aur": "https://aur.archlinux.org/packages/?SB=p&SO=d&O=0&K={}",
"gh": "https://github.com/search?q={}",
"gist": "https://gist.github.com/search?q={}",
"dd": "https://thefreedictionary.com/{}",
"dr": "https://search.disroot.org/?q={}",
}
try:
l = getdefaultlocale()[0]
if l is None or l in ("C", "POSIX"):
raise ValueError
rematch = match(r"([a-z]+)(_([A-Z]+)?)", l)
if rematch is None:
raise ValueError
language = rematch[1]
try:
locale = rematch[3]
c.content.headers.accept_language = f"{language}-{locale},{language};q=0.9,en-{locale},en;q=0.8,en-US,en;q=0.7,*;q=0.6"
except IndexError:
c.content.headers.accept_language = f"{language};q=0.9,en-US,en;q=0.8,*;q=0.7"
except:
c.content.headers.accept_language = "en-US,en;q=0.9"
# TODO
# c.colors.webpage.preferred_color_scheme = "dark"
base00 = "#1f2022"
base01 = "#282828"
base02 = "#444155"
base03 = "#585858"
base04 = "#b8b8b8"
base05 = "#a3a3a3"
base06 = "#e8e8e8"
base07 = "#f8f8f8"
base08 = "#f2241f"
base09 = "#ffa500"
base0A = "#b1951d"
base0B = "#67b11d"
base0C = "#2d9574"
base0D = "#4f97d7"
base0E = "#a31db1"
base0F = "#b03060"
c.colors.completion.fg = base05
c.colors.completion.odd.bg = base01
c.colors.completion.even.bg = base00
c.colors.completion.category.fg = base0A
c.colors.completion.category.bg = base00
c.colors.completion.category.border.top = base00
c.colors.completion.category.border.bottom = base00
c.colors.completion.item.selected.fg = base05
c.colors.completion.item.selected.bg = base02
c.colors.completion.item.selected.border.top = base02
c.colors.completion.item.selected.border.bottom = base02
c.colors.completion.item.selected.match.fg = base0B
c.colors.completion.match.fg = base0B
c.colors.completion.scrollbar.fg = base05
c.colors.completion.scrollbar.bg = base00
c.colors.contextmenu.disabled.bg = base01
c.colors.contextmenu.disabled.fg = base04
c.colors.contextmenu.menu.bg = base00
c.colors.contextmenu.menu.fg = base05
c.colors.contextmenu.selected.bg = base02
c.colors.contextmenu.selected.fg = base05
c.colors.downloads.bar.bg = base00
c.colors.downloads.start.fg = base00
c.colors.downloads.start.bg = base0D
c.colors.downloads.stop.fg = base00
c.colors.downloads.stop.bg = base0C
c.colors.downloads.error.fg = base08
c.colors.hints.fg = base00
c.colors.hints.bg = base0A
c.colors.hints.match.fg = base05
c.colors.keyhint.fg = base05
c.colors.keyhint.suffix.fg = base05
c.colors.keyhint.bg = base00
c.colors.messages.error.fg = base00
c.colors.messages.error.bg = base08
c.colors.messages.error.border = base08
c.colors.messages.warning.fg = base00
c.colors.messages.warning.bg = base0E
c.colors.messages.warning.border = base0E
c.colors.messages.info.fg = base05
c.colors.messages.info.bg = base00
c.colors.messages.info.border = base00
c.colors.prompts.fg = base05
c.colors.prompts.border = base00
c.colors.prompts.bg = base00
c.colors.prompts.selected.bg = base02
c.colors.prompts.selected.fg = base05
c.colors.statusbar.normal.fg = base0B
c.colors.statusbar.normal.bg = base00
c.colors.statusbar.insert.fg = base00
c.colors.statusbar.insert.bg = base0D
c.colors.statusbar.passthrough.fg = base00
c.colors.statusbar.passthrough.bg = base0C
c.colors.statusbar.private.fg = base00
c.colors.statusbar.private.bg = base01
c.colors.statusbar.command.fg = base05
c.colors.statusbar.command.bg = base00
c.colors.statusbar.command.private.fg = base05
c.colors.statusbar.command.private.bg = base00
c.colors.statusbar.caret.fg = base00
c.colors.statusbar.caret.bg = base0E
c.colors.statusbar.caret.selection.fg = base00
c.colors.statusbar.caret.selection.bg = base0D
c.colors.statusbar.progress.bg = base0D
c.colors.statusbar.url.fg = base05
c.colors.statusbar.url.error.fg = base08
c.colors.statusbar.url.hover.fg = base05
c.colors.statusbar.url.success.http.fg = base0C
c.colors.statusbar.url.success.https.fg = base0B
c.colors.statusbar.url.warn.fg = base0E
c.colors.tabs.bar.bg = base00
c.colors.tabs.indicator.start = base0D
c.colors.tabs.indicator.stop = base0C
c.colors.tabs.indicator.error = base08
c.colors.tabs.odd.fg = base05
c.colors.tabs.odd.bg = base01
c.colors.tabs.even.fg = base05
c.colors.tabs.even.bg = base00
c.colors.tabs.pinned.even.bg = base0C
c.colors.tabs.pinned.even.fg = base07
c.colors.tabs.pinned.odd.bg = base0B
c.colors.tabs.pinned.odd.fg = base07
c.colors.tabs.pinned.selected.even.bg = base02
c.colors.tabs.pinned.selected.even.fg = base05
c.colors.tabs.pinned.selected.odd.bg = base02
c.colors.tabs.pinned.selected.odd.fg = base05
c.colors.tabs.selected.odd.fg = base05
c.colors.tabs.selected.odd.bg = base02
c.colors.tabs.selected.even.fg = base05
c.colors.tabs.selected.even.bg = base02
c.colors.webpage.bg = base00
'';
};
}

212
common/home-manager/features/qutebrowser/start.html Normal file
View file

@ -0,0 +1,212 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>start</title>
<style>
body {
display: flex;
flex-direction: column;
min-height: 100vh;
background-color: #202020;
padding: 0;
margin: 0;
font-family: Iosevka Nerd Font, monospace;
letter-spacing: .1em;
font-size: 24px;
text-align: center;
}
main {
margin: 2em;
display: flex;
flex-direction: column;
gap: 1em;
justify-content: center;
}
#search {
border: none;
height: 2em;
font-family: inherit;
font-size: inherit;
background-color: #eaeaea;
color: #2c2c2c;
width: 60%;
}
#search:focus {
outline: none;
}
#search::placeholder {
color: #ababab;
}
.lists {
display: grid;
gap: .5em;
grid: auto-flow / 1fr;
}
.lists .list {
display: flex;
flex-direction: column;
}
.lists .list ul {
list-style: none;
margin: 0;
padding: 0;
}
.lists .list ul li {
background-color: #565e65;
color: #dadcde;
}
.lists .list ul li:hover {
background-color: #343c43;
}
.lists .list ul li a {
display: block;
padding: .5em 2em;
text-decoration: none;
color: #ababab;
}
.lists .list .heading {
padding: .7em 2em;
}
.lists .list:nth-of-type(1) .heading {
background: #95c7ae;
color: #565e65;
}
.lists .list:nth-of-type(2) .heading {
background-color: #c7ae95;
color: #565e65;
}
.lists .list:nth-of-type(3) .heading {
background-color: #c795ae;
color: #565e65;
}
.lists .list:nth-of-type(4) .heading {
background-color: #95aec7;
color: #565e65;
}
.lists .list:nth-of-type(5) .heading {
background-color: #aec795;
color: #565e65;
}
.lists .list:nth-of-type(6) .heading {
background-color: #ae95c7;
color: #565e65;
}
@media (min-width: 768px) {
.lists {
grid-template-columns: 1fr 1fr;
}
}
@media (min-width: 992px) {
.lists {
grid-template-columns: 1fr 1fr 1fr;
}
}
@media (min-width: 1450px) {
main {
margin: auto;
}
.lists {
grid-template-columns: 1fr 1fr 1fr 1fr 1fr 1fr;
}
}
</style>
</head>
<body>
<main>
<form action="https://www.google.com/search" method="GET">
<input id="search" name="q" type="text" placeholder="search" required autocomplete="off" onload="this.focus()">
</form>
<div class="lists">
<div class="list">
<div class="heading">social</div>
<ul>
<li><a href="https://mail.tutanota.com/">tutanota</a></li>
<li><a href="https://web.whatsapp.com/">whatsapp</a></li>
<li><a href="https://discord.com/login">discord</a></li>
</ul>
</div>
<div class="list">
<div class="heading">google</div>
<ul>
<li><a href="https://www.youtube.com/">youtube</a></li>
<li><a href="https://www.google.com/maps">maps</a></li>
<li><a href="https://translate.google.com/">translate</a></li>
</ul>
</div>
<div class="list">
<div class="heading">nix</div>
<ul>
<li><a href="https://nixos.org/manual/nix/unstable/">manual</a></li>
<li><a href="https://search.nixos.org/packages">packages</a></li>
<li><a href="https://search.nixos.org/options">options</a></li>
<li><a href="https://nix-community.github.io/home-manager/options.html">hm options</a></li>
<li><a href="https://nix-community.github.io/home-manager/index.html">hm manual</a></li>
<li><a href="https://noogle.dev/">noogle</a></li>
<li><a href="https://github.com/the-nix-way/dev-templates">templates</a></li>
</ul>
</div>
<div class="list">
<div class="heading">personal</div>
<ul>
<li><a href="https://defenestrated.systems/">site</a></li>
<li><a href="https://git.defenestrated.systems/">git</a></li>
<li><a href="https://music.defenestrated.systems/">music</a></li>
<li><a href="https://share.defenestrated.systems/">share</a></li>
<li><a href="https://vault.defenestrated.systems/">vault</a></li>
</ul>
</div>
<div class="list">
<div class="heading">dev</div>
<ul>
<li><a href="https://github.com/">github</a></li>
<li><a href="https://developer.mozilla.org/">mdn</a></li>
<li><a href="https://stackoverflow.com/">stackoverflow</a></li>
<li><a href="https://www.php.net/docs.php">php</a></li>
<li><a href="https://pkg.go.dev/std">go std</a></li>
<li><a href="https://docs.python.org/3/library/index.html">python std</a></li>
</ul>
</div>
<div class="list">
<div class="heading">misc</div>
<ul>
<li><a href="https://lobste.rs/">lobsters</a></li>
<li><a href="https://mullvad.net/">mullvad</a></li>
<li><a href="https://www.protondb.com/">protondb</a></li>
</ul>
</div>
</div>
</main>
</body>
</html>

11
common/home-manager/features/readline.nix Normal file
View file

@ -0,0 +1,11 @@
{
programs.readline = {
enable = true;
variables = {
editing-mode = "vi";
completion-ignore-case = "on";
enable-bracketed-paste = "on";
};
};
}

8
common/home-manager/features/ssh.nix Normal file
View file

@ -0,0 +1,8 @@
{
programs.ssh = {
enable = true;
compression = true;
serverAliveInterval = 60;
};
}

537
common/home-manager/features/sway.nix Normal file
View file

@ -0,0 +1,537 @@
{
pkgs,
config,
lib,
...
}: {
imports = [
./cursor.nix
];
# TODO: darkman
wayland.windowManager.sway = let
wpctl = "${pkgs.wireplumber}/bin/wpctl";
xdg-user-dir = "${pkgs.xdg-user-dirs}/bin/xdg-user-dir";
notify-send = "${pkgs.libnotify}/bin/notify-send";
slurp = "${pkgs.slurp}/bin/slurp";
grim = "${pkgs.grim}/bin/grim";
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
swaynag = "${config.wayland.windowManager.sway.package}/bin/swaynag";
swaymsg = "${config.wayland.windowManager.sway.package}/bin/swaymsg";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
mpc = "${pkgs.mpc-cli}/bin/mpc";
fnottctl = "${config.services.fnott.package}/bin/fnottctl";
modifier = "Mod4";
terminal = "${config.programs.foot.package}/bin/foot";
in {
enable = true;
systemd = {
enable = true;
xdgAutostart = true;
};
wrapperFeatures = {
base = true;
gtk = true;
};
# TODO: Remove GTK_THEME
extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND=1
export MOZ_DBUS_REMOTE=1
export QT_QPA_PLATFORM=wayland-egl
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
export _JAVA_AWT_WM_NONREPARENTING=1
export SDL_VIDEODRIVER=wayland
export BEMENU_OPTS='--tb #3971ed --tf #1d1f21 --fb #1d1f21 --ff #c5c8c6 --nb #1d1f21 --nf #c5c8c6 --hb #282a2e --hf #ffffff --sb #1d1f21 --sf #c5c8c6 --scb #373b41 --scf #3971ed --scrollbar autohide --fn monospace --bottom'
export GTK_THEME=Adwaita:dark
export XDG_SESSION_DESKTOP="''${XDG_SESSION_DESKTOP:-sway}"
export SUDO_ASKPASS=${
pkgs.writeShellScript "askpass" ''
echo -n | ${pkgs.bemenu}/bin/bemenu --password --prompt askpass
''
}
export GDK_SCALE=1
'';
config = {
inherit modifier terminal;
startup = [
{command = "${pkgs.dex}/bin/dex --autostart";}
];
# FIXME: Currently done by extraConfig
# defaultWorkspace = "workspace number 1";
gaps = {
smartBorders = "on";
smartGaps = true;
};
window = {
titlebar = false;
commands = [
{
command = "inhibit_idle fullscreen";
criteria.app_id = "mpv";
}
];
};
workspaceAutoBackAndForth = true;
input = {
"type:keyboard" = {
xkb_layout = lib.mkDefault "us";
repeat_rate = "45";
repeat_delay = "250";
};
"type:pointer" = {
accel_profile = "flat";
};
"type:touchpad" = {
tap = "enabled";
natural_scroll = "enabled";
dwt = "enabled";
};
};
bars = [
{
statusCommand = "${config.programs.i3status-rust.package}/bin/i3status-rs ~/.config/i3status-rust/config-default.toml";
command = "${config.wayland.windowManager.sway.package}/bin/swaybar";
position = "top";
trayOutput = "*";
fonts = {
names = ["Iosevka Nerd Font" "monospace"];
style = "Regular";
size = 13.0;
};
colors = {
background = "#000000";
separator = "#121616f4";
statusline = "#121616f4";
focusedWorkspace = {
border = "#3971ed";
background = "#3971ed";
text = "#0e0e0ef0";
};
activeWorkspace = {
border = "#c5c8c6";
background = "#969896";
text = "#0e0e0ef0";
};
inactiveWorkspace = {
border = "#000000";
background = "#000000";
text = "#c5c8c6";
};
urgentWorkspace = {
border = "#cc342b";
background = "#cc342b";
text = "#0e0e0ef0";
};
bindingMode = {
border = "#fba922";
background = "#fba922";
text = "#0e0e0ef0";
};
};
}
];
colors = {
focused = {
border = "#c5c8c6";
background = "#3971ed";
text = "#0e0e0ef0";
indicator = "#3971ed";
childBorder = "#3971ed";
};
focusedInactive = {
border = "#121616f4";
background = "#121616f4";
text = "#c5c8c6";
indicator = "#969896";
childBorder = "#121616f4";
};
unfocused = {
border = "#121616f4";
background = "#0e0e0ef0";
text = "#c5c8c6";
indicator = "#121616f4";
childBorder = "#121616f4";
};
urgent = {
border = "#cc342b";
background = "#cc342b";
text = "#0e0e0ef0";
indicator = "#cc342b";
childBorder = "#cc342b";
};
placeholder = {
border = "#0e0e0ef0";
background = "#0e0e0ef0";
text = "#c5c8c6";
indicator = "#0e0e0ef0";
childBorder = "#0e0e0ef0";
};
background = "#ffffff";
};
floating.criteria = [
{app_id = "neovidefloat";}
{app_id = "mpvfloat";}
{app_id = "footfloat";}
];
keybindings = {
"${modifier}+Shift+q" = "kill";
"${modifier}+d" = "exec ${config.programs.fuzzel.package}/bin/fuzzel";
"${modifier}+Shift+d" = "exec ${pkgs.bemenu}/bin/bemenu-run --no-exec | xargs ${swaymsg} exec --";
"${modifier}+Return" = "exec ${terminal}";
"${modifier}+Shift+Return" = "exec ${terminal} --class footfloat";
"${modifier}+Left" = "focus left";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Right" = "focus right";
"${modifier}+h" = "focus left";
"${modifier}+j" = "focus down";
"${modifier}+k" = "focus up";
"${modifier}+l" = "focus right";
"${modifier}+Shift+Left" = "move left";
"${modifier}+Shift+Down" = "move down";
"${modifier}+Shift+Up" = "move up";
"${modifier}+Shift+Right" = "move right";
"${modifier}+Shift+h" = "move left";
"${modifier}+Shift+j" = "move down";
"${modifier}+Shift+k" = "move up";
"${modifier}+Shift+l" = "move right";
"${modifier}+s" = "layout stacking";
"${modifier}+w" = "layout tabbed";
"${modifier}+e" = "layout toggle split";
"${modifier}+Space" = "focus mode_toggle";
"${modifier}+Shift+Space" = "floating toggle";
"${modifier}+1" = "workspace number 1";
"${modifier}+2" = "workspace number 2";
"${modifier}+3" = "workspace number 3";
"${modifier}+4" = "workspace number 4";
"${modifier}+5" = "workspace number 5";
"${modifier}+6" = "workspace number 6";
"${modifier}+7" = "workspace number 7";
"${modifier}+8" = "workspace number 8";
"${modifier}+9" = "workspace number 9";
"${modifier}+0" = "workspace number 10";
"${modifier}+F1" = "workspace number 11";
"${modifier}+F2" = "workspace number 12";
"${modifier}+F3" = "workspace number 13";
"${modifier}+F4" = "workspace number 14";
"${modifier}+F5" = "workspace number 15";
"${modifier}+F6" = "workspace number 16";
"${modifier}+F7" = "workspace number 17";
"${modifier}+F8" = "workspace number 18";
"${modifier}+F9" = "workspace number 19";
"${modifier}+F10" = "workspace number 20";
"${modifier}+F11" = "workspace number 21";
"${modifier}+F12" = "workspace number 22";
"${modifier}+Shift+1" = "move container to workspace number 1";
"${modifier}+Shift+2" = "move container to workspace number 2";
"${modifier}+Shift+3" = "move container to workspace number 3";
"${modifier}+Shift+4" = "move container to workspace number 4";
"${modifier}+Shift+5" = "move container to workspace number 5";
"${modifier}+Shift+6" = "move container to workspace number 6";
"${modifier}+Shift+7" = "move container to workspace number 7";
"${modifier}+Shift+8" = "move container to workspace number 8";
"${modifier}+Shift+9" = "move container to workspace number 9";
"${modifier}+Shift+0" = "move container to workspace number 10";
"${modifier}+Shift+F1" = "move container to workspace number 11";
"${modifier}+Shift+F2" = "move container to workspace number 12";
"${modifier}+Shift+F3" = "move container to workspace number 13";
"${modifier}+Shift+F4" = "move container to workspace number 14";
"${modifier}+Shift+F5" = "move container to workspace number 15";
"${modifier}+Shift+F6" = "move container to workspace number 16";
"${modifier}+Shift+F7" = "move container to workspace number 17";
"${modifier}+Shift+F8" = "move container to workspace number 18";
"${modifier}+Shift+F9" = "move container to workspace number 19";
"${modifier}+Shift+F10" = "move container to workspace number 20";
"${modifier}+Shift+F11" = "move container to workspace number 21";
"${modifier}+Shift+F12" = "move container to workspace number 22";
Print =
"exec "
+ pkgs.writeShellScript "grabraw" ''
set -e
set -o pipefail
f=$(${xdg-user-dir} PICTURES)/$(date +'screenshot-%Y%m%d-%H%M%S').png
${grim} -t png - | tee -- "$f" | ${wl-copy} --type image/png
${notify-send} --icon "$f" -- "$f copied to clipboard."
'';
"Shift+Print" =
"exec "
+ pkgs.writeShellScript "grabregion" ''
set -e
set -o pipefail
f=$(${xdg-user-dir} PICTURES)/$(date +'screenshot-%Y%m%d-%H%M%S').png
${slurp} | ${grim} -t png -g - - | tee -- "$f" | ${wl-copy} --type image/png
${notify-send} --icon "$f" -- "$f copied to clipboard."
'';
"Control+Shift+Print" =
"exec "
+ pkgs.writeShellScript "grabcolor" ''
set -e
set -o pipefail
c=$(${slurp} -b 00000000 -p | ${grim} -g - - | ${pkgs.imagemagick}/bin/convert - -format '%[pixel:p{0,0}]' txt:- | tail --lines 1 | cut -d ' ' -f 4)
${wl-copy} --type text/plain --trim-newline <<< "$c"
${notify-send} -- "$c copied to clipboard."
'';
"${modifier}+x" = "split h";
"${modifier}+y" = "split v";
"${modifier}+f" = "fullscreen toggle";
"${modifier}+a" = "focus parent";
"${modifier}+c" = "focus child";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart";
"${modifier}+Shift+z" = ''
exec ${swaynag} \
-t warning \
-m 'What do you want to do?' \
-b 'Exit sway' 'systemctl --user stop sway-session.target && ${swaymsg} exit' \
-b 'Shutdown' 'systemctl --user stop sway-session.target && shutdown now' \
-b 'Reboot' 'systemctl --user stop sway-session.target && reboot' \
-b 'Suspend' 'loginctl lock-session && systemctl suspend' \
-b 'Hibernate' 'loginctl lock-session && systemctl hibernate'
'';
"${modifier}+b" = "exec ${fnottctl} dismiss";
"${modifier}+Shift+b" = "exec ${fnottctl} actions";
XF86AudioRaiseVolume = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 1%+";
XF86AudioLowerVolume = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 1%-";
"Shift+XF86AudioRaiseVolume" = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 10%+";
"Shift+XF86AudioLowerVolume" = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 10%-";
XF86AudioMute = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SINK@ 1";
"Shift+XF86AudioMute" = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SINK@ 0";
XF86AudioMicMute = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SOURCE@ 1";
"Shift+XF86AudioMicMute" = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SOURCE@ 0";
"${modifier}+n" = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SINK@ 1";
"${modifier}+Shift+n" = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SINK@ 0";
"${modifier}+m" = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SOURCE@ 1";
"${modifier}+Shift+m" = "exec ${wpctl} set-mute @DEFAULT_AUDIO_SOURCE@ 0";
XF86AudioPause = "exec ${mpc} pause";
XF86AudioPlay = "exec ${mpc} play";
XF86AudioPrev = "exec ${mpc} prev";
XF86AudioNext = "exec ${mpc} next";
XF86MonBrightnessUp = "exec ${brightnessctl} set +1%";
XF86MonBrightnessDown = "exec ${brightnessctl} set 1%-";
"Shift+XF86MonBrightnessUp" = "exec ${brightnessctl} set +10%";
"Shift+XF86MonBrightnessDown" = "exec ${brightnessctl} set 10%-";
"${modifier}+Apostrophe" = "move workspace to output right";
"${modifier}+Minus" = "scratchpad show";
"${modifier}+Shift+Minus" = "move scratchpad";
"${modifier}+Underscore" = "move container to scratchpad";
"${modifier}+Shift+s" = "exec loginctl lock-session";
XF86PowerOff = "exec loginctl lock-session";
"Shift+XF86PowerOff" = "exec systemctl suspend-then-hibernate";
XF86Eject = "exec loginctl lock-session";
"Shift+XF86Eject" = "exec systemctl suspend-then-hibernate";
Pause = "exec loginctl lock-session";
"Shift+Pause" = "exec systemctl suspend-then-hibernate";
"${modifier}+r" = "mode resize";
"${modifier}+g" = "mode gaps";
"${modifier}+p" = "mode mpc";
"${modifier}+i" = "mode microphone";
"${modifier}+t" = "mode clipboard";
"${modifier}+v" = "mode volume";
"${modifier}+u" = "mode brightness";
};
modes = {
resize = {
h = "resize shrink width 1 px or 1 ppt";
j = "resize grow height 1 px or 1 ppt";
k = "resize shrink height 1 px or 1 ppt";
l = "resize grow width 1 px or 1 ppt";
"Shift+h" = "resize shrink width 10 px or 10 ppt";
"Shift+j" = "resize grow height 10 px or 10 ppt";
"Shift+k" = "resize shrink height 10 px or 10 ppt";
"Shift+l" = "resize grow width 10 px or 10 ppt";
Return = "mode default";
Escape = "mode default";
};
volume = {
k = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 1%+";
j = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 1%-";
"Shift+k" = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 10%+";
"Shift+j" = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 10%-";
Return = "mode default";
Escape = "mode default";
};
microphone = {
XF86AudioRaiseVolume = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SOURCE@ 1%+";
XF86AudioLowerVolume = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SOURCE@ 1%-";
"Shift+XF86AudioRaiseVolume" = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SOURCE@ 10%+";
"Shift+XF86AudioLowerVolume" = "exec ${wpctl} set-volume @DEFAULT_AUDIO_SOURCE@ 10%-";
Return = "mode default";
Escape = "mode default";
};
brightness = {
j = "exec ${brightnessctl} set 1%-";
k = "exec ${brightnessctl} set +1%";
Return = "mode default";
Escape = "mode default";
};
clipboard = {
c = "exec ${wl-copy} --clear";
Return = "mode default";
Escape = "mode default";
};
"gaps inner" = {
plus = "gaps inner current plus 1";
minus = "gaps inner current minus 1";
"0" = "gaps inner current set 0";
"Shift+plus" = "gaps inner all plus 1";
"Shift+minus" = "gaps inner all minus 1";
"Shift+0" = "gaps inner all set 0";
Return = "mode default";
Escape = "mode default";
};
"gaps outer" = {
plus = "gaps outer current plus 1";
minus = "gaps outer current minus 1";
"0" = "gaps outer current set 0";
"Shift+plus" = "gaps outer all plus 1";
"Shift+minus" = "gaps outer all minus 1";
"Shift+0" = "gaps outer all set 0";
Return = "mode default";
Escape = "mode default";
};
gaps = {
o = ''mode "gaps outer"'';
i = ''mode "gaps inner"'';
Return = "mode default";
Escape = "mode default";
};
"mpc volume" = {
j = "exec ${mpc} volume -1";
k = "exec ${mpc} volume +1";
"Shift+j" = "exec exec ${mpc} volume -10";
"Shift+k" = "exec exec ${mpc} volume +10";
Return = "mode default";
Escape = "mode default";
};
mpc = {
XF86AudioRaiseVolume = "exec ${mpc} volume +1";
XF86AudioLowerVolume = "exec ${mpc} volume -1";
"Shift+XF86AudioRaiseVolume" = "exec ${mpc} volume +10";
"Shift+XF86AudioLowerVolume" = "exec ${mpc} volume -10";
j = "exec ${mpc} next";
k = "exec ${mpc} prev";
c = "exec ${mpc} toggle";
o = "exec ${mpc} consume on";
"Shift+o" = "exec ${mpc} consume off";
"1" = "exec ${mpc} single on";
"Shift+1" = "exec ${mpc} single off";
r = "exec ${mpc} random on";
"Shift+r" = "exec ${mpc} random off";
p = "exec ${mpc} stop";
s = "exec ${mpc} shuffle";
h = "exec ${mpc} seek -00:00:01";
l = "exec ${mpc} seek +00:00:01";
"Shift+h" = "exec ${mpc} seek -00:00:10";
"Shift+l" = "exec ${mpc} seek +00:00:10";
v = ''mode "mpc volume"'';
Return = "mode default";
Escape = "mode default";
};
# TODO: bind
# wall = {
# s = pkgs.writeShellScript "setwall" ''
# set -euo pipefail
# shopt -s nullglob
# shopt -s globstar
# # select the output first...
# file=$(
# for file in *
# do
# echo "''${file@Q}"
# done | ${pkgs.bemenu}/bin/bemenu --lines 10 --prompt askpass
# )
# if [[ $? != 0 ]]; then
# exit 1
# fi
# '';
# };
};
seat."*".xcursor_theme = "${config.home.pointerCursor.name} ${builtins.toString config.home.pointerCursor.size}";
};
# FIXME: Should be done by defaultWorkspace
extraConfig = ''
workspace number 1
'';
};
}

28
common/home-manager/features/swayidle.nix Normal file
View file

@ -0,0 +1,28 @@
{
pkgs,
config,
...
}: {
services.swayidle = {
enable = true;
events = [
{
event = "lock";
command = "${config.programs.swaylock.package}/bin/swaylock --daemonize";
}
{
event = "before-sleep";
command = "${pkgs.systemd}/bin/loginctl lock-session";
}
];
timeouts = [
{
timeout = 600;
command = "${pkgs.chayang}/bin/chayang && ${pkgs.systemd}/bin/loginctl lock-session && ${config.wayland.windowManager.sway.package}/bin/swaymsg output \\\\* power off";
resumeCommand = "${config.wayland.windowManager.sway.package}/bin/swaymsg output \\\\* power on";
}
];
};
}

18
common/home-manager/features/swaylock.nix Normal file
View file

@ -0,0 +1,18 @@
{
programs.swaylock = {
enable = true;
settings = {
ignore-empty-password = true;
show-failed-attempts = true;
indicator-caps-lock = true;
color = "000000";
ring-color = "111111";
line-color = "00000000";
inside-color = "00000088";
separator-color = "00000000";
key-hl-color = "000033";
indicator-radius = 100;
indicator-thickness = 12;
};
};
}

3
common/home-manager/features/zathura.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.zathura.enable = true;
}

26
common/home-manager/server.nix Normal file
View file

@ -0,0 +1,26 @@
{
pkgs,
inputs,
config,
...
}: {
imports = [
./features/bottom.nix
./features/direnv.nix
./features/fish.nix
./features/git.nix
./features/helix.nix
./features/readline.nix
];
home.packages = with pkgs; [
curl
file
ncdu
netcat-openbsd
procs
progress
pv
rsync
];
}

124
common/nixos/desktop.nix Normal file
View file

@ -0,0 +1,124 @@
{
pkgs,
inputs,
config,
lib,
...
}: {
imports = [
"${inputs.impermanence}/nixos.nix"
./features/avahi.nix
./features/bluetooth.nix
./features/command-not-found.nix
./features/fonts.nix
./features/fwupd.nix
./features/geoclue.nix
./features/greetd.nix
./features/opengl.nix
./features/openssh.nix
./features/pipewire.nix
./features/sops.nix
./features/sudo.nix
./features/swaylock.nix
./features/users.nix
./features/xdpw.nix
];
fileSystems = {
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=8G" "mode=755"];
};
"/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
"/nix" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/persist" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
neededForBoot = true;
};
"/home" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=16G" "mode=777"];
};
"/var/log" = {
device = "/dev/mapper/main";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
};
environment.persistence."/persist" = {
directories = [
"/var/lib"
"/etc/NetworkManager"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
programs.fuse.userAllowOther = true;
boot = {
loader = {
systemd-boot = {
enable = true;
consoleMode = "max";
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain";
kernelParams = ["quiet" "splash" "vm.max_map_count=2147483642"];
kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
};
zramSwap.enable = true;
networking.networkmanager.enable = true;
users.users.lukas.extraGroups = ["networkmanager"];
time.timeZone = lib.mkDefault "Europe/Berlin";
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
console.keyMap = lib.mkDefault "us";
services.xserver.layout = lib.mkDefault "us";
programs.dconf.enable = true;
# TODO
# xdg.portal.xdgOpenUsePortal = true;
environment.systemPackages = with pkgs; [
bibata-cursors
];
}

14
common/nixos/features/avahi.nix Normal file
View file

@ -0,0 +1,14 @@
{
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
}

3
common/nixos/features/bluetooth.nix Normal file
View file

@ -0,0 +1,3 @@
{
hardware.bluetooth.enable = true;
}

3
common/nixos/features/command-not-found.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.command-not-found.enable = false;
}

26
common/nixos/features/fonts.nix Normal file
View file

@ -0,0 +1,26 @@
{pkgs, ...}: {
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-extra
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
(nerdfonts.override {fonts = ["Noto"];})
(nerdfonts.override {fonts = ["Iosevka"];})
];
fontconfig = {
enable = true;
defaultFonts = {
monospace = ["NotoSansMono Nerd Font"];
sansSerif = ["Noto Sans"];
serif = ["Noto Serif"];
emoji = ["Noto Color Emoji"];
};
};
};
}

3
common/nixos/features/fwupd.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.fwupd.enable = true;
}

3
common/nixos/features/geoclue.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.geoclue2.enable = true;
}

10
common/nixos/features/greetd.nix Normal file
View file

@ -0,0 +1,10 @@
{pkgs, ...}: {
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
};
};
};
}

6
common/nixos/features/opengl.nix Normal file
View file

@ -0,0 +1,6 @@
{
hardware.opengl = {
enable = true;
driSupport = true;
};
}

16
common/nixos/features/openssh.nix Normal file
View file

@ -0,0 +1,16 @@
{
services.openssh = {
enable = true;
openFirewall = true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
}

10
common/nixos/features/pipewire.nix Normal file
View file

@ -0,0 +1,10 @@
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
pulse.enable = true;
jack.enable = true;
};
}

6
common/nixos/features/sops.nix Normal file
View file

@ -0,0 +1,6 @@
{inputs, ...}: {
sops.defaultSopsFile = ../../../secrets/default.yaml;
sops.age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
sops.gnupg.sshKeyPaths = [];
}

8
common/nixos/features/sudo.nix Normal file
View file

@ -0,0 +1,8 @@
{
security.sudo = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
extraConfig = ''Defaults lecture="never"'';
};
}

3
common/nixos/features/swaylock.nix Normal file
View file

@ -0,0 +1,3 @@
{
security.pam.services.swaylock = {};
}

29
common/nixos/features/users.nix Normal file
View file

@ -0,0 +1,29 @@
{
inputs,
pkgs,
config,
...
}: {
sops.secrets."users/lukas".neededForUsers = true;
programs.fish.enable = true;
users = {
mutableUsers = false;
users = {
root.hashedPassword = "!";
lukas = {
isNormalUser = true;
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/lukas".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX lukas@glacier"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy lukas@flamingo"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMC6vIcPgOHiAnG1be8IQVePlrsxN/X9PEFJghS6EcOb lukas@scenery"
];
extraGroups = ["wheel"];
};
};
};
nix.settings.allowed-users = [config.users.users.lukas.name];
}

9
common/nixos/features/xdpw.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-wlr
pkgs.xdg-desktop-portal-gtk
];
};
}

99
common/nixos/server.nix Normal file
View file

@ -0,0 +1,99 @@
{
pkgs,
inputs,
config,
lib,
...
}: {
imports = [
(inputs.impermanence + "/nixos.nix")
./features/avahi.nix
./features/command-not-found.nix
./features/openssh.nix
./features/sops.nix
./features/sudo.nix
./features/users.nix
];
fileSystems = {
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=4G" "mode=755"];
};
"/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/main";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/persist" = {
device = "/dev/disk/by-label/main";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
neededForBoot = true;
};
"/home" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=4G" "mode=751"];
neededForBoot = true;
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=16G" "mode=777"];
};
"/var/log" = {
device = "/dev/disk/by-label/main";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
};
environment.persistence."/persist" = {
directories = [
"/var/lib"
"/srv"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
programs.fuse.userAllowOther = true;
boot = {
loader = {
systemd-boot = {
enable = true;
consoleMode = "max";
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
zramSwap.enable = true;
time.timeZone = lib.mkDefault "UTC";
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
console.keyMap = lib.mkDefault "us";
services.xserver.layout = lib.mkDefault "us";
}

48
ffcfg Executable file
View file

@ -0,0 +1,48 @@
#!/usr/bin/env bash
set -eu
shopt -s nullglob
for dir in ~/.mozilla/firefox/*.default ~/.mozilla/firefox/*.default-release ~/.mozilla/firefox/*.dev-edition-default ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*.default ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*.default-release ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*.dev-edition-default; do
cat <<EOF > $dir/user.js
user_pref('signon.prefillForms', false);
user_pref('signon.rememberSignons', false);
user_pref('privacy.webrtc.legacyGlobalIndicator', false);
user_pref('browser.compactmode.show', true);
user_pref('toolkit.legacyUserProfileCustomizations.stylesheets', true);
user_pref('signon.autofillForms', false);
user_pref('signon.formlessCapture.enabled', false);
user_pref('browser.formfill.enable', false);
user_pref('extensions.pocket.enabled', false);
user_pref('browser.newtabpage.activity-stream.showSponsored', false);
user_pref('browser.newtabpage.activity-stream.showSponsoredTopSites', false);
user_pref('browser.newtabpage.activity-stream.feeds.section.topstories', false);
user_pref('browser.newtabpage.activity-stream.feeds.topsites', false);
user_pref('browser.newtabpage.activity-stream.section.highlights.includeBookmarks', false);
user_pref('browser.newtabpage.activity-stream.section.highlights.includeDownloads', false);
user_pref('browser.newtabpage.activity-stream.section.highlights.includeVisited', false);
user_pref('media.ffmpeg.vaapi.enabled', true);
user_pref('media.rdd-vpx.enabled', true);
user_pref('toolkit.telemetry.unified', false);
user_pref('toolkit.telemetry.enabled', false);
user_pref('toolkit.telemetry.server', 'data:,');
user_pref('toolkit.telemetry.archive.enabled', false);
user_pref('toolkit.telemetry.newProfilePing.enabled', false);
user_pref('toolkit.telemetry.shutdownPingSender.enabled', false);
user_pref('toolkit.telemetry.updatePing.enabled', false);
user_pref('toolkit.telemetry.bhrPing.enabled', false);
user_pref('toolkit.telemetry.firstShutdownPing.enabled', false);
user_pref('toolkit.telemetry.coverage.opt-out', true);
user_pref('toolkit.coverage.opt-out', true);
user_pref('toolkit.coverage.endpoint.base', '');
user_pref('browser.ping-centre.telemetry', false);
user_pref('app.shield.optoutstudies.enabled', false);
user_pref('app.normandy.enabled', false);
user_pref('app.normandy.api_url', '');
user_pref('breakpad.reportURL', '');
user_pref('browser.tabs.crashReporting.sendReport', false);
user_pref('browser.crashReports.unsubmittedCheck.autoSubmit2', false);
user_pref("network.http.referer.XOriginPolicy", 1);
user_pref("network.http.referer.XOriginTrimmingPolicy", 0);
EOF
done

132
flake.lock Normal file
View file

@ -0,0 +1,132 @@
{
"nodes": {
"hardware": {
"locked": {
"lastModified": 1694710316,
"narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "570256327eb6ca6f7bebe8d93af49459092a0c43",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1694643239,
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1694622745,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1694767346,
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1693675694,
"narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1693626178,
"narHash": "sha256-Rpiy6lIOu4zny8tfGuIeN1ji9eSz9nPmm9yBhh/4IOM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7dfec93f3b5d7274db109f2990bc889861caf",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"hardware": "hardware",
"home-manager": "home-manager",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1694495315,
"narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

113
flake.nix Normal file
View file

@ -0,0 +1,113 @@
{
description = "My NixOS configuration";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
hardware.url = "github:NixOS/nixos-hardware";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
sops-nix.url = "github:Mic92/sops-nix";
};
outputs = {
self,
nixpkgs,
home-manager,
sops-nix,
...
} @ inputs: let
inherit (self) outputs;
forEachSystem = f:
nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
] (system:
f {
pkgs = import nixpkgs {inherit system;};
});
mkSystem = class: name: args @ {modules ? [], ...}:
nixpkgs.lib.nixosSystem ({
specialArgs = {inherit inputs;};
}
// args
// {
modules =
modules
++ [
({
lib,
config,
...
}: {
nix = {
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
nixpkgs.config.allowUnfree = true;
networking.hostName = lib.mkDefault name;
})
(./common/nixos + "/${class}.nix")
(./nixos + "/${name}")
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
extraSpecialArgs = {inherit inputs;};
users.lukas.imports = [
({config, ...}: {
home.homeDirectory =
nixpkgs.lib.mkDefault "/home/${config.home.username}";
systemd.user.startServices = "sd-switch";
})
(./common/home-manager + "/${class}.nix")
(./home-manager + "/${name}/lukas.nix")
];
};
}
(sops-nix + "/modules/sops")
];
});
setups = {
desktop = {
glacier = {};
flamingo = {};
scenery = {};
};
server = {
abacus = {};
vessel = {};
};
};
in {
formatter = forEachSystem ({pkgs}: pkgs.alejandra);
nixosConfigurations =
nixpkgs.lib.attrsets.mergeAttrsList
(builtins.attrValues (nixpkgs.lib.mapAttrs
(class: configs: (nixpkgs.lib.mapAttrs (mkSystem class) configs))
setups));
};
}

9
home-manager/abacus/lukas.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
home = {
username = "lukas";
packages = with pkgs; [
gitea
];
stateVersion = "23.11";
};
}

66
home-manager/flamingo/lukas.nix Normal file
View file

@ -0,0 +1,66 @@
{pkgs, ...}: {
home = {
username = "lukas";
stateVersion = "23.11";
};
wayland.windowManager.sway = {
config = {
input."type:keyboard".xkb_layout = "de";
output.eDP-1 = {
mode = "1920x1080";
position = "0,0";
background = ''"$(${pkgs.xdg-user-dirs}/bin/xdg-user-dir PICTURES)/sway/primary" fill'';
};
workspaceOutputAssign = [
{
output = "e-DP1";
workspace = "number 1";
}
{
output = "e-DP1";
workspace = "number 2";
}
{
output = "e-DP1";
workspace = "number 3";
}
{
output = "e-DP1";
workspace = "number 4";
}
{
output = "e-DP1";
workspace = "number 5";
}
{
output = "e-DP1";
workspace = "number 6";
}
{
output = "e-DP1";
workspace = "number 7";
}
{
output = "e-DP1";
workspace = "number 8";
}
{
output = "e-DP1";
workspace = "number 9";
}
{
output = "e-DP1";
workspace = "number 10";
}
];
gaps = {
inner = 4;
outer = 6;
};
};
};
}

98
home-manager/glacier/lukas.nix Normal file
View file

@ -0,0 +1,98 @@
{pkgs, ...}: {
home = {
username = "lukas";
packages = with pkgs; [
nvtop-amd
mullvad-vpn
];
stateVersion = "23.11";
};
wayland.windowManager.sway = let
primary = "Acer Technologies XB283K KV 120918F984200";
secondary = "LG Electronics LG HDR 4K 0x00008FEE";
in {
config = {
output.${primary} = {
mode = "3840x2160@144.004Hz";
position = "0,0";
background = ''"$(${pkgs.xdg-user-dirs}/bin/xdg-user-dir PICTURES)/sway/primary" fill'';
};
output.${secondary} = {
mode = "3840x2160@59.997Hz";
position = "3840,-1680";
transform = "90";
background = ''"$(${pkgs.xdg-user-dirs}/bin/xdg-user-dir PICTURES)/sway/secondary" fill'';
};
workspaceOutputAssign = [
{
output = primary;
workspace = "1";
}
{
output = primary;
workspace = "2";
}
{
output = primary;
workspace = "3";
}
{
output = primary;
workspace = "4";
}
{
output = primary;
workspace = "5";
}
{
output = primary;
workspace = "6";
}
{
output = primary;
workspace = "7";
}
{
output = primary;
workspace = "8";
}
{
output = primary;
workspace = "9";
}
{
output = primary;
workspace = "10";
}
{
output = secondary;
workspace = "11";
}
{
output = secondary;
workspace = "12";
}
{
output = secondary;
workspace = "13";
}
{
output = secondary;
workspace = "14";
}
];
gaps = {
inner = 12;
outer = 14;
};
input."Razer Razer DeathAdder V3" = {
pointer_accel = "0.0";
};
};
};
}

66
home-manager/scenery/lukas.nix Normal file
View file

@ -0,0 +1,66 @@
{pkgs, ...}: {
home = {
username = "lukas";
stateVersion = "23.11";
};
wayland.windowManager.sway = {
config = {
input."type:keyboard".xkb_layout = "de";
output.eDP-1 = {
mode = "1920x1080";
position = "0,0";
background = ''"$(${pkgs.xdg-user-dirs}/bin/xdg-user-dir PICTURES)/sway/primary" fill'';
};
workspaceOutputAssign = [
{
output = "e-DP1";
workspace = "number 1";
}
{
output = "e-DP1";
workspace = "number 2";
}
{
output = "e-DP1";
workspace = "number 3";
}
{
output = "e-DP1";
workspace = "number 4";
}
{
output = "e-DP1";
workspace = "number 5";
}
{
output = "e-DP1";
workspace = "number 6";
}
{
output = "e-DP1";
workspace = "number 7";
}
{
output = "e-DP1";
workspace = "number 8";
}
{
output = "e-DP1";
workspace = "number 9";
}
{
output = "e-DP1";
workspace = "number 10";
}
];
gaps = {
inner = 4;
outer = 6;
};
};
};
}

6
home-manager/vessel/lukas.nix Normal file
View file

@ -0,0 +1,6 @@
{pkgs, ...}: {
home = {
username = "lukas";
stateVersion = "23.11";
};
}

81
nixos/abacus/default.nix Normal file
View file

@ -0,0 +1,81 @@
{
lib,
pkgs,
inputs,
config,
self,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./gitea.nix
./hiraeth.nix
./navidrome.nix
./vaultwarden.nix
./woodpecker.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"];
system.stateVersion = "23.11";
powerManagement.cpuFreqGovernor = "performance";
networking = {
interfaces.enp1s0.ipv6.addresses = [
{
address = "2a01:4f8:c012:24ed::2";
prefixLength = 64;
}
];
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
firewall.allowedTCPPorts = [80 443];
};
security.acme = {
defaults.email = "lukas@wrz.one";
acceptTerms = true;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"wrz.one" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/srv/http/wrz.one";
};
};
"defenestrated.systems" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/srv/http/defenestrated.systems";
};
};
"static.defenestrated.systems" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/srv/http/static.defenestrated.systems";
};
};
};
};
}

43
nixos/abacus/gitea.nix Normal file
View file

@ -0,0 +1,43 @@
{config, ...}: let
fqdn = "git.defenestrated.systems";
in {
services.nginx.virtualHosts.${fqdn} = {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
};
};
services.gitea = {
enable = true;
appName = "git.defenestrated.systems";
database.type = "postgres";
settings = {
server = {
ROOT_URL = "https://${fqdn}/";
HTTP_PORT = 8020;
DOMAIN = fqdn;
DISABLE_REGISTRATION = true;
};
};
lfs.enable = true;
};
services.postgresql = {
enable = true;
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = ''
gitea-users gitea gitea
'';
};
}

116
nixos/abacus/hiraeth.nix Normal file
View file

@ -0,0 +1,116 @@
{
pkgs,
config,
lib,
...
}: let
hiraeth = let
version = "1.1.1";
in
pkgs.callPackage pkgs.buildGoModule {
pname = "hiraeth";
inherit version;
src = pkgs.fetchFromGitHub {
owner = "lukaswrz";
repo = "hiraeth";
rev = "v${version}";
hash = "sha256-GPDGwrYVy9utp5u4iyf0PqIAlI/izcwAsj4yFStYmTE=";
};
vendorSha256 = "sha256-bp9xDB7tplHEBR1Z+Ouks2ZwcktAhaZ/zSSPcu7LWr8=";
};
in {
services.nginx.virtualHosts."share.defenestrated.systems" = {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8010";
};
};
users = {
users = {
hiraeth = {
isSystemUser = true;
group = config.users.groups.hiraeth.name;
};
};
groups.hiraeth = {};
};
systemd.services.hiraeth = {
description = "Hiraeth File Sharing Service";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = rec {
Type = "simple";
User = config.users.users.hiraeth.name;
Group = config.users.groups.hiraeth.name;
# DynamicUser = true;
StateDirectory = "hiraeth";
StateDirectoryMode = "0700";
UMask = "0077";
WorkingDirectory = "/var/lib/hiraeth";
ExecStart = "${hiraeth}/bin/hiraeth run";
Restart = "on-failure";
TimeoutSec = 15;
ReadOnlyPaths = "/etc/hiraeth/hiraeth.toml";
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
ProtectHome = "read-only";
PrivateTmp = true;
PrivateUsers = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
};
};
sops.secrets."hiraeth/session_secret" = {
mode = "0400";
owner = config.users.users.hiraeth.name;
group = config.users.users.hiraeth.group;
};
environment.etc."hiraeth/hiraeth.toml" = let
settings = {
address = "localhost:8010";
name = "hiraeth";
data = "data";
database_file = "hiraeth.db";
trusted_proxies = [
"127.0.0.1"
];
inline_types = [
"image/png"
"image/jpeg"
"application/pdf"
];
session_secret_file = config.sops.secrets."hiraeth/session_secret".path;
chunk_size = 8388608;
};
settingsFormat = pkgs.formats.toml {};
settingsFile = settingsFormat.generate "hiraeth.toml" settings;
in {
source = settingsFile;
mode = "0440";
user = config.users.users.hiraeth.name;
group = config.users.users.hiraeth.group;
};
}

28
nixos/abacus/navidrome.nix Normal file
View file

@ -0,0 +1,28 @@
{config, ...}: let
musicDir = "/srv/music";
in {
services.navidrome = {
enable = true;
settings = {
Address = "127.0.0.1";
Port = 8040;
MusicFolder = musicDir;
};
};
services.nginx.virtualHosts."music.defenestrated.systems" = {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:${builtins.toString config.services.navidrome.settings.Port}";
};
};
fileSystems.${musicDir} = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = ["subvol=music" "compress=zstd" "noatime"];
};
}

20
nixos/abacus/vaultwarden.nix Normal file
View file

@ -0,0 +1,20 @@
{config, ...}: {
services.vaultwarden = {
enable = true;
config = {
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8000;
};
};
services.nginx.virtualHosts."vault.defenestrated.systems" = {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
}

162
nixos/abacus/woodpecker.nix Normal file
View file

@ -0,0 +1,162 @@
{
config,
pkgs,
lib,
...
}: let
giteaSecretFile = config.sops.secrets."woodpecker/gitea".path;
sharedSecretFile = config.sops.secrets."woodpecker/shared".path;
port = 3030;
rpcPort = 3031;
in {
sops.secrets."woodpecker/gitea" = {};
sops.secrets."woodpecker/shared" = {};
services.postgresql = {
enable = true;
ensureDatabases = ["woodpecker"];
ensureUsers = [
{
name = "woodpecker";
ensurePermissions = {
"DATABASE woodpecker" = "ALL PRIVILEGES";
};
}
];
};
services.nginx.virtualHosts."woodpecker.defenestrated.systems" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:${builtins.toString port}/";
};
services = {
woodpecker-server = {
enable = true;
environment = {
WOODPECKER_HOST = "https://woodpecker.defenestrated.systems";
WOODPECKER_OPEN = "false";
WOODPECKER_GITEA = "true";
WOODPECKER_GITEA_CLIENT = "true";
WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL;
WOODPECKER_ADMIN = "lukaswrz";
WOODPECKER_DATABASE_DRIVER = "postgres";
WOODPECKER_DATABASE_DATASOURCE = "postgres:///woodpecker?host=/run/postgresql";
WOODPECKER_SERVER_ADDR = ":${builtins.toString port}";
WOODPECKER_GRPC_ADDR = ":${builtins.toString rpcPort}";
WOODPECKER_LOG_LEVEL = "debug";
};
};
woodpecker-agents = {
agents.exec = {
enable = true;
environment = {
WOODPECKER_SERVER = "localhost:${toString rpcPort}";
WOODPECKER_MAX_WORKFLOWS = "10";
WOODPECKER_BACKEND = "local";
WOODPECKER_FILTER_LABELS = "type=exec";
WOODPECKER_HEALTHCHECK = "false";
NIX_REMOTE = "daemon";
PAGER = "cat";
};
environmentFile = [sharedSecretFile];
};
agents.docker = {
enable = true;
environment = {
WOODPECKER_SERVER = "localhost:${toString rpcPort}";
WOODPECKER_MAX_WORKFLOWS = "10";
WOODPECKER_BACKEND = "docker";
WOODPECKER_FILTER_LABELS = "type=docker";
WOODPECKER_HEALTHCHECK = "false";
};
environmentFile = [sharedSecretFile];
extraGroups = ["docker"];
};
};
};
systemd.services.woodpecker-server = {
serviceConfig = {
# Set username for database access
User = "woodpecker";
BindPaths = [
# Allow access to the database path
"/run/postgresql"
];
# Why is services.woodpecker-server.environmentFile just a single path?
EnvironmentFile = [giteaSecretFile sharedSecretFile];
};
};
# Adjust exec runner service for Nix
systemd.services.woodpecker-agent-exec = {
# Might break deployment
restartIfChanged = false;
path = with pkgs; [
woodpecker-plugin-git
bash
coreutils
git
git-lfs
gnutar
gzip
nix
];
serviceConfig = {
# Same option as upstream, without @setuid
SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";
BindPaths = [
"/nix/var/nix/daemon-socket/socket"
"/run/nscd/socket"
];
BindReadOnlyPaths = [
"/etc/passwd:/etc/passwd"
"/etc/group:/etc/group"
"/etc/nix:/etc/nix"
"${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
"/etc/machine-id"
# Channels are dynamic paths in the nix store, therefore we need to bind mount the whole thing
"/nix/"
];
};
};
virtualisation.docker.enable = true;
# Adjust Docker runner service for Nix
systemd.services.woodpecker-agent-docker = {
after = ["docker.socket"];
# Might break deployment
restartIfChanged = false;
serviceConfig = {
BindPaths = [
"/var/run/docker.sock"
];
};
};
}

32
nixos/features/flatpak.nix Normal file
View file

@ -0,0 +1,32 @@
{
pkgs,
config,
...
}: {
services.flatpak.enable = true;
# Workaround for https://github.com/NixOS/nixpkgs/issues/119433
system.fsPackages = [pkgs.bindfs];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = ["ro" "resolve-symlinks" "x-gvfs-hide"];
};
# TODO
# aggregatedIcons = pkgs.buildEnv {
# name = "system-icons";
# paths = config.environment.systemPackages;
# pathsToLink = [ "/share/icons" ];
# };
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.packages;
pathsToLink = ["/share/fonts"];
};
in {
# "/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons";
"/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons";
"/usr/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts";
};
}

3
nixos/features/opentabletdriver.nix Normal file
View file

@ -0,0 +1,3 @@
{
hardware.opentabletdriver.enable = true;
}

9
nixos/features/printing.nix Normal file
View file

@ -0,0 +1,9 @@
{
services = {
printing = {
enable = true;
webInterface = false;
};
system-config-printer.enable = true;
};
}

12
nixos/features/steam.nix Normal file
View file

@ -0,0 +1,12 @@
{
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
programs.gamescope = {
enable = true;
capSysNice = true;
};
}

33
nixos/flamingo/default.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
pkgs,
inputs,
config,
self,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.hardware.nixosModules.lenovo-thinkpad-t480
../features/flatpak.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
kernelModules = ["kvm-intel"];
};
hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
system.stateVersion = "23.11";
powerManagement.cpuFreqGovernor = "powersave";
console.keyMap = "de";
services.xserver.layout = "de";
}

53
nixos/glacier/default.nix Normal file
View file

@ -0,0 +1,53 @@
{
pkgs,
inputs,
config,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.hardware.nixosModules.common-cpu-amd
inputs.hardware.nixosModules.common-gpu-amd
inputs.hardware.nixosModules.common-pc-ssd
../features/flatpak.nix
../features/opentabletdriver.nix
../features/printing.nix
../features/steam.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd = {
availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = ["amdgpu"];
};
kernelModules = ["kvm-amd"];
binfmt.emulatedSystems = ["aarch64-linux"];
};
hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;
system.stateVersion = "23.11";
powerManagement.cpuFreqGovernor = "performance";
services.printing.drivers = with pkgs; [
epson-escpr
epson-escpr2
];
services.mullvad-vpn.enable = true;
services.xserver = {
enable = true;
layout = "us";
libinput.enable = true;
windowManager.i3.enable = true;
displayManager.startx.enable = true;
};
}

29
nixos/scenery/default.nix Normal file
View file

@ -0,0 +1,29 @@
{
pkgs,
inputs,
config,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.hardware.nixosModules.lenovo-thinkpad-x260
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
kernelModules = ["kvm-intel"];
};
hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
system.stateVersion = "23.11";
powerManagement.cpuFreqGovernor = "powersave";
console.keyMap = "de";
services.xserver.layout = "de";
}

27
nixos/vessel/backup.nix Normal file
View file

@ -0,0 +1,27 @@
{pkgs, ...}: {
systemd.timers.local-backup = {
description = "Local rsync Backup";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 00:00:00";
Persistent = true;
Unit = "rsync-backup.service";
};
};
systemd.services.local-backup = {
description = "Local rsync Backup";
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.rsync}/bin/rsync --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/'';
User = "root";
Group = "root";
};
};
fileSystems."/srv/backup" = {
device = "/dev/disk/by-label/backup";
fsType = "btrfs";
options = ["subvol=main" "compress=zstd" "noatime"];
};
}

38
nixos/vessel/default.nix Normal file
View file

@ -0,0 +1,38 @@
{
lib,
pkgs,
inputs,
config,
self,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.hardware.nixosModules.common-cpu-intel
inputs.hardware.nixosModules.common-gpu-intel
inputs.hardware.nixosModules.common-pc-ssd
./backup.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = ["kvm-intel"];
};
hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
system.stateVersion = "23.11";
powerManagement.cpuFreqGovernor = "performance";
fileSystems."/srv/storage" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = ["subvol=main" "compress=zstd" "noatime"];
};
}

72
secrets/default.yaml Normal file
View file

@ -0,0 +1,72 @@
users:
lukas: ENC[AES256_GCM,data:ZWqn13HJAjUTENyhIm9V2VwPxFn6w936vE+iJCl/siozbtl844elAIDyMq3o+rjDshQrF/zbP13CWsdhG4HBmQVAN+kekNYzsB9eNKRJbPRoBDn1WY7CQaTg+nSpxs369hjiqIk5rJN7qQ==,iv:CMNhONeR1dtsR5Et3CqrphiNJA6Pm9DGsdjEEMP33ew=,tag:APEIninRHTwegf5MdaPhsA==,type:str]
woodpecker:
gitea: ENC[AES256_GCM,data:UHXxNfwjwFe4W36gt1o7JAYwqjwRAkYhZzM5OvEqXcfwhrZ0W46WqnrKLtPIjBsOajQiysqk0VpHmNGbxcSAUU6CQ0mcRCT5l6wte5lyIba6GCqiKxn+M7bqBhLFm0Yn9bFnoNm+QRiOCsvglMGdxZlQwJgS2XRkiMIRg6bB2QqcXbXtcw7w79H7smZjgA==,iv:Jz4qkB/XVcrN05LIFNXq1lPLD45mxKRc1ioqn8wf1xg=,tag:mLX2Lryo4dl3+L8WJwUYdw==,type:str]
shared: ENC[AES256_GCM,data:plxZCJOZ3GkBcHkek7tZJoqIoJjNYjLeyeqUXelumn6wa8rvWiBA4Ji3MVg++xVW9ZxxHjFAxfOi,iv:r3lC9qC02mG8sJ/a3avBfxszwtdULt0DF2iGcN4wrjY=,tag:rsXE2xoVjbDZmzOLX1MM6A==,type:str]
hiraeth:
session_secret: ENC[AES256_GCM,data:ZjKWkpN19sZ9MvrsHQnb8oIDsg4MEIFoGEpWPegMRfAfvZU5WDmwb7+A6VrluqFCGErfLQ8/q0cTTBybdqbDtA==,iv:/iUel/2DzAmjHH1OIascoP0wfuTxaRTIDalVCjfUNss=,tag:xJYh7Hv22+cE34gNJ0ABkA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17nt4yca38wrlptapekwmkrjx232cruygty82qhvz3t7g7z4jq9fshdglks
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpLzdCU1ZqQlo1TnFwRDZp
dkJyUEZlSnVMaG1kelZIR0FGRUNKV0JtQ1RVCkZ6RDFmU0txejBCZjUvOTRrMWkz
dTlFaEoxOU9lZ29vaVVKQ3BzMjdyanMKLS0tIFRzWFFPY3ZCL0lMY3ZVNDFKTW5n
VnQ1MHd3dmFUWTc0Rnh2Q095SjhXdTQKKD5UWbzyodQ53CT08eJe/9ZyZawgEFU8
GSP4ItGIh6mfCssZoQ5P4rS2H8x+ycSaz2rLD9q3p1RDP9QQBnPovw==
-----END AGE ENCRYPTED FILE-----
- recipient: age190zn56uqtemazc4fjtc649h7634hl9zh6jzrmq478y2t94x8vswqv5q3j8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdEs2ZVlZcWJCM0JGcnB4
aGhRY3ZWcEo3Z1h0N3ZTd2VvTjJ4cmVpcldVCnY4MTJiSjJHZThabTE4RTZmeWRL
WWp2UC9jRTRLcEtmWmMvYWllOENWcmcKLS0tIHhhL0FOODh5Sm1ldmhVMGxJVGRw
dUUyM0VSQVFtQTVNVzNibWRqWk1TM0UKpYfwcLOwAk/VkfmciLuMekGlHe+Bzn3a
hatmpeAGc7Kmkb1hDjhweq/MEIKtIamm0vYnmOmOwA1U94+7UkB79Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p55v299rqjg7ltz3h3suq2efrgsntn2ej9lzljw9prkx50x7hd4s7cnfcc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWc2NXUUZ0cHRmVTlhV3p2
dHNGa1FWRzFneUlSSmJzeHhuV0QxSXlCN1ZvCjJTaWZhOGFUYmRidXZwR00vSTQ5
MUw4TkhTaE1lU1UzQTh3UUJla0crSm8KLS0tIGFNNXRJZkRJRTdpZEZUZmJaTEpV
NWdSM0hmcHpId2RiRDFKUGNDZE0rUW8KqZttjrJXXdOYSfe0hbLkQHCOXf81NoCi
6he+/81wLsQSvkFRD5KrjQKcs9FzxggG/pHhSv408VGD/3gFRxjTtg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nxr8lyst9eleuu9dyrnlwps8xschps42tfzwxfyvyy32n75rssfsayj52j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNHJoQUJqRTZRbWo5V21p
blhBMFExby95NTdGUy8rck13SzlIRHRKZzAwCjRDeEV6K3pjUnVqM1NtQ3BzUGZo
RGt5RkcyU3FiVllUU3drMEszNHpPRTQKLS0tIHJaSERKQjJEaW1oRCtGc2dlUXpL
bWxreFI2ZDlTR3VBNUppZTNiU2E2NzAK2tcBp5tEtwvV5qQlcSp3W3svkz3DyPsv
JiOoh+BOQz2MMaIFfTUwwMuIrROwtQlXu38vfle6ANFS0BYvJqsrtw==
-----END AGE ENCRYPTED FILE-----
- recipient: age15hmzz0mdrrtlrxwdyv7wfwfs58vzcyg3esnf5ccu5vlg83a8aq6sqp95dv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUmZaTDgvNCttOXhFZW9t
SkxBekZnZkM3aXB1MUdkcmdkWWhGRzJjVGdRCklRdzNRMTFINHVmajFlR2JSdGZI
eDM3dk00K243QWU0NFVxUDRUNm9FdXMKLS0tIDc5WGhUb0l5WE83ZWxmOERqTW1j
QStSd0Zaa1dIbHg0LysrTGgyMUdLUHMKXt0WQnMFH0z6rfTGC5isM3U1GQsEB+DR
GhzgI8mycdd0HQWxiFUAL+Wj5hhw2O+EZDigQ4Ky9/Wmee1jyH1T5g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fvn3rex66xczhard8dcx0s38xdegvguyaepytu6kh9hndhheqqwqcgnc3y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVWwwcXFJb2lwbjhuZGF6
eUFuSzhaWWFMdmFjV25sQ1hHRFF5Z2R5MEdrCmJXdWlsb1BGakN5ZWxyVUppcGky
ZjRJbEFQdE02azNFcGszMVVLemxxeEEKLS0tIGpUZTZ3ZThid1U4YzdyM1F3L3gz
VUZ6QitucE1OVTdobHhrK3B5TGljS2sKalCwO2GBQHXmb2NLdsdtzr8u0EaMjxSL
WDPXbOYfJ66BwqmnbW7zMiTDf21OKrZAvcbwtoZ3CtJvs5D6I9ygdw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-04T19:08:24Z"
mac: ENC[AES256_GCM,data:X4SOdGY/MiD28vhbWzDRYUb4pvafB3rpaUyZhJTuadPCDqs8zVvL8A2hJWZlscgW/SSKC9Pn4HBFRejCEvbClAPzbbbdbiq7M+YEvPFwDzZO76iQbHNBYYah56A7uX3xXwYt6l3p2Vms2HeQ/TbpVxtCERM3TU33nlWdfKVdOcU=,iv:HPw4ROPsoMHi8soZokA7SKLLhBqAeplsxjeiwF4/Tvs=,tag:lOJi50HYLP2J+wH2SFOySQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3