diff options
Diffstat (limited to 'modules/root')
-rw-r--r-- | modules/root/bluetooth.nix | 2 | ||||
-rw-r--r-- | modules/root/default.nix | 4 | ||||
-rw-r--r-- | modules/root/firewall.nix | 7 | ||||
-rw-r--r-- | modules/root/fonts.nix | 4 | ||||
-rw-r--r-- | modules/root/hosts.nix | 5 | ||||
-rw-r--r-- | modules/root/normaluser.nix | 9 | ||||
-rw-r--r-- | modules/root/printing.nix | 1 | ||||
-rw-r--r-- | modules/root/resources/secrets/secrets.yaml | 13 | ||||
-rw-r--r-- | modules/root/resources/x11/xinit-startx-xdg.patch | 14 | ||||
-rw-r--r-- | modules/root/secrets.nix | 2 | ||||
-rw-r--r-- | modules/root/software/default.nix | 1 | ||||
-rw-r--r-- | modules/root/software/desktop.nix | 9 | ||||
-rw-r--r-- | modules/root/software/development.nix | 7 | ||||
-rw-r--r-- | modules/root/software/overlays.nix | 20 | ||||
-rw-r--r-- | modules/root/software/system.nix | 1 | ||||
-rw-r--r-- | modules/root/software/utilities.nix | 6 | ||||
-rw-r--r-- | modules/root/suspend.nix | 16 | ||||
-rw-r--r-- | modules/root/udev.nix | 5 | ||||
-rw-r--r-- | modules/root/x11.nix | 36 |
19 files changed, 117 insertions, 45 deletions
diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix index d55eade..1f41c7e 100644 --- a/modules/root/bluetooth.nix +++ b/modules/root/bluetooth.nix @@ -3,7 +3,7 @@ bluetooth.enable = lib.mkEnableOption "enables bluetooth support"; }; - config = { + config = lib.mkIf config.bluetooth.enable { hardware.bluetooth.enable = true; services.blueman.enable = true; }; diff --git a/modules/root/default.nix b/modules/root/default.nix index e108318..7f647b5 100644 --- a/modules/root/default.nix +++ b/modules/root/default.nix @@ -5,6 +5,7 @@ ./bluetooth.nix ./bootloader.nix ./doas.nix + ./firewall.nix ./fonts.nix ./home-manager.nix ./hosts.nix @@ -17,7 +18,9 @@ ./printing.nix ./secrets.nix ./ssh.nix + ./suspend.nix ./tlp.nix + ./udev.nix ./wifi.nix ./x11.nix ./zsh.nix @@ -44,6 +47,7 @@ printing.enable = lib.mkDefault true; tlp.enable = lib.mkDefault true; scanning.enable = lib.mkDefault true; + suspend.enable = lib.mkDefault true; wifi.enable = lib.mkDefault true; xserver.enable = lib.mkDefault true; zsh.enable = lib.mkDefault true; diff --git a/modules/root/firewall.nix b/modules/root/firewall.nix new file mode 100644 index 0000000..e038cbe --- /dev/null +++ b/modules/root/firewall.nix @@ -0,0 +1,7 @@ +{ + networking.firewall = { + allowedTCPPorts = [ + 8080 + ]; + }; +} diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix index 3ae8eef..256e1ab 100644 --- a/modules/root/fonts.nix +++ b/modules/root/fonts.nix @@ -7,10 +7,8 @@ fonts.packages = with pkgs; [ commit-mono inter + nerd-fonts.jetbrains-mono tamzen - (nerdfonts.override { - fonts = [ "JetBrainsMono" ]; - }) ]; }; } diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix index 14daaf1..cb526f2 100644 --- a/modules/root/hosts.nix +++ b/modules/root/hosts.nix @@ -1,10 +1,12 @@ -{ +{ hostname, ... }: { + networking.hostName = hostname; # From flake.nix networking.hosts = { "192.168.1.9" = [ "optiplex" ]; "192.168.1.30" = [ "localgit" ]; "192.168.1.11" = [ "truenas-home" ]; "192.168.77.11" = [ "truenas-office" ]; "192.168.77.8" = [ "publicgit" "tjkeller" ]; + "192.168.77.3" = [ "devel" ]; "173.9.253.3" = [ "git.tjkeller.xyz" "piped.tjkeller.xyz" @@ -12,4 +14,5 @@ "tjkeller.xyz" ]; }; + environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications } diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix index fc243ea..88eb338 100644 --- a/modules/root/normaluser.nix +++ b/modules/root/normaluser.nix @@ -4,9 +4,14 @@ }; users.users.${userDetails.username} = { description = userDetails.fullname; - #home = userDetails.home.root; + #home = userDetails.home; isNormalUser = true; hashedPasswordFile = config.sops.secrets.hashed-root-password.path; - extraGroups = [ "wheel" "nixbld" ]; + extraGroups = [ + "i2c" + "nixbld" + "video" + "wheel" + ]; }; } diff --git a/modules/root/printing.nix b/modules/root/printing.nix index 69ff573..f0d0dd8 100644 --- a/modules/root/printing.nix +++ b/modules/root/printing.nix @@ -10,6 +10,7 @@ enable = true; drivers = [ pkgs.epson-escpr2 + pkgs.workcentre-7800-series ]; }; diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml index 03f9517..fcba4a6 100644 --- a/modules/root/resources/secrets/secrets.yaml +++ b/modules/root/resources/secrets/secrets.yaml @@ -1,10 +1,6 @@ -wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str] +wpa_supplicant-conf: ENC[AES256_GCM,data:fvYez82qSJ1LXiOVtgGiJuwzFC++V5rNJ3x5zK1PDUf0ohwpOVrC+P3A0Rob5LURBZL0KFSIBIbJ5Iq/bRtsAD6ZgIwsKQxi3fLRanUbx2PM6JFpDYWgKlvxWMPtNp0hlicdZny7ayRXXA3Y4FOFScLPfl+5perzw8+6M3YRoeTAeDQAlhkA9BzOmg3UHZsZgKvuNYhSO2oQubEyYRhBMN5opACyyC8E96lPIplZytuvB7L4LH4VQHnqryUqXdVjXv/UIhZx4QU+jkTR5KHG0M9oG9pcWi/gpQD69hesQhOhKF+K71Bg507F29rM6WK2m6mdg5xA2BX3WQeddxc1m/hkBpQBDUk1SC58z4fQ4feITy4pAJLYzHyvMVm7CSDv0mSgfOAS/i4GdMArHG2FYSPnJ0/pfOpOQgH73PuDqgjMyRepiwUC6DILsqvmjMEXp3DZrYxvuGTbhahd/EHUzuNrOe9Wcw5NH+vucmdDzihsJ6UO56mQ7Dr+/4QFiQ8MHA+wm63MvS16YG3bDOJXIt7mTPREdFGG2YtXJfnZLLYXzsnNJGihwyCXkC0QFJRRPZyr6bYpxdEWyDnNXFzkajYlP/+EqC8RbIFYAYz3aJogjCPtp5P5JI7dqmJ8ALkFFBY=,iv:b5hJnjKOJx1I13QCNJsKGDbQ7g+27eX1XkSVaGcJhA4=,tag:6QumSrB7myeS/SU5bEAKRQ==,type:str] hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv enc: | @@ -15,8 +11,7 @@ sops: UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-09T16:42:38Z" - mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str] - pgp: [] + lastmodified: "2025-07-10T02:39:52Z" + mac: ENC[AES256_GCM,data:dn9v2ur5/sIrQL4HrQvTYcXpja+JwE2TMheT/AasZlhcYHI2NhLNwgpcDzITQbnnf+WAWYz3vjyEnP8tYuxO1Bggu+dDjAHMV8AfceYHnqJFPK4L9Kb8hBK93+7uOE38kjfsV3fZ3JS7dU3DkpNV6Geqa8cQ0u2bN3Yiz8YnaiQ=,iv:GGoDCZ/l4s7atWmRsbopq/WgxhQipaKHhSVQWi0TK8U=,tag:gkYht8PMOcTFhHOABKj4Ig==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.10.2 diff --git a/modules/root/resources/x11/xinit-startx-xdg.patch b/modules/root/resources/x11/xinit-startx-xdg.patch deleted file mode 100644 index c1bca97..0000000 --- a/modules/root/resources/x11/xinit-startx-xdg.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/startx.cpp b/startx.cpp -index dfbebe1..472a1b0 100644 ---- a/startx.cpp -+++ b/startx.cpp -@@ -272,7 +272,7 @@ if [ x"$enable_xauth" = x1 ] ; then - dummy=0 - - XCOMM create a file with auth information for the server. ':0' is a dummy. -- xserverauthfile=$HOME/.serverauth.$$ -+ xserverauthfile="${XAUTHORITY:-$HOME/.Xauthority}" - trap "rm -f '$xserverauthfile'" HUP INT QUIT ILL TRAP BUS TERM - xauth -q -f "$xserverauthfile" << EOF - add :$dummy . $mcookie - diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix index 47262fd..045e3f4 100644 --- a/modules/root/secrets.nix +++ b/modules/root/secrets.nix @@ -4,7 +4,7 @@ sops = { defaultSopsFile = ./resources/secrets/secrets.yaml; defaultSopsFormat = "yaml"; - age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt"; + age.keyFile = "${userDetails.home}/.config/sops/age/keys.txt"; secrets = { wpa_supplicant-conf = { }; diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix index 8d1e987..5f6494d 100644 --- a/modules/root/software/default.nix +++ b/modules/root/software/default.nix @@ -5,6 +5,7 @@ ./desktop.nix ./development.nix ./docker.nix + ./overlays.nix ./system.nix ./utilities.nix ./virtualisation.nix diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix index 88101d8..b8cd1e7 100644 --- a/modules/root/software/desktop.nix +++ b/modules/root/software/desktop.nix @@ -30,10 +30,10 @@ pcmanfm redshift scrot + st sxiv wpa_supplicant_gui zathura - (callPackage ./derivations/st {}) ] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [ # Chrome config.software.desktop.chromium.package @@ -44,17 +44,16 @@ prusa-slicer ] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [ # Crypto Wallets - bisq2 - electrum - monero-gui + sparrow ] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [ # Graphics blender geeqie - gimp + gimp3 inkscape ] ++ pkgs.lib.optionals config.software.desktop.office.enable [ # Office + kdePackages.okular libreoffice pdfchain thunderbird diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix index 2a4dfba..af8a8a7 100644 --- a/modules/root/software/development.nix +++ b/modules/root/software/development.nix @@ -5,7 +5,7 @@ config = lib.mkIf config.software.development.enable { environment.systemPackages = with pkgs; [ - adb-sync + #adb-sync android-tools gcc git @@ -14,5 +14,10 @@ lua pkg-config ]; + + # Open 1313 for hugo serve + networking.firewall.allowedTCPPorts = [ + 1313 + ]; }; } diff --git a/modules/root/software/overlays.nix b/modules/root/software/overlays.nix new file mode 100644 index 0000000..bdb23fd --- /dev/null +++ b/modules/root/software/overlays.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: { + nixpkgs.overlays = with pkgs; [ + (final: prev: { + crazydiskinfo = (callPackage ./derivations/crazydiskinfo {}); + lowbat = (callPackage ./derivations/lowbat {}); + workcentre-7800-series = (callPackage ./derivations/xerox-workcentre-7800-series-driver {}); + + # Use my vimv-rs until pr gets merged + vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: { + src = fetchFromGitHub { + owner = "tjkeller-xyz"; + repo = "vimv-rs"; + rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769"; + sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA="; + }; + }); + }) + (import ./derivations/st/overrides.nix) + ]; +} diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix index f0a31f2..4c81596 100644 --- a/modules/root/software/system.nix +++ b/modules/root/software/system.nix @@ -5,6 +5,7 @@ dash # TODO should be default /bin/sh exfat git # Needed for home-manager + ntfs3g python3 sops # Secrets ]; diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix index dabf163..79285a1 100644 --- a/modules/root/software/utilities.nix +++ b/modules/root/software/utilities.nix @@ -1,5 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + crazydiskinfo entr fastfetch ffmpeg @@ -7,11 +8,13 @@ jq light lm_sensors + lowbat mediainfo neovim nmap openssl p7zip + pavolctld powertop pv rsync @@ -22,11 +25,10 @@ testdisk tmux uhubctl + vimv-rs wget wireguard-tools xxHash yt-dlp - (callPackage ./derivations/lowbat {}) - (callPackage ./derivations/pavolctld {}) ]; } diff --git a/modules/root/suspend.nix b/modules/root/suspend.nix new file mode 100644 index 0000000..814ae95 --- /dev/null +++ b/modules/root/suspend.nix @@ -0,0 +1,16 @@ +{ lib, config, ... }: { + options = { + suspend.enable = lib.mkEnableOption "enables suspend"; + }; + + config = lib.mkIf (! config.suspend.enable) { + # Disable suspend targets + systemd.targets = builtins.listToAttrs (map (name: { + inherit name; + value = { + enable = false; + unitConfig.DefaultDependencies = "no"; + }; + }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]); + }; +} diff --git a/modules/root/udev.nix b/modules/root/udev.nix new file mode 100644 index 0000000..17ed204 --- /dev/null +++ b/modules/root/udev.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: { + services.udev.extraRules = '' + SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; +} diff --git a/modules/root/x11.nix b/modules/root/x11.nix index fd15c52..f5a07b4 100644 --- a/modules/root/x11.nix +++ b/modules/root/x11.nix @@ -8,6 +8,30 @@ services.xserver.displayManager.startx.enable = true; services.libinput.enable = true; # Enable touchpad support + # Apply startx patch to create serverauth file in /tmp instead of home directory + nixpkgs.overlays = with pkgs; [ + (final: prev: { + xorg = prev.xorg // { + xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: { + version = "1.4.4"; + patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from + # Override src since is hardcoded to 1.4.2 + src = prev.fetchurl { + url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; + sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; + }; + patches = [ + (prev.fetchpatch { + url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; + sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; + }) + ]; + })); + }; + }) + ]; + + # Install basic X utilities environment.systemPackages = with pkgs; [ unclutter xcape @@ -19,12 +43,12 @@ xorg.xrandr xorg.xset xwallpaper - # Patch startx to be compliant with xdg base dir spec - (xorg.xinit.overrideAttrs (old: rec { - patches = [ - ./resources/x11/xinit-startx-xdg.patch - ]; - })) ]; + + # Enable TearFree option by default + # Not all video drivers support this option + services.xserver.deviceSection = '' + Option "TearFree" "true" + ''; }; } |