diff --git a/hosts/biolimo/configuration.nix b/hosts/biolimo/configuration.nix index e84ee41..bb8c47c 100644 --- a/hosts/biolimo/configuration.nix +++ b/hosts/biolimo/configuration.nix @@ -8,36 +8,29 @@ with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.plymouth.enable = true; - pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.enable = true; pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; pub-solar.core.hibernation.resumeOffset = 15296512; - pub-solar.audio.bluetooth.enable = true; + pub-solar.terminal-life.full = true; hardware.cpu.intel.updateMicrocode = true; networking.hostName = "biolimo"; - networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; + networking.networkmanager.wifi.backend = "wpa_supplicant"; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - }; - - home.packages = [ - inkscape - ]; + home-manager.users."${psCfg.user.name}" = { + xdg.configFile = { + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; }; + }; # For OpenProject development with https security.pki.certificates = [ diff --git a/hosts/chocolatebar/configuration.nix b/hosts/chocolatebar/configuration.nix index aa5c9ed..c746c28 100644 --- a/hosts/chocolatebar/configuration.nix +++ b/hosts/chocolatebar/configuration.nix @@ -9,10 +9,6 @@ with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; - pub-solar.virtualisation.enable = true; - hardware.cpu.amd.updateMicrocode = true; hardware.opengl.extraPackages = with pkgs; [ @@ -23,62 +19,30 @@ in { # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.plymouth.enable = true; - pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.enable = true; pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; pub-solar.core.hibernation.resumeOffset = 115075072; - pub-solar.paperless.sync.masterNode = true; - - age.secrets."drone-runner-exec-config" = { - file = "${flake.self}/secrets/drone-runner-exec-config"; - mode = "400"; - owner = psCfg.user.name; - }; - - pub-solar.docker-ci-runner = { - enable = true; - runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; - }; - - pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; + pub-solar.terminal-life.full = true; services.openssh.openFirewall = true; networking.hostName = "chocolatebar"; - networking.firewall.allowedTCPPorts = - [443] - ++ ( - if psCfg.sway.vnc.enable - then [5901] - else [] - ); networking.firewall.allowedUDPPorts = [43050]; environment.systemPackages = with pkgs; [ - wayvnc drone-docker-runner stdenv.cc.cc.lib pkgs.hplip ]; - age.secrets."vnc-key.pem" = { - file = "${flake.self}/secrets/vnc-key-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - age.secrets."vnc-cert.pem" = { - file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - pub-solar.sway.vnc.enable = true; - services.udev.extraRules = '' SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" ''; home-manager.users."${psCfg.user.name}" = { - xdg.configFile = mkIf psCfg.sway.enable { + xdg.configFile = { "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; diff --git a/hosts/chocolatebar/virtualisation/default.nix b/hosts/chocolatebar/virtualisation/default.nix index 8b58504..6d2287e 100644 --- a/hosts/chocolatebar/virtualisation/default.nix +++ b/hosts/chocolatebar/virtualisation/default.nix @@ -17,65 +17,63 @@ with lib; let isolateAnyGPU = isolateGPU != null; in { - config = mkIf psCfg.virtualisation.enable { - boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [ - "softdep amdgpu pre: vfio vfio_pci" - ( - if isolateGPU == "rx5700xt" - then "options vfio-pci ids=1002:731f,1002:ab38" - else "options vfio-pci ids=1002:699f,1002:aae0" - ) - ]); + boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [ + "softdep amdgpu pre: vfio vfio_pci" + ( + if isolateGPU == "rx5700xt" + then "options vfio-pci ids=1002:731f,1002:ab38" + else "options vfio-pci ids=1002:699f,1002:aae0" + ) + ]); - systemd.user.services = { - vm-windows = createService { - inherit config; - inherit pkgs; - inherit lib; - vm = { - name = "windows"; - disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603"; - id = "http://microsoft.com/win/10"; - gpu = true; - mountHome = false; - memory = memory; - isolateGPU = isolateGPU; - handOverUSBDevices = handOverUSBDevices; - generateXML = generateXML; - }; + systemd.user.services = { + vm-windows = createService { + inherit config; + inherit pkgs; + inherit lib; + vm = { + name = "windows"; + disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603"; + id = "http://microsoft.com/win/10"; + gpu = true; + mountHome = false; + memory = memory; + isolateGPU = isolateGPU; + handOverUSBDevices = handOverUSBDevices; + generateXML = generateXML; }; - vm-manjaro = createService { - inherit config; - inherit pkgs; - inherit lib; - vm = { - name = "manjaro"; - disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE"; - id = "https://manjaro.org/download/#i3"; - gpu = true; - mountHome = true; - memory = memory; - isolateGPU = isolateGPU; - handOverUSBDevices = handOverUSBDevices; - generateXML = generateXML; - }; + }; + vm-manjaro = createService { + inherit config; + inherit pkgs; + inherit lib; + vm = { + name = "manjaro"; + disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE"; + id = "https://manjaro.org/download/#i3"; + gpu = true; + mountHome = true; + memory = memory; + isolateGPU = isolateGPU; + handOverUSBDevices = handOverUSBDevices; + generateXML = generateXML; }; - vm-tails = createService { - inherit config; - inherit pkgs; - inherit lib; - vm = { - name = "tails"; - disk = "/var/lib/vms/tails/tails-amd64-5.4.iso"; - # disk = "/var/lib/vms/nixos/nixos-minimal.iso"; - id = "https://tails.boum.org/install/index.en.html"; - gpu = false; - mountHome = false; - memory = 16; - isolateGPU = isolateGPU; - handOverUSBDevices = false; - generateXML = generateTailsXML; - }; + }; + vm-tails = createService { + inherit config; + inherit pkgs; + inherit lib; + vm = { + name = "tails"; + disk = "/var/lib/vms/tails/tails-amd64-5.4.iso"; + # disk = "/var/lib/vms/nixos/nixos-minimal.iso"; + id = "https://tails.boum.org/install/index.en.html"; + gpu = false; + mountHome = false; + memory = 16; + isolateGPU = isolateGPU; + handOverUSBDevices = false; + generateXML = generateTailsXML; }; }; }; diff --git a/hosts/default.nix b/hosts/default.nix index 57dc259..7876d9b 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -8,6 +8,12 @@ self.nixosModules.base ./biolimo self.nixosModules.b12f + self.nixosModules.audio + self.nixosModules.bluetooth + self.nixosModules.docker + self.nixosModules.graphical + self.nixosModules.nextcloud + self.nixosModules.office ]; }; @@ -17,6 +23,14 @@ self.nixosModules.base ./chocolatebar self.nixosModules.b12f + self.nixosModules.audio + self.nixosModules.virtualisation + self.nixosModules.docker + self.nixosModules.gaming + self.nixosModules.graphical + self.nixosModules.nextcloud + self.nixosModules.office + self.nixosModules.virtualisation ]; }; @@ -37,6 +51,7 @@ ./pie self.nixosModules.yule self.nixosModules.printing + self.nixosModules.paperless ]; }; diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix index 6d45794..984306e 100644 --- a/hosts/droppie/configuration.nix +++ b/hosts/droppie/configuration.nix @@ -9,6 +9,8 @@ with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { + pub-solar.core.disk-encryption-active = false; + boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.grub = { enable = true; @@ -21,9 +23,6 @@ in { networking.hostName = "droppie"; - pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; - security.sudo.extraRules = [ { users = ["${psCfg.user.name}"]; diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix index 51da4bb..f6fb708 100644 --- a/hosts/pie/configuration.nix +++ b/hosts/pie/configuration.nix @@ -27,7 +27,6 @@ in { boot.kernelPackages = pkgs.linuxPackages_6_1; pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; networking.hostName = "pie"; networking.defaultGateway = { diff --git a/lib/default.nix b/lib/default.nix index 49bbaf4..d1234df 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,8 +11,8 @@ ## In configs, they can be used under "lib.our" deploy = import ./deploy.nix { inherit inputs lib; }; - addLocalHostname = callLibs ./add-local-hostname.nix; + recursiveMerge = callLibs ./recursive-merge.nix; }; }; } diff --git a/lib/recursive-merge.nix b/lib/recursive-merge.nix new file mode 100644 index 0000000..1b2c37e --- /dev/null +++ b/lib/recursive-merge.nix @@ -0,0 +1,16 @@ +{ lib }: +attrList: +let + f = attrPath: + zipAttrsWith ( + n: values: + if tail values == [] + then head values + else if all isList values + then unique (concatLists values) + else if all isAttrs values + then f (attrPath ++ [n]) values + else last values + ); +in + f [] attrList; diff --git a/modules/adb/default.nix b/modules/adb/default.nix new file mode 100644 index 0000000..7a0a83d --- /dev/null +++ b/modules/adb/default.nix @@ -0,0 +1,15 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; +in { + programs.adb.enable = true; + + users.users."${psCfg.user.name}" = { + extraGroups = ["adbusers"]; + }; +} diff --git a/modules/arduino/default.nix b/modules/arduino/default.nix index 489f9c6..8b0e51d 100644 --- a/modules/arduino/default.nix +++ b/modules/arduino/default.nix @@ -6,22 +6,12 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.arduino; in { - options.pub-solar.arduino = { - enable = mkEnableOption "Life with home automation"; - }; - config = mkIf cfg.enable { - users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["dialout"]; - }; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - arduino - arduino-cli - ]; - }; + users.users."${psCfg.user.name}" = { + extraGroups = ["dialout"]; + packages = with pkgs; [ + arduino + arduino-cli + ]; }; } diff --git a/modules/audio/default.nix b/modules/audio/default.nix index ae6e745..ba92bf4 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -6,126 +6,52 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.audio; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - options.pub-solar.audio = { - enable = mkEnableOption "Life in highs and lows"; - mopidy.enable = mkEnableOption "Life with mopidy"; - spotify.enable = mkEnableOption "Life in DRM"; - spotify.username = mkOption { - description = "Spotify login username or email"; - type = types.str; - example = "yourname@example.com"; - default = ""; - }; - bluetooth.enable = mkEnableOption "Life with bluetooth"; + users.users."${psCfg.user.name}" = { + extraGroups = ["audio"]; + packages = with pkgs; [ + # easyeffects, e.g. for microphone noise filtering + easyeffects + mu + pavucontrol + pa_applet + playerctl + # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) + pulseaudio + vimpc + spotify-tui + ]; }; - config = mkIf cfg.enable { - users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["audio"]; - }; + home-manager.users."${psCfg.user.name}" = { + xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; + systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = - [ - # easyeffects, e.g. for microphone noise filtering - easyeffects - mu - pavucontrol - pa_applet - playerctl - # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) - pulseaudio - vimpc - ] - ++ ( - if cfg.spotify.enable - then [pkgs.spotify-tui] - else [] - ); - xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; - systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; - - services.spotifyd = mkIf cfg.spotify.enable { - enable = true; - settings = { - global = { - username = cfg.spotify.username; - password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password"; - bitrate = 320; - volume_normalisation = true; - no_audio_cache = false; - max_cache_size = 1000000000; - }; - }; - }; - }; - - # rtkit is optional but recommended - security.rtkit.enable = true; - services.pipewire = { + services.spotifyd = { enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - wireplumber.enable = true; - # If you want to use JACK applications, uncomment this - jack.enable = true; - }; - - # Enable bluetooth - hardware.bluetooth = mkIf cfg.bluetooth.enable { - enable = true; - # Disable bluetooth on startup to save battery - powerOnBoot = false; - # Disable useless SIM Access Profile plugin - disabledPlugins = [ - "sap" - ]; settings = { - General = { - # Enables experimental features and interfaces. - # Makes BlueZ Battery Provider available - Experimental = true; + global = { + username = "spotify@benjaminbaedorf.eu"; + password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password"; + bitrate = 320; + volume_normalisation = true; + no_audio_cache = false; + max_cache_size = 1000000000; }; }; }; - services.blueman.enable = mkIf cfg.bluetooth.enable true; - environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = mkIf cfg.bluetooth.enable { - text = '' - bluez_monitor.properties = { - ["bluez5.enable-sbc-xq"] = true, - ["bluez5.enable-msbc"] = true, - ["bluez5.enable-hw-volume"] = true, - ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" - } - ''; - }; + }; - # Enable audio server & client - services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs); - - # Make pulseaudio listen on port 4713 for mopidy, extending the default - # config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in - environment.etc."pipewire/pipewire-pulse.conf.d/99-custom.conf" = mkIf cfg.mopidy.enable { - text = '' - { - "context.modules": [ - { - "name": "libpipewire-module-protocol-pulse", - "args": { - "server.address": ["unix:native", "tcp:4713"], - "vm.overrides": { - "pulse.min.quantum": "1024/48000" - } - } - } - ] - } - ''; - }; - }; - } + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + # If you want to use JACK applications, uncomment this + jack.enable = true; + }; +} diff --git a/modules/bluetooth/default.nix b/modules/bluetooth/default.nix new file mode 100644 index 0000000..4ce05b1 --- /dev/null +++ b/modules/bluetooth/default.nix @@ -0,0 +1,35 @@ +{ + lib, + config, + pkgs, + ... +}: { + hardware.bluetooth = { + enable = true; + # Disable bluetooth on startup to save battery + powerOnBoot = false; + # Disable useless SIM Access Profile plugin + disabledPlugins = [ + "sap" + ]; + settings = { + General = { + # Enables experimental features and interfaces. + # Makes BlueZ Battery Provider available + Experimental = true; + }; + }; + }; + + services.blueman.enable = true; + environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = { + text = '' + bluez_monitor.properties = { + ["bluez5.enable-sbc-xq"] = true, + ["bluez5.enable-msbc"] = true, + ["bluez5.enable-hw-volume"] = true, + ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" + } + ''; + }; +} diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix deleted file mode 100644 index 869777f..0000000 --- a/modules/ci-runner/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - lib, - config, - pkgs, - flake, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.ci-runner; -in { - options.pub-solar.ci-runner = { - enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner"; - }; - - config = mkIf cfg.enable { - systemd.user.services.ci-runner = { - enable = true; - - description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM."; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - }; - - path = [ - pkgs.git - pkgs.nix - pkgs.libvirt - ]; - - wantedBy = ["multi-user.target"]; - after = ["network.target" "libvirtd.service"]; - - script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config''; - }; - - age.secrets."drone-runner-exec-config" = { - file = "${flake.self}/secrets/drone-runner-exec-config"; - mode = "700"; - owner = psCfg.user.name; - }; - }; -} diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 711569e..23d3f31 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -7,12 +7,6 @@ with lib; let cfg = config.pub-solar.core; in { - options.pub-solar.core.iso-options.enable = mkOption { - type = types.bool; - default = false; - description = "Feature flag for iso builds"; - }; - options.pub-solar.core.disk-encryption-active = mkOption { type = types.bool; default = true; @@ -21,13 +15,10 @@ in { config = { boot = { - # Enable plymouth for better experience of booting - plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true); - # Mount / luks device in initrd # Allow fstrim to work on it. # The ! makes this enabled by default - initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) { + initrd = mkIf cfg.disk-encryption-active { luks.devices."cryptroot" = { allowDiscards = true; }; diff --git a/modules/core/default.nix b/modules/core/default.nix index 6b85b9d..985cec1 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -9,33 +9,29 @@ in { imports = [ ./boot.nix ./hibernation.nix - ./fonts.nix ./i18n.nix ./networking.nix ./packages.nix - ./services.nix ]; - options.pub-solar.core = { - lite = mkOption { - description = '' - Enable a lite edition of core with less default modules and a reduced package set. - ''; - default = false; - type = types.bool; - }; + # Service that makes Out of Memory Killer more effective + services.earlyoom.enable = true; + + services.logind.lidSwitch = "hibernate"; + + services.tor.settings = { + UseBridges = true; }; - config = { - pub-solar = { - audio.enable = mkIf (!cfg.lite) (mkDefault true); - crypto.enable = mkIf (!cfg.lite) (mkDefault true); - devops.enable = mkIf (!cfg.lite) (mkDefault true); + # The options below are directly taken from or inspired by + # https://xeiaso.net/blog/paranoid-nixos-2021-07-18 - terminal-life = { - enable = mkDefault true; - lite = cfg.lite; - }; - }; - }; + # Limit the use of sudo to the group wheel + security.sudo.execWheelOnly = true; + + # Remove the complete default environment of packages like + # nano, perl and rsync + environment.defaultPackages = lib.mkForce []; + + # fileSystems."/".options = [ "noexec" ]; } diff --git a/modules/core/fonts.nix b/modules/core/fonts.nix deleted file mode 100644 index 2973448..0000000 --- a/modules/core/fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - fonts = { - fonts = with pkgs; [powerline-fonts dejavu_fonts]; - fontconfig.defaultFonts = { - monospace = ["DejaVu Sans Mono for Powerline"]; - sansSerif = ["DejaVu Sans"]; - }; - }; -} diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 51d1c9c..5f7ef13 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -1,44 +1,51 @@ { + flake, config, pkgs, lib, ... -}: -with lib; let - cfg = config.pub-solar.core; -in { - options.pub-solar.core = { - enableCaddy = mkOption { - type = types.bool; - default = !cfg.lite; - }; - enableHelp = mkOption { - type = types.bool; - default = !cfg.lite; - }; +}: { + # disable NetworkManager and systemd-networkd -wait-online by default + systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false; + systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; - binaryCaches = mkOption { - type = types.listOf types.str; - default = []; - description = "Binary caches to use."; - }; - publicKeys = mkOption { - type = types.listOf types.str; - default = []; - description = "Public keys of binary caches."; - }; + networking.networkmanager = { + # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. + enable = true; + wifi.backend = lib.mkDefault "iwd"; }; - config = { - # disable NetworkManager and systemd-networkd -wait-online by default - systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false; - systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; - networking.networkmanager = { - # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. - enable = true; - wifi.backend = "iwd"; - }; + networking.firewall.enable = true; - networking.firewall.enable = true; + networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"]; + + # Caddy reverse proxy for local services like cups + services.caddy = { + enable = true; + globalConfig = '' + default_bind 127.0.0.1 + auto_https off + ''; + }; + + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + allowSFTP = false; + + # If you don't want the host to have SSH actually opened up to the net, + # set `services.openssh.openFirewall` to false in your config. + openFirewall = true; + + settings.PasswordAuthentication = lib.mkDefault false; + settings.KbdInteractiveAuthentication = false; + + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; }; } diff --git a/modules/core/packages.nix b/modules/core/packages.nix index 807b282..51faea2 100644 --- a/modules/core/packages.nix +++ b/modules/core/packages.nix @@ -8,72 +8,18 @@ with lib; let psCfg = config.pub-solar; cfg = config.pub-solar.core; in { - environment = { - systemPackages = with pkgs; - [ - # Core unix utility packages - coreutils-full - dnsutils - inetutils - progress - pciutils - usbutils + environment.systemPackages = with pkgs; [ + # Core unix utility packages + coreutils-full + dnsutils + inetutils + progress + pciutils + usbutils + diffutils + findutils + exfat - wget - openssl - openssh - curl - htop - btop - lsof - psmisc - file - - # zippit - zip - unzip - - # Modern modern utilities - p7zip - croc - jq - ] - ++ lib.optionals (!cfg.lite) [ - mtr - - gitFull - git-lfs - git-bug - - xdg-utils - sysfsutils - renameutils - nfs-utils - moreutils - mailutils - keyutils - input-utils - elfutils - binutils - dateutils - diffutils - findutils - exfat - - # Nix specific utilities - alejandra - niv - manix - nix-index - nix-tree - nixpkgs-review - # Build broken, python2.7-PyJWT-2.0.1.drv' failed - #nixops - psos - nvd - - # Fun - neofetch - ]; - }; + gitFull + ]; } diff --git a/modules/core/services.nix b/modules/core/services.nix deleted file mode 100644 index 475945e..0000000 --- a/modules/core/services.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - # If you don't want the host to have SSH actually opened up to the net, - # set `services.openssh.openFirewall` to false in your config. - openFirewall = lib.mkDefault true; - settings.PasswordAuthentication = lib.mkDefault false; - }; - - # Service that makes Out of Memory Killer more effective - services.earlyoom.enable = true; -} diff --git a/modules/crypto/default.nix b/modules/crypto/default.nix index 8dad1d7..585716f 100644 --- a/modules/crypto/default.nix +++ b/modules/crypto/default.nix @@ -6,40 +6,30 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.crypto; in { - options.pub-solar.crypto = { - enable = mkEnableOption "Life in private"; - }; + services.udev.packages = [pkgs.yubikey-personalization]; + services.dbus.packages = [pkgs.gcr]; + services.pcscd.enable = true; - config = mkIf cfg.enable { - services.udev.packages = [pkgs.yubikey-personalization]; - services.dbus.packages = [pkgs.gcr]; - services.pcscd.enable = true; + services.gnome.gnome-keyring.enable = true; - services.gnome.gnome-keyring.enable = true; + users.users."${psCfg.user.name}".packages = with pkgs; [ + gnome.seahorse + keepassxc + libsecret + ]; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs; + home-manager.users."${psCfg.user.name}" = { + systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs; - services.gpg-agent = { - enable = true; - pinentryFlavor = "gnome3"; - verbose = true; - }; + services.gpg-agent = { + enable = true; + pinentryFlavor = "gnome3"; + verbose = true; + }; - programs.gpg = { - enable = true; - }; - - home.packages = [ - gnome.seahorse - keepassxc - libsecret - qMasterPassword - restic - ]; - }; + programs.gpg = { + enable = true; + }; }; } diff --git a/modules/default.nix b/modules/default.nix index 1a87694..7f67461 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -8,25 +8,19 @@ nixosModules = rec { arduino = import ./arduino; audio = import ./audio; - ci-runner = import ./ci-runner; + bluetooth = import ./bluetooth; core = import ./core; crypto = import ./crypto; - devops = import ./devops; docker = import ./docker; - docker-ci-runner = import ./docker-ci-runner; email = import ./email; gaming = import ./gaming; graphical = import ./graphical; - mobile = import ./mobile; + adb = import ./adb; nix = import ./nix; nextcloud = import ./nextcloud; office = import ./office; paperless = import ./paperless; - paranoia = import ./paranoia; printing = import ./printing; - proxy = import ./proxy; - social = import ./social; - sway = import ./sway; terminal-life = import ./terminal-life; uhk = import ./uhk; user = import ./user; @@ -66,33 +60,13 @@ ]; }) - self.nixosModules.arduino - self.nixosModules.audio - self.nixosModules.ci-runner self.nixosModules.core self.nixosModules.crypto - self.nixosModules.devops - self.nixosModules.docker - self.nixosModules.docker-ci-runner - self.nixosModules.email - self.nixosModules.gaming - self.nixosModules.graphical - self.nixosModules.mobile self.nixosModules.nix - self.nixosModules.nextcloud - self.nixosModules.office - self.nixosModules.paperless - self.nixosModules.paranoia - # self.nixosModules.printing - self.nixosModules.proxy - self.nixosModules.social - self.nixosModules.sway self.nixosModules.terminal-life - self.nixosModules.uhk - self.nixosModules.user - self.nixosModules.virtualisation self.nixosModules.root + self.nixosModules.user ]; }; }; diff --git a/modules/devops/default.nix b/modules/devops/default.nix deleted file mode 100644 index 2f3425f..0000000 --- a/modules/devops/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.devops; -in { - options.pub-solar.devops = { - enable = mkEnableOption "Life automated"; - }; - - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - croc - drone-cli - nmap - pgcli - ansible - ansible-lint - restic - shellcheck - terraform - tea - ]; - }; - }; -} diff --git a/modules/docker-ci-runner/default.nix b/modules/docker-ci-runner/default.nix deleted file mode 100644 index 9d24bf0..0000000 --- a/modules/docker-ci-runner/default.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - bootstrap = pkgs.writeScript "bootstrap.sh" '' - #!/usr/bin/env bash - - set -e - - apt update - apt install --yes curl git sudo xz-utils - - adduser --system --uid 999 build - chown build /nix - - sudo -u build curl -L https://nixos.org/nix/install > install - sudo -u build sh install - - echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile - - mkdir /etc/nix - echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf - - export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json" - mkdir -p $(dirname \\$nix_user_config_file) - echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file - chown -R build /home/build/ - - curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz - sudo install -t /usr/local/bin drone-runner-exec - - if [ ! -f /run/vars ]; then - exit 1 - fi - - cp -a /run/vars /run/runtime-vars - env | grep "DRONE" >> /run/runtime-vars - - su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars" - ''; - psCfg = config.pub-solar; - cfg = config.pub-solar.docker-ci-runner; -in { - options.pub-solar.docker-ci-runner = { - enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user."; - - enableKvm = lib.mkOption { - description = '' - Enable kvm support. - ''; - default = true; - type = types.bool; - }; - - nixCacheLocation = lib.mkOption { - description = '' - Location of nix cache that is shared between builds - ''; - default = "/var/lib/docker-ci-runner"; - type = types.path; - }; - - runnerEnvironment = lib.mkOption { - description = '' - Additional environment vars added to the vars file on container runtime - ''; - default = {}; - }; - - runnerVarsFile = lib.mkOption { - description = '' - Location of vars file passed to drone runner - ''; - type = types.path; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation = { - docker = { - enable = true; # sadly podman is not supported rightnow - }; - - oci-containers = { - backend = "docker"; - containers."drone-exec-runner" = { - image = "debian"; - autoStart = true; - entrypoint = "bash"; - cmd = ["/bootstrap.sh"]; - - volumes = [ - "${cfg.runnerVarsFile}:/run/vars" - "${cfg.nixCacheLocation}:/nix" - "${bootstrap}:/bootstrap.sh" - ]; - - environment = cfg.runnerEnvironment; - - extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"]; - }; - }; - }; - # Fix container not stopping correctly and holding the system 120s upon - # shutdown / reboot - systemd.services.docker-drone-exec-runner.preStop = '' - docker stop drone-exec-runner - ''; - }; -} diff --git a/modules/docker/default.nix b/modules/docker/default.nix index ef733b4..2c3e1a9 100644 --- a/modules/docker/default.nix +++ b/modules/docker/default.nix @@ -6,21 +6,14 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.docker; in { - options.pub-solar.docker = { - enable = mkEnableOption "Life in metal boxes"; + virtualisation.docker.enable = true; + + users.users."${psCfg.user.name}" = { + extraGroups = ["docker"]; }; - config = mkIf cfg.enable { - virtualisation.docker.enable = true; - users.users = with pkgs; - pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["docker"]; - }; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; - }; + environment.systemPackages = with pkgs; [ + docker-compose + ]; } diff --git a/users/b12f/.config/msmtp/config b/modules/email/.config/msmtp/config similarity index 100% rename from users/b12f/.config/msmtp/config rename to modules/email/.config/msmtp/config diff --git a/users/b12f/.config/mutt/admins@pub.solar.muttrc b/modules/email/.config/mutt/admins@pub.solar.muttrc similarity index 100% rename from users/b12f/.config/mutt/admins@pub.solar.muttrc rename to modules/email/.config/mutt/admins@pub.solar.muttrc diff --git a/users/b12f/.config/mutt/admins@pub.solar.signature b/modules/email/.config/mutt/admins@pub.solar.signature similarity index 100% rename from users/b12f/.config/mutt/admins@pub.solar.signature rename to modules/email/.config/mutt/admins@pub.solar.signature diff --git a/users/b12f/.config/mutt/b.baedorf@openproject.com.muttrc b/modules/email/.config/mutt/b.baedorf@openproject.com.muttrc similarity index 100% rename from users/b12f/.config/mutt/b.baedorf@openproject.com.muttrc rename to modules/email/.config/mutt/b.baedorf@openproject.com.muttrc diff --git a/users/b12f/.config/mutt/b.baedorf@openproject.com.signature b/modules/email/.config/mutt/b.baedorf@openproject.com.signature similarity index 100% rename from users/b12f/.config/mutt/b.baedorf@openproject.com.signature rename to modules/email/.config/mutt/b.baedorf@openproject.com.signature diff --git a/modules/user/.config/mutt/base16.muttrc b/modules/email/.config/mutt/base16.muttrc similarity index 100% rename from modules/user/.config/mutt/base16.muttrc rename to modules/email/.config/mutt/base16.muttrc diff --git a/users/b12f/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc b/modules/email/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc similarity index 100% rename from users/b12f/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc rename to modules/email/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc diff --git a/users/b12f/.config/mutt/byb@miom.space.muttrc b/modules/email/.config/mutt/byb@miom.space.muttrc similarity index 100% rename from users/b12f/.config/mutt/byb@miom.space.muttrc rename to modules/email/.config/mutt/byb@miom.space.muttrc diff --git a/users/b12f/.config/mutt/byb@miom.space.signature b/modules/email/.config/mutt/byb@miom.space.signature similarity index 100% rename from users/b12f/.config/mutt/byb@miom.space.signature rename to modules/email/.config/mutt/byb@miom.space.signature diff --git a/users/b12f/.config/mutt/crew@pub.solar.muttrc b/modules/email/.config/mutt/crew@pub.solar.muttrc similarity index 100% rename from users/b12f/.config/mutt/crew@pub.solar.muttrc rename to modules/email/.config/mutt/crew@pub.solar.muttrc diff --git a/users/b12f/.config/mutt/crew@pub.solar.signature b/modules/email/.config/mutt/crew@pub.solar.signature similarity index 100% rename from users/b12f/.config/mutt/crew@pub.solar.signature rename to modules/email/.config/mutt/crew@pub.solar.signature diff --git a/users/b12f/.config/mutt/hello@benjaminbaedorf.eu.muttrc b/modules/email/.config/mutt/hello@benjaminbaedorf.eu.muttrc similarity index 100% rename from users/b12f/.config/mutt/hello@benjaminbaedorf.eu.muttrc rename to modules/email/.config/mutt/hello@benjaminbaedorf.eu.muttrc diff --git a/users/b12f/.config/mutt/hello@benjaminbaedorf.eu.signature b/modules/email/.config/mutt/hello@benjaminbaedorf.eu.signature similarity index 100% rename from users/b12f/.config/mutt/hello@benjaminbaedorf.eu.signature rename to modules/email/.config/mutt/hello@benjaminbaedorf.eu.signature diff --git a/users/b12f/.config/mutt/mail@b12f.io.muttrc b/modules/email/.config/mutt/mail@b12f.io.muttrc similarity index 100% rename from users/b12f/.config/mutt/mail@b12f.io.muttrc rename to modules/email/.config/mutt/mail@b12f.io.muttrc diff --git a/users/b12f/.config/mutt/mail@b12f.io.signature b/modules/email/.config/mutt/mail@b12f.io.signature similarity index 100% rename from users/b12f/.config/mutt/mail@b12f.io.signature rename to modules/email/.config/mutt/mail@b12f.io.signature diff --git a/modules/user/.config/mutt/mailcap b/modules/email/.config/mutt/mailcap similarity index 100% rename from modules/user/.config/mutt/mailcap rename to modules/email/.config/mutt/mailcap diff --git a/modules/user/.config/mutt/muttrc b/modules/email/.config/mutt/muttrc similarity index 100% rename from modules/user/.config/mutt/muttrc rename to modules/email/.config/mutt/muttrc diff --git a/users/b12f/.config/offlineimap/config b/modules/email/.config/offlineimap/config similarity index 100% rename from users/b12f/.config/offlineimap/config rename to modules/email/.config/offlineimap/config diff --git a/modules/user/.config/offlineimap/functions.py b/modules/email/.config/offlineimap/functions.py similarity index 100% rename from modules/user/.config/offlineimap/functions.py rename to modules/email/.config/offlineimap/functions.py diff --git a/modules/email/default.nix b/modules/email/default.nix index db41c6f..27ea898 100644 --- a/modules/email/default.nix +++ b/modules/email/default.nix @@ -6,28 +6,52 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.email; in { - options.pub-solar.email = { - enable = mkEnableOption "Life in headers"; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + w3m + urlscan + neomutt + offlineimap + msmtp + mailto-mutt + ]; - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - w3m - urlscan - neomutt - offlineimap - msmtp - mailto-mutt - ]; + home-manager.users."${psCfg.user.name}" = { + programs.offlineimap = { + enable = true; + pythonFile = builtins.readFile ./offlineimap.py; + }; - programs.offlineimap = { - enable = true; - pythonFile = builtins.readFile ./offlineimap.py; - }; - }; + xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc; + xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc; + xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap; + xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py; + + xdg.configFile."mutt/accounts.muttrc".text = '' + source ./hello@benjaminbaedorf.eu.muttrc + + macro index 'source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc!' + ''; + xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc"; + xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc"; + xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature"; + xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc"; + xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature"; + xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc"; + xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature"; + xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc"; + xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature"; + xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc"; + xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature"; + xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc"; + xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature"; + xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config; + xdg.configFile."msmtp/config".source = ./.config/msmtp/config; }; } diff --git a/modules/gaming/default.nix b/modules/gaming/default.nix index 49540ce..ba654d1 100644 --- a/modules/gaming/default.nix +++ b/modules/gaming/default.nix @@ -6,25 +6,16 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.gaming; in { - options.pub-solar.gaming = { - enable = mkEnableOption "Life in shooters"; + programs.steam.enable = true; + nixpkgs.config.packageOverrides = pkgs: { + steam = pkgs.steam.override {}; }; - config = mkIf cfg.enable { - programs.steam.enable = true; - nixpkgs.config.packageOverrides = pkgs: { - steam = pkgs.steam.override {}; - }; - - home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] { - home.packages = with pkgs; [ - playonlinux - godot - obs-studio - obs-studio-plugins.wlrobs - ]; - }; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + playonlinux + godot + obs-studio + obs-studio-plugins.wlrobs + ]; } diff --git a/modules/user/.config/libinput-gestures.conf b/modules/graphical/.config/libinput-gestures.conf similarity index 100% rename from modules/user/.config/libinput-gestures.conf rename to modules/graphical/.config/libinput-gestures.conf diff --git a/modules/user/.config/mako/config b/modules/graphical/.config/mako/config similarity index 100% rename from modules/user/.config/mako/config rename to modules/graphical/.config/mako/config diff --git a/modules/user/.config/user-dirs.dirs b/modules/graphical/.config/user-dirs.dirs similarity index 100% rename from modules/user/.config/user-dirs.dirs rename to modules/graphical/.config/user-dirs.dirs diff --git a/modules/user/.config/user-dirs.locale b/modules/graphical/.config/user-dirs.locale similarity index 100% rename from modules/user/.config/user-dirs.locale rename to modules/graphical/.config/user-dirs.locale diff --git a/modules/user/.config/waybar/colorscheme.css b/modules/graphical/.config/waybar/colorscheme.css similarity index 100% rename from modules/user/.config/waybar/colorscheme.css rename to modules/graphical/.config/waybar/colorscheme.css diff --git a/modules/user/.config/waybar/config b/modules/graphical/.config/waybar/config similarity index 100% rename from modules/user/.config/waybar/config rename to modules/graphical/.config/waybar/config diff --git a/modules/user/.config/waybar/style.css b/modules/graphical/.config/waybar/style.css similarity index 100% rename from modules/user/.config/waybar/style.css rename to modules/graphical/.config/waybar/style.css diff --git a/modules/user/.config/xmodmap b/modules/graphical/.config/xmodmap similarity index 100% rename from modules/user/.config/xmodmap rename to modules/graphical/.config/xmodmap diff --git a/modules/user/.config/xsettingsd/xsettingsd.conf b/modules/graphical/.config/xsettingsd/xsettingsd.conf similarity index 100% rename from modules/user/.config/xsettingsd/xsettingsd.conf rename to modules/graphical/.config/xsettingsd/xsettingsd.conf diff --git a/modules/user/.xinitrc b/modules/graphical/.xinitrc similarity index 100% rename from modules/user/.xinitrc rename to modules/graphical/.xinitrc diff --git a/modules/user/assets/wallpaper.jpg b/modules/graphical/assets/wallpaper.jpg similarity index 100% rename from modules/user/assets/wallpaper.jpg rename to modules/graphical/assets/wallpaper.jpg diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index 5966e73..ffcd499 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -6,36 +6,22 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.graphical; yamlFormat = pkgs.formats.yaml {}; - recursiveMerge = attrList: let - f = attrPath: - zipAttrsWith ( - n: values: - if tail values == [] - then head values - else if all isList values - then unique (concatLists values) - else if all isAttrs values - then f (attrPath ++ [n]) values - else last values - ); - in - f [] attrList; + sessionVariables = { + WLR_RENDERER = + if psCfg.graphical.wayland.software-renderer.enable + then "pixman" + else "gles2"; + # Fix KeepassXC rendering issue + # https://github.com/void-linux/void-packages/issues/23517 + QT_AUTO_SCREEN_SCALE_FACTOR = "0"; + }; in { + imports = [ + ./sway + ]; + options.pub-solar.graphical = { - enable = mkEnableOption "Life in color"; - alacritty = { - settings = mkOption { - type = yamlFormat.type; - default = {}; - }; - }; - autologin.enable = mkOption { - type = types.bool; - default = true; - description = "Feature flag enabling autologin after boot."; - }; wayland.software-renderer.enable = mkOption { type = types.bool; default = false; @@ -43,8 +29,11 @@ in { }; }; - config = mkIf cfg.enable { + config = { hardware.opengl.enable = true; + # Needed for the udev rules for solaar + hardware.logitech.wireless.enable = true; + environment = { systemPackages = with pkgs; [ gtk-engine-murrine @@ -55,16 +44,20 @@ in { papirus-maia-icon-theme glib + xdg-utils ]; + etc = { "xdg/PubSolar.conf".text = '' [Qt] style=GTK+ ''; }; + + variables = sessionVariables; }; - services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}"); + services.getty.autologinUser = psCfg.user.name; qt = { enable = true; @@ -79,81 +72,90 @@ in { services.gnome.sushi.enable = true; # Enable GVfs, a userspace virtual filesystem services.gvfs.enable = true; + services.yubikey-agent.enable = true; - fonts.enableDefaultFonts = true; - fonts.fonts = with pkgs; [ - fira-code - fira-code-symbols - google-fonts - lato - montserrat - nerdfonts - noto-fonts - noto-fonts-cjk - open-sans - powerline-fonts - source-sans-pro + fonts = { + fonts = with pkgs; [ + dejavu_fonts + fira-code + fira-code-symbols + google-fonts + lato + montserrat + nerdfonts + noto-fonts + noto-fonts-cjk + open-sans + powerline-fonts + source-sans-pro + ]; + enableDefaultFonts = true; + fontconfig.enable = true; + fontconfig.defaultFonts = { + monospace = ["DejaVu Sans Mono for Powerline"]; + sansSerif = ["DejaVu Sans"]; + }; + }; + + users.users."${psCfg.user.name}".packages = with pkgs; [ + alacritty + ungoogled-chromium + firefox-wayland + flameshot + libnotify + gnome.adwaita-icon-theme + gnome.eog + gnome.nautilus + gnome.yelp + hicolor-icon-theme + wine + toggle-kbd-layout + wcwd + vlc + gimp ]; - home-manager = with pkgs; - setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - alacritty - foot - ungoogled-chromium - firefox-wayland + home-manager.users."${psCfg.user.name}" = { + home.file."xinitrc".source = ./.xinitrc; + xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix); + xdg.configFile."xmodmap".source = ./.config/xmodmap; + xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs; + xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale; + xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf; + xdg.configFile."mako/config".source = ./.config/mako/config; + xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf; + xdg.configFile."waybar/config".source = ./.config/waybar/config; + xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css; + xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css; + xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; - flameshot - libnotify - gnome.adwaita-icon-theme - gnome.eog - gnome.nautilus - gnome.yelp - hicolor-icon-theme - - wine - - toggle-kbd-layout - - wcwd - - vlc - - gimp - ]; - - xdg.configFile."alacritty/alacritty.yml" = { - source = yamlFormat.generate "alacritty.yml" (recursiveMerge [(import ./alacritty.nix) cfg.alacritty.settings]); + gtk = { + enable = true; + font.name = "Lato"; + iconTheme = { + package = pkgs.papirus-icon-theme; + name = "Papirus-Adapta-Nokto-Maia"; + }; + theme = { + package = pkgs.matcha-gtk-theme; + name = "Matcha-dark-aliz"; }; - gtk = { - enable = true; - font.name = "Lato"; - iconTheme = { - package = pkgs.papirus-icon-theme; - name = "Papirus-Adapta-Nokto-Maia"; - }; - theme = { - package = pkgs.matcha-gtk-theme; - name = "Matcha-dark-aliz"; - }; - - gtk3.extraConfig = { - gtk-xft-antialias = "1"; - gtk-xft-hinting = "1"; - gtk-xft-hintstyle = "hintfull"; - gtk-xft-rgba = "rgb"; - gtk-application-prefer-dark-theme = "true"; - }; + gtk3.extraConfig = { + gtk-xft-antialias = "1"; + gtk-xft-hinting = "1"; + gtk-xft-hintstyle = "hintfull"; + gtk-xft-rgba = "rgb"; + gtk-application-prefer-dark-theme = "true"; }; - - # Fix KeepassXC rendering issue - # https://github.com/void-linux/void-packages/issues/23517 - systemd.user.sessionVariables.QT_AUTO_SCREEN_SCALE_FACTOR = "0"; - - xresources.extraConfig = builtins.readFile ./.Xdefaults; - - systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs; }; + + xresources.extraConfig = builtins.readFile ./.Xdefaults; + + systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs; + + home.sessionVariables = sessionVariables; + systemd.user.sessionVariables = sessionVariables; + }; }; } diff --git a/modules/sway/config/config.d/applications.conf b/modules/graphical/sway/config/config.d/applications.conf similarity index 100% rename from modules/sway/config/config.d/applications.conf rename to modules/graphical/sway/config/config.d/applications.conf diff --git a/modules/sway/config/config.d/colorscheme.conf b/modules/graphical/sway/config/config.d/colorscheme.conf similarity index 100% rename from modules/sway/config/config.d/colorscheme.conf rename to modules/graphical/sway/config/config.d/colorscheme.conf diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/graphical/sway/config/config.d/custom-keybindings.conf similarity index 100% rename from modules/sway/config/config.d/custom-keybindings.conf rename to modules/graphical/sway/config/config.d/custom-keybindings.conf diff --git a/modules/sway/config/config.d/gaps.conf b/modules/graphical/sway/config/config.d/gaps.conf similarity index 100% rename from modules/sway/config/config.d/gaps.conf rename to modules/graphical/sway/config/config.d/gaps.conf diff --git a/modules/graphical/sway/config/config.d/mode_system.conf.nix b/modules/graphical/sway/config/config.d/mode_system.conf.nix new file mode 100644 index 0000000..bb2ffe7 --- /dev/null +++ b/modules/graphical/sway/config/config.d/mode_system.conf.nix @@ -0,0 +1,39 @@ +{ + pkgs, + psCfg, + ... +}: +'' + # Set shut down, restart and locking features +'' ++ ( + if psCfg.core.hibernation.enable + then '' + set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown + '' + else '' + set $mode_system (e)xit, (r)eboot, (Shift+s)hutdown + '' +) ++ '' + bindsym $mod+0 mode "$mode_system" + + mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' ++ ( + if psCfg.core.hibernation.enable + then '' + bindsym h exec systemctl hibernate, mode "default" + '' + else "" +) ++ '' + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" + + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" +} +'' diff --git a/modules/sway/config/config.d/systemd.conf b/modules/graphical/sway/config/config.d/systemd.conf similarity index 100% rename from modules/sway/config/config.d/systemd.conf rename to modules/graphical/sway/config/config.d/systemd.conf diff --git a/modules/sway/config/config.d/theme.conf b/modules/graphical/sway/config/config.d/theme.conf similarity index 100% rename from modules/sway/config/config.d/theme.conf rename to modules/graphical/sway/config/config.d/theme.conf diff --git a/modules/sway/config/config.nix b/modules/graphical/sway/config/config.nix similarity index 99% rename from modules/sway/config/config.nix rename to modules/graphical/sway/config/config.nix index db660d7..629fe5a 100644 --- a/modules/sway/config/config.nix +++ b/modules/graphical/sway/config/config.nix @@ -19,7 +19,7 @@ set $up i set $right l # Your preferred terminal emulator - set $term ${config.pub-solar.sway.terminal} + set $term ${pkgs.alacritty} # Your preferred application launcher # Note: pass the final command to swaymsg so that the resulting window can be opened # on the original workspace that the command was run on. diff --git a/modules/sway/config/wayvnc/config.nix b/modules/graphical/sway/config/wayvnc/config.nix similarity index 100% rename from modules/sway/config/wayvnc/config.nix rename to modules/graphical/sway/config/wayvnc/config.nix diff --git a/modules/graphical/sway/default.nix b/modules/graphical/sway/default.nix new file mode 100644 index 0000000..8efa3cd --- /dev/null +++ b/modules/graphical/sway/default.nix @@ -0,0 +1,98 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; +in { + options.pub-solar.graphical = { + v4l2loopback.enable = mkOption { + type = types.bool; + default = true; + description = "WebCam streaming tool"; + }; + }; + + config = { + boot = mkIf psCfg.graphical.v4l2loopback.enable { + extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; + kernelModules = ["v4l2loopback"]; + extraModprobeConfig = '' + options v4l2loopback exclusive_caps=1 devices=3 + ''; + }; + + environment.systemPackages = with pkgs; [ + linuxPackages.v4l2loopback + ]; + + programs.sway.enable = true; + + xdg.portal = { + enable = true; + wlr = { + enable = true; + settings = { + screencast = { + max_fps = 30; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; + }; + }; + }; + extraPortals = with pkgs; [xdg-desktop-portal-gtk]; + }; + + services.pipewire.enable = true; + + users.users."${psCfg.user.name}".packages = with pkgs; [ + sway + grim + kanshi + mako + slurp + swayidle + swaybg + xwayland + + libappindicator-gtk3 + + wl-clipboard + wf-recorder + brightnessctl + gammastep + geoclue2 + xsettingsd + ydotool + + sway-launcher + record-screen + import-gtk-settings + s + wcwd + ]; + + home-manager.users."${psCfg.user.name}" = { + programs.waybar.enable = true; + #programs.waybar.systemd.enable = true; + + systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;}; + systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;}; + systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;}; + systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;}; + systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;}; + systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;}; + + xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;}; + xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; + xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; + xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; + xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;}; + xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; + xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; + }; + }; +} diff --git a/modules/sway/gammastep.service.nix b/modules/graphical/sway/gammastep.service.nix similarity index 100% rename from modules/sway/gammastep.service.nix rename to modules/graphical/sway/gammastep.service.nix diff --git a/modules/sway/libinput-gestures.service.nix b/modules/graphical/sway/libinput-gestures.service.nix similarity index 100% rename from modules/sway/libinput-gestures.service.nix rename to modules/graphical/sway/libinput-gestures.service.nix diff --git a/modules/sway/mako.service.nix b/modules/graphical/sway/mako.service.nix similarity index 100% rename from modules/sway/mako.service.nix rename to modules/graphical/sway/mako.service.nix diff --git a/modules/sway/sway-session.target.nix b/modules/graphical/sway/sway-session.target.nix similarity index 100% rename from modules/sway/sway-session.target.nix rename to modules/graphical/sway/sway-session.target.nix diff --git a/modules/sway/sway.service.nix b/modules/graphical/sway/sway.service.nix similarity index 100% rename from modules/sway/sway.service.nix rename to modules/graphical/sway/sway.service.nix diff --git a/modules/graphical/sway/swayidle.service.nix b/modules/graphical/sway/swayidle.service.nix new file mode 100644 index 0000000..1c599c4 --- /dev/null +++ b/modules/graphical/sway/swayidle.service.nix @@ -0,0 +1,26 @@ +{ + pkgs, + psCfg, + ... +}: { + Unit = { + Description = "Idle manager for Wayland"; + Documentation = ["man:swayidle(1)"]; + BindsTo = ["graphical-session.target"]; + Wants = ["graphical-session-pre.target"]; + After = ["graphical-session-pre.target"]; + }; + Service = { + Type = "simple"; + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swayidle}/bin"; + ExecStart = '' + swayidle -w \ + before-sleep 'systemctl hibernate' + timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ + timeout 150 'systemctl hibernate' + ''; + }; + Install = { + WantedBy = ["sway-session.target"]; + }; +} diff --git a/modules/sway/waybar.service.nix b/modules/graphical/sway/waybar.service.nix similarity index 100% rename from modules/sway/waybar.service.nix rename to modules/graphical/sway/waybar.service.nix diff --git a/modules/sway/xsettingsd.service.nix b/modules/graphical/sway/xsettingsd.service.nix similarity index 100% rename from modules/sway/xsettingsd.service.nix rename to modules/graphical/sway/xsettingsd.service.nix diff --git a/modules/sway/ydotool.service.nix b/modules/graphical/sway/ydotool.service.nix similarity index 100% rename from modules/sway/ydotool.service.nix rename to modules/graphical/sway/ydotool.service.nix diff --git a/modules/mobile/default.nix b/modules/mobile/default.nix deleted file mode 100644 index 733ab5d..0000000 --- a/modules/mobile/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.mobile; -in { - options.pub-solar.mobile = { - enable = mkEnableOption "Add android adb and tooling"; - }; - - config = mkIf cfg.enable { - programs.adb.enable = true; - - users.users = with pkgs; - lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["adbusers"]; - }; - }; -} diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index 915a906..09fb840 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -6,16 +6,8 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.nextcloud; in { - options.pub-solar.nextcloud = { - enable = mkEnableOption "Life in sync"; - }; - - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs; - }; + home-manager.users."${psCfg.user.name}" = { + systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs; }; } diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 92af6ac..9c803e3 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -5,6 +5,12 @@ flake, ... }: { + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "steam" + "steam-original" + "steam-run" + ]; + nix = { # Use default version alias for nix package package = pkgs.nix; diff --git a/modules/office/default.nix b/modules/office/default.nix index ab8d171..483e33f 100644 --- a/modules/office/default.nix +++ b/modules/office/default.nix @@ -6,25 +6,15 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.office; in { - options.pub-solar.office = { - enable = mkEnableOption "Install office programs, also enables printing server"; - }; + programs.evince.enable = true; - config = mkIf cfg.enable { - # Gnome PDF viewer - programs.evince.enable = true; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - libreoffice-fresh - gnome.simple-scan - # Tools like pdfunite - poppler_utils - # tool for annotating PDFs - xournalpp - ]; - }; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + libreoffice-fresh + gnome.simple-scan + # Tools like pdfunite + poppler_utils + # tool for annotating PDFs + xournalpp + ]; } diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index c6f94b9..ac926ae 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -1,4 +1,5 @@ { + flake, lib, config, pkgs, @@ -6,141 +7,48 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.paperless; xdg = config.home-manager.users."${psCfg.user.name}".xdg; + + dataDir = "${xdg.dataHome}/Paperless"; + consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir"; + scannerDefaultDevice = "hp3900:libusb:005:004"; in { - options.pub-solar.paperless = { - enable = mkEnableOption "All you need to go paperless"; - ocrLanguage = mkOption { - description = "OCR language"; - type = types.str; - example = "eng+deu"; - default = "eng"; - }; - - dataDir = mkOption { - description = "Directory to save data in"; - type = types.str; - example = "/home/pub_solar/Paperless"; - default = "${xdg.dataHome}/Paperless"; - }; - - consumptionDir = mkOption { - description = "Directory to be watched"; - type = types.str; - example = "/var/lib/paperless/consume"; - default = "/var/lib/paperless/consume"; - }; - - sync = { - enable = mkEnableOption '' - You can use this option to sync several paperless instances, for example via nextcloud. - It will sync the media directory and database, automatically merging sqlite dbs via dump and import. - Logs, the classification model, and other files are left unsynced. - ''; - - masterNode = mkEnableOption "If this node is the master node, it will only export paperless data, otherwise it will only import"; - - directory = mkOption { - description = "Directory to sync with."; - type = types.str; - example = "/home/pub_solar/Nextcloud/Paperless"; - default = "/home/${psCfg.user.name}/Nextcloud/Paperless"; - }; - }; - - scannerDefaultDevice = mkOption { - description = '' - The scanner device. To find this, use `scanimage -L`. - - For example, your output might be the following: - - ``` - device `v4l:/dev/video3' is a Noname Logitech StreamCam virtual device - device `hp3900:libusb:005:002' is a Hewlett-Packard Scanjet G3010 flatbed scanner - ``` - - Here, the scannerDevice is `hp3900:libusb:005:002`. - ''; - type = types.str; - example = "hp3900:libusb:005:002"; - default = ""; + services.paperless = { + enable = true; + user = psCfg.user.name; + consumptionDir = consumptionDir; + dataDir = dataDir; + address = "paperless.local"; + extraConfig = { + PAPERLESS_OCR_LANGUAGE = "nld+deu"; + PAPERLESS_ADMIN_USER = psCfg.user.name; + PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name; + PAPERLESS_URL = "http://paperless.local"; }; }; - config = mkIf cfg.enable { - services.paperless = { - enable = true; - user = psCfg.user.name; - consumptionDir = cfg.consumptionDir; - dataDir = cfg.dataDir; - address = "paperless.local"; - extraConfig = { - PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage; - PAPERLESS_ADMIN_USER = psCfg.user.name; - PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name; - PAPERLESS_URL = "http://paperless.local"; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + scan2paperless + sane-backends + python310Packages.img2pdf + ]; + + home-manager.users."${psCfg.user.name}" = { + home.sessionVariables = { + SCANNER_DEFAULT_DEVICE = scannerDefaultDevice; + SCANNER_OUTPUT_DIR = consumptionDir; }; - - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = with pkgs; [ - scan2paperless - sane-backends - python310Packages.img2pdf - ]; - home.sessionVariables = { - SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice; - SCANNER_OUTPUT_DIR = cfg.consumptionDir; - }; - systemd.user.sessionVariables = { - SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice; - SCANNER_OUTPUT_DIR = cfg.consumptionDir; - }; - }; - - systemd = let - copy-out = pkgs.writeShellScriptBin "copy-out" '' - ${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service - cp -r ${cfg.dataDir}/media ${cfg.sync.directory}/ - cp ${cfg.dataDir}/db.sqlite3 ${cfg.sync.directory}/db.sqlite3 - cp ${cfg.dataDir}/celerybeat-schedule.db ${cfg.sync.directory}/celerybeat-schedule.db - cp ${cfg.dataDir}/classification_model.pickle ${cfg.sync.directory}/classification_model.pickle - cp ${cfg.dataDir}/src-version ${cfg.sync.directory}/src-version - chown -R ${psCfg.user.name}:users ${cfg.sync.directory} - ${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service - ''; - - copy-in = pkgs.writeShellScriptBin "copy-in" '' - ${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service - cp -r ${cfg.sync.directory}/media ${cfg.dataDir}/ - cp ${cfg.sync.directory}/db.sqlite3 ${cfg.dataDir}/db.sqlite3 - cp ${cfg.sync.directory}/celerybeat-schedule.db ${cfg.dataDir}/celerybeat-schedule.db - cp ${cfg.sync.directory}/classification_model.pickle ${cfg.dataDir}/classification_model.pickle - cp ${cfg.sync.directory}/src-version ${cfg.dataDir}/src-version - ${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service - ''; - in mkIf cfg.sync.enable { - services.nextcloud-paperless-autosync = { - unitConfig = { - Description = "Auto sync paperless to or from Nextcloud"; - After = "network-online.target"; - }; - serviceConfig = { - Type = "simple"; - ExecStart= if cfg.sync.masterNode then "${copy-out}/bin/copy-out" else "${copy-in}/bin/copy-in"; - TimeoutStopSec = "180"; - KillMode = "process"; - KillSignal = "SIGINT"; - }; - wantedBy = ["multi-user.target"]; - }; - - timers.nextcloud-paperless-autosync = { - unitConfig.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 30 minutes"; - timerConfig.OnUnitActiveSec = "30min"; - wantedBy = ["multi-user.target" "timers.target"]; - }; + systemd.user.sessionVariables = { + SCANNER_DEFAULT_DEVICE = scannerDefaultDevice; + SCANNER_OUTPUT_DIR = consumptionDir; }; }; + + networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"]; + services.caddy.extraConfig = '' + paperless.local:80 { + request_header Host localhost:${builtins.toString config.services.paperless.port} + reverse_proxy localhost:${builtins.toString config.services.paperless.port} + } + ''; } diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix deleted file mode 100644 index 0b2537c..0000000 --- a/modules/paranoia/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.paranoia; -in { - options.pub-solar.paranoia = { - enable = mkOption { - description = '' - Only offer hibernation instead of screen locking and sleeping. This only makes sense - if your hard drive is encrypted, and ensures that the contents of your drive are - encrypted if you are not actively using the device. - ''; - default = false; - type = types.bool; - }; - }; - - config = mkIf cfg.enable { - pub-solar.core.hibernation.enable = true; - services.logind.lidSwitch = "hibernate"; - - services.tor.settings = { - UseBridges = true; - }; - - # The options below are directly taken from or inspired by - # https://xeiaso.net/blog/paranoid-nixos-2021-07-18 - - # Don't set this if you need sftp - services.openssh.allowSFTP = false; - # services.openssh.openFirewall = false; # Lock yourself out - - # Limit the use of sudo to the group wheel - security.sudo.execWheelOnly = true; - - # Remove the complete default environment of packages like - # nano, perl and rsync - environment.defaultPackages = lib.mkForce []; - - # fileSystems."/".options = [ "noexec" ]; - - services.openssh = { - settings.KbdInteractiveAuthentication = false; - extraConfig = '' - AllowTcpForwarding yes - X11Forwarding no - AllowAgentForwarding no - AllowStreamLocalForwarding no - AuthenticationMethods publickey - ''; - }; - }; -} diff --git a/modules/proxy/default.nix b/modules/proxy/default.nix deleted file mode 100644 index 92184b9..0000000 --- a/modules/proxy/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - flake, - config, - pkgs, - lib, - ... -}: { - networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"]; - - # Caddy reverse proxy for local services like cups - services.caddy = { - enable = true; - globalConfig = '' - default_bind 127.0.0.1 - auto_https off - ''; - extraConfig = (lib.concatStringsSep "\n" [ - (lib.optionalString - config.pub-solar.paperless.enable - '' - paperless.local:80 { - request_header Host localhost:${builtins.toString config.services.paperless.port} - reverse_proxy localhost:${builtins.toString config.services.paperless.port} - } - '') - ]); - }; -} diff --git a/modules/social/default.nix b/modules/social/default.nix deleted file mode 100644 index af0de8b..0000000 --- a/modules/social/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.social; -in { - options.pub-solar.social = { - enable = mkEnableOption "Life with others"; - }; - - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - signal-desktop - tdesktop - element-desktop - irssi - ]; - }; - }; -} diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix deleted file mode 100644 index 5545c3f..0000000 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - pkgs, - psCfg, - ... -}: -'' - # Set shut down, restart and locking features -'' -+ ( - if psCfg.core.hibernation.enable && !psCfg.paranoia.enable - then '' - set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown - '' - else if psCfg.paranoia.enable - then '' - set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown - '' - else '' - set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown - '' -) -+ '' - bindsym $mod+0 mode "$mode_system" - mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" -'' -+ ( - if psCfg.core.hibernation.enable - then '' - bindsym h exec systemctl hibernate, mode "default" - '' - else "" -) -+ ( - if !psCfg.paranoia.enable - then '' - bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default" - bindsym s exec systemctl suspend, mode "default" - '' - else "" -) -+ '' - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" - - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" - } -'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix deleted file mode 100644 index 40320bf..0000000 --- a/modules/sway/default.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - psCfg = config.pub-solar; -in { - options.pub-solar.sway = { - enable = mkEnableOption "Life in boxes"; - - terminal = mkOption { - type = types.nullOr types.str; - default = "alacritty"; - description = "Choose sway's default terminal"; - }; - - vnc.enable = mkEnableOption "Enable vnc service"; - - v4l2loopback.enable = mkOption { - type = types.bool; - default = true; - description = "WebCam streaming tool"; - }; - }; - - config = mkIf psCfg.sway.enable (mkMerge [ - (mkIf (psCfg.sway.v4l2loopback.enable) { - boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; - boot.kernelModules = ["v4l2loopback"]; - boot.extraModprobeConfig = '' - options v4l2loopback exclusive_caps=1 devices=3 - ''; - }) - - { - environment.systemPackages = with pkgs; [ - linuxPackages.v4l2loopback - ]; - - programs.sway.enable = true; - - xdg.portal = { - enable = true; - wlr = { - enable = true; - settings = { - screencast = { - max_fps = 30; - chooser_type = "simple"; - chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; - }; - }; - }; - extraPortals = with pkgs; [xdg-desktop-portal-gtk]; - }; - - services.pipewire.enable = true; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = with pkgs; [ - sway - grim - kanshi - mako - slurp - swayidle - swaylock - swaybg - xwayland - - libappindicator-gtk3 - - wl-clipboard - wf-recorder - brightnessctl - gammastep - geoclue2 - xsettingsd - ydotool - - sway-launcher - record-screen - import-gtk-settings - s - wcwd - ]; - - programs.waybar.enable = true; - #programs.waybar.systemd.enable = true; - - systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;}; - systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;}; - systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;}; - systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;}; - systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;}; - systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;}; - - systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs); - xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { - inherit psCfg; - inherit pkgs; - }; - - xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;}; - xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; - xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; - xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; - xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; - xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;}; - xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; - xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; - }; - } - ]); -} diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix deleted file mode 100644 index f92c577..0000000 --- a/modules/sway/swayidle.service.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - pkgs, - psCfg, - ... -}: { - Unit = { - Description = "Idle manager for Wayland"; - Documentation = ["man:swayidle(1)"]; - BindsTo = ["graphical-session.target"]; - Wants = ["graphical-session-pre.target"]; - After = ["graphical-session-pre.target"]; - }; - Service = { - Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin"; - ExecStart = - '' swayidle -w \ - after-resume 'swaymsg "output * dpms on"' \ - before-sleep 'swaylock-bg' '' - + ( - if psCfg.paranoia.enable - then '' \ - timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ - timeout 150 'systemctl hibernate' - '' - else '' \ - timeout 600 'swaylock-bg' \ - timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' - '' - ); - }; - Install = { - WantedBy = ["sway-session.target"]; - }; -} diff --git a/modules/sway/wayvnc.service.nix b/modules/sway/wayvnc.service.nix deleted file mode 100644 index c832bbd..0000000 --- a/modules/sway/wayvnc.service.nix +++ /dev/null @@ -1,18 +0,0 @@ -pkgs: { - Unit = { - Description = "A VNC server for wlroots based Wayland compositors "; - Documentation = "https://github.com/any1/wayvnc"; - BindsTo = ["sway-session.target"]; - After = ["graphical-session-pre.target" "network-online.target"]; - Wants = ["graphical-session-pre.target" "network-online.target"]; - }; - - Service = { - Type = "simple"; - ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901"; - }; - - Install = { - WantedBy = ["sway-session.target"]; - }; -} diff --git a/modules/user/.config/git/config.nix b/modules/terminal-life/.config/git/config.nix similarity index 100% rename from modules/user/.config/git/config.nix rename to modules/terminal-life/.config/git/config.nix diff --git a/modules/user/.config/git/gitmessage.nix b/modules/terminal-life/.config/git/gitmessage.nix similarity index 100% rename from modules/user/.config/git/gitmessage.nix rename to modules/terminal-life/.config/git/gitmessage.nix diff --git a/modules/user/.config/git/global_gitignore.nix b/modules/terminal-life/.config/git/global_gitignore.nix similarity index 100% rename from modules/user/.config/git/global_gitignore.nix rename to modules/terminal-life/.config/git/global_gitignore.nix diff --git a/modules/user/.local/share/nvim/json-schemas/caddy_schema.json b/modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json similarity index 100% rename from modules/user/.local/share/nvim/json-schemas/caddy_schema.json rename to modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json diff --git a/modules/user/.local/share/scripts/base16.sh b/modules/terminal-life/.local/share/scripts/base16.sh similarity index 100% rename from modules/user/.local/share/scripts/base16.sh rename to modules/terminal-life/.local/share/scripts/base16.sh diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 72313d2..d2c5193 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -9,71 +9,99 @@ with lib; let cfg = config.pub-solar.terminal-life; in { options.pub-solar.terminal-life = { - enable = mkEnableOption "Life in black and white"; - - lite = mkOption { + full = mkOption { description = '' - Enable a lite edition of terminal-life with less modules and a reduced package set. + Enable a full version ''; - default = false; + default = true; type = types.bool; }; }; - config = mkIf cfg.enable { + config = { programs.command-not-found.enable = false; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - ack - asciinema - bat - blesh - exa - fd - gh - glow - jump - (nnn.overrideAttrs (o: { - patches = - (o.patches or []) - ++ [ - ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch - ]; - })) - powerline - screen - silver-searcher - watson - ]; + users.users."${psCfg.user.name}".packages = with pkgs; [ + ack + asciinema + bat + blesh + exa + fd + jump + (nnn.overrideAttrs (o: { + patches = + (o.patches or []) + ++ [ + ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch + ]; + })) + powerline + screen + silver-searcher + watson + ]; - # Starship is a fast and featureful shell prompt - # starship.toml has sane defaults that can be changed there - programs.starship = { - enable = true; - settings = import ./starship.toml.nix; - }; + home-manager.users."${psCfg.user.name}" = { + xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh; - programs.bash = import ./bash { - inherit config; - inherit pkgs; - inherit lib; - }; - - programs.fzf = import ./fzf { - inherit config; - inherit pkgs; - }; - - programs.neovim = import ./nvim { - inherit config; - inherit pkgs; - inherit lib; - }; - - programs.git = import ./git {}; - programs.direnv = import ./direnv {}; + programs.less = { + enable = true; + keys = '' + k forw-line + i back-line + K forw-scroll + I back-scroll + ''; }; + + # Starship is a fast and featureful shell prompt + # starship.toml has sane defaults that can be changed there + programs.starship = { + enable = true; + settings = import ./starship.toml.nix; + }; + + programs.bash = import ./bash { + inherit config; + inherit pkgs; + inherit lib; + }; + + programs.fzf = import ./fzf { + inherit config; + inherit pkgs; + }; + + programs.neovim = import ./nvim { + inherit config; + inherit pkgs; + inherit lib; + }; + # Ensure nvim backup directory gets created + # Workaround for E510: Can't make backup file (add ! to override) + xdg.dataFile."nvim/backup/.keep".text = ""; + xdg.dataFile."nvim/json-schemas/.keep".text = ""; + # Generated with: + # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json + xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json; + xdg.dataFile."nvim/templates/.keep".text = ""; + + programs.git = import ./git {}; + xdg.configFile."git/config".text = import ./.config/git/config.nix { + inherit config; + inherit pkgs; + }; + xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix { + inherit config; + inherit pkgs; + }; + xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { + inherit config; + inherit pkgs; + }; + + programs.direnv = import ./direnv {}; }; + }; } diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 87e2ae0..f6d2d7a 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -21,7 +21,7 @@ in { withPython3 = true; extraPackages = with pkgs; - lib.mkIf (!cfg.lite) [ + lib.mkIf (cfg.full) [ ansible-language-server ccls gopls @@ -44,134 +44,132 @@ in { universal-ctags ]; - plugins = with pkgs.vimPlugins; - [] - ++ lib.optionals (!cfg.lite) [ - (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [ - p.ini - p.json - p.json5 - p.markdown - p.nix - p.toml - p.yaml + plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [ + (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [ + p.ini + p.json + p.json5 + p.markdown + p.nix + p.toml + p.yaml - p.css - p.graphql - p.html - p.javascript - p.scss - p.tsx - p.typescript - p.vue + p.css + p.graphql + p.html + p.javascript + p.scss + p.tsx + p.typescript + p.vue - p.c - p.cpp - p.go - p.gomod - p.gosum - p.haskell - p.lua - p.php - p.python - p.ruby - p.rust + p.c + p.cpp + p.go + p.gomod + p.gosum + p.haskell + p.lua + p.php + p.python + p.ruby + p.rust - p.vim - p.vimdoc + p.vim + p.vimdoc - p.passwd - p.sql + p.passwd + p.sql - p.diff - p.gitcommit - p.gitignore - p.git_config - p.gitattributes - p.git_rebase + p.diff + p.gitcommit + p.gitignore + p.git_config + p.gitattributes + p.git_rebase - p.bash - p.dockerfile - p.make - p.ninja - p.terraform - ])) + p.bash + p.dockerfile + p.make + p.ninja + p.terraform + ])) - # Dependencies for nvim-lspconfig - nvim-cmp - cmp-nvim-lsp - cmp_luasnip - luasnip + # Dependencies for nvim-lspconfig + nvim-cmp + cmp-nvim-lsp + cmp_luasnip + luasnip - # Quickstart configs for neovim LSP - lsp_extensions-nvim - nvim-lspconfig + # Quickstart configs for neovim LSP + lsp_extensions-nvim + nvim-lspconfig - # Collaborative editing in Neovim using built-in capabilities - instant-nvim-nvfetcher + # Collaborative editing in Neovim using built-in capabilities + instant-nvim-nvfetcher - # Search functionality behind :Ack - ack-vim + # Search functionality behind :Ack + ack-vim - # The status bar in the bottom of the screen with the mode indication and file location - vim-airline + # The status bar in the bottom of the screen with the mode indication and file location + vim-airline - # Automatically load editorconfig files in repos to configure nvim settings - editorconfig-vim + # Automatically load editorconfig files in repos to configure nvim settings + editorconfig-vim - # File browser. Use n to access - nnn-vim + # File browser. Use n to access + nnn-vim - # Highlight characters when using f, F, t, and T - quick-scope + # Highlight characters when using f, F, t, and T + quick-scope - # Get sudo in vim; :SudaWrite - suda-vim + # Get sudo in vim; :SudaWrite + suda-vim - # Undo history etc. per project - vim-workspace-nvfetcher + # Undo history etc. per project + vim-workspace-nvfetcher - # JSON schemas - SchemaStore-nvim + # JSON schemas + SchemaStore-nvim - # Work with tags files - vim-gutentags + # Work with tags files + vim-gutentags - # Neovim colorschemes / themes - sonokai - vim-hybrid-material - vim-airline-themes - vim-apprentice-nvfetcher + # Neovim colorschemes / themes + sonokai + vim-hybrid-material + vim-airline-themes + vim-apprentice-nvfetcher - # Git integrations - # A Git wrapper so awesome, it should be illegal - fugitive - # Shows git diff markers in the sign column - vim-gitgutter - # GitHub extension for fugitive - vim-rhubarb - # Ease your git workflow within Vim - vimagit-nvfetcher + # Git integrations + # A Git wrapper so awesome, it should be illegal + fugitive + # Shows git diff markers in the sign column + vim-gitgutter + # GitHub extension for fugitive + vim-rhubarb + # Ease your git workflow within Vim + vimagit-nvfetcher - # FZF fuzzy finder - fzf-vim - fzfWrapper - # Make the yanked region apparent - vim-highlightedyank + # FZF fuzzy finder + fzf-vim + fzfWrapper + # Make the yanked region apparent + vim-highlightedyank - # :Beautify Code beautifier - vim-beautify-nvfetcher + # :Beautify Code beautifier + vim-beautify-nvfetcher - # Unload, delete or wipe a buffer without closing the window - vim-bufkill - # Defaults everyone can agree on - vim-sensible + # Unload, delete or wipe a buffer without closing the window + vim-bufkill + # Defaults everyone can agree on + vim-sensible - # emmet for vim: http://emmet.io/ - emmet-vim - # Caddyfile syntax support for Vim - vim-caddyfile-nvfetcher - ]; + # emmet for vim: http://emmet.io/ + emmet-vim + # Caddyfile syntax support for Vim + vim-caddyfile-nvfetcher + ]; extraConfig = builtins.concatStringsSep "\n" [ '' diff --git a/modules/uhk/default.nix b/modules/uhk/default.nix index 9b673ce..fdc46d6 100644 --- a/modules/uhk/default.nix +++ b/modules/uhk/default.nix @@ -6,26 +6,20 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.uhk; in { - options.pub-solar.uhk = { - enable = mkEnableOption "Ultimate Hacking Keyboard"; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + uhk-agent + ]; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - uhk-agent - ]; + # Ultimate Hacking Keyboard rules + # These are the udev rules for accessing the USB interfaces of the UHK as non-root users. + services.udev.packages = with pkgs; [ + uhk-agent + ]; - # Ultimate Hacking Keyboard rules - # These are the udev rules for accessing the USB interfaces of the UHK as non-root users. - services.udev.packages = with pkgs; [ - uhk-agent - ]; - services.udev.extraRules = '' - SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess" - KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess" - ''; - }; + services.udev.extraRules = '' + SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess" + KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess" + ''; } diff --git a/modules/user/default.nix b/modules/user/default.nix index 83e2824..ac2603f 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -55,32 +55,31 @@ with lib; { users = { mutableUsers = false; - users = with pkgs; - pkgs.lib.setAttrByPath [psCfg.user.name] { - # Indicates whether this is an account for a “real” user. - # This automatically sets group to users, createHome to true, - # home to /home/username, useDefaultShell to true, and isSystemUser to false. - isNormalUser = true; - description = psCfg.user.description; - extraGroups = [ - "input" - "lp" - "networkmanager" - "scanner" - "video" - "dialout" - "wheel" - ]; - shell = pkgs.bash; - initialHashedPassword = - if psCfg.user.password != null - then psCfg.user.password - else ""; - openssh.authorizedKeys.keys = - if psCfg.user.publicKeys != null - then psCfg.user.publicKeys - else []; - }; + users."${psCfg.user.name}" = { + # Indicates whether this is an account for a “real” user. + # This automatically sets group to users, createHome to true, + # home to /home/username, useDefaultShell to true, and isSystemUser to false. + isNormalUser = true; + description = psCfg.user.description; + extraGroups = [ + "input" + "lp" + "networkmanager" + "scanner" + "video" + "dialout" + "wheel" + ]; + shell = pkgs.bash; + initialHashedPassword = + if psCfg.user.password != null + then psCfg.user.password + else ""; + openssh.authorizedKeys.keys = + if psCfg.user.publicKeys != null + then psCfg.user.publicKeys + else []; + }; }; }; } diff --git a/modules/user/home.nix b/modules/user/home.nix index 04476e0..ea1e07b 100644 --- a/modules/user/home.nix +++ b/modules/user/home.nix @@ -12,7 +12,7 @@ in { ./session-variables.nix ]; - home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] { + home-manager.users."${psCfg.user.name}" = { # Let Home Manager install and manage itself. programs.home-manager.enable = true; @@ -22,66 +22,14 @@ in { home.homeDirectory = "/home/${psCfg.user.name}"; home.stateVersion = "22.11"; - home.packages = with pkgs; []; - - fonts.fontconfig.enable = mkForce true; - programs.dircolors.enable = true; - programs.less = { - enable = true; - keys = '' - k forw-line - i back-line - K forw-scroll - I back-scroll - ''; - }; - - home.file."xinitrc".source = ./.xinitrc; - xdg.enable = true; xdg.mime.enable = true; xdg.mimeApps = import ./mimeapps.nix; - xdg.configFile."git/config".text = import ./.config/git/config.nix { - inherit config; - inherit pkgs; - }; - xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix { - inherit config; - inherit pkgs; - }; - xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { - inherit config; - inherit pkgs; - }; xdg.configFile."dircolors".source = ./.config/dircolors; - xdg.configFile."xmodmap".source = ./.config/xmodmap; - xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs; - xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale; - xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf; - xdg.configFile."mako/config".source = ./.config/mako/config; - xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf; - xdg.configFile."waybar/config".source = ./.config/waybar/config; - xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css; - xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css; - xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc; - xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc; - xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap; - xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py; - xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; - # Ensure nvim backup directory gets created - # Workaround for E510: Can't make backup file (add ! to override) - xdg.dataFile."nvim/backup/.keep".text = ""; - xdg.dataFile."nvim/json-schemas/.keep".text = ""; - # Generated with: - # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json - xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json; - xdg.dataFile."nvim/templates/.keep".text = ""; - xdg.dataFile."scripts/.keep".text = ""; - xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh; xdg.dataFile."shell.nix.tmpl" = { text = '' let diff --git a/modules/user/session-variables.nix b/modules/user/session-variables.nix index 9219c7d..2f07d5f 100644 --- a/modules/user/session-variables.nix +++ b/modules/user/session-variables.nix @@ -5,7 +5,6 @@ ... }: let psCfg = config.pub-solar; - wlroots = psCfg.graphical.wayland; xdg = config.home-manager.users."${psCfg.user.name}".xdg; variables = { XDG_CONFIG_HOME = xdg.configHome; @@ -20,10 +19,6 @@ ECORE_EVAS_ENGINE = "wayland_egl"; ELM_ENGINE = "wayland_egl"; SDL_VIDEODRIVER = "wayland"; - WLR_RENDERER = - if wlroots.software-renderer.enable - then "pixman" - else "gles2"; EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index 3376014..a7666fa 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -6,65 +6,50 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.virtualisation; - doesGaming = config.pub-solar.gaming.enable; - extraObsPlugins = - if doesGaming - then [pkgs.obs-studio-plugins.looking-glass-obs] - else []; in { - options.pub-solar.virtualisation = { - enable = mkEnableOption "Life in libvirt"; + boot.kernelParams = [ + "amd_iommu=on" + "intel_iommu=on" + "iommu=pt" + ]; + + virtualisation.libvirtd = { + enable = true; + qemu.ovmf.enable = true; + }; + users.users."${psCfg.user.name}" = { + extraGroups = ["libvirtd"]; }; - config = mkIf cfg.enable { - boot.kernelParams = [ - "amd_iommu=on" - "intel_iommu=on" - "iommu=pt" + environment.systemPackages = with pkgs; [ + libvirt + libvirt-glib + qemu + virt-manager + python3Packages.libvirt + gvfs + edk2 + OVMF + win-virtio + looking-glass-client + lgcl + ]; + + home-manager.users."${psCfg.user.name}" = { + xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory"; + home.packages = [pkgs.obs-studio-plugins.looking-glass-obs]; + }; + + systemd.tmpfiles.rules = [ + "f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm" + ]; + networking.bridges.virbr1.interfaces = []; + networking.interfaces.virbr1 = { + ipv4.addresses = [ + { + address = "192.168.123.1"; + prefixLength = 24; + } ]; - - virtualisation.libvirtd = { - enable = true; - qemu.ovmf.enable = true; - }; - users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["libvirtd"]; - }; - - environment.systemPackages = with pkgs; [ - coreutils-full - usbutils - libvirt - libvirt-glib - qemu - virt-manager - python3Packages.libvirt - gvfs - edk2 - OVMF - win-virtio - looking-glass-client - lgcl - ]; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory"; - home.packages = extraObsPlugins; - }; - - systemd.tmpfiles.rules = [ - "f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm" - ]; - networking.bridges.virbr1.interfaces = []; - networking.interfaces.virbr1 = { - ipv4.addresses = [ - { - address = "192.168.123.1"; - prefixLength = 24; - } - ]; - }; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 142806b..12dbdc1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -15,7 +15,6 @@ with prev; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); - swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix index 78a9681..e69de29 100644 --- a/pkgs/swaylock-bg.nix +++ b/pkgs/swaylock-bg.nix @@ -1,20 +0,0 @@ -self: -with self; '' - # Dependencies: - # swaylock - - # Make sure we aren't running twice - RUNNING=$(${procps}/bin/pgrep -c ${swaylock}/bin/swaylock) - if [ "$RUNNING" -ne 0 ]; then - exit 0 - fi - - IMAGE="$XDG_CONFIG_HOME/wallpaper.jpg" - LOCKARGS="" - - for OUTPUT in $(${sway}/bin/swaymsg -t get_outputs | ${jq}/bin/jq -r '.[].name') - do - LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" - done - exec ${swaylock}/bin/swaylock $LOCKARGS -'' diff --git a/secrets/drone-runner-exec-config b/secrets/drone-runner-exec-config deleted file mode 100644 index e240a7e..0000000 Binary files a/secrets/drone-runner-exec-config and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7f4cd84..ed5b0d3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -45,8 +45,6 @@ in { "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys ++ baseKeys; "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys ++ baseKeys; - "drone-runner-exec-config".publicKeys = chocolatebarKeys ++ biolimoKeys ++ droppieKeys ++ baseKeys; - "dyndns-droppie.key".publicKeys = droppieKeys ++ baseKeys; "droppie-ssh-root.key".publicKeys = droppieKeys ++ baseKeys; diff --git a/users/b12f/default.nix b/users/b12f/default.nix index 93e959c..0c42827 100644 --- a/users/b12f/default.nix +++ b/users/b12f/default.nix @@ -13,8 +13,6 @@ in { ]; config = { - services.yubikey-agent.enable = true; - age.secrets.b12f-env-secrets = { file = "${flake.self}/secrets/b12f-env-secrets"; mode = "400"; @@ -41,42 +39,6 @@ in { "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup" ]; }; - - paperless = { - enable = true; - ocrLanguage = "nld+deu"; - dataDir = "${xdg.dataHome}/Paperless"; - consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir"; - scannerDefaultDevice = "hp3900:libusb:005:004"; - sync.enable = true; - }; - - arduino.enable = true; - email.enable = true; - uhk.enable = true; - social.enable = true; - gaming.enable = false; - mobile.enable = false; - audio.spotify.enable = true; - audio.spotify.username = "spotify@benjaminbaedorf.eu"; - audio.mopidy.enable = false; - }; - - # Needed for the udev rules for solaar - hardware.logitech.wireless.enable = true; - networking.hosts = let - localDomains = [ - "openproject.local" - "traefik.local" - "nextcloud.local" - "step.local" - "saas-1.openproject.local" - "transmission.local" - "erpnext.local" - ]; - in { - "127.0.0.1" = localDomains; - "::1" = localDomains; }; }; } diff --git a/users/b12f/home.nix b/users/b12f/home.nix index c745e3e..5a78ec6 100644 --- a/users/b12f/home.nix +++ b/users/b12f/home.nix @@ -14,7 +14,7 @@ in { ./concepts-and-training.nix ]; - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + home-manager.users."${psCfg.user.name}" = { home.packages = with pkgs; [ present-md inkscape @@ -26,6 +26,18 @@ in { solaar insomnia concourse + + signal-desktop + tdesktop + element-desktop + irssi + + # Nix specific utilities + alejandra + manix + nix-index + nix-tree + nvd ]; programs.ssh = { @@ -88,34 +100,6 @@ in { }; }; - xdg.configFile."mutt/accounts.muttrc".text = '' - source ./hello@benjaminbaedorf.eu.muttrc - - macro index 'source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc!' - macro index 'source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc!' - macro index 'source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc!' - macro index 'source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc!' - macro index 'source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc!' - macro index 'source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc!' - macro index 'source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc!' - ''; - xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc"; - xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc"; - xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature"; - xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc"; - xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature"; - xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc"; - xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature"; - xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc"; - xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature"; - xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc"; - xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature"; - xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc"; - xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature"; - xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config; - xdg.configFile."msmtp/config".source = ./.config/msmtp/config; - # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; - programs.bash.initExtra = '' source ${config.age.secrets.b12f-env-secrets.path} ''; diff --git a/users/b12f/session-variables.nix b/users/b12f/session-variables.nix index c890ac9..70facc5 100644 --- a/users/b12f/session-variables.nix +++ b/users/b12f/session-variables.nix @@ -8,7 +8,7 @@ DRONE_RPC_PROTO = "https"; DRONE_RPC_HOST = "ci.b12f.io"; in { - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + home-manager.users."${psCfg.user.name}" = { home.sessionVariables = { inherit DRONE_RPC_HOST; inherit DRONE_RPC_PROTO; diff --git a/users/default.nix b/users/default.nix index 856549b..a01cd33 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,8 +1,17 @@ +{ self, ... }: { flake = { nixosModules = rec { root = import ./root; - b12f = import ./b12f; + + b12f = { + imports = [ + ./b12f + self.nixosModules.email + self.nixosModules.uhk + ]; + }; + yule = import ./yule; }; };