Compare commits
28 commits
31273c3355
...
b6b1b3a1fe
| Author | SHA1 | Date | |
|---|---|---|---|
b6b1b3a1fe
|
|||
|
596c9871c7
|
|||
|
4791b023d6
|
|||
|
f1146512ba
|
|||
|
cbd045ac82
|
|||
|
76977ba900
|
|||
|
0172f5410b
|
|||
|
e7b83ccec1
|
|||
|
147fc9967a
|
|||
|
cf62ffd52c
|
|||
|
546b3bb1d8
|
|||
|
b0f82c166f
|
|||
|
c46c1c580d
|
|||
|
864ee129b0
|
|||
|
3aed052567
|
|||
|
8f1c4fbad1
|
|||
|
97bc861c9e
|
|||
|
a7f8b8187c
|
|||
|
fba057a78f
|
|||
|
c3c7f161b3
|
|||
|
760931a5c5
|
|||
|
c86806c340
|
|||
|
ea7c04e4ba
|
|||
|
e7f3350fe2
|
|||
|
4ba88622ff
|
|||
|
9e6a4f3559
|
|||
|
302375470f
|
|||
|
e3e6bb967c
|
37 changed files with 250 additions and 217 deletions
100
flake.lock
generated
100
flake.lock
generated
|
|
@ -52,11 +52,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1740485968,
|
||||
"narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
|
||||
"lastModified": 1741786315,
|
||||
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
|
||||
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -88,11 +88,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1740872218,
|
||||
"narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
|
||||
"lastModified": 1741352980,
|
||||
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "3876f6b87db82f33775b1ef5ea343986105db764",
|
||||
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -106,11 +106,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1736143030,
|
||||
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
|
||||
"lastModified": 1740872218,
|
||||
"narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
|
||||
"rev": "3876f6b87db82f33775b1ef5ea343986105db764",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -163,11 +163,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1740199244,
|
||||
"narHash": "sha256-BiNUbNWLcG8AuKiAZmJ8tS+fr+JO8vGwB7QQ54cezKk=",
|
||||
"lastModified": 1742070442,
|
||||
"narHash": "sha256-xPDSLswRazXLlceqc2+VdbKKG2m/OXCjTzU9O/Bs4ZQ=",
|
||||
"owner": "feel-co",
|
||||
"repo": "hjem",
|
||||
"rev": "829109220c14352990bee4cf092f4918f45fb6a1",
|
||||
"rev": "ae49a5a2e013c710d2b2cf046ae365d08eae75b3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -206,11 +206,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1740845322,
|
||||
"narHash": "sha256-AXEgFj3C0YJhu9k1OhbRhiA6FnDr81dQZ65U3DhaWpw=",
|
||||
"lastModified": 1741955947,
|
||||
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "fcac3d6d88302a5e64f6cb8014ac785e08874c8d",
|
||||
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -221,11 +221,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1740646007,
|
||||
"narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=",
|
||||
"lastModified": 1741792691,
|
||||
"narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49",
|
||||
"rev": "e1f12151258b12c567f456d8248e4694e9390613",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -253,23 +253,23 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1735774519,
|
||||
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
|
||||
"lastModified": 1740872140,
|
||||
"narHash": "sha256-3wHafybyRfpUCLoE8M+uPVZinImg3xX+Nm6gEfN3G8I=",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1740828860,
|
||||
"narHash": "sha256-cjbHI+zUzK5CPsQZqMhE3npTyYFt9tJ3+ohcfaOF/WM=",
|
||||
"lastModified": 1742069588,
|
||||
"narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "303bd8071377433a2d8f76e684ec773d70c5b642",
|
||||
"rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -281,11 +281,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1738297584,
|
||||
"narHash": "sha256-AYvaFBzt8dU0fcSK2jKD0Vg23K2eIRxfsVXIPCW9a0E=",
|
||||
"lastModified": 1741462378,
|
||||
"narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9189ac18287c599860e878e905da550aa6dec1cd",
|
||||
"rev": "2d9e4457f8e83120c9fdf6f1707ed0bc603e5ac9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -295,6 +295,21 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1741851582,
|
||||
"narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nur": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_2",
|
||||
|
|
@ -304,11 +319,11 @@
|
|||
"quasigod": "quasigod"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738585852,
|
||||
"narHash": "sha256-Z+cDls2k+57lAFU+/EwRcjutgCI2iRMRpGlXHMkVcz8=",
|
||||
"lastModified": 1741801623,
|
||||
"narHash": "sha256-U3pD4UFNMFwm1hDQeKa4H+lgVy+RoX/XbbphUROXHEo=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "60d71b8a446906db16b33bc3081507d077d39b6c",
|
||||
"revCount": 5,
|
||||
"rev": "e25a92424c4b0d095d7cdf63eb9ae2b276c84a51",
|
||||
"revCount": 6,
|
||||
"type": "git",
|
||||
"url": "https://git.ccnlc.eu/nydragon/nur.git"
|
||||
},
|
||||
|
|
@ -325,11 +340,11 @@
|
|||
"quickshell": "quickshell"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1739209080,
|
||||
"narHash": "sha256-s1SVaFQ7GSJalxIhVN7aDS7rMcMJ1AUQfjRMYho5yuM=",
|
||||
"lastModified": 1742061478,
|
||||
"narHash": "sha256-zfqsTAU4l17jjtTFibe2MmLlqMcMuhk5iaHN55vb9RU=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "2ca83819872d82fa0ee8dbfccfbfcf3480c279f1",
|
||||
"revCount": 107,
|
||||
"rev": "693a785140b5202d51cee0c883c73dba8b2561b3",
|
||||
"revCount": 108,
|
||||
"type": "git",
|
||||
"url": "https://git.ccnlc.eu/nydragon/nysh.git"
|
||||
},
|
||||
|
|
@ -344,11 +359,11 @@
|
|||
"snowfall-lib": "snowfall-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738444760,
|
||||
"narHash": "sha256-MbAyUUHtiByivJLDKLO5fu3goxeHxQHQxqCzhAZ3F14=",
|
||||
"lastModified": 1741620435,
|
||||
"narHash": "sha256-DUbAVfzso8WoqNQPkuIykv8be0z5d6OMY+kbtCn9A6Q=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "a1db39ff40250211485a98853c6d71ac42d79026",
|
||||
"revCount": 16,
|
||||
"rev": "148b55beaeacb7ffef5ae6ccaf1543aed02cc843",
|
||||
"revCount": 20,
|
||||
"type": "git",
|
||||
"url": "https://codeberg.org/quasigod/nur.git"
|
||||
},
|
||||
|
|
@ -359,10 +374,7 @@
|
|||
},
|
||||
"quickshell": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nysh",
|
||||
"nixpkgs"
|
||||
]
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738200090,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
# This file contains default settings used across different systems
|
||||
{
|
||||
imports = [
|
||||
./themes/catppuccin.nix
|
||||
./graphical
|
||||
./terminal
|
||||
./desktop
|
||||
|
|
|
|||
|
|
@ -12,23 +12,18 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
programs.vscode = {
|
||||
package = pkgs.vscode;
|
||||
enableUpdateCheck = false;
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
rust-lang.rust-analyzer
|
||||
ms-vscode-remote.remote-ssh
|
||||
ms-vscode-remote.remote-ssh-edit
|
||||
tamasfe.even-better-toml
|
||||
];
|
||||
userSettings = {
|
||||
editor.formatOnSave = true;
|
||||
terminal.integrated.inheritEnv = false;
|
||||
git.autofetch = true;
|
||||
remote.SSH = {
|
||||
connectTimeout = 60;
|
||||
useLocalServer = true;
|
||||
remotePlatform = {
|
||||
"192.168.122.152" = "linux";
|
||||
};
|
||||
profiles.default = {
|
||||
enableUpdateCheck = false;
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
rust-lang.rust-analyzer
|
||||
ms-vscode-remote.remote-ssh
|
||||
ms-vscode-remote.remote-ssh-edit
|
||||
tamasfe.even-better-toml
|
||||
];
|
||||
userSettings = {
|
||||
editor.formatOnSave = true;
|
||||
terminal.integrated.inheritEnv = false;
|
||||
git.autofetch = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -8,6 +8,9 @@
|
|||
let
|
||||
inherit (lib) mapAttrsToList mkIf hasAttr;
|
||||
inherit (lib.my) getExe getExe';
|
||||
|
||||
roles = osConfig.modules.system.roles;
|
||||
desktop = osConfig.modules.system.roles.desktop;
|
||||
in
|
||||
mkIf osConfig.programs.hyprland.enable {
|
||||
home.sessionVariables.ELECTRON_OZONE_PLATFORM_HINT = "auto";
|
||||
|
|
@ -33,7 +36,7 @@ mkIf osConfig.programs.hyprland.enable {
|
|||
|
||||
exec-once = [
|
||||
"${config.services.kdeconnect.package}/bin/kdeconnect-indicator"
|
||||
"${pkgs.keepassxc}/bin/keepassxc"
|
||||
"${getExe' pkgs.gnome-keyring "gnome-keyring-daemon"}"
|
||||
];
|
||||
|
||||
general = {
|
||||
|
|
@ -72,7 +75,7 @@ mkIf osConfig.programs.hyprland.enable {
|
|||
inactive_opacity = 1.0;
|
||||
|
||||
shadow = {
|
||||
enabled = true;
|
||||
enabled = roles.portable.enable;
|
||||
range = 4;
|
||||
render_power = 3;
|
||||
color = "rgba(1a1a1aee)";
|
||||
|
|
@ -80,7 +83,7 @@ mkIf osConfig.programs.hyprland.enable {
|
|||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#blur
|
||||
blur = {
|
||||
enabled = true;
|
||||
enabled = roles.portable.enable;
|
||||
size = 3;
|
||||
passes = 1;
|
||||
|
||||
|
|
@ -149,6 +152,7 @@ mkIf osConfig.programs.hyprland.enable {
|
|||
key_press_enables_dpms = true;
|
||||
mouse_move_enables_dpms = true;
|
||||
disable_autoreload = true;
|
||||
vfr = true;
|
||||
};
|
||||
|
||||
bindm = [ "$mod,mouse:272,movewindow" ];
|
||||
|
|
@ -156,6 +160,7 @@ mkIf osConfig.programs.hyprland.enable {
|
|||
bind =
|
||||
let
|
||||
copy = getExe' pkgs.wl-clipboard "wl-copy";
|
||||
cliphist = getExe pkgs.cliphist;
|
||||
in
|
||||
[
|
||||
"$mod, D, exec, ${getExe osConfig.modules.system.roles.desktop.runner.package}"
|
||||
|
|
@ -164,7 +169,7 @@ mkIf osConfig.programs.hyprland.enable {
|
|||
"$mod SHIFT, Q, killactive,"
|
||||
"$mod, V, togglefloating"
|
||||
"$mod SHIFT, P, exec, ${getExe pkgs.scripts.powerMenu}"
|
||||
"$mod, P, exec, ${getExe pkgs.cliphist} wipe & ${getExe pkgs.hyprlock}"
|
||||
"$mod, P, exec, ${cliphist} wipe & ${getExe pkgs.hyprlock}"
|
||||
"$mod SHIFT, C, exec, hyprctl reload"
|
||||
"$mod SHIFT, space, togglefloating"
|
||||
"$mod, left, movefocus, l"
|
||||
|
|
@ -173,13 +178,13 @@ mkIf osConfig.programs.hyprland.enable {
|
|||
"$mod, down, movefocus, d"
|
||||
|
||||
# Example special workspace (scratchpad)
|
||||
"$mod, S, togglespecialworkspace, magic"
|
||||
"$mod SHIFT, S, movetoworkspace, special:magic"
|
||||
"$mod, W, togglespecialworkspace, magic"
|
||||
"$mod SHIFT, W, movetoworkspace, special:magic"
|
||||
"$mod, X, fullscreen, 1"
|
||||
"$mod, F, fullscreen, 0"
|
||||
"$mod, N, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t"
|
||||
"$mod, U, exec, ${pkgs.hyprshot}/bin/hyprshot -o ${config.xdg.userDirs.pictures}/screenshots -m region"
|
||||
"$mod SHIFT, U, exec, ${pkgs.hyprshot}/bin/hyprshot --raw -m region | ${getExe pkgs.satty} -f - --fullscreen --copy-command ${copy}"
|
||||
"$mod, S, exec, ${cliphist} list | ${desktop.runner.dmenu} | ${cliphist} decode | ${copy}"
|
||||
|
||||
#: Brightness and Media {{{
|
||||
",XF86MonBrightnessUp, exec, ${pkgs.brightnessctl}/bin/brightnessctl s +10%"
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
editor = "${pkgs.neovim}/bin/nvim";
|
||||
};
|
||||
init = {
|
||||
defaultBranch = "master";
|
||||
defaultBranch = "main";
|
||||
};
|
||||
merge = {
|
||||
conflictstyle = "diff3";
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ let
|
|||
in
|
||||
mkIf config.programs.ssh.enable {
|
||||
programs.ssh = {
|
||||
addKeysToAgent = "confirm";
|
||||
addKeysToAgent = "yes";
|
||||
matchBlocks = {
|
||||
deck = {
|
||||
hostname = "steamdeck";
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ in
|
|||
};
|
||||
|
||||
modules = {
|
||||
fs.nfsEnable = true;
|
||||
system = {
|
||||
roles = {
|
||||
desktop.enable = true;
|
||||
|
|
@ -106,7 +107,6 @@ in
|
|||
fish.enable = true;
|
||||
firefox.enable = true;
|
||||
thunderbird.enable = true;
|
||||
sway.enable = true;
|
||||
hyprland.enable = true;
|
||||
};
|
||||
|
||||
|
|
@ -118,7 +118,6 @@ in
|
|||
isNormalUser = true;
|
||||
createHome = true;
|
||||
packages = with pkgs; [
|
||||
prismlauncher
|
||||
orca-slicer
|
||||
];
|
||||
extraGroups = [
|
||||
|
|
@ -138,18 +137,6 @@ in
|
|||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
fish
|
||||
wireguard-tools
|
||||
git
|
||||
htop
|
||||
eza
|
||||
bat
|
||||
nfs-utils
|
||||
];
|
||||
|
||||
services.rpcbind.enable = true; # necessary for nfs
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ in
|
|||
|
||||
home-manager.users.${username} = {
|
||||
imports = [
|
||||
../../home/themes/catppuccin.nix
|
||||
../../home
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -2,13 +2,16 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (config.modules.meta) username;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./home.nix
|
||||
./ny.nix
|
||||
../../users/ny
|
||||
];
|
||||
|
||||
|
|
@ -21,6 +24,7 @@
|
|||
system = {
|
||||
roles = {
|
||||
desktop.enable = true;
|
||||
portable.enable = true;
|
||||
};
|
||||
|
||||
outputs = {
|
||||
|
|
@ -61,8 +65,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
hardware.graphics.enable = true;
|
||||
|
||||
xdg = {
|
||||
portal.enable = true;
|
||||
mime.enable = true;
|
||||
|
|
@ -89,11 +91,12 @@
|
|||
firefox.enable = true;
|
||||
thunderbird.enable = true;
|
||||
hyprland.enable = true;
|
||||
pulseview.enable = true;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
enableExtraSocket = true;
|
||||
};
|
||||
seahorse.enable = true;
|
||||
};
|
||||
|
||||
hardware.sane = {
|
||||
|
|
@ -122,9 +125,9 @@
|
|||
powerKey = "hibernate";
|
||||
};
|
||||
|
||||
thermald.enable = true;
|
||||
#thermald.enable = true;
|
||||
|
||||
auto-cpufreq.enable = true;
|
||||
#auto-cpufreq.enable = true;
|
||||
|
||||
upower = {
|
||||
enable = true;
|
||||
|
|
@ -137,6 +140,19 @@
|
|||
|
||||
users = {
|
||||
defaultUserShell = pkgs.fish;
|
||||
users.${username} = {
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
packages = with pkgs; [
|
||||
simple-scan
|
||||
beekeeper-studio
|
||||
];
|
||||
extraGroups = [
|
||||
"networkmanager"
|
||||
"audio"
|
||||
"libvirtd" # VM OPs
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
environment.variables = {
|
||||
|
|
@ -150,6 +166,7 @@
|
|||
libvirtd.enable = true;
|
||||
docker = {
|
||||
enable = true;
|
||||
extraPackages = [ pkgs.docker-credential-helpers ];
|
||||
rootless = {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
|
|
@ -159,13 +176,7 @@
|
|||
|
||||
programs.virt-manager.enable = true;
|
||||
|
||||
programs.nix-ld.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
shared-mime-info
|
||||
glib
|
||||
dconf
|
||||
xdg-utils
|
||||
brightnessctl
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ in
|
|||
|
||||
home-manager.users.${username} = {
|
||||
imports = [
|
||||
../../home/themes/vanilla.nix
|
||||
../../home
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -1,71 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
inputs',
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (config.modules.meta) username;
|
||||
in
|
||||
{
|
||||
config = {
|
||||
users.users.${username} = {
|
||||
packages =
|
||||
[
|
||||
inputs'.nur.packages.grayjay-desktop
|
||||
]
|
||||
++ (with pkgs; [
|
||||
digikam
|
||||
fragments
|
||||
element-desktop
|
||||
loupe
|
||||
seahorse
|
||||
gimp
|
||||
thunderbird
|
||||
keepassxc
|
||||
protonmail-bridge-gui
|
||||
varia
|
||||
signal-desktop
|
||||
onlyoffice-desktopeditors
|
||||
picard
|
||||
simple-scan
|
||||
insomnia
|
||||
beekeeper-studio
|
||||
|
||||
# Proprietary
|
||||
postman
|
||||
mongodb-compass
|
||||
obsidian
|
||||
|
||||
# CLI tools
|
||||
jhead
|
||||
fdupes
|
||||
exiftool
|
||||
sshfs
|
||||
lazygit
|
||||
wl-clipboard
|
||||
|
||||
# custom
|
||||
nysh
|
||||
scripts.screenshot
|
||||
scripts.nixedit
|
||||
scripts.set-background
|
||||
scripts.rpaste
|
||||
scripts.nrun
|
||||
scripts.nruni
|
||||
scripts.genswitch
|
||||
scripts.gentest
|
||||
scripts.editsym
|
||||
scripts.deployswitch
|
||||
scripts.deploytest
|
||||
]);
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
extraGroups = [
|
||||
"networkmanager"
|
||||
"audio"
|
||||
"libvirtd"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -4,6 +4,10 @@
|
|||
];
|
||||
|
||||
modules = {
|
||||
meta = {
|
||||
tailscale.ip = "100.64.0.6";
|
||||
};
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
tags = [
|
||||
|
|
@ -15,7 +19,6 @@
|
|||
server = {
|
||||
rsync-daemon = {
|
||||
enable = true;
|
||||
port = 9523;
|
||||
openFirewall = true;
|
||||
location = "/mnt/backups";
|
||||
address = "100.64.0.6";
|
||||
|
|
@ -31,8 +34,8 @@
|
|||
mode = "write";
|
||||
}
|
||||
{
|
||||
name = "brontes-backup";
|
||||
comment = "brontes's backup space";
|
||||
name = "shan";
|
||||
comment = "backups for shan";
|
||||
mode = "write";
|
||||
}
|
||||
{
|
||||
|
|
@ -65,6 +68,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 9000;
|
||||
|
|
|
|||
|
|
@ -26,6 +26,10 @@ in
|
|||
group = "rustypaste";
|
||||
};
|
||||
forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
|
||||
acme = {
|
||||
owner = if config.security.acme.useRoot then "root" else "acme";
|
||||
file = ../../secrets/acme.age;
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub = {
|
||||
|
|
@ -33,6 +37,8 @@ in
|
|||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
modules = {
|
||||
server.rustypaste = {
|
||||
enable = true;
|
||||
|
|
@ -93,8 +99,12 @@ in
|
|||
polkit.enable = true;
|
||||
|
||||
acme = {
|
||||
defaults.email = "admin@ccnlc.eu";
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "contact@ccnlc.eu";
|
||||
dnsProvider = "ovh";
|
||||
environmentFile = config.age.secrets.acme.path;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -4,10 +4,6 @@ let
|
|||
sshPort = 2222;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./runner.nix
|
||||
];
|
||||
|
||||
systemd.tmpfiles.rules =
|
||||
let
|
||||
# Disallow crawlers from indexing this site.
|
||||
|
|
@ -56,6 +52,8 @@ in
|
|||
migrations.ALLOWED_DOMAINS = "*";
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
||||
#REQUIRE_SIGNIN_VIEW = true;
|
||||
};
|
||||
packages.ENABLED = false;
|
||||
log.LEVEL = "Info";
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@ let
|
|||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
virtualisation.docker.autoPrune.enable = true;
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-runner;
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ let
|
|||
};
|
||||
|
||||
shanMeta = self.nixosConfigurations.shan.config.modules.meta;
|
||||
nihilusCfg = self.nixosConfigurations.nihilus.config;
|
||||
homeAIp = "100.64.0.9";
|
||||
in
|
||||
{
|
||||
|
|
@ -36,7 +37,9 @@ in
|
|||
"tag:client"
|
||||
"tag:server"
|
||||
]
|
||||
[ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
|
||||
[
|
||||
"${nihilusCfg.modules.meta.tailscale.ip}:${toString nihilusCfg.modules.server.rsync-daemon.port}"
|
||||
]
|
||||
)
|
||||
|
||||
(mkAcl
|
||||
|
|
@ -67,7 +70,6 @@ in
|
|||
tags = [
|
||||
"tag:client"
|
||||
"tag:server"
|
||||
"tag:backup"
|
||||
"tag:guest"
|
||||
];
|
||||
|
||||
|
|
@ -77,7 +79,6 @@ in
|
|||
tags = map (name: "tag:${name}") [
|
||||
"server"
|
||||
"client"
|
||||
"backup"
|
||||
];
|
||||
in
|
||||
lib.genAttrs tags (_: users);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,15 @@
|
|||
enable = true;
|
||||
options = {
|
||||
enableBookUploading = true;
|
||||
calibreLibrary = "/mnt/books";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.calibre-web = {
|
||||
after = [ "mnt-books.mount" ];
|
||||
requires = [ "mnt-books.mount" ];
|
||||
};
|
||||
|
||||
fileSystems."/mnt/books" = {
|
||||
device = "192.168.178.21:/mnt/Fort/data/books";
|
||||
fsType = "nfs";
|
||||
|
|
|
|||
|
|
@ -27,6 +27,10 @@
|
|||
file = ../../secrets/freshrss-default-password.age;
|
||||
owner = config.services.freshrss.user;
|
||||
};
|
||||
acme = {
|
||||
owner = if config.security.acme.useRoot then "root" else "acme";
|
||||
file = ../../secrets/acme.age;
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub = {
|
||||
|
|
@ -85,6 +89,21 @@
|
|||
rsync-backup = {
|
||||
enable = true;
|
||||
modules = [
|
||||
{
|
||||
sources = [
|
||||
"/var/lib/paperless"
|
||||
"/var/lib/radicale"
|
||||
"/var/lib/navidrome"
|
||||
"/var/lib/immich"
|
||||
"/var/lib/freshrss"
|
||||
];
|
||||
target = {
|
||||
location = "shan";
|
||||
type = "rsyncd";
|
||||
host = "nihilus";
|
||||
};
|
||||
incremental.enable = true;
|
||||
}
|
||||
{
|
||||
sources = [ "/var/lib/paperless" ];
|
||||
target = {
|
||||
|
|
@ -139,34 +158,40 @@
|
|||
};
|
||||
incremental.enable = true;
|
||||
}
|
||||
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "contact@ccnlc.eu";
|
||||
dnsProvider = "ovh";
|
||||
environmentFile = "/run/secrets/ovh";
|
||||
};
|
||||
security = {
|
||||
polkit.enable = true;
|
||||
|
||||
certs."ccnlc.eu" = {
|
||||
group = "nginx";
|
||||
extraDomainNames = [ "*.ccnlc.eu" ];
|
||||
acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "dns@ccnlc.eu";
|
||||
dnsProvider = "ovh";
|
||||
dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
|
||||
environmentFile = config.age.secrets.acme.path;
|
||||
};
|
||||
|
||||
certs."ccnlc.eu" = {
|
||||
group = "nginx";
|
||||
extraDomainNames = [ "*.ccnlc.eu" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
clientMaxBodySize = "100M";
|
||||
clientMaxBodySize = "0";
|
||||
virtualHosts =
|
||||
let
|
||||
mkVHLocal = mkVH "http://localhost";
|
||||
mkVH = domain: port: {
|
||||
forceSSL = true;
|
||||
useACMEHost = "ccnlc.eu";
|
||||
locations."/" = {
|
||||
proxyPass = "${domain}:${toString port}";
|
||||
extraConfig = ''
|
||||
|
|
@ -177,7 +202,6 @@
|
|||
proxy_http_version 1.1;
|
||||
'';
|
||||
};
|
||||
useACMEHost = "ccnlc.eu";
|
||||
};
|
||||
in
|
||||
{
|
||||
|
|
@ -194,6 +218,7 @@
|
|||
"truenas.ccnlc.eu" = mkVH "https://192.168.178.21" 443;
|
||||
"calibre.ccnlc.eu" = mkVHLocal config.services.calibre-web.listen.port;
|
||||
"prometheus.ccnlc.eu" = mkVHLocal config.services.prometheus.port;
|
||||
"adguard.ccnlc.eu" = mkVHLocal config.services.adguardhome.port;
|
||||
"grafana.ccnlc.eu" = mkVHLocal config.services.grafana.settings.server.http_port;
|
||||
${config.services.freshrss.virtualHost} = {
|
||||
forceSSL = true;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, inputs, ... }:
|
||||
{
|
||||
environment.sessionVariables = {
|
||||
SSH_AUTH_SOCK = "/run/user/\${UID}/keyring/ssh";
|
||||
MANROFFOPT = "-c";
|
||||
MANPAGER = "sh -c 'col -bx | ${pkgs.bat}/bin/bat -l man -p'";
|
||||
WALLPAPERS = "${inputs.wallpapers}";
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@
|
|||
lib.mkIf config.xdg.portal.enable {
|
||||
xdg.portal = {
|
||||
config = {
|
||||
sway = {
|
||||
common = {
|
||||
default = "*";
|
||||
"org.freedesktop.impl.portal.Screenshot.PickColor" = [ "${pkgs.hyprpicker}/bin/hyprpicker" ];
|
||||
};
|
||||
common.default = "*";
|
||||
};
|
||||
|
||||
# gtk portal needed to make gtk apps happy
|
||||
|
|
|
|||
|
|
@ -51,12 +51,6 @@ lib.mkIf config.programs.firefox.enable {
|
|||
|
||||
"dom.security.https_only_mode" = true;
|
||||
|
||||
"cookiebanners.service.mode" = 1;
|
||||
"cookiebanners.bannerClicking.enabled" = true;
|
||||
"cookiebanners.cookieInjector.enabled" = true;
|
||||
"cookiebanners.service.mode.privateBrowsing" = 2;
|
||||
"cookiebanners.ui.desktop.enabled" = true;
|
||||
|
||||
"browser.shell.checkDefaultBrowser" = false;
|
||||
#"privacy.clearOnShutdown.offlineApps" = true;
|
||||
"layout.spellcheckDefault" = 1;
|
||||
|
|
@ -99,9 +93,10 @@ lib.mkIf config.programs.firefox.enable {
|
|||
builtins.listToAttrs [
|
||||
(extension "ublock-origin" "uBlock0@raymondhill.net")
|
||||
(extension "firefox-translations" "firefox-translations-addon@mozilla.org")
|
||||
(extension "private-relay" "private-relay@firefox.com")
|
||||
(extension "decentraleyes" "jid1-BoFifL9Vbdl2zQ@jetpack")
|
||||
(extension "keepassxc-browser" "keepassxc-browser@keepassxc.org")
|
||||
(extension "simplelogin" "addon@simplelogin")
|
||||
|
||||
];
|
||||
FirefoxHome = {
|
||||
Search = true;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@
|
|||
enable = true;
|
||||
settings = {
|
||||
"notARepository" = "skip";
|
||||
git = {
|
||||
overrideGpg = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,16 +8,14 @@
|
|||
config = lib.mkIf config.modules.system.roles.desktop.enable {
|
||||
qt = {
|
||||
enable = true;
|
||||
platformTheme = "gtk2";
|
||||
#platformTheme = "qt5ct";
|
||||
#style = "kvantum";
|
||||
platformTheme = "gtk2"; # Follow gtk theme
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
#vimix-icon-theme
|
||||
#pop-icon-theme
|
||||
catppuccin-papirus-folders
|
||||
#catppuccin-kvantum
|
||||
(catppuccin-papirus-folders.override {
|
||||
accent = "lavender";
|
||||
flavor = "frappe";
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,6 +76,9 @@ in
|
|||
};
|
||||
|
||||
systemd.services.navidrome = {
|
||||
after = mkIf (cfg.library.type == "nfs") [ "mnt-music.mount" ];
|
||||
requires = mkIf (cfg.library.type == "nfs") [ "mnt-music.mount" ];
|
||||
|
||||
serviceConfig = {
|
||||
Restart = cfg.restartPolicy;
|
||||
EnvironmentFile = config.age.secrets.navidrome.path;
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ in
|
|||
default = false;
|
||||
description = "Whether to open the firewall";
|
||||
};
|
||||
port = mkPortOption 9523 "rsyncd";
|
||||
port = mkPortOption 873 "rsyncd";
|
||||
address = mkOption {
|
||||
type = nonEmptyStr;
|
||||
default = "0.0.0.0";
|
||||
|
|
@ -80,6 +80,8 @@ in
|
|||
|
||||
modules.fixes.services.rsyncd = {
|
||||
enable = true;
|
||||
inherit (cfg) port;
|
||||
socketActivated = true;
|
||||
settings = {
|
||||
globalSection = {
|
||||
inherit (cfg) port address;
|
||||
|
|
|
|||
|
|
@ -40,5 +40,7 @@ in
|
|||
|
||||
postStop = "${cfg.package}/bin/cliphist wipe";
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ in
|
|||
Type = "simple";
|
||||
ExecStart = "/bin/sh -lc ${cfg.package}/bin/nysh";
|
||||
Restart = "on-failure";
|
||||
|
||||
NoNewPrivileges = true;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -135,6 +135,17 @@ in
|
|||
unitConfig = {
|
||||
Description = "Backs up files from a source location to a specified destination.";
|
||||
};
|
||||
|
||||
postStop = ''
|
||||
if [ "$SERVICE_RESULT" != "success" ]; then
|
||||
${pkgs.curl}/bin/curl \
|
||||
-H "Priority: urgent" \
|
||||
-H "Title: Backup error" \
|
||||
-d "Backup '${cfg.unitName}-${slugify mod.target.location}' had unexpected behaviour: $SERVICE_RESULT" \
|
||||
https://ntfy.ccnlc.eu/rsync-backup
|
||||
fi
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "on-failure";
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ let
|
|||
enum
|
||||
bool
|
||||
;
|
||||
inherit (lib.my) getExe;
|
||||
cfg = config.modules.services.tailscale;
|
||||
in
|
||||
{
|
||||
|
|
@ -86,14 +87,29 @@ in
|
|||
description = "tailscale system tray";
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
after = [ "graphical-session.target" ];
|
||||
path = [ pkgs.polkit ];
|
||||
path = with pkgs; [
|
||||
polkit
|
||||
tailscale
|
||||
];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "/bin/sh -lc ${pkgs.tailscale-systray}/bin/tailscale-systray";
|
||||
ExecStart = getExe pkgs.tail-tray;
|
||||
Restart = "on-failure";
|
||||
RestartSec = 1;
|
||||
TimeoutStopSec = 10;
|
||||
IPAddressDeny = "any";
|
||||
NoNewPrivileges = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap";
|
||||
# ProtectControlGroups = true;
|
||||
#RestrictNamespaces = true;
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -3,5 +3,6 @@
|
|||
./terminal.nix
|
||||
./desktop.nix
|
||||
./gaming.nix
|
||||
./portable.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ in
|
|||
{
|
||||
options.modules.system.roles.gaming = {
|
||||
enable = mkEnableOption "gaming features";
|
||||
minecraft.enable = mkEnableOption "minecraft";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
|
@ -32,6 +33,7 @@ in
|
|||
environment.systemPackages = with pkgs; [
|
||||
mangohud
|
||||
heroic
|
||||
(mkIf cfg.minecraft.enable prismlauncher)
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
9
options/system/roles/portable.nix
Normal file
9
options/system/roles/portable.nix
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib) mkEnableOption;
|
||||
in
|
||||
{
|
||||
options.modules.system.roles.portable = {
|
||||
enable = mkEnableOption "Laptop/Portable tweaks";
|
||||
};
|
||||
}
|
||||
|
|
@ -38,6 +38,7 @@ in
|
|||
fd
|
||||
ripgrep
|
||||
jnv
|
||||
jq
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
BIN
secrets/acme.age
Normal file
BIN
secrets/acme.age
Normal file
Binary file not shown.
|
|
@ -24,4 +24,9 @@ in
|
|||
shan
|
||||
ny
|
||||
];
|
||||
"acme.age".publicKeys = [
|
||||
shan
|
||||
raptus
|
||||
ny
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,16 +22,14 @@ in
|
|||
|
||||
users.users.${username}.packages =
|
||||
[
|
||||
inputs'.nur.packages.grayjay-desktop
|
||||
inputs'.nur.packages.grayjay
|
||||
]
|
||||
++ (with pkgs; [
|
||||
keepassxc
|
||||
digikam
|
||||
fragments
|
||||
element-desktop
|
||||
libreoffice
|
||||
loupe
|
||||
seahorse
|
||||
pwvucontrol
|
||||
thunderbird
|
||||
keepassxc
|
||||
|
|
@ -39,6 +37,7 @@ in
|
|||
signal-desktop
|
||||
tagger
|
||||
kid3
|
||||
hoppscotch
|
||||
|
||||
# proprietary
|
||||
obsidian
|
||||
|
|
@ -56,6 +55,7 @@ in
|
|||
scripts.set-background
|
||||
scripts.fishl
|
||||
scripts.nrun
|
||||
scripts.nruni
|
||||
scripts.rpaste
|
||||
scripts.genswitch
|
||||
scripts.gentest
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
Enabled = true;
|
||||
};
|
||||
GUI = {
|
||||
ApplicationTheme = "auto";
|
||||
ApplicationTheme = "dark";
|
||||
ColorPasswords = true;
|
||||
MinimizeOnClose = true;
|
||||
MinimizeOnStartup = true;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue