b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

refactor: move fully away from modules & profiles distinction

Browse source
This commit is contained in:
Benjamin Bädorf 2023-10-07 16:45:42 +02:00
parent 078e738a31
commit 93bcf469ab
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
108 changed files with 957 additions and 1732 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
hosts/biolimo/configuration.nix
View file

@ -8,36 +8,29 @@ with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
pub-solar.paranoia.enable = true; pub-solar.core.hibernation.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512; pub-solar.core.hibernation.resumeOffset = 15296512;
pub-solar.audio.bluetooth.enable = true; pub-solar.terminal-life.full = true;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
networking.hostName = "biolimo"; networking.hostName = "biolimo";
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; networking.networkmanager.wifi.backend = "wpa_supplicant";
home-manager = with pkgs; home-manager.users."${psCfg.user.name}" = {
pkgs.lib.setAttrByPath ["users" psCfg.user.name] { xdg.configFile = {
xdg.configFile = mkIf psCfg.sway.enable { "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
home.packages = [
inkscape
];
}; };
};
# For OpenProject development with https # For OpenProject development with https
security.pki.certificates = [ security.pki.certificates = [

44
hosts/chocolatebar/configuration.nix
View file

@ -9,10 +9,6 @@ with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
pub-solar.virtualisation.enable = true;
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [ hardware.opengl.extraPackages = with pkgs; [
@ -23,62 +19,30 @@ in {
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
pub-solar.paranoia.enable = true; pub-solar.core.hibernation.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 115075072; pub-solar.core.hibernation.resumeOffset = 115075072;
pub-solar.paperless.sync.masterNode = true; pub-solar.terminal-life.full = true;
age.secrets."drone-runner-exec-config" = {
file = "${flake.self}/secrets/drone-runner-exec-config";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.docker-ci-runner = {
enable = true;
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
};
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
services.openssh.openFirewall = true; services.openssh.openFirewall = true;
networking.hostName = "chocolatebar"; networking.hostName = "chocolatebar";
networking.firewall.allowedTCPPorts =
[443]
++ (
if psCfg.sway.vnc.enable
then [5901]
else []
);
networking.firewall.allowedUDPPorts = [43050]; networking.firewall.allowedUDPPorts = [43050];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wayvnc
drone-docker-runner drone-docker-runner
stdenv.cc.cc.lib stdenv.cc.cc.lib
pkgs.hplip pkgs.hplip
]; ];
age.secrets."vnc-key.pem" = {
file = "${flake.self}/secrets/vnc-key-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
''; '';
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
xdg.configFile = mkIf psCfg.sway.enable { xdg.configFile = {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;

110
hosts/chocolatebar/virtualisation/default.nix
View file

@ -17,65 +17,63 @@ with lib; let
isolateAnyGPU = isolateGPU != null; isolateAnyGPU = isolateGPU != null;
in { in {
config = mkIf psCfg.virtualisation.enable { boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [ "softdep amdgpu pre: vfio vfio_pci"
"softdep amdgpu pre: vfio vfio_pci" (
( if isolateGPU == "rx5700xt"
if isolateGPU == "rx5700xt" then "options vfio-pci ids=1002:731f,1002:ab38"
then "options vfio-pci ids=1002:731f,1002:ab38" else "options vfio-pci ids=1002:699f,1002:aae0"
else "options vfio-pci ids=1002:699f,1002:aae0" )
) ]);
]);
systemd.user.services = { systemd.user.services = {
vm-windows = createService { vm-windows = createService {
inherit config; inherit config;
inherit pkgs; inherit pkgs;
inherit lib; inherit lib;
vm = { vm = {
name = "windows"; name = "windows";
disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603"; disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
id = "http://microsoft.com/win/10"; id = "http://microsoft.com/win/10";
gpu = true; gpu = true;
mountHome = false; mountHome = false;
memory = memory; memory = memory;
isolateGPU = isolateGPU; isolateGPU = isolateGPU;
handOverUSBDevices = handOverUSBDevices; handOverUSBDevices = handOverUSBDevices;
generateXML = generateXML; generateXML = generateXML;
};
}; };
vm-manjaro = createService { };
inherit config; vm-manjaro = createService {
inherit pkgs; inherit config;
inherit lib; inherit pkgs;
vm = { inherit lib;
name = "manjaro"; vm = {
disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE"; name = "manjaro";
id = "https://manjaro.org/download/#i3"; disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
gpu = true; id = "https://manjaro.org/download/#i3";
mountHome = true; gpu = true;
memory = memory; mountHome = true;
isolateGPU = isolateGPU; memory = memory;
handOverUSBDevices = handOverUSBDevices; isolateGPU = isolateGPU;
generateXML = generateXML; handOverUSBDevices = handOverUSBDevices;
}; generateXML = generateXML;
}; };
vm-tails = createService { };
inherit config; vm-tails = createService {
inherit pkgs; inherit config;
inherit lib; inherit pkgs;
vm = { inherit lib;
name = "tails"; vm = {
disk = "/var/lib/vms/tails/tails-amd64-5.4.iso"; name = "tails";
# disk = "/var/lib/vms/nixos/nixos-minimal.iso"; disk = "/var/lib/vms/tails/tails-amd64-5.4.iso";
id = "https://tails.boum.org/install/index.en.html"; # disk = "/var/lib/vms/nixos/nixos-minimal.iso";
gpu = false; id = "https://tails.boum.org/install/index.en.html";
mountHome = false; gpu = false;
memory = 16; mountHome = false;
isolateGPU = isolateGPU; memory = 16;
handOverUSBDevices = false; isolateGPU = isolateGPU;
generateXML = generateTailsXML; handOverUSBDevices = false;
}; generateXML = generateTailsXML;
}; };
}; };
}; };

15
hosts/default.nix
View file

@ -8,6 +8,12 @@
self.nixosModules.base self.nixosModules.base
./biolimo ./biolimo
self.nixosModules.b12f self.nixosModules.b12f
self.nixosModules.audio
self.nixosModules.bluetooth
self.nixosModules.docker
self.nixosModules.graphical
self.nixosModules.nextcloud
self.nixosModules.office
]; ];
}; };
@ -17,6 +23,14 @@
self.nixosModules.base self.nixosModules.base
./chocolatebar ./chocolatebar
self.nixosModules.b12f self.nixosModules.b12f
self.nixosModules.audio
self.nixosModules.virtualisation
self.nixosModules.docker
self.nixosModules.gaming
self.nixosModules.graphical
self.nixosModules.nextcloud
self.nixosModules.office
self.nixosModules.virtualisation
]; ];
}; };
@ -37,6 +51,7 @@
./pie ./pie
self.nixosModules.yule self.nixosModules.yule
self.nixosModules.printing self.nixosModules.printing
self.nixosModules.paperless
]; ];
}; };

5
hosts/droppie/configuration.nix
View file

@ -9,6 +9,8 @@ with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
pub-solar.core.disk-encryption-active = false;
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
@ -21,9 +23,6 @@ in {
networking.hostName = "droppie"; networking.hostName = "droppie";
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
users = ["${psCfg.user.name}"]; users = ["${psCfg.user.name}"];

1
hosts/pie/configuration.nix
View file

@ -27,7 +27,6 @@ in {
boot.kernelPackages = pkgs.linuxPackages_6_1; boot.kernelPackages = pkgs.linuxPackages_6_1;
pub-solar.core.disk-encryption-active = false; pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
networking.hostName = "pie"; networking.hostName = "pie";
networking.defaultGateway = { networking.defaultGateway = {

2
lib/default.nix
View file

@ -11,8 +11,8 @@
## In configs, they can be used under "lib.our" ## In configs, they can be used under "lib.our"
deploy = import ./deploy.nix { inherit inputs lib; }; deploy = import ./deploy.nix { inherit inputs lib; };
addLocalHostname = callLibs ./add-local-hostname.nix; addLocalHostname = callLibs ./add-local-hostname.nix;
recursiveMerge = callLibs ./recursive-merge.nix;
}; };
}; };
} }

16
lib/recursive-merge.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib }:
attrList:
let
f = attrPath:
zipAttrsWith (
n: values:
if tail values == []
then head values
else if all isList values
then unique (concatLists values)
else if all isAttrs values
then f (attrPath ++ [n]) values
else last values
);
in
f [] attrList;

15
modules/adb/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
programs.adb.enable = true;
users.users."${psCfg.user.name}" = {
extraGroups = ["adbusers"];
};
}

22
modules/arduino/default.nix
View file

@ -6,22 +6,12 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.arduino;
in { in {
options.pub-solar.arduino = { users.users."${psCfg.user.name}" = {
enable = mkEnableOption "Life with home automation"; extraGroups = ["dialout"];
}; packages = with pkgs; [
config = mkIf cfg.enable { arduino
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { arduino-cli
extraGroups = ["dialout"]; ];
};
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
arduino
arduino-cli
];
};
}; };
} }

150
modules/audio/default.nix
View file

@ -6,126 +6,52 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.audio;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
options.pub-solar.audio = { users.users."${psCfg.user.name}" = {
enable = mkEnableOption "Life in highs and lows"; extraGroups = ["audio"];
mopidy.enable = mkEnableOption "Life with mopidy"; packages = with pkgs; [
spotify.enable = mkEnableOption "Life in DRM"; # easyeffects, e.g. for microphone noise filtering
spotify.username = mkOption { easyeffects
description = "Spotify login username or email"; mu
type = types.str; pavucontrol
example = "yourname@example.com"; pa_applet
default = ""; playerctl
}; # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
bluetooth.enable = mkEnableOption "Life with bluetooth"; pulseaudio
vimpc
spotify-tui
];
}; };
config = mkIf cfg.enable { home-manager.users."${psCfg.user.name}" = {
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc;
extraGroups = ["audio"]; systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs;
};
home-manager = with pkgs; services.spotifyd = {
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages =
[
# easyeffects, e.g. for microphone noise filtering
easyeffects
mu
pavucontrol
pa_applet
playerctl
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
pulseaudio
vimpc
]
++ (
if cfg.spotify.enable
then [pkgs.spotify-tui]
else []
);
xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc;
systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs;
services.spotifyd = mkIf cfg.spotify.enable {
enable = true;
settings = {
global = {
username = cfg.spotify.username;
password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password";
bitrate = 320;
volume_normalisation = true;
no_audio_cache = false;
max_cache_size = 1000000000;
};
};
};
};
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true; enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
# Enable bluetooth
hardware.bluetooth = mkIf cfg.bluetooth.enable {
enable = true;
# Disable bluetooth on startup to save battery
powerOnBoot = false;
# Disable useless SIM Access Profile plugin
disabledPlugins = [
"sap"
];
settings = { settings = {
General = { global = {
# Enables experimental features and interfaces. username = "spotify@benjaminbaedorf.eu";
# Makes BlueZ Battery Provider available password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password";
Experimental = true; bitrate = 320;
volume_normalisation = true;
no_audio_cache = false;
max_cache_size = 1000000000;
}; };
}; };
}; };
services.blueman.enable = mkIf cfg.bluetooth.enable true; };
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = mkIf cfg.bluetooth.enable {
text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
# Enable audio server & client # rtkit is optional but recommended
services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs); security.rtkit.enable = true;
services.pipewire = {
# Make pulseaudio listen on port 4713 for mopidy, extending the default enable = true;
# config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in alsa.enable = true;
environment.etc."pipewire/pipewire-pulse.conf.d/99-custom.conf" = mkIf cfg.mopidy.enable { alsa.support32Bit = true;
text = '' pulse.enable = true;
{ wireplumber.enable = true;
"context.modules": [ # If you want to use JACK applications, uncomment this
{ jack.enable = true;
"name": "libpipewire-module-protocol-pulse", };
"args": { }
"server.address": ["unix:native", "tcp:4713"],
"vm.overrides": {
"pulse.min.quantum": "1024/48000"
}
}
}
]
}
'';
};
};
}

35
modules/bluetooth/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
lib,
config,
pkgs,
...
}: {
hardware.bluetooth = {
enable = true;
# Disable bluetooth on startup to save battery
powerOnBoot = false;
# Disable useless SIM Access Profile plugin
disabledPlugins = [
"sap"
];
settings = {
General = {
# Enables experimental features and interfaces.
# Makes BlueZ Battery Provider available
Experimental = true;
};
};
};
services.blueman.enable = true;
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = {
text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
}

45
modules/ci-runner/default.nix
View file

@ -1,45 +0,0 @@
{
lib,
config,
pkgs,
flake,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.ci-runner;
in {
options.pub-solar.ci-runner = {
enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
};
config = mkIf cfg.enable {
systemd.user.services.ci-runner = {
enable = true;
description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
serviceConfig = {
Type = "simple";
Restart = "always";
};
path = [
pkgs.git
pkgs.nix
pkgs.libvirt
];
wantedBy = ["multi-user.target"];
after = ["network.target" "libvirtd.service"];
script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
};
age.secrets."drone-runner-exec-config" = {
file = "${flake.self}/secrets/drone-runner-exec-config";
mode = "700";
owner = psCfg.user.name;
};
};
}

11
modules/core/boot.nix
View file

@ -7,12 +7,6 @@
with lib; let with lib; let
cfg = config.pub-solar.core; cfg = config.pub-solar.core;
in { in {
options.pub-solar.core.iso-options.enable = mkOption {
type = types.bool;
default = false;
description = "Feature flag for iso builds";
};
options.pub-solar.core.disk-encryption-active = mkOption { options.pub-solar.core.disk-encryption-active = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -21,13 +15,10 @@ in {
config = { config = {
boot = { boot = {
# Enable plymouth for better experience of booting
plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true);
# Mount / luks device in initrd # Mount / luks device in initrd
# Allow fstrim to work on it. # Allow fstrim to work on it.
# The ! makes this enabled by default # The ! makes this enabled by default
initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) { initrd = mkIf cfg.disk-encryption-active {
luks.devices."cryptroot" = { luks.devices."cryptroot" = {
allowDiscards = true; allowDiscards = true;
}; };

38
modules/core/default.nix
View file

@ -9,33 +9,29 @@ in {
imports = [ imports = [
./boot.nix ./boot.nix
./hibernation.nix ./hibernation.nix
./fonts.nix
./i18n.nix ./i18n.nix
./networking.nix ./networking.nix
./packages.nix ./packages.nix
./services.nix
]; ];
options.pub-solar.core = { # Service that makes Out of Memory Killer more effective
lite = mkOption { services.earlyoom.enable = true;
description = ''
Enable a lite edition of core with less default modules and a reduced package set. services.logind.lidSwitch = "hibernate";
'';
default = false; services.tor.settings = {
type = types.bool; UseBridges = true;
};
}; };
config = { # The options below are directly taken from or inspired by
pub-solar = { # https://xeiaso.net/blog/paranoid-nixos-2021-07-18
audio.enable = mkIf (!cfg.lite) (mkDefault true);
crypto.enable = mkIf (!cfg.lite) (mkDefault true);
devops.enable = mkIf (!cfg.lite) (mkDefault true);
terminal-life = { # Limit the use of sudo to the group wheel
enable = mkDefault true; security.sudo.execWheelOnly = true;
lite = cfg.lite;
}; # Remove the complete default environment of packages like
}; # nano, perl and rsync
}; environment.defaultPackages = lib.mkForce [];
# fileSystems."/".options = [ "noexec" ];
} }

14
modules/core/fonts.nix
View file

@ -1,14 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
fonts = {
fonts = with pkgs; [powerline-fonts dejavu_fonts];
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
};
};
}

73
modules/core/networking.nix
View file

@ -1,44 +1,51 @@
{ {
flake,
config, config,
pkgs, pkgs,
lib, lib,
... ...
}: }: {
with lib; let # disable NetworkManager and systemd-networkd -wait-online by default
cfg = config.pub-solar.core; systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
in { systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
options.pub-solar.core = {
enableCaddy = mkOption {
type = types.bool;
default = !cfg.lite;
};
enableHelp = mkOption {
type = types.bool;
default = !cfg.lite;
};
binaryCaches = mkOption { networking.networkmanager = {
type = types.listOf types.str; # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
default = []; enable = true;
description = "Binary caches to use."; wifi.backend = lib.mkDefault "iwd";
};
publicKeys = mkOption {
type = types.listOf types.str;
default = [];
description = "Public keys of binary caches.";
};
}; };
config = {
# disable NetworkManager and systemd-networkd -wait-online by default
systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
networking.networkmanager = { networking.firewall.enable = true;
# Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
enable = true;
wifi.backend = "iwd";
};
networking.firewall.enable = true; networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
# Caddy reverse proxy for local services like cups
services.caddy = {
enable = true;
globalConfig = ''
default_bind 127.0.0.1
auto_https off
'';
};
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
allowSFTP = false;
# If you don't want the host to have SSH actually opened up to the net,
# set `services.openssh.openFirewall` to false in your config.
openFirewall = true;
settings.PasswordAuthentication = lib.mkDefault false;
settings.KbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
}; };
} }

80
modules/core/packages.nix
View file

@ -8,72 +8,18 @@ with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.core; cfg = config.pub-solar.core;
in { in {
environment = { environment.systemPackages = with pkgs; [
systemPackages = with pkgs; # Core unix utility packages
[ coreutils-full
# Core unix utility packages dnsutils
coreutils-full inetutils
dnsutils progress
inetutils pciutils
progress usbutils
pciutils diffutils
usbutils findutils
exfat
wget gitFull
openssl ];
openssh
curl
htop
btop
lsof
psmisc
file
# zippit
zip
unzip
# Modern modern utilities
p7zip
croc
jq
]
++ lib.optionals (!cfg.lite) [
mtr
gitFull
git-lfs
git-bug
xdg-utils
sysfsutils
renameutils
nfs-utils
moreutils
mailutils
keyutils
input-utils
elfutils
binutils
dateutils
diffutils
findutils
exfat
# Nix specific utilities
alejandra
niv
manix
nix-index
nix-tree
nixpkgs-review
# Build broken, python2.7-PyJWT-2.0.1.drv' failed
#nixops
psos
nvd
# Fun
neofetch
];
};
} }

18
modules/core/services.nix
View file

@ -1,18 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
# If you don't want the host to have SSH actually opened up to the net,
# set `services.openssh.openFirewall` to false in your config.
openFirewall = lib.mkDefault true;
settings.PasswordAuthentication = lib.mkDefault false;
};
# Service that makes Out of Memory Killer more effective
services.earlyoom.enable = true;
}

48
modules/crypto/default.nix
View file

@ -6,40 +6,30 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.crypto;
in { in {
options.pub-solar.crypto = { services.udev.packages = [pkgs.yubikey-personalization];
enable = mkEnableOption "Life in private"; services.dbus.packages = [pkgs.gcr];
}; services.pcscd.enable = true;
config = mkIf cfg.enable { services.gnome.gnome-keyring.enable = true;
services.udev.packages = [pkgs.yubikey-personalization];
services.dbus.packages = [pkgs.gcr];
services.pcscd.enable = true;
services.gnome.gnome-keyring.enable = true; users.users."${psCfg.user.name}".packages = with pkgs; [
gnome.seahorse
keepassxc
libsecret
];
home-manager = with pkgs; home-manager.users."${psCfg.user.name}" = {
pkgs.lib.setAttrByPath ["users" psCfg.user.name] { systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
pinentryFlavor = "gnome3"; pinentryFlavor = "gnome3";
verbose = true; verbose = true;
}; };
programs.gpg = { programs.gpg = {
enable = true; enable = true;
}; };
home.packages = [
gnome.seahorse
keepassxc
libsecret
qMasterPassword
restic
];
};
}; };
} }

32
modules/default.nix
View file

@ -8,25 +8,19 @@
nixosModules = rec { nixosModules = rec {
arduino = import ./arduino; arduino = import ./arduino;
audio = import ./audio; audio = import ./audio;
ci-runner = import ./ci-runner; bluetooth = import ./bluetooth;
core = import ./core; core = import ./core;
crypto = import ./crypto; crypto = import ./crypto;
devops = import ./devops;
docker = import ./docker; docker = import ./docker;
docker-ci-runner = import ./docker-ci-runner;
email = import ./email; email = import ./email;
gaming = import ./gaming; gaming = import ./gaming;
graphical = import ./graphical; graphical = import ./graphical;
mobile = import ./mobile; adb = import ./adb;
nix = import ./nix; nix = import ./nix;
nextcloud = import ./nextcloud; nextcloud = import ./nextcloud;
office = import ./office; office = import ./office;
paperless = import ./paperless; paperless = import ./paperless;
paranoia = import ./paranoia;
printing = import ./printing; printing = import ./printing;
proxy = import ./proxy;
social = import ./social;
sway = import ./sway;
terminal-life = import ./terminal-life; terminal-life = import ./terminal-life;
uhk = import ./uhk; uhk = import ./uhk;
user = import ./user; user = import ./user;
@ -66,33 +60,13 @@
]; ];
}) })
self.nixosModules.arduino
self.nixosModules.audio
self.nixosModules.ci-runner
self.nixosModules.core self.nixosModules.core
self.nixosModules.crypto self.nixosModules.crypto
self.nixosModules.devops
self.nixosModules.docker
self.nixosModules.docker-ci-runner
self.nixosModules.email
self.nixosModules.gaming
self.nixosModules.graphical
self.nixosModules.mobile
self.nixosModules.nix self.nixosModules.nix
self.nixosModules.nextcloud
self.nixosModules.office
self.nixosModules.paperless
self.nixosModules.paranoia
# self.nixosModules.printing
self.nixosModules.proxy
self.nixosModules.social
self.nixosModules.sway
self.nixosModules.terminal-life self.nixosModules.terminal-life
self.nixosModules.uhk
self.nixosModules.user
self.nixosModules.virtualisation
self.nixosModules.root self.nixosModules.root
self.nixosModules.user
]; ];
}; };
}; };

32
modules/devops/default.nix
View file

@ -1,32 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.devops;
in {
options.pub-solar.devops = {
enable = mkEnableOption "Life automated";
};
config = mkIf cfg.enable {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
croc
drone-cli
nmap
pgcli
ansible
ansible-lint
restic
shellcheck
terraform
tea
];
};
};
}

113
modules/docker-ci-runner/default.nix
View file

@ -1,113 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
bootstrap = pkgs.writeScript "bootstrap.sh" ''
#!/usr/bin/env bash
set -e
apt update
apt install --yes curl git sudo xz-utils
adduser --system --uid 999 build
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
if [ ! -f /run/vars ]; then
exit 1
fi
cp -a /run/vars /run/runtime-vars
env | grep "DRONE" >> /run/runtime-vars
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
'';
psCfg = config.pub-solar;
cfg = config.pub-solar.docker-ci-runner;
in {
options.pub-solar.docker-ci-runner = {
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
enableKvm = lib.mkOption {
description = ''
Enable kvm support.
'';
default = true;
type = types.bool;
};
nixCacheLocation = lib.mkOption {
description = ''
Location of nix cache that is shared between builds
'';
default = "/var/lib/docker-ci-runner";
type = types.path;
};
runnerEnvironment = lib.mkOption {
description = ''
Additional environment vars added to the vars file on container runtime
'';
default = {};
};
runnerVarsFile = lib.mkOption {
description = ''
Location of vars file passed to drone runner
'';
type = types.path;
};
};
config = lib.mkIf cfg.enable {
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."drone-exec-runner" = {
image = "debian";
autoStart = true;
entrypoint = "bash";
cmd = ["/bootstrap.sh"];
volumes = [
"${cfg.runnerVarsFile}:/run/vars"
"${cfg.nixCacheLocation}:/nix"
"${bootstrap}:/bootstrap.sh"
];
environment = cfg.runnerEnvironment;
extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"];
};
};
};
# Fix container not stopping correctly and holding the system 120s upon
# shutdown / reboot
systemd.services.docker-drone-exec-runner.preStop = ''
docker stop drone-exec-runner
'';
};
}

21
modules/docker/default.nix
View file

@ -6,21 +6,14 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.docker;
in { in {
options.pub-solar.docker = { virtualisation.docker.enable = true;
enable = mkEnableOption "Life in metal boxes";
users.users."${psCfg.user.name}" = {
extraGroups = ["docker"];
}; };
config = mkIf cfg.enable { environment.systemPackages = with pkgs; [
virtualisation.docker.enable = true; docker-compose
users.users = with pkgs; ];
pkgs.lib.setAttrByPath [psCfg.user.name] {
extraGroups = ["docker"];
};
environment.systemPackages = with pkgs; [
docker-compose
];
};
} }

0
users/b12f/.config/msmtp/config → modules/email/.config/msmtp/config
View file

0
users/b12f/.config/mutt/admins@pub.solar.muttrc → modules/email/.config/mutt/admins@pub.solar.muttrc
View file

0
users/b12f/.config/mutt/admins@pub.solar.signature → modules/email/.config/mutt/admins@pub.solar.signature
View file

0
users/b12f/.config/mutt/b.baedorf@openproject.com.muttrc → modules/email/.config/mutt/b.baedorf@openproject.com.muttrc
View file

0
users/b12f/.config/mutt/b.baedorf@openproject.com.signature → modules/email/.config/mutt/b.baedorf@openproject.com.signature
View file

0
modules/user/.config/mutt/base16.muttrc → modules/email/.config/mutt/base16.muttrc
View file

0
users/b12f/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc → modules/email/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc
View file

0
users/b12f/.config/mutt/byb@miom.space.muttrc → modules/email/.config/mutt/byb@miom.space.muttrc
View file

0
users/b12f/.config/mutt/byb@miom.space.signature → modules/email/.config/mutt/byb@miom.space.signature
View file

0
users/b12f/.config/mutt/crew@pub.solar.muttrc → modules/email/.config/mutt/crew@pub.solar.muttrc
View file

0
users/b12f/.config/mutt/crew@pub.solar.signature → modules/email/.config/mutt/crew@pub.solar.signature
View file

0
users/b12f/.config/mutt/hello@benjaminbaedorf.eu.muttrc → modules/email/.config/mutt/hello@benjaminbaedorf.eu.muttrc
View file

0
users/b12f/.config/mutt/hello@benjaminbaedorf.eu.signature → modules/email/.config/mutt/hello@benjaminbaedorf.eu.signature
View file

0
users/b12f/.config/mutt/mail@b12f.io.muttrc → modules/email/.config/mutt/mail@b12f.io.muttrc
View file

0
users/b12f/.config/mutt/mail@b12f.io.signature → modules/email/.config/mutt/mail@b12f.io.signature
View file

0
modules/user/.config/mutt/mailcap → modules/email/.config/mutt/mailcap
View file

0
modules/user/.config/mutt/muttrc → modules/email/.config/mutt/muttrc
View file

0
users/b12f/.config/offlineimap/config → modules/email/.config/offlineimap/config
View file

0
modules/user/.config/offlineimap/functions.py → modules/email/.config/offlineimap/functions.py
View file

64
modules/email/default.nix
View file

@ -6,28 +6,52 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.email;
in { in {
options.pub-solar.email = { users.users."${psCfg.user.name}".packages = with pkgs; [
enable = mkEnableOption "Life in headers"; w3m
}; urlscan
neomutt
offlineimap
msmtp
mailto-mutt
];
config = mkIf cfg.enable { home-manager.users."${psCfg.user.name}" = {
home-manager = with pkgs; programs.offlineimap = {
pkgs.lib.setAttrByPath ["users" psCfg.user.name] { enable = true;
home.packages = [ pythonFile = builtins.readFile ./offlineimap.py;
w3m };
urlscan
neomutt
offlineimap
msmtp
mailto-mutt
];
programs.offlineimap = { xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
enable = true; xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
pythonFile = builtins.readFile ./offlineimap.py; xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
}; xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
};
xdg.configFile."mutt/accounts.muttrc".text = ''
source ./hello@benjaminbaedorf.eu.muttrc
macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
macro index <f4> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc<enter><change-folder>!<enter>'
macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc<enter><change-folder>!<enter>'
macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
macro index <f7> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
'';
xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
}; };
} }

27
modules/gaming/default.nix
View file

@ -6,25 +6,16 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.gaming;
in { in {
options.pub-solar.gaming = { programs.steam.enable = true;
enable = mkEnableOption "Life in shooters"; nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {};
}; };
config = mkIf cfg.enable { users.users."${psCfg.user.name}".packages = with pkgs; [
programs.steam.enable = true; playonlinux
nixpkgs.config.packageOverrides = pkgs: { godot
steam = pkgs.steam.override {}; obs-studio
}; obs-studio-plugins.wlrobs
];
home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
home.packages = with pkgs; [
playonlinux
godot
obs-studio
obs-studio-plugins.wlrobs
];
};
};
} }

0
modules/user/.config/libinput-gestures.conf → modules/graphical/.config/libinput-gestures.conf
View file

0
modules/user/.config/mako/config → modules/graphical/.config/mako/config
View file

0
modules/user/.config/user-dirs.dirs → modules/graphical/.config/user-dirs.dirs
View file

0
modules/user/.config/user-dirs.locale → modules/graphical/.config/user-dirs.locale
View file

0
modules/user/.config/waybar/colorscheme.css → modules/graphical/.config/waybar/colorscheme.css
View file

0
modules/user/.config/waybar/config → modules/graphical/.config/waybar/config
View file

0
modules/user/.config/waybar/style.css → modules/graphical/.config/waybar/style.css
View file

0
modules/user/.config/xmodmap → modules/graphical/.config/xmodmap
View file

0
modules/user/.config/xsettingsd/xsettingsd.conf → modules/graphical/.config/xsettingsd/xsettingsd.conf
View file

0
modules/user/.xinitrc → modules/graphical/.xinitrc
View file

0
modules/user/assets/wallpaper.jpg → modules/graphical/assets/wallpaper.jpg
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 513 KiB

After

Width:  |  Height:  |  Size: 513 KiB

196
modules/graphical/default.nix
View file

@ -6,36 +6,22 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.graphical;
yamlFormat = pkgs.formats.yaml {}; yamlFormat = pkgs.formats.yaml {};
recursiveMerge = attrList: let sessionVariables = {
f = attrPath: WLR_RENDERER =
zipAttrsWith ( if psCfg.graphical.wayland.software-renderer.enable
n: values: then "pixman"
if tail values == [] else "gles2";
then head values # Fix KeepassXC rendering issue
else if all isList values # https://github.com/void-linux/void-packages/issues/23517
then unique (concatLists values) QT_AUTO_SCREEN_SCALE_FACTOR = "0";
else if all isAttrs values };
then f (attrPath ++ [n]) values
else last values
);
in
f [] attrList;
in { in {
imports = [
./sway
];
options.pub-solar.graphical = { options.pub-solar.graphical = {
enable = mkEnableOption "Life in color";
alacritty = {
settings = mkOption {
type = yamlFormat.type;
default = {};
};
};
autologin.enable = mkOption {
type = types.bool;
default = true;
description = "Feature flag enabling autologin after boot.";
};
wayland.software-renderer.enable = mkOption { wayland.software-renderer.enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -43,8 +29,11 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = {
hardware.opengl.enable = true; hardware.opengl.enable = true;
# Needed for the udev rules for solaar
hardware.logitech.wireless.enable = true;
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
gtk-engine-murrine gtk-engine-murrine
@ -55,16 +44,20 @@ in {
papirus-maia-icon-theme papirus-maia-icon-theme
glib glib
xdg-utils
]; ];
etc = { etc = {
"xdg/PubSolar.conf".text = '' "xdg/PubSolar.conf".text = ''
[Qt] [Qt]
style=GTK+ style=GTK+
''; '';
}; };
variables = sessionVariables;
}; };
services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}"); services.getty.autologinUser = psCfg.user.name;
qt = { qt = {
enable = true; enable = true;
@ -79,81 +72,90 @@ in {
services.gnome.sushi.enable = true; services.gnome.sushi.enable = true;
# Enable GVfs, a userspace virtual filesystem # Enable GVfs, a userspace virtual filesystem
services.gvfs.enable = true; services.gvfs.enable = true;
services.yubikey-agent.enable = true;
fonts.enableDefaultFonts = true; fonts = {
fonts.fonts = with pkgs; [ fonts = with pkgs; [
fira-code dejavu_fonts
fira-code-symbols fira-code
google-fonts fira-code-symbols
lato google-fonts
montserrat lato
nerdfonts montserrat
noto-fonts nerdfonts
noto-fonts-cjk noto-fonts
open-sans noto-fonts-cjk
powerline-fonts open-sans
source-sans-pro powerline-fonts
source-sans-pro
];
enableDefaultFonts = true;
fontconfig.enable = true;
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
};
};
users.users."${psCfg.user.name}".packages = with pkgs; [
alacritty
ungoogled-chromium
firefox-wayland
flameshot
libnotify
gnome.adwaita-icon-theme
gnome.eog
gnome.nautilus
gnome.yelp
hicolor-icon-theme
wine
toggle-kbd-layout
wcwd
vlc
gimp
]; ];
home-manager = with pkgs; home-manager.users."${psCfg.user.name}" = {
setAttrByPath ["users" psCfg.user.name] { home.file."xinitrc".source = ./.xinitrc;
home.packages = [ xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix);
alacritty xdg.configFile."xmodmap".source = ./.config/xmodmap;
foot xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
ungoogled-chromium xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
firefox-wayland xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
xdg.configFile."mako/config".source = ./.config/mako/config;
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
xdg.configFile."waybar/config".source = ./.config/waybar/config;
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
flameshot gtk = {
libnotify enable = true;
gnome.adwaita-icon-theme font.name = "Lato";
gnome.eog iconTheme = {
gnome.nautilus package = pkgs.papirus-icon-theme;
gnome.yelp name = "Papirus-Adapta-Nokto-Maia";
hicolor-icon-theme };
theme = {
wine package = pkgs.matcha-gtk-theme;
name = "Matcha-dark-aliz";
toggle-kbd-layout
wcwd
vlc
gimp
];
xdg.configFile."alacritty/alacritty.yml" = {
source = yamlFormat.generate "alacritty.yml" (recursiveMerge [(import ./alacritty.nix) cfg.alacritty.settings]);
}; };
gtk = { gtk3.extraConfig = {
enable = true; gtk-xft-antialias = "1";
font.name = "Lato"; gtk-xft-hinting = "1";
iconTheme = { gtk-xft-hintstyle = "hintfull";
package = pkgs.papirus-icon-theme; gtk-xft-rgba = "rgb";
name = "Papirus-Adapta-Nokto-Maia"; gtk-application-prefer-dark-theme = "true";
};
theme = {
package = pkgs.matcha-gtk-theme;
name = "Matcha-dark-aliz";
};
gtk3.extraConfig = {
gtk-xft-antialias = "1";
gtk-xft-hinting = "1";
gtk-xft-hintstyle = "hintfull";
gtk-xft-rgba = "rgb";
gtk-application-prefer-dark-theme = "true";
};
}; };
# Fix KeepassXC rendering issue
# https://github.com/void-linux/void-packages/issues/23517
systemd.user.sessionVariables.QT_AUTO_SCREEN_SCALE_FACTOR = "0";
xresources.extraConfig = builtins.readFile ./.Xdefaults;
systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs;
}; };
xresources.extraConfig = builtins.readFile ./.Xdefaults;
systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs;
home.sessionVariables = sessionVariables;
systemd.user.sessionVariables = sessionVariables;
};
}; };
} }

0
modules/sway/config/config.d/applications.conf → modules/graphical/sway/config/config.d/applications.conf
View file

0
modules/sway/config/config.d/colorscheme.conf → modules/graphical/sway/config/config.d/colorscheme.conf
View file

0
modules/sway/config/config.d/custom-keybindings.conf → modules/graphical/sway/config/config.d/custom-keybindings.conf
View file

0
modules/sway/config/config.d/gaps.conf → modules/graphical/sway/config/config.d/gaps.conf
View file

39
modules/graphical/sway/config/config.d/mode_system.conf.nix Normal file
View file

@ -0,0 +1,39 @@
{
pkgs,
psCfg,
...
}:
''
# Set shut down, restart and locking features
''
+ (
if psCfg.core.hibernation.enable
then ''
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
''
else ''
set $mode_system (e)xit, (r)eboot, (Shift+s)hutdown
''
)
+ ''
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym e exec swaymsg exit, mode "default"
''
+ (
if psCfg.core.hibernation.enable
then ''
bindsym h exec systemctl hibernate, mode "default"
''
else ""
)
+ ''
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''

0
modules/sway/config/config.d/systemd.conf → modules/graphical/sway/config/config.d/systemd.conf
View file

0
modules/sway/config/config.d/theme.conf → modules/graphical/sway/config/config.d/theme.conf
View file

2
modules/sway/config/config.nix → modules/graphical/sway/config/config.nix
View file

@ -19,7 +19,7 @@
set $up i set $up i
set $right l set $right l
# Your preferred terminal emulator # Your preferred terminal emulator
set $term ${config.pub-solar.sway.terminal} set $term ${pkgs.alacritty}
# Your preferred application launcher # Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened # Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on. # on the original workspace that the command was run on.

0
modules/sway/config/wayvnc/config.nix → modules/graphical/sway/config/wayvnc/config.nix
View file

98
modules/graphical/sway/default.nix Normal file
View file

@ -0,0 +1,98 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
options.pub-solar.graphical = {
v4l2loopback.enable = mkOption {
type = types.bool;
default = true;
description = "WebCam streaming tool";
};
};
config = {
boot = mkIf psCfg.graphical.v4l2loopback.enable {
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
kernelModules = ["v4l2loopback"];
extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 devices=3
'';
};
environment.systemPackages = with pkgs; [
linuxPackages.v4l2loopback
];
programs.sway.enable = true;
xdg.portal = {
enable = true;
wlr = {
enable = true;
settings = {
screencast = {
max_fps = 30;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
services.pipewire.enable = true;
users.users."${psCfg.user.name}".packages = with pkgs; [
sway
grim
kanshi
mako
slurp
swayidle
swaybg
xwayland
libappindicator-gtk3
wl-clipboard
wf-recorder
brightnessctl
gammastep
geoclue2
xsettingsd
ydotool
sway-launcher
record-screen
import-gtk-settings
s
wcwd
];
home-manager.users."${psCfg.user.name}" = {
programs.waybar.enable = true;
#programs.waybar.systemd.enable = true;
systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
};
};
}

0
modules/sway/gammastep.service.nix → modules/graphical/sway/gammastep.service.nix
View file

0
modules/sway/libinput-gestures.service.nix → modules/graphical/sway/libinput-gestures.service.nix
View file

0
modules/sway/mako.service.nix → modules/graphical/sway/mako.service.nix
View file

0
modules/sway/sway-session.target.nix → modules/graphical/sway/sway-session.target.nix
View file

0
modules/sway/sway.service.nix → modules/graphical/sway/sway.service.nix
View file

26
modules/graphical/sway/swayidle.service.nix Normal file
View file

@ -0,0 +1,26 @@
{
pkgs,
psCfg,
...
}: {
Unit = {
Description = "Idle manager for Wayland";
Documentation = ["man:swayidle(1)"];
BindsTo = ["graphical-session.target"];
Wants = ["graphical-session-pre.target"];
After = ["graphical-session-pre.target"];
};
Service = {
Type = "simple";
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swayidle}/bin";
ExecStart = ''
swayidle -w \
before-sleep 'systemctl hibernate'
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
timeout 150 'systemctl hibernate'
'';
};
Install = {
WantedBy = ["sway-session.target"];
};
}

0
modules/sway/waybar.service.nix → modules/graphical/sway/waybar.service.nix
View file

0
modules/sway/xsettingsd.service.nix → modules/graphical/sway/xsettingsd.service.nix
View file

0
modules/sway/ydotool.service.nix → modules/graphical/sway/ydotool.service.nix
View file

23
modules/mobile/default.nix
View file

@ -1,23 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.mobile;
in {
options.pub-solar.mobile = {
enable = mkEnableOption "Add android adb and tooling";
};
config = mkIf cfg.enable {
programs.adb.enable = true;
users.users = with pkgs;
lib.setAttrByPath [psCfg.user.name] {
extraGroups = ["adbusers"];
};
};
}

12
modules/nextcloud/default.nix
View file

@ -6,16 +6,8 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.nextcloud;
in { in {
options.pub-solar.nextcloud = { home-manager.users."${psCfg.user.name}" = {
enable = mkEnableOption "Life in sync"; systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
};
config = mkIf cfg.enable {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
};
}; };
} }

6
modules/nix/default.nix
View file

@ -5,6 +5,12 @@
flake, flake,
... ...
}: { }: {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-run"
];
nix = { nix = {
# Use default version alias for nix package # Use default version alias for nix package
package = pkgs.nix; package = pkgs.nix;

28
modules/office/default.nix
View file

@ -6,25 +6,15 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.office;
in { in {
options.pub-solar.office = { programs.evince.enable = true;
enable = mkEnableOption "Install office programs, also enables printing server";
};
config = mkIf cfg.enable { users.users."${psCfg.user.name}".packages = with pkgs; [
# Gnome PDF viewer libreoffice-fresh
programs.evince.enable = true; gnome.simple-scan
home-manager = with pkgs; # Tools like pdfunite
pkgs.lib.setAttrByPath ["users" psCfg.user.name] { poppler_utils
home.packages = [ # tool for annotating PDFs
libreoffice-fresh xournalpp
gnome.simple-scan ];
# Tools like pdfunite
poppler_utils
# tool for annotating PDFs
xournalpp
];
};
};
} }

166
modules/paperless/default.nix
View file

@ -1,4 +1,5 @@
{ {
flake,
lib, lib,
config, config,
pkgs, pkgs,
@ -6,141 +7,48 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.paperless;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
dataDir = "${xdg.dataHome}/Paperless";
consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
scannerDefaultDevice = "hp3900:libusb:005:004";
in { in {
options.pub-solar.paperless = { services.paperless = {
enable = mkEnableOption "All you need to go paperless"; enable = true;
ocrLanguage = mkOption { user = psCfg.user.name;
description = "OCR language"; consumptionDir = consumptionDir;
type = types.str; dataDir = dataDir;
example = "eng+deu"; address = "paperless.local";
default = "eng"; extraConfig = {
}; PAPERLESS_OCR_LANGUAGE = "nld+deu";
PAPERLESS_ADMIN_USER = psCfg.user.name;
dataDir = mkOption { PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
description = "Directory to save data in"; PAPERLESS_URL = "http://paperless.local";
type = types.str;
example = "/home/pub_solar/Paperless";
default = "${xdg.dataHome}/Paperless";
};
consumptionDir = mkOption {
description = "Directory to be watched";
type = types.str;
example = "/var/lib/paperless/consume";
default = "/var/lib/paperless/consume";
};
sync = {
enable = mkEnableOption ''
You can use this option to sync several paperless instances, for example via nextcloud.
It will sync the media directory and database, automatically merging sqlite dbs via dump and import.
Logs, the classification model, and other files are left unsynced.
'';
masterNode = mkEnableOption "If this node is the master node, it will only export paperless data, otherwise it will only import";
directory = mkOption {
description = "Directory to sync with.";
type = types.str;
example = "/home/pub_solar/Nextcloud/Paperless";
default = "/home/${psCfg.user.name}/Nextcloud/Paperless";
};
};
scannerDefaultDevice = mkOption {
description = ''
The scanner device. To find this, use `scanimage -L`.
For example, your output might be the following:
```
device `v4l:/dev/video3' is a Noname Logitech StreamCam virtual device
device `hp3900:libusb:005:002' is a Hewlett-Packard Scanjet G3010 flatbed scanner
```
Here, the scannerDevice is `hp3900:libusb:005:002`.
'';
type = types.str;
example = "hp3900:libusb:005:002";
default = "";
}; };
}; };
config = mkIf cfg.enable { users.users."${psCfg.user.name}".packages = with pkgs; [
services.paperless = { scan2paperless
enable = true; sane-backends
user = psCfg.user.name; python310Packages.img2pdf
consumptionDir = cfg.consumptionDir; ];
dataDir = cfg.dataDir;
address = "paperless.local"; home-manager.users."${psCfg.user.name}" = {
extraConfig = { home.sessionVariables = {
PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage; SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
PAPERLESS_ADMIN_USER = psCfg.user.name; SCANNER_OUTPUT_DIR = consumptionDir;
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
PAPERLESS_URL = "http://paperless.local";
};
}; };
systemd.user.sessionVariables = {
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
home.packages = with pkgs; [ SCANNER_OUTPUT_DIR = consumptionDir;
scan2paperless
sane-backends
python310Packages.img2pdf
];
home.sessionVariables = {
SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
SCANNER_OUTPUT_DIR = cfg.consumptionDir;
};
systemd.user.sessionVariables = {
SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
SCANNER_OUTPUT_DIR = cfg.consumptionDir;
};
};
systemd = let
copy-out = pkgs.writeShellScriptBin "copy-out" ''
${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
cp -r ${cfg.dataDir}/media ${cfg.sync.directory}/
cp ${cfg.dataDir}/db.sqlite3 ${cfg.sync.directory}/db.sqlite3
cp ${cfg.dataDir}/celerybeat-schedule.db ${cfg.sync.directory}/celerybeat-schedule.db
cp ${cfg.dataDir}/classification_model.pickle ${cfg.sync.directory}/classification_model.pickle
cp ${cfg.dataDir}/src-version ${cfg.sync.directory}/src-version
chown -R ${psCfg.user.name}:users ${cfg.sync.directory}
${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
'';
copy-in = pkgs.writeShellScriptBin "copy-in" ''
${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
cp -r ${cfg.sync.directory}/media ${cfg.dataDir}/
cp ${cfg.sync.directory}/db.sqlite3 ${cfg.dataDir}/db.sqlite3
cp ${cfg.sync.directory}/celerybeat-schedule.db ${cfg.dataDir}/celerybeat-schedule.db
cp ${cfg.sync.directory}/classification_model.pickle ${cfg.dataDir}/classification_model.pickle
cp ${cfg.sync.directory}/src-version ${cfg.dataDir}/src-version
${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
'';
in mkIf cfg.sync.enable {
services.nextcloud-paperless-autosync = {
unitConfig = {
Description = "Auto sync paperless to or from Nextcloud";
After = "network-online.target";
};
serviceConfig = {
Type = "simple";
ExecStart= if cfg.sync.masterNode then "${copy-out}/bin/copy-out" else "${copy-in}/bin/copy-in";
TimeoutStopSec = "180";
KillMode = "process";
KillSignal = "SIGINT";
};
wantedBy = ["multi-user.target"];
};
timers.nextcloud-paperless-autosync = {
unitConfig.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 30 minutes";
timerConfig.OnUnitActiveSec = "30min";
wantedBy = ["multi-user.target" "timers.target"];
};
}; };
}; };
networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
services.caddy.extraConfig = ''
paperless.local:80 {
request_header Host localhost:${builtins.toString config.services.paperless.port}
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
}
'';
} }

57
modules/paranoia/default.nix
View file

@ -1,57 +0,0 @@
{
config,
lib,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.paranoia;
in {
options.pub-solar.paranoia = {
enable = mkOption {
description = ''
Only offer hibernation instead of screen locking and sleeping. This only makes sense
if your hard drive is encrypted, and ensures that the contents of your drive are
encrypted if you are not actively using the device.
'';
default = false;
type = types.bool;
};
};
config = mkIf cfg.enable {
pub-solar.core.hibernation.enable = true;
services.logind.lidSwitch = "hibernate";
services.tor.settings = {
UseBridges = true;
};
# The options below are directly taken from or inspired by
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
# Don't set this if you need sftp
services.openssh.allowSFTP = false;
# services.openssh.openFirewall = false; # Lock yourself out
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
# Remove the complete default environment of packages like
# nano, perl and rsync
environment.defaultPackages = lib.mkForce [];
# fileSystems."/".options = [ "noexec" ];
services.openssh = {
settings.KbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
};
}

28
modules/proxy/default.nix
View file

@ -1,28 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
# Caddy reverse proxy for local services like cups
services.caddy = {
enable = true;
globalConfig = ''
default_bind 127.0.0.1
auto_https off
'';
extraConfig = (lib.concatStringsSep "\n" [
(lib.optionalString
config.pub-solar.paperless.enable
''
paperless.local:80 {
request_header Host localhost:${builtins.toString config.services.paperless.port}
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
}
'')
]);
};
}

26
modules/social/default.nix
View file

@ -1,26 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.social;
in {
options.pub-solar.social = {
enable = mkEnableOption "Life with others";
};
config = mkIf cfg.enable {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
signal-desktop
tdesktop
element-desktop
irssi
];
};
};
}

50
modules/sway/config/config.d/mode_system.conf.nix
View file

@ -1,50 +0,0 @@
{
pkgs,
psCfg,
...
}:
''
# Set shut down, restart and locking features
''
+ (
if psCfg.core.hibernation.enable && !psCfg.paranoia.enable
then ''
set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
''
else if psCfg.paranoia.enable
then ''
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
''
else ''
set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
''
)
+ ''
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym e exec swaymsg exit, mode "default"
''
+ (
if psCfg.core.hibernation.enable
then ''
bindsym h exec systemctl hibernate, mode "default"
''
else ""
)
+ (
if !psCfg.paranoia.enable
then ''
bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
bindsym s exec systemctl suspend, mode "default"
''
else ""
)
+ ''
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''

118
modules/sway/default.nix
View file

@ -1,118 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
options.pub-solar.sway = {
enable = mkEnableOption "Life in boxes";
terminal = mkOption {
type = types.nullOr types.str;
default = "alacritty";
description = "Choose sway's default terminal";
};
vnc.enable = mkEnableOption "Enable vnc service";
v4l2loopback.enable = mkOption {
type = types.bool;
default = true;
description = "WebCam streaming tool";
};
};
config = mkIf psCfg.sway.enable (mkMerge [
(mkIf (psCfg.sway.v4l2loopback.enable) {
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
boot.kernelModules = ["v4l2loopback"];
boot.extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 devices=3
'';
})
{
environment.systemPackages = with pkgs; [
linuxPackages.v4l2loopback
];
programs.sway.enable = true;
xdg.portal = {
enable = true;
wlr = {
enable = true;
settings = {
screencast = {
max_fps = 30;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
services.pipewire.enable = true;
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [
sway
grim
kanshi
mako
slurp
swayidle
swaylock
swaybg
xwayland
libappindicator-gtk3
wl-clipboard
wf-recorder
brightnessctl
gammastep
geoclue2
xsettingsd
ydotool
sway-launcher
record-screen
import-gtk-settings
s
wcwd
];
programs.waybar.enable = true;
#programs.waybar.systemd.enable = true;
systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix {
inherit psCfg;
inherit pkgs;
};
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
};
}
]);
}

35
modules/sway/swayidle.service.nix
View file

@ -1,35 +0,0 @@
{
pkgs,
psCfg,
...
}: {
Unit = {
Description = "Idle manager for Wayland";
Documentation = ["man:swayidle(1)"];
BindsTo = ["graphical-session.target"];
Wants = ["graphical-session-pre.target"];
After = ["graphical-session-pre.target"];
};
Service = {
Type = "simple";
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin";
ExecStart =
'' swayidle -w \
after-resume 'swaymsg "output * dpms on"' \
before-sleep 'swaylock-bg' ''
+ (
if psCfg.paranoia.enable
then '' \
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
timeout 150 'systemctl hibernate'
''
else '' \
timeout 600 'swaylock-bg' \
timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"'
''
);
};
Install = {
WantedBy = ["sway-session.target"];
};
}

18
modules/sway/wayvnc.service.nix
View file

@ -1,18 +0,0 @@
pkgs: {
Unit = {
Description = "A VNC server for wlroots based Wayland compositors ";
Documentation = "https://github.com/any1/wayvnc";
BindsTo = ["sway-session.target"];
After = ["graphical-session-pre.target" "network-online.target"];
Wants = ["graphical-session-pre.target" "network-online.target"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

0
modules/user/.config/git/config.nix → modules/terminal-life/.config/git/config.nix
View file

0
modules/user/.config/git/gitmessage.nix → modules/terminal-life/.config/git/gitmessage.nix
View file

0
modules/user/.config/git/global_gitignore.nix → modules/terminal-life/.config/git/global_gitignore.nix
View file

0
modules/user/.local/share/nvim/json-schemas/caddy_schema.json → modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json
View file

0
modules/user/.local/share/scripts/base16.sh → modules/terminal-life/.local/share/scripts/base16.sh
View file

138
modules/terminal-life/default.nix
View file

@ -9,71 +9,99 @@ with lib; let
cfg = config.pub-solar.terminal-life; cfg = config.pub-solar.terminal-life;
in { in {
options.pub-solar.terminal-life = { options.pub-solar.terminal-life = {
enable = mkEnableOption "Life in black and white"; full = mkOption {
lite = mkOption {
description = '' description = ''
Enable a lite edition of terminal-life with less modules and a reduced package set. Enable a full version
''; '';
default = false; default = true;
type = types.bool; type = types.bool;
}; };
}; };
config = mkIf cfg.enable { config = {
programs.command-not-found.enable = false; programs.command-not-found.enable = false;
home-manager = with pkgs; users.users."${psCfg.user.name}".packages = with pkgs; [
pkgs.lib.setAttrByPath ["users" psCfg.user.name] { ack
home.packages = [ asciinema
ack bat
asciinema blesh
bat exa
blesh fd
exa jump
fd (nnn.overrideAttrs (o: {
gh patches =
glow (o.patches or [])
jump ++ [
(nnn.overrideAttrs (o: { ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
patches = ];
(o.patches or []) }))
++ [ powerline
./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch screen
]; silver-searcher
})) watson
powerline ];
screen
silver-searcher
watson
];
# Starship is a fast and featureful shell prompt home-manager.users."${psCfg.user.name}" = {
# starship.toml has sane defaults that can be changed there xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
programs.starship = {
enable = true;
settings = import ./starship.toml.nix;
};
programs.bash = import ./bash { programs.less = {
inherit config; enable = true;
inherit pkgs; keys = ''
inherit lib; k forw-line
}; i back-line
K forw-scroll
programs.fzf = import ./fzf { I back-scroll
inherit config; '';
inherit pkgs;
};
programs.neovim = import ./nvim {
inherit config;
inherit pkgs;
inherit lib;
};
programs.git = import ./git {};
programs.direnv = import ./direnv {};
}; };
# Starship is a fast and featureful shell prompt
# starship.toml has sane defaults that can be changed there
programs.starship = {
enable = true;
settings = import ./starship.toml.nix;
};
programs.bash = import ./bash {
inherit config;
inherit pkgs;
inherit lib;
};
programs.fzf = import ./fzf {
inherit config;
inherit pkgs;
};
programs.neovim = import ./nvim {
inherit config;
inherit pkgs;
inherit lib;
};
# Ensure nvim backup directory gets created
# Workaround for E510: Can't make backup file (add ! to override)
xdg.dataFile."nvim/backup/.keep".text = "";
xdg.dataFile."nvim/json-schemas/.keep".text = "";
# Generated with:
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = "";
programs.git = import ./git {};
xdg.configFile."git/config".text = import ./.config/git/config.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
inherit config;
inherit pkgs;
};
programs.direnv = import ./direnv {};
}; };
};
} }

208
modules/terminal-life/nvim/default.nix
View file

@ -21,7 +21,7 @@ in {
withPython3 = true; withPython3 = true;
extraPackages = with pkgs; extraPackages = with pkgs;
lib.mkIf (!cfg.lite) [ lib.mkIf (cfg.full) [
ansible-language-server ansible-language-server
ccls ccls
gopls gopls
@ -44,134 +44,132 @@ in {
universal-ctags universal-ctags
]; ];
plugins = with pkgs.vimPlugins; plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [
[] (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
++ lib.optionals (!cfg.lite) [ p.ini
(pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [ p.json
p.ini p.json5
p.json p.markdown
p.json5 p.nix
p.markdown p.toml
p.nix p.yaml
p.toml
p.yaml
p.css p.css
p.graphql p.graphql
p.html p.html
p.javascript p.javascript
p.scss p.scss
p.tsx p.tsx
p.typescript p.typescript
p.vue p.vue
p.c p.c
p.cpp p.cpp
p.go p.go
p.gomod p.gomod
p.gosum p.gosum
p.haskell p.haskell
p.lua p.lua
p.php p.php
p.python p.python
p.ruby p.ruby
p.rust p.rust
p.vim p.vim
p.vimdoc p.vimdoc
p.passwd p.passwd
p.sql p.sql
p.diff p.diff
p.gitcommit p.gitcommit
p.gitignore p.gitignore
p.git_config p.git_config
p.gitattributes p.gitattributes
p.git_rebase p.git_rebase
p.bash p.bash
p.dockerfile p.dockerfile
p.make p.make
p.ninja p.ninja
p.terraform p.terraform
])) ]))
# Dependencies for nvim-lspconfig # Dependencies for nvim-lspconfig
nvim-cmp nvim-cmp
cmp-nvim-lsp cmp-nvim-lsp
cmp_luasnip cmp_luasnip
luasnip luasnip
# Quickstart configs for neovim LSP # Quickstart configs for neovim LSP
lsp_extensions-nvim lsp_extensions-nvim
nvim-lspconfig nvim-lspconfig
# Collaborative editing in Neovim using built-in capabilities # Collaborative editing in Neovim using built-in capabilities
instant-nvim-nvfetcher instant-nvim-nvfetcher
# Search functionality behind :Ack # Search functionality behind :Ack
ack-vim ack-vim
# The status bar in the bottom of the screen with the mode indication and file location # The status bar in the bottom of the screen with the mode indication and file location
vim-airline vim-airline
# Automatically load editorconfig files in repos to configure nvim settings # Automatically load editorconfig files in repos to configure nvim settings
editorconfig-vim editorconfig-vim
# File browser. Use <leader>n to access # File browser. Use <leader>n to access
nnn-vim nnn-vim
# Highlight characters when using f, F, t, and T # Highlight characters when using f, F, t, and T
quick-scope quick-scope
# Get sudo in vim; :SudaWrite <optional filename> # Get sudo in vim; :SudaWrite <optional filename>
suda-vim suda-vim
# Undo history etc. per project # Undo history etc. per project
vim-workspace-nvfetcher vim-workspace-nvfetcher
# JSON schemas # JSON schemas
SchemaStore-nvim SchemaStore-nvim
# Work with tags files # Work with tags files
vim-gutentags vim-gutentags
# Neovim colorschemes / themes # Neovim colorschemes / themes
sonokai sonokai
vim-hybrid-material vim-hybrid-material
vim-airline-themes vim-airline-themes
vim-apprentice-nvfetcher vim-apprentice-nvfetcher
# Git integrations # Git integrations
# A Git wrapper so awesome, it should be illegal # A Git wrapper so awesome, it should be illegal
fugitive fugitive
# Shows git diff markers in the sign column # Shows git diff markers in the sign column
vim-gitgutter vim-gitgutter
# GitHub extension for fugitive # GitHub extension for fugitive
vim-rhubarb vim-rhubarb
# Ease your git workflow within Vim # Ease your git workflow within Vim
vimagit-nvfetcher vimagit-nvfetcher
# FZF fuzzy finder # FZF fuzzy finder
fzf-vim fzf-vim
fzfWrapper fzfWrapper
# Make the yanked region apparent # Make the yanked region apparent
vim-highlightedyank vim-highlightedyank
# :Beautify Code beautifier # :Beautify Code beautifier
vim-beautify-nvfetcher vim-beautify-nvfetcher
# Unload, delete or wipe a buffer without closing the window # Unload, delete or wipe a buffer without closing the window
vim-bufkill vim-bufkill
# Defaults everyone can agree on # Defaults everyone can agree on
vim-sensible vim-sensible
# emmet for vim: http://emmet.io/ # emmet for vim: http://emmet.io/
emmet-vim emmet-vim
# Caddyfile syntax support for Vim # Caddyfile syntax support for Vim
vim-caddyfile-nvfetcher vim-caddyfile-nvfetcher
]; ];
extraConfig = builtins.concatStringsSep "\n" [ extraConfig = builtins.concatStringsSep "\n" [
'' ''

32
modules/uhk/default.nix
View file

@ -6,26 +6,20 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.uhk;
in { in {
options.pub-solar.uhk = { users.users."${psCfg.user.name}".packages = with pkgs; [
enable = mkEnableOption "Ultimate Hacking Keyboard"; uhk-agent
}; ];
config = mkIf cfg.enable { # Ultimate Hacking Keyboard rules
environment.systemPackages = with pkgs; [ # These are the udev rules for accessing the USB interfaces of the UHK as non-root users.
uhk-agent services.udev.packages = with pkgs; [
]; uhk-agent
];
# Ultimate Hacking Keyboard rules services.udev.extraRules = ''
# These are the udev rules for accessing the USB interfaces of the UHK as non-root users. SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660"
services.udev.packages = with pkgs; [ SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
uhk-agent KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
]; '';
services.udev.extraRules = ''
SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
'';
};
} }

51
modules/user/default.nix
View file

@ -55,32 +55,31 @@ with lib; {
users = { users = {
mutableUsers = false; mutableUsers = false;
users = with pkgs; users."${psCfg.user.name}" = {
pkgs.lib.setAttrByPath [psCfg.user.name] { # Indicates whether this is an account for a “real” user.
# Indicates whether this is an account for a “real” user. # This automatically sets group to users, createHome to true,
# This automatically sets group to users, createHome to true, # home to /home/username, useDefaultShell to true, and isSystemUser to false.
# home to /home/username, useDefaultShell to true, and isSystemUser to false. isNormalUser = true;
isNormalUser = true; description = psCfg.user.description;
description = psCfg.user.description; extraGroups = [
extraGroups = [ "input"
"input" "lp"
"lp" "networkmanager"
"networkmanager" "scanner"
"scanner" "video"
"video" "dialout"
"dialout" "wheel"
"wheel" ];
]; shell = pkgs.bash;
shell = pkgs.bash; initialHashedPassword =
initialHashedPassword = if psCfg.user.password != null
if psCfg.user.password != null then psCfg.user.password
then psCfg.user.password else "";
else ""; openssh.authorizedKeys.keys =
openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null
if psCfg.user.publicKeys != null then psCfg.user.publicKeys
then psCfg.user.publicKeys else [];
else []; };
};
}; };
}; };
} }

54
modules/user/home.nix
View file

@ -12,7 +12,7 @@ in {
./session-variables.nix ./session-variables.nix
]; ];
home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] { home-manager.users."${psCfg.user.name}" = {
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.
programs.home-manager.enable = true; programs.home-manager.enable = true;
@ -22,66 +22,14 @@ in {
home.homeDirectory = "/home/${psCfg.user.name}"; home.homeDirectory = "/home/${psCfg.user.name}";
home.stateVersion = "22.11"; home.stateVersion = "22.11";
home.packages = with pkgs; [];
fonts.fontconfig.enable = mkForce true;
programs.dircolors.enable = true; programs.dircolors.enable = true;
programs.less = {
enable = true;
keys = ''
k forw-line
i back-line
K forw-scroll
I back-scroll
'';
};
home.file."xinitrc".source = ./.xinitrc;
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
xdg.mimeApps = import ./mimeapps.nix; xdg.mimeApps = import ./mimeapps.nix;
xdg.configFile."git/config".text = import ./.config/git/config.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."dircolors".source = ./.config/dircolors; xdg.configFile."dircolors".source = ./.config/dircolors;
xdg.configFile."xmodmap".source = ./.config/xmodmap;
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
xdg.configFile."mako/config".source = ./.config/mako/config;
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
xdg.configFile."waybar/config".source = ./.config/waybar/config;
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
# Ensure nvim backup directory gets created
# Workaround for E510: Can't make backup file (add ! to override)
xdg.dataFile."nvim/backup/.keep".text = "";
xdg.dataFile."nvim/json-schemas/.keep".text = "";
# Generated with:
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = "";
xdg.dataFile."scripts/.keep".text = "";
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
xdg.dataFile."shell.nix.tmpl" = { xdg.dataFile."shell.nix.tmpl" = {
text = '' text = ''
let let

5
modules/user/session-variables.nix
View file

@ -5,7 +5,6 @@
... ...
}: let }: let
psCfg = config.pub-solar; psCfg = config.pub-solar;
wlroots = psCfg.graphical.wayland;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
variables = { variables = {
XDG_CONFIG_HOME = xdg.configHome; XDG_CONFIG_HOME = xdg.configHome;
@ -20,10 +19,6 @@
ECORE_EVAS_ENGINE = "wayland_egl"; ECORE_EVAS_ENGINE = "wayland_egl";
ELM_ENGINE = "wayland_egl"; ELM_ENGINE = "wayland_egl";
SDL_VIDEODRIVER = "wayland"; SDL_VIDEODRIVER = "wayland";
WLR_RENDERER =
if wlroots.software-renderer.enable
then "pixman"
else "gles2";
EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";

97
modules/virtualisation/default.nix
View file

@ -6,65 +6,50 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.virtualisation;
doesGaming = config.pub-solar.gaming.enable;
extraObsPlugins =
if doesGaming
then [pkgs.obs-studio-plugins.looking-glass-obs]
else [];
in { in {
options.pub-solar.virtualisation = { boot.kernelParams = [
enable = mkEnableOption "Life in libvirt"; "amd_iommu=on"
"intel_iommu=on"
"iommu=pt"
];
virtualisation.libvirtd = {
enable = true;
qemu.ovmf.enable = true;
};
users.users."${psCfg.user.name}" = {
extraGroups = ["libvirtd"];
}; };
config = mkIf cfg.enable { environment.systemPackages = with pkgs; [
boot.kernelParams = [ libvirt
"amd_iommu=on" libvirt-glib
"intel_iommu=on" qemu
"iommu=pt" virt-manager
python3Packages.libvirt
gvfs
edk2
OVMF
win-virtio
looking-glass-client
lgcl
];
home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory";
home.packages = [pkgs.obs-studio-plugins.looking-glass-obs];
};
systemd.tmpfiles.rules = [
"f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm"
];
networking.bridges.virbr1.interfaces = [];
networking.interfaces.virbr1 = {
ipv4.addresses = [
{
address = "192.168.123.1";
prefixLength = 24;
}
]; ];
virtualisation.libvirtd = {
enable = true;
qemu.ovmf.enable = true;
};
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
extraGroups = ["libvirtd"];
};
environment.systemPackages = with pkgs; [
coreutils-full
usbutils
libvirt
libvirt-glib
qemu
virt-manager
python3Packages.libvirt
gvfs
edk2
OVMF
win-virtio
looking-glass-client
lgcl
];
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory";
home.packages = extraObsPlugins;
};
systemd.tmpfiles.rules = [
"f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm"
];
networking.bridges.virbr1.interfaces = [];
networking.interfaces.virbr1 = {
ipv4.addresses = [
{
address = "192.168.123.1";
prefixLength = 24;
}
];
};
}; };
} }

Some files were not shown because too many files have changed in this diff Show more