diff --git a/README.md b/README.md index f8655e9..98b8dc2 100644 --- a/README.md +++ b/README.md @@ -1,67 +1,73 @@ -# Meine wundervolle nix config +# Meine wundervolle nix config ❄️ -## Structure +[Structure](./STRUCTURE.md) -- `hosts/` contain nixos configuration for hosts - - `/` configuration for hosts - - `default.nix` Toplevel system definition - - `fs.nix` file system definiton - - `net.nix` network setup - - `secrets/` secrets local to this hosts - - `secrets.nix.age` local secrets usable on deploy - - `host.pub` host public key, needed for rekeying agenix secrets -- `modules/` extra nixos modules and shared configurations - - `secrets.nix` module to enable deploy-time secrets - - `config/` base configuration used on all machines - - `dev/` configuration options enabling developer environment - - `graphical/` configuration for graphical environments - - `hardware/` configuration for hardware components - - `impermanence/` impermanence modules for hosts -- `nix/` additional nix functions - - `devshell.nix` Development shell - - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets - - TODO - - `lib.nix` additional library functions -- `secrets/` global secrets - - `.key.pub` public key handles to decrypt secrets using yubikey - - `recipients.txt` rage recipient file for encrypting secrets - - currently containing both yubikeys and a rage backup key - - `secrets.nix.age` global secrets available at deploy -- `users/` home manager user configuration - - `common/` shared home-manager modules - - `graphical/` configuration for graphical programs - - `programs/` configuration for miscellaneous programs - - `shells/` configuration for shells - - `default.nix` minimal setup for all users - - `interactive.nix` minimal setup for interactive users on a command line - - `graphical.nix` configuration for users utilizing a graphical interface - - `/` configuration for users - - `impermanence.nix` users persistence configuration -- `keys` collection of yubikeys public key parts for decryption -- `img` images, encrypted to not break any copyright by redistribution ## Hosts -- `patricknix` Patricks main laptop -- `desktopnix` Patricks main desktop -- `testienix` old laptop for testing -- `gojo` Simons Laptop +| | Name | Device | Description +---|---|---|--- +💻 | patricknix | HP spectre x360 | Patrick's laptop, mainly used for on the go university +🖥️ | desktopnix | Intel i5-8600K
NVIDIA GeForce GTX 1080
32 GiB RAM | Patrick's desktop, used for most development and gaming +🖥️ | elisabeth | AMD Ryzen 7 5800X
32 GiB RAM | Server running most cloud services +🖥️ | maddy | Hetzner VPS | Static IP server running mail +💻 | gojo | ? |Simons Laptop + +## User Configuration +This showcases my end user setup, which I dailydrive on all my hosts. + +| | Programm | Description +---|---|--- +🐚 Shell | [ZSH](./users/common/shells/zsh/default.nix) & [Starship](./users/common/shells/starfish.nix) | ZSH with FZF autocomplete, starship prompt, sqlite history and histdb-skim for fancy reverse search +🪟 WM | [Sway](./users/common/graphical/wayland/sway.nix) & [i3](./users/common/graphical/Xorg/i3.nix) | Tiling window managers with similar behaviour for wayland and xorg +🖼️ Styling | [Stylix](./modules/graphical/default.nix) | globally consistent styling +📝 Editor | [NeoVim](./users/common/programs/nvim/default.nix) | Extensively configured neovim +🎮 Gaming | [Bottles](./users/common/programs/bottles.nix) & [Steam](./modules/optional/steam.nix) | Pew, Pew and such +🌐 Browser | [Firefox](./users/patrick/firefox.nix) | Heavily configured Firefox to still my privacy and security needs +💻 Terminal | [Kitty](./users/common/programs/kitty.nix) | fast terminal +🎵 Music | [Spotify](./users/common/programs/spicetify.nix) | Fancy looking spotify using spicetify +📫 Mail | [Thunderbird](./users/common/programs/thunderbird.nix) | Best email client there is +🎛️ StreamDeck | [StreamDeck](./users/patrick/streamdeck.nix) | More hotkeys = more better + +## Service Configuration +These are services I've set up + +| | Programm | Description +---|---|--- +💸 Budgeting | [FireflyIII](./config/services/firefly.nix) | Self Hosted budgeting tool +🛡️ AdBlock | [AdGuard Home](./config/services/adguardhome.nix) | DNS Adblocker +🔨 Git | [Forgejo](./config/services/forgejo.nix) | Selfhosted GitHub alternative +📸 Photos | [Immich](./config/services/immich.nix) | Selfhosted Google Photos equivalent +🔒 SSO | [Kanidm](./config/services/kanidm.nix) | Secure single sign on Identity Provider +📧 E-Mail | [Maddy](./config/services/maddy.nix) | All in one mail server +🎧 Communication | [Murmur](./config/services/murmur.nix) | Selfhosted mumble server for secure and always available communication +🌐 VPN | [Netbird](./config/services/netbird.nix) | Easy to use peer to peer VPN solution based on wireguard +🌧️ Cloud | [NextCloud](./config/services/nextcloud.nix) | All in one cloud solution providing online File storage as well as notes, contacts and calendar synchronization +🗄️ Documents | [Paperless](./config/services/paperless.nix) | Machine learnig supported document organizing plattform +📁 NAS | [Samba](./config/services/samba.nix) | Local network shared storage +📰 Feedreader | [freshRSS](./config/services/ttrss.nix) | hosted RSS feed aggregator +🔑 Passwords | [Vaultwarden](./config/services/vaultwarden.nix) | Self hosted bitwarden server +🎵 Music | [Your Spotify](./config/services/yourspotify.nix) | Spotify listening habits analyzer + + +## External dependencies +These are notable external flakes which this config depend upon + +| Name | Usage | +---|--- +[NixVim](https://github.com/nix-community/nixvim) | NeoVim using nix +[MicroVM](https://github.com/astro/microvm.nix) | Declarative VMs +[Disko](https://github.com/nix-community/disko)| disk partitioning +[nixos-generators](https://github.com/nix-community/nixos-generators) | generate installers +[home-manager](https://github.com/nix-community/home-manager) | user config +[agenix](https://github.com/ryantm/agenix) | secret files for nix +[agenix-rekey](https://github.com/oddlama/agenix-rekey) | secret files that are git commitable +[nixos-nftables-firewall](https://github.com/thelegy/nixos-nftables-firewall) | nftables based firewall +[impermanence](https://github.com/nix-community/impermanence) | stateless filesystem +[lanzaboote](https://github.com/nix-community/lanzaboote) | Secure Boot +[stylix](https://github.com/danth/stylix) | theming +[spicetify](https://github.com/the-argus/spicetify-nix) | spotify looking fancy -## Users -- `patrick` my normal everyday unprivileged user -- `root` root user imported by every host -## Flake output structure -- `checks` linting and other checks for this repository - - `pre-commit-check` automatic checks executed as pre-commit hooks -- `nixosHosts` top level configs for hosts -- `nodes` alias to `nixosNodes` -- `devshell` development shell using devshell -- `formatter` nix code formatter -- `hosts` host meta declaration -- `pkgs` nixpkgs -- `packages` additional packages -- `secretsConfig` meta configuration for secrets -- `stateVersion` global stateversion used by nixos and home-manager to determine default config ## How-To @@ -72,8 +78,8 @@ 1. Create and fill `default.nix` 1. Fill `net.nix` 1. Fill `fs.nix` - 2. Don't forget to add necesarry config for filesystems, etc. -3. Generate ISO image with `nix build --print-out-paths --no-link .#images..live-iso` + 2. Don't forget to add necessary config for filesystems, etc. +3. Generate ISO image using `nix build --print-out-paths --no-link .#images..live-iso` - This might take multiple minutes(~10) - Alternatively boot an official nixos image connect with password 3. Copy ISO to usb using dd @@ -85,6 +91,7 @@ 5. Deploy system ### Add secureboot to new systems + 1. generate keys with `sbct create-keys` 1. tar the resulting folder using `tar cvf secureboot.tar -C /etc/secureboot .` 1. Copy the tar to local using scp and encrypt it using rage @@ -104,10 +111,11 @@ 1. Time to reboot and pray ### Add luks encryption TPM keys + `systemd-cryptenroll --tpm2-with-pin={yes/no} --tpm2-device=auto ` -## Deploy +### Deploy from new host If deploying from a host not containing the necessary nix configuration option append ```bash diff --git a/STRUCTURE.md b/STRUCTURE.md new file mode 100644 index 0000000..c786868 --- /dev/null +++ b/STRUCTURE.md @@ -0,0 +1,38 @@ +This file contains a small overview over the contents and structure of this repository, mainly for me to remember where I put my shit. + +- `config/` contains shared nixos configuration + - `basic/` the basic system configuration, this should be applied for all systems + - `system.nix` a far descendant of the original `configuration.nix` + any global configuration should be done here first and later moved to their own file if necessary + - `hardware/` configuration for specific hardware + - `optional/` optionally includable configuration + - `services/` configuration for independent services +- `hosts/` contain nixos configuration for hosts + - `/` configuration for hosts + - `default.nix` Toplevel system definition + - `fs.nix` file system definiton + - `net.nix` network setup + - *`guests.nix`* optional config for guest systems + - `secrets/` secrets local to this hosts + - `secrets.nix.age` local secrets usable while evaluating + - `host.pub` host public key, needed for rekeying agenix secrets +- `keys/` public keys needed for evaluating the system +- `lib/` extra library functions +- `modules/` extra nixos modules +- `modules-hm/` extra home-manager modules +- `nix/` additional nix functions + - `devshell.nix` Development shell + - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets +- `pkgs/` additional packages +- `secrets/` global secrets + - `recipients.txt` rage recipient file for encrypting secrets + - currently containing all yubikeys and a rage backup key + - `secrets.nix.age` global secrets available at deploy +- `users/` home manager user configuration + - `common/` shared home-manager modules + - `graphical/` configuration for graphical programs + - `programs/` configuration for miscellaneous programs + - `shells/` configuration for shells + - `default.nix` minimal setup for all users + - `/` configuration for users + - `impermanence.nix` users persistence configuration diff --git a/modules/config/boot.nix b/config/basic/boot.nix similarity index 100% rename from modules/config/boot.nix rename to config/basic/boot.nix diff --git a/modules/config/default.nix b/config/basic/default.nix similarity index 77% rename from modules/config/default.nix rename to config/basic/default.nix index 9d809e8..4814e0c 100644 --- a/modules/config/default.nix +++ b/config/basic/default.nix @@ -6,36 +6,35 @@ imports = [ ./boot.nix ./home-manager.nix + ./impermanence.nix ./inputrc.nix ./issue.nix ./net.nix + ./nftables.nix ./nix.nix ./ssh.nix ./system.nix ./users.nix ./xdg.nix - ./nftables.nix ../../users/root - ../secrets.nix - ../meta.nix - ../smb-mounts.nix - ../deterministic-ids.nix - ../distributed-config.nix - ../optional/iwd.nix - ./impermanence + ../../modules/deterministic-ids.nix + ../../modules/distributed-config.nix + ../../modules/meta.nix + ../../modules/iwd.nix + ../../modules/secrets.nix + ../../modules/smb-mounts.nix + inputs.agenix-rekey.nixosModules.default + inputs.agenix.nixosModules.default + inputs.disko.nixosModules.disko inputs.home-manager.nixosModules.default inputs.impermanence.nixosModules.impermanence - inputs.agenix.nixosModules.default - inputs.agenix-rekey.nixosModules.default - inputs.disko.nixosModules.disko inputs.lanzaboote.nixosModules.lanzaboote - inputs.nixvim.nixosModules.nixvim inputs.nixos-extra-modules.nixosModules.default - inputs.musnix.nixosModules.musnix inputs.nixos-nftables-firewall.nixosModules.default + inputs.nixvim.nixosModules.nixvim ]; age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"]; boot.mode = lib.mkDefault "efi"; diff --git a/modules/config/home-manager.nix b/config/basic/home-manager.nix similarity index 88% rename from modules/config/home-manager.nix rename to config/basic/home-manager.nix index 9c8a332..6bffaec 100644 --- a/modules/config/home-manager.nix +++ b/config/basic/home-manager.nix @@ -5,7 +5,10 @@ nodes, ... }: { - imports = [./impermanence/users.nix]; + imports = [ + ../../modules-hm/impermanence.nix + ../../modules-hm/images.nix + ]; home-manager = { useGlobalPkgs = true; useUserPackages = true; @@ -22,7 +25,6 @@ inputs.nixos-extra-modules.homeManagerModules.default inputs.nixvim.homeManagerModules.nixvim inputs.spicetify-nix.homeManagerModule - inputs.wired-notify.homeManagerModules.default ]; }; # HM zsh needs this or else the startup order is fucked diff --git a/modules/config/impermanence/default.nix b/config/basic/impermanence.nix similarity index 100% rename from modules/config/impermanence/default.nix rename to config/basic/impermanence.nix diff --git a/modules/config/inputrc.nix b/config/basic/inputrc.nix similarity index 100% rename from modules/config/inputrc.nix rename to config/basic/inputrc.nix diff --git a/modules/config/issue.nix b/config/basic/issue.nix similarity index 54% rename from modules/config/issue.nix rename to config/basic/issue.nix index 9b5eb0c..2b48b08 100644 --- a/modules/config/issue.nix +++ b/config/basic/issue.nix @@ -1,6 +1,6 @@ { environment.etc.issue.text = '' - <<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>> + <<< Welcome to NixOS (\m) - \l >>> ''; users.motd = "Guten Tach"; diff --git a/modules/config/net.nix b/config/basic/net.nix similarity index 100% rename from modules/config/net.nix rename to config/basic/net.nix diff --git a/modules/config/nftables.nix b/config/basic/nftables.nix similarity index 100% rename from modules/config/nftables.nix rename to config/basic/nftables.nix diff --git a/modules/config/nix.nix b/config/basic/nix.nix similarity index 100% rename from modules/config/nix.nix rename to config/basic/nix.nix diff --git a/modules/config/ssh.nix b/config/basic/ssh.nix similarity index 100% rename from modules/config/ssh.nix rename to config/basic/ssh.nix diff --git a/modules/config/system.nix b/config/basic/system.nix similarity index 100% rename from modules/config/system.nix rename to config/basic/system.nix diff --git a/modules/config/users.nix b/config/basic/users.nix similarity index 100% rename from modules/config/users.nix rename to config/basic/users.nix diff --git a/modules/config/xdg.nix b/config/basic/xdg.nix similarity index 100% rename from modules/config/xdg.nix rename to config/basic/xdg.nix diff --git a/modules/hardware/bluetooth.nix b/config/hardware/bluetooth.nix similarity index 100% rename from modules/hardware/bluetooth.nix rename to config/hardware/bluetooth.nix diff --git a/modules/hardware/laptop.nix b/config/hardware/laptop.nix similarity index 100% rename from modules/hardware/laptop.nix rename to config/hardware/laptop.nix diff --git a/modules/hardware/nintendo.nix b/config/hardware/nintendo.nix similarity index 100% rename from modules/hardware/nintendo.nix rename to config/hardware/nintendo.nix diff --git a/modules/hardware/nvidia.nix b/config/hardware/nvidia.nix similarity index 100% rename from modules/hardware/nvidia.nix rename to config/hardware/nvidia.nix diff --git a/modules/hardware/physical.nix b/config/hardware/physical.nix similarity index 100% rename from modules/hardware/physical.nix rename to config/hardware/physical.nix diff --git a/modules/hardware/pipewire.nix b/config/hardware/pipewire.nix similarity index 100% rename from modules/hardware/pipewire.nix rename to config/hardware/pipewire.nix diff --git a/modules/hardware/prime-offload.nix b/config/hardware/prime-offload.nix similarity index 100% rename from modules/hardware/prime-offload.nix rename to config/hardware/prime-offload.nix diff --git a/modules/hardware/yubikey.nix b/config/hardware/yubikey.nix similarity index 100% rename from modules/hardware/yubikey.nix rename to config/hardware/yubikey.nix diff --git a/modules/dev/default.nix b/config/optional/dev.nix similarity index 76% rename from modules/dev/default.nix rename to config/optional/dev.nix index ba4e824..fe94282 100644 --- a/modules/dev/default.nix +++ b/config/optional/dev.nix @@ -5,19 +5,14 @@ ... }: lib.optionalAttrs (!minimal) { - imports = [ - ./docs.nix - ]; environment.systemPackages = with pkgs; [ gnumake pciutils gcc usbutils + man-pages + man-pages-posix ]; - programs.wireshark = { - enable = true; - package = pkgs.wireshark; - }; services.nixseparatedebuginfod.enable = true; environment = { @@ -28,4 +23,9 @@ lib.optionalAttrs (!minimal) { umask 077 ''; }; + documentation = { + dev.enable = true; + man.enable = true; + info.enable = false; + }; } diff --git a/config/optional/graphical.nix b/config/optional/graphical.nix new file mode 100644 index 0000000..61ee458 --- /dev/null +++ b/config/optional/graphical.nix @@ -0,0 +1,228 @@ +{ + config, + inputs, + pkgs, + lib, + ... +}: let + inherit + (lib) + mkOption + types + ; +in { + options.hidpi = mkOption { + default = false; + type = types.bool; + description = "Enable HighDPI configuration for this host and all installed users"; + }; + + # stylix acceses stylix options on import meaning you can only import this module when you're actually setting stylix options + imports = [ + inputs.stylix.nixosModules.stylix + ]; + + config = { + environment.systemPackages = with pkgs; [ + xdg-utils + ]; + xdg.portal = { + xdgOpenUsePortal = true; + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + ]; + config = { + common.default = [ + "gtk" + ]; + sway.default = [ + "wlr" + ]; + }; + }; + # needed for gnome pinentry + services.dbus.packages = [pkgs.gcr]; + fonts = { + enableGhostscriptFonts = false; + fontDir.enable = false; + fontconfig = { + localConf = '' + + + + + monospace + + emoji + + + + sans-serif + + emoji + + + + serif + + emoji + + + + ''; + }; + packages = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode"];}) + ibm-plex + dejavu_fonts + unifont + freefont_ttf + gyre-fonts # TrueType substitutes for standard PostScript fonts + liberation_ttf + noto-fonts + noto-fonts-cjk-sans + noto-fonts-cjk-serif + noto-fonts-emoji + noto-fonts-extra + ]; + }; + stylix.fonts = { + serif = { + package = pkgs.dejavu_fonts; + name = "IBM Plex Serif"; + }; + + sansSerif = { + package = pkgs.dejavu_fonts; + name = "IBM Plex Sans"; + }; + + monospace = { + # No need for patched nerd fonts, kitty can pick up on them automatically, + # and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font + package = pkgs.jetbrains-mono; + name = "JetBrains Mono"; + }; + + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + stylix = { + autoEnable = false; + polarity = "dark"; + image = config.lib.stylix.pixel "base00"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml"; + # Has to be green + override.base0B = "#00CC99"; + #base16Scheme = { + # base00 = "#101419"; + # base01 = "#171B20"; + # base02 = "#21262e"; + # base03 = "#242931"; + # base04 = "#485263"; + # base05 = "#b6beca"; + # base06 = "#dee1e6"; + # base07 = "#e3e6eb"; + # base08 = "#e05f65"; + # base09 = "#f9a872"; + # base0A = "#f1cf8a"; + # base0B = "#78dba9"; + # base0C = "#74bee9"; + # base0D = "#70a5eb"; + # base0E = "#c68aee"; + # base0F = "#9378de"; + #}; + ## based on decaycs-dark, bright variant + #base16Scheme = { + # base00 = "#101419"; + # base01 = "#171B20"; + # base02 = "#21262e"; + # base03 = "#242931"; + # base04 = "#485263"; + # base05 = "#b6beca"; + # base06 = "#dee1e6"; + # base07 = "#e3e6eb"; + # base08 = "#e5646a"; + # base09 = "#f7b77c"; + # base0A = "#f6d48f"; + # base0B = "#94F7C5"; + # base0C = "#79c3ee"; + # base0D = "#75aaf0"; + # base0E = "#cb8ff3"; + # base0F = "#9d85e1"; + #}; + }; + + home-manager.sharedModules = [ + ({ + pkgs, + config, + nixosConfig, + ... + }: { + stylix = { + cursor = { + package = pkgs.openzone-cursors; + name = "OpenZone_White_Slim"; + size = + if nixosConfig.hidpi + then 48 + else 18; + }; + inherit (nixosConfig.stylix) polarity; + targets = { + gtk.enable = true; + bat.enable = true; + dunst.enable = true; + zathura.enable = true; + xresources.enable = true; + }; + }; + + xresources.properties = { + "Xft.hinting" = true; + "Xft.antialias" = true; + "Xft.autohint" = false; + "Xft.lcdfilter" = "lcddefault"; + "Xft.hintstyle" = "hintfull"; + "Xft.rgba" = "rgb"; + }; + + gtk = let + gtk34extraConfig = { + gtk-application-prefer-dark-theme = 1; + gtk-cursor-theme-size = 18; + gtk-enable-animations = true; + gtk-xft-antialias = 1; + gtk-xft-dpi = 96; # XXX: delete for wayland? + gtk-xft-hinting = 1; + gtk-xft-hintstyle = "hintfull"; + gtk-xft-rgba = "rgb"; + }; + in { + enable = true; + iconTheme = { + name = "Vimix-Doder"; + package = pkgs.vimix-icon-theme; + }; + + gtk2.extraConfig = "gtk-application-prefer-dark-theme = true"; + gtk3.extraConfig = gtk34extraConfig; + gtk4.extraConfig = gtk34extraConfig; + }; + + home.sessionVariables.GTK_THEME = config.gtk.theme.name; + + qt = { + enable = true; + platformTheme = "gnome"; + style.name = "Adwaita-Dark"; + }; + }) + ]; + }; +} diff --git a/modules/optional/initrd-ssh.nix b/config/optional/initrd-ssh.nix similarity index 100% rename from modules/optional/initrd-ssh.nix rename to config/optional/initrd-ssh.nix diff --git a/modules/optional/printing.nix b/config/optional/printing.nix similarity index 100% rename from modules/optional/printing.nix rename to config/optional/printing.nix diff --git a/modules/optional/secureboot.nix b/config/optional/secureboot.nix similarity index 100% rename from modules/optional/secureboot.nix rename to config/optional/secureboot.nix diff --git a/modules/optional/steam.nix b/config/optional/steam.nix similarity index 100% rename from modules/optional/steam.nix rename to config/optional/steam.nix diff --git a/modules/optional/wayland.nix b/config/optional/wayland.nix similarity index 100% rename from modules/optional/wayland.nix rename to config/optional/wayland.nix diff --git a/modules/optional/xserver.nix b/config/optional/xserver.nix similarity index 100% rename from modules/optional/xserver.nix rename to config/optional/xserver.nix diff --git a/modules/hardware/zfs.nix b/config/optional/zfs.nix similarity index 100% rename from modules/hardware/zfs.nix rename to config/optional/zfs.nix diff --git a/modules/services/actual.nix b/config/services/actual.nix similarity index 100% rename from modules/services/actual.nix rename to config/services/actual.nix diff --git a/modules/services/adguardhome.nix b/config/services/adguardhome.nix similarity index 100% rename from modules/services/adguardhome.nix rename to config/services/adguardhome.nix diff --git a/modules/services/ddclient.nix b/config/services/ddclient.nix similarity index 100% rename from modules/services/ddclient.nix rename to config/services/ddclient.nix diff --git a/modules/services/firefly.nix b/config/services/firefly.nix similarity index 94% rename from modules/services/firefly.nix rename to config/services/firefly.nix index 02ca260..9d27365 100644 --- a/modules/services/firefly.nix +++ b/config/services/firefly.nix @@ -3,7 +3,7 @@ lib, ... }: { - imports = [../fireflyIII.nix]; + imports = [../../modules/fireflyIII.nix]; wireguard.elisabeth = { client.via = "elisabeth"; diff --git a/modules/services/forgejo.nix b/config/services/forgejo.nix similarity index 100% rename from modules/services/forgejo.nix rename to config/services/forgejo.nix diff --git a/modules/services/immich.nix b/config/services/immich.nix similarity index 100% rename from modules/services/immich.nix rename to config/services/immich.nix diff --git a/modules/services/kanidm.nix b/config/services/kanidm.nix similarity index 99% rename from modules/services/kanidm.nix rename to config/services/kanidm.nix index 1bbe790..ef5c199 100644 --- a/modules/services/kanidm.nix +++ b/config/services/kanidm.nix @@ -1,7 +1,7 @@ {config, ...}: let kanidmdomain = "auth.${config.secrets.secrets.global.domains.web}"; in { - imports = [../kanidm.nix]; + imports = [../../modules/kanidm.nix]; wireguard.elisabeth = { client.via = "elisabeth"; firewallRuleForNode.elisabeth.allowedTCPPorts = [3000]; diff --git a/modules/services/maddy.nix b/config/services/maddy.nix similarity index 100% rename from modules/services/maddy.nix rename to config/services/maddy.nix diff --git a/modules/services/murmur.nix b/config/services/murmur.nix similarity index 100% rename from modules/services/murmur.nix rename to config/services/murmur.nix diff --git a/modules/services/netbird.nix b/config/services/netbird.nix similarity index 93% rename from modules/services/netbird.nix rename to config/services/netbird.nix index 4329ba8..3562b8e 100644 --- a/modules/services/netbird.nix +++ b/config/services/netbird.nix @@ -1,7 +1,7 @@ {config, ...}: { imports = [ - ../netbird-server.nix - ../netbird-dashboard.nix + ../../modules/netbird-server.nix + ../../modules/netbird-dashboard.nix ]; wireguard.elisabeth = { client.via = "elisabeth"; diff --git a/modules/services/nextcloud.nix b/config/services/nextcloud.nix similarity index 100% rename from modules/services/nextcloud.nix rename to config/services/nextcloud.nix diff --git a/modules/services/oauth2-proxy.nix b/config/services/oauth2-proxy.nix similarity index 100% rename from modules/services/oauth2-proxy.nix rename to config/services/oauth2-proxy.nix diff --git a/modules/services/ollama.nix b/config/services/ollama.nix similarity index 100% rename from modules/services/ollama.nix rename to config/services/ollama.nix diff --git a/modules/services/paperless.nix b/config/services/paperless.nix similarity index 100% rename from modules/services/paperless.nix rename to config/services/paperless.nix diff --git a/modules/services/radicale.nix b/config/services/radicale.nix similarity index 100% rename from modules/services/radicale.nix rename to config/services/radicale.nix diff --git a/modules/services/samba.nix b/config/services/samba.nix similarity index 98% rename from modules/services/samba.nix rename to config/services/samba.nix index d35987d..c08080e 100644 --- a/modules/services/samba.nix +++ b/config/services/samba.nix @@ -10,7 +10,7 @@ disabledModules = ["services/networking/netbird.nix"]; - imports = [../netbird-client.nix]; + imports = [../../modules/netbird-client.nix]; services.netbird.tunnels = { netbird-samba = { environment = { @@ -214,7 +214,7 @@ # to get this file start a smbd, add users using 'smbpasswd -a ' # then export the database using 'pdbedit -e tdbsam:' age.secrets.smbpassdb = { - rekeyFile = ../../secrets/smbpassdb.tdb.age; + rekeyFile = config.node.secretsDir + "/smbpassdb.tdb.age"; }; users = let users = lib.unique (lib.mapAttrsToList (_: val: val."force user") config.services.samba.shares); diff --git a/modules/services/ttrss.nix b/config/services/ttrss.nix similarity index 100% rename from modules/services/ttrss.nix rename to config/services/ttrss.nix diff --git a/modules/services/vaultwarden.nix b/config/services/vaultwarden.nix similarity index 100% rename from modules/services/vaultwarden.nix rename to config/services/vaultwarden.nix diff --git a/modules/services/yourspotify.nix b/config/services/yourspotify.nix similarity index 95% rename from modules/services/yourspotify.nix rename to config/services/yourspotify.nix index dea2c77..914e350 100644 --- a/modules/services/yourspotify.nix +++ b/config/services/yourspotify.nix @@ -7,7 +7,7 @@ client.via = "elisabeth"; firewallRuleForNode.elisabeth.allowedTCPPorts = [3000 80]; }; - imports = [./your_spotify_m.nix]; + imports = [../../modules/your_spotify.nix]; age.secrets.spotifySecret = { owner = "root"; mode = "440"; diff --git a/flake.lock b/flake.lock index b130b97..3deef48 100644 --- a/flake.lock +++ b/flake.lock @@ -569,24 +569,6 @@ "type": "github" } }, - "flake-parts_4": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -733,24 +715,6 @@ "type": "github" } }, - "flake-utils_9": { - "inputs": { - "systems": "systems_12" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -1053,26 +1017,6 @@ "type": "github" } }, - "musnix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712254133, - "narHash": "sha256-fwuWrAprqoA4fUrkZGVb6PjRpebm5xjNsyoaw+JVSyY=", - "owner": "musnix", - "repo": "musnix", - "rev": "b5bcdce137b00185dce5fa578739cd52770b8794", - "type": "github" - }, - "original": { - "owner": "musnix", - "repo": "musnix", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -1284,24 +1228,6 @@ "type": "github" } }, - "nixpkgs-lib_2": { - "locked": { - "dir": "lib", - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1685801374, @@ -1437,22 +1363,6 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1706487304, - "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "devshell": "devshell_4", @@ -1631,7 +1541,6 @@ "impermanence": "impermanence", "lanzaboote": "lanzaboote", "microvm": "microvm", - "musnix": "musnix", "nix-index-database": "nix-index-database", "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", @@ -1644,7 +1553,7 @@ "spicetify-nix": "spicetify-nix", "stylix": "stylix", "systems": "systems_11", - "wired-notify": "wired-notify" + "templates": "templates" } }, "rust-overlay": { @@ -1672,25 +1581,6 @@ "type": "github" } }, - "rust-overlay_2": { - "inputs": { - "flake-utils": "flake-utils_9", - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1711764554, - "narHash": "sha256-I2/x/jFd7MAuIi3+kncIF0zJwhkFzxpi5XFdT2RLOF8=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "7cf3d11d06dcd12fb62ca2c039f3c5e25b53c5a7", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "spectrum": { "flake": false, "locked": { @@ -1801,21 +1691,6 @@ "type": "github" } }, - "systems_12": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1936,6 +1811,21 @@ "type": "github" } }, + "templates": { + "locked": { + "lastModified": 1696855554, + "narHash": "sha256-9VYXESOCqGGZ8HHl4LN51k+74Kf5Nf9czoqqIN7IEo0=", + "ref": "refs/heads/main", + "rev": "a6c35c2af9f26599e81002630329054b99efbe79", + "revCount": 11, + "type": "git", + "url": "https://git.lel.lol/patrick/nix-templates.git" + }, + "original": { + "type": "git", + "url": "https://git.lel.lol/patrick/nix-templates.git" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1957,28 +1847,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "wired-notify": { - "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1711861273, - "narHash": "sha256-VuPSgDhK2zNtOZlpEXKBnMqSd9SkeC4ZQDDuX/swiDg=", - "owner": "Toqozz", - "repo": "wired-notify", - "rev": "54bae8ac6154e52215c4c0f7d25fb5e735b9179e", - "type": "github" - }, - "original": { - "owner": "Toqozz", - "repo": "wired-notify", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f19be25..069aa99 100644 --- a/flake.nix +++ b/flake.nix @@ -60,17 +60,13 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; - musnix = { - url = "github:musnix/musnix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-nftables-firewall = { url = "github:thelegy/nixos-nftables-firewall"; inputs.nixpkgs.follows = "nixpkgs"; }; - #templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; + templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; impermanence.url = "github:nix-community/impermanence"; @@ -80,6 +76,7 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; @@ -87,17 +84,11 @@ lanzaboote = { url = "github:nix-community/lanzaboote/v0.3.0"; - inputs.nixpkgs.follows = "nixpkgs"; }; stylix.url = "github:danth/stylix"; - wired-notify = { - url = "github:Toqozz/wired-notify"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - spicetify-nix.url = "github:the-argus/spicetify-nix"; nixvim = { @@ -114,7 +105,6 @@ nixos-generators, pre-commit-hooks, devshell, - wired-notify, nixvim, nixos-extra-modules, ... @@ -166,7 +156,6 @@ nixos-extra-modules.overlays.default devshell.overlays.default agenix-rekey.overlays.default - wired-notify.overlays.default nixvim.overlays.default ]; inherit system; @@ -177,7 +166,7 @@ inherit pkgs; modules = [ ./nix/installer-configuration.nix - ./modules/config/ssh.nix + ./config/basic/ssh.nix ]; format = { diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index 334e314..341b24c 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -11,24 +11,24 @@ inputs.nixos-hardware.nixosModules.common-pc-hdd inputs.nixos-hardware.nixosModules.common-pc-ssd - ../../modules/config - ../../modules/dev - ../../modules/graphical + ../../config/basic - ../../modules/optional/xserver.nix - ../../modules/optional/secureboot.nix + ../../config/hardware/bluetooth.nix + ../../config/hardware/nintendo.nix + ../../config/hardware/nvidia.nix + ../../config/hardware/physical.nix + ../../config/hardware/pipewire.nix + ../../config/hardware/yubikey.nix - ../../modules/hardware/nintendo.nix - ../../modules/hardware/nvidia.nix - ../../modules/hardware/physical.nix - ../../modules/hardware/pipewire.nix - ../../modules/hardware/yubikey.nix - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/zfs.nix + ../../config/optional/dev.nix + ../../config/optional/graphical.nix + ../../config/optional/printing.nix + ../../config/optional/secureboot.nix + ../../config/optional/steam.nix + ../../config/optional/xserver.nix + ../../config/optional/zfs.nix - ../../modules/optional/streamdeck.nix - ../../modules/optional/steam.nix - ../../modules/optional/printing.nix + ../../modules-hm/streamdeck.nix ./net.nix ./fs.nix diff --git a/hosts/elisabeth/default.nix b/hosts/elisabeth/default.nix index b1048cf..2392793 100644 --- a/hosts/elisabeth/default.nix +++ b/hosts/elisabeth/default.nix @@ -12,12 +12,13 @@ inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate - ../../modules/config - ../../modules/optional/initrd-ssh.nix - ../../modules/optional/secureboot.nix + ../../config/basic - ../../modules/hardware/physical.nix - ../../modules/hardware/zfs.nix + ../../config/optional/initrd-ssh.nix + ../../config/optional/secureboot.nix + ../../config/optional/zfs.nix + + ../../config/hardware/physical.nix ./net.nix ./fs.nix diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index 00ee36c..0e9c5f5 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -213,8 +213,8 @@ in { dataset = "bunker/shared/paperless"; }; modules = [ - ../../modules/config - ../../modules/services/${guestName}.nix + ../../config/basic + ../../config/services/${guestName}.nix { node.secretsDir = config.node.secretsDir + "/${guestName}"; networking.nftables.firewall.zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName]; diff --git a/secrets/smbpassdb.tdb.age b/hosts/elisabeth/secrets/samba/smbpassdb.tdb.age similarity index 100% rename from secrets/smbpassdb.tdb.age rename to hosts/elisabeth/secrets/samba/smbpassdb.tdb.age diff --git a/hosts/gojo/default.nix b/hosts/gojo/default.nix index 08c8907..3686af1 100644 --- a/hosts/gojo/default.nix +++ b/hosts/gojo/default.nix @@ -9,20 +9,17 @@ inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd - ../../modules/config - ../../modules/dev - ../../modules/graphical - - ../../modules/optional/wayland.nix - ../../modules/optional/xserver.nix - ../../modules/optional/printing.nix - - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/laptop.nix - ../../modules/hardware/physical.nix - ../../modules/hardware/pipewire.nix - ../../modules/hardware/yubikey.nix - ../../modules/hardware/zfs.nix + ../../config/basic + ../../config/optional/dev.nix + ../../config/optional/graphical.nix + ../../config/optional/wayland.nix + ../../config/optional/xserver.nix + ../../config/optional/printing.nix + ../../config/hardware/bluetooth.nix + ../../config/hardware/laptop.nix + ../../config/hardware/physical.nix + ../../config/hardware/pipewire.nix + ../../config/hardware/yubikey.nix ./net.nix ./fs.nix diff --git a/hosts/maddy/default.nix b/hosts/maddy/default.nix index 711c119..cc51a16 100644 --- a/hosts/maddy/default.nix +++ b/hosts/maddy/default.nix @@ -1,21 +1,13 @@ { - lib, - minimal, - ... -}: { - imports = - [ - ../../modules/config - ../../modules/optional/initrd-ssh.nix - ../../modules/services/maddy.nix + imports = [ + ../../config/basic + ../../config/optional/initrd-ssh.nix + ../../config/services/maddy.nix + ../../config/optional/zfs.nix - ../../modules/hardware/zfs.nix - - ./net.nix - ./fs.nix - ] - ++ lib.lists.optionals (!minimal) [ - ]; + ./net.nix + ./fs.nix + ]; services.xserver = { layout = "de"; xkbVariant = "bone"; diff --git a/hosts/patricknix/default.nix b/hosts/patricknix/default.nix index 016db8a..84aba89 100644 --- a/hosts/patricknix/default.nix +++ b/hosts/patricknix/default.nix @@ -9,24 +9,23 @@ inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd - ../../modules/config - ../../modules/dev - ../../modules/graphical + ../../config/basic - ../../modules/optional/wayland.nix - ../../modules/optional/secureboot.nix - ../../modules/optional/printing.nix + ../../config/hardware/bluetooth.nix + ../../config/hardware/laptop.nix + ../../config/hardware/nvidia.nix + ../../config/hardware/physical.nix + ../../config/hardware/pipewire.nix + ../../config/hardware/prime-offload.nix + ../../config/hardware/yubikey.nix - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/laptop.nix - ../../modules/hardware/nvidia.nix - ../../modules/hardware/physical.nix - ../../modules/hardware/pipewire.nix - ../../modules/hardware/yubikey.nix - ../../modules/hardware/zfs.nix - - ../../modules/hardware/prime-offload.nix - ../../modules/optional/steam.nix + ../../config/optional/dev.nix + ../../config/optional/graphical.nix + ../../config/optional/printing.nix + ../../config/optional/secureboot.nix + ../../config/optional/steam.nix + ../../config/optional/wayland.nix + ../../config/optional/zfs.nix ./net.nix ./fs.nix diff --git a/modules-hm/images.nix b/modules-hm/images.nix new file mode 100644 index 0000000..a8d2f01 --- /dev/null +++ b/modules-hm/images.nix @@ -0,0 +1,67 @@ +{ + lib, + config, + ... +}: let + inherit + (lib) + mkEnableOption + mkMerge + attrNames + flip + filterAttrs + mkIf + mkOption + types + removeSuffix + hasPrefix + mapAttrs' + listToAttrs + ; +in { + home-manager.sharedModules = [ + { + options.images = { + enable = mkEnableOption "Enable images"; + images = mkOption { + type = types.attrsOf types.path; + readOnly = true; + default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) ( + name: value: { + inherit (value) name; + value = value.path; + } + ); + }; + }; + } + ]; + + imports = [ + ( + {config, ...}: { + age.secrets = mkMerge ( + flip map + (attrNames config.home-manager.users) + ( + user: + mkIf config.home-manager.users.${user}.images.enable ( + listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../secrets/img))) + ( + file: { + name = "images-${user}-${file}"; + value = { + name = removeSuffix ".age" file; + rekeyFile = ../secrets/img/${file}; + owner = user; + group = user; + }; + } + )) + ) + ) + ); + } + ) + ]; +} diff --git a/modules/config/impermanence/users.nix b/modules-hm/impermanence.nix similarity index 99% rename from modules/config/impermanence/users.nix rename to modules-hm/impermanence.nix index 8dbb34c..cfff0cc 100644 --- a/modules/config/impermanence/users.nix +++ b/modules-hm/impermanence.nix @@ -10,10 +10,8 @@ attrNames mkOption types - hasAttr mkMerge isAttrs - mkIf ; in { # Expose a home manager module for each user that allows extending diff --git a/modules/optional/streamdeck.nix b/modules-hm/streamdeck.nix similarity index 100% rename from modules/optional/streamdeck.nix rename to modules-hm/streamdeck.nix diff --git a/modules/config/usbguard.nix b/modules/config/usbguard.nix deleted file mode 100644 index b07f5bb..0000000 --- a/modules/config/usbguard.nix +++ /dev/null @@ -1,7 +0,0 @@ -{config, ...}: { - age.secrets.usbguard.rekeyFile = ../../secrets/usbguard.rules.age; - services.usbguard = { - ruleFile = config.age.secrets.usbguard.path; - #enable = true; - }; -} diff --git a/modules/dev/docs.nix b/modules/dev/docs.nix deleted file mode 100644 index d9f3aa2..0000000 --- a/modules/dev/docs.nix +++ /dev/null @@ -1,11 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - man-pages - man-pages-posix - ]; - documentation = { - dev.enable = true; - man.enable = true; - info.enable = false; - }; -} diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix deleted file mode 100644 index e5e9904..0000000 --- a/modules/graphical/default.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ - inputs, - config, - pkgs, - lib, - ... -}: let - inherit - (lib) - mkOption - types - ; -in { - options.hidpi = mkOption { - default = false; - type = types.bool; - description = "Enable HighDPI configuration for this host and all installed users"; - }; - imports = [ - inputs.stylix.nixosModules.stylix - ./fonts.nix - ./images.nix - ]; - - config = { - environment.systemPackages = with pkgs; [ - xdg-utils - ]; - xdg.portal = { - xdgOpenUsePortal = true; - enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk - ]; - config = { - common.default = [ - "gtk" - ]; - sway.default = [ - "wlr" - ]; - }; - }; - # needed for gnome pinentry - services.dbus.packages = [pkgs.gcr]; - stylix = { - autoEnable = false; - polarity = "dark"; - image = config.lib.stylix.pixel "base00"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml"; - # Has to be green - override.base0B = "#00CC99"; - #base16Scheme = { - # base00 = "#101419"; - # base01 = "#171B20"; - # base02 = "#21262e"; - # base03 = "#242931"; - # base04 = "#485263"; - # base05 = "#b6beca"; - # base06 = "#dee1e6"; - # base07 = "#e3e6eb"; - # base08 = "#e05f65"; - # base09 = "#f9a872"; - # base0A = "#f1cf8a"; - # base0B = "#78dba9"; - # base0C = "#74bee9"; - # base0D = "#70a5eb"; - # base0E = "#c68aee"; - # base0F = "#9378de"; - #}; - ## based on decaycs-dark, bright variant - #base16Scheme = { - # base00 = "#101419"; - # base01 = "#171B20"; - # base02 = "#21262e"; - # base03 = "#242931"; - # base04 = "#485263"; - # base05 = "#b6beca"; - # base06 = "#dee1e6"; - # base07 = "#e3e6eb"; - # base08 = "#e5646a"; - # base09 = "#f7b77c"; - # base0A = "#f6d48f"; - # base0B = "#94F7C5"; - # base0C = "#79c3ee"; - # base0D = "#75aaf0"; - # base0E = "#cb8ff3"; - # base0F = "#9d85e1"; - #}; - }; - }; -} diff --git a/modules/graphical/fonts.nix b/modules/graphical/fonts.nix deleted file mode 100644 index 8390040..0000000 --- a/modules/graphical/fonts.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ - pkgs, - minimal, - lib, - ... -}: -lib.optionalAttrs (!minimal) { - fonts = { - enableGhostscriptFonts = false; - fontDir.enable = false; - fontconfig = { - localConf = '' - - - - - monospace - - emoji - - - - sans-serif - - emoji - - - - serif - - emoji - - - - ''; - }; - packages = with pkgs; [ - (nerdfonts.override {fonts = ["FiraCode"];}) - ibm-plex - dejavu_fonts - unifont - freefont_ttf - gyre-fonts # TrueType substitutes for standard PostScript fonts - liberation_ttf - noto-fonts - noto-fonts-cjk-sans - noto-fonts-cjk-serif - noto-fonts-emoji - noto-fonts-extra - ]; - }; - stylix.fonts = { - serif = { - package = pkgs.dejavu_fonts; - name = "IBM Plex Serif"; - }; - - sansSerif = { - package = pkgs.dejavu_fonts; - name = "IBM Plex Sans"; - }; - - monospace = { - # No need for patched nerd fonts, kitty can pick up on them automatically, - # and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font - package = pkgs.jetbrains-mono; - name = "JetBrains Mono"; - }; - - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; -} diff --git a/modules/graphical/images.nix b/modules/graphical/images.nix deleted file mode 100644 index d530246..0000000 --- a/modules/graphical/images.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - ... -}: let - inherit - (lib) - mkEnableOption - mkMerge - attrNames - flip - filterAttrs - mkIf - mkOption - types - removeSuffix - hasPrefix - mapAttrs' - listToAttrs - ; -in { - home-manager.sharedModules = [ - { - options.images = { - enable = mkEnableOption "Enable images"; - images = mkOption { - type = types.attrsOf types.path; - readOnly = true; - default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) ( - name: value: { - inherit (value) name; - value = value.path; - } - ); - }; - }; - } - ]; - - imports = [ - { - age.secrets = mkMerge ( - flip map - (attrNames config.home-manager.users) - ( - user: - mkIf config.home-manager.users.${user}.images.enable ( - listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../../img))) - ( - file: { - name = "images-${user}-${file}"; - value = { - name = removeSuffix ".age" file; - rekeyFile = ../../img/${file}; - owner = user; - group = user; - }; - } - )) - ) - ) - ); - } - ]; -} diff --git a/modules/optional/iwd.nix b/modules/iwd.nix similarity index 100% rename from modules/optional/iwd.nix rename to modules/iwd.nix diff --git a/modules/services/your_spotify_m.nix b/modules/your_spotify.nix similarity index 100% rename from modules/services/your_spotify_m.nix rename to modules/your_spotify.nix diff --git a/img/back.png.age b/secrets/img/back.png.age similarity index 100% rename from img/back.png.age rename to secrets/img/back.png.age diff --git a/img/heads.png.age b/secrets/img/heads.png.age similarity index 100% rename from img/heads.png.age rename to secrets/img/heads.png.age diff --git a/img/mic.png.age b/secrets/img/mic.png.age similarity index 100% rename from img/mic.png.age rename to secrets/img/mic.png.age diff --git a/img/player.png.age b/secrets/img/player.png.age similarity index 100% rename from img/player.png.age rename to secrets/img/player.png.age diff --git a/img/qr.png.age b/secrets/img/qr.png.age similarity index 100% rename from img/qr.png.age rename to secrets/img/qr.png.age diff --git a/img/screenshot.png.age b/secrets/img/screenshot.png.age similarity index 100% rename from img/screenshot.png.age rename to secrets/img/screenshot.png.age diff --git a/img/wallpaper.png.age b/secrets/img/wallpaper.png.age similarity index 100% rename from img/wallpaper.png.age rename to secrets/img/wallpaper.png.age diff --git a/secrets/usbguard.rules.age b/secrets/usbguard.rules.age deleted file mode 100644 index c348ff0..0000000 Binary files a/secrets/usbguard.rules.age and /dev/null differ diff --git a/users/common/graphical/Xorg/i3.nix b/users/common/graphical/Xorg/i3.nix index 2e84091..d4dcc39 100644 --- a/users/common/graphical/Xorg/i3.nix +++ b/users/common/graphical/Xorg/i3.nix @@ -7,7 +7,6 @@ # import shared sway config imports = [../sway3.nix]; systemd.user.services = { - wired.Install.WantedBy = lib.mkForce ["i3-session.target"]; flameshot.Install.WantedBy = lib.mkForce ["i3-session.target"]; }; stylix.targets.i3.enable = true; diff --git a/users/common/graphical/default.nix b/users/common/graphical/default.nix index 97c3d1b..ffdc0b3 100644 --- a/users/common/graphical/default.nix +++ b/users/common/graphical/default.nix @@ -3,11 +3,6 @@ config, ... }: { - imports = [ - #./deadd - ./themes.nix - #./wired-notify.nix - ]; home = { packages = with pkgs; [ zathura diff --git a/users/common/graphical/themes.nix b/users/common/graphical/themes.nix deleted file mode 100644 index 6d0cbe3..0000000 --- a/users/common/graphical/themes.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - pkgs, - config, - nixosConfig, - ... -}: { - stylix = { - cursor = { - package = pkgs.openzone-cursors; - name = "OpenZone_White_Slim"; - size = - if nixosConfig.hidpi - then 48 - else 18; - }; - inherit (nixosConfig.stylix) polarity; - targets = { - gtk.enable = true; - bat.enable = true; - dunst.enable = true; - zathura.enable = true; - xresources.enable = true; - }; - }; - - xresources.properties = { - "Xft.hinting" = true; - "Xft.antialias" = true; - "Xft.autohint" = false; - "Xft.lcdfilter" = "lcddefault"; - "Xft.hintstyle" = "hintfull"; - "Xft.rgba" = "rgb"; - }; - - gtk = let - gtk34extraConfig = { - gtk-application-prefer-dark-theme = 1; - gtk-cursor-theme-size = 18; - gtk-enable-animations = true; - gtk-xft-antialias = 1; - gtk-xft-dpi = 96; # XXX: delete for wayland? - gtk-xft-hinting = 1; - gtk-xft-hintstyle = "hintfull"; - gtk-xft-rgba = "rgb"; - }; - in { - enable = true; - iconTheme = { - name = "Vimix-Doder"; - package = pkgs.vimix-icon-theme; - }; - - gtk2.extraConfig = "gtk-application-prefer-dark-theme = true"; - gtk3.extraConfig = gtk34extraConfig; - gtk4.extraConfig = gtk34extraConfig; - }; - - home.sessionVariables.GTK_THEME = config.gtk.theme.name; - - qt = { - enable = true; - platformTheme = "gnome"; - style.name = "Adwaita-Dark"; - }; -} diff --git a/users/common/programs/email.nix b/users/common/programs/email.nix deleted file mode 100644 index 3b235e5..0000000 --- a/users/common/programs/email.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - accounts.email.accounts = { - "1" = { - address = ""; - }; - }; -} diff --git a/users/common/programs/git.nix b/users/common/programs/git.nix index be6336f..d6d05f4 100644 --- a/users/common/programs/git.nix +++ b/users/common/programs/git.nix @@ -1,7 +1,4 @@ {pkgs, ...}: { - home.shellAliases = { - commit-reuse-message = ''git commit -v -S --edit --file "$(git rev-parse --git-dir)"/COMMIT_EDITMSG''; - }; programs.git = { enable = true; difftastic.enable = true; @@ -12,6 +9,8 @@ a = "add"; p = "push"; rebase = "rebase --gpg-sign"; + fixup = ''!f() { TARGET=$(git rev-parse "$1"); git commit --fixup=$TARGET ''${@:2} && EDITOR=true git rebase -i --gpg-sign --autostash --autosquash $TARGET^; }; f''; + crm = ''!git commit -v -S --edit --file "$(git rev-parse --git-dir)"/COMMIT_EDITMSG''; }; extraConfig = { core.pager = "${pkgs.delta}/bin/delta"; diff --git a/users/common/programs/kitty.nix b/users/common/programs/kitty.nix index 737b376..08fe540 100644 --- a/users/common/programs/kitty.nix +++ b/users/common/programs/kitty.nix @@ -56,8 +56,8 @@ "ctrl+shift+," = "change_font_size all +2.0"; }; extraConfig = lib.mkAfter '' - # Use nvim as scrollback pager - scrollback_pager nvim -u NONE -c "set nonumber nolist showtabline=0 foldcolumn=0 laststatus=0" -c "autocmd TermOpen * normal G" -c "silent write! /tmp/kitty_scrollback_buffer | te head -c-1 /tmp/kitty_scrollback_buffer; rm /tmp/kitty_scrollback_buffer; cat" + # Use nvim as scrollback pager + scrollback_pager nvim -u NONE -c "set nonumber nolist showtabline=0 foldcolumn=0 laststatus=0" -c "autocmd TermOpen * normal G" -c "silent write! /tmp/kitty_scrollback_buffer | te head -c-1 /tmp/kitty_scrollback_buffer; rm /tmp/kitty_scrollback_buffer; cat" background #000000 ''; }; diff --git a/users/common/programs/openttd.nix b/users/common/programs/openttd.nix deleted file mode 100644 index 69daf21..0000000 --- a/users/common/programs/openttd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{pkgs, ...}: { - home.persistence."/persist".directories = [ - ".local/share/openttd" - ]; - - home.packages = [ - pkgs.openttd - ]; -} diff --git a/users/patrick/default.nix b/users/patrick/default.nix index 0dc7073..a749531 100644 --- a/users/patrick/default.nix +++ b/users/patrick/default.nix @@ -68,7 +68,6 @@ lib.optionalAttrs (!minimal) { ../common/programs/kitty.nix ../common/programs/minecraft.nix ../common/programs/nvim - ../common/programs/openttd.nix ../common/programs/poe.nix ../common/programs/spicetify.nix ../common/programs/thunderbird.nix diff --git a/users/patrick/ssh.nix b/users/patrick/ssh.nix index 29bbbc2..4b6ccbe 100644 --- a/users/patrick/ssh.nix +++ b/users/patrick/ssh.nix @@ -42,6 +42,7 @@ user = "team402"; }; "*" = { + user = "root"; identitiesOnly = true; inherit identityFile; };