chore: new README

chore: new structure
This commit is contained in:
Patrick 2024-04-11 23:11:53 +02:00
parent e6974a5cc8
commit fcd5a27dce
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
87 changed files with 514 additions and 667 deletions

130
README.md
View file

@ -1,67 +1,73 @@
# Meine wundervolle nix config
# Meine wundervolle nix config ❄️
## Structure
[Structure](./STRUCTURE.md)
- `hosts/` contain nixos configuration for hosts
- `<hostname>/` configuration for hosts
- `default.nix` Toplevel system definition
- `fs.nix` file system definiton
- `net.nix` network setup
- `secrets/` secrets local to this hosts
- `secrets.nix.age` local secrets usable on deploy
- `host.pub` host public key, needed for rekeying agenix secrets
- `modules/` extra nixos modules and shared configurations
- `secrets.nix` module to enable deploy-time secrets
- `config/` base configuration used on all machines
- `dev/` configuration options enabling developer environment
- `graphical/` configuration for graphical environments
- `hardware/` configuration for hardware components
- `impermanence/` impermanence modules for hosts
- `nix/` additional nix functions
- `devshell.nix` Development shell
- `extra-builtins.nix` Extra builtin plugin file to enable repository secrets
- TODO
- `lib.nix` additional library functions
- `secrets/` global secrets
- `<name>.key.pub` public key handles to decrypt secrets using yubikey
- `recipients.txt` rage recipient file for encrypting secrets
- currently containing both yubikeys and a rage backup key
- `secrets.nix.age` global secrets available at deploy
- `users/` home manager user configuration
- `common/` shared home-manager modules
- `graphical/` configuration for graphical programs
- `programs/` configuration for miscellaneous programs
- `shells/` configuration for shells
- `default.nix` minimal setup for all users
- `interactive.nix` minimal setup for interactive users on a command line
- `graphical.nix` configuration for users utilizing a graphical interface
- `<username>/` configuration for users
- `impermanence.nix` users persistence configuration
- `keys` collection of yubikeys public key parts for decryption
- `img` images, encrypted to not break any copyright by redistribution
## Hosts
- `patricknix` Patricks main laptop
- `desktopnix` Patricks main desktop
- `testienix` old laptop for testing
- `gojo` Simons Laptop
| | Name | Device | Description
---|---|---|---
💻 | patricknix | HP spectre x360 | Patrick's laptop, mainly used for on the go university
🖥️ | desktopnix | Intel i5-8600K <br> NVIDIA GeForce GTX 1080 <br> 32 GiB RAM | Patrick's desktop, used for most development and gaming
🖥️ | elisabeth | AMD Ryzen 7 5800X <br> 32 GiB RAM | Server running most cloud services
🖥️ | maddy | Hetzner VPS | Static IP server running mail
💻 | gojo | ? |Simons Laptop
## User Configuration
This showcases my end user setup, which I dailydrive on all my hosts.
| | Programm | Description
---|---|---
🐚 Shell | [ZSH](./users/common/shells/zsh/default.nix) & [Starship](./users/common/shells/starfish.nix) | ZSH with FZF autocomplete, starship prompt, sqlite history and histdb-skim for fancy reverse search
🪟 WM | [Sway](./users/common/graphical/wayland/sway.nix) & [i3](./users/common/graphical/Xorg/i3.nix) | Tiling window managers with similar behaviour for wayland and xorg
🖼️ Styling | [Stylix](./modules/graphical/default.nix) | globally consistent styling
📝 Editor | [NeoVim](./users/common/programs/nvim/default.nix) | Extensively configured neovim
🎮 Gaming | [Bottles](./users/common/programs/bottles.nix) & [Steam](./modules/optional/steam.nix) | Pew, Pew and such
🌐 Browser | [Firefox](./users/patrick/firefox.nix) | Heavily configured Firefox to still my privacy and security needs
💻 Terminal | [Kitty](./users/common/programs/kitty.nix) | fast terminal
🎵 Music | [Spotify](./users/common/programs/spicetify.nix) | Fancy looking spotify using spicetify
📫 Mail | [Thunderbird](./users/common/programs/thunderbird.nix) | Best email client there is
🎛️ StreamDeck | [StreamDeck](./users/patrick/streamdeck.nix) | More hotkeys = more better
## Service Configuration
These are services I've set up
| | Programm | Description
---|---|---
💸 Budgeting | [FireflyIII](./config/services/firefly.nix) | Self Hosted budgeting tool
🛡️ AdBlock | [AdGuard Home](./config/services/adguardhome.nix) | DNS Adblocker
🔨 Git | [Forgejo](./config/services/forgejo.nix) | Selfhosted GitHub alternative
📸 Photos | [Immich](./config/services/immich.nix) | Selfhosted Google Photos equivalent
🔒 SSO | [Kanidm](./config/services/kanidm.nix) | Secure single sign on Identity Provider
📧 E-Mail | [Maddy](./config/services/maddy.nix) | All in one mail server
🎧 Communication | [Murmur](./config/services/murmur.nix) | Selfhosted mumble server for secure and always available communication
🌐 VPN | [Netbird](./config/services/netbird.nix) | Easy to use peer to peer VPN solution based on wireguard
🌧️ Cloud | [NextCloud](./config/services/nextcloud.nix) | All in one cloud solution providing online File storage as well as notes, contacts and calendar synchronization
🗄️ Documents | [Paperless](./config/services/paperless.nix) | Machine learnig supported document organizing plattform
📁 NAS | [Samba](./config/services/samba.nix) | Local network shared storage
📰 Feedreader | [freshRSS](./config/services/ttrss.nix) | hosted RSS feed aggregator
🔑 Passwords | [Vaultwarden](./config/services/vaultwarden.nix) | Self hosted bitwarden server
🎵 Music | [Your Spotify](./config/services/yourspotify.nix) | Spotify listening habits analyzer
## External dependencies
These are notable external flakes which this config depend upon
| Name | Usage |
---|---
[NixVim](https://github.com/nix-community/nixvim) | NeoVim using nix
[MicroVM](https://github.com/astro/microvm.nix) | Declarative VMs
[Disko](https://github.com/nix-community/disko)| disk partitioning
[nixos-generators](https://github.com/nix-community/nixos-generators) | generate installers
[home-manager](https://github.com/nix-community/home-manager) | user config
[agenix](https://github.com/ryantm/agenix) | secret files for nix
[agenix-rekey](https://github.com/oddlama/agenix-rekey) | secret files that are git commitable
[nixos-nftables-firewall](https://github.com/thelegy/nixos-nftables-firewall) | nftables based firewall
[impermanence](https://github.com/nix-community/impermanence) | stateless filesystem
[lanzaboote](https://github.com/nix-community/lanzaboote) | Secure Boot
[stylix](https://github.com/danth/stylix) | theming
[spicetify](https://github.com/the-argus/spicetify-nix) | spotify looking fancy
## Users
- `patrick` my normal everyday unprivileged user
- `root` root user imported by every host
## Flake output structure
- `checks` linting and other checks for this repository
- `pre-commit-check` automatic checks executed as pre-commit hooks
- `nixosHosts` top level configs for hosts
- `nodes` alias to `nixosNodes`
- `devshell` development shell using devshell
- `formatter` nix code formatter
- `hosts` host meta declaration
- `pkgs` nixpkgs
- `packages` additional packages
- `secretsConfig` meta configuration for secrets
- `stateVersion` global stateversion used by nixos and home-manager to determine default config
## How-To
@ -72,8 +78,8 @@
1. Create and fill `default.nix`
1. Fill `net.nix`
1. Fill `fs.nix`
2. Don't forget to add necesarry config for filesystems, etc.
3. Generate ISO image with `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`
2. Don't forget to add necessary config for filesystems, etc.
3. Generate ISO image using `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`
- This might take multiple minutes(~10)
- Alternatively boot an official nixos image connect with password
3. Copy ISO to usb using dd
@ -85,6 +91,7 @@
5. Deploy system
### Add secureboot to new systems
1. generate keys with `sbct create-keys`
1. tar the resulting folder using `tar cvf secureboot.tar -C /etc/secureboot .`
1. Copy the tar to local using scp and encrypt it using rage
@ -104,10 +111,11 @@
1. Time to reboot and pray
### Add luks encryption TPM keys
`systemd-cryptenroll --tpm2-with-pin={yes/no} --tpm2-device=auto <device>`
## Deploy
### Deploy from new host
If deploying from a host not containing the necessary nix configuration option append
```bash

38
STRUCTURE.md Normal file
View file

@ -0,0 +1,38 @@
This file contains a small overview over the contents and structure of this repository, mainly for me to remember where I put my shit.
- `config/` contains shared nixos configuration
- `basic/` the basic system configuration, this should be applied for all systems
- `system.nix` a far descendant of the original `configuration.nix`
any global configuration should be done here first and later moved to their own file if necessary
- `hardware/` configuration for specific hardware
- `optional/` optionally includable configuration
- `services/` configuration for independent services
- `hosts/` contain nixos configuration for hosts
- `<hostname>/` configuration for hosts
- `default.nix` Toplevel system definition
- `fs.nix` file system definiton
- `net.nix` network setup
- *`guests.nix`* optional config for guest systems
- `secrets/` secrets local to this hosts
- `secrets.nix.age` local secrets usable while evaluating
- `host.pub` host public key, needed for rekeying agenix secrets
- `keys/` public keys needed for evaluating the system
- `lib/` extra library functions
- `modules/` extra nixos modules
- `modules-hm/` extra home-manager modules
- `nix/` additional nix functions
- `devshell.nix` Development shell
- `extra-builtins.nix` Extra builtin plugin file to enable repository secrets
- `pkgs/` additional packages
- `secrets/` global secrets
- `recipients.txt` rage recipient file for encrypting secrets
- currently containing all yubikeys and a rage backup key
- `secrets.nix.age` global secrets available at deploy
- `users/` home manager user configuration
- `common/` shared home-manager modules
- `graphical/` configuration for graphical programs
- `programs/` configuration for miscellaneous programs
- `shells/` configuration for shells
- `default.nix` minimal setup for all users
- `<username>/` configuration for users
- `impermanence.nix` users persistence configuration

View file

@ -6,36 +6,35 @@
imports = [
./boot.nix
./home-manager.nix
./impermanence.nix
./inputrc.nix
./issue.nix
./net.nix
./nftables.nix
./nix.nix
./ssh.nix
./system.nix
./users.nix
./xdg.nix
./nftables.nix
../../users/root
../secrets.nix
../meta.nix
../smb-mounts.nix
../deterministic-ids.nix
../distributed-config.nix
../optional/iwd.nix
./impermanence
../../modules/deterministic-ids.nix
../../modules/distributed-config.nix
../../modules/meta.nix
../../modules/iwd.nix
../../modules/secrets.nix
../../modules/smb-mounts.nix
inputs.agenix-rekey.nixosModules.default
inputs.agenix.nixosModules.default
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.default
inputs.impermanence.nixosModules.impermanence
inputs.agenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default
inputs.disko.nixosModules.disko
inputs.lanzaboote.nixosModules.lanzaboote
inputs.nixvim.nixosModules.nixvim
inputs.nixos-extra-modules.nixosModules.default
inputs.musnix.nixosModules.musnix
inputs.nixos-nftables-firewall.nixosModules.default
inputs.nixvim.nixosModules.nixvim
];
age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"];
boot.mode = lib.mkDefault "efi";

View file

@ -5,7 +5,10 @@
nodes,
...
}: {
imports = [./impermanence/users.nix];
imports = [
../../modules-hm/impermanence.nix
../../modules-hm/images.nix
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
@ -22,7 +25,6 @@
inputs.nixos-extra-modules.homeManagerModules.default
inputs.nixvim.homeManagerModules.nixvim
inputs.spicetify-nix.homeManagerModule
inputs.wired-notify.homeManagerModules.default
];
};
# HM zsh needs this or else the startup order is fucked

View file

@ -1,6 +1,6 @@
{
environment.etc.issue.text = ''
<<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>>
<<< Welcome to NixOS (\m) - \l >>>
'';
users.motd = "Guten Tach";

View file

@ -5,19 +5,14 @@
...
}:
lib.optionalAttrs (!minimal) {
imports = [
./docs.nix
];
environment.systemPackages = with pkgs; [
gnumake
pciutils
gcc
usbutils
man-pages
man-pages-posix
];
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
};
services.nixseparatedebuginfod.enable = true;
environment = {
@ -28,4 +23,9 @@ lib.optionalAttrs (!minimal) {
umask 077
'';
};
documentation = {
dev.enable = true;
man.enable = true;
info.enable = false;
};
}

View file

@ -0,0 +1,228 @@
{
config,
inputs,
pkgs,
lib,
...
}: let
inherit
(lib)
mkOption
types
;
in {
options.hidpi = mkOption {
default = false;
type = types.bool;
description = "Enable HighDPI configuration for this host and all installed users";
};
# stylix acceses stylix options on import meaning you can only import this module when you're actually setting stylix options
imports = [
inputs.stylix.nixosModules.stylix
];
config = {
environment.systemPackages = with pkgs; [
xdg-utils
];
xdg.portal = {
xdgOpenUsePortal = true;
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
config = {
common.default = [
"gtk"
];
sway.default = [
"wlr"
];
};
};
# needed for gnome pinentry
services.dbus.packages = [pkgs.gcr];
fonts = {
enableGhostscriptFonts = false;
fontDir.enable = false;
fontconfig = {
localConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<alias binding="weak">
<family>monospace</family>
<prefer>
<family>emoji</family>
</prefer>
</alias>
<alias binding="weak">
<family>sans-serif</family>
<prefer>
<family>emoji</family>
</prefer>
</alias>
<alias binding="weak">
<family>serif</family>
<prefer>
<family>emoji</family>
</prefer>
</alias>
</fontconfig>
'';
};
packages = with pkgs; [
(nerdfonts.override {fonts = ["FiraCode"];})
ibm-plex
dejavu_fonts
unifont
freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
liberation_ttf
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
noto-fonts-extra
];
};
stylix.fonts = {
serif = {
package = pkgs.dejavu_fonts;
name = "IBM Plex Serif";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "IBM Plex Sans";
};
monospace = {
# No need for patched nerd fonts, kitty can pick up on them automatically,
# and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font
package = pkgs.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
stylix = {
autoEnable = false;
polarity = "dark";
image = config.lib.stylix.pixel "base00";
base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml";
# Has to be green
override.base0B = "#00CC99";
#base16Scheme = {
# base00 = "#101419";
# base01 = "#171B20";
# base02 = "#21262e";
# base03 = "#242931";
# base04 = "#485263";
# base05 = "#b6beca";
# base06 = "#dee1e6";
# base07 = "#e3e6eb";
# base08 = "#e05f65";
# base09 = "#f9a872";
# base0A = "#f1cf8a";
# base0B = "#78dba9";
# base0C = "#74bee9";
# base0D = "#70a5eb";
# base0E = "#c68aee";
# base0F = "#9378de";
#};
## based on decaycs-dark, bright variant
#base16Scheme = {
# base00 = "#101419";
# base01 = "#171B20";
# base02 = "#21262e";
# base03 = "#242931";
# base04 = "#485263";
# base05 = "#b6beca";
# base06 = "#dee1e6";
# base07 = "#e3e6eb";
# base08 = "#e5646a";
# base09 = "#f7b77c";
# base0A = "#f6d48f";
# base0B = "#94F7C5";
# base0C = "#79c3ee";
# base0D = "#75aaf0";
# base0E = "#cb8ff3";
# base0F = "#9d85e1";
#};
};
home-manager.sharedModules = [
({
pkgs,
config,
nixosConfig,
...
}: {
stylix = {
cursor = {
package = pkgs.openzone-cursors;
name = "OpenZone_White_Slim";
size =
if nixosConfig.hidpi
then 48
else 18;
};
inherit (nixosConfig.stylix) polarity;
targets = {
gtk.enable = true;
bat.enable = true;
dunst.enable = true;
zathura.enable = true;
xresources.enable = true;
};
};
xresources.properties = {
"Xft.hinting" = true;
"Xft.antialias" = true;
"Xft.autohint" = false;
"Xft.lcdfilter" = "lcddefault";
"Xft.hintstyle" = "hintfull";
"Xft.rgba" = "rgb";
};
gtk = let
gtk34extraConfig = {
gtk-application-prefer-dark-theme = 1;
gtk-cursor-theme-size = 18;
gtk-enable-animations = true;
gtk-xft-antialias = 1;
gtk-xft-dpi = 96; # XXX: delete for wayland?
gtk-xft-hinting = 1;
gtk-xft-hintstyle = "hintfull";
gtk-xft-rgba = "rgb";
};
in {
enable = true;
iconTheme = {
name = "Vimix-Doder";
package = pkgs.vimix-icon-theme;
};
gtk2.extraConfig = "gtk-application-prefer-dark-theme = true";
gtk3.extraConfig = gtk34extraConfig;
gtk4.extraConfig = gtk34extraConfig;
};
home.sessionVariables.GTK_THEME = config.gtk.theme.name;
qt = {
enable = true;
platformTheme = "gnome";
style.name = "Adwaita-Dark";
};
})
];
};
}

View file

@ -3,7 +3,7 @@
lib,
...
}: {
imports = [../fireflyIII.nix];
imports = [../../modules/fireflyIII.nix];
wireguard.elisabeth = {
client.via = "elisabeth";

View file

@ -1,7 +1,7 @@
{config, ...}: let
kanidmdomain = "auth.${config.secrets.secrets.global.domains.web}";
in {
imports = [../kanidm.nix];
imports = [../../modules/kanidm.nix];
wireguard.elisabeth = {
client.via = "elisabeth";
firewallRuleForNode.elisabeth.allowedTCPPorts = [3000];

View file

@ -1,7 +1,7 @@
{config, ...}: {
imports = [
../netbird-server.nix
../netbird-dashboard.nix
../../modules/netbird-server.nix
../../modules/netbird-dashboard.nix
];
wireguard.elisabeth = {
client.via = "elisabeth";

View file

@ -10,7 +10,7 @@
disabledModules = ["services/networking/netbird.nix"];
imports = [../netbird-client.nix];
imports = [../../modules/netbird-client.nix];
services.netbird.tunnels = {
netbird-samba = {
environment = {
@ -214,7 +214,7 @@
# to get this file start a smbd, add users using 'smbpasswd -a <user>'
# then export the database using 'pdbedit -e tdbsam:<location>'
age.secrets.smbpassdb = {
rekeyFile = ../../secrets/smbpassdb.tdb.age;
rekeyFile = config.node.secretsDir + "/smbpassdb.tdb.age";
};
users = let
users = lib.unique (lib.mapAttrsToList (_: val: val."force user") config.services.samba.shares);

View file

@ -7,7 +7,7 @@
client.via = "elisabeth";
firewallRuleForNode.elisabeth.allowedTCPPorts = [3000 80];
};
imports = [./your_spotify_m.nix];
imports = [../../modules/your_spotify.nix];
age.secrets.spotifySecret = {
owner = "root";
mode = "440";

View file

@ -569,24 +569,6 @@
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
@ -733,24 +715,6 @@
"type": "github"
}
},
"flake-utils_9": {
"inputs": {
"systems": "systems_12"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@ -1053,26 +1017,6 @@
"type": "github"
}
},
"musnix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1712254133,
"narHash": "sha256-fwuWrAprqoA4fUrkZGVb6PjRpebm5xjNsyoaw+JVSyY=",
"owner": "musnix",
"repo": "musnix",
"rev": "b5bcdce137b00185dce5fa578739cd52770b8794",
"type": "github"
},
"original": {
"owner": "musnix",
"repo": "musnix",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
@ -1284,24 +1228,6 @@
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"dir": "lib",
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685801374,
@ -1437,22 +1363,6 @@
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1706487304,
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"devshell": "devshell_4",
@ -1631,7 +1541,6 @@
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"microvm": "microvm",
"musnix": "musnix",
"nix-index-database": "nix-index-database",
"nixos-extra-modules": "nixos-extra-modules",
"nixos-generators": "nixos-generators",
@ -1644,7 +1553,7 @@
"spicetify-nix": "spicetify-nix",
"stylix": "stylix",
"systems": "systems_11",
"wired-notify": "wired-notify"
"templates": "templates"
}
},
"rust-overlay": {
@ -1672,25 +1581,6 @@
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_9",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1711764554,
"narHash": "sha256-I2/x/jFd7MAuIi3+kncIF0zJwhkFzxpi5XFdT2RLOF8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7cf3d11d06dcd12fb62ca2c039f3c5e25b53c5a7",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"spectrum": {
"flake": false,
"locked": {
@ -1801,21 +1691,6 @@
"type": "github"
}
},
"systems_12": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@ -1936,6 +1811,21 @@
"type": "github"
}
},
"templates": {
"locked": {
"lastModified": 1696855554,
"narHash": "sha256-9VYXESOCqGGZ8HHl4LN51k+74Kf5Nf9czoqqIN7IEo0=",
"ref": "refs/heads/main",
"rev": "a6c35c2af9f26599e81002630329054b99efbe79",
"revCount": 11,
"type": "git",
"url": "https://git.lel.lol/patrick/nix-templates.git"
},
"original": {
"type": "git",
"url": "https://git.lel.lol/patrick/nix-templates.git"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -1957,28 +1847,6 @@
"repo": "treefmt-nix",
"type": "github"
}
},
"wired-notify": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1711861273,
"narHash": "sha256-VuPSgDhK2zNtOZlpEXKBnMqSd9SkeC4ZQDDuX/swiDg=",
"owner": "Toqozz",
"repo": "wired-notify",
"rev": "54bae8ac6154e52215c4c0f7d25fb5e735b9179e",
"type": "github"
},
"original": {
"owner": "Toqozz",
"repo": "wired-notify",
"type": "github"
}
}
},
"root": "root",

View file

@ -60,17 +60,13 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
musnix = {
url = "github:musnix/musnix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-nftables-firewall = {
url = "github:thelegy/nixos-nftables-firewall";
inputs.nixpkgs.follows = "nixpkgs";
};
#templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
impermanence.url = "github:nix-community/impermanence";
@ -80,6 +76,7 @@
url = "github:numtide/devshell";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
@ -87,17 +84,11 @@
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.3.0";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix.url = "github:danth/stylix";
wired-notify = {
url = "github:Toqozz/wired-notify";
inputs.nixpkgs.follows = "nixpkgs";
};
spicetify-nix.url = "github:the-argus/spicetify-nix";
nixvim = {
@ -114,7 +105,6 @@
nixos-generators,
pre-commit-hooks,
devshell,
wired-notify,
nixvim,
nixos-extra-modules,
...
@ -166,7 +156,6 @@
nixos-extra-modules.overlays.default
devshell.overlays.default
agenix-rekey.overlays.default
wired-notify.overlays.default
nixvim.overlays.default
];
inherit system;
@ -177,7 +166,7 @@
inherit pkgs;
modules = [
./nix/installer-configuration.nix
./modules/config/ssh.nix
./config/basic/ssh.nix
];
format =
{

View file

@ -11,24 +11,24 @@
inputs.nixos-hardware.nixosModules.common-pc-hdd
inputs.nixos-hardware.nixosModules.common-pc-ssd
../../modules/config
../../modules/dev
../../modules/graphical
../../config/basic
../../modules/optional/xserver.nix
../../modules/optional/secureboot.nix
../../config/hardware/bluetooth.nix
../../config/hardware/nintendo.nix
../../config/hardware/nvidia.nix
../../config/hardware/physical.nix
../../config/hardware/pipewire.nix
../../config/hardware/yubikey.nix
../../modules/hardware/nintendo.nix
../../modules/hardware/nvidia.nix
../../modules/hardware/physical.nix
../../modules/hardware/pipewire.nix
../../modules/hardware/yubikey.nix
../../modules/hardware/bluetooth.nix
../../modules/hardware/zfs.nix
../../config/optional/dev.nix
../../config/optional/graphical.nix
../../config/optional/printing.nix
../../config/optional/secureboot.nix
../../config/optional/steam.nix
../../config/optional/xserver.nix
../../config/optional/zfs.nix
../../modules/optional/streamdeck.nix
../../modules/optional/steam.nix
../../modules/optional/printing.nix
../../modules-hm/streamdeck.nix
./net.nix
./fs.nix

View file

@ -12,12 +12,13 @@
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
../../modules/config
../../modules/optional/initrd-ssh.nix
../../modules/optional/secureboot.nix
../../config/basic
../../modules/hardware/physical.nix
../../modules/hardware/zfs.nix
../../config/optional/initrd-ssh.nix
../../config/optional/secureboot.nix
../../config/optional/zfs.nix
../../config/hardware/physical.nix
./net.nix
./fs.nix

View file

@ -213,8 +213,8 @@ in {
dataset = "bunker/shared/paperless";
};
modules = [
../../modules/config
../../modules/services/${guestName}.nix
../../config/basic
../../config/services/${guestName}.nix
{
node.secretsDir = config.node.secretsDir + "/${guestName}";
networking.nftables.firewall.zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName];

View file

@ -9,20 +9,17 @@
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
../../modules/config
../../modules/dev
../../modules/graphical
../../modules/optional/wayland.nix
../../modules/optional/xserver.nix
../../modules/optional/printing.nix
../../modules/hardware/bluetooth.nix
../../modules/hardware/laptop.nix
../../modules/hardware/physical.nix
../../modules/hardware/pipewire.nix
../../modules/hardware/yubikey.nix
../../modules/hardware/zfs.nix
../../config/basic
../../config/optional/dev.nix
../../config/optional/graphical.nix
../../config/optional/wayland.nix
../../config/optional/xserver.nix
../../config/optional/printing.nix
../../config/hardware/bluetooth.nix
../../config/hardware/laptop.nix
../../config/hardware/physical.nix
../../config/hardware/pipewire.nix
../../config/hardware/yubikey.nix
./net.nix
./fs.nix

View file

@ -1,20 +1,12 @@
{
lib,
minimal,
...
}: {
imports =
[
../../modules/config
../../modules/optional/initrd-ssh.nix
../../modules/services/maddy.nix
../../modules/hardware/zfs.nix
imports = [
../../config/basic
../../config/optional/initrd-ssh.nix
../../config/services/maddy.nix
../../config/optional/zfs.nix
./net.nix
./fs.nix
]
++ lib.lists.optionals (!minimal) [
];
services.xserver = {
layout = "de";

View file

@ -9,24 +9,23 @@
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
../../modules/config
../../modules/dev
../../modules/graphical
../../config/basic
../../modules/optional/wayland.nix
../../modules/optional/secureboot.nix
../../modules/optional/printing.nix
../../config/hardware/bluetooth.nix
../../config/hardware/laptop.nix
../../config/hardware/nvidia.nix
../../config/hardware/physical.nix
../../config/hardware/pipewire.nix
../../config/hardware/prime-offload.nix
../../config/hardware/yubikey.nix
../../modules/hardware/bluetooth.nix
../../modules/hardware/laptop.nix
../../modules/hardware/nvidia.nix
../../modules/hardware/physical.nix
../../modules/hardware/pipewire.nix
../../modules/hardware/yubikey.nix
../../modules/hardware/zfs.nix
../../modules/hardware/prime-offload.nix
../../modules/optional/steam.nix
../../config/optional/dev.nix
../../config/optional/graphical.nix
../../config/optional/printing.nix
../../config/optional/secureboot.nix
../../config/optional/steam.nix
../../config/optional/wayland.nix
../../config/optional/zfs.nix
./net.nix
./fs.nix

67
modules-hm/images.nix Normal file
View file

@ -0,0 +1,67 @@
{
lib,
config,
...
}: let
inherit
(lib)
mkEnableOption
mkMerge
attrNames
flip
filterAttrs
mkIf
mkOption
types
removeSuffix
hasPrefix
mapAttrs'
listToAttrs
;
in {
home-manager.sharedModules = [
{
options.images = {
enable = mkEnableOption "Enable images";
images = mkOption {
type = types.attrsOf types.path;
readOnly = true;
default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) (
name: value: {
inherit (value) name;
value = value.path;
}
);
};
};
}
];
imports = [
(
{config, ...}: {
age.secrets = mkMerge (
flip map
(attrNames config.home-manager.users)
(
user:
mkIf config.home-manager.users.${user}.images.enable (
listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../secrets/img)))
(
file: {
name = "images-${user}-${file}";
value = {
name = removeSuffix ".age" file;
rekeyFile = ../secrets/img/${file};
owner = user;
group = user;
};
}
))
)
)
);
}
)
];
}

View file

@ -10,10 +10,8 @@
attrNames
mkOption
types
hasAttr
mkMerge
isAttrs
mkIf
;
in {
# Expose a home manager module for each user that allows extending

View file

@ -1,7 +0,0 @@
{config, ...}: {
age.secrets.usbguard.rekeyFile = ../../secrets/usbguard.rules.age;
services.usbguard = {
ruleFile = config.age.secrets.usbguard.path;
#enable = true;
};
}

View file

@ -1,11 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
man-pages
man-pages-posix
];
documentation = {
dev.enable = true;
man.enable = true;
info.enable = false;
};
}

View file

@ -1,93 +0,0 @@
{
inputs,
config,
pkgs,
lib,
...
}: let
inherit
(lib)
mkOption
types
;
in {
options.hidpi = mkOption {
default = false;
type = types.bool;
description = "Enable HighDPI configuration for this host and all installed users";
};
imports = [
inputs.stylix.nixosModules.stylix
./fonts.nix
./images.nix
];
config = {
environment.systemPackages = with pkgs; [
xdg-utils
];
xdg.portal = {
xdgOpenUsePortal = true;
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
config = {
common.default = [
"gtk"
];
sway.default = [
"wlr"
];
};
};
# needed for gnome pinentry
services.dbus.packages = [pkgs.gcr];
stylix = {
autoEnable = false;
polarity = "dark";
image = config.lib.stylix.pixel "base00";
base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml";
# Has to be green
override.base0B = "#00CC99";
#base16Scheme = {
# base00 = "#101419";
# base01 = "#171B20";
# base02 = "#21262e";
# base03 = "#242931";
# base04 = "#485263";
# base05 = "#b6beca";
# base06 = "#dee1e6";
# base07 = "#e3e6eb";
# base08 = "#e05f65";
# base09 = "#f9a872";
# base0A = "#f1cf8a";
# base0B = "#78dba9";
# base0C = "#74bee9";
# base0D = "#70a5eb";
# base0E = "#c68aee";
# base0F = "#9378de";
#};
## based on decaycs-dark, bright variant
#base16Scheme = {
# base00 = "#101419";
# base01 = "#171B20";
# base02 = "#21262e";
# base03 = "#242931";
# base04 = "#485263";
# base05 = "#b6beca";
# base06 = "#dee1e6";
# base07 = "#e3e6eb";
# base08 = "#e5646a";
# base09 = "#f7b77c";
# base0A = "#f6d48f";
# base0B = "#94F7C5";
# base0C = "#79c3ee";
# base0D = "#75aaf0";
# base0E = "#cb8ff3";
# base0F = "#9d85e1";
#};
};
};
}

View file

@ -1,75 +0,0 @@
{
pkgs,
minimal,
lib,
...
}:
lib.optionalAttrs (!minimal) {
fonts = {
enableGhostscriptFonts = false;
fontDir.enable = false;
fontconfig = {
localConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<alias binding="weak">
<family>monospace</family>
<prefer>
<family>emoji</family>
</prefer>
</alias>
<alias binding="weak">
<family>sans-serif</family>
<prefer>
<family>emoji</family>
</prefer>
</alias>
<alias binding="weak">
<family>serif</family>
<prefer>
<family>emoji</family>
</prefer>
</alias>
</fontconfig>
'';
};
packages = with pkgs; [
(nerdfonts.override {fonts = ["FiraCode"];})
ibm-plex
dejavu_fonts
unifont
freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts
liberation_ttf
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
noto-fonts-extra
];
};
stylix.fonts = {
serif = {
package = pkgs.dejavu_fonts;
name = "IBM Plex Serif";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "IBM Plex Sans";
};
monospace = {
# No need for patched nerd fonts, kitty can pick up on them automatically,
# and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font
package = pkgs.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
}

View file

@ -1,65 +0,0 @@
{
lib,
config,
...
}: let
inherit
(lib)
mkEnableOption
mkMerge
attrNames
flip
filterAttrs
mkIf
mkOption
types
removeSuffix
hasPrefix
mapAttrs'
listToAttrs
;
in {
home-manager.sharedModules = [
{
options.images = {
enable = mkEnableOption "Enable images";
images = mkOption {
type = types.attrsOf types.path;
readOnly = true;
default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) (
name: value: {
inherit (value) name;
value = value.path;
}
);
};
};
}
];
imports = [
{
age.secrets = mkMerge (
flip map
(attrNames config.home-manager.users)
(
user:
mkIf config.home-manager.users.${user}.images.enable (
listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../../img)))
(
file: {
name = "images-${user}-${file}";
value = {
name = removeSuffix ".age" file;
rekeyFile = ../../img/${file};
owner = user;
group = user;
};
}
))
)
)
);
}
];
}

Binary file not shown.

View file

@ -7,7 +7,6 @@
# import shared sway config
imports = [../sway3.nix];
systemd.user.services = {
wired.Install.WantedBy = lib.mkForce ["i3-session.target"];
flameshot.Install.WantedBy = lib.mkForce ["i3-session.target"];
};
stylix.targets.i3.enable = true;

View file

@ -3,11 +3,6 @@
config,
...
}: {
imports = [
#./deadd
./themes.nix
#./wired-notify.nix
];
home = {
packages = with pkgs; [
zathura

View file

@ -1,65 +0,0 @@
{
pkgs,
config,
nixosConfig,
...
}: {
stylix = {
cursor = {
package = pkgs.openzone-cursors;
name = "OpenZone_White_Slim";
size =
if nixosConfig.hidpi
then 48
else 18;
};
inherit (nixosConfig.stylix) polarity;
targets = {
gtk.enable = true;
bat.enable = true;
dunst.enable = true;
zathura.enable = true;
xresources.enable = true;
};
};
xresources.properties = {
"Xft.hinting" = true;
"Xft.antialias" = true;
"Xft.autohint" = false;
"Xft.lcdfilter" = "lcddefault";
"Xft.hintstyle" = "hintfull";
"Xft.rgba" = "rgb";
};
gtk = let
gtk34extraConfig = {
gtk-application-prefer-dark-theme = 1;
gtk-cursor-theme-size = 18;
gtk-enable-animations = true;
gtk-xft-antialias = 1;
gtk-xft-dpi = 96; # XXX: delete for wayland?
gtk-xft-hinting = 1;
gtk-xft-hintstyle = "hintfull";
gtk-xft-rgba = "rgb";
};
in {
enable = true;
iconTheme = {
name = "Vimix-Doder";
package = pkgs.vimix-icon-theme;
};
gtk2.extraConfig = "gtk-application-prefer-dark-theme = true";
gtk3.extraConfig = gtk34extraConfig;
gtk4.extraConfig = gtk34extraConfig;
};
home.sessionVariables.GTK_THEME = config.gtk.theme.name;
qt = {
enable = true;
platformTheme = "gnome";
style.name = "Adwaita-Dark";
};
}

View file

@ -1,7 +0,0 @@
{
accounts.email.accounts = {
"1" = {
address = "";
};
};
}

View file

@ -1,7 +1,4 @@
{pkgs, ...}: {
home.shellAliases = {
commit-reuse-message = ''git commit -v -S --edit --file "$(git rev-parse --git-dir)"/COMMIT_EDITMSG'';
};
programs.git = {
enable = true;
difftastic.enable = true;
@ -12,6 +9,8 @@
a = "add";
p = "push";
rebase = "rebase --gpg-sign";
fixup = ''!f() { TARGET=$(git rev-parse "$1"); git commit --fixup=$TARGET ''${@:2} && EDITOR=true git rebase -i --gpg-sign --autostash --autosquash $TARGET^; }; f'';
crm = ''!git commit -v -S --edit --file "$(git rev-parse --git-dir)"/COMMIT_EDITMSG'';
};
extraConfig = {
core.pager = "${pkgs.delta}/bin/delta";

View file

@ -1,9 +0,0 @@
{pkgs, ...}: {
home.persistence."/persist".directories = [
".local/share/openttd"
];
home.packages = [
pkgs.openttd
];
}

View file

@ -68,7 +68,6 @@ lib.optionalAttrs (!minimal) {
../common/programs/kitty.nix
../common/programs/minecraft.nix
../common/programs/nvim
../common/programs/openttd.nix
../common/programs/poe.nix
../common/programs/spicetify.nix
../common/programs/thunderbird.nix

View file

@ -42,6 +42,7 @@
user = "team402";
};
"*" = {
user = "root";
identitiesOnly = true;
inherit identityFile;
};