feat: added simons computer

This commit is contained in:
Patrick Großmann 2023-10-06 22:01:50 +02:00
parent b4e3de019d
commit 7eba9a91c3
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
29 changed files with 369 additions and 162 deletions

View file

@ -9,3 +9,7 @@ system = "x86_64-linux"
[testienix]
type = "nixos"
system = "x86_64-linux"
[gojo]
type = "nixos"
system = "x86_64-linux"

View file

@ -21,6 +21,7 @@
../../modules/hardware/zfs.nix
../../modules/optional/streamdeck.nix
../../modules/optional/steam.nix
../../modules/optional/printing.nix
./net.nix
@ -33,4 +34,8 @@
applications = 10;
desktop = 10;
};
services.xserver = {
layout = "de";
xkbVariant = "bone";
};
}

37
hosts/gojo/default.nix Normal file
View file

@ -0,0 +1,37 @@
{inputs, ...}: {
imports = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
../../modules/config
../../modules/dev
../../modules/graphical
../../modules/optional/wayland.nix
../../modules/optional/printing.nix
../../modules/hardware/bluetooth.nix
../../modules/hardware/laptop.nix
../../modules/hardware/intel.nix
../../modules/hardware/physical.nix
../../modules/hardware/pipewire.nix
../../modules/hardware/yubikey.nix
../../modules/hardware/zfs.nix
./net.nix
./fs.nix
../../users/simon
];
stylix.fonts.sizes = {
#terminal = 9;
#applications = 9;
#desktop = 8;
};
services.xserver = {
layout = "de";
xkbVariant = "bone";
};
}

31
hosts/gojo/fs.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
...
}: {
disko.devices = {
disk = {
ssd = {
type = "disk";
device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.ssd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partEfiBoot "boot" "0%" "260MB")
{
name = "rpool";
content = {
type = "zfs";
pool = "rpool";
};
}
];
};
};
};
zpool = with lib.disko.zfs; {
rpool = defaultZpoolOptions // {datasets = defaultZfsDatasets;};
};
};
}

24
hosts/gojo/net.nix Normal file
View file

@ -0,0 +1,24 @@
{config, ...}: {
networking = {
inherit (config.secrets.secrets.local.networking) hostId;
wireless.iwd.enable = true;
};
systemd.network.networks = {
"01-wlan1" = {
DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan1.mac;
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
dns = ["9.9.9.9"];
dhcpV4Config.RouteMetric = 40;
dhcpV6Config.RouteMetric = 40;
};
};
age.secrets.eduroam = {
rekeyFile = ./secrets/iwd/eduroam.8021x.age;
path = "/var/lib/iwd/eduroam.8021x";
};
}

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+6isyj+sdzilpFSgGjw3xUfoJ1s307OJGcuzmgJL+L

View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 MSoPX4OdgG4U6vy/h/jxZm92rHvCsBpWP1Zos9YllnQ
lMvG+1fcjOYHMHcijXRc48abED84Oah6+fk7urzEG+4
-> piv-p256 XTQkUA Aq/klJgP/adjAzEw+pKLGKpOrKMmclR+Xmm3RxgQgUo/
GV/W3HDUmtN02jnvfvD7UXh9UMdJ1Ltz6W0wwgDvHIQ
-> piv-p256 ZFgiIw AwFF4EN/T9TbK28fs+8fIa2wN5gUakyDgghsBMYX1BdA
EUC+bLyxGoDVDs8aWmRAMvC4rLKbnXNYnbFjyosLcto
-> piv-p256 ZFgiIw A5ze05tNTc29RPCkQKdT1TAFXa6FTM3jTqA7G6RdkdE7
SIDa/+XA2BYYhQo/NmTIBzdI98qeR1S+brEpMeZcbjg
-> IN-grease q\uVB2D yBs<F"
MMm9GIizKfszC0a0ttPhtazDCmFx+kqXuq4x8Msn56toKcf+BH3U2AknvEUiU60W
sAMl7iF0FAtz/vFUQHzy0JoVmUU+JbpiwvyzarTXFk1aDA+8UpqfLQF2eGHOrPrP
2l28
--- ADJ4te4e9f4Cwn33SQyV7W+8nIE8rGXnmmSuYoK5V0o
:ühO·WÖX¾ÐÁÂó<C382>Ôs<C394>ƦvŸüšH^îËc" ¹ÍÊÝy óºw\6;è6†éºÃIWºó<C2BA>°/ͤOs™ìO/gçôÊ-è€Öú«Ÿò1,B<>«¶A^ŒËkX%I ñ¸{ÌÈ/\0Q¿Î(ƒ>èås˜< 0×'ŠÖð²Vlv~þ.Ipò ;3¯láSq5?iòmWÈÿ

View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> X25519 29dkc7hDdIF0WnDMscLV44WyZIocAqiQEZsu4qpGR1k
UcO+A4GRvg2Du6JEizM8adE7HeVYIbSHvqIRL0LBAzU
-> piv-p256 XTQkUA A5GOk6W/CsN/iTT5pq+fXOVdRzmhGgKQh89kgGSmyJaX
Bd6OVbPo5jGKkPrAIz3n0wreAo0irTaTo60HZmc9p20
-> piv-p256 ZFgiIw A32mnPlkfGdRVTl/q8lidzI5lxO/p1hadzGaU+9XPvxZ
AORovrBpmrKBD5KMSrfgIa/ZSk9Ur4fSkZPsVGHZTr0
-> piv-p256 ZFgiIw Az7quPRpH8atLhpbJZqF7BcsrDCjRaehyODHkxsT7PjE
IJFR1jboqJ6lPY/eMzo983CLxSKMzsD6Xv4xovrdiYw
-> !@G-grease !VtW( [FHy {8H|#0^p zn?f
s38TB0uwu5Jf4FhRuSugdJjqykO+qdk7iqLzgnF+rFDl6nTCDYSogpIXmOU6pUnb
LFMeypy0UjGFGFJDgU++BSJq5Ry7
--- IR3ffCZ/b1Ial7oKk1YmySRYEayoXN1CZcxnVEEpgGM
W͉£Z}ñ:<3A>úeí8[Ï4òwú
,æM%ç·ÀI6ïâÆ=€pžŒ¯oYÅäº#¥NläIøÈs¨XD= Ø~
u.OÏ•} :!ÿÜcÕeâ¬樽͠žÏ¾•|t°tÆ¢Sà‡fœ/¬ŽÉ<>D>ªœôn=ŒË>U°t.C“ÑÃGK¬T­p9ÎBäê­Ð'Þò<16>hø…cEÐã㎦(

View file

@ -23,6 +23,7 @@
../../modules/hardware/zfs.nix
../../modules/hardware/prime-offload.nix
../../modules/optional/steam.nix
./net.nix
./fs.nix
@ -36,4 +37,8 @@
desktop = 8;
};
hidpi = true;
services.xserver = {
layout = "de";
xkbVariant = "bone";
};
}

View file

@ -22,6 +22,17 @@
dhcpV4Config.RouteMetric = 10;
dhcpV6Config.RouteMetric = 10;
};
"02-lan1" = {
DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.lan2.mac;
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
dns = ["9.9.9.9"];
dhcpV4Config.RouteMetric = 10;
dhcpV6Config.RouteMetric = 10;
};
"01-wlan1" = {
DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan1.mac;

View file

@ -38,10 +38,6 @@
time.timeZone = lib.mkDefault "Europe/Berlin";
i18n.defaultLocale = "C.UTF-8";
services.xserver = {
layout = "de";
xkbVariant = "bone";
};
console = {
font = "ter-v28n";
packages = with pkgs; [terminus_font];

View file

@ -79,11 +79,10 @@ in {
# are assertions in place warning you
home =
{
patrick = "/home/patrick";
root = "/root";
}
.${user}
or {};
or "/home/${user}";
files = mkUserFiles sourceCfg.files;
directories = mkUserDirs sourceCfg.directories;
};

View file

@ -4,7 +4,7 @@
./shells/zsh
./shells/pager.nix
./programs/gpg
./programs/gpg.nix
];
programs.bat.enable = true;

View file

@ -74,7 +74,7 @@ let
++ output "DP-1" ["j" "d" "u" "a"];
}
.${nixosConfig.node.name}
or {};
or [];
keybindings =
(lib.attrsets.mergeAttrsList (map (x: (let

View file

@ -1,6 +1,7 @@
{
config,
lib,
nixosConfig,
...
}: {
home.persistence."/state" = {
@ -24,6 +25,10 @@
".local/share/nvim"
".local/state/nvim"
".cache/nvim"
]
++ optionals nixosConfig.services.pipewire.enable [
# persist sound config
".local/state/wireplumber"
];
};
}

View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
{
home = {
sessionVariables = {
# Firefox touch support
@ -10,119 +10,7 @@
MOZ_DISABLE_RDD_SANDBOX = 1;
};
};
programs.firefox = let
betterfox = pkgs.fetchFromGitHub {
owner = "yokoffing";
repo = "Betterfox";
rev = "116.1";
hash = "sha256-Ai8Szbrk/4FhGhS4r5gA2DqjALFRfQKo2a/TwWCIA6g=";
};
in {
enable = true;
profiles.patrick = {
userChrome = ''
#TabsToolbar {
visibility: collapse;
}
#titlebar {
margin-bottom: !important;
}
#titlebar-buttonbox {
height: 32px !important;
}
'';
extraConfig = builtins.concatStringsSep "\n" [
(builtins.readFile "${betterfox}/Securefox.js")
(builtins.readFile "${betterfox}/Fastfox.js")
(builtins.readFile "${betterfox}/Peskyfox.js")
];
settings = {
# user chrome soll funzen
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
# nvidia hardware video decode
# https:#github.com/elFarto/nvidia-vaapi-driver
"media.ffmpeg.vaapi.enabled" = true;
"media.rdd-ffmpeg.enabled" = true;
"gfx.x11-egl.force-enabled" = true;
# enable if grapics card support av1
"media.av1.enabled" = false;
"widget.dmabuf.force-enabled" = true;
# General
"browser.toolbars.bookmarks.visibility" = "never"; # Never show the bookmark toolbar
"intl.accept_languages" = "en-US,en";
"browser.startup.page" = 3; # always resume session on restart
"privacy.clearOnShutdown.history" = false; # persist history pls
"devtools.chrome.enabled" = true; # enable js in the dev console
"browser.tabs.crashReporting.sendReport" = false; # don't send crash reports
"accessibility.typeaheadfind.enablesound" = false; # No sound in search windows pls
"general.autoScroll" = true;
# Privacy
"privacy.donottrackheader.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"privacy.userContext.enabled" = true;
"privacy.userContext.ui.enabled" = true;
# Firefox shall not test option changes on me pls
"app.normandy.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"beacon.enabled" = false;
"device.sensors.enabled" = false;
"geo.enabled" = false;
# enable ech
"network.dns.echconfig.enabled" = true;
#disable all telemetry
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.enabled" = false; # enforced by nixos
"toolkit.telemetry.server" = "";
"toolkit.telemetry.unified" = false;
"extensions.webcompat-reporter.enabled" = false; # don't report compability problems to mozilla
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"browser.ping-centre.telemetry" = false;
"browser.urlbar.eventTelemetry.enabled" = false; # (default)
# no firefox passwd manager
"browser.contentblocking.report.lockwise.enabled" = false;
"browser.uitour.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
# no encrypted media extension pls
"media.eme.enabled" = false;
"browser.eme.ui.enabled" = false;
"browser.urlbar.speculativeConnect.enabled" = false;
"dom.battery.enabled" = false; # no battery for you
};
search = {
force = true;
default = "kagi";
engines = {
"Bing".metaData.hidden = true;
"Amazon.com".metaData.hidden = true;
"Google".metaData.hidden = true;
"kagi" = {
iconUpdateURL = "https://kagi.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # update every day
urls = [
{
template = "https://kagi.com/search";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
};
};
};
};
};
programs.firefox.enable = true;
home.persistence."/state".directories = [
".cache/mozilla"
".mozilla"

View file

@ -7,16 +7,6 @@
programs.gpg = {
enable = true;
scdaemonSettings.disable-ccid = true;
publicKeys = [
{
source = ./pubkey.gpg;
trust = 5;
}
{
source = ./newpubkey.gpg;
trust = 5;
}
];
settings = {
# https://github.com/drduh/config/blob/master/gpg.conf
# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html

View file

@ -7,8 +7,6 @@
}:
lib.optionalAttrs (!minimal) {
imports = [
../../modules/optional/steam.nix
./impermanence.nix
];
users.users.patrick = {
@ -47,6 +45,9 @@ lib.optionalAttrs (!minimal) {
[
./patrick.nix
./ssh.nix
./firefox.nix
./gpg
./impermanence.nix
../common
../common/impermanence.nix
@ -64,7 +65,7 @@ lib.optionalAttrs (!minimal) {
++ {
"desktopnix" = [
../common/graphical/Xorg
#../common/programs/streamdeck.nix
#./streamdeck.nix
./smb.nix
];
"patricknix" = [

114
users/patrick/firefox.nix Normal file
View file

@ -0,0 +1,114 @@
{pkgs, ...}: {
programs.firefox = let
betterfox = pkgs.fetchFromGitHub {
owner = "yokoffing";
repo = "Betterfox";
rev = "116.1";
hash = "sha256-Ai8Szbrk/4FhGhS4r5gA2DqjALFRfQKo2a/TwWCIA6g=";
};
in {
profiles.patrick = {
userChrome = ''
#TabsToolbar {
visibility: collapse;
}
#titlebar {
margin-bottom: !important;
}
#titlebar-buttonbox {
height: 32px !important;
}
'';
extraConfig = builtins.concatStringsSep "\n" [
(builtins.readFile "${betterfox}/Securefox.js")
(builtins.readFile "${betterfox}/Fastfox.js")
(builtins.readFile "${betterfox}/Peskyfox.js")
];
settings = {
# user chrome soll funzen
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
# nvidia hardware video decode
# https:#github.com/elFarto/nvidia-vaapi-driver
"media.ffmpeg.vaapi.enabled" = true;
"media.rdd-ffmpeg.enabled" = true;
"gfx.x11-egl.force-enabled" = true;
# enable if grapics card support av1
"media.av1.enabled" = false;
"widget.dmabuf.force-enabled" = true;
# General
"browser.toolbars.bookmarks.visibility" = "never"; # Never show the bookmark toolbar
"intl.accept_languages" = "en-US,en";
"browser.startup.page" = 3; # always resume session on restart
"privacy.clearOnShutdown.history" = false; # persist history pls
"devtools.chrome.enabled" = true; # enable js in the dev console
"browser.tabs.crashReporting.sendReport" = false; # don't send crash reports
"accessibility.typeaheadfind.enablesound" = false; # No sound in search windows pls
"general.autoScroll" = true;
# Privacy
"privacy.donottrackheader.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"privacy.userContext.enabled" = true;
"privacy.userContext.ui.enabled" = true;
# Firefox shall not test option changes on me pls
"app.normandy.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"beacon.enabled" = false;
"device.sensors.enabled" = false;
"geo.enabled" = false;
# enable ech
"network.dns.echconfig.enabled" = true;
#disable all telemetry
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.enabled" = false; # enforced by nixos
"toolkit.telemetry.server" = "";
"toolkit.telemetry.unified" = false;
"extensions.webcompat-reporter.enabled" = false; # don't report compability problems to mozilla
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"browser.ping-centre.telemetry" = false;
"browser.urlbar.eventTelemetry.enabled" = false; # (default)
# no firefox passwd manager
"browser.contentblocking.report.lockwise.enabled" = false;
"browser.uitour.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
# no encrypted media extension pls
"media.eme.enabled" = false;
"browser.eme.ui.enabled" = false;
"browser.urlbar.speculativeConnect.enabled" = false;
"dom.battery.enabled" = false; # no battery for you
};
search = {
force = true;
default = "kagi";
engines = {
"Bing".metaData.hidden = true;
"Amazon.com".metaData.hidden = true;
"Google".metaData.hidden = true;
"kagi" = {
iconUpdateURL = "https://kagi.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # update every day
urls = [
{
template = "https://kagi.com/search";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
};
};
};
};
};
}

View file

@ -0,0 +1,12 @@
{
programs.gpg.publicKeys = [
{
source = ./pubkey.gpg;
trust = 5;
}
{
source = ./newpubkey.gpg;
trust = 5;
}
];
}

View file

@ -1,6 +1,5 @@
{
environment = {
persistence."/state".users.patrick = {
home.persistence."/state" = {
directories = [
"repos"
"Downloads"
@ -13,9 +12,6 @@
".config/Signal"
".config/discord"
# persist sound config
".local/state/wireplumber"
# Folders for steam
".local/share/Steam"
".steam"
@ -30,5 +26,4 @@
".local/share/bottles"
];
};
};
}

View file

@ -19,6 +19,11 @@
inherit identityFile;
};
"gojo" = {
hostname = "10.181.97.217";
user = "root";
inherit identityFile;
};
"patricknix" = {
hostname = "patricknix.local";
user = "root";

39
users/simon/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
pkgs,
lib,
minimal,
config,
...
}:
lib.optionalAttrs (!minimal) {
users.users.simon = {
shell = pkgs.zsh;
isNormalUser = true;
uid = 1000;
createHome = true;
extraGroups = [
"wheel"
"audio"
"video"
"input"
];
group = "simon";
};
users.groups.simon.gid = config.users.users.simon.uid;
home-manager.users.simon = {
imports = [
../common
../common/impermanence.nix
../common/programs/htop.nix
../common/programs/nvim
../common/programs/git.nix
../common/programs/kitty.nix
../common/graphical/wayland
./simon.nix
./impermanence.nix
];
};
}

View file

@ -0,0 +1,9 @@
{
home = {
persistence."/state" = {
directories = [
"Downloads"
];
};
};
}

5
users/simon/simon.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
home.packages = with pkgs; [
discord
];
}