summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/archetypes/headless/default.nix14
-rw-r--r--modules/home/default.nix12
-rw-r--r--modules/home/firefox.nix33
-rw-r--r--modules/home/gtk-bookmarks.nix10
-rw-r--r--modules/home/initial-home-setup.nix2
-rw-r--r--modules/home/resources/activation-scripts/clone-repos.sh8
-rw-r--r--modules/home/resources/firefox/userChrome.css11
-rw-r--r--modules/home/theme-st.nix22
-rw-r--r--modules/home/theme.nix35
-rw-r--r--modules/home/userdirs.nix5
-rw-r--r--modules/hosts/T430/configuration.nix1
-rw-r--r--modules/hosts/T430/home.nix1
-rw-r--r--modules/hosts/T495/configuration.nix8
-rw-r--r--modules/hosts/T495/home.nix10
-rw-r--r--modules/hosts/X230/configuration.nix15
-rw-r--r--modules/hosts/X230/hardware-configuration.nix48
-rw-r--r--modules/hosts/X230/home.nix18
-rw-r--r--modules/hosts/flex-wg-router/configuration.nix17
-rw-r--r--modules/hosts/flex-wg-router/hardware-configuration.nix45
-rw-r--r--modules/hosts/flex-wg-router/home.nix7
-rw-r--r--modules/hosts/hp-envy-office/configuration.nix11
-rw-r--r--modules/hosts/hp-envy-office/home.nix4
-rw-r--r--modules/hosts/libreX60/bios-flashing.nix8
-rw-r--r--modules/hosts/libreX60/configuration.nix22
-rw-r--r--modules/hosts/libreX60/hardware-configuration.nix46
-rw-r--r--modules/hosts/libreX60/home.nix18
-rw-r--r--modules/hosts/libreX60/powertop-auto-tune.nix17
-rw-r--r--modules/hosts/optiplex/configuration.nix17
-rw-r--r--modules/root/bluetooth.nix2
-rw-r--r--modules/root/default.nix6
-rw-r--r--modules/root/firewall.nix7
-rw-r--r--modules/root/fonts.nix4
-rw-r--r--modules/root/hosts.nix5
-rw-r--r--modules/root/normaluser.nix37
-rw-r--r--modules/root/printing.nix1
-rw-r--r--modules/root/resources/secrets/hashed-root-password.yaml25
-rw-r--r--modules/root/resources/secrets/secrets.yaml22
-rw-r--r--modules/root/resources/secrets/wpa_supplicant-conf.yaml16
-rw-r--r--modules/root/resources/x11/xinit-startx-xdg.patch14
-rw-r--r--modules/root/searxng.nix109
-rw-r--r--modules/root/secrets.nix26
-rw-r--r--modules/root/software/default.nix5
-rw-r--r--modules/root/software/desktop.nix9
-rw-r--r--modules/root/software/development.nix7
-rw-r--r--modules/root/software/overlays.nix30
-rw-r--r--modules/root/software/system.nix1
-rw-r--r--modules/root/software/utilities.nix6
-rw-r--r--modules/root/software/virtualisation.nix10
-rw-r--r--modules/root/software/virtualization.nix13
-rw-r--r--modules/root/suspend.nix16
-rw-r--r--modules/root/udev.nix5
-rw-r--r--modules/root/wifi.nix18
-rw-r--r--modules/root/x11.nix36
53 files changed, 729 insertions, 166 deletions
diff --git a/modules/archetypes/headless/default.nix b/modules/archetypes/headless/default.nix
new file mode 100644
index 0000000..b0dfb71
--- /dev/null
+++ b/modules/archetypes/headless/default.nix
@@ -0,0 +1,14 @@
+{ lib, ... }: {
+ autologin.enable = lib.mkOverride 101 false;
+ avahi.enable = lib.mkOverride 101 false;
+ bluetooth.enable = lib.mkOverride 101 false;
+ fonts.enable = lib.mkOverride 101 false;
+ pipewire.enable = lib.mkOverride 101 false;
+ printing.enable = lib.mkOverride 101 false;
+ tlp.enable = lib.mkOverride 101 false;
+ scanning.enable = lib.mkOverride 101 false;
+ suspend.enable = lib.mkOverride 101 false;
+ wifi.enable = lib.mkOverride 101 false;
+ xserver.enable = lib.mkOverride 101 false;
+ users.setPassword.enable = lib.mkOverride 101 false;
+}
diff --git a/modules/home/default.nix b/modules/home/default.nix
index b44f360..a015cc4 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -1,12 +1,11 @@
-{ lib, userDetails, ... }: {
+{ lib, userDetails, homeStateVersion, ... }: {
home = {
username = userDetails.username;
- homeDirectory = userDetails.home.root;
- stateVersion = "24.05";
+ homeDirectory = userDetails.home;
+ stateVersion = homeStateVersion;
};
imports = [
- ./alacritty.nix
#./chrome.nix
./firefox.nix
./git.nix
@@ -14,11 +13,14 @@
./htop.nix
./initial-home-setup.nix
./pcmanfm.nix # TODO mk name changeable & doesn't seem to work right now
+ ./theme-st.nix
./theme.nix
+ ./userdirs.nix
./wallpapers.nix
];
- alacritty.enable = lib.mkDefault true;
+ theme.enable = lib.mkDefault true;
+ theme.st.enable = lib.mkDefault false;
theme.mint.enable = lib.mkDefault true;
wallpapers.enable = lib.mkDefault false;
}
diff --git a/modules/home/firefox.nix b/modules/home/firefox.nix
index 5e015ff..8aa1af3 100644
--- a/modules/home/firefox.nix
+++ b/modules/home/firefox.nix
@@ -1,29 +1,33 @@
-{ pkgs, userDetails, ... }: {
+{ lib, pkgs, userDetails, ... }: {
programs.firefox = {
- # TODO see if there is way to login to moz account in profile
- enable = true;
- arkenfox = {
- enable = true;
- };
+ enable = lib.mkDefault true;
+ arkenfox.enable = true;
profiles = let
search = {
engines = {
"Timmy Search" = {
- urls = [{ template = "https://search.tjkeller.xyz/search?q={searchTerms}"; }]; # Don't know how to do w/ POST but I prefer GET anyways
+ urls = [{
+ template = "https://search.tjkeller.xyz/search";
+ params = [ { name = "q"; value = "{searchTerms}"; } ];
+ }];
iconURI = "https://search.tjkeller.xyz/static/themes/simple/img/favicon.svg"; # TODO doesn't seem to work
};
"Nix Packages" = {
urls = [{
template = "https://search.nixos.org/packages";
- params = [
- { name = "type"; value = "packages"; }
- { name = "query"; value = "{searchTerms}"; }
- ];
+ params = [ { name = "query"; value = "{searchTerms}"; } ];
}];
-
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
+ "NixOS Options" = {
+ urls = [{
+ template = "https://search.nixos.org/options";
+ params = [ { name = "query"; value = "{searchTerms}"; } ];
+ }];
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@no" ];
+ };
};
default = "Timmy Search";
privateDefault = "Timmy Search";
@@ -36,7 +40,7 @@
"0100"."0102"."browser.startup.page".value = 3; # 0=blank, 1=home, 2=last visited page, 3=resume previous session
"0100"."0103"."browser.startup.homepage".enable = false;
"0100"."0104"."browser.newtabpage.enabled".enable = false;
- "2800"."2811"."privacy.clearOnShutdown.history".enable = false;
+ #"2800"."2811"."privacy.clearOnShutdown.history".enable = false;
};
settings = {
"browser.compactmode.show" = true;
@@ -46,7 +50,7 @@
"app.normandy.first_run" = false;
"browser.aboutConfig.showWarning" = false; # arkenfox does
- "browser.download.dir" = userDetails.home.downloads; # FF will create this dir if it doesn't exist
+ #"browser.download.dir" = userDetails.userDirs.downloads;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.urlbar.suggest.topsites" = false;
@@ -54,7 +58,6 @@
"dom.push.enabled" = false; #
"extensions.pocket.enabled" = false;
"general.smoothScroll" = false;
- #identity.fxaccounts.account.device.name = "timmy’s Firefox on nixos"; # HOSTNAME
};
workSettings = settings // {
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # Use builtin dark theme instead of system theme
diff --git a/modules/home/gtk-bookmarks.nix b/modules/home/gtk-bookmarks.nix
index 067543d..24c6563 100644
--- a/modules/home/gtk-bookmarks.nix
+++ b/modules/home/gtk-bookmarks.nix
@@ -8,10 +8,10 @@
};
config = {
- gtk.gtk3.bookmarks = with userDetails; [
- "file://${home.downloads} Downloads"
- "file://${home.documents} Documents"
- "file://${home.pictures} Pictures"
- ] ++ config.additional-gtk-bookmarks;
+ gtk.gtk3.bookmarks = (
+ lib.mapAttrsToList (name: path:
+ "file://${path} ${lib.toUpper (lib.substring 0 1 name)}${lib.substring 1 (-1) name}"
+ ) userDetails.userDirs
+ ) ++ config.additional-gtk-bookmarks;
};
}
diff --git a/modules/home/initial-home-setup.nix b/modules/home/initial-home-setup.nix
index 046f5a5..4132386 100644
--- a/modules/home/initial-home-setup.nix
+++ b/modules/home/initial-home-setup.nix
@@ -16,7 +16,7 @@
run mimewiz -i # already verbose
'';
createDirs = lib.hm.dag.entryAfter ["writeBoundary"] ''
- run mkdir -p $VERBOSE_ARG "${userDetails.home.downloads}"
+ run mkdir -p $VERBOSE_ARG ${ lib.concatStringsSep " " (lib.attrValues userDetails.userDirs) }
'';
};
}
diff --git a/modules/home/resources/activation-scripts/clone-repos.sh b/modules/home/resources/activation-scripts/clone-repos.sh
index 887968b..eaee4dc 100644
--- a/modules/home/resources/activation-scripts/clone-repos.sh
+++ b/modules/home/resources/activation-scripts/clone-repos.sh
@@ -3,8 +3,14 @@
server="https://git.tjkeller.xyz/"
clonemissing() {
+ # pull and return if already existing
+ if [ -d "$2"/.git ]; then
+ run cd $VERBOSE_ARG "$2"
+ run git pull $VERBOSE_ARG || echo "$2: failed to pull from remote"
+ return
+ fi
+
# clone to $2
- [ -d "$2"/.git ] && return
run mkdir -p $VERBOSE_ARG "$2"
run git clone $VERBOSE_ARG "$server$1" "$2"
diff --git a/modules/home/resources/firefox/userChrome.css b/modules/home/resources/firefox/userChrome.css
index de0e112..624ab26 100644
--- a/modules/home/resources/firefox/userChrome.css
+++ b/modules/home/resources/firefox/userChrome.css
@@ -14,6 +14,17 @@
background: var(--toolbar-field-border-color) !important;
}
+/* Change background color of bookmarks toolbar */
+#PersonalToolbar {
+ background: var(--toolbox-bgcolor) !important;
+}
+
+/* Adjust spacing of toolbar items */
+#PlacesToolbarItems {
+ gap: .35rem;
+ margin-block: .2rem;
+}
+
/* Fix vertical spacing of tabs */
#TabsToolbar {
margin-top: -1px;
diff --git a/modules/home/theme-st.nix b/modules/home/theme-st.nix
new file mode 100644
index 0000000..0a06cd0
--- /dev/null
+++ b/modules/home/theme-st.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }: {
+ options = {
+ theme.st = {
+ enable = lib.mkEnableOption "enables theming st with home manager";
+ font = lib.mkOption {
+ type = lib.types.str;
+ default = "JetBrainsMonoNL Nerd Font Mono:size=12:antialias=true:autohint=true";
+ };
+ };
+ };
+ config = let
+ themed-st = pkgs.st.overrideAttrs (old: {
+ buildInputs = old.buildInputs or [] ++ [ pkgs.makeWrapper ];
+ postInstall = old.postInstall or "" + ''
+ wrapProgram $out/bin/st \
+ --add-flags '-f"${config.theme.st.font}"'
+ '';
+ });
+ in lib.mkIf config.theme.enable {
+ home.packages = [ themed-st ];
+ };
+}
diff --git a/modules/home/theme.nix b/modules/home/theme.nix
index a1c4f9b..9e4edae 100644
--- a/modules/home/theme.nix
+++ b/modules/home/theme.nix
@@ -7,6 +7,7 @@ let
;
in {
options = {
+ theme.enable = lib.mkEnableOption "enables theming";
theme.mint = {
enable = lib.mkEnableOption "enables mint theme";
# TODO add theme.dark option instead of specifying Dark-Color
@@ -16,7 +17,7 @@ in {
"Sand" "Teal" "Dark-Aqua" "Dark-Blue" "Dark-Green"
"Dark-Grey" "Dark-Orange" "Dark-Pink" "Dark-Purple"
"Dark-Red" "Dark-Sand" "Dark-Teal"
- ];
+ ];
default = "Dark-Aqua";
description = "mint-y theme color eg. 'Dark-Aqua' or 'Red'";
};
@@ -40,10 +41,34 @@ in {
default = "CommitMono";
description = "default monospace font";
};
+ gtk = {
+ name = lib.mkOption {
+ type = lib.types.str;
+ default = "sans-serif";
+ description = "default gtk font";
+ };
+ size = lib.mkOption {
+ type = with lib.types; nullOr int;
+ default = null;
+ description = "default gtk font size";
+ };
+ };
+ };
+ theme.cursor = {
+ name = lib.mkOption {
+ type = lib.types.str;
+ default = "Adwaita";
+ description = "gtk cursor theme";
+ };
+ size = lib.mkOption {
+ type = with lib.types; nullOr int;
+ default = null;
+ description = "gtk cursor size";
+ };
};
};
- config = {
+ config = lib.mkIf config.theme.enable {
gtk = {
enable = true;
theme = lib.mkIf config.theme.mint.enable {
@@ -55,10 +80,12 @@ in {
name = transformColorValue config.theme.mint.icons.color;
};
font = {
- name = config.theme.font.sansSerif;
+ name = config.theme.font.gtk.name;
+ size = config.theme.font.gtk.size;
};
cursorTheme = {
- name = "Adwaita";
+ name = config.theme.cursor.name;
+ size = config.theme.cursor.size;
};
gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
};
diff --git a/modules/home/userdirs.nix b/modules/home/userdirs.nix
new file mode 100644
index 0000000..58c1d59
--- /dev/null
+++ b/modules/home/userdirs.nix
@@ -0,0 +1,5 @@
+{ userDetails, ... }: {
+ xdg.userDirs = {
+ enable = true;
+ } // userDetails.userDirs;
+}
diff --git a/modules/hosts/T430/configuration.nix b/modules/hosts/T430/configuration.nix
index 282515d..7910275 100644
--- a/modules/hosts/T430/configuration.nix
+++ b/modules/hosts/T430/configuration.nix
@@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ];
- networking.hostName = "T430";
# TODO this does not function
#boot.initrd.systemd.extraBin = {
diff --git a/modules/hosts/T430/home.nix b/modules/hosts/T430/home.nix
index 9885a06..15df79a 100644
--- a/modules/hosts/T430/home.nix
+++ b/modules/hosts/T430/home.nix
@@ -1,6 +1,5 @@
{ ... }: {
imports = [ ../../home ];
- alacritty.font.size = 9;
wallpapers.enable = true;
}
diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix
index 526b7bb..6ee62e9 100644
--- a/modules/hosts/T495/configuration.nix
+++ b/modules/hosts/T495/configuration.nix
@@ -2,11 +2,9 @@
imports = [
./hardware-configuration.nix
./games.nix
- ./input-leap.nix
+ #./input-leap.nix
./wg.nix
];
- networking.hostName = "T495";
-
bootloader.mode = "efi";
# Enable extra software pkgs
@@ -27,10 +25,6 @@
nas.office.enable = true;
nas.office.automount = false;
- networking.hosts = {
- "192.168.77.3" = [ "devel" ];
- };
-
# Use amdgpu driver for x11
services.xserver.videoDrivers = [ "amdgpu" ];
diff --git a/modules/hosts/T495/home.nix b/modules/hosts/T495/home.nix
index 817b0c0..f233c08 100644
--- a/modules/hosts/T495/home.nix
+++ b/modules/hosts/T495/home.nix
@@ -1,8 +1,14 @@
{ ... }: {
imports = [ ../../home ];
- theme.mint.theme.color = "Dark-Purple";
- theme.mint.icons.color = "Purple";
+ theme = {
+ mint.theme.color = "Dark-Purple";
+ mint.icons.color = "Purple";
+ st = {
+ enable = true;
+ font = "TamzenForPowerline:pixelsize=20";
+ };
+ };
wallpapers.enable = true;
home.file.input-leap-config = {
diff --git a/modules/hosts/X230/configuration.nix b/modules/hosts/X230/configuration.nix
new file mode 100644
index 0000000..9a8e6b4
--- /dev/null
+++ b/modules/hosts/X230/configuration.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }: {
+ imports = [
+ ./hardware-configuration.nix
+ ];
+ bootloader.mode = "efi";
+
+ # Enable extra software pkgs
+ software.desktop = {
+ crypto.enable = true;
+ graphics.enable = true;
+ office.enable = true;
+ };
+
+ system.stateVersion = "24.05";
+}
diff --git a/modules/hosts/X230/hardware-configuration.nix b/modules/hosts/X230/hardware-configuration.nix
new file mode 100644
index 0000000..0791585
--- /dev/null
+++ b/modules/hosts/X230/hardware-configuration.nix
@@ -0,0 +1,48 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8";
+ fsType = "btrfs";
+ options = [ "subvol=@" ];
+ };
+
+ boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/6019772f-4a1c-4abd-9c70-b1d71cc2de65";
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/41036740-73bc-4004-a302-01233b4d83b8";
+ fsType = "btrfs";
+ options = [ "subvol=@home" ];
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/72D4-F66A";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/modules/hosts/X230/home.nix b/modules/hosts/X230/home.nix
new file mode 100644
index 0000000..03b559d
--- /dev/null
+++ b/modules/hosts/X230/home.nix
@@ -0,0 +1,18 @@
+{ ... }: {
+ imports = [ ../../home ];
+
+ theme = {
+ mint.theme.color = "Dark-Teal";
+ mint.icons.color = "Teal";
+ font = {
+ monospace = "TamzenForPowerline";
+ gtk.name = "monospace";
+ gtk.size = 8;
+ };
+ cursor.size = 24;
+ st = {
+ enable = true;
+ font = "TamzenForPowerline:pixelsize=14";
+ };
+ };
+}
diff --git a/modules/hosts/flex-wg-router/configuration.nix b/modules/hosts/flex-wg-router/configuration.nix
new file mode 100644
index 0000000..f21046d
--- /dev/null
+++ b/modules/hosts/flex-wg-router/configuration.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }: {
+ imports = [
+ ./hardware-configuration.nix
+ ../../archetypes/headless
+ ];
+ bootloader.mode = "efi";
+
+ # Enable docker
+ software.development = {
+ docker.enable = true;
+ };
+
+ # Enable set root password
+ users.setPassword.enable = true;
+
+ system.stateVersion = "25.05";
+}
diff --git a/modules/hosts/flex-wg-router/hardware-configuration.nix b/modules/hosts/flex-wg-router/hardware-configuration.nix
new file mode 100644
index 0000000..01cff6d
--- /dev/null
+++ b/modules/hosts/flex-wg-router/hardware-configuration.nix
@@ -0,0 +1,45 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef";
+ fsType = "btrfs";
+ options = [ "subvol=@" ];
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/345A-436A";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/01eae5fd-a46e-4a36-8a9d-247a0b16bcef";
+ fsType = "btrfs";
+ options = [ "subvol=@home" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/modules/hosts/flex-wg-router/home.nix b/modules/hosts/flex-wg-router/home.nix
new file mode 100644
index 0000000..21d548f
--- /dev/null
+++ b/modules/hosts/flex-wg-router/home.nix
@@ -0,0 +1,7 @@
+{ ... }: {
+ imports = [ ../../home ];
+
+ theme.enable = false;
+ programs.firefox.enable = false;
+ gtk.enable = false;
+}
diff --git a/modules/hosts/hp-envy-office/configuration.nix b/modules/hosts/hp-envy-office/configuration.nix
index 9a7a43a..9b3e173 100644
--- a/modules/hosts/hp-envy-office/configuration.nix
+++ b/modules/hosts/hp-envy-office/configuration.nix
@@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }: {
- imports = [
- ./hardware-configuration.nix
- ];
- networking.hostName = "hp-envy-office";
+ imports = [ ./hardware-configuration.nix ];
+
+ # Show bootloader for longer since it usually doesn't show
+ boot.loader.timeout = 15;
# Enable extra software pkgs
software.desktop = {
@@ -17,6 +17,9 @@
docker.enable = true;
};
+ # Enable virtualization
+ virtualization.enable = true;
+
# Enable network drives
nas.enable = true;
nas.office.enable = true;
diff --git a/modules/hosts/hp-envy-office/home.nix b/modules/hosts/hp-envy-office/home.nix
index ed02130..2e4f61f 100644
--- a/modules/hosts/hp-envy-office/home.nix
+++ b/modules/hosts/hp-envy-office/home.nix
@@ -5,8 +5,8 @@
theme.mint.icons.color = "Green";
wallpapers.enable = true;
- additional-gtk-bookmarks = with userDetails; [
- "file://${home.documents}/src/sites/admin Admin"
+ additional-gtk-bookmarks = with userDetails.userDirs; [
+ "file://${documents}/src/sites/admin Admin"
"file:///media/chexx/chexx cHEXx"
];
}
diff --git a/modules/hosts/libreX60/bios-flashing.nix b/modules/hosts/libreX60/bios-flashing.nix
new file mode 100644
index 0000000..6117813
--- /dev/null
+++ b/modules/hosts/libreX60/bios-flashing.nix
@@ -0,0 +1,8 @@
+# https://libreboot.org/docs/install/#thinkpad-t60x60x60tabletx60s
+
+{ pkgs, ... }: {
+ environment.systemPackages = [ pkgs.flashprog ];
+
+ boot.kernelParams = [ "iomem=relaxed" ];
+}
+
diff --git a/modules/hosts/libreX60/configuration.nix b/modules/hosts/libreX60/configuration.nix
index 942793d..55f1774 100644
--- a/modules/hosts/libreX60/configuration.nix
+++ b/modules/hosts/libreX60/configuration.nix
@@ -1,14 +1,26 @@
{ config, lib, pkgs, ... }: {
- imports = [ ./hardware-configuration.nix ];
- networking.hostName = "libreX60";
+ imports = [
+ ./hardware-configuration.nix
+ ./powertop-auto-tune.nix
+ # Uncomment this module and reboot to enable bios flashing
+ #./bios-flashing.nix
+ ];
- # Enable extra software pkgs
- software.desktop = {
- office.enable = true;
+ # Use grub
+ bootloader = {
+ loader = "grub";
+ mode = "bios";
+ grub.biosDevice = "/dev/sda";
};
+ # Use bootloader
+ boot.kernelPackages = pkgs.linuxPackages-libre;
+
# Enable network drives
nas.enable = true;
+ # i915 Gpu requires intel driver
+ services.xserver.videoDrivers = [ "intel" ];
+
system.stateVersion = "24.11";
}
diff --git a/modules/hosts/libreX60/hardware-configuration.nix b/modules/hosts/libreX60/hardware-configuration.nix
new file mode 100644
index 0000000..b0a7868
--- /dev/null
+++ b/modules/hosts/libreX60/hardware-configuration.nix
@@ -0,0 +1,46 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sdhci_pci" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e";
+ fsType = "btrfs";
+ options = [ "subvol=@" ];
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/91572803-436d-4f43-b41f-dfba2103752e";
+ fsType = "btrfs";
+ options = [ "subvol=@home" ];
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/F618-D6C2";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+ networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/modules/hosts/libreX60/home.nix b/modules/hosts/libreX60/home.nix
index 453bfd6..f5957d6 100644
--- a/modules/hosts/libreX60/home.nix
+++ b/modules/hosts/libreX60/home.nix
@@ -1,8 +1,18 @@
{ ... }: {
imports = [ ../../home ];
- theme.mint.theme.color = "Dark-Red";
- theme.mint.icons.color = "Red";
- theme.font.sansSerif = "Tamzen";
- theme.font.monospace = "Tamzen";
+ theme = {
+ mint.theme.color = "Dark-Red";
+ mint.icons.color = "Red";
+ font = {
+ monospace = "TamzenForPowerline";
+ gtk.name = "monospace";
+ gtk.size = 8;
+ };
+ cursor.size = 24;
+ st = {
+ enable = true;
+ font = "TamzenForPowerline:pixelsize=14";
+ };
+ };
}
diff --git a/modules/hosts/libreX60/powertop-auto-tune.nix b/modules/hosts/libreX60/powertop-auto-tune.nix
new file mode 100644
index 0000000..0eb9578
--- /dev/null
+++ b/modules/hosts/libreX60/powertop-auto-tune.nix
@@ -0,0 +1,17 @@
+# https://en.wikibooks.org/wiki/Libreboot/ThinkPad_X60#Remove_High_Pitched_Whining_Noise
+# TLDR; running `powertop --auto-tune` is supposed to kill the high pitched noises produced by the X60
+
+{ pkgs, ... }: {
+ environment.systemPackages = [ pkgs.powertop ];
+
+ # Create systemd service
+ systemd.services.powertop-autotune = {
+ description = "Powertop Auto-Tune";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.powertop}/bin/powertop --auto-tune";
+ };
+ };
+}
diff --git a/modules/hosts/optiplex/configuration.nix b/modules/hosts/optiplex/configuration.nix
index cbde612..16ba475 100644
--- a/modules/hosts/optiplex/configuration.nix
+++ b/modules/hosts/optiplex/configuration.nix
@@ -1,9 +1,5 @@
{ config, lib, pkgs, ... }: {
- imports = [
- ./hardware-configuration.nix
- ];
- networking.hostName = "optiplex";
-
+ imports = [ ./hardware-configuration.nix ];
bootloader.mode = "efi";
# Allow unfree for nvidia + others
@@ -18,6 +14,9 @@
office.enable = true;
utilities.enable = true;
};
+ software.development = {
+ docker.enable = true;
+ };
# Install more programs
environment.systemPackages = with pkgs; [
@@ -32,10 +31,6 @@
# Disable wifi
wifi.enable = false;
- networking.hosts = {
- "192.168.77.3" = [ "devel" ];
- };
-
# Use nvidia driver
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
@@ -44,7 +39,11 @@
nvidiaSettings = true;
open = false; # Not compatible w/ GTX-1050
package = config.boot.kernelPackages.nvidiaPackages.stable; # Still good for 1050
+ forceFullCompositionPipeline = true; # Enables vsync
};
+ # Disable suspend
+ suspend.enable = false;
+
system.stateVersion = "24.11";
}
diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix
index d55eade..1f41c7e 100644
--- a/modules/root/bluetooth.nix
+++ b/modules/root/bluetooth.nix
@@ -3,7 +3,7 @@
bluetooth.enable = lib.mkEnableOption "enables bluetooth support";
};
- config = {
+ config = lib.mkIf config.bluetooth.enable {
hardware.bluetooth.enable = true;
services.blueman.enable = true;
};
diff --git a/modules/root/default.nix b/modules/root/default.nix
index e108318..9d288dc 100644
--- a/modules/root/default.nix
+++ b/modules/root/default.nix
@@ -5,6 +5,7 @@
./bluetooth.nix
./bootloader.nix
./doas.nix
+ ./firewall.nix
./fonts.nix
./home-manager.nix
./hosts.nix
@@ -15,9 +16,12 @@
./pipewire.nix
./powerkeys.nix
./printing.nix
+ ./searxng.nix
./secrets.nix
./ssh.nix
+ ./suspend.nix
./tlp.nix
+ ./udev.nix
./wifi.nix
./x11.nix
./zsh.nix
@@ -44,6 +48,8 @@
printing.enable = lib.mkDefault true;
tlp.enable = lib.mkDefault true;
scanning.enable = lib.mkDefault true;
+ searxng.enable = lib.mkDefault false;
+ suspend.enable = lib.mkDefault true;
wifi.enable = lib.mkDefault true;
xserver.enable = lib.mkDefault true;
zsh.enable = lib.mkDefault true;
diff --git a/modules/root/firewall.nix b/modules/root/firewall.nix
new file mode 100644
index 0000000..e038cbe
--- /dev/null
+++ b/modules/root/firewall.nix
@@ -0,0 +1,7 @@
+{
+ networking.firewall = {
+ allowedTCPPorts = [
+ 8080
+ ];
+ };
+}
diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix
index 3ae8eef..256e1ab 100644
--- a/modules/root/fonts.nix
+++ b/modules/root/fonts.nix
@@ -7,10 +7,8 @@
fonts.packages = with pkgs; [
commit-mono
inter
+ nerd-fonts.jetbrains-mono
tamzen
- (nerdfonts.override {
- fonts = [ "JetBrainsMono" ];
- })
];
};
}
diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix
index 14daaf1..cb526f2 100644
--- a/modules/root/hosts.nix
+++ b/modules/root/hosts.nix
@@ -1,10 +1,12 @@
-{
+{ hostname, ... }: {
+ networking.hostName = hostname; # From flake.nix
networking.hosts = {
"192.168.1.9" = [ "optiplex" ];
"192.168.1.30" = [ "localgit" ];
"192.168.1.11" = [ "truenas-home" ];
"192.168.77.11" = [ "truenas-office" ];
"192.168.77.8" = [ "publicgit" "tjkeller" ];
+ "192.168.77.3" = [ "devel" ];
"173.9.253.3" = [
"git.tjkeller.xyz"
"piped.tjkeller.xyz"
@@ -12,4 +14,5 @@
"tjkeller.xyz"
];
};
+ environment.etc.hosts.mode = "0644"; # Allow temporary imperative modifications
}
diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index fc243ea..50e9236 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -1,12 +1,31 @@
-{ config, userDetails, ... }: {
- users.users.root = {
- hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+{ lib, config, userDetails, ... }: {
+ options = {
+ users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
};
- users.users.${userDetails.username} = {
- description = userDetails.fullname;
- #home = userDetails.home.root;
- isNormalUser = true;
- hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
- extraGroups = [ "wheel" "nixbld" ];
+
+ config = {
+ # Load hashed root password secret
+ sops.secrets.hashed-root-password = lib.mkIf config.users.setPassword.enable {
+ sopsFile = ./resources/secrets/hashed-root-password.yaml;
+ neededForUsers = true;
+ };
+
+ # Set hashed password file if the setPassword option is enabled
+ users.users.root.hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
+
+ # Setup normal user
+ users.users.${userDetails.username} = {
+ home = userDetails.home;
+ description = userDetails.fullname;
+ isNormalUser = true;
+ extraGroups = [
+ "i2c"
+ "libvirtd"
+ "nixbld"
+ "video"
+ "wheel"
+ ];
+ hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
+ };
};
}
diff --git a/modules/root/printing.nix b/modules/root/printing.nix
index 69ff573..f0d0dd8 100644
--- a/modules/root/printing.nix
+++ b/modules/root/printing.nix
@@ -10,6 +10,7 @@
enable = true;
drivers = [
pkgs.epson-escpr2
+ pkgs.workcentre-7800-series
];
};
diff --git a/modules/root/resources/secrets/hashed-root-password.yaml b/modules/root/resources/secrets/hashed-root-password.yaml
new file mode 100644
index 0000000..a42fd42
--- /dev/null
+++ b/modules/root/resources/secrets/hashed-root-password.yaml
@@ -0,0 +1,25 @@
+hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str]
+sops:
+ age:
+ - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z3dTbW1GUzgyRUwyZGtF
+ alZSeFBmdEdhNER3UEtGRGd4MnliK1l1eGpJCm80SHFNZ3NZOTNxVkM4R3ZLY005
+ OFVtUGN3OXZJblRxOFNMOFhsV25CS0EKLS0tIEE5SG5NekxWbytXY2xNeUN6TWhG
+ RldJZms3RDFuRk40ck42Mkd5RTd4YVUKgyWE8Cs0yLO/82w2muGWTlcjY86BVSUy
+ bFeIcQT33dEPiNUmynTqEGpN2NVQbfVDw17QbA9GNhGClanTTXmX4A==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUprWjBXTVlidTRwMEZ6
+ WHE4dWp6OWtybkFCaTkyY2JyaWYrRHNhZWtNCi9xamwreEsyVFdnWWhJeUVsdUpT
+ UHlkRVJZZTEvMDluTWNJSnRSUXN6Q0kKLS0tIHNsQk92SUd2ekowY0hvQi9LNjIx
+ Q0oxVFNtRkpZTlVHeEY3YXFoSlc4Zk0K7RaqH/Qf2dTPBuCz9DH0xgU+Tq8ATKUq
+ tfAuuAU9HBtLFiZjhWsZmj5XUy5Z18IiUKDIxlw41mNtbcsUnjm30w==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-07-17T22:34:07Z"
+ mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml
deleted file mode 100644
index 03f9517..0000000
--- a/modules/root/resources/secrets/secrets.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str]
-hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTUlBZXQ5Z080UUxoUGdr
- dm9hRE5uTzFwWXhOWkJnbXNvazd1UnplcUdZCnRKQ3RVT1RGZURLYUxINStBSU4x
- bUZudFp2SC9DSkVhNTRHV0MrRFFMckEKLS0tIGNBb3FLQVJsTGVsY3hMdy94WWZx
- UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K
- nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-01-09T16:42:38Z"
- mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.9.2
diff --git a/modules/root/resources/secrets/wpa_supplicant-conf.yaml b/modules/root/resources/secrets/wpa_supplicant-conf.yaml
new file mode 100644
index 0000000..2fd7a0e
--- /dev/null
+++ b/modules/root/resources/secrets/wpa_supplicant-conf.yaml
@@ -0,0 +1,16 @@
+wpa_supplicant-conf: ENC[AES256_GCM,data:QoHQhTuEsSCW/K2ArOzNMfpSV7RtyTgezg4bM6eyNwhBhuJ/fCExzrniZtFzZ3zfs+ROFOYYxkx5lu4N/AQ6xEdCjJ3DYKHpeveqQ3GcWaldDr6aUDxLnBmLGBgSskGoOOANCwGvXGtFsChlCah02/W3YIhLWKIC1pfw1t9ANw9ErtLt7Fxt8TphJ1n9KdCXCJCMFrDjWDTrvbDzrvkJh6EGJIoaXuJSN+9asKrFvTwXyvHPbJmw8ZRbYgtlJtv5c1Q+PZoMtEeBRI/q2y/xUX5nvhnyy3HO1CaZPq+2XP9w+Zz90PyehVvbFVSl3V3Wg3rg9uu/c1rRGgfNkVJSHdhN+7nWYobSI28uoA8L9oXono9mNYwfcN2c4R6xwW9yOH72KabKRbD0Qq0mXcwNjU0HNneqvnMFURbDVstWmKt39gHg2xoZkG774EEDdXBAmKe5nbj0wVk8TBPWPcyR8gQ3uQrXPElqC7CWHMvajzi/hq02gmzkq1DAiheVWHxVmSQUUP3M52vvFBDdWip4X7IM3r5H4uBmcF6wGHl7JS+okDno5BuInIXvrApDV3rTqnam7YeQZao9pbx8WRWg/ZQFUysiXf9tcAl4ror71+SLKa5MfeP9AV431DbcsrIS1XQ=,iv:7qdltuNvesslz32SfEXqu9WFu2uGOGg1sjfskfqfXnk=,tag:N1RhL1M9YtDlvxLBRC2gAg==,type:str]
+sops:
+ age:
+ - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz
+ ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM
+ b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4
+ ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A
+ +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-07-17T22:33:44Z"
+ mac: ENC[AES256_GCM,data:leJsAdcWFE0EA1syXfd7yDu1Ct+vTkKiHUEc46O31uUeaWVFwgH8EKC0ImqiHMgbDJv+a9UHm7GtsWy1aMQNVRBXL3R2HbNQkOqGkIIdGsrrbjslQl8UwI7wx1g2P3ORhlGRYXTscDUl53+e4i3YrYOEDDPL5EAWuQEWldJXLZc=,iv:banL6qqV2EqfZFKHn5dawUq95Ima06z8H6Kso1qRdcA=,tag:g6M95M6bT4UPTfiEZT4ljw==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/modules/root/resources/x11/xinit-startx-xdg.patch b/modules/root/resources/x11/xinit-startx-xdg.patch
deleted file mode 100644
index c1bca97..0000000
--- a/modules/root/resources/x11/xinit-startx-xdg.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/startx.cpp b/startx.cpp
-index dfbebe1..472a1b0 100644
---- a/startx.cpp
-+++ b/startx.cpp
-@@ -272,7 +272,7 @@ if [ x"$enable_xauth" = x1 ] ; then
- dummy=0
-
- XCOMM create a file with auth information for the server. ':0' is a dummy.
-- xserverauthfile=$HOME/.serverauth.$$
-+ xserverauthfile="${XAUTHORITY:-$HOME/.Xauthority}"
- trap "rm -f '$xserverauthfile'" HUP INT QUIT ILL TRAP BUS TERM
- xauth -q -f "$xserverauthfile" << EOF
- add :$dummy . $mcookie
-
diff --git a/modules/root/searxng.nix b/modules/root/searxng.nix
new file mode 100644
index 0000000..9f59314
--- /dev/null
+++ b/modules/root/searxng.nix
@@ -0,0 +1,109 @@
+{ pkgs, lib, config, ... }: let
+ environmentFile = "/run/searx/searxng.env";
+ generateEnvironmentFile = ''
+ umask 077
+ echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile}
+ ls /run/searx
+ '';
+in {
+ options = {
+ searxng.enable = lib.mkEnableOption "enables searxng service";
+ };
+
+ config = lib.mkIf config.searxng.enable {
+ # Generate secret key
+ systemd.services.searx-environment-file = {
+ description = "Generate environment file with secret key for searx";
+ wantedBy = [ "searx-init.service" ];
+ partOf = [ "searx-init.service" ];
+ before = [ "searx-init.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ User = "searx";
+ RuntimeDirectory = "searx";
+ RuntimeDirectoryMode = "750";
+ ConditionPathExists = "!${environmentFile}";
+ };
+ script = generateEnvironmentFile;
+ };
+
+ # Configure searxng
+ services.searx = {
+ enable = true;
+ redisCreateLocally = true;
+ package = pkgs.searxng;
+ inherit environmentFile; # Provides secret key
+
+ settings = {
+ general = {
+ instance_name = "TJK Search";
+ donation_url = "https://tjkeller.xyz";
+ enable_metrics = false;
+ };
+
+ # Search engine settings
+ search = {
+ safe_search = 2; # Strict
+ autocomplete = "";
+ default_lang = "en-US";
+ };
+
+ preferences.lock = [ "safesearch" ]; # Lock safe_search at strict
+
+ # https://docs.searxng.org/admin/plugins.html
+ enabled_plugins = [
+ "Tor check plugin"
+ "Tracker URL remover"
+ "Basic Calculator"
+ "Unit converter plugin"
+ "Hash plugin"
+ "Self Information"
+ "Open Access DOI rewrite"
+ "Hostnames plugin"
+ ];
+
+ hostnames.replace = {
+ "(.*\.)?youtube\.com$" = "piped.tjkeller.xyz";
+ "(.*\.)?youtu\.be$" = "piped.tjkeller.xyz";
+ "(.*\.)?reddit\.com$" = "old.reddit.com";
+ };
+
+ # Enable / disabled search engines from default list
+ engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) {
+ # Images
+ "artic" = false;
+ "deviantart" = false;
+ "flickr" = false;
+ "library of congress" = false;
+ "openverse" = false;
+ "pinterest" = false;
+ "public domain image archive" = false;
+ "unsplash" = false;
+ "wallhaven" = false;
+ "wikicommons.images" = false;
+
+ # Videos
+ "bitchute" = true;
+ "dailymotion" = false;
+ "piped" = false;
+ "rumble" = true;
+ "sepiasearch" = false;
+ "vimeo" = false;
+ "wikicommons.videos" = false;
+
+ # Music
+ "piped.music" = false;
+
+ # Files
+ "1337x" = true;
+ "annas archive" = true;
+ "library genesis" = true;
+
+ # Apps
+ "fdroid" = true;
+ };
+ };
+ };
+ };
+}
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
index 47262fd..416bcde 100644
--- a/modules/root/secrets.nix
+++ b/modules/root/secrets.nix
@@ -1,30 +1,8 @@
-{ pkgs, inputs, config, userDetails, ... }: {
+{ inputs, config, userDetails, ... }: {
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
- defaultSopsFile = ./resources/secrets/secrets.yaml;
defaultSopsFormat = "yaml";
- age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt";
-
- secrets = {
- wpa_supplicant-conf = { };
- hashed-root-password = { };
- };
- };
-
- # This service is a workaround to ensure that secrets are available on
- # reboot when the secret keys are on a separate subvolume
- systemd.services.npcnix-force-rebuild-sops-hack = {
- wantedBy = [ "multi-user.target" ];
- before = [
- # List all services that require secrets
- "wpa_supplicant.service"
- ];
- serviceConfig = {
- ExecStart = "/run/current-system/activate";
- Type = "oneshot";
- Restart = "on-failure"; # because oneshot
- RestartSec = "10s";
- };
+ age.sshKeyPaths = [ "${userDetails.home}/.ssh/id_ed25519" "/root/.ssh/id_ed25519" ];
};
}
diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix
index 8d1e987..0a54b63 100644
--- a/modules/root/software/default.nix
+++ b/modules/root/software/default.nix
@@ -5,9 +5,10 @@
./desktop.nix
./development.nix
./docker.nix
+ ./overlays.nix
./system.nix
./utilities.nix
- ./virtualisation.nix
+ ./virtualization.nix
];
software.desktop = {
@@ -29,6 +30,6 @@
};
};
- virtualisation.enable = lib.mkDefault false;
+ virtualization.enable = lib.mkDefault false;
xserver.awesome.enable = lib.mkDefault true;
}
diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix
index 88101d8..b8cd1e7 100644
--- a/modules/root/software/desktop.nix
+++ b/modules/root/software/desktop.nix
@@ -30,10 +30,10 @@
pcmanfm
redshift
scrot
+ st
sxiv
wpa_supplicant_gui
zathura
- (callPackage ./derivations/st {})
] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [
# Chrome
config.software.desktop.chromium.package
@@ -44,17 +44,16 @@
prusa-slicer
] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [
# Crypto Wallets
- bisq2
- electrum
- monero-gui
+ sparrow
] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [
# Graphics
blender
geeqie
- gimp
+ gimp3
inkscape
] ++ pkgs.lib.optionals config.software.desktop.office.enable [
# Office
+ kdePackages.okular
libreoffice
pdfchain
thunderbird
diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix
index 2a4dfba..af8a8a7 100644
--- a/modules/root/software/development.nix
+++ b/modules/root/software/development.nix
@@ -5,7 +5,7 @@
config = lib.mkIf config.software.development.enable {
environment.systemPackages = with pkgs; [
- adb-sync
+ #adb-sync
android-tools
gcc
git
@@ -14,5 +14,10 @@
lua
pkg-config
];
+
+ # Open 1313 for hugo serve
+ networking.firewall.allowedTCPPorts = [
+ 1313
+ ];
};
}
diff --git a/modules/root/software/overlays.nix b/modules/root/software/overlays.nix
new file mode 100644
index 0000000..2037c0d
--- /dev/null
+++ b/modules/root/software/overlays.nix
@@ -0,0 +1,30 @@
+{ pkgs, ... }: {
+ nixpkgs.overlays = with pkgs; [
+ (final: prev: {
+ crazydiskinfo = (callPackage ./derivations/crazydiskinfo {});
+ lowbat = (callPackage ./derivations/lowbat {});
+ workcentre-7800-series = (callPackage ./derivations/xerox-workcentre-7800-series-driver {});
+
+ # Use my vimv-rs until pr gets merged
+ vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: {
+ src = fetchFromGitHub {
+ owner = "tjkeller-xyz";
+ repo = "vimv-rs";
+ rev = "5deb76fb81dd4acf3c4809087ff3a1d846ab4769";
+ sha256 = "sha256-XMn+5mIxSEHaR31ixMi6o7PSkN1iYjDT4aOiQkfEwpA=";
+ };
+ });
+
+ # Use my tamzen until pr gets merged
+ tamzen = prev.tamzen.overrideAttrs (oldAttrs: {
+ src = fetchFromGitHub {
+ owner = "tjkeller-xyz";
+ repo = "tamzen-font";
+ rev = "middledot";
+ sha256 = "sha256-mVZ8SdYKTdMG1qBKKYdNjuoYvWkEq2ph2O1ztsNJEhs=";
+ };
+ });
+ })
+ (import ./derivations/st/overrides.nix)
+ ];
+}
diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix
index f0a31f2..4c81596 100644
--- a/modules/root/software/system.nix
+++ b/modules/root/software/system.nix
@@ -5,6 +5,7 @@
dash # TODO should be default /bin/sh
exfat
git # Needed for home-manager
+ ntfs3g
python3
sops # Secrets
];
diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix
index dabf163..79285a1 100644
--- a/modules/root/software/utilities.nix
+++ b/modules/root/software/utilities.nix
@@ -1,5 +1,6 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
+ crazydiskinfo
entr
fastfetch
ffmpeg
@@ -7,11 +8,13 @@
jq
light
lm_sensors
+ lowbat
mediainfo
neovim
nmap
openssl
p7zip
+ pavolctld
powertop
pv
rsync
@@ -22,11 +25,10 @@
testdisk
tmux
uhubctl
+ vimv-rs
wget
wireguard-tools
xxHash
yt-dlp
- (callPackage ./derivations/lowbat {})
- (callPackage ./derivations/pavolctld {})
];
}
diff --git a/modules/root/software/virtualisation.nix b/modules/root/software/virtualisation.nix
deleted file mode 100644
index 4ae15f5..0000000
--- a/modules/root/software/virtualisation.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, config, ... }: {
- options = {
- virtualisation.enable = lib.mkEnableOption "enables virtualisation and virt-manager";
- };
-
- config = lib.mkIf config.virtualisation.enable {
- virtualisation.libvirtd.enable = true;
- programs.virt-manager.enable = config.software.desktop.enable;
- };
-}
diff --git a/modules/root/software/virtualization.nix b/modules/root/software/virtualization.nix
new file mode 100644
index 0000000..9ac5a80
--- /dev/null
+++ b/modules/root/software/virtualization.nix
@@ -0,0 +1,13 @@
+{ lib, config, ... }: {
+ options = {
+ virtualization.enable = lib.mkEnableOption "enables virtualization and virt-manager";
+ };
+
+ config = lib.mkIf config.virtualization.enable {
+ virtualisation = {
+ libvirtd.enable = true;
+ spiceUSBRedirection.enable = true;
+ };
+ programs.virt-manager.enable = config.software.desktop.enable;
+ };
+}
diff --git a/modules/root/suspend.nix b/modules/root/suspend.nix
new file mode 100644
index 0000000..814ae95
--- /dev/null
+++ b/modules/root/suspend.nix
@@ -0,0 +1,16 @@
+{ lib, config, ... }: {
+ options = {
+ suspend.enable = lib.mkEnableOption "enables suspend";
+ };
+
+ config = lib.mkIf (! config.suspend.enable) {
+ # Disable suspend targets
+ systemd.targets = builtins.listToAttrs (map (name: {
+ inherit name;
+ value = {
+ enable = false;
+ unitConfig.DefaultDependencies = "no";
+ };
+ }) ["sleep" "suspend" "hibernate" "hybrid-sleep"]);
+ };
+}
diff --git a/modules/root/udev.nix b/modules/root/udev.nix
new file mode 100644
index 0000000..17ed204
--- /dev/null
+++ b/modules/root/udev.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }: {
+ services.udev.extraRules = ''
+ SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
+ '';
+}
diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix
index 542cfd7..9dbf233 100644
--- a/modules/root/wifi.nix
+++ b/modules/root/wifi.nix
@@ -10,9 +10,27 @@
allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
};
+ # Load wpa_supplicant.conf secret config
+ sops.secrets.wpa_supplicant-conf = {
+ sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
+ };
+
# Link /etc/wpa_supplicant.conf -> secret config
environment.etc."wpa_supplicant.conf" = {
source = config.sops.secrets.wpa_supplicant-conf.path;
};
+
+ # This service is a workaround to ensure that secrets are available on
+ # reboot when the secret keys are on a separate subvolume
+ systemd.services.npcnix-force-rebuild-sops-hack = {
+ wantedBy = [ "multi-user.target" ];
+ before = [ "wpa_supplicant.service" ];
+ serviceConfig = {
+ ExecStart = "/run/current-system/activate";
+ Type = "oneshot";
+ Restart = "on-failure"; # because oneshot
+ RestartSec = "10s";
+ };
+ };
};
}
diff --git a/modules/root/x11.nix b/modules/root/x11.nix
index fd15c52..f5a07b4 100644
--- a/modules/root/x11.nix
+++ b/modules/root/x11.nix
@@ -8,6 +8,30 @@
services.xserver.displayManager.startx.enable = true;
services.libinput.enable = true; # Enable touchpad support
+ # Apply startx patch to create serverauth file in /tmp instead of home directory
+ nixpkgs.overlays = with pkgs; [
+ (final: prev: {
+ xorg = prev.xorg // {
+ xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: {
+ version = "1.4.4";
+ patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from
+ # Override src since is hardcoded to 1.4.2
+ src = prev.fetchurl {
+ url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz";
+ sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk=";
+ };
+ patches = [
+ (prev.fetchpatch {
+ url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff";
+ sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda";
+ })
+ ];
+ }));
+ };
+ })
+ ];
+
+ # Install basic X utilities
environment.systemPackages = with pkgs; [
unclutter
xcape
@@ -19,12 +43,12 @@
xorg.xrandr
xorg.xset
xwallpaper
- # Patch startx to be compliant with xdg base dir spec
- (xorg.xinit.overrideAttrs (old: rec {
- patches = [
- ./resources/x11/xinit-startx-xdg.patch
- ];
- }))
];
+
+ # Enable TearFree option by default
+ # Not all video drivers support this option
+ services.xserver.deviceSection = ''
+ Option "TearFree" "true"
+ '';
};
}