diff options
Diffstat (limited to 'modules')
55 files changed, 869 insertions, 155 deletions
diff --git a/modules/archetypes/headless/default.nix b/modules/archetypes/headless/default.nix new file mode 100644 index 0000000..b0dfb71 --- /dev/null +++ b/modules/archetypes/headless/default.nix @@ -0,0 +1,14 @@ +{ lib, ... }: { + autologin.enable = lib.mkOverride 101 false; + avahi.enable = lib.mkOverride 101 false; + bluetooth.enable = lib.mkOverride 101 false; + fonts.enable = lib.mkOverride 101 false; + pipewire.enable = lib.mkOverride 101 false; + printing.enable = lib.mkOverride 101 false; + tlp.enable = lib.mkOverride 101 false; + scanning.enable = lib.mkOverride 101 false; + suspend.enable = lib.mkOverride 101 false; + wifi.enable = lib.mkOverride 101 false; + xserver.enable = lib.mkOverride 101 false; + users.setPassword.enable = lib.mkOverride 101 false; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index 9daf51a..a015cc4 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,23 +1,26 @@ -{ lib, userDetails, ... }: { +{ lib, userDetails, homeStateVersion, ... }: { home = { username = userDetails.username; - homeDirectory = userDetails.home.root; - stateVersion = "24.05"; + homeDirectory = userDetails.home; + stateVersion = homeStateVersion; }; imports = [ - ./alacritty.nix #./chrome.nix ./firefox.nix ./git.nix + ./gtk-bookmarks.nix ./htop.nix ./initial-home-setup.nix ./pcmanfm.nix # TODO mk name changeable & doesn't seem to work right now + ./theme-st.nix ./theme.nix + ./userdirs.nix ./wallpapers.nix ]; - alacritty.enable = lib.mkDefault true; + theme.enable = lib.mkDefault true; + theme.st.enable = lib.mkDefault false; theme.mint.enable = lib.mkDefault true; wallpapers.enable = lib.mkDefault false; } diff --git a/modules/home/firefox.nix b/modules/home/firefox.nix index 5e015ff..8aa1af3 100644 --- a/modules/home/firefox.nix +++ b/modules/home/firefox.nix @@ -1,29 +1,33 @@ -{ pkgs, userDetails, ... }: { +{ lib, pkgs, userDetails, ... }: { programs.firefox = { - # TODO see if there is way to login to moz account in profile - enable = true; - arkenfox = { - enable = true; - }; + enable = lib.mkDefault true; + arkenfox.enable = true; profiles = let search = { engines = { "Timmy Search" = { - urls = [{ template = "https://search.tjkeller.xyz/search?q={searchTerms}"; }]; # Don't know how to do w/ POST but I prefer GET anyways + urls = [{ + template = "https://search.tjkeller.xyz/search"; + params = [ { name = "q"; value = "{searchTerms}"; } ]; + }]; iconURI = "https://search.tjkeller.xyz/static/themes/simple/img/favicon.svg"; # TODO doesn't seem to work }; "Nix Packages" = { urls = [{ template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; + params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@np" ]; }; + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ { name = "query"; value = "{searchTerms}"; } ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; }; default = "Timmy Search"; privateDefault = "Timmy Search"; @@ -36,7 +40,7 @@ "0100"."0102"."browser.startup.page".value = 3; # 0=blank, 1=home, 2=last visited page, 3=resume previous session "0100"."0103"."browser.startup.homepage".enable = false; "0100"."0104"."browser.newtabpage.enabled".enable = false; - "2800"."2811"."privacy.clearOnShutdown.history".enable = false; + #"2800"."2811"."privacy.clearOnShutdown.history".enable = false; }; settings = { "browser.compactmode.show" = true; @@ -46,7 +50,7 @@ "app.normandy.first_run" = false; "browser.aboutConfig.showWarning" = false; # arkenfox does - "browser.download.dir" = userDetails.home.downloads; # FF will create this dir if it doesn't exist + #"browser.download.dir" = userDetails.userDirs.downloads; "browser.newtabpage.activity-stream.feeds.section.topstories" = false; "browser.newtabpage.activity-stream.feeds.topsites" = false; "browser.urlbar.suggest.topsites" = false; @@ -54,7 +58,6 @@ "dom.push.enabled" = false; # "extensions.pocket.enabled" = false; "general.smoothScroll" = false; - #identity.fxaccounts.account.device.name = "timmy’s Firefox on nixos"; # HOSTNAME }; workSettings = settings // { "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # Use builtin dark theme instead of system theme diff --git a/modules/home/gtk-bookmarks.nix b/modules/home/gtk-bookmarks.nix new file mode 100644 index 0000000..24c6563 --- /dev/null +++ b/modules/home/gtk-bookmarks.nix @@ -0,0 +1,17 @@ +{ config, lib, userDetails, ... }: { + options = { + additional-gtk-bookmarks = lib.mkOption { + type = with lib.types; listOf str; + default = []; + description = "gtk bookmarks for file managers, etc."; + }; + }; + + config = { + gtk.gtk3.bookmarks = ( + lib.mapAttrsToList (name: path: + "file://${path} ${lib.toUpper (lib.substring 0 1 name)}${lib.substring 1 (-1) name}" + ) userDetails.userDirs + ) ++ config.additional-gtk-bookmarks; + }; +} diff --git a/modules/home/initial-home-setup.nix b/modules/home/initial-home-setup.nix index 046f5a5..4132386 100644 --- a/modules/home/initial-home-setup.nix +++ b/modules/home/initial-home-setup.nix @@ -16,7 +16,7 @@ run mimewiz -i # already verbose ''; createDirs = lib.hm.dag.entryAfter ["writeBoundary"] '' - run mkdir -p $VERBOSE_ARG "${userDetails.home.downloads}" + run mkdir -p $VERBOSE_ARG ${ lib.concatStringsSep " " (lib.attrValues userDetails.userDirs) } ''; }; } diff --git a/modules/home/resources/activation-scripts/clone-repos.sh b/modules/home/resources/activation-scripts/clone-repos.sh index 887968b..eaee4dc 100644 --- a/modules/home/resources/activation-scripts/clone-repos.sh +++ b/modules/home/resources/activation-scripts/clone-repos.sh @@ -3,8 +3,14 @@ server="https://git.tjkeller.xyz/" clonemissing() { + # pull and return if already existing + if [ -d "$2"/.git ]; then + run cd $VERBOSE_ARG "$2" + run git pull $VERBOSE_ARG || echo "$2: failed to pull from remote" + return + fi + # clone to $2 - [ -d "$2"/.git ] && return run mkdir -p $VERBOSE_ARG "$2" run git clone $VERBOSE_ARG "$server$1" "$2" diff --git a/modules/home/resources/firefox/userChrome.css b/modules/home/resources/firefox/userChrome.css index de0e112..624ab26 100644 --- a/modules/home/resources/firefox/userChrome.css +++ b/modules/home/resources/firefox/userChrome.css @@ -14,6 +14,17 @@ background: var(--toolbar-field-border-color) !important; } +/* Change background color of bookmarks toolbar */ +#PersonalToolbar { + background: var(--toolbox-bgcolor) !important; +} + +/* Adjust spacing of toolbar items */ +#PlacesToolbarItems { + gap: .35rem; + margin-block: .2rem; +} + /* Fix vertical spacing of tabs */ #TabsToolbar { margin-top: -1px; diff --git a/modules/home/theme-st.nix b/modules/home/theme-st.nix new file mode 100644 index 0000000..0a06cd0 --- /dev/null +++ b/modules/home/theme-st.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: { + options = { + theme.st = { + enable = lib.mkEnableOption "enables theming st with home manager"; + font = lib.mkOption { + type = lib.types.str; + default = "JetBrainsMonoNL Nerd Font Mono:size=12:antialias=true:autohint=true"; + }; + }; + }; + config = let + themed-st = pkgs.st.overrideAttrs (old: { + buildInputs = old.buildInputs or [] ++ [ pkgs.makeWrapper ]; + postInstall = old.postInstall or "" + '' + wrapProgram $out/bin/st \ + --add-flags '-f"${config.theme.st.font}"' + ''; + }); + in lib.mkIf config.theme.enable { + home.packages = [ themed-st ]; + }; +} diff --git a/modules/home/theme.nix b/modules/home/theme.nix index 4128e1d..9e4edae 100644 --- a/modules/home/theme.nix +++ b/modules/home/theme.nix @@ -7,6 +7,7 @@ let ; in { options = { + theme.enable = lib.mkEnableOption "enables theming"; theme.mint = { enable = lib.mkEnableOption "enables mint theme"; # TODO add theme.dark option instead of specifying Dark-Color @@ -16,7 +17,7 @@ in { "Sand" "Teal" "Dark-Aqua" "Dark-Blue" "Dark-Green" "Dark-Grey" "Dark-Orange" "Dark-Pink" "Dark-Purple" "Dark-Red" "Dark-Sand" "Dark-Teal" - ]; + ]; default = "Dark-Aqua"; description = "mint-y theme color eg. 'Dark-Aqua' or 'Red'"; }; @@ -29,9 +30,45 @@ in { description = "mint-y icons color eg. 'Aqua' or 'Red'"; }; }; + theme.font = { + sansSerif = lib.mkOption { + type = lib.types.str; + default = "Inter"; + description = "default sans serif font"; + }; + monospace = lib.mkOption { + type = lib.types.str; + default = "CommitMono"; + description = "default monospace font"; + }; + gtk = { + name = lib.mkOption { + type = lib.types.str; + default = "sans-serif"; + description = "default gtk font"; + }; + size = lib.mkOption { + type = with lib.types; nullOr int; + default = null; + description = "default gtk font size"; + }; + }; + }; + theme.cursor = { + name = lib.mkOption { + type = lib.types.str; + default = "Adwaita"; + description = "gtk cursor theme"; + }; + size = lib.mkOption { + type = with lib.types; nullOr int; + default = null; + description = "gtk cursor size"; + }; + }; }; - config = { + config = lib.mkIf config.theme.enable { gtk = { enable = true; theme = lib.mkIf config.theme.mint.enable { @@ -43,20 +80,13 @@ in { name = transformColorValue config.theme.mint.icons.color; }; font = { - package = pkgs.inter; - name = "Inter"; + name = config.theme.font.gtk.name; + size = config.theme.font.gtk.size; }; cursorTheme = { - name = "Adwaita"; + name = config.theme.cursor.name; + size = config.theme.cursor.size; }; - gtk3.bookmarks = [ - "file:///home/timmy/dls Downloads" - "file:///home/timmy/docs Documents" - "file:///home/timmy/pics/screenshots Screenshots" - "file:///home/timmy/docs/src/sites sites" - "file:///home/timmy/docs/src/scripts scripts" - "file:///home/timmy/docs/src/programs programs" - ]; gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; }; qt = { @@ -64,8 +94,8 @@ in { platformTheme.name = "gtk3"; }; fonts.fontconfig.defaultFonts = { - sansSerif = [ "Inter" ]; - monospace = [ "CommitMono" ]; + sansSerif = [ config.theme.font.sansSerif ]; + monospace = [ config.theme.font.monospace ]; }; }; } diff --git a/modules/home/userdirs.nix b/modules/home/userdirs.nix new file mode 100644 index 0000000..58c1d59 --- /dev/null +++ b/modules/home/userdirs.nix @@ -0,0 +1,5 @@ +{ userDetails, ... }: { + xdg.userDirs = { + enable = true; + } // userDetails.userDirs; +} diff --git a/modules/hosts/T430/configuration.nix b/modules/hosts/T430/configuration.nix index 282515d..7910275 100644 --- a/modules/hosts/T430/configuration.nix +++ b/modules/hosts/T430/configuration.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; - networking.hostName = "T430"; # TODO this does not function #boot.initrd.systemd.extraBin = { diff --git a/modules/hosts/T430/home.nix b/modules/hosts/T430/home.nix index 9885a06..15df79a 100644 --- a/modules/hosts/T430/home.nix +++ b/modules/hosts/T430/home.nix @@ -1,6 +1,5 @@ { ... }: { imports = [ ../../home ]; - alacritty.font.size = 9; wallpapers.enable = true; } diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix index 526b7bb..6ee62e9 100644 --- a/modules/hosts/T495/configuration.nix +++ b/modules/hosts/T495/configuration.nix @@ -2,11 +2,9 @@ imports = [ ./hardware-configuration.nix ./games.nix - ./input-leap.nix + #./input-leap.nix ./wg.nix ]; - networking.hostName = "T495"; - bootloader.mode = "efi"; # Enable extra software pkgs @@ -27,10 +25,6 @@ nas.office.enable = true; nas.office.automount = false; - networking.hosts = { - "192.168.77.3" = [ "devel" ]; - }; - # Use amdgpu driver for x11 services.xserver.videoDrivers = [ "amdgpu" ]; diff --git a/modules/hosts/T495/home.nix b/modules/hosts/T495/home.nix index 817b0c0..f233c08 100644 --- a/modules/hosts/T495/home.nix +++ b/modules/hosts/T495/home.nix @@ -1,8 +1,14 @@ { ... }: { imports = [ ../../home ]; - theme.mint.theme.color = "Dark-Purple"; - theme.mint.icons.color = "Purple"; + theme = { + mint.theme.color = "Dark-Purple"; + mint.icons.color = "Purple"; + st = { + enable = true; + font = "TamzenForPowerline:pixelsize=20"; + }; + }; wallpapers.enable = true; home.file.input-leap-config = { diff --git a/modules/hosts/X230/configuration.nix b/modules/hosts/X230/configuration.nix new file mode 100644 index 0000000..9a8e6b4 --- /dev/null +++ b/modules/hosts/X230/configuration.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ]; + bootloader.mode = "efi"; + + # Enable extra software pkgs + software.desktop = { + crypto.enable = true; + graphics.enable = true; + office.enable = true; + }; + + system.stateVersion = "24.05"; +} diff --git a/modules/hosts/X230/hardware-configuration.nix b/modules/hosts/X230/hardware-configuration.nix new file mode 100644 index 0000000..0791585 --- /dev/null +++ b/modules/hosts/X230/hardware-configuration.nix @@ -0,0 +1,48 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/6019772f-4a1c-4abd-9c70-b1d71cc2de65"; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/72D4-F66A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/hosts/X230/home.nix b/modules/hosts/X230/home.nix new file mode 100644 index 0000000..03b559d --- /dev/null +++ b/modules/hosts/X230/home.nix @@ -0,0 +1,18 @@ +{ ... }: { + imports = [ ../../home ]; + + theme = { + mint.theme.color = "Dark-Teal"; + mint.icons.color = "Teal"; + font = { + monospace = "TamzenForPowerline"; + gtk.name = "monospace"; + gtk.size = 8; + }; + cursor.size = 24; + st = { + enable = true; + font = "TamzenForPowerline:pixelsize=14"; + }; + }; +} diff --git a/modules/hosts/flex-wg-router/configuration.nix b/modules/hosts/flex-wg-router/configuration.nix new file mode 100644 index 0000000..f21046d --- /dev/null +++ b/modules/hosts/flex-wg-router/configuration.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ../../archetypes/headless + ]; + bootloader.mode = "efi"; + + # Enable docker + software.development = { + docker.enable = true; + }; + + # Enable set root password + users.setPassword.enable = true; + + system.stateVersion = "25.05"; +} diff --git a/modules/hosts/flex-wg-router/hardware-configuration.nix b/modules/hosts/flex-wg-router/hardware-configuration.nix new file mode 100644 index 0000000..01cff6d --- /dev/null +++ b/modules/hosts/flex-wg-router/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/345A-436A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/hosts/flex-wg-router/home.nix b/modules/hosts/flex-wg-router/home.nix new file mode 100644 index 0000000..21d548f --- /dev/null +++ b/modules/hosts/flex-wg-router/home.nix @@ -0,0 +1,7 @@ +{ ... }: { + imports = [ ../../home ]; + + theme.enable = false; + programs.firefox.enable = false; + gtk.enable = false; +} diff --git a/modules/hosts/hp-envy-office/configuration.nix b/modules/hosts/hp-envy-office/configuration.nix index 9a7a43a..9b3e173 100644 --- a/modules/hosts/hp-envy-office/configuration.nix +++ b/modules/hosts/hp-envy-office/configuration.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ]; - networking.hostName = "hp-envy-office"; + imports = [ ./hardware-configuration.nix ]; + + # Show bootloader for longer since it usually doesn't show + boot.loader.timeout = 15; # Enable extra software pkgs software.desktop = { @@ -17,6 +17,9 @@ docker.enable = true; }; + # Enable virtualization + virtualization.enable = true; + # Enable network drives nas.enable = true; nas.office.enable = true; diff --git a/modules/hosts/hp-envy-office/home.nix b/modules/hosts/hp-envy-office/home.nix index ee56dc6..2e4f61f 100644 --- a/modules/hosts/hp-envy-office/home.nix +++ b/modules/hosts/hp-envy-office/home.nix @@ -1,7 +1,12 @@ -{ ... }: { +{ userDetails, ... }: { imports = [ ../../home ]; theme.mint.theme.color = "Dark-Green"; theme.mint.icons.color = "Green"; wallpapers.enable = true; + + additional-gtk-bookmarks = with userDetails.userDirs; [ + "file://${documents}/src/sites/admin Admin" + "file:///media/chexx/chexx cHEXx" + ]; } diff --git a/modules/hosts/libreX60/bios-flashing.nix b/modules/hosts/libreX60/bios-flashing.nix new file mode 100644 index 0000000..6117813 --- /dev/null +++ b/modules/hosts/libreX60/bios-flashing.nix @@ -0,0 +1,8 @@ +# https://libreboot.org/docs/install/#thinkpad-t60x60x60tabletx60s + +{ pkgs, ... }: { + environment.systemPackages = [ pkgs.flashprog ]; + + boot.kernelParams = [ "iomem=relaxed" ]; +} + diff --git a/modules/hosts/libreX60/configuration.nix b/modules/hosts/libreX60/configuration.nix new file mode 100644 index 0000000..55f1774 --- /dev/null +++ b/modules/hosts/libreX60/configuration.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ./powertop-auto-tune.nix + # Uncomment this module and reboot to enable bios flashing + #./bios-flashing.nix + ]; + + # Use grub + bootloader = { + loader = "grub"; + mode = "bios"; + grub.biosDevice = "/dev/sda"; + }; + + # Use bootloader + boot.kernelPackages = pkgs.linuxPackages-libre; + + # Enable network drives + nas.enable = true; + + # i915 Gpu requires intel driver + services.xserver.videoDrivers = [ "intel" ]; + + system.stateVersion = "24.11"; +} diff --git a/modules/hosts/libreX60/hardware-configuration.nix b/modules/hosts/libreX60/hardware-configuration.nix new file mode 100644 index 0000000..b0a7868 --- /dev/null +++ b/modules/hosts/libreX60/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F618-D6C2"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/hosts/libreX60/home.nix b/modules/hosts/libreX60/home.nix new file mode 100644 index 0000000..f5957d6 --- /dev/null +++ b/modules/hosts/libreX60/home.nix @@ -0,0 +1,18 @@ +{ ... }: { + imports = [ ../../home ]; + + theme = { + mint.theme.color = "Dark-Red"; + mint.icons.color = "Red"; + font = { + monospace = "TamzenForPowerline"; + gtk.name = "monospace"; + gtk.size = 8; + }; + cursor.size = 24; + st = { + enable = true; + font = "TamzenForPowerline:pixelsize=14"; + }; + }; +} diff --git a/modules/hosts/libreX60/powertop-auto-tune.nix b/modules/hosts/libreX60/powertop-auto-tune.nix new file mode 100644 index 0000000..0eb9578 --- /dev/null +++ b/modules/hosts/libreX60/powertop-auto-tune.nix @@ -0,0 +1,17 @@ +# https://en.wikibooks.org/wiki/Libreboot/ThinkPad_X60#Remove_High_Pitched_Whining_Noise +# TLDR; running `powertop --auto-tune` is supposed to kill the high pitched noises produced by the X60 + +{ pkgs, ... }: { + environment.systemPackages = [ pkgs.powertop ]; + + # Create systemd service + systemd.services.powertop-autotune = { + description = "Powertop Auto-Tune"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.powertop}/bin/powertop --auto-tune"; + }; + }; +} diff --git a/modules/hosts/optiplex/configuration.nix b/modules/hosts/optiplex/configuration.nix new file mode 100644 index 0000000..16ba475 --- /dev/null +++ b/modules/hosts/optiplex/configuration.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: { + imports = [ ./hardware-configuration.nix ]; + bootloader.mode = "efi"; + + # Allow unfree for nvidia + others + nixpkgs.config.allowUnfree = true; + + # Enable extra software pkgs + software.desktop = { + chromium.enable = true; + cad.enable = true; + crypto.enable = true; + graphics.enable = true; + office.enable = true; + utilities.enable = true; + }; + software.development = { + docker.enable = true; + }; + + # Install more programs + environment.systemPackages = with pkgs; [ + prismlauncher + spotify + #vintagestory + ]; + + # Enable network drives + nas.enable = true; + + # Disable wifi + wifi.enable = false; + + # Use nvidia driver + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia = { + modesetting.enable = true; # Required + powerManagement.enable = false; # Can cause bugs + nvidiaSettings = true; + open = false; # Not compatible w/ GTX-1050 + package = config.boot.kernelPackages.nvidiaPackages.stable; # Still good for 1050 + forceFullCompositionPipeline = true; # Enables vsync + }; + + # Disable suspend + suspend.enable = false; + + system.stateVersion = "24.11"; +} diff --git a/modules/hosts/optiplex/hardware-configuration.nix b/modules/hosts/optiplex/hardware-configuration.nix new file mode 100644 index 0000000..3d9651e --- /dev/null +++ b/modules/hosts/optiplex/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "firewire_ohci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a9d54117-31f6-4cad-b1b2-250f6bfd7808"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/a9d54117-31f6-4cad-b1b2-250f6bfd7808"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6987-81B6"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/hosts/optiplex/home.nix b/modules/hosts/optiplex/home.nix new file mode 100644 index 0000000..ee56dc6 --- /dev/null +++ b/modules/hosts/optiplex/home.nix @@ -0,0 +1,7 @@ +{ ... }: { + imports = [ ../../home ]; + + theme.mint.theme.color = "Dark-Green"; + theme.mint.icons.color = "Green"; + wallpapers.enable = true; +} diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix index d55eade..1f41c7e 100644 --- a/modules/root/bluetooth.nix +++ b/modules/root/bluetooth.nix @@ -3,7 +3,7 @@ bluetooth.enable = lib.mkEnableOption "enables bluetooth support"; }; - config = { + config = lib.mkIf config.bluetooth.enable { hardware.bluetooth.enable = true; services.blueman.enable = true; }; diff --git a/modules/root/default.nix b/modules/root/default.nix index e108318..9d288dc 100644 --- a/modules/root/default.nix +++ b/modules/root/default.nix @@ -5,6 +5,7 @@ ./bluetooth.nix ./bootloader.nix ./doas.nix + ./firewall.nix ./fonts.nix ./home-manager.nix ./hosts.nix @@ -15,9 +16,12 @@ ./pipewire.nix ./powerkeys.nix ./printing.nix + ./searxng.nix ./secrets.nix ./ssh.nix + ./suspend.nix ./tlp.nix + ./udev.nix ./wifi.nix ./x11.nix ./zsh.nix @@ -44,6 +48,8 @@ printing.enable = lib.mkDefault true; tlp.enable = lib.mkDefault true; scanning.enable = lib.mkDefault true; + searxng.enable = lib.mkDefault false; + suspend.enable = lib.mkDefault true; wifi.enable = lib.mkDefault true; xserver.enable = lib.mkDefault true; zsh.enable = lib.mkDefault true; diff --git a/modules/root/firewall.nix b/modules/root/firewall.nix new file mode 100644 index 0000000..e038cbe --- /dev/null +++ b/modules/root/firewall.nix @@ -0,0 +1,7 @@ +{ + networking.firewall = { + allowedTCPPorts = [ + 8080 + ]; + }; +} diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix index 3ae8eef..256e1ab 100644 --- a/modules/root/fonts.nix +++ b/modules/root/fonts.nix @@ -7,10 +7,8 @@ fonts.packages = with pkgs; [ commit-mono inter + nerd-fonts.jetbrains-mono tamzen - (nerdfonts.override { - fonts = [ "JetBrainsMono" ]; - }) ]; }; } diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix index 14daaf1..cb526f2 100644 --- a/modules/root/hosts.nix +++ b/modules/root/hosts.nix @@ -1,10 +1,12 @@ -{ +{ hostname, ... }: { + networking.hostName = hostname; # From flake.nix networking.hosts = { "192.168.1.9" = [ "optiplex" ]; "192.168.1.30" = [ "localgit" ]; "192.168.1.11" = [ "truenas-home" ]; "192.168.77.11" = [ "truenas-office" ]; "192.168.77.8" = [ "publicgit" "tjkeller" ]; + "192.168.77.3" = [ "devel" ]; "173.9.253.3" = [ "git.tjkeller.xyz" "piped.tjkeller.xyz" @@ -12,4 +14,5 @@ "tjkeller.xyz" ]; }; + environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications } diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix index fc243ea..50e9236 100644 --- a/modules/root/normaluser.nix +++ b/modules/root/normaluser.nix @@ -1,12 +1,31 @@ -{ config, userDetails, ... }: { - users.users.root = { - hashedPasswordFile = config.sops.secrets.hashed-root-password.path; +{ lib, config, userDetails, ... }: { + options = { + users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops"; }; - users.users.${userDetails.username} = { - description = userDetails.fullname; - #home = userDetails.home.root; - isNormalUser = true; - hashedPasswordFile = config.sops.secrets.hashed-root-password.path; - extraGroups = [ "wheel" "nixbld" ]; + + config = { + # Load hashed root password secret + sops.secrets.hashed-root-password = lib.mkIf config.users.setPassword.enable { + sopsFile = ./resources/secrets/hashed-root-password.yaml; + neededForUsers = true; + }; + + # Set hashed password file if the setPassword option is enabled + users.users.root.hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path; + + # Setup normal user + users.users.${userDetails.username} = { + home = userDetails.home; + description = userDetails.fullname; + isNormalUser = true; + extraGroups = [ + "i2c" + "libvirtd" + "nixbld" + "video" + "wheel" + ]; + hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path; + }; }; } diff --git a/modules/root/printing.nix b/modules/root/printing.nix index 69ff573..f0d0dd8 100644 --- a/modules/root/printing.nix +++ b/modules/root/printing.nix @@ -10,6 +10,7 @@ enable = true; drivers = [ pkgs.epson-escpr2 + pkgs.workcentre-7800-series ]; }; diff --git a/modules/root/resources/secrets/hashed-root-password.yaml b/modules/root/resources/secrets/hashed-root-password.yaml new file mode 100644 index 0000000..a42fd42 --- /dev/null +++ b/modules/root/resources/secrets/hashed-root-password.yaml @@ -0,0 +1,25 @@ +hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF + alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005 + OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG + RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy + bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6 + WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT + UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx + Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq + tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:34:07Z" + mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml deleted file mode 100644 index 03f9517..0000000 --- a/modules/root/resources/secrets/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str] -hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTUlBZXQ5Z080UUxoUGdr - dm9hRE5uTzFwWXhOWkJnbXNvazd1UnplcUdZCnRKQ3RVT1RGZURLYUxINStBSU4x - bUZudFp2SC9DSkVhNTRHV0MrRFFMckEKLS0tIGNBb3FLQVJsTGVsY3hMdy94WWZx - UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K - nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-09T16:42:38Z" - mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.2 diff --git a/modules/root/resources/secrets/wpa_supplicant-conf.yaml b/modules/root/resources/secrets/wpa_supplicant-conf.yaml new file mode 100644 index 0000000..2fd7a0e --- /dev/null +++ b/modules/root/resources/secrets/wpa_supplicant-conf.yaml @@ -0,0 +1,16 @@ +wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str] +sops: + age: + - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz + ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM + b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4 + ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A + +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:33:44Z" + mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/modules/root/resources/x11/xinit-startx-xdg.patch b/modules/root/resources/x11/xinit-startx-xdg.patch deleted file mode 100644 index c1bca97..0000000 --- a/modules/root/resources/x11/xinit-startx-xdg.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/startx.cpp b/startx.cpp -index dfbebe1..472a1b0 100644 ---- a/startx.cpp -+++ b/startx.cpp -@@ -272,7 +272,7 @@ if [ x"$enable_xauth" = x1 ] ; then - dummy=0 - - XCOMM create a file with auth information for the server. ':0' is a dummy. -- xserverauthfile=$HOME/.serverauth.$$ -+ xserverauthfile="${XAUTHORITY:-$HOME/.Xauthority}" - trap "rm -f '$xserverauthfile'" HUP INT QUIT ILL TRAP BUS TERM - xauth -q -f "$xserverauthfile" << EOF - add :$dummy . $mcookie - diff --git a/modules/root/searxng.nix b/modules/root/searxng.nix new file mode 100644 index 0000000..9f59314 --- /dev/null +++ b/modules/root/searxng.nix @@ -0,0 +1,109 @@ +{ pkgs, lib, config, ... }: let + environmentFile = "/run/searx/searxng.env"; + generateEnvironmentFile = '' + umask 077 + echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile} + ls /run/searx + ''; +in { + options = { + searxng.enable = lib.mkEnableOption "enables searxng service"; + }; + + config = lib.mkIf config.searxng.enable { + # Generate secret key + systemd.services.searx-environment-file = { + description = "Generate environment file with secret key for searx"; + wantedBy = [ "searx-init.service" ]; + partOf = [ "searx-init.service" ]; + before = [ "searx-init.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "searx"; + RuntimeDirectory = "searx"; + RuntimeDirectoryMode = "750"; + ConditionPathExists = "!${environmentFile}"; + }; + script = generateEnvironmentFile; + }; + + # Configure searxng + services.searx = { + enable = true; + redisCreateLocally = true; + package = pkgs.searxng; + inherit environmentFile; # Provides secret key + + settings = { + general = { + instance_name = "TJK Search"; + donation_url = "https://tjkeller.xyz"; + enable_metrics = false; + }; + + # Search engine settings + search = { + safe_search = 2; # Strict + autocomplete = ""; + default_lang = "en-US"; + }; + + preferences.lock = [ "safesearch" ]; # Lock safe_search at strict + + # https://docs.searxng.org/admin/plugins.html + enabled_plugins = [ + "Tor check plugin" + "Tracker URL remover" + "Basic Calculator" + "Unit converter plugin" + "Hash plugin" + "Self Information" + "Open Access DOI rewrite" + "Hostnames plugin" + ]; + + hostnames.replace = { + "(.*\.)?youtube\.com$" = "piped.tjkeller.xyz"; + "(.*\.)?youtu\.be$" = "piped.tjkeller.xyz"; + "(.*\.)?reddit\.com$" = "old.reddit.com"; + }; + + # Enable / disabled search engines from default list + engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) { + # Images + "artic" = false; + "deviantart" = false; + "flickr" = false; + "library of congress" = false; + "openverse" = false; + "pinterest" = false; + "public domain image archive" = false; + "unsplash" = false; + "wallhaven" = false; + "wikicommons.images" = false; + + # Videos + "bitchute" = true; + "dailymotion" = false; + "piped" = false; + "rumble" = true; + "sepiasearch" = false; + "vimeo" = false; + "wikicommons.videos" = false; + + # Music + "piped.music" = false; + + # Files + "1337x" = true; + "annas archive" = true; + "library genesis" = true; + + # Apps + "fdroid" = true; + }; + }; + }; + }; +} diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix index 47262fd..416bcde 100644 --- a/modules/root/secrets.nix +++ b/modules/root/secrets.nix @@ -1,30 +1,8 @@ -{ pkgs, inputs, config, userDetails, ... }: { +{ inputs, config, userDetails, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { - defaultSopsFile = ./resources/secrets/secrets.yaml; defaultSopsFormat = "yaml"; - age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt"; - - secrets = { - wpa_supplicant-conf = { }; - hashed-root-password = { }; - }; - }; - - # This service is a workaround to ensure that secrets are available on - # reboot when the secret keys are on a separate subvolume - systemd.services.npcnix-force-rebuild-sops-hack = { - wantedBy = [ "multi-user.target" ]; - before = [ - # List all services that require secrets - "wpa_supplicant.service" - ]; - serviceConfig = { - ExecStart = "/run/current-system/activate"; - Type = "oneshot"; - Restart = "on-failure"; # because oneshot - RestartSec = "10s"; - }; + age.sshKeyPaths = [ "${userDetails.home}/.ssh/id_ed25519" "/root/.ssh/id_ed25519" ]; }; } diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix index 8d1e987..0a54b63 100644 --- a/modules/root/software/default.nix +++ b/modules/root/software/default.nix @@ -5,9 +5,10 @@ ./desktop.nix ./development.nix ./docker.nix + ./overlays.nix ./system.nix ./utilities.nix - ./virtualisation.nix + ./virtualization.nix ]; software.desktop = { @@ -29,6 +30,6 @@ }; }; - virtualisation.enable = lib.mkDefault false; + virtualization.enable = lib.mkDefault false; xserver.awesome.enable = lib.mkDefault true; } diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix index 3f6cfae..b8cd1e7 100644 --- a/modules/root/software/desktop.nix +++ b/modules/root/software/desktop.nix @@ -22,20 +22,18 @@ config = lib.mkIf config.software.desktop.enable { environment.systemPackages = with pkgs; [ # Default - alacritty arandr dmenu - jellyfin-mpv-shim libnotify mpv pavucontrol pcmanfm redshift scrot + st sxiv wpa_supplicant_gui zathura - (callPackage ./derivations/st {}) ] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [ # Chrome config.software.desktop.chromium.package @@ -46,22 +44,22 @@ prusa-slicer ] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [ # Crypto Wallets - bisq2 - electrum - monero-gui + sparrow ] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [ # Graphics blender geeqie - gimp + gimp3 inkscape ] ++ pkgs.lib.optionals config.software.desktop.office.enable [ # Office + kdePackages.okular libreoffice pdfchain thunderbird ] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [ # Misc Utilities + jellyfin-mpv-shim qbittorrent qdirstat remmina diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix index 2a4dfba..af8a8a7 100644 --- a/modules/root/software/development.nix +++ b/modules/root/software/development.nix @@ -5,7 +5,7 @@ config = lib.mkIf config.software.development.enable { environment.systemPackages = with pkgs; [ - adb-sync + #adb-sync android-tools gcc git @@ -14,5 +14,10 @@ lua pkg-config ]; + + # Open 1313 for hugo serve + networking.firewall.allowedTCPPorts = [ + 1313 + ]; }; } diff --git a/modules/root/software/overlays.nix b/modules/root/software/overlays.nix new file mode 100644 index 0000000..2037c0d --- /dev/null +++ b/modules/root/software/overlays.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: { + nixpkgs.overlays = with pkgs; [ + (final: prev: { + crazydiskinfo = (callPackage ./derivations/crazydiskinfo {}); + lowbat = (callPackage ./derivations/lowbat {}); + workcentre-7800-series = (callPackage ./derivations/xerox-workcentre-7800-series-driver {}); + + # Use my vimv-rs until pr gets merged + vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: { + src = fetchFromGitHub { + owner = "tjkeller-xyz"; + repo = "vimv-rs"; + rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769"; + sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA="; + }; + }); + + # Use my tamzen until pr gets merged + tamzen = prev.tamzen.overrideAttrs (oldAttrs: { + src = fetchFromGitHub { + owner = "tjkeller-xyz"; + repo = "tamzen-font"; + rev = "middledot"; + sha256 = "sha256-mVZ8SdYKTdMG1qBKKYdNjuoYvWkEq2ph2O1ztsNJEhs="; + }; + }); + }) + (import ./derivations/st/overrides.nix) + ]; +} diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix index 18cc8dd..4c81596 100644 --- a/modules/root/software/system.nix +++ b/modules/root/software/system.nix @@ -5,7 +5,10 @@ dash # TODO should be default /bin/sh exfat git # Needed for home-manager + ntfs3g python3 sops # Secrets ]; + + services.gpm.enable = true; } diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix index dabf163..79285a1 100644 --- a/modules/root/software/utilities.nix +++ b/modules/root/software/utilities.nix @@ -1,5 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + crazydiskinfo entr fastfetch ffmpeg @@ -7,11 +8,13 @@ jq light lm_sensors + lowbat mediainfo neovim nmap openssl p7zip + pavolctld powertop pv rsync @@ -22,11 +25,10 @@ testdisk tmux uhubctl + vimv-rs wget wireguard-tools xxHash yt-dlp - (callPackage ./derivations/lowbat {}) - (callPackage ./derivations/pavolctld {}) ]; } diff --git a/modules/root/software/virtualisation.nix b/modules/root/software/virtualisation.nix deleted file mode 100644 index 4ae15f5..0000000 --- a/modules/root/software/virtualisation.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: { - options = { - virtualisation.enable = lib.mkEnableOption "enables virtualisation and virt-manager"; - }; - - config = lib.mkIf config.virtualisation.enable { - virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = config.software.desktop.enable; - }; -} diff --git a/modules/root/software/virtualization.nix b/modules/root/software/virtualization.nix new file mode 100644 index 0000000..9ac5a80 --- /dev/null +++ b/modules/root/software/virtualization.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: { + options = { + virtualization.enable = lib.mkEnableOption "enables virtualization and virt-manager"; + }; + + config = lib.mkIf config.virtualization.enable { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + programs.virt-manager.enable = config.software.desktop.enable; + }; +} diff --git a/modules/root/suspend.nix b/modules/root/suspend.nix new file mode 100644 index 0000000..814ae95 --- /dev/null +++ b/modules/root/suspend.nix @@ -0,0 +1,16 @@ +{ lib, config, ... }: { + options = { + suspend.enable = lib.mkEnableOption "enables suspend"; + }; + + config = lib.mkIf (! config.suspend.enable) { + # Disable suspend targets + systemd.targets = builtins.listToAttrs (map (name: { + inherit name; + value = { + enable = false; + unitConfig.DefaultDependencies = "no"; + }; + }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]); + }; +} diff --git a/modules/root/udev.nix b/modules/root/udev.nix new file mode 100644 index 0000000..17ed204 --- /dev/null +++ b/modules/root/udev.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: { + services.udev.extraRules = '' + SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; +} diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix index 542cfd7..9dbf233 100644 --- a/modules/root/wifi.nix +++ b/modules/root/wifi.nix @@ -10,9 +10,27 @@ allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) }; + # Load wpa_supplicant.conf secret config + sops.secrets.wpa_supplicant-conf = { + sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; + }; + # Link /etc/wpa_supplicant.conf -> secret config environment.etc."wpa_supplicant.conf" = { source = config.sops.secrets.wpa_supplicant-conf.path; }; + + # This service is a workaround to ensure that secrets are available on + # reboot when the secret keys are on a separate subvolume + systemd.services.npcnix-force-rebuild-sops-hack = { + wantedBy = [ "multi-user.target" ]; + before = [ "wpa_supplicant.service" ]; + serviceConfig = { + ExecStart = "/run/current-system/activate"; + Type = "oneshot"; + Restart = "on-failure"; # because oneshot + RestartSec = "10s"; + }; + }; }; } diff --git a/modules/root/x11.nix b/modules/root/x11.nix index fd15c52..f5a07b4 100644 --- a/modules/root/x11.nix +++ b/modules/root/x11.nix @@ -8,6 +8,30 @@ services.xserver.displayManager.startx.enable = true; services.libinput.enable = true; # Enable touchpad support + # Apply startx patch to create serverauth file in /tmp instead of home directory + nixpkgs.overlays = with pkgs; [ + (final: prev: { + xorg = prev.xorg // { + xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: { + version = "1.4.4"; + patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from + # Override src since is hardcoded to 1.4.2 + src = prev.fetchurl { + url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; + sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; + }; + patches = [ + (prev.fetchpatch { + url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; + sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; + }) + ]; + })); + }; + }) + ]; + + # Install basic X utilities environment.systemPackages = with pkgs; [ unclutter xcape @@ -19,12 +43,12 @@ xorg.xrandr xorg.xset xwallpaper - # Patch startx to be compliant with xdg base dir spec - (xorg.xinit.overrideAttrs (old: rec { - patches = [ - ./resources/x11/xinit-startx-xdg.patch - ]; - })) ]; + + # Enable TearFree option by default + # Not all video drivers support this option + services.xserver.deviceSection = '' + Option "TearFree" "true" + ''; }; } |