From fcd5a27dce1d87925d5067651478291752221ca5 Mon Sep 17 00:00:00 2001 From: Patrick Date: Thu, 11 Apr 2024 23:11:53 +0200 Subject: [PATCH] chore: new README chore: new structure --- README.md | 130 +++++----- STRUCTURE.md | 38 +++ {modules/config => config/basic}/boot.nix | 0 {modules/config => config/basic}/default.nix | 25 +- .../config => config/basic}/home-manager.nix | 6 +- .../basic/impermanence.nix | 0 {modules/config => config/basic}/inputrc.nix | 0 {modules/config => config/basic}/issue.nix | 2 +- {modules/config => config/basic}/net.nix | 0 {modules/config => config/basic}/nftables.nix | 0 {modules/config => config/basic}/nix.nix | 0 {modules/config => config/basic}/ssh.nix | 0 {modules/config => config/basic}/system.nix | 0 {modules/config => config/basic}/users.nix | 0 {modules/config => config/basic}/xdg.nix | 0 {modules => config}/hardware/bluetooth.nix | 0 {modules => config}/hardware/laptop.nix | 0 {modules => config}/hardware/nintendo.nix | 0 {modules => config}/hardware/nvidia.nix | 0 {modules => config}/hardware/physical.nix | 0 {modules => config}/hardware/pipewire.nix | 0 .../hardware/prime-offload.nix | 0 {modules => config}/hardware/yubikey.nix | 0 .../default.nix => config/optional/dev.nix | 14 +- config/optional/graphical.nix | 228 ++++++++++++++++++ {modules => config}/optional/initrd-ssh.nix | 0 {modules => config}/optional/printing.nix | 0 {modules => config}/optional/secureboot.nix | 0 {modules => config}/optional/steam.nix | 0 {modules => config}/optional/wayland.nix | 0 {modules => config}/optional/xserver.nix | 0 {modules/hardware => config/optional}/zfs.nix | 0 {modules => config}/services/actual.nix | 0 {modules => config}/services/adguardhome.nix | 0 {modules => config}/services/ddclient.nix | 0 {modules => config}/services/firefly.nix | 2 +- {modules => config}/services/forgejo.nix | 0 {modules => config}/services/immich.nix | 0 {modules => config}/services/kanidm.nix | 2 +- {modules => config}/services/maddy.nix | 0 {modules => config}/services/murmur.nix | 0 {modules => config}/services/netbird.nix | 4 +- {modules => config}/services/nextcloud.nix | 0 {modules => config}/services/oauth2-proxy.nix | 0 {modules => config}/services/ollama.nix | 0 {modules => config}/services/paperless.nix | 0 {modules => config}/services/radicale.nix | 0 {modules => config}/services/samba.nix | 4 +- {modules => config}/services/ttrss.nix | 0 {modules => config}/services/vaultwarden.nix | 0 {modules => config}/services/yourspotify.nix | 2 +- flake.lock | 164 ++----------- flake.nix | 17 +- hosts/desktopnix/default.nix | 30 +-- hosts/elisabeth/default.nix | 11 +- hosts/elisabeth/guests.nix | 4 +- .../secrets/samba}/smbpassdb.tdb.age | Bin hosts/gojo/default.nix | 25 +- hosts/maddy/default.nix | 24 +- hosts/patricknix/default.nix | 31 ++- modules-hm/images.nix | 67 +++++ .../users.nix => modules-hm/impermanence.nix | 2 - .../optional => modules-hm}/streamdeck.nix | 0 modules/config/usbguard.nix | 7 - modules/dev/docs.nix | 11 - modules/graphical/default.nix | 93 ------- modules/graphical/fonts.nix | 75 ------ modules/graphical/images.nix | 65 ----- modules/{optional => }/iwd.nix | 0 .../your_spotify_m.nix => your_spotify.nix} | 0 {img => secrets/img}/back.png.age | Bin {img => secrets/img}/heads.png.age | Bin {img => secrets/img}/mic.png.age | Bin {img => secrets/img}/player.png.age | Bin {img => secrets/img}/qr.png.age | Bin {img => secrets/img}/screenshot.png.age | Bin {img => secrets/img}/wallpaper.png.age | Bin secrets/usbguard.rules.age | Bin 3610 -> 0 bytes users/common/graphical/Xorg/i3.nix | 1 - users/common/graphical/default.nix | 5 - users/common/graphical/themes.nix | 65 ----- users/common/programs/email.nix | 7 - users/common/programs/git.nix | 5 +- users/common/programs/kitty.nix | 4 +- users/common/programs/openttd.nix | 9 - users/patrick/default.nix | 1 - users/patrick/ssh.nix | 1 + 87 files changed, 514 insertions(+), 667 deletions(-) create mode 100644 STRUCTURE.md rename {modules/config => config/basic}/boot.nix (100%) rename {modules/config => config/basic}/default.nix (77%) rename {modules/config => config/basic}/home-manager.nix (88%) rename modules/config/impermanence/default.nix => config/basic/impermanence.nix (100%) rename {modules/config => config/basic}/inputrc.nix (100%) rename {modules/config => config/basic}/issue.nix (54%) rename {modules/config => config/basic}/net.nix (100%) rename {modules/config => config/basic}/nftables.nix (100%) rename {modules/config => config/basic}/nix.nix (100%) rename {modules/config => config/basic}/ssh.nix (100%) rename {modules/config => config/basic}/system.nix (100%) rename {modules/config => config/basic}/users.nix (100%) rename {modules/config => config/basic}/xdg.nix (100%) rename {modules => config}/hardware/bluetooth.nix (100%) rename {modules => config}/hardware/laptop.nix (100%) rename {modules => config}/hardware/nintendo.nix (100%) rename {modules => config}/hardware/nvidia.nix (100%) rename {modules => config}/hardware/physical.nix (100%) rename {modules => config}/hardware/pipewire.nix (100%) rename {modules => config}/hardware/prime-offload.nix (100%) rename {modules => config}/hardware/yubikey.nix (100%) rename modules/dev/default.nix => config/optional/dev.nix (76%) create mode 100644 config/optional/graphical.nix rename {modules => config}/optional/initrd-ssh.nix (100%) rename {modules => config}/optional/printing.nix (100%) rename {modules => config}/optional/secureboot.nix (100%) rename {modules => config}/optional/steam.nix (100%) rename {modules => config}/optional/wayland.nix (100%) rename {modules => config}/optional/xserver.nix (100%) rename {modules/hardware => config/optional}/zfs.nix (100%) rename {modules => config}/services/actual.nix (100%) rename {modules => config}/services/adguardhome.nix (100%) rename {modules => config}/services/ddclient.nix (100%) rename {modules => config}/services/firefly.nix (94%) rename {modules => config}/services/forgejo.nix (100%) rename {modules => config}/services/immich.nix (100%) rename {modules => config}/services/kanidm.nix (99%) rename {modules => config}/services/maddy.nix (100%) rename {modules => config}/services/murmur.nix (100%) rename {modules => config}/services/netbird.nix (93%) rename {modules => config}/services/nextcloud.nix (100%) rename {modules => config}/services/oauth2-proxy.nix (100%) rename {modules => config}/services/ollama.nix (100%) rename {modules => config}/services/paperless.nix (100%) rename {modules => config}/services/radicale.nix (100%) rename {modules => config}/services/samba.nix (98%) rename {modules => config}/services/ttrss.nix (100%) rename {modules => config}/services/vaultwarden.nix (100%) rename {modules => config}/services/yourspotify.nix (95%) rename {secrets => hosts/elisabeth/secrets/samba}/smbpassdb.tdb.age (100%) create mode 100644 modules-hm/images.nix rename modules/config/impermanence/users.nix => modules-hm/impermanence.nix (99%) rename {modules/optional => modules-hm}/streamdeck.nix (100%) delete mode 100644 modules/config/usbguard.nix delete mode 100644 modules/dev/docs.nix delete mode 100644 modules/graphical/default.nix delete mode 100644 modules/graphical/fonts.nix delete mode 100644 modules/graphical/images.nix rename modules/{optional => }/iwd.nix (100%) rename modules/{services/your_spotify_m.nix => your_spotify.nix} (100%) rename {img => secrets/img}/back.png.age (100%) rename {img => secrets/img}/heads.png.age (100%) rename {img => secrets/img}/mic.png.age (100%) rename {img => secrets/img}/player.png.age (100%) rename {img => secrets/img}/qr.png.age (100%) rename {img => secrets/img}/screenshot.png.age (100%) rename {img => secrets/img}/wallpaper.png.age (100%) delete mode 100644 secrets/usbguard.rules.age delete mode 100644 users/common/graphical/themes.nix delete mode 100644 users/common/programs/email.nix delete mode 100644 users/common/programs/openttd.nix diff --git a/README.md b/README.md index f8655e9..98b8dc2 100644 --- a/README.md +++ b/README.md @@ -1,67 +1,73 @@ -# Meine wundervolle nix config +# Meine wundervolle nix config ❄️ -## Structure +[Structure](./STRUCTURE.md) -- `hosts/` contain nixos configuration for hosts - - `/` configuration for hosts - - `default.nix` Toplevel system definition - - `fs.nix` file system definiton - - `net.nix` network setup - - `secrets/` secrets local to this hosts - - `secrets.nix.age` local secrets usable on deploy - - `host.pub` host public key, needed for rekeying agenix secrets -- `modules/` extra nixos modules and shared configurations - - `secrets.nix` module to enable deploy-time secrets - - `config/` base configuration used on all machines - - `dev/` configuration options enabling developer environment - - `graphical/` configuration for graphical environments - - `hardware/` configuration for hardware components - - `impermanence/` impermanence modules for hosts -- `nix/` additional nix functions - - `devshell.nix` Development shell - - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets - - TODO - - `lib.nix` additional library functions -- `secrets/` global secrets - - `.key.pub` public key handles to decrypt secrets using yubikey - - `recipients.txt` rage recipient file for encrypting secrets - - currently containing both yubikeys and a rage backup key - - `secrets.nix.age` global secrets available at deploy -- `users/` home manager user configuration - - `common/` shared home-manager modules - - `graphical/` configuration for graphical programs - - `programs/` configuration for miscellaneous programs - - `shells/` configuration for shells - - `default.nix` minimal setup for all users - - `interactive.nix` minimal setup for interactive users on a command line - - `graphical.nix` configuration for users utilizing a graphical interface - - `/` configuration for users - - `impermanence.nix` users persistence configuration -- `keys` collection of yubikeys public key parts for decryption -- `img` images, encrypted to not break any copyright by redistribution ## Hosts -- `patricknix` Patricks main laptop -- `desktopnix` Patricks main desktop -- `testienix` old laptop for testing -- `gojo` Simons Laptop +| | Name | Device | Description +---|---|---|--- +💻 | patricknix | HP spectre x360 | Patrick's laptop, mainly used for on the go university +🖥️ | desktopnix | Intel i5-8600K
NVIDIA GeForce GTX 1080
32 GiB RAM | Patrick's desktop, used for most development and gaming +🖥️ | elisabeth | AMD Ryzen 7 5800X
32 GiB RAM | Server running most cloud services +🖥️ | maddy | Hetzner VPS | Static IP server running mail +💻 | gojo | ? |Simons Laptop + +## User Configuration +This showcases my end user setup, which I dailydrive on all my hosts. + +| | Programm | Description +---|---|--- +🐚 Shell | [ZSH](./users/common/shells/zsh/default.nix) & [Starship](./users/common/shells/starfish.nix) | ZSH with FZF autocomplete, starship prompt, sqlite history and histdb-skim for fancy reverse search +🪟 WM | [Sway](./users/common/graphical/wayland/sway.nix) & [i3](./users/common/graphical/Xorg/i3.nix) | Tiling window managers with similar behaviour for wayland and xorg +🖼️ Styling | [Stylix](./modules/graphical/default.nix) | globally consistent styling +📝 Editor | [NeoVim](./users/common/programs/nvim/default.nix) | Extensively configured neovim +🎮 Gaming | [Bottles](./users/common/programs/bottles.nix) & [Steam](./modules/optional/steam.nix) | Pew, Pew and such +🌐 Browser | [Firefox](./users/patrick/firefox.nix) | Heavily configured Firefox to still my privacy and security needs +💻 Terminal | [Kitty](./users/common/programs/kitty.nix) | fast terminal +🎵 Music | [Spotify](./users/common/programs/spicetify.nix) | Fancy looking spotify using spicetify +📫 Mail | [Thunderbird](./users/common/programs/thunderbird.nix) | Best email client there is +🎛️ StreamDeck | [StreamDeck](./users/patrick/streamdeck.nix) | More hotkeys = more better + +## Service Configuration +These are services I've set up + +| | Programm | Description +---|---|--- +💸 Budgeting | [FireflyIII](./config/services/firefly.nix) | Self Hosted budgeting tool +🛡️ AdBlock | [AdGuard Home](./config/services/adguardhome.nix) | DNS Adblocker +🔨 Git | [Forgejo](./config/services/forgejo.nix) | Selfhosted GitHub alternative +📸 Photos | [Immich](./config/services/immich.nix) | Selfhosted Google Photos equivalent +🔒 SSO | [Kanidm](./config/services/kanidm.nix) | Secure single sign on Identity Provider +📧 E-Mail | [Maddy](./config/services/maddy.nix) | All in one mail server +🎧 Communication | [Murmur](./config/services/murmur.nix) | Selfhosted mumble server for secure and always available communication +🌐 VPN | [Netbird](./config/services/netbird.nix) | Easy to use peer to peer VPN solution based on wireguard +🌧️ Cloud | [NextCloud](./config/services/nextcloud.nix) | All in one cloud solution providing online File storage as well as notes, contacts and calendar synchronization +🗄️ Documents | [Paperless](./config/services/paperless.nix) | Machine learnig supported document organizing plattform +📁 NAS | [Samba](./config/services/samba.nix) | Local network shared storage +📰 Feedreader | [freshRSS](./config/services/ttrss.nix) | hosted RSS feed aggregator +🔑 Passwords | [Vaultwarden](./config/services/vaultwarden.nix) | Self hosted bitwarden server +🎵 Music | [Your Spotify](./config/services/yourspotify.nix) | Spotify listening habits analyzer + + +## External dependencies +These are notable external flakes which this config depend upon + +| Name | Usage | +---|--- +[NixVim](https://github.com/nix-community/nixvim) | NeoVim using nix +[MicroVM](https://github.com/astro/microvm.nix) | Declarative VMs +[Disko](https://github.com/nix-community/disko)| disk partitioning +[nixos-generators](https://github.com/nix-community/nixos-generators) | generate installers +[home-manager](https://github.com/nix-community/home-manager) | user config +[agenix](https://github.com/ryantm/agenix) | secret files for nix +[agenix-rekey](https://github.com/oddlama/agenix-rekey) | secret files that are git commitable +[nixos-nftables-firewall](https://github.com/thelegy/nixos-nftables-firewall) | nftables based firewall +[impermanence](https://github.com/nix-community/impermanence) | stateless filesystem +[lanzaboote](https://github.com/nix-community/lanzaboote) | Secure Boot +[stylix](https://github.com/danth/stylix) | theming +[spicetify](https://github.com/the-argus/spicetify-nix) | spotify looking fancy -## Users -- `patrick` my normal everyday unprivileged user -- `root` root user imported by every host -## Flake output structure -- `checks` linting and other checks for this repository - - `pre-commit-check` automatic checks executed as pre-commit hooks -- `nixosHosts` top level configs for hosts -- `nodes` alias to `nixosNodes` -- `devshell` development shell using devshell -- `formatter` nix code formatter -- `hosts` host meta declaration -- `pkgs` nixpkgs -- `packages` additional packages -- `secretsConfig` meta configuration for secrets -- `stateVersion` global stateversion used by nixos and home-manager to determine default config ## How-To @@ -72,8 +78,8 @@ 1. Create and fill `default.nix` 1. Fill `net.nix` 1. Fill `fs.nix` - 2. Don't forget to add necesarry config for filesystems, etc. -3. Generate ISO image with `nix build --print-out-paths --no-link .#images..live-iso` + 2. Don't forget to add necessary config for filesystems, etc. +3. Generate ISO image using `nix build --print-out-paths --no-link .#images..live-iso` - This might take multiple minutes(~10) - Alternatively boot an official nixos image connect with password 3. Copy ISO to usb using dd @@ -85,6 +91,7 @@ 5. Deploy system ### Add secureboot to new systems + 1. generate keys with `sbct create-keys` 1. tar the resulting folder using `tar cvf secureboot.tar -C /etc/secureboot .` 1. Copy the tar to local using scp and encrypt it using rage @@ -104,10 +111,11 @@ 1. Time to reboot and pray ### Add luks encryption TPM keys + `systemd-cryptenroll --tpm2-with-pin={yes/no} --tpm2-device=auto ` -## Deploy +### Deploy from new host If deploying from a host not containing the necessary nix configuration option append ```bash diff --git a/STRUCTURE.md b/STRUCTURE.md new file mode 100644 index 0000000..c786868 --- /dev/null +++ b/STRUCTURE.md @@ -0,0 +1,38 @@ +This file contains a small overview over the contents and structure of this repository, mainly for me to remember where I put my shit. + +- `config/` contains shared nixos configuration + - `basic/` the basic system configuration, this should be applied for all systems + - `system.nix` a far descendant of the original `configuration.nix` + any global configuration should be done here first and later moved to their own file if necessary + - `hardware/` configuration for specific hardware + - `optional/` optionally includable configuration + - `services/` configuration for independent services +- `hosts/` contain nixos configuration for hosts + - `/` configuration for hosts + - `default.nix` Toplevel system definition + - `fs.nix` file system definiton + - `net.nix` network setup + - *`guests.nix`* optional config for guest systems + - `secrets/` secrets local to this hosts + - `secrets.nix.age` local secrets usable while evaluating + - `host.pub` host public key, needed for rekeying agenix secrets +- `keys/` public keys needed for evaluating the system +- `lib/` extra library functions +- `modules/` extra nixos modules +- `modules-hm/` extra home-manager modules +- `nix/` additional nix functions + - `devshell.nix` Development shell + - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets +- `pkgs/` additional packages +- `secrets/` global secrets + - `recipients.txt` rage recipient file for encrypting secrets + - currently containing all yubikeys and a rage backup key + - `secrets.nix.age` global secrets available at deploy +- `users/` home manager user configuration + - `common/` shared home-manager modules + - `graphical/` configuration for graphical programs + - `programs/` configuration for miscellaneous programs + - `shells/` configuration for shells + - `default.nix` minimal setup for all users + - `/` configuration for users + - `impermanence.nix` users persistence configuration diff --git a/modules/config/boot.nix b/config/basic/boot.nix similarity index 100% rename from modules/config/boot.nix rename to config/basic/boot.nix diff --git a/modules/config/default.nix b/config/basic/default.nix similarity index 77% rename from modules/config/default.nix rename to config/basic/default.nix index 9d809e8..4814e0c 100644 --- a/modules/config/default.nix +++ b/config/basic/default.nix @@ -6,36 +6,35 @@ imports = [ ./boot.nix ./home-manager.nix + ./impermanence.nix ./inputrc.nix ./issue.nix ./net.nix + ./nftables.nix ./nix.nix ./ssh.nix ./system.nix ./users.nix ./xdg.nix - ./nftables.nix ../../users/root - ../secrets.nix - ../meta.nix - ../smb-mounts.nix - ../deterministic-ids.nix - ../distributed-config.nix - ../optional/iwd.nix - ./impermanence + ../../modules/deterministic-ids.nix + ../../modules/distributed-config.nix + ../../modules/meta.nix + ../../modules/iwd.nix + ../../modules/secrets.nix + ../../modules/smb-mounts.nix + inputs.agenix-rekey.nixosModules.default + inputs.agenix.nixosModules.default + inputs.disko.nixosModules.disko inputs.home-manager.nixosModules.default inputs.impermanence.nixosModules.impermanence - inputs.agenix.nixosModules.default - inputs.agenix-rekey.nixosModules.default - inputs.disko.nixosModules.disko inputs.lanzaboote.nixosModules.lanzaboote - inputs.nixvim.nixosModules.nixvim inputs.nixos-extra-modules.nixosModules.default - inputs.musnix.nixosModules.musnix inputs.nixos-nftables-firewall.nixosModules.default + inputs.nixvim.nixosModules.nixvim ]; age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"]; boot.mode = lib.mkDefault "efi"; diff --git a/modules/config/home-manager.nix b/config/basic/home-manager.nix similarity index 88% rename from modules/config/home-manager.nix rename to config/basic/home-manager.nix index 9c8a332..6bffaec 100644 --- a/modules/config/home-manager.nix +++ b/config/basic/home-manager.nix @@ -5,7 +5,10 @@ nodes, ... }: { - imports = [./impermanence/users.nix]; + imports = [ + ../../modules-hm/impermanence.nix + ../../modules-hm/images.nix + ]; home-manager = { useGlobalPkgs = true; useUserPackages = true; @@ -22,7 +25,6 @@ inputs.nixos-extra-modules.homeManagerModules.default inputs.nixvim.homeManagerModules.nixvim inputs.spicetify-nix.homeManagerModule - inputs.wired-notify.homeManagerModules.default ]; }; # HM zsh needs this or else the startup order is fucked diff --git a/modules/config/impermanence/default.nix b/config/basic/impermanence.nix similarity index 100% rename from modules/config/impermanence/default.nix rename to config/basic/impermanence.nix diff --git a/modules/config/inputrc.nix b/config/basic/inputrc.nix similarity index 100% rename from modules/config/inputrc.nix rename to config/basic/inputrc.nix diff --git a/modules/config/issue.nix b/config/basic/issue.nix similarity index 54% rename from modules/config/issue.nix rename to config/basic/issue.nix index 9b5eb0c..2b48b08 100644 --- a/modules/config/issue.nix +++ b/config/basic/issue.nix @@ -1,6 +1,6 @@ { environment.etc.issue.text = '' - <<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>> + <<< Welcome to NixOS (\m) - \l >>> ''; users.motd = "Guten Tach"; diff --git a/modules/config/net.nix b/config/basic/net.nix similarity index 100% rename from modules/config/net.nix rename to config/basic/net.nix diff --git a/modules/config/nftables.nix b/config/basic/nftables.nix similarity index 100% rename from modules/config/nftables.nix rename to config/basic/nftables.nix diff --git a/modules/config/nix.nix b/config/basic/nix.nix similarity index 100% rename from modules/config/nix.nix rename to config/basic/nix.nix diff --git a/modules/config/ssh.nix b/config/basic/ssh.nix similarity index 100% rename from modules/config/ssh.nix rename to config/basic/ssh.nix diff --git a/modules/config/system.nix b/config/basic/system.nix similarity index 100% rename from modules/config/system.nix rename to config/basic/system.nix diff --git a/modules/config/users.nix b/config/basic/users.nix similarity index 100% rename from modules/config/users.nix rename to config/basic/users.nix diff --git a/modules/config/xdg.nix b/config/basic/xdg.nix similarity index 100% rename from modules/config/xdg.nix rename to config/basic/xdg.nix diff --git a/modules/hardware/bluetooth.nix b/config/hardware/bluetooth.nix similarity index 100% rename from modules/hardware/bluetooth.nix rename to config/hardware/bluetooth.nix diff --git a/modules/hardware/laptop.nix b/config/hardware/laptop.nix similarity index 100% rename from modules/hardware/laptop.nix rename to config/hardware/laptop.nix diff --git a/modules/hardware/nintendo.nix b/config/hardware/nintendo.nix similarity index 100% rename from modules/hardware/nintendo.nix rename to config/hardware/nintendo.nix diff --git a/modules/hardware/nvidia.nix b/config/hardware/nvidia.nix similarity index 100% rename from modules/hardware/nvidia.nix rename to config/hardware/nvidia.nix diff --git a/modules/hardware/physical.nix b/config/hardware/physical.nix similarity index 100% rename from modules/hardware/physical.nix rename to config/hardware/physical.nix diff --git a/modules/hardware/pipewire.nix b/config/hardware/pipewire.nix similarity index 100% rename from modules/hardware/pipewire.nix rename to config/hardware/pipewire.nix diff --git a/modules/hardware/prime-offload.nix b/config/hardware/prime-offload.nix similarity index 100% rename from modules/hardware/prime-offload.nix rename to config/hardware/prime-offload.nix diff --git a/modules/hardware/yubikey.nix b/config/hardware/yubikey.nix similarity index 100% rename from modules/hardware/yubikey.nix rename to config/hardware/yubikey.nix diff --git a/modules/dev/default.nix b/config/optional/dev.nix similarity index 76% rename from modules/dev/default.nix rename to config/optional/dev.nix index ba4e824..fe94282 100644 --- a/modules/dev/default.nix +++ b/config/optional/dev.nix @@ -5,19 +5,14 @@ ... }: lib.optionalAttrs (!minimal) { - imports = [ - ./docs.nix - ]; environment.systemPackages = with pkgs; [ gnumake pciutils gcc usbutils + man-pages + man-pages-posix ]; - programs.wireshark = { - enable = true; - package = pkgs.wireshark; - }; services.nixseparatedebuginfod.enable = true; environment = { @@ -28,4 +23,9 @@ lib.optionalAttrs (!minimal) { umask 077 ''; }; + documentation = { + dev.enable = true; + man.enable = true; + info.enable = false; + }; } diff --git a/config/optional/graphical.nix b/config/optional/graphical.nix new file mode 100644 index 0000000..61ee458 --- /dev/null +++ b/config/optional/graphical.nix @@ -0,0 +1,228 @@ +{ + config, + inputs, + pkgs, + lib, + ... +}: let + inherit + (lib) + mkOption + types + ; +in { + options.hidpi = mkOption { + default = false; + type = types.bool; + description = "Enable HighDPI configuration for this host and all installed users"; + }; + + # stylix acceses stylix options on import meaning you can only import this module when you're actually setting stylix options + imports = [ + inputs.stylix.nixosModules.stylix + ]; + + config = { + environment.systemPackages = with pkgs; [ + xdg-utils + ]; + xdg.portal = { + xdgOpenUsePortal = true; + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + ]; + config = { + common.default = [ + "gtk" + ]; + sway.default = [ + "wlr" + ]; + }; + }; + # needed for gnome pinentry + services.dbus.packages = [pkgs.gcr]; + fonts = { + enableGhostscriptFonts = false; + fontDir.enable = false; + fontconfig = { + localConf = '' + + + + + monospace + + emoji + + + + sans-serif + + emoji + + + + serif + + emoji + + + + ''; + }; + packages = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode"];}) + ibm-plex + dejavu_fonts + unifont + freefont_ttf + gyre-fonts # TrueType substitutes for standard PostScript fonts + liberation_ttf + noto-fonts + noto-fonts-cjk-sans + noto-fonts-cjk-serif + noto-fonts-emoji + noto-fonts-extra + ]; + }; + stylix.fonts = { + serif = { + package = pkgs.dejavu_fonts; + name = "IBM Plex Serif"; + }; + + sansSerif = { + package = pkgs.dejavu_fonts; + name = "IBM Plex Sans"; + }; + + monospace = { + # No need for patched nerd fonts, kitty can pick up on them automatically, + # and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font + package = pkgs.jetbrains-mono; + name = "JetBrains Mono"; + }; + + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + stylix = { + autoEnable = false; + polarity = "dark"; + image = config.lib.stylix.pixel "base00"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml"; + # Has to be green + override.base0B = "#00CC99"; + #base16Scheme = { + # base00 = "#101419"; + # base01 = "#171B20"; + # base02 = "#21262e"; + # base03 = "#242931"; + # base04 = "#485263"; + # base05 = "#b6beca"; + # base06 = "#dee1e6"; + # base07 = "#e3e6eb"; + # base08 = "#e05f65"; + # base09 = "#f9a872"; + # base0A = "#f1cf8a"; + # base0B = "#78dba9"; + # base0C = "#74bee9"; + # base0D = "#70a5eb"; + # base0E = "#c68aee"; + # base0F = "#9378de"; + #}; + ## based on decaycs-dark, bright variant + #base16Scheme = { + # base00 = "#101419"; + # base01 = "#171B20"; + # base02 = "#21262e"; + # base03 = "#242931"; + # base04 = "#485263"; + # base05 = "#b6beca"; + # base06 = "#dee1e6"; + # base07 = "#e3e6eb"; + # base08 = "#e5646a"; + # base09 = "#f7b77c"; + # base0A = "#f6d48f"; + # base0B = "#94F7C5"; + # base0C = "#79c3ee"; + # base0D = "#75aaf0"; + # base0E = "#cb8ff3"; + # base0F = "#9d85e1"; + #}; + }; + + home-manager.sharedModules = [ + ({ + pkgs, + config, + nixosConfig, + ... + }: { + stylix = { + cursor = { + package = pkgs.openzone-cursors; + name = "OpenZone_White_Slim"; + size = + if nixosConfig.hidpi + then 48 + else 18; + }; + inherit (nixosConfig.stylix) polarity; + targets = { + gtk.enable = true; + bat.enable = true; + dunst.enable = true; + zathura.enable = true; + xresources.enable = true; + }; + }; + + xresources.properties = { + "Xft.hinting" = true; + "Xft.antialias" = true; + "Xft.autohint" = false; + "Xft.lcdfilter" = "lcddefault"; + "Xft.hintstyle" = "hintfull"; + "Xft.rgba" = "rgb"; + }; + + gtk = let + gtk34extraConfig = { + gtk-application-prefer-dark-theme = 1; + gtk-cursor-theme-size = 18; + gtk-enable-animations = true; + gtk-xft-antialias = 1; + gtk-xft-dpi = 96; # XXX: delete for wayland? + gtk-xft-hinting = 1; + gtk-xft-hintstyle = "hintfull"; + gtk-xft-rgba = "rgb"; + }; + in { + enable = true; + iconTheme = { + name = "Vimix-Doder"; + package = pkgs.vimix-icon-theme; + }; + + gtk2.extraConfig = "gtk-application-prefer-dark-theme = true"; + gtk3.extraConfig = gtk34extraConfig; + gtk4.extraConfig = gtk34extraConfig; + }; + + home.sessionVariables.GTK_THEME = config.gtk.theme.name; + + qt = { + enable = true; + platformTheme = "gnome"; + style.name = "Adwaita-Dark"; + }; + }) + ]; + }; +} diff --git a/modules/optional/initrd-ssh.nix b/config/optional/initrd-ssh.nix similarity index 100% rename from modules/optional/initrd-ssh.nix rename to config/optional/initrd-ssh.nix diff --git a/modules/optional/printing.nix b/config/optional/printing.nix similarity index 100% rename from modules/optional/printing.nix rename to config/optional/printing.nix diff --git a/modules/optional/secureboot.nix b/config/optional/secureboot.nix similarity index 100% rename from modules/optional/secureboot.nix rename to config/optional/secureboot.nix diff --git a/modules/optional/steam.nix b/config/optional/steam.nix similarity index 100% rename from modules/optional/steam.nix rename to config/optional/steam.nix diff --git a/modules/optional/wayland.nix b/config/optional/wayland.nix similarity index 100% rename from modules/optional/wayland.nix rename to config/optional/wayland.nix diff --git a/modules/optional/xserver.nix b/config/optional/xserver.nix similarity index 100% rename from modules/optional/xserver.nix rename to config/optional/xserver.nix diff --git a/modules/hardware/zfs.nix b/config/optional/zfs.nix similarity index 100% rename from modules/hardware/zfs.nix rename to config/optional/zfs.nix diff --git a/modules/services/actual.nix b/config/services/actual.nix similarity index 100% rename from modules/services/actual.nix rename to config/services/actual.nix diff --git a/modules/services/adguardhome.nix b/config/services/adguardhome.nix similarity index 100% rename from modules/services/adguardhome.nix rename to config/services/adguardhome.nix diff --git a/modules/services/ddclient.nix b/config/services/ddclient.nix similarity index 100% rename from modules/services/ddclient.nix rename to config/services/ddclient.nix diff --git a/modules/services/firefly.nix b/config/services/firefly.nix similarity index 94% rename from modules/services/firefly.nix rename to config/services/firefly.nix index 02ca260..9d27365 100644 --- a/modules/services/firefly.nix +++ b/config/services/firefly.nix @@ -3,7 +3,7 @@ lib, ... }: { - imports = [../fireflyIII.nix]; + imports = [../../modules/fireflyIII.nix]; wireguard.elisabeth = { client.via = "elisabeth"; diff --git a/modules/services/forgejo.nix b/config/services/forgejo.nix similarity index 100% rename from modules/services/forgejo.nix rename to config/services/forgejo.nix diff --git a/modules/services/immich.nix b/config/services/immich.nix similarity index 100% rename from modules/services/immich.nix rename to config/services/immich.nix diff --git a/modules/services/kanidm.nix b/config/services/kanidm.nix similarity index 99% rename from modules/services/kanidm.nix rename to config/services/kanidm.nix index 1bbe790..ef5c199 100644 --- a/modules/services/kanidm.nix +++ b/config/services/kanidm.nix @@ -1,7 +1,7 @@ {config, ...}: let kanidmdomain = "auth.${config.secrets.secrets.global.domains.web}"; in { - imports = [../kanidm.nix]; + imports = [../../modules/kanidm.nix]; wireguard.elisabeth = { client.via = "elisabeth"; firewallRuleForNode.elisabeth.allowedTCPPorts = [3000]; diff --git a/modules/services/maddy.nix b/config/services/maddy.nix similarity index 100% rename from modules/services/maddy.nix rename to config/services/maddy.nix diff --git a/modules/services/murmur.nix b/config/services/murmur.nix similarity index 100% rename from modules/services/murmur.nix rename to config/services/murmur.nix diff --git a/modules/services/netbird.nix b/config/services/netbird.nix similarity index 93% rename from modules/services/netbird.nix rename to config/services/netbird.nix index 4329ba8..3562b8e 100644 --- a/modules/services/netbird.nix +++ b/config/services/netbird.nix @@ -1,7 +1,7 @@ {config, ...}: { imports = [ - ../netbird-server.nix - ../netbird-dashboard.nix + ../../modules/netbird-server.nix + ../../modules/netbird-dashboard.nix ]; wireguard.elisabeth = { client.via = "elisabeth"; diff --git a/modules/services/nextcloud.nix b/config/services/nextcloud.nix similarity index 100% rename from modules/services/nextcloud.nix rename to config/services/nextcloud.nix diff --git a/modules/services/oauth2-proxy.nix b/config/services/oauth2-proxy.nix similarity index 100% rename from modules/services/oauth2-proxy.nix rename to config/services/oauth2-proxy.nix diff --git a/modules/services/ollama.nix b/config/services/ollama.nix similarity index 100% rename from modules/services/ollama.nix rename to config/services/ollama.nix diff --git a/modules/services/paperless.nix b/config/services/paperless.nix similarity index 100% rename from modules/services/paperless.nix rename to config/services/paperless.nix diff --git a/modules/services/radicale.nix b/config/services/radicale.nix similarity index 100% rename from modules/services/radicale.nix rename to config/services/radicale.nix diff --git a/modules/services/samba.nix b/config/services/samba.nix similarity index 98% rename from modules/services/samba.nix rename to config/services/samba.nix index d35987d..c08080e 100644 --- a/modules/services/samba.nix +++ b/config/services/samba.nix @@ -10,7 +10,7 @@ disabledModules = ["services/networking/netbird.nix"]; - imports = [../netbird-client.nix]; + imports = [../../modules/netbird-client.nix]; services.netbird.tunnels = { netbird-samba = { environment = { @@ -214,7 +214,7 @@ # to get this file start a smbd, add users using 'smbpasswd -a ' # then export the database using 'pdbedit -e tdbsam:' age.secrets.smbpassdb = { - rekeyFile = ../../secrets/smbpassdb.tdb.age; + rekeyFile = config.node.secretsDir + "/smbpassdb.tdb.age"; }; users = let users = lib.unique (lib.mapAttrsToList (_: val: val."force user") config.services.samba.shares); diff --git a/modules/services/ttrss.nix b/config/services/ttrss.nix similarity index 100% rename from modules/services/ttrss.nix rename to config/services/ttrss.nix diff --git a/modules/services/vaultwarden.nix b/config/services/vaultwarden.nix similarity index 100% rename from modules/services/vaultwarden.nix rename to config/services/vaultwarden.nix diff --git a/modules/services/yourspotify.nix b/config/services/yourspotify.nix similarity index 95% rename from modules/services/yourspotify.nix rename to config/services/yourspotify.nix index dea2c77..914e350 100644 --- a/modules/services/yourspotify.nix +++ b/config/services/yourspotify.nix @@ -7,7 +7,7 @@ client.via = "elisabeth"; firewallRuleForNode.elisabeth.allowedTCPPorts = [3000 80]; }; - imports = [./your_spotify_m.nix]; + imports = [../../modules/your_spotify.nix]; age.secrets.spotifySecret = { owner = "root"; mode = "440"; diff --git a/flake.lock b/flake.lock index b130b97..3deef48 100644 --- a/flake.lock +++ b/flake.lock @@ -569,24 +569,6 @@ "type": "github" } }, - "flake-parts_4": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -733,24 +715,6 @@ "type": "github" } }, - "flake-utils_9": { - "inputs": { - "systems": "systems_12" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -1053,26 +1017,6 @@ "type": "github" } }, - "musnix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712254133, - "narHash": "sha256-fwuWrAprqoA4fUrkZGVb6PjRpebm5xjNsyoaw+JVSyY=", - "owner": "musnix", - "repo": "musnix", - "rev": "b5bcdce137b00185dce5fa578739cd52770b8794", - "type": "github" - }, - "original": { - "owner": "musnix", - "repo": "musnix", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -1284,24 +1228,6 @@ "type": "github" } }, - "nixpkgs-lib_2": { - "locked": { - "dir": "lib", - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1685801374, @@ -1437,22 +1363,6 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1706487304, - "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "devshell": "devshell_4", @@ -1631,7 +1541,6 @@ "impermanence": "impermanence", "lanzaboote": "lanzaboote", "microvm": "microvm", - "musnix": "musnix", "nix-index-database": "nix-index-database", "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", @@ -1644,7 +1553,7 @@ "spicetify-nix": "spicetify-nix", "stylix": "stylix", "systems": "systems_11", - "wired-notify": "wired-notify" + "templates": "templates" } }, "rust-overlay": { @@ -1672,25 +1581,6 @@ "type": "github" } }, - "rust-overlay_2": { - "inputs": { - "flake-utils": "flake-utils_9", - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1711764554, - "narHash": "sha256-I2/x/jFd7MAuIi3+kncIF0zJwhkFzxpi5XFdT2RLOF8=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "7cf3d11d06dcd12fb62ca2c039f3c5e25b53c5a7", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "spectrum": { "flake": false, "locked": { @@ -1801,21 +1691,6 @@ "type": "github" } }, - "systems_12": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1936,6 +1811,21 @@ "type": "github" } }, + "templates": { + "locked": { + "lastModified": 1696855554, + "narHash": "sha256-9VYXESOCqGGZ8HHl4LN51k+74Kf5Nf9czoqqIN7IEo0=", + "ref": "refs/heads/main", + "rev": "a6c35c2af9f26599e81002630329054b99efbe79", + "revCount": 11, + "type": "git", + "url": "https://git.lel.lol/patrick/nix-templates.git" + }, + "original": { + "type": "git", + "url": "https://git.lel.lol/patrick/nix-templates.git" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1957,28 +1847,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "wired-notify": { - "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1711861273, - "narHash": "sha256-VuPSgDhK2zNtOZlpEXKBnMqSd9SkeC4ZQDDuX/swiDg=", - "owner": "Toqozz", - "repo": "wired-notify", - "rev": "54bae8ac6154e52215c4c0f7d25fb5e735b9179e", - "type": "github" - }, - "original": { - "owner": "Toqozz", - "repo": "wired-notify", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f19be25..069aa99 100644 --- a/flake.nix +++ b/flake.nix @@ -60,17 +60,13 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; - musnix = { - url = "github:musnix/musnix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-nftables-firewall = { url = "github:thelegy/nixos-nftables-firewall"; inputs.nixpkgs.follows = "nixpkgs"; }; - #templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; + templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; impermanence.url = "github:nix-community/impermanence"; @@ -80,6 +76,7 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; @@ -87,17 +84,11 @@ lanzaboote = { url = "github:nix-community/lanzaboote/v0.3.0"; - inputs.nixpkgs.follows = "nixpkgs"; }; stylix.url = "github:danth/stylix"; - wired-notify = { - url = "github:Toqozz/wired-notify"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - spicetify-nix.url = "github:the-argus/spicetify-nix"; nixvim = { @@ -114,7 +105,6 @@ nixos-generators, pre-commit-hooks, devshell, - wired-notify, nixvim, nixos-extra-modules, ... @@ -166,7 +156,6 @@ nixos-extra-modules.overlays.default devshell.overlays.default agenix-rekey.overlays.default - wired-notify.overlays.default nixvim.overlays.default ]; inherit system; @@ -177,7 +166,7 @@ inherit pkgs; modules = [ ./nix/installer-configuration.nix - ./modules/config/ssh.nix + ./config/basic/ssh.nix ]; format = { diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index 334e314..341b24c 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -11,24 +11,24 @@ inputs.nixos-hardware.nixosModules.common-pc-hdd inputs.nixos-hardware.nixosModules.common-pc-ssd - ../../modules/config - ../../modules/dev - ../../modules/graphical + ../../config/basic - ../../modules/optional/xserver.nix - ../../modules/optional/secureboot.nix + ../../config/hardware/bluetooth.nix + ../../config/hardware/nintendo.nix + ../../config/hardware/nvidia.nix + ../../config/hardware/physical.nix + ../../config/hardware/pipewire.nix + ../../config/hardware/yubikey.nix - ../../modules/hardware/nintendo.nix - ../../modules/hardware/nvidia.nix - ../../modules/hardware/physical.nix - ../../modules/hardware/pipewire.nix - ../../modules/hardware/yubikey.nix - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/zfs.nix + ../../config/optional/dev.nix + ../../config/optional/graphical.nix + ../../config/optional/printing.nix + ../../config/optional/secureboot.nix + ../../config/optional/steam.nix + ../../config/optional/xserver.nix + ../../config/optional/zfs.nix - ../../modules/optional/streamdeck.nix - ../../modules/optional/steam.nix - ../../modules/optional/printing.nix + ../../modules-hm/streamdeck.nix ./net.nix ./fs.nix diff --git a/hosts/elisabeth/default.nix b/hosts/elisabeth/default.nix index b1048cf..2392793 100644 --- a/hosts/elisabeth/default.nix +++ b/hosts/elisabeth/default.nix @@ -12,12 +12,13 @@ inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate - ../../modules/config - ../../modules/optional/initrd-ssh.nix - ../../modules/optional/secureboot.nix + ../../config/basic - ../../modules/hardware/physical.nix - ../../modules/hardware/zfs.nix + ../../config/optional/initrd-ssh.nix + ../../config/optional/secureboot.nix + ../../config/optional/zfs.nix + + ../../config/hardware/physical.nix ./net.nix ./fs.nix diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index 00ee36c..0e9c5f5 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -213,8 +213,8 @@ in { dataset = "bunker/shared/paperless"; }; modules = [ - ../../modules/config - ../../modules/services/${guestName}.nix + ../../config/basic + ../../config/services/${guestName}.nix { node.secretsDir = config.node.secretsDir + "/${guestName}"; networking.nftables.firewall.zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName]; diff --git a/secrets/smbpassdb.tdb.age b/hosts/elisabeth/secrets/samba/smbpassdb.tdb.age similarity index 100% rename from secrets/smbpassdb.tdb.age rename to hosts/elisabeth/secrets/samba/smbpassdb.tdb.age diff --git a/hosts/gojo/default.nix b/hosts/gojo/default.nix index 08c8907..3686af1 100644 --- a/hosts/gojo/default.nix +++ b/hosts/gojo/default.nix @@ -9,20 +9,17 @@ inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd - ../../modules/config - ../../modules/dev - ../../modules/graphical - - ../../modules/optional/wayland.nix - ../../modules/optional/xserver.nix - ../../modules/optional/printing.nix - - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/laptop.nix - ../../modules/hardware/physical.nix - ../../modules/hardware/pipewire.nix - ../../modules/hardware/yubikey.nix - ../../modules/hardware/zfs.nix + ../../config/basic + ../../config/optional/dev.nix + ../../config/optional/graphical.nix + ../../config/optional/wayland.nix + ../../config/optional/xserver.nix + ../../config/optional/printing.nix + ../../config/hardware/bluetooth.nix + ../../config/hardware/laptop.nix + ../../config/hardware/physical.nix + ../../config/hardware/pipewire.nix + ../../config/hardware/yubikey.nix ./net.nix ./fs.nix diff --git a/hosts/maddy/default.nix b/hosts/maddy/default.nix index 711c119..cc51a16 100644 --- a/hosts/maddy/default.nix +++ b/hosts/maddy/default.nix @@ -1,21 +1,13 @@ { - lib, - minimal, - ... -}: { - imports = - [ - ../../modules/config - ../../modules/optional/initrd-ssh.nix - ../../modules/services/maddy.nix + imports = [ + ../../config/basic + ../../config/optional/initrd-ssh.nix + ../../config/services/maddy.nix + ../../config/optional/zfs.nix - ../../modules/hardware/zfs.nix - - ./net.nix - ./fs.nix - ] - ++ lib.lists.optionals (!minimal) [ - ]; + ./net.nix + ./fs.nix + ]; services.xserver = { layout = "de"; xkbVariant = "bone"; diff --git a/hosts/patricknix/default.nix b/hosts/patricknix/default.nix index 016db8a..84aba89 100644 --- a/hosts/patricknix/default.nix +++ b/hosts/patricknix/default.nix @@ -9,24 +9,23 @@ inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd - ../../modules/config - ../../modules/dev - ../../modules/graphical + ../../config/basic - ../../modules/optional/wayland.nix - ../../modules/optional/secureboot.nix - ../../modules/optional/printing.nix + ../../config/hardware/bluetooth.nix + ../../config/hardware/laptop.nix + ../../config/hardware/nvidia.nix + ../../config/hardware/physical.nix + ../../config/hardware/pipewire.nix + ../../config/hardware/prime-offload.nix + ../../config/hardware/yubikey.nix - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/laptop.nix - ../../modules/hardware/nvidia.nix - ../../modules/hardware/physical.nix - ../../modules/hardware/pipewire.nix - ../../modules/hardware/yubikey.nix - ../../modules/hardware/zfs.nix - - ../../modules/hardware/prime-offload.nix - ../../modules/optional/steam.nix + ../../config/optional/dev.nix + ../../config/optional/graphical.nix + ../../config/optional/printing.nix + ../../config/optional/secureboot.nix + ../../config/optional/steam.nix + ../../config/optional/wayland.nix + ../../config/optional/zfs.nix ./net.nix ./fs.nix diff --git a/modules-hm/images.nix b/modules-hm/images.nix new file mode 100644 index 0000000..a8d2f01 --- /dev/null +++ b/modules-hm/images.nix @@ -0,0 +1,67 @@ +{ + lib, + config, + ... +}: let + inherit + (lib) + mkEnableOption + mkMerge + attrNames + flip + filterAttrs + mkIf + mkOption + types + removeSuffix + hasPrefix + mapAttrs' + listToAttrs + ; +in { + home-manager.sharedModules = [ + { + options.images = { + enable = mkEnableOption "Enable images"; + images = mkOption { + type = types.attrsOf types.path; + readOnly = true; + default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) ( + name: value: { + inherit (value) name; + value = value.path; + } + ); + }; + }; + } + ]; + + imports = [ + ( + {config, ...}: { + age.secrets = mkMerge ( + flip map + (attrNames config.home-manager.users) + ( + user: + mkIf config.home-manager.users.${user}.images.enable ( + listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../secrets/img))) + ( + file: { + name = "images-${user}-${file}"; + value = { + name = removeSuffix ".age" file; + rekeyFile = ../secrets/img/${file}; + owner = user; + group = user; + }; + } + )) + ) + ) + ); + } + ) + ]; +} diff --git a/modules/config/impermanence/users.nix b/modules-hm/impermanence.nix similarity index 99% rename from modules/config/impermanence/users.nix rename to modules-hm/impermanence.nix index 8dbb34c..cfff0cc 100644 --- a/modules/config/impermanence/users.nix +++ b/modules-hm/impermanence.nix @@ -10,10 +10,8 @@ attrNames mkOption types - hasAttr mkMerge isAttrs - mkIf ; in { # Expose a home manager module for each user that allows extending diff --git a/modules/optional/streamdeck.nix b/modules-hm/streamdeck.nix similarity index 100% rename from modules/optional/streamdeck.nix rename to modules-hm/streamdeck.nix diff --git a/modules/config/usbguard.nix b/modules/config/usbguard.nix deleted file mode 100644 index b07f5bb..0000000 --- a/modules/config/usbguard.nix +++ /dev/null @@ -1,7 +0,0 @@ -{config, ...}: { - age.secrets.usbguard.rekeyFile = ../../secrets/usbguard.rules.age; - services.usbguard = { - ruleFile = config.age.secrets.usbguard.path; - #enable = true; - }; -} diff --git a/modules/dev/docs.nix b/modules/dev/docs.nix deleted file mode 100644 index d9f3aa2..0000000 --- a/modules/dev/docs.nix +++ /dev/null @@ -1,11 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - man-pages - man-pages-posix - ]; - documentation = { - dev.enable = true; - man.enable = true; - info.enable = false; - }; -} diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix deleted file mode 100644 index e5e9904..0000000 --- a/modules/graphical/default.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ - inputs, - config, - pkgs, - lib, - ... -}: let - inherit - (lib) - mkOption - types - ; -in { - options.hidpi = mkOption { - default = false; - type = types.bool; - description = "Enable HighDPI configuration for this host and all installed users"; - }; - imports = [ - inputs.stylix.nixosModules.stylix - ./fonts.nix - ./images.nix - ]; - - config = { - environment.systemPackages = with pkgs; [ - xdg-utils - ]; - xdg.portal = { - xdgOpenUsePortal = true; - enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk - ]; - config = { - common.default = [ - "gtk" - ]; - sway.default = [ - "wlr" - ]; - }; - }; - # needed for gnome pinentry - services.dbus.packages = [pkgs.gcr]; - stylix = { - autoEnable = false; - polarity = "dark"; - image = config.lib.stylix.pixel "base00"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml"; - # Has to be green - override.base0B = "#00CC99"; - #base16Scheme = { - # base00 = "#101419"; - # base01 = "#171B20"; - # base02 = "#21262e"; - # base03 = "#242931"; - # base04 = "#485263"; - # base05 = "#b6beca"; - # base06 = "#dee1e6"; - # base07 = "#e3e6eb"; - # base08 = "#e05f65"; - # base09 = "#f9a872"; - # base0A = "#f1cf8a"; - # base0B = "#78dba9"; - # base0C = "#74bee9"; - # base0D = "#70a5eb"; - # base0E = "#c68aee"; - # base0F = "#9378de"; - #}; - ## based on decaycs-dark, bright variant - #base16Scheme = { - # base00 = "#101419"; - # base01 = "#171B20"; - # base02 = "#21262e"; - # base03 = "#242931"; - # base04 = "#485263"; - # base05 = "#b6beca"; - # base06 = "#dee1e6"; - # base07 = "#e3e6eb"; - # base08 = "#e5646a"; - # base09 = "#f7b77c"; - # base0A = "#f6d48f"; - # base0B = "#94F7C5"; - # base0C = "#79c3ee"; - # base0D = "#75aaf0"; - # base0E = "#cb8ff3"; - # base0F = "#9d85e1"; - #}; - }; - }; -} diff --git a/modules/graphical/fonts.nix b/modules/graphical/fonts.nix deleted file mode 100644 index 8390040..0000000 --- a/modules/graphical/fonts.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ - pkgs, - minimal, - lib, - ... -}: -lib.optionalAttrs (!minimal) { - fonts = { - enableGhostscriptFonts = false; - fontDir.enable = false; - fontconfig = { - localConf = '' - - - - - monospace - - emoji - - - - sans-serif - - emoji - - - - serif - - emoji - - - - ''; - }; - packages = with pkgs; [ - (nerdfonts.override {fonts = ["FiraCode"];}) - ibm-plex - dejavu_fonts - unifont - freefont_ttf - gyre-fonts # TrueType substitutes for standard PostScript fonts - liberation_ttf - noto-fonts - noto-fonts-cjk-sans - noto-fonts-cjk-serif - noto-fonts-emoji - noto-fonts-extra - ]; - }; - stylix.fonts = { - serif = { - package = pkgs.dejavu_fonts; - name = "IBM Plex Serif"; - }; - - sansSerif = { - package = pkgs.dejavu_fonts; - name = "IBM Plex Sans"; - }; - - monospace = { - # No need for patched nerd fonts, kitty can pick up on them automatically, - # and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font - package = pkgs.jetbrains-mono; - name = "JetBrains Mono"; - }; - - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; -} diff --git a/modules/graphical/images.nix b/modules/graphical/images.nix deleted file mode 100644 index d530246..0000000 --- a/modules/graphical/images.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - ... -}: let - inherit - (lib) - mkEnableOption - mkMerge - attrNames - flip - filterAttrs - mkIf - mkOption - types - removeSuffix - hasPrefix - mapAttrs' - listToAttrs - ; -in { - home-manager.sharedModules = [ - { - options.images = { - enable = mkEnableOption "Enable images"; - images = mkOption { - type = types.attrsOf types.path; - readOnly = true; - default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) ( - name: value: { - inherit (value) name; - value = value.path; - } - ); - }; - }; - } - ]; - - imports = [ - { - age.secrets = mkMerge ( - flip map - (attrNames config.home-manager.users) - ( - user: - mkIf config.home-manager.users.${user}.images.enable ( - listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../../img))) - ( - file: { - name = "images-${user}-${file}"; - value = { - name = removeSuffix ".age" file; - rekeyFile = ../../img/${file}; - owner = user; - group = user; - }; - } - )) - ) - ) - ); - } - ]; -} diff --git a/modules/optional/iwd.nix b/modules/iwd.nix similarity index 100% rename from modules/optional/iwd.nix rename to modules/iwd.nix diff --git a/modules/services/your_spotify_m.nix b/modules/your_spotify.nix similarity index 100% rename from modules/services/your_spotify_m.nix rename to modules/your_spotify.nix diff --git a/img/back.png.age b/secrets/img/back.png.age similarity index 100% rename from img/back.png.age rename to secrets/img/back.png.age diff --git a/img/heads.png.age b/secrets/img/heads.png.age similarity index 100% rename from img/heads.png.age rename to secrets/img/heads.png.age diff --git a/img/mic.png.age b/secrets/img/mic.png.age similarity index 100% rename from img/mic.png.age rename to secrets/img/mic.png.age diff --git a/img/player.png.age b/secrets/img/player.png.age similarity index 100% rename from img/player.png.age rename to secrets/img/player.png.age diff --git a/img/qr.png.age b/secrets/img/qr.png.age similarity index 100% rename from img/qr.png.age rename to secrets/img/qr.png.age diff --git a/img/screenshot.png.age b/secrets/img/screenshot.png.age similarity index 100% rename from img/screenshot.png.age rename to secrets/img/screenshot.png.age diff --git a/img/wallpaper.png.age b/secrets/img/wallpaper.png.age similarity index 100% rename from img/wallpaper.png.age rename to secrets/img/wallpaper.png.age diff --git a/secrets/usbguard.rules.age b/secrets/usbguard.rules.age deleted file mode 100644 index c348ff0b07668e318018e1c669a5fc7d4170bb1b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3610 zcmV+#4(0J-XJsvAZewzJaCB*JZZ28+% zR5dg(a%?nkG&NyLD{50$Yh*QQb~p+xJ|J*ub}eu+H8vnvR8ebHK_EdmFGh4#X>@l> zVpn)_MnYLLbVy}rD`9$bYF1KeGg4DxL3&GhYfnmUW_SugNjEbqZ%a2cP!THPHS;-XlqU{XIM*RWjRhkXGL`@I7du$PkDBAZ%BG{W_1c_RzW#IQf*90a$$Bw zP-}8oLQZ*OOl>oCSZZx#Pi9(aS$9olaCmrfX-x_(J|J*ub}eu+H8vnxMrUbBcOXG& zaBW3WX;eZlF=uCMQFu=@M>Sz~b5}`scX?J$a8G%5Wo>0b7deSX9{+A zYEL$4NpDkPb!~EI3N0-yAbB@YRCzK(S4e3?I5TKtMNu(CT17)mdM|Z2RAy#ZR#kR% zQ!{CCO*Tb$3ij0cv{t?epI|fy$Z<`oIH|J?K*6BQUlX1RbWI}ws2Z6qL$MOTfJ|rO z&R;)Nu#nqXyCziW{*)AZasds2&R6o9M{`ja(I$#+`AEbV2Y7w$1+k%P_K5kZd4Lp7 zA=OKov6Lqd&LgW^fAP`6!#;Zm_mYqfI`y)lc}Oguw3LVpY@8ounsH?QVc*325?Xh}UkVQm{a=A`%X|L=0TNHohz;k06}e znkpS{qLMLjlBj@co$>rHb2-e@8KD}uBC!APS|!p%^_v33`Oor#E(BTDp7AP{XLmvE98_Nd;~3k4 zKxT^GRT8<-a#uMR=-Uqz3G%=J=Ug?QJZsku9PVxvbYx)V%#Q!x*UVmn zEq2q(tFD^yy0Cw8@~>@Sj}go)2`O7NqZ`DjQ^&zWrmMJ8joc;V%IAGqtkeZNoDk{% zQd=HN&Mft11|2Y#LZUg?Atd9jWW9UXizo&@b9`^k&Dw$@tTr~{rhFy~dttRpz0Z?C z3#+=X``r()SI_4mG$C4TH$#Kjr3UX*kCLWrH9r1_soVD-MJAAS8rs9Sv~$G8oqgFa z`~LIy~ zx!eyv-DUnhhncicYkg$;A@FR#MaQ$z>mB~>OROE>boejx)Z|zl(_mf=hlKSlC~edd zk>)SHVed=?>Y*&9z25u{m)=hlpyIs~%|B~l;c6vh>d1ib6VepSGv2c|4(r!4CS#A4 zZ-WqzG$CxB^SeIk>9c;ufZj=?(51AfY@qZ*`7!aUo+`Y$Auo$N#ir)TQFduniFUiw zC_eZJZBNyC4As^Q18%zL2oGf(AieUb?r3kR(0&>+yc(q*->gP`n|O_sgoFnCt*r>7CQ2@GoNZxI2_#~F?f9+)j- zZh<{gX`*;vQA>ucf#Ag&4iw&9Gxk0Xa&1gWU%uO{&R%>1lm;%YTCPo8cxW({Pec<* znJb!E&`FyZBLL0N((Gc1Dw)Si9tpCvwDqPXDIis%4nB^8fI$G#wgRpcbr5=;V1lot zwIXR-C6dXpj-Z%BIO>7R#=qTU54xk>YqlDZH2Rq9qF_tv$ixftmAnj5H18Rprjkhk zol5sG)I;6P8*9WFovz>Kd7mn2RhD8BXk-WUnn0P8*!c#j7F+E9kcYTCcMwENHJ?}= za!cr0PDCADss=88bjhNudE1@$Hu{>54}8_j?!SFCuqSPhgJRa#MYe7aoym(F>^}q5=CXnSEv9xv z4W{0d>?U9T)q{bQC{%^U3|)*K&Yi1_eDIL#jktJWtB9xQW}RdB*9czX%1mJeG3Zw! z<3n07g*}6Wi#Gg->U(R|uN+~l?HS9ZMs_S>J35DIOiO-^s6k8dc65-o1SU1lFlo<`vb7v_a^AQ5OO;#piIb0Z}}s=1Ks)Wt9%{W!bI!Pm0i zkaaa0@BwnR?flG(q-<521};>kHs`J6*Zzu+&K~kYI&_l%d2fIv&E(22vw<+iy!b8F zX{^$HTU-wnAKrzM$F6h0_U%J;GXwBhzmBm%fUGc<-Pgj&DX^-SSBOek7>Hr0L*ImQ zKVQYs4wq`mdW0x*!LBm)16w~4M)kA*|0qu=iUuEVh#U3IK}Fx>`9B*S!rHts&k!r+ zD%z^pk5~IUst5o#S8$j<`Oa^;%uRrmCw)Dj2fYkq}4ykUULgs>L_{mR&E$wesWt za1B_CY!y#?#J3rRl1{8haWcj8K$*^AwnnOP3fu$V`8A73p-mV-;FmI7r+|xPuyr+@ zkVM)%IM~Xwg2qU!!rp|)1JdBSouRuYJY>NJp%#qE1tqkmfOjoSmIu$)8 zO8+5*t=z#RfRpK&-h3nY4SaHo7QW-YH~bTZ(D6GgX9L#efVv2(F&n-#c+4C(Niv@| z(?_fq15wQ#haQ?BG_jm2T9&tiQ6#_^Hq}C2e8c~JUNFc#TgxyD8~2FN;O}AT0pYeJ z+I%JoFkI&H5uAGkLZ(#<~%%H9t zamt$Cf1psZtx1W|RAfvK0@cLHFumfoZjjaRUAhja>73V?Mqzxwy^_#ZjG&zBU$Ivu zd^|0!H1a6Lbp$N&*8OnvmAC}RAE*h^s*Zf;aT^cC!{AkN# zvYqzsa)RIx7hyH%Zn!;*{&BJ*)Yf7)FlQ=aQ{ObOw<&BrbmSWjt$8dV))wWh$2J%G zX{Uk|(#|UUYz?MA(}e}A(its^u~e0;(qi4%U00>4W&@MtfZF1Zc$c!+zKCMz-LC3W zw+JK%&Yd&Q%gv+k><~`3^e)D;D0UXDW!{zGeiA8QOXZw5YNug(4q}~+twqPo^E*-Q z%0ys1AnMc}>`z6VFzm%}8@*Tw4?!v4eA%g2*_~ZsO1o+=(pA~2@jp{pg=Db*Rf`S4 z;`_Tk8q_iIwfV8=KjYkwX3r+=c%*tqlF7#?f