diff options
162 files changed, 2961 insertions, 1451 deletions
@@ -1,7 +1,19 @@ keys: - - &SSHDerived age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + - &general age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + - &flex-wg-router age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja creation_rules: - - path_regex: secrets/.*.yaml$ + - path_regex: timmy/resources/secrets/hashed-root-password.yaml key_groups: - age: - - *SSHDerived + - *general + - *flex-wg-router + + - path_regex: timmy/resources/secrets/wpa_supplicant-conf.yaml + key_groups: + - age: + - *general + + - path_regex: T495/resources/secrets/wg0.yaml + key_groups: + - age: + - *general diff --git a/archetypes/collections/bluetooth.nix b/archetypes/collections/bluetooth.nix new file mode 100644 index 0000000..749a9f1 --- /dev/null +++ b/archetypes/collections/bluetooth.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.bluetooth; +in { + options._archetypes.collections.bluetooth = { + enable = lib.mkEnableOption "enables bluetooth and blueman"; + }; + + config = lib.mkIf cfg.enable { + hardware.bluetooth.enable = true; + services.blueman.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME + }; +} diff --git a/archetypes/collections/desktop/cad.nix b/archetypes/collections/desktop/cad.nix new file mode 100644 index 0000000..33edcd5 --- /dev/null +++ b/archetypes/collections/desktop/cad.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.cad; +in { + options._archetypes.collections.desktop.cad = { + enable = lib.mkEnableOption "install cad and 3d printing software"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + blender + freecad + prusa-slicer + ]; + }; +} diff --git a/archetypes/collections/desktop/chromium.nix b/archetypes/collections/desktop/chromium.nix new file mode 100644 index 0000000..b4638f0 --- /dev/null +++ b/archetypes/collections/desktop/chromium.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.chromium; +in { + options._archetypes.collections.desktop.chromium = { + enable = lib.mkEnableOption "install chromium browser"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.ungoogled-chromium; + description = "chromium package to install"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + cfg.package + ]; + }; +} diff --git a/archetypes/collections/desktop/crypto.nix b/archetypes/collections/desktop/crypto.nix new file mode 100644 index 0000000..f90919e --- /dev/null +++ b/archetypes/collections/desktop/crypto.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.crypto; +in { + options._archetypes.collections.desktop.crypto = { + enable = lib.mkEnableOption "install crypto wallets"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + sparrow + ]; + }; +} diff --git a/archetypes/collections/desktop/default.nix b/archetypes/collections/desktop/default.nix new file mode 100644 index 0000000..bbca8df --- /dev/null +++ b/archetypes/collections/desktop/default.nix @@ -0,0 +1,13 @@ +{ + imports = [ + ./cad.nix + ./chromium.nix + ./crypto.nix + ./extra.nix + ./firefox.nix + ./graphics.nix + ./office.nix + ./utilities.nix + ./xserver.nix + ]; +} diff --git a/archetypes/collections/desktop/extra.nix b/archetypes/collections/desktop/extra.nix new file mode 100644 index 0000000..c3af43b --- /dev/null +++ b/archetypes/collections/desktop/extra.nix @@ -0,0 +1,17 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.extraUtilities; +in { + options._archetypes.collections.desktop.extraUtilities = { + enable = lib.mkEnableOption "install extra desktop utilities"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + jellyfin-mpv-shim + qbittorrent + qdirstat + qdiskinfo + remmina + ]; + }; +} diff --git a/archetypes/collections/desktop/firefox.nix b/archetypes/collections/desktop/firefox.nix new file mode 100644 index 0000000..02656f6 --- /dev/null +++ b/archetypes/collections/desktop/firefox.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.firefox; +in { + options._archetypes.collections.desktop.firefox = { + enable = lib.mkEnableOption "install firefox"; + }; + + config = lib.mkIf cfg.enable { + programs.firefox.enable = true; + }; +} + diff --git a/archetypes/collections/desktop/graphics.nix b/archetypes/collections/desktop/graphics.nix new file mode 100644 index 0000000..f4242d1 --- /dev/null +++ b/archetypes/collections/desktop/graphics.nix @@ -0,0 +1,16 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.graphics; +in { + options._archetypes.collections.desktop.graphics = { + enable = lib.mkEnableOption "install graphic design software"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + blender + geeqie + gimp3 + inkscape + ]; + }; +} diff --git a/archetypes/collections/desktop/office.nix b/archetypes/collections/desktop/office.nix new file mode 100644 index 0000000..23e6862 --- /dev/null +++ b/archetypes/collections/desktop/office.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.office; +in { + options._archetypes.collections.desktop.office = { + enable = lib.mkEnableOption "install office software"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + hunspell # Spell checking in libreoffice + hunspellDicts.en_US + kdePackages.okular + libreoffice + pdfchain + thunderbird + ]; + }; +} diff --git a/archetypes/collections/desktop/utilities.nix b/archetypes/collections/desktop/utilities.nix new file mode 100644 index 0000000..51fed51 --- /dev/null +++ b/archetypes/collections/desktop/utilities.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.utilities; +in { + options._archetypes.collections.desktop.utilities = { + enable = lib.mkEnableOption "install basic desktop utilities"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + arandr + dex # Execute .desktop files + dmenu + libnotify + lowbat + mpv + pavolctld + pavucontrol + pcmanfm + redshift + scrot + st + sxiv + wpa_supplicant_gui + zathura + ]; + + programs.localsend.enable = true; # Installs & opens firewall + services.gvfs.enable = true; # GVfs allows for mounting drives in a graphical file manager + }; +} diff --git a/archetypes/collections/desktop/xserver.nix b/archetypes/collections/desktop/xserver.nix new file mode 100644 index 0000000..8e01a84 --- /dev/null +++ b/archetypes/collections/desktop/xserver.nix @@ -0,0 +1,35 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.desktop.xserver; +in { + options._archetypes.collections.desktop.xserver = { + enable = lib.mkEnableOption "installs xserver"; + utilities.enable = lib.mkEnableOption "installs basic xserver utilities"; + }; + + config = lib.mkIf cfg.enable { + services.xserver.enable = true; + services.xserver.displayManager.startx.enable = true; + services.libinput.enable = true; # Enable touchpad support + + # Install basic X utilities + environment.systemPackages = with pkgs; lib.optionals cfg.utilities.enable [ + unclutter-desktop-entry + unclutter-xfixes + xcape + xclip + xdotool + xorg.setxkbmap + xorg.xinput + xorg.xkill + xorg.xrandr + xorg.xset + xwallpaper + ]; + + # Enable TearFree option by default + # Not all video drivers support this option + services.xserver.deviceSection = '' + Option "TearFree" "true" + ''; + }; +} diff --git a/archetypes/collections/development/default.nix b/archetypes/collections/development/default.nix new file mode 100644 index 0000000..87fe2d2 --- /dev/null +++ b/archetypes/collections/development/default.nix @@ -0,0 +1,45 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.development; + hugoFirewallPort = 1313; +in { + imports = [ + ./docker.nix + ]; + + options._archetypes.collections.development = { + utilities.enable = lib.mkEnableOption "install basic dev utilities"; + android.enable = lib.mkEnableOption "install android dev tools"; + c.enable = lib.mkEnableOption "install c dev tools"; + lua.enable = lib.mkEnableOption "install lua dev tools"; + web = { + hugo = { + enable = lib.mkEnableOption "install hugo"; + openFirewall = lib.mkEnableOption "open the port ${hugoFirewallPort} for viewing content from hugo serve on other devices"; + }; + node.enable = lib.mkEnableOption "install node"; + }; + }; + + config = { + environment.systemPackages = with pkgs; [ + git + python3 + ] ++ lib.optionals cfg.android.enable [ + #adb-sync + android-tools + ] ++ lib.optionals cfg.c.enable [ + gcc + git + gnumake + pkg-config + ] ++ lib.optionals cfg.lua.enable [ + lua + ] ++ lib.optionals cfg.web.hugo.enable [ + hugo + ] ++ lib.optionals cfg.web.node.enable [ + nodejs + ]; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.web.hugo.openFirewall [ hugoFirewallPort ]; + }; +} diff --git a/archetypes/collections/development/docker.nix b/archetypes/collections/development/docker.nix new file mode 100644 index 0000000..629dff3 --- /dev/null +++ b/archetypes/collections/development/docker.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.development.docker; +in { + options._archetypes.collections.development.docker = { + enable = lib.mkEnableOption "enables docker"; + btrfsSupport = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Changes docker storageDriver to btrfs."; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation.docker = { + enable = true; + storageDriver = lib.mkIf cfg.btrfsSupport "btrfs"; + }; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; + }; +} diff --git a/archetypes/collections/fonts.nix b/archetypes/collections/fonts.nix new file mode 100644 index 0000000..136e31b --- /dev/null +++ b/archetypes/collections/fonts.nix @@ -0,0 +1,16 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.fonts; +in { + options._archetypes.collections.fonts = { + enable = lib.mkEnableOption "enables fonts"; + }; + + config = lib.mkIf cfg.enable { + fonts.packages = with pkgs; [ + commit-mono + inter + nerd-fonts.jetbrains-mono + tamzen + ]; + }; +} diff --git a/modules/root/software/utilities.nix b/archetypes/collections/utilities.nix index dabf163..85763a4 100644 --- a/modules/root/software/utilities.nix +++ b/archetypes/collections/utilities.nix @@ -1,5 +1,7 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + crazydiskinfo + dash # TODO should be default /bin/sh entr fastfetch ffmpeg @@ -22,11 +24,12 @@ testdisk tmux uhubctl + vimv-rs wget wireguard-tools xxHash yt-dlp - (callPackage ./derivations/lowbat {}) - (callPackage ./derivations/pavolctld {}) ]; + + services.gpm.enable = true; } diff --git a/archetypes/collections/virtualization.nix b/archetypes/collections/virtualization.nix new file mode 100644 index 0000000..fda0e48 --- /dev/null +++ b/archetypes/collections/virtualization.nix @@ -0,0 +1,22 @@ +{ pkgs, lib, config, ... }: let + cfg = config._archetypes.collections.virtualization; +in { + options._archetypes.collections.virtualization = { + enable = lib.mkEnableOption "enables virtualization and virt-manager"; + }; + + config = lib.mkIf cfg.enable { + virtualisation = { + spiceUSBRedirection.enable = true; + libvirtd.enable = true; + # Enable efi support with ovmf firmware + libvirtd.qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + ovmf.enable = true; + }; + }; + programs.virt-manager.enable = config._archetypes.collections.desktop.utilities.enable; # FIXME + }; +} diff --git a/archetypes/default.nix b/archetypes/default.nix new file mode 100644 index 0000000..52e5eaa --- /dev/null +++ b/archetypes/default.nix @@ -0,0 +1,13 @@ +{ + imports = [ + ./collections/bluetooth.nix + ./collections/desktop + ./collections/development + ./collections/fonts.nix + ./collections/utilities.nix + ./collections/virtualization.nix + + ./profiles/desktop + ./profiles/headless + ]; +} diff --git a/archetypes/profiles/desktop/default.nix b/archetypes/profiles/desktop/default.nix new file mode 100644 index 0000000..0e68b84 --- /dev/null +++ b/archetypes/profiles/desktop/default.nix @@ -0,0 +1,117 @@ +{ lib, config, pkgs, ... }: let + mkDesktop = lib.mkOverride 920; + + nixosConfig = { + _archetypes.collections = { + desktop = { + utilities.enable = mkDesktop true; + firefox.enable = mkDesktop true; + xserver = { + enable = mkDesktop true; + utilities.enable = mkDesktop true; + }; + }; + development = { + utilities.enable = mkDesktop true; + }; + fonts.enable = mkDesktop true; + }; + + security = { + _doas.enable = mkDesktop true; + _polkit = { + enable = mkDesktop true; + gnome.enable = mkDesktop true; + allowUserPowerControls = mkDesktop true; + }; + }; + + programs = { + _ddcutil.enable = mkDesktop true; + _home-manager.enable = mkDesktop true; + }; + + services = { + xserver = { + windowManager._awesome.enable = mkDesktop true; + enableTearFree = mkDesktop true; + }; + _geoclue2.enable = mkDesktop true; + _pipewire.enable = mkDesktop true; + _printing.enable = mkDesktop true; + _ssh.enable = mkDesktop true; + tlp.enable = mkDesktop true; + + # Ensure video group can change backlight + udev.extraRules = mkDesktop '' + SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; + }; + }; + + homeConfig = { + gtk = { + enable = mkDesktop true; + _mintTheme.enable = mkDesktop true; + font.name = mkDesktop "sans-serif"; + cursorTheme.name = mkDesktop "Adwaita"; + }; + + qt._gtkPlatformTheme.enable = mkDesktop true; + + fonts.fontconfig = { + enable = mkDesktop true; + defaultFonts = { + # These fonts are added above in fonts collection + sansSerif = mkDesktop [ "Inter" ]; + monospace = mkDesktop [ "CommitMono" ]; + }; + }; + + programs = { + _pcmanfm.openAsRootOption.enable = mkDesktop true; + firefox._configure = mkDesktop true; + htop._configure = mkDesktop true; + zathura = { + enable = mkDesktop true; + options = { + selection-clipboard = mkDesktop "clipboard"; # Copy highlighted text + }; + }; + }; + + services = { + _redshift.enable = true; + #polkit-gnome.enable = mkDesktop true; # Doesn't work on X + }; + + home._repos = { + enable = mkDesktop true; + desktop = mkDesktop true; + }; + + xdg = { + autostart = { + enable = mkDesktop true; + entries = mkDesktop [ + "${pkgs.redshift}/share/applications/redshift-gtk.desktop" + "${pkgs.unclutter-desktop-entry}/share/applications/unclutter.desktop" + ]; + }; + }; + + xdg.mimeApps._defaultCategoryApplications = { + enable = true; + categoryApplications = { + audio = [ "mpv" ]; + email = [ "thunderbird" ]; + image = [ "sxiv" ]; + pdf = [ "org.pwmt.zathura-pdf-mupdf" ]; + text = [ "nvim" ]; + video = [ "mpv" ]; + }; + }; + }; +in { + imports = [ (lib._mkProfileArchetype "desktop" nixosConfig homeConfig) ]; +} diff --git a/archetypes/profiles/headless/default.nix b/archetypes/profiles/headless/default.nix new file mode 100644 index 0000000..b391076 --- /dev/null +++ b/archetypes/profiles/headless/default.nix @@ -0,0 +1,31 @@ +{ lib, config, ... }: let + mkHeadless = lib.mkOverride 910; + + nixosConfig = { + _archetypes.collections = { + development = { + utilities.enable = mkHeadless true; + }; + }; + + security = { + _doas.enable = mkHeadless true; + }; + + programs = { + _ddcutil.enable = mkHeadless true; + }; + + services = { + _ssh.enable = mkHeadless true; + }; + }; + + homeConfig = { + home._repos = { + enable = mkHeadless true; + }; + }; +in { + imports = [ (lib._mkProfileArchetype "headless" nixosConfig homeConfig) ]; +} diff --git a/derivations/lowbat/default.nix b/derivations/lowbat/default.nix deleted file mode 100644 index 02ff111..0000000 --- a/derivations/lowbat/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs ? import <nixpkgs> {} }: - -pkgs.stdenv.mkDerivation rec { - pname = "lowbat"; - version = "1.2.1"; - - src = pkgs.fetchzip { - url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz"; - sha256 = "sha256-xsUHdmicHX/fQQgojVjWfzI82e4NezkmlACOpdPxLE0="; - }; - - nativeBuildInputs = [ pkgs.pkg-config ]; - buildInputs = [ pkgs.libnotify pkgs.glib ]; - - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin $out/share/man/man1 - cp lowbat $out/bin/ - cp lowbat.1 $out/share/man/man1/ - ''; - - meta = with pkgs.lib; { - description = "A minimal battery level monitor daemon, written in C"; - license = licenses.mit; - maintainers = [ maintainers.tjkeller ]; - }; -} diff --git a/derivations/pavolctld/default.nix b/derivations/pavolctld/default.nix deleted file mode 100644 index c78e3fe..0000000 --- a/derivations/pavolctld/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs ? import <nixpkgs> {} }: - -pkgs.stdenv.mkDerivation rec { - pname = "pavolctld"; - version = "1.0.0"; - - src = pkgs.fetchzip { - url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz"; - sha256 = "sha256-eJ5njP2wu2kxsNgDdULOaATJJarLh+LkM5M9+kujRt4="; - }; - - buildInputs = [ pkgs.libpulseaudio ]; - - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin $out/share/man/man1 - cp pavolctld $out/bin/ - cp pavolctld.1 $out/share/man/man1/ - ''; - - meta = with pkgs.lib; { - description = "A minimal PulseAudio volume control/monitoring daemon"; - license = licenses.mit; - maintainers = [ maintainers.tjkeller ]; - }; -} diff --git a/derivations/st/default.nix b/derivations/st/default.nix deleted file mode 100644 index eb7c6bc..0000000 --- a/derivations/st/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - lib, - stdenv, - fetchzip, - fontconfig, - libX11, - libXcursor, - libXext, - libXft, - ncurses, - pkg-config, -}: - -stdenv.mkDerivation rec { - pname = "st"; - version = "tj-0.9.2.2"; - - src = fetchzip { - url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz"; - sha256 = "sha256-p1u7TEeLeC5Kjvi8na4YhyQQ0qdPaUWZL6hq9O4HaKA="; - }; - - nativeBuildInputs = [ - pkg-config - ]; - buildInputs = [ - fontconfig - libX11 - libXcursor - libXext - libXft - ncurses - ]; - - installPhase = '' - runHook preInstall - - TERMINFO=$out/share/terminfo make install PREFIX=$out - - runHook postInstall - ''; - - meta = with lib; { - homepage = "https://git.tjkeller.xyz/st"; - description = "My st with various patches"; - mainProgram = "st"; - license = licenses.mit; - maintainers = [ maintainers.tjkeller ]; - }; -} @@ -3,18 +3,17 @@ "arkenfox": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], "pre-commit": "pre-commit" }, "locked": { - "lastModified": 1725263787, - "narHash": "sha256-OSNjus8VSkLCSikN6Qeq+II1bwqTRJEwl6NJvFoQHoE=", + "lastModified": 1751321356, + "narHash": "sha256-7vrKgcIg7jOHVEJrpfjNjcqZnsAoXnJvKK8NuV1x2kU=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "72addd96455cce49c0c8524c53aecd02cf20adec", + "rev": "3f04af64f37dad55446417fc2f8c6cf754fde879", "type": "github" }, "original": { @@ -26,11 +25,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -55,24 +54,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -102,27 +83,27 @@ ] }, "locked": { - "lastModified": 1733951536, - "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", + "lastModified": 1756679287, + "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", + "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1719082008, - "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=", + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9693852a2070b398ee123a329e68f0dab5526681", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", "type": "github" }, "original": { @@ -132,50 +113,18 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1729357638, - "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1734083684, - "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", + "lastModified": 1756617294, + "narHash": "sha256-aGnd4AHIYCWQKChAkHPpX+YYCt7pA6y2LFFA/s8q0wQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", + "rev": "b4c2c57c31e68544982226d07e4719a2d86302a8", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -184,15 +133,14 @@ "inputs": { "flake-compat": "flake-compat_2", "gitignore": "gitignore", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1724857454, - "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -213,15 +161,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" + ] }, "locked": { - "lastModified": 1729394972, - "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -229,21 +176,6 @@ "repo": "sops-nix", "type": "github" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", @@ -2,69 +2,67 @@ rec { description = "TimmyOS System Config"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - arkenfox = { url = "github:dwarfmaster/arkenfox-nixos"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { nixpkgs, home-manager, arkenfox, ... }@inputs : + outputs = { nixpkgs, ... }@inputs : let system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - userDetails = { - username = "timmy"; - home.root = "/home/timmy"; - home.downloads = "/home/timmy/dls"; - home.documents = "/home/timmy/docs"; - home.pictures = "/home/timmy/pics"; - email = "tjkeller.xyz"; - fullname = "Tim Keller"; - }; + extLib = nixpkgs.lib.extend (final: prev: import ./lib); mkNixosConfiguration = hostname: nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs; - inherit userDetails; + inherit hostname; + lib = extLib; }; modules = [ - ./modules/hosts/${hostname}/configuration.nix - ./modules/root - home-manager.nixosModules.home-manager { + ./hosts/${hostname}/configuration.nix + ./hosts/${hostname}/hardware-configuration.nix + ./archetypes + ./nixos + ./pkgs + ./users + inputs.sops-nix.nixosModules.sops + inputs.home-manager.nixosModules.home-manager { home-manager = { - backupFileExtension = "backup"; + backupFileExtension = "backup"; # In case file is overwritten useGlobalPkgs = true; useUserPackages = true; - users.${userDetails.username} = import ./modules/home; - extraSpecialArgs = { - inherit userDetails; - }; sharedModules = [ inputs.arkenfox.hmModules.arkenfox - ./modules/hosts/${hostname}/home.nix + ./home-manager ]; }; } ]; }; in { - nixosConfigurations = { - T430 = mkNixosConfiguration "T430"; - T495 = mkNixosConfiguration "T495"; - hp-envy-office = mkNixosConfiguration "hp-envy-office"; - optiplex = mkNixosConfiguration "optiplex"; - }; + nixosConfigurations = builtins.listToAttrs (map (hostname: { + name = hostname; + value = mkNixosConfiguration hostname; + }) [ + # Configured system hostnames go here + "T495" + "X230" + "flex-wg-router" + "hp-envy-office" + "libreX60" + "optiplex" + "poweredge" + ]); }; } diff --git a/home-manager/clone-repos.nix b/home-manager/clone-repos.nix new file mode 100644 index 0000000..fcf96f7 --- /dev/null +++ b/home-manager/clone-repos.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: let + cfg = config.home._repos; + # TODO MAKE OPTIONS + server = "https://git.tjkeller.xyz/"; + src = "${config.xdg.userDirs.documents}/src"; + dotConfig = config.xdg.configHome; + bin = "$HOME/.local/bin"; + cloneMissing = repo: source: target: ''clonemissing "${repo}" "${source}" "${target}"''; +in { + options.home._repos = { + enable = lib.mkEnableOption "clone git repos"; + desktop = lib.mkEnableOption "clone repos that are for desktop use"; + }; + + config = lib.mkIf cfg.enable { + # TODO look into xdg.configFile.<name> + home.activation = { + cloneRepos = lib.hm.dag.entryAfter ["writeBoundary"] ('' + export PATH="${pkgs.git}/bin:$PATH" + ${builtins.readFile ./resources/activation-scripts/clone-repos.sh} + '' + lib.strings.concatStringsSep "\n" ([ + (cloneMissing "${server}dotconfig" "${src}/config" dotConfig) + (cloneMissing "${server}nixos" "${src}/nixos" "") + (cloneMissing "${server}nvim" "${dotConfig}/nvim" "") + (cloneMissing "${server}zsh" "${dotConfig}/zsh" "") + ] ++ lib.optionals cfg.desktop [ + (cloneMissing "${server}scripts" "${src}/scripts" bin) + (cloneMissing "${server}userscripts" "${src}/userscripts" "") + (cloneMissing "${server}awesome" "${dotConfig}/awesome" "") + ])); + linkZshProfile = lib.hm.dag.entryAfter ["writeBoundary"] '' + run ln -sf $VERBOSE_ARG ${dotConfig}/zsh/zprofile $HOME/.zprofile + ''; + }; + #home.file.Zprofile = { + # source = "${dotConfig}/zsh/zprofile"; + # target = ".zprofile"; + #}; + }; +} diff --git a/home-manager/default.nix b/home-manager/default.nix new file mode 100644 index 0000000..c1a105f --- /dev/null +++ b/home-manager/default.nix @@ -0,0 +1,19 @@ +{ + imports = [ + ./clone-repos.nix + ./firefox.nix + ./fontconfig.nix + ./home-cleanup.nix + ./htop.nix + ./mint-theme.nix + ./pcmanfm.nix + ./qt-gtk-theme.nix + ./redshift.nix + ./theme-st.nix + ./wallpapers.nix + ./xdg-mime.nix + ]; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/home-manager/firefox.nix b/home-manager/firefox.nix new file mode 100644 index 0000000..cca4a19 --- /dev/null +++ b/home-manager/firefox.nix @@ -0,0 +1,91 @@ +{ config, lib, pkgs, ... }: let + cfg = config.programs.firefox; + search = { + engines = { + "Timmy Search" = { + urls = [{ + template = "https://search.tjkeller.xyz/search"; + params = [ { name = "q"; value = "{searchTerms}"; } ]; + }]; + iconURI = "https://search.tjkeller.xyz/static/themes/simple/img/favicon.svg"; # TODO doesn't seem to work + }; + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ { name = "query"; value = "{searchTerms}"; } ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ { name = "query"; value = "{searchTerms}"; } ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; + }; + default = "Timmy Search"; + privateDefault = "Timmy Search"; + force = true; # Overwrite old + }; + userChrome = builtins.readFile ./resources/firefox/userChrome.css; + arkenfox = { + enable = true; + enableAllSections = true; + "0100"."0102"."browser.startup.page".value = 3; # 0=blank, 1=home, 2=last visited page, 3=resume previous session + "0100"."0103"."browser.startup.homepage".enable = false; + "0100"."0104"."browser.newtabpage.enabled".enable = false; + #"2800"."2811"."privacy.clearOnShutdown.history".enable = false; + }; + settings = { + "browser.compactmode.show" = true; + "browser.uiCustomization.state" = builtins.readFile ./resources/firefox/uiCustomization.json; # Toolbar etc. + "browser.uidensity" = 1; # Compact + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # userchrome + + "app.normandy.first_run" = false; + "browser.aboutConfig.showWarning" = false; # arkenfox does + #"browser.download.dir" = userDetails.userDirs.downloads; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.urlbar.suggest.topsites" = false; + "devtools.toolbox.host" = "window"; + "dom.push.enabled" = false; # + "extensions.pocket.enabled" = false; + "general.smoothScroll" = false; + #"geo.provider.use_geoclue" = true; + }; + workSettings = settings // { + "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # Use builtin dark theme instead of system theme + }; +in { + options.programs.firefox = { + _configure = lib.mkEnableOption "configure firefox profiles"; + }; + + config = lib.mkIf cfg._configure { + programs.firefox = { + enable = lib.mkDefault true; + arkenfox.enable = lib.mkDefault true; + profiles = { + Personal = { + id = 0; + isDefault = true; + inherit search; + inherit userChrome; + inherit arkenfox; + inherit settings; + }; + Work = { + id = 1; + inherit search; + inherit userChrome; + inherit arkenfox; + settings = workSettings; + }; + }; + }; + }; +} diff --git a/home-manager/fontconfig.nix b/home-manager/fontconfig.nix new file mode 100644 index 0000000..4473d1a --- /dev/null +++ b/home-manager/fontconfig.nix @@ -0,0 +1,83 @@ +{ config, lib, ... }: let + cfg = config.fonts.fontconfig; + fcConfd = "fontconfig/conf.d"; + fcResources = ./resources/fontconfig; + + extraConfigFile = lib.types.submodule ({ name, ... }: { + options = { + enable = lib.mkEnableOption "Whether this font config file should be generated."; + text = lib.mkOption { + type = lib.types.nullOr lib.types.lines; + default = null; + description = "Verbatim contents of the config file. If this option is null then the 'source' option must be set."; + }; + source = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = "Config file to source. Alternatively, use the 'text' option instead."; + }; + label = lib.mkOption { + type = lib.types.str; + default = "name"; + description = "Label to use for the name of the config file."; + }; + priority = lib.mkOption { + type = lib.types.addCheck lib.types.int (x: x >= 0 && x <= 99); + default = 90; + description = '' + Determines the order in which configs are loaded. + Must be a value within the range of 0-99, where priority 0 is the highest priority and 99 is the lowest. + ''; + }; + }; + config = { + label = lib.mkDefault name; + }; + }); +in { + options.fonts.fontconfig = { + _extraConfigFiles = lib.mkOption { + type = lib.types.attrsOf extraConfigFile; + default = {}; + description = '' + Extra font config files that will be added to `~/.config/fontconfig/conf.d/`. + Files are added as `conf.d/{priority}-{label}.conf`. + ''; + example = '' + { + tamzen = { + enable = true; + label = "tamzen-disable-antialiasing"; + text = tamzenFontConfig; # Pretend this is defined elsewhere + priority = 90; + }; # => conf.d/90-tamzen-disable-antialiasing.conf + commit-mono-options = { + enable = true; + source = ./resources/fontconfig/commit-mono.conf; + priority = 80; + }; # => conf.d/80-commit-mono-options.conf + }; + ''; + }; + }; + + config = lib.mkIf cfg.enable { + fonts.fontconfig._extraConfigFiles = { + tamzen-disable-antialiasing = { + enable = true; + text = builtins.readFile ./resources/fontconfig/90-tamzen-disable-anti-aliasing.conf; + priority = 90; + }; + commit-mono-options = { + enable = true; + source = ./resources/fontconfig/90-commit-mono-options.conf; + priority = 90; + }; + }; + + xdg.configFile = lib.mapAttrs' (name: config: + lib.nameValuePair "${fcConfd}/${builtins.toString config.priority}-${config.label}.conf" + { inherit (config) text; source = lib.mkIf (config.source != null) config.source; } + ) cfg._extraConfigFiles; + }; +} diff --git a/home-manager/home-cleanup.nix b/home-manager/home-cleanup.nix new file mode 100644 index 0000000..1f7c426 --- /dev/null +++ b/home-manager/home-cleanup.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: let + cacheHome = config.xdg.cacheHome; + configHome = config.xdg.configHome; + dataHome = config.xdg.dataHome; +in { + # Gtk 2 + # This file may be generated by home-manager, so this will need to be set + # so that it ends up in the correct location + gtk.gtk2.configLocation = "${configHome}/gtk-2.0/gtkrc"; + + # Npm + xdg.configFile.npmrc = { + enable = lib.mkDefault true; + text = builtins.replaceStrings ["\t"] [""] '' + prefix=${dataHome}/npm + cache=${cacheHome}/npm + init-module=${dataHome}/npm/npm-init.js + ''; + target = "npm/npmrc"; + }; +} diff --git a/home-manager/htop.nix b/home-manager/htop.nix new file mode 100644 index 0000000..36ccbac --- /dev/null +++ b/home-manager/htop.nix @@ -0,0 +1,46 @@ +{ config, lib, ... }: let + cfg = config.programs.htop; +in { + options.programs.htop = { + _configure = lib.mkEnableOption "apply sensible defaults to htop"; + }; + + config = lib.mkIf cfg._configure { + programs.htop.enable = lib.mkDefault true; + programs.htop.settings = { + fields = with config.lib.htop.fields; [ + PID + USER + 124 # EXE + PERCENT_CPU + PERCENT_MEM + STARTTIME + ELAPSED # time elapsed since process start + IO_READ_RATE + RBYTES # num read bytes + IO_WRITE_RATE + WBYTES # num written bytes + TIME + STIME # sys time + CSTIME # child sys time + NICE + STATE + PRIORITY + 125 # CWD + ]; + } // (with config.lib.htop; leftMeters [ + (bar "AllCPUs2") + (bar "CPU") + (bar "Memory") + (bar "DiskIO") + (bar "NetworkIO") + ]) // (with config.lib.htop; rightMeters [ + (text "Hostname") + (text "Clock") + (text "Uptime") + (text "Battery") + (text "LoadAverage") + (text "Tasks") + ]); + }; +} diff --git a/home-manager/mint-theme.nix b/home-manager/mint-theme.nix new file mode 100644 index 0000000..a77be6a --- /dev/null +++ b/home-manager/mint-theme.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.gtk._mintTheme; # gtk.theme type is null or submodule under the hood so gtk.theme._mint, etc. can't be used + transformColorValue = color: dark: + "Mint-Y" + lib.optionalString dark "-Dark" + + lib.optionalString (color != "Green") ("-" + color) + ; +in { + options.gtk._mintTheme = { + enable = lib.mkEnableOption "enables mint theme"; + color = lib.mkOption { + type = lib.types.enum [ + "Aqua" "Blue" "Green" "Grey" "Orange" + "Pink" "Purple" "Red" "Sand" "Teal" + ]; + default = "Green"; + description = "mint-y theme color"; + }; + dark = lib.mkEnableOption "whether to use dark variant of mint theme"; + icons.color = lib.mkOption { + type = lib.types.enum [ + "Aqua" "Blue" "Green" "Grey" "Orange" "Pink" "Purple" "Red" + "Sand" "Teal" + ]; + default = "Aqua"; + description = "mint-y icons color eg. 'Aqua' or 'Red'"; + }; + }; + + config = lib.mkIf cfg.enable { + gtk = { + enable = true; + theme = { + package = pkgs.mint-themes; + name = transformColorValue cfg.color cfg.dark; + }; + iconTheme = { + package = pkgs.mint-y-icons; + name = transformColorValue cfg.icons.color false; + }; + }; + }; +} diff --git a/home-manager/pcmanfm.nix b/home-manager/pcmanfm.nix new file mode 100644 index 0000000..fc2737a --- /dev/null +++ b/home-manager/pcmanfm.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: let + cfg = config.programs._pcmanfm.openAsRootOption; +in { + options.programs._pcmanfm.openAsRootOption = { + enable = lib.mkEnableOption "enable 'open as root' option in pcmanfm right-click menu"; + }; + + config = lib.mkIf cfg.enable { + home.file.pcmanfm-root = { + target = ".local/share/file-manager/actions/root.desktop"; + source = ./resources/pcmanfm/root.desktop; + }; + }; +} diff --git a/home-manager/qt-gtk-theme.nix b/home-manager/qt-gtk-theme.nix new file mode 100644 index 0000000..2e53ccc --- /dev/null +++ b/home-manager/qt-gtk-theme.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.qt._gtkPlatformTheme; +in { + options.qt._gtkPlatformTheme = { + enable = lib.mkEnableOption "use gtk theme in qt"; + }; + + config = lib.mkIf cfg.enable { + qt = { + enable = lib.mkDefault true; + platformTheme.name = "gtk3"; + }; + }; +} diff --git a/home-manager/redshift.nix b/home-manager/redshift.nix new file mode 100644 index 0000000..4bae599 --- /dev/null +++ b/home-manager/redshift.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: let + cfg = config.services._redshift; +in { + options.services._redshift = { + enable = lib.mkEnableOption "configure redshift"; + }; + + config = lib.mkIf cfg.enable { + services.redshift = { + enable = true; + provider = lib.mkDefault "geoclue2"; + temperature = { + day = lib.mkDefault 6500; # Redshift default, the hm module defaults to 5500 + night = lib.mkDefault 3600; + }; + }; + }; +} diff --git a/home-manager/resources/activation-scripts/clone-repos.sh b/home-manager/resources/activation-scripts/clone-repos.sh new file mode 100644 index 0000000..adf8fd7 --- /dev/null +++ b/home-manager/resources/activation-scripts/clone-repos.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +clonemissing() { + # pull and return if already existing + if [ -d "$2"/.git ]; then + run cd $VERBOSE_ARG "$2" + run git pull $VERBOSE_ARG || echo "$2: failed to pull from remote" + return + fi + + # clone $1 to $2 + run mkdir -p $VERBOSE_ARG "$2" + run git clone $VERBOSE_ARG "$1" "$2" + + # link files to $3 + [ -z "$3" ] && return + run mkdir -p $VERBOSE_ARG "$3" + run ln -sf $VERBOSE_ARG "$2"/* "$3" +} diff --git a/modules/home/resources/firefox/uiCustomization.json b/home-manager/resources/firefox/uiCustomization.json index 339b716..339b716 100644 --- a/modules/home/resources/firefox/uiCustomization.json +++ b/home-manager/resources/firefox/uiCustomization.json diff --git a/modules/home/resources/firefox/userChrome.css b/home-manager/resources/firefox/userChrome.css index de0e112..624ab26 100644 --- a/modules/home/resources/firefox/userChrome.css +++ b/home-manager/resources/firefox/userChrome.css @@ -14,6 +14,17 @@ background: var(--toolbar-field-border-color) !important; } +/* Change background color of bookmarks toolbar */ +#PersonalToolbar { + background: var(--toolbox-bgcolor) !important; +} + +/* Adjust spacing of toolbar items */ +#PlacesToolbarItems { + gap: .35rem; + margin-block: .2rem; +} + /* Fix vertical spacing of tabs */ #TabsToolbar { margin-top: -1px; diff --git a/home-manager/resources/fontconfig/90-commit-mono-options.conf b/home-manager/resources/fontconfig/90-commit-mono-options.conf new file mode 100644 index 0000000..9c7373a --- /dev/null +++ b/home-manager/resources/fontconfig/90-commit-mono-options.conf @@ -0,0 +1,17 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + +<fontconfig> + <description>Enable opentype features for CommitMono to make it match better with Inter as its monospace counterpart</description> + <match target="font"> + <test name="family" compare="eq" ignore-blanks="true"> + <string>CommitMono</string> + </test> + <edit name="fontfeatures" mode="append"> + <string>ss03 on</string> <!-- smart case --> + <string>ss04 on</string> <!-- symbol spacing --> + <string>cv02 on</string> <!-- alt g --> + <string>cv06 on</string> <!-- alt 6 & 9 --> + </edit> + </match> +</fontconfig> diff --git a/home-manager/resources/fontconfig/90-tamzen-disable-anti-aliasing.conf b/home-manager/resources/fontconfig/90-tamzen-disable-anti-aliasing.conf new file mode 100644 index 0000000..5bf94d7 --- /dev/null +++ b/home-manager/resources/fontconfig/90-tamzen-disable-anti-aliasing.conf @@ -0,0 +1,14 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + +<fontconfig> + <description>Disable anti-aliasing for Tamzen since it is a bitmap font</description> + <match target="pattern"> + <test name="family" compare="eq" qual="any"> + <string>Tamzen</string> + </test> + <edit name="antialias" mode="assign"> + <bool>false</bool> + </edit> + </match> +</fontconfig> diff --git a/modules/home/resources/pcmanfm/root.desktop b/home-manager/resources/pcmanfm/root.desktop index 4b4d263..f5863e9 100644 --- a/modules/home/resources/pcmanfm/root.desktop +++ b/home-manager/resources/pcmanfm/root.desktop @@ -7,5 +7,5 @@ Icon=gtk-dialog-authentication [X-Action-Profile profile-zero] MimeTypes=inode/directory; -Exec=/home/timmy/.local/bin/x11/xsudo /usr/bin/pcmanfm %u +Exec=pkexec env DISPLAY="$DISPLAY" XAUTHORITY="$XAUTHORITY" XDG_DATA_DIRS="$XDG_DATA_DIRS" XDG_CONFIG_HOME="$XDG_CONFIG_HOME" pcmanfm %u Name=Default profile diff --git a/home-manager/resources/xdg-mime/audio b/home-manager/resources/xdg-mime/audio new file mode 100644 index 0000000..fd00b26 --- /dev/null +++ b/home-manager/resources/xdg-mime/audio @@ -0,0 +1,65 @@ +application/x-cue +application/x-extension-m4a +application/x-ogm-audio +application/x-shorten +audio/3gpp +audio/3gpp2 +audio/AMR +audio/aac +audio/ac3 +audio/aiff +audio/amr-wb +audio/dv +audio/eac3 +audio/flac +audio/m3u +audio/m4a +audio/mp1 +audio/mp2 +audio/mp3 +audio/mp4 +audio/mpeg +audio/mpeg2 +audio/mpeg3 +audio/mpegurl +audio/mpg +audio/musepack +audio/ogg +audio/opus +audio/rn-mpeg +audio/scpls +audio/vnd.dolby.heaac.1 +audio/vnd.dolby.heaac.2 +audio/vnd.dts +audio/vnd.dts.hd +audio/vnd.rn-realaudio +audio/vorbis +audio/wav +audio/webm +audio/x-aac +audio/x-adpcm +audio/x-aiff +audio/x-ape +audio/x-m4a +audio/x-matroska +audio/x-mp1 +audio/x-mp2 +audio/x-mp3 +audio/x-mpegurl +audio/x-mpg +audio/x-ms-asf +audio/x-ms-wma +audio/x-musepack +audio/x-pls +audio/x-pn-au +audio/x-pn-realaudio +audio/x-pn-wav +audio/x-pn-windows-pcm +audio/x-realaudio +audio/x-scpls +audio/x-shorten +audio/x-tta +audio/x-vorbis +audio/x-vorbis+ogg +audio/x-wav +audio/x-wavpack diff --git a/home-manager/resources/xdg-mime/email b/home-manager/resources/xdg-mime/email new file mode 100644 index 0000000..db65256 --- /dev/null +++ b/home-manager/resources/xdg-mime/email @@ -0,0 +1,6 @@ +application/mbox +application/vnd.ms-outlook +message/rfc822 +text/calendar +x-scheme-handler/mailto +x-scheme-handler/mid diff --git a/home-manager/resources/xdg-mime/image b/home-manager/resources/xdg-mime/image new file mode 100644 index 0000000..4401ebb --- /dev/null +++ b/home-manager/resources/xdg-mime/image @@ -0,0 +1,14 @@ +image/bmp +image/gif +image/jpeg +image/jpg +image/png +image/tiff +image/x-bmp +image/x-portable-anymap +image/x-portable-bitmap +image/x-portable-graymap +image/x-tga +image/x-xpixmap +image/svg+xml +image/svg+xml-compressed diff --git a/home-manager/resources/xdg-mime/pdf b/home-manager/resources/xdg-mime/pdf new file mode 100644 index 0000000..73bd5d0 --- /dev/null +++ b/home-manager/resources/xdg-mime/pdf @@ -0,0 +1,4 @@ +application/epub+zip +application/oxps +application/pdf +application/x-fictionbook diff --git a/home-manager/resources/xdg-mime/text b/home-manager/resources/xdg-mime/text new file mode 100644 index 0000000..709cb57 --- /dev/null +++ b/home-manager/resources/xdg-mime/text @@ -0,0 +1,15 @@ +application/x-shellscript +text/english +text/plain +text/x-c +text/x-c++ +text/x-c++hdr +text/x-c++src +text/x-chdr +text/x-csrc +text/x-java +text/x-makefile +text/x-moc +text/x-pascal +text/x-tcl +text/x-tex diff --git a/home-manager/resources/xdg-mime/video b/home-manager/resources/xdg-mime/video new file mode 100644 index 0000000..6a0839e --- /dev/null +++ b/home-manager/resources/xdg-mime/video @@ -0,0 +1,55 @@ +application/mxf +application/ogg +application/sdp +application/smil +application/streamingmedia +application/vnd.apple.mpegurl +application/vnd.ms-asf +application/vnd.rn-realmedia +application/vnd.rn-realmedia-vbr +application/x-extension-mp4 +application/x-matroska +application/x-mpegurl +application/x-ogg +application/x-ogm +application/x-ogm-video +application/x-smil +application/x-streamingmedia +video/3gp +video/3gpp +video/3gpp2 +video/avi +video/divx +video/dv +video/fli +video/flv +video/mkv +video/mp2t +video/mp4 +video/mp4v-es +video/mpeg +video/msvideo +video/ogg +video/quicktime +video/vnd.divx +video/vnd.mpegurl +video/vnd.rn-realvideo +video/webm +video/x-avi +video/x-flc +video/x-flic +video/x-flv +video/x-m4v +video/x-matroska +video/x-mpeg2 +video/x-mpeg3 +video/x-ms-afs +video/x-ms-asf +video/x-ms-wmv +video/x-ms-wmx +video/x-ms-wvxvideo +video/x-msvideo +video/x-ogm +video/x-ogm+ogg +video/x-theora +video/x-theora+ogg diff --git a/home-manager/theme-st.nix b/home-manager/theme-st.nix new file mode 100644 index 0000000..110c9d6 --- /dev/null +++ b/home-manager/theme-st.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: let + cfg = config.programs._st; + toString = x: if lib.isBool x then (if x then "true" else "false") else builtins.toString x; + generateXftFontString = name: attrs: + name + lib.optionalString (attrs != {}) ( + ":" + lib.concatStringsSep ":" ( + lib.mapAttrsToList (key: value: "${key}=${toString value}") attrs + ) + ) + ; + themed-st = pkgs.st.overrideAttrs (old: { + buildInputs = old.buildInputs or [] ++ [ pkgs.makeWrapper ]; + postInstall = old.postInstall or "" + '' + wrapProgram $out/bin/st \ + --add-flags '-f"${generateXftFontString cfg.font.name cfg.font.attrs}"' + ''; + }); +in { + options.programs._st = { + enable = lib.mkEnableOption "enables theming st with home manager"; + font = { + name = lib.mkOption { + type = lib.types.str; + example = "JetBrainsMonoNL Nerd Font Mono"; + default = "monospace"; + }; + attrs = lib.mkOption { + type = lib.types.attrs; + default = {}; + example = { + size = 12; + antialias = true; + autohint = true; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ themed-st ]; + }; +} diff --git a/home-manager/wallpapers.nix b/home-manager/wallpapers.nix new file mode 100644 index 0000000..de64d76 --- /dev/null +++ b/home-manager/wallpapers.nix @@ -0,0 +1,17 @@ +{ lib, config, pkgs, ... }: let + cfg = config.programs._seasonalwallpaper.wallpapers; +in { + options.programs._seasonalwallpaper.wallpapers = { + download = lib.mkEnableOption "enables all wallpapers"; + }; + + config = lib.mkIf cfg.download { + home.file.wallpapers = { + target = ".local/share/wallpaper"; + source = pkgs.fetchzip { + url = "https://tjkeller.xyz/permalinks/wallpapers.tar"; + hash = "sha256-lhj9wUMZfd0XOrUtWY9HB64oXrS/EjsvsaJHzu4ucFg="; + }; + }; + }; +} diff --git a/home-manager/xdg-mime.nix b/home-manager/xdg-mime.nix new file mode 100644 index 0000000..420510f --- /dev/null +++ b/home-manager/xdg-mime.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: let + cfg = config.xdg.mimeApps._defaultCategoryApplications; + + # Mime-type category files are stored here + mimeResources = ./resources/xdg-mime; + + # Files present in mimeResources with newline separated mime-types + # Would be more fun to load these dynamically with builtins.readDir, but I will be disciplined + categories = [ "audio" "email" "image" "pdf" "text" "video" ]; + + # Dynamically generate categories + categoryApplications = (lib.genAttrs categories (category: lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "set the default application used for ${category} files. omit '.desktop'"; + })); + + # Create list of mime-types from the category file + getCategoryMimeTypes = category: lib.filter (s: s != "") (lib.splitString "\n" (builtins.readFile "${mimeResources}/${category}")); + + # Structure default applications for a specified category how home-manager expects + assignMimeTypes = applications: category: lib.map (mimetype: + { "${mimetype}" = lib.mkIf (applications != []) (lib.map (app: "${app}.desktop") applications); } + ) (getCategoryMimeTypes category); + + # Combine all category applications + defaultApplications = lib.mkMerge (lib.flatten ( + lib.map (category: assignMimeTypes cfg.categoryApplications.${category} category) categories + )); +in { + options.xdg.mimeApps._defaultCategoryApplications = { + enable = lib.mkEnableOption "set default applications as defined in the resources dir"; + inherit categoryApplications; + }; + + config = lib.mkIf cfg.enable { + xdg.mimeApps = { + enable = lib.mkDefault true; + inherit defaultApplications; + }; + }; +} diff --git a/hosts/T495/configuration.nix b/hosts/T495/configuration.nix new file mode 100644 index 0000000..40c3489 --- /dev/null +++ b/hosts/T495/configuration.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: { + imports = [ ./wg.nix ]; + + # Setup bootloader + boot._loader.enable = true; + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop = { + enable = true; + home.users.timmy.enable = true; + }; + # Install software + collections = { + desktop = { + extraUtilities.enable = true; + cad.enable = true; + chromium.enable = true; + crypto.enable = true; + graphics.enable = true; + office.enable = true; + }; + development = { + android.enable = true; + c.enable = true; + docker.enable = true; + lua.enable = true; + web = { + hugo = { + enable = true; + openFirewall = true; + }; + node.enable = true; + }; + }; + bluetooth.enable = true; + }; + }; + + # Enable user timmy + _users.timmy = { + enable = true; + autologin.enable = true; + nas = { + enable = true; + office.enable = true; + }; + }; + + # Install spotify + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "spotify" + ]; + environment.systemPackages = with pkgs; [ + spotify + ]; + + # Use amdgpu driver for x11 + services.xserver.videoDrivers = [ "amdgpu" ]; + + # Configure home + home-manager.users.timmy = { + gtk._mintTheme = { + dark = true; + color = "Purple"; + icons.color = "Purple"; + }; + programs._st = { + enable = true; + font = { + name = "TamzenForPowerline"; + attrs = { + pixelsize = 20; + }; + }; + }; + programs._seasonalwallpaper.wallpapers.download = true; + }; + + system.stateVersion = "24.05"; +} diff --git a/modules/hosts/T495/hardware-configuration.nix b/hosts/T495/hardware-configuration.nix index 6258a83..6258a83 100644 --- a/modules/hosts/T495/hardware-configuration.nix +++ b/hosts/T495/hardware-configuration.nix diff --git a/modules/hosts/T495/resources/secrets/wg0.yaml b/hosts/T495/resources/secrets/wg0.yaml index 6df5ff6..6df5ff6 100644 --- a/modules/hosts/T495/resources/secrets/wg0.yaml +++ b/hosts/T495/resources/secrets/wg0.yaml diff --git a/modules/hosts/T495/wg.nix b/hosts/T495/wg.nix index 3881b63..3881b63 100644 --- a/modules/hosts/T495/wg.nix +++ b/hosts/T495/wg.nix diff --git a/hosts/X230/configuration.nix b/hosts/X230/configuration.nix new file mode 100644 index 0000000..af0ef25 --- /dev/null +++ b/hosts/X230/configuration.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: { + # Setup bootloader + boot._loader.enable = true; + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop = { + enable = true; + home.users.timmy.enable = true; + }; + # Install software + collections = { + desktop = { + crypto.enable = true; + graphics.enable = true; + office.enable = true; + }; + }; + # Setup user + users.primary = { + enable = true; + autologin.enable = true; + }; + }; + + # Configure home + home-manager.users.timmy = { + gtk._mintTheme = { + dark = true; + color = "Teal"; + icons.color = "Teal"; + }; + fonts.fontconfig.defaultFonts.monospace = [ "TamzenForPowerline" ]; + gtk = { + font.name = "monospace"; + font.size = 8; + cursorTheme.size = 24; + }; + programs._st = { + enable = true; + font = { + name = "TamzenForPowerline"; + attrs = { + pixelsize = 14; + }; + }; + }; + }; + + system.stateVersion = "24.05"; +} diff --git a/modules/hosts/T430/hardware-configuration.nix b/hosts/X230/hardware-configuration.nix index 206a525..0791585 100644 --- a/modules/hosts/T430/hardware-configuration.nix +++ b/hosts/X230/hardware-configuration.nix @@ -8,14 +8,29 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/b991914b-3a4c-4248-9472-b5403729601a"; + { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8"; fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/6019772f-4a1c-4abd-9c70-b1d71cc2de65"; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/72D4-F66A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; swapDevices = [ ]; diff --git a/hosts/flex-wg-router/configuration.nix b/hosts/flex-wg-router/configuration.nix new file mode 100644 index 0000000..b09c3f0 --- /dev/null +++ b/hosts/flex-wg-router/configuration.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: { + # Setup bootloader + boot._loader.enable = true; + + _archetypes = { + # Use headless profile + profiles.headless.enable = true; + # Install software + collections = { + development = { + docker.enable = true; + }; + }; + } + + system.stateVersion = "25.05"; +} diff --git a/hosts/flex-wg-router/hardware-configuration.nix b/hosts/flex-wg-router/hardware-configuration.nix new file mode 100644 index 0000000..01cff6d --- /dev/null +++ b/hosts/flex-wg-router/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/345A-436A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/hp-envy-office/configuration.nix b/hosts/hp-envy-office/configuration.nix new file mode 100644 index 0000000..02ca48d --- /dev/null +++ b/hosts/hp-envy-office/configuration.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: { + # Setup bootloader + boot._loader.enable = true; + boot.loader.timeout = 15; # Show for longer since it's usually skipped + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop = { + enable = true; + home.users.timmy.enable = true; + }; + # Install software + collections = { + desktop = { + extraUtilities.enable = true; + chromium.enable = true; + graphics.enable = true; + office.enable = true; + }; + development = { + docker.enable = true; + web = { + node.enable = true; + }; + }; + virtualization.enable = true; + }; + }; + + # Enable user timmy + _users.timmy = { + enable = true; + nas = { + enable = true; + office.enable = true; + office.automount = true; + }; + }; + + # Disable suspend + systemd._suspend.disable = true; + + # Use amdgpu driver for x11 + services.xserver.videoDrivers = [ "amdgpu" ]; + + # Configure home + home-manager.users.timmy = { + gtk._mintTheme = { + dark = true; + color = "Green"; + icons.color = "Green"; + }; + programs._seasonalwallpaper.wallpapers.download = true; + + gtk.gtk3.bookmarks = [ + "file:///home/timmy/docs/src/sites/admin Admin" + "file:///media/chexx/chexx cHEXx" + ]; + }; + + system.stateVersion = "24.11"; +} diff --git a/modules/hosts/hp-envy-office/hardware-configuration.nix b/hosts/hp-envy-office/hardware-configuration.nix index 22a8c24..22a8c24 100644 --- a/modules/hosts/hp-envy-office/hardware-configuration.nix +++ b/hosts/hp-envy-office/hardware-configuration.nix diff --git a/hosts/libreX60/bios-flashing.nix b/hosts/libreX60/bios-flashing.nix new file mode 100644 index 0000000..6117813 --- /dev/null +++ b/hosts/libreX60/bios-flashing.nix @@ -0,0 +1,8 @@ +# https://libreboot.org/docs/install/#thinkpad-t60x60x60tabletx60s + +{ pkgs, ... }: { + environment.systemPackages = [ pkgs.flashprog ]; + + boot.kernelParams = [ "iomem=relaxed" ]; +} + diff --git a/hosts/libreX60/configuration.nix b/hosts/libreX60/configuration.nix new file mode 100644 index 0000000..2ebb333 --- /dev/null +++ b/hosts/libreX60/configuration.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ./powertop-auto-tune.nix + # Uncomment this module and reboot to enable bios flashing + #./bios-flashing.nix + ]; + + # Use grub + boot._loader = { + enable = true; + loader = "grub"; + mode = "bios"; + grub.biosDevice = "/dev/sda"; + }; + + # Use libre kernel + boot.kernelPackages = pkgs.linuxPackages-libre; + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop = { + enable = true; + home.users.timmy.enable = true; + }; + }; + + # Enable user timmy + _users.timmy = { + enable = true; + autologin.enable = true; + wifi.enable = true; + }; + + # i915 Gpu requires intel driver + services.xserver.videoDrivers = [ "intel" ]; + + # Configure home + home-manager.users.timmy = { + gtk._mintTheme = { + dark = true; + color = "Red"; + icons.color = "Red"; + }; + fonts.fontconfig.defaultFonts.monospace = [ "TamzenForPowerline" ]; + gtk = { + font.name = "monospace"; + font.size = 8; + cursorTheme.size = 24; + }; + programs._st = { + enable = true; + font = { + name = "TamzenForPowerline"; + attrs = { + pixelsize = 14; + }; + }; + }; + }; + + system.stateVersion = "24.11"; +} diff --git a/hosts/libreX60/hardware-configuration.nix b/hosts/libreX60/hardware-configuration.nix new file mode 100644 index 0000000..b0a7868 --- /dev/null +++ b/hosts/libreX60/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F618-D6C2"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/libreX60/powertop-auto-tune.nix b/hosts/libreX60/powertop-auto-tune.nix new file mode 100644 index 0000000..0eb9578 --- /dev/null +++ b/hosts/libreX60/powertop-auto-tune.nix @@ -0,0 +1,17 @@ +# https://en.wikibooks.org/wiki/Libreboot/ThinkPad_X60#Remove_High_Pitched_Whining_Noise +# TLDR; running `powertop --auto-tune` is supposed to kill the high pitched noises produced by the X60 + +{ pkgs, ... }: { + environment.systemPackages = [ pkgs.powertop ]; + + # Create systemd service + systemd.services.powertop-autotune = { + description = "Powertop Auto-Tune"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.powertop}/bin/powertop --auto-tune"; + }; + }; +} diff --git a/hosts/optiplex/configuration.nix b/hosts/optiplex/configuration.nix new file mode 100644 index 0000000..c6483d1 --- /dev/null +++ b/hosts/optiplex/configuration.nix @@ -0,0 +1,88 @@ +{ config, lib, pkgs, home-manager, ... }: { + # Setup bootloader + boot._loader.enable = true; + + # Enable common options + _archetypes = { + # Use desktop profile + profiles.desktop = { + enable = true; + home.users.timmy.enable = true; + }; + # Install software + collections = { + desktop = { + extraUtilities.enable = true; + cad.enable = true; + chromium.enable = true; + crypto.enable = true; + graphics.enable = true; + office.enable = true; + }; + development = { + android.enable = true; + c.enable = true; + docker.enable = true; + lua.enable = true; + web = { + hugo = { + enable = true; + openFirewall = true; + }; + node.enable = true; + }; + }; + }; + }; + + # Enable user timmy + _users.timmy = { + enable = true; + autologin.enable = true; + nas = { + enable = true; + home.enable = true; + home.automount = true; + }; + }; + + # Disable suspend + systemd._suspend.disable = true; + + # Allow unfree for nvidia + others + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "nvidia-x11" + "nvidia-settings" + "spotify" + ]; + + # Install more software + environment.systemPackages = with pkgs; [ + prismlauncher + spotify + #vintagestory + ]; + + # Use nvidia driver + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia = { + modesetting.enable = true; # Required + powerManagement.enable = false; # Can cause bugs + nvidiaSettings = true; + open = false; # Not compatible w/ GTX-1050 + package = config.boot.kernelPackages.nvidiaPackages.stable; # Still good for 1050 + forceFullCompositionPipeline = true; # Enables vsync + }; + + # Configure home + home-manager.users.timmy = { + gtk._mintTheme = { + dark = true; + color = "Green"; + icons.color = "Green"; + }; + programs._seasonalwallpaper.wallpapers.download = true; + }; + + system.stateVersion = "24.11"; +} diff --git a/modules/hosts/optiplex/hardware-configuration.nix b/hosts/optiplex/hardware-configuration.nix index 3d9651e..3d9651e 100644 --- a/modules/hosts/optiplex/hardware-configuration.nix +++ b/hosts/optiplex/hardware-configuration.nix diff --git a/hosts/poweredge/configuration.nix b/hosts/poweredge/configuration.nix new file mode 100644 index 0000000..08e392d --- /dev/null +++ b/hosts/poweredge/configuration.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: { + imports = [ ./hardware-configuration.nix ]; + + # ZFS bootloader + bootloader.loader = "grub"; + bootloader.mode = "efi"; + boot.loader.grub = { + zfsSupport = true; + efiInstallAsRemovable = true; + mirroredBoots = [ + { devices = [ "nodev" ]; path = "/boot"; } + ]; + }; + + # Disable suspend + suspend.enable = false; + + system.stateVersion = "25.05"; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..01801a2 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,3 @@ +{ + _mkProfileArchetype = import ./mkprofile.nix; +} diff --git a/lib/mkprofile.nix b/lib/mkprofile.nix new file mode 100644 index 0000000..ec851de --- /dev/null +++ b/lib/mkprofile.nix @@ -0,0 +1,22 @@ +profileName: nixosConfig: homeConfig: { config, lib, ... }: let + cfg = config._archetypes.profiles.${profileName}; + enabledUsers = lib.filterAttrs (user: userCfg: userCfg.enable) cfg.home.users; + homeConfigs = { + home-manager.users = lib.mapAttrs (user: userCfg: homeConfig) enabledUsers; + }; +in { + options._archetypes.profiles.${profileName} = { + enable = lib.mkEnableOption "enable nixos profile ${profileName}"; + home.users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options = { + enable = lib.mkEnableOption "home-manager profile ${profileName} for user"; + }; + }); + default = {}; + description = "enable home-manager profile ${profileName} for user the specified user"; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ nixosConfig homeConfigs ]); +} diff --git a/modules/home/alacritty.nix b/modules/home/alacritty.nix deleted file mode 100644 index f60fe01..0000000 --- a/modules/home/alacritty.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, ... }: { - options = { - alacritty = { - enable = lib.mkEnableOption "enables creation of alacritty config file"; - font.size = lib.mkOption { - type = lib.types.int; - default = 12; - }; - font.family = lib.mkOption { - type = lib.types.str; - default = "JetBrainsMonoNL Nerd Font Mono"; - }; - }; - }; - - config = { - programs.alacritty.enable = config.alacritty.enable; - programs.alacritty.settings = lib.mkIf config.alacritty.enable { - colors = { - bright = { - black = "#7f7f7f"; - blue = "#1578c1"; - cyan = "#00c4a3"; - green = "#2bb500"; - magenta = "#b14ff7"; - red = "#ed1207"; - white = "#ffffff"; - yellow = "#fc9700"; - }; - normal = { - black = "#101010"; - blue = "#1578c1"; - cyan = "#00c4a3"; - green = "#2bb500"; - magenta = "#b14ff7"; - red = "#ed1207"; - white = "#ffffff"; - yellow = "#fc9700"; - }; - primary = { - background = "#101010"; - foreground = "#ffffff"; - }; - }; - cursor.style.blinking = "Never"; - env.TERM = "xterm-256color"; - font = { - size = config.alacritty.font.size; - normal.family = config.alacritty.font.family; - }; - mouse.bindings = [{ - action = "PasteSelection"; - mouse = "Right"; - }]; - window = { - dynamic_padding = true; - dynamic_title = true; - title = "Terminal"; - # Pretend to be st - class = { - general = "st"; - instance = "st"; - }; - }; - }; - }; -} diff --git a/modules/home/chrome.nix b/modules/home/chrome.nix deleted file mode 100644 index 976a74b..0000000 --- a/modules/home/chrome.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, lib, ... }: { - programs.chromium = { - enable = true; - package = pkgs.ungoogled-chromium; - }; - programs.chromium.extensions = - let - createChromiumExtensionFor = browserVersion: { id, sha256, version }: - { - inherit id; - crxPath = builtins.fetchurl { - url = "https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=${browserVersion}&x=id%3D${id}%26installsource%3Dondemand%26uc"; - name = "${id}.crx"; - inherit sha256; - }; - inherit version; - }; - createChromiumExtension = createChromiumExtensionFor (lib.versions.major pkgs.ungoogled-chromium.version); - in - [ - (createChromiumExtension { - # ublock origin - id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; - sha256 = "sha256:1i0668xhq5iflb4fn0ghwp79iz6mwspgxdqwp6incbvsyzr596kg"; - version = "1.61.0"; - }) - ]; -} diff --git a/modules/home/default.nix b/modules/home/default.nix deleted file mode 100644 index b44f360..0000000 --- a/modules/home/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, userDetails, ... }: { - home = { - username = userDetails.username; - homeDirectory = userDetails.home.root; - stateVersion = "24.05"; - }; - - imports = [ - ./alacritty.nix - #./chrome.nix - ./firefox.nix - ./git.nix - ./gtk-bookmarks.nix - ./htop.nix - ./initial-home-setup.nix - ./pcmanfm.nix # TODO mk name changeable & doesn't seem to work right now - ./theme.nix - ./wallpapers.nix - ]; - - alacritty.enable = lib.mkDefault true; - theme.mint.enable = lib.mkDefault true; - wallpapers.enable = lib.mkDefault false; -} diff --git a/modules/home/firefox.nix b/modules/home/firefox.nix deleted file mode 100644 index 5e015ff..0000000 --- a/modules/home/firefox.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ pkgs, userDetails, ... }: { - programs.firefox = { - # TODO see if there is way to login to moz account in profile - enable = true; - arkenfox = { - enable = true; - }; - profiles = let - search = { - engines = { - "Timmy Search" = { - urls = [{ template = "https://search.tjkeller.xyz/search?q={searchTerms}"; }]; # Don't know how to do w/ POST but I prefer GET anyways - iconURI = "https://search.tjkeller.xyz/static/themes/simple/img/favicon.svg"; # TODO doesn't seem to work - }; - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - }; - default = "Timmy Search"; - privateDefault = "Timmy Search"; - force = true; # Overwrite old - }; - userChrome = builtins.readFile ./resources/firefox/userChrome.css; - arkenfox = { - enable = true; - enableAllSections = true; - "0100"."0102"."browser.startup.page".value = 3; # 0=blank, 1=home, 2=last visited page, 3=resume previous session - "0100"."0103"."browser.startup.homepage".enable = false; - "0100"."0104"."browser.newtabpage.enabled".enable = false; - "2800"."2811"."privacy.clearOnShutdown.history".enable = false; - }; - settings = { - "browser.compactmode.show" = true; - "browser.uiCustomization.state" = builtins.readFile ./resources/firefox/uiCustomization.json; # Toolbar etc. - "browser.uidensity" = 1; # Compact - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # userchrome - - "app.normandy.first_run" = false; - "browser.aboutConfig.showWarning" = false; # arkenfox does - "browser.download.dir" = userDetails.home.downloads; # FF will create this dir if it doesn't exist - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.urlbar.suggest.topsites" = false; - "devtools.toolbox.host" = "window"; - "dom.push.enabled" = false; # - "extensions.pocket.enabled" = false; - "general.smoothScroll" = false; - #identity.fxaccounts.account.device.name = "timmy’s Firefox on nixos"; # HOSTNAME - }; - workSettings = settings // { - "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # Use builtin dark theme instead of system theme - }; - in { - Personal = { - id = 0; - isDefault = true; - inherit search; - inherit userChrome; - inherit arkenfox; - inherit settings; - }; - Work = { - id = 1; - inherit search; - inherit userChrome; - inherit arkenfox; - settings = workSettings; - }; - }; - }; -} diff --git a/modules/home/git.nix b/modules/home/git.nix deleted file mode 100644 index 9d15a90..0000000 --- a/modules/home/git.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ userDetails, ... }: { - programs.git = { - enable = true; - userName = userDetails.fullname; - userEmail = userDetails.email; - }; -} diff --git a/modules/home/gtk-bookmarks.nix b/modules/home/gtk-bookmarks.nix deleted file mode 100644 index 067543d..0000000 --- a/modules/home/gtk-bookmarks.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, userDetails, ... }: { - options = { - additional-gtk-bookmarks = lib.mkOption { - type = with lib.types; listOf str; - default = []; - description = "gtk bookmarks for file managers, etc."; - }; - }; - - config = { - gtk.gtk3.bookmarks = with userDetails; [ - "file://${home.downloads} Downloads" - "file://${home.documents} Documents" - "file://${home.pictures} Pictures" - ] ++ config.additional-gtk-bookmarks; - }; -} diff --git a/modules/home/htop.nix b/modules/home/htop.nix deleted file mode 100644 index 523fee8..0000000 --- a/modules/home/htop.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, ... }: { - programs.htop.enable = true; - programs.htop.settings = { - fields = with config.lib.htop.fields; [ - PID - USER - 124 # EXE - PERCENT_CPU - PERCENT_MEM - STARTTIME - ELAPSED # time elapsed since process start - IO_READ_RATE - RBYTES # num read bytes - IO_WRITE_RATE - WBYTES # num written bytes - TIME - STIME # sys time - CSTIME # child sys time - NICE - STATE - PRIORITY - 125 # CWD - ]; - } // (with config.lib.htop; leftMeters [ - (bar "AllCPUs2") - (bar "CPU") - (bar "Memory") - (bar "DiskIO") - (bar "NetworkIO") - ]) // (with config.lib.htop; rightMeters [ - (text "Hostname") - (text "Clock") - (text "Uptime") - (text "Battery") - (text "LoadAverage") - (text "Tasks") - ]); -} diff --git a/modules/home/initial-home-setup.nix b/modules/home/initial-home-setup.nix deleted file mode 100644 index 046f5a5..0000000 --- a/modules/home/initial-home-setup.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, userDetails, ... }: { - home.activation = { - cloneRepos = lib.hm.dag.entryAfter ["writeBoundary"] '' - export PATH="${config.home.path}/bin:$PATH" - ${builtins.readFile ./resources/activation-scripts/clone-repos.sh} - ''; - linkZshProfile = lib.hm.dag.entryAfter ["writeBoundary"] '' - run ln -sf $VERBOSE_ARG $HOME/.config/zsh/zprofile $HOME/.zprofile - ''; - cleanupHome = lib.hm.dag.entryAfter ["writeBoundary"] '' - run rm -f $VERBOSE_ARG $HOME/{.zcompdump,.zshrc,.zsh_history,.bash_history} - ''; - mimewiz = lib.hm.dag.entryAfter ["writeBoundary"] '' - export PATH="${pkgs.xdg-utils}/bin:$PATH" - export PATH="$HOME/.local/bin/misc:$PATH" - run mimewiz -i # already verbose - ''; - createDirs = lib.hm.dag.entryAfter ["writeBoundary"] '' - run mkdir -p $VERBOSE_ARG "${userDetails.home.downloads}" - ''; - }; -} diff --git a/modules/home/pcmanfm.nix b/modules/home/pcmanfm.nix deleted file mode 100644 index 3c70521..0000000 --- a/modules/home/pcmanfm.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - home.file.pcmanfm-root = { - target = ".local/share/file-manager/actions/root.desktop"; - source = ./resources/pcmanfm/root.desktop; - }; -} diff --git a/modules/home/resources/activation-scripts/clone-repos.sh b/modules/home/resources/activation-scripts/clone-repos.sh deleted file mode 100644 index 887968b..0000000 --- a/modules/home/resources/activation-scripts/clone-repos.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -server="https://git.tjkeller.xyz/" - -clonemissing() { - # clone to $2 - [ -d "$2"/.git ] && return - run mkdir -p $VERBOSE_ARG "$2" - run git clone $VERBOSE_ARG "$server$1" "$2" - - # link to $3 - [ -z "$3" ] && return - run mkdir -p $VERBOSE_ARG "$3" - run ln -sf $VERBOSE_ARG "$2"/* "$3" -} - -# # repo # clone to # link to -clonemissing scripts $HOME/docs/src/scripts $HOME/.local/bin -clonemissing dotconfig $HOME/docs/src/config $HOME/.config -clonemissing userscripts $HOME/docs/src/userscripts '' -clonemissing nixos $HOME/docs/src/nixos '' -clonemissing awesome $HOME/.config/awesome '' -clonemissing nvim $HOME/.config/nvim '' -clonemissing zsh $HOME/.config/zsh '' diff --git a/modules/home/theme.nix b/modules/home/theme.nix deleted file mode 100644 index a1c4f9b..0000000 --- a/modules/home/theme.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, lib, pkgs, ... }: -let - transformColorValue = color : - if color == "Green" then "Mint-Y" - else if color == "Dark-Green" then "Mint-Y-Dark" - else "Mint-Y-${color}" - ; -in { - options = { - theme.mint = { - enable = lib.mkEnableOption "enables mint theme"; - # TODO add theme.dark option instead of specifying Dark-Color - theme.color = lib.mkOption { - type = lib.types.enum [ - "Aqua" "Blue" "Green" "Grey" "Orange" "Pink" "Purple" "Red" - "Sand" "Teal" "Dark-Aqua" "Dark-Blue" "Dark-Green" - "Dark-Grey" "Dark-Orange" "Dark-Pink" "Dark-Purple" - "Dark-Red" "Dark-Sand" "Dark-Teal" - ]; - default = "Dark-Aqua"; - description = "mint-y theme color eg. 'Dark-Aqua' or 'Red'"; - }; - icons.color = lib.mkOption { - type = lib.types.enum [ - "Aqua" "Blue" "Green" "Grey" "Orange" "Pink" "Purple" "Red" - "Sand" "Teal" - ]; - default = "Aqua"; - description = "mint-y icons color eg. 'Aqua' or 'Red'"; - }; - }; - theme.font = { - sansSerif = lib.mkOption { - type = lib.types.str; - default = "Inter"; - description = "default sans serif font"; - }; - monospace = lib.mkOption { - type = lib.types.str; - default = "CommitMono"; - description = "default monospace font"; - }; - }; - }; - - config = { - gtk = { - enable = true; - theme = lib.mkIf config.theme.mint.enable { - package = pkgs.mint-themes; - name = transformColorValue config.theme.mint.theme.color; - }; - iconTheme = lib.mkIf config.theme.mint.enable { - package = pkgs.mint-y-icons; - name = transformColorValue config.theme.mint.icons.color; - }; - font = { - name = config.theme.font.sansSerif; - }; - cursorTheme = { - name = "Adwaita"; - }; - gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; - }; - qt = { - enable = true; - platformTheme.name = "gtk3"; - }; - fonts.fontconfig.defaultFonts = { - sansSerif = [ config.theme.font.sansSerif ]; - monospace = [ config.theme.font.monospace ]; - }; - }; -} diff --git a/modules/home/wallpapers.nix b/modules/home/wallpapers.nix deleted file mode 100644 index d7e067a..0000000 --- a/modules/home/wallpapers.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - wallpapers.enable = lib.mkEnableOption "enables all wallpapers"; - }; - - config = lib.mkIf config.wallpapers.enable { - home.file.".local/share/wallpaper" = { - source = pkgs.fetchzip { - url = "https://tjkeller.xyz/permalinks/wallpapers.tar"; - hash = "sha256-lhj9wUMZfd0XOrUtWY9HB64oXrS/EjsvsaJHzu4ucFg="; - }; - }; - }; -} diff --git a/modules/hosts/T430/configuration.nix b/modules/hosts/T430/configuration.nix deleted file mode 100644 index 282515d..0000000 --- a/modules/hosts/T430/configuration.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; - networking.hostName = "T430"; - - # TODO this does not function - #boot.initrd.systemd.extraBin = { - # sh = "${pkgs.dash}/bin/dash"; - # vim = "${pkgs.neovim}/bin/nvim"; - #}; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - system.stateVersion = "24.05"; -} diff --git a/modules/hosts/T430/home.nix b/modules/hosts/T430/home.nix deleted file mode 100644 index 9885a06..0000000 --- a/modules/hosts/T430/home.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ ../../home ]; - - alacritty.font.size = 9; - wallpapers.enable = true; -} diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix deleted file mode 100644 index 526b7bb..0000000 --- a/modules/hosts/T495/configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ./games.nix - ./input-leap.nix - ./wg.nix - ]; - networking.hostName = "T495"; - - bootloader.mode = "efi"; - - # Enable extra software pkgs - software.desktop = { - chromium.enable = true; - cad.enable = true; - crypto.enable = true; - graphics.enable = true; - office.enable = true; - utilities.enable = true; - }; - software.development = { - docker.enable = true; - }; - - # Enable network drives - nas.enable = true; - nas.office.enable = true; - nas.office.automount = false; - - networking.hosts = { - "192.168.77.3" = [ "devel" ]; - }; - - # Use amdgpu driver for x11 - services.xserver.videoDrivers = [ "amdgpu" ]; - - # Enable bluetooth - bluetooth.enable = true; - - system.stateVersion = "24.05"; -} diff --git a/modules/hosts/T495/games.nix b/modules/hosts/T495/games.nix deleted file mode 100644 index 419d854..0000000 --- a/modules/hosts/T495/games.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: { - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - #vintagestory - prismlauncher - ]; -} diff --git a/modules/hosts/T495/home.nix b/modules/hosts/T495/home.nix deleted file mode 100644 index 817b0c0..0000000 --- a/modules/hosts/T495/home.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: { - imports = [ ../../home ]; - - theme.mint.theme.color = "Dark-Purple"; - theme.mint.icons.color = "Purple"; - wallpapers.enable = true; - - home.file.input-leap-config = { - source = ./resources/input-leap; - recursive = true; - target = "./.config/input-leap"; - }; -} diff --git a/modules/hosts/T495/input-leap.nix b/modules/hosts/T495/input-leap.nix deleted file mode 100644 index cf6d018..0000000 --- a/modules/hosts/T495/input-leap.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - input-leap - ]; - - networking.firewall = { - allowedTCPPorts = [ - 24800 # input-leaps - ]; - }; -} diff --git a/modules/hosts/T495/resources/input-leap/input-leap.conf b/modules/hosts/T495/resources/input-leap/input-leap.conf deleted file mode 100644 index c2d5176..0000000 --- a/modules/hosts/T495/resources/input-leap/input-leap.conf +++ /dev/null @@ -1,12 +0,0 @@ -section: screens - T495: - optiplex: -end - -section: links - T495: - up = optiplex - - optiplex: - down = T495 -end diff --git a/modules/hosts/hp-envy-office/configuration.nix b/modules/hosts/hp-envy-office/configuration.nix deleted file mode 100644 index 9a7a43a..0000000 --- a/modules/hosts/hp-envy-office/configuration.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ]; - networking.hostName = "hp-envy-office"; - - # Enable extra software pkgs - software.desktop = { - chromium.enable = true; - cad.enable = false; - crypto.enable = false; - graphics.enable = true; - office.enable = true; - utilities.enable = true; - }; - software.development = { - docker.enable = true; - }; - - # Enable network drives - nas.enable = true; - nas.office.enable = true; - nas.home.enable = false; - - networking.hosts = { - "192.168.77.3" = [ "devel" ]; - }; - - # Use amdgpu driver for x11 - services.xserver.videoDrivers = [ "amdgpu" ]; - - # Enable bluetooth - bluetooth.enable = true; - - # Disable autologin - autologin.enable = false; - - system.stateVersion = "24.11"; -} diff --git a/modules/hosts/hp-envy-office/home.nix b/modules/hosts/hp-envy-office/home.nix deleted file mode 100644 index ed02130..0000000 --- a/modules/hosts/hp-envy-office/home.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ userDetails, ... }: { - imports = [ ../../home ]; - - theme.mint.theme.color = "Dark-Green"; - theme.mint.icons.color = "Green"; - wallpapers.enable = true; - - additional-gtk-bookmarks = with userDetails; [ - "file://${home.documents}/src/sites/admin Admin" - "file:///media/chexx/chexx cHEXx" - ]; -} diff --git a/modules/hosts/libreX60/configuration.nix b/modules/hosts/libreX60/configuration.nix deleted file mode 100644 index 942793d..0000000 --- a/modules/hosts/libreX60/configuration.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; - networking.hostName = "libreX60"; - - # Enable extra software pkgs - software.desktop = { - office.enable = true; - }; - - # Enable network drives - nas.enable = true; - - system.stateVersion = "24.11"; -} diff --git a/modules/hosts/libreX60/home.nix b/modules/hosts/libreX60/home.nix deleted file mode 100644 index 453bfd6..0000000 --- a/modules/hosts/libreX60/home.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: { - imports = [ ../../home ]; - - theme.mint.theme.color = "Dark-Red"; - theme.mint.icons.color = "Red"; - theme.font.sansSerif = "Tamzen"; - theme.font.monospace = "Tamzen"; -} diff --git a/modules/hosts/optiplex/configuration.nix b/modules/hosts/optiplex/configuration.nix deleted file mode 100644 index cbde612..0000000 --- a/modules/hosts/optiplex/configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ]; - networking.hostName = "optiplex"; - - bootloader.mode = "efi"; - - # Allow unfree for nvidia + others - nixpkgs.config.allowUnfree = true; - - # Enable extra software pkgs - software.desktop = { - chromium.enable = true; - cad.enable = true; - crypto.enable = true; - graphics.enable = true; - office.enable = true; - utilities.enable = true; - }; - - # Install more programs - environment.systemPackages = with pkgs; [ - prismlauncher - spotify - #vintagestory - ]; - - # Enable network drives - nas.enable = true; - - # Disable wifi - wifi.enable = false; - - networking.hosts = { - "192.168.77.3" = [ "devel" ]; - }; - - # Use nvidia driver - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia = { - modesetting.enable = true; # Required - powerManagement.enable = false; # Can cause bugs - nvidiaSettings = true; - open = false; # Not compatible w/ GTX-1050 - package = config.boot.kernelPackages.nvidiaPackages.stable; # Still good for 1050 - }; - - system.stateVersion = "24.11"; -} diff --git a/modules/hosts/optiplex/home.nix b/modules/hosts/optiplex/home.nix deleted file mode 100644 index ee56dc6..0000000 --- a/modules/hosts/optiplex/home.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: { - imports = [ ../../home ]; - - theme.mint.theme.color = "Dark-Green"; - theme.mint.icons.color = "Green"; - wallpapers.enable = true; -} diff --git a/modules/root/autologin.nix b/modules/root/autologin.nix deleted file mode 100644 index 6e66160..0000000 --- a/modules/root/autologin.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, userDetails, ... }: { - options = { - autologin.enable = lib.mkEnableOption "enables getty automatic login"; - #autologin.user = lib.mkEnableOption "populate username"; - #autologin.password = lib.mkEnableOption "populate password"; - }; - - config = lib.mkIf config.autologin.enable { - services.getty = { - autologinUser = userDetails.username; - }; - }; -} diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix deleted file mode 100644 index d55eade..0000000 --- a/modules/root/bluetooth.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: { - options = { - bluetooth.enable = lib.mkEnableOption "enables bluetooth support"; - }; - - config = { - hardware.bluetooth.enable = true; - services.blueman.enable = true; - }; -} diff --git a/modules/root/bootloader.nix b/modules/root/bootloader.nix deleted file mode 100644 index 0a45264..0000000 --- a/modules/root/bootloader.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, config, ... }: { - options = { - bootloader.loader = lib.mkOption { - type = lib.types.enum [ "grub" "systemd-boot" ]; - default = "systemd-boot"; - description = "whether to install grub or systemd-boot as the bootloader"; - }; - bootloader.mode = lib.mkOption { - type = lib.types.enum [ "efi" "bios" ]; - default = "efi"; - description = "whether to install the bootloader in efi or bios mode"; - }; - bootloader.grub = { - biosDevice = lib.mkOption { - type = lib.types.str; - description = "device to install grub on"; - }; - }; - bootloader.memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader"; - }; - - config = { - boot.loader = { - grub = { - enable = config.bootloader.loader == "grub"; - efiSupport = config.bootloader.mode == "efi"; - efiInstallAsRemovable = config.bootloader.mode == "efi"; - device = if config.bootloader.mode == "bios" then config.bootloader.grub.biosDevice else "nodev"; - enableCryptodisk = true; - memtest86.enable = config.bootloader.memtest86.enable; - }; - systemd-boot = { - enable = config.bootloader.loader == "systemd-boot"; - editor = false; - memtest86.enable = config.bootloader.memtest86.enable; - }; - efi = lib.mkIf (config.bootloader.mode == "efi") { - efiSysMountPoint = lib.mkIf (config.bootloader.loader == "grub") "/boot/efi"; - canTouchEfiVariables = true; - }; - }; - }; -} diff --git a/modules/root/default.nix b/modules/root/default.nix deleted file mode 100644 index e108318..0000000 --- a/modules/root/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ lib, ... }: { - imports = [ - ./software - ./autologin.nix - ./bluetooth.nix - ./bootloader.nix - ./doas.nix - ./fonts.nix - ./home-manager.nix - ./hosts.nix - ./localization.nix - ./nas.nix - ./nix.nix - ./normaluser.nix - ./pipewire.nix - ./powerkeys.nix - ./printing.nix - ./secrets.nix - ./ssh.nix - ./tlp.nix - ./wifi.nix - ./x11.nix - ./zsh.nix - ]; - - autologin.enable = lib.mkDefault true; - avahi.enable = lib.mkDefault true; - bluetooth.enable = lib.mkDefault false; - doas.enable = lib.mkDefault true; - fonts.enable = lib.mkDefault true; - nas = { - enable = lib.mkDefault false; - home.enable = lib.mkDefault true; - home.automount = lib.mkDefault false; - office.enable = lib.mkDefault false; - office.automount = lib.mkDefault false; - }; - bootloader = { - mode = lib.mkDefault "bios"; - memtest86.enable = lib.mkDefault true; - }; - home-manager.enable = lib.mkDefault true; - pipewire.enable = lib.mkDefault true; - printing.enable = lib.mkDefault true; - tlp.enable = lib.mkDefault true; - scanning.enable = lib.mkDefault true; - wifi.enable = lib.mkDefault true; - xserver.enable = lib.mkDefault true; - zsh.enable = lib.mkDefault true; -} diff --git a/modules/root/doas.nix b/modules/root/doas.nix deleted file mode 100644 index c6707ce..0000000 --- a/modules/root/doas.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, ... }: { - options = { - doas.enable = lib.mkEnableOption "enables doas"; - sudo.enable = lib.mkEnableOption "enables sudo"; - }; - - config = { - security = { - #sudo.enable = config.sudo.enable; - sudo.enable = true; # TODO remove once can be built from flake w git - sudo.wheelNeedsPassword = false; - doas.enable = config.doas.enable; - doas.extraRules = lib.mkIf config.doas.enable [{ - keepEnv = true; - }]; - doas.wheelNeedsPassword = false; - }; - }; -} diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix deleted file mode 100644 index 3ae8eef..0000000 --- a/modules/root/fonts.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - fonts.enable = lib.mkEnableOption "enables fonts"; - }; - - config = lib.mkIf config.fonts.enable { - fonts.packages = with pkgs; [ - commit-mono - inter - tamzen - (nerdfonts.override { - fonts = [ "JetBrainsMono" ]; - }) - ]; - }; -} diff --git a/modules/root/home-manager.nix b/modules/root/home-manager.nix deleted file mode 100644 index d271523..0000000 --- a/modules/root/home-manager.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - home-manager.enable = lib.mkEnableOption "enables home-manager"; - }; - - config = lib.mkIf config.home-manager.enable { - environment.systemPackages = with pkgs; [ - home-manager - ]; - }; -} diff --git a/modules/root/localization.nix b/modules/root/localization.nix deleted file mode 100644 index 8313f07..0000000 --- a/modules/root/localization.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; - services.xserver.xkb.layout = "us"; -} diff --git a/modules/root/nas.nix b/modules/root/nas.nix deleted file mode 100644 index 0116ba3..0000000 --- a/modules/root/nas.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, ... } : -let - mkNetworkFileSystem = device: automount: { - device = "${device}"; - fsType = "nfs"; - options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ]; - }; -in { - options = { - nas = { - enable = lib.mkEnableOption "enable network shares"; - home = { - enable = lib.mkEnableOption "enable home network shares"; - automount = lib.mkEnableOption "automount home network shares"; - }; - office = { - enable = lib.mkEnableOption "enable office network shares"; - automount = lib.mkEnableOption "automount home network shares"; - }; - }; - }; - - config = lib.mkIf config.nas.enable { - fileSystems = lib.optionalAttrs config.nas.home.enable { - "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" config.nas.home.automount; - "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" config.nas.home.automount; - "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" config.nas.home.automount; - "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" config.nas.home.automount; - } // lib.optionalAttrs config.nas.office.enable { - "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" config.nas.office.automount; - "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" config.nas.office.automount; - "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" config.nas.office.automount; - }; - # TODO auto mkdirz - }; -} diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix deleted file mode 100644 index fc243ea..0000000 --- a/modules/root/normaluser.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, userDetails, ... }: { - users.users.root = { - hashedPasswordFile = config.sops.secrets.hashed-root-password.path; - }; - users.users.${userDetails.username} = { - description = userDetails.fullname; - #home = userDetails.home.root; - isNormalUser = true; - hashedPasswordFile = config.sops.secrets.hashed-root-password.path; - extraGroups = [ "wheel" "nixbld" ]; - }; -} diff --git a/modules/root/pipewire.nix b/modules/root/pipewire.nix deleted file mode 100644 index fd97d42..0000000 --- a/modules/root/pipewire.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: { - options = { - pipewire.enable = lib.mkEnableOption "enables pipewire"; - }; - - config = lib.mkIf config.pipewire.enable { - services.pipewire = { - enable = true; - pulse.enable = true; - }; - }; -} diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml deleted file mode 100644 index 03f9517..0000000 --- a/modules/root/resources/secrets/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str] -hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTUlBZXQ5Z080UUxoUGdr - dm9hRE5uTzFwWXhOWkJnbXNvazd1UnplcUdZCnRKQ3RVT1RGZURLYUxINStBSU4x - bUZudFp2SC9DSkVhNTRHV0MrRFFMckEKLS0tIGNBb3FLQVJsTGVsY3hMdy94WWZx - UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K - nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-09T16:42:38Z" - mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.2 diff --git a/modules/root/resources/x11/xinit-startx-xdg.patch b/modules/root/resources/x11/xinit-startx-xdg.patch deleted file mode 100644 index c1bca97..0000000 --- a/modules/root/resources/x11/xinit-startx-xdg.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/startx.cpp b/startx.cpp -index dfbebe1..472a1b0 100644 ---- a/startx.cpp -+++ b/startx.cpp -@@ -272,7 +272,7 @@ if [ x"$enable_xauth" = x1 ] ; then - dummy=0 - - XCOMM create a file with auth information for the server. ':0' is a dummy. -- xserverauthfile=$HOME/.serverauth.$$ -+ xserverauthfile="${XAUTHORITY:-$HOME/.Xauthority}" - trap "rm -f '$xserverauthfile'" HUP INT QUIT ILL TRAP BUS TERM - xauth -q -f "$xserverauthfile" << EOF - add :$dummy . $mcookie - diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix deleted file mode 100644 index 47262fd..0000000 --- a/modules/root/secrets.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, inputs, config, userDetails, ... }: { - imports = [ inputs.sops-nix.nixosModules.sops ]; - - sops = { - defaultSopsFile = ./resources/secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt"; - - secrets = { - wpa_supplicant-conf = { }; - hashed-root-password = { }; - }; - }; - - # This service is a workaround to ensure that secrets are available on - # reboot when the secret keys are on a separate subvolume - systemd.services.npcnix-force-rebuild-sops-hack = { - wantedBy = [ "multi-user.target" ]; - before = [ - # List all services that require secrets - "wpa_supplicant.service" - ]; - serviceConfig = { - ExecStart = "/run/current-system/activate"; - Type = "oneshot"; - Restart = "on-failure"; # because oneshot - RestartSec = "10s"; - }; - }; -} diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix deleted file mode 100644 index 8d1e987..0000000 --- a/modules/root/software/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, config, ... }: { - imports = [ - ./awesome.nix - ./ddcutil.nix - ./desktop.nix - ./development.nix - ./docker.nix - ./system.nix - ./utilities.nix - ./virtualisation.nix - ]; - - software.desktop = { - enable = lib.mkDefault config.xserver.enable; - chromium.enable = lib.mkDefault false; - cad.enable = lib.mkDefault false; - crypto.enable = lib.mkDefault false; - firefox.enable = lib.mkDefault true; - graphics.enable = lib.mkDefault false; - office.enable = lib.mkDefault false; - utilities.enable = lib.mkDefault false; - }; - - software.development = { - enable = lib.mkDefault true; - docker = { - enable = lib.mkDefault false; - btrfsSupport = lib.mkDefault true; - }; - }; - - virtualisation.enable = lib.mkDefault false; - xserver.awesome.enable = lib.mkDefault true; -} diff --git a/modules/root/software/derivations b/modules/root/software/derivations deleted file mode 120000 index a075779..0000000 --- a/modules/root/software/derivations +++ /dev/null @@ -1 +0,0 @@ -../../../derivations
\ No newline at end of file diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix deleted file mode 100644 index 88101d8..0000000 --- a/modules/root/software/desktop.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - software.desktop = { - enable = lib.mkEnableOption "enables desktop apps"; - chromium = { - enable = lib.mkEnableOption "enables selected chromium browser package"; - package = lib.mkOption { - type = lib.types.package; - default = pkgs.ungoogled-chromium; - description = "chromium package to install"; - }; - }; - cad.enable = lib.mkEnableOption "enables cad and 3d printing apps"; - crypto.enable = lib.mkEnableOption "enables crypto wallet apps"; - firefox.enable = lib.mkEnableOption "enables firefox"; - graphics.enable = lib.mkEnableOption "enables graphic design apps"; - office.enable = lib.mkEnableOption "enables office apps"; - utilities.enable = lib.mkEnableOption "enables miscellaneous utility apps"; - }; - }; - - config = lib.mkIf config.software.desktop.enable { - environment.systemPackages = with pkgs; [ - # Default - arandr - dmenu - libnotify - mpv - pavucontrol - pcmanfm - redshift - scrot - sxiv - wpa_supplicant_gui - zathura - (callPackage ./derivations/st {}) - ] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [ - # Chrome - config.software.desktop.chromium.package - ] ++ pkgs.lib.optionals config.software.desktop.cad.enable [ - # CAD - blender - freecad - prusa-slicer - ] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [ - # Crypto Wallets - bisq2 - electrum - monero-gui - ] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [ - # Graphics - blender - geeqie - gimp - inkscape - ] ++ pkgs.lib.optionals config.software.desktop.office.enable [ - # Office - libreoffice - pdfchain - thunderbird - ] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [ - # Misc Utilities - jellyfin-mpv-shim - qbittorrent - qdirstat - remmina - ]; - - programs.localsend.enable = config.software.desktop.utilities.enable; # Installs & opens firewall - programs.firefox.enable = config.software.desktop.firefox.enable; - - # GVfs allows for mounting drives in a graphical file manager - services.gvfs.enable = true; - - # For home-manager to configure gtk - # TODO this should be there instead - programs.dconf.enable = config.software.desktop.enable; - }; -} diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix deleted file mode 100644 index 2a4dfba..0000000 --- a/modules/root/software/development.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - software.development.enable = lib.mkEnableOption "enables development tools"; - }; - - config = lib.mkIf config.software.development.enable { - environment.systemPackages = with pkgs; [ - adb-sync - android-tools - gcc - git - gnumake - hugo - lua - pkg-config - ]; - }; -} diff --git a/modules/root/software/docker.nix b/modules/root/software/docker.nix deleted file mode 100644 index bf1898c..0000000 --- a/modules/root/software/docker.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, lib, config, userDetails, ... }: { - options = { - software.development.docker = { - enable = lib.mkEnableOption "enables docker"; - btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs"; - }; - }; - - config = lib.mkIf config.software.development.docker.enable { - virtualisation.docker = { - enable = true; - storageDriver = lib.mkIf config.software.development.docker.btrfsSupport "btrfs"; - }; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; - - users.groups.docker.members = [ userDetails.username ]; - }; -} diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix deleted file mode 100644 index f0a31f2..0000000 --- a/modules/root/software/system.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - age # Secrets - cryptsetup - dash # TODO should be default /bin/sh - exfat - git # Needed for home-manager - python3 - sops # Secrets - ]; - - services.gpm.enable = true; -} diff --git a/modules/root/software/virtualisation.nix b/modules/root/software/virtualisation.nix deleted file mode 100644 index 4ae15f5..0000000 --- a/modules/root/software/virtualisation.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: { - options = { - virtualisation.enable = lib.mkEnableOption "enables virtualisation and virt-manager"; - }; - - config = lib.mkIf config.virtualisation.enable { - virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = config.software.desktop.enable; - }; -} diff --git a/modules/root/ssh.nix b/modules/root/ssh.nix deleted file mode 100644 index 9f6d54d..0000000 --- a/modules/root/ssh.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - }; - }; -} diff --git a/modules/root/tlp.nix b/modules/root/tlp.nix deleted file mode 100644 index 3414c03..0000000 --- a/modules/root/tlp.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, config, ... }: { - options = { - tlp.enable = lib.mkEnableOption "enables tlp"; - }; - - config = lib.mkIf config.tlp.enable { - services.tlp.enable = true; - }; -} diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix deleted file mode 100644 index 542cfd7..0000000 --- a/modules/root/wifi.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, config, ... }: { - options = { - wifi.enable = lib.mkEnableOption "enables wifi"; - }; - - config = lib.mkIf config.wifi.enable { - networking.wireless = { - enable = true; # Enables wireless support via wpa_supplicant. - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) - }; - - # Link /etc/wpa_supplicant.conf -> secret config - environment.etc."wpa_supplicant.conf" = { - source = config.sops.secrets.wpa_supplicant-conf.path; - }; - }; -} diff --git a/modules/root/x11.nix b/modules/root/x11.nix deleted file mode 100644 index fd15c52..0000000 --- a/modules/root/x11.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, lib, config, ... }: { - options = { - xserver.enable = lib.mkEnableOption "enables xserver"; - }; - - config = lib.mkIf config.xserver.enable { - services.xserver.enable = true; - services.xserver.displayManager.startx.enable = true; - services.libinput.enable = true; # Enable touchpad support - - environment.systemPackages = with pkgs; [ - unclutter - xcape - xclip - xdotool - xorg.setxkbmap - xorg.xinput - xorg.xkill - xorg.xrandr - xorg.xset - xwallpaper - # Patch startx to be compliant with xdg base dir spec - (xorg.xinit.overrideAttrs (old: rec { - patches = [ - ./resources/x11/xinit-startx-xdg.patch - ]; - })) - ]; - }; -} diff --git a/modules/root/zsh.nix b/modules/root/zsh.nix deleted file mode 100644 index 697cb4c..0000000 --- a/modules/root/zsh.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, pkgs, ... }: { - options = { - zsh.enable = lib.mkEnableOption "use zsh as default shell"; - }; - - config = lib.mkIf config.zsh.enable { - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - }; -} diff --git a/nixos/bootloader.nix b/nixos/bootloader.nix new file mode 100644 index 0000000..bb807cf --- /dev/null +++ b/nixos/bootloader.nix @@ -0,0 +1,48 @@ +{ lib, config, ... }: let + cfg = config.boot._loader; + usingEfi = cfg.mode == "efi"; + usingBios = cfg.mode == "bios"; +in { + options.boot._loader = { + enable = lib.mkEnableOption "enable unified bootloader config"; + loader = lib.mkOption { + type = lib.types.enum [ "grub" "systemd-boot" ]; + default = "systemd-boot"; + description = "whether to install grub or systemd-boot as the bootloader"; + }; + mode = lib.mkOption { + type = lib.types.enum [ "efi" "bios" ]; + default = "efi"; + description = "whether to install the bootloader in efi or bios mode"; + }; + grub = { + biosDevice = lib.mkOption { + type = lib.types.str; + description = "device to install grub on"; + }; + }; + memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader"; + }; + + config = lib.mkIf cfg.enable { + boot.loader = { + grub = lib.mkIf (cfg.loader == "grub") { + enable = true; + efiSupport = usingEfi; + efiInstallAsRemovable = usingEfi; + device = if usingBios then cfg.grub.biosDevice else "nodev"; + enableCryptodisk = true; + memtest86.enable = cfg.memtest86.enable; + }; + systemd-boot = lib.mkIf (cfg.loader == "systemd-boot") { + enable = true; + editor = false; + memtest86.enable = cfg.memtest86.enable; + }; + efi = lib.mkIf usingEfi { + efiSysMountPoint = lib.mkIf (cfg.loader == "grub") "/boot/efi"; + canTouchEfiVariables = true; + }; + }; + }; +} diff --git a/nixos/default.nix b/nixos/default.nix new file mode 100644 index 0000000..5074c06 --- /dev/null +++ b/nixos/default.nix @@ -0,0 +1,27 @@ +{ + imports = [ + ./programs/awesome.nix + ./programs/ddcutil.nix + ./programs/home-manager.nix + + ./services/cgit.nix + ./services/gitea.nix + ./services/searxng.nix + + ./bootloader.nix + ./doas.nix + ./filesystems.nix + ./geoclue.nix + ./hosts.nix + ./net-iface-labels.nix + ./nix.nix + ./pipewire.nix + ./polkit.nix + ./powerkeys.nix + ./printing.nix + ./secrets.nix + ./ssh.nix + ./sudo.nix + ./suspend.nix + ]; +} diff --git a/nixos/doas.nix b/nixos/doas.nix new file mode 100644 index 0000000..e1fa994 --- /dev/null +++ b/nixos/doas.nix @@ -0,0 +1,17 @@ +{ lib, config, ... }: let + cfg = config.security._doas; +in { + options.security._doas = { + enable = lib.mkEnableOption "enables doas"; + }; + + config = lib.mkIf cfg.enable { + security.doas = { + enable = true; + wheelNeedsPassword = false; + extraRules = [{ + keepEnv = true; + }]; + }; + }; +} diff --git a/modules/root/software/ddcutil.nix b/nixos/filesystems.nix index 93e0af5..00ab409 100644 --- a/modules/root/software/ddcutil.nix +++ b/nixos/filesystems.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { - hardware.i2c.enable = true; environment.systemPackages = with pkgs; [ - ddcutil + cryptsetup + exfat + ntfs3g ]; } diff --git a/nixos/geoclue.nix b/nixos/geoclue.nix new file mode 100644 index 0000000..344ef24 --- /dev/null +++ b/nixos/geoclue.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: let + cfg = config.services._geoclue2; +in { + options.services._geoclue2 = { + enable = lib.mkEnableOption "enable geoclue2 service with minimal sources and set timezone automatically"; + }; + + config = lib.mkIf cfg.enable { + services.geoclue2 = { + enable = true; + }; + services.automatic-timezoned.enable = lib.mkDefault true; + }; +} diff --git a/nixos/hosts.nix b/nixos/hosts.nix new file mode 100644 index 0000000..a87f3b4 --- /dev/null +++ b/nixos/hosts.nix @@ -0,0 +1,4 @@ +{ hostname, ... }: { + networking.hostName = hostname; # From flake.nix + environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications +} diff --git a/nixos/net-iface-labels.nix b/nixos/net-iface-labels.nix new file mode 100644 index 0000000..b7ac655 --- /dev/null +++ b/nixos/net-iface-labels.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: let + cfg = config.networking._interfaceLabels; + validMac = str: builtins.match ''^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'' str != null; + macAddressType = lib.types.str // { + check = validMac; + description = "a mac address (xx:xx:xx:xx:xx:xx)"; + }; +in { + options.networking._interfaceLabels = { + enable = lib.mkEnableOption "manually label network interfaces"; + interfaces = lib.mkOption { + type = lib.types.attrsOf macAddressType; + default = {}; + example = { + "lan0" = "00:11:22:33:44:55"; + "lan1" = "66:77:88:99:AA:BB"; + }; + description = "label network interfaces by their mac address"; + }; + }; + + config = lib.mkIf cfg.enable { + networking.usePredictableInterfaceNames = false; + services.udev.extraRules = lib.concatStringsSep "\n" ( + lib.mapAttrsToList (name: mac: ''ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="${mac}", NAME="${name}"'') cfg.interfaces + ); + }; +} diff --git a/modules/root/nix.nix b/nixos/nix.nix index ff8dd28..ff8dd28 100644 --- a/modules/root/nix.nix +++ b/nixos/nix.nix diff --git a/nixos/pipewire.nix b/nixos/pipewire.nix new file mode 100644 index 0000000..be3eaf4 --- /dev/null +++ b/nixos/pipewire.nix @@ -0,0 +1,14 @@ +{ lib, config, ... }: let + cfg = config.services._pipewire; +in { + options.services._pipewire = { + enable = lib.mkEnableOption "enables pipewire"; + }; + + config = lib.mkIf cfg.enable { + services.pipewire = { + enable = true; + pulse.enable = true; + }; + }; +} diff --git a/nixos/polkit.nix b/nixos/polkit.nix new file mode 100644 index 0000000..875b50a --- /dev/null +++ b/nixos/polkit.nix @@ -0,0 +1,50 @@ +{ lib, config, pkgs, ... }: let + cfg = config.security._polkit; + + # This authentication agent will only autostart in a select few environments (e.g. GNOME, XFCE) by default. + # This derivation will allow the polkit_gnome agent to start in any environment so long as it is enabled. + polkit_gnome-autostart = pkgs.stdenv.mkDerivation { + name = "polkit_gnome-autostart"; + priority = 5; + + # Copy the autostart desktop entry and replace OnlyShowIn with NotShowIn to invert the selection. + # The default one will still select the same environments, but this new one will select the inverse, + # e.g. any environment that is not listed in the stock desktop entry. + buildCommand = '' + mkdir -p $out/etc/xdg/autostart + cp ${cfg.gnome.package}/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1-de-agnostic.desktop + substituteInPlace $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1-de-agnostic.desktop \ + --replace-fail 'OnlyShowIn=' 'NotShowIn=' + ''; + }; +in { + options.security._polkit = { + enable = lib.mkEnableOption "enables polkit"; + gnome = { + enable = lib.mkEnableOption "enables polkit_gnome authentication agent"; + package = lib.mkPackageOption pkgs "polkit_gnome" { }; + }; + allowUserPowerControls = lib.mkEnableOption "allow users to control the power state of the machine using poweroff/reboot commands"; + wheelNoPass = lib.mkEnableOption "allow users in wheel group to execute all commands without password"; + }; + + config = lib.mkIf cfg.enable { + security.polkit.enable = lib.mkDefault true; + + environment.systemPackages = lib.mkIf cfg.gnome.enable [ pkgs.polkit_gnome polkit_gnome-autostart ]; + + # Optional rules + environment.etc = let + pkRulesD = "polkit-1/rules.d"; + in { + "${pkRulesD}/10-reboot-poweroff-users.rules" = { + enable = cfg.allowUserPowerControls; + source = ./resources/polkit-1/rules.d/10-reboot-poweroff-users.rules; + }; + "${pkRulesD}/0-wheel-no-pass.rules" = { + enable = cfg.wheelNoPass; + source = ./resources/polkit-1/rules.d/0-wheel-no-pass.rules; + }; + }; + }; +} diff --git a/modules/root/powerkeys.nix b/nixos/powerkeys.nix index fd4aa00..fd4aa00 100644 --- a/modules/root/powerkeys.nix +++ b/nixos/powerkeys.nix diff --git a/nixos/printing.nix b/nixos/printing.nix new file mode 100644 index 0000000..a6df279 --- /dev/null +++ b/nixos/printing.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: let + cfg = config.services._printing; +in { + options.services._printing = { + enable = lib.mkEnableOption "enables printing and avahi service"; + }; + + config = lib.mkIf cfg.enable { + services.printing.enable = true; + + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + }; +} + diff --git a/modules/root/software/awesome.nix b/nixos/programs/awesome.nix index fdc86e8..0856384 100644 --- a/modules/root/software/awesome.nix +++ b/nixos/programs/awesome.nix @@ -1,9 +1,11 @@ -{ pkgs, lib, config, ... }: { - options = { - xserver.awesome.enable = lib.mkEnableOption "enables awesomewm"; +{ pkgs, lib, config, ... }: let + cfg = config.services.xserver.windowManager._awesome; +in { + options.services.xserver.windowManager._awesome = { + enable = lib.mkEnableOption "installs awesome window manager"; }; - config = lib.mkIf (config.xserver.enable && config.xserver.awesome.enable ) { + config = lib.mkIf cfg.enable { services.xserver.windowManager.awesome = { enable = true; noArgb = true; # disables transparency. why not? diff --git a/nixos/programs/ddcutil.nix b/nixos/programs/ddcutil.nix new file mode 100644 index 0000000..ef1801b --- /dev/null +++ b/nixos/programs/ddcutil.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, ... }: let + cfg = config.programs._ddcutil; +in { + options.programs._ddcutil = { + enable = lib.mkEnableOption "enables ddcutil and i2c control"; + }; + + config = lib.mkIf cfg.enable { + hardware.i2c.enable = true; + environment.systemPackages = [ pkgs.ddcutil ]; + }; +} diff --git a/nixos/programs/home-manager.nix b/nixos/programs/home-manager.nix new file mode 100644 index 0000000..49149d3 --- /dev/null +++ b/nixos/programs/home-manager.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, ... }: let + cfg = config.programs._home-manager; +in { + options.programs._home-manager = { + enable = lib.mkEnableOption "enables home-manager"; + }; + + config = lib.mkIf cfg.enable { + # Install home manager + environment.systemPackages = with pkgs; [ home-manager git ]; # Git is needed + + # For home-manager to configure gtk + programs.dconf.enable = lib.mkDefault true; + }; +} diff --git a/nixos/resources/polkit-1/rules.d/0-wheel-no-pass.rules b/nixos/resources/polkit-1/rules.d/0-wheel-no-pass.rules new file mode 100644 index 0000000..93abf0d --- /dev/null +++ b/nixos/resources/polkit-1/rules.d/0-wheel-no-pass.rules @@ -0,0 +1,5 @@ +polkit.addRule(function(action, subject) { + if (subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); diff --git a/nixos/resources/polkit-1/rules.d/10-reboot-poweroff-users.rules b/nixos/resources/polkit-1/rules.d/10-reboot-poweroff-users.rules new file mode 100644 index 0000000..ed9dbf7 --- /dev/null +++ b/nixos/resources/polkit-1/rules.d/10-reboot-poweroff-users.rules @@ -0,0 +1,17 @@ +polkit.addRule(function (action, subject) { + if ( + subject.isInGroup("users") && + [ + "org.freedesktop.login1.reboot", + "org.freedesktop.login1.reboot-multiple-sessions", + "org.freedesktop.login1.power-off", + "org.freedesktop.login1.power-off-multiple-sessions", + "org.freedesktop.login1.suspend", + "org.freedesktop.login1.suspend-multiple-sessions", + "org.freedesktop.login1.hibernate", + "org.freedesktop.login1.hibernate-multiple-sessions", + ].indexOf(action.id) !== -1 + ) { + return polkit.Result.YES; + } +}); diff --git a/nixos/secrets.nix b/nixos/secrets.nix new file mode 100644 index 0000000..0691255 --- /dev/null +++ b/nixos/secrets.nix @@ -0,0 +1,8 @@ +{ inputs, config, pkgs, ... }: { + environment.systemPackages = with pkgs; [ age sops ]; + + sops = { + defaultSopsFormat = "yaml"; + age.sshKeyPaths = [ "/root/.ssh/id_ed25519" ]; + }; +} diff --git a/nixos/services/cgit.nix b/nixos/services/cgit.nix new file mode 100644 index 0000000..66de1d8 --- /dev/null +++ b/nixos/services/cgit.nix @@ -0,0 +1,142 @@ +{ lib, pkgs, config, ... }: +let + cfg = config.services._cgit; +in { + options.services._cgit = { + enable = lib.mkEnableOption "enables cgit service"; + hostAddress = lib.mkOption { + type = lib.types.str; + description = "hostAddress for the container"; + default = "10.0.1.1"; + }; + localAddress = lib.mkOption { + type = lib.types.str; + description = "localAddress for the container"; + default = "10.0.1.2"; + }; + rootTitle = lib.mkOption { + type = lib.types.str; + description = "cgit site title"; + default = ""; + }; + rootDesc = lib.mkOption { + type = lib.types.str; + description = "cgit site description"; + default = ""; + }; + extraConfig = lib.mkOption { + type = lib.types.str; + description = "cgitrc lines inserted verbatim at the end"; + default = ""; + }; + ssh.authorizedKeys = { + keys = lib.mkOption { + type = lib.types.listOf lib.types.singleLineStr; + default = [ ]; + description = '' + see `options.openssh.authorizedKeys.keys`. + ssh authorized keys for git user in container. + ''; + }; + keyFiles = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = [ ]; + description = '' + see `options.openssh.authorizedKeys.keyFiles`. + ssh authorized keys for git user in container. + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + # Configure cgit container + containers.cgit = { + autoStart = true; + privateNetwork = true; + hostAddress = cfg.hostAddress; + localAddress = cfg.localAddress; + + specialArgs = { + authorizedKeys = cfg.ssh.authorizedKeys; + cgitrc = with cfg; { + inherit rootTitle; + inherit rootDesc; + inherit extraConfig; + }; + }; + + config = { lib, config, authorizedKeys, cgitrc, ... }: { + # Create git user for ssh access + users.users.git = { + isNormalUser = true; + home = "/srv/git"; # Serve from git user's home to allow cloning git@cgit:repo + group = "git"; + createHome = true; + homeMode = "750"; # Allow read permissions for group members + shell = pkgs.bash; + openssh = { inherit authorizedKeys; }; + }; + users.groups.git.members = [ "lighttpd" ]; # Create the git group and add lighttpd user as a member so /srv/git can be served by cgit + + # Enable git + programs.git.enable = true; + + # Enable ssh service + services.openssh.enable = true; + + # Enable cgit service + services.lighttpd.enable = true; + services.lighttpd.cgit = { + enable = true; + #subdir = ""; # FIXME this does not work for some reason + configText = '' + # Based on joseluisq/alpine-cgit + root-title=${cgitrc.rootTitle} + root-desc=${cgitrc.rootDesc} + + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + + readme=:README.md + readme=:README.html + readme=:README.txt + readme=:README + readme=:INSTALL.md + readme=:INSTALL.html + readme=:INSTALL.txt + readme=:INSTALL + + # Cache + #cache-root=/var/cache/cgit + #cache-size=2000 + + enable-index-links=1 + enable-index-owner=0 + enable-remote-branches=1 + enable-log-filecount=1 + enable-log-linecount=1 + enable-git-config=1 + snapshots=tar.xz zip + + robots=noindex, nofollow + + virtual-root=/cgit + section-from-path=0 + max-repo-count=100 + scan-path=/srv/git + + # extra config + ${cgitrc.extraConfig} + ''; + }; + + # Networking, etc. + networking.firewall.allowedTCPPorts = [ 80 22 ]; + networking.hostName = "cgit"; + + system.stateVersion = "25.05"; + }; + }; + }; +} diff --git a/nixos/services/gitea.nix b/nixos/services/gitea.nix new file mode 100644 index 0000000..5586979 --- /dev/null +++ b/nixos/services/gitea.nix @@ -0,0 +1,58 @@ +{ lib, pkgs, config, ... }: +let + cfg = config.services._gitea; +in { + options.services._gitea = { + enable = lib.mkEnableOption "enables gitea service"; + hostAddress = lib.mkOption { + type = lib.types.str; + description = "hostAddress for the container"; + default = "10.0.1.1"; + }; + localAddress = lib.mkOption { + type = lib.types.str; + description = "localAddress for the container"; + default = "10.0.1.3"; + }; + }; + + config = lib.mkIf cfg.enable { + containers.gitea = { + autoStart = true; + privateNetwork = true; + hostAddress = cfg.hostAddress; + localAddress = cfg.localAddress; + + config = { lib, config, ... }: { + # Enable gitea service + services.gitea = { + enable = true; + user = "git"; # So ssh cloning uses git@gitea + settings = { + server = { + HTTP_PORT = 3000; # Can't set as 80 without root permissions, use 3000 instead + }; + }; + }; + + # Networking, etc. + # Redirect 80 to 3000 + networking.nftables = { + enable = true; + ruleset = '' + table ip nat { + chain prerouting { + type nat hook prerouting priority 0; + tcp dport 80 redirect to :3000 + } + } + ''; + }; + networking.firewall.allowedTCPPorts = [ 3000 80 22 ]; # Still need to forward 3000 for nftables rule to work + networking.hostName = "gitea"; + + system.stateVersion = "25.05"; + }; + }; + }; +} diff --git a/nixos/services/searxng.nix b/nixos/services/searxng.nix new file mode 100644 index 0000000..f90ad4e --- /dev/null +++ b/nixos/services/searxng.nix @@ -0,0 +1,120 @@ +{ pkgs, lib, config, ... }: let + cfg = config.services._searxng; + environmentFile = "/run/searx/searxng.env"; + generateEnvironmentFile = '' + umask 077 + echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile} + ls /run/searx + ''; +in { + options.services._searxng = { + enable = lib.mkEnableOption "enables searxng service"; + uwsgi.enable = lib.mkEnableOption "enables searxng uwsgi"; + }; + + config = lib.mkIf cfg.enable { + # Generate secret key + systemd.services.searx-environment-file = { + description = "Generate environment file with secret key for searx"; + wantedBy = [ "searx-init.service" ]; + partOf = [ "searx-init.service" ]; + before = [ "searx-init.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "searx"; + RuntimeDirectory = "searx"; + RuntimeDirectoryMode = "750"; + ConditionPathExists = "!${environmentFile}"; + }; + script = generateEnvironmentFile; + }; + + # Configure searxng + services.searx = { + enable = true; + redisCreateLocally = true; + package = pkgs.searxng; + inherit environmentFile; # Provides secret key + + # UWSGI configuration + runInUwsgi = cfg.uwsgi.enable; + + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + http = ":8888"; + chmod-socket = "660"; + }; + + settings = { + general = { + instance_name = "TJK Search"; + donation_url = "https://tjkeller.xyz"; + enable_metrics = false; + }; + + # Search engine settings + search = { + safe_search = 2; # Strict + autocomplete = ""; + default_lang = "en-US"; + }; + + preferences.lock = [ "safesearch" ]; # Lock safe_search at strict + + # https://docs.searxng.org/admin/plugins.html + enabled_plugins = [ + "Tor check plugin" + "Tracker URL remover" + "Basic Calculator" + "Unit converter plugin" + "Hash plugin" + "Self Information" + "Open Access DOI rewrite" + "Hostnames plugin" + ]; + + hostnames.replace = { + "(.*\.)?youtube\.com$" = "piped.tjkeller.xyz"; + "(.*\.)?youtu\.be$" = "piped.tjkeller.xyz"; + "(.*\.)?reddit\.com$" = "old.reddit.com"; + }; + + # Enable / disabled search engines from default list + engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) { + # Images + "artic" = false; + "deviantart" = false; + "flickr" = false; + "library of congress" = false; + "openverse" = false; + "pinterest" = false; + "public domain image archive" = false; + "unsplash" = false; + "wallhaven" = false; + "wikicommons.images" = false; + + # Videos + "bitchute" = true; + "dailymotion" = false; + "piped" = false; + "rumble" = true; + "sepiasearch" = false; + "vimeo" = false; + "wikicommons.videos" = false; + + # Music + "piped.music" = false; + + # Files + "1337x" = true; + "annas archive" = true; + "library genesis" = true; + + # Apps + "fdroid" = true; + }; + }; + }; + }; +} diff --git a/nixos/ssh.nix b/nixos/ssh.nix new file mode 100644 index 0000000..8f81474 --- /dev/null +++ b/nixos/ssh.nix @@ -0,0 +1,16 @@ +{ lib, config, ... }: let + cfg = config.services._ssh; +in { + options.services._ssh = { + enable = lib.mkEnableOption "enable openssh with X11 forwarding"; + }; + + config = lib.mkIf cfg.enable { + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + }; + }; + }; +} diff --git a/nixos/sudo.nix b/nixos/sudo.nix new file mode 100644 index 0000000..5fa2727 --- /dev/null +++ b/nixos/sudo.nix @@ -0,0 +1,15 @@ +{ lib, config, ... }: let + cfg = config.security._sudo; +in { + options.security._sudo = { + enable = lib.mkEnableOption "enables sudo"; + }; + + #config = lib.mkIf cfg.enable { + config = { # TODO remove once can be built from flake w git + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + }; +} diff --git a/nixos/suspend.nix b/nixos/suspend.nix new file mode 100644 index 0000000..11404de --- /dev/null +++ b/nixos/suspend.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: let + cfg = config.systemd._suspend; +in { + options.systemd._suspend = { + disable = lib.mkEnableOption "disables suspend"; + }; + + config = lib.mkIf cfg.disable { + # Disable suspend targets + systemd.targets = builtins.listToAttrs (map (name: { + inherit name; + value = { + enable = false; + unitConfig.DefaultDependencies = "no"; + }; + }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]); + }; +} diff --git a/pkgs/crazydiskinfo/default.nix b/pkgs/crazydiskinfo/default.nix new file mode 100644 index 0000000..61de338 --- /dev/null +++ b/pkgs/crazydiskinfo/default.nix @@ -0,0 +1,41 @@ +{ lib +, cmake +, fetchFromGitHub +, fetchpatch +, libatasmart +, ncurses5 +, stdenv +}: + +stdenv.mkDerivation rec { + pname = "crazydiskinfo"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "otakuto"; + repo = pname; + rev = "refs/tags/${version}"; + sha256 = "sha256-+6ShoaggQ256sLSJDj4d16OipUYX/4JjEwLL5hswjiQ="; + }; + + patches = [ + # Patch to fix build warnings + (fetchpatch { + url = "https://github.com/otakuto/crazydiskinfo/compare/1.1.0...8563aa8.diff"; + sha256 = "sha256-z9aOQFsivu6sYgsZBOlnTvqnoR2ro/jyuO/WOimLSXk="; + }) + ]; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ libatasmart ncurses5 ]; + + cmakeFlags = [ "-DCMAKE_INSTALL_PREFIX=$(out)" ]; + + meta = with lib; { + description = "CrazyDiskInfo is an interactive TUI S.M.A.R.T viewer for Unix systems"; + homepage = "https://github.com/otakuto/crazydiskinfo"; + mainProgram = "crazy"; + license = licenses.mit; + maintainers = [ maintainers.tjkeller ]; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..3a268ec --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: { + nixpkgs.overlays = with pkgs; [ + (final: prev: { + crazydiskinfo = (callPackage ./crazydiskinfo {}); + lowbat = (callPackage ./lowbat {}); + workcentre-7800-series = (callPackage ./xerox-workcentre-7800-series-driver {}); + unclutter-desktop-entry = (callPackage ./unclutter-desktop-entry {}); + + # Use my vimv-rs until pr gets merged + vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: { + src = fetchFromGitHub { + owner = "tjkeller-xyz"; + repo = "vimv-rs"; + rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769"; + sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA="; + }; + }); + + # Use my tamzen until pr gets merged + tamzen = prev.tamzen.overrideAttrs (oldAttrs: { + src = fetchFromGitHub { + owner = "tjkeller-xyz"; + repo = "tamzen-font"; + rev = "middledot"; + sha256 = "sha256-mVZ8SdYKTdMG1qBKKYdNjuoYvWkEq2ph2O1ztsNJEhs="; + }; + }); + }) + (import ./st/overrides.nix) + (import ./xorg/overrides.nix) + ]; +} diff --git a/pkgs/lowbat/default.nix b/pkgs/lowbat/default.nix new file mode 100644 index 0000000..64ec205 --- /dev/null +++ b/pkgs/lowbat/default.nix @@ -0,0 +1,28 @@ +{ lib +, fetchzip +, glib +, libnotify +, pkg-config +, stdenv +}: + +stdenv.mkDerivation rec { + pname = "lowbat"; + version = "1.2.2"; + + src = fetchzip { + url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz"; + sha256 = "sha256-utdcY9qoDcrBWnGC8m/LUsnoxQ0ilssPDF44A6D/C+8="; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libnotify glib ]; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with lib; { + description = "A minimal battery level monitor daemon, written in C"; + license = licenses.mit; + maintainers = [ maintainers.tjkeller ]; + }; +} diff --git a/pkgs/st/overrides.nix b/pkgs/st/overrides.nix new file mode 100644 index 0000000..2d0a37e --- /dev/null +++ b/pkgs/st/overrides.nix @@ -0,0 +1,19 @@ +final: prev: { + st = prev.st.overrideAttrs (finalAttrs: previousAttrs: { + version = "tj-0.9.2.3"; + + src = prev.fetchgit { + url = "https://git.tjkeller.xyz/${previousAttrs.pname}"; + tag = finalAttrs.version; + sha256 = "sha256-SQ62io4LWsPBvX8e9vUwVVXs/2+THoR6ZZoldQ6IUJk="; + }; + + makeFlags = previousAttrs.makeFlags ++ [ "CFLAGS=-Ofast" ]; + buildInputs = with prev.pkgs.xorg; previousAttrs.buildInputs ++ [ libXcursor libXext ]; + + meta = with prev.lib; previousAttrs.meta // { + homepage = "https://git.tjkeller.xyz/st"; + maintainers = previousAttrs.meta.maintainers ++ [ maintainers.tjkeller ]; + }; + }); +} diff --git a/pkgs/unclutter-desktop-entry/default.nix b/pkgs/unclutter-desktop-entry/default.nix new file mode 100644 index 0000000..c98cbda --- /dev/null +++ b/pkgs/unclutter-desktop-entry/default.nix @@ -0,0 +1,14 @@ +{ pkgs }: + +pkgs.makeDesktopItem { + name = "unclutter"; + desktopName = "Unclutter"; + comment = "Hides mouse pointer while not in use"; + exec = "${pkgs.unclutter-xfixes}/bin/unclutter"; + icon = "input-mouse"; + categories = [ "Utility" ]; + keywords = [ "mouse" "cursor" "hide" "idle" "pointer" ]; + #extraConfig = '' + # NoDisplay=true + #''; +} diff --git a/pkgs/xerox-workcentre-7800-series-driver/default.nix b/pkgs/xerox-workcentre-7800-series-driver/default.nix new file mode 100644 index 0000000..cfdaaae --- /dev/null +++ b/pkgs/xerox-workcentre-7800-series-driver/default.nix @@ -0,0 +1,86 @@ +{ + stdenv, + lib, + fetchurl, + dpkg, + autoPatchelfHook, + cups, + xorg, +}: +let + debPlatform = + if stdenv.hostPlatform.system == "x86_64-linux" then + "x86_64" + else if stdenv.hostPlatform.system == "i686-linux" then + "i686" + else + throw "Unsupported system: ${stdenv.hostPlatform.system}"; +in +stdenv.mkDerivation rec { + pname = "xerox-workcentre-7800-series-driver"; + version = "5.20.661.4684"; + debpkg = "XeroxOfficev5Pkg-Linux${debPlatform}-${version}.deb"; + + src = fetchurl { + url = "https://download.support.xerox.com/pub/drivers/CQ8580/drivers/linux/pt_BR/${debpkg}"; + sha256 = "014k0r9ij3401mnab1qzv96bjl9x7rf11aw1ibf0q370pk9jqqjb"; # TODO correct hash for i686 + }; + + nativeBuildInputs = [ dpkg autoPatchelfHook ]; + # TODO add support for disable xorg + buildInputs = [ + cups + stdenv.cc.cc.lib + xorg.libX11 + xorg.libXrender + xorg.libXfixes + xorg.libXdamage + xorg.libXcomposite + xorg.libXcursor + xorg.libXrandr + xorg.libXext + xorg.libXinerama + ]; + + sourceRoot = "."; + unpackCmd = "dpkg-deb -x $curSrc ."; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out + + # Copy and patch the binaries and libraries + cp -r opt $out/ + cp -r usr $out/ + + # Move the PPD to CUPS model dir + mkdir -p $out/share/cups/model + cp opt/XeroxOffice/prtsys/ppd/*.ppd $out/share/cups/model/ + + # Install the CUPS filters + mkdir -p $out/lib/cups/filter + cp usr/lib/cups/filter/* $out/lib/cups/filter/ + + # Install man pages + mkdir -p $out/share/man + cp -r usr/share/man/* $out/share/man/ + + runHook postInstall + ''; + + meta = with lib; { + description = "Xerox WorkCentre 7800 Series Linux Printer Driver"; + longDescription = '' + WorkCentre 7830/7835/7845/7855 + ''; + homepage = "https://www.support.xerox.com/en-us/product/workcentre-7800-series/downloads?platform=linux"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + #license = licenses.unfree; + maintainers = []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/xorg/overrides.nix b/pkgs/xorg/overrides.nix new file mode 100644 index 0000000..7225431 --- /dev/null +++ b/pkgs/xorg/overrides.nix @@ -0,0 +1,20 @@ +final: prev: { + xorg = prev.xorg // { + # Apply startx patch to create serverauth file in /tmp instead of home directory + xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: { + version = "1.4.4"; + patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from + # Override src since is hardcoded to 1.4.2 + src = prev.fetchurl { + url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; + sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; + }; + patches = [ + (prev.fetchpatch { + url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; + sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; + }) + ]; + })); + }; +} @@ -0,0 +1,2 @@ +#!/bin/sh +nixos-rebuild switch --use-remote-sudo --flake "$(dirname "$0")/#$(hostname)" $@ diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..8eb5373 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./timmy + ]; +} diff --git a/users/timmy/default.nix b/users/timmy/default.nix new file mode 100644 index 0000000..659efde --- /dev/null +++ b/users/timmy/default.nix @@ -0,0 +1,105 @@ +{ lib, config, pkgs, home-manager, ... }: let + cfg = config._users.timmy; + username = "timmy"; + email = "tjk@tjkeller.xyz"; + fullname = "Tim Keller"; + home = "/home/${username}"; + userDirs = { + desktop = "${home}"; + download = "${home}/dls"; + documents = "${home}/docs"; + pictures = "${home}/pics"; + # Set these as null so they're not created + music = null; + publicShare = null; + templates = null; + videos = null; + }; + sshKeyPaths = [ "${home}/.ssh/id_ed25519" ]; + sshPublicKeyPaths = lib.map (keyPath: keyPath + ".pub") sshKeyPaths; + sshPublicKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnsnAWcz46OVi1MWSxpOIUtUvwalijDwvW+oEvNjzep" ]; +in { + imports = [ + ./hosts.nix + ./localization.nix + ./nas.nix + ./printing.nix + ./user.nix + ./wifi.nix + ]; + + options._users.timmy = { + enable = lib.mkEnableOption "create user timmy"; + autologin.enable = lib.mkEnableOption "enables getty automatic login"; + }; + + #config = lib.mkIf cfg.enable { + config = { + # Setup zsh + programs.zsh.enable = true; + #environment.systemPackages = [ pkgs.zsh-fast-syntax-highlighting ]; # TODO + + # Setup normal user + users.users.timmy = { + home = home; + description = fullname; + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ + "nixbld" + "video" + "wheel" + ] ++ lib.optionals config.hardware.i2c.enable [ + "i2c" + ] ++ lib.optionals config.virtualisation.libvirtd.enable [ + "libvirtd" + ] ++ lib.optionals config.virtualisation.docker.enable [ + "docker" + ]; + }; + + # Configure automatic login with getty + services.getty = lib.mkIf cfg.autologin.enable { + autologinUser = username; + }; + + # Configure sops age key paths since age keys are generated via ssh private key + sops.age = { inherit sshKeyPaths; }; + + # Add authorizedKeys to cgit service + services._cgit.ssh.authorizedKeys = { + keys = sshPublicKeys; + keyFiles = sshPublicKeyPaths; + }; + + # Configure user home + home-manager.users.timmy = { + # Setup home-manager + home = { + username = username; + homeDirectory = home; + stateVersion = "24.05"; + }; + + # Setup userdirs + xdg.userDirs = { + enable = true; + createDirectories = true; + } // userDirs; + + # Setup git + programs.git = { + enable = true; + userName = fullname; + userEmail = email; + }; + + # Setup gtk bookmarks + gtk.gtk3.bookmarks = ( + lib.mapAttrsToList (name: dir: + lib.mkIf (dir != null) "file://${dir} ${lib.toUpper (lib.substring 0 1 name)}${lib.substring 1 (-1) name}" # Make first letter upper case + ) userDirs + ); + }; + }; +} diff --git a/modules/root/hosts.nix b/users/timmy/hosts.nix index 14daaf1..66c6ccc 100644 --- a/modules/root/hosts.nix +++ b/users/timmy/hosts.nix @@ -5,6 +5,7 @@ "192.168.1.11" = [ "truenas-home" ]; "192.168.77.11" = [ "truenas-office" ]; "192.168.77.8" = [ "publicgit" "tjkeller" ]; + "192.168.77.3" = [ "devel" ]; "173.9.253.3" = [ "git.tjkeller.xyz" "piped.tjkeller.xyz" diff --git a/users/timmy/localization.nix b/users/timmy/localization.nix new file mode 100644 index 0000000..6762161 --- /dev/null +++ b/users/timmy/localization.nix @@ -0,0 +1,12 @@ +{ lib, ... }: { + time.timeZone = lib.mkDefault "America/Chicago"; # Overwritten by automatic-timezoned + i18n.defaultLocale = "en_US.UTF-8"; + services.xserver.xkb.layout = "us"; + #services.geoclue2 = { + # enableStatic = true; + # staticLatitude = 41.881832; + # staticLongitude = -87.623177; + # staticAltitude = 100; + # staticAccuracy = 500; + #}; +} diff --git a/users/timmy/nas.nix b/users/timmy/nas.nix new file mode 100644 index 0000000..8fa28c3 --- /dev/null +++ b/users/timmy/nas.nix @@ -0,0 +1,35 @@ +{ lib, config, ... } : +let + cfg = config._users.timmy.nas; + mkNetworkFileSystem = device: automount: { + device = "${device}"; + fsType = "nfs"; + options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ]; + }; +in { + options._users.timmy.nas = { + enable = lib.mkEnableOption "enable network shares"; + home = { + enable = lib.mkEnableOption "enable home network shares"; + automount = lib.mkEnableOption "automount home network shares"; + }; + office = { + enable = lib.mkEnableOption "enable office network shares"; + automount = lib.mkEnableOption "automount home network shares"; + }; + }; + + config = lib.mkIf cfg.enable { + fileSystems = lib.optionalAttrs cfg.home.enable { + "/media/Storage/Media" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media" cfg.home.automount; + "/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups" cfg.home.automount; + "/media/Storage/Tapes" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes" cfg.home.automount; + "/media/Family Photos" = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos" cfg.home.automount; + } // lib.optionalAttrs cfg.office.enable { + "/media/chexx/chexx" = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx" cfg.office.automount; + "/media/chexx/tkdocs" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller" cfg.office.automount; + "/media/chexx/scans" = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans" cfg.office.automount; + }; + # TODO auto mkdirz + }; +} diff --git a/modules/root/printing.nix b/users/timmy/printing.nix index 69ff573..d5cceab 100644 --- a/modules/root/printing.nix +++ b/users/timmy/printing.nix @@ -1,33 +1,23 @@ { lib, config, pkgs, ... }: { - options = { - printing.enable = lib.mkEnableOption "enables printing"; - avahi.enable = lib.mkEnableOption "enables avahi"; - scanning.enable = lib.mkEnableOption "enables scanning"; - }; - - config = lib.mkIf config.printing.enable { - services.printing = { - enable = true; - drivers = [ - pkgs.epson-escpr2 - ]; - }; - - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; + config = lib.mkIf config.services.printing.enable { + # Printer drivers + services.printing.drivers = [ + pkgs.epson-escpr2 + pkgs.workcentre-7800-series + ]; - environment.systemPackages = with pkgs; pkgs.lib.optionals config.scanning.enable [ + # Scanning programs + environment.systemPackages = with pkgs; [ epsonscan2 ]; + # Printers networking.hosts = { "192.168.1.35" = [ "Epson_ET-8500" ]; "192.168.77.40" = [ "Xerox_WorkCentre_7855" ]; }; + # Add printers to cups hardware.printers.ensurePrinters = [ { name = "Epson_ET-8500"; diff --git a/users/timmy/resources/secrets/hashed-root-password.yaml b/users/timmy/resources/secrets/hashed-root-password.yaml new file mode 100644 index 0000000..a42fd42 --- /dev/null +++ b/users/timmy/resources/secrets/hashed-root-password.yaml @@ -0,0 +1,25 @@ +hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF + alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005 + OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG + RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy + bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6 + WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT + UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx + Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq + tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:34:07Z" + mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/users/timmy/resources/secrets/wpa_supplicant-conf.yaml b/users/timmy/resources/secrets/wpa_supplicant-conf.yaml new file mode 100644 index 0000000..2fd7a0e --- /dev/null +++ b/users/timmy/resources/secrets/wpa_supplicant-conf.yaml @@ -0,0 +1,16 @@ +wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz + ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM + b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4 + ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A + +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:33:44Z" + mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/users/timmy/user.nix b/users/timmy/user.nix new file mode 100644 index 0000000..2695549 --- /dev/null +++ b/users/timmy/user.nix @@ -0,0 +1,22 @@ +{ lib, config, pkgs, userDetails, ... }: let + cfg = config._archetypes.tjkeller.setPasswords; + hashedPasswordFile = config.sops.secrets.hashed-root-password.path; +in { + options._archetypes.tjkeller.setPasswords = { + enable = lib.mkEnableOption "set users password. requires hashed root password from sops"; + }; + + config = lib.mkIf cfg.enable { + # Load hashed root password secret + sops.secrets.hashed-root-password = { + sopsFile = ./resources/secrets/hashed-root-password.yaml; + neededForUsers = true; + }; + + # Apply password file + users.users = { + root = { inherit hashedPasswordFile; }; + ${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; }; + }; + }; +} diff --git a/users/timmy/wifi.nix b/users/timmy/wifi.nix new file mode 100644 index 0000000..9afcbc7 --- /dev/null +++ b/users/timmy/wifi.nix @@ -0,0 +1,38 @@ +{ lib, config, ... }: let + cfg = config._users.timmy.wifi; +in { + options._users.timmy.wifi = { + enable = lib.mkEnableOption "enables wifi"; + }; + + config = lib.mkIf cfg.enable { + networking.wireless = { + enable = true; # Enables wireless support via wpa_supplicant. + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) + }; + + # Load wpa_supplicant.conf secret config + sops.secrets.wpa_supplicant-conf = { + sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; + }; + + # Link /etc/wpa_supplicant.conf -> secret config + environment.etc."wpa_supplicant.conf" = { + source = config.sops.secrets.wpa_supplicant-conf.path; + }; + + # This service is a workaround to ensure that secrets are available on + # reboot when the secret keys are on a separate subvolume + systemd.services.npcnix-force-rebuild-sops-hack = { + wantedBy = [ "multi-user.target" ]; + before = [ "wpa_supplicant.service" ]; + serviceConfig = { + ExecStart = "/run/current-system/activate"; + Type = "oneshot"; + Restart = "on-failure"; # because oneshot + RestartSec = "10s"; + }; + }; + }; +} |